summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/util/pod2mantest22
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h35
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c718
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c151
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h95
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c917
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c154
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h98
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h189
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/Makefile2
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/rsaref.c6
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.c1736
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.h160
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c151
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h95
-rw-r--r--src/lib/libssl/src/doc/crypto/engine.pod621
-rw-r--r--src/lib/libssl/src/test/dummytest.c5
-rw-r--r--src/lib/libssl/src/util/pod2mantest22
-rw-r--r--src/lib/libssl/test/dummytest.c5
25 files changed, 5522 insertions, 26 deletions
diff --git a/src/lib/libcrypto/util/pod2mantest b/src/lib/libcrypto/util/pod2mantest
index e01c6192a7..412ca8d6d8 100644
--- a/src/lib/libcrypto/util/pod2mantest
+++ b/src/lib/libcrypto/util/pod2mantest
@@ -12,7 +12,8 @@
12 12
13IFS=: 13IFS=:
14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi 14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
15try_without_dir=false 15
16try_without_dir=true
16# First we try "pod2man", then "$dir/pod2man" for each item in $PATH. 17# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
17for dir in dummy${IFS}$PATH; do 18for dir in dummy${IFS}$PATH; do
18 if [ "$try_without_dir" = true ]; then 19 if [ "$try_without_dir" = true ]; then
@@ -30,9 +31,16 @@ for dir in dummy${IFS}$PATH; do
30 if [ ! "$pod2man" = '' ]; then 31 if [ ! "$pod2man" = '' ]; then
31 failure=none 32 failure=none
32 33
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
35 :
36 else
37 failure=BasicTest
38 fi
33 39
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then 40 if [ "$failure" = none ]; then
35 failure=MultilineTest 41 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
42 failure=MultilineTest
43 fi
36 fi 44 fi
37 45
38 46
@@ -46,9 +54,5 @@ for dir in dummy${IFS}$PATH; do
46done 54done
47 55
48echo "No working pod2man found. Consider installing a new version." >&2 56echo "No working pod2man found. Consider installing a new version." >&2
49if [ "$1" = ignore ]; then 57echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
50 echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 58echo "$1 ../../util/pod2man.pl"
51 echo "../../util/pod2man.pl"
52 exit 0
53fi
54exit 1
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/Makefile b/src/lib/libssl/src/demos/engines/cluster_labs/Makefile
new file mode 100644
index 0000000000..956193f093
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/Makefile
@@ -0,0 +1,114 @@
1LIBNAME= libclabs
2SRC= hw_cluster_labs.c
3OBJ= hw_cluster_labs.o
4HEADER= hw_cluster_labs.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
30 -nostatic -staticloader -write hw_cluster_labs.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h b/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h
new file mode 100644
index 0000000000..d0926796f0
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h
@@ -0,0 +1,35 @@
1typedef int cl_engine_init(void);
2typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
3 const BIGNUM *m, BN_CTX *cgx);
4typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
5 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
6 const BIGNUM *iqmp, BN_CTX *ctx);
7typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
8typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
9 unsigned char *to, RSA *rsa, int padding);
10typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
11 unsigned char *to, RSA *rsa, int padding);
12typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
13 unsigned char *to, RSA *rsa, int padding);
14typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
15 unsigned char *to, RSA *rsa, int padding);
16typedef int cl_rand_bytes(unsigned char *buf, int num);
17typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
18typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
19 DSA_SIG *sig, DSA *dsa);
20
21
22static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
23static const char *CLUSTER_LABS_F1 = "hw_engine_init";
24static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
25static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
26static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
27static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
28static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
29static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
30static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
31static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
32static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
33static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";
34
35
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
new file mode 100644
index 0000000000..00c14f2755
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
@@ -0,0 +1,718 @@
1/* crypto/engine/hw_cluster_labs.c */
2/* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com
3 * for the OpenSSL project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#define MSC_VER /* only used cryptic.h */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include <openssl/dso.h>
64#include <openssl/des.h>
65#include <openssl/engine.h>
66
67#ifndef NO_HW
68#ifndef NO_HW_CLUSTER_LABS
69
70#ifdef FLAT_INC
71#include "cluster_labs.h"
72#else
73#include "vendor_defns/cluster_labs.h"
74#endif
75
76#define CL_LIB_NAME "cluster_labs engine"
77#include "hw_cluster_labs_err.c"
78
79
80static int cluster_labs_destroy(ENGINE *e);
81static int cluster_labs_init(ENGINE *e);
82static int cluster_labs_finish(ENGINE *e);
83static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
84
85
86/* BIGNUM stuff */
87/* This function is aliased to mod_exp (with the mont stuff dropped). */
88static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
89 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
90
91/* RSA stuff */
92#ifndef OPENSSL_NO_RSA
93static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
94 unsigned char *to, RSA *rsa, int padding);
95static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
96 unsigned char *to, RSA *rsa, int padding);
97static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
98 unsigned char *to, RSA *rsa, int padding);
99static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
100 unsigned char *to, RSA *rsa, int padding);
101static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
102#endif
103
104/* DSA stuff */
105#ifndef OPENSSL_NO_DSA
106DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
107static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
108 DSA_SIG *sig, DSA *dsa);
109static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
110 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
111 BN_CTX *ctx, BN_MONT_CTX *in_mont);
112static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
113 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
114 BN_MONT_CTX *m_ctx);
115#endif
116
117/* DH stuff */
118#ifndef OPENSSL_NO_DH
119/* This function is alised to mod_exp (with the DH and mont dropped). */
120static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
121 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
122#endif
123
124/* RANDOM stuff */
125static int cluster_labs_rand_bytes(unsigned char *buf, int num);
126
127/* The definitions for control commands specific to this engine */
128#define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
129static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =
130 {
131 { CLUSTER_LABS_CMD_SO_PATH,
132 "SO_PATH",
133 "Specifies the path to the 'cluster labs' shared library",
134 ENGINE_CMD_FLAG_STRING
135 },
136 {0, NULL, NULL, 0}
137 };
138
139/* Our internal RSA_METHOD that we provide pointers to */
140#ifndef OPENSSL_NO_RSA
141static RSA_METHOD cluster_labs_rsa =
142 {
143 "Cluster Labs RSA method",
144 cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
145 cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
146 cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
147 cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
148 cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
149 cluster_labs_mod_exp_mont, /* bn_mod_exp */
150 NULL, /* init */
151 NULL, /* finish */
152 0, /* flags */
153 NULL, /* apps_data */
154 NULL, /* rsa_sign */
155 NULL /* rsa_verify */
156 };
157#endif
158
159/* Our internal DSA_METHOD that we provide pointers to */
160#ifndef OPENSSL_NO_DSA
161static DSA_METHOD cluster_labs_dsa =
162 {
163 "Cluster Labs DSA method",
164 cluster_labs_dsa_sign, /* dsa_do_sign */
165 NULL, /* dsa_sign_setup */
166 cluster_labs_dsa_verify, /* dsa_do_verify */
167 cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
168 cluster_labs_mod_exp_dsa, /* bn_mod_exp */
169 NULL, /* init */
170 NULL, /* finish */
171 0, /* flags */
172 NULL /* app_data */
173 };
174#endif
175
176/* Our internal DH_METHOD that we provide pointers to */
177#ifndef OPENSSL_NO_DH
178static DH_METHOD cluster_labs_dh =
179 {
180 "Cluster Labs DH method",
181 NULL, /* generate key */
182 NULL, /* compute key */
183 cluster_labs_mod_exp_dh, /* bn_mod_exp */
184 NULL, /* init */
185 NULL, /* finish */
186 0, /* flags */
187 NULL /* app_data */
188 };
189#endif
190
191static RAND_METHOD cluster_labs_rand =
192 {
193 /* "Cluster Labs RAND method", */
194 NULL, /* seed */
195 cluster_labs_rand_bytes, /* bytes */
196 NULL, /* cleanup */
197 NULL, /* add */
198 cluster_labs_rand_bytes, /* pseudorand */
199 NULL, /* status */
200 };
201
202static const char *engine_cluster_labs_id = "cluster_labs";
203static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";
204
205/* engine implementation */
206/*-----------------------*/
207static int bind_helper(ENGINE *e)
208 {
209
210 if(!ENGINE_set_id(e, engine_cluster_labs_id) ||
211 !ENGINE_set_name(e, engine_cluster_labs_name) ||
212#ifndef OPENSSL_NO_RSA
213 !ENGINE_set_RSA(e, &cluster_labs_rsa) ||
214#endif
215#ifndef OPENSSL_NO_DSA
216 !ENGINE_set_DSA(e, &cluster_labs_dsa) ||
217#endif
218#ifndef OPENSSL_NO_DH
219 !ENGINE_set_DH(e, &cluster_labs_dh) ||
220#endif
221 !ENGINE_set_RAND(e, &cluster_labs_rand) ||
222 !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
223 !ENGINE_set_init_function(e, cluster_labs_init) ||
224 !ENGINE_set_finish_function(e, cluster_labs_finish) ||
225 !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
226 !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
227 return 0;
228 /* Ensure the error handling is set up */
229 ERR_load_CL_strings();
230 return 1;
231 }
232
233#ifndef ENGINE_DYNAMIC_SUPPORT
234static ENGINE *engine_cluster_labs(void)
235 {
236 ENGINE *ret = ENGINE_new();
237
238 if(!ret)
239 return NULL;
240 if(!bind_helper(ret))
241 {
242 ENGINE_free(ret);
243 return NULL;
244 }
245 return ret;
246 }
247
248void ENGINE_load_cluster_labs(void)
249 {
250
251 ENGINE *cluster_labs = engine_cluster_labs();
252
253 if(!cluster_labs) return;
254 ENGINE_add(cluster_labs);
255 ENGINE_free(cluster_labs);
256 ERR_clear_error();
257 }
258#endif /* !ENGINE_DYNAMIC_SUPPORT */
259
260static int cluster_labs_destroy(ENGINE *e)
261 {
262
263 ERR_unload_CL_strings();
264 return 1;
265 }
266
267
268
269/* This is a process-global DSO handle used for loading and unloading
270 * the Cluster Labs library. NB: This is only set (or unset) during an
271 * init() or finish() call (reference counts permitting) and they're
272 * operating with global locks, so this should be thread-safe
273 * implicitly. */
274static DSO *cluster_labs_dso = NULL;
275
276/* These are the function pointers that are (un)set when the library has
277 * successfully (un)loaded. */
278static cl_engine_init *p_cl_engine_init = NULL;
279static cl_mod_exp *p_cl_mod_exp = NULL;
280static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
281static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
282static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
283static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
284static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
285static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
286static cl_rand_bytes *p_cl_rand_bytes = NULL;
287static cl_dsa_sign *p_cl_dsa_sign = NULL;
288static cl_dsa_verify *p_cl_dsa_verify = NULL;
289
290
291int cluster_labs_init(ENGINE *e)
292 {
293
294 cl_engine_init *p1;
295 cl_mod_exp *p2;
296 cl_mod_exp_crt *p3;
297 cl_rsa_mod_exp *p4;
298 cl_rsa_priv_enc *p5;
299 cl_rsa_priv_dec *p6;
300 cl_rsa_pub_enc *p7;
301 cl_rsa_pub_dec *p8;
302 cl_rand_bytes *p20;
303 cl_dsa_sign *p30;
304 cl_dsa_verify *p31;
305
306 /* engine already loaded */
307 if(cluster_labs_dso != NULL)
308 {
309 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);
310 goto err;
311 }
312 /* try to load engine */
313 cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);
314 if(cluster_labs_dso == NULL)
315 {
316 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
317 goto err;
318 }
319 /* bind functions */
320 if( !(p1 = (cl_engine_init *)DSO_bind_func(
321 cluster_labs_dso, CLUSTER_LABS_F1)) ||
322 !(p2 = (cl_mod_exp *)DSO_bind_func(
323 cluster_labs_dso, CLUSTER_LABS_F2)) ||
324 !(p3 = (cl_mod_exp_crt *)DSO_bind_func(
325 cluster_labs_dso, CLUSTER_LABS_F3)) ||
326 !(p4 = (cl_rsa_mod_exp *)DSO_bind_func(
327 cluster_labs_dso, CLUSTER_LABS_F4)) ||
328 !(p5 = (cl_rsa_priv_enc *)DSO_bind_func(
329 cluster_labs_dso, CLUSTER_LABS_F5)) ||
330 !(p6 = (cl_rsa_priv_dec *)DSO_bind_func(
331 cluster_labs_dso, CLUSTER_LABS_F6)) ||
332 !(p7 = (cl_rsa_pub_enc *)DSO_bind_func(
333 cluster_labs_dso, CLUSTER_LABS_F7)) ||
334 !(p8 = (cl_rsa_pub_dec *)DSO_bind_func(
335 cluster_labs_dso, CLUSTER_LABS_F8)) ||
336 !(p20= (cl_rand_bytes *)DSO_bind_func(
337 cluster_labs_dso, CLUSTER_LABS_F20)) ||
338 !(p30= (cl_dsa_sign *)DSO_bind_func(
339 cluster_labs_dso, CLUSTER_LABS_F30)) ||
340 !(p31= (cl_dsa_verify *)DSO_bind_func(
341 cluster_labs_dso, CLUSTER_LABS_F31)))
342 {
343 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
344 goto err;
345 }
346
347 /* copy function pointers */
348 p_cl_engine_init = p1;
349 p_cl_mod_exp = p2;
350 p_cl_mod_exp_crt = p3;
351 p_cl_rsa_mod_exp = p4;
352 p_cl_rsa_priv_enc = p5;
353 p_cl_rsa_priv_dec = p6;
354 p_cl_rsa_pub_enc = p7;
355 p_cl_rsa_pub_dec = p8;
356 p_cl_rand_bytes = p20;
357 p_cl_dsa_sign = p30;
358 p_cl_dsa_verify = p31;
359
360
361
362 /* cluster labs engine init */
363 if(p_cl_engine_init()== 0){
364 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);
365 goto err;
366 }
367
368 return(1);
369
370err:
371 /* reset all pointers */
372 if(cluster_labs_dso)
373 DSO_free(cluster_labs_dso);
374
375 cluster_labs_dso = NULL;
376 p_cl_engine_init = NULL;
377 p_cl_mod_exp = NULL;
378 p_cl_mod_exp_crt = NULL;
379 p_cl_rsa_mod_exp = NULL;
380 p_cl_rsa_priv_enc = NULL;
381 p_cl_rsa_priv_dec = NULL;
382 p_cl_rsa_pub_enc = NULL;
383 p_cl_rsa_pub_dec = NULL;
384 p_cl_rand_bytes = NULL;
385 p_cl_dsa_sign = NULL;
386 p_cl_dsa_verify = NULL;
387
388 return(0);
389 }
390
391
392static int cluster_labs_finish(ENGINE *e)
393 {
394
395 if(cluster_labs_dso == NULL)
396 {
397 CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);
398 return 0;
399 }
400 if(!DSO_free(cluster_labs_dso))
401 {
402 CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);
403 return 0;
404 }
405
406 cluster_labs_dso = NULL;
407 p_cl_engine_init = NULL;
408 p_cl_mod_exp = NULL;
409 p_cl_rsa_mod_exp = NULL;
410 p_cl_mod_exp_crt = NULL;
411 p_cl_rsa_priv_enc = NULL;
412 p_cl_rsa_priv_dec = NULL;
413 p_cl_rsa_pub_enc = NULL;
414 p_cl_rsa_pub_dec = NULL;
415 p_cl_rand_bytes = NULL;
416 p_cl_dsa_sign = NULL;
417 p_cl_dsa_verify = NULL;
418
419 return(1);
420
421 }
422
423static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
424 {
425 int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
426
427 switch(cmd)
428 {
429 case CLUSTER_LABS_CMD_SO_PATH:
430 if(p == NULL)
431 {
432 CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
433 return 0;
434 }
435 if(initialised)
436 {
437 CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);
438 return 0;
439 }
440 CLUSTER_LABS_LIB_NAME = (const char *)p;
441 return 1;
442 default:
443 break;
444 }
445 CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);
446 return 0;
447 }
448
449
450static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
451 const BIGNUM *m, BN_CTX *ctx)
452 {
453
454 if(cluster_labs_dso == NULL)
455 {
456 CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);
457 return 0;
458 }
459 if(p_cl_mod_exp == NULL)
460 {
461 CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
462 return 0;
463 }
464
465 return p_cl_mod_exp(r, a, p, m, ctx);
466
467 }
468
469static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
470 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
471 const BIGNUM *iqmp, BN_CTX *ctx)
472 {
473
474 if(cluster_labs_dso == NULL)
475 {
476 CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);
477 return 0;
478 }
479 if(p_cl_mod_exp_crt == NULL)
480 {
481 CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);
482 return 0;
483 }
484
485 return p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);
486
487 }
488
489static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
490 {
491
492 if(cluster_labs_dso == NULL)
493 {
494 CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);
495 return 0;
496 }
497 if(p_cl_rsa_mod_exp == NULL)
498 {
499 CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
500 return 0;
501 }
502
503 return p_cl_rsa_mod_exp(r0, I, rsa);
504
505 }
506
507DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
508 {
509
510 if(cluster_labs_dso == NULL)
511 {
512 CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);
513 return 0;
514 }
515 if(p_cl_dsa_sign == NULL)
516 {
517 CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);
518 return 0;
519 }
520
521 return p_cl_dsa_sign(dgst, dlen, dsa);
522
523 }
524
525static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
526 DSA_SIG *sig, DSA *dsa)
527 {
528
529 if(cluster_labs_dso == NULL)
530 {
531 CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);
532 return 0;
533 }
534
535 if(p_cl_dsa_verify == NULL)
536 {
537 CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);
538 return 0;
539 }
540
541 return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
542
543 }
544
545static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
546 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
547 BN_CTX *ctx, BN_MONT_CTX *in_mont)
548 {
549 BIGNUM t;
550 int status = 0;
551
552 BN_init(&t);
553 /* let rr = a1 ^ p1 mod m */
554 if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;
555 /* let t = a2 ^ p2 mod m */
556 if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;
557 /* let rr = rr * t mod m */
558 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
559 status = 1;
560end:
561 BN_free(&t);
562
563 return(1);
564
565 }
566
567static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
568 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
569 BN_MONT_CTX *m_ctx)
570 {
571 return cluster_labs_mod_exp(r, a, p, m, ctx);
572 }
573
574/* This function is aliased to mod_exp (with the mont stuff dropped). */
575static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
576 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
577 {
578 return cluster_labs_mod_exp(r, a, p, m, ctx);
579 }
580
581
582/* This function is aliased to mod_exp (with the dh and mont dropped). */
583static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
584 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
585 {
586 return cluster_labs_mod_exp(r, a, p, m, ctx);
587 }
588
589
590static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
591 unsigned char *to, RSA *rsa, int padding)
592 {
593
594 if(cluster_labs_dso == NULL)
595 {
596 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);
597 return 0;
598 }
599 if(p_cl_rsa_priv_enc == NULL)
600 {
601 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);
602 return 0;
603 }
604
605 return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
606
607 }
608
609static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
610 unsigned char *to, RSA *rsa, int padding)
611 {
612
613 if(cluster_labs_dso == NULL)
614 {
615 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);
616 return 0;
617 }
618 if(p_cl_rsa_priv_enc == NULL)
619 {
620 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);
621 return 0;
622 }
623
624 return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
625
626 }
627
628
629static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
