summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorreyk <>2014-04-13 17:29:41 +0000
committerreyk <>2014-04-13 17:29:41 +0000
commit7aeb3e8167cb7d137c87f5f1d5c137a33ccd3925 (patch)
tree8a9e11bbc7bfc49c688ab27cbfa8db9e62586195 /src
parentb9483ecbdb9fb07cf19dd6404a4a1a6a3cd0b27e (diff)
downloadopenbsd-7aeb3e8167cb7d137c87f5f1d5c137a33ccd3925.tar.gz
openbsd-7aeb3e8167cb7d137c87f5f1d5c137a33ccd3925.tar.bz2
openbsd-7aeb3e8167cb7d137c87f5f1d5c137a33ccd3925.zip
Remove the IBM 4758 engine: we don't have this hardware and it is an
old PCI accelerator that was EOL'ed in 2005. ok deraadt@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/doc/engine.pod1
-rw-r--r--src/lib/libcrypto/engine/eng_all.c3
-rw-r--r--src/lib/libcrypto/engine/engine.h1
-rw-r--r--src/lib/libcrypto/util/libeay.num1
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_all.c3
-rw-r--r--src/lib/libssl/src/crypto/engine/engine.h1
-rw-r--r--src/lib/libssl/src/doc/crypto/engine.pod1
-rw-r--r--src/lib/libssl/src/engines/Makefile27
-rw-r--r--src/lib/libssl/src/engines/e_4758cca.c987
-rw-r--r--src/lib/libssl/src/engines/e_4758cca.ec1
-rw-r--r--src/lib/libssl/src/engines/e_4758cca_err.c153
-rw-r--r--src/lib/libssl/src/engines/e_4758cca_err.h97
-rw-r--r--src/lib/libssl/src/engines/vendor_defns/hw_4758_cca.h149
-rw-r--r--src/lib/libssl/src/util/libeay.num1
14 files changed, 4 insertions, 1422 deletions
diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod
index f5ab1c3e50..3f4acce86d 100644
--- a/src/lib/libcrypto/doc/engine.pod
+++ b/src/lib/libcrypto/doc/engine.pod
@@ -24,7 +24,6 @@ engine - ENGINE cryptographic module support
24 void ENGINE_load_openssl(void); 24 void ENGINE_load_openssl(void);
25 void ENGINE_load_dynamic(void); 25 void ENGINE_load_dynamic(void);
26 #ifndef OPENSSL_NO_STATIC_ENGINE 26 #ifndef OPENSSL_NO_STATIC_ENGINE
27 void ENGINE_load_4758cca(void);
28 void ENGINE_load_aep(void); 27 void ENGINE_load_aep(void);
29 void ENGINE_load_atalla(void); 28 void ENGINE_load_atalla(void);
30 void ENGINE_load_chil(void); 29 void ENGINE_load_chil(void);
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 6093376df4..3f96605902 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -82,9 +82,6 @@ void ENGINE_load_builtin_engines(void)
82 ENGINE_load_dynamic(); 82 ENGINE_load_dynamic();
83#ifndef OPENSSL_NO_STATIC_ENGINE 83#ifndef OPENSSL_NO_STATIC_ENGINE
84#ifndef OPENSSL_NO_HW 84#ifndef OPENSSL_NO_HW
85#ifndef OPENSSL_NO_HW_4758_CCA
86 ENGINE_load_4758cca();
87#endif
88#ifndef OPENSSL_NO_HW_AEP 85#ifndef OPENSSL_NO_HW_AEP
89 ENGINE_load_aep(); 86 ENGINE_load_aep();
90#endif 87#endif
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index f8be497724..85393f260d 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -333,7 +333,6 @@ ENGINE *ENGINE_by_id(const char *id);
333void ENGINE_load_openssl(void); 333void ENGINE_load_openssl(void);
334void ENGINE_load_dynamic(void); 334void ENGINE_load_dynamic(void);
335#ifndef OPENSSL_NO_STATIC_ENGINE 335#ifndef OPENSSL_NO_STATIC_ENGINE
336void ENGINE_load_4758cca(void);
337void ENGINE_load_aep(void); 336void ENGINE_load_aep(void);
338void ENGINE_load_atalla(void); 337void ENGINE_load_atalla(void);
339void ENGINE_load_chil(void); 338void ENGINE_load_chil(void);
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index aa86b2b8b1..39395014f3 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -2772,7 +2772,6 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION:
2772AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES 2772AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
2773AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES 2773AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
2774AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES 2774AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
2775ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
2776_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES 2775_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
2777EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES 2776EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
2778EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES 2777EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c
index 6093376df4..3f96605902 100644
--- a/src/lib/libssl/src/crypto/engine/eng_all.c
+++ b/src/lib/libssl/src/crypto/engine/eng_all.c
@@ -82,9 +82,6 @@ void ENGINE_load_builtin_engines(void)
82 ENGINE_load_dynamic(); 82 ENGINE_load_dynamic();
83#ifndef OPENSSL_NO_STATIC_ENGINE 83#ifndef OPENSSL_NO_STATIC_ENGINE
84#ifndef OPENSSL_NO_HW 84#ifndef OPENSSL_NO_HW
85#ifndef OPENSSL_NO_HW_4758_CCA
86 ENGINE_load_4758cca();
87#endif
88#ifndef OPENSSL_NO_HW_AEP 85#ifndef OPENSSL_NO_HW_AEP
89 ENGINE_load_aep(); 86 ENGINE_load_aep();
90#endif 87#endif
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h
index f8be497724..85393f260d 100644
--- a/src/lib/libssl/src/crypto/engine/engine.h
+++ b/src/lib/libssl/src/crypto/engine/engine.h
@@ -333,7 +333,6 @@ ENGINE *ENGINE_by_id(const char *id);
333void ENGINE_load_openssl(void); 333void ENGINE_load_openssl(void);
334void ENGINE_load_dynamic(void); 334void ENGINE_load_dynamic(void);
335#ifndef OPENSSL_NO_STATIC_ENGINE 335#ifndef OPENSSL_NO_STATIC_ENGINE
336void ENGINE_load_4758cca(void);
337void ENGINE_load_aep(void); 336void ENGINE_load_aep(void);
338void ENGINE_load_atalla(void); 337void ENGINE_load_atalla(void);
339void ENGINE_load_chil(void); 338void ENGINE_load_chil(void);
diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod
index f5ab1c3e50..3f4acce86d 100644
--- a/src/lib/libssl/src/doc/crypto/engine.pod
+++ b/src/lib/libssl/src/doc/crypto/engine.pod
@@ -24,7 +24,6 @@ engine - ENGINE cryptographic module support
24 void ENGINE_load_openssl(void); 24 void ENGINE_load_openssl(void);
25 void ENGINE_load_dynamic(void); 25 void ENGINE_load_dynamic(void);
26 #ifndef OPENSSL_NO_STATIC_ENGINE 26 #ifndef OPENSSL_NO_STATIC_ENGINE
27 void ENGINE_load_4758cca(void);
28 void ENGINE_load_aep(void); 27 void ENGINE_load_aep(void);
29 void ENGINE_load_atalla(void); 28 void ENGINE_load_atalla(void);
30 void ENGINE_load_chil(void); 29 void ENGINE_load_chil(void);
diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile
index 2fa9534401..e2483f3461 100644
--- a/src/lib/libssl/src/engines/Makefile
+++ b/src/lib/libssl/src/engines/Makefile
@@ -26,10 +26,9 @@ TEST=
26APPS= 26APPS=
27 27
28LIB=$(TOP)/libcrypto.a 28LIB=$(TOP)/libcrypto.a
29LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi 29LIBNAMES= aep atalla cswift gmp chil nuron sureware ubsec padlock capi
30 30
31LIBSRC= e_4758cca.c \ 31LIBSRC= e_aep.c \
32 e_aep.c \
33 e_atalla.c \ 32 e_atalla.c \
34 e_cswift.c \ 33 e_cswift.c \
35 e_gmp.c \ 34 e_gmp.c \
@@ -39,8 +38,7 @@ LIBSRC= e_4758cca.c \
39 e_ubsec.c \ 38 e_ubsec.c \
40 e_padlock.c \ 39 e_padlock.c \
41 e_capi.c 40 e_capi.c
42LIBOBJ= e_4758cca.o \ 41LIBOBJ= e_aep.o \
43 e_aep.o \
44 e_atalla.o \ 42 e_atalla.o \
45 e_cswift.o \ 43 e_cswift.o \
46 e_gmp.o \ 44 e_gmp.o \
@@ -54,8 +52,7 @@ LIBOBJ= e_4758cca.o \
54SRC= $(LIBSRC) 52SRC= $(LIBSRC)
55 53
56EXHEADER= 54EXHEADER=
57HEADER= e_4758cca_err.c e_4758cca_err.h \ 55HEADER= e_aep_err.c e_aep_err.h \
58 e_aep_err.c e_aep_err.h \
59 e_atalla_err.c e_atalla_err.h \ 56 e_atalla_err.c e_atalla_err.h \
60 e_cswift_err.c e_cswift_err.h \ 57 e_cswift_err.c e_cswift_err.h \
61 e_gmp_err.c e_gmp_err.h \ 58 e_gmp_err.c e_gmp_err.h \
@@ -164,22 +161,6 @@ clean:
164 161
165# DO NOT DELETE THIS LINE -- make depend depends on it. 162# DO NOT DELETE THIS LINE -- make depend depends on it.
166 163
167e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
168e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
169e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h
170e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
171e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
172e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
173e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
174e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
175e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
176e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
177e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h
178e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
179e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
180e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
181e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h
182e_4758cca.o: vendor_defns/hw_4758_cca.h
183e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h 164e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
184e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h 165e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
185e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h 166e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
diff --git a/src/lib/libssl/src/engines/e_4758cca.c b/src/lib/libssl/src/engines/e_4758cca.c
deleted file mode 100644
index 443182bd31..0000000000
--- a/src/lib/libssl/src/engines/e_4758cca.c
+++ /dev/null
@@ -1,987 +0,0 @@
1/* Author: Maurice Gittens <maurice@gittens.nl> */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57#include <string.h>
58#include <openssl/crypto.h>
59#include <openssl/dso.h>
60#include <openssl/x509.h>
61#include <openssl/objects.h>
62#include <openssl/engine.h>
63#include <openssl/rand.h>
64#ifndef OPENSSL_NO_RSA
65#include <openssl/rsa.h>
66#endif
67#include <openssl/bn.h>
68
69#ifndef OPENSSL_NO_HW
70#ifndef OPENSSL_NO_HW_4758_CCA
71
72#ifdef FLAT_INC
73#include "hw_4758_cca.h"
74#else
75#include "vendor_defns/hw_4758_cca.h"
76#endif
77
78#include "e_4758cca_err.c"
79
80static int ibm_4758_cca_destroy(ENGINE *e);
81static int ibm_4758_cca_init(ENGINE *e);
82static int ibm_4758_cca_finish(ENGINE *e);
83static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
84
85/* rsa functions */
86/*---------------*/
87#ifndef OPENSSL_NO_RSA
88static int cca_rsa_pub_enc(int flen, const unsigned char *from,
89 unsigned char *to, RSA *rsa,int padding);
90static int cca_rsa_priv_dec(int flen, const unsigned char *from,
91 unsigned char *to, RSA *rsa,int padding);
92static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
93 unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
94static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
95 const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
96
97/* utility functions */
98/*-----------------------*/
99static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
100 UI_METHOD *ui_method, void *callback_data);
101static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
102 UI_METHOD *ui_method, void *callback_data);
103
104static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
105 unsigned char *exponent, long *modulusLength,
106 long *modulusFieldLength, unsigned char *modulus);
107#endif
108
109/* RAND number functions */
110/*-----------------------*/
