summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/engine')
-rw-r--r--src/lib/libcrypto/engine/Makefile536
-rw-r--r--src/lib/libcrypto/engine/README211
-rw-r--r--src/lib/libcrypto/engine/eng_all.c113
-rw-r--r--src/lib/libcrypto/engine/eng_cnf.c242
-rw-r--r--src/lib/libcrypto/engine/eng_ctrl.c391
-rw-r--r--src/lib/libcrypto/engine/eng_dyn.c460
-rw-r--r--src/lib/libcrypto/engine/eng_err.c170
-rw-r--r--src/lib/libcrypto/engine/eng_fat.c147
-rw-r--r--src/lib/libcrypto/engine/eng_init.c157
-rw-r--r--src/lib/libcrypto/engine/eng_int.h185
-rw-r--r--src/lib/libcrypto/engine/eng_lib.c321
-rw-r--r--src/lib/libcrypto/engine/eng_list.c394
-rw-r--r--src/lib/libcrypto/engine/eng_openssl.c361
-rw-r--r--src/lib/libcrypto/engine/eng_pkey.c157
-rw-r--r--src/lib/libcrypto/engine/eng_table.c361
-rw-r--r--src/lib/libcrypto/engine/engine.h729
-rw-r--r--src/lib/libcrypto/engine/enginetest.c283
-rw-r--r--src/lib/libcrypto/engine/hw.ec8
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca.c969
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca_err.c149
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca_err.h93
-rw-r--r--src/lib/libcrypto/engine/hw_aep.c1120
-rw-r--r--src/lib/libcrypto/engine/hw_aep_err.c157
-rw-r--r--src/lib/libcrypto/engine/hw_aep_err.h101
-rw-r--r--src/lib/libcrypto/engine/hw_atalla.c595
-rw-r--r--src/lib/libcrypto/engine/hw_atalla_err.c145
-rw-r--r--src/lib/libcrypto/engine/hw_atalla_err.h89
-rw-r--r--src/lib/libcrypto/engine/hw_cryptodev.c1355
-rw-r--r--src/lib/libcrypto/engine/hw_cswift.c1109
-rw-r--r--src/lib/libcrypto/engine/hw_cswift_err.c149
-rw-r--r--src/lib/libcrypto/engine/hw_cswift_err.h93
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher.c1388
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher_err.c157
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher_err.h101
-rw-r--r--src/lib/libcrypto/engine/hw_nuron.c418
-rw-r--r--src/lib/libcrypto/engine/hw_nuron_err.c142
-rw-r--r--src/lib/libcrypto/engine/hw_nuron_err.h86
-rw-r--r--src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c594
-rw-r--r--src/lib/libcrypto/engine/hw_sureware.c1039
-rw-r--r--src/lib/libcrypto/engine/hw_sureware_err.c150
-rw-r--r--src/lib/libcrypto/engine/hw_sureware_err.h94
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec.c1061
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec_err.c151
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec_err.h95
-rw-r--r--src/lib/libcrypto/engine/tb_cipher.c145
-rw-r--r--src/lib/libcrypto/engine/tb_dh.c120
-rw-r--r--src/lib/libcrypto/engine/tb_digest.c145
-rw-r--r--src/lib/libcrypto/engine/tb_dsa.c120
-rw-r--r--src/lib/libcrypto/engine/tb_rand.c120
-rw-r--r--src/lib/libcrypto/engine/tb_rsa.c120
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/aep.h178
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/atalla.h48
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/cswift.h234
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h149
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h100
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h486
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/sureware.h239
57 files changed, 18436 insertions, 594 deletions
diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile
new file mode 100644
index 0000000000..38f83f1654
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile
@@ -0,0 +1,536 @@
1#
2# OpenSSL/crypto/engine/Makefile
3#
4
5DIR= engine
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKEDEPPROG= makedepend
14MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
15MAKEFILE= Makefile
16AR= ar r
17
18CFLAGS= $(INCLUDES) $(CFLAG)
19
20GENERAL=Makefile
21TEST= enginetest.c
22APPS=
23
24LIB=$(TOP)/libcrypto.a
25LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
26 eng_table.c eng_pkey.c eng_fat.c eng_all.c \
27 tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
28 eng_openssl.c eng_dyn.c eng_cnf.c \
29 hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
30 hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
31LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
32 eng_table.o eng_pkey.o eng_fat.o eng_all.o \
33 tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
34 eng_openssl.o eng_dyn.o eng_cnf.o \
35 hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
36 hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
37
38SRC= $(LIBSRC)
39
40EXHEADER= engine.h
41HEADER= $(EXHEADER)
42
43ALL= $(GENERAL) $(SRC) $(HEADER)
44
45top:
46 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
47
48all: lib
49
50lib: $(LIBOBJ)
51 $(AR) $(LIB) $(LIBOBJ)
52 $(RANLIB) $(LIB) || echo Never mind.
53 @touch lib
54
55files:
56 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
57
58links:
59 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
60 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
61 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
62
63install:
64 @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
65 do \
66 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
67 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
68 done;
69
70tags:
71 ctags $(SRC)
72
73errors:
74 $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
75 -nostatic -staticloader -write hw_*.c
76
77tests:
78
79lint:
80 lint -DLINT $(INCLUDES) $(SRC)>fluff
81
82depend:
83 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
84
85dclean:
86 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
87 mv -f Makefile.new $(MAKEFILE)
88
89clean:
90 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
91
92# DO NOT DELETE THIS LINE -- make depend depends on it.
93
94eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
95eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
96eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
97eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
98eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
99eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
100eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
101eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
102eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
103eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
104eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
105eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
106eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
107eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
108eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
109eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
110eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
111eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
112eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
113eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
114eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
115eng_cnf.o: ../cryptlib.h eng_cnf.c
116eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
117eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
118eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
119eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
120eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
121eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
122eng_ctrl.o: ../../include/openssl/opensslconf.h
123eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
124eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
125eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
126eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
127eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
128eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
129eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
130eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
131eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
132eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
133eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
134eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
135eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
136eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
137eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
138eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
139eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
140eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
141eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
142eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
143eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
144eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
145eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
146eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
147eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
148eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
149eng_err.o: ../../include/openssl/ui.h eng_err.c
150eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
151eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
152eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
153eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
154eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
155eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
156eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
157eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
158eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
159eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
160eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
161eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
162eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
163eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
164eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
165eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
166eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
167eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
168eng_init.o: ../../include/openssl/opensslconf.h
169eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
170eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
171eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
172eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
173eng_init.o: ../cryptlib.h eng_init.c eng_int.h
174eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
175eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
176eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
177eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
178eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
179eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
180eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
181eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
182eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
183eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
184eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
185eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
186eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
187eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
188eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
189eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
190eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
191eng_list.o: ../../include/openssl/opensslconf.h
192eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
193eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
194eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
195eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
196eng_list.o: ../cryptlib.h eng_int.h eng_list.c
197eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
198eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
199eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
200eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
201eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
202eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
203eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
204eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
205eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
206eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
207eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
208eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
209eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
210eng_openssl.o: ../../include/openssl/opensslconf.h
211eng_openssl.o: ../../include/openssl/opensslv.h
212eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
213eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
214eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
215eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
216eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
217eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
218eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
219eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
220eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
221eng_openssl.o: ../cryptlib.h eng_openssl.c
222eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
223eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
224eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
225eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
226eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
227eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
228eng_pkey.o: ../../include/openssl/opensslconf.h
229eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
230eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
231eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
232eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
233eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
234eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
235eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
236eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
237eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
238eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
239eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
240eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
241eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
242eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
243eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
244eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
245eng_table.o: ../../include/openssl/objects.h
246eng_table.o: ../../include/openssl/opensslconf.h
247eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
248eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
249eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
250eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
251eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
252eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
253eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
254eng_table.o: eng_int.h eng_table.c
255hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
256hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
257hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
258hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
259hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
260hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
261hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
262hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
263hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
264hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
265hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
266hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
267hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
268hw_4758_cca.o: ../../include/openssl/opensslconf.h
269hw_4758_cca.o: ../../include/openssl/opensslv.h
270hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
271hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
272hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
273hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
274hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
275hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
276hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
277hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
278hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
279hw_4758_cca.o: vendor_defns/hw_4758_cca.h
280hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
281hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
282hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
283hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
284hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
285hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
286hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
287hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
288hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
289hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
290hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
291hw_aep.o: vendor_defns/aep.h
292hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
293hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
294hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
295hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
296hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
297hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
298hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
299hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
300hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
301hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
302hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
303hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
304hw_atalla.o: vendor_defns/atalla.h
305hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
306hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
307hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
308hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
309hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
310hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
311hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h
312hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
313hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
314hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
315hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
316hw_cryptodev.o: ../../include/openssl/objects.h
317hw_cryptodev.o: ../../include/openssl/opensslconf.h
318hw_cryptodev.o: ../../include/openssl/opensslv.h
319hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
320hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
321hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
322hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
323hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
324hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
325hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c
326hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
327hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
328hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
329hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
330hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
331hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
332hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
333hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
334hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
335hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
336hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
337hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
338hw_cswift.o: vendor_defns/cswift.h
339hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
340hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
341hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
342hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
343hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
344hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
345hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
346hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
347hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
348hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
349hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
350hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
351hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
352hw_ncipher.o: ../../include/openssl/opensslconf.h
353hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
354hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
355hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
356hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
357hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
358hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
359hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
360hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
361hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
362hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
363hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
364hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
365hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
366hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
367hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
368hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
369hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
370hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
371hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
372hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
373hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
374hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
375hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
376hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
377hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
378hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
379hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
380hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
381hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
382hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
383hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
384hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
385hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
386hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
387hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
388hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
389hw_sureware.o: ../../include/openssl/opensslconf.h
390hw_sureware.o: ../../include/openssl/opensslv.h
391hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
392hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
393hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
394hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
395hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
396hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
397hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
398hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
399hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
400hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
401hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
402hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
403hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
404hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
405hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
406hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
407hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
408hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
409hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
410hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
411hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
412hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
413hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
414hw_ubsec.o: vendor_defns/hw_ubsec.h
415tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
416tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
417tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
418tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
419tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
420tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
421tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
422tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
423tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
424tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
425tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
426tb_cipher.o: ../../include/openssl/objects.h
427tb_cipher.o: ../../include/openssl/opensslconf.h
428tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
429tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
430tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
431tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
432tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
433tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
434tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
435tb_cipher.o: eng_int.h tb_cipher.c
436tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
437tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
438tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
439tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
440tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
441tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
442tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
443tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
444tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
445tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
446tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
447tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
448tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
449tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
450tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
451tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
452tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
453tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
454tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
455tb_dh.o: tb_dh.c
456tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
457tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
458tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
459tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
460tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
461tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
462tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
463tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
464tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
465tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
466tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
467tb_digest.o: ../../include/openssl/objects.h
468tb_digest.o: ../../include/openssl/opensslconf.h
469tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
470tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
471tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
472tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
473tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
474tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
475tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
476tb_digest.o: eng_int.h tb_digest.c
477tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
478tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
479tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
480tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
481tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
482tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
483tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
484tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
485tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
486tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
487tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
488tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
489tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
490tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
491tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
492tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
493tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
494tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
495tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
496tb_dsa.o: eng_int.h tb_dsa.c
497tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
498tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
499tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
500tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
501tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
502tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
503tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
504tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
505tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
506tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
507tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
508tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
509tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
510tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
511tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
512tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
513tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
514tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
515tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
516tb_rand.o: eng_int.h tb_rand.c
517tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
518tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
519tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
520tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
521tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
522tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
523tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
524tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
525tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
526tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
527tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
528tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
529tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
530tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
531tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
532tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
533tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
534tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
535tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
536tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README
new file mode 100644
index 0000000000..6b69b70f57
--- /dev/null
+++ b/src/lib/libcrypto/engine/README
@@ -0,0 +1,211 @@
1Notes: 2001-09-24
2-----------------
3
4This "description" (if one chooses to call it that) needed some major updating
5so here goes. This update addresses a change being made at the same time to
6OpenSSL, and it pretty much completely restructures the underlying mechanics of
7the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
8for masochists" document *and* a rather extensive commit log message. (I'd get
9lynched for sticking all this in CHANGES or the commit mails :-).
10
11ENGINE_TABLE underlies this restructuring, as described in the internal header
12"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
13tb_rsa.c, tb_dsa.c, etc.
14
15However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
16I'll mention a bit about that first. EVP_CIPHER (and most of this applies
17equally to EVP_MD for digests) is both a "method" and a algorithm/mode
18identifier that, in the current API, "lingers". These cipher description +
19implementation structures can be defined or obtained directly by applications,
20or can be loaded "en masse" into EVP storage so that they can be catalogued and
21searched in various ways, ie. two ways of encrypting with the "des_cbc"
22algorithm/mode pair are;
23
24(i) directly;
25 const EVP_CIPHER *cipher = EVP_des_cbc();
26 EVP_EncryptInit(&ctx, cipher, key, iv);
27 [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
28
29(ii) indirectly;
30 OpenSSL_add_all_ciphers();
31 cipher = EVP_get_cipherbyname("des_cbc");
32 EVP_EncryptInit(&ctx, cipher, key, iv);
33 [ ... etc ... ]
34
35The latter is more generally used because it also allows ciphers/digests to be
36looked up based on other identifiers which can be useful for automatic cipher
37selection, eg. in SSL/TLS, or by user-controllable configuration.
38
39The important point about this is that EVP_CIPHER definitions and structures are
40passed around with impunity and there is no safe way, without requiring massive
41rewrites of many applications, to assume that EVP_CIPHERs can be reference
42counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
43comes from can "safely" be destroyed. Unless of course the way of getting to
44such ciphers is via entirely distinct API calls that didn't exist before.
45However existing API usage cannot be made to understand when an EVP_CIPHER
46pointer, that has been passed to the caller, is no longer being used.
47
48The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
49into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
50ciphers simultaneously registers cipher *types* and cipher *implementations* -
51they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
52hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
53solution is necessarily that ENGINE-provided ciphers simply are not registered,
54stored, or exposed to the caller in the same manner as existing ciphers. This is
55especially necessary considering the fact ENGINE uses reference counts to allow
56for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
57callers in the current API, support no such controls.
58
59Another sticking point for integrating cipher support into ENGINE is linkage.
60Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
61they are available *because* they're part of a giant ENGINE called "openssl".
62Ie. all implementations *have* to come from an ENGINE, but we get round that by
63having a giant ENGINE with all the software support encapsulated. This creates
64linker hassles if nothing else - linking a 1-line application that calls 2 basic
65RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
66ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
67continue with this approach for EVP_CIPHER support (even if it *was* possible)
68we would lose our ability to link selectively by selectively loading certain
69implementations of certain functionality. Touching any part of any kind of
70crypto would result in massive static linkage of everything else. So the
71solution is to change the way ENGINE feeds existing "classes", ie. how the
72hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
73for EVP_CIPHER, and EVP_MD.
74
75The way this is now being done is by mostly reverting back to how things used to
76work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
77was previously replaced by an "ENGINE" pointer and all RSA code that required
78the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
79temporarily get and use the ENGINE's RSA implementation. Apart from being more
80efficient, switching back to each RSA having an RSA_METHOD pointer also allows
81us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
82for a fallback ENGINE that encapsulates default implementations - we can simply
83have our RSA structure pointing its RSA_METHOD pointer to the software
84implementation and have its ENGINE pointer set to NULL.
85
86A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
87turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
88and the existing EVP API functions that return "software" implementations and
89descriptions remain untouched. However, the storage takes more meaning in terms
90of "cipher description" and less meaning in terms of "implementation". When an
91EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
92begin en/decryption, the hooking to ENGINE comes into play. What happens is that
93cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
94reference) for any ENGINE that is registered to perform the algo/mode that the
95provided EVP_CIPHER structure represents. Under normal circumstances, that
96ENGINE code will return NULL because no ENGINEs will have had any cipher
97implementations *registered*. As such, a NULL ENGINE pointer is stored in the
98EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
99context and so is used as the implementation. Pretty much how things work now
100except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
101
102Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
103combination represented by the provided EVP_CIPHER, then a functional reference
104to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
105That functional reference will be stored in the context (and released on
106cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
107definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
108application will actually be replaced by an EVP_CIPHER from the registered
109ENGINE - it will support the same algorithm/mode as the original but will be a
110completely different implementation. Because this EVP_CIPHER isn't stored in the
111EVP storage, nor is it returned to applications from traditional API functions,
112there is no associated problem with it not having reference counts. And of
113course, when one of these "private" cipher implementations is hooked into
114EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
115reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
116safe.
117
118The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
119in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
120EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
121use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
122ENGINE_TABLE essentially provide linker-separation of the classes so that even
123if ENGINEs implement *all* possible algorithms, an application using only
124EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
125ENGINE code that is independant of class, and of course the ENGINE
126implementation that the application loaded. It will *not* however link any
127class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
128other APIs, such as the RSA/DSA/etc library code.
129
130ENGINE_TABLE is a little more complicated than may seem necessary but this is
131mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
132DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
133to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
134example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
135These nids provide the uniquenness of an algorithm/mode - and each nid will hash
136to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
137pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
138caching tricks such that requests on that 'nid' will be cached and all future
139requests will return immediately (well, at least with minimal operation) unless
140a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
141that an application could have support for 10 ENGINEs statically linked
142in, and the machine in question may not have any of the hardware those 10
143ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
144want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
145each of those 10 ENGINEs. Instead, the first such request will try to do that
146and will either return (and cache) a NULL ENGINE pointer or will return a
147functional reference to the first that successfully initialised. In the latter
148case it will also cache an extra functional reference to the ENGINE as a
149"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
150that is unset only if un/registration takes place on that pile. Ie. if
151implementations of "des_cbc" are added or removed. This behaviour can be
152tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
153ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
154try to initialise from the "pile" will be those that are already initialised
155(ie. it's simply an increment of the functional reference count, and no real
156"initialisation" will take place).
157
158RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
159difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
160actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
161not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
162necessarily interoperable and don't have different flavours, only different
163implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
164or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
165represents ENGINEs that implement the single "type" of RSA there is.
166
167Cleanup - the registration and unregistration may pose questions about how
168cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
169application or EVP_CIPHER code releases its last reference to an ENGINE, the
170ENGINE_PILE code may still have references and thus those ENGINEs will stay
171hooked in forever). The way this is handled is via "unregistration". With these
172new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
173is an algorithm-agnostic process. Even if initialised, it will not have
174registered any of its implementations (to do so would link all class "table"
175code despite the fact the application may use only ciphers, for example). This
176is deliberately a distinct step. Moreover, registration and unregistration has
177nothing to do with whether an ENGINE is *functional* or not (ie. you can even
178register an ENGINE and its implementations without it being operational, you may
179not even have the drivers to make it operate). What actually happens with
180respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
181functions. These functions are internal-only and each part of ENGINE code that
182could require cleanup will, upon performing its first allocation, register a
183callback with the "engine_cleanup" code. The other part of this that makes it
184tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
185initialised state. So if RSA code asks for an ENGINE and no ENGINE has
186registered an implementation, the code will simply return NULL and the tb_rsa.c
187state will be unchanged. Thus, no cleanup is required unless registration takes
188place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
189callbacks calling each in turn, and will then internally delete its own storage
190(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
191part of a gracefull restart and the application wants to cleanup all state then
192start again), the internal STACK storage will be freshly allocated. This is much
193the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
194initialised state, so only modification operations (not queries) will cause that
195code to have to register a cleanup.
196
197What else? The bignum callbacks and associated ENGINE functions have been
198removed for two obvious reasons; (i) there was no way to generalise them to the
199mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
200method, and (ii) because of (i), there was no meaningful way for library or
201application code to automatically hook and use ENGINE supplied bignum functions
202anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
203exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
204one and now certainly doesn't make sense in any generalised way. Some of the
205RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
206changes have now, as a consequence, been reverted back. This is because the
207hooking of ENGINE is now automatic (and passive, it can interally use a NULL
208ENGINE pointer to simply ignore ENGINE from then on).
209
210Hell, that should be enough for now ... comments welcome: geoff@openssl.org
211
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
new file mode 100644
index 0000000000..0f6992a40d
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -0,0 +1,113 @@
1/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
2/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/err.h>
60#include <openssl/engine.h>
61#include "eng_int.h"
62
63void ENGINE_load_builtin_engines(void)
64 {
65 /* There's no longer any need for an "openssl" ENGINE unless, one day,
66 * it is the *only* way for standard builtin implementations to be be
67 * accessed (ie. it would be possible to statically link binaries with
68 * *no* builtin implementations). */
69#if 0
70 ENGINE_load_openssl();
71#endif
72 ENGINE_load_dynamic();
73#ifndef OPENSSL_NO_HW
74#ifndef OPENSSL_NO_HW_CSWIFT
75 ENGINE_load_cswift();
76#endif
77#ifndef OPENSSL_NO_HW_NCIPHER
78 ENGINE_load_chil();
79#endif
80#ifndef OPENSSL_NO_HW_ATALLA
81 ENGINE_load_atalla();
82#endif
83#ifndef OPENSSL_NO_HW_NURON
84 ENGINE_load_nuron();
85#endif
86#ifndef OPENSSL_NO_HW_UBSEC
87 ENGINE_load_ubsec();
88#endif
89#ifndef OPENSSL_NO_HW_AEP
90 ENGINE_load_aep();
91#endif
92#ifndef OPENSSL_NO_HW_SUREWARE
93 ENGINE_load_sureware();
94#endif
95#ifndef OPENSSL_NO_HW_4758_CCA
96 ENGINE_load_4758cca();
97#endif
98#if defined(__OpenBSD__) || defined(__FreeBSD__)
99 ENGINE_load_cryptodev();
100#endif
101#endif
102 }
103
104#if defined(__OpenBSD__) || defined(__FreeBSD__)
105void ENGINE_setup_bsd_cryptodev(void) {
106 static int bsd_cryptodev_default_loaded = 0;
107 if (!bsd_cryptodev_default_loaded) {
108 ENGINE_load_cryptodev();
109 ENGINE_register_all_complete();
110 }
111 bsd_cryptodev_default_loaded=1;
112}
113#endif
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
new file mode 100644
index 0000000000..4225760af1
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -0,0 +1,242 @@
1/* eng_cnf.c */
2/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/engine.h>
64
65/* #define ENGINE_CONF_DEBUG */
66
67/* ENGINE config module */
68
69static char *skip_dot(char *name)
70 {
71 char *p;
72 p = strchr(name, '.');
73 if (p)
74 return p + 1;
75 return name;
76 }
77
78static STACK_OF(ENGINE) *initialized_engines = NULL;
79
80static int int_engine_init(ENGINE *e)
81 {
82 if (!ENGINE_init(e))
83 return 0;
84 if (!initialized_engines)
85 initialized_engines = sk_ENGINE_new_null();
86 if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
87 {
88 ENGINE_finish(e);
89 return 0;
90 }
91 return 1;
92 }
93
94
95static int int_engine_configure(char *name, char *value, const CONF *cnf)
96 {
97 int i;
98 int ret = 0;
99 long do_init = -1;
100 STACK_OF(CONF_VALUE) *ecmds;
101 CONF_VALUE *ecmd;
102 char *ctrlname, *ctrlvalue;
103 ENGINE *e = NULL;
104 name = skip_dot(name);
105#ifdef ENGINE_CONF_DEBUG
106 fprintf(stderr, "Configuring engine %s\n", name);
107#endif
108 /* Value is a section containing ENGINE commands */
109 ecmds = NCONF_get_section(cnf, value);
110
111 if (!ecmds)
112 {
113 ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
114 return 0;
115 }
116
117 for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
118 {
119 ecmd = sk_CONF_VALUE_value(ecmds, i);
120 ctrlname = skip_dot(ecmd->name);
121 ctrlvalue = ecmd->value;
122#ifdef ENGINE_CONF_DEBUG
123 fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
124#endif
125
126 /* First handle some special pseudo ctrls */
127
128 /* Override engine name to use */
129 if (!strcmp(ctrlname, "engine_id"))
130 name = ctrlvalue;
131 /* Load a dynamic ENGINE */
132 else if (!strcmp(ctrlname, "dynamic_path"))
133 {
134 e = ENGINE_by_id("dynamic");
135 if (!e)
136 goto err;
137 if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
138 goto err;
139 if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
140 goto err;
141 if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
142 goto err;
143 }
144 /* ... add other pseudos here ... */
145 else
146 {
147 /* At this point we need an ENGINE structural reference
148 * if we don't already have one.
149 */
150 if (!e)
151 {
152 e = ENGINE_by_id(name);
153 if (!e)
154 return 0;
155 }
156 /* Allow "EMPTY" to mean no value: this allows a valid
157 * "value" to be passed to ctrls of type NO_INPUT
158 */
159 if (!strcmp(ctrlvalue, "EMPTY"))
160 ctrlvalue = NULL;
161 if (!strcmp(ctrlname, "init"))
162 {
163 if (!NCONF_get_number_e(cnf, value, "init", &do_init))
164 goto err;
165 if (do_init == 1)
166 {
167 if (!int_engine_init(e))
168 goto err;
169 }
170 else if (do_init != 0)
171 {
172 ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
173 goto err;
174 }
175 }
176 else if (!strcmp(ctrlname, "default_algorithms"))
177 {
178 if (!ENGINE_set_default_string(e, ctrlvalue))
179 goto err;
180 }
181 else if (!ENGINE_ctrl_cmd_string(e,
182 ctrlname, ctrlvalue, 0))
183 return 0;
184 }
185
186
187
188 }
189 if (e && (do_init == -1) && !int_engine_init(e))
190 goto err;
191 ret = 1;
192 err:
193 if (e)
194 ENGINE_free(e);
195 return ret;
196 }
197
198
199static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
200 {
201 STACK_OF(CONF_VALUE) *elist;
202 CONF_VALUE *cval;
203 int i;
204#ifdef ENGINE_CONF_DEBUG
205 fprintf(stderr, "Called engine module: name %s, value %s\n",
206 CONF_imodule_get_name(md), CONF_imodule_get_value(md));
207#endif
208 /* Value is a section containing ENGINEs to configure */
209 elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
210
211 if (!elist)
212 {
213 ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
214 return 0;
215 }
216
217 for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
218 {
219 cval = sk_CONF_VALUE_value(elist, i);
220 if (!int_engine_configure(cval->name, cval->value, cnf))
221 return 0;
222 }
223
224 return 1;
225 }
226
227static void int_engine_module_finish(CONF_IMODULE *md)
228 {
229 ENGINE *e;
230 while ((e = sk_ENGINE_pop(initialized_engines)))
231 ENGINE_finish(e);
232 sk_ENGINE_free(initialized_engines);
233 initialized_engines = NULL;
234 }
235
236
237void ENGINE_add_conf_module(void)
238 {
239 CONF_module_add("engines",
240 int_engine_module_init,
241 int_engine_module_finish);
242 }
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
new file mode 100644
index 0000000000..412c73fb0f
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -0,0 +1,391 @@
1/* crypto/engine/eng_ctrl.c */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/crypto.h>
57#include "cryptlib.h"
58#include "eng_int.h"
59#include <openssl/engine.h>
60
61/* When querying a ENGINE-specific control command's 'description', this string
62 * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
63static const char *int_no_description = "";
64
65/* These internal functions handle 'CMD'-related control commands when the
66 * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
67 * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
68
69static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
70 {
71 if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
72 return 1;
73 return 0;
74 }
75
76static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
77 {
78 int idx = 0;
79 while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
80 {
81 idx++;
82 defn++;
83 }
84 if(int_ctrl_cmd_is_null(defn))
85 /* The given name wasn't found */
86 return -1;
87 return idx;
88 }
89
90static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
91 {
92 int idx = 0;
93 /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
94 * our searches don't need to take any longer than necessary. */
95 while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
96 {
97 idx++;
98 defn++;
99 }
100 if(defn->cmd_num == num)
101 return idx;
102 /* The given cmd_num wasn't found */
103 return -1;
104 }
105
106static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
107 {
108 int idx;
109 char *s = (char *)p;
110 /* Take care of the easy one first (eg. it requires no searches) */
111 if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
112 {
113 if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
114 return 0;
115 return e->cmd_defns->cmd_num;
116 }
117 /* One or two commands require that "p" be a valid string buffer */
118 if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
119 (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
120 (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
121 {
122 if(s == NULL)
123 {
124 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
125 ERR_R_PASSED_NULL_PARAMETER);
126 return -1;
127 }
128 }
129 /* Now handle cmd_name -> cmd_num conversion */
130 if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
131 {
132 if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
133 e->cmd_defns, s)) < 0))
134 {
135 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
136 ENGINE_R_INVALID_CMD_NAME);
137 return -1;
138 }
139 return e->cmd_defns[idx].cmd_num;
140 }
141 /* For the rest of the commands, the 'long' argument must specify a
142 * valie command number - so we need to conduct a search. */
143 if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
144 (unsigned int)i)) < 0))
145 {
146 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
147 ENGINE_R_INVALID_CMD_NUMBER);
148 return -1;
149 }
150 /* Now the logic splits depending on command type */
151 switch(cmd)
152 {
153 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
154 idx++;
155 if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
156 /* end-of-list */
157 return 0;
158 else
159 return e->cmd_defns[idx].cmd_num;
160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
161 return strlen(e->cmd_defns[idx].cmd_name);
162 case ENGINE_CTRL_GET_NAME_FROM_CMD:
163 return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
164 "%s", e->cmd_defns[idx].cmd_name);
165 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
166 if(e->cmd_defns[idx].cmd_desc)
167 return strlen(e->cmd_defns[idx].cmd_desc);
168 return strlen(int_no_description);
169 case ENGINE_CTRL_GET_DESC_FROM_CMD:
170 if(e->cmd_defns[idx].cmd_desc)
171 return BIO_snprintf(s,
172 strlen(e->cmd_defns[idx].cmd_desc) + 1,
173 "%s", e->cmd_defns[idx].cmd_desc);
174 return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
175 int_no_description);
176 case ENGINE_CTRL_GET_CMD_FLAGS:
177 return e->cmd_defns[idx].cmd_flags;
178 }
179 /* Shouldn't really be here ... */
180 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
181 return -1;
182 }
183
184int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
185 {
186 int ctrl_exists, ref_exists;
187 if(e == NULL)
188 {
189 ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
190 return 0;
191 }
192 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
193 ref_exists = ((e->struct_ref > 0) ? 1 : 0);
194 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
195 ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
196 if(!ref_exists)
197 {
198 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
199 return 0;
200 }
201 /* Intercept any "root-level" commands before trying to hand them on to
202 * ctrl() handlers. */
203 switch(cmd)
204 {
205 case ENGINE_CTRL_HAS_CTRL_FUNCTION:
206 return ctrl_exists;
207 case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
208 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
209 case ENGINE_CTRL_GET_CMD_FROM_NAME:
210 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
211 case ENGINE_CTRL_GET_NAME_FROM_CMD:
212 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
213 case ENGINE_CTRL_GET_DESC_FROM_CMD:
214 case ENGINE_CTRL_GET_CMD_FLAGS:
215 if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
216 return int_ctrl_helper(e,cmd,i,p,f);
217 if(!ctrl_exists)
218 {
219 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
220 /* For these cmd-related functions, failure is indicated
221 * by a -1 return value (because 0 is used as a valid
222 * return in some places). */
223 return -1;
224 }
225 default:
226 break;
227 }
228 /* Anything else requires a ctrl() handler to exist. */
229 if(!ctrl_exists)
230 {
231 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
232 return 0;
233 }
234 return e->ctrl(e, cmd, i, p, f);
235 }
236
237int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
238 {
239 int flags;
240 if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
241 {
242 ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
243 ENGINE_R_INVALID_CMD_NUMBER);
244 return 0;
245 }
246 if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
247 !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
248 !(flags & ENGINE_CMD_FLAG_STRING))
249 return 0;
250 return 1;
251 }
252
253int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
254 long i, void *p, void (*f)(), int cmd_optional)
255 {
256 int num;
257
258 if((e == NULL) || (cmd_name == NULL))
259 {
260 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
261 ERR_R_PASSED_NULL_PARAMETER);
262 return 0;
263 }
264 if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
265 ENGINE_CTRL_GET_CMD_FROM_NAME,
266 0, (void *)cmd_name, NULL)) <= 0))
267 {
268 /* If the command didn't *have* to be supported, we fake
269 * success. This allows certain settings to be specified for
270 * multiple ENGINEs and only require a change of ENGINE id
271 * (without having to selectively apply settings). Eg. changing
272 * from a hardware device back to the regular software ENGINE
273 * without editing the config file, etc. */
274 if(cmd_optional)
275 {
276 ERR_clear_error();
277 return 1;
278 }
279 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
280 ENGINE_R_INVALID_CMD_NAME);
281 return 0;
282 }
283 /* Force the result of the control command to 0 or 1, for the reasons
284 * mentioned before. */
285 if (ENGINE_ctrl(e, num, i, p, f))
286 return 1;
287 return 0;
288 }
289
290int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
291 int cmd_optional)
292 {
293 int num, flags;
294 long l;
295 char *ptr;
296 if((e == NULL) || (cmd_name == NULL))
297 {
298 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
299 ERR_R_PASSED_NULL_PARAMETER);
300 return 0;
301 }
302 if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
303 ENGINE_CTRL_GET_CMD_FROM_NAME,
304 0, (void *)cmd_name, NULL)) <= 0))
305 {
306 /* If the command didn't *have* to be supported, we fake
307 * success. This allows certain settings to be specified for
308 * multiple ENGINEs and only require a change of ENGINE id
309 * (without having to selectively apply settings). Eg. changing
310 * from a hardware device back to the regular software ENGINE
311 * without editing the config file, etc. */
312 if(cmd_optional)
313 {
314 ERR_clear_error();
315 return 1;
316 }
317 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
318 ENGINE_R_INVALID_CMD_NAME);
319 return 0;
320 }
321 if(!ENGINE_cmd_is_executable(e, num))
322 {
323 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
324 ENGINE_R_CMD_NOT_EXECUTABLE);
325 return 0;
326 }
327 if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
328 {
329 /* Shouldn't happen, given that ENGINE_cmd_is_executable()
330 * returned success. */
331 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
332 ENGINE_R_INTERNAL_LIST_ERROR);
333 return 0;
334 }
335 /* If the command takes no input, there must be no input. And vice
336 * versa. */
337 if(flags & ENGINE_CMD_FLAG_NO_INPUT)
338 {
339 if(arg != NULL)
340 {
341 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
342 ENGINE_R_COMMAND_TAKES_NO_INPUT);
343 return 0;
344 }
345 /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
346 * rather than returning it as "return data". This is to ensure
347 * usage of these commands is consistent across applications and
348 * that certain applications don't understand it one way, and
349 * others another. */
350 if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
351 return 1;
352 return 0;
353 }
354 /* So, we require input */
355 if(arg == NULL)
356 {
357 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
358 ENGINE_R_COMMAND_TAKES_INPUT);
359 return 0;
360 }
361 /* If it takes string input, that's easy */
362 if(flags & ENGINE_CMD_FLAG_STRING)
363 {
364 /* Same explanation as above */
365 if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
366 return 1;
367 return 0;
368 }
369 /* If it doesn't take numeric either, then it is unsupported for use in
370 * a config-setting situation, which is what this function is for. This
371 * should never happen though, because ENGINE_cmd_is_executable() was
372 * used. */
373 if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
374 {
375 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
376 ENGINE_R_INTERNAL_LIST_ERROR);
377 return 0;
378 }
379 l = strtol(arg, &ptr, 10);
380 if((arg == ptr) || (*ptr != '\0'))
381 {
382 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
383 ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
384 return 0;
385 }
386 /* Force the result of the control command to 0 or 1, for the reasons
387 * mentioned before. */
388 if(ENGINE_ctrl(e, num, l, NULL, NULL))
389 return 1;
390 return 0;
391 }
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
new file mode 100644
index 0000000000..4139a16e76
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_dyn.c
@@ -0,0 +1,460 @@
1/* crypto/engine/eng_dyn.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include <openssl/crypto.h>
62#include "cryptlib.h"
63#include "eng_int.h"
64#include <openssl/engine.h>
65#include <openssl/dso.h>
66
67/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
68 * should implement the hook-up functions with the following prototypes. */
69
70/* Our ENGINE handlers */
71static int dynamic_init(ENGINE *e);
72static int dynamic_finish(ENGINE *e);
73static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
74/* Predeclare our context type */
75typedef struct st_dynamic_data_ctx dynamic_data_ctx;
76/* The implementation for the important control command */
77static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
78
79#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
80#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
81#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2)
82#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
83#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 4)
84
85/* The constants used when creating the ENGINE */
86static const char *engine_dynamic_id = "dynamic";
87static const char *engine_dynamic_name = "Dynamic engine loading support";
88static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
89 {DYNAMIC_CMD_SO_PATH,
90 "SO_PATH",
91 "Specifies the path to the new ENGINE shared library",
92 ENGINE_CMD_FLAG_STRING},
93 {DYNAMIC_CMD_NO_VCHECK,
94 "NO_VCHECK",
95 "Specifies to continue even if version checking fails (boolean)",
96 ENGINE_CMD_FLAG_NUMERIC},
97 {DYNAMIC_CMD_ID,
98 "ID",
99 "Specifies an ENGINE id name for loading",
100 ENGINE_CMD_FLAG_STRING},
101 {DYNAMIC_CMD_LIST_ADD,
102 "LIST_ADD",
103 "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
104 ENGINE_CMD_FLAG_NUMERIC},
105 {DYNAMIC_CMD_LOAD,
106 "LOAD",
107 "Load up the ENGINE specified by other settings",
108 ENGINE_CMD_FLAG_NO_INPUT},
109 {0, NULL, NULL, 0}
110 };
111static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
112 {0, NULL, NULL, 0}
113 };
114
115/* Loading code stores state inside the ENGINE structure via the "ex_data"
116 * element. We load all our state into a single structure and use that as a
117 * single context in the "ex_data" stack. */
118struct st_dynamic_data_ctx
119 {
120 /* The DSO object we load that supplies the ENGINE code */
121 DSO *dynamic_dso;
122 /* The function pointer to the version checking shared library function */
123 dynamic_v_check_fn v_check;
124 /* The function pointer to the engine-binding shared library function */
125 dynamic_bind_engine bind_engine;
126 /* The default name/path for loading the shared library */
127 const char *DYNAMIC_LIBNAME;
128 /* Whether to continue loading on a version check failure */
129 int no_vcheck;
130 /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
131 const char *engine_id;
132 /* If non-zero, a successfully loaded ENGINE should be added to the internal
133 * ENGINE list. If 2, the add must succeed or the entire load should fail. */
134 int list_add_value;
135 /* The symbol name for the version checking function */
136 const char *DYNAMIC_F1;
137 /* The symbol name for the "initialise ENGINE structure" function */
138 const char *DYNAMIC_F2;
139 };
140
141/* This is the "ex_data" index we obtain and reserve for use with our context
142 * structure. */
143static int dynamic_ex_data_idx = -1;
144
145/* Because our ex_data element may or may not get allocated depending on whether
146 * a "first-use" occurs before the ENGINE is freed, we have a memory leak
147 * problem to solve. We can't declare a "new" handler for the ex_data as we
148 * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
149 * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
150 * handler and that will get called if an ENGINE is being destroyed and there
151 * was an ex_data element corresponding to our context type. */
152static void dynamic_data_ctx_free_func(void *parent, void *ptr,
153 CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
154 {
155 if(ptr)
156 {
157 dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
158 if(ctx->dynamic_dso)
159 DSO_free(ctx->dynamic_dso);
160 if(ctx->DYNAMIC_LIBNAME)
161 OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
162 if(ctx->engine_id)
163 OPENSSL_free((void*)ctx->engine_id);
164 OPENSSL_free(ctx);
165 }
166 }
167
168/* Construct the per-ENGINE context. We create it blindly and then use a lock to
169 * check for a race - if so, all but one of the threads "racing" will have
170 * wasted their time. The alternative involves creating everything inside the
171 * lock which is far worse. */
172static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
173 {
174 dynamic_data_ctx *c;
175 c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
176 if(!c)
177 {
178 ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
179 return 0;
180 }
181 memset(c, 0, sizeof(dynamic_data_ctx));
182 c->dynamic_dso = NULL;
183 c->v_check = NULL;
184 c->bind_engine = NULL;
185 c->DYNAMIC_LIBNAME = NULL;
186 c->no_vcheck = 0;
187 c->engine_id = NULL;
188 c->list_add_value = 0;
189 c->DYNAMIC_F1 = "v_check";
190 c->DYNAMIC_F2 = "bind_engine";
191 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
192 if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
193 dynamic_ex_data_idx)) == NULL)
194 {
195 /* Good, we're the first */
196 ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
197 *ctx = c;
198 c = NULL;
199 }
200 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
201 /* If we lost the race to set the context, c is non-NULL and *ctx is the
202 * context of the thread that won. */
203 if(c)
204 OPENSSL_free(c);
205 return 1;
206 }
207
208/* This function retrieves the context structure from an ENGINE's "ex_data", or
209 * if it doesn't exist yet, sets it up. */
210static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
211 {
212 dynamic_data_ctx *ctx;
213 if(dynamic_ex_data_idx < 0)
214 {
215 /* Create and register the ENGINE ex_data, and associate our
216 * "free" function with it to ensure any allocated contexts get
217 * freed when an ENGINE goes underground. */
218 int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
219 dynamic_data_ctx_free_func);
220 if(new_idx == -1)
221 {
222 ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
223 return NULL;
224 }
225 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
226 /* Avoid a race by checking again inside this lock */
227 if(dynamic_ex_data_idx < 0)
228 {
229 /* Good, someone didn't beat us to it */
230 dynamic_ex_data_idx = new_idx;
231 new_idx = -1;
232 }
233 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
234 /* In theory we could "give back" the index here if
235 * (new_idx>-1), but it's not possible and wouldn't gain us much
236 * if it were. */
237 }
238 ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
239 /* Check if the context needs to be created */
240 if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
241 /* "set_data" will set errors if necessary */
242 return NULL;
243 return ctx;
244 }
245
246static ENGINE *engine_dynamic(void)
247 {
248 ENGINE *ret = ENGINE_new();
249 if(!ret)
250 return NULL;
251 if(!ENGINE_set_id(ret, engine_dynamic_id) ||
252 !ENGINE_set_name(ret, engine_dynamic_name) ||
253 !ENGINE_set_init_function(ret, dynamic_init) ||
254 !ENGINE_set_finish_function(ret, dynamic_finish) ||
255 !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