630 unsigned char *to, RSA *rsa, int padding)
631 {
632
633 if(cluster_labs_dso == NULL)
634 {
635 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);
636 return 0;
637 }
638
639 if(p_cl_rsa_priv_enc == NULL)
640 {
641 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);
642 return 0;
643 }
644
645 return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
646
647 }
648
649static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
650 unsigned char *to, RSA *rsa, int padding)
651 {
652
653 if(cluster_labs_dso == NULL)
654 {
655 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);
656 return 0;
657 }
658 if(p_cl_rsa_priv_dec == NULL)
659 {
660 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);
661 return 0;
662 }
663
664 return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
665
666 }
667
668/************************************************************************************
669* Symmetric algorithms
670************************************************************************************/
671/* this will be come soon! */
672
673/************************************************************************************
674* Random generator
675************************************************************************************/
676
677static int cluster_labs_rand_bytes(unsigned char *buf, int num){
678
679 if(cluster_labs_dso == NULL)
680 {
681 CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);
682 return 0;
683 }
684 if(p_cl_mod_exp_crt == NULL)
685 {
686 CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);
687 return 0;
688 }
689
690 return p_cl_rand_bytes(buf, num);
691
692}
693
694
695/* This stuff is needed if this ENGINE is being compiled into a self-contained
696 * shared-library. */
697#ifdef ENGINE_DYNAMIC_SUPPORT
698static int bind_fn(ENGINE *e, const char *id)
699 {
700 fprintf(stderr, "bind_fn CLUSTER_LABS\n");
701 if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {
702 fprintf(stderr, "bind_fn return(0) first\n");
703 return 0;
704 }
705 if(!bind_helper(e)) {
706 fprintf(stderr, "bind_fn return(1) first\n");
707 return 0;
708 }
709 fprintf(stderr, "bind_fn return(1)\n");
710 return 1;
711 }
712IMPLEMENT_DYNAMIC_CHECK_FN()
713IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
714#endif /* ENGINE_DYNAMIC_SUPPORT */
715
716#endif /* !NO_HW_CLUSTER_LABS */
717#endif /* !NO_HW */
718
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec
new file mode 100644
index 0000000000..1f64786542
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec
@@ -0,0 +1,8 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
6# -nostatic -staticloader -write *.c
7
8L CL hw_cluster_labs_err.h hw_cluster_labs_err.c
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c
new file mode 100644
index 0000000000..a7fa4083b1
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c
@@ -0,0 +1,151 @@
1/* hw_cluster_labs_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_cluster_labs_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA CL_str_functs[]=
68 {
69{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0), "CLUSTER_LABS_CTRL"},
70{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0), "CLUSTER_LABS_DSA_SIGN"},
71{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0), "CLUSTER_LABS_DSA_VERIFY"},
72{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0), "CLUSTER_LABS_FINISH"},
73{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0), "CLUSTER_LABS_INIT"},
74{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0), "CLUSTER_LABS_MOD_EXP"},
75{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0), "CLUSTER_LABS_MOD_EXP_CRT"},
76{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0), "CLUSTER_LABS_RAND_BYTES"},
77{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0), "CLUSTER_LABS_RSA_MOD_EXP"},
78{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0), "CLUSTER_LABS_RSA_PRIV_DEC"},
79{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0), "CLUSTER_LABS_RSA_PRIV_ENC"},
80{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0), "CLUSTER_LABS_RSA_PUB_DEC"},
81{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0), "CLUSTER_LABS_RSA_PUB_ENC"},
82{0,NULL}
83 };
84
85static ERR_STRING_DATA CL_str_reasons[]=
86 {
87{CL_R_ALREADY_LOADED ,"already loaded"},
88{CL_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
89{CL_R_DSO_FAILURE ,"dso failure"},
90{CL_R_FUNCTION_NOT_BINDED ,"function not binded"},
91{CL_R_INIT_FAILED ,"init failed"},
92{CL_R_NOT_LOADED ,"not loaded"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef CL_LIB_NAME
99static ERR_STRING_DATA CL_lib_name[]=
100 {
101{0 ,CL_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int CL_lib_error_code=0;
108static int CL_error_init=1;
109
110static void ERR_load_CL_strings(void)
111 {
112 if (CL_lib_error_code == 0)
113 CL_lib_error_code=ERR_get_next_error_library();
114
115 if (CL_error_init)
116 {
117 CL_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(CL_lib_error_code,CL_str_functs);
120 ERR_load_strings(CL_lib_error_code,CL_str_reasons);
121#endif
122
123#ifdef CL_LIB_NAME
124 CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
125 ERR_load_strings(0,CL_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_CL_strings(void)
131 {
132 if (CL_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(CL_lib_error_code,CL_str_functs);
136 ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
137#endif
138
139#ifdef CL_LIB_NAME
140 ERR_unload_strings(0,CL_lib_name);
141#endif
142 CL_error_init=1;
143 }
144 }
145
146static void ERR_CL_error(int function, int reason, char *file, int line)
147 {
148 if (CL_lib_error_code == 0)
149 CL_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h
new file mode 100644
index 0000000000..afc175b133
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h
@@ -0,0 +1,95 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CL_ERR_H
56#define HEADER_CL_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_CL_strings(void);
63static void ERR_unload_CL_strings(void);
64static void ERR_CL_error(int function, int reason, char *file, int line);
65#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the CL functions. */
68
69/* Function codes. */
70#define CL_F_CLUSTER_LABS_CTRL 100
71#define CL_F_CLUSTER_LABS_DSA_SIGN 101
72#define CL_F_CLUSTER_LABS_DSA_VERIFY 102
73#define CL_F_CLUSTER_LABS_FINISH 103
74#define CL_F_CLUSTER_LABS_INIT 104
75#define CL_F_CLUSTER_LABS_MOD_EXP 105
76#define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
77#define CL_F_CLUSTER_LABS_RAND_BYTES 107
78#define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
79#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
80#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
81#define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
82#define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
83
84/* Reason codes. */
85#define CL_R_ALREADY_LOADED 100
86#define CL_R_COMMAND_NOT_IMPLEMENTED 101
87#define CL_R_DSO_FAILURE 102
88#define CL_R_FUNCTION_NOT_BINDED 103
89#define CL_R_INIT_FAILED 104
90#define CL_R_NOT_LOADED 105
91
92#ifdef __cplusplus
93}
94#endif
95#endif
diff --git a/src/lib/libssl/src/demos/engines/ibmca/Makefile b/src/lib/libssl/src/demos/engines/ibmca/Makefile
new file mode 100644
index 0000000000..72f3546359
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/Makefile
@@ -0,0 +1,114 @@
1LIBNAME= libibmca
2SRC= hw_ibmca.c
3OBJ= hw_ibmca.o
4HEADER= hw_ibmca.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
30 -nostatic -staticloader -write hw_ibmca.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
new file mode 100644
index 0000000000..881b16a7cb
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
@@ -0,0 +1,917 @@
1/* crypto/engine/hw_ibmca.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/* (C) COPYRIGHT International Business Machines Corp. 2001 */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include <openssl/dso.h>
64#include <openssl/engine.h>
65
66#ifndef OPENSSL_NO_HW
67#ifndef OPENSSL_NO_HW_IBMCA
68
69#ifdef FLAT_INC
70#include "ica_openssl_api.h"
71#else
72#include "vendor_defns/ica_openssl_api.h"
73#endif
74
75#define IBMCA_LIB_NAME "ibmca engine"
76#include "hw_ibmca_err.c"
77
78static int ibmca_destroy(ENGINE *e);
79static int ibmca_init(ENGINE *e);
80static int ibmca_finish(ENGINE *e);
81static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
82
83static const char *IBMCA_F1 = "icaOpenAdapter";
84static const char *IBMCA_F2 = "icaCloseAdapter";
85static const char *IBMCA_F3 = "icaRsaModExpo";
86static const char *IBMCA_F4 = "icaRandomNumberGenerate";
87static const char *IBMCA_F5 = "icaRsaCrt";
88
89ICA_ADAPTER_HANDLE handle=0;
90
91/* BIGNUM stuff */
92static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
93 const BIGNUM *m, BN_CTX *ctx);
94
95static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
96 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
97 const BIGNUM *iqmp, BN_CTX *ctx);
98
99#ifndef OPENSSL_NO_RSA
100/* RSA stuff */
101static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
102#endif
103
104/* This function is aliased to mod_exp (with the mont stuff dropped). */
105static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
106 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
107
108#ifndef OPENSSL_NO_DSA
109/* DSA stuff */
110static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
111 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
112 BN_CTX *ctx, BN_MONT_CTX *in_mont);
113static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
114 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
115 BN_MONT_CTX *m_ctx);
116#endif
117
118#ifndef OPENSSL_NO_DH
119/* DH stuff */
120/* This function is alised to mod_exp (with the DH and mont dropped). */
121static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
122 const BIGNUM *a, const BIGNUM *p,
123 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
124#endif
125
126/* RAND stuff */
127static int ibmca_rand_bytes(unsigned char *buf, int num);
128static int ibmca_rand_status(void);
129
130
131/* WJH - check for more commands, like in nuron */
132
133/* The definitions for control commands specific to this engine */
134#define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
135static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
136 {IBMCA_CMD_SO_PATH,
137 "SO_PATH",
138 "Specifies the path to the 'atasi' shared library",
139 ENGINE_CMD_FLAG_STRING},
140 {0, NULL, NULL, 0}
141 };
142
143#ifndef OPENSSL_NO_RSA
144/* Our internal RSA_METHOD that we provide pointers to */
145static RSA_METHOD ibmca_rsa =
146 {
147 "Ibmca RSA method",
148 NULL,
149 NULL,
150 NULL,
151 NULL,
152 ibmca_rsa_mod_exp,
153 ibmca_mod_exp_mont,
154 NULL,
155 NULL,
156 0,
157 NULL,
158 NULL,
159 NULL
160 };
161#endif
162
163#ifndef OPENSSL_NO_DSA
164/* Our internal DSA_METHOD that we provide pointers to */
165static DSA_METHOD ibmca_dsa =
166 {
167 "Ibmca DSA method",
168 NULL, /* dsa_do_sign */
169 NULL, /* dsa_sign_setup */
170 NULL, /* dsa_do_verify */
171 ibmca_dsa_mod_exp, /* dsa_mod_exp */
172 ibmca_mod_exp_dsa, /* bn_mod_exp */
173 NULL, /* init */
174 NULL, /* finish */
175 0, /* flags */
176 NULL /* app_data */
177 };
178#endif
179
180#ifndef OPENSSL_NO_DH
181/* Our internal DH_METHOD that we provide pointers to */
182static DH_METHOD ibmca_dh =
183 {
184 "Ibmca DH method",
185 NULL,
186 NULL,
187 ibmca_mod_exp_dh,
188 NULL,
189 NULL,
190 0,
191 NULL
192 };
193#endif
194
195static RAND_METHOD ibmca_rand =
196 {
197 /* "IBMCA RAND method", */
198 NULL,
199 ibmca_rand_bytes,
200 NULL,
201 NULL,
202 ibmca_rand_bytes,
203 ibmca_rand_status,
204 };
205
206/* Constants used when creating the ENGINE */
207static const char *engine_ibmca_id = "ibmca";
208static const char *engine_ibmca_name = "Ibmca hardware engine support";
209
210/* This internal function is used by ENGINE_ibmca() and possibly by the
211 * "dynamic" ENGINE support too */
212static int bind_helper(ENGINE *e)
213 {
214#ifndef OPENSSL_NO_RSA
215 const RSA_METHOD *meth1;
216#endif
217#ifndef OPENSSL_NO_DSA
218 const DSA_METHOD *meth2;
219#endif
220#ifndef OPENSSL_NO_DH
221 const DH_METHOD *meth3;
222#endif
223 if(!ENGINE_set_id(e, engine_ibmca_id) ||
224 !ENGINE_set_name(e, engine_ibmca_name) ||
225#ifndef OPENSSL_NO_RSA
226 !ENGINE_set_RSA(e, &ibmca_rsa) ||
227#endif
228#ifndef OPENSSL_NO_DSA
229 !ENGINE_set_DSA(e, &ibmca_dsa) ||
230#endif
231#ifndef OPENSSL_NO_DH
232 !ENGINE_set_DH(e, &ibmca_dh) ||
233#endif
234 !ENGINE_set_RAND(e, &ibmca_rand) ||
235 !ENGINE_set_destroy_function(e, ibmca_destroy) ||
236 !ENGINE_set_init_function(e, ibmca_init) ||
237 !ENGINE_set_finish_function(e, ibmca_finish) ||
238 !ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
239 !ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
240 return 0;
241
242#ifndef OPENSSL_NO_RSA
243 /* We know that the "PKCS1_SSLeay()" functions hook properly
244 * to the ibmca-specific mod_exp and mod_exp_crt so we use
245 * those functions. NB: We don't use ENGINE_openssl() or
246 * anything "more generic" because something like the RSAref
247 * code may not hook properly, and if you own one of these
248 * cards then you have the right to do RSA operations on it
249 * anyway! */
250 meth1 = RSA_PKCS1_SSLeay();
251 ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
252 ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
253 ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
254 ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
255#endif
256
257#ifndef OPENSSL_NO_DSA
258 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
259 * bits. */
260 meth2 = DSA_OpenSSL();
261 ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
262 ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
263 ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
264#endif
265
266#ifndef OPENSSL_NO_DH
267 /* Much the same for Diffie-Hellman */
268 meth3 = DH_OpenSSL();
269 ibmca_dh.generate_key = meth3->generate_key;
270 ibmca_dh.compute_key = meth3->compute_key;
271#endif
272
273 /* Ensure the ibmca error handling is set up */
274 ERR_load_IBMCA_strings();
275 return 1;
276 }
277
278static ENGINE *engine_ibmca(void)
279 {
280 ENGINE *ret = ENGINE_new();
281 if(!ret)
282 return NULL;
283 if(!bind_helper(ret))
284 {
285 ENGINE_free(ret);
286 return NULL;
287 }
288 return ret;
289 }
290
291void ENGINE_load_ibmca(void)
292 {
293 /* Copied from eng_[openssl|dyn].c */
294 ENGINE *toadd = engine_ibmca();
295 if(!toadd) return;
296 ENGINE_add(toadd);
297 ENGINE_free(toadd);
298 ERR_clear_error();
299 }
300
301/* Destructor (complements the "ENGINE_ibmca()" constructor) */
302static int ibmca_destroy(ENGINE *e)
303 {
304 /* Unload the ibmca error strings so any error state including our
305 * functs or reasons won't lead to a segfault (they simply get displayed
306 * without corresponding string data because none will be found). */
307 ERR_unload_IBMCA_strings();
308 return 1;
309 }
310
311
312/* This is a process-global DSO handle used for loading and unloading
313 * the Ibmca library. NB: This is only set (or unset) during an
314 * init() or finish() call (reference counts permitting) and they're
315 * operating with global locks, so this should be thread-safe
316 * implicitly. */
317
318static DSO *ibmca_dso = NULL;
319
320/* These are the function pointers that are (un)set when the library has
321 * successfully (un)loaded. */
322
323static unsigned int (ICA_CALL *p_icaOpenAdapter)();
324static unsigned int (ICA_CALL *p_icaCloseAdapter)();
325static unsigned int (ICA_CALL *p_icaRsaModExpo)();
326static unsigned int (ICA_CALL *p_icaRandomNumberGenerate)();
327static unsigned int (ICA_CALL *p_icaRsaCrt)();
328
329/* utility function to obtain a context */
330static int get_context(ICA_ADAPTER_HANDLE *p_handle)
331 {
332 unsigned int status=0;
333
334 status = p_icaOpenAdapter(0, p_handle);
335 if(status != 0)
336 return 0;
337 return 1;
338 }
339
340/* similarly to release one. */
341static void release_context(ICA_ADAPTER_HANDLE handle)
342 {
343 p_icaCloseAdapter(handle);
344 }
345
346/* (de)initialisation functions. */
347static int ibmca_init(ENGINE *e)
348 {
349
350 void (*p1)();
351 void (*p2)();
352 void (*p3)();
353 void (*p4)();
354 void (*p5)();
355
356 if(ibmca_dso != NULL)
357 {
358 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);
359 goto err;
360 }
361 /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
362 * changed unfortunately because the Ibmca drivers don't have
363 * standard library names that can be platform-translated well. */
364 /* TODO: Work out how to actually map to the names the Ibmca
365 * drivers really use - for now a symbollic link needs to be
366 * created on the host system from libatasi.so to atasi.so on
367 * unix variants. */
368
369 /* WJH XXX check name translation */
370
371 ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
372 /* DSO_FLAG_NAME_TRANSLATION */ 0);
373 if(ibmca_dso == NULL)
374 {
375 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
376 goto err;
377 }
378
379 if(!(p1 = DSO_bind_func(
380 ibmca_dso, IBMCA_F1)) ||
381 !(p2 = DSO_bind_func(
382 ibmca_dso, IBMCA_F2)) ||
383 !(p3 = DSO_bind_func(
384 ibmca_dso, IBMCA_F3)) ||
385 !(p4 = DSO_bind_func(
386 ibmca_dso, IBMCA_F4)) ||
387 !(p5 = DSO_bind_func(
388 ibmca_dso, IBMCA_F5)))
389 {
390 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
391 goto err;
392 }
393
394 /* Copy the pointers */
395
396 p_icaOpenAdapter = (unsigned int (ICA_CALL *)())p1;
397 p_icaCloseAdapter = (unsigned int (ICA_CALL *)())p2;
398 p_icaRsaModExpo = (unsigned int (ICA_CALL *)())p3;
399 p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *)())p4;
400 p_icaRsaCrt = (unsigned int (ICA_CALL *)())p5;
401
402 if(!get_context(&handle))
403 {
404 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);
405 goto err;
406 }
407
408 return 1;
409 err:
410 if(ibmca_dso)
411 DSO_free(ibmca_dso);
412
413 p_icaOpenAdapter = NULL;
414 p_icaCloseAdapter = NULL;
415 p_icaRsaModExpo = NULL;
416 p_icaRandomNumberGenerate = NULL;
417
418 return 0;
419 }
420
421static int ibmca_finish(ENGINE *e)
422 {
423 if(ibmca_dso == NULL)
424 {
425 IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);
426 return 0;
427 }
428 release_context(handle);
429 if(!DSO_free(ibmca_dso))
430 {
431 IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);
432 return 0;
433 }
434 ibmca_dso = NULL;
435
436 return 1;
437 }
438
439static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
440 {
441 int initialised = ((ibmca_dso == NULL) ? 0 : 1);
442 switch(cmd)
443 {
444 case IBMCA_CMD_SO_PATH:
445 if(p == NULL)
446 {
447 IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
448 return 0;
449 }
450 if(initialised)
451 {
452 IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);
453 return 0;
454 }
455 IBMCA_LIBNAME = (const char *)p;
456 return 1;
457 default:
458 break;
459 }
460 IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
461 return 0;
462 }
463
464
465static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
466 const BIGNUM *m, BN_CTX *ctx)
467 {
468 /* I need somewhere to store temporary serialised values for
469 * use with the Ibmca API calls. A neat cheat - I'll use
470 * BIGNUMs from the BN_CTX but access their arrays directly as
471 * byte arrays <grin>. This way I don't have to clean anything
472 * up. */
473
474 BIGNUM *argument=NULL;
475 BIGNUM *result=NULL;
476 BIGNUM *key=NULL;
477 int to_return;
478 int inLen, outLen, tmpLen;
479
480
481 ICA_KEY_RSA_MODEXPO *publKey=NULL;
482 unsigned int rc;
483
484 to_return = 0; /* expect failure */
485
486 if(!ibmca_dso)
487 {
488 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);
489 goto err;
490 }
491 /* Prepare the params */
492 BN_CTX_start(ctx);
493 argument = BN_CTX_get(ctx);
494 result = BN_CTX_get(ctx);
495 key = BN_CTX_get(ctx);
496
497 if( !argument || !result || !key)
498 {
499 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);
500 goto err;
501 }
502
503
504 if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
505 !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))
506
507 {
508 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);
509 goto err;
510 }
511
512 publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
513
514 if (publKey == NULL)
515 {
516 goto err;
517 }
518 memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
519
520 publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
521 publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
522 publKey->expOffset = (char *) publKey->keyRecord - (char *) publKey;
523
524 /* A quirk of the card: the exponent length has to be the same
525 as the modulus (key) length */
526
527 outLen = BN_num_bytes(m);
528
529/* check for modulus length SAB*/
530 if (outLen > 256 ) {
531 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);
532 goto err;
533 }
534/* check for modulus length SAB*/
535
536
537 publKey->expLength = publKey->nLength = outLen;
538/* SAB Check for underflow condition