111static int cca_get_random_bytes(unsigned char*, int);
112static int cca_random_status(void);
113
114#ifndef OPENSSL_NO_RSA
115static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
116 int idx,long argl, void *argp);
117#endif
118
119/* Function pointers for CCA verbs */
120/*---------------------------------*/
121#ifndef OPENSSL_NO_RSA
122static F_KEYRECORDREAD keyRecordRead;
123static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
124static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
125static F_PUBLICKEYEXTRACT publicKeyExtract;
126static F_PKAENCRYPT pkaEncrypt;
127static F_PKADECRYPT pkaDecrypt;
128#endif
129static F_RANDOMNUMBERGENERATE randomNumberGenerate;
130
131/* static variables */
132/*------------------*/
133static const char *CCA4758_LIB_NAME = NULL;
134static const char *get_CCA4758_LIB_NAME(void)
135 {
136 if(CCA4758_LIB_NAME)
137 return CCA4758_LIB_NAME;
138 return CCA_LIB_NAME;
139 }
140static void free_CCA4758_LIB_NAME(void)
141 {
142 if(CCA4758_LIB_NAME)
143 OPENSSL_free((void*)CCA4758_LIB_NAME);
144 CCA4758_LIB_NAME = NULL;
145 }
146static long set_CCA4758_LIB_NAME(const char *name)
147 {
148 free_CCA4758_LIB_NAME();
149 return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
150 }
151#ifndef OPENSSL_NO_RSA
152static const char* n_keyRecordRead = CSNDKRR;
153static const char* n_digitalSignatureGenerate = CSNDDSG;
154static const char* n_digitalSignatureVerify = CSNDDSV;
155static const char* n_publicKeyExtract = CSNDPKX;
156static const char* n_pkaEncrypt = CSNDPKE;
157static const char* n_pkaDecrypt = CSNDPKD;
158#endif
159static const char* n_randomNumberGenerate = CSNBRNG;
160
161#ifndef OPENSSL_NO_RSA
162static int hndidx = -1;
163#endif
164static DSO *dso = NULL;
165
166/* openssl engine initialization structures */
167/*------------------------------------------*/
168
169#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
170static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
171 {CCA4758_CMD_SO_PATH,
172 "SO_PATH",
173 "Specifies the path to the '4758cca' shared library",
174 ENGINE_CMD_FLAG_STRING},
175 {0, NULL, NULL, 0}
176 };
177
178#ifndef OPENSSL_NO_RSA
179static RSA_METHOD ibm_4758_cca_rsa =
180 {
181 "IBM 4758 CCA RSA method",
182 cca_rsa_pub_enc,
183 NULL,
184 NULL,
185 cca_rsa_priv_dec,
186 NULL, /*rsa_mod_exp,*/
187 NULL, /*mod_exp_mont,*/
188 NULL, /* init */
189 NULL, /* finish */
190 RSA_FLAG_SIGN_VER, /* flags */
191 NULL, /* app_data */
192 cca_rsa_sign, /* rsa_sign */
193 cca_rsa_verify, /* rsa_verify */
194 NULL /* rsa_keygen */
195 };
196#endif
197
198static RAND_METHOD ibm_4758_cca_rand =
199 {
200 /* "IBM 4758 RAND method", */
201 NULL, /* seed */
202 cca_get_random_bytes, /* get random bytes from the card */
203 NULL, /* cleanup */
204 NULL, /* add */
205 cca_get_random_bytes, /* pseudo rand */
206 cca_random_status, /* status */
207 };
208
209static const char *engine_4758_cca_id = "4758cca";
210static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
211#ifndef OPENSSL_NO_DYNAMIC_ENGINE
212/* Compatibility hack, the dynamic library uses this form in the path */
213static const char *engine_4758_cca_id_alt = "4758_cca";
214#endif
215
216/* engine implementation */
217/*-----------------------*/
218static int bind_helper(ENGINE *e)
219 {
220 if(!ENGINE_set_id(e, engine_4758_cca_id) ||
221 !ENGINE_set_name(e, engine_4758_cca_name) ||
222#ifndef OPENSSL_NO_RSA
223 !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
224#endif
225 !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
226 !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
227 !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
228 !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
229 !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
230#ifndef OPENSSL_NO_RSA
231 !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
232 !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
233#endif
234 !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
235 return 0;
236 /* Ensure the error handling is set up */
237 ERR_load_CCA4758_strings();
238 return 1;
239 }
240
241#ifdef OPENSSL_NO_DYNAMIC_ENGINE
242static ENGINE *engine_4758_cca(void)
243 {
244 ENGINE *ret = ENGINE_new();
245 if(!ret)
246 return NULL;
247 if(!bind_helper(ret))
248 {
249 ENGINE_free(ret);
250 return NULL;
251 }
252 return ret;
253 }
254
255void ENGINE_load_4758cca(void)
256 {
257 ENGINE *e_4758 = engine_4758_cca();
258 if (!e_4758) return;
259 ENGINE_add(e_4758);
260 ENGINE_free(e_4758);
261 ERR_clear_error();
262 }
263#endif
264
265static int ibm_4758_cca_destroy(ENGINE *e)
266 {
267 ERR_unload_CCA4758_strings();
268 free_CCA4758_LIB_NAME();
269 return 1;
270 }
271
272static int ibm_4758_cca_init(ENGINE *e)
273 {
274 if(dso)
275 {
276 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
277 goto err;
278 }
279
280 dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
281 if(!dso)
282 {
283 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
284 goto err;
285 }
286
287#ifndef OPENSSL_NO_RSA
288 if(!(keyRecordRead = (F_KEYRECORDREAD)
289 DSO_bind_func(dso, n_keyRecordRead)) ||
290 !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
291 DSO_bind_func(dso, n_randomNumberGenerate)) ||
292 !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
293 DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
294 !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
295 DSO_bind_func(dso, n_digitalSignatureVerify)) ||