256 !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
257 !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
258 {
259 ENGINE_free(ret);
260 return NULL;
261 }
262 return ret;
263 }
264
265void ENGINE_load_dynamic(void)
266 {
267 ENGINE *toadd = engine_dynamic();
268 if(!toadd) return;
269 ENGINE_add(toadd);
270 /* If the "add" worked, it gets a structural reference. So either way,
271 * we release our just-created reference. */
272 ENGINE_free(toadd);
273 /* If the "add" didn't work, it was probably a conflict because it was
274 * already added (eg. someone calling ENGINE_load_blah then calling
275 * ENGINE_load_builtin_engines() perhaps). */
276 ERR_clear_error();
277 }
278
279static int dynamic_init(ENGINE *e)
280 {
281 /* We always return failure - the "dyanamic" engine itself can't be used
282 * for anything. */
283 return 0;
284 }
285
286static int dynamic_finish(ENGINE *e)
287 {
288 /* This should never be called on account of "dynamic_init" always
289 * failing. */
290 return 0;
291 }
292
293static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
294 {
295 dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
296 int initialised;
297
298 if(!ctx)
299 {
300 ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
301 return 0;
302 }
303 initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
304 /* All our control commands require the ENGINE to be uninitialised */
305 if(initialised)
306 {
307 ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
308 ENGINE_R_ALREADY_LOADED);
309 return 0;
310 }
311 switch(cmd)
312 {
313 case DYNAMIC_CMD_SO_PATH:
314 /* a NULL 'p' or a string of zero-length is the same thing */
315 if(p && (strlen((const char *)p) < 1))
316 p = NULL;
317 if(ctx->DYNAMIC_LIBNAME)
318 OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
319 if(p)
320 ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
321 else
322 ctx->DYNAMIC_LIBNAME = NULL;
323 return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
324 case DYNAMIC_CMD_NO_VCHECK:
325 ctx->no_vcheck = ((i == 0) ? 0 : 1);
326 return 1;
327 case DYNAMIC_CMD_ID:
328 /* a NULL 'p' or a string of zero-length is the same thing */
329 if(p && (strlen((const char *)p) < 1))
330 p = NULL;
331 if(ctx->engine_id)
332 OPENSSL_free((void*)ctx->engine_id);
333 if(p)
334 ctx->engine_id = BUF_strdup(p);
335 else
336 ctx->engine_id = NULL;
337 return (ctx->engine_id ? 1 : 0);
338 case DYNAMIC_CMD_LIST_ADD:
339 if((i < 0) || (i > 2))
340 {
341 ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
342 ENGINE_R_INVALID_ARGUMENT);
343 return 0;
344 }
345 ctx->list_add_value = (int)i;
346 return 1;
347 case DYNAMIC_CMD_LOAD:
348 return dynamic_load(e, ctx);
349 default:
350 break;
351 }
352 ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
353 return 0;
354 }
355
356static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
357 {
358 ENGINE cpy;
359 dynamic_fns fns;
360
361 if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL,
362 ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL))
363 {
364 ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
365 ENGINE_R_DSO_NOT_FOUND);
366 return 0;
367 }
368 /* We have to find a bind function otherwise it'll always end badly */
369 if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
370 ctx->dynamic_dso, ctx->DYNAMIC_F2)))
371 {
372 ctx->bind_engine = NULL;
373 DSO_free(ctx->dynamic_dso);
374 ctx->dynamic_dso = NULL;
375 ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
376 ENGINE_R_DSO_FAILURE);
377 return 0;
378 }
379 /* Do we perform version checking? */
380 if(!ctx->no_vcheck)
381 {
382 unsigned long vcheck_res = 0;
383 /* Now we try to find a version checking function and decide how
384 * to cope with failure if/when it fails. */
385 ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
386 ctx->dynamic_dso, ctx->DYNAMIC_F1);
387 if(ctx->v_check)
388 vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
389 /* We fail if the version checker veto'd the load *or* if it is
390 * deferring to us (by returning its version) and we think it is
391 * too old. */
392 if(vcheck_res < OSSL_DYNAMIC_OLDEST)
393 {
394 /* Fail */
395 ctx->bind_engine = NULL;
396 ctx->v_check = NULL;
397 DSO_free(ctx->dynamic_dso);
398 ctx->dynamic_dso = NULL;
399 ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
400 ENGINE_R_VERSION_INCOMPATIBILITY);
401 return 0;
402 }
403 }
404 /* First binary copy the ENGINE structure so that we can roll back if
405 * the hand-over fails */
406 memcpy(&cpy, e, sizeof(ENGINE));
407 /* Provide the ERR, "ex_data", memory, and locking callbacks so the
408 * loaded library uses our state rather than its own. FIXME: As noted in
409 * engine.h, much of this would be simplified if each area of code
410 * provided its own "summary" structure of all related callbacks. It
411 * would also increase opaqueness. */
412 fns.err_fns = ERR_get_implementation();
413 fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
414 CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
415 &fns.mem_fns.realloc_cb,
416 &fns.mem_fns.free_cb);
417 fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
418 fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
419 fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
420 fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
421 fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
422 /* Now that we've loaded the dynamic engine, make sure no "dynamic"
423 * ENGINE elements will show through. */
424 engine_set_all_null(e);
425
426 /* Try to bind the ENGINE onto our own ENGINE structure */
427 if(!ctx->bind_engine(e, ctx->engine_id, &fns))
428 {
429 ctx->bind_engine = NULL;
430 ctx->v_check = NULL;
431 DSO_free(ctx->dynamic_dso);
432 ctx->dynamic_dso = NULL;
433 ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
434 /* Copy the original ENGINE structure back */
435 memcpy(e, &cpy, sizeof(ENGINE));
436 return 0;
437 }
438 /* Do we try to add this ENGINE to the internal list too? */
439 if(ctx->list_add_value > 0)
440 {
441 if(!ENGINE_add(e))
442 {
443 /* Do we tolerate this or fail? */
444 if(ctx->list_add_value > 1)
445 {
446 /* Fail - NB: By this time, it's too late to
447 * rollback, and trying to do so allows the
448 * bind_engine() code to have created leaks. We
449 * just have to fail where we are, after the
450 * ENGINE has changed. */
451 ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
452 ENGINE_R_CONFLICTING_ENGINE_ID);
453 return 0;
454 }
455 /* Tolerate */
456 ERR_clear_error();
457 }
458 }
459 return 1;
460 }
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
new file mode 100644
index 0000000000..fdc0e7be0f
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -0,0 +1,170 @@
1/* crypto/engine/eng_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/engine.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
70
71static ERR_STRING_DATA ENGINE_str_functs[]=
72 {
73{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
74{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
75{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
76{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
77{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
78{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
79{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
80{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
81{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
82{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
83{ERR_FUNC(ENGINE_F_ENGINE_FREE), "ENGINE_free"},
84{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
85{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
86{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
87{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
88{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
89{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
90{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
91{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
92{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
93{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
94{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
95{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
96{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
97{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
98{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
99{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
100{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
101{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
102{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
103{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
104{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
105{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
106{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
107{ERR_FUNC(ENGINE_F_SET_DATA_CTX), "SET_DATA_CTX"},
108{0,NULL}
109 };
110
111static ERR_STRING_DATA ENGINE_str_reasons[]=
112 {
113{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
114{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
115{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
116{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
117{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
118{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
119{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
120{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
121{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
122{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
123{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
124{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
125{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
126{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
127{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
128{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
129{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"},
130{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"},
131{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
132{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"},
133{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
134{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"},
135{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"},
136{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
137{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
138{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
139{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
140{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
141{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
142{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"},
143{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"},
144{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"},
145{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
146{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
147{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
148{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
149{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
150{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
151{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
152{0,NULL}
153 };
154
155#endif
156
157void ERR_load_ENGINE_strings(void)
158 {
159 static int init=1;
160
161 if (init)
162 {
163 init=0;
164#ifndef OPENSSL_NO_ERR
165 ERR_load_strings(0,ENGINE_str_functs);
166 ERR_load_strings(0,ENGINE_str_reasons);
167#endif
168
169 }
170 }
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
new file mode 100644
index 0000000000..7ccf7022ee
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -0,0 +1,147 @@
1/* crypto/engine/eng_fat.c */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/crypto.h>
57#include "cryptlib.h"
58#include "eng_int.h"
59#include <openssl/engine.h>
60#include <openssl/conf.h>
61
62int ENGINE_set_default(ENGINE *e, unsigned int flags)
63 {
64 if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
65 return 0;
66 if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
67 return 0;
68#ifndef OPENSSL_NO_RSA
69 if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
70 return 0;
71#endif
72#ifndef OPENSSL_NO_DSA
73 if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
74 return 0;
75#endif
76#ifndef OPENSSL_NO_DH
77 if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
78 return 0;
79#endif
80 if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
81 return 0;
82 return 1;
83 }
84
85/* Set default algorithms using a string */
86
87static int int_def_cb(const char *alg, int len, void *arg)
88 {
89 unsigned int *pflags = arg;
90 if (!strncmp(alg, "ALL", len))
91 *pflags |= ENGINE_METHOD_ALL;
92 else if (!strncmp(alg, "RSA", len))
93 *pflags |= ENGINE_METHOD_RSA;
94 else if (!strncmp(alg, "DSA", len))
95 *pflags |= ENGINE_METHOD_DSA;
96 else if (!strncmp(alg, "DH", len))
97 *pflags |= ENGINE_METHOD_DH;
98 else if (!strncmp(alg, "RAND", len))
99 *pflags |= ENGINE_METHOD_RAND;
100 else if (!strncmp(alg, "CIPHERS", len))
101 *pflags |= ENGINE_METHOD_CIPHERS;
102 else if (!strncmp(alg, "DIGESTS", len))
103 *pflags |= ENGINE_METHOD_DIGESTS;
104 else
105 return 0;
106 return 1;
107 }
108
109
110int ENGINE_set_default_string(ENGINE *e, const char *def_list)
111 {
112 unsigned int flags = 0;
113 if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
114 {
115 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
116 ENGINE_R_INVALID_STRING);
117 ERR_add_error_data(2, "str=",def_list);
118 return 0;
119 }
120 return ENGINE_set_default(e, flags);
121 }
122
123int ENGINE_register_complete(ENGINE *e)
124 {
125 ENGINE_register_ciphers(e);
126 ENGINE_register_digests(e);
127#ifndef OPENSSL_NO_RSA
128 ENGINE_register_RSA(e);
129#endif
130#ifndef OPENSSL_NO_DSA
131 ENGINE_register_DSA(e);
132#endif
133#ifndef OPENSSL_NO_DH
134 ENGINE_register_DH(e);
135#endif
136 ENGINE_register_RAND(e);
137 return 1;
138 }
139
140int ENGINE_register_all_complete(void)
141 {
142 ENGINE *e;
143
144 for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
145 ENGINE_register_complete(e);
146 return 1;
147 }
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
new file mode 100644
index 0000000000..170c1791b3
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_init.c
@@ -0,0 +1,157 @@
1/* crypto/engine/eng_init.c */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/crypto.h>
57#include "cryptlib.h"
58#include "eng_int.h"
59#include <openssl/engine.h>
60
61/* Initialise a engine type for use (or up its functional reference count
62 * if it's already in use). This version is only used internally. */
63int engine_unlocked_init(ENGINE *e)
64 {
65 int to_return = 1;
66
67 if((e->funct_ref == 0) && e->init)
68 /* This is the first functional reference and the engine
69 * requires initialisation so we do it now. */
70 to_return = e->init(e);
71 if(to_return)
72 {
73 /* OK, we return a functional reference which is also a
74 * structural reference. */
75 e->struct_ref++;
76 e->funct_ref++;
77 engine_ref_debug(e, 0, 1)
78 engine_ref_debug(e, 1, 1)
79 }
80 return to_return;
81 }
82
83/* Free a functional reference to a engine type. This version is only used
84 * internally. */
85int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
86 {
87 int to_return = 1;
88
89 /* Reduce the functional reference count here so if it's the terminating
90 * case, we can release the lock safely and call the finish() handler
91 * without risk of a race. We get a race if we leave the count until
92 * after and something else is calling "finish" at the same time -
93 * there's a chance that both threads will together take the count from
94 * 2 to 0 without either calling finish(). */
95 e->funct_ref--;
96 engine_ref_debug(e, 1, -1);
97 if((e->funct_ref == 0) && e->finish)
98 {
99 if(unlock_for_handlers)
100 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
101 to_return = e->finish(e);
102 if(unlock_for_handlers)
103 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
104 if(!to_return)
105 return 0;
106 }
107#ifdef REF_CHECK
108 if(e->funct_ref < 0)
109 {
110 fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
111 abort();
112 }
113#endif
114 /* Release the structural reference too */
115 if(!engine_free_util(e, 0))
116 {
117 ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
118 return 0;
119 }
120 return to_return;
121 }
122
123/* The API (locked) version of "init" */
124int ENGINE_init(ENGINE *e)
125 {
126 int ret;
127 if(e == NULL)
128 {
129 ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
130 return 0;
131 }
132 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
133 ret = engine_unlocked_init(e);
134 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
135 return ret;
136 }
137
138/* The API (locked) version of "finish" */
139int ENGINE_finish(ENGINE *e)
140 {
141 int to_return = 1;
142
143 if(e == NULL)
144 {
145 ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
146 return 0;
147 }
148 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
149 to_return = engine_unlocked_finish(e, 1);
150 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
151 if(!to_return)
152 {
153 ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
154 return 0;
155 }
156 return to_return;
157 }
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
new file mode 100644
index 0000000000..38335f99cd
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_int.h
@@ -0,0 +1,185 @@
1/* crypto/engine/eng_int.h */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_ENGINE_INT_H
60#define HEADER_ENGINE_INT_H
61
62/* Take public definitions from engine.h */
63#include <openssl/engine.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69/* If we compile with this symbol defined, then both reference counts in the
70 * ENGINE structure will be monitored with a line of output on stderr for each
71 * change. This prints the engine's pointer address (truncated to unsigned int),
72 * "struct" or "funct" to indicate the reference type, the before and after
73 * reference count, and the file:line-number pair. The "engine_ref_debug"
74 * statements must come *after* the change. */
75#ifdef ENGINE_REF_COUNT_DEBUG
76
77#define engine_ref_debug(e, isfunct, diff) \
78 fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
79 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
80 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
81 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
82 (__FILE__), (__LINE__));
83
84#else
85
86#define engine_ref_debug(e, isfunct, diff)
87
88#endif
89
90/* Any code that will need cleanup operations should use these functions to
91 * register callbacks. ENGINE_cleanup() will call all registered callbacks in
92 * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
93 * held (in "write" mode). */
94typedef void (ENGINE_CLEANUP_CB)(void);
95typedef struct st_engine_cleanup_item
96 {
97 ENGINE_CLEANUP_CB *cb;
98 } ENGINE_CLEANUP_ITEM;
99DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
100void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
101void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
102
103/* We need stacks of ENGINEs for use in eng_table.c */
104DECLARE_STACK_OF(ENGINE)
105
106/* If this symbol is defined then engine_table_select(), the function that is
107 * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
108 * functional references (etc), will display debugging summaries to stderr. */
109/* #define ENGINE_TABLE_DEBUG */
110
111/* This represents an implementation table. Dependent code should instantiate it
112 * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
113typedef struct st_engine_table ENGINE_TABLE;
114int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
115 ENGINE *e, const int *nids, int num_nids, int setdefault);
116void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
117void engine_table_cleanup(ENGINE_TABLE **table);
118#ifndef ENGINE_TABLE_DEBUG
119ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
120#else
121ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
122#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
123#endif
124
125/* Internal versions of API functions that have control over locking. These are
126 * used between C files when functionality needs to be shared but the caller may
127 * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
128int engine_unlocked_init(ENGINE *e);
129int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
130int engine_free_util(ENGINE *e, int locked);
131
132/* This function will reset all "set"able values in an ENGINE to NULL. This
133 * won't touch reference counts or ex_data, but is equivalent to calling all the
134 * ENGINE_set_***() functions with a NULL value. */
135void engine_set_all_null(ENGINE *e);
136
137/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
138 * in engine.h. */
139
140/* This is a structure for storing implementations of various crypto
141 * algorithms and functions. */
142struct engine_st
143 {
144 const char *id;
145 const char *name;
146 const RSA_METHOD *rsa_meth;
147 const DSA_METHOD *dsa_meth;
148 const DH_METHOD *dh_meth;
149 const RAND_METHOD *rand_meth;
150 /* Cipher handling is via this callback */
151 ENGINE_CIPHERS_PTR ciphers;
152 /* Digest handling is via this callback */
153 ENGINE_DIGESTS_PTR digests;
154
155
156 ENGINE_GEN_INT_FUNC_PTR destroy;
157
158 ENGINE_GEN_INT_FUNC_PTR init;
159 ENGINE_GEN_INT_FUNC_PTR finish;
160 ENGINE_CTRL_FUNC_PTR ctrl;
161 ENGINE_LOAD_KEY_PTR load_privkey;
162 ENGINE_LOAD_KEY_PTR load_pubkey;
163
164 const ENGINE_CMD_DEFN *cmd_defns;
165 int flags;
166 /* reference count on the structure itself */
167 int struct_ref;
168 /* reference count on usability of the engine type. NB: This
169 * controls the loading and initialisation of any functionlity
170 * required by this engine, whereas the previous count is
171 * simply to cope with (de)allocation of this structure. Hence,
172 * running_ref <= struct_ref at all times. */
173 int funct_ref;
174 /* A place to store per-ENGINE data */
175 CRYPTO_EX_DATA ex_data;
176 /* Used to maintain the linked-list of engines. */
177 struct engine_st *prev;
178 struct engine_st *next;
179 };
180
181#ifdef __cplusplus
182}
183#endif
184
185#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
new file mode 100644
index 0000000000..a66d0f08af
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_lib.c
@@ -0,0 +1,321 @@
1/* crypto/engine/eng_lib.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/crypto.h>
60#include "cryptlib.h"
61#include "eng_int.h"
62#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
63#include <openssl/engine.h>
64
65/* The "new"/"free" stuff first */
66
67ENGINE *ENGINE_new(void)
68 {
69 ENGINE *ret;
70
71 ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
72 if(ret == NULL)
73 {
74 ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
75 return NULL;
76 }
77 memset(ret, 0, sizeof(ENGINE));
78 ret->struct_ref = 1;
79 engine_ref_debug(ret, 0, 1)
80 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
81 return ret;
82 }
83
84/* Placed here (close proximity to ENGINE_new) so that modifications to the
85 * elements of the ENGINE structure are more likely to be caught and changed
86 * here. */
87void engine_set_all_null(ENGINE *e)
88 {
89 e->id = NULL;
90 e->name = NULL;
91 e->rsa_meth = NULL;
92 e->dsa_meth = NULL;
93 e->dh_meth = NULL;
94 e->rand_meth = NULL;
95 e->ciphers = NULL;
96 e->digests = NULL;
97 e->destroy = NULL;
98 e->init = NULL;
99 e->finish = NULL;
100 e->ctrl = NULL;
101 e->load_privkey = NULL;
102 e->load_pubkey = NULL;
103 e->cmd_defns = NULL;
104 e->flags = 0;
105 }
106
107int engine_free_util(ENGINE *e, int locked)
108 {
109 int i;
110
111 if(e == NULL)
112 {
113 ENGINEerr(ENGINE_F_ENGINE_FREE,
114 ERR_R_PASSED_NULL_PARAMETER);
115 return 0;
116 }
117 if(locked)
118 i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
119 else
120 i = --e->struct_ref;
121 engine_ref_debug(e, 0, -1)
122 if (i > 0) return 1;
123#ifdef REF_CHECK
124 if (i < 0)
125 {
126 fprintf(stderr,"ENGINE_free, bad structural reference count\n");
127 abort();
128 }
129#endif
130 /* Give the ENGINE a chance to do any structural cleanup corresponding
131 * to allocation it did in its constructor (eg. unload error strings) */
132 if(e->destroy)
133 e->destroy(e);
134 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
135 OPENSSL_free(e);
136 return 1;
137 }
138
139int ENGINE_free(ENGINE *e)
140 {
141 return engine_free_util(e, 1);
142 }
143
144/* Cleanup stuff */
145
146/* ENGINE_cleanup() is coded such that anything that does work that will need
147 * cleanup can register a "cleanup" callback here. That way we don't get linker
148 * bloat by referring to all *possible* cleanups, but any linker bloat into code
149 * "X" will cause X's cleanup function to end up here. */
150static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
151static int int_cleanup_check(int create)
152 {
153 if(cleanup_stack) return 1;
154 if(!create) return 0;
155 cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
156 return (cleanup_stack ? 1 : 0);
157 }
158static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
159 {
160 ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
161 ENGINE_CLEANUP_ITEM));
162 if(!item) return NULL;
163 item->cb = cb;
164 return item;
165 }
166void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
167 {
168 ENGINE_CLEANUP_ITEM *item;
169 if(!int_cleanup_check(1)) return;
170 item = int_cleanup_item(cb);
171 if(item)
172 sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
173 }
174void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
175 {
176 ENGINE_CLEANUP_ITEM *item;
177 if(!int_cleanup_check(1)) return;
178 item = int_cleanup_item(cb);
179 if(item)
180 sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
181 }
182/* The API function that performs all cleanup */
183static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
184 {
185 (*(item->cb))();
186 OPENSSL_free(item);
187 }
188void ENGINE_cleanup(void)
189 {
190 if(int_cleanup_check(0))
191 {
192 sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
193 engine_cleanup_cb_free);
194 cleanup_stack = NULL;
195 }
196 /* FIXME: This should be handled (somehow) through RAND, eg. by it
197 * registering a cleanup callback. */
198 RAND_set_rand_method(NULL);
199 }
200
201/* Now the "ex_data" support */
202
203int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
204 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
205 {
206 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
207 new_func, dup_func, free_func);
208 }
209
210int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
211 {
212 return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
213 }
214
215void *ENGINE_get_ex_data(const ENGINE *e, int idx)
216 {
217 return(CRYPTO_get_ex_data(&e->ex_data, idx));
218 }
219
220/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
221 * ENGINE structure itself. */
222
223int ENGINE_set_id(ENGINE *e, const char *id)
224 {
225 if(id == NULL)
226 {
227 ENGINEerr(ENGINE_F_ENGINE_SET_ID,
228 ERR_R_PASSED_NULL_PARAMETER);
229 return 0;
230 }
231 e->id = id;
232 return 1;
233 }
234
235int ENGINE_set_name(ENGINE *e, const char *name)
236 {
237 if(name == NULL)
238 {
239 ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
240 ERR_R_PASSED_NULL_PARAMETER);
241 return 0;
242 }
243 e->name = name;
244 return 1;
245 }
246
247int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
248 {
249 e->destroy = destroy_f;
250 return 1;
251 }
252
253int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
254 {
255 e->init = init_f;
256 return 1;
257 }
258
259int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
260 {
261 e->finish = finish_f;
262 return 1;
263 }
264
265int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
266 {
267 e->ctrl = ctrl_f;
268 return 1;
269 }
270
271int ENGINE_set_flags(ENGINE *e, int flags)
272 {
273 e->flags = flags;
274 return 1;
275 }
276
277int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
278 {
279 e->cmd_defns = defns;
280 return 1;
281 }
282
283const char *ENGINE_get_id(const ENGINE *e)
284 {
285 return e->id;
286 }
287
288const char *ENGINE_get_name(const ENGINE *e)
289 {
290 return e->name;
291 }
292
293ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
294 {
295 return e->destroy;
296 }
297
298ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
299 {
300 return e->init;
301 }
302
303ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
304 {
305 return e->finish;
306 }
307
308ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
309 {
310 return e->ctrl;
311 }
312
313int ENGINE_get_flags(const ENGINE *e)
314 {
315 return e->flags;
316 }
317
318const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
319 {
320 return e->cmd_defns;
321 }
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
new file mode 100644
index 0000000000..1cc3217f4c
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -0,0 +1,394 @@
1/* crypto/engine/eng_list.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/crypto.h>
60#include "cryptlib.h"
61#include "eng_int.h"
62#include <openssl/engine.h>
63
64/* The linked-list of pointers to engine types. engine_list_head
65 * incorporates an implicit structural reference but engine_list_tail
66 * does not - the latter is a computational niceity and only points
67 * to something that is already pointed to by its predecessor in the
68 * list (or engine_list_head itself). In the same way, the use of the
69 * "prev" pointer in each ENGINE is to save excessive list iteration,
70 * it doesn't correspond to an extra structural reference. Hence,
71 * engine_list_head, and each non-null "next" pointer account for
72 * the list itself assuming exactly 1 structural reference on each
73 * list member. */
74static ENGINE *engine_list_head = NULL;
75static ENGINE *engine_list_tail = NULL;
76
77/* This cleanup function is only needed internally. If it should be called, we
78 * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
79
80static void engine_list_cleanup(void)
81 {
82 ENGINE *iterator = engine_list_head;
83
84 while(iterator != NULL)
85 {
86 ENGINE_remove(iterator);
87 iterator = engine_list_head;
88 }
89 return;
90 }
91
92/* These static functions starting with a lower case "engine_" always
93 * take place when CRYPTO_LOCK_ENGINE has been locked up. */
94static int engine_list_add(ENGINE *e)
95 {
96 int conflict = 0;
97 ENGINE *iterator = NULL;
98
99 if(e == NULL)
100 {
101 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
102 ERR_R_PASSED_NULL_PARAMETER);
103 return 0;
104 }
105 iterator = engine_list_head;
106 while(iterator && !conflict)
107 {
108 conflict = (strcmp(iterator->id, e->id) == 0);
109 iterator = iterator->next;
110 }
111 if(conflict)
112 {
113 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
114 ENGINE_R_CONFLICTING_ENGINE_ID);
115 return 0;
116 }
117 if(engine_list_head == NULL)
118 {
119 /* We are adding to an empty list. */
120 if(engine_list_tail)
121 {
122 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
123 ENGINE_R_INTERNAL_LIST_ERROR);
124 return 0;
125 }
126 engine_list_head = e;
127 e->prev = NULL;
128 /* The first time the list allocates, we should register the
129 * cleanup. */
130 engine_cleanup_add_last(engine_list_cleanup);
131 }
132 else
133 {
134 /* We are adding to the tail of an existing list. */
135 if((engine_list_tail == NULL) ||
136 (engine_list_tail->next != NULL))
137 {
138 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
139 ENGINE_R_INTERNAL_LIST_ERROR);
140 return 0;
141 }
142 engine_list_tail->next = e;
143 e->prev = engine_list_tail;
144 }
145 /* Having the engine in the list assumes a structural
146 * reference. */
147 e->struct_ref++;
148 engine_ref_debug(e, 0, 1)
149 /* However it came to be, e is the last item in the list. */
150 engine_list_tail = e;
151 e->next = NULL;
152 return 1;
153 }
154
155static int engine_list_remove(ENGINE *e)
156 {
157 ENGINE *iterator;
158
159 if(e == NULL)
160 {
161 ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
162 ERR_R_PASSED_NULL_PARAMETER);
163 return 0;
164 }
165 /* We need to check that e is in our linked list! */
166 iterator = engine_list_head;
167 while(iterator && (iterator != e))
168 iterator = iterator->next;
169 if(iterator == NULL)
170 {
171 ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
172 ENGINE_R_ENGINE_IS_NOT_IN_LIST);
173 return 0;
174 }
175 /* un-link e from the chain. */
176 if(e->next)
177 e->next->prev = e->prev;
178 if(e->prev)
179 e->prev->next = e->next;
180 /* Correct our head/tail if necessary. */
181 if(engine_list_head == e)
182 engine_list_head = e->next;
183 if(engine_list_tail == e)
184 engine_list_tail = e->prev;
185 engine_free_util(e, 0);
186 return 1;
187 }
188
189/* Get the first/last "ENGINE" type available. */
190ENGINE *ENGINE_get_first(void)
191 {
192 ENGINE *ret;
193
194 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
195 ret = engine_list_head;
196 if(ret)
197 {
198 ret->struct_ref++;
199 engine_ref_debug(ret, 0, 1)
200 }
201 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
202 return ret;
203 }
204
205ENGINE *ENGINE_get_last(void)
206 {
207 ENGINE *ret;
208
209 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
210 ret = engine_list_tail;
211 if(ret)
212 {
213 ret->struct_ref++;
214 engine_ref_debug(ret, 0, 1)
215 }
216 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
217 return ret;
218 }
219
220/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
221ENGINE *ENGINE_get_next(ENGINE *e)
222 {
223 ENGINE *ret = NULL;
224 if(e == NULL)
225 {
226 ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
227 ERR_R_PASSED_NULL_PARAMETER);
228 return 0;
229 }
230 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
231 ret = e->next;
232 if(ret)
233 {
234 /* Return a valid structural refernce to the next ENGINE */
235 ret->struct_ref++;
236 engine_ref_debug(ret, 0, 1)
237 }
238 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
239 /* Release the structural reference to the previous ENGINE */
240 ENGINE_free(e);
241 return ret;
242 }
243
244ENGINE *ENGINE_get_prev(ENGINE *e)
245 {
246 ENGINE *ret = NULL;
247 if(e == NULL)
248 {
249 ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
250 ERR_R_PASSED_NULL_PARAMETER);
251 return 0;
252 }
253 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
254 ret = e->prev;
255 if(ret)
256 {
257 /* Return a valid structural reference to the next ENGINE */
258 ret->struct_ref++;
259 engine_ref_debug(ret, 0, 1)
260 }
261 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
262 /* Release the structural reference to the previous ENGINE */
263 ENGINE_free(e);
264 return ret;
265 }
266
267/* Add another "ENGINE" type into the list. */
268int ENGINE_add(ENGINE *e)
269 {
270 int to_return = 1;
271 if(e == NULL)
272 {
273 ENGINEerr(ENGINE_F_ENGINE_ADD,
274 ERR_R_PASSED_NULL_PARAMETER);
275 return 0;
276 }
277 if((e->id == NULL) || (e->name == NULL))
278 {
279 ENGINEerr(ENGINE_F_ENGINE_ADD,
280 ENGINE_R_ID_OR_NAME_MISSING);
281 }
282 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
283 if(!engine_list_add(e))
284 {
285 ENGINEerr(ENGINE_F_ENGINE_ADD,
286 ENGINE_R_INTERNAL_LIST_ERROR);
287 to_return = 0;
288 }
289 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
290 return to_return;
291 }
292
293/* Remove an existing "ENGINE" type from the array. */
294int ENGINE_remove(ENGINE *e)
295 {
296 int to_return = 1;
297 if(e == NULL)
298 {
299 ENGINEerr(ENGINE_F_ENGINE_REMOVE,
300 ERR_R_PASSED_NULL_PARAMETER);
301 return 0;
302 }
303 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
304 if(!engine_list_remove(e))
305 {
306 ENGINEerr(ENGINE_F_ENGINE_REMOVE,
307 ENGINE_R_INTERNAL_LIST_ERROR);
308 to_return = 0;
309 }
310 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
311 return to_return;
312 }
313
314static void engine_cpy(ENGINE *dest, const ENGINE *src)
315 {
316 dest->id = src->id;
317 dest->name = src->name;
318#ifndef OPENSSL_NO_RSA
319 dest->rsa_meth = src->rsa_meth;
320#endif
321#ifndef OPENSSL_NO_DSA
322 dest->dsa_meth = src->dsa_meth;
323#endif
324#ifndef OPENSSL_NO_DH
325 dest->dh_meth = src->dh_meth;
326#endif
327 dest->rand_meth = src->rand_meth;
328 dest->ciphers = src->ciphers;
329 dest->digests = src->digests;
330 dest->destroy = src->destroy;
331 dest->init = src->init;
332 dest->finish = src->finish;
333 dest->ctrl = src->ctrl;
334 dest->load_privkey = src->load_privkey;
335 dest->load_pubkey = src->load_pubkey;
336 dest->cmd_defns = src->cmd_defns;
337 dest->flags = src->flags;
338 }
339
340ENGINE *ENGINE_by_id(const char *id)
341 {
342 ENGINE *iterator;
343 if(id == NULL)
344 {
345 ENGINEerr(ENGINE_F_ENGINE_BY_ID,
346 ERR_R_PASSED_NULL_PARAMETER);
347 return NULL;
348 }
349 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
350 iterator = engine_list_head;
351 while(iterator && (strcmp(id, iterator->id) != 0))
352 iterator = iterator->next;
353 if(iterator)
354 {
355 /* We need to return a structural reference. If this is an
356 * ENGINE type that returns copies, make a duplicate - otherwise
357 * increment the existing ENGINE's reference count. */
358 if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
359 {
360 ENGINE *cp = ENGINE_new();
361 if(!cp)
362 iterator = NULL;
363 else
364 {
365 engine_cpy(cp, iterator);
366 iterator = cp;
367 }
368 }
369 else
370 {
371 iterator->struct_ref++;
372 engine_ref_debug(iterator, 0, 1)
373 }
374 }
375 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
376 if(iterator == NULL)
377 {
378 ENGINEerr(ENGINE_F_ENGINE_BY_ID,
379 ENGINE_R_NO_SUCH_ENGINE);
380 ERR_add_error_data(2, "id=", id);
381 }
382 return iterator;
383 }
384
385int ENGINE_up_ref(ENGINE *e)
386 {
387 if (e == NULL)
388 {
389 ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
390 return 0;
391 }
392 CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
393 return 1;
394 }
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
new file mode 100644
index 0000000000..54579eea2e
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_openssl.c
@@ -0,0 +1,361 @@
1/* crypto/engine/eng_openssl.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include <openssl/crypto.h>
62#include "cryptlib.h"
63#include <openssl/engine.h>
64#include <openssl/dso.h>
65#include <openssl/pem.h>
66#include <openssl/evp.h>
67
68/* This testing gunk is implemented (and explained) lower down. It also assumes
69 * the application explicitly calls "ENGINE_load_openssl()" because this is no
70 * longer automatic in ENGINE_load_builtin_engines(). */
71#define TEST_ENG_OPENSSL_RC4
72#define TEST_ENG_OPENSSL_PKEY
73/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
74#define TEST_ENG_OPENSSL_RC4_P_INIT
75/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
76#define TEST_ENG_OPENSSL_SHA
77/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
78/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
79/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
80/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
81
82/* Now check what of those algorithms are actually enabled */
83#ifdef OPENSSL_NO_RC4
84#undef TEST_ENG_OPENSSL_RC4
85#undef TEST_ENG_OPENSSL_RC4_OTHERS
86#undef TEST_ENG_OPENSSL_RC4_P_INIT
87#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
88#endif
89#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
90#undef TEST_ENG_OPENSSL_SHA
91#undef TEST_ENG_OPENSSL_SHA_OTHERS
92#undef TEST_ENG_OPENSSL_SHA_P_INIT
93#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
94#undef TEST_ENG_OPENSSL_SHA_P_FINAL
95#endif
96
97#ifdef TEST_ENG_OPENSSL_RC4
98static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
99 const int **nids, int nid);
100#endif
101#ifdef TEST_ENG_OPENSSL_SHA
102static int openssl_digests(ENGINE *e, const EVP_MD **digest,
103 const int **nids, int nid);
104#endif
105
106#ifdef TEST_ENG_OPENSSL_PKEY
107static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
108 UI_METHOD *ui_method, void *callback_data);
109#endif
110
111/* The constants used when creating the ENGINE */
112static const char *engine_openssl_id = "openssl";
113static const char *engine_openssl_name = "Software engine support";
114
115/* This internal function is used by ENGINE_openssl() and possibly by the
116 * "dynamic" ENGINE support too */
117static int bind_helper(ENGINE *e)
118 {
119 if(!ENGINE_set_id(e, engine_openssl_id)
120 || !ENGINE_set_name(e, engine_openssl_name)
121#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
122#ifndef OPENSSL_NO_RSA
123 || !ENGINE_set_RSA(e, RSA_get_default_method())
124#endif
125#ifndef OPENSSL_NO_DSA
126 || !ENGINE_set_DSA(e, DSA_get_default_method())
127#endif
128#ifndef OPENSSL_NO_DH
129 || !ENGINE_set_DH(e, DH_get_default_method())
130#endif
131 || !ENGINE_set_RAND(e, RAND_SSLeay())
132#ifdef TEST_ENG_OPENSSL_RC4
133 || !ENGINE_set_ciphers(e, openssl_ciphers)
134#endif
135#ifdef TEST_ENG_OPENSSL_SHA
136 || !ENGINE_set_digests(e, openssl_digests)
137#endif
138#endif
139#ifdef TEST_ENG_OPENSSL_PKEY
140 || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
141#endif
142 )
143 return 0;
144 /* If we add errors to this ENGINE, ensure the error handling is setup here */
145 /* openssl_load_error_strings(); */
146 return 1;
147 }
148
149static ENGINE *engine_openssl(void)
150 {
151 ENGINE *ret = ENGINE_new();
152 if(!ret)
153 return NULL;
154 if(!bind_helper(ret))
155 {
156 ENGINE_free(ret);
157 return NULL;
158 }
159 return ret;
160 }
161
162void ENGINE_load_openssl(void)
163 {
164 ENGINE *toadd = engine_openssl();
165 if(!toadd) return;
166 ENGINE_add(toadd);
167 /* If the "add" worked, it gets a structural reference. So either way,
168 * we release our just-created reference. */
169 ENGINE_free(toadd);
170 ERR_clear_error();
171 }
172
173/* This stuff is needed if this ENGINE is being compiled into a self-contained
174 * shared-library. */
175#ifdef ENGINE_DYNAMIC_SUPPORT
176static int bind_fn(ENGINE *e, const char *id)
177 {
178 if(id && (strcmp(id, engine_openssl_id) != 0))
179 return 0;
180 if(!bind_helper(e))
181 return 0;
182 return 1;
183 }
184IMPLEMENT_DYNAMIC_CHECK_FN()
185IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
186#endif /* ENGINE_DYNAMIC_SUPPORT */
187
188#ifdef TEST_ENG_OPENSSL_RC4
189/* This section of code compiles an "alternative implementation" of two modes of
190 * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
191 * should under normal circumstances go via this support rather than the default
192 * EVP support. There are other symbols to tweak the testing;
193 * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
194 * we're asked for a cipher we don't support (should not happen).
195 * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
196 * the "init_key" handler is called.
197 * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
198 */
199#include <openssl/rc4.h>
200#define TEST_RC4_KEY_SIZE 16
201static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
202static int test_cipher_nids_number = 2;
203typedef struct {
204 unsigned char key[TEST_RC4_KEY_SIZE];
205 RC4_KEY ks;
206 } TEST_RC4_KEY;
207#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
208static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
209 const unsigned char *iv, int enc)
210 {
211#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
212 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
213#endif
214 memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
215 RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
216 test(ctx)->key);
217 return 1;
218 }
219static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
220 const unsigned char *in, unsigned int inl)
221 {
222#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
223 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
224#endif
225 RC4(&test(ctx)->ks,inl,in,out);
226 return 1;
227 }
228static const EVP_CIPHER test_r4_cipher=
229 {
230 NID_rc4,
231 1,TEST_RC4_KEY_SIZE,0,
232 EVP_CIPH_VARIABLE_LENGTH,
233 test_rc4_init_key,
234 test_rc4_cipher,
235 NULL,
236 sizeof(TEST_RC4_KEY),
237 NULL,
238 NULL,
239 NULL
240 };
241static const EVP_CIPHER test_r4_40_cipher=
242 {
243 NID_rc4_40,
244 1,5 /* 40 bit */,0,
245 EVP_CIPH_VARIABLE_LENGTH,
246 test_rc4_init_key,
247 test_rc4_cipher,
248 NULL,
249 sizeof(TEST_RC4_KEY),
250 NULL,
251 NULL,
252 NULL
253 };
254static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
255 const int **nids, int nid)
256 {
257 if(!cipher)
258 {
259 /* We are returning a list of supported nids */
260 *nids = test_cipher_nids;
261 return test_cipher_nids_number;
262 }
263 /* We are being asked for a specific cipher */
264 if(nid == NID_rc4)
265 *cipher = &test_r4_cipher;
266 else if(nid == NID_rc4_40)
267 *cipher = &test_r4_40_cipher;
268 else
269 {
270#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
271 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
272 "nid %d\n", nid);
273#endif
274 *cipher = NULL;
275 return 0;
276 }
277 return 1;
278 }
279#endif
280
281#ifdef TEST_ENG_OPENSSL_SHA
282/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
283#include <openssl/sha.h>
284static int test_digest_nids[] = {NID_sha1};
285static int test_digest_nids_number = 1;
286static int test_sha1_init(EVP_MD_CTX *ctx)
287 {
288#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
289 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
290#endif
291 return SHA1_Init(ctx->md_data);
292 }
293static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
294 {
295#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
296 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
297#endif
298 return SHA1_Update(ctx->md_data,data,count);
299 }
300static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
301 {
302#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
303 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
304#endif
305 return SHA1_Final(md,ctx->md_data);
306 }
307static const EVP_MD test_sha_md=
308 {
309 NID_sha1,
310 NID_sha1WithRSAEncryption,
311 SHA_DIGEST_LENGTH,
312 0,
313 test_sha1_init,
314 test_sha1_update,
315 test_sha1_final,
316 NULL,
317 NULL,
318 EVP_PKEY_RSA_method,
319 SHA_CBLOCK,
320 sizeof(EVP_MD *)+sizeof(SHA_CTX),
321 };
322static int openssl_digests(ENGINE *e, const EVP_MD **digest,
323 const int **nids, int nid)
324 {
325 if(!digest)
326 {
327 /* We are returning a list of supported nids */
328 *nids = test_digest_nids;
329 return test_digest_nids_number;
330 }
331 /* We are being asked for a specific digest */
332 if(nid == NID_sha1)
333 *digest = &test_sha_md;
334 else
335 {
336#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
337 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
338 "nid %d\n", nid);
339#endif
340 *digest = NULL;
341 return 0;
342 }
343 return 1;
344 }
345#endif
346
347#ifdef TEST_ENG_OPENSSL_PKEY
348static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
349 UI_METHOD *ui_method, void *callback_data)
350 {
351 BIO *in;
352 EVP_PKEY *key;
353 fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
354 in = BIO_new_file(key_id, "r");
355 if (!in)
356 return NULL;
357 key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
358 BIO_free(in);
359 return key;
360 }
361#endif
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
new file mode 100644
index 0000000000..8c69171511
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_pkey.c
@@ -0,0 +1,157 @@
1/* crypto/engine/eng_pkey.c */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/crypto.h>
57#include "cryptlib.h"
58#include "eng_int.h"
59#include <openssl/engine.h>
60
61/* Basic get/set stuff */
62
63int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
64 {
65 e->load_privkey = loadpriv_f;
66 return 1;
67 }
68
69int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
70 {
71 e->load_pubkey = loadpub_f;
72 return 1;
73 }
74
75ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
76 {
77 return e->load_privkey;
78 }
79
80ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
81 {
82 return e->load_pubkey;
83 }
84
85/* API functions to load public/private keys */
86
87EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
88 UI_METHOD *ui_method, void *callback_data)
89 {
90 EVP_PKEY *pkey;
91
92 if(e == NULL)
93 {
94 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
95 ERR_R_PASSED_NULL_PARAMETER);
96 return 0;
97 }
98 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
99 if(e->funct_ref == 0)
100 {
101 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
102 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
103 ENGINE_R_NOT_INITIALISED);
104 return 0;
105 }
106 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
107 if (!e->load_privkey)
108 {
109 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
110 ENGINE_R_NO_LOAD_FUNCTION);
111 return 0;
112 }
113 pkey = e->load_privkey(e, key_id, ui_method, callback_data);
114 if (!pkey)
115 {
116 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
117 ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
118 return 0;
119 }
120 return pkey;
121 }
122
123EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
124 UI_METHOD *ui_method, void *callback_data)
125 {
126 EVP_PKEY *pkey;
127
128 if(e == NULL)
129 {
130 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
131 ERR_R_PASSED_NULL_PARAMETER);
132 return 0;
133 }
134 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
135 if(e->funct_ref == 0)
136 {
137 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
138 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
139 ENGINE_R_NOT_INITIALISED);
140 return 0;
141 }
142 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
143 if (!e->load_pubkey)
144 {
145 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
146 ENGINE_R_NO_LOAD_FUNCTION);
147 return 0;
148 }
149 pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
150 if (!pkey)
151 {
152 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
153 ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
154 return 0;
155 }
156 return pkey;
157 }
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
new file mode 100644
index 0000000000..c69a84a8bf
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_table.c
@@ -0,0 +1,361 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/evp.h>
56#include <openssl/engine.h>
57#include "eng_int.h"
58
59/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
60 * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
61 * pointers. These pointers aren't references, because they're inserted and
62 * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
63 * that *exist* (ie. have a structural reference count greater than zero) rather
64 * than ENGINEs that are *functional*. Each pointer in those stacks are to
65 * ENGINEs that implements the algorithm corresponding to each 'nid'. */
66
67/* The type of the items in the table */
68typedef struct st_engine_pile
69 {
70 /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
71 * */
72 int nid;
73 /* A stack of ENGINE pointers for ENGINEs that support this
74 * algorithm/mode. In the event that 'funct' is NULL, the first entry in
75 * this stack that initialises will be set as 'funct' and assumed as the
76 * default for operations of this type. */
77 STACK_OF(ENGINE) *sk;
78 /* The default ENGINE to perform this algorithm/mode. */
79 ENGINE *funct;
80 /* This value optimises engine_table_select(). If it is called it sets
81 * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
82 * As such, no ENGINE_init() thrashing is done unless ENGINEs
83 * continually register (and/or unregister). */
84 int uptodate;
85 } ENGINE_PILE;
86
87/* The type of the hash table of ENGINE_PILE structures such that each are
88 * unique and keyed by the 'nid' value. */
89struct st_engine_table
90 {
91 LHASH piles;
92 }; /* ENGINE_TABLE */
93
94/* This value stores global options controlling behaviour of (mostly) the
95 * engine_table_select() function. It's a bitmask of flag values of the form
96 * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
97 * ENGINE_[get|set]_table_flags() function. */
98static unsigned int table_flags = 0;
99
100/* API function manipulating 'table_flags' */
101unsigned int ENGINE_get_table_flags(void)
102 {
103 return table_flags;
104 }
105void ENGINE_set_table_flags(unsigned int flags)
106 {
107 table_flags = flags;
108 }
109
110/* Internal functions for the "piles" hash table */
111static unsigned long engine_pile_hash(const ENGINE_PILE *c)
112 {
113 return c->nid;
114 }
115static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
116 {
117 return a->nid - b->nid;
118 }
119static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
120static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
121static int int_table_check(ENGINE_TABLE **t, int create)
122 {
123 LHASH *lh;
124 if(*t)
125 return 1;
126 if(!create)
127 return 0;
128 if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
129 LHASH_COMP_FN(engine_pile_cmp))) == NULL)
130 return 0;
131 *t = (ENGINE_TABLE *)lh;
132 return 1;
133 }
134
135/* Privately exposed (via eng_int.h) functions for adding and/or removing
136 * ENGINEs from the implementation table */
137int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
138 ENGINE *e, const int *nids, int num_nids, int setdefault)
139 {
140 int ret = 0, added = 0;
141 ENGINE_PILE tmplate, *fnd;
142 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
143 if(!(*table))
144 added = 1;
145 if(!int_table_check(table, 1))
146 goto end;
147 if(added)
148 /* The cleanup callback needs to be added */
149 engine_cleanup_add_first(cleanup);
150 while(num_nids--)
151 {
152 tmplate.nid = *nids;
153 fnd = lh_retrieve(&(*table)->piles, &tmplate);
154 if(!fnd)
155 {
156 fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
157 if(!fnd)
158 goto end;
159 fnd->uptodate = 1;
160 fnd->nid = *nids;
161 fnd->sk = sk_ENGINE_new_null();
162 if(!fnd->sk)
163 {
164 OPENSSL_free(fnd);
165 goto end;
166 }
167 fnd->funct= NULL;
168 lh_insert(&(*table)->piles, fnd);
169 }
170 /* A registration shouldn't add duplciate entries */
171 sk_ENGINE_delete_ptr(fnd->sk, e);
172 /* if 'setdefault', this ENGINE goes to the head of the list */
173 if(!sk_ENGINE_push(fnd->sk, e))
174 goto end;
175 /* "touch" this ENGINE_PILE */
176 fnd->uptodate = 0;
177 if(setdefault)
178 {
179 if(!engine_unlocked_init(e))
180 {
181 ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
182 ENGINE_R_INIT_FAILED);
183 goto end;
184 }
185 if(fnd->funct)
186 engine_unlocked_finish(fnd->funct, 0);
187 fnd->funct = e;
188 }
189 nids++;
190 }
191 ret = 1;
192end:
193 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
194 return ret;
195 }
196static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
197 {
198 int n;
199 /* Iterate the 'c->sk' stack removing any occurance of 'e' */
200 while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
201 {
202 sk_ENGINE_delete(pile->sk, n);
203 /* "touch" this ENGINE_CIPHER */
204 pile->uptodate = 0;
205 }
206 if(pile->funct == e)
207 {
208 engine_unlocked_finish(e, 0);
209 pile->funct = NULL;
210 }
211 }
212static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
213void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
214 {
215 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
216 if(int_table_check(table, 0))
217 lh_doall_arg(&(*table)->piles,
218 LHASH_DOALL_ARG_FN(int_unregister_cb), e);
219 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
220 }
221
222static void int_cleanup_cb(ENGINE_PILE *p)
223 {
224 sk_ENGINE_free(p->sk);
225 if(p->funct)
226 engine_unlocked_finish(p->funct, 0);
227 OPENSSL_free(p);
228 }
229static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
230void engine_table_cleanup(ENGINE_TABLE **table)
231 {
232 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
233 if(*table)
234 {
235 lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
236 lh_free(&(*table)->piles);
237 *table = NULL;
238 }
239 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
240 }
241
242/* Exposed API function to get a functional reference from the implementation
243 * table (ie. try to get a functional reference from the tabled structural
244 * references) for a given cipher 'nid' */
245#ifndef ENGINE_TABLE_DEBUG
246ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
247#else
248ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
249#endif
250 {
251 ENGINE *ret = NULL;
252 ENGINE_PILE tmplate, *fnd=NULL;
253 int initres, loop = 0;
254
255 /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
256 * ENGINEs have registered any implementations! */
257 if(!(*table))
258 {
259#ifdef ENGINE_TABLE_DEBUG
260 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
261 "registered for anything!\n", f, l, nid);
262#endif
263 return NULL;
264 }
265 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
266 /* Check again inside the lock otherwise we could race against cleanup
267 * operations. But don't worry about a fprintf(stderr). */
268 if(!int_table_check(table, 0))
269 goto end;
270 tmplate.nid = nid;
271 fnd = lh_retrieve(&(*table)->piles, &tmplate);
272 if(!fnd)
273 goto end;
274 if(fnd->funct && engine_unlocked_init(fnd->funct))
275 {
276#ifdef ENGINE_TABLE_DEBUG
277 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
278 "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
279#endif
280 ret = fnd->funct;
281 goto end;
282 }
283 if(fnd->uptodate)
284 {
285 ret = fnd->funct;
286 goto end;
287 }
288trynext:
289 ret = sk_ENGINE_value(fnd->sk, loop++);
290 if(!ret)
291 {
292#ifdef ENGINE_TABLE_DEBUG
293 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
294 "registered implementations would initialise\n",
295 f, l, nid);
296#endif
297 goto end;
298 }
299#if 0
300 /* Don't need to get a reference if we hold the lock. If the locking has
301 * to change in future, that would be different ... */
302 ret->struct_ref++; engine_ref_debug(ret, 0, 1)
303#endif
304 /* Try and initialise the ENGINE if it's already functional *or* if the
305 * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
306 if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
307 initres = engine_unlocked_init(ret);
308 else
309 initres = 0;
310#if 0
311 /* Release the structural reference */
312 ret->struct_ref--; engine_ref_debug(ret, 0, -1);
313#endif
314 if(initres)
315 {
316 /* If we didn't have a default (functional reference) for this
317 * 'nid' (or we had one but for whatever reason we're now
318 * initialising a different one), use this opportunity to set
319 * 'funct'. */
320 if((fnd->funct != ret) && engine_unlocked_init(ret))
321 {
322 /* If there was a previous default we release it. */
323 if(fnd->funct)
324 engine_unlocked_finish(fnd->funct, 0);
325 /* We got an extra functional reference for the
326 * per-'nid' default */
327 fnd->funct = ret;
328#ifdef ENGINE_TABLE_DEBUG
329 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
330 "setting default to '%s'\n", f, l, nid, ret->id);
331#endif
332 }
333#ifdef ENGINE_TABLE_DEBUG
334 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
335 "newly initialised '%s'\n", f, l, nid, ret->id);
336#endif
337 goto end;
338 }
339 goto trynext;
340end:
341 /* Whatever happened - we should "untouch" our uptodate file seeing as
342 * we have tried our best to find a functional reference for 'nid'. If
343 * it failed, it is unlikely to succeed again until some future
344 * registrations (or unregistrations) have taken place that affect that
345 * 'nid'. */
346 if(fnd)
347 fnd->uptodate = 1;
348#ifdef ENGINE_TABLE_DEBUG
349 if(ret)
350 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
351 "ENGINE '%s'\n", f, l, nid, ret->id);
352 else
353 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
354 "'no matching ENGINE'\n", f, l, nid);
355#endif
356 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
357 /* Whatever happened, any failed init()s are not failures in this
358 * context, so clear our error state. */
359 ERR_clear_error();
360 return ret;
361 }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
new file mode 100644
index 0000000000..900f75ce8d
--- /dev/null
+++ b/src/lib/libcrypto/engine/engine.h
@@ -0,0 +1,729 @@
1/* openssl/engine.h */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_ENGINE_H
60#define HEADER_ENGINE_H
61
62#include <openssl/opensslconf.h>
63
64#ifdef OPENSSL_NO_ENGINE
65#error ENGINE is disabled.
66#endif
67
68#include <openssl/ossl_typ.h>
69#include <openssl/bn.h>
70#ifndef OPENSSL_NO_RSA
71#include <openssl/rsa.h>
72#endif
73#ifndef OPENSSL_NO_DSA
74#include <openssl/dsa.h>
75#endif
76#ifndef OPENSSL_NO_DH
77#include <openssl/dh.h>
78#endif
79#include <openssl/rand.h>
80#include <openssl/ui.h>
81#include <openssl/symhacks.h>
82#include <openssl/err.h>
83
84#ifdef __cplusplus
85extern "C" {
86#endif
87
88/* Fixups for missing algorithms */
89#ifdef OPENSSL_NO_RSA
90typedef void RSA_METHOD;
91#endif
92#ifdef OPENSSL_NO_DSA
93typedef void DSA_METHOD;
94#endif
95#ifdef OPENSSL_NO_DH
96typedef void DH_METHOD;
97#endif
98
99/* These flags are used to control combinations of algorithm (methods)
100 * by bitwise "OR"ing. */
101#define ENGINE_METHOD_RSA (unsigned int)0x0001
102#define ENGINE_METHOD_DSA (unsigned int)0x0002
103#define ENGINE_METHOD_DH (unsigned int)0x0004
104#define ENGINE_METHOD_RAND (unsigned int)0x0008
105#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
106#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
107/* Obvious all-or-nothing cases. */
108#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
109#define ENGINE_METHOD_NONE (unsigned int)0x0000
110
111/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
112 * internally to control registration of ENGINE implementations, and can be set
113 * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
114 * initialise registered ENGINEs if they are not already initialised. */
115#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
116
117/* ENGINE flags that can be set by ENGINE_set_flags(). */
118/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */
119
120/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
121 * control commands on their own. Without this flag, ENGINE_ctrl() handles these
122 * control commands on behalf of the ENGINE using their "cmd_defns" data. */
123#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
124
125/* This flag is for ENGINEs who return new duplicate structures when found via
126 * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
127 * commands are called in sequence as part of some stateful process like
128 * key-generation setup and execution), it can set this flag - then each attempt
129 * to obtain the ENGINE will result in it being copied into a new structure.
130 * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
131 * the existing ENGINE's structural reference count. */
132#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
133
134/* ENGINEs can support their own command types, and these flags are used in
135 * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
136 * command expects. Currently only numeric and string input is supported. If a
137 * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
138 * then it is regarded as an "internal" control command - and not for use in
139 * config setting situations. As such, they're not available to the
140 * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
141 * this list of 'command types' should be reflected carefully in
142 * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
143
144/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
145#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
146/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
147 * ENGINE_ctrl) */
148#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
149/* Indicates that the control command takes *no* input. Ie. the control command
150 * is unparameterised. */
151#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
152/* Indicates that the control command is internal. This control command won't
153 * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
154 * function. */
155#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
156
157/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
158 * relying on these commands should compile conditional support for
159 * compatibility (eg. if these symbols are defined) but should also migrate the
160 * same functionality to their own ENGINE-specific control functions that can be
161 * "discovered" by calling applications. The fact these control commands
162 * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
163 * fact that application code can find and use them without requiring per-ENGINE
164 * hacking. */
165
166/* These flags are used to tell the ctrl function what should be done.
167 * All command numbers are shared between all engines, even if some don't
168 * make sense to some engines. In such a case, they do nothing but return
169 * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
170#define ENGINE_CTRL_SET_LOGSTREAM 1
171#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
172#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any
173 handles/connections etc. */
174#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */
175#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used
176 when calling the password
177 callback and the user
178 interface */
179
180/* These control commands allow an application to deal with an arbitrary engine
181 * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
182 * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
183 * including ENGINE-specific command types, return zero for an error.
184 *
185 * An ENGINE can choose to implement these ctrl functions, and can internally
186 * manage things however it chooses - it does so by setting the
187 * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
188 * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
189 * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
190 * handler need only implement its own commands - the above "meta" commands will
191 * be taken care of. */
192
193/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
194 * all the remaining control commands will return failure, so it is worth
195 * checking this first if the caller is trying to "discover" the engine's
196 * capabilities and doesn't want errors generated unnecessarily. */
197#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
198/* Returns a positive command number for the first command supported by the
199 * engine. Returns zero if no ctrl commands are supported. */
200#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
201/* The 'long' argument specifies a command implemented by the engine, and the
202 * return value is the next command supported, or zero if there are no more. */
203#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
204/* The 'void*' argument is a command name (cast from 'const char *'), and the
205 * return value is the command that corresponds to it. */
206#define ENGINE_CTRL_GET_CMD_FROM_NAME 13
207/* The next two allow a command to be converted into its corresponding string
208 * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
209 * case, the return value is the length of the command name (not counting a
210 * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
211 * large enough, and it will be populated with the name of the command (WITH a
212 * trailing EOL). */
213#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
214#define ENGINE_CTRL_GET_NAME_FROM_CMD 15
215/* The next two are similar but give a "short description" of a command. */
216#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
217#define ENGINE_CTRL_GET_DESC_FROM_CMD 17
218/* With this command, the return value is the OR'd combination of
219 * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
220 * engine-specific ctrl command expects. */
221#define ENGINE_CTRL_GET_CMD_FLAGS 18
222
223/* ENGINE implementations should start the numbering of their own control
224 * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
225#define ENGINE_CMD_BASE 200
226
227/* NB: These 2 nCipher "chil" control commands are deprecated, and their
228 * functionality is now available through ENGINE-specific control commands
229 * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
230 * commands should be migrated to the more general command handling before these
231 * are removed. */
232
233/* Flags specific to the nCipher "chil" engine */
234#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
235 /* Depending on the value of the (long)i argument, this sets or
236 * unsets the SimpleForkCheck flag in the CHIL API to enable or
237 * disable checking and workarounds for applications that fork().