539 the size of the exponent is less than the size of the parameter
540 then we have a big problem and will underflow the keyRecord
541 buffer. Bad stuff could happen then
542*/
543if (outLen < BN_num_bytes(p)){
544 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);
545 goto err;
546}
547/* SAB End check for underflow */
548
549
550 BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -
551 BN_num_bytes(p)]);
552 BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
553
554
555
556 publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
557 publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
558 publKey->expLength);
559
560 publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord -
561 (char *) publKey);
562
563 tmpLen = outLen;
564 publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
565
566 /* Prepare the argument */
567
568 memset(argument->d, 0, outLen);
569 BN_bn2bin(a, (unsigned char *)argument->d + outLen -
570 BN_num_bytes(a));
571
572 inLen = outLen;
573
574 /* Perform the operation */
575
576 if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,
577 publKey, &outLen, (unsigned char *)result->d))
578 !=0 )
579
580 {
581 printf("rc = %d\n", rc);
582 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);
583 goto err;
584 }
585
586
587 /* Convert the response */
588 BN_bin2bn((unsigned char *)result->d, outLen, r);
589 to_return = 1;
590 err:
591 BN_CTX_end(ctx);
592 return to_return;
593 }
594
595#ifndef OPENSSL_NO_RSA
596static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
597 {
598 BN_CTX *ctx;
599 int to_return = 0;
600
601 if((ctx = BN_CTX_new()) == NULL)
602 goto err;
603 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
604 {
605 if(!rsa->d || !rsa->n)
606 {
607 IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
608 IBMCA_R_MISSING_KEY_COMPONENTS);
609 goto err;
610 }
611 to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
612 }
613 else
614 {
615 to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
616 rsa->dmq1, rsa->iqmp, ctx);
617 }
618 err:
619 if(ctx)
620 BN_CTX_free(ctx);
621 return to_return;
622 }
623#endif
624
625/* Ein kleines chinesisches "Restessen" */
626static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
627 const BIGNUM *q, const BIGNUM *dmp1,
628 const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
629 {
630
631 BIGNUM *argument = NULL;
632 BIGNUM *result = NULL;
633 BIGNUM *key = NULL;
634
635 int to_return = 0; /* expect failure */
636
637 char *pkey=NULL;
638 ICA_KEY_RSA_CRT *privKey=NULL;
639 int inLen, outLen;
640
641 int rc;
642 unsigned int offset, pSize, qSize;
643/* SAB New variables */
644 unsigned int keyRecordSize;
645 unsigned int pbytes = BN_num_bytes(p);
646 unsigned int qbytes = BN_num_bytes(q);
647 unsigned int dmp1bytes = BN_num_bytes(dmp1);
648 unsigned int dmq1bytes = BN_num_bytes(dmq1);
649 unsigned int iqmpbytes = BN_num_bytes(iqmp);
650
651 /* Prepare the params */
652
653 BN_CTX_start(ctx);
654 argument = BN_CTX_get(ctx);
655 result = BN_CTX_get(ctx);
656 key = BN_CTX_get(ctx);
657
658 if(!argument || !result || !key)
659 {
660 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);
661 goto err;
662 }
663
664 if(!bn_wexpand(argument, p->top + q->top) ||
665 !bn_wexpand(result, p->top + q->top) ||
666 !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))
667 {
668 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);
669 goto err;
670 }
671
672
673 privKey = (ICA_KEY_RSA_CRT *)key->d;
674/* SAB Add check for total size in bytes of the parms does not exceed
675 the buffer space we have
676 do this first
677*/
678 keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;
679 if ( keyRecordSize > sizeof(privKey->keyRecord )) {
680 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
681 goto err;
682 }
683
684 if ( (qbytes + dmq1bytes) > 256 ){
685 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
686 goto err;
687 }
688
689 if ( pbytes + dmp1bytes > 256 ) {
690 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
691 goto err;
692 }
693
694/* end SAB additions */
695
696 memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
697 privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
698 privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
699 privKey->modulusBitLength =
700 CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
701
702 /*
703 * p,dp & qInv are 1 QWORD Larger
704 */
705 privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);
706 privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
707 privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);
708 privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
709 privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);
710
711 offset = (char *) privKey->keyRecord
712 - (char *) privKey;
713
714 qSize = BN_num_bytes(q);
715 pSize = qSize + 8; /* 1 QWORD larger */
716
717
718/* SAB probably aittle redundant, but we'll verify that each of the
719 components which make up a key record sent ot the card does not exceed
720 the space that is allocated for it. this handles the case where even if
721 the total length does not exceed keyrecord zied, if the operands are funny sized
722they could cause potential side affects on either the card or the result */
723
724 if ( (pbytes > pSize) || (dmp1bytes > pSize) ||
725 (iqmpbytes > pSize) || ( qbytes >qSize) ||
726 (dmq1bytes > qSize) ) {
727 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
728 goto err;
729
730 }
731
732
733 privKey->dpOffset = CORRECT_ENDIANNESS(offset);
734
735 offset += pSize;
736 privKey->dqOffset = CORRECT_ENDIANNESS(offset);
737
738 offset += qSize;
739 privKey->pOffset = CORRECT_ENDIANNESS(offset);
740
741 offset += pSize;
742 privKey->qOffset = CORRECT_ENDIANNESS(offset);
743
744 offset += qSize;
745 privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
746
747 pkey = (char *) privKey->keyRecord;
748
749
750/* SAB first check that we don;t under flow the buffer */
751 if ( pSize < pbytes ) {
752 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
753 goto err;
754 }
755
756 /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
757 pkey += pSize - BN_num_bytes(dmp1);
758 BN_bn2bin(dmp1, pkey);
759 pkey += BN_num_bytes(dmp1); /* move the pointer */
760
761 BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
762
763 pkey += qSize; /* move pointer */
764 pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */
765
766 BN_bn2bin(p, pkey);
767 pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */
768
769 BN_bn2bin(q, pkey);
770 pkey += qSize ; /* move the pointer */
771 pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
772 BN_bn2bin(iqmp, pkey);
773
774 /* Prepare the argument and response */
775
776 outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* Correct endianess is used
777 because the fields were converted above */
778
779 if (outLen > 256) {
780 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);
781 goto err;
782 }
783
784 /* SAB check for underflow here on the argeument */
785 if ( outLen < BN_num_bytes(a)) {
786 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);
787 goto err;
788 }
789
790 BN_bn2bin(a, (unsigned char *)argument->d + outLen -
791 BN_num_bytes(a));
792 inLen = outLen;
793
794 memset(result->d, 0, outLen);
795
796 /* Perform the operation */
797
798 if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
799 privKey, &outLen, (unsigned char *)result->d)) != 0)
800 {
801 printf("rc = %d\n", rc);
802 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);
803 goto err;
804 }
805
806 /* Convert the response */
807
808 BN_bin2bn((unsigned char *)result->d, outLen, r);
809 to_return = 1;
810
811 err:
812 BN_CTX_end(ctx);
813 return to_return;
814
815 }
816
817#ifndef OPENSSL_NO_DSA
818/* This code was liberated and adapted from the commented-out code in
819 * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration
820 * (it doesn't have a CRT form for RSA), this function means that an
821 * Ibmca system running with a DSA server certificate can handshake
822 * around 5 or 6 times faster/more than an equivalent system running with
823 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
824 * of "openssl speed -engine ibmca dsa1024 rsa1024". */
825static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
826 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
827 BN_CTX *ctx, BN_MONT_CTX *in_mont)
828 {
829 BIGNUM t;
830 int to_return = 0;
831
832 BN_init(&t);
833 /* let rr = a1 ^ p1 mod m */
834 if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;
835 /* let t = a2 ^ p2 mod m */
836 if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;
837 /* let rr = rr * t mod m */
838 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
839 to_return = 1;
840 end:
841 BN_free(&t);
842 return to_return;
843 }
844
845
846static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
847 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
848 BN_MONT_CTX *m_ctx)
849 {
850 return ibmca_mod_exp(r, a, p, m, ctx);
851 }
852#endif
853
854/* This function is aliased to mod_exp (with the mont stuff dropped). */
855static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
856 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
857 {
858 return ibmca_mod_exp(r, a, p, m, ctx);
859 }
860
861#ifndef OPENSSL_NO_DH
862/* This function is aliased to mod_exp (with the dh and mont dropped). */
863static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
864 const BIGNUM *a, const BIGNUM *p,
865 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
866 {
867 return ibmca_mod_exp(r, a, p, m, ctx);
868 }
869#endif
870
871/* Random bytes are good */
872static int ibmca_rand_bytes(unsigned char *buf, int num)
873 {
874 int to_return = 0; /* assume failure */
875 unsigned int ret;
876
877
878 if(handle == 0)
879 {
880 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);
881 goto err;
882 }
883
884 ret = p_icaRandomNumberGenerate(handle, num, buf);
885 if (ret < 0)
886 {
887 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);
888 goto err;
889 }
890 to_return = 1;
891 err:
892 return to_return;
893 }
894
895static int ibmca_rand_status(void)
896 {
897 return 1;
898 }
899
900/* This stuff is needed if this ENGINE is being compiled into a self-contained
901 * shared-library. */
902#ifdef ENGINE_DYNAMIC_SUPPORT
903static int bind_fn(ENGINE *e, const char *id)
904 {
905 if(id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
906 return 0;
907 if(!bind_helper(e))
908 return 0;
909 return 1;
910 }
911IMPLEMENT_DYNAMIC_CHECK_FN()
912IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
913#endif /* ENGINE_DYNAMIC_SUPPORT */
914
915
916#endif /* !OPENSSL_NO_HW_IBMCA */
917#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec
new file mode 100644
index 0000000000..f68646d237
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec
@@ -0,0 +1,8 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
6# -nostatic -staticloader -write *.c
7
8L IBMCA hw_ibmca_err.h hw_ibmca_err.c
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c
new file mode 100644
index 0000000000..c4053f6d30
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c
@@ -0,0 +1,154 @@
1/* hw_ibmca_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_ibmca_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA IBMCA_str_functs[]=
68 {
69{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0), "IBMCA_CTRL"},
70{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0), "IBMCA_FINISH"},
71{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0), "IBMCA_INIT"},
72{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"},
73{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"},
74{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"},
75{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"},
76{0,NULL}
77 };
78
79static ERR_STRING_DATA IBMCA_str_reasons[]=
80 {
81{IBMCA_R_ALREADY_LOADED ,"already loaded"},
82{IBMCA_R_BN_CTX_FULL ,"bn ctx full"},
83{IBMCA_R_BN_EXPAND_FAIL ,"bn expand fail"},
84{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
85{IBMCA_R_DSO_FAILURE ,"dso failure"},
86{IBMCA_R_MEXP_LENGTH_TO_LARGE ,"mexp length to large"},
87{IBMCA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
88{IBMCA_R_NOT_INITIALISED ,"not initialised"},
89{IBMCA_R_NOT_LOADED ,"not loaded"},
90{IBMCA_R_OPERANDS_TO_LARGE ,"operands to large"},
91{IBMCA_R_OUTLEN_TO_LARGE ,"outlen to large"},
92{IBMCA_R_REQUEST_FAILED ,"request failed"},
93{IBMCA_R_UNDERFLOW_CONDITION ,"underflow condition"},
94{IBMCA_R_UNDERFLOW_KEYRECORD ,"underflow keyrecord"},
95{IBMCA_R_UNIT_FAILURE ,"unit failure"},
96{0,NULL}
97 };
98
99#endif
100
101#ifdef IBMCA_LIB_NAME
102static ERR_STRING_DATA IBMCA_lib_name[]=
103 {
104{0 ,IBMCA_LIB_NAME},
105{0,NULL}
106 };
107#endif
108
109
110static int IBMCA_lib_error_code=0;
111static int IBMCA_error_init=1;
112
113static void ERR_load_IBMCA_strings(void)
114 {
115 if (IBMCA_lib_error_code == 0)
116 IBMCA_lib_error_code=ERR_get_next_error_library();
117
118 if (IBMCA_error_init)
119 {
120 IBMCA_error_init=0;
121#ifndef OPENSSL_NO_ERR
122 ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
123 ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
124#endif
125
126#ifdef IBMCA_LIB_NAME
127 IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
128 ERR_load_strings(0,IBMCA_lib_name);
129#endif
130 }
131 }
132
133static void ERR_unload_IBMCA_strings(void)
134 {
135 if (IBMCA_error_init == 0)
136 {
137#ifndef OPENSSL_NO_ERR
138 ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
139 ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
140#endif
141
142#ifdef IBMCA_LIB_NAME
143 ERR_unload_strings(0,IBMCA_lib_name);
144#endif
145 IBMCA_error_init=1;
146 }
147 }
148
149static void ERR_IBMCA_error(int function, int reason, char *file, int line)
150 {
151 if (IBMCA_lib_error_code == 0)
152 IBMCA_lib_error_code=ERR_get_next_error_library();
153 ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
154 }
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h
new file mode 100644
index 0000000000..da64bde5f2
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h
@@ -0,0 +1,98 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_IBMCA_ERR_H
56#define HEADER_IBMCA_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_IBMCA_strings(void);
63static void ERR_unload_IBMCA_strings(void);
64static void ERR_IBMCA_error(int function, int reason, char *file, int line);
65#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the IBMCA functions. */
68
69/* Function codes. */
70#define IBMCA_F_IBMCA_CTRL 100
71#define IBMCA_F_IBMCA_FINISH 101
72#define IBMCA_F_IBMCA_INIT 102
73#define IBMCA_F_IBMCA_MOD_EXP 103
74#define IBMCA_F_IBMCA_MOD_EXP_CRT 104
75#define IBMCA_F_IBMCA_RAND_BYTES 105
76#define IBMCA_F_IBMCA_RSA_MOD_EXP 106
77
78/* Reason codes. */
79#define IBMCA_R_ALREADY_LOADED 100
80#define IBMCA_R_BN_CTX_FULL 101
81#define IBMCA_R_BN_EXPAND_FAIL 102
82#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
83#define IBMCA_R_DSO_FAILURE 104
84#define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
85#define IBMCA_R_MISSING_KEY_COMPONENTS 106
86#define IBMCA_R_NOT_INITIALISED 107
87#define IBMCA_R_NOT_LOADED 108
88#define IBMCA_R_OPERANDS_TO_LARGE 109
89#define IBMCA_R_OUTLEN_TO_LARGE 110
90#define IBMCA_R_REQUEST_FAILED 111
91#define IBMCA_R_UNDERFLOW_CONDITION 112
92#define IBMCA_R_UNDERFLOW_KEYRECORD 113
93#define IBMCA_R_UNIT_FAILURE 114
94
95#ifdef __cplusplus
96}
97#endif
98#endif
diff --git a/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h b/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h
new file mode 100644
index 0000000000..c77e0fd5c0
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h
@@ -0,0 +1,189 @@
1
2#ifndef __ICA_OPENSSL_API_H__
3#define __ICA_OPENSSL_API_H__
4
5/**
6 ** abstract data types for API
7 **/
8
9#define ICA_ADAPTER_HANDLE int
10
11#if defined(linux) || defined (_AIX)
12#define ICA_CALL
13#endif
14
15#if defined(WIN32) || defined(_WIN32)
16#define ICA_CALL __stdcall
17#endif
18
19/*------------------------------------------------*
20 | RSA defines and typedefs |
21 *------------------------------------------------*/
22 /*
23 * All data elements of the RSA key are in big-endian format
24 * Modulus-Exponent form of key
25 *
26 */
27 #define MAX_EXP_SIZE 256
28 #define MAX_MODULUS_SIZE 256
29 #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
30
31 #define MAX_OPERAND_SIZE MAX_EXP_SIZE
32
33 typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
34 /*
35 * All data elements of the RSA key are in big-endian format
36 * Chinese Remainder Thereom(CRT) form of key
37 * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
38 *
39 */
40 #define MAX_BP_SIZE 136
41 #define MAX_BQ_SIZE 128
42 #define MAX_NP_SIZE 136
43 #define MAX_NQ_SIZE 128
44 #define MAX_QINV_SIZE 136
45 #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
46
47#define RSA_GEN_OPERAND_MAX 256 /* bytes */
48
49typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
50/*------------------------------------------------*
51 | RSA key token types |
52 *------------------------------------------------*/
53
54#define RSA_PUBLIC_MODULUS_EXPONENT 3
55#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
56
57#define KEYTYPE_MODEXPO 1
58#define KEYTYPE_PKCSCRT 2
59
60
61/*------------------------------------------------*
62 | RSA Key Token format |
63 *------------------------------------------------*/
64
65/*
66 * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
67 * (lengths, offsets, exponents, modulus, etc.) are
68 * stored in big-endian format
69 */
70
71typedef struct _ICA_KEY_RSA_MODEXPO
72{ unsigned int keyType; /* RSA key type. */
73 unsigned int keyLength; /* Total length of the token. */
74 unsigned int modulusBitLength; /* Modulus n bit length. */
75 /* -- Start of the data length.*/
76 unsigned int nLength; /* Modulus n = p * q */
77 unsigned int expLength; /* exponent (public or private)*/
78 /* e = 1/d * mod(p-1)(q-1) */
79 /* -- Start of the data offsets*/
80 unsigned int nOffset; /* Modulus n . */
81 unsigned int expOffset; /* exponent (public or private)*/
82 unsigned char reserved[112]; /* reserved area */
83 /* -- Start of the variable -- */
84 /* -- length token data. -- */
85 ICA_KEY_RSA_MODEXPO_REC keyRecord;
86} ICA_KEY_RSA_MODEXPO;
87#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
88
89/*
90 * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
91 * (lengths, offsets, exponents, modulus, etc.) are
92 * stored in big-endian format
93 */
94
95typedef struct _ICA_KEY_RSA_CRT
96{ unsigned int keyType; /* RSA key type. */
97 unsigned int keyLength; /* Total length of the token. */
98 unsigned int modulusBitLength; /* Modulus n bit length. */
99 /* -- Start of the data length.*/
100#if _AIX
101 unsigned int nLength; /* Modulus n = p * q */
102#endif
103 unsigned int pLength; /* Prime number p . */
104 unsigned int qLength; /* Prime number q . */
105 unsigned int dpLength; /* dp = d * mod(p-1) . */
106 unsigned int dqLength; /* dq = d * mod(q-1) . */
107 unsigned int qInvLength; /* PKCS: qInv = Ap/q */
108 /* -- Start of the data offsets*/
109#if _AIX
110 unsigned int nOffset; /* Modulus n . */
111#endif
112 unsigned int pOffset; /* Prime number p . */
113 unsigned int qOffset; /* Prime number q . */
114 unsigned int dpOffset; /* dp . */
115 unsigned int dqOffset; /* dq . */
116 unsigned int qInvOffset; /* qInv for PKCS */
117#if _AIX
118 unsigned char reserved[80]; /* reserved area */
119#else
120 unsigned char reserved[88]; /* reserved area */
121#endif
122 /* -- Start of the variable -- */
123 /* -- length token data. -- */
124 ICA_KEY_RSA_CRT_REC keyRecord;
125} ICA_KEY_RSA_CRT;
126#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
127
128unsigned int
129icaOpenAdapter( unsigned int adapterId,
130 ICA_ADAPTER_HANDLE *pAdapterHandle );
131
132unsigned int
133icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
134
135unsigned int
136icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
137 unsigned int inputDataLength,
138 unsigned char *pInputData,
139 ICA_KEY_RSA_MODEXPO *pKeyModExpo,
140 unsigned int *pOutputDataLength,
141 unsigned char *pOutputData );
142
143unsigned int
144icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
145 unsigned int inputDataLength,
146 unsigned char *pInputData,
147 ICA_KEY_RSA_CRT *pKeyCrt,
148 unsigned int *pOutputDataLength,
149 unsigned char *pOutputData );
150
151unsigned int
152icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
153 unsigned int outputDataLength,
154 unsigned char *pOutputData );
155
156/* Specific macros and definitions to not have IFDEF;s all over the
157 main code */
158
159#if (_AIX)
160static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
161#elif (WIN32)
162static const char *IBMCA_LIBNAME = "cryptica";
163#else
164static const char *IBMCA_LIBNAME = "ica";
165#endif
166
167#if (WIN32)
168/*
169 The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
170 offsets must be in big-endian format.