296 !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
297 DSO_bind_func(dso, n_publicKeyExtract)) ||
298 !(pkaEncrypt = (F_PKAENCRYPT)
299 DSO_bind_func(dso, n_pkaEncrypt)) ||
300 !(pkaDecrypt = (F_PKADECRYPT)
301 DSO_bind_func(dso, n_pkaDecrypt)))
302 {
303 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
304 goto err;
305 }
306#else
307 if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
308 DSO_bind_func(dso, n_randomNumberGenerate)))
309 {
310 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
311 goto err;
312 }
313#endif
314
315#ifndef OPENSSL_NO_RSA
316 hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
317 NULL, NULL, cca_ex_free);
318#endif
319
320 return 1;
321err:
322 if(dso)
323 DSO_free(dso);
324 dso = NULL;
325
326#ifndef OPENSSL_NO_RSA
327 keyRecordRead = (F_KEYRECORDREAD)0;
328 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
329 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
330 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
331 pkaEncrypt = (F_PKAENCRYPT)0;
332 pkaDecrypt = (F_PKADECRYPT)0;
333#endif
334 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
335 return 0;
336 }
337
338static int ibm_4758_cca_finish(ENGINE *e)
339 {
340 free_CCA4758_LIB_NAME();
341 if(!dso)
342 {
343 CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
344 CCA4758_R_NOT_LOADED);
345 return 0;
346 }
347 if(!DSO_free(dso))
348 {
349 CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
350 CCA4758_R_UNIT_FAILURE);
351 return 0;
352 }
353 dso = NULL;
354#ifndef OPENSSL_NO_RSA
355 keyRecordRead = (F_KEYRECORDREAD)0;
356 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
357 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
358 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
359 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
360 pkaEncrypt = (F_PKAENCRYPT)0;
361 pkaDecrypt = (F_PKADECRYPT)0;
362#endif
363 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
364 return 1;
365 }
366
367static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
368 {
369 int initialised = ((dso == NULL) ? 0 : 1);
370 switch(cmd)
371 {
372 case CCA4758_CMD_SO_PATH:
373 if(p == NULL)
374 {
375 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
376 ERR_R_PASSED_NULL_PARAMETER);
377 return 0;
378 }
379 if(initialised)
380 {
381 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
382 CCA4758_R_ALREADY_LOADED);
383 return 0;
384 }
385 return set_CCA4758_LIB_NAME((const char *)p);
386 default:
387 break;
388 }
389 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
390 CCA4758_R_COMMAND_NOT_IMPLEMENTED);
391 return 0;
392 }
393
394#ifndef OPENSSL_NO_RSA
395
396#define MAX_CCA_PKA_TOKEN_SIZE 2500
397
398static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
399 UI_METHOD *ui_method, void *callback_data)
400 {
401 RSA *rtmp = NULL;
402 EVP_PKEY *res = NULL;
403 unsigned char* keyToken = NULL;
404 unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
405 long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
406 long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
407 long returnCode;
408 long reasonCode;
409 long exitDataLength = 0;
410 long ruleArrayLength = 0;
411 unsigned char exitData[8];
412 unsigned char ruleArray[8];
413 unsigned char keyLabel[64];
414 unsigned long keyLabelLength = strlen(key_id);
415 unsigned char modulus[256];
416 long modulusFieldLength = sizeof(modulus);
417 long modulusLength = 0;
418 unsigned char exponent[256];
419 long exponentLength = sizeof(exponent);
420
421 if (keyLabelLength > sizeof(keyLabel))
422 {
423 CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
424 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
425 return NULL;
426 }
427
428 memset(keyLabel,' ', sizeof(keyLabel));
429 memcpy(keyLabel, key_id, keyLabelLength);
430
431 keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
432 if (!keyToken)
433 {
434 CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
435 ERR_R_MALLOC_FAILURE);
436 goto err;
437 }
438
439 keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
440 exitData, &ruleArrayLength, ruleArray, keyLabel,
441 &keyTokenLength, keyToken+sizeof(long));
442
443 if (returnCode)
444 {
445 CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
446 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
447 goto err;
448 }
449
450 publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
451 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
452 keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
453
454 if (returnCode)
455 {
456 CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
457 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
458 goto err;
459 }
460
461 if (!getModulusAndExponent(pubKeyToken, &exponentLength,
462 exponent, &modulusLength, &modulusFieldLength,
463 modulus))
464 {
465 CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
466 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
467 goto err;
468 }
469
470 (*(long*)keyToken) = keyTokenLength;
471 rtmp = RSA_new_method(e);
472 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
473
474 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
475 rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
476 rtmp->flags |= RSA_FLAG_EXT_PKEY;
477
478 res = EVP_PKEY_new();
479 EVP_PKEY_assign_RSA(res, rtmp);
480
481 return res;
482err:
483 if (keyToken)
484 OPENSSL_free(keyToken);
485 return NULL;
486 }
487
488static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
489 UI_METHOD *ui_method, void *callback_data)