238 */
239#define ENGINE_CTRL_CHIL_NO_LOCKING 101
240 /* This prevents the initialisation function from providing mutex
241 * callbacks to the nCipher library. */
242
243/* If an ENGINE supports its own specific control commands and wishes the
244 * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
245 * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
246 * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
247 * supports the stated commands (ie. the "cmd_num" entries as described by the
248 * array). NB: The array must be ordered in increasing order of cmd_num.
249 * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
250 * to zero and/or cmd_name set to NULL. */
251typedef struct ENGINE_CMD_DEFN_st
252 {
253 unsigned int cmd_num; /* The command number */
254 const char *cmd_name; /* The command name itself */
255 const char *cmd_desc; /* A short description of the command */
256 unsigned int cmd_flags; /* The input the command expects */
257 } ENGINE_CMD_DEFN;
258
259/* Generic function pointer */
260typedef int (*ENGINE_GEN_FUNC_PTR)();
261/* Generic function pointer taking no arguments */
262typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
263/* Specific control function pointer */
264typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
265/* Generic load_key function pointer */
266typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
267 UI_METHOD *ui_method, void *callback_data);
268/* These callback types are for an ENGINE's handler for cipher and digest logic.
269 * These handlers have these prototypes;
270 * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
271 * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
272 * Looking at how to implement these handlers in the case of cipher support, if
273 * the framework wants the EVP_CIPHER for 'nid', it will call;
274 * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure)
275 * If the framework wants a list of supported 'nid's, it will call;
276 * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
277 */
278/* Returns to a pointer to the array of supported cipher 'nid's. If the second
279 * parameter is non-NULL it is set to the size of the returned array. */
280typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
281typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
282
283/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
284 * structures where the pointers have a "structural reference". This means that
285 * their reference is to allowed access to the structure but it does not imply
286 * that the structure is functional. To simply increment or decrement the
287 * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
288 * required when iterating using ENGINE_get_next as it will automatically
289 * decrement the structural reference count of the "current" ENGINE and
290 * increment the structural reference count of the ENGINE it returns (unless it
291 * is NULL). */
292
293/* Get the first/last "ENGINE" type available. */
294ENGINE *ENGINE_get_first(void);
295ENGINE *ENGINE_get_last(void);
296/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
297ENGINE *ENGINE_get_next(ENGINE *e);
298ENGINE *ENGINE_get_prev(ENGINE *e);
299/* Add another "ENGINE" type into the array. */
300int ENGINE_add(ENGINE *e);
301/* Remove an existing "ENGINE" type from the array. */
302int ENGINE_remove(ENGINE *e);
303/* Retrieve an engine from the list by its unique "id" value. */
304ENGINE *ENGINE_by_id(const char *id);
305/* Add all the built-in engines. */
306void ENGINE_load_openssl(void);
307void ENGINE_load_dynamic(void);
308void ENGINE_load_cswift(void);
309void ENGINE_load_chil(void);
310void ENGINE_load_atalla(void);
311void ENGINE_load_nuron(void);
312void ENGINE_load_ubsec(void);
313void ENGINE_load_aep(void);
314void ENGINE_load_sureware(void);
315void ENGINE_load_4758cca(void);
316void ENGINE_load_cryptodev(void);
317void ENGINE_load_builtin_engines(void);
318
319/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
320 * "registry" handling. */
321unsigned int ENGINE_get_table_flags(void);
322void ENGINE_set_table_flags(unsigned int flags);
323
324/* Manage registration of ENGINEs per "table". For each type, there are 3
325 * functions;
326 * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
327 * ENGINE_unregister_***(e) - unregister the implementation from 'e'
328 * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
329 * Cleanup is automatically registered from each table when required, so
330 * ENGINE_cleanup() will reverse any "register" operations. */
331
332int ENGINE_register_RSA(ENGINE *e);
333void ENGINE_unregister_RSA(ENGINE *e);
334void ENGINE_register_all_RSA(void);
335
336int ENGINE_register_DSA(ENGINE *e);
337void ENGINE_unregister_DSA(ENGINE *e);
338void ENGINE_register_all_DSA(void);
339
340int ENGINE_register_DH(ENGINE *e);
341void ENGINE_unregister_DH(ENGINE *e);
342void ENGINE_register_all_DH(void);
343
344int ENGINE_register_RAND(ENGINE *e);
345void ENGINE_unregister_RAND(ENGINE *e);
346void ENGINE_register_all_RAND(void);
347
348int ENGINE_register_ciphers(ENGINE *e);
349void ENGINE_unregister_ciphers(ENGINE *e);
350void ENGINE_register_all_ciphers(void);
351
352int ENGINE_register_digests(ENGINE *e);
353void ENGINE_unregister_digests(ENGINE *e);
354void ENGINE_register_all_digests(void);
355
356/* These functions register all support from the above categories. Note, use of
357 * these functions can result in static linkage of code your application may not
358 * need. If you only need a subset of functionality, consider using more
359 * selective initialisation. */
360int ENGINE_register_complete(ENGINE *e);
361int ENGINE_register_all_complete(void);
362
363/* Send parametrised control commands to the engine. The possibilities to send
364 * down an integer, a pointer to data or a function pointer are provided. Any of
365 * the parameters may or may not be NULL, depending on the command number. In
366 * actuality, this function only requires a structural (rather than functional)
367 * reference to an engine, but many control commands may require the engine be
368 * functional. The caller should be aware of trying commands that require an
369 * operational ENGINE, and only use functional references in such situations. */
370int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
371
372/* This function tests if an ENGINE-specific command is usable as a "setting".
373 * Eg. in an application's config file that gets processed through
374 * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
375 * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
376int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
377
378/* This function works like ENGINE_ctrl() with the exception of taking a
379 * command name instead of a command number, and can handle optional commands.
380 * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
381 * use the cmd_name and cmd_optional. */
382int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
383 long i, void *p, void (*f)(), int cmd_optional);
384
385/* This function passes a command-name and argument to an ENGINE. The cmd_name
386 * is converted to a command number and the control command is called using
387 * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
388 * which case no control command is called). The command is checked for input
389 * flags, and if necessary the argument will be converted to a numeric value. If
390 * cmd_optional is non-zero, then if the ENGINE doesn't support the given
391 * cmd_name the return value will be success anyway. This function is intended
392 * for applications to use so that users (or config files) can supply
393 * engine-specific config data to the ENGINE at run-time to control behaviour of
394 * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
395 * functions that return data, deal with binary data, or that are otherwise
396 * supposed to be used directly through ENGINE_ctrl() in application code. Any
397 * "return" data from an ENGINE_ctrl() operation in this function will be lost -
398 * the return value is interpreted as failure if the return value is zero,
399 * success otherwise, and this function returns a boolean value as a result. In
400 * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
401 * implementations with parameterisations that work in this scheme, so that
402 * compliant ENGINE-based applications can work consistently with the same
403 * configuration for the same ENGINE-enabled devices, across applications. */
404int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
405 int cmd_optional);
406
407/* These functions are useful for manufacturing new ENGINE structures. They
408 * don't address reference counting at all - one uses them to populate an ENGINE
409 * structure with personalised implementations of things prior to using it
410 * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
411 * here so that the ENGINE structure doesn't have to be exposed and break binary
412 * compatibility! */
413ENGINE *ENGINE_new(void);
414int ENGINE_free(ENGINE *e);
415int ENGINE_up_ref(ENGINE *e);
416int ENGINE_set_id(ENGINE *e, const char *id);
417int ENGINE_set_name(ENGINE *e, const char *name);
418int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
419int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
420int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
421int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
422int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
423int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
424int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
425int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
426int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
427int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
428int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
429int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
430int ENGINE_set_flags(ENGINE *e, int flags);
431int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
432/* These functions (and the "get" function lower down) allow control over any
433 * per-structure ENGINE data. */
434int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
435 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
436int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
437
438/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
439 * automatically ensures the list cleanup function is registered to be called
440 * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
441 * ENGINE_cleanup() will clean up after them. */
442void ENGINE_cleanup(void);
443
444/* These return values from within the ENGINE structure. These can be useful
445 * with functional references as well as structural references - it depends
446 * which you obtained. Using the result for functional purposes if you only
447 * obtained a structural reference may be problematic! */
448const char *ENGINE_get_id(const ENGINE *e);
449const char *ENGINE_get_name(const ENGINE *e);
450const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
451const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
452const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
453const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
454ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
455ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
456ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
457ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
458ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
459ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
460ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
461ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
462const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
463const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
464const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
465int ENGINE_get_flags(const ENGINE *e);
466void *ENGINE_get_ex_data(const ENGINE *e, int idx);
467
468/* FUNCTIONAL functions. These functions deal with ENGINE structures
469 * that have (or will) be initialised for use. Broadly speaking, the
470 * structural functions are useful for iterating the list of available
471 * engine types, creating new engine types, and other "list" operations.
472 * These functions actually deal with ENGINEs that are to be used. As
473 * such these functions can fail (if applicable) when particular
474 * engines are unavailable - eg. if a hardware accelerator is not
475 * attached or not functioning correctly. Each ENGINE has 2 reference
476 * counts; structural and functional. Every time a functional reference
477 * is obtained or released, a corresponding structural reference is
478 * automatically obtained or released too. */
479
480/* Initialise a engine type for use (or up its reference count if it's
481 * already in use). This will fail if the engine is not currently
482 * operational and cannot initialise. */
483int ENGINE_init(ENGINE *e);
484/* Free a functional reference to a engine type. This does not require
485 * a corresponding call to ENGINE_free as it also releases a structural
486 * reference. */
487int ENGINE_finish(ENGINE *e);
488
489/* The following functions handle keys that are stored in some secondary
490 * location, handled by the engine. The storage may be on a card or
491 * whatever. */
492EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
493 UI_METHOD *ui_method, void *callback_data);
494EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
495 UI_METHOD *ui_method, void *callback_data);
496
497/* This returns a pointer for the current ENGINE structure that
498 * is (by default) performing any RSA operations. The value returned
499 * is an incremented reference, so it should be free'd (ENGINE_finish)
500 * before it is discarded. */
501ENGINE *ENGINE_get_default_RSA(void);
502/* Same for the other "methods" */
503ENGINE *ENGINE_get_default_DSA(void);
504ENGINE *ENGINE_get_default_DH(void);
505ENGINE *ENGINE_get_default_RAND(void);
506/* These functions can be used to get a functional reference to perform
507 * ciphering or digesting corresponding to "nid". */
508ENGINE *ENGINE_get_cipher_engine(int nid);
509ENGINE *ENGINE_get_digest_engine(int nid);
510
511/* This sets a new default ENGINE structure for performing RSA
512 * operations. If the result is non-zero (success) then the ENGINE
513 * structure will have had its reference count up'd so the caller
514 * should still free their own reference 'e'. */
515int ENGINE_set_default_RSA(ENGINE *e);
516int ENGINE_set_default_string(ENGINE *e, const char *def_list);
517/* Same for the other "methods" */
518int ENGINE_set_default_DSA(ENGINE *e);
519int ENGINE_set_default_DH(ENGINE *e);
520int ENGINE_set_default_RAND(ENGINE *e);
521int ENGINE_set_default_ciphers(ENGINE *e);
522int ENGINE_set_default_digests(ENGINE *e);
523
524/* The combination "set" - the flags are bitwise "OR"d from the
525 * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
526 * function, this function can result in unnecessary static linkage. If your
527 * application requires only specific functionality, consider using more
528 * selective functions. */
529int ENGINE_set_default(ENGINE *e, unsigned int flags);
530
531void ENGINE_add_conf_module(void);
532
533/* Deprecated functions ... */
534/* int ENGINE_clear_defaults(void); */
535
536/**************************/
537/* DYNAMIC ENGINE SUPPORT */
538/**************************/
539
540/* Binary/behaviour compatibility levels */
541#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200
542/* Binary versions older than this are too old for us (whether we're a loader or
543 * a loadee) */
544#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200
545
546/* When compiling an ENGINE entirely as an external shared library, loadable by
547 * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
548 * type provides the calling application's (or library's) error functionality
549 * and memory management function pointers to the loaded library. These should
550 * be used/set in the loaded library code so that the loading application's
551 * 'state' will be used/changed in all operations. */
552typedef void *(*dyn_MEM_malloc_cb)(size_t);
553typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
554typedef void (*dyn_MEM_free_cb)(void *);
555typedef struct st_dynamic_MEM_fns {
556 dyn_MEM_malloc_cb malloc_cb;
557 dyn_MEM_realloc_cb realloc_cb;
558 dyn_MEM_free_cb free_cb;
559 } dynamic_MEM_fns;
560/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
561 * these types so we (and any other dependant code) can simplify a bit?? */
562typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
563typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
564typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
565 const char *,int);
566typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
567 const char *,int);
568typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
569 const char *,int);
570typedef struct st_dynamic_LOCK_fns {
571 dyn_lock_locking_cb lock_locking_cb;
572 dyn_lock_add_lock_cb lock_add_lock_cb;
573 dyn_dynlock_create_cb dynlock_create_cb;
574 dyn_dynlock_lock_cb dynlock_lock_cb;
575 dyn_dynlock_destroy_cb dynlock_destroy_cb;
576 } dynamic_LOCK_fns;
577/* The top-level structure */
578typedef struct st_dynamic_fns {
579 const ERR_FNS *err_fns;
580 const CRYPTO_EX_DATA_IMPL *ex_data_fns;
581 dynamic_MEM_fns mem_fns;
582 dynamic_LOCK_fns lock_fns;
583 } dynamic_fns;
584
585/* The version checking function should be of this prototype. NB: The
586 * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
587 * If this function returns zero, it indicates a (potential) version
588 * incompatibility and the loaded library doesn't believe it can proceed.
589 * Otherwise, the returned value is the (latest) version supported by the
590 * loading library. The loader may still decide that the loaded code's version
591 * is unsatisfactory and could veto the load. The function is expected to
592 * be implemented with the symbol name "v_check", and a default implementation
593 * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
594typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
595#define IMPLEMENT_DYNAMIC_CHECK_FN() \
596 unsigned long v_check(unsigned long v) { \
597 if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
598 return 0; }
599
600/* This function is passed the ENGINE structure to initialise with its own
601 * function and command settings. It should not adjust the structural or
602 * functional reference counts. If this function returns zero, (a) the load will
603 * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
604 * structure, and (c) the shared library will be unloaded. So implementations
605 * should do their own internal cleanup in failure circumstances otherwise they
606 * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
607 * the loader is looking for. If this is NULL, the shared library can choose to
608 * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
609 * library must initialise only an ENGINE matching the passed 'id'. The function
610 * is expected to be implemented with the symbol name "bind_engine". A standard
611 * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
612 * the parameter 'fn' is a callback function that populates the ENGINE structure
613 * and returns an int value (zero for failure). 'fn' should have prototype;
614 * [static] int fn(ENGINE *e, const char *id); */
615typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
616 const dynamic_fns *fns);
617#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
618 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
619 if (ERR_get_implementation() != fns->err_fns) \
620 { \
621 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
622 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
623 return 0; \
624 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
625 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
626 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
627 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
628 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
629 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
630 return 0; \
631 if(!ERR_set_implementation(fns->err_fns)) return 0; \
632 } \
633 if(!fn(e,id)) return 0; \
634 return 1; }
635
636#if defined(__OpenBSD__) || defined(__FreeBSD__)
637void ENGINE_setup_bsd_cryptodev(void);
638#endif
639
640/* BEGIN ERROR CODES */
641/* The following lines are auto generated by the script mkerr.pl. Any changes
642 * made after this point may be overwritten when the script is next run.
643 */
644void ERR_load_ENGINE_strings(void);
645
646/* Error codes for the ENGINE functions. */
647
648/* Function codes. */
649#define ENGINE_F_DYNAMIC_CTRL 180
650#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181
651#define ENGINE_F_DYNAMIC_LOAD 182
652#define ENGINE_F_ENGINE_ADD 105
653#define ENGINE_F_ENGINE_BY_ID 106
654#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170
655#define ENGINE_F_ENGINE_CTRL 142
656#define ENGINE_F_ENGINE_CTRL_CMD 178
657#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
658#define ENGINE_F_ENGINE_FINISH 107
659#define ENGINE_F_ENGINE_FREE 108
660#define ENGINE_F_ENGINE_GET_CIPHER 185
661#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
662#define ENGINE_F_ENGINE_GET_DIGEST 186
663#define ENGINE_F_ENGINE_GET_NEXT 115
664#define ENGINE_F_ENGINE_GET_PREV 116
665#define ENGINE_F_ENGINE_INIT 119
666#define ENGINE_F_ENGINE_LIST_ADD 120
667#define ENGINE_F_ENGINE_LIST_REMOVE 121
668#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
669#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
670#define ENGINE_F_ENGINE_MODULE_INIT 187
671#define ENGINE_F_ENGINE_NEW 122
672#define ENGINE_F_ENGINE_REMOVE 123
673#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
674#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
675#define ENGINE_F_ENGINE_SET_ID 129
676#define ENGINE_F_ENGINE_SET_NAME 130
677#define ENGINE_F_ENGINE_TABLE_REGISTER 184
678#define ENGINE_F_ENGINE_UNLOAD_KEY 152
679#define ENGINE_F_ENGINE_UP_REF 190
680#define ENGINE_F_INT_CTRL_HELPER 172
681#define ENGINE_F_INT_ENGINE_CONFIGURE 188
682#define ENGINE_F_LOG_MESSAGE 141
683#define ENGINE_F_SET_DATA_CTX 183
684
685/* Reason codes. */
686#define ENGINE_R_ALREADY_LOADED 100
687#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
688#define ENGINE_R_CMD_NOT_EXECUTABLE 134
689#define ENGINE_R_COMMAND_TAKES_INPUT 135
690#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
691#define ENGINE_R_CONFLICTING_ENGINE_ID 103
692#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
693#define ENGINE_R_DH_NOT_IMPLEMENTED 139
694#define ENGINE_R_DSA_NOT_IMPLEMENTED 140
695#define ENGINE_R_DSO_FAILURE 104
696#define ENGINE_R_DSO_NOT_FOUND 132
697#define ENGINE_R_ENGINES_SECTION_ERROR 148
698#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
699#define ENGINE_R_ENGINE_SECTION_ERROR 149
700#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
701#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
702#define ENGINE_R_FINISH_FAILED 106
703#define ENGINE_R_GET_HANDLE_FAILED 107
704#define ENGINE_R_ID_OR_NAME_MISSING 108
705#define ENGINE_R_INIT_FAILED 109
706#define ENGINE_R_INTERNAL_LIST_ERROR 110
707#define ENGINE_R_INVALID_ARGUMENT 143
708#define ENGINE_R_INVALID_CMD_NAME 137
709#define ENGINE_R_INVALID_CMD_NUMBER 138
710#define ENGINE_R_INVALID_INIT_VALUE 151
711#define ENGINE_R_INVALID_STRING 150
712#define ENGINE_R_NOT_INITIALISED 117
713#define ENGINE_R_NOT_LOADED 112
714#define ENGINE_R_NO_CONTROL_FUNCTION 120
715#define ENGINE_R_NO_INDEX 144
716#define ENGINE_R_NO_LOAD_FUNCTION 125
717#define ENGINE_R_NO_REFERENCE 130
718#define ENGINE_R_NO_SUCH_ENGINE 116
719#define ENGINE_R_NO_UNLOAD_FUNCTION 126
720#define ENGINE_R_PROVIDE_PARAMETERS 113
721#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
722#define ENGINE_R_UNIMPLEMENTED_CIPHER 146
723#define ENGINE_R_UNIMPLEMENTED_DIGEST 147
724#define ENGINE_R_VERSION_INCOMPATIBILITY 145
725
726#ifdef __cplusplus
727}
728#endif
729#endif
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
new file mode 100644
index 0000000000..c2d0297392
--- /dev/null
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -0,0 +1,283 @@
1/* crypto/engine/enginetest.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#ifdef OPENSSL_NO_ENGINE
63int main(int argc, char *argv[])
64{
65 printf("No ENGINE support\n");
66 return(0);
67}
68#else
69#include <openssl/e_os2.h>
70#include <openssl/buffer.h>
71#include <openssl/crypto.h>
72#include <openssl/engine.h>
73#include <openssl/err.h>
74
75static void display_engine_list()
76 {
77 ENGINE *h;
78 int loop;
79
80 h = ENGINE_get_first();
81 loop = 0;
82 printf("listing available engine types\n");
83 while(h)
84 {
85 printf("engine %i, id = \"%s\", name = \"%s\"\n",
86 loop++, ENGINE_get_id(h), ENGINE_get_name(h));
87 h = ENGINE_get_next(h);
88 }
89 printf("end of list\n");
90 /* ENGINE_get_first() increases the struct_ref counter, so we
91 must call ENGINE_free() to decrease it again */
92 ENGINE_free(h);
93 }
94
95int main(int argc, char *argv[])
96 {
97 ENGINE *block[512];
98 char buf[256];
99 const char *id, *name;
100 ENGINE *ptr;
101 int loop;
102 int to_return = 1;
103 ENGINE *new_h1 = NULL;
104 ENGINE *new_h2 = NULL;
105 ENGINE *new_h3 = NULL;
106 ENGINE *new_h4 = NULL;
107
108 /* enable memory leak checking unless explicitly disabled */
109 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
110 {
111 CRYPTO_malloc_debug_init();
112 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
113 }
114 else
115 {
116 /* OPENSSL_DEBUG_MEMORY=off */
117 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
118 }
119 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
120 ERR_load_crypto_strings();
121
122 memset(block, 0, 512 * sizeof(ENGINE *));
123 if(((new_h1 = ENGINE_new()) == NULL) ||
124 !ENGINE_set_id(new_h1, "test_id0") ||
125 !ENGINE_set_name(new_h1, "First test item") ||
126 ((new_h2 = ENGINE_new()) == NULL) ||
127 !ENGINE_set_id(new_h2, "test_id1") ||
128 !ENGINE_set_name(new_h2, "Second test item") ||
129 ((new_h3 = ENGINE_new()) == NULL) ||
130 !ENGINE_set_id(new_h3, "test_id2") ||
131 !ENGINE_set_name(new_h3, "Third test item") ||
132 ((new_h4 = ENGINE_new()) == NULL) ||
133 !ENGINE_set_id(new_h4, "test_id3") ||
134 !ENGINE_set_name(new_h4, "Fourth test item"))
135 {
136 printf("Couldn't set up test ENGINE structures\n");
137 goto end;
138 }
139 printf("\nenginetest beginning\n\n");
140 display_engine_list();
141 if(!ENGINE_add(new_h1))
142 {
143 printf("Add failed!\n");
144 goto end;
145 }
146 display_engine_list();
147 ptr = ENGINE_get_first();
148 if(!ENGINE_remove(ptr))
149 {
150 printf("Remove failed!\n");
151 goto end;
152 }
153 if (ptr)
154 ENGINE_free(ptr);
155 display_engine_list();
156 if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
157 {
158 printf("Add failed!\n");
159 goto end;
160 }
161 display_engine_list();
162 if(!ENGINE_remove(new_h2))
163 {
164 printf("Remove failed!\n");
165 goto end;
166 }
167 display_engine_list();
168 if(!ENGINE_add(new_h4))
169 {
170 printf("Add failed!\n");
171 goto end;
172 }
173 display_engine_list();
174 if(ENGINE_add(new_h3))
175 {
176 printf("Add *should* have failed but didn't!\n");
177 goto end;
178 }
179 else
180 printf("Add that should fail did.\n");
181 ERR_clear_error();
182 if(ENGINE_remove(new_h2))
183 {
184 printf("Remove *should* have failed but didn't!\n");
185 goto end;
186 }
187 else
188 printf("Remove that should fail did.\n");
189 ERR_clear_error();
190 if(!ENGINE_remove(new_h3))
191 {
192 printf("Remove failed!\n");
193 goto end;
194 }
195 display_engine_list();
196 if(!ENGINE_remove(new_h4))
197 {
198 printf("Remove failed!\n");
199 goto end;
200 }
201 display_engine_list();
202 /* Depending on whether there's any hardware support compiled
203 * in, this remove may be destined to fail. */
204 ptr = ENGINE_get_first();
205 if(ptr)
206 if(!ENGINE_remove(ptr))
207 printf("Remove failed!i - probably no hardware "
208 "support present.\n");
209 if (ptr)
210 ENGINE_free(ptr);
211 display_engine_list();
212 if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
213 {
214 printf("Couldn't add and remove to an empty list!\n");
215 goto end;
216 }
217 else
218 printf("Successfully added and removed to an empty list!\n");
219 printf("About to beef up the engine-type list\n");
220 for(loop = 0; loop < 512; loop++)
221 {
222 sprintf(buf, "id%i", loop);
223 id = BUF_strdup(buf);
224 sprintf(buf, "Fake engine type %i", loop);
225 name = BUF_strdup(buf);
226 if(((block[loop] = ENGINE_new()) == NULL) ||
227 !ENGINE_set_id(block[loop], id) ||
228 !ENGINE_set_name(block[loop], name))
229 {
230 printf("Couldn't create block of ENGINE structures.\n"
231 "I'll probably also core-dump now, damn.\n");
232 goto end;
233 }
234 }
235 for(loop = 0; loop < 512; loop++)
236 {
237 if(!ENGINE_add(block[loop]))
238 {
239 printf("\nAdding stopped at %i, (%s,%s)\n",
240 loop, ENGINE_get_id(block[loop]),
241 ENGINE_get_name(block[loop]));
242 goto cleanup_loop;
243 }
244 else
245 printf("."); fflush(stdout);
246 }
247cleanup_loop:
248 printf("\nAbout to empty the engine-type list\n");
249 while((ptr = ENGINE_get_first()) != NULL)
250 {
251 if(!ENGINE_remove(ptr))
252 {
253 printf("\nRemove failed!\n");
254 goto end;
255 }
256 ENGINE_free(ptr);
257 printf("."); fflush(stdout);
258 }
259 for(loop = 0; loop < 512; loop++)
260 {
261 OPENSSL_free((void *)ENGINE_get_id(block[loop]));
262 OPENSSL_free((void *)ENGINE_get_name(block[loop]));
263 }
264 printf("\nTests completed happily\n");
265 to_return = 0;
266end:
267 if(to_return)
268 ERR_print_errors_fp(stderr);
269 if(new_h1) ENGINE_free(new_h1);
270 if(new_h2) ENGINE_free(new_h2);
271 if(new_h3) ENGINE_free(new_h3);
272 if(new_h4) ENGINE_free(new_h4);
273 for(loop = 0; loop < 512; loop++)
274 if(block[loop])
275 ENGINE_free(block[loop]);
276 ENGINE_cleanup();
277 CRYPTO_cleanup_all_ex_data();
278 ERR_free_strings();
279 ERR_remove_state(0);
280 CRYPTO_mem_leaks_fp(stderr);
281 return to_return;
282 }
283#endif
diff --git a/src/lib/libcrypto/engine/hw.ec b/src/lib/libcrypto/engine/hw.ec
new file mode 100644
index 0000000000..5481a43918
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw.ec
@@ -0,0 +1,8 @@
1L AEPHK hw_aep_err.h hw_aep_err.c
2L ATALLA hw_atalla_err.h hw_atalla_err.c
3L CSWIFT hw_cswift_err.h hw_cswift_err.c
4L HWCRHK hw_ncipher_err.h hw_ncipher_err.c
5L NURON hw_nuron_err.h hw_nuron_err.c
6L SUREWARE hw_sureware_err.h hw_sureware_err.c
7L UBSEC hw_ubsec_err.h hw_ubsec_err.c
8L CCA4758 hw_4758_cca_err.h hw_4758_cca_err.c
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
new file mode 100644
index 0000000000..4f5ae8a46d
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -0,0 +1,969 @@
1/* Author: Maurice Gittens <maurice@gittens.nl> */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57#include <openssl/crypto.h>
58/* #include <openssl/pem.h> */
59#include "cryptlib.h"
60#include <openssl/dso.h>
61#include <openssl/x509.h>
62#include <openssl/objects.h>
63#include <openssl/engine.h>
64
65#ifndef OPENSSL_NO_HW
66#ifndef OPENSSL_NO_HW_4758_CCA
67
68#ifdef FLAT_INC
69#include "hw_4758_cca.h"
70#else
71#include "vendor_defns/hw_4758_cca.h"
72#endif
73
74#include "hw_4758_cca_err.c"
75
76static int ibm_4758_cca_destroy(ENGINE *e);
77static int ibm_4758_cca_init(ENGINE *e);
78static int ibm_4758_cca_finish(ENGINE *e);
79static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
80
81/* rsa functions */
82/*---------------*/
83#ifndef OPENSSL_NO_RSA
84static int cca_rsa_pub_enc(int flen, const unsigned char *from,
85 unsigned char *to, RSA *rsa,int padding);
86static int cca_rsa_priv_dec(int flen, const unsigned char *from,
87 unsigned char *to, RSA *rsa,int padding);
88static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
89 unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
90static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
91 unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
92
93/* utility functions */
94/*-----------------------*/
95static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
96 UI_METHOD *ui_method, void *callback_data);
97static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
98 UI_METHOD *ui_method, void *callback_data);
99
100static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
101 unsigned char *exponent, long *modulusLength,
102 long *modulusFieldLength, unsigned char *modulus);
103#endif
104
105/* RAND number functions */
106/*-----------------------*/
107static int cca_get_random_bytes(unsigned char*, int );
108static int cca_random_status(void);
109
110static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
111 int idx,long argl, void *argp);
112
113/* Function pointers for CCA verbs */
114/*---------------------------------*/
115#ifndef OPENSSL_NO_RSA
116static F_KEYRECORDREAD keyRecordRead;
117static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
118static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
119static F_PUBLICKEYEXTRACT publicKeyExtract;
120static F_PKAENCRYPT pkaEncrypt;
121static F_PKADECRYPT pkaDecrypt;
122#endif
123static F_RANDOMNUMBERGENERATE randomNumberGenerate;
124
125/* static variables */
126/*------------------*/
127static const char *CCA4758_LIB_NAME = NULL;
128static const char *get_CCA4758_LIB_NAME(void)
129 {
130 if(CCA4758_LIB_NAME)
131 return CCA4758_LIB_NAME;
132 return CCA_LIB_NAME;
133 }
134static void free_CCA4758_LIB_NAME(void)
135 {
136 if(CCA4758_LIB_NAME)
137 OPENSSL_free((void*)CCA4758_LIB_NAME);
138 CCA4758_LIB_NAME = NULL;
139 }
140static long set_CCA4758_LIB_NAME(const char *name)
141 {
142 free_CCA4758_LIB_NAME();
143 return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
144 }
145#ifndef OPENSSL_NO_RSA
146static const char* n_keyRecordRead = CSNDKRR;
147static const char* n_digitalSignatureGenerate = CSNDDSG;
148static const char* n_digitalSignatureVerify = CSNDDSV;
149static const char* n_publicKeyExtract = CSNDPKX;
150static const char* n_pkaEncrypt = CSNDPKE;
151static const char* n_pkaDecrypt = CSNDPKD;
152#endif
153static const char* n_randomNumberGenerate = CSNBRNG;
154
155static int hndidx = -1;
156static DSO *dso = NULL;
157
158/* openssl engine initialization structures */
159/*------------------------------------------*/
160
161#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
162static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
163 {CCA4758_CMD_SO_PATH,
164 "SO_PATH",
165 "Specifies the path to the '4758cca' shared library",
166 ENGINE_CMD_FLAG_STRING},
167 {0, NULL, NULL, 0}
168 };
169
170#ifndef OPENSSL_NO_RSA
171static RSA_METHOD ibm_4758_cca_rsa =
172 {
173 "IBM 4758 CCA RSA method",
174 cca_rsa_pub_enc,
175 NULL,
176 NULL,
177 cca_rsa_priv_dec,
178 NULL, /*rsa_mod_exp,*/
179 NULL, /*mod_exp_mont,*/
180 NULL, /* init */
181 NULL, /* finish */
182 RSA_FLAG_SIGN_VER, /* flags */
183 NULL, /* app_data */
184 cca_rsa_sign, /* rsa_sign */
185 cca_rsa_verify /* rsa_verify */
186 };
187#endif
188
189static RAND_METHOD ibm_4758_cca_rand =
190 {
191 /* "IBM 4758 RAND method", */
192 NULL, /* seed */
193 cca_get_random_bytes, /* get random bytes from the card */
194 NULL, /* cleanup */
195 NULL, /* add */
196 cca_get_random_bytes, /* pseudo rand */
197 cca_random_status, /* status */
198 };
199
200static const char *engine_4758_cca_id = "4758cca";
201static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
202
203/* engine implementation */
204/*-----------------------*/
205static int bind_helper(ENGINE *e)
206 {
207 if(!ENGINE_set_id(e, engine_4758_cca_id) ||
208 !ENGINE_set_name(e, engine_4758_cca_name) ||
209#ifndef OPENSSL_NO_RSA
210 !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
211#endif
212 !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
213 !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
214 !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
215 !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
216 !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
217 !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
218 !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
219 !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
220 return 0;
221 /* Ensure the error handling is set up */
222 ERR_load_CCA4758_strings();
223 return 1;
224 }
225
226#ifndef ENGINE_DYNAMIC_SUPPORT
227static ENGINE *engine_4758_cca(void)
228 {
229 ENGINE *ret = ENGINE_new();
230 if(!ret)
231 return NULL;
232 if(!bind_helper(ret))
233 {
234 ENGINE_free(ret);
235 return NULL;
236 }
237 return ret;
238 }
239
240void ENGINE_load_4758cca(void)
241 {
242 ENGINE *e_4758 = engine_4758_cca();
243 if (!e_4758) return;
244 ENGINE_add(e_4758);
245 ENGINE_free(e_4758);
246 ERR_clear_error();
247 }
248#endif
249
250static int ibm_4758_cca_destroy(ENGINE *e)
251 {
252 ERR_unload_CCA4758_strings();
253 free_CCA4758_LIB_NAME();
254 return 1;
255 }
256
257static int ibm_4758_cca_init(ENGINE *e)
258 {
259 if(dso)
260 {
261 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
262 goto err;
263 }
264
265 dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
266 if(!dso)
267 {
268 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
269 goto err;
270 }
271
272#ifndef OPENSSL_NO_RSA
273 if(!(keyRecordRead = (F_KEYRECORDREAD)
274 DSO_bind_func(dso, n_keyRecordRead)) ||
275 !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
276 DSO_bind_func(dso, n_randomNumberGenerate)) ||
277 !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
278 DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
279 !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
280 DSO_bind_func(dso, n_digitalSignatureVerify)) ||
281 !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
282 DSO_bind_func(dso, n_publicKeyExtract)) ||
283 !(pkaEncrypt = (F_PKAENCRYPT)
284 DSO_bind_func(dso, n_pkaEncrypt)) ||
285 !(pkaDecrypt = (F_PKADECRYPT)
286 DSO_bind_func(dso, n_pkaDecrypt)))
287 {
288 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
289 goto err;
290 }
291#else
292 if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
293 DSO_bind_func(dso, n_randomNumberGenerate)))
294 {
295 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
296 goto err;
297 }
298#endif
299
300 hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
301 NULL, NULL, cca_ex_free);
302
303 return 1;
304err:
305 if(dso)
306 DSO_free(dso);
307 dso = NULL;
308
309 keyRecordRead = (F_KEYRECORDREAD)0;
310 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
311 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
312 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
313 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
314 pkaEncrypt = (F_PKAENCRYPT)0;
315 pkaDecrypt = (F_PKADECRYPT)0;
316 return 0;
317 }
318
319static int ibm_4758_cca_finish(ENGINE *e)
320 {
321 free_CCA4758_LIB_NAME();
322 if(!dso)
323 {
324 CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
325 CCA4758_R_NOT_LOADED);
326 return 0;
327 }
328 if(!DSO_free(dso))
329 {
330 CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
331 CCA4758_R_UNIT_FAILURE);
332 return 0;
333 }
334 dso = NULL;
335 keyRecordRead = (F_KEYRECORDREAD)0;
336 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
337 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
338 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
339 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
340 pkaEncrypt = (F_PKAENCRYPT)0;
341 pkaDecrypt = (F_PKADECRYPT)0;
342 return 1;
343 }
344
345static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
346 {
347 int initialised = ((dso == NULL) ? 0 : 1);
348 switch(cmd)
349 {
350 case CCA4758_CMD_SO_PATH:
351 if(p == NULL)
352 {
353 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
354 ERR_R_PASSED_NULL_PARAMETER);
355 return 0;
356 }
357 if(initialised)
358 {
359 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
360 CCA4758_R_ALREADY_LOADED);
361 return 0;
362 }
363 return set_CCA4758_LIB_NAME((const char *)p);
364 default:
365 break;
366 }
367 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
368 CCA4758_R_COMMAND_NOT_IMPLEMENTED);
369 return 0;
370 }
371
372#ifndef OPENSSL_NO_RSA
373
374#define MAX_CCA_PKA_TOKEN_SIZE 2500
375
376static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
377 UI_METHOD *ui_method, void *callback_data)
378 {
379 RSA *rtmp = NULL;
380 EVP_PKEY *res = NULL;
381 unsigned char* keyToken = NULL;
382 unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
383 long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
384 long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
385 long returnCode;
386 long reasonCode;
387 long exitDataLength = 0;
388 long ruleArrayLength = 0;
389 unsigned char exitData[8];
390 unsigned char ruleArray[8];
391 unsigned char keyLabel[64];
392 long keyLabelLength = strlen(key_id);
393 unsigned char modulus[256];
394 long modulusFieldLength = sizeof(modulus);
395 long modulusLength = 0;
396 unsigned char exponent[256];
397 long exponentLength = sizeof(exponent);
398
399 if (keyLabelLength > sizeof(keyLabel))
400 {
401 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
402 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
403 return NULL;
404 }
405
406 memset(keyLabel,' ', sizeof(keyLabel));
407 memcpy(keyLabel, key_id, keyLabelLength);
408
409 keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
410 if (!keyToken)
411 {
412 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
413 ERR_R_MALLOC_FAILURE);
414 goto err;
415 }
416
417 keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
418 exitData, &ruleArrayLength, ruleArray, keyLabel,
419 &keyTokenLength, keyToken+sizeof(long));
420
421 if (returnCode)
422 {
423 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
424 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
425 goto err;
426 }
427
428 publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
429 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
430 keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
431
432 if (returnCode)
433 {
434 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
435 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
436 goto err;
437 }
438
439 if (!getModulusAndExponent(pubKeyToken, &exponentLength,
440 exponent, &modulusLength, &modulusFieldLength,
441 modulus))
442 {
443 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
444 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
445 goto err;
446 }
447
448 (*(long*)keyToken) = keyTokenLength;
449 rtmp = RSA_new_method(e);
450 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
451
452 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
453 rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
454 rtmp->flags |= RSA_FLAG_EXT_PKEY;
455
456 res = EVP_PKEY_new();
457 EVP_PKEY_assign_RSA(res, rtmp);
458
459 return res;
460err:
461 if (keyToken)
462 OPENSSL_free(keyToken);
463 if (res)
464 EVP_PKEY_free(res);
465 if (rtmp)
466 RSA_free(rtmp);
467 return NULL;
468 }
469
470static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
471 UI_METHOD *ui_method, void *callback_data)
472 {
473 RSA *rtmp = NULL;
474 EVP_PKEY *res = NULL;
475 unsigned char* keyToken = NULL;
476 long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
477 long returnCode;
478 long reasonCode;
479 long exitDataLength = 0;
480 long ruleArrayLength = 0;
481 unsigned char exitData[8];
482 unsigned char ruleArray[8];
483 unsigned char keyLabel[64];
484 long keyLabelLength = strlen(key_id);
485 unsigned char modulus[512];
486 long modulusFieldLength = sizeof(modulus);
487 long modulusLength = 0;
488 unsigned char exponent[512];
489 long exponentLength = sizeof(exponent);
490
491 if (keyLabelLength > sizeof(keyLabel))
492 {
493 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
494 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
495 return NULL;
496 }
497
498 memset(keyLabel,' ', sizeof(keyLabel));
499 memcpy(keyLabel, key_id, keyLabelLength);
500
501 keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
502 if (!keyToken)
503 {
504 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,
505 ERR_R_MALLOC_FAILURE);
506 goto err;
507 }
508
509 keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
510 &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
511 keyToken+sizeof(long));
512
513 if (returnCode)
514 {
515 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
516 ERR_R_MALLOC_FAILURE);
517 goto err;
518 }
519
520 if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
521 exponent, &modulusLength, &modulusFieldLength, modulus))
522 {
523 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
524 CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
525 goto err;
526 }
527
528 (*(long*)keyToken) = keyTokenLength;
529 rtmp = RSA_new_method(e);
530 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
531 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
532 rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
533 rtmp->flags |= RSA_FLAG_EXT_PKEY;
534 res = EVP_PKEY_new();
535 EVP_PKEY_assign_RSA(res, rtmp);
536
537 return res;
538err:
539 if (keyToken)
540 OPENSSL_free(keyToken);
541 if (res)
542 EVP_PKEY_free(res);
543 if (rtmp)
544 RSA_free(rtmp);
545 return NULL;
546 }
547
548static int cca_rsa_pub_enc(int flen, const unsigned char *from,
549 unsigned char *to, RSA *rsa,int padding)
550 {
551 long returnCode;
552 long reasonCode;
553 long lflen = flen;
554 long exitDataLength = 0;
555 unsigned char exitData[8];
556 long ruleArrayLength = 1;
557 unsigned char ruleArray[8] = "PKCS-1.2";
558 long dataStructureLength = 0;
559 unsigned char dataStructure[8];
560 long outputLength = RSA_size(rsa);
561 long keyTokenLength;
562 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
563
564 keyTokenLength = *(long*)keyToken;
565 keyToken+=sizeof(long);
566
567 pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
568 &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
569 &dataStructureLength, dataStructure, &keyTokenLength,
570 keyToken, &outputLength, to);
571
572 if (returnCode || reasonCode)
573 return -(returnCode << 16 | reasonCode);
574 return outputLength;
575 }
576
577static int cca_rsa_priv_dec(int flen, const unsigned char *from,
578 unsigned char *to, RSA *rsa,int padding)
579 {
580 long returnCode;
581 long reasonCode;
582 long lflen = flen;
583 long exitDataLength = 0;
584 unsigned char exitData[8];
585 long ruleArrayLength = 1;
586 unsigned char ruleArray[8] = "PKCS-1.2";
587 long dataStructureLength = 0;
588 unsigned char dataStructure[8];
589 long outputLength = RSA_size(rsa);
590 long keyTokenLength;
591 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
592
593 keyTokenLength = *(long*)keyToken;
594 keyToken+=sizeof(long);
595
596 pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
597 &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
598 &dataStructureLength, dataStructure, &keyTokenLength,
599 keyToken, &outputLength, to);
600
601 return (returnCode | reasonCode) ? 0 : 1;
602 }
603
604#define SSL_SIG_LEN 36
605
606static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
607 unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
608 {
609 long returnCode;
610 long reasonCode;
611 long lsiglen = siglen;
612 long exitDataLength = 0;
613 unsigned char exitData[8];
614 long ruleArrayLength = 1;
615 unsigned char ruleArray[8] = "PKCS-1.1";
616 long keyTokenLength;
617 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
618 long length = SSL_SIG_LEN;
619 long keyLength ;
620 unsigned char *hashBuffer = NULL;
621 X509_SIG sig;
622 ASN1_TYPE parameter;
623 X509_ALGOR algorithm;
624 ASN1_OCTET_STRING digest;
625
626 keyTokenLength = *(long*)keyToken;
627 keyToken+=sizeof(long);
628
629 if (type == NID_md5 || type == NID_sha1)
630 {
631 sig.algor = &algorithm;
632 algorithm.algorithm = OBJ_nid2obj(type);
633
634 if (!algorithm.algorithm)
635 {
636 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
637 CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
638 return 0;
639 }
640
641 if (!algorithm.algorithm->length)
642 {
643 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
644 CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
645 return 0;
646 }
647
648 parameter.type = V_ASN1_NULL;
649 parameter.value.ptr = NULL;
650 algorithm.parameter = &parameter;
651
652 sig.digest = &digest;
653 sig.digest->data = (unsigned char*)m;
654 sig.digest->length = m_len;
655
656 length = i2d_X509_SIG(&sig, NULL);
657 }
658
659 keyLength = RSA_size(rsa);
660
661 if (length - RSA_PKCS1_PADDING > keyLength)
662 {
663 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
664 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
665 return 0;
666 }
667
668 switch (type)
669 {
670 case NID_md5_sha1 :
671 if (m_len != SSL_SIG_LEN)
672 {
673 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
674 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
675 return 0;
676 }
677
678 hashBuffer = (unsigned char *)m;
679 length = m_len;
680 break;
681 case NID_md5 :
682 {
683 unsigned char *ptr;
684 ptr = hashBuffer = OPENSSL_malloc(
685 (unsigned int)keyLength+1);
686 if (!hashBuffer)
687 {
688 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
689 ERR_R_MALLOC_FAILURE);
690 return 0;
691 }
692
693 i2d_X509_SIG(&sig, &ptr);
694 }
695 break;
696 case NID_sha1 :
697 {
698 unsigned char *ptr;
699 ptr = hashBuffer = OPENSSL_malloc(
700 (unsigned int)keyLength+1);
701 if (!hashBuffer)
702 {
703 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
704 ERR_R_MALLOC_FAILURE);
705 return 0;
706 }
707 i2d_X509_SIG(&sig, &ptr);
708 }
709 break;
710 default:
711 return 0;
712 }
713
714 digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
715 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
716 keyToken, &length, hashBuffer, &lsiglen, sigbuf);
717
718 if (type == NID_sha1 || type == NID_md5)
719 {
720 OPENSSL_cleanse(hashBuffer, keyLength+1);
721 OPENSSL_free(hashBuffer);
722 }
723
724 return ((returnCode || reasonCode) ? 0 : 1);
725 }
726
727#define SSL_SIG_LEN 36
728
729static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
730 unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
731 {
732 long returnCode;
733 long reasonCode;
734 long exitDataLength = 0;
735 unsigned char exitData[8];
736 long ruleArrayLength = 1;
737 unsigned char ruleArray[8] = "PKCS-1.1";
738 long outputLength=256;
739 long outputBitLength;
740 long keyTokenLength;
741 unsigned char *hashBuffer = NULL;
742 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
743 long length = SSL_SIG_LEN;
744 long keyLength ;
745 X509_SIG sig;
746 ASN1_TYPE parameter;
747 X509_ALGOR algorithm;
748 ASN1_OCTET_STRING digest;
749
750 keyTokenLength = *(long*)keyToken;
751 keyToken+=sizeof(long);
752
753 if (type == NID_md5 || type == NID_sha1)
754 {
755 sig.algor = &algorithm;
756 algorithm.algorithm = OBJ_nid2obj(type);
757
758 if (!algorithm.algorithm)
759 {
760 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
761 CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
762 return 0;
763 }
764
765 if (!algorithm.algorithm->length)
766 {
767 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
768 CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
769 return 0;
770 }
771
772 parameter.type = V_ASN1_NULL;
773 parameter.value.ptr = NULL;
774 algorithm.parameter = &parameter;
775
776 sig.digest = &digest;
777 sig.digest->data = (unsigned char*)m;
778 sig.digest->length = m_len;
779
780 length = i2d_X509_SIG(&sig, NULL);
781 }
782
783 keyLength = RSA_size(rsa);
784
785 if (length - RSA_PKCS1_PADDING > keyLength)
786 {
787 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
788 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
789 return 0;
790 }
791
792 switch (type)
793 {
794 case NID_md5_sha1 :
795 if (m_len != SSL_SIG_LEN)
796 {
797 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
798 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
799 return 0;
800 }
801 hashBuffer = (unsigned char*)m;
802 length = m_len;
803 break;
804 case NID_md5 :
805 {
806 unsigned char *ptr;
807 ptr = hashBuffer = OPENSSL_malloc(
808 (unsigned int)keyLength+1);
809 if (!hashBuffer)
810 {
811 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
812 ERR_R_MALLOC_FAILURE);
813 return 0;
814 }
815 i2d_X509_SIG(&sig, &ptr);
816 }
817 break;
818 case NID_sha1 :
819 {
820 unsigned char *ptr;
821 ptr = hashBuffer = OPENSSL_malloc(
822 (unsigned int)keyLength+1);
823 if (!hashBuffer)
824 {
825 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
826 ERR_R_MALLOC_FAILURE);
827 return 0;
828 }
829 i2d_X509_SIG(&sig, &ptr);
830 }
831 break;
832 default:
833 return 0;
834 }
835
836 digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
837 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
838 keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
839 sigret);
840
841 if (type == NID_sha1 || type == NID_md5)
842 {
843 OPENSSL_cleanse(hashBuffer, keyLength+1);
844 OPENSSL_free(hashBuffer);
845 }
846
847 *siglen = outputLength;
848
849 return ((returnCode || reasonCode) ? 0 : 1);
850 }
851
852static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
853 unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
854 unsigned char *modulus)
855 {
856 unsigned long len;
857
858 if (*token++ != (char)0x1E) /* internal PKA token? */
859 return 0;
860
861 if (*token++) /* token version must be zero */
862 return 0;
863
864 len = *token++;
865 len = len << 8;
866 len |= (unsigned char)*token++;
867
868 token += 4; /* skip reserved bytes */
869
870 if (*token++ == (char)0x04)
871 {
872 if (*token++) /* token version must be zero */
873 return 0;
874
875 len = *token++;
876 len = len << 8;
877 len |= (unsigned char)*token++;
878
879 token+=2; /* skip reserved section */
880
881 len = *token++;
882 len = len << 8;
883 len |= (unsigned char)*token++;
884
885 *exponentLength = len;
886
887 len = *token++;
888 len = len << 8;
889 len |= (unsigned char)*token++;
890
891 *modulusLength = len;
892
893 len = *token++;
894 len = len << 8;
895 len |= (unsigned char)*token++;
896
897 *modulusFieldLength = len;
898
899 memcpy(exponent, token, *exponentLength);
900 token+= *exponentLength;
901
902 memcpy(modulus, token, *modulusFieldLength);
903 return 1;
904 }
905 return 0;
906 }
907
908#endif /* OPENSSL_NO_RSA */
909
910static int cca_random_status(void)
911 {
912 return 1;
913 }
914
915static int cca_get_random_bytes(unsigned char* buf, int num)
916 {
917 long ret_code;
918 long reason_code;
919 long exit_data_length;
920 unsigned char exit_data[4];
921 unsigned char form[] = "RANDOM ";
922 unsigned char rand_buf[8];
923
924 while(num >= sizeof(rand_buf))
925 {
926 randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
927 exit_data, form, rand_buf);
928 if (ret_code)
929 return 0;
930 num -= sizeof(rand_buf);
931 memcpy(buf, rand_buf, sizeof(rand_buf));
932 buf += sizeof(rand_buf);
933 }
934
935 if (num)
936 {
937 randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
938 form, rand_buf);
939 if (ret_code)
940 return 0;
941 memcpy(buf, rand_buf, num);
942 }
943
944 return 1;
945 }
946
947static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
948 long argl, void *argp)
949 {
950 if (item)
951 OPENSSL_free(item);
952 }
953
954/* Goo to handle building as a dynamic engine */
955#ifdef ENGINE_DYNAMIC_SUPPORT
956static int bind_fn(ENGINE *e, const char *id)
957 {
958 if(id && (strcmp(id, engine_4758_cca_id) != 0))
959 return 0;
960 if(!bind_helper(e))
961 return 0;
962 return 1;
963 }
964IMPLEMENT_DYNAMIC_CHECK_FN()
965IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
966#endif /* ENGINE_DYNAMIC_SUPPORT */
967
968#endif /* !OPENSSL_NO_HW_4758_CCA */
969#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.c b/src/lib/libcrypto/engine/hw_4758_cca_err.c
new file mode 100644
index 0000000000..7ea5c63707
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.c
@@ -0,0 +1,149 @@
1/* hw_4758_cca_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_4758_cca_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA CCA4758_str_functs[]=
68 {
69{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0), "IBM_4758_CCA_CTRL"},
70{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0), "IBM_4758_CCA_FINISH"},
71{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0), "IBM_4758_CCA_INIT"},
72{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0), "IBM_4758_CCA_LOAD_PRIVKEY"},
73{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0), "IBM_4758_CCA_LOAD_PUBKEY"},
74{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0), "IBM_4758_CCA_SIGN"},
75{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0), "IBM_4758_CCA_VERIFY"},
76{0,NULL}
77 };
78
79static ERR_STRING_DATA CCA4758_str_reasons[]=
80 {
81{CCA4758_R_ALREADY_LOADED ,"already loaded"},
82{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD ,"asn1 oid unknown for md"},
83{CCA4758_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
84{CCA4758_R_DSO_FAILURE ,"dso failure"},
85{CCA4758_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"},
86{CCA4758_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"},
87{CCA4758_R_NOT_LOADED ,"not loaded"},
88{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
89{CCA4758_R_UNIT_FAILURE ,"unit failure"},
90{CCA4758_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
91{0,NULL}
92 };
93
94#endif
95
96#ifdef CCA4758_LIB_NAME
97static ERR_STRING_DATA CCA4758_lib_name[]=
98 {
99{0 ,CCA4758_LIB_NAME},
100{0,NULL}
101 };
102#endif
103
104
105static int CCA4758_lib_error_code=0;
106static int CCA4758_error_init=1;
107
108static void ERR_load_CCA4758_strings(void)
109 {
110 if (CCA4758_lib_error_code == 0)
111 CCA4758_lib_error_code=ERR_get_next_error_library();
112
113 if (CCA4758_error_init)
114 {
115 CCA4758_error_init=0;
116#ifndef OPENSSL_NO_ERR
117 ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
118 ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
119#endif
120
121#ifdef CCA4758_LIB_NAME
122 CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
123 ERR_load_strings(0,CCA4758_lib_name);
124#endif
125 }
126 }
127
128static void ERR_unload_CCA4758_strings(void)
129 {
130 if (CCA4758_error_init == 0)
131 {
132#ifndef OPENSSL_NO_ERR
133 ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
134 ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
135#endif
136
137#ifdef CCA4758_LIB_NAME
138 ERR_unload_strings(0,CCA4758_lib_name);
139#endif
140 CCA4758_error_init=1;
141 }
142 }
143
144static void ERR_CCA4758_error(int function, int reason, char *file, int line)
145 {
146 if (CCA4758_lib_error_code == 0)
147 CCA4758_lib_error_code=ERR_get_next_error_library();
148 ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
149 }
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.h b/src/lib/libcrypto/engine/hw_4758_cca_err.h
new file mode 100644
index 0000000000..2fc563ab11
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.h
@@ -0,0 +1,93 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CCA4758_ERR_H
56#define HEADER_CCA4758_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_CCA4758_strings(void);
63static void ERR_unload_CCA4758_strings(void);
64static void ERR_CCA4758_error(int function, int reason, char *file, int line);
65#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the CCA4758 functions. */
68
69/* Function codes. */
70#define CCA4758_F_IBM_4758_CCA_CTRL 100
71#define CCA4758_F_IBM_4758_CCA_FINISH 101
72#define CCA4758_F_IBM_4758_CCA_INIT 102
73#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY 103
74#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY 104
75#define CCA4758_F_IBM_4758_CCA_SIGN 105
76#define CCA4758_F_IBM_4758_CCA_VERIFY 106
77
78/* Reason codes. */
79#define CCA4758_R_ALREADY_LOADED 100
80#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
81#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
82#define CCA4758_R_DSO_FAILURE 103
83#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
84#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
85#define CCA4758_R_NOT_LOADED 106
86#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
87#define CCA4758_R_UNIT_FAILURE 108
88#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
89
90#ifdef __cplusplus
91}
92#endif
93#endif
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
new file mode 100644
index 0000000000..5f1772ea99
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -0,0 +1,1120 @@
1/* crypto/engine/hw_aep.c */
2/*
3 */
4/* ====================================================================
5 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include <openssl/bn.h>
60#include <string.h>
61
62#include <openssl/e_os2.h>
63#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
64#include <sys/types.h>
65#include <unistd.h>
66#else
67#include <process.h>
68typedef int pid_t;
69#endif
70
71#include <openssl/crypto.h>
72#include <openssl/dso.h>
73#include <openssl/engine.h>
74#include <openssl/buffer.h>
75
76#ifndef OPENSSL_NO_HW
77#ifndef OPENSSL_NO_HW_AEP
78#ifdef FLAT_INC
79#include "aep.h"
80#else
81#include "vendor_defns/aep.h"
82#endif
83
84#define AEP_LIB_NAME "aep engine"
85#define FAIL_TO_SW 0x10101010
86
87#include "hw_aep_err.c"
88
89static int aep_init(ENGINE *e);
90static int aep_finish(ENGINE *e);
91static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
92static int aep_destroy(ENGINE *e);
93
94static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
95static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
96static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
97static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
98
99/* BIGNUM stuff */
100static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
101 const BIGNUM *m, BN_CTX *ctx);
102
103static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p,
104 const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
105 const BIGNUM *iqmp, BN_CTX *ctx);
106
107/* RSA stuff */
108#ifndef OPENSSL_NO_RSA
109static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
110#endif
111
112/* This function is aliased to mod_exp (with the mont stuff dropped). */
113static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
114 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
115
116/* DSA stuff */
117#ifndef OPENSSL_NO_DSA
118static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
119 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
120 BN_CTX *ctx, BN_MONT_CTX *in_mont);
121
122static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
123 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
124 BN_MONT_CTX *m_ctx);
125#endif
126
127/* DH stuff */
128/* This function is aliased to mod_exp (with the DH and mont dropped). */
129#ifndef OPENSSL_NO_DH
130static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
131 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
132#endif
133
134/* rand stuff */
135#ifdef AEPRAND
136static int aep_rand(unsigned char *buf, int num);
137static int aep_rand_status(void);
138#endif
139
140/* Bignum conversion stuff */
141static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
142static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
143 unsigned char* AEP_BigNum);
144static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
145 unsigned char* AEP_BigNum);
146
147/* The definitions for control commands specific to this engine */
148#define AEP_CMD_SO_PATH ENGINE_CMD_BASE
149static const ENGINE_CMD_DEFN aep_cmd_defns[] =
150 {
151 { AEP_CMD_SO_PATH,
152 "SO_PATH",
153 "Specifies the path to the 'aep' shared library",
154 ENGINE_CMD_FLAG_STRING
155 },
156 {0, NULL, NULL, 0}
157 };
158
159#ifndef OPENSSL_NO_RSA
160/* Our internal RSA_METHOD that we provide pointers to */
161static RSA_METHOD aep_rsa =
162 {
163 "Aep RSA method",
164 NULL, /*rsa_pub_encrypt*/
165 NULL, /*rsa_pub_decrypt*/
166 NULL, /*rsa_priv_encrypt*/
167 NULL, /*rsa_priv_encrypt*/
168 aep_rsa_mod_exp, /*rsa_mod_exp*/
169 aep_mod_exp_mont, /*bn_mod_exp*/
170 NULL, /*init*/
171 NULL, /*finish*/
172 0, /*flags*/
173 NULL, /*app_data*/
174 NULL, /*rsa_sign*/
175 NULL /*rsa_verify*/
176 };
177#endif
178
179#ifndef OPENSSL_NO_DSA
180/* Our internal DSA_METHOD that we provide pointers to */
181static DSA_METHOD aep_dsa =
182 {
183 "Aep DSA method",
184 NULL, /* dsa_do_sign */
185 NULL, /* dsa_sign_setup */
186 NULL, /* dsa_do_verify */
187 aep_dsa_mod_exp, /* dsa_mod_exp */
188 aep_mod_exp_dsa, /* bn_mod_exp */
189 NULL, /* init */
190 NULL, /* finish */
191 0, /* flags */
192 NULL /* app_data */
193 };
194#endif
195
196#ifndef OPENSSL_NO_DH
197/* Our internal DH_METHOD that we provide pointers to */
198static DH_METHOD aep_dh =
199 {
200 "Aep DH method",
201 NULL,
202 NULL,
203 aep_mod_exp_dh,
204 NULL,
205 NULL,
206 0,
207 NULL
208 };
209#endif
210
211#ifdef AEPRAND
212/* our internal RAND_method that we provide pointers to */
213static RAND_METHOD aep_random =
214 {
215 /*"AEP RAND method", */
216 NULL,
217 aep_rand,
218 NULL,
219 NULL,
220 aep_rand,
221 aep_rand_status,
222 };
223#endif
224
225/*Define an array of structures to hold connections*/
226static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
227
228/*Used to determine if this is a new process*/
229static pid_t recorded_pid = 0;
230
231#ifdef AEPRAND
232static AEP_U8 rand_block[RAND_BLK_SIZE];
233static AEP_U32 rand_block_bytes = 0;
234#endif
235
236/* Constants used when creating the ENGINE */
237static const char *engine_aep_id = "aep";
238static const char *engine_aep_name = "Aep hardware engine support";
239
240static int max_key_len = 2176;
241
242
243/* This internal function is used by ENGINE_aep() and possibly by the
244 * "dynamic" ENGINE support too */
245static int bind_aep(ENGINE *e)
246 {
247#ifndef OPENSSL_NO_RSA
248 const RSA_METHOD *meth1;
249#endif
250#ifndef OPENSSL_NO_DSA
251 const DSA_METHOD *meth2;
252#endif
253#ifndef OPENSSL_NO_DH
254 const DH_METHOD *meth3;
255#endif
256
257 if(!ENGINE_set_id(e, engine_aep_id) ||
258 !ENGINE_set_name(e, engine_aep_name) ||
259#ifndef OPENSSL_NO_RSA
260 !ENGINE_set_RSA(e, &aep_rsa) ||
261#endif
262#ifndef OPENSSL_NO_DSA
263 !ENGINE_set_DSA(e, &aep_dsa) ||
264#endif
265#ifndef OPENSSL_NO_DH
266 !ENGINE_set_DH(e, &aep_dh) ||
267#endif
268#ifdef AEPRAND
269 !ENGINE_set_RAND(e, &aep_random) ||
270#endif
271 !ENGINE_set_init_function(e, aep_init) ||
272 !ENGINE_set_destroy_function(e, aep_destroy) ||
273 !ENGINE_set_finish_function(e, aep_finish) ||
274 !ENGINE_set_ctrl_function(e, aep_ctrl) ||
275 !ENGINE_set_cmd_defns(e, aep_cmd_defns))
276 return 0;
277
278#ifndef OPENSSL_NO_RSA
279 /* We know that the "PKCS1_SSLeay()" functions hook properly
280 * to the aep-specific mod_exp and mod_exp_crt so we use
281 * those functions. NB: We don't use ENGINE_openssl() or
282 * anything "more generic" because something like the RSAref
283 * code may not hook properly, and if you own one of these
284 * cards then you have the right to do RSA operations on it
285 * anyway! */
286 meth1 = RSA_PKCS1_SSLeay();
287 aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
288 aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
289 aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
290 aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
291#endif
292
293
294#ifndef OPENSSL_NO_DSA
295 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
296 * bits. */
297 meth2 = DSA_OpenSSL();
298 aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
299 aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
300 aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
301
302 aep_dsa = *DSA_get_default_method();
303 aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
304 aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
305#endif
306
307#ifndef OPENSSL_NO_DH
308 /* Much the same for Diffie-Hellman */
309 meth3 = DH_OpenSSL();
310 aep_dh.generate_key = meth3->generate_key;
311 aep_dh.compute_key = meth3->compute_key;
312 aep_dh.bn_mod_exp = meth3->bn_mod_exp;
313#endif
314
315 /* Ensure the aep error handling is set up */
316 ERR_load_AEPHK_strings();
317
318 return 1;
319}
320
321#ifdef ENGINE_DYNAMIC_SUPPORT
322static int bind_helper(ENGINE *e, const char *id)
323 {
324 if(id && (strcmp(id, engine_aep_id) != 0))
325 return 0;
326 if(!bind_aep(e))
327 return 0;
328 return 1;
329 }
330IMPLEMENT_DYNAMIC_CHECK_FN()
331IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
332#else
333static ENGINE *engine_aep(void)
334 {
335 ENGINE *ret = ENGINE_new();
336 if(!ret)
337 return NULL;
338 if(!bind_aep(ret))
339 {
340 ENGINE_free(ret);
341 return NULL;
342 }
343 return ret;
344 }
345
346void ENGINE_load_aep(void)
347 {
348 /* Copied from eng_[openssl|dyn].c */
349 ENGINE *toadd = engine_aep();
350 if(!toadd) return;
351 ENGINE_add(toadd);
352 ENGINE_free(toadd);
353 ERR_clear_error();
354 }
355#endif
356
357/* This is a process-global DSO handle used for loading and unloading
358 * the Aep library. NB: This is only set (or unset) during an
359 * init() or finish() call (reference counts permitting) and they're
360 * operating with global locks, so this should be thread-safe
361 * implicitly. */
362static DSO *aep_dso = NULL;
363
364/* These are the static string constants for the DSO file name and the function
365 * symbol names to bind to.
