1 files changed, 174 insertions, 0 deletions
diff --git a/src/lib/libcrypto/engine/engine_openssl.c b/src/lib/libcrypto/engine/engine_openssl.c
new file mode 100644
index 0000000000..9636f51168
--- /dev/null
+++ b/src/lib/libcrypto/engine/engine_openssl.c
@@ -0,0 +1,174 @@
+/* crypto/engine/engine_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+/* This is the only function we need to implement as OpenSSL
+ * doesn't have a native CRT mod_exp. Perhaps this should be
+ * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+                const BIGNUM *iqmp, BN_CTX *ctx);
+/* The ENGINE structure that can be pointed to. */
+static ENGINE engine_openssl =
+        {
+        "openssl",
+        "Software default engine support",
+        NULL,
+        NULL,
+        NULL, /* these methods are "stolen" in ENGINE_openssl() */
+        NULL,
+        NULL,
+        openssl_mod_exp_crt,
+        NULL, /* no init() */
+        NULL, /* no finish() */
+        NULL, /* no ctrl() */
+        NULL, /* no load_privkey() */
+        NULL, /* no load_pubkey() */
+        0, /* no flags */
+        0, 0, /* no references. */
+        NULL, NULL /* unlinked */
+        };
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_openssl()
+        {
+        /* We need to populate our structure with the software pointers
+         * that we want to steal. */
+        engine_openssl.rsa_meth = RSA_get_default_openssl_method();
+        engine_openssl.dsa_meth = DSA_get_default_openssl_method();
+        engine_openssl.dh_meth = DH_get_default_openssl_method();
+        engine_openssl.rand_meth = RAND_SSLeay();
+        engine_openssl.bn_mod_exp = BN_mod_exp;
+        return &engine_openssl;
+        }
+/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dmp1,
+                        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+        {
+        BIGNUM r1,m1;
+        int ret=0;
+        BN_CTX *bn_ctx;
+        BIGNUM *temp_bn = NULL;
+        if (ctx)
+                bn_ctx = ctx;
+        else
+                if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
+        BN_init(&m1);
+        BN_init(&r1);
+        /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
+         * to duplicate what I need. <sigh> */
+        if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
+        if (!BN_copy(temp_bn, iqmp)) goto err;
+ 
+        if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
+        if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
+                goto err;
+ 
+        if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
+        if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
+                goto err;
+        if (!BN_sub(r, r, &m1)) goto err;
+        /* This will help stop the size of r0 increasing, which does
+         * affect the multiply if it optimised for a power of 2 size */
+        if (r->neg)
+                if (!BN_add(r, r, p)) goto err;
+ 
+        if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+        if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
+        /* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r is negative above to leave the result still
+         * negative. This can break the private key operations: the following
+         * second correction should *always* correct this rare occurrence.
+         * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+        if (r->neg)
+                if (!BN_add(r, r, p)) goto err;
+        /* Again, BN_mul() will need non-const values. */
+        if (!BN_copy(temp_bn, q)) goto err;
+        if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+        if (!BN_add(r, &r1, &m1)) goto err;
+ 
+        ret=1;
+err:
+        BN_clear_free(&m1);
+        BN_clear_free(&r1);
+        if (temp_bn)
+                bn_ctx->tos--;
+        if (!ctx)
+                BN_CTX_free(bn_ctx);
+        return(ret);
+        }

diff --git a/src/lib/libcrypto/engine/engine_openssl.c b/src/lib/libcrypto/engine/engine_openssl.c new file mode 100644 index 0000000000..9636f51168 --- /dev/null +++ b/src/lib/libcrypto/engine/engine_openssl.c