171
172*/
173#define CORRECT_ENDIANNESS(b) ( \
174 (((unsigned long) (b) & 0x000000ff) << 24) | \
175 (((unsigned long) (b) & 0x0000ff00) << 8) | \
176 (((unsigned long) (b) & 0x00ff0000) >> 8) | \
177 (((unsigned long) (b) & 0xff000000) >> 24) \
178 )
179#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
180#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
181#else
182#define CORRECT_ENDIANNESS(b) (b)
183#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
184#define ME_KEY_TYPE KEYTYPE_MODEXPO
185#endif
186
187
188
189#endif /* __ICA_OPENSSL_API_H__ */
diff --git a/src/lib/libssl/src/demos/engines/rsaref/Makefile b/src/lib/libssl/src/demos/engines/rsaref/Makefile
index 5fbcda3576..003e35df2e 100644
--- a/src/lib/libssl/src/demos/engines/rsaref/Makefile
+++ b/src/lib/libssl/src/demos/engines/rsaref/Makefile
@@ -48,7 +48,7 @@ $(LIB): $(OBJ)
48 48
49LINK_SO= \ 49LINK_SO= \
50 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \ 50 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
51 (nm -Pg $(LIBNAME).o | grep ' [BD] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ 51 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
52 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) 52 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
53 53
54$(SHLIB).gnu: $(LIB) install/librsaref.a 54$(SHLIB).gnu: $(LIB) install/librsaref.a
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
index e23f64c01e..f092acbf3f 100644
--- a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
+++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
@@ -116,7 +116,7 @@ static const EVP_CIPHER cipher_des_cbc =
116 { 116 {
117 NID_des_cbc, 117 NID_des_cbc,
118 8, 8, 8, 118 8, 8, 8,
119 0, 119 0 | EVP_CIPH_CBC_MODE,
120 cipher_des_cbc_init, 120 cipher_des_cbc_init,
121 cipher_des_cbc_code, 121 cipher_des_cbc_code,
122 cipher_des_cbc_clean, 122 cipher_des_cbc_clean,
@@ -131,7 +131,7 @@ static const EVP_CIPHER cipher_des_ede3_cbc =
131 { 131 {
132 NID_des_ede3_cbc, 132 NID_des_ede3_cbc,
133 8, 24, 8, 133 8, 24, 8,
134 0, 134 0 | EVP_CIPH_CBC_MODE,
135 cipher_des_ede3_cbc_init, 135 cipher_des_ede3_cbc_init,
136 cipher_des_ede3_cbc_code, 136 cipher_des_ede3_cbc_code,
137 cipher_des_ede3_cbc_clean, 137 cipher_des_ede3_cbc_clean,
@@ -146,7 +146,7 @@ static const EVP_CIPHER cipher_desx_cbc =
146 { 146 {
147 NID_desx_cbc, 147 NID_desx_cbc,
148 8, 24, 8, 148 8, 24, 8,
149 0, 149 0 | EVP_CIPH_CBC_MODE,
150 cipher_desx_cbc_init, 150 cipher_desx_cbc_init,
151 cipher_desx_cbc_code, 151 cipher_desx_cbc_code,
152 cipher_desx_cbc_clean, 152 cipher_desx_cbc_clean,
diff --git a/src/lib/libssl/src/demos/engines/zencod/Makefile b/src/lib/libssl/src/demos/engines/zencod/Makefile
new file mode 100644
index 0000000000..5b6a339ab2
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/Makefile
@@ -0,0 +1,114 @@
1LIBNAME= libzencod
2SRC= hw_zencod.c
3OBJ= hw_zencod.o
4HEADER= hw_zencod.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_zencod.ec \
30 -nostatic -staticloader -write hw_zencod.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
new file mode 100644
index 0000000000..308e18710f
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
@@ -0,0 +1,1736 @@
1/* crypto/engine/hw_zencod.c */
2 /* Written by Fred Donnat (frederic.donnat@zencod.com) for "zencod"
3 * engine integration in order to redirect crypto computing on a crypto
4 * hardware accelerator zenssl32 ;-)
5 *
6 * Date : 25 jun 2002
7 * Revision : 17 Ju7 2002
8 * Version : zencod_engine-0.9.7
9 */
10
11/* ====================================================================
12 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 *
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in
23 * the documentation and/or other materials provided with the
24 * distribution.
25 *
26 * 3. All advertising materials mentioning features or use of this
27 * software must display the following acknowledgment:
28 * "This product includes software developed by the OpenSSL Project
29 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
30 *
31 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
32 * endorse or promote products derived from this software without
33 * prior written permission. For written permission, please contact
34 * licensing@OpenSSL.org.
35 *
36 * 5. Products derived from this software may not be called "OpenSSL"
37 * nor may "OpenSSL" appear in their names without prior written
38 * permission of the OpenSSL Project.
39 *
40 * 6. Redistributions of any form whatsoever must retain the following
41 * acknowledgment:
42 * "This product includes software developed by the OpenSSL Project
43 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
46 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
48 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
49 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
50 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
51 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
52 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
54 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
56 * OF THE POSSIBILITY OF SUCH DAMAGE.
57 * ====================================================================
58 *
59 * This product includes cryptographic software written by Eric Young
60 * (eay@cryptsoft.com). This product includes software written by Tim
61 * Hudson (tjh@cryptsoft.com).
62 *
63 */
64
65
66/* ENGINE general include */
67#include <stdio.h>
68#include <openssl/crypto.h>
69#include <openssl/dso.h>
70#include <openssl/engine.h>
71
72#ifndef OPENSSL_NO_HW
73#ifndef OPENSSL_NO_HW_ZENCOD
74
75#ifdef FLAT_INC
76# include "hw_zencod.h"
77#else
78# include "vendor_defns/hw_zencod.h"
79#endif
80
81#define ZENCOD_LIB_NAME "zencod engine"
82#include "hw_zencod_err.c"
83
84#define FAIL_TO_SOFTWARE -15
85
86#define ZEN_LIBRARY "zenbridge"
87
88#if 0
89# define PERROR(s) perror(s)
90# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
91#else
92# define PERROR(s)
93# define CHEESE()
94#endif
95
96
97/* Sorry ;) */
98#ifndef WIN32
99static inline void esrever ( unsigned char *d, int l )
100{
101 for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
102}
103
104static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
105{
106 for(d+=l;l--;)*--d=*s++;
107}
108#else
109static __inline void esrever ( unsigned char *d, int l )
110{
111 for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
112}
113
114static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
115{
116 for(d+=l;l--;)*--d=*s++;
117}
118#endif
119
120
121#define BIGNUM2ZEN(n, bn) (ptr_zencod_init_number((n), \
122 (unsigned long) ((bn)->top * BN_BITS2), \
123 (unsigned char *) ((bn)->d)))
124
125#define ZEN_BITS(n, bytes) (ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
126#define ZEN_BYTES(bits) (ptr_zencod_bits2bytes((unsigned long) (bits)))
127
128
129/* Function for ENGINE detection and control */
130static int zencod_destroy ( ENGINE *e ) ;
131static int zencod_init ( ENGINE *e ) ;
132static int zencod_finish ( ENGINE *e ) ;
133static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;
134
135/* BIGNUM stuff */
136static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;
137
138/* RSA stuff */
139#ifndef OPENSSL_NO_RSA
140static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;
141static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
142 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;
143#endif
144
145/* DSA stuff */
146#ifndef OPENSSL_NO_DSA
147static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
148 BN_MONT_CTX *m_ctx ) ;
149
150static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;
151static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
152 DSA *dsa ) ;
153#endif
154
155/* DH stuff */
156#ifndef OPENSSL_NO_DH
157static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
158 BN_MONT_CTX *m_ctx ) ;
159static int DH_zencod_generate_key ( DH *dh ) ;
160static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;
161#endif
162
163/* Rand stuff */
164static void RAND_zencod_seed ( const void *buf, int num ) ;
165static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;
166static int RAND_zencod_rand_status ( void ) ;
167
168/* Digest Stuff */
169static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;
170
171/* Cipher Stuff */
172static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;
173
174
175#define ZENCOD_CMD_SO_PATH ENGINE_CMD_BASE
176static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =
177{
178 { ZENCOD_CMD_SO_PATH,
179 "SO_PATH",
180 "Specifies the path to the 'zenbridge' shared library",
181 ENGINE_CMD_FLAG_STRING},
182 { 0, NULL, NULL, 0 }
183} ;
184
185
186#ifndef OPENSSL_NO_RSA
187/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */
188static RSA_METHOD zencod_rsa =
189{
190 "ZENCOD RSA method",
191 NULL,
192 NULL,
193 NULL,
194 NULL,
195 RSA_zencod_rsa_mod_exp,
196 RSA_zencod_bn_mod_exp,
197 NULL,
198 NULL,
199 0,
200 NULL,
201 NULL,
202 NULL
203} ;
204#endif
205
206#ifndef OPENSSL_NO_DSA
207/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */
208static DSA_METHOD zencod_dsa =
209{
210 "ZENCOD DSA method",
211 DSA_zencod_do_sign,
212 NULL,
213 DSA_zencod_do_verify,
214 NULL,
215 DSA_zencod_bn_mod_exp,
216 NULL,
217 NULL,
218 0,
219 NULL
220} ;
221#endif
222
223#ifndef OPENSSL_NO_DH
224/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */
225static DH_METHOD zencod_dh =
226{
227 "ZENCOD DH method",
228 DH_zencod_generate_key,
229 DH_zencod_compute_key,
230 DH_zencod_bn_mod_exp,
231 NULL,
232 NULL,
233 0,
234 NULL
235} ;
236#endif
237
238/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to our function */
239static RAND_METHOD zencod_rand =
240{
241 RAND_zencod_seed,
242 RAND_zencod_rand_bytes,
243 NULL,
244 NULL,
245 RAND_zencod_rand_bytes,
246 RAND_zencod_rand_status
247} ;
248
249
250/* Constants used when creating the ENGINE */
251static const char *engine_zencod_id = "zencod";
252static const char *engine_zencod_name = "ZENCOD hardware engine support";
253
254
255/* This internal function is used by ENGINE_zencod () and possibly by the
256 * "dynamic" ENGINE support too ;-)
257 */
258static int bind_helper ( ENGINE *e )
259{
260
261#ifndef OPENSSL_NO_RSA
262 const RSA_METHOD *meth_rsa ;
263#endif
264#ifndef OPENSSL_NO_DSA
265 const DSA_METHOD *meth_dsa ;
266#endif
267#ifndef OPENSSL_NO_DH
268 const DH_METHOD *meth_dh ;
269#endif
270
271 const RAND_METHOD *meth_rand ;
272
273
274 if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
275 !ENGINE_set_name ( e, engine_zencod_name ) ||
276#ifndef OPENSSL_NO_RSA
277 !ENGINE_set_RSA ( e, &zencod_rsa ) ||
278#endif
279#ifndef OPENSSL_NO_DSA
280 !ENGINE_set_DSA ( e, &zencod_dsa ) ||
281#endif
282#ifndef OPENSSL_NO_DH
283 !ENGINE_set_DH ( e, &zencod_dh ) ||
284#endif
285 !ENGINE_set_RAND ( e, &zencod_rand ) ||
286
287 !ENGINE_set_destroy_function ( e, zencod_destroy ) ||
288 !ENGINE_set_init_function ( e, zencod_init ) ||
289 !ENGINE_set_finish_function ( e, zencod_finish ) ||
290 !ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
291 !ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
292 !ENGINE_set_digests ( e, engine_digests ) ||
293 !ENGINE_set_ciphers ( e, engine_ciphers ) ) {
294 return 0 ;
295 }
296
297#ifndef OPENSSL_NO_RSA
298 /* We know that the "PKCS1_SSLeay()" functions hook properly
299 * to the Zencod-specific mod_exp and mod_exp_crt so we use
300 * those functions. NB: We don't use ENGINE_openssl() or
301 * anything "more generic" because something like the RSAref
302 * code may not hook properly, and if you own one of these
303 * cards then you have the right to do RSA operations on it
304 * anyway!