366*/
367static const char *AEP_LIBNAME = NULL;
368static const char *get_AEP_LIBNAME(void)
369 {
370 if(AEP_LIBNAME)
371 return AEP_LIBNAME;
372 return "aep";
373 }
374static void free_AEP_LIBNAME(void)
375 {
376 if(AEP_LIBNAME)
377 OPENSSL_free((void*)AEP_LIBNAME);
378 AEP_LIBNAME = NULL;
379 }
380static long set_AEP_LIBNAME(const char *name)
381 {
382 free_AEP_LIBNAME();
383 return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
384 }
385
386static const char *AEP_F1 = "AEP_ModExp";
387static const char *AEP_F2 = "AEP_ModExpCrt";
388#ifdef AEPRAND
389static const char *AEP_F3 = "AEP_GenRandom";
390#endif
391static const char *AEP_F4 = "AEP_Finalize";
392static const char *AEP_F5 = "AEP_Initialize";
393static const char *AEP_F6 = "AEP_OpenConnection";
394static const char *AEP_F7 = "AEP_SetBNCallBacks";
395static const char *AEP_F8 = "AEP_CloseConnection";
396
397/* These are the function pointers that are (un)set when the library has
398 * successfully (un)loaded. */
399static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
400static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
401static t_AEP_ModExp *p_AEP_ModExp = NULL;
402static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
403#ifdef AEPRAND
404static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
405#endif
406static t_AEP_Initialize *p_AEP_Initialize = NULL;
407static t_AEP_Finalize *p_AEP_Finalize = NULL;
408static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
409
410/* (de)initialisation functions. */
411static int aep_init(ENGINE *e)
412 {
413 t_AEP_ModExp *p1;
414 t_AEP_ModExpCrt *p2;
415#ifdef AEPRAND
416 t_AEP_GenRandom *p3;
417#endif
418 t_AEP_Finalize *p4;
419 t_AEP_Initialize *p5;
420 t_AEP_OpenConnection *p6;
421 t_AEP_SetBNCallBacks *p7;
422 t_AEP_CloseConnection *p8;
423
424 int to_return = 0;
425
426 if(aep_dso != NULL)
427 {
428 AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
429 goto err;
430 }
431 /* Attempt to load libaep.so. */
432
433 aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
434
435 if(aep_dso == NULL)
436 {
437 AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
438 goto err;
439 }
440
441 if( !(p1 = (t_AEP_ModExp *) DSO_bind_func( aep_dso,AEP_F1)) ||
442 !(p2 = (t_AEP_ModExpCrt*) DSO_bind_func( aep_dso,AEP_F2)) ||
443#ifdef AEPRAND
444 !(p3 = (t_AEP_GenRandom*) DSO_bind_func( aep_dso,AEP_F3)) ||
445#endif
446 !(p4 = (t_AEP_Finalize*) DSO_bind_func( aep_dso,AEP_F4)) ||
447 !(p5 = (t_AEP_Initialize*) DSO_bind_func( aep_dso,AEP_F5)) ||
448 !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6)) ||
449 !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7)) ||
450 !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
451 {
452 AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
453 goto err;
454 }
455
456 /* Copy the pointers */
457
458 p_AEP_ModExp = p1;
459 p_AEP_ModExpCrt = p2;
460#ifdef AEPRAND
461 p_AEP_GenRandom = p3;
462#endif
463 p_AEP_Finalize = p4;
464 p_AEP_Initialize = p5;
465 p_AEP_OpenConnection = p6;
466 p_AEP_SetBNCallBacks = p7;
467 p_AEP_CloseConnection = p8;
468
469 to_return = 1;
470
471 return to_return;
472
473 err:
474
475 if(aep_dso)
476 DSO_free(aep_dso);
477 aep_dso = NULL;
478
479 p_AEP_OpenConnection = NULL;
480 p_AEP_ModExp = NULL;
481 p_AEP_ModExpCrt = NULL;
482#ifdef AEPRAND
483 p_AEP_GenRandom = NULL;
484#endif
485 p_AEP_Initialize = NULL;
486 p_AEP_Finalize = NULL;
487 p_AEP_SetBNCallBacks = NULL;
488 p_AEP_CloseConnection = NULL;
489
490 return to_return;
491 }
492
493/* Destructor (complements the "ENGINE_aep()" constructor) */
494static int aep_destroy(ENGINE *e)
495 {
496 free_AEP_LIBNAME();
497 ERR_unload_AEPHK_strings();
498 return 1;
499 }
500
501static int aep_finish(ENGINE *e)
502 {
503 int to_return = 0, in_use;
504 AEP_RV rv;
505
506 if(aep_dso == NULL)
507 {
508 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
509 goto err;
510 }
511
512 rv = aep_close_all_connections(0, &in_use);
513 if (rv != AEP_R_OK)
514 {
515 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
516 goto err;
517 }
518 if (in_use)
519 {
520 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
521 goto err;
522 }
523
524 rv = p_AEP_Finalize();
525 if (rv != AEP_R_OK)
526 {
527 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
528 goto err;
529 }
530
531 if(!DSO_free(aep_dso))
532 {
533 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
534 goto err;
535 }
536
537 aep_dso = NULL;
538 p_AEP_CloseConnection = NULL;
539 p_AEP_OpenConnection = NULL;
540 p_AEP_ModExp = NULL;
541 p_AEP_ModExpCrt = NULL;
542#ifdef AEPRAND
543 p_AEP_GenRandom = NULL;
544#endif
545 p_AEP_Initialize = NULL;
546 p_AEP_Finalize = NULL;
547 p_AEP_SetBNCallBacks = NULL;
548
549 to_return = 1;
550 err:
551 return to_return;
552 }
553
554static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
555 {
556 int initialised = ((aep_dso == NULL) ? 0 : 1);
557 switch(cmd)
558 {
559 case AEP_CMD_SO_PATH:
560 if(p == NULL)
561 {
562 AEPHKerr(AEPHK_F_AEP_CTRL,
563 ERR_R_PASSED_NULL_PARAMETER);
564 return 0;
565 }
566 if(initialised)
567 {
568 AEPHKerr(AEPHK_F_AEP_CTRL,
569 AEPHK_R_ALREADY_LOADED);
570 return 0;
571 }
572 return set_AEP_LIBNAME((const char*)p);
573 default:
574 break;
575 }
576 AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
577 return 0;
578 }
579
580static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
581 const BIGNUM *m, BN_CTX *ctx)
582 {
583 int to_return = 0;
584 int r_len = 0;
585 AEP_CONNECTION_HNDL hConnection;
586 AEP_RV rv;
587
588 r_len = BN_num_bits(m);
589
590 /* Perform in software if modulus is too large for hardware. */
591
592 if (r_len > max_key_len){
593 AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
594 return BN_mod_exp(r, a, p, m, ctx);
595 }
596
597 /*Grab a connection from the pool*/
598 rv = aep_get_connection(&hConnection);
599 if (rv != AEP_R_OK)
600 {
601 AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
602 return BN_mod_exp(r, a, p, m, ctx);
603 }
604
605 /*To the card with the mod exp*/
606 rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
607
608 if (rv != AEP_R_OK)
609 {
610 AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
611 rv = aep_close_connection(hConnection);
612 return BN_mod_exp(r, a, p, m, ctx);
613 }
614
615 /*Return the connection to the pool*/
616 rv = aep_return_connection(hConnection);
617 if (rv != AEP_R_OK)
618 {
619 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
620 goto err;
621 }
622
623 to_return = 1;
624 err:
625 return to_return;
626 }
627
628static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
629 const BIGNUM *q, const BIGNUM *dmp1,
630 const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
631 {
632 AEP_RV rv = AEP_R_OK;
633 AEP_CONNECTION_HNDL hConnection;
634
635 /*Grab a connection from the pool*/
636 rv = aep_get_connection(&hConnection);
637 if (rv != AEP_R_OK)
638 {
639 AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
640 return FAIL_TO_SW;
641 }
642
643 /*To the card with the mod exp*/
644 rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
645 (void*)iqmp,(void*)r,NULL);
646 if (rv != AEP_R_OK)
647 {
648 AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
649 rv = aep_close_connection(hConnection);
650 return FAIL_TO_SW;
651 }
652
653 /*Return the connection to the pool*/
654 rv = aep_return_connection(hConnection);
655 if (rv != AEP_R_OK)
656 {
657 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
658 goto err;
659 }
660
661 err:
662 return rv;
663 }
664
665
666#ifdef AEPRAND
667static int aep_rand(unsigned char *buf,int len )
668 {
669 AEP_RV rv = AEP_R_OK;
670 AEP_CONNECTION_HNDL hConnection;
671
672 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
673
674 /*Can the request be serviced with what's already in the buffer?*/
675 if (len <= rand_block_bytes)
676 {
677 memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
678 rand_block_bytes -= len;
679 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
680 }
681 else
682 /*If not the get another block of random bytes*/
683 {
684 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
685
686 rv = aep_get_connection(&hConnection);
687 if (rv != AEP_R_OK)
688 {
689 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);
690 goto err_nounlock;
691 }
692
693 if (len > RAND_BLK_SIZE)
694 {
695 rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
696 if (rv != AEP_R_OK)
697 {
698 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
699 goto err_nounlock;
700 }
701 }
702 else
703 {
704 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
705
706 rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
707 if (rv != AEP_R_OK)
708 {
709 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
710
711 goto err;
712 }
713
714 rand_block_bytes = RAND_BLK_SIZE;
715
716 memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
717 rand_block_bytes -= len;
718
719 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
720 }
721
722 rv = aep_return_connection(hConnection);
723 if (rv != AEP_R_OK)
724 {
725 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
726
727 goto err_nounlock;
728 }
729 }
730
731 return 1;
732 err:
733 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
734 err_nounlock:
735 return 0;
736 }
737
738static int aep_rand_status(void)
739{
740 return 1;
741}
742#endif
743
744#ifndef OPENSSL_NO_RSA
745static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
746 {
747 BN_CTX *ctx = NULL;
748 int to_return = 0;
749 AEP_RV rv = AEP_R_OK;
750
751 if ((ctx = BN_CTX_new()) == NULL)
752 goto err;
753
754 if (!aep_dso)
755 {
756 AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
757 goto err;
758 }
759
760 /*See if we have all the necessary bits for a crt*/
761 if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
762 {
763 rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
764
765 if (rv == FAIL_TO_SW){
766 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
767 to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
768 goto err;
769 }
770 else if (rv != AEP_R_OK)
771 goto err;
772 }
773 else
774 {
775 if (!rsa->d || !rsa->n)
776 {
777 AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
778 goto err;
779 }
780
781 rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
782 if (rv != AEP_R_OK)
783 goto err;
784
785 }
786
787 to_return = 1;
788
789 err:
790 if(ctx)
791 BN_CTX_free(ctx);
792 return to_return;
793}
794#endif
795
796#ifndef OPENSSL_NO_DSA
797static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
798 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
799 BN_CTX *ctx, BN_MONT_CTX *in_mont)
800 {
801 BIGNUM t;
802 int to_return = 0;
803 BN_init(&t);
804
805 /* let rr = a1 ^ p1 mod m */
806 if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
807 /* let t = a2 ^ p2 mod m */
808 if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
809 /* let rr = rr * t mod m */
810 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
811 to_return = 1;
812 end:
813 BN_free(&t);
814 return to_return;
815 }
816
817static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
818 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
819 BN_MONT_CTX *m_ctx)
820 {
821 return aep_mod_exp(r, a, p, m, ctx);
822 }
823#endif
824
825/* This function is aliased to mod_exp (with the mont stuff dropped). */
826static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
827 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
828 {
829 return aep_mod_exp(r, a, p, m, ctx);
830 }
831
832#ifndef OPENSSL_NO_DH
833/* This function is aliased to mod_exp (with the dh and mont dropped). */
834static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
835 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
836 BN_MONT_CTX *m_ctx)
837 {
838 return aep_mod_exp(r, a, p, m, ctx);
839 }
840#endif
841
842static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
843 {
844 int count;
845 AEP_RV rv = AEP_R_OK;
846
847 /*Get the current process id*/
848 pid_t curr_pid;
849
850 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
851
852 curr_pid = getpid();
853
854 /*Check if this is the first time this is being called from the current
855 process*/
856 if (recorded_pid != curr_pid)
857 {
858 /*Remember our pid so we can check if we're in a new process*/
859 recorded_pid = curr_pid;
860
861 /*Call Finalize to make sure we have not inherited some data
862 from a parent process*/
863 p_AEP_Finalize();
864
865 /*Initialise the AEP API*/
866 rv = p_AEP_Initialize(NULL);
867
868 if (rv != AEP_R_OK)
869 {
870 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
871 recorded_pid = 0;
872 goto end;
873 }
874
875 /*Set the AEP big num call back functions*/
876 rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
877 &ConvertAEPBigNum);
878
879 if (rv != AEP_R_OK)
880 {
881 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
882 recorded_pid = 0;
883 goto end;
884 }
885
886#ifdef AEPRAND
887 /*Reset the rand byte count*/
888 rand_block_bytes = 0;
889#endif
890
891 /*Init the structures*/
892 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
893 {
894 aep_app_conn_table[count].conn_state = NotConnected;
895 aep_app_conn_table[count].conn_hndl = 0;
896 }
897
898 /*Open a connection*/
899 rv = p_AEP_OpenConnection(phConnection);
900
901 if (rv != AEP_R_OK)
902 {
903 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
904 recorded_pid = 0;
905 goto end;
906 }
907
908 aep_app_conn_table[0].conn_state = InUse;
909 aep_app_conn_table[0].conn_hndl = *phConnection;
910 goto end;
911 }
912 /*Check the existing connections to see if we can find a free one*/
913 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
914 {
915 if (aep_app_conn_table[count].conn_state == Connected)
916 {
917 aep_app_conn_table[count].conn_state = InUse;
918 *phConnection = aep_app_conn_table[count].conn_hndl;
919 goto end;
920 }
921 }
922 /*If no connections available, we're going to have to try
923 to open a new one*/
924 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
925 {
926 if (aep_app_conn_table[count].conn_state == NotConnected)
927 {
928 /*Open a connection*/
929 rv = p_AEP_OpenConnection(phConnection);
930
931 if (rv != AEP_R_OK)
932 {
933 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
934 goto end;
935 }
936
937 aep_app_conn_table[count].conn_state = InUse;
938 aep_app_conn_table[count].conn_hndl = *phConnection;
939 goto end;
940 }
941 }
942 rv = AEP_R_GENERAL_ERROR;
943 end:
944 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
945 return rv;
946 }
947
948
949static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
950 {
951 int count;
952
953 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
954
955 /*Find the connection item that matches this connection handle*/
956 for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
957 {
958 if (aep_app_conn_table[count].conn_hndl == hConnection)
959 {
960 aep_app_conn_table[count].conn_state = Connected;
961 break;
962 }
963 }
964
965 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
966
967 return AEP_R_OK;
968 }
969
970static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
971 {
972 int count;
973 AEP_RV rv = AEP_R_OK;
974
975 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
976
977 /*Find the connection item that matches this connection handle*/
978 for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
979 {
980 if (aep_app_conn_table[count].conn_hndl == hConnection)
981 {
982 rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
983 if (rv != AEP_R_OK)
984 goto end;
985 aep_app_conn_table[count].conn_state = NotConnected;
986 aep_app_conn_table[count].conn_hndl = 0;
987 break;
988 }
989 }
990
991 end:
992 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
993 return rv;
994 }
995
996static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
997 {
998 int count;
999 AEP_RV rv = AEP_R_OK;
1000
1001 *in_use = 0;
1002 if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
1003 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
1004 {
1005 switch (aep_app_conn_table[count].conn_state)
1006 {
1007 case Connected:
1008 rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
1009 if (rv != AEP_R_OK)
1010 goto end;
1011 aep_app_conn_table[count].conn_state = NotConnected;
1012 aep_app_conn_table[count].conn_hndl = 0;
1013 break;
1014 case InUse:
1015 (*in_use)++;
1016 break;
1017 case NotConnected:
1018 break;
1019 }
1020 }
1021 end:
1022 if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
1023 return rv;
1024 }
1025
1026/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
1027 Note only 32bit Openssl build support*/
1028
1029static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
1030 {
1031 BIGNUM* bn;
1032
1033 /*Cast the ArbBigNum pointer to our BIGNUM struct*/
1034 bn = (BIGNUM*) ArbBigNum;
1035
1036#ifdef SIXTY_FOUR_BIT_LONG
1037 *BigNumSize = bn->top << 3;
1038#else
1039 /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
1040 words) multiplies by 4*/
1041 *BigNumSize = bn->top << 2;
1042#endif
1043
1044 return AEP_R_OK;
1045 }
1046
1047static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
1048 unsigned char* AEP_BigNum)
1049 {
1050 BIGNUM* bn;
1051
1052#ifndef SIXTY_FOUR_BIT_LONG
1053 unsigned char* buf;
1054 int i;
1055#endif
1056
1057 /*Cast the ArbBigNum pointer to our BIGNUM struct*/
1058 bn = (BIGNUM*) ArbBigNum;
1059
1060#ifdef SIXTY_FOUR_BIT_LONG
1061 memcpy(AEP_BigNum, bn->d, BigNumSize);
1062#else
1063 /*Must copy data into a (monotone) least significant byte first format
1064 performing endian conversion if necessary*/
1065 for(i=0;i<bn->top;i++)
1066 {
1067 buf = (unsigned char*)&bn->d[i];
1068
1069 *((AEP_U32*)AEP_BigNum) = (AEP_U32)
1070 ((unsigned) buf[1] << 8 | buf[0]) |
1071 ((unsigned) buf[3] << 8 | buf[2]) << 16;
1072
1073 AEP_BigNum += 4;
1074 }
1075#endif
1076
1077 return AEP_R_OK;
1078 }
1079
1080/*Turn an AEP Big Num back to a user big num*/
1081static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
1082 unsigned char* AEP_BigNum)
1083 {
1084 BIGNUM* bn;
1085#ifndef SIXTY_FOUR_BIT_LONG
1086 int i;
1087#endif
1088
1089 bn = (BIGNUM*)ArbBigNum;
1090
1091 /*Expand the result bn so that it can hold our big num.
1092 Size is in bits*/
1093 bn_expand(bn, (int)(BigNumSize << 3));
1094
1095#ifdef SIXTY_FOUR_BIT_LONG
1096 bn->top = BigNumSize >> 3;
1097
1098 if((BigNumSize & 7) != 0)
1099 bn->top++;
1100
1101 memset(bn->d, 0, bn->top << 3);
1102
1103 memcpy(bn->d, AEP_BigNum, BigNumSize);
1104#else
1105 bn->top = BigNumSize >> 2;
1106
1107 for(i=0;i<bn->top;i++)
1108 {
1109 bn->d[i] = (AEP_U32)
1110 ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
1111 ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
1112 AEP_BigNum += 4;
1113 }
1114#endif
1115
1116 return AEP_R_OK;
1117}
1118
1119#endif /* !OPENSSL_NO_HW_AEP */
1120#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_aep_err.c b/src/lib/libcrypto/engine/hw_aep_err.c
new file mode 100644
index 0000000000..092f532946
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.c
@@ -0,0 +1,157 @@
1/* hw_aep_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_aep_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA AEPHK_str_functs[]=
68 {
69{ERR_PACK(0,AEPHK_F_AEP_CTRL,0), "AEP_CTRL"},
70{ERR_PACK(0,AEPHK_F_AEP_FINISH,0), "AEP_FINISH"},
71{ERR_PACK(0,AEPHK_F_AEP_GET_CONNECTION,0), "AEP_GET_CONNECTION"},
72{ERR_PACK(0,AEPHK_F_AEP_INIT,0), "AEP_INIT"},
73{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP,0), "AEP_MOD_EXP"},
74{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP_CRT,0), "AEP_MOD_EXP_CRT"},
75{ERR_PACK(0,AEPHK_F_AEP_RAND,0), "AEP_RAND"},
76{ERR_PACK(0,AEPHK_F_AEP_RSA_MOD_EXP,0), "AEP_RSA_MOD_EXP"},
77{0,NULL}
78 };
79
80static ERR_STRING_DATA AEPHK_str_reasons[]=
81 {
82{AEPHK_R_ALREADY_LOADED ,"already loaded"},
83{AEPHK_R_CLOSE_HANDLES_FAILED ,"close handles failed"},
84{AEPHK_R_CONNECTIONS_IN_USE ,"connections in use"},
85{AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
86{AEPHK_R_FINALIZE_FAILED ,"finalize failed"},
87{AEPHK_R_GET_HANDLE_FAILED ,"get handle failed"},
88{AEPHK_R_GET_RANDOM_FAILED ,"get random failed"},
89{AEPHK_R_INIT_FAILURE ,"init failure"},
90{AEPHK_R_MISSING_KEY_COMPONENTS ,"missing key components"},
91{AEPHK_R_MOD_EXP_CRT_FAILED ,"mod exp crt failed"},
92{AEPHK_R_MOD_EXP_FAILED ,"mod exp failed"},
93{AEPHK_R_NOT_LOADED ,"not loaded"},
94{AEPHK_R_OK ,"ok"},
95{AEPHK_R_RETURN_CONNECTION_FAILED ,"return connection failed"},
96{AEPHK_R_SETBNCALLBACK_FAILURE ,"setbncallback failure"},
97{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
98{AEPHK_R_UNIT_FAILURE ,"unit failure"},
99{0,NULL}
100 };
101
102#endif
103
104#ifdef AEPHK_LIB_NAME
105static ERR_STRING_DATA AEPHK_lib_name[]=
106 {
107{0 ,AEPHK_LIB_NAME},
108{0,NULL}
109 };
110#endif
111
112
113static int AEPHK_lib_error_code=0;
114static int AEPHK_error_init=1;
115
116static void ERR_load_AEPHK_strings(void)
117 {
118 if (AEPHK_lib_error_code == 0)
119 AEPHK_lib_error_code=ERR_get_next_error_library();
120
121 if (AEPHK_error_init)
122 {
123 AEPHK_error_init=0;
124#ifndef OPENSSL_NO_ERR
125 ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
126 ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
127#endif
128
129#ifdef AEPHK_LIB_NAME
130 AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
131 ERR_load_strings(0,AEPHK_lib_name);
132#endif
133 }
134 }
135
136static void ERR_unload_AEPHK_strings(void)
137 {
138 if (AEPHK_error_init == 0)
139 {
140#ifndef OPENSSL_NO_ERR
141 ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
142 ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
143#endif
144
145#ifdef AEPHK_LIB_NAME
146 ERR_unload_strings(0,AEPHK_lib_name);
147#endif
148 AEPHK_error_init=1;
149 }
150 }
151
152static void ERR_AEPHK_error(int function, int reason, char *file, int line)
153 {
154 if (AEPHK_lib_error_code == 0)
155 AEPHK_lib_error_code=ERR_get_next_error_library();
156 ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
157 }
diff --git a/src/lib/libcrypto/engine/hw_aep_err.h b/src/lib/libcrypto/engine/hw_aep_err.h
new file mode 100644
index 0000000000..8fe4cf921f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.h
@@ -0,0 +1,101 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_AEPHK_ERR_H
56#define HEADER_AEPHK_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_AEPHK_strings(void);
63static void ERR_unload_AEPHK_strings(void);
64static void ERR_AEPHK_error(int function, int reason, char *file, int line);
65#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the AEPHK functions. */
68
69/* Function codes. */
70#define AEPHK_F_AEP_CTRL 100
71#define AEPHK_F_AEP_FINISH 101
72#define AEPHK_F_AEP_GET_CONNECTION 102
73#define AEPHK_F_AEP_INIT 103
74#define AEPHK_F_AEP_MOD_EXP 104
75#define AEPHK_F_AEP_MOD_EXP_CRT 105
76#define AEPHK_F_AEP_RAND 106
77#define AEPHK_F_AEP_RSA_MOD_EXP 107
78
79/* Reason codes. */
80#define AEPHK_R_ALREADY_LOADED 100
81#define AEPHK_R_CLOSE_HANDLES_FAILED 101
82#define AEPHK_R_CONNECTIONS_IN_USE 102
83#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
84#define AEPHK_R_FINALIZE_FAILED 104
85#define AEPHK_R_GET_HANDLE_FAILED 105
86#define AEPHK_R_GET_RANDOM_FAILED 106
87#define AEPHK_R_INIT_FAILURE 107
88#define AEPHK_R_MISSING_KEY_COMPONENTS 108
89#define AEPHK_R_MOD_EXP_CRT_FAILED 109
90#define AEPHK_R_MOD_EXP_FAILED 110
91#define AEPHK_R_NOT_LOADED 111
92#define AEPHK_R_OK 112
93#define AEPHK_R_RETURN_CONNECTION_FAILED 113
94#define AEPHK_R_SETBNCALLBACK_FAILURE 114
95#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
96#define AEPHK_R_UNIT_FAILURE 115
97
98#ifdef __cplusplus
99}
100#endif
101#endif
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
new file mode 100644
index 0000000000..2b8342bbdd
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -0,0 +1,595 @@
1/* crypto/engine/hw_atalla.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/dso.h>
63#include <openssl/engine.h>
64
65#ifndef OPENSSL_NO_HW
66#ifndef OPENSSL_NO_HW_ATALLA
67
68#ifdef FLAT_INC
69#include "atalla.h"
70#else
71#include "vendor_defns/atalla.h"
72#endif
73
74#define ATALLA_LIB_NAME "atalla engine"
75#include "hw_atalla_err.c"
76
77static int atalla_destroy(ENGINE *e);
78static int atalla_init(ENGINE *e);
79static int atalla_finish(ENGINE *e);
80static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
81
82/* BIGNUM stuff */
83static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
84 const BIGNUM *m, BN_CTX *ctx);
85
86#ifndef OPENSSL_NO_RSA
87/* RSA stuff */
88static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
89#endif
90/* This function is aliased to mod_exp (with the mont stuff dropped). */
91static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
92 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
93
94#ifndef OPENSSL_NO_DSA
95/* DSA stuff */
96static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
97 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
98 BN_CTX *ctx, BN_MONT_CTX *in_mont);
99static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
100 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
101 BN_MONT_CTX *m_ctx);
102#endif
103
104#ifndef OPENSSL_NO_DH
105/* DH stuff */
106/* This function is alised to mod_exp (with the DH and mont dropped). */
107static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
108 const BIGNUM *a, const BIGNUM *p,
109 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
110#endif
111
112/* The definitions for control commands specific to this engine */
113#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
114static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
115 {ATALLA_CMD_SO_PATH,
116 "SO_PATH",
117 "Specifies the path to the 'atasi' shared library",
118 ENGINE_CMD_FLAG_STRING},
119 {0, NULL, NULL, 0}
120 };
121
122#ifndef OPENSSL_NO_RSA
123/* Our internal RSA_METHOD that we provide pointers to */
124static RSA_METHOD atalla_rsa =
125 {
126 "Atalla RSA method",
127 NULL,
128 NULL,
129 NULL,
130 NULL,
131 atalla_rsa_mod_exp,
132 atalla_mod_exp_mont,
133 NULL,
134 NULL,
135 0,
136 NULL,
137 NULL,
138 NULL
139 };
140#endif
141
142#ifndef OPENSSL_NO_DSA
143/* Our internal DSA_METHOD that we provide pointers to */
144static DSA_METHOD atalla_dsa =
145 {
146 "Atalla DSA method",
147 NULL, /* dsa_do_sign */
148 NULL, /* dsa_sign_setup */
149 NULL, /* dsa_do_verify */
150 atalla_dsa_mod_exp, /* dsa_mod_exp */
151 atalla_mod_exp_dsa, /* bn_mod_exp */
152 NULL, /* init */
153 NULL, /* finish */
154 0, /* flags */
155 NULL /* app_data */
156 };
157#endif
158
159#ifndef OPENSSL_NO_DH
160/* Our internal DH_METHOD that we provide pointers to */
161static DH_METHOD atalla_dh =
162 {
163 "Atalla DH method",
164 NULL,
165 NULL,
166 atalla_mod_exp_dh,
167 NULL,
168 NULL,
169 0,
170 NULL
171 };
172#endif
173
174/* Constants used when creating the ENGINE */
175static const char *engine_atalla_id = "atalla";
176static const char *engine_atalla_name = "Atalla hardware engine support";
177
178/* This internal function is used by ENGINE_atalla() and possibly by the
179 * "dynamic" ENGINE support too */
180static int bind_helper(ENGINE *e)
181 {
182#ifndef OPENSSL_NO_RSA
183 const RSA_METHOD *meth1;
184#endif
185#ifndef OPENSSL_NO_DSA
186 const DSA_METHOD *meth2;
187#endif
188#ifndef OPENSSL_NO_DH
189 const DH_METHOD *meth3;
190#endif
191 if(!ENGINE_set_id(e, engine_atalla_id) ||
192 !ENGINE_set_name(e, engine_atalla_name) ||
193#ifndef OPENSSL_NO_RSA
194 !ENGINE_set_RSA(e, &atalla_rsa) ||
195#endif
196#ifndef OPENSSL_NO_DSA
197 !ENGINE_set_DSA(e, &atalla_dsa) ||
198#endif
199#ifndef OPENSSL_NO_DH
200 !ENGINE_set_DH(e, &atalla_dh) ||
201#endif
202 !ENGINE_set_destroy_function(e, atalla_destroy) ||
203 !ENGINE_set_init_function(e, atalla_init) ||
204 !ENGINE_set_finish_function(e, atalla_finish) ||
205 !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
206 !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
207 return 0;
208
209#ifndef OPENSSL_NO_RSA
210 /* We know that the "PKCS1_SSLeay()" functions hook properly
211 * to the atalla-specific mod_exp and mod_exp_crt so we use
212 * those functions. NB: We don't use ENGINE_openssl() or
213 * anything "more generic" because something like the RSAref
214 * code may not hook properly, and if you own one of these
215 * cards then you have the right to do RSA operations on it
216 * anyway! */
217 meth1 = RSA_PKCS1_SSLeay();
218 atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
219 atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
220 atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
221 atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
222#endif
223
224#ifndef OPENSSL_NO_DSA
225 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
226 * bits. */
227 meth2 = DSA_OpenSSL();
228 atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
229 atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
230 atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
231#endif
232
233#ifndef OPENSSL_NO_DH
234 /* Much the same for Diffie-Hellman */
235 meth3 = DH_OpenSSL();
236 atalla_dh.generate_key = meth3->generate_key;
237 atalla_dh.compute_key = meth3->compute_key;
238#endif
239
240 /* Ensure the atalla error handling is set up */
241 ERR_load_ATALLA_strings();
242 return 1;
243 }
244
245#ifndef ENGINE_DYNAMIC_SUPPORT
246static ENGINE *engine_atalla(void)
247 {
248 ENGINE *ret = ENGINE_new();
249 if(!ret)
250 return NULL;
251 if(!bind_helper(ret))
252 {
253 ENGINE_free(ret);
254 return NULL;
255 }
256 return ret;
257 }
258
259void ENGINE_load_atalla(void)
260 {
261 /* Copied from eng_[openssl|dyn].c */
262 ENGINE *toadd = engine_atalla();
263 if(!toadd) return;
264 ENGINE_add(toadd);
265 ENGINE_free(toadd);
266 ERR_clear_error();
267 }
268#endif
269
270/* This is a process-global DSO handle used for loading and unloading
271 * the Atalla library. NB: This is only set (or unset) during an
272 * init() or finish() call (reference counts permitting) and they're
273 * operating with global locks, so this should be thread-safe
274 * implicitly. */
275static DSO *atalla_dso = NULL;
276
277/* These are the function pointers that are (un)set when the library has
278 * successfully (un)loaded. */
279static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
280static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
281static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
282
283/* These are the static string constants for the DSO file name and the function
284 * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
285 * "atasi.so" rather than something more consistent like "libatasi.so". At the
286 * time of writing, I'm not sure what the file name on win32 is but clearly
287 * native name translation is not possible (eg libatasi.so on *nix, and
288 * atasi.dll on win32). For the purposes of testing, I have created a symbollic
289 * link called "libatasi.so" so that we can use native name-translation - a
290 * better solution will be needed. */
291static const char *ATALLA_LIBNAME = NULL;
292static const char *get_ATALLA_LIBNAME(void)
293 {
294 if(ATALLA_LIBNAME)
295 return ATALLA_LIBNAME;
296 return "atasi";
297 }
298static void free_ATALLA_LIBNAME(void)
299 {
300 if(ATALLA_LIBNAME)
301 OPENSSL_free((void*)ATALLA_LIBNAME);
302 ATALLA_LIBNAME = NULL;
303 }
304static long set_ATALLA_LIBNAME(const char *name)
305 {
306 free_ATALLA_LIBNAME();
307 return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
308 }
309static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
310static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
311static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
312
313/* Destructor (complements the "ENGINE_atalla()" constructor) */
314static int atalla_destroy(ENGINE *e)
315 {
316 free_ATALLA_LIBNAME();
317 /* Unload the atalla error strings so any error state including our
318 * functs or reasons won't lead to a segfault (they simply get displayed
319 * without corresponding string data because none will be found). */
320 ERR_unload_ATALLA_strings();
321 return 1;
322 }
323
324/* (de)initialisation functions. */
325static int atalla_init(ENGINE *e)
326 {
327 tfnASI_GetHardwareConfig *p1;
328 tfnASI_RSAPrivateKeyOpFn *p2;
329 tfnASI_GetPerformanceStatistics *p3;
330 /* Not sure of the origin of this magic value, but Ben's code had it
331 * and it seemed to have been working for a few people. :-) */
332 unsigned int config_buf[1024];
333
334 if(atalla_dso != NULL)
335 {
336 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
337 goto err;
338 }
339 /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
340 * changed unfortunately because the Atalla drivers don't have
341 * standard library names that can be platform-translated well. */
342 /* TODO: Work out how to actually map to the names the Atalla
343 * drivers really use - for now a symbollic link needs to be
344 * created on the host system from libatasi.so to atasi.so on
345 * unix variants. */
346 atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
347 if(atalla_dso == NULL)
348 {
349 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
350 goto err;
351 }
352 if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
353 atalla_dso, ATALLA_F1)) ||
354 !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
355 atalla_dso, ATALLA_F2)) ||
356 !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
357 atalla_dso, ATALLA_F3)))
358 {
359 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
360 goto err;
361 }
362 /* Copy the pointers */
363 p_Atalla_GetHardwareConfig = p1;
364 p_Atalla_RSAPrivateKeyOpFn = p2;
365 p_Atalla_GetPerformanceStatistics = p3;
366 /* Perform a basic test to see if there's actually any unit
367 * running. */
368 if(p1(0L, config_buf) != 0)
369 {
370 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
371 goto err;
372 }
373 /* Everything's fine. */
374 return 1;
375err:
376 if(atalla_dso)
377 DSO_free(atalla_dso);
378 atalla_dso = NULL;
379 p_Atalla_GetHardwareConfig = NULL;
380 p_Atalla_RSAPrivateKeyOpFn = NULL;
381 p_Atalla_GetPerformanceStatistics = NULL;
382 return 0;
383 }
384
385static int atalla_finish(ENGINE *e)
386 {
387 free_ATALLA_LIBNAME();
388 if(atalla_dso == NULL)
389 {
390 ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
391 return 0;
392 }
393 if(!DSO_free(atalla_dso))
394 {
395 ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
396 return 0;
397 }
398 atalla_dso = NULL;
399 p_Atalla_GetHardwareConfig = NULL;
400 p_Atalla_RSAPrivateKeyOpFn = NULL;
401 p_Atalla_GetPerformanceStatistics = NULL;
402 return 1;
403 }
404
405static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
406 {
407 int initialised = ((atalla_dso == NULL) ? 0 : 1);
408 switch(cmd)
409 {
410 case ATALLA_CMD_SO_PATH:
411 if(p == NULL)
412 {
413 ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
414 return 0;
415 }
416 if(initialised)
417 {
418 ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
419 return 0;
420 }
421 return set_ATALLA_LIBNAME((const char *)p);
422 default:
423 break;
424 }
425 ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
426 return 0;
427 }
428
429static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
430 const BIGNUM *m, BN_CTX *ctx)
431 {
432 /* I need somewhere to store temporary serialised values for
433 * use with the Atalla API calls. A neat cheat - I'll use
434 * BIGNUMs from the BN_CTX but access their arrays directly as
435 * byte arrays <grin>. This way I don't have to clean anything
436 * up. */
437 BIGNUM *modulus;
438 BIGNUM *exponent;
439 BIGNUM *argument;
440 BIGNUM *result;
441 RSAPrivateKey keydata;
442 int to_return, numbytes;
443
444 modulus = exponent = argument = result = NULL;
445 to_return = 0; /* expect failure */
446
447 if(!atalla_dso)
448 {
449 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
450 goto err;
451 }
452 /* Prepare the params */
453 BN_CTX_start(ctx);
454 modulus = BN_CTX_get(ctx);
455 exponent = BN_CTX_get(ctx);
456 argument = BN_CTX_get(ctx);
457 result = BN_CTX_get(ctx);
458 if (!result)
459 {
460 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
461 goto err;
462 }
463 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
464 !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
465 {
466 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
467 goto err;
468 }
469 /* Prepare the key-data */
470 memset(&keydata, 0,sizeof keydata);
471 numbytes = BN_num_bytes(m);
472 memset(exponent->d, 0, numbytes);
473 memset(modulus->d, 0, numbytes);
474 BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
475 BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
476 keydata.privateExponent.data = (unsigned char *)exponent->d;
477 keydata.privateExponent.len = numbytes;
478 keydata.modulus.data = (unsigned char *)modulus->d;
479 keydata.modulus.len = numbytes;
480 /* Prepare the argument */
481 memset(argument->d, 0, numbytes);
482 memset(result->d, 0, numbytes);
483 BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
484 /* Perform the operation */
485 if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
486 (unsigned char *)argument->d,
487 keydata.modulus.len) != 0)
488 {
489 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
490 goto err;
491 }
492 /* Convert the response */
493 BN_bin2bn((unsigned char *)result->d, numbytes, r);
494 to_return = 1;
495err:
496 BN_CTX_end(ctx);
497 return to_return;
498 }
499
500#ifndef OPENSSL_NO_RSA
501static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
502 {
503 BN_CTX *ctx = NULL;
504 int to_return = 0;
505
506 if(!atalla_dso)
507 {
508 ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
509 goto err;
510 }
511 if((ctx = BN_CTX_new()) == NULL)
512 goto err;
513 if(!rsa->d || !rsa->n)
514 {
515 ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
516 goto err;
517 }
518 to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
519err:
520 if(ctx)
521 BN_CTX_free(ctx);
522 return to_return;
523 }
524#endif
525
526#ifndef OPENSSL_NO_DSA
527/* This code was liberated and adapted from the commented-out code in
528 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
529 * (it doesn't have a CRT form for RSA), this function means that an
530 * Atalla system running with a DSA server certificate can handshake
531 * around 5 or 6 times faster/more than an equivalent system running with
532 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
533 * of "openssl speed -engine atalla dsa1024 rsa1024". */
534static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
535 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
536 BN_CTX *ctx, BN_MONT_CTX *in_mont)
537 {
538 BIGNUM t;
539 int to_return = 0;
540
541 BN_init(&t);
542 /* let rr = a1 ^ p1 mod m */
543 if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
544 /* let t = a2 ^ p2 mod m */
545 if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
546 /* let rr = rr * t mod m */
547 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
548 to_return = 1;
549end:
550 BN_free(&t);
551 return to_return;
552 }
553
554static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
555 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
556 BN_MONT_CTX *m_ctx)
557 {
558 return atalla_mod_exp(r, a, p, m, ctx);
559 }
560#endif
561
562/* This function is aliased to mod_exp (with the mont stuff dropped). */
563static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
564 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
565 {
566 return atalla_mod_exp(r, a, p, m, ctx);
567 }
568
569#ifndef OPENSSL_NO_DH
570/* This function is aliased to mod_exp (with the dh and mont dropped). */
571static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
572 const BIGNUM *a, const BIGNUM *p,
573 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
574 {
575 return atalla_mod_exp(r, a, p, m, ctx);
576 }
577#endif
578
579/* This stuff is needed if this ENGINE is being compiled into a self-contained
580 * shared-library. */
581#ifdef ENGINE_DYNAMIC_SUPPORT
582static int bind_fn(ENGINE *e, const char *id)
583 {
584 if(id && (strcmp(id, engine_atalla_id) != 0))
585 return 0;
586 if(!bind_helper(e))
587 return 0;
588 return 1;
589 }
590IMPLEMENT_DYNAMIC_CHECK_FN()
591IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
592#endif /* ENGINE_DYNAMIC_SUPPORT */
593
594#endif /* !OPENSSL_NO_HW_ATALLA */
595#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.c b/src/lib/libcrypto/engine/hw_atalla_err.c
new file mode 100644
index 0000000000..1df9c4570c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.c
@@ -0,0 +1,145 @@
1/* hw_atalla_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_atalla_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA ATALLA_str_functs[]=
68 {
69{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0), "ATALLA_CTRL"},
70{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0), "ATALLA_FINISH"},
71{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0), "ATALLA_INIT"},
72{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
73{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0), "ATALLA_RSA_MOD_EXP"},
74{0,NULL}
75 };
76
77static ERR_STRING_DATA ATALLA_str_reasons[]=
78 {
79{ATALLA_R_ALREADY_LOADED ,"already loaded"},
80{ATALLA_R_BN_CTX_FULL ,"bn ctx full"},
81{ATALLA_R_BN_EXPAND_FAIL ,"bn expand fail"},
82{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
83{ATALLA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
84{ATALLA_R_NOT_LOADED ,"not loaded"},
85{ATALLA_R_REQUEST_FAILED ,"request failed"},
86{ATALLA_R_UNIT_FAILURE ,"unit failure"},
87{0,NULL}
88 };
89
90#endif
91
92#ifdef ATALLA_LIB_NAME
93static ERR_STRING_DATA ATALLA_lib_name[]=
94 {
95{0 ,ATALLA_LIB_NAME},
96{0,NULL}
97 };
98#endif
99
100
101static int ATALLA_lib_error_code=0;
102static int ATALLA_error_init=1;
103
104static void ERR_load_ATALLA_strings(void)
105 {
106 if (ATALLA_lib_error_code == 0)
107 ATALLA_lib_error_code=ERR_get_next_error_library();
108
109 if (ATALLA_error_init)
110 {
111 ATALLA_error_init=0;
112#ifndef OPENSSL_NO_ERR
113 ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
114 ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
115#endif
116
117#ifdef ATALLA_LIB_NAME
118 ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
119 ERR_load_strings(0,ATALLA_lib_name);
120#endif
121 }
122 }
123
124static void ERR_unload_ATALLA_strings(void)
125 {
126 if (ATALLA_error_init == 0)
127 {
128#ifndef OPENSSL_NO_ERR
129 ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
130 ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
131#endif
132
133#ifdef ATALLA_LIB_NAME
134 ERR_unload_strings(0,ATALLA_lib_name);
135#endif
136 ATALLA_error_init=1;
137 }
138 }
139
140static void ERR_ATALLA_error(int function, int reason, char *file, int line)
141 {
142 if (ATALLA_lib_error_code == 0)
143 ATALLA_lib_error_code=ERR_get_next_error_library();
144 ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
145 }
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.h b/src/lib/libcrypto/engine/hw_atalla_err.h
new file mode 100644
index 0000000000..cdac052d8c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.h
@@ -0,0 +1,89 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_ATALLA_ERR_H
56#define HEADER_ATALLA_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_ATALLA_strings(void);
63static void ERR_unload_ATALLA_strings(void);
64static void ERR_ATALLA_error(int function, int reason, char *file, int line);
65#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the ATALLA functions. */
68
69/* Function codes. */
70#define ATALLA_F_ATALLA_CTRL 100
71#define ATALLA_F_ATALLA_FINISH 101
72#define ATALLA_F_ATALLA_INIT 102
73#define ATALLA_F_ATALLA_MOD_EXP 103
74#define ATALLA_F_ATALLA_RSA_MOD_EXP 104
75
76/* Reason codes. */
77#define ATALLA_R_ALREADY_LOADED 100
78#define ATALLA_R_BN_CTX_FULL 101
79#define ATALLA_R_BN_EXPAND_FAIL 102
80#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
81#define ATALLA_R_MISSING_KEY_COMPONENTS 104
82#define ATALLA_R_NOT_LOADED 105
83#define ATALLA_R_REQUEST_FAILED 106
84#define ATALLA_R_UNIT_FAILURE 107
85
86#ifdef __cplusplus
87}
88#endif
89#endif
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
new file mode 100644
index 0000000000..a98f5d7e57
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -0,0 +1,1355 @@
1/*
2 * Copyright (c) 2002-2004 Theo de Raadt
3 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2002 Markus Friedl
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 *
27 */
28
29#include <openssl/objects.h>
30#include <openssl/engine.h>
31#include <openssl/evp.h>
32
33#if (defined(__unix__) || defined(unix)) && !defined(USG)
34#include <sys/param.h>
35# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
36# define HAVE_CRYPTODEV
37# endif
38# if (OpenBSD >= 200110)
39# define HAVE_SYSLOG_R
40# endif
41#endif
42
43#ifndef HAVE_CRYPTODEV
44
45void
46ENGINE_load_cryptodev(void)
47{
48 /* This is a NOP on platforms without /dev/crypto */
49 return;
50}
51
52#else
53
54#include <sys/types.h>
55#include <crypto/cryptodev.h>
56#include <sys/ioctl.h>
57
58#include <errno.h>
59#include <stdio.h>
60#include <unistd.h>
61#include <fcntl.h>
62#include <stdarg.h>
63#include <syslog.h>
64#include <errno.h>
65#include <string.h>
66
67#ifdef __i386__
68#include <sys/sysctl.h>
69#include <machine/cpu.h>
70#include <machine/specialreg.h>
71
72#include <ssl/aes.h>
73
74static int check_viac3aes(void);
75#endif
76
77struct dev_crypto_state {
78 struct session_op d_sess;
79 int d_fd;
80};
81
82struct dev_crypto_cipher {
83 int c_id;
84 int c_nid;
85 int c_ivmax;
86 int c_keylen;
87};
88
89static u_int32_t cryptodev_asymfeat = 0;
90
91static int get_asym_dev_crypto(void);
92static int open_dev_crypto(void);
93static int get_dev_crypto(void);
94static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
95static int get_cryptodev_ciphers(const int **cnids);
96/*static int get_cryptodev_digests(const int **cnids);*/
97static int cryptodev_usable_ciphers(const int **nids);
98static int cryptodev_usable_digests(const int **nids);
99static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
100 const unsigned char *in, unsigned int inl);
101static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
102 const unsigned char *iv, int enc);
103static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
104static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
105 const int **nids, int nid);
106static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
107 const int **nids, int nid);
108static int bn2crparam(const BIGNUM *a, struct crparam *crp);
109static int crparam2bn(struct crparam *crp, BIGNUM *a);
110static void zapparams(struct crypt_kop *kop);
111static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
112 int slen, BIGNUM *s);
113
114static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
115 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
116static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
117 RSA *rsa);
118static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
119static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
120 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
121static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
122 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
123 BN_CTX *ctx, BN_MONT_CTX *mont);
124static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
125 int dlen, DSA *dsa);
126static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
127 DSA_SIG *sig, DSA *dsa);
128static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
129 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
130 BN_MONT_CTX *m_ctx);
131static int cryptodev_dh_compute_key(unsigned char *key,
132 const BIGNUM *pub_key, DH *dh);
133static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
134 void (*f)());
135void ENGINE_load_cryptodev(void);
136
137static const ENGINE_CMD_DEFN cryptodev_defns[] = {
138 { 0, NULL, NULL, 0 }
139};
140
141static struct dev_crypto_cipher ciphers[] = {
142 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
143 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
144 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
145 { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
146 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
147 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
148 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
149 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
150 { 0, NID_undef, 0, 0, },
151};
152
153#if 0 /* UNUSED */
154static struct {
155 int id;
156 int nid;
157} digests[] = {
158 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
159 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
160 { CRYPTO_MD5_KPDK, NID_undef, },
161 { CRYPTO_SHA1_KPDK, NID_undef, },
162 { CRYPTO_MD5, NID_md5, },
163 { CRYPTO_SHA1, NID_undef, },
164 { 0, NID_undef, },
165};
166#endif
167
168/*
169 * Return a fd if /dev/crypto seems usable, -1 otherwise.