490 {
491 RSA *rtmp = NULL;
492 EVP_PKEY *res = NULL;
493 unsigned char* keyToken = NULL;
494 long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
495 long returnCode;
496 long reasonCode;
497 long exitDataLength = 0;
498 long ruleArrayLength = 0;
499 unsigned char exitData[8];
500 unsigned char ruleArray[8];
501 unsigned char keyLabel[64];
502 unsigned long keyLabelLength = strlen(key_id);
503 unsigned char modulus[512];
504 long modulusFieldLength = sizeof(modulus);
505 long modulusLength = 0;
506 unsigned char exponent[512];
507 long exponentLength = sizeof(exponent);
508
509 if (keyLabelLength > sizeof(keyLabel))
510 {
511 CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
512 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
513 return NULL;
514 }
515
516 memset(keyLabel,' ', sizeof(keyLabel));
517 memcpy(keyLabel, key_id, keyLabelLength);
518
519 keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
520 if (!keyToken)
521 {
522 CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
523 ERR_R_MALLOC_FAILURE);
524 goto err;
525 }
526
527 keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
528 &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
529 keyToken+sizeof(long));
530
531 if (returnCode)
532 {
533 CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
534 ERR_R_MALLOC_FAILURE);
535 goto err;
536 }
537
538 if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
539 exponent, &modulusLength, &modulusFieldLength, modulus))
540 {
541 CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
542 CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
543 goto err;
544 }
545
546 (*(long*)keyToken) = keyTokenLength;
547 rtmp = RSA_new_method(e);
548 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
549 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
550 rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
551 rtmp->flags |= RSA_FLAG_EXT_PKEY;
552 res = EVP_PKEY_new();
553 EVP_PKEY_assign_RSA(res, rtmp);
554
555 return res;
556err:
557 if (keyToken)
558 OPENSSL_free(keyToken);
559 return NULL;
560 }
561
562static int cca_rsa_pub_enc(int flen, const unsigned char *from,
563 unsigned char *to, RSA *rsa,int padding)
564 {
565 long returnCode;
566 long reasonCode;
567 long lflen = flen;
568 long exitDataLength = 0;
569 unsigned char exitData[8];
570 long ruleArrayLength = 1;
571 unsigned char ruleArray[8] = "PKCS-1.2";
572 long dataStructureLength = 0;
573 unsigned char dataStructure[8];
574 long outputLength = RSA_size(rsa);
575 long keyTokenLength;
576 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
577
578 keyTokenLength = *(long*)keyToken;
579 keyToken+=sizeof(long);
580
581 pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
582 &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
583 &dataStructureLength, dataStructure, &keyTokenLength,
584 keyToken, &outputLength, to);
585
586 if (returnCode || reasonCode)
587 return -(returnCode << 16 | reasonCode);
588 return outputLength;
589 }
590
591static int cca_rsa_priv_dec(int flen, const unsigned char *from,
592 unsigned char *to, RSA *rsa,int padding)
593 {
594 long returnCode;
595 long reasonCode;
596 long lflen = flen;
597 long exitDataLength = 0;
598 unsigned char exitData[8];
599 long ruleArrayLength = 1;
600 unsigned char ruleArray[8] = "PKCS-1.2";
601 long dataStructureLength = 0;
602 unsigned char dataStructure[8];
603 long outputLength = RSA_size(rsa);
604 long keyTokenLength;
605 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
606
607 keyTokenLength = *(long*)keyToken;
608 keyToken+=sizeof(long);
609
610 pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
611 &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
612 &dataStructureLength, dataStructure, &keyTokenLength,
613 keyToken, &outputLength, to);
614
615 return (returnCode | reasonCode) ? 0 : 1;
616 }
617
618#define SSL_SIG_LEN 36
619
620static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
621 const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
622 {
623 long returnCode;
624 long reasonCode;
625 long lsiglen = siglen;
626 long exitDataLength = 0;
627 unsigned char exitData[8];
628 long ruleArrayLength = 1;
629 unsigned char ruleArray[8] = "PKCS-1.1";
630 long keyTokenLength;
631 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
632 long length = SSL_SIG_LEN;
633 long keyLength ;
634 unsigned char *hashBuffer = NULL;
635 X509_SIG sig;
636 ASN1_TYPE parameter;
637 X509_ALGOR algorithm;
638 ASN1_OCTET_STRING digest;
639
640 keyTokenLength = *(long*)keyToken;
641 keyToken+=sizeof(long);
642
643 if (type == NID_md5 || type == NID_sha1)
644 {
645 sig.algor = &algorithm;
646 algorithm.algorithm = OBJ_nid2obj(type);
647
648 if (!algorithm.algorithm)
649 {
650 CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
651 CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
652 return 0;
653 }
654
655 if (!algorithm.algorithm->length)
656 {
657 CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
658 CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
659 return 0;
660 }
661
662 parameter.type = V_ASN1_NULL;
663 parameter.value.ptr = NULL;
664 algorithm.parameter = &parameter;
665
666 sig.digest = &digest;
667 sig.digest->data = (unsigned char*)m;
668 sig.digest->length = m_len;
669
670 length = i2d_X509_SIG(&sig, NULL);
671 }
672
673 keyLength = RSA_size(rsa);
674
675 if (length - RSA_PKCS1_PADDING > keyLength)
676 {
677 CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