305 */
306 meth_rsa = RSA_PKCS1_SSLeay () ;
307
308 zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
309 zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
310 zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
311 zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
312 /* meth_rsa->rsa_mod_exp */
313 /* meth_rsa->bn_mod_exp */
314 zencod_rsa.init = meth_rsa->init ;
315 zencod_rsa.finish = meth_rsa->finish ;
316#endif
317
318#ifndef OPENSSL_NO_DSA
319 /* We use OpenSSL meth to supply what we don't provide ;-*)
320 */
321 meth_dsa = DSA_OpenSSL () ;
322
323 /* meth_dsa->dsa_do_sign */
324 zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
325 /* meth_dsa->dsa_do_verify */
326 zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
327 /* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
328 zencod_dsa.init = meth_dsa->init ;
329 zencod_dsa.finish = meth_dsa->finish ;
330#endif
331
332#ifndef OPENSSL_NO_DH
333 /* We use OpenSSL meth to supply what we don't provide ;-*)
334 */
335 meth_dh = DH_OpenSSL () ;
336
337 /* zencod_dh.generate_key = meth_dh->generate_key ; */
338 /* zencod_dh.compute_key = meth_dh->compute_key ; */
339 /* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
340 zencod_dh.init = meth_dh->init ;
341 zencod_dh.finish = meth_dh->finish ;
342
343#endif
344
345 /* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
346 */
347 meth_rand = RAND_SSLeay () ;
348
349 /* meth_rand->seed ; */
350 /* zencod_rand.seed = meth_rand->seed ; */
351 /* meth_rand->bytes ; */
352 /* zencod_rand.bytes = meth_rand->bytes ; */
353 zencod_rand.cleanup = meth_rand->cleanup ;
354 zencod_rand.add = meth_rand->add ;
355 /* meth_rand->pseudorand ; */
356 /* zencod_rand.pseudorand = meth_rand->pseudorand ; */
357 /* zencod_rand.status = meth_rand->status ; */
358 /* meth_rand->status ; */
359
360 /* Ensure the zencod error handling is set up */
361 ERR_load_ZENCOD_strings () ;
362 return 1 ;
363}
364
365
366/* As this is only ever called once, there's no need for locking
367 * (indeed - the lock will already be held by our caller!!!)
368 */
369ENGINE *ENGINE_zencod ( void )
370{
371
372 ENGINE *eng = ENGINE_new () ;
373
374 if ( !eng ) {
375 return NULL ;
376 }
377 if ( !bind_helper ( eng ) ) {
378 ENGINE_free ( eng ) ;
379 return NULL ;
380 }
381
382 return eng ;
383}
384
385
386void ENGINE_load_zencod ( void )
387{
388 /* Copied from eng_[openssl|dyn].c */
389 ENGINE *toadd = ENGINE_zencod ( ) ;
390 if ( !toadd ) return ;
391 ENGINE_add ( toadd ) ;
392 ENGINE_free ( toadd ) ;
393 ERR_clear_error ( ) ;
394}
395
396
397/* This is a process-global DSO handle used for loading and unloading
398 * the ZENBRIDGE library.
399 * NB: This is only set (or unset) during an * init () or finish () call
400 * (reference counts permitting) and they're * operating with global locks,
401 * so this should be thread-safe * implicitly.
402 */
403static DSO *zencod_dso = NULL ;
404
405static t_zencod_test *ptr_zencod_test = NULL ;
406static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;
407static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;
408static t_zencod_new_number *ptr_zencod_new_number = NULL ;
409static t_zencod_init_number *ptr_zencod_init_number = NULL ;
410
411static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;
412static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;
413static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;
414static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;
415static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;
416static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;
417static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;
418static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;
419
420static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;
421static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;
422static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;
423static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;
424static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;
425static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;
426
427static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;
428static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;
429
430/* These are the static string constants for the DSO file name and the function
431 * symbol names to bind to.
432 */
433static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;
434
435static const char *ZENCOD_Fct_0 = "test_device" ;
436static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;
437static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;
438static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;
439static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;
440
441static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;
442static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;
443static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;
444static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;
445static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;
446static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;
447static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;
448static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;
449
450static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;
451static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;
452static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;
453static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;
454static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;
455static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;
456
457static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;
458static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;
459
460/* Destructor (complements the "ENGINE_zencod ()" constructor)
461 */
462static int zencod_destroy (ENGINE *e )
463{
464
465 ERR_unload_ZENCOD_strings () ;
466
467 return 1 ;
468}
469
470
471/* (de)initialisation functions. Control Function
472 */
473static int zencod_init ( ENGINE *e )
474{
475
476 t_zencod_test *ptr_0 ;
477 t_zencod_bytes2bits *ptr_1 ;
478 t_zencod_bits2bytes *ptr_2 ;
479 t_zencod_new_number *ptr_3 ;
480 t_zencod_init_number *ptr_4 ;
481 t_zencod_rsa_mod_exp *ptr_exp_1 ;
482 t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;
483 t_zencod_dsa_do_sign *ptr_dsa_1 ;
484 t_zencod_dsa_do_verify *ptr_dsa_2 ;
485 t_zencod_dh_generate_key *ptr_dh_1 ;
486 t_zencod_dh_compute_key *ptr_dh_2 ;
487 t_zencod_rand_bytes *ptr_rand_1 ;
488 t_zencod_math_mod_exp *ptr_math_1 ;
489 t_zencod_md5_init *ptr_md5_1 ;
490 t_zencod_md5_update *ptr_md5_2 ;
491 t_zencod_md5_do_final *ptr_md5_3 ;
492 t_zencod_sha1_init *ptr_sha1_1 ;
493 t_zencod_sha1_update *ptr_sha1_2 ;
494 t_zencod_sha1_do_final *ptr_sha1_3 ;
495 t_zencod_xdes_cipher *ptr_xdes_1 ;
496 t_zencod_rc4_cipher *ptr_rc4_1 ;
497
498 CHEESE () ;
499
500 /*
501 * We Should add some tests for non NULL parameters or bad value !!
502 * Stuff to be done ...
503 */
504
505 if ( zencod_dso != NULL ) {
506 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;
507 goto err ;
508 }
509 /* Trying to load the Library "cryptozen"
510 */
511 zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;
512 if ( zencod_dso == NULL ) {
513 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
514 goto err ;
515 }
516
517 /* Trying to load Function from the Library
518 */
519 if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||
520 ! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||
521 ! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||
522 ! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||
523 ! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||
524 ! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||
525 ! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||
526 ! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||
527 ! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||
528 ! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||
529 ! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||
530 ! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||
531 ! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||
532 ! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||
533 ! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||
534 ! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||
535 ! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||
536 ! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||
537 ! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||
538 ! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||
539 ! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {
540
541 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
542 goto err ;
543 }
544
545 /* The function from "cryptozen" Library have been correctly loaded so copy them
546 */
547 ptr_zencod_test = ptr_0 ;
548 ptr_zencod_bytes2bits = ptr_1 ;
549 ptr_zencod_bits2bytes = ptr_2 ;
550 ptr_zencod_new_number = ptr_3 ;
551 ptr_zencod_init_number = ptr_4 ;
552 ptr_zencod_rsa_mod_exp = ptr_exp_1 ;
553 ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;
554 ptr_zencod_dsa_do_sign = ptr_dsa_1 ;
555 ptr_zencod_dsa_do_verify = ptr_dsa_2 ;
556 ptr_zencod_dh_generate_key = ptr_dh_1 ;
557 ptr_zencod_dh_compute_key = ptr_dh_2 ;
558 ptr_zencod_rand_bytes = ptr_rand_1 ;
559 ptr_zencod_math_mod_exp = ptr_math_1 ;
560 ptr_zencod_test = ptr_0 ;
561 ptr_zencod_md5_init = ptr_md5_1 ;
562 ptr_zencod_md5_update = ptr_md5_2 ;
563 ptr_zencod_md5_do_final = ptr_md5_3 ;
564 ptr_zencod_sha1_init = ptr_sha1_1 ;
565 ptr_zencod_sha1_update = ptr_sha1_2 ;
566 ptr_zencod_sha1_do_final = ptr_sha1_3 ;
567 ptr_zencod_xdes_cipher = ptr_xdes_1 ;
568 ptr_zencod_rc4_cipher = ptr_rc4_1 ;
569
570 /* We should peform a test to see if there is actually any unit runnig on the system ...
571 * Even if the cryptozen library is loaded the module coul not be loaded on the system ...
572 * For now we may just open and close the device !!
573 */
574
575 if ( ptr_zencod_test () != 0 ) {
576 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;
577 goto err ;
578 }
579
580 return 1 ;
581err :
582 if ( zencod_dso ) {
583 DSO_free ( zencod_dso ) ;
584 }
585 zencod_dso = NULL ;
586 ptr_zencod_bytes2bits = NULL ;
587 ptr_zencod_bits2bytes = NULL ;
588 ptr_zencod_new_number = NULL ;
589 ptr_zencod_init_number = NULL ;
590 ptr_zencod_rsa_mod_exp = NULL ;
591 ptr_zencod_rsa_mod_exp_crt = NULL ;
592 ptr_zencod_dsa_do_sign = NULL ;
593 ptr_zencod_dsa_do_verify = NULL ;
594 ptr_zencod_dh_generate_key = NULL ;
595 ptr_zencod_dh_compute_key = NULL ;
596 ptr_zencod_rand_bytes = NULL ;
597 ptr_zencod_math_mod_exp = NULL ;
598 ptr_zencod_test = NULL ;
599 ptr_zencod_md5_init = NULL ;
600 ptr_zencod_md5_update = NULL ;
601 ptr_zencod_md5_do_final = NULL ;
602 ptr_zencod_sha1_init = NULL ;
603 ptr_zencod_sha1_update = NULL ;
604 ptr_zencod_sha1_do_final = NULL ;
605 ptr_zencod_xdes_cipher = NULL ;
606 ptr_zencod_rc4_cipher = NULL ;
607
608 return 0 ;
609}
610
611
612static int zencod_finish ( ENGINE *e )
613{
614
615 CHEESE () ;
616
617 /*
618 * We Should add some tests for non NULL parameters or bad value !!
619 * Stuff to be done ...
620 */
621 if ( zencod_dso == NULL ) {
622 ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;
623 return 0 ;
624 }
625 if ( !DSO_free ( zencod_dso ) ) {
626 ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;
627 return 0 ;
628 }
629
630 zencod_dso = NULL ;
631
632 ptr_zencod_bytes2bits = NULL ;
633 ptr_zencod_bits2bytes = NULL ;
634 ptr_zencod_new_number = NULL ;
635 ptr_zencod_init_number = NULL ;
636 ptr_zencod_rsa_mod_exp = NULL ;
637 ptr_zencod_rsa_mod_exp_crt = NULL ;
638 ptr_zencod_dsa_do_sign = NULL ;
639 ptr_zencod_dsa_do_verify = NULL ;
640 ptr_zencod_dh_generate_key = NULL ;
641 ptr_zencod_dh_compute_key = NULL ;
642 ptr_zencod_rand_bytes = NULL ;
643 ptr_zencod_math_mod_exp = NULL ;
644 ptr_zencod_test = NULL ;
645 ptr_zencod_md5_init = NULL ;
646 ptr_zencod_md5_update = NULL ;
647 ptr_zencod_md5_do_final = NULL ;
648 ptr_zencod_sha1_init = NULL ;
649 ptr_zencod_sha1_update = NULL ;
650 ptr_zencod_sha1_do_final = NULL ;
651 ptr_zencod_xdes_cipher = NULL ;
652 ptr_zencod_rc4_cipher = NULL ;
653
654 return 1 ;
655}
656
657
658static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )
659{
660
661 int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;
662
663 CHEESE () ;
664
665 /*
666 * We Should add some tests for non NULL parameters or bad value !!
667 * Stuff to be done ...
668 */
669 switch ( cmd ) {
670 case ZENCOD_CMD_SO_PATH :
671 if ( p == NULL ) {
672 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;
673 return 0 ;
674 }
675 if ( initialised ) {
676 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;
677 return 0 ;
678 }
679 ZENCOD_LIBNAME = (const char *) p ;
680 return 1 ;
681 default :
682 break ;
683 }
684
685 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;
686
687 return 0 ;
688}
689
690
691/* BIGNUM stuff Functions
692 */
693static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )
694{
695 zen_nb_t y, x, e, n;
696 int ret;
697
698 CHEESE () ;
699
700 if ( !zencod_dso ) {
701 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
702 return 0;
703 }
704
705 if ( !bn_wexpand(r, m->top + 1) ) {
706 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
707 return 0;
708 }
709
710 memset(r->d, 0, BN_num_bytes(m));
711
712 ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;
713 BIGNUM2ZEN ( &x, a ) ;
714 BIGNUM2ZEN ( &e, p ) ;
715 BIGNUM2ZEN ( &n, m ) ;
716
717 /* Must invert x and e parameter due to BN mod exp prototype ... */
718 ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;
719
720 if ( ret ) {
721 PERROR("zenbridge_math_mod_exp");
722 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
723 return 0;
724 }
725
726 r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
727
728 return 1;
729}
730
731
732/* RSA stuff Functions
733 */
734#ifndef OPENSSL_NO_RSA
735static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
736{
737
738 CHEESE () ;
739
740 if ( !zencod_dso ) {
741 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
742 return 0;
743 }
744
745 if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
746 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
747 return 0;
748 }
749
750 /* Do in software if argument is too large for hardware */
751 if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
752 const RSA_METHOD *meth;
753
754 meth = RSA_PKCS1_SSLeay();
755 return meth->rsa_mod_exp(r0, i, rsa);
756 } else {
757 zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
758
759 if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
760 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
761 return 0;
762 }
763 r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
764
765 BIGNUM2ZEN ( &x, i ) ;
766 BIGNUM2ZEN ( &y, r0 ) ;
767 BIGNUM2ZEN ( &p, rsa->p ) ;
768 BIGNUM2ZEN ( &q, rsa->q ) ;
769 BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
770 BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
771 BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
772
773 if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
774 PERROR("zenbridge_rsa_mod_exp_crt");
775 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
776 return 0;
777 }
778
779 return 1;
780 }
781}
782
783
784/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
785 */
786static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
787 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
788{
789
790 CHEESE () ;
791
792 if ( !zencod_dso ) {
793 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
794 return 0;
795 }
796
797 /* Do in software if argument is too large for hardware */
798 if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
799 const RSA_METHOD *meth;
800
801 meth = RSA_PKCS1_SSLeay();
802 return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
803 } else {
804 zen_nb_t y, x, e, n;
805
806 if ( !bn_expand(r, BN_num_bits(m)) ) {
807 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
808 return 0;
809 }
810 r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
811
812 BIGNUM2ZEN ( &x, a ) ;
813 BIGNUM2ZEN ( &y, r ) ;
814 BIGNUM2ZEN ( &e, p ) ;
815 BIGNUM2ZEN ( &n, m ) ;
816
817 if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
818 PERROR("zenbridge_rsa_mod_exp");
819 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
820 return 0;
821 }
822
823 return 1;
824 }
825}
826#endif /* !OPENSSL_NO_RSA */
827
828
829#ifndef OPENSSL_NO_DSA
830/* DSA stuff Functions
831 */
832static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
833{
834 zen_nb_t p, q, g, x, y, r, s, data;
835 DSA_SIG *sig;
836 BIGNUM *bn_r = NULL;
837 BIGNUM *bn_s = NULL;
838 char msg[20];
839
840 CHEESE();
841
842 if ( !zencod_dso ) {
843 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
844 goto FAILED;
845 }
846
847 if ( dlen > 160 ) {
848 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
849 goto FAILED;
850 }
851
852 /* Do in software if argument is too large for hardware */
853 if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
854 BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
855 const DSA_METHOD *meth;
856 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
857 meth = DSA_OpenSSL();
858 return meth->dsa_do_sign(dgst, dlen, dsa);
859 }
860
861 if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
862 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
863 goto FAILED;
864 }
865
866 if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
867 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
868 goto FAILED;
869 }
870
871 bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
872 BIGNUM2ZEN ( &p, dsa->p ) ;
873 BIGNUM2ZEN ( &q, dsa->q ) ;
874 BIGNUM2ZEN ( &g, dsa->g ) ;
875 BIGNUM2ZEN ( &x, dsa->priv_key ) ;
876 BIGNUM2ZEN ( &y, dsa->pub_key ) ;
877 BIGNUM2ZEN ( &r, bn_r ) ;
878 BIGNUM2ZEN ( &s, bn_s ) ;
879 q.len = x.len = 160;
880
881 ypcmem(msg, dgst, 20);
882 ptr_zencod_init_number ( &data, 160, msg ) ;
883
884 if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
885 PERROR("zenbridge_dsa_do_sign");
886 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
887 goto FAILED;
888 }
889
890 if ( !( sig = DSA_SIG_new () ) ) {
891 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
892 goto FAILED;
893 }
894 sig->r = bn_r;
895 sig->s = bn_s;
896 return sig;
897
898 FAILED:
899 if (bn_r)
900 BN_free(bn_r);
901 if (bn_s)
902 BN_free(bn_s);
903 return NULL;
904}
905
906
907static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
908{
909 zen_nb_t data, p, q, g, y, r, s, v;
910 char msg[20];
911 char v_data[20];
912 int ret;
913
914 CHEESE();
915
916 if ( !zencod_dso ) {
917 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
918 return 0;
919 }
920
921 if ( dlen > 160 ) {
922 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
923 return 0;
924 }
925
926 /* Do in software if argument is too large for hardware */
927 if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
928 BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
929 const DSA_METHOD *meth;
930 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
931 meth = DSA_OpenSSL();
932 return meth->dsa_do_verify(dgst, dlen, sig, dsa);
933 }
934
935 BIGNUM2ZEN ( &p, dsa->p ) ;
936 BIGNUM2ZEN ( &q, dsa->q ) ;
937 BIGNUM2ZEN ( &g, dsa->g ) ;
938 BIGNUM2ZEN ( &y, dsa->pub_key ) ;
939 BIGNUM2ZEN ( &r, sig->r ) ;
940 BIGNUM2ZEN ( &s, sig->s ) ;
941 ptr_zencod_init_number ( &v, 160, v_data ) ;
942 ypcmem(msg, dgst, 20);
943 ptr_zencod_init_number ( &data, 160, msg ) ;
944
945 if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
946 PERROR("zenbridge_dsa_do_verify");
947 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
948 return 0;
949 }
950
951 return ( ( ret == 0 ) ? 1 : ret ) ;
952}
953
954
955static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
956 BN_CTX *ctx, BN_MONT_CTX *m_ctx )
957{
958 CHEESE () ;
959
960 return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
961}
962#endif /* !OPENSSL_NO_DSA */
963
964
965#ifndef OPENSSl_NO_DH
966/* DH stuff Functions
967 */
968static int DH_zencod_generate_key ( DH *dh )
969{
970 BIGNUM *bn_prv = NULL;
971 BIGNUM *bn_pub = NULL;
972 zen_nb_t y, x, g, p;
973 int generate_x;
974
975 CHEESE();
976
977 if ( !zencod_dso ) {
978 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
979 return 0;
980 }
981
982 /* Private key */
983 if ( dh->priv_key ) {
984 bn_prv = dh->priv_key;
985 generate_x = 0;
986 } else {
987 if (!(bn_prv = BN_new())) {
988 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
989 goto FAILED;
990 }
991 generate_x = 1;
992 }
993
994 /* Public key */
995 if ( dh->pub_key )
996 bn_pub = dh->pub_key;
997 else
998 if ( !( bn_pub = BN_new () ) ) {
999 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
1000 goto FAILED;
1001 }
1002
1003 /* Expand */
1004 if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
1005 !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
1006 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
1007 goto FAILED;
1008 }
1009 bn_prv->top = dh->p->top;
1010 bn_pub->top = dh->p->top;
1011
1012 /* Convert all keys */
1013 BIGNUM2ZEN ( &p, dh->p ) ;
1014 BIGNUM2ZEN ( &g, dh->g ) ;
1015 BIGNUM2ZEN ( &y, bn_pub ) ;
1016 BIGNUM2ZEN ( &x, bn_prv ) ;
1017 x.len = DH_size(dh) * 8;
1018
1019 /* Adjust the lengths of P and G */
1020 p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
1021 g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;
1022
1023 /* Send the request to the driver */
1024 if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
1025 perror("zenbridge_dh_generate_key");
1026 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
1027 goto FAILED;
1028 }
1029
1030 dh->priv_key = bn_prv;
1031 dh->pub_key = bn_pub;
1032
1033 return 1;
1034
1035 FAILED:
1036 if (!dh->priv_key && bn_prv)
1037 BN_free(bn_prv);
1038 if (!dh->pub_key && bn_pub)
1039 BN_free(bn_pub);
1040
1041 return 0;
1042}
1043
1044
1045static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
1046{
1047 zen_nb_t y, x, p, k;
1048
1049 CHEESE();
1050
1051 if ( !zencod_dso ) {
1052 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
1053 return 0;
1054 }
1055
1056 if ( !dh->priv_key ) {
1057 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
1058 return 0;
1059 }
1060
1061 /* Convert all keys */
1062 BIGNUM2ZEN ( &y, pub_key ) ;
1063 BIGNUM2ZEN ( &x, dh->priv_key ) ;
1064 BIGNUM2ZEN ( &p, dh->p ) ;
1065 ptr_zencod_init_number ( &k, p.len, key ) ;
1066
1067 /* Adjust the lengths */
1068 p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
1069 y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
1070 x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;
1071
1072 /* Call the hardware */
1073 if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
1074 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
1075 return 0;
1076 }
1077
1078 /* The key must be written MSB -> LSB */
1079 k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
1080 esrever ( key, ZEN_BYTES ( k.len ) ) ;
1081
1082 return ZEN_BYTES ( k.len ) ;
1083}
1084
1085
1086static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1087 BN_MONT_CTX *m_ctx )
1088{
1089 CHEESE () ;
1090
1091 return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
1092}
1093#endif /* !OPENSSL_NO_DH */
1094
1095
1096/* RAND stuff Functions
1097 */
1098static void RAND_zencod_seed ( const void *buf, int num )
1099{
1100 /* Nothing to do cause our crypto accelerator provide a true random generator */
1101}
1102
1103
1104static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
1105{
1106 zen_nb_t r;
1107
1108 CHEESE();
1109
1110 if ( !zencod_dso ) {
1111 ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
1112 return 0;
1113 }
1114
1115 ptr_zencod_init_number ( &r, num * 8, buf ) ;
1116
1117 if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
1118 PERROR("zenbridge_rand_bytes");
1119 ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
1120 return 0;
1121 }
1122
1123 return 1;
1124}
1125
1126
1127static int RAND_zencod_rand_status ( void )
1128{
1129 CHEESE () ;
1130
1131 return 1;
1132}
1133
1134
1135/* This stuff is needed if this ENGINE is being compiled into a self-contained
1136 * shared-library.