170 */
171static int
172open_dev_crypto(void)
173{
174 static int fd = -1;
175
176 if (fd == -1) {
177 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
178 return (-1);
179 /* close on exec */
180 if (fcntl(fd, F_SETFD, 1) == -1) {
181 close(fd);
182 fd = -1;
183 return (-1);
184 }
185 }
186 return (fd);
187}
188
189static int
190get_dev_crypto(void)
191{
192 int fd, retfd;
193
194 if ((fd = open_dev_crypto()) == -1)
195 return (-1);
196 if (ioctl(fd, CRIOGET, &retfd) == -1) {
197 close(fd);
198 return (-1);
199 }
200
201 /* close on exec */
202 if (fcntl(retfd, F_SETFD, 1) == -1) {
203 close(retfd);
204 return (-1);
205 }
206 return (retfd);
207}
208
209/* Caching version for asym operations */
210static int
211get_asym_dev_crypto(void)
212{
213 static int fd = -1;
214
215 if (fd == -1)
216 fd = get_dev_crypto();
217 return fd;
218}
219
220/* convert libcrypto nids to cryptodev */
221static struct dev_crypto_cipher *
222cipher_nid_to_cryptodev(int nid)
223{
224 int i;
225
226 for (i = 0; ciphers[i].c_id; i++)
227 if (ciphers[i].c_nid == nid)
228 return (&ciphers[i]);
229 return (NULL);
230}
231
232/*
233 * Find out what ciphers /dev/crypto will let us have a session for.
234 * XXX note, that some of these openssl doesn't deal with yet!
235 * returning them here is harmless, as long as we return NULL
236 * when asked for a handler in the cryptodev_engine_ciphers routine
237 */
238static int
239get_cryptodev_ciphers(const int **cnids)
240{
241 static int nids[CRYPTO_ALGORITHM_MAX];
242 struct session_op sess;
243 int fd, i, count = 0;
244
245 if ((fd = get_dev_crypto()) < 0) {
246 *cnids = NULL;
247 return (0);
248 }
249 memset(&sess, 0, sizeof(sess));
250 sess.key = (caddr_t)"123456781234567812345678";
251
252 for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
253 if (ciphers[i].c_nid == NID_undef)
254 continue;
255 sess.cipher = ciphers[i].c_id;
256 sess.keylen = ciphers[i].c_keylen;
257 sess.mac = 0;
258 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
259 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
260 nids[count++] = ciphers[i].c_nid;
261 }
262 close(fd);
263
264#if defined(__i386__)
265 /*
266 * On i386, always check for the VIA C3 AES instructions;
267 * even if /dev/crypto is disabled.
268 */
269 if (check_viac3aes() >= 1) {
270 int have_NID_aes_128_cbc = 0;
271 int have_NID_aes_192_cbc = 0;
272 int have_NID_aes_256_cbc = 0;
273
274 for (i = 0; i < count; i++) {
275 if (nids[i] == NID_aes_128_cbc)
276 have_NID_aes_128_cbc = 1;
277 if (nids[i] == NID_aes_192_cbc)
278 have_NID_aes_192_cbc = 1;
279 if (nids[i] == NID_aes_256_cbc)
280 have_NID_aes_256_cbc = 1;
281 }
282 if (!have_NID_aes_128_cbc)
283 nids[count++] = NID_aes_128_cbc;
284 if (!have_NID_aes_192_cbc)
285 nids[count++] = NID_aes_192_cbc;
286 if (!have_NID_aes_256_cbc)
287 nids[count++] = NID_aes_256_cbc;
288 }
289#endif
290
291 if (count > 0)
292 *cnids = nids;
293 else
294 *cnids = NULL;
295 return (count);
296}
297
298/*
299 * Find out what digests /dev/crypto will let us have a session for.
300 * XXX note, that some of these openssl doesn't deal with yet!
301 * returning them here is harmless, as long as we return NULL
302 * when asked for a handler in the cryptodev_engine_digests routine
303 */
304#if 0 /* UNUSED */
305static int
306get_cryptodev_digests(const int **cnids)
307{
308 static int nids[CRYPTO_ALGORITHM_MAX];
309 struct session_op sess;
310 int fd, i, count = 0;
311
312 if ((fd = get_dev_crypto()) < 0) {
313 *cnids = NULL;
314 return (0);
315 }
316 memset(&sess, 0, sizeof(sess));
317 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
318 if (digests[i].nid == NID_undef)
319 continue;
320 sess.mac = digests[i].id;
321 sess.cipher = 0;
322 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
323 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
324 nids[count++] = digests[i].nid;
325 }
326 close(fd);
327
328 if (count > 0)
329 *cnids = nids;
330 else
331 *cnids = NULL;
332 return (count);
333}
334#endif
335
336/*
337 * Find the useable ciphers|digests from dev/crypto - this is the first
338 * thing called by the engine init crud which determines what it
339 * can use for ciphers from this engine. We want to return
340 * only what we can do, anythine else is handled by software.
341 *
342 * If we can't initialize the device to do anything useful for
343 * any reason, we want to return a NULL array, and 0 length,
344 * which forces everything to be done is software. By putting
345 * the initalization of the device in here, we ensure we can
346 * use this engine as the default, and if for whatever reason
347 * /dev/crypto won't do what we want it will just be done in
348 * software
349 *
350 * This can (should) be greatly expanded to perhaps take into
351 * account speed of the device, and what we want to do.
352 * (although the disabling of particular alg's could be controlled
353 * by the device driver with sysctl's.) - this is where we
354 * want most of the decisions made about what we actually want
355 * to use from /dev/crypto.
356 */
357static int
358cryptodev_usable_ciphers(const int **nids)
359{
360 return (get_cryptodev_ciphers(nids));
361}
362
363static int
364cryptodev_usable_digests(const int **nids)
365{
366 /*
367 * XXXX just disable all digests for now, because it sucks.
368 * we need a better way to decide this - i.e. I may not
369 * want digests on slow cards like hifn on fast machines,
370 * but might want them on slow or loaded machines, etc.
371 * will also want them when using crypto cards that don't
372 * suck moose gonads - would be nice to be able to decide something
373 * as reasonable default without having hackery that's card dependent.
374 * of course, the default should probably be just do everything,
375 * with perhaps a sysctl to turn algoritms off (or have them off
376 * by default) on cards that generally suck like the hifn.
377 */
378 *nids = NULL;
379 return (0);
380}
381
382static int
383cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
384 const unsigned char *in, unsigned int inl)
385{
386 struct crypt_op cryp;
387 struct dev_crypto_state *state = ctx->cipher_data;
388 struct session_op *sess = &state->d_sess;
389 void *iiv;
390 unsigned char save_iv[EVP_MAX_IV_LENGTH];
391
392 if (state->d_fd < 0)
393 return (0);
394 if (!inl)
395 return (1);
396 if ((inl % ctx->cipher->block_size) != 0)
397 return (0);
398
399 memset(&cryp, 0, sizeof(cryp));
400
401 cryp.ses = sess->ses;
402 cryp.flags = 0;
403 cryp.len = inl;
404 cryp.src = (caddr_t) in;
405 cryp.dst = (caddr_t) out;
406 cryp.mac = 0;
407
408 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
409
410 if (ctx->cipher->iv_len) {
411 cryp.iv = (caddr_t) ctx->iv;
412 if (!ctx->encrypt) {
413 iiv = (void *) in + inl - ctx->cipher->iv_len;
414 memcpy(save_iv, iiv, ctx->cipher->iv_len);
415 }
416 } else
417 cryp.iv = NULL;
418
419 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
420 /* XXX need better errror handling
421 * this can fail for a number of different reasons.
422 */
423 return (0);
424 }
425
426 if (ctx->cipher->iv_len) {
427 if (ctx->encrypt)
428 iiv = (void *) out + inl - ctx->cipher->iv_len;
429 else
430 iiv = save_iv;
431 memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
432 }
433 return (1);
434}
435
436static int
437cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
438 const unsigned char *iv, int enc)
439{
440 struct dev_crypto_state *state = ctx->cipher_data;
441 struct session_op *sess = &state->d_sess;
442 struct dev_crypto_cipher *cipher;
443
444 if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
445 return (0);
446
447 if (ctx->cipher->iv_len > cipher->c_ivmax)
448 return (0);
449
450 if (ctx->key_len != cipher->c_keylen)
451 return (0);
452
453 memset(sess, 0, sizeof(struct session_op));
454
455 if ((state->d_fd = get_dev_crypto()) < 0)
456 return (0);
457
458 sess->key = (unsigned char *)key;
459 sess->keylen = ctx->key_len;
460 sess->cipher = cipher->c_id;
461
462 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
463 close(state->d_fd);
464 state->d_fd = -1;
465 return (0);
466 }
467 return (1);
468}
469
470/*
471 * free anything we allocated earlier when initting a
472 * session, and close the session.
473 */
474static int
475cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
476{
477 int ret = 0;
478 struct dev_crypto_state *state = ctx->cipher_data;
479 struct session_op *sess = &state->d_sess;
480
481 if (state->d_fd < 0)
482 return (0);
483
484 /* XXX if this ioctl fails, someting's wrong. the invoker
485 * may have called us with a bogus ctx, or we could
486 * have a device that for whatever reason just doesn't
487 * want to play ball - it's not clear what's right
488 * here - should this be an error? should it just
489 * increase a counter, hmm. For right now, we return
490 * 0 - I don't believe that to be "right". we could
491 * call the gorpy openssl lib error handlers that
492 * print messages to users of the library. hmm..
493 */
494
495 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
496 ret = 0;
497 } else {
498 ret = 1;
499 }
500 close(state->d_fd);
501 state->d_fd = -1;
502
503 return (ret);
504}
505
506/*
507 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
508 * gets called when libcrypto requests a cipher NID.
509 */
510
511/* DES CBC EVP */
512const EVP_CIPHER cryptodev_des_cbc = {
513 NID_des_cbc,
514 8, 8, 8,
515 EVP_CIPH_CBC_MODE,
516 cryptodev_init_key,
517 cryptodev_cipher,
518 cryptodev_cleanup,
519 sizeof(struct dev_crypto_state),
520 EVP_CIPHER_set_asn1_iv,
521 EVP_CIPHER_get_asn1_iv,
522 NULL
523};
524
525/* 3DES CBC EVP */
526const EVP_CIPHER cryptodev_3des_cbc = {
527 NID_des_ede3_cbc,
528 8, 24, 8,
529 EVP_CIPH_CBC_MODE,
530 cryptodev_init_key,
531 cryptodev_cipher,
532 cryptodev_cleanup,
533 sizeof(struct dev_crypto_state),
534 EVP_CIPHER_set_asn1_iv,
535 EVP_CIPHER_get_asn1_iv,
536 NULL
537};
538
539const EVP_CIPHER cryptodev_bf_cbc = {
540 NID_bf_cbc,
541 8, 16, 8,
542 EVP_CIPH_CBC_MODE,
543 cryptodev_init_key,
544 cryptodev_cipher,
545 cryptodev_cleanup,
546 sizeof(struct dev_crypto_state),
547 EVP_CIPHER_set_asn1_iv,
548 EVP_CIPHER_get_asn1_iv,
549 NULL
550};
551
552const EVP_CIPHER cryptodev_cast_cbc = {
553 NID_cast5_cbc,
554 8, 16, 8,
555 EVP_CIPH_CBC_MODE,
556 cryptodev_init_key,
557 cryptodev_cipher,
558 cryptodev_cleanup,
559 sizeof(struct dev_crypto_state),
560 EVP_CIPHER_set_asn1_iv,
561 EVP_CIPHER_get_asn1_iv,
562 NULL
563};
564
565EVP_CIPHER cryptodev_aes_128_cbc = {
566 NID_aes_128_cbc,
567 16, 16, 16,
568 EVP_CIPH_CBC_MODE,
569 cryptodev_init_key,
570 cryptodev_cipher,
571 cryptodev_cleanup,
572 sizeof(struct dev_crypto_state),
573 EVP_CIPHER_set_asn1_iv,
574 EVP_CIPHER_get_asn1_iv,
575 NULL
576};
577
578EVP_CIPHER cryptodev_aes_192_cbc = {
579 NID_aes_192_cbc,
580 16, 24, 16,
581 EVP_CIPH_CBC_MODE,
582 cryptodev_init_key,
583 cryptodev_cipher,
584 cryptodev_cleanup,
585 sizeof(struct dev_crypto_state),
586 EVP_CIPHER_set_asn1_iv,
587 EVP_CIPHER_get_asn1_iv,
588 NULL
589};
590
591EVP_CIPHER cryptodev_aes_256_cbc = {
592 NID_aes_256_cbc,
593 16, 32, 16,
594 EVP_CIPH_CBC_MODE,
595 cryptodev_init_key,
596 cryptodev_cipher,
597 cryptodev_cleanup,
598 sizeof(struct dev_crypto_state),
599 EVP_CIPHER_set_asn1_iv,
600 EVP_CIPHER_get_asn1_iv,
601 NULL
602};
603
604#if defined(__i386__)
605
606static inline void
607viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep,
608 void *iv)
609{
610#ifdef notdef
611 printf("cw %x[%x %x %x %x] src %x dst %x key %x rep %x iv %x\n",
612 cw, cw[0], cw[1], cw[2], cw[3],
613 src, dst, key, rep, iv);
614#endif
615 /*
616 * Clear bit 30 of EFLAGS.
617 */
618 __asm __volatile("pushfl; popfl");
619
620 /*
621 * Cannot simply place key into "b" register, since the compiler
622 * -pic mode uses that register; so instead we must dance a little.
623 */
624 __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcrypt-cbc; popl %%ebx" :
625 : "mr" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst)
626 : "memory", "cc");
627}
628
629#define ISUNALIGNED(x) ((long)(x)) & 15
630#define DOALIGN(v) ((void *)(((long)(v) + 15) & ~15))
631
632static int
633xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
634 const unsigned char *in, unsigned int inl)
635{
636 unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15];
637 unsigned char *save_iv = DOALIGN(save_iv_store);
638 unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15];
639 unsigned char *ivs = DOALIGN(ivs_store);
640 void *iiv, *iv = NULL, *ivp = NULL;
641 const void *usein = in;
642 void *useout = out, *spare;
643 int cws[4 + 3], *cw = DOALIGN(cws);
644
645 if (!inl)
646 return (1);
647 if ((inl % ctx->cipher->block_size) != 0)
648 return (0);
649
650 if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
651 spare = malloc(inl);
652 if (spare == NULL)
653 return (0);
654
655 if (ISUNALIGNED(in)) {
656 bcopy(in, spare, inl);
657 usein = spare;
658 }
659 if (ISUNALIGNED(out))
660 useout = spare;
661 }
662
663 cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW |
664 C3_CRYPT_CWLO_NORMAL;
665 cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT;
666 cw[1] = cw[2] = cw[3] = 0;
667
668 switch (ctx->key_len * 8) {
669 case 128:
670 cw[0] |= C3_CRYPT_CWLO_KEY128;
671 break;
672 case 192:
673 cw[0] |= C3_CRYPT_CWLO_KEY192;
674 break;
675 case 256:
676 cw[0] |= C3_CRYPT_CWLO_KEY256;
677 break;
678 }
679
680 if (ctx->cipher->iv_len) {
681 iv = (caddr_t) ctx->iv;
682 if (!ctx->encrypt) {
683 iiv = (void *) in + inl - ctx->cipher->iv_len;
684 memcpy(save_iv, iiv, ctx->cipher->iv_len);
685 }
686 }
687
688 ivp = iv;
689 if (ISUNALIGNED(iv)) {
690 bcopy(iv, ivs, ctx->cipher->iv_len);
691 ivp = ivs;
692 }
693
694 viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data, inl / 16, ivp);
695
696 if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
697 if (ISUNALIGNED(out))
698 bcopy(spare, out, inl);
699 free(spare);
700 }
701
702 if (ivp == ivs)
703 bcopy(ivp, iv, ctx->cipher->iv_len);
704
705 if (ctx->cipher->iv_len) {
706 if (ctx->encrypt)
707 iiv = (void *) out + inl - ctx->cipher->iv_len;
708 else
709 iiv = save_iv;
710 memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
711 }
712 return (1);
713}
714
715static int
716xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
717 const unsigned char *iv, int enc)
718{
719 AES_KEY *k = ctx->cipher_data;
720#ifndef AES_ASM
721 int i;
722#endif
723
724 bzero(k, sizeof *k);
725 if (enc)
726 AES_set_encrypt_key(key, ctx->key_len * 8, k);
727 else
728 AES_set_decrypt_key(key, ctx->key_len * 8, k);
729
730#ifndef AES_ASM
731 /*
732 * XXX Damn OpenSSL byte swaps the expanded key!!
733 *
734 * XXX But only if we're using the C implementation of AES
735 */
736 for (i = 0; i < 4 * (AES_MAXNR + 1); i++)
737 k->rd_key[i] = htonl(k->rd_key[i]);
738#endif
739
740 return (1);
741}
742
743static int
744xcrypt_cleanup(EVP_CIPHER_CTX *ctx)
745{
746 bzero(ctx->cipher_data, ctx->cipher->ctx_size);
747 return (1);
748}
749
750static int
751check_viac3aes(void)
752{
753 int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value;
754 size_t size = sizeof(value);
755
756 if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size,
757 NULL, 0) < 0)
758 return (0);
759 if (value == 0)
760 return (0);
761
762 if (value & C3_HAS_AES) {
763 cryptodev_aes_128_cbc.init = xcrypt_init_key;
764 cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher;
765 cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup;
766 cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY);
767
768 cryptodev_aes_192_cbc.init = xcrypt_init_key;
769 cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher;
770 cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup;
771 cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY);
772
773 cryptodev_aes_256_cbc.init = xcrypt_init_key;
774 cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher;
775 cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup;
776 cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY);
777 }
778 return (value);
779}
780#endif /* __i386__ */
781
782/*
783 * Registered by the ENGINE when used to find out how to deal with
784 * a particular NID in the ENGINE. this says what we'll do at the
785 * top level - note, that list is restricted by what we answer with
786 */
787static int
788cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
789 const int **nids, int nid)
790{
791 if (!cipher)
792 return (cryptodev_usable_ciphers(nids));
793
794 switch (nid) {
795 case NID_des_ede3_cbc:
796 *cipher = &cryptodev_3des_cbc;
797 break;
798 case NID_des_cbc:
799 *cipher = &cryptodev_des_cbc;
800 break;
801 case NID_bf_cbc:
802 *cipher = &cryptodev_bf_cbc;
803 break;
804 case NID_cast5_cbc:
805 *cipher = &cryptodev_cast_cbc;
806 break;
807 case NID_aes_128_cbc:
808 *cipher = &cryptodev_aes_128_cbc;
809 break;
810 case NID_aes_192_cbc:
811 *cipher = &cryptodev_aes_192_cbc;
812 break;
813 case NID_aes_256_cbc:
814 *cipher = &cryptodev_aes_256_cbc;
815 break;
816 default:
817 *cipher = NULL;
818 break;
819 }
820 return (*cipher != NULL);
821}
822
823static int
824cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
825 const int **nids, int nid)
826{
827 if (!digest)
828 return (cryptodev_usable_digests(nids));
829
830 switch (nid) {
831 case NID_md5:
832 *digest = NULL; /* need to make a clean md5 critter */
833 break;
834 default:
835 *digest = NULL;
836 break;
837 }
838 return (*digest != NULL);
839}
840
841/*
842 * Convert a BIGNUM to the representation that /dev/crypto needs.
843 * Upon completion of use, the caller is responsible for freeing
844 * crp->crp_p.
845 */
846static int
847bn2crparam(const BIGNUM *a, struct crparam *crp)
848{
849 int i, j, k;
850 ssize_t bytes, bits;
851 u_char *b;
852
853 crp->crp_p = NULL;
854 crp->crp_nbits = 0;
855
856 bits = BN_num_bits(a);
857 bytes = (bits + 7) / 8;
858
859 b = malloc(bytes);
860 if (b == NULL)
861 return (1);
862
863 crp->crp_p = b;
864 crp->crp_nbits = bits;
865
866 for (i = 0, j = 0; i < a->top; i++) {
867 for (k = 0; k < BN_BITS2 / 8; k++) {
868 if ((j + k) >= bytes)
869 return (0);
870 b[j + k] = a->d[i] >> (k * 8);
871 }
872 j += BN_BITS2 / 8;
873 }
874 return (0);
875}
876
877/* Convert a /dev/crypto parameter to a BIGNUM */
878static int
879crparam2bn(struct crparam *crp, BIGNUM *a)
880{
881 u_int8_t *pd;
882 int i, bytes;
883
884 bytes = (crp->crp_nbits + 7) / 8;
885
886 if (bytes == 0)
887 return (-1);
888
889 if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
890 return (-1);
891
892 for (i = 0; i < bytes; i++)
893 pd[i] = crp->crp_p[bytes - i - 1];
894
895 BN_bin2bn(pd, bytes, a);
896 free(pd);
897
898 return (0);
899}
900
901static void
902zapparams(struct crypt_kop *kop)
903{
904 int i;
905
906 for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
907 if (kop->crk_param[i].crp_p)
908 free(kop->crk_param[i].crp_p);
909 kop->crk_param[i].crp_p = NULL;
910 kop->crk_param[i].crp_nbits = 0;
911 }
912}
913
914static int
915cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
916{
917 int fd, ret = -1;
918
919 if ((fd = get_asym_dev_crypto()) < 0)
920 return (ret);
921
922 if (r) {
923 kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
924 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
925 kop->crk_oparams++;
926 }
927 if (s) {
928 kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
929 kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
930 kop->crk_oparams++;
931 }
932
933 if (ioctl(fd, CIOCKEY, kop) == 0) {
934 if (r)
935 crparam2bn(&kop->crk_param[kop->crk_iparams], r);
936 if (s)
937 crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
938 ret = 0;
939 }
940
941 return (ret);
942}
943
944static int
945cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
946 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
947{
948 struct crypt_kop kop;
949 int ret = 1;
950
951 /* Currently, we know we can do mod exp iff we can do any
952 * asymmetric operations at all.
953 */
954 if (cryptodev_asymfeat == 0) {
955 ret = BN_mod_exp(r, a, p, m, ctx);
956 return (ret);
957 }
958
959 memset(&kop, 0, sizeof kop);
960 kop.crk_op = CRK_MOD_EXP;
961
962 /* inputs: a^p % m */
963 if (bn2crparam(a, &kop.crk_param[0]))
964 goto err;
965 if (bn2crparam(p, &kop.crk_param[1]))
966 goto err;
967 if (bn2crparam(m, &kop.crk_param[2]))
968 goto err;
969 kop.crk_iparams = 3;
970
971 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
972 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
973 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
974 }
975err:
976 zapparams(&kop);
977 return (ret);
978}
979
980static int
981cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
982{
983 int r;
984 BN_CTX *ctx;
985
986 ctx = BN_CTX_new();
987 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
988 BN_CTX_free(ctx);
989 return (r);
990}
991
992static int
993cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
994{
995 struct crypt_kop kop;
996 int ret = 1;
997
998 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
999 /* XXX 0 means failure?? */
1000 return (0);
1001 }
1002
1003 memset(&kop, 0, sizeof kop);
1004 kop.crk_op = CRK_MOD_EXP_CRT;
1005 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
1006 if (bn2crparam(rsa->p, &kop.crk_param[0]))
1007 goto err;
1008 if (bn2crparam(rsa->q, &kop.crk_param[1]))
1009 goto err;
1010 if (bn2crparam(I, &kop.crk_param[2]))
1011 goto err;
1012 if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
1013 goto err;
1014 if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
1015 goto err;
1016 if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
1017 goto err;
1018 kop.crk_iparams = 6;
1019
1020 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
1021 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1022 ret = (*meth->rsa_mod_exp)(r0, I, rsa);
1023 }
1024err:
1025 zapparams(&kop);
1026 return (ret);
1027}
1028
1029static RSA_METHOD cryptodev_rsa = {
1030 "cryptodev RSA method",
1031 NULL, /* rsa_pub_enc */
1032 NULL, /* rsa_pub_dec */
1033 NULL, /* rsa_priv_enc */
1034 NULL, /* rsa_priv_dec */
1035 NULL,
1036 NULL,
1037 NULL, /* init */
1038 NULL, /* finish */
1039 0, /* flags */
1040 NULL, /* app_data */
1041 NULL, /* rsa_sign */
1042 NULL /* rsa_verify */
1043};
1044
1045static int
1046cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
1047 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1048{
1049 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1050}
1051
1052static int
1053cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
1054 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
1055 BN_CTX *ctx, BN_MONT_CTX *mont)
1056{
1057 BIGNUM t2;
1058 int ret = 0;
1059
1060 BN_init(&t2);
1061
1062 /* v = ( g^u1 * y^u2 mod p ) mod q */
1063 /* let t1 = g ^ u1 mod p */
1064 ret = 0;
1065
1066 if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
1067 goto err;
1068
1069 /* let t2 = y ^ u2 mod p */
1070 if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
1071 goto err;
1072 /* let u1 = t1 * t2 mod p */
1073 if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
1074 goto err;
1075
1076 BN_copy(t1,u1);
1077
1078 ret = 1;
1079err:
1080 BN_free(&t2);
1081 return(ret);
1082}
1083
1084static DSA_SIG *
1085cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
1086{
1087 struct crypt_kop kop;
1088 BIGNUM *r = NULL, *s = NULL;
1089 DSA_SIG *dsaret = NULL;
1090
1091 if ((r = BN_new()) == NULL)
1092 goto err;
1093 if ((s = BN_new()) == NULL) {
1094 BN_free(r);
1095 goto err;
1096 }
1097
1098 memset(&kop, 0, sizeof kop);
1099 kop.crk_op = CRK_DSA_SIGN;
1100
1101 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1102 kop.crk_param[0].crp_p = (caddr_t)dgst;
1103 kop.crk_param[0].crp_nbits = dlen * 8;
1104 if (bn2crparam(dsa->p, &kop.crk_param[1]))
1105 goto err;
1106 if (bn2crparam(dsa->q, &kop.crk_param[2]))
1107 goto err;
1108 if (bn2crparam(dsa->g, &kop.crk_param[3]))
1109 goto err;
1110 if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
1111 goto err;
1112 kop.crk_iparams = 5;
1113
1114 if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
1115 BN_num_bytes(dsa->q), s) == 0) {
1116 dsaret = DSA_SIG_new();
1117 dsaret->r = r;
1118 dsaret->s = s;
1119 } else {
1120 const DSA_METHOD *meth = DSA_OpenSSL();
1121 BN_free(r);
1122 BN_free(s);
1123 dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
1124 }
1125err:
1126 kop.crk_param[0].crp_p = NULL;
1127 zapparams(&kop);
1128 return (dsaret);
1129}
1130
1131static int
1132cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
1133 DSA_SIG *sig, DSA *dsa)
1134{
1135 struct crypt_kop kop;
1136 int dsaret = 1;
1137
1138 memset(&kop, 0, sizeof kop);
1139 kop.crk_op = CRK_DSA_VERIFY;
1140
1141 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
1142 kop.crk_param[0].crp_p = (caddr_t)dgst;
1143 kop.crk_param[0].crp_nbits = dlen * 8;
1144 if (bn2crparam(dsa->p, &kop.crk_param[1]))
1145 goto err;
1146 if (bn2crparam(dsa->q, &kop.crk_param[2]))
1147 goto err;
1148 if (bn2crparam(dsa->g, &kop.crk_param[3]))
1149 goto err;
1150 if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
1151 goto err;
1152 if (bn2crparam(sig->r, &kop.crk_param[5]))
1153 goto err;
1154 if (bn2crparam(sig->s, &kop.crk_param[6]))
1155 goto err;
1156 kop.crk_iparams = 7;
1157
1158 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1159 dsaret = kop.crk_status;
1160 } else {
1161 const DSA_METHOD *meth = DSA_OpenSSL();
1162
1163 dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
1164 }
1165err:
1166 kop.crk_param[0].crp_p = NULL;
1167 zapparams(&kop);
1168 return (dsaret);
1169}
1170
1171static DSA_METHOD cryptodev_dsa = {
1172 "cryptodev DSA method",
1173 NULL,
1174 NULL, /* dsa_sign_setup */
1175 NULL,
1176 NULL, /* dsa_mod_exp */
1177 NULL,
1178 NULL, /* init */
1179 NULL, /* finish */
1180 0, /* flags */
1181 NULL /* app_data */
1182};
1183
1184static int
1185cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
1186 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1187 BN_MONT_CTX *m_ctx)
1188{
1189 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1190}
1191
1192static int
1193cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1194{
1195 struct crypt_kop kop;
1196 int dhret = 1;
1197 int fd, keylen;
1198
1199 if ((fd = get_asym_dev_crypto()) < 0) {
1200 const DH_METHOD *meth = DH_OpenSSL();
1201
1202 return ((meth->compute_key)(key, pub_key, dh));
1203 }
1204
1205 keylen = BN_num_bits(dh->p);
1206
1207 memset(&kop, 0, sizeof kop);
1208 kop.crk_op = CRK_DH_COMPUTE_KEY;
1209
1210 /* inputs: dh->priv_key pub_key dh->p key */
1211 if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1212 goto err;
1213 if (bn2crparam(pub_key, &kop.crk_param[1]))
1214 goto err;
1215 if (bn2crparam(dh->p, &kop.crk_param[2]))
1216 goto err;
1217 kop.crk_iparams = 3;
1218
1219 kop.crk_param[3].crp_p = key;
1220 kop.crk_param[3].crp_nbits = keylen * 8;
1221 kop.crk_oparams = 1;
1222
1223 if (ioctl(fd, CIOCKEY, &kop) == -1) {
1224 const DH_METHOD *meth = DH_OpenSSL();
1225
1226 dhret = (meth->compute_key)(key, pub_key, dh);
1227 }
1228err:
1229 kop.crk_param[3].crp_p = NULL;
1230 zapparams(&kop);
1231 return (dhret);
1232}
1233
1234static DH_METHOD cryptodev_dh = {
1235 "cryptodev DH method",
1236 NULL, /* cryptodev_dh_generate_key */
1237 NULL,
1238 NULL,
1239 NULL,
1240 NULL,
1241 0, /* flags */
1242 NULL /* app_data */
1243};
1244
1245/*
1246 * ctrl right now is just a wrapper that doesn't do much
1247 * but I expect we'll want some options soon.
1248 */
1249static int
1250cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
1251{
1252#ifdef HAVE_SYSLOG_R
1253 struct syslog_data sd = SYSLOG_DATA_INIT;
1254#endif
1255
1256 switch (cmd) {
1257 default:
1258#ifdef HAVE_SYSLOG_R
1259 syslog_r(LOG_ERR, &sd,
1260 "cryptodev_ctrl: unknown command %d", cmd);
1261#else
1262 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1263#endif
1264 break;
1265 }
1266 return (1);
1267}
1268
1269void
1270ENGINE_load_cryptodev(void)
1271{
1272 ENGINE *engine = ENGINE_new();
1273 int fd;
1274
1275 if (engine == NULL)
1276 return;
1277 if ((fd = get_dev_crypto()) < 0) {
1278 ENGINE_free(engine);
1279 return;
1280 }
1281
1282 /*
1283 * find out what asymmetric crypto algorithms we support
1284 */
1285 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1286 close(fd);
1287 ENGINE_free(engine);
1288 return;
1289 }
1290 close(fd);
1291
1292 if (!ENGINE_set_id(engine, "cryptodev") ||
1293 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
1294 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
1295 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
1296 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
1297 !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
1298 ENGINE_free(engine);
1299 return;
1300 }
1301
1302 if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
1303 const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
1304
1305 cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
1306 cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
1307 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
1308 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
1309 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
1310 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1311 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1312 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1313 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1314 cryptodev_rsa.rsa_mod_exp =
1315 cryptodev_rsa_mod_exp;
1316 else
1317 cryptodev_rsa.rsa_mod_exp =
1318 cryptodev_rsa_nocrt_mod_exp;
1319 }
1320 }
1321
1322 if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
1323 const DSA_METHOD *meth = DSA_OpenSSL();
1324
1325 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1326 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1327 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1328 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1329 cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1330 cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
1331 }
1332 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1333 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1334 }
1335
1336 if (ENGINE_set_DH(engine, &cryptodev_dh)){
1337 const DH_METHOD *dh_meth = DH_OpenSSL();
1338
1339 cryptodev_dh.generate_key = dh_meth->generate_key;
1340 cryptodev_dh.compute_key = dh_meth->compute_key;
1341 cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1342 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1343 cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1344 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1345 cryptodev_dh.compute_key =
1346 cryptodev_dh_compute_key;
1347 }
1348 }
1349
1350 ENGINE_add(engine);
1351 ENGINE_free(engine);
1352 ERR_clear_error();
1353}
1354
1355#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
new file mode 100644
index 0000000000..1411fd8333
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -0,0 +1,1109 @@
1/* crypto/engine/hw_cswift.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/dso.h>
63#include <openssl/engine.h>
64
65#ifndef OPENSSL_NO_HW
66#ifndef OPENSSL_NO_HW_CSWIFT
67
68/* Attribution notice: Rainbow have generously allowed me to reproduce
69 * the necessary definitions here from their API. This means the support
70 * can build independently of whether application builders have the
71 * API or hardware. This will allow developers to easily produce software
72 * that has latent hardware support for any users that have accelerators
73 * installed, without the developers themselves needing anything extra.
74 *
75 * I have only clipped the parts from the CryptoSwift header files that
76 * are (or seem) relevant to the CryptoSwift support code. This is
77 * simply to keep the file sizes reasonable.