@@ -0,0 +1,174 @@
	1	/* crypto/engine/engine_openssl.c */
	2	/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
	3	* project 2000.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59
	60	#include <stdio.h>
	61	#include <openssl/crypto.h>
	62	#include "cryptlib.h"
	63	#include "engine_int.h"
	64	#include <openssl/engine.h>
	65	#include <openssl/dso.h>
	66	#include <openssl/rsa.h>
	67	#include <openssl/dsa.h>
	68	#include <openssl/dh.h>
	69	#include <openssl/rand.h>
	70	#include <openssl/bn.h>
	71
	72	/* This is the only function we need to implement as OpenSSL
	73	* doesn't have a native CRT mod_exp. Perhaps this should be
	74	* BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
	75	static int openssl_mod_exp_crt(BIGNUM r, BIGNUM a, const BIGNUM *p,
	76	const BIGNUM q, const BIGNUM dmp1, const BIGNUM *dmq1,
	77	const BIGNUM iqmp, BN_CTX ctx);
	78
	79	/* The ENGINE structure that can be pointed to. */
	80	static ENGINE engine_openssl =
	81	{
	82	"openssl",
	83	"Software default engine support",
	84	NULL,
	85	NULL,
	86	NULL, /* these methods are "stolen" in ENGINE_openssl() */
	87	NULL,
	88	NULL,
	89	openssl_mod_exp_crt,
	90	NULL, /* no init() */
	91	NULL, /* no finish() */
	92	NULL, /* no ctrl() */
	93	NULL, /* no load_privkey() */
	94	NULL, /* no load_pubkey() */
	95	0, /* no flags */
	96	0, 0, /* no references. */
	97	NULL, NULL /* unlinked */
	98	};
	99
	100	/* As this is only ever called once, there's no need for locking
	101	* (indeed - the lock will already be held by our caller!!!) */
	102	ENGINE *ENGINE_openssl()
	103	{
	104	/* We need to populate our structure with the software pointers
	105	* that we want to steal. */
	106	engine_openssl.rsa_meth = RSA_get_default_openssl_method();
	107	engine_openssl.dsa_meth = DSA_get_default_openssl_method();
	108	engine_openssl.dh_meth = DH_get_default_openssl_method();
	109	engine_openssl.rand_meth = RAND_SSLeay();
	110	engine_openssl.bn_mod_exp = BN_mod_exp;
	111	return &engine_openssl;
	112	}
	113
	114	/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
	115	static int openssl_mod_exp_crt(BIGNUM r, BIGNUM a, const BIGNUM *p,
	116	const BIGNUM q, const BIGNUM dmp1,
	117	const BIGNUM dmq1, const BIGNUM iqmp, BN_CTX *ctx)
	118	{
	119	BIGNUM r1,m1;
	120	int ret=0;
	121	BN_CTX *bn_ctx;
	122	BIGNUM *temp_bn = NULL;
	123
	124	if (ctx)
	125	bn_ctx = ctx;
	126	else
	127	if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
	128	BN_init(&m1);
	129	BN_init(&r1);
	130	/* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
	131	* to duplicate what I need. <sigh> */
	132	if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
	133	if (!BN_copy(temp_bn, iqmp)) goto err;
	134
	135	if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
	136	if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
	137	goto err;
	138
	139	if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
	140	if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
	141	goto err;
	142
	143	if (!BN_sub(r, r, &m1)) goto err;
	144	/* This will help stop the size of r0 increasing, which does
	145	* affect the multiply if it optimised for a power of 2 size */
	146	if (r->neg)
	147	if (!BN_add(r, r, p)) goto err;
	148
	149	if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
	150	if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
	151	/* If p < q it is occasionally possible for the correction of
	152	* adding 'p' if r is negative above to leave the result still
	153	* negative. This can break the private key operations: the following
	154	* second correction should always correct this rare occurrence.
	155	* This will never happen with OpenSSL generated keys because
	156	* they ensure p > q [steve]
	157	*/
	158	if (r->neg)
	159	if (!BN_add(r, r, p)) goto err;
	160	/* Again, BN_mul() will need non-const values. */
	161	if (!BN_copy(temp_bn, q)) goto err;
	162	if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
	163	if (!BN_add(r, &r1, &m1)) goto err;
	164
	165	ret=1;
	166	err:
	167	BN_clear_free(&m1);
	168	BN_clear_free(&r1);
	169	if (temp_bn)
	170	bn_ctx->tos--;
	171	if (!ctx)
	172	BN_CTX_free(bn_ctx);
	173	return(ret);
	174	}