1137 */
1138#ifdef ENGINE_DYNAMIC_SUPPORT
1139static int bind_fn ( ENGINE *e, const char *id )
1140{
1141
1142 if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
1143 return 0 ;
1144 }
1145 if ( !bind_helper ( e ) ) {
1146 return 0 ;
1147 }
1148
1149 return 1 ;
1150}
1151
1152IMPLEMENT_DYNAMIC_CHECK_FN ()
1153IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
1154#endif /* ENGINE_DYNAMIC_SUPPORT */
1155
1156
1157
1158
1159/*
1160 * Adding "Digest" and "Cipher" tools ...
1161 * This is in development ... ;-)
1162 * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
1163 * and evp, sha md5 definitions etc ...
1164 */
1165/* First add some include ... */
1166#include <openssl/evp.h>
1167#include <openssl/sha.h>
1168#include <openssl/md5.h>
1169#include <openssl/rc4.h>
1170#include <openssl/des.h>
1171
1172
1173/* Some variables declaration ... */
1174/* DONS:
1175 * Disable symetric computation except DES and 3DES, but let part of the code
1176 */
1177/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
1178static int engine_digest_nids [ ] = { } ;
1179static int engine_digest_nids_num = 0 ;
1180/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
1181static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
1182static int engine_cipher_nids_num = 2 ;
1183
1184
1185/* Function prototype ... */
1186/* SHA stuff */
1187static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
1188static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
1189static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
1190
1191/* MD5 stuff */
1192static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
1193static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
1194static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
1195
1196static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
1197static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;
1198
1199
1200/* RC4 Stuff */
1201static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1202static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
1203
1204/* DES Stuff */
1205static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1206static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
1207
1208/* 3DES Stuff */
1209static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1210static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;
1211
1212static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ; /* cleanup ctx */
1213
1214
1215/* The one for SHA ... */
1216static const EVP_MD engine_sha1_md =
1217{
1218 NID_sha1,
1219 NID_sha1WithRSAEncryption,
1220 SHA_DIGEST_LENGTH,
1221 EVP_MD_FLAG_ONESHOT,
1222 /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
1223 * XXX: set according to device info ... */
1224 engine_sha1_init,
1225 engine_sha1_update,
1226 engine_sha1_final,
1227 engine_md_copy, /* dev_crypto_sha_copy */
1228 engine_md_cleanup, /* dev_crypto_sha_cleanup */
1229 EVP_PKEY_RSA_method,
1230 SHA_CBLOCK,
1231 /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
1232 sizeof ( ZEN_MD_DATA )
1233 /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */
1234} ;
1235
1236/* The one for MD5 ... */
1237static const EVP_MD engine_md5_md =
1238{
1239 NID_md5,
1240 NID_md5WithRSAEncryption,
1241 MD5_DIGEST_LENGTH,
1242 EVP_MD_FLAG_ONESHOT,
1243 /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
1244 * XXX: set according to device info ... */
1245 engine_md5_init,
1246 engine_md5_update,
1247 engine_md5_final,
1248 engine_md_copy, /* dev_crypto_md5_copy */
1249 engine_md_cleanup, /* dev_crypto_md5_cleanup */
1250 EVP_PKEY_RSA_method,
1251 MD5_CBLOCK,
1252 /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
1253 sizeof ( ZEN_MD_DATA )
1254 /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */
1255} ;
1256
1257
1258/* The one for RC4 ... */
1259#define EVP_RC4_KEY_SIZE 16
1260
1261/* Try something static ... */
1262typedef struct
1263{
1264 unsigned int len ;
1265 unsigned int first ;
1266 unsigned char rc4_state [ 260 ] ;
1267} NEW_ZEN_RC4_KEY ;
1268
1269#define rc4_data(ctx) ( (EVP_RC4_KEY *) ( ctx )->cipher_data )
1270
1271static const EVP_CIPHER engine_rc4 =
1272{
1273 NID_rc4,
1274 1,
1275 16, /* EVP_RC4_KEY_SIZE should be 128 bits */
1276 0, /* FIXME: key should be up to 256 bytes */
1277 EVP_CIPH_VARIABLE_LENGTH,
1278 engine_rc4_init_key,
1279 engine_rc4_cipher,
1280 engine_cipher_cleanup,
1281 sizeof ( NEW_ZEN_RC4_KEY ),
1282 NULL,
1283 NULL,
1284 NULL
1285} ;
1286
1287/* The one for RC4_40 ... */
1288static const EVP_CIPHER engine_rc4_40 =
1289{
1290 NID_rc4_40,
1291 1,
1292 5, /* 40 bits */
1293 0,
1294 EVP_CIPH_VARIABLE_LENGTH,
1295 engine_rc4_init_key,
1296 engine_rc4_cipher,
1297 engine_cipher_cleanup,
1298 sizeof ( NEW_ZEN_RC4_KEY ),
1299 NULL,
1300 NULL,
1301 NULL
1302} ;
1303
1304/* The one for DES ... */
1305
1306/* Try something static ... */
1307typedef struct
1308{
1309 unsigned char des_key [ 24 ] ;
1310 unsigned char des_iv [ 8 ] ;
1311} ZEN_DES_KEY ;
1312
1313static const EVP_CIPHER engine_des_cbc =
1314 {
1315 NID_des_cbc,
1316 8, 8, 8,
1317 0 | EVP_CIPH_CBC_MODE,
1318 engine_des_init_key,
1319 engine_des_cbc_cipher,
1320 engine_cipher_cleanup,
1321 sizeof(ZEN_DES_KEY),
1322 EVP_CIPHER_set_asn1_iv,
1323 EVP_CIPHER_get_asn1_iv,
1324 NULL,
1325 NULL
1326 };
1327
1328/* The one for 3DES ... */
1329
1330/* Try something static ... */
1331typedef struct
1332{
1333 unsigned char des3_key [ 24 ] ;
1334 unsigned char des3_iv [ 8 ] ;
1335} ZEN_3DES_KEY ;
1336
1337#define des_data(ctx) ( (DES_EDE_KEY *) ( ctx )->cipher_data )
1338
1339static const EVP_CIPHER engine_des_ede3_cbc =
1340 {
1341 NID_des_ede3_cbc,
1342 8, 8, 8,
1343 0 | EVP_CIPH_CBC_MODE,
1344 engine_des_ede3_init_key,
1345 engine_des_ede3_cbc_cipher,
1346 engine_cipher_cleanup,
1347 sizeof(ZEN_3DES_KEY),
1348 EVP_CIPHER_set_asn1_iv,
1349 EVP_CIPHER_get_asn1_iv,
1350 NULL,
1351 NULL
1352 };
1353
1354
1355/* General function cloned on hw_openbsd_dev_crypto one ... */
1356static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )
1357{
1358
1359#ifdef DEBUG_ZENCOD_MD
1360 fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;
1361#endif
1362
1363 if ( !digest ) {
1364 /* We are returning a list of supported nids */
1365 *nids = engine_digest_nids ;
1366 return engine_digest_nids_num ;
1367 }
1368 /* We are being asked for a specific digest */
1369 if ( nid == NID_md5 ) {
1370 *digest = &engine_md5_md ;
1371 }
1372 else if ( nid == NID_sha1 ) {
1373 *digest = &engine_sha1_md ;
1374 }
1375 else {
1376 *digest = NULL ;
1377 return 0 ;
1378 }
1379 return 1 ;
1380}
1381
1382
1383/* SHA stuff Functions
1384 */
1385static int engine_sha1_init ( EVP_MD_CTX *ctx )
1386{
1387
1388 int to_return = 0 ;
1389
1390 /* Test with zenbridge library ... */
1391 to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
1392 to_return = !to_return ;
1393
1394 return to_return ;
1395}
1396
1397
1398static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
1399{
1400
1401 zen_nb_t input ;
1402 int to_return = 0 ;
1403
1404 /* Convert parameters ... */
1405 input.len = count ;
1406 input.data = (unsigned char *) data ;
1407
1408 /* Test with zenbridge library ... */
1409 to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
1410 to_return = !to_return ;
1411
1412 return to_return ;
1413}
1414
1415
1416static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )
1417{
1418
1419 zen_nb_t output ;
1420 int to_return = 0 ;
1421
1422 /* Convert parameters ... */
1423 output.len = SHA_DIGEST_LENGTH ;
1424 output.data = md ;
1425
1426 /* Test with zenbridge library ... */
1427 to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
1428 to_return = !to_return ;
1429
1430 return to_return ;
1431}
1432
1433
1434
1435/* MD5 stuff Functions
1436 */
1437static int engine_md5_init ( EVP_MD_CTX *ctx )
1438{
1439
1440 int to_return = 0 ;
1441
1442 /* Test with zenbridge library ... */
1443 to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
1444 to_return = !to_return ;
1445
1446 return to_return ;
1447}
1448
1449
1450static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
1451{
1452
1453 zen_nb_t input ;
1454 int to_return = 0 ;
1455
1456 /* Convert parameters ... */
1457 input.len = count ;
1458 input.data = (unsigned char *) data ;
1459
1460 /* Test with zenbridge library ... */
1461 to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
1462 to_return = !to_return ;
1463
1464 return to_return ;
1465}
1466
1467
1468static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )
1469{
1470
1471 zen_nb_t output ;
1472 int to_return = 0 ;
1473
1474 /* Convert parameters ... */
1475 output.len = MD5_DIGEST_LENGTH ;
1476 output.data = md ;
1477
1478 /* Test with zenbridge library ... */
1479 to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
1480 to_return = !to_return ;
1481
1482 return to_return ;
1483}
1484
1485
1486static int engine_md_cleanup ( EVP_MD_CTX *ctx )
1487{
1488
1489 ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;
1490
1491 if ( zen_md_data->HashBuffer != NULL ) {
1492 OPENSSL_free ( zen_md_data->HashBuffer ) ;
1493 zen_md_data->HashBufferSize = 0 ;
1494 ctx->md_data = NULL ;
1495 }
1496
1497 return 1 ;
1498}
1499
1500
1501static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )
1502{
1503 const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;
1504 ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;
1505
1506 to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;
1507 memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;
1508
1509 return 1;
1510}
1511
1512
1513/* General function cloned on hw_openbsd_dev_crypto one ... */
1514static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )
1515{
1516
1517 if ( !cipher ) {
1518 /* We are returning a list of supported nids */
1519 *nids = engine_cipher_nids ;
1520 return engine_cipher_nids_num ;
1521 }
1522 /* We are being asked for a specific cipher */
1523 if ( nid == NID_rc4 ) {
1524 *cipher = &engine_rc4 ;
1525 }
1526 else if ( nid == NID_rc4_40 ) {
1527 *cipher = &engine_rc4_40 ;
1528 }
1529 else if ( nid == NID_des_cbc ) {
1530 *cipher = &engine_des_cbc ;
1531 }
1532 else if ( nid == NID_des_ede3_cbc ) {
1533 *cipher = &engine_des_ede3_cbc ;
1534 }
1535 else {
1536 *cipher = NULL ;
1537 return 0 ;
1538 }
1539
1540 return 1 ;
1541}
1542
1543
1544static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1545{
1546 int to_return = 0 ;
1547 int i = 0 ;
1548 int nb = 0 ;
1549 NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
1550
1551 tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;
1552 tmp_rc4_key->first = 0 ;
1553 tmp_rc4_key->len = ctx->key_len ;
1554 tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;
1555 tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;
1556 nb = 256 / ctx->key_len ;
1557 for ( i = 0; i < nb ; i++ ) {
1558 memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;
1559 }
1560
1561 to_return = 1 ;
1562
1563 return to_return ;
1564}
1565
1566
1567static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )
1568{
1569
1570 zen_nb_t output, input ;
1571 zen_nb_t rc4key ;
1572 int to_return = 0 ;
1573 NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
1574
1575 /* Convert parameters ... */
1576 input.len = in_len ;
1577 input.data = (unsigned char *) in ;
1578 output.len = in_len ;
1579 output.data = (unsigned char *) out ;
1580
1581 tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;
1582 rc4key.len = 260 ;
1583 rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;
1584
1585 /* Test with zenbridge library ... */
1586 to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;
1587 to_return = !to_return ;
1588
1589 /* Update encryption state ... */
1590 tmp_rc4_key->first = 1 ;
1591 tmp_rc4_key = NULL ;
1592
1593 return to_return ;
1594}
1595
1596
1597static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1598{
1599
1600 ZEN_DES_KEY *tmp_des_key = NULL ;
1601 int to_return = 0 ;
1602
1603 tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;
1604 memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;
1605 memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;
1606 memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;
1607 memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;
1608
1609 to_return = 1 ;
1610
1611 return to_return ;
1612}
1613
1614
1615static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )
1616{
1617
1618 zen_nb_t output, input ;
1619 zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
1620 int to_return = 0 ;
1621
1622 /* Convert parameters ... */
1623 input.len = inl ;
1624 input.data = (unsigned char *) in ;
1625 output.len = inl ;
1626 output.data = out ;
1627
1628 /* Set key parameters ... */
1629 deskey_1.len = 8 ;
1630 deskey_2.len = 8 ;
1631 deskey_3.len = 8 ;
1632 deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;
1633 deskey_2.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;
1634 deskey_3.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;
1635
1636 /* Key correct iv ... */
1637 memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;
1638 iv.len = 8 ;
1639 iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;
1640
1641 if ( ctx->encrypt == 0 ) {
1642 memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
1643 }
1644
1645 /* Test with zenbridge library ... */
1646 to_return = ptr_zencod_xdes_cipher ( &output, &input,
1647 (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
1648 to_return = !to_return ;
1649
1650 /* But we need to set up the rigth iv ...
1651 * Test ENCRYPT or DECRYPT mode to set iv ... */
1652 if ( ctx->encrypt == 1 ) {
1653 memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
1654 }
1655
1656 return to_return ;
1657}
1658
1659
1660static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1661{
1662
1663 ZEN_3DES_KEY *tmp_3des_key = NULL ;
1664 int to_return = 0 ;
1665
1666 tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;
1667 memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;
1668 memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;
1669
1670 to_return = 1;
1671
1672 return to_return ;
1673}
1674
1675
1676static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
1677 unsigned int in_len )
1678{
1679
1680 zen_nb_t output, input ;
1681 zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
1682 int to_return = 0 ;
1683
1684 /* Convert parameters ... */
1685 input.len = in_len ;
1686 input.data = (unsigned char *) in ;
1687 output.len = in_len ;
1688 output.data = out ;
1689
1690 /* Set key ... */
1691 deskey_1.len = 8 ;
1692 deskey_2.len = 8 ;
1693 deskey_3.len = 8 ;
1694 deskey_1.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;
1695 deskey_2.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;
1696 deskey_3.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;
1697
1698 /* Key correct iv ... */
1699 memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;
1700 iv.len = 8 ;
1701 iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;
1702
1703 if ( ctx->encrypt == 0 ) {
1704 memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
1705 }
1706
1707 /* Test with zenbridge library ... */
1708 to_return = ptr_zencod_xdes_cipher ( &output, &input,
1709 (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
1710 to_return = !to_return ;
1711
1712 if ( ctx->encrypt == 1 ) {
1713 memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
1714 }
1715
1716 return to_return ;
1717}
1718
1719
1720static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )
1721{
1722
1723 /* Set the key pointer ... */
1724 if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {
1725 }
1726 else if ( ctx->cipher->nid == NID_des_cbc ) {
1727 }
1728 else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {
1729 }
1730
1731 return 1 ;
1732}
1733
1734
1735#endif /* !OPENSSL_NO_HW_ZENCOD */
1736#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec
new file mode 100644
index 0000000000..1552c79be6
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec
@@ -0,0 +1,8 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_zencod.ec \
6# -nostatic -staticloader -write *.c
7
8L ZENCOD hw_zencod_err.h hw_zencod_err.c
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h
new file mode 100644
index 0000000000..195345d8c6
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h
@@ -0,0 +1,160 @@
1/* File : /crypto/engine/vendor_defns/hw_zencod.h */
2/* ====================================================================
3 * Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
4 * for "zencod" ENGINE integration in OpenSSL project.