78 * [Geoff]
79 */
80#ifdef FLAT_INC
81#include "cswift.h"
82#else
83#include "vendor_defns/cswift.h"
84#endif
85
86#define CSWIFT_LIB_NAME "cswift engine"
87#include "hw_cswift_err.c"
88
89static int cswift_destroy(ENGINE *e);
90static int cswift_init(ENGINE *e);
91static int cswift_finish(ENGINE *e);
92static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
93static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
94
95/* BIGNUM stuff */
96static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
97 const BIGNUM *m, BN_CTX *ctx);
98static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
99 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
100 const BIGNUM *iqmp, BN_CTX *ctx);
101
102#ifndef OPENSSL_NO_RSA
103/* RSA stuff */
104static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
105#endif
106/* This function is aliased to mod_exp (with the mont stuff dropped). */
107static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
108 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
109
110#ifndef OPENSSL_NO_DSA
111/* DSA stuff */
112static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
113static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
114 DSA_SIG *sig, DSA *dsa);
115#endif
116
117#ifndef OPENSSL_NO_DH
118/* DH stuff */
119/* This function is alised to mod_exp (with the DH and mont dropped). */
120static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
121 const BIGNUM *a, const BIGNUM *p,
122 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
123#endif
124
125/* RAND stuff */
126static int cswift_rand_bytes(unsigned char *buf, int num);
127static int cswift_rand_status(void);
128
129/* The definitions for control commands specific to this engine */
130#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
131static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
132 {CSWIFT_CMD_SO_PATH,
133 "SO_PATH",
134 "Specifies the path to the 'cswift' shared library",
135 ENGINE_CMD_FLAG_STRING},
136 {0, NULL, NULL, 0}
137 };
138
139#ifndef OPENSSL_NO_RSA
140/* Our internal RSA_METHOD that we provide pointers to */
141static RSA_METHOD cswift_rsa =
142 {
143 "CryptoSwift RSA method",
144 NULL,
145 NULL,
146 NULL,
147 NULL,
148 cswift_rsa_mod_exp,
149 cswift_mod_exp_mont,
150 NULL,
151 NULL,
152 0,
153 NULL,
154 NULL,
155 NULL
156 };
157#endif
158
159#ifndef OPENSSL_NO_DSA
160/* Our internal DSA_METHOD that we provide pointers to */
161static DSA_METHOD cswift_dsa =
162 {
163 "CryptoSwift DSA method",
164 cswift_dsa_sign,
165 NULL, /* dsa_sign_setup */
166 cswift_dsa_verify,
167 NULL, /* dsa_mod_exp */
168 NULL, /* bn_mod_exp */
169 NULL, /* init */
170 NULL, /* finish */
171 0, /* flags */
172 NULL /* app_data */
173 };
174#endif
175
176#ifndef OPENSSL_NO_DH
177/* Our internal DH_METHOD that we provide pointers to */
178static DH_METHOD cswift_dh =
179 {
180 "CryptoSwift DH method",
181 NULL,
182 NULL,
183 cswift_mod_exp_dh,
184 NULL,
185 NULL,
186 0,
187 NULL
188 };
189#endif
190
191static RAND_METHOD cswift_random =
192 {
193 /* "CryptoSwift RAND method", */
194 NULL,
195 cswift_rand_bytes,
196 NULL,
197 NULL,
198 cswift_rand_bytes,
199 cswift_rand_status,
200 };
201
202
203/* Constants used when creating the ENGINE */
204static const char *engine_cswift_id = "cswift";
205static const char *engine_cswift_name = "CryptoSwift hardware engine support";
206
207/* This internal function is used by ENGINE_cswift() and possibly by the
208 * "dynamic" ENGINE support too */
209static int bind_helper(ENGINE *e)
210 {
211#ifndef OPENSSL_NO_RSA
212 const RSA_METHOD *meth1;
213#endif
214#ifndef OPENSSL_NO_DH
215 const DH_METHOD *meth2;
216#endif
217 if(!ENGINE_set_id(e, engine_cswift_id) ||
218 !ENGINE_set_name(e, engine_cswift_name) ||
219#ifndef OPENSSL_NO_RSA
220 !ENGINE_set_RSA(e, &cswift_rsa) ||
221#endif
222#ifndef OPENSSL_NO_DSA
223 !ENGINE_set_DSA(e, &cswift_dsa) ||
224#endif
225#ifndef OPENSSL_NO_DH
226 !ENGINE_set_DH(e, &cswift_dh) ||
227#endif
228 !ENGINE_set_RAND(e, &cswift_random) ||
229 !ENGINE_set_destroy_function(e, cswift_destroy) ||
230 !ENGINE_set_init_function(e, cswift_init) ||
231 !ENGINE_set_finish_function(e, cswift_finish) ||
232 !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
233 !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
234 return 0;
235
236#ifndef OPENSSL_NO_RSA
237 /* We know that the "PKCS1_SSLeay()" functions hook properly
238 * to the cswift-specific mod_exp and mod_exp_crt so we use
239 * those functions. NB: We don't use ENGINE_openssl() or
240 * anything "more generic" because something like the RSAref
241 * code may not hook properly, and if you own one of these
242 * cards then you have the right to do RSA operations on it
243 * anyway! */
244 meth1 = RSA_PKCS1_SSLeay();
245 cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
246 cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
247 cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
248 cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
249#endif
250
251#ifndef OPENSSL_NO_DH
252 /* Much the same for Diffie-Hellman */
253 meth2 = DH_OpenSSL();
254 cswift_dh.generate_key = meth2->generate_key;
255 cswift_dh.compute_key = meth2->compute_key;
256#endif
257
258 /* Ensure the cswift error handling is set up */
259 ERR_load_CSWIFT_strings();
260 return 1;
261 }
262
263#ifndef ENGINE_DYNAMIC_SUPPORT
264static ENGINE *engine_cswift(void)
265 {
266 ENGINE *ret = ENGINE_new();
267 if(!ret)
268 return NULL;
269 if(!bind_helper(ret))
270 {
271 ENGINE_free(ret);
272 return NULL;
273 }
274 return ret;
275 }
276
277void ENGINE_load_cswift(void)
278 {
279 /* Copied from eng_[openssl|dyn].c */
280 ENGINE *toadd = engine_cswift();
281 if(!toadd) return;
282 ENGINE_add(toadd);
283 ENGINE_free(toadd);
284 ERR_clear_error();
285 }
286#endif
287
288/* This is a process-global DSO handle used for loading and unloading
289 * the CryptoSwift library. NB: This is only set (or unset) during an
290 * init() or finish() call (reference counts permitting) and they're
291 * operating with global locks, so this should be thread-safe
292 * implicitly. */
293static DSO *cswift_dso = NULL;
294
295/* These are the function pointers that are (un)set when the library has
296 * successfully (un)loaded. */
297t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
298t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
299t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
300t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
301
302/* Used in the DSO operations. */
303static const char *CSWIFT_LIBNAME = NULL;
304static const char *get_CSWIFT_LIBNAME(void)
305 {
306 if(CSWIFT_LIBNAME)
307 return CSWIFT_LIBNAME;
308 return "swift";
309 }
310static void free_CSWIFT_LIBNAME(void)
311 {
312 if(CSWIFT_LIBNAME)
313 OPENSSL_free((void*)CSWIFT_LIBNAME);
314 CSWIFT_LIBNAME = NULL;
315 }
316static long set_CSWIFT_LIBNAME(const char *name)
317 {
318 free_CSWIFT_LIBNAME();
319 return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
320 }
321static const char *CSWIFT_F1 = "swAcquireAccContext";
322static const char *CSWIFT_F2 = "swAttachKeyParam";
323static const char *CSWIFT_F3 = "swSimpleRequest";
324static const char *CSWIFT_F4 = "swReleaseAccContext";
325
326
327/* CryptoSwift library functions and mechanics - these are used by the
328 * higher-level functions further down. NB: As and where there's no
329 * error checking, take a look lower down where these functions are
330 * called, the checking and error handling is probably down there. */
331
332/* utility function to obtain a context */
333static int get_context(SW_CONTEXT_HANDLE *hac)
334 {
335 SW_STATUS status;
336
337 status = p_CSwift_AcquireAccContext(hac);
338 if(status != SW_OK)
339 return 0;
340 return 1;
341 }
342
343/* similarly to release one. */
344static void release_context(SW_CONTEXT_HANDLE hac)
345 {
346 p_CSwift_ReleaseAccContext(hac);
347 }
348
349/* Destructor (complements the "ENGINE_cswift()" constructor) */
350static int cswift_destroy(ENGINE *e)
351 {
352 free_CSWIFT_LIBNAME();
353 ERR_unload_CSWIFT_strings();
354 return 1;
355 }
356
357/* (de)initialisation functions. */
358static int cswift_init(ENGINE *e)
359 {
360 SW_CONTEXT_HANDLE hac;
361 t_swAcquireAccContext *p1;
362 t_swAttachKeyParam *p2;
363 t_swSimpleRequest *p3;
364 t_swReleaseAccContext *p4;
365
366 if(cswift_dso != NULL)
367 {
368 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
369 goto err;
370 }
371 /* Attempt to load libswift.so/swift.dll/whatever. */
372 cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
373 if(cswift_dso == NULL)
374 {
375 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
376 goto err;
377 }
378 if(!(p1 = (t_swAcquireAccContext *)
379 DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
380 !(p2 = (t_swAttachKeyParam *)
381 DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
382 !(p3 = (t_swSimpleRequest *)
383 DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
384 !(p4 = (t_swReleaseAccContext *)
385 DSO_bind_func(cswift_dso, CSWIFT_F4)))
386 {
387 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
388 goto err;
389 }
390 /* Copy the pointers */
391 p_CSwift_AcquireAccContext = p1;
392 p_CSwift_AttachKeyParam = p2;
393 p_CSwift_SimpleRequest = p3;
394 p_CSwift_ReleaseAccContext = p4;
395 /* Try and get a context - if not, we may have a DSO but no
396 * accelerator! */
397 if(!get_context(&hac))
398 {
399 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
400 goto err;
401 }
402 release_context(hac);
403 /* Everything's fine. */
404 return 1;
405err:
406 if(cswift_dso)
407 {
408 DSO_free(cswift_dso);
409 cswift_dso = NULL;
410 }
411 p_CSwift_AcquireAccContext = NULL;
412 p_CSwift_AttachKeyParam = NULL;
413 p_CSwift_SimpleRequest = NULL;
414 p_CSwift_ReleaseAccContext = NULL;
415 return 0;
416 }
417
418static int cswift_finish(ENGINE *e)
419 {
420 free_CSWIFT_LIBNAME();
421 if(cswift_dso == NULL)
422 {
423 CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
424 return 0;
425 }
426 if(!DSO_free(cswift_dso))
427 {
428 CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
429 return 0;
430 }
431 cswift_dso = NULL;
432 p_CSwift_AcquireAccContext = NULL;
433 p_CSwift_AttachKeyParam = NULL;
434 p_CSwift_SimpleRequest = NULL;
435 p_CSwift_ReleaseAccContext = NULL;
436 return 1;
437 }
438
439static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
440 {
441 int initialised = ((cswift_dso == NULL) ? 0 : 1);
442 switch(cmd)
443 {
444 case CSWIFT_CMD_SO_PATH:
445 if(p == NULL)
446 {
447 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
448 return 0;
449 }
450 if(initialised)
451 {
452 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
453 return 0;
454 }
455 return set_CSWIFT_LIBNAME((const char *)p);
456 default:
457 break;
458 }
459 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
460 return 0;
461 }
462
463/* Un petit mod_exp */
464static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
465 const BIGNUM *m, BN_CTX *ctx)
466 {
467 /* I need somewhere to store temporary serialised values for
468 * use with the CryptoSwift API calls. A neat cheat - I'll use
469 * BIGNUMs from the BN_CTX but access their arrays directly as
470 * byte arrays <grin>. This way I don't have to clean anything
471 * up. */
472 BIGNUM *modulus;
473 BIGNUM *exponent;
474 BIGNUM *argument;
475 BIGNUM *result;
476 SW_STATUS sw_status;
477 SW_LARGENUMBER arg, res;
478 SW_PARAM sw_param;
479 SW_CONTEXT_HANDLE hac;
480 int to_return, acquired;
481
482 modulus = exponent = argument = result = NULL;
483 to_return = 0; /* expect failure */
484 acquired = 0;
485
486 if(!get_context(&hac))
487 {
488 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
489 goto err;
490 }
491 acquired = 1;
492 /* Prepare the params */
493 BN_CTX_start(ctx);
494 modulus = BN_CTX_get(ctx);
495 exponent = BN_CTX_get(ctx);
496 argument = BN_CTX_get(ctx);
497 result = BN_CTX_get(ctx);
498 if(!result)
499 {
500 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
501 goto err;
502 }
503 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
504 !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
505 {
506 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
507 goto err;
508 }
509 sw_param.type = SW_ALG_EXP;
510 sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
511 (unsigned char *)modulus->d);
512 sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
513 sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
514 (unsigned char *)exponent->d);
515 sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
516 /* Attach the key params */
517 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
518 switch(sw_status)
519 {
520 case SW_OK:
521 break;
522 case SW_ERR_INPUT_SIZE:
523 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
524 goto err;
525 default:
526 {
527 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
528 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
529 sprintf(tmpbuf, "%ld", sw_status);
530 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
531 }
532 goto err;
533 }
534 /* Prepare the argument and response */
535 arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
536 arg.value = (unsigned char *)argument->d;
537 res.nbytes = BN_num_bytes(m);
538 memset(result->d, 0, res.nbytes);
539 res.value = (unsigned char *)result->d;
540 /* Perform the operation */
541 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
542 &res, 1)) != SW_OK)
543 {
544 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
545 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
546 sprintf(tmpbuf, "%ld", sw_status);
547 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
548 goto err;
549 }
550 /* Convert the response */
551 BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
552 to_return = 1;
553err:
554 if(acquired)
555 release_context(hac);
556 BN_CTX_end(ctx);
557 return to_return;
558 }
559
560
561int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
562{
563 int mod;
564 int numbytes = BN_num_bytes(in);
565
566 mod = 0;
567 while( ((out->nbytes = (numbytes+mod)) % 32) )
568 {
569 mod++;
570 }
571 out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
572 if(!out->value)
573 {
574 return 0;
575 }
576 BN_bn2bin(in, &out->value[mod]);
577 if(mod)
578 memset(out->value, 0, mod);
579
580 return 1;
581}
582
583/* Un petit mod_exp chinois */
584static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
585 const BIGNUM *q, const BIGNUM *dmp1,
586 const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
587 {
588 SW_STATUS sw_status;
589 SW_LARGENUMBER arg, res;
590 SW_PARAM sw_param;
591 SW_CONTEXT_HANDLE hac;
592 BIGNUM *result = NULL;
593 BIGNUM *argument = NULL;
594 int to_return = 0; /* expect failure */
595 int acquired = 0;
596
597 sw_param.up.crt.p.value = NULL;
598 sw_param.up.crt.q.value = NULL;
599 sw_param.up.crt.dmp1.value = NULL;
600 sw_param.up.crt.dmq1.value = NULL;
601 sw_param.up.crt.iqmp.value = NULL;
602
603 if(!get_context(&hac))
604 {
605 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
606 goto err;
607 }
608 acquired = 1;
609
610 /* Prepare the params */
611 argument = BN_new();
612 result = BN_new();
613 if(!result || !argument)
614 {
615 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
616 goto err;
617 }
618
619
620 sw_param.type = SW_ALG_CRT;
621 /************************************************************************/
622 /* 04/02/2003 */
623 /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
624 /* limitation of cswift with values not a multiple of 32 */
625 /************************************************************************/
626 if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
627 {
628 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
629 goto err;
630 }
631 if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
632 {
633 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
634 goto err;
635 }
636 if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
637 {
638 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
639 goto err;
640 }
641 if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
642 {
643 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
644 goto err;
645 }
646 if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
647 {
648 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
649 goto err;
650 }
651 if( !bn_wexpand(argument, a->top) ||
652 !bn_wexpand(result, p->top + q->top))
653 {
654 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
655 goto err;
656 }
657
658 /* Attach the key params */
659 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
660 switch(sw_status)
661 {
662 case SW_OK:
663 break;
664 case SW_ERR_INPUT_SIZE:
665 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
666 goto err;
667 default:
668 {
669 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
670 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
671 sprintf(tmpbuf, "%ld", sw_status);
672 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
673 }
674 goto err;
675 }
676 /* Prepare the argument and response */
677 arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
678 arg.value = (unsigned char *)argument->d;
679 res.nbytes = 2 * BN_num_bytes(p);
680 memset(result->d, 0, res.nbytes);
681 res.value = (unsigned char *)result->d;
682 /* Perform the operation */
683 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
684 &res, 1)) != SW_OK)
685 {
686 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
687 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
688 sprintf(tmpbuf, "%ld", sw_status);
689 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
690 goto err;
691 }
692 /* Convert the response */
693 BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
694 to_return = 1;
695err:
696 if(sw_param.up.crt.p.value)
697 OPENSSL_free(sw_param.up.crt.p.value);
698 if(sw_param.up.crt.q.value)
699 OPENSSL_free(sw_param.up.crt.q.value);
700 if(sw_param.up.crt.dmp1.value)
701 OPENSSL_free(sw_param.up.crt.dmp1.value);
702 if(sw_param.up.crt.dmq1.value)
703 OPENSSL_free(sw_param.up.crt.dmq1.value);
704 if(sw_param.up.crt.iqmp.value)
705 OPENSSL_free(sw_param.up.crt.iqmp.value);
706 if(result)
707 BN_free(result);
708 if(argument)
709 BN_free(argument);
710 if(acquired)
711 release_context(hac);
712 return to_return;
713 }
714
715#ifndef OPENSSL_NO_RSA
716static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
717 {
718 BN_CTX *ctx;
719 int to_return = 0;
720 const RSA_METHOD * def_rsa_method;
721
722 /* Try the limits of RSA (2048 bits) */
723 if(BN_num_bytes(rsa->p) > 128 ||
724 BN_num_bytes(rsa->q) > 128 ||
725 BN_num_bytes(rsa->dmp1) > 128 ||
726 BN_num_bytes(rsa->dmq1) > 128 ||
727 BN_num_bytes(rsa->iqmp) > 128)
728 {
729#ifdef RSA_NULL
730 def_rsa_method=RSA_null_method();
731#else
732#if 0
733 def_rsa_method=RSA_PKCS1_RSAref();
734#else
735 def_rsa_method=RSA_PKCS1_SSLeay();
736#endif
737#endif
738 if(def_rsa_method)
739 return def_rsa_method->rsa_mod_exp(r0, I, rsa);
740 }
741
742 if((ctx = BN_CTX_new()) == NULL)
743 goto err;
744 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
745 {
746 CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
747 goto err;
748 }
749 to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
750 rsa->dmq1, rsa->iqmp, ctx);
751err:
752 if(ctx)
753 BN_CTX_free(ctx);
754 return to_return;
755 }
756#endif
757
758/* This function is aliased to mod_exp (with the mont stuff dropped). */
759static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
760 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
761 {
762 const RSA_METHOD * def_rsa_method;
763
764 /* Try the limits of RSA (2048 bits) */
765 if(BN_num_bytes(r) > 256 ||
766 BN_num_bytes(a) > 256 ||
767 BN_num_bytes(m) > 256)
768 {
769#ifdef RSA_NULL
770 def_rsa_method=RSA_null_method();
771#else
772#if 0
773 def_rsa_method=RSA_PKCS1_RSAref();
774#else
775 def_rsa_method=RSA_PKCS1_SSLeay();
776#endif
777#endif
778 if(def_rsa_method)
779 return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
780 }
781
782 return cswift_mod_exp(r, a, p, m, ctx);
783 }
784
785#ifndef OPENSSL_NO_DSA
786static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
787 {
788 SW_CONTEXT_HANDLE hac;
789 SW_PARAM sw_param;
790 SW_STATUS sw_status;
791 SW_LARGENUMBER arg, res;
792 unsigned char *ptr;
793 BN_CTX *ctx;
794 BIGNUM *dsa_p = NULL;
795 BIGNUM *dsa_q = NULL;
796 BIGNUM *dsa_g = NULL;
797 BIGNUM *dsa_key = NULL;
798 BIGNUM *result = NULL;
799 DSA_SIG *to_return = NULL;
800 int acquired = 0;
801
802 if((ctx = BN_CTX_new()) == NULL)
803 goto err;
804 if(!get_context(&hac))
805 {
806 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
807 goto err;
808 }
809 acquired = 1;
810 /* Prepare the params */
811 BN_CTX_start(ctx);
812 dsa_p = BN_CTX_get(ctx);
813 dsa_q = BN_CTX_get(ctx);
814 dsa_g = BN_CTX_get(ctx);
815 dsa_key = BN_CTX_get(ctx);
816 result = BN_CTX_get(ctx);
817 if(!result)
818 {
819 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
820 goto err;
821 }
822 if(!bn_wexpand(dsa_p, dsa->p->top) ||
823 !bn_wexpand(dsa_q, dsa->q->top) ||
824 !bn_wexpand(dsa_g, dsa->g->top) ||
825 !bn_wexpand(dsa_key, dsa->priv_key->top) ||
826 !bn_wexpand(result, dsa->p->top))
827 {
828 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
829 goto err;
830 }
831 sw_param.type = SW_ALG_DSA;
832 sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
833 (unsigned char *)dsa_p->d);
834 sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
835 sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
836 (unsigned char *)dsa_q->d);
837 sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
838 sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
839 (unsigned char *)dsa_g->d);
840 sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
841 sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
842 (unsigned char *)dsa_key->d);
843 sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
844 /* Attach the key params */
845 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
846 switch(sw_status)
847 {
848 case SW_OK:
849 break;
850 case SW_ERR_INPUT_SIZE:
851 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
852 goto err;
853 default:
854 {
855 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
856 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
857 sprintf(tmpbuf, "%ld", sw_status);
858 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
859 }
860 goto err;
861 }
862 /* Prepare the argument and response */
863 arg.nbytes = dlen;
864 arg.value = (unsigned char *)dgst;
865 res.nbytes = BN_num_bytes(dsa->p);
866 memset(result->d, 0, res.nbytes);
867 res.value = (unsigned char *)result->d;
868 /* Perform the operation */
869 sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
870 &res, 1);
871 if(sw_status != SW_OK)
872 {
873 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
874 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
875 sprintf(tmpbuf, "%ld", sw_status);
876 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
877 goto err;
878 }
879 /* Convert the response */
880 ptr = (unsigned char *)result->d;
881 if((to_return = DSA_SIG_new()) == NULL)
882 goto err;
883 to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
884 to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
885
886err:
887 if(acquired)
888 release_context(hac);
889 if(ctx)
890 {
891 BN_CTX_end(ctx);
892 BN_CTX_free(ctx);
893 }
894 return to_return;
895 }
896
897static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
898 DSA_SIG *sig, DSA *dsa)
899 {
900 SW_CONTEXT_HANDLE hac;
901 SW_PARAM sw_param;
902 SW_STATUS sw_status;
903 SW_LARGENUMBER arg[2], res;
904 unsigned long sig_result;
905 BN_CTX *ctx;
906 BIGNUM *dsa_p = NULL;
907 BIGNUM *dsa_q = NULL;
908 BIGNUM *dsa_g = NULL;
909 BIGNUM *dsa_key = NULL;
910 BIGNUM *argument = NULL;
911 int to_return = -1;
912 int acquired = 0;
913
914 if((ctx = BN_CTX_new()) == NULL)
915 goto err;
916 if(!get_context(&hac))
917 {
918 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
919 goto err;
920 }
921 acquired = 1;
922 /* Prepare the params */
923 BN_CTX_start(ctx);
924 dsa_p = BN_CTX_get(ctx);
925 dsa_q = BN_CTX_get(ctx);
926 dsa_g = BN_CTX_get(ctx);
927 dsa_key = BN_CTX_get(ctx);
928 argument = BN_CTX_get(ctx);
929 if(!argument)
930 {
931 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
932 goto err;
933 }
934 if(!bn_wexpand(dsa_p, dsa->p->top) ||
935 !bn_wexpand(dsa_q, dsa->q->top) ||
936 !bn_wexpand(dsa_g, dsa->g->top) ||
937 !bn_wexpand(dsa_key, dsa->pub_key->top) ||
938 !bn_wexpand(argument, 40))
939 {
940 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
941 goto err;
942 }
943 sw_param.type = SW_ALG_DSA;
944 sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
945 (unsigned char *)dsa_p->d);
946 sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
947 sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
948 (unsigned char *)dsa_q->d);
949 sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
950 sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
951 (unsigned char *)dsa_g->d);
952 sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
953 sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
954 (unsigned char *)dsa_key->d);
955 sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
956 /* Attach the key params */
957 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
958 switch(sw_status)
959 {
960 case SW_OK:
961 break;
962 case SW_ERR_INPUT_SIZE:
963 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
964 goto err;
965 default:
966 {
967 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
968 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
969 sprintf(tmpbuf, "%ld", sw_status);
970 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
971 }
972 goto err;
973 }
974 /* Prepare the argument and response */
975 arg[0].nbytes = dgst_len;
976 arg[0].value = (unsigned char *)dgst;
977 arg[1].nbytes = 40;
978 arg[1].value = (unsigned char *)argument->d;
979 memset(arg[1].value, 0, 40);
980 BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
981 BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
982 res.nbytes = 4; /* unsigned long */
983 res.value = (unsigned char *)(&sig_result);
984 /* Perform the operation */
985 sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
986 &res, 1);
987 if(sw_status != SW_OK)
988 {
989 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
990 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
991 sprintf(tmpbuf, "%ld", sw_status);
992 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
993 goto err;
994 }
995 /* Convert the response */
996 to_return = ((sig_result == 0) ? 0 : 1);
997
998err:
999 if(acquired)
1000 release_context(hac);
1001 if(ctx)
1002 {
1003 BN_CTX_end(ctx);
1004 BN_CTX_free(ctx);
1005 }
1006 return to_return;
1007 }
1008#endif
1009
1010#ifndef OPENSSL_NO_DH
1011/* This function is aliased to mod_exp (with the dh and mont dropped). */
1012static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
1013 const BIGNUM *a, const BIGNUM *p,
1014 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1015 {
1016 return cswift_mod_exp(r, a, p, m, ctx);
1017 }
1018#endif
1019
1020/* Random bytes are good */
1021static int cswift_rand_bytes(unsigned char *buf, int num)
1022{
1023 SW_CONTEXT_HANDLE hac;
1024 SW_STATUS swrc;
1025 SW_LARGENUMBER largenum;
1026 int acquired = 0;
1027 int to_return = 0; /* assume failure */
1028 unsigned char buf32[1024];
1029
1030
1031 if (!get_context(&hac))
1032 {
1033 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
1034 goto err;
1035 }
1036 acquired = 1;
1037
1038 /************************************************************************/
1039 /* 04/02/2003 */
1040 /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
1041 /* limitation of cswift with values not a multiple of 32 */
1042 /************************************************************************/
1043
1044 while(num >= sizeof(buf32))
1045 {
1046 largenum.value = buf;
1047 largenum.nbytes = sizeof(buf32);
1048 /* tell CryptoSwift how many bytes we want and where we want it.
1049 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
1050 * - CryptoSwift can only do multiple of 32-bits. */
1051 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
1052 if (swrc != SW_OK)
1053 {
1054 char tmpbuf[20];
1055 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
1056 sprintf(tmpbuf, "%ld", swrc);
1057 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
1058 goto err;
1059 }
1060 buf += sizeof(buf32);
1061 num -= sizeof(buf32);
1062 }
1063 if(num)
1064 {
1065 largenum.nbytes = sizeof(buf32);
1066 largenum.value = buf32;
1067 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
1068 if (swrc != SW_OK)
1069 {
1070 char tmpbuf[20];
1071 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
1072 sprintf(tmpbuf, "%ld", swrc);
1073 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
1074 goto err;
1075 }
1076 memcpy(buf, largenum.value, num);
1077 }
1078
1079 to_return = 1; /* success */
1080err:
1081 if (acquired)
1082 release_context(hac);
1083
1084 return to_return;
1085}
1086
1087static int cswift_rand_status(void)
1088{
1089 return 1;
1090}
1091
1092
1093/* This stuff is needed if this ENGINE is being compiled into a self-contained
1094 * shared-library. */
1095#ifdef ENGINE_DYNAMIC_SUPPORT
1096static int bind_fn(ENGINE *e, const char *id)
1097 {
1098 if(id && (strcmp(id, engine_cswift_id) != 0))
1099 return 0;
1100 if(!bind_helper(e))
1101 return 0;
1102 return 1;
1103 }
1104IMPLEMENT_DYNAMIC_CHECK_FN()
1105IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1106#endif /* ENGINE_DYNAMIC_SUPPORT */
1107
1108#endif /* !OPENSSL_NO_HW_CSWIFT */
1109#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.c b/src/lib/libcrypto/engine/hw_cswift_err.c
new file mode 100644
index 0000000000..684f53bf27
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.c
@@ -0,0 +1,149 @@
1/* hw_cswift_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_cswift_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA CSWIFT_str_functs[]=
68 {
69{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0), "CSWIFT_CTRL"},
70{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"},
71{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"},
72{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
73{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0), "CSWIFT_INIT"},
74{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
75{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"},
76{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"},
77{0,NULL}
78 };
79
80static ERR_STRING_DATA CSWIFT_str_reasons[]=
81 {
82{CSWIFT_R_ALREADY_LOADED ,"already loaded"},
83{CSWIFT_R_BAD_KEY_SIZE ,"bad key size"},
84{CSWIFT_R_BN_CTX_FULL ,"bn ctx full"},
85{CSWIFT_R_BN_EXPAND_FAIL ,"bn expand fail"},
86{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
87{CSWIFT_R_MISSING_KEY_COMPONENTS ,"missing key components"},
88{CSWIFT_R_NOT_LOADED ,"not loaded"},
89{CSWIFT_R_REQUEST_FAILED ,"request failed"},
90{CSWIFT_R_UNIT_FAILURE ,"unit failure"},
91{0,NULL}
92 };
93
94#endif
95
96#ifdef CSWIFT_LIB_NAME
97static ERR_STRING_DATA CSWIFT_lib_name[]=
98 {
99{0 ,CSWIFT_LIB_NAME},
100{0,NULL}
101 };
102#endif
103
104
105static int CSWIFT_lib_error_code=0;
106static int CSWIFT_error_init=1;
107
108static void ERR_load_CSWIFT_strings(void)
109 {
110 if (CSWIFT_lib_error_code == 0)
111 CSWIFT_lib_error_code=ERR_get_next_error_library();
112
113 if (CSWIFT_error_init)
114 {
115 CSWIFT_error_init=0;
116#ifndef OPENSSL_NO_ERR
117 ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
118 ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
119#endif
120
121#ifdef CSWIFT_LIB_NAME
122 CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
123 ERR_load_strings(0,CSWIFT_lib_name);
124#endif
125 }
126 }
127
128static void ERR_unload_CSWIFT_strings(void)
129 {
130 if (CSWIFT_error_init == 0)
131 {
132#ifndef OPENSSL_NO_ERR
133 ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
134 ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
135#endif
136
137#ifdef CSWIFT_LIB_NAME
138 ERR_unload_strings(0,CSWIFT_lib_name);
139#endif
140 CSWIFT_error_init=1;
141 }
142 }
143
144static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
145 {
146 if (CSWIFT_lib_error_code == 0)
147 CSWIFT_lib_error_code=ERR_get_next_error_library();
148 ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
149 }
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.h b/src/lib/libcrypto/engine/hw_cswift_err.h
new file mode 100644
index 0000000000..7120c3216f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.h
@@ -0,0 +1,93 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CSWIFT_ERR_H
56#define HEADER_CSWIFT_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_CSWIFT_strings(void);
63static void ERR_unload_CSWIFT_strings(void);
64static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
65#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the CSWIFT functions. */
68
69/* Function codes. */
70#define CSWIFT_F_CSWIFT_CTRL 100
71#define CSWIFT_F_CSWIFT_DSA_SIGN 101
72#define CSWIFT_F_CSWIFT_DSA_VERIFY 102
73#define CSWIFT_F_CSWIFT_FINISH 103
74#define CSWIFT_F_CSWIFT_INIT 104
75#define CSWIFT_F_CSWIFT_MOD_EXP 105
76#define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
77#define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
78
79/* Reason codes. */
80#define CSWIFT_R_ALREADY_LOADED 100
81#define CSWIFT_R_BAD_KEY_SIZE 101
82#define CSWIFT_R_BN_CTX_FULL 102
83#define CSWIFT_R_BN_EXPAND_FAIL 103
84#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
85#define CSWIFT_R_MISSING_KEY_COMPONENTS 105
86#define CSWIFT_R_NOT_LOADED 106
87#define CSWIFT_R_REQUEST_FAILED 107
88#define CSWIFT_R_UNIT_FAILURE 108
89
90#ifdef __cplusplus
91}
92#endif
93#endif
diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c
new file mode 100644
index 0000000000..0d1c6b8df0
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher.c
@@ -0,0 +1,1388 @@
1/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
2/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
3 * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
4 * for the OpenSSL project 2000.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include <string.h>
62#include "cryptlib.h"
63#include <openssl/crypto.h>
64#include <openssl/pem.h>
65#include <openssl/dso.h>
66#include <openssl/engine.h>
67#include <openssl/ui.h>
68
69#ifndef OPENSSL_NO_HW
70#ifndef OPENSSL_NO_HW_NCIPHER
71
72/* Attribution notice: nCipher have said several times that it's OK for
73 * us to implement a general interface to their boxes, and recently declared
74 * their HWCryptoHook to be public, and therefore available for us to use.
75 * Thanks, nCipher.
76 *
77 * The hwcryptohook.h included here is from May 2000.
78 * [Richard Levitte]
79 */
80#ifdef FLAT_INC
81#include "hwcryptohook.h"
82#else
83#include "vendor_defns/hwcryptohook.h"
84#endif
85
86#define HWCRHK_LIB_NAME "hwcrhk engine"
87#include "hw_ncipher_err.c"
88
89static int hwcrhk_destroy(ENGINE *e);
90static int hwcrhk_init(ENGINE *e);
91static int hwcrhk_finish(ENGINE *e);
92static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
93
94/* Functions to handle mutexes if have dynamic locks */
95static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
96static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
97static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
98static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
99#if 1 /* This is a HACK which will disappear in 0.9.8 */
100/* Functions to handle mutexes if only have static locks */
101static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
102 HWCryptoHook_CallerContext *c);
103static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m);
104static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m);
105static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m);
106#endif
107
108/* BIGNUM stuff */
109static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
110 const BIGNUM *m, BN_CTX *ctx);
111
112#ifndef OPENSSL_NO_RSA
113/* RSA stuff */
114static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
115#endif
116/* This function is aliased to mod_exp (with the mont stuff dropped). */
117static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
118 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
119
120#ifndef OPENSSL_NO_DH
121/* DH stuff */
122/* This function is alised to mod_exp (with the DH and mont dropped). */
123static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
124 const BIGNUM *a, const BIGNUM *p,
125 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
126#endif
127
128/* RAND stuff */
129static int hwcrhk_rand_bytes(unsigned char *buf, int num);
130static int hwcrhk_rand_status(void);
131
132/* KM stuff */
133static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
134 UI_METHOD *ui_method, void *callback_data);
135static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
136 UI_METHOD *ui_method, void *callback_data);
137static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
138 int ind,long argl, void *argp);
139
140/* Interaction stuff */
141static int hwcrhk_insert_card(const char *prompt_info,
142 const char *wrong_info,
143 HWCryptoHook_PassphraseContext *ppctx,
144 HWCryptoHook_CallerContext *cactx);
145static int hwcrhk_get_pass(const char *prompt_info,
146 int *len_io, char *buf,
147 HWCryptoHook_PassphraseContext *ppctx,
148 HWCryptoHook_CallerContext *cactx);
149static void hwcrhk_log_message(void *logstr, const char *message);
150
151/* The definitions for control commands specific to this engine */
152#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
153#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
154#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
155#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
156#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
157static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
158 {HWCRHK_CMD_SO_PATH,
159 "SO_PATH",
160 "Specifies the path to the 'hwcrhk' shared library",
161 ENGINE_CMD_FLAG_STRING},
162 {HWCRHK_CMD_FORK_CHECK,
163 "FORK_CHECK",
164 "Turns fork() checking on or off (boolean)",
165 ENGINE_CMD_FLAG_NUMERIC},
166 {HWCRHK_CMD_THREAD_LOCKING,
167 "THREAD_LOCKING",
168 "Turns thread-safe locking on or off (boolean)",
169 ENGINE_CMD_FLAG_NUMERIC},
170 {HWCRHK_CMD_SET_USER_INTERFACE,
171 "SET_USER_INTERFACE",
172 "Set the global user interface (internal)",
173 ENGINE_CMD_FLAG_INTERNAL},
174 {HWCRHK_CMD_SET_CALLBACK_DATA,
175 "SET_CALLBACK_DATA",
176 "Set the global user interface extra data (internal)",
177 ENGINE_CMD_FLAG_INTERNAL},
178 {0, NULL, NULL, 0}
179 };
180
181#ifndef OPENSSL_NO_RSA
182/* Our internal RSA_METHOD that we provide pointers to */
183static RSA_METHOD hwcrhk_rsa =
184 {
185 "nCipher RSA method",
186 NULL,
187 NULL,
188 NULL,
189 NULL,
190 hwcrhk_rsa_mod_exp,
191 hwcrhk_mod_exp_mont,
192 NULL,
193 NULL,
194 0,
195 NULL,
196 NULL,
197 NULL
198 };
199#endif
200
201#ifndef OPENSSL_NO_DH
202/* Our internal DH_METHOD that we provide pointers to */
203static DH_METHOD hwcrhk_dh =
204 {
205 "nCipher DH method",
206 NULL,
207 NULL,
208 hwcrhk_mod_exp_dh,
209 NULL,
210 NULL,
211 0,
212 NULL
213 };
214#endif
215
216static RAND_METHOD hwcrhk_rand =
217 {
218 /* "nCipher RAND method", */
219 NULL,
220 hwcrhk_rand_bytes,
221 NULL,
222 NULL,
223 hwcrhk_rand_bytes,
224 hwcrhk_rand_status,
225 };
226
227/* Constants used when creating the ENGINE */
228static const char *engine_hwcrhk_id = "chil";
229static const char *engine_hwcrhk_name = "nCipher hardware engine support";
230
231/* Internal stuff for HWCryptoHook */
232
233/* Some structures needed for proper use of thread locks */
234/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
235 into HWCryptoHook_Mutex */
236struct HWCryptoHook_MutexValue
237 {
238 int lockid;
239 };
240
241/* hwcryptohook.h has some typedefs that turn
242 struct HWCryptoHook_PassphraseContextValue
243 into HWCryptoHook_PassphraseContext */
244struct HWCryptoHook_PassphraseContextValue
245 {
246 UI_METHOD *ui_method;
247 void *callback_data;
248 };
249
250/* hwcryptohook.h has some typedefs that turn
251 struct HWCryptoHook_CallerContextValue
252 into HWCryptoHook_CallerContext */
253struct HWCryptoHook_CallerContextValue
254 {
255 pem_password_cb *password_callback; /* Deprecated! Only present for
256 backward compatibility! */
257 UI_METHOD *ui_method;
258 void *callback_data;
259 };
260
261/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
262 BIGNUM's, so lets define a couple of conversion macros */
263#define BN2MPI(mp, bn) \
264 {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
265#define MPI2BN(bn, mp) \
266 {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
267
268static BIO *logstream = NULL;
269static int disable_mutex_callbacks = 0;
270
271/* One might wonder why these are needed, since one can pass down at least
272 a UI_METHOD and a pointer to callback data to the key-loading functions.
273 The thing is that the ModExp and RSAImmed functions can load keys as well,
274 if the data they get is in a special, nCipher-defined format (hint: if you
275 look at the private exponent of the RSA data as a string, you'll see this
276 string: "nCipher KM tool key id", followed by some bytes, followed a key
277 identity string, followed by more bytes. This happens when you use "embed"
278 keys instead of "hwcrhk" keys). Unfortunately, those functions do not take
279 any passphrase or caller context, and our functions can't really take any
280 callback data either. Still, the "insert_card" and "get_passphrase"
281 callbacks may be called down the line, and will need to know what user
282 interface callbacks to call, and having callback data from the application
283 may be a nice thing as well, so we need to keep track of that globally. */
284static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
285
286/* Stuff to pass to the HWCryptoHook library */
287static HWCryptoHook_InitInfo hwcrhk_globals = {
288 HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
289 &logstream, /* logstream */
290 sizeof(BN_ULONG), /* limbsize */
291 0, /* mslimb first: false for BNs */
292 -1, /* msbyte first: use native */
293 0, /* Max mutexes, 0 = no small limit */
294 0, /* Max simultaneous, 0 = default */
295
296 /* The next few are mutex stuff: we write wrapper functions
297 around the OS mutex functions. We initialise them to 0
298 here, and change that to actual function pointers in hwcrhk_init()
299 if dynamic locks are supported (that is, if the application
300 programmer has made sure of setting up callbacks bafore starting
301 this engine) *and* if disable_mutex_callbacks hasn't been set by
302 a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
303 sizeof(HWCryptoHook_Mutex),
304 0,
305 0,
306 0,
307 0,
308
309 /* The next few are condvar stuff: we write wrapper functions
310 round the OS functions. Currently not implemented and not
311 and absolute necessity even in threaded programs, therefore
312 0'ed. Will hopefully be implemented some day, since it
313 enhances the efficiency of HWCryptoHook. */
314 0, /* sizeof(HWCryptoHook_CondVar), */
315 0, /* hwcrhk_cv_init, */
316 0, /* hwcrhk_cv_wait, */
317 0, /* hwcrhk_cv_signal, */
318 0, /* hwcrhk_cv_broadcast, */
319 0, /* hwcrhk_cv_destroy, */
320
321 hwcrhk_get_pass, /* pass phrase */
322 hwcrhk_insert_card, /* insert a card */
323 hwcrhk_log_message /* Log message */
324};
325
326
327/* Now, to our own code */
328
329/* This internal function is used by ENGINE_ncipher() and possibly by the
330 * "dynamic" ENGINE support too */
331static int bind_helper(ENGINE *e)
332 {
333#ifndef OPENSSL_NO_RSA
334 const RSA_METHOD *meth1;
335#endif
336#ifndef OPENSSL_NO_DH
337 const DH_METHOD *meth2;
338#endif
339 if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
340 !ENGINE_set_name(e, engine_hwcrhk_name) ||
341#ifndef OPENSSL_NO_RSA
342 !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
343#endif
344#ifndef OPENSSL_NO_DH
345 !ENGINE_set_DH(e, &hwcrhk_dh) ||
346#endif
347 !ENGINE_set_RAND(e, &hwcrhk_rand) ||
348 !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
349 !ENGINE_set_init_function(e, hwcrhk_init) ||
350 !ENGINE_set_finish_function(e, hwcrhk_finish) ||
351 !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
352 !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
353 !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
354 !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
355 return 0;
356
357#ifndef OPENSSL_NO_RSA
358 /* We know that the "PKCS1_SSLeay()" functions hook properly
359 * to the cswift-specific mod_exp and mod_exp_crt so we use
360 * those functions. NB: We don't use ENGINE_openssl() or
361 * anything "more generic" because something like the RSAref
362 * code may not hook properly, and if you own one of these
363 * cards then you have the right to do RSA operations on it
364 * anyway! */
365 meth1 = RSA_PKCS1_SSLeay();
366 hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
367 hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
368 hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
369 hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
370#endif
371
372#ifndef OPENSSL_NO_DH
373 /* Much the same for Diffie-Hellman */
374 meth2 = DH_OpenSSL();
375 hwcrhk_dh.generate_key = meth2->generate_key;
376 hwcrhk_dh.compute_key = meth2->compute_key;
377#endif
378
379 /* Ensure the hwcrhk error handling is set up */
380 ERR_load_HWCRHK_strings();
381 return 1;
382 }
383
384#ifndef ENGINE_DYNAMIC_SUPPORT
385static ENGINE *engine_ncipher(void)
386 {
387 ENGINE *ret = ENGINE_new();
388 if(!ret)
389 return NULL;
390 if(!bind_helper(ret))
391 {
392 ENGINE_free(ret);
393 return NULL;
394 }
395 return ret;
396 }
397
398void ENGINE_load_chil(void)
399 {
400 /* Copied from eng_[openssl|dyn].c */
401 ENGINE *toadd = engine_ncipher();
402 if(!toadd) return;
403 ENGINE_add(toadd);
404 ENGINE_free(toadd);
405 ERR_clear_error();
406 }
407#endif
408
409/* This is a process-global DSO handle used for loading and unloading
410 * the HWCryptoHook library. NB: This is only set (or unset) during an
411 * init() or finish() call (reference counts permitting) and they're
412 * operating with global locks, so this should be thread-safe
413 * implicitly. */
414static DSO *hwcrhk_dso = NULL;
415static HWCryptoHook_ContextHandle hwcrhk_context = 0;
416#ifndef OPENSSL_NO_RSA
417static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
418#endif
419
420/* These are the function pointers that are (un)set when the library has
421 * successfully (un)loaded. */
422static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
423static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
424static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
425#ifndef OPENSSL_NO_RSA
426static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
427#endif
428static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
429#ifndef OPENSSL_NO_RSA
430static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
431static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
432static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
433#endif
434static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
435
436/* Used in the DSO operations. */
437static const char *HWCRHK_LIBNAME = NULL;
438static void free_HWCRHK_LIBNAME(void)
439 {
440 if(HWCRHK_LIBNAME)
441 OPENSSL_free((void*)HWCRHK_LIBNAME);
442 HWCRHK_LIBNAME = NULL;
443 }
444static const char *get_HWCRHK_LIBNAME(void)
445 {
446 if(HWCRHK_LIBNAME)
447 return HWCRHK_LIBNAME;
448 return "nfhwcrhk";
449 }
450static long set_HWCRHK_LIBNAME(const char *name)
451 {
452 free_HWCRHK_LIBNAME();
453 return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
454 }
455static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
456static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
457static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
458#ifndef OPENSSL_NO_RSA
459static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
460#endif
461static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
462#ifndef OPENSSL_NO_RSA
463static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
464static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
465static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
466#endif
467static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
468
469/* HWCryptoHook library functions and mechanics - these are used by the
470 * higher-level functions further down. NB: As and where there's no
471 * error checking, take a look lower down where these functions are
472 * called, the checking and error handling is probably down there. */
473
474/* utility function to obtain a context */
475static int get_context(HWCryptoHook_ContextHandle *hac,
476 HWCryptoHook_CallerContext *cac)
477 {
478 char tempbuf[1024];
479 HWCryptoHook_ErrMsgBuf rmsg;
480
481 rmsg.buf = tempbuf;
482 rmsg.size = sizeof(tempbuf);
483
484 *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
485 cac);
486 if (!*hac)
487 return 0;
488 return 1;
489 }
490
491/* similarly to release one. */
492static void release_context(HWCryptoHook_ContextHandle hac)
493 {
494 p_hwcrhk_Finish(hac);
495 }
496
497/* Destructor (complements the "ENGINE_ncipher()" constructor) */
498static int hwcrhk_destroy(ENGINE *e)
499 {
500 free_HWCRHK_LIBNAME();
501 ERR_unload_HWCRHK_strings();
502 return 1;
503 }
504
505/* (de)initialisation functions. */
506static int hwcrhk_init(ENGINE *e)
507 {
508 HWCryptoHook_Init_t *p1;
509 HWCryptoHook_Finish_t *p2;
510 HWCryptoHook_ModExp_t *p3;
511#ifndef OPENSSL_NO_RSA
512 HWCryptoHook_RSA_t *p4;
513 HWCryptoHook_RSALoadKey_t *p5;
514 HWCryptoHook_RSAGetPublicKey_t *p6;
515 HWCryptoHook_RSAUnloadKey_t *p7;
516#endif
517 HWCryptoHook_RandomBytes_t *p8;
518 HWCryptoHook_ModExpCRT_t *p9;
519
520 if(hwcrhk_dso != NULL)
521 {
522 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
523 goto err;
524 }
525 /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
526 hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
527 if(hwcrhk_dso == NULL)
528 {
529 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
530 goto err;
531 }
532 if(!(p1 = (HWCryptoHook_Init_t *)
533 DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
534 !(p2 = (HWCryptoHook_Finish_t *)
535 DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
536 !(p3 = (HWCryptoHook_ModExp_t *)
537 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
538#ifndef OPENSSL_NO_RSA
539 !(p4 = (HWCryptoHook_RSA_t *)
540 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
541 !(p5 = (HWCryptoHook_RSALoadKey_t *)
542 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
543 !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
544 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
545 !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
546 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
547#endif
548 !(p8 = (HWCryptoHook_RandomBytes_t *)
549 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
550 !(p9 = (HWCryptoHook_ModExpCRT_t *)
551 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
552 {
553 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
554 goto err;
555 }
556 /* Copy the pointers */
557 p_hwcrhk_Init = p1;
558 p_hwcrhk_Finish = p2;
559 p_hwcrhk_ModExp = p3;
560#ifndef OPENSSL_NO_RSA
561 p_hwcrhk_RSA = p4;
562 p_hwcrhk_RSALoadKey = p5;
563 p_hwcrhk_RSAGetPublicKey = p6;
564 p_hwcrhk_RSAUnloadKey = p7;
565#endif
566 p_hwcrhk_RandomBytes = p8;
567 p_hwcrhk_ModExpCRT = p9;
568
569 /* Check if the application decided to support dynamic locks,
570 and if it does, use them. */
571 if (disable_mutex_callbacks == 0)
572 {
573 if (CRYPTO_get_dynlock_create_callback() != NULL &&
574 CRYPTO_get_dynlock_lock_callback() != NULL &&
575 CRYPTO_get_dynlock_destroy_callback() != NULL)
576 {
577 hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
578 hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
579 hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
580 hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
581 }
582 else if (CRYPTO_get_locking_callback() != NULL)
583 {
584 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING);
585 ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
586#if 1 /* This is a HACK which will disappear in 0.9.8 */
587 hwcrhk_globals.maxmutexes = 1; /* Only have one lock */
588 hwcrhk_globals.mutex_init = hwcrhk_static_mutex_init;
589 hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock;
590 hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock;
591 hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy;
592#else
593 goto err;
594#endif
595 }
596 }
597
598 /* Try and get a context - if not, we may have a DSO but no
599 * accelerator! */
600 if(!get_context(&hwcrhk_context, &password_context))
601 {
602 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
603 goto err;
604 }
605 /* Everything's fine. */
606#ifndef OPENSSL_NO_RSA
607 if (hndidx_rsa == -1)
608 hndidx_rsa = RSA_get_ex_new_index(0,
609 "nFast HWCryptoHook RSA key handle",
610 NULL, NULL, hwcrhk_ex_free);
611#endif
612 return 1;
613err:
614 if(hwcrhk_dso)
615 DSO_free(hwcrhk_dso);
616 hwcrhk_dso = NULL;
617 p_hwcrhk_Init = NULL;
618 p_hwcrhk_Finish = NULL;
619 p_hwcrhk_ModExp = NULL;
620#ifndef OPENSSL_NO_RSA
621 p_hwcrhk_RSA = NULL;
622 p_hwcrhk_RSALoadKey = NULL;
623 p_hwcrhk_RSAGetPublicKey = NULL;
624 p_hwcrhk_RSAUnloadKey = NULL;
625#endif
626 p_hwcrhk_ModExpCRT = NULL;
627 p_hwcrhk_RandomBytes = NULL;
628 return 0;
629 }
630
631static int hwcrhk_finish(ENGINE *e)
632 {
633 int to_return = 1;
634 free_HWCRHK_LIBNAME();
635 if(hwcrhk_dso == NULL)
636 {
637 HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
638 to_return = 0;
639 goto err;
640 }
641 release_context(hwcrhk_context);
642 if(!DSO_free(hwcrhk_dso))
643 {
644 HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
645 to_return = 0;
646 goto err;
647 }
648 err:
649 if (logstream)
650 BIO_free(logstream);
651 hwcrhk_dso = NULL;
652 p_hwcrhk_Init = NULL;
653 p_hwcrhk_Finish = NULL;
654 p_hwcrhk_ModExp = NULL;
655#ifndef OPENSSL_NO_RSA
656 p_hwcrhk_RSA = NULL;
657 p_hwcrhk_RSALoadKey = NULL;
658 p_hwcrhk_RSAGetPublicKey = NULL;
659 p_hwcrhk_RSAUnloadKey = NULL;
660#endif
661 p_hwcrhk_ModExpCRT = NULL;
662 p_hwcrhk_RandomBytes = NULL;
663 return to_return;
664 }
665
666static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
667 {
668 int to_return = 1;
669
670 switch(cmd)
671 {
672 case HWCRHK_CMD_SO_PATH:
673 if(hwcrhk_dso)
674 {
675 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
676 return 0;
677 }
678 if(p == NULL)
679 {
680 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
681 return 0;
682 }
683 return set_HWCRHK_LIBNAME((const char *)p);
684 case ENGINE_CTRL_SET_LOGSTREAM:
685 {
686 BIO *bio = (BIO *)p;
687
688 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
689 if (logstream)
690 {
691 BIO_free(logstream);
692 logstream = NULL;
693 }
694 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
695 logstream = bio;
696 else
697 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
698 }
699 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
700 break;
701 case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
702 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
703 password_context.password_callback = (pem_password_cb *)f;
704 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
705 break;
706 case ENGINE_CTRL_SET_USER_INTERFACE:
707 case HWCRHK_CMD_SET_USER_INTERFACE:
708 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
709 password_context.ui_method = (UI_METHOD *)p;
710 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
711 break;
712 case ENGINE_CTRL_SET_CALLBACK_DATA:
713 case HWCRHK_CMD_SET_CALLBACK_DATA:
714 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
715 password_context.callback_data = p;
716 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
717 break;
718 /* this enables or disables the "SimpleForkCheck" flag used in the
719 * initialisation structure. */
720 case ENGINE_CTRL_CHIL_SET_FORKCHECK:
721 case HWCRHK_CMD_FORK_CHECK:
722 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
723 if(i)
724 hwcrhk_globals.flags |=
725 HWCryptoHook_InitFlags_SimpleForkCheck;
726 else
727 hwcrhk_globals.flags &=
728 ~HWCryptoHook_InitFlags_SimpleForkCheck;
729 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
730 break;
731 /* This will prevent the initialisation function from "installing"
732 * the mutex-handling callbacks, even if they are available from
733 * within the library (or were provided to the library from the
734 * calling application). This is to remove any baggage for
735 * applications not using multithreading. */
736 case ENGINE_CTRL_CHIL_NO_LOCKING:
737 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
738 disable_mutex_callbacks = 1;
739 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
740 break;
741 case HWCRHK_CMD_THREAD_LOCKING:
742 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
743 disable_mutex_callbacks = ((i == 0) ? 0 : 1);
744 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
745 break;
746
747 /* The command isn't understood by this engine */
748 default:
749 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
750 HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
751 to_return = 0;
752 break;
753 }
754
755 return to_return;
756 }
757
758static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
759 UI_METHOD *ui_method, void *callback_data)
760 {
761#ifndef OPENSSL_NO_RSA
762 RSA *rtmp = NULL;
763#endif
764 EVP_PKEY *res = NULL;
765#ifndef OPENSSL_NO_RSA
766 HWCryptoHook_MPI e, n;
767 HWCryptoHook_RSAKeyHandle *hptr;
768#endif
769#if !defined(OPENSSL_NO_RSA)
770 char tempbuf[1024];
771 HWCryptoHook_ErrMsgBuf rmsg;
772#endif
773 HWCryptoHook_PassphraseContext ppctx;
774
775#if !defined(OPENSSL_NO_RSA)
776 rmsg.buf = tempbuf;
777 rmsg.size = sizeof(tempbuf);
778#endif
779
780 if(!hwcrhk_context)
781 {
782 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
783 HWCRHK_R_NOT_INITIALISED);
784 goto err;
785 }
786#ifndef OPENSSL_NO_RSA
787 hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
788 if (!hptr)
789 {
790 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
791 ERR_R_MALLOC_FAILURE);
792 goto err;
793 }
794 ppctx.ui_method = ui_method;
795 ppctx.callback_data = callback_data;
796 if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
797 &rmsg, &ppctx))
798 {
799 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
800 HWCRHK_R_CHIL_ERROR);
801 ERR_add_error_data(1,rmsg.buf);
802 goto err;
803 }
804 if (!*hptr)
805 {
806 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
807 HWCRHK_R_NO_KEY);
808 goto err;
809 }
810#endif
811#ifndef OPENSSL_NO_RSA
812 rtmp = RSA_new_method(eng);
813 RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
814 rtmp->e = BN_new();
815 rtmp->n = BN_new();
816 rtmp->flags |= RSA_FLAG_EXT_PKEY;
817 MPI2BN(rtmp->e, e);
818 MPI2BN(rtmp->n, n);
819 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
820 != HWCRYPTOHOOK_ERROR_MPISIZE)
821 {
822 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
823 ERR_add_error_data(1,rmsg.buf);
824 goto err;
825 }
826
827 bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
828 bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
829 MPI2BN(rtmp->e, e);
830 MPI2BN(rtmp->n, n);
831
832 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
833 {
834 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
835 HWCRHK_R_CHIL_ERROR);
836 ERR_add_error_data(1,rmsg.buf);
837 goto err;
838 }
839 rtmp->e->top = e.size / sizeof(BN_ULONG);
840 bn_fix_top(rtmp->e);
841 rtmp->n->top = n.size / sizeof(BN_ULONG);
842 bn_fix_top(rtmp->n);
843
844 res = EVP_PKEY_new();
845 EVP_PKEY_assign_RSA(res, rtmp);
846#endif
847
848 if (!res)
849 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
850 HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
851
852 return res;
853 err:
854 if (res)
855 EVP_PKEY_free(res);
856#ifndef OPENSSL_NO_RSA
857 if (rtmp)
858 RSA_free(rtmp);
859#endif
860 return NULL;
861 }
862
863static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
864 UI_METHOD *ui_method, void *callback_data)
865 {
866 EVP_PKEY *res = NULL;
867
868#ifndef OPENSSL_NO_RSA
869 res = hwcrhk_load_privkey(eng, key_id,
870 ui_method, callback_data);
871#endif
872
873 if (res)
874 switch(res->type)
875 {
876#ifndef OPENSSL_NO_RSA
877 case EVP_PKEY_RSA:
878 {
879 RSA *rsa = NULL;
880
881 CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
882 rsa = res->pkey.rsa;
883 res->pkey.rsa = RSA_new();
884 res->pkey.rsa->n = rsa->n;
885 res->pkey.rsa->e = rsa->e;
886 rsa->n = NULL;
887 rsa->e = NULL;
888 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
889 RSA_free(rsa);
890 }
891 break;
892#endif
893 default:
894 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
895 HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
896 goto err;
897 }
898
899 return res;
900 err:
901 if (res)
902 EVP_PKEY_free(res);
903 return NULL;
904 }
905
906/* A little mod_exp */
907static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
908 const BIGNUM *m, BN_CTX *ctx)
909 {
910 char tempbuf[1024];
911 HWCryptoHook_ErrMsgBuf rmsg;
912 /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
913 we use them directly, plus a little macro magic. We only
914 thing we need to make sure of is that enough space is allocated. */
915 HWCryptoHook_MPI m_a, m_p, m_n, m_r;
916 int to_return, ret;
917
918 to_return = 0; /* expect failure */
919 rmsg.buf = tempbuf;
920 rmsg.size = sizeof(tempbuf);
921
922 if(!hwcrhk_context)
923 {
924 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
925 goto err;
926 }
927 /* Prepare the params */
928 bn_expand2(r, m->top); /* Check for error !! */
929 BN2MPI(m_a, a);
930 BN2MPI(m_p, p);
931 BN2MPI(m_n, m);
932 MPI2BN(r, m_r);
933
934 /* Perform the operation */
935 ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
936
937 /* Convert the response */
938 r->top = m_r.size / sizeof(BN_ULONG);
939 bn_fix_top(r);
940
941 if (ret < 0)
942 {
943 /* FIXME: When this error is returned, HWCryptoHook is
944 telling us that falling back to software computation
945 might be a good thing. */
946 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
947 {
948 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
949 }
950 else
951 {
952 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
953 }
954 ERR_add_error_data(1,rmsg.buf);
955 goto err;
956 }
957
958 to_return = 1;
959err:
960 return to_return;
961 }
962
963#ifndef OPENSSL_NO_RSA
964static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
965 {
966 char tempbuf[1024];
967 HWCryptoHook_ErrMsgBuf rmsg;
968 HWCryptoHook_RSAKeyHandle *hptr;
969 int to_return = 0, ret;
970
971 rmsg.buf = tempbuf;
972 rmsg.size = sizeof(tempbuf);
973
974 if(!hwcrhk_context)
975 {
976 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
977 goto err;
978 }
979
980 /* This provides support for nForce keys. Since that's opaque data
981 all we do is provide a handle to the proper key and let HWCryptoHook
982 take care of the rest. */
983 if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
984 != NULL)
985 {
986 HWCryptoHook_MPI m_a, m_r;
987
988 if(!rsa->n)
989 {
990 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
991 HWCRHK_R_MISSING_KEY_COMPONENTS);
992 goto err;
993 }
994
995 /* Prepare the params */
996 bn_expand2(r, rsa->n->top); /* Check for error !! */
997 BN2MPI(m_a, I);
998 MPI2BN(r, m_r);
999
1000 /* Perform the operation */
1001 ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
1002
1003 /* Convert the response */
1004 r->top = m_r.size / sizeof(BN_ULONG);
1005 bn_fix_top(r);
1006
1007 if (ret < 0)
1008 {
1009 /* FIXME: When this error is returned, HWCryptoHook is
1010 telling us that falling back to software computation
1011 might be a good thing. */
1012 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
1013 {
1014 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1015 HWCRHK_R_REQUEST_FALLBACK);
1016 }
1017 else
1018 {
1019 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1020 HWCRHK_R_REQUEST_FAILED);
1021 }
1022 ERR_add_error_data(1,rmsg.buf);
1023 goto err;
1024 }
1025 }
1026 else
1027 {
1028 HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
1029
1030 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
1031 {
1032 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1033 HWCRHK_R_MISSING_KEY_COMPONENTS);
1034 goto err;
1035 }
1036
1037 /* Prepare the params */
1038 bn_expand2(r, rsa->n->top); /* Check for error !! */
1039 BN2MPI(m_a, I);
1040 BN2MPI(m_p, rsa->p);
1041 BN2MPI(m_q, rsa->q);
1042 BN2MPI(m_dmp1, rsa->dmp1);
1043 BN2MPI(m_dmq1, rsa->dmq1);
1044 BN2MPI(m_iqmp, rsa->iqmp);
1045 MPI2BN(r, m_r);
1046
1047 /* Perform the operation */
1048 ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
1049 m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
1050
1051 /* Convert the response */
1052 r->top = m_r.size / sizeof(BN_ULONG);
1053 bn_fix_top(r);
1054
1055 if (ret < 0)
1056 {
1057 /* FIXME: When this error is returned, HWCryptoHook is
1058 telling us that falling back to software computation
1059 might be a good thing. */
1060 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
1061 {
1062 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1063 HWCRHK_R_REQUEST_FALLBACK);
1064 }
1065 else
1066 {
1067 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1068 HWCRHK_R_REQUEST_FAILED);
1069 }
1070 ERR_add_error_data(1,rmsg.buf);
1071 goto err;
1072 }
1073 }
1074 /* If we're here, we must be here with some semblance of success :-) */
1075 to_return = 1;
1076err:
1077 return to_return;
1078 }
1079#endif
1080
1081/* This function is aliased to mod_exp (with the mont stuff dropped). */
1082static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1083 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1084 {
1085 return hwcrhk_mod_exp(r, a, p, m, ctx);
1086 }
1087
1088#ifndef OPENSSL_NO_DH
1089/* This function is aliased to mod_exp (with the dh and mont dropped). */
1090static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
1091 const BIGNUM *a, const BIGNUM *p,
1092 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1093 {
1094 return hwcrhk_mod_exp(r, a, p, m, ctx);
1095 }
1096#endif
1097
1098/* Random bytes are good */
1099static int hwcrhk_rand_bytes(unsigned char *buf, int num)
1100 {
1101 char tempbuf[1024];
1102 HWCryptoHook_ErrMsgBuf rmsg;
1103 int to_return = 0; /* assume failure */
1104 int ret;
1105
1106 rmsg.buf = tempbuf;
1107 rmsg.size = sizeof(tempbuf);
1108
1109 if(!hwcrhk_context)
1110 {
1111 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
1112 goto err;
1113 }
1114
1115 ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
1116 if (ret < 0)
1117 {
1118 /* FIXME: When this error is returned, HWCryptoHook is
1119 telling us that falling back to software computation
1120 might be a good thing. */
1121 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
1122 {
1123 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
1124 HWCRHK_R_REQUEST_FALLBACK);
1125 }
1126 else
1127 {
1128 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
1129 HWCRHK_R_REQUEST_FAILED);
1130 }
1131 ERR_add_error_data(1,rmsg.buf);
1132 goto err;
1133 }
1134 to_return = 1;
1135 err:
1136 return to_return;
1137 }
1138
1139static int hwcrhk_rand_status(void)
1140 {
1141 return 1;
1142 }
1143
1144/* This cleans up an RSA KM key, called when ex_data is freed */
1145
1146static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
1147 int ind,long argl, void *argp)
1148{
1149 char tempbuf[1024];
1150 HWCryptoHook_ErrMsgBuf rmsg;
1151#ifndef OPENSSL_NO_RSA
1152 HWCryptoHook_RSAKeyHandle *hptr;
1153#endif
1154#if !defined(OPENSSL_NO_RSA)
1155 int ret;
1156#endif
1157
1158 rmsg.buf = tempbuf;
1159 rmsg.size = sizeof(tempbuf);
1160
1161#ifndef OPENSSL_NO_RSA
1162 hptr = (HWCryptoHook_RSAKeyHandle *) item;
1163 if(hptr)
1164 {
1165 ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
1166 OPENSSL_free(hptr);
1167 }
1168#endif
1169}
1170
1171/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
1172 * these just wrap the POSIX functions and add some logging.