678 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
679 return 0;
680 }
681
682 switch (type)
683 {
684 case NID_md5_sha1 :
685 if (m_len != SSL_SIG_LEN)
686 {
687 CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
688 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
689 return 0;
690 }
691
692 hashBuffer = (unsigned char *)m;
693 length = m_len;
694 break;
695 case NID_md5 :
696 {
697 unsigned char *ptr;
698 ptr = hashBuffer = OPENSSL_malloc(
699 (unsigned int)keyLength+1);
700 if (!hashBuffer)
701 {
702 CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
703 ERR_R_MALLOC_FAILURE);
704 return 0;
705 }
706
707 i2d_X509_SIG(&sig, &ptr);
708 }
709 break;
710 case NID_sha1 :
711 {
712 unsigned char *ptr;
713 ptr = hashBuffer = OPENSSL_malloc(
714 (unsigned int)keyLength+1);
715 if (!hashBuffer)
716 {
717 CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
718 ERR_R_MALLOC_FAILURE);
719 return 0;
720 }
721 i2d_X509_SIG(&sig, &ptr);
722 }
723 break;
724 default:
725 return 0;
726 }
727
728 digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
729 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
730 keyToken, &length, hashBuffer, &lsiglen,
731 (unsigned char *)sigbuf);
732
733 if (type == NID_sha1 || type == NID_md5)
734 {
735 OPENSSL_cleanse(hashBuffer, keyLength+1);
736 OPENSSL_free(hashBuffer);
737 }
738
739 return ((returnCode || reasonCode) ? 0 : 1);
740 }
741
742#define SSL_SIG_LEN 36
743
744static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
745 unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
746 {
747 long returnCode;
748 long reasonCode;
749 long exitDataLength = 0;
750 unsigned char exitData[8];
751 long ruleArrayLength = 1;
752 unsigned char ruleArray[8] = "PKCS-1.1";
753 long outputLength=256;
754 long outputBitLength;
755 long keyTokenLength;
756 unsigned char *hashBuffer = NULL;
757 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
758 long length = SSL_SIG_LEN;
759 long keyLength ;
760 X509_SIG sig;
761 ASN1_TYPE parameter;
762 X509_ALGOR algorithm;
763 ASN1_OCTET_STRING digest;
764
765 keyTokenLength = *(long*)keyToken;
766 keyToken+=sizeof(long);
767
768 if (type == NID_md5 || type == NID_sha1)
769 {
770 sig.algor = &algorithm;
771 algorithm.algorithm = OBJ_nid2obj(type);
772
773 if (!algorithm.algorithm)
774 {
775 CCA4758err(CCA4758_F_CCA_RSA_SIGN,
776 CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
777 return 0;
778 }
779
780 if (!algorithm.algorithm->length)
781 {
782 CCA4758err(CCA4758_F_CCA_RSA_SIGN,
783 CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
784 return 0;
785 }
786
787 parameter.type = V_ASN1_NULL;
788 parameter.value.ptr = NULL;
789 algorithm.parameter = &parameter;
790
791 sig.digest = &digest;
792 sig.digest->data = (unsigned char*)m;
793 sig.digest->length = m_len;
794
795 length = i2d_X509_SIG(&sig, NULL);
796 }
797
798 keyLength = RSA_size(rsa);
799
800 if (length - RSA_PKCS1_PADDING > keyLength)
801 {
802 CCA4758err(CCA4758_F_CCA_RSA_SIGN,
803 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
804 return 0;
805 }
806
807 switch (type)
808 {
809 case NID_md5_sha1 :
810 if (m_len != SSL_SIG_LEN)
811 {
812 CCA4758err(CCA4758_F_CCA_RSA_SIGN,
813 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
814 return 0;
815 }
816 hashBuffer = (unsigned char*)m;
817 length = m_len;
818 break;
819 case NID_md5 :
820 {
821 unsigned char *ptr;
822 ptr = hashBuffer = OPENSSL_malloc(
823 (unsigned int)keyLength+1);
824 if (!hashBuffer)
825 {
826 CCA4758err(CCA4758_F_CCA_RSA_SIGN,
827 ERR_R_MALLOC_FAILURE);
828 return 0;
829 }
830 i2d_X509_SIG(&sig, &ptr);
831 }
832 break;
833 case NID_sha1 :
834 {
835 unsigned char *ptr;
836 ptr = hashBuffer = OPENSSL_malloc(
837 (unsigned int)keyLength+1);
838 if (!hashBuffer)
839 {
840 CCA4758err(CCA4758_F_CCA_RSA_SIGN,
841 ERR_R_MALLOC_FAILURE);
842 return 0;
843 }
844 i2d_X509_SIG(&sig, &ptr);
845 }
846 break;
847 default:
848 return 0;
849 }
850
851 digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
852 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
853 keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
854 sigret);
855
856 if (type == NID_sha1 || type == NID_md5)
857 {
858 OPENSSL_cleanse(hashBuffer, keyLength+1);
859 OPENSSL_free(hashBuffer);
860 }
861
862 *siglen = outputLength;
863
864 return ((returnCode || reasonCode) ? 0 : 1);
865 }
866
867static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
868 unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
869 unsigned char *modulus)
870 {
871 unsigned long len;
872
873 if (*token++ != (char)0x1E) /* internal PKA token? */
874 return 0;
875
876 if (*token++) /* token version must be zero */
877 return 0;
878
879 len = *token++;
880 len = len << 8;
881 len |= (unsigned char)*token++;
882
883 token += 4; /* skip reserved bytes */
884
885 if (*token++ == (char)0x04)
886 {
887 if (*token++) /* token version must be zero */
888 return 0;
889
890 len = *token++;
891 len = len << 8;
892 len |= (unsigned char)*token++;
893
894 token+=2; /* skip reserved section */
895
896 len = *token++;
897 len = len << 8;
898 len |= (unsigned char)*token++;
899
900 *exponentLength = len;
901
902 len = *token++;
903 len = len << 8;
904 len |= (unsigned char)*token++;
905
906 *modulusLength = len;
907
908 len = *token++;
909 len = len << 8;
910 len |= (unsigned char)*token++;
911
912 *modulusFieldLength = len;
913
914 memcpy(exponent, token, *exponentLength);