5 */
6
7
8 #ifndef _HW_ZENCOD_H_
9#define _HW_ZENCOD_H_
10
11#include <stdio.h>
12
13#ifdef __cplusplus
14extern "C" {
15#endif /* __cplusplus */
16
17#define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
18#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
19#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
20#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
21
22/* Library version computation */
23#define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
24#define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
25#define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
26#define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
27
28/*
29 * Memory type
30 */
31typedef struct zencod_number_s {
32 unsigned long len;
33 unsigned char *data;
34} zen_nb_t;
35
36#define KEY zen_nb_t
37
38
39/*
40 * Misc
41 */
42typedef int t_zencod_lib_version (void);
43typedef int t_zencod_hw_version (void);
44typedef int t_zencod_test (void);
45typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
46
47
48/*
49 * Key managment tools
50 */
51typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
52typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
53typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
54typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
55
56
57/*
58 * RSA API
59 */
60/* Compute modular exponential : y = x**e | n */
61typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
62/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
63typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
64 KEY *edp, KEY *edq, KEY *qinv);
65
66
67/*
68 * DSA API
69 */
70typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
71 KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
72typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
73 KEY *p, KEY *q, KEY *g, KEY *y,
74 KEY *r, KEY *s, KEY *v);
75
76
77/*
78 * DH API
79 */
80 /* Key generation : compute public value y = g**x | n */
81typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
82typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
83
84
85/*
86 * RNG API
87 */
88#define ZENBRIDGE_RNG_DIRECT 0
89#define ZENBRIDGE_RNG_SHA1 1
90typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
91
92
93/*
94 * Math API
95 */
96typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
97
98
99
100
101/*
102 * Symetric API
103 */
104/* Define a data structure for digests operations */
105typedef struct ZEN_data_st
106{
107 unsigned int HashBufferSize ;
108 unsigned char *HashBuffer ;
109} ZEN_MD_DATA ;
110
111/*
112 * Functions for Digest (MD5, SHA1) stuff
113 */
114/* output : output data buffer */
115/* input : input data buffer */
116/* algo : hash algorithm, MD5 or SHA1 */
117/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
118 * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
119 */
120/* For now separate this stuff that mad it easier to test */
121typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
122typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
123typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
124
125typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
126typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
127typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
128
129
130/*
131 * Functions for Cipher (RC4, DES, 3DES) stuff
132 */
133/* output : output data buffer */
134/* input : input data buffer */
135/* key : rc4 key data */
136/* index_1 : value of index x from RC4 key structure */
137/* index_2 : value of index y from RC4 key structure */
138/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
139typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
140 unsigned char *index_1, unsigned char *index_2, int mode ) ;
141
142/* output : output data buffer */
143/* input : input data buffer */
144/* key_1 : des first key data */
145/* key_2 : des second key data */
146/* key_3 : des third key data */
147/* iv : initial vector */
148/* mode : xdes mode (encrypt or decrypt) */
149/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
150typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
151 const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
152
153
154#undef KEY
155
156#ifdef __cplusplus
157}
158#endif /* __cplusplus */
159
160#endif /* !_HW_ZENCOD_H_ */
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c
new file mode 100644
index 0000000000..8ed0fffc9c
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c
@@ -0,0 +1,151 @@
1/* hw_zencod_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_zencod_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA ZENCOD_str_functs[]=
68 {
69{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0), "ZENCOD_BN_MOD_EXP"},
70{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0), "ZENCOD_CTRL"},
71{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0), "ZENCOD_DH_COMPUTE"},
72{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0), "ZENCOD_DH_GENERATE"},
73{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0), "ZENCOD_DSA_DO_SIGN"},
74{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0), "ZENCOD_DSA_DO_VERIFY"},
75{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0), "ZENCOD_FINISH"},
76{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0), "ZENCOD_INIT"},
77{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0), "ZENCOD_RAND"},
78{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0), "ZENCOD_RSA_MOD_EXP"},
79{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0), "ZENCOD_RSA_MOD_EXP_CRT"},
80{0,NULL}
81 };
82
83static ERR_STRING_DATA ZENCOD_str_reasons[]=
84 {
85{ZENCOD_R_ALREADY_LOADED ,"already loaded"},
86{ZENCOD_R_BAD_KEY_COMPONENTS ,"bad key components"},
87{ZENCOD_R_BN_EXPAND_FAIL ,"bn expand fail"},
88{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
89{ZENCOD_R_DSO_FAILURE ,"dso failure"},
90{ZENCOD_R_NOT_LOADED ,"not loaded"},
91{ZENCOD_R_REQUEST_FAILED ,"request failed"},
92{ZENCOD_R_UNIT_FAILURE ,"unit failure"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef ZENCOD_LIB_NAME
99static ERR_STRING_DATA ZENCOD_lib_name[]=
100 {
101{0 ,ZENCOD_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int ZENCOD_lib_error_code=0;
108static int ZENCOD_error_init=1;
109
110static void ERR_load_ZENCOD_strings(void)
111 {
112 if (ZENCOD_lib_error_code == 0)
113 ZENCOD_lib_error_code=ERR_get_next_error_library();
114
115 if (ZENCOD_error_init)
116 {
117 ZENCOD_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
120 ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
121#endif
122
123#ifdef ZENCOD_LIB_NAME
124 ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
125 ERR_load_strings(0,ZENCOD_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_ZENCOD_strings(void)
131 {
132 if (ZENCOD_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
136 ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
137#endif
138
139#ifdef ZENCOD_LIB_NAME
140 ERR_unload_strings(0,ZENCOD_lib_name);
141#endif
142 ZENCOD_error_init=1;
143 }
144 }
145
146static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
147 {
148 if (ZENCOD_lib_error_code == 0)
149 ZENCOD_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h
new file mode 100644
index 0000000000..1b5dcb5685
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h
@@ -0,0 +1,95 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_ZENCOD_ERR_H
56#define HEADER_ZENCOD_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_ZENCOD_strings(void);
63static void ERR_unload_ZENCOD_strings(void);
64static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
65#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the ZENCOD functions. */
68
69/* Function codes. */
70#define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
71#define ZENCOD_F_ZENCOD_CTRL 101
72#define ZENCOD_F_ZENCOD_DH_COMPUTE 102
73#define ZENCOD_F_ZENCOD_DH_GENERATE 103
74#define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
75#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
76#define ZENCOD_F_ZENCOD_FINISH 106
77#define ZENCOD_F_ZENCOD_INIT 107
78#define ZENCOD_F_ZENCOD_RAND 108
79#define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
80#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
81
82/* Reason codes. */
83#define ZENCOD_R_ALREADY_LOADED 100
84#define ZENCOD_R_BAD_KEY_COMPONENTS 101
85#define ZENCOD_R_BN_EXPAND_FAIL 102
86#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
87#define ZENCOD_R_DSO_FAILURE 104
88#define ZENCOD_R_NOT_LOADED 105
89#define ZENCOD_R_REQUEST_FAILED 106
90#define ZENCOD_R_UNIT_FAILURE 107
91
92#ifdef __cplusplus
93}
94#endif
95#endif
diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod
new file mode 100644
index 0000000000..61e0264bb7
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/engine.pod
@@ -0,0 +1,621 @@
1=pod
2
3=head1 NAME
4
5engine - ENGINE cryptographic module support
6
7=head1 SYNOPSIS
8
9 #include <openssl/engine.h>
10
11 ENGINE *ENGINE_get_first(void);
12 ENGINE *ENGINE_get_last(void);
13 ENGINE *ENGINE_get_next(ENGINE *e);
14 ENGINE *ENGINE_get_prev(ENGINE *e);
15
16 int ENGINE_add(ENGINE *e);
17 int ENGINE_remove(ENGINE *e);
18
19 ENGINE *ENGINE_by_id(const char *id);
20
21 int ENGINE_init(ENGINE *e);
22 int ENGINE_finish(ENGINE *e);
23
24 void ENGINE_load_openssl(void);
25 void ENGINE_load_dynamic(void);
26 void ENGINE_load_cswift(void);
27 void ENGINE_load_chil(void);
28 void ENGINE_load_atalla(void);
29 void ENGINE_load_nuron(void);
30 void ENGINE_load_ubsec(void);
31 void ENGINE_load_aep(void);
32 void ENGINE_load_sureware(void);
33 void ENGINE_load_4758cca(void);
34 void ENGINE_load_openbsd_dev_crypto(void);
35 void ENGINE_load_builtin_engines(void);
36
37 void ENGINE_cleanup(void);
38
39 ENGINE *ENGINE_get_default_RSA(void);
40 ENGINE *ENGINE_get_default_DSA(void);
41 ENGINE *ENGINE_get_default_DH(void);
42 ENGINE *ENGINE_get_default_RAND(void);
43 ENGINE *ENGINE_get_cipher_engine(int nid);
44 ENGINE *ENGINE_get_digest_engine(int nid);
45
46 int ENGINE_set_default_RSA(ENGINE *e);
47 int ENGINE_set_default_DSA(ENGINE *e);
48 int ENGINE_set_default_DH(ENGINE *e);
49 int ENGINE_set_default_RAND(ENGINE *e);
50 int ENGINE_set_default_ciphers(ENGINE *e);
51 int ENGINE_set_default_digests(ENGINE *e);
52 int ENGINE_set_default_string(ENGINE *e, const char *list);
53
54 int ENGINE_set_default(ENGINE *e, unsigned int flags);
55
56 unsigned int ENGINE_get_table_flags(void);
57 void ENGINE_set_table_flags(unsigned int flags);
58
59 int ENGINE_register_RSA(ENGINE *e);
60 void ENGINE_unregister_RSA(ENGINE *e);
61 void ENGINE_register_all_RSA(void);
62 int ENGINE_register_DSA(ENGINE *e);
63 void ENGINE_unregister_DSA(ENGINE *e);
64 void ENGINE_register_all_DSA(void);
65 int ENGINE_register_DH(ENGINE *e);
66 void ENGINE_unregister_DH(ENGINE *e);
67 void ENGINE_register_all_DH(void);
68 int ENGINE_register_RAND(ENGINE *e);
69 void ENGINE_unregister_RAND(ENGINE *e);
70 void ENGINE_register_all_RAND(void);
71 int ENGINE_register_ciphers(ENGINE *e);
72 void ENGINE_unregister_ciphers(ENGINE *e);
73 void ENGINE_register_all_ciphers(void);
74 int ENGINE_register_digests(ENGINE *e);
75 void ENGINE_unregister_digests(ENGINE *e);
76 void ENGINE_register_all_digests(void);
77 int ENGINE_register_complete(ENGINE *e);
78 int ENGINE_register_all_complete(void);
79
80 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
81 int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
82 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
83 long i, void *p, void (*f)(), int cmd_optional);
84 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
85 int cmd_optional);
86
87 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
88 void *ENGINE_get_ex_data(const ENGINE *e, int idx);
89
90 int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
91 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
92
93 ENGINE *ENGINE_new(void);
94 int ENGINE_free(ENGINE *e);
95
96 int ENGINE_set_id(ENGINE *e, const char *id);
97 int ENGINE_set_name(ENGINE *e, const char *name);
98 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
99 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
100 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
101 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
102 int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
103 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
104 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
105 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
106 int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
107 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
108 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
109 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
110 int ENGINE_set_flags(ENGINE *e, int flags);
111 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
112
113 const char *ENGINE_get_id(const ENGINE *e);
114 const char *ENGINE_get_name(const ENGINE *e);
115 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
116 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
117 const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
118 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
119 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
120 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
121 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
122 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
123 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
124 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
125 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
126 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
127 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
128 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
129 int ENGINE_get_flags(const ENGINE *e);
130 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
131
132 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
133 UI_METHOD *ui_method, void *callback_data);
134 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
135 UI_METHOD *ui_method, void *callback_data);
136
137 void ENGINE_add_conf_module(void);
138
139=head1 DESCRIPTION
140
141These functions create, manipulate, and use cryptographic modules in the
142form of B<ENGINE> objects. These objects act as containers for
143implementations of cryptographic algorithms, and support a
144reference-counted mechanism to allow them to be dynamically loaded in and
145out of the running application.
146
147The cryptographic functionality that can be provided by an B<ENGINE>
148implementation includes the following abstractions;
149
150 RSA_METHOD - for providing alternative RSA implementations
151 DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND
152 EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
153 EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
154 key-loading - loading public and/or private EVP_PKEY keys
155
156=head2 Reference counting and handles
157
158Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
159treated as handles - ie. not only as pointers, but also as references to
160the underlying ENGINE object. Ie. you should obtain a new reference when
161making copies of an ENGINE pointer if the copies will be used (and
162released) independantly.
163
164ENGINE objects have two levels of reference-counting to match the way in
165which the objects are used. At the most basic level, each ENGINE pointer is
166inherently a B<structural> reference - you need a structural reference
167simply to refer to the pointer value at all, as this kind of reference is
168your guarantee that the structure can not be deallocated until you release
169your reference.
170
171However, a structural reference provides no guarantee that the ENGINE has
172been initiliased to be usable to perform any of its cryptographic
173implementations - and indeed it's quite possible that most ENGINEs will not
174initialised at all on standard setups, as ENGINEs are typically used to
175support specialised hardware. To use an ENGINE's functionality, you need a
176B<functional> reference. This kind of reference can be considered a
177specialised form of structural reference, because each functional reference
178implicitly contains a structural reference as well - however to avoid
179difficult-to-find programming bugs, it is recommended to treat the two
180kinds of reference independantly. If you have a functional reference to an
181ENGINE, you have a guarantee that the ENGINE has been initialised ready to
182perform cryptographic operations and will not be uninitialised or cleaned
183up until after you have released your reference.
184
185We will discuss the two kinds of reference separately, including how to
186tell which one you are dealing with at any given point in time (after all
187they are both simply (ENGINE *) pointers, the difference is in the way they
188are used).
189
190=head3 Structural references
191
192This basic type of reference is typically used for creating new ENGINEs
193dynamically, iterating across OpenSSL's internal linked-list of loaded
194ENGINEs, reading information about an ENGINE, etc. Essentially a structural
195reference is sufficient if you only need to query or manipulate the data of
196an ENGINE implementation rather than use its functionality.
197
198The ENGINE_new() function returns a structural reference to a new (empty)
199ENGINE object. Other than that, structural references come from return
200values to various ENGINE API functions such as; ENGINE_by_id(),
201ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(),
202ENGINE_get_prev(). All structural references should be released by a
203corresponding to call to the ENGINE_free() function - the ENGINE object
204itself will only actually be cleaned up and deallocated when the last
205structural reference is released.
206
207It should also be noted that many ENGINE API function calls that accept a
208structural reference will internally obtain another reference - typically
209this happens whenever the supplied ENGINE will be needed by OpenSSL after
210the function has returned. Eg. the function to add a new ENGINE to
211OpenSSL's internal list is ENGINE_add() - if this function returns success,
212then OpenSSL will have stored a new structural reference internally so the
213caller is still responsible for freeing their own reference with
214ENGINE_free() when they are finished with it. In a similar way, some
215functions will automatically release the structural reference passed to it
216if part of the function's job is to do so. Eg. the ENGINE_get_next() and
217ENGINE_get_prev() functions are used for iterating across the internal
218ENGINE list - they will return a new structural reference to the next (or
219previous) ENGINE in the list or NULL if at the end (or beginning) of the
220list, but in either case the structural reference passed to the function is
221released on behalf of the caller.
222
223To clarify a particular function's handling of references, one should
224always consult that function's documentation "man" page, or failing that
225the openssl/engine.h header file includes some hints.
226
227=head3 Functional references
228
229As mentioned, functional references exist when the cryptographic
230functionality of an ENGINE is required to be available. A functional
231reference can be obtained in one of two ways; from an existing structural
232reference to the required ENGINE, or by asking OpenSSL for the default
233operational ENGINE for a given cryptographic purpose.
234
235To obtain a functional reference from an existing structural reference,
236call the ENGINE_init() function. This returns zero if the ENGINE was not
237already operational and couldn't be successfully initialised (eg. lack of
238system drivers, no special hardware attached, etc), otherwise it will
239return non-zero to indicate that the ENGINE is now operational and will
240have allocated a new B<functional> reference to the ENGINE. In this case,
241the supplied ENGINE pointer is, from the point of the view of the caller,
242both a structural reference and a functional reference - so if the caller
243intends to use it as a functional reference it should free the structural
244reference with ENGINE_free() first. If the caller wishes to use it only as
245a structural reference (eg. if the ENGINE_init() call was simply to test if
246the ENGINE seems available/online), then it should free the functional
247reference; all functional references are released by the ENGINE_finish()
248function.
249
250The second way to get a functional reference is by asking OpenSSL for a
251default implementation for a given task, eg. by ENGINE_get_default_RSA(),
252ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
253section, though they are not usually required by application programmers as
254they are used automatically when creating and using the relevant
255algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
256
257=head2 Default implementations
258
259For each supported abstraction, the ENGINE code maintains an internal table
260of state to control which implementations are available for a given
261abstraction and which should be used by default. These implementations are
262registered in the tables separated-out by an 'nid' index, because
263abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
264algorithms and modes - ENGINEs will support different numbers and
265combinations of these. In the case of other abstractions like RSA, DSA,
266etc, there is only one "algorithm" so all implementations implicitly
267register using the same 'nid' index. ENGINEs can be B<registered> into
268these tables to make themselves available for use automatically by the
269various abstractions, eg. RSA. For illustrative purposes, we continue with
270the RSA example, though all comments apply similarly to the other
271abstractions (they each get their own table and linkage to the
272corresponding section of openssl code).