1173 */
1174
1175static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
1176 HWCryptoHook_CallerContext *cactx)
1177 {
1178 mt->lockid = CRYPTO_get_new_dynlockid();
1179 if (mt->lockid == 0)
1180 return 1; /* failure */
1181 return 0; /* success */
1182 }
1183
1184static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
1185 {
1186 CRYPTO_w_lock(mt->lockid);
1187 return 0;
1188 }
1189
1190static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
1191 {
1192 CRYPTO_w_unlock(mt->lockid);
1193 }
1194
1195static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
1196 {
1197 CRYPTO_destroy_dynlockid(mt->lockid);
1198 }
1199
1200/* Mutex upcalls to use if the application does not support dynamic locks */
1201
1202static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
1203 HWCryptoHook_CallerContext *c)
1204 {
1205 return 0;
1206 }
1207static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m)
1208 {
1209 CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK);
1210 return 0;
1211 }
1212static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m)
1213 {
1214 CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK);
1215 }
1216static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m)
1217 {
1218 }
1219
1220static int hwcrhk_get_pass(const char *prompt_info,
1221 int *len_io, char *buf,
1222 HWCryptoHook_PassphraseContext *ppctx,
1223 HWCryptoHook_CallerContext *cactx)
1224 {
1225 pem_password_cb *callback = NULL;
1226 void *callback_data = NULL;
1227 UI_METHOD *ui_method = NULL;
1228
1229 if (cactx)
1230 {
1231 if (cactx->ui_method)
1232 ui_method = cactx->ui_method;
1233 if (cactx->password_callback)
1234 callback = cactx->password_callback;
1235 if (cactx->callback_data)
1236 callback_data = cactx->callback_data;
1237 }
1238 if (ppctx)
1239 {
1240 if (ppctx->ui_method)
1241 {
1242 ui_method = ppctx->ui_method;
1243 callback = NULL;
1244 }
1245 if (ppctx->callback_data)
1246 callback_data = ppctx->callback_data;
1247 }
1248 if (callback == NULL && ui_method == NULL)
1249 {
1250 HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
1251 return -1;
1252 }
1253
1254 if (ui_method)
1255 {
1256 UI *ui = UI_new_method(ui_method);
1257 if (ui)
1258 {
1259 int ok;
1260 char *prompt = UI_construct_prompt(ui,
1261 "pass phrase", prompt_info);
1262
1263 ok = UI_add_input_string(ui,prompt,
1264 UI_INPUT_FLAG_DEFAULT_PWD,
1265 buf,0,(*len_io) - 1);
1266 UI_add_user_data(ui, callback_data);
1267 UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
1268
1269 if (ok >= 0)
1270 do
1271 {
1272 ok=UI_process(ui);
1273 }
1274 while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
1275
1276 if (ok >= 0)
1277 *len_io = strlen(buf);
1278
1279 UI_free(ui);
1280 OPENSSL_free(prompt);
1281 }
1282 }
1283 else
1284 {
1285 *len_io = callback(buf, *len_io, 0, callback_data);
1286 }
1287 if(!*len_io)
1288 return -1;
1289 return 0;
1290 }
1291
1292static int hwcrhk_insert_card(const char *prompt_info,
1293 const char *wrong_info,
1294 HWCryptoHook_PassphraseContext *ppctx,
1295 HWCryptoHook_CallerContext *cactx)
1296 {
1297 int ok = -1;
1298 UI *ui;
1299 void *callback_data = NULL;
1300 UI_METHOD *ui_method = NULL;
1301
1302 if (cactx)
1303 {
1304 if (cactx->ui_method)
1305 ui_method = cactx->ui_method;
1306 if (cactx->callback_data)
1307 callback_data = cactx->callback_data;
1308 }
1309 if (ppctx)
1310 {
1311 if (ppctx->ui_method)
1312 ui_method = ppctx->ui_method;
1313 if (ppctx->callback_data)
1314 callback_data = ppctx->callback_data;
1315 }
1316 if (ui_method == NULL)
1317 {
1318 HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
1319 HWCRHK_R_NO_CALLBACK);
1320 return -1;
1321 }
1322
1323 ui = UI_new_method(ui_method);
1324
1325 if (ui)
1326 {
1327 char answer;
1328 char buf[BUFSIZ];
1329
1330 if (wrong_info)
1331 BIO_snprintf(buf, sizeof(buf)-1,
1332 "Current card: \"%s\"\n", wrong_info);
1333 ok = UI_dup_info_string(ui, buf);
1334 if (ok >= 0 && prompt_info)
1335 {
1336 BIO_snprintf(buf, sizeof(buf)-1,
1337 "Insert card \"%s\"", prompt_info);
1338 ok = UI_dup_input_boolean(ui, buf,
1339 "\n then hit <enter> or C<enter> to cancel\n",
1340 "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
1341 }
1342 UI_add_user_data(ui, callback_data);
1343
1344 if (ok >= 0)
1345 ok = UI_process(ui);
1346 UI_free(ui);
1347
1348 if (ok == -2 || (ok >= 0 && answer == 'C'))
1349 ok = 1;
1350 else if (ok < 0)
1351 ok = -1;
1352 else
1353 ok = 0;
1354 }
1355 return ok;
1356 }
1357
1358static void hwcrhk_log_message(void *logstr, const char *message)
1359 {
1360 BIO *lstream = NULL;
1361
1362 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
1363 if (logstr)
1364 lstream=*(BIO **)logstr;
1365 if (lstream)
1366 {
1367 BIO_printf(lstream, "%s\n", message);
1368 }
1369 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
1370 }
1371
1372/* This stuff is needed if this ENGINE is being compiled into a self-contained
1373 * shared-library. */
1374#ifdef ENGINE_DYNAMIC_SUPPORT
1375static int bind_fn(ENGINE *e, const char *id)
1376 {
1377 if(id && (strcmp(id, engine_hwcrhk_id) != 0))
1378 return 0;
1379 if(!bind_helper(e))
1380 return 0;
1381 return 1;
1382 }
1383IMPLEMENT_DYNAMIC_CHECK_FN()
1384IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1385#endif /* ENGINE_DYNAMIC_SUPPORT */
1386
1387#endif /* !OPENSSL_NO_HW_NCIPHER */
1388#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c
new file mode 100644
index 0000000000..5bc94581b7
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.c
@@ -0,0 +1,157 @@
1/* hw_ncipher_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_ncipher_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA HWCRHK_str_functs[]=
68 {
69{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"},
70{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
71{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"},
72{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0), "HWCRHK_INIT"},
73{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0), "HWCRHK_INSERT_CARD"},
74{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"},
75{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"},
76{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
77{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"},
78{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0), "HWCRHK_RSA_MOD_EXP"},
79{0,NULL}
80 };
81
82static ERR_STRING_DATA HWCRHK_str_reasons[]=
83 {
84{HWCRHK_R_ALREADY_LOADED ,"already loaded"},
85{HWCRHK_R_BIO_WAS_FREED ,"bio was freed"},
86{HWCRHK_R_CHIL_ERROR ,"chil error"},
87{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
88{HWCRHK_R_DSO_FAILURE ,"dso failure"},
89{HWCRHK_R_DYNAMIC_LOCKING_MISSING ,"dynamic locking missing"},
90{HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"},
91{HWCRHK_R_NOT_INITIALISED ,"not initialised"},
92{HWCRHK_R_NOT_LOADED ,"not loaded"},
93{HWCRHK_R_NO_CALLBACK ,"no callback"},
94{HWCRHK_R_NO_KEY ,"no key"},
95{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
96{HWCRHK_R_REQUEST_FAILED ,"request failed"},
97{HWCRHK_R_REQUEST_FALLBACK ,"request fallback"},
98{HWCRHK_R_UNIT_FAILURE ,"unit failure"},
99{0,NULL}
100 };
101
102#endif
103
104#ifdef HWCRHK_LIB_NAME
105static ERR_STRING_DATA HWCRHK_lib_name[]=
106 {
107{0 ,HWCRHK_LIB_NAME},
108{0,NULL}
109 };
110#endif
111
112
113static int HWCRHK_lib_error_code=0;
114static int HWCRHK_error_init=1;
115
116static void ERR_load_HWCRHK_strings(void)
117 {
118 if (HWCRHK_lib_error_code == 0)
119 HWCRHK_lib_error_code=ERR_get_next_error_library();
120
121 if (HWCRHK_error_init)
122 {
123 HWCRHK_error_init=0;
124#ifndef OPENSSL_NO_ERR
125 ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
126 ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
127#endif
128
129#ifdef HWCRHK_LIB_NAME
130 HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
131 ERR_load_strings(0,HWCRHK_lib_name);
132#endif
133 }
134 }
135
136static void ERR_unload_HWCRHK_strings(void)
137 {
138 if (HWCRHK_error_init == 0)
139 {
140#ifndef OPENSSL_NO_ERR
141 ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
142 ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
143#endif
144
145#ifdef HWCRHK_LIB_NAME
146 ERR_unload_strings(0,HWCRHK_lib_name);
147#endif
148 HWCRHK_error_init=1;
149 }
150 }
151
152static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
153 {
154 if (HWCRHK_lib_error_code == 0)
155 HWCRHK_lib_error_code=ERR_get_next_error_library();
156 ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
157 }
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h
new file mode 100644
index 0000000000..d232d02319
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.h
@@ -0,0 +1,101 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_HWCRHK_ERR_H
56#define HEADER_HWCRHK_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_HWCRHK_strings(void);
63static void ERR_unload_HWCRHK_strings(void);
64static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
65#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the HWCRHK functions. */
68
69/* Function codes. */
70#define HWCRHK_F_HWCRHK_CTRL 100
71#define HWCRHK_F_HWCRHK_FINISH 101
72#define HWCRHK_F_HWCRHK_GET_PASS 102
73#define HWCRHK_F_HWCRHK_INIT 103
74#define HWCRHK_F_HWCRHK_INSERT_CARD 104
75#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105
76#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106
77#define HWCRHK_F_HWCRHK_MOD_EXP 107
78#define HWCRHK_F_HWCRHK_RAND_BYTES 108
79#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
80
81/* Reason codes. */
82#define HWCRHK_R_ALREADY_LOADED 100
83#define HWCRHK_R_BIO_WAS_FREED 101
84#define HWCRHK_R_CHIL_ERROR 102
85#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
86#define HWCRHK_R_DSO_FAILURE 104
87#define HWCRHK_R_DYNAMIC_LOCKING_MISSING 114
88#define HWCRHK_R_MISSING_KEY_COMPONENTS 105
89#define HWCRHK_R_NOT_INITIALISED 106
90#define HWCRHK_R_NOT_LOADED 107
91#define HWCRHK_R_NO_CALLBACK 108
92#define HWCRHK_R_NO_KEY 109
93#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110
94#define HWCRHK_R_REQUEST_FAILED 111
95#define HWCRHK_R_REQUEST_FALLBACK 112
96#define HWCRHK_R_UNIT_FAILURE 113
97
98#ifdef __cplusplus
99}
100#endif
101#endif
diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c
new file mode 100644
index 0000000000..fb9188bfe5
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron.c
@@ -0,0 +1,418 @@
1/* crypto/engine/hw_nuron.c */
2/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
3 * Thorpe's Atalla implementation.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/dso.h>
63#include <openssl/engine.h>
64
65
66#ifndef OPENSSL_NO_HW
67#ifndef OPENSSL_NO_HW_NURON
68
69#define NURON_LIB_NAME "nuron engine"
70#include "hw_nuron_err.c"
71
72static const char *NURON_LIBNAME = NULL;
73static const char *get_NURON_LIBNAME(void)
74 {
75 if(NURON_LIBNAME)
76 return NURON_LIBNAME;
77 return "nuronssl";
78 }
79static void free_NURON_LIBNAME(void)
80 {
81 if(NURON_LIBNAME)
82 OPENSSL_free((void*)NURON_LIBNAME);
83 NURON_LIBNAME = NULL;
84 }
85static long set_NURON_LIBNAME(const char *name)
86 {
87 free_NURON_LIBNAME();
88 return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
89 }
90static const char *NURON_F1 = "nuron_mod_exp";
91
92/* The definitions for control commands specific to this engine */
93#define NURON_CMD_SO_PATH ENGINE_CMD_BASE
94static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
95 {NURON_CMD_SO_PATH,
96 "SO_PATH",
97 "Specifies the path to the 'nuronssl' shared library",
98 ENGINE_CMD_FLAG_STRING},
99 {0, NULL, NULL, 0}
100 };
101
102typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
103static tfnModExp *pfnModExp = NULL;
104
105static DSO *pvDSOHandle = NULL;
106
107static int nuron_destroy(ENGINE *e)
108 {
109 free_NURON_LIBNAME();
110 ERR_unload_NURON_strings();
111 return 1;
112 }
113
114static int nuron_init(ENGINE *e)
115 {
116 if(pvDSOHandle != NULL)
117 {
118 NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
119 return 0;
120 }
121
122 pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
123 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
124 if(!pvDSOHandle)
125 {
126 NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
127 return 0;
128 }
129
130 pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
131 if(!pfnModExp)
132 {
133 NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
134 return 0;
135 }
136
137 return 1;
138 }
139
140static int nuron_finish(ENGINE *e)
141 {
142 free_NURON_LIBNAME();
143 if(pvDSOHandle == NULL)
144 {
145 NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
146 return 0;
147 }
148 if(!DSO_free(pvDSOHandle))
149 {
150 NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
151 return 0;
152 }
153 pvDSOHandle=NULL;
154 pfnModExp=NULL;
155 return 1;
156 }
157
158static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
159 {
160 int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
161 switch(cmd)
162 {
163 case NURON_CMD_SO_PATH:
164 if(p == NULL)
165 {
166 NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
167 return 0;
168 }
169 if(initialised)
170 {
171 NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
172 return 0;
173 }
174 return set_NURON_LIBNAME((const char *)p);
175 default:
176 break;
177 }
178 NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
179 return 0;
180}
181
182static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
183 const BIGNUM *m,BN_CTX *ctx)
184 {
185 if(!pvDSOHandle)
186 {
187 NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
188 return 0;
189 }
190 return pfnModExp(r,a,p,m);
191 }
192
193#ifndef OPENSSL_NO_RSA
194static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
195 {
196 return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
197 }
198#endif
199
200#ifndef OPENSSL_NO_DSA
201/* This code was liberated and adapted from the commented-out code in
202 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
203 * (it doesn't have a CRT form for RSA), this function means that an
204 * Atalla system running with a DSA server certificate can handshake
205 * around 5 or 6 times faster/more than an equivalent system running with
206 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
207 * of "openssl speed -engine atalla dsa1024 rsa1024". */
208static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
209 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
210 BN_CTX *ctx, BN_MONT_CTX *in_mont)
211 {
212 BIGNUM t;
213 int to_return = 0;
214
215 BN_init(&t);
216 /* let rr = a1 ^ p1 mod m */
217 if (!nuron_mod_exp(rr,a1,p1,m,ctx))
218 goto end;
219 /* let t = a2 ^ p2 mod m */
220 if (!nuron_mod_exp(&t,a2,p2,m,ctx))
221 goto end;
222 /* let rr = rr * t mod m */
223 if (!BN_mod_mul(rr,rr,&t,m,ctx))
224 goto end;
225 to_return = 1;
226end:
227 BN_free(&t);
228 return to_return;
229 }
230
231
232static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
233 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
234 BN_MONT_CTX *m_ctx)
235 {
236 return nuron_mod_exp(r, a, p, m, ctx);
237 }
238#endif
239
240/* This function is aliased to mod_exp (with the mont stuff dropped). */
241static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
242 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
243 {
244 return nuron_mod_exp(r, a, p, m, ctx);
245 }
246
247#ifndef OPENSSL_NO_DH
248/* This function is aliased to mod_exp (with the dh and mont dropped). */
249static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
250 const BIGNUM *a, const BIGNUM *p,
251 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
252 {
253 return nuron_mod_exp(r, a, p, m, ctx);
254 }
255#endif
256
257#ifndef OPENSSL_NO_RSA
258static RSA_METHOD nuron_rsa =
259 {
260 "Nuron RSA method",
261 NULL,
262 NULL,
263 NULL,
264 NULL,
265 nuron_rsa_mod_exp,
266 nuron_mod_exp_mont,
267 NULL,
268 NULL,
269 0,
270 NULL,
271 NULL,
272 NULL
273 };
274#endif
275
276#ifndef OPENSSL_NO_DSA
277static DSA_METHOD nuron_dsa =
278 {
279 "Nuron DSA method",
280 NULL, /* dsa_do_sign */
281 NULL, /* dsa_sign_setup */
282 NULL, /* dsa_do_verify */
283 nuron_dsa_mod_exp, /* dsa_mod_exp */
284 nuron_mod_exp_dsa, /* bn_mod_exp */
285 NULL, /* init */
286 NULL, /* finish */
287 0, /* flags */
288 NULL /* app_data */
289 };
290#endif
291
292#ifndef OPENSSL_NO_DH
293static DH_METHOD nuron_dh =
294 {
295 "Nuron DH method",
296 NULL,
297 NULL,
298 nuron_mod_exp_dh,
299 NULL,
300 NULL,
301 0,
302 NULL
303 };
304#endif
305
306/* Constants used when creating the ENGINE */
307static const char *engine_nuron_id = "nuron";
308static const char *engine_nuron_name = "Nuron hardware engine support";
309
310/* This internal function is used by ENGINE_nuron() and possibly by the
311 * "dynamic" ENGINE support too */
312static int bind_helper(ENGINE *e)
313 {
314#ifndef OPENSSL_NO_RSA
315 const RSA_METHOD *meth1;
316#endif
317#ifndef OPENSSL_NO_DSA
318 const DSA_METHOD *meth2;
319#endif
320#ifndef OPENSSL_NO_DH
321 const DH_METHOD *meth3;
322#endif
323 if(!ENGINE_set_id(e, engine_nuron_id) ||
324 !ENGINE_set_name(e, engine_nuron_name) ||
325#ifndef OPENSSL_NO_RSA
326 !ENGINE_set_RSA(e, &nuron_rsa) ||
327#endif
328#ifndef OPENSSL_NO_DSA
329 !ENGINE_set_DSA(e, &nuron_dsa) ||
330#endif
331#ifndef OPENSSL_NO_DH
332 !ENGINE_set_DH(e, &nuron_dh) ||
333#endif
334 !ENGINE_set_destroy_function(e, nuron_destroy) ||
335 !ENGINE_set_init_function(e, nuron_init) ||
336 !ENGINE_set_finish_function(e, nuron_finish) ||
337 !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
338 !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
339 return 0;
340
341#ifndef OPENSSL_NO_RSA
342 /* We know that the "PKCS1_SSLeay()" functions hook properly
343 * to the nuron-specific mod_exp and mod_exp_crt so we use
344 * those functions. NB: We don't use ENGINE_openssl() or
345 * anything "more generic" because something like the RSAref
346 * code may not hook properly, and if you own one of these
347 * cards then you have the right to do RSA operations on it
348 * anyway! */
349 meth1=RSA_PKCS1_SSLeay();
350 nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
351 nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
352 nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
353 nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
354#endif
355
356#ifndef OPENSSL_NO_DSA
357 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
358 * bits. */
359 meth2=DSA_OpenSSL();
360 nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
361 nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
362 nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
363#endif
364
365#ifndef OPENSSL_NO_DH
366 /* Much the same for Diffie-Hellman */
367 meth3=DH_OpenSSL();
368 nuron_dh.generate_key=meth3->generate_key;
369 nuron_dh.compute_key=meth3->compute_key;
370#endif
371
372 /* Ensure the nuron error handling is set up */
373 ERR_load_NURON_strings();
374 return 1;
375 }
376
377#ifndef ENGINE_DYNAMIC_SUPPORT
378static ENGINE *engine_nuron(void)
379 {
380 ENGINE *ret = ENGINE_new();
381 if(!ret)
382 return NULL;
383 if(!bind_helper(ret))
384 {
385 ENGINE_free(ret);
386 return NULL;
387 }
388 return ret;
389 }
390
391void ENGINE_load_nuron(void)
392 {
393 /* Copied from eng_[openssl|dyn].c */
394 ENGINE *toadd = engine_nuron();
395 if(!toadd) return;
396 ENGINE_add(toadd);
397 ENGINE_free(toadd);
398 ERR_clear_error();
399 }
400#endif
401
402/* This stuff is needed if this ENGINE is being compiled into a self-contained
403 * shared-library. */
404#ifdef ENGINE_DYNAMIC_SUPPORT
405static int bind_fn(ENGINE *e, const char *id)
406 {
407 if(id && (strcmp(id, engine_nuron_id) != 0))
408 return 0;
409 if(!bind_helper(e))
410 return 0;
411 return 1;
412 }
413IMPLEMENT_DYNAMIC_CHECK_FN()
414IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
415#endif /* ENGINE_DYNAMIC_SUPPORT */
416
417#endif /* !OPENSSL_NO_HW_NURON */
418#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.c b/src/lib/libcrypto/engine/hw_nuron_err.c
new file mode 100644
index 0000000000..df9d7bde76
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.c
@@ -0,0 +1,142 @@
1/* hw_nuron_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_nuron_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA NURON_str_functs[]=
68 {
69{ERR_PACK(0,NURON_F_NURON_CTRL,0), "NURON_CTRL"},
70{ERR_PACK(0,NURON_F_NURON_FINISH,0), "NURON_FINISH"},
71{ERR_PACK(0,NURON_F_NURON_INIT,0), "NURON_INIT"},
72{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"},
73{0,NULL}
74 };
75
76static ERR_STRING_DATA NURON_str_reasons[]=
77 {
78{NURON_R_ALREADY_LOADED ,"already loaded"},
79{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
80{NURON_R_DSO_FAILURE ,"dso failure"},
81{NURON_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"},
82{NURON_R_DSO_NOT_FOUND ,"dso not found"},
83{NURON_R_NOT_LOADED ,"not loaded"},
84{0,NULL}
85 };
86
87#endif
88
89#ifdef NURON_LIB_NAME
90static ERR_STRING_DATA NURON_lib_name[]=
91 {
92{0 ,NURON_LIB_NAME},
93{0,NULL}
94 };
95#endif
96
97
98static int NURON_lib_error_code=0;
99static int NURON_error_init=1;
100
101static void ERR_load_NURON_strings(void)
102 {
103 if (NURON_lib_error_code == 0)
104 NURON_lib_error_code=ERR_get_next_error_library();
105
106 if (NURON_error_init)
107 {
108 NURON_error_init=0;
109#ifndef OPENSSL_NO_ERR
110 ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
111 ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
112#endif
113
114#ifdef NURON_LIB_NAME
115 NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
116 ERR_load_strings(0,NURON_lib_name);
117#endif
118 }
119 }
120
121static void ERR_unload_NURON_strings(void)
122 {
123 if (NURON_error_init == 0)
124 {
125#ifndef OPENSSL_NO_ERR
126 ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
127 ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
128#endif
129
130#ifdef NURON_LIB_NAME
131 ERR_unload_strings(0,NURON_lib_name);
132#endif
133 NURON_error_init=1;
134 }
135 }
136
137static void ERR_NURON_error(int function, int reason, char *file, int line)
138 {
139 if (NURON_lib_error_code == 0)
140 NURON_lib_error_code=ERR_get_next_error_library();
141 ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
142 }
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.h b/src/lib/libcrypto/engine/hw_nuron_err.h
new file mode 100644
index 0000000000..a56bfdf303
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.h
@@ -0,0 +1,86 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_NURON_ERR_H
56#define HEADER_NURON_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_NURON_strings(void);
63static void ERR_unload_NURON_strings(void);
64static void ERR_NURON_error(int function, int reason, char *file, int line);
65#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the NURON functions. */
68
69/* Function codes. */
70#define NURON_F_NURON_CTRL 100
71#define NURON_F_NURON_FINISH 101
72#define NURON_F_NURON_INIT 102
73#define NURON_F_NURON_MOD_EXP 103
74
75/* Reason codes. */
76#define NURON_R_ALREADY_LOADED 100
77#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
78#define NURON_R_DSO_FAILURE 102
79#define NURON_R_DSO_FUNCTION_NOT_FOUND 103
80#define NURON_R_DSO_NOT_FOUND 104
81#define NURON_R_NOT_LOADED 105
82
83#ifdef __cplusplus
84}
85#endif
86#endif
diff --git a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
deleted file mode 100644
index b8aab545db..0000000000
--- a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
+++ /dev/null
@@ -1,594 +0,0 @@
1/* Written by Ben Laurie <ben@algroup.co.uk> August 2001 */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/engine.h>
57#include <openssl/evp.h>
58#include "eng_int.h"
59/* Maybe this is needed? ... */
60#ifdef FLAT_INC
61#include "evp_locl.h"
62#else
63#include "../evp/evp_locl.h"
64#endif
65#include <openssl/conf.h>
66
67#ifndef OPENSSL_OPENBSD_DEV_CRYPTO
68
69void ENGINE_load_openbsd_dev_crypto(void)
70 {
71 /* This is a NOP unless OPENSSL_OPENBSD_DEV_CRYPTO is defined */
72 return;
73 }
74
75#else /* OPENSSL_OPENBSD_DEV_CRYPTO */
76
77#include <fcntl.h>
78#include <stdio.h>
79#include <errno.h>
80#include <assert.h>
81#include <unistd.h>
82#include <sys/ioctl.h>
83
84#include <crypto/cryptodev.h>
85
86/****************************************************/
87/* Declare the normal generic ENGINE stuff here ... */
88
89static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
90 const int **nids, int nid);
91static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
92 const int **nids, int nid);
93
94static const char dev_crypto_id[] = "openbsd_dev_crypto";
95static const char dev_crypto_name[] = "OpenBSD /dev/crypto";
96
97static long allow_misaligned;
98
99#define DEV_CRYPTO_CMD_ALLOW_MISALIGNED ENGINE_CMD_BASE
100static const ENGINE_CMD_DEFN dev_crypto_cmd_defns[]=
101 {
102 { DEV_CRYPTO_CMD_ALLOW_MISALIGNED,
103 "allow_misaligned",
104 "Permit misaligned data to be used",
105 ENGINE_CMD_FLAG_NUMERIC },
106 { 0, NULL, NULL, 0 }
107 };
108
109static int dev_crypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
110 {
111 switch(cmd)
112 {
113 case DEV_CRYPTO_CMD_ALLOW_MISALIGNED:
114 allow_misaligned=i;
115 printf("allow misaligned=%ld\n",allow_misaligned);
116 break;
117 }
118
119 return 1;
120 }
121
122static ENGINE *engine_openbsd_dev_crypto(void)
123 {
124 ENGINE *engine=ENGINE_new();
125
126 if(!ENGINE_set_id(engine, dev_crypto_id) ||
127 !ENGINE_set_name(engine, dev_crypto_name) ||
128 !ENGINE_set_ciphers(engine, dev_crypto_ciphers) ||
129 !ENGINE_set_digests(engine, dev_crypto_digests) ||
130 !ENGINE_set_ctrl_function(engine, dev_crypto_ctrl) ||
131 !ENGINE_set_cmd_defns(engine, dev_crypto_cmd_defns))
132 {
133 ENGINE_free(engine);
134 return NULL;
135 }
136
137 return engine;
138 }
139
140void ENGINE_load_openbsd_dev_crypto(void)
141 {
142 /* Copied from eng_[openssl|dyn].c */
143 ENGINE *toadd = engine_openbsd_dev_crypto();
144 if(!toadd) return;
145 ENGINE_add(toadd);
146 ENGINE_free(toadd);
147 ERR_clear_error();
148 }
149
150/******************************************************************************/
151/* Clip in the stuff from crypto/evp/openbsd_hw.c here. NB: What has changed? */
152/* I've removed the exposed EVP_*** functions, they're accessed through the */
153/* "dev_crypto_[ciphers|digests]" handlers. I've also moved the EVP_CIPHER */
154/* and EVP_MD structures to the bottom where they are close to the handlers */
155/* that expose them. What should be done? The global data (file-descriptors, */
156/* etc) should be put into ENGINE's ex_data support, and per-context data */
157/* (also file-descriptors perhaps) should be put into the contexts. Also code */
158/* formatting, fprintf statements, and OpenSSL-style error handling should be */
159/* added (dynamically, like the other ENGINEs). Also, "dynamic" support */
160/* be added to this ENGINE once it's up and running so that it could be built */
161/* as a shared-library. What else? device initialisation should take place */
162/* inside an ENGINE 'init()' handler (and likewise 'finish()'). ciphers and */
163/* digests won't be used by the framework unless the ENGINE has been */
164/* successfully initialised (that's one of the things you get for free) so */
165/* initialisation, including returning failure if device setup fails, can be */
166/* handled quite cleanly. This could presumably handle the opening (and then */
167/* closing inside 'finish()') of the 'cryptodev_fd' file-descriptor). */
168
169/* longest key supported in hardware */
170#define MAX_HW_KEY 24
171#define MAX_HW_IV 8
172
173#define MD5_DIGEST_LENGTH 16
174#define MD5_CBLOCK 64
175
176static int fd;
177static int dev_failed;
178
179typedef struct session_op session_op;
180
181#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
182
183static void err(const char *str)
184 {
185 fprintf(stderr,"%s: errno %d\n",str,errno);
186 }
187
188static int dev_crypto_init(session_op *ses)
189 {
190 if(dev_failed)
191 return 0;
192 if(!fd)
193 {
194 int cryptodev_fd;
195
196 if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
197 {
198 err("/dev/crypto");
199 dev_failed=1;
200 return 0;
201 }
202 if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
203 {
204 err("CRIOGET failed");
205 close(cryptodev_fd);
206 dev_failed=1;
207 return 0;
208 }
209 close(cryptodev_fd);
210 }
211 assert(ses);
212 memset(ses,'\0',sizeof *ses);
213
214 return 1;
215 }
216
217static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
218 {
219 fprintf(stderr,"cleanup %d\n",CDATA(ctx)->ses);
220 if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
221 err("CIOCFSESSION failed");
222
223 OPENSSL_free(CDATA(ctx)->key);
224
225 return 1;
226 }
227
228static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
229 const unsigned char *key,int klen)
230 {
231 if(!dev_crypto_init(CDATA(ctx)))
232 return 0;
233
234 CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
235
236 assert(ctx->cipher->iv_len <= MAX_HW_IV);
237
238 memcpy(CDATA(ctx)->key,key,klen);
239
240 CDATA(ctx)->cipher=cipher;
241 CDATA(ctx)->keylen=klen;
242
243 if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
244 {
245 err("CIOCGSESSION failed");
246 return 0;
247 }
248 return 1;
249 }
250
251static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
252 const unsigned char *in,unsigned int inl)
253 {
254 struct crypt_op cryp;
255 unsigned char lb[MAX_HW_IV];
256
257 if(!inl)
258 return 1;
259
260 assert(CDATA(ctx));
261 assert(!dev_failed);
262
263 memset(&cryp,'\0',sizeof cryp);
264 cryp.ses=CDATA(ctx)->ses;
265 cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
266 cryp.flags=0;
267 cryp.len=inl;
268 assert((inl&(ctx->cipher->block_size-1)) == 0);
269 cryp.src=(caddr_t)in;
270 cryp.dst=(caddr_t)out;
271 cryp.mac=0;
272 if(ctx->cipher->iv_len)
273 cryp.iv=(caddr_t)ctx->iv;
274
275 if(!ctx->encrypt)
276 memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
277
278 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
279 {
280 if(errno == EINVAL) /* buffers are misaligned */
281 {
282 unsigned int cinl=0;
283 char *cin=NULL;
284 char *cout=NULL;
285
286 /* NB: this can only make cinl != inl with stream ciphers */
287 cinl=(inl+3)/4*4;
288
289 if(((unsigned long)in&3) || cinl != inl)
290 {
291 cin=OPENSSL_malloc(cinl);
292 memcpy(cin,in,inl);
293 cryp.src=cin;
294 }
295
296 if(((unsigned long)out&3) || cinl != inl)
297 {
298 cout=OPENSSL_malloc(cinl);
299 cryp.dst=cout;
300 }
301
302 cryp.len=cinl;
303
304 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
305 {
306 err("CIOCCRYPT(2) failed");
307 printf("src=%p dst=%p\n",cryp.src,cryp.dst);
308 abort();
309 return 0;
310 }
311
312 if(cout)
313 {
314 memcpy(out,cout,inl);
315 OPENSSL_free(cout);
316 }
317 if(cin)
318 OPENSSL_free(cin);
319 }
320 else
321 {
322 err("CIOCCRYPT failed");
323 abort();
324 return 0;
325 }
326 }
327
328 if(ctx->encrypt)
329 memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
330 else
331 memcpy(ctx->iv,lb,ctx->cipher->iv_len);
332
333 return 1;
334 }
335
336static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
337 const unsigned char *key,
338 const unsigned char *iv, int enc)
339 { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
340
341static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
342 const unsigned char *key,
343 const unsigned char *iv, int enc)
344 { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
345
346typedef struct
347 {
348 session_op sess;
349 char *data;
350 int len;
351 unsigned char md[EVP_MAX_MD_SIZE];
352 } MD_DATA;
353
354static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
355 {
356 if(!dev_crypto_init(&md_data->sess))
357 return 0;
358
359 md_data->len=0;
360 md_data->data=NULL;
361
362 md_data->sess.mac=mac;
363
364 if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
365 {
366 err("CIOCGSESSION failed");
367 return 0;
368 }
369 fprintf(stderr,"opened %d\n",md_data->sess.ses);
370 return 1;
371 }
372
373static int dev_crypto_cleanup_digest(MD_DATA *md_data)
374 {
375 fprintf(stderr,"cleanup %d\n",md_data->sess.ses);
376 if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
377 {
378 err("CIOCFSESSION failed");
379 return 0;
380 }
381
382 return 1;
383 }
384
385/* FIXME: if device can do chained MACs, then don't accumulate */
386/* FIXME: move accumulation to the framework */
387static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
388 { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
389
390static int do_digest(int ses,unsigned char *md,const void *data,int len)
391 {
392 struct crypt_op cryp;
393 static unsigned char md5zero[16]=
394 {
395 0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
396 0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
397 };
398
399 /* some cards can't do zero length */
400 if(!len)
401 {
402 memcpy(md,md5zero,16);
403 return 1;
404 }
405
406 memset(&cryp,'\0',sizeof cryp);
407 cryp.ses=ses;
408 cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
409 cryp.len=len;
410 cryp.src=(caddr_t)data;
411 cryp.dst=(caddr_t)data; /* FIXME!!! */
412 cryp.mac=(caddr_t)md;
413
414 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
415 {
416 if(errno == EINVAL && allow_misaligned) /* buffer is misaligned */
417 {
418 char *dcopy;
419
420 dcopy=OPENSSL_malloc(len);
421 memcpy(dcopy,data,len);
422 cryp.src=dcopy;
423 cryp.dst=cryp.src; /* FIXME!!! */
424
425 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
426 {
427 err("CIOCCRYPT(MAC2) failed");
428 abort();
429 return 0;
430 }
431 OPENSSL_free(dcopy);
432 }
433 else
434 {
435 err("CIOCCRYPT(MAC) failed");
436 abort();
437 return 0;
438 }
439 }
440 /* printf("done\n"); */
441
442 return 1;
443 }
444
445static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
446 unsigned long len)
447 {
448 MD_DATA *md_data=ctx->md_data;
449
450 if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
451 return do_digest(md_data->sess.ses,md_data->md,data,len);
452
453 md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
454 memcpy(md_data->data+md_data->len,data,len);
455 md_data->len+=len;
456
457 return 1;
458 }
459
460static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
461 {
462 int ret;
463 MD_DATA *md_data=ctx->md_data;
464
465 if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
466 {
467 memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
468 ret=1;
469 }
470 else
471 {
472 ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
473 OPENSSL_free(md_data->data);
474 md_data->data=NULL;
475 md_data->len=0;
476 }
477
478 return ret;
479 }
480
481static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
482 {
483 const MD_DATA *from_md=from->md_data;
484 MD_DATA *to_md=to->md_data;
485
486 /* How do we copy sessions? */
487 assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
488
489 to_md->data=OPENSSL_malloc(from_md->len);
490 memcpy(to_md->data,from_md->data,from_md->len);
491
492 return 1;
493 }
494
495static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
496 {
497 return dev_crypto_cleanup_digest(ctx->md_data);
498 }
499
500/**************************************************************************/
501/* Here are the moved declarations of the EVP_CIPHER and EVP_MD */
502/* implementations. They're down here to be within easy editor-distance */
503/* of the digests and ciphers handler functions. */
504
505#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
506
507BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
508 0, dev_crypto_des_ede3_init_key,
509 dev_crypto_cleanup,
510 EVP_CIPHER_set_asn1_iv,
511 EVP_CIPHER_get_asn1_iv,
512 NULL)
513
514static const EVP_CIPHER r4_cipher=
515 {
516 NID_rc4,
517 1,16,0, /* FIXME: key should be up to 256 bytes */
518 EVP_CIPH_VARIABLE_LENGTH,
519 dev_crypto_rc4_init_key,
520 dev_crypto_cipher,
521 dev_crypto_cleanup,
522 sizeof(session_op),
523 NULL,
524 NULL,
525 NULL
526 };
527
528static const EVP_MD md5_md=
529 {
530 NID_md5,
531 NID_md5WithRSAEncryption,
532 MD5_DIGEST_LENGTH,
533 EVP_MD_FLAG_ONESHOT, /* XXX: set according to device info... */
534 dev_crypto_md5_init,
535 dev_crypto_md5_update,
536 dev_crypto_md5_final,
537 dev_crypto_md5_copy,
538 dev_crypto_md5_cleanup,
539 EVP_PKEY_RSA_method,
540 MD5_CBLOCK,
541 sizeof(MD_DATA),
542 };
543
544/****************************************************************/
545/* Implement the dev_crypto_[ciphers|digests] handlers here ... */
546
547static int cipher_nids[] = {NID_des_ede3_cbc, NID_rc4};
548static int cipher_nids_num = 2;
549static int digest_nids[] = {NID_md5};
550static int digest_nids_num = 1;
551
552static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
553 const int **nids, int nid)
554 {
555 if(!cipher)
556 {
557 /* We are returning a list of supported nids */
558 *nids = cipher_nids;
559 return cipher_nids_num;
560 }
561 /* We are being asked for a specific cipher */
562 if(nid == NID_rc4)
563 *cipher = &r4_cipher;
564 else if(nid == NID_des_ede3_cbc)
565 *cipher = &dev_crypto_des_ede3_cbc;
566 else
567 {
568 *cipher = NULL;
569 return 0;
570 }
571 return 1;
572 }
573
574static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
575 const int **nids, int nid)
576 {
577 if(!digest)
578 {
579 /* We are returning a list of supported nids */
580 *nids = digest_nids;
581 return digest_nids_num;
582 }
583 /* We are being asked for a specific digest */
584 if(nid == NID_md5)
585 *digest = &md5_md;
586 else
587 {
588 *digest = NULL;
589 return 0;
590 }
591 return 1;
592 }
593
594#endif /* OPENSSL_OPENBSD_DEV_CRYPTO */
diff --git a/src/lib/libcrypto/engine/hw_sureware.c b/src/lib/libcrypto/engine/hw_sureware.c
new file mode 100644
index 0000000000..fca467e690
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware.c
@@ -0,0 +1,1039 @@
1/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
2*
3*
4* Redistribution and use in source and binary forms, with or without
5* modification, are permitted provided that the following conditions
6* are met:
7*
8* 1. Redistributions of source code must retain the above copyright
9* notice, this list of conditions and the following disclaimer.
10*
11* 2. Redistributions in binary form must reproduce the above copyright
12* notice, this list of conditions and the following disclaimer in
13* the documentation and/or other materials provided with the
14* distribution.
15*
16* 3. All advertising materials mentioning features or use of this
17* software must display the following acknowledgment:
18* "This product includes software developed by the OpenSSL Project
19* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20*
21* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22* endorse or promote products derived from this software without
23* prior written permission. For written permission, please contact
24* licensing@OpenSSL.org.
25*
26* 5. Products derived from this software may not be called "OpenSSL"
27* nor may "OpenSSL" appear in their names without prior written
28* permission of the OpenSSL Project.
29*
30* 6. Redistributions of any form whatsoever must retain the following
31* acknowledgment:
32* "This product includes software developed by the OpenSSL Project
33* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34*
35* Written by Corinne Dive-Reclus(cdive@baltimore.com)
36*
37* Copyright@2001 Baltimore Technologies Ltd.
38* All right Reserved.