915 token+= *exponentLength;
916
917 memcpy(modulus, token, *modulusFieldLength);
918 return 1;
919 }
920 return 0;
921 }
922
923#endif /* OPENSSL_NO_RSA */
924
925static int cca_random_status(void)
926 {
927 return 1;
928 }
929
930static int cca_get_random_bytes(unsigned char* buf, int num)
931 {
932 long ret_code;
933 long reason_code;
934 long exit_data_length;
935 unsigned char exit_data[4];
936 unsigned char form[] = "RANDOM ";
937 unsigned char rand_buf[8];
938
939 while(num >= (int)sizeof(rand_buf))
940 {
941 randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
942 exit_data, form, rand_buf);
943 if (ret_code)
944 return 0;
945 num -= sizeof(rand_buf);
946 memcpy(buf, rand_buf, sizeof(rand_buf));
947 buf += sizeof(rand_buf);
948 }
949
950 if (num)
951 {
952 randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
953 form, rand_buf);
954 if (ret_code)
955 return 0;
956 memcpy(buf, rand_buf, num);
957 }
958
959 return 1;
960 }
961
962#ifndef OPENSSL_NO_RSA
963static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
964 long argl, void *argp)
965 {
966 if (item)
967 OPENSSL_free(item);
968 }
969#endif
970
971/* Goo to handle building as a dynamic engine */
972#ifndef OPENSSL_NO_DYNAMIC_ENGINE
973static int bind_fn(ENGINE *e, const char *id)
974 {
975 if(id && (strcmp(id, engine_4758_cca_id) != 0) &&
976 (strcmp(id, engine_4758_cca_id_alt) != 0))
977 return 0;
978 if(!bind_helper(e))
979 return 0;
980 return 1;
981 }
982IMPLEMENT_DYNAMIC_CHECK_FN()
983IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
984#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
985
986#endif /* !OPENSSL_NO_HW_4758_CCA */
987#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/engines/e_4758cca.ec b/src/lib/libssl/src/engines/e_4758cca.ec
deleted file mode 100644
index f30ed02c05..0000000000
--- a/src/lib/libssl/src/engines/e_4758cca.ec
+++ /dev/null
@@ -1 +0,0 @@
1L CCA4758 e_4758cca_err.h e_4758cca_err.c
diff --git a/src/lib/libssl/src/engines/e_4758cca_err.c b/src/lib/libssl/src/engines/e_4758cca_err.c
deleted file mode 100644
index 6ecdc6e627..0000000000
--- a/src/lib/libssl/src/engines/e_4758cca_err.c
+++ /dev/null
@@ -1,153 +0,0 @@
1/* e_4758cca_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "e_4758cca_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(0,func,0)
69#define ERR_REASON(reason) ERR_PACK(0,0,reason)
70
71static ERR_STRING_DATA CCA4758_str_functs[]=
72 {
73{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
74{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
75{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
76{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
77{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
78{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
79{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
80{0,NULL}
81 };
82
83static ERR_STRING_DATA CCA4758_str_reasons[]=
84 {
85{ERR_REASON(CCA4758_R_ALREADY_LOADED) ,"already loaded"},
86{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),"asn1 oid unknown for md"},
87{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),"command not implemented"},
88{ERR_REASON(CCA4758_R_DSO_FAILURE) ,"dso failure"},
89{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
90{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
91{ERR_REASON(CCA4758_R_NOT_LOADED) ,"not loaded"},
92{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
93{ERR_REASON(CCA4758_R_UNIT_FAILURE) ,"unit failure"},
94{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
95{0,NULL}
96 };
97
98#endif
99
100#ifdef CCA4758_LIB_NAME
101static ERR_STRING_DATA CCA4758_lib_name[]=
102 {
103{0 ,CCA4758_LIB_NAME},
104{0,NULL}
105 };
106#endif
107
108
109static int CCA4758_lib_error_code=0;
110static int CCA4758_error_init=1;
111
112static void ERR_load_CCA4758_strings(void)
113 {
114 if (CCA4758_lib_error_code == 0)
115 CCA4758_lib_error_code=ERR_get_next_error_library();
116
117 if (CCA4758_error_init)
118 {
119 CCA4758_error_init=0;
120#ifndef OPENSSL_NO_ERR
121 ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
122 ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
123#endif
124
125#ifdef CCA4758_LIB_NAME
126 CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
127 ERR_load_strings(0,CCA4758_lib_name);
128#endif
129 }
130 }
131
132static void ERR_unload_CCA4758_strings(void)
133 {
134 if (CCA4758_error_init == 0)
135 {
136#ifndef OPENSSL_NO_ERR
137 ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
138 ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
139#endif
140
141#ifdef CCA4758_LIB_NAME
142 ERR_unload_strings(0,CCA4758_lib_name);
143#endif
144 CCA4758_error_init=1;
145 }
146 }
147
148static void ERR_CCA4758_error(int function, int reason, char *file, int line)
149 {
150 if (CCA4758_lib_error_code == 0)
151 CCA4758_lib_error_code=ERR_get_next_error_library();
152 ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
153 }
diff --git a/src/lib/libssl/src/engines/e_4758cca_err.h b/src/lib/libssl/src/engines/e_4758cca_err.h
deleted file mode 100644
index 26087edbfa..0000000000
--- a/src/lib/libssl/src/engines/e_4758cca_err.h
+++ /dev/null
@@ -1,97 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CCA4758_ERR_H
56#define HEADER_CCA4758_ERR_H
57
58#ifdef __cplusplus
59extern "C" {
60#endif
61
62/* BEGIN ERROR CODES */
63/* The following lines are auto generated by the script mkerr.pl. Any changes
64 * made after this point may be overwritten when the script is next run.