273
274When a new RSA key is being created, ie. in RSA_new_method(), a
275"get_default" call will be made to the ENGINE subsystem to process the RSA
276state table and return a functional reference to an initialised ENGINE
277whose RSA_METHOD should be used. If no ENGINE should (or can) be used, it
278will return NULL and the RSA key will operate with a NULL ENGINE handle by
279using the conventional RSA implementation in OpenSSL (and will from then on
280behave the way it used to before the ENGINE API existed - for details see
281L<RSA_new_method(3)|RSA_new_method(3)>).
282
283Each state table has a flag to note whether it has processed this
284"get_default" query since the table was last modified, because to process
285this question it must iterate across all the registered ENGINEs in the
286table trying to initialise each of them in turn, in case one of them is
287operational. If it returns a functional reference to an ENGINE, it will
288also cache another reference to speed up processing future queries (without
289needing to iterate across the table). Likewise, it will cache a NULL
290response if no ENGINE was available so that future queries won't repeat the
291same iteration unless the state table changes. This behaviour can also be
292changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
293ENGINE_set_table_flags()), no attempted initialisations will take place,
294instead the only way for the state table to return a non-NULL ENGINE to the
295"get_default" query will be if one is expressly set in the table. Eg.
296ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
297that it also sets the state table's cached response for the "get_default"
298query.
299
300In the case of abstractions like EVP_CIPHER, where implementations are
301indexed by 'nid', these flags and cached-responses are distinct for each
302'nid' value.
303
304It is worth illustrating the difference between "registration" of ENGINEs
305into these per-algorithm state tables and using the alternative
306"set_default" functions. The latter handles both "registration" and also
307setting the cached "default" ENGINE in each relevant state table - so
308registered ENGINEs will only have a chance to be initialised for use as a
309default if a default ENGINE wasn't already set for the same state table.
310Eg. if ENGINE X supports cipher nids {A,B} and RSA, ENGINE Y supports
311ciphers {A} and DSA, and the following code is executed;
312
313 ENGINE_register_complete(X);
314 ENGINE_set_default(Y, ENGINE_METHOD_ALL);
315 e1 = ENGINE_get_default_RSA();
316 e2 = ENGINE_get_cipher_engine(A);
317 e3 = ENGINE_get_cipher_engine(B);
318 e4 = ENGINE_get_default_DSA();
319 e5 = ENGINE_get_cipher_engine(C);
320
321The results would be as follows;
322
323 assert(e1 == X);
324 assert(e2 == Y);
325 assert(e3 == X);
326 assert(e4 == Y);
327 assert(e5 == NULL);
328
329=head2 Application requirements
330
331This section will explain the basic things an application programmer should
332support to make the most useful elements of the ENGINE functionality
333available to the user. The first thing to consider is whether the
334programmer wishes to make alternative ENGINE modules available to the
335application and user. OpenSSL maintains an internal linked list of
336"visible" ENGINEs from which it has to operate - at start-up, this list is
337empty and in fact if an application does not call any ENGINE API calls and
338it uses static linking against openssl, then the resulting application
339binary will not contain any alternative ENGINE code at all. So the first
340consideration is whether any/all available ENGINE implementations should be
341made visible to OpenSSL - this is controlled by calling the various "load"
342functions, eg.
343
344 /* Make the "dynamic" ENGINE available */
345 void ENGINE_load_dynamic(void);
346 /* Make the CryptoSwift hardware acceleration support available */
347 void ENGINE_load_cswift(void);
348 /* Make support for nCipher's "CHIL" hardware available */
349 void ENGINE_load_chil(void);
350 ...
351 /* Make ALL ENGINE implementations bundled with OpenSSL available */
352 void ENGINE_load_builtin_engines(void);
353
354Having called any of these functions, ENGINE objects would have been
355dynamically allocated and populated with these implementations and linked
356into OpenSSL's internal linked list. At this point it is important to
357mention an important API function;
358
359 void ENGINE_cleanup(void);
360
361If no ENGINE API functions are called at all in an application, then there
362are no inherent memory leaks to worry about from the ENGINE functionality,
363however if any ENGINEs are "load"ed, even if they are never registered or
364used, it is necessary to use the ENGINE_cleanup() function to
365correspondingly cleanup before program exit, if the caller wishes to avoid
366memory leaks. This mechanism uses an internal callback registration table
367so that any ENGINE API functionality that knows it requires cleanup can
368register its cleanup details to be called during ENGINE_cleanup(). This
369approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
370at all that your program uses, yet doesn't automatically create linker
371dependencies to all possible ENGINE functionality - only the cleanup
372callbacks required by the functionality you do use will be required by the
373linker.
374
375The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
376the program and loaded into memory at run-time) does not mean they are
377"registered" or called into use by OpenSSL automatically - that behaviour
378is something for the application to have control over. Some applications
379will want to allow the user to specify exactly which ENGINE they want used
380if any is to be used at all. Others may prefer to load all support and have
381OpenSSL automatically use at run-time any ENGINE that is able to
382successfully initialise - ie. to assume that this corresponds to
383acceleration hardware attached to the machine or some such thing. There are
384probably numerous other ways in which applications may prefer to handle
385things, so we will simply illustrate the consequences as they apply to a
386couple of simple cases and leave developers to consider these and the
387source code to openssl's builtin utilities as guides.
388
389=head3 Using a specific ENGINE implementation
390
391Here we'll assume an application has been configured by its user or admin
392to want to use the "ACME" ENGINE if it is available in the version of
393OpenSSL the application was compiled with. If it is available, it should be
394used by default for all RSA, DSA, and symmetric cipher operation, otherwise
395OpenSSL should use its builtin software as per usual. The following code
396illustrates how to approach this;
397
398 ENGINE *e;
399 const char *engine_id = "ACME";
400 ENGINE_load_builtin_engines();
401 e = ENGINE_by_id(engine_id);
402 if(!e)
403 /* the engine isn't available */
404 return;
405 if(!ENGINE_init(e)) {
406 /* the engine couldn't initialise, release 'e' */
407 ENGINE_free(e);
408 return;
409 }
410 if(!ENGINE_set_default_RSA(e))
411 /* This should only happen when 'e' can't initialise, but the previous
412 * statement suggests it did. */
413 abort();
414 ENGINE_set_default_DSA(e);
415 ENGINE_set_default_ciphers(e);
416 /* Release the functional reference from ENGINE_init() */
417 ENGINE_finish(e);
418 /* Release the structural reference from ENGINE_by_id() */
419 ENGINE_free(e);
420
421=head3 Automatically using builtin ENGINE implementations
422
423Here we'll assume we want to load and register all ENGINE implementations
424bundled with OpenSSL, such that for any cryptographic algorithm required by
425OpenSSL - if there is an ENGINE that implements it and can be initialise,
426it should be used. The following code illustrates how this can work;
427
428 /* Load all bundled ENGINEs into memory and make them visible */
429 ENGINE_load_builtin_engines();
430 /* Register all of them for every algorithm they collectively implement */
431 ENGINE_register_all_complete();
432
433That's all that's required. Eg. the next time OpenSSL tries to set up an
434RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
435ENGINE_init() and if any of those succeed, that ENGINE will be set as the
436default for use with RSA from then on.
437
438=head2 Advanced configuration support
439
440There is a mechanism supported by the ENGINE framework that allows each
441ENGINE implementation to define an arbitrary set of configuration
442"commands" and expose them to OpenSSL and any applications based on
443OpenSSL. This mechanism is entirely based on the use of name-value pairs
444and and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
445applications want to provide a transparent way for users to provide
446arbitrary configuration "directives" directly to such ENGINEs. It is also
447possible for the application to dynamically interrogate the loaded ENGINE
448implementations for the names, descriptions, and input flags of their
449available "control commands", providing a more flexible configuration
450scheme. However, if the user is expected to know which ENGINE device he/she
451is using (in the case of specialised hardware, this goes without saying)
452then applications may not need to concern themselves with discovering the
453supported control commands and simply prefer to allow settings to passed
454into ENGINEs exactly as they are provided by the user.
455
456Before illustrating how control commands work, it is worth mentioning what
457they are typically used for. Broadly speaking there are two uses for
458control commands; the first is to provide the necessary details to the
459implementation (which may know nothing at all specific to the host system)
460so that it can be initialised for use. This could include the path to any
461driver or config files it needs to load, required network addresses,
462smart-card identifiers, passwords to initialise password-protected devices,
463logging information, etc etc. This class of commands typically needs to be
464passed to an ENGINE B<before> attempting to initialise it, ie. before
465calling ENGINE_init(). The other class of commands consist of settings or
466operations that tweak certain behaviour or cause certain operations to take
467place, and these commands may work either before or after ENGINE_init(), or
468in same cases both. ENGINE implementations should provide indications of
469this in the descriptions attached to builtin control commands and/or in
470external product documentation.
471
472=head3 Issuing control commands to an ENGINE
473
474Let's illustrate by example; a function for which the caller supplies the
475name of the ENGINE it wishes to use, a table of string-pairs for use before
476initialisation, and another table for use after initialisation. Note that
477the string-pairs used for control commands consist of a command "name"
478followed by the command "parameter" - the parameter could be NULL in some
479cases but the name can not. This function should initialise the ENGINE
480(issuing the "pre" commands beforehand and the "post" commands afterwards)
481and set it as the default for everything except RAND and then return a
482boolean success or failure.
483
484 int generic_load_engine_fn(const char *engine_id,
485 const char **pre_cmds, int pre_num,
486 const char **post_cmds, int post_num)
487 {
488 ENGINE *e = ENGINE_by_id(engine_id);
489 if(!e) return 0;
490 while(pre_num--) {
491 if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
492 fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
493 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
494 ENGINE_free(e);
495 return 0;
496 }
497 pre_cmds += 2;
498 }
499 if(!ENGINE_init(e)) {
500 fprintf(stderr, "Failed initialisation\n");
501 ENGINE_free(e);
502 return 0;
503 }
504 /* ENGINE_init() returned a functional reference, so free the structural
505 * reference from ENGINE_by_id(). */
506 ENGINE_free(e);
507 while(post_num--) {
508 if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
509 fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
510 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
511 ENGINE_finish(e);
512 return 0;
513 }
514 post_cmds += 2;
515 }
516 ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
517 /* Success */
518 return 1;
519 }
520
521Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
522relax the semantics of the function - if set non-zero it will only return
523failure if the ENGINE supported the given command name but failed while
524executing it, if the ENGINE doesn't support the command name it will simply
525return success without doing anything. In this case we assume the user is
526only supplying commands specific to the given ENGINE so we set this to
527FALSE.
528
529=head3 Discovering supported control commands
530
531It is possible to discover at run-time the names, numerical-ids, descriptions
532and input parameters of the control commands supported from a structural
533reference to any ENGINE. It is first important to note that some control
534commands are defined by OpenSSL itself and it will intercept and handle these
535control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not
536used for the control command. openssl/engine.h defines a symbol,
537ENGINE_CMD_BASE, that all control commands implemented by ENGINEs from. Any
538command value lower than this symbol is considered a "generic" command is
539handled directly by the OpenSSL core routines.
540
541It is using these "core" control commands that one can discover the the control
542commands implemented by a given ENGINE, specifically the commands;
543
544 #define ENGINE_HAS_CTRL_FUNCTION 10
545 #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
546 #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
547 #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
548 #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
549 #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
550 #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
551 #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
552 #define ENGINE_CTRL_GET_CMD_FLAGS 18
553
554Whilst these commands are automatically processed by the OpenSSL framework code,
555they use various properties exposed by each ENGINE by which to process these
556queries. An ENGINE has 3 properties it exposes that can affect this behaviour;
557it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
558the ENGINE's flags, and it can expose an array of control command descriptions.
559If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
560simply pass all these "core" control commands directly to the ENGINE's ctrl()
561handler (and thus, it must have supplied one), so it is up to the ENGINE to
562reply to these "discovery" commands itself. If that flag is not set, then the
563OpenSSL framework code will work with the following rules;
564
565 if no ctrl() handler supplied;
566 ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
567 all other commands fail.
568 if a ctrl() handler was supplied but no array of control commands;
569 ENGINE_HAS_CTRL_FUNCTION returns TRUE,
570 all other commands fail.
571 if a ctrl() handler and array of control commands was supplied;
572 ENGINE_HAS_CTRL_FUNCTION returns TRUE,
573 all other commands proceed processing ...
574
575If the ENGINE's array of control commands is empty then all other commands will
576fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
577the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
578identifier of a command supported by the ENGINE and returns the next command
579identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
580name for a command and returns the corresponding identifier or fails if no such
581command name exists, and the remaining commands take a command identifier and
582return properties of the corresponding commands. All except
583ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
584or populate a supplied character buffer with a copy of the command name or
585description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
586possible values;
587
588 #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
589 #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
590 #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
591 #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
592
593If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
594informational to the caller - this flag will prevent the command being usable
595for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
596"INTERNAL" commands are not intended to be exposed to text-based configuration
597by applications, administrations, users, etc. These can support arbitrary
598operations via ENGINE_ctrl(), including passing to and/or from the control
599commands data of any arbitrary type. These commands are supported in the
600discovery mechanisms simply to allow applications determinie if an ENGINE
601supports certain specific commands it might want to use (eg. application "foo"
602might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
603and ENGINE could therefore decide whether or not to support this "foo"-specific
604extension).
605
606=head2 Future developments
607
608The ENGINE API and internal architecture is currently being reviewed. Slated for
609possible release in 0.9.8 is support for transparent loading of "dynamic"
610ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
611implementations to be provided independantly of OpenSSL libraries and/or
612OpenSSL-based applications, and would also remove any requirement for
613applications to explicitly use the "dynamic" ENGINE to bind to shared-library
614implementations.
615
616=head1 SEE ALSO
617
618L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>,
619L<RSA_new_method(3)|RSA_new_method(3)>
620
621=cut
diff --git a/src/lib/libssl/src/test/dummytest.c b/src/lib/libssl/src/test/dummytest.c
index f98f003ef9..5b4467e042 100644
--- a/src/lib/libssl/src/test/dummytest.c
+++ b/src/lib/libssl/src/test/dummytest.c
@@ -8,7 +8,7 @@
8 8
9int main(int argc, char *argv[]) 9int main(int argc, char *argv[])
10 { 10 {
11 char *p, *q, *program; 11 char *p, *q = 0, *program;
12 12
13 p = strrchr(argv[0], '/'); 13 p = strrchr(argv[0], '/');
14 if (!p) p = strrchr(argv[0], '\\'); 14 if (!p) p = strrchr(argv[0], '\\');
@@ -34,7 +34,8 @@ int main(int argc, char *argv[])
34 } 34 }
35 35
36 for(p = program; *p; p++) 36 for(p = program; *p; p++)
37 if (islower(*p)) *p = toupper(*p); 37 if (islower((unsigned char)(*p)))
38 *p = toupper((unsigned char)(*p));
38 39
39 q = strstr(program, "TEST"); 40 q = strstr(program, "TEST");
40 if (q > p && q[-1] == '_') q--; 41 if (q > p && q[-1] == '_') q--;
diff --git a/src/lib/libssl/src/util/pod2mantest b/src/lib/libssl/src/util/pod2mantest
index e01c6192a7..412ca8d6d8 100644
--- a/src/lib/libssl/src/util/pod2mantest
+++ b/src/lib/libssl/src/util/pod2mantest
@@ -12,7 +12,8 @@
12 12
13IFS=: 13IFS=:
14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi 14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
15try_without_dir=false 15
16try_without_dir=true
16# First we try "pod2man", then "$dir/pod2man" for each item in $PATH. 17# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
17for dir in dummy${IFS}$PATH; do 18for dir in dummy${IFS}$PATH; do
18 if [ "$try_without_dir" = true ]; then 19 if [ "$try_without_dir" = true ]; then
@@ -30,9 +31,16 @@ for dir in dummy${IFS}$PATH; do
30 if [ ! "$pod2man" = '' ]; then 31 if [ ! "$pod2man" = '' ]; then
31 failure=none 32 failure=none
32 33
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
35 :
36 else
37 failure=BasicTest
38 fi
33 39
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then 40 if [ "$failure" = none ]; then
35 failure=MultilineTest 41 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
42 failure=MultilineTest
43 fi
36 fi 44 fi
37 45
38 46
@@ -46,9 +54,5 @@ for dir in dummy${IFS}$PATH; do
46done 54done
47 55
48echo "No working pod2man found. Consider installing a new version." >&2 56echo "No working pod2man found. Consider installing a new version." >&2
49if [ "$1" = ignore ]; then 57echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
50 echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 58echo "$1 ../../util/pod2man.pl"
51 echo "../../util/pod2man.pl"
52 exit 0
53fi
54exit 1
diff --git a/src/lib/libssl/test/dummytest.c b/src/lib/libssl/test/dummytest.c
index f98f003ef9..5b4467e042 100644
--- a/src/lib/libssl/test/dummytest.c
+++ b/src/lib/libssl/test/dummytest.c
@@ -8,7 +8,7 @@
8 8
9int main(int argc, char *argv[]) 9int main(int argc, char *argv[])
10 { 10 {
11 char *p, *q, *program; 11 char *p, *q = 0, *program;
12 12
13 p = strrchr(argv[0], '/'); 13 p = strrchr(argv[0], '/');
14 if (!p) p = strrchr(argv[0], '\\'); 14 if (!p) p = strrchr(argv[0], '\\');
@@ -34,7 +34,8 @@ int main(int argc, char *argv[])
34 } 34 }
35 35
36 for(p = program; *p; p++) 36 for(p = program; *p; p++)
37 if (islower(*p)) *p = toupper(*p); 37 if (islower((unsigned char)(*p)))
38 *p = toupper((unsigned char)(*p));
38 39
39 q = strstr(program, "TEST"); 40 q = strstr(program, "TEST");
40 if (q > p && q[-1] == '_') q--; 41 if (q > p && q[-1] == '_') q--;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 04:31:26 +0000