65 */
66static void ERR_load_CCA4758_strings(void);
67static void ERR_unload_CCA4758_strings(void);
68static void ERR_CCA4758_error(int function, int reason, char *file, int line);
69#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
70
71/* Error codes for the CCA4758 functions. */
72
73/* Function codes. */
74#define CCA4758_F_CCA_RSA_SIGN 105
75#define CCA4758_F_CCA_RSA_VERIFY 106
76#define CCA4758_F_IBM_4758_CCA_CTRL 100
77#define CCA4758_F_IBM_4758_CCA_FINISH 101
78#define CCA4758_F_IBM_4758_CCA_INIT 102
79#define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
80#define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
81
82/* Reason codes. */
83#define CCA4758_R_ALREADY_LOADED 100
84#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
85#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
86#define CCA4758_R_DSO_FAILURE 103
87#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
88#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
89#define CCA4758_R_NOT_LOADED 106
90#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
91#define CCA4758_R_UNIT_FAILURE 108
92#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
93
94#ifdef __cplusplus
95}
96#endif
97#endif
diff --git a/src/lib/libssl/src/engines/vendor_defns/hw_4758_cca.h b/src/lib/libssl/src/engines/vendor_defns/hw_4758_cca.h
deleted file mode 100644
index 296636e81a..0000000000
--- a/src/lib/libssl/src/engines/vendor_defns/hw_4758_cca.h
+++ /dev/null
@@ -1,149 +0,0 @@
1/**********************************************************************/
2/* */
3/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
4/* */
5/* Maurice Gittens <maurice@gittens.nl> */
6/* */
7/**********************************************************************/
8
9#ifndef __HW_4758_CCA__
10#define __HW_4758_CCA__
11
12/*
13 * Only WIN32 support for now
14 */
15#if defined(WIN32)
16
17 #define CCA_LIB_NAME "CSUNSAPI"
18
19 #define CSNDPKX "CSNDPKX_32"
20 #define CSNDKRR "CSNDKRR_32"
21 #define CSNDPKE "CSNDPKE_32"
22 #define CSNDPKD "CSNDPKD_32"
23 #define CSNDDSV "CSNDDSV_32"
24 #define CSNDDSG "CSNDDSG_32"
25 #define CSNBRNG "CSNBRNG_32"
26
27 #define SECURITYAPI __stdcall
28#else
29 /* Fixme!!
30 Find out the values of these constants for other platforms.
31 */
32 #define CCA_LIB_NAME "CSUNSAPI"
33
34 #define CSNDPKX "CSNDPKX"
35 #define CSNDKRR "CSNDKRR"
36 #define CSNDPKE "CSNDPKE"
37 #define CSNDPKD "CSNDPKD"
38 #define CSNDDSV "CSNDDSV"
39 #define CSNDDSG "CSNDDSG"
40 #define CSNBRNG "CSNBRNG"
41
42 #define SECURITYAPI
43#endif
44
45/*
46 * security API prototypes
47 */
48
49/* PKA Key Record Read */
50typedef void (SECURITYAPI *F_KEYRECORDREAD)
51 (long * return_code,
52 long * reason_code,
53 long * exit_data_length,
54 unsigned char * exit_data,
55 long * rule_array_count,
56 unsigned char * rule_array,
57 unsigned char * key_label,
58 long * key_token_length,
59 unsigned char * key_token);
60
61/* Random Number Generate */
62typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
63 (long * return_code,
64 long * reason_code,
65 long * exit_data_length,
66 unsigned char * exit_data,
67 unsigned char * form,
68 unsigned char * random_number);
69
70/* Digital Signature Generate */
71typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
72 (long * return_code,
73 long * reason_code,
74 long * exit_data_length,
75 unsigned char * exit_data,
76 long * rule_array_count,
77 unsigned char * rule_array,
78 long * PKA_private_key_id_length,
79 unsigned char * PKA_private_key_id,
80 long * hash_length,
81 unsigned char * hash,
82 long * signature_field_length,
83 long * signature_bit_length,
84 unsigned char * signature_field);
85
86/* Digital Signature Verify */
87typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
88 long * return_code,
89 long * reason_code,
90 long * exit_data_length,
91 unsigned char * exit_data,
92 long * rule_array_count,
93 unsigned char * rule_array,
94 long * PKA_public_key_id_length,
95 unsigned char * PKA_public_key_id,
96 long * hash_length,
97 unsigned char * hash,
98 long * signature_field_length,
99 unsigned char * signature_field);
100
101/* PKA Public Key Extract */
102typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
103 long * return_code,
104 long * reason_code,
105 long * exit_data_length,
106 unsigned char * exit_data,
107 long * rule_array_count,
108 unsigned char * rule_array,
109 long * source_key_identifier_length,
110 unsigned char * source_key_identifier,
111 long * target_key_token_length,
112 unsigned char * target_key_token);
113
114/* PKA Encrypt */
115typedef void (SECURITYAPI *F_PKAENCRYPT)
116 (long * return_code,
117 long * reason_code,
118 long * exit_data_length,
119 unsigned char * exit_data,
120 long * rule_array_count,
121 unsigned char * rule_array,
122 long * key_value_length,
123 unsigned char * key_value,
124 long * data_struct_length,
125 unsigned char * data_struct,
126 long * RSA_public_key_length,
127 unsigned char * RSA_public_key,
128 long * RSA_encipher_length,
129 unsigned char * RSA_encipher );
130
131/* PKA Decrypt */
132typedef void (SECURITYAPI *F_PKADECRYPT)
133 (long * return_code,
134 long * reason_code,
135 long * exit_data_length,
136 unsigned char * exit_data,
137 long * rule_array_count,
138 unsigned char * rule_array,
139 long * enciphered_key_length,
140 unsigned char * enciphered_key,
141 long * data_struct_length,
142 unsigned char * data_struct,
143 long * RSA_private_key_length,
144 unsigned char * RSA_private_key,
145 long * key_value_length,
146 unsigned char * key_value );
147
148
149#endif
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index aa86b2b8b1..39395014f3 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -2772,7 +2772,6 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION:
2772AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES 2772AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
2773AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES 2773AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
2774AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES 2774AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
2775ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
2776_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES 2775_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
2777EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES 2776EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
2778EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES 2777EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 12:43:19 +0000