39* *
40* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
41* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
42* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
43* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
44* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
45* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
46* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
47* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
48* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
49* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
50* SUCH DAMAGE. *
51====================================================================*/
52
53#include <stdio.h>
54#include "cryptlib.h"
55#include <openssl/crypto.h>
56#include <openssl/pem.h>
57#include <openssl/dso.h>
58#include "eng_int.h"
59#include "engine.h"
60#include <openssl/engine.h>
61
62#ifndef OPENSSL_NO_HW
63#ifndef OPENSSL_NO_HW_SUREWARE
64
65#ifdef FLAT_INC
66#include "sureware.h"
67#else
68#include "vendor_defns/sureware.h"
69#endif
70
71#define SUREWARE_LIB_NAME "sureware engine"
72#include "hw_sureware_err.c"
73
74static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
75static int surewarehk_destroy(ENGINE *e);
76static int surewarehk_init(ENGINE *e);
77static int surewarehk_finish(ENGINE *e);
78static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
79 const BIGNUM *m, BN_CTX *ctx);
80
81/* RSA stuff */
82static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
83 RSA *rsa,int padding);
84static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
85 RSA *rsa,int padding);
86
87/* RAND stuff */
88static int surewarehk_rand_bytes(unsigned char *buf, int num);
89static void surewarehk_rand_seed(const void *buf, int num);
90static void surewarehk_rand_add(const void *buf, int num, double entropy);
91
92/* KM stuff */
93static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
94 UI_METHOD *ui_method, void *callback_data);
95static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
96 UI_METHOD *ui_method, void *callback_data);
97static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
98 int idx,long argl, void *argp);
99#if 0
100static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
101 int idx,long argl, void *argp);
102#endif
103
104#ifndef OPENSSL_NO_RSA
105/* This function is aliased to mod_exp (with the mont stuff dropped). */
106static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
107 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
108{
109 return surewarehk_modexp(r, a, p, m, ctx);
110}
111
112/* Our internal RSA_METHOD that we provide pointers to */
113static RSA_METHOD surewarehk_rsa =
114 {
115 "SureWare RSA method",
116 NULL, /* pub_enc*/
117 NULL, /* pub_dec*/
118 surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
119 surewarehk_rsa_priv_dec, /* priv_dec*/
120 NULL, /*mod_exp*/
121 surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
122 NULL, /* init*/
123 NULL, /* finish*/
124 0, /* RSA flag*/
125 NULL,
126 NULL, /* OpenSSL sign*/
127 NULL /* OpenSSL verify*/
128 };
129#endif
130
131#ifndef OPENSSL_NO_DH
132/* Our internal DH_METHOD that we provide pointers to */
133/* This function is aliased to mod_exp (with the dh and mont dropped). */
134static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
135 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
136{
137 return surewarehk_modexp(r, a, p, m, ctx);
138}
139
140static DH_METHOD surewarehk_dh =
141 {
142 "SureWare DH method",
143 NULL,/*gen_key*/
144 NULL,/*agree,*/
145 surewarehk_modexp_dh, /*dh mod exp*/
146 NULL, /* init*/
147 NULL, /* finish*/
148 0, /* flags*/
149 NULL
150 };
151#endif
152
153static RAND_METHOD surewarehk_rand =
154 {
155 /* "SureWare RAND method", */
156 surewarehk_rand_seed,
157 surewarehk_rand_bytes,
158 NULL,/*cleanup*/
159 surewarehk_rand_add,
160 surewarehk_rand_bytes,
161 NULL,/*rand_status*/
162 };
163
164#ifndef OPENSSL_NO_DSA
165/* DSA stuff */
166static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
167static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
168 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
169 BN_CTX *ctx, BN_MONT_CTX *in_mont)
170{
171 BIGNUM t;
172 int to_return = 0;
173 BN_init(&t);
174 /* let rr = a1 ^ p1 mod m */
175 if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
176 /* let t = a2 ^ p2 mod m */
177 if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
178 /* let rr = rr * t mod m */
179 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
180 to_return = 1;
181end:
182 BN_free(&t);
183 return to_return;
184}
185
186static DSA_METHOD surewarehk_dsa =
187 {
188 "SureWare DSA method",
189 surewarehk_dsa_do_sign,
190 NULL,/*sign setup*/
191 NULL,/*verify,*/
192 surewarehk_dsa_mod_exp,/*mod exp*/
193 NULL,/*bn mod exp*/
194 NULL, /*init*/
195 NULL,/*finish*/
196 0,
197 NULL,
198 };
199#endif
200
201static const char *engine_sureware_id = "sureware";
202static const char *engine_sureware_name = "SureWare hardware engine support";
203
204/* Now, to our own code */
205
206/* As this is only ever called once, there's no need for locking
207 * (indeed - the lock will already be held by our caller!!!) */
208static int bind_sureware(ENGINE *e)
209{
210#ifndef OPENSSL_NO_RSA
211 const RSA_METHOD *meth1;
212#endif
213#ifndef OPENSSL_NO_DSA
214 const DSA_METHOD *meth2;
215#endif
216#ifndef OPENSSL_NO_DH
217 const DH_METHOD *meth3;
218#endif
219
220 if(!ENGINE_set_id(e, engine_sureware_id) ||
221 !ENGINE_set_name(e, engine_sureware_name) ||
222#ifndef OPENSSL_NO_RSA
223 !ENGINE_set_RSA(e, &surewarehk_rsa) ||
224#endif
225#ifndef OPENSSL_NO_DSA
226 !ENGINE_set_DSA(e, &surewarehk_dsa) ||
227#endif
228#ifndef OPENSSL_NO_DH
229 !ENGINE_set_DH(e, &surewarehk_dh) ||
230#endif
231 !ENGINE_set_RAND(e, &surewarehk_rand) ||
232 !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
233 !ENGINE_set_init_function(e, surewarehk_init) ||
234 !ENGINE_set_finish_function(e, surewarehk_finish) ||
235 !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
236 !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
237 !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
238 return 0;
239
240#ifndef OPENSSL_NO_RSA
241 /* We know that the "PKCS1_SSLeay()" functions hook properly
242 * to the cswift-specific mod_exp and mod_exp_crt so we use
243 * those functions. NB: We don't use ENGINE_openssl() or
244 * anything "more generic" because something like the RSAref
245 * code may not hook properly, and if you own one of these
246 * cards then you have the right to do RSA operations on it
247 * anyway! */
248 meth1 = RSA_PKCS1_SSLeay();
249 if (meth1)
250 {
251 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
252 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
253 }
254#endif
255
256#ifndef OPENSSL_NO_DSA
257 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
258 * bits. */
259 meth2 = DSA_OpenSSL();
260 if (meth2)
261 {
262 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
263 }
264#endif
265
266#ifndef OPENSSL_NO_DH
267 /* Much the same for Diffie-Hellman */
268 meth3 = DH_OpenSSL();
269 if (meth3)
270 {
271 surewarehk_dh.generate_key = meth3->generate_key;
272 surewarehk_dh.compute_key = meth3->compute_key;
273 }
274#endif
275
276 /* Ensure the sureware error handling is set up */
277 ERR_load_SUREWARE_strings();
278 return 1;
279}
280
281#ifdef ENGINE_DYNAMIC_SUPPORT
282static int bind_helper(ENGINE *e, const char *id)
283 {
284 if(id && (strcmp(id, engine_sureware_id) != 0))
285 return 0;
286 if(!bind_sureware(e))
287 return 0;
288 return 1;
289 }
290IMPLEMENT_DYNAMIC_CHECK_FN()
291IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
292#else
293static ENGINE *engine_sureware(void)
294 {
295 ENGINE *ret = ENGINE_new();
296 if(!ret)
297 return NULL;
298 if(!bind_sureware(ret))
299 {
300 ENGINE_free(ret);
301 return NULL;
302 }
303 return ret;
304 }
305
306void ENGINE_load_sureware(void)
307 {
308 /* Copied from eng_[openssl|dyn].c */
309 ENGINE *toadd = engine_sureware();
310 if(!toadd) return;
311 ENGINE_add(toadd);
312 ENGINE_free(toadd);
313 ERR_clear_error();
314 }
315#endif
316
317/* This is a process-global DSO handle used for loading and unloading
318 * the SureWareHook library. NB: This is only set (or unset) during an
319 * init() or finish() call (reference counts permitting) and they're
320 * operating with global locks, so this should be thread-safe
321 * implicitly. */
322static DSO *surewarehk_dso = NULL;
323#ifndef OPENSSL_NO_RSA
324static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
325#endif
326#ifndef OPENSSL_NO_DSA
327static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
328#endif
329
330/* These are the function pointers that are (un)set when the library has
331 * successfully (un)loaded. */
332static SureWareHook_Init_t *p_surewarehk_Init = NULL;
333static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
334static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
335static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
336static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
337static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
338static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
339static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
340static SureWareHook_Free_t *p_surewarehk_Free=NULL;
341static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
342static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
343static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
344static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
345
346/* Used in the DSO operations. */
347static const char *surewarehk_LIBNAME = "SureWareHook";
348static const char *n_surewarehk_Init = "SureWareHook_Init";
349static const char *n_surewarehk_Finish = "SureWareHook_Finish";
350static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
351static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
352static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
353static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
354static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
355static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
356static const char *n_surewarehk_Free="SureWareHook_Free";
357static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
358static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
359static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
360static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
361static BIO *logstream = NULL;
362
363/* SureWareHook library functions and mechanics - these are used by the
364 * higher-level functions further down. NB: As and where there's no
365 * error checking, take a look lower down where these functions are
366 * called, the checking and error handling is probably down there.
367*/
368static int threadsafe=1;
369static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
370{
371 int to_return = 1;
372
373 switch(cmd)
374 {
375 case ENGINE_CTRL_SET_LOGSTREAM:
376 {
377 BIO *bio = (BIO *)p;
378 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
379 if (logstream)
380 {
381 BIO_free(logstream);
382 logstream = NULL;
383 }
384 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
385 logstream = bio;
386 else
387 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
388 }
389 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
390 break;
391 /* This will prevent the initialisation function from "installing"
392 * the mutex-handling callbacks, even if they are available from
393 * within the library (or were provided to the library from the
394 * calling application). This is to remove any baggage for
395 * applications not using multithreading. */
396 case ENGINE_CTRL_CHIL_NO_LOCKING:
397 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
398 threadsafe = 0;
399 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
400 break;
401
402 /* The command isn't understood by this engine */
403 default:
404 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
405 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
406 to_return = 0;
407 break;
408 }
409
410 return to_return;
411}
412
413/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
414static int surewarehk_destroy(ENGINE *e)
415{
416 ERR_unload_SUREWARE_strings();
417 return 1;
418}
419
420/* (de)initialisation functions. */
421static int surewarehk_init(ENGINE *e)
422{
423 char msg[64]="ENGINE_init";
424 SureWareHook_Init_t *p1=NULL;
425 SureWareHook_Finish_t *p2=NULL;
426 SureWareHook_Rand_Bytes_t *p3=NULL;
427 SureWareHook_Rand_Seed_t *p4=NULL;
428 SureWareHook_Load_Privkey_t *p5=NULL;
429 SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
430 SureWareHook_Free_t *p7=NULL;
431 SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
432 SureWareHook_Rsa_Sign_t *p9=NULL;
433 SureWareHook_Dsa_Sign_t *p12=NULL;
434 SureWareHook_Info_Pubkey_t *p13=NULL;
435 SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
436 SureWareHook_Mod_Exp_t *p15=NULL;
437
438 if(surewarehk_dso != NULL)
439 {
440 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
441 goto err;
442 }
443 /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
444 surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
445 if(surewarehk_dso == NULL)
446 {
447 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
448 goto err;
449 }
450 if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
451 !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
452 !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
453 !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
454 !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
455 !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
456 !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
457 !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
458 !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
459 !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
460 !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
461 !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
462 !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
463 {
464 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
465 goto err;
466 }
467 /* Copy the pointers */
468 p_surewarehk_Init = p1;
469 p_surewarehk_Finish = p2;
470 p_surewarehk_Rand_Bytes = p3;
471 p_surewarehk_Rand_Seed = p4;
472 p_surewarehk_Load_Privkey = p5;
473 p_surewarehk_Load_Rsa_Pubkey = p6;
474 p_surewarehk_Free = p7;
475 p_surewarehk_Rsa_Priv_Dec = p8;
476 p_surewarehk_Rsa_Sign = p9;
477 p_surewarehk_Dsa_Sign = p12;
478 p_surewarehk_Info_Pubkey = p13;
479 p_surewarehk_Load_Dsa_Pubkey = p14;
480 p_surewarehk_Mod_Exp = p15;
481 /* Contact the hardware and initialises it. */
482 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
483 {
484 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
485 goto err;
486 }
487 if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
488 {
489 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
490 goto err;
491 }
492 /* try to load the default private key, if failed does not return a failure but
493 wait for an explicit ENGINE_load_privakey */
494 surewarehk_load_privkey(e,NULL,NULL,NULL);
495
496 /* Everything's fine. */
497#ifndef OPENSSL_NO_RSA
498 if (rsaHndidx == -1)
499 rsaHndidx = RSA_get_ex_new_index(0,
500 "SureWareHook RSA key handle",
501 NULL, NULL, surewarehk_ex_free);
502#endif
503#ifndef OPENSSL_NO_DSA
504 if (dsaHndidx == -1)
505 dsaHndidx = DSA_get_ex_new_index(0,
506 "SureWareHook DSA key handle",
507 NULL, NULL, surewarehk_ex_free);
508#endif
509
510 return 1;
511err:
512 if(surewarehk_dso)
513 DSO_free(surewarehk_dso);
514 surewarehk_dso = NULL;
515 p_surewarehk_Init = NULL;
516 p_surewarehk_Finish = NULL;
517 p_surewarehk_Rand_Bytes = NULL;
518 p_surewarehk_Rand_Seed = NULL;
519 p_surewarehk_Load_Privkey = NULL;
520 p_surewarehk_Load_Rsa_Pubkey = NULL;
521 p_surewarehk_Free = NULL;
522 p_surewarehk_Rsa_Priv_Dec = NULL;
523 p_surewarehk_Rsa_Sign = NULL;
524 p_surewarehk_Dsa_Sign = NULL;
525 p_surewarehk_Info_Pubkey = NULL;
526 p_surewarehk_Load_Dsa_Pubkey = NULL;
527 p_surewarehk_Mod_Exp = NULL;
528 return 0;
529}
530
531static int surewarehk_finish(ENGINE *e)
532{
533 int to_return = 1;
534 if(surewarehk_dso == NULL)
535 {
536 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
537 to_return = 0;
538 goto err;
539 }
540 p_surewarehk_Finish();
541 if(!DSO_free(surewarehk_dso))
542 {
543 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
544 to_return = 0;
545 goto err;
546 }
547 err:
548 if (logstream)
549 BIO_free(logstream);
550 surewarehk_dso = NULL;
551 p_surewarehk_Init = NULL;
552 p_surewarehk_Finish = NULL;
553 p_surewarehk_Rand_Bytes = NULL;
554 p_surewarehk_Rand_Seed = NULL;
555 p_surewarehk_Load_Privkey = NULL;
556 p_surewarehk_Load_Rsa_Pubkey = NULL;
557 p_surewarehk_Free = NULL;
558 p_surewarehk_Rsa_Priv_Dec = NULL;
559 p_surewarehk_Rsa_Sign = NULL;
560 p_surewarehk_Dsa_Sign = NULL;
561 p_surewarehk_Info_Pubkey = NULL;
562 p_surewarehk_Load_Dsa_Pubkey = NULL;
563 p_surewarehk_Mod_Exp = NULL;
564 return to_return;
565}
566
567static void surewarehk_error_handling(char *const msg,int func,int ret)
568{
569 switch (ret)
570 {
571 case SUREWAREHOOK_ERROR_UNIT_FAILURE:
572 ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
573 break;
574 case SUREWAREHOOK_ERROR_FALLBACK:
575 ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
576 break;
577 case SUREWAREHOOK_ERROR_DATA_SIZE:
578 ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
579 break;
580 case SUREWAREHOOK_ERROR_INVALID_PAD:
581 ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
582 break;
583 default:
584 ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
585 break;
586 case 1:/*nothing*/
587 msg[0]='\0';
588 }
589 if (*msg)
590 {
591 ERR_add_error_data(1,msg);
592 if (logstream)
593 {
594 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
595 BIO_write(logstream, msg, strlen(msg));
596 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
597 }
598 }
599}
600
601static int surewarehk_rand_bytes(unsigned char *buf, int num)
602{
603 int ret=0;
604 char msg[64]="ENGINE_rand_bytes";
605 if(!p_surewarehk_Rand_Bytes)
606 {
607 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
608 }
609 else
610 {
611 ret = p_surewarehk_Rand_Bytes(msg,buf, num);
612 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
613 }
614 return ret==1 ? 1 : 0;
615}
616
617static void surewarehk_rand_seed(const void *buf, int num)
618{
619 int ret=0;
620 char msg[64]="ENGINE_rand_seed";
621 if(!p_surewarehk_Rand_Seed)
622 {
623 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
624 }
625 else
626 {
627 ret = p_surewarehk_Rand_Seed(msg,buf, num);
628 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
629 }
630}
631
632static void surewarehk_rand_add(const void *buf, int num, double entropy)
633{
634 surewarehk_rand_seed(buf,num);
635}
636
637static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
638{
639 EVP_PKEY *res = NULL;
640#ifndef OPENSSL_NO_RSA
641 RSA *rsatmp = NULL;
642#endif
643#ifndef OPENSSL_NO_DSA
644 DSA *dsatmp=NULL;
645#endif
646 char msg[64]="sureware_load_public";
647 int ret=0;
648 if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
649 {
650 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
651 goto err;
652 }
653 switch (keytype)
654 {
655#ifndef OPENSSL_NO_RSA
656 case 1: /*RSA*/
657 /* set private external reference */
658 rsatmp = RSA_new_method(e);
659 RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
660 rsatmp->flags |= RSA_FLAG_EXT_PKEY;
661
662 /* set public big nums*/
663 rsatmp->e = BN_new();
664 rsatmp->n = BN_new();
665 bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
666 bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
667 if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
668 !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
669 goto err;
670 ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
671 (unsigned long *)rsatmp->n->d,
672 (unsigned long *)rsatmp->e->d);
673 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
674 if (ret!=1)
675 {
676 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
677 goto err;
678 }
679 /* normalise pub e and pub n */
680 rsatmp->e->top=el/sizeof(BN_ULONG);
681 bn_fix_top(rsatmp->e);
682 rsatmp->n->top=el/sizeof(BN_ULONG);
683 bn_fix_top(rsatmp->n);
684 /* create an EVP object: engine + rsa key */
685 res = EVP_PKEY_new();
686 EVP_PKEY_assign_RSA(res, rsatmp);
687 break;
688#endif
689
690#ifndef OPENSSL_NO_DSA
691 case 2:/*DSA*/
692 /* set private/public external reference */
693 dsatmp = DSA_new_method(e);
694 DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
695 /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
696
697 /* set public key*/
698 dsatmp->pub_key = BN_new();
699 dsatmp->p = BN_new();
700 dsatmp->q = BN_new();
701 dsatmp->g = BN_new();
702 bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
703 bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
704 bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
705 bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
706 if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
707 !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
708 !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
709 !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
710 goto err;
711
712 ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
713 (unsigned long *)dsatmp->pub_key->d,
714 (unsigned long *)dsatmp->p->d,
715 (unsigned long *)dsatmp->q->d,
716 (unsigned long *)dsatmp->g->d);
717 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
718 if (ret!=1)
719 {
720 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
721 goto err;
722 }
723 /* set parameters */
724 /* normalise pubkey and parameters in case of */
725 dsatmp->pub_key->top=el/sizeof(BN_ULONG);
726 bn_fix_top(dsatmp->pub_key);
727 dsatmp->p->top=el/sizeof(BN_ULONG);
728 bn_fix_top(dsatmp->p);
729 dsatmp->q->top=20/sizeof(BN_ULONG);
730 bn_fix_top(dsatmp->q);
731 dsatmp->g->top=el/sizeof(BN_ULONG);
732 bn_fix_top(dsatmp->g);
733
734 /* create an EVP object: engine + rsa key */
735 res = EVP_PKEY_new();
736 EVP_PKEY_assign_DSA(res, dsatmp);
737 break;
738#endif
739
740 default:
741 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
742 goto err;
743 }
744 return res;
745 err:
746 if (res)
747 EVP_PKEY_free(res);
748#ifndef OPENSSL_NO_RSA
749 if (rsatmp)
750 RSA_free(rsatmp);
751#endif
752#ifndef OPENSSL_NO_DSA
753 if (dsatmp)
754 DSA_free(dsatmp);
755#endif
756 return NULL;
757}
758
759static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
760 UI_METHOD *ui_method, void *callback_data)
761{
762 EVP_PKEY *res = NULL;
763 int ret=0;
764 unsigned long el=0;
765 char *hptr=NULL;
766 char keytype=0;
767 char msg[64]="ENGINE_load_privkey";
768
769 if(!p_surewarehk_Load_Privkey)
770 {
771 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
772 }
773 else
774 {
775 ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
776 if (ret!=1)
777 {
778 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
779 ERR_add_error_data(1,msg);
780 }
781 else
782 res=sureware_load_public(e,key_id,hptr,el,keytype);
783 }
784 return res;
785}
786
787static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
788 UI_METHOD *ui_method, void *callback_data)
789{
790 EVP_PKEY *res = NULL;
791 int ret=0;
792 unsigned long el=0;
793 char *hptr=NULL;
794 char keytype=0;
795 char msg[64]="ENGINE_load_pubkey";
796
797 if(!p_surewarehk_Info_Pubkey)
798 {
799 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
800 }
801 else
802 {
803 /* call once to identify if DSA or RSA */
804 ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
805 if (ret!=1)
806 {
807 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
808 ERR_add_error_data(1,msg);
809 }
810 else
811 res=sureware_load_public(e,key_id,hptr,el,keytype);
812 }
813 return res;
814}
815
816/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
817, called when ex_data is freed */
818static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
819 int idx,long argl, void *argp)
820{
821 if(!p_surewarehk_Free)
822 {
823 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
824 }
825 else
826 p_surewarehk_Free((char *)item,0);
827}
828
829#if 0
830/* This cleans up an DH KM key (destroys the key into hardware),
831called when ex_data is freed */
832static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
833 int idx,long argl, void *argp)
834{
835 if(!p_surewarehk_Free)
836 {
837 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
838 }
839 else
840 p_surewarehk_Free((char *)item,1);
841}
842#endif
843
844/*
845* return number of decrypted bytes
846*/
847#ifndef OPENSSL_NO_RSA
848static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
849 RSA *rsa,int padding)
850{
851 int ret=0,tlen;
852 char *buf=NULL,*hptr=NULL;
853 char msg[64]="ENGINE_rsa_priv_dec";
854 if (!p_surewarehk_Rsa_Priv_Dec)
855 {
856 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
857 }
858 /* extract ref to private key */
859 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
860 {
861 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
862 goto err;
863 }
864 /* analyse what padding we can do into the hardware */
865 if (padding==RSA_PKCS1_PADDING)
866 {
867 /* do it one shot */
868 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
869 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
870 if (ret!=1)
871 goto err;
872 ret=tlen;
873 }
874 else /* do with no padding into hardware */
875 {
876 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
877 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
878 if (ret!=1)
879 goto err;
880 /* intermediate buffer for padding */
881 if ((buf=OPENSSL_malloc(tlen)) == NULL)
882 {
883 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
884 goto err;
885 }
886 memcpy(buf,to,tlen);/* transfert to into buf */
887 switch (padding) /* check padding in software */
888 {
889#ifndef OPENSSL_NO_SHA
890 case RSA_PKCS1_OAEP_PADDING:
891 ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
892 break;
893#endif
894 case RSA_SSLV23_PADDING:
895 ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
896 break;
897 case RSA_NO_PADDING:
898 ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
899 break;
900 default:
901 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
902 goto err;
903 }
904 if (ret < 0)
905 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
906 }
907err:
908 if (buf)
909 {
910 OPENSSL_cleanse(buf,tlen);
911 OPENSSL_free(buf);
912 }
913 return ret;
914}
915
916/*
917* Does what OpenSSL rsa_priv_enc does.
918*/
919static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
920 RSA *rsa,int padding)
921{
922 int ret=0,tlen;
923 char *hptr=NULL;
924 char msg[64]="ENGINE_rsa_sign";
925 if (!p_surewarehk_Rsa_Sign)
926 {
927 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
928 }
929 /* extract ref to private key */
930 else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
931 {
932 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
933 }
934 else
935 {
936 switch (padding)
937 {
938 case RSA_PKCS1_PADDING: /* do it in one shot */
939 ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
940 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
941 break;
942 case RSA_NO_PADDING:
943 default:
944 RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
945 }
946 }
947 return ret==1 ? tlen : ret;
948}
949
950#endif
951
952#ifndef OPENSSL_NO_DSA
953/* DSA sign and verify */
954static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
955{
956 int ret=0;
957 char *hptr=NULL;
958 DSA_SIG *psign=NULL;
959 char msg[64]="ENGINE_dsa_do_sign";
960 if (!p_surewarehk_Dsa_Sign)
961 {
962 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
963 }
964 /* extract ref to private key */
965 else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
966 {
967 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
968 }
969 else
970 {
971 if((psign = DSA_SIG_new()) == NULL)
972 {
973 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
974 goto err;
975 }
976 psign->r=BN_new();
977 psign->s=BN_new();
978 bn_expand2(psign->r, 20/sizeof(BN_ULONG));
979 bn_expand2(psign->s, 20/sizeof(BN_ULONG));
980 if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
981 !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
982 goto err;
983 ret=p_surewarehk_Dsa_Sign(msg,flen,from,
984 (unsigned long *)psign->r->d,
985 (unsigned long *)psign->s->d,
986 hptr);
987 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
988 }
989 psign->r->top=20/sizeof(BN_ULONG);
990 bn_fix_top(psign->r);
991 psign->s->top=20/sizeof(BN_ULONG);
992 bn_fix_top(psign->s);
993
994err:
995 if (psign)
996 {
997 DSA_SIG_free(psign);
998 psign=NULL;
999 }
1000 return psign;
1001}
1002#endif
1003
1004static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1005 const BIGNUM *m, BN_CTX *ctx)
1006{
1007 int ret=0;
1008 char msg[64]="ENGINE_modexp";
1009 if (!p_surewarehk_Mod_Exp)
1010 {
1011 SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
1012 }
1013 else
1014 {
1015 bn_expand2(r,m->top);
1016 if (r && r->dmax==m->top)
1017 {
1018 /* do it*/
1019 ret=p_surewarehk_Mod_Exp(msg,
1020 m->top*sizeof(BN_ULONG),
1021 (unsigned long *)m->d,
1022 p->top*sizeof(BN_ULONG),
1023 (unsigned long *)p->d,
1024 a->top*sizeof(BN_ULONG),
1025 (unsigned long *)a->d,
1026 (unsigned long *)r->d);
1027 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
1028 if (ret==1)
1029 {
1030 /* normalise result */
1031 r->top=m->top;
1032 bn_fix_top(r);
1033 }
1034 }
1035 }
1036 return ret;
1037}
1038#endif /* !OPENSSL_NO_HW_SureWare */
1039#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.c b/src/lib/libcrypto/engine/hw_sureware_err.c
new file mode 100644
index 0000000000..69955dadbb
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.c
@@ -0,0 +1,150 @@
1/* hw_sureware_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_sureware_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA SUREWARE_str_functs[]=
68 {
69{ERR_PACK(0,SUREWARE_F_SUREWAREHK_CTRL,0), "SUREWAREHK_CTRL"},
70{ERR_PACK(0,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,0), "SUREWAREHK_DSA_DO_SIGN"},
71{ERR_PACK(0,SUREWARE_F_SUREWAREHK_EX_FREE,0), "SUREWAREHK_EX_FREE"},
72{ERR_PACK(0,SUREWARE_F_SUREWAREHK_FINISH,0), "SUREWAREHK_FINISH"},
73{ERR_PACK(0,SUREWARE_F_SUREWAREHK_INIT,0), "SUREWAREHK_INIT"},
74{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0), "SUREWAREHK_LOAD_PRIVATE_KEY"},
75{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0), "SUREWAREHK_LOAD_PUBLIC_KEY"},
76{ERR_PACK(0,SUREWARE_F_SUREWAREHK_MOD_EXP,0), "SUREWAREHK_MOD_EXP"},
77{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_BYTES,0), "SUREWAREHK_RAND_BYTES"},
78{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_SEED,0), "SUREWAREHK_RAND_SEED"},
79{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,0), "SUREWAREHK_RSA_PRIV_DEC"},
80{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,0), "SUREWAREHK_RSA_PRIV_ENC"},
81{0,NULL}
82 };
83
84static ERR_STRING_DATA SUREWARE_str_reasons[]=
85 {
86{SUREWARE_R_BIO_WAS_FREED ,"bio was freed"},
87{SUREWARE_R_MISSING_KEY_COMPONENTS ,"missing key components"},
88{SUREWARE_R_REQUEST_FAILED ,"request failed"},
89{SUREWARE_R_REQUEST_FALLBACK ,"request fallback"},
90{SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
91{SUREWARE_R_UNIT_FAILURE ,"unit failure"},
92{0,NULL}
93 };
94
95#endif
96
97#ifdef SUREWARE_LIB_NAME
98static ERR_STRING_DATA SUREWARE_lib_name[]=
99 {
100{0 ,SUREWARE_LIB_NAME},
101{0,NULL}
102 };
103#endif
104
105
106static int SUREWARE_lib_error_code=0;
107static int SUREWARE_error_init=1;
108
109static void ERR_load_SUREWARE_strings(void)
110 {
111 if (SUREWARE_lib_error_code == 0)
112 SUREWARE_lib_error_code=ERR_get_next_error_library();
113
114 if (SUREWARE_error_init)
115 {
116 SUREWARE_error_init=0;
117#ifndef OPENSSL_NO_ERR
118 ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
119 ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
120#endif
121
122#ifdef SUREWARE_LIB_NAME
123 SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
124 ERR_load_strings(0,SUREWARE_lib_name);
125#endif
126 }
127 }
128
129static void ERR_unload_SUREWARE_strings(void)
130 {
131 if (SUREWARE_error_init == 0)
132 {
133#ifndef OPENSSL_NO_ERR
134 ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
135 ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
136#endif
137
138#ifdef SUREWARE_LIB_NAME
139 ERR_unload_strings(0,SUREWARE_lib_name);
140#endif
141 SUREWARE_error_init=1;
142 }
143 }
144
145static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
146 {
147 if (SUREWARE_lib_error_code == 0)
148 SUREWARE_lib_error_code=ERR_get_next_error_library();
149 ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
150 }
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.h b/src/lib/libcrypto/engine/hw_sureware_err.h
new file mode 100644
index 0000000000..bc52af5e05
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.h
@@ -0,0 +1,94 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_SUREWARE_ERR_H
56#define HEADER_SUREWARE_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_SUREWARE_strings(void);
63static void ERR_unload_SUREWARE_strings(void);
64static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
65#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the SUREWARE functions. */
68
69/* Function codes. */
70#define SUREWARE_F_SUREWAREHK_CTRL 100
71#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
72#define SUREWARE_F_SUREWAREHK_EX_FREE 102
73#define SUREWARE_F_SUREWAREHK_FINISH 103
74#define SUREWARE_F_SUREWAREHK_INIT 104
75#define SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY 105
76#define SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY 106
77#define SUREWARE_F_SUREWAREHK_MOD_EXP 107
78#define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
79#define SUREWARE_F_SUREWAREHK_RAND_SEED 109
80#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
81#define SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC 111
82
83/* Reason codes. */
84#define SUREWARE_R_BIO_WAS_FREED 100
85#define SUREWARE_R_MISSING_KEY_COMPONENTS 105
86#define SUREWARE_R_REQUEST_FAILED 101
87#define SUREWARE_R_REQUEST_FALLBACK 102
88#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
89#define SUREWARE_R_UNIT_FAILURE 104
90
91#ifdef __cplusplus
92}
93#endif
94#endif
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
new file mode 100644
index 0000000000..8fb834af31
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -0,0 +1,1061 @@
1/* crypto/engine/hw_ubsec.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 *
5 * Cloned shamelessly by Joe Tardo.
6 */
7/* ====================================================================
8 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in
19 * the documentation and/or other materials provided with the
20 * distribution.
21 *
22 * 3. All advertising materials mentioning features or use of this
23 * software must display the following acknowledgment:
24 * "This product includes software developed by the OpenSSL Project
25 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 *
27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28 * endorse or promote products derived from this software without
29 * prior written permission. For written permission, please contact
30 * licensing@OpenSSL.org.
31 *
32 * 5. Products derived from this software may not be called "OpenSSL"
33 * nor may "OpenSSL" appear in their names without prior written
34 * permission of the OpenSSL Project.
35 *
36 * 6. Redistributions of any form whatsoever must retain the following
37 * acknowledgment:
38 * "This product includes software developed by the OpenSSL Project
39 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52 * OF THE POSSIBILITY OF SUCH DAMAGE.
53 * ====================================================================
54 *
55 * This product includes cryptographic software written by Eric Young
56 * (eay@cryptsoft.com). This product includes software written by Tim
57 * Hudson (tjh@cryptsoft.com).
58 *
59 */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include "cryptlib.h"
64#include <openssl/dso.h>
65#include <openssl/engine.h>
66
67#ifndef OPENSSL_NO_HW
68#ifndef OPENSSL_NO_HW_UBSEC
69
70#ifdef FLAT_INC
71#include "hw_ubsec.h"
72#else
73#include "vendor_defns/hw_ubsec.h"
74#endif
75
76#define UBSEC_LIB_NAME "ubsec engine"
77#include "hw_ubsec_err.c"
78
79#define FAIL_TO_SOFTWARE -15
80
81static int ubsec_destroy(ENGINE *e);
82static int ubsec_init(ENGINE *e);
83static int ubsec_finish(ENGINE *e);
84static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
85static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
86 const BIGNUM *m, BN_CTX *ctx);
87static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
88 const BIGNUM *q, const BIGNUM *dp,
89 const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
90#ifndef OPENSSL_NO_RSA
91static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
92#endif
93static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95#ifndef OPENSSL_NO_DSA
96#ifdef NOT_USED
97static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
98 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
99 BN_CTX *ctx, BN_MONT_CTX *in_mont);
100static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
101 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
102 BN_MONT_CTX *m_ctx);
103#endif
104static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
105static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
106 DSA_SIG *sig, DSA *dsa);
107#endif
108#ifndef OPENSSL_NO_DH
109static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
110 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
111 BN_MONT_CTX *m_ctx);
112static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
113static int ubsec_dh_generate_key(DH *dh);
114#endif
115
116#ifdef NOT_USED
117static int ubsec_rand_bytes(unsigned char *buf, int num);
118static int ubsec_rand_status(void);
119#endif
120
121#define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
122static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
123 {UBSEC_CMD_SO_PATH,
124 "SO_PATH",
125 "Specifies the path to the 'ubsec' shared library",
126 ENGINE_CMD_FLAG_STRING},
127 {0, NULL, NULL, 0}
128 };
129
130#ifndef OPENSSL_NO_RSA
131/* Our internal RSA_METHOD that we provide pointers to */
132static RSA_METHOD ubsec_rsa =
133 {
134 "UBSEC RSA method",
135 NULL,
136 NULL,
137 NULL,
138 NULL,
139 ubsec_rsa_mod_exp,
140 ubsec_mod_exp_mont,
141 NULL,
142 NULL,
143 0,
144 NULL,
145 NULL,
146 NULL
147 };
148#endif
149
150#ifndef OPENSSL_NO_DSA
151/* Our internal DSA_METHOD that we provide pointers to */
152static DSA_METHOD ubsec_dsa =
153 {
154 "UBSEC DSA method",
155 ubsec_dsa_do_sign, /* dsa_do_sign */
156 NULL, /* dsa_sign_setup */
157 ubsec_dsa_verify, /* dsa_do_verify */
158 NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
159 NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
160 NULL, /* init */
161 NULL, /* finish */
162 0, /* flags */
163 NULL /* app_data */
164 };
165#endif
166
167#ifndef OPENSSL_NO_DH
168/* Our internal DH_METHOD that we provide pointers to */
169static DH_METHOD ubsec_dh =
170 {
171 "UBSEC DH method",
172 ubsec_dh_generate_key,
173 ubsec_dh_compute_key,
174 ubsec_mod_exp_dh,
175 NULL,
176 NULL,
177 0,
178 NULL
179 };
180#endif
181
182/* Constants used when creating the ENGINE */
183static const char *engine_ubsec_id = "ubsec";
184static const char *engine_ubsec_name = "UBSEC hardware engine support";
185
186/* This internal function is used by ENGINE_ubsec() and possibly by the
187 * "dynamic" ENGINE support too */
188static int bind_helper(ENGINE *e)
189 {
190#ifndef OPENSSL_NO_RSA
191 const RSA_METHOD *meth1;
192#endif
193#ifndef OPENSSL_NO_DH
194#ifndef HAVE_UBSEC_DH
195 const DH_METHOD *meth3;
196#endif /* HAVE_UBSEC_DH */
197#endif
198 if(!ENGINE_set_id(e, engine_ubsec_id) ||
199 !ENGINE_set_name(e, engine_ubsec_name) ||
200#ifndef OPENSSL_NO_RSA
201 !ENGINE_set_RSA(e, &ubsec_rsa) ||
202#endif
203#ifndef OPENSSL_NO_DSA
204 !ENGINE_set_DSA(e, &ubsec_dsa) ||
205#endif
206#ifndef OPENSSL_NO_DH
207 !ENGINE_set_DH(e, &ubsec_dh) ||
208#endif
209 !ENGINE_set_destroy_function(e, ubsec_destroy) ||
210 !ENGINE_set_init_function(e, ubsec_init) ||
211 !ENGINE_set_finish_function(e, ubsec_finish) ||
212 !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
213 !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
214 return 0;
215
216#ifndef OPENSSL_NO_RSA
217 /* We know that the "PKCS1_SSLeay()" functions hook properly
218 * to the Broadcom-specific mod_exp and mod_exp_crt so we use
219 * those functions. NB: We don't use ENGINE_openssl() or
220 * anything "more generic" because something like the RSAref
221 * code may not hook properly, and if you own one of these
222 * cards then you have the right to do RSA operations on it
223 * anyway! */
224 meth1 = RSA_PKCS1_SSLeay();
225 ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
226 ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
227 ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
228 ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
229#endif
230
231#ifndef OPENSSL_NO_DH
232#ifndef HAVE_UBSEC_DH
233 /* Much the same for Diffie-Hellman */
234 meth3 = DH_OpenSSL();
235 ubsec_dh.generate_key = meth3->generate_key;
236 ubsec_dh.compute_key = meth3->compute_key;
237#endif /* HAVE_UBSEC_DH */
238#endif
239
240 /* Ensure the ubsec error handling is set up */
241 ERR_load_UBSEC_strings();
242 return 1;
243 }
244
245#ifndef ENGINE_DYNAMIC_SUPPORT
246static ENGINE *engine_ubsec(void)
247 {
248 ENGINE *ret = ENGINE_new();
249 if(!ret)
250 return NULL;
251 if(!bind_helper(ret))
252 {
253 ENGINE_free(ret);
254 return NULL;
255 }
256 return ret;
257 }
258
259void ENGINE_load_ubsec(void)
260 {
261 /* Copied from eng_[openssl|dyn].c */
262 ENGINE *toadd = engine_ubsec();
263 if(!toadd) return;
264 ENGINE_add(toadd);
265 ENGINE_free(toadd);
266 ERR_clear_error();
267 }
268#endif
269
270/* This is a process-global DSO handle used for loading and unloading
271 * the UBSEC library. NB: This is only set (or unset) during an
272 * init() or finish() call (reference counts permitting) and they're
273 * operating with global locks, so this should be thread-safe
274 * implicitly. */
275
276static DSO *ubsec_dso = NULL;
277
278/* These are the function pointers that are (un)set when the library has
279 * successfully (un)loaded. */
280
281static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
282static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
283static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
284static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
285#ifndef OPENSSL_NO_DH
286static t_UBSEC_diffie_hellman_generate_ioctl
287 *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
288static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
289#endif
290/* #ifndef OPENSSL_NO_RSA */
291static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
292static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
293/* #endif */
294#ifndef OPENSSL_NO_DSA
295static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
296static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
297#endif
298static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
299static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
300static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
301
302static int max_key_len = 1024; /* ??? */
303
304/*
305 * These are the static string constants for the DSO file name and the function
306 * symbol names to bind to.
307 */
308
309static const char *UBSEC_LIBNAME = NULL;
310static const char *get_UBSEC_LIBNAME(void)
311 {
312 if(UBSEC_LIBNAME)
313 return UBSEC_LIBNAME;
314 return "ubsec";
315 }
316static void free_UBSEC_LIBNAME(void)
317 {
318 if(UBSEC_LIBNAME)
319 OPENSSL_free((void*)UBSEC_LIBNAME);
320 UBSEC_LIBNAME = NULL;
321 }
322static long set_UBSEC_LIBNAME(const char *name)
323 {
324 free_UBSEC_LIBNAME();
325 return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
326 }
327static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
328static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
329static const char *UBSEC_F3 = "ubsec_open";
330static const char *UBSEC_F4 = "ubsec_close";
331#ifndef OPENSSL_NO_DH
332static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
333static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
334#endif
335/* #ifndef OPENSSL_NO_RSA */
336static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
337static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
338/* #endif */
339#ifndef OPENSSL_NO_DSA
340static const char *UBSEC_F9 = "dsa_sign_ioctl";
341static const char *UBSEC_F10 = "dsa_verify_ioctl";
342#endif
343static const char *UBSEC_F11 = "math_accelerate_ioctl";
344static const char *UBSEC_F12 = "rng_ioctl";
345static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
346
347/* Destructor (complements the "ENGINE_ubsec()" constructor) */
348static int ubsec_destroy(ENGINE *e)
349 {
350 free_UBSEC_LIBNAME();
351 ERR_unload_UBSEC_strings();
352 return 1;
353 }
354
355/* (de)initialisation functions. */
356static int ubsec_init(ENGINE *e)
357 {
358 t_UBSEC_ubsec_bytes_to_bits *p1;
359 t_UBSEC_ubsec_bits_to_bytes *p2;
360 t_UBSEC_ubsec_open *p3;
361 t_UBSEC_ubsec_close *p4;
362#ifndef OPENSSL_NO_DH
363 t_UBSEC_diffie_hellman_generate_ioctl *p5;
364 t_UBSEC_diffie_hellman_agree_ioctl *p6;
365#endif
366/* #ifndef OPENSSL_NO_RSA */
367 t_UBSEC_rsa_mod_exp_ioctl *p7;
368 t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
369/* #endif */
370#ifndef OPENSSL_NO_DSA
371 t_UBSEC_dsa_sign_ioctl *p9;
372 t_UBSEC_dsa_verify_ioctl *p10;
373#endif
374 t_UBSEC_math_accelerate_ioctl *p11;
375 t_UBSEC_rng_ioctl *p12;
376 t_UBSEC_max_key_len_ioctl *p13;
377 int fd = 0;
378
379 if(ubsec_dso != NULL)
380 {
381 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
382 goto err;
383 }
384 /*
385 * Attempt to load libubsec.so/ubsec.dll/whatever.
386 */
387 ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
388 if(ubsec_dso == NULL)
389 {
390 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
391 goto err;
392 }
393
394 if (
395 !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
396 !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
397 !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
398 !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
399#ifndef OPENSSL_NO_DH
400 !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
401 DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
402 !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
403 DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
404#endif
405/* #ifndef OPENSSL_NO_RSA */
406 !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
407 !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
408/* #endif */
409#ifndef OPENSSL_NO_DSA
410 !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
411 !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
412#endif
413 !(p11 = (t_UBSEC_math_accelerate_ioctl *)
414 DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
415 !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
416 !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
417 {
418 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
419 goto err;
420 }
421
422 /* Copy the pointers */
423 p_UBSEC_ubsec_bytes_to_bits = p1;
424 p_UBSEC_ubsec_bits_to_bytes = p2;
425 p_UBSEC_ubsec_open = p3;
426 p_UBSEC_ubsec_close = p4;
427#ifndef OPENSSL_NO_DH
428 p_UBSEC_diffie_hellman_generate_ioctl = p5;
429 p_UBSEC_diffie_hellman_agree_ioctl = p6;
430#endif
431#ifndef OPENSSL_NO_RSA
432 p_UBSEC_rsa_mod_exp_ioctl = p7;
433 p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
434#endif
435#ifndef OPENSSL_NO_DSA
436 p_UBSEC_dsa_sign_ioctl = p9;
437 p_UBSEC_dsa_verify_ioctl = p10;
438#endif
439 p_UBSEC_math_accelerate_ioctl = p11;
440 p_UBSEC_rng_ioctl = p12;
441 p_UBSEC_max_key_len_ioctl = p13;
442
443 /* Perform an open to see if there's actually any unit running. */
444 if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
445 {
446 p_UBSEC_ubsec_close(fd);
447 return 1;
448 }
449 else
450 {
451 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
452 }
453
454err:
455 if(ubsec_dso)
456 DSO_free(ubsec_dso);
457 ubsec_dso = NULL;
458 p_UBSEC_ubsec_bytes_to_bits = NULL;
459 p_UBSEC_ubsec_bits_to_bytes = NULL;
460 p_UBSEC_ubsec_open = NULL;
461 p_UBSEC_ubsec_close = NULL;
462#ifndef OPENSSL_NO_DH
463 p_UBSEC_diffie_hellman_generate_ioctl = NULL;
464 p_UBSEC_diffie_hellman_agree_ioctl = NULL;
465#endif
466#ifndef OPENSSL_NO_RSA
467 p_UBSEC_rsa_mod_exp_ioctl = NULL;
468 p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
469#endif
470#ifndef OPENSSL_NO_DSA
471 p_UBSEC_dsa_sign_ioctl = NULL;
472 p_UBSEC_dsa_verify_ioctl = NULL;
473#endif
474 p_UBSEC_math_accelerate_ioctl = NULL;
475 p_UBSEC_rng_ioctl = NULL;
476 p_UBSEC_max_key_len_ioctl = NULL;
477
478 return 0;
479 }
480
481static int ubsec_finish(ENGINE *e)
482 {
483 free_UBSEC_LIBNAME();
484 if(ubsec_dso == NULL)
485 {
486 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
487 return 0;
488 }
489 if(!DSO_free(ubsec_dso))
490 {
491 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
492 return 0;
493 }
494 ubsec_dso = NULL;
495 p_UBSEC_ubsec_bytes_to_bits = NULL;
496 p_UBSEC_ubsec_bits_to_bytes = NULL;
497 p_UBSEC_ubsec_open = NULL;
498 p_UBSEC_ubsec_close = NULL;
499#ifndef OPENSSL_NO_DH
500 p_UBSEC_diffie_hellman_generate_ioctl = NULL;
501 p_UBSEC_diffie_hellman_agree_ioctl = NULL;
502#endif
503#ifndef OPENSSL_NO_RSA
504 p_UBSEC_rsa_mod_exp_ioctl = NULL;
505 p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
506#endif
507#ifndef OPENSSL_NO_DSA
508 p_UBSEC_dsa_sign_ioctl = NULL;
509 p_UBSEC_dsa_verify_ioctl = NULL;
510#endif
511 p_UBSEC_math_accelerate_ioctl = NULL;
512 p_UBSEC_rng_ioctl = NULL;
513 p_UBSEC_max_key_len_ioctl = NULL;
514 return 1;
515 }
516
517static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
518 {
519 int initialised = ((ubsec_dso == NULL) ? 0 : 1);
520 switch(cmd)
521 {
522 case UBSEC_CMD_SO_PATH:
523 if(p == NULL)
524 {
525 UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
526 return 0;
527 }
528 if(initialised)
529 {
530 UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
531 return 0;
532 }
533 return set_UBSEC_LIBNAME((const char *)p);
534 default:
535 break;
536 }
537 UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
538 return 0;
539 }
540
541static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
542 const BIGNUM *m, BN_CTX *ctx)
543 {
544 int y_len = 0;
545 int fd;
546
547 if(ubsec_dso == NULL)
548 {
549 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
550 return 0;
551 }
552
553 /* Check if hardware can't handle this argument. */
554 y_len = BN_num_bits(m);
555 if (y_len > max_key_len) {
556 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
557 return BN_mod_exp(r, a, p, m, ctx);
558 }
559
560 if(!bn_wexpand(r, m->top))
561 {
562 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
563 return 0;
564 }
565
566 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
567 fd = 0;
568 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
569 return BN_mod_exp(r, a, p, m, ctx);
570 }
571
572 if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
573 (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d,
574 BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
575 {
576 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
577 p_UBSEC_ubsec_close(fd);
578
579 return BN_mod_exp(r, a, p, m, ctx);
580 }
581
582 p_UBSEC_ubsec_close(fd);
583
584 r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
585 return 1;
586 }
587
588#ifndef OPENSSL_NO_RSA
589static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
590 {
591 BN_CTX *ctx;
592 int to_return = 0;
593
594 if((ctx = BN_CTX_new()) == NULL)
595 goto err;
596
597 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
598 {
599 UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
600 goto err;
601 }
602
603 to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
604 rsa->dmq1, rsa->iqmp, ctx);
605 if (to_return == FAIL_TO_SOFTWARE)
606 {
607 /*
608 * Do in software as hardware failed.
609 */
610 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
611 to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
612 }
613err:
614 if(ctx)
615 BN_CTX_free(ctx);
616 return to_return;
617 }
618#endif
619
620static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
621 const BIGNUM *q, const BIGNUM *dp,
622 const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
623 {
624 int y_len,
625 m_len,
626 fd;
627
628 m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
629 y_len = BN_num_bits(p) + BN_num_bits(q);
630
631 /* Check if hardware can't handle this argument. */
632 if (y_len > max_key_len) {
633 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
634 return FAIL_TO_SOFTWARE;
635 }
636
637 if (!bn_wexpand(r, p->top + q->top + 1)) {
638 UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
639 return 0;
640 }
641
642 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
643 fd = 0;
644 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
645 return FAIL_TO_SOFTWARE;
646 }
647
648 if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
649 (unsigned char *)a->d, BN_num_bits(a),
650 (unsigned char *)qinv->d, BN_num_bits(qinv),
651 (unsigned char *)dp->d, BN_num_bits(dp),
652 (unsigned char *)p->d, BN_num_bits(p),
653 (unsigned char *)dq->d, BN_num_bits(dq),
654 (unsigned char *)q->d, BN_num_bits(q),
655 (unsigned char *)r->d, &y_len) != 0) {
656 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
657 p_UBSEC_ubsec_close(fd);
658 return FAIL_TO_SOFTWARE;
659 }
660
661 p_UBSEC_ubsec_close(fd);
662
663 r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
664 return 1;
665}
666
667#ifndef OPENSSL_NO_DSA
668#ifdef NOT_USED
669static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
670 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
671 BN_CTX *ctx, BN_MONT_CTX *in_mont)
672 {
673 BIGNUM t;
674 int to_return = 0;
675
676 BN_init(&t);
677 /* let rr = a1 ^ p1 mod m */
678 if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
679 /* let t = a2 ^ p2 mod m */
680 if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
681 /* let rr = rr * t mod m */
682 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
683 to_return = 1;
684end:
685 BN_free(&t);
686 return to_return;
687 }
688
689static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
690 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
691 BN_MONT_CTX *m_ctx)
692 {
693 return ubsec_mod_exp(r, a, p, m, ctx);
694 }
695#endif
696#endif
697
698/*
699 * This function is aliased to mod_exp (with the mont stuff dropped).
700 */
701static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
702 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
703 {
704 int ret = 0;
705
706#ifndef OPENSSL_NO_RSA
707 /* Do in software if the key is too large for the hardware. */
708 if (BN_num_bits(m) > max_key_len)
709 {
710 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
711 ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
712 }
713 else
714#endif
715 {
716 ret = ubsec_mod_exp(r, a, p, m, ctx);
717 }
718
719 return ret;
720 }
721
722#ifndef OPENSSL_NO_DH
723/* This function is aliased to mod_exp (with the dh and mont dropped). */
724static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
725 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
726 BN_MONT_CTX *m_ctx)
727 {
728 return ubsec_mod_exp(r, a, p, m, ctx);
729 }
730#endif
731
732#ifndef OPENSSL_NO_DSA
733static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
734 {
735 DSA_SIG *to_return = NULL;
736 int s_len = 160, r_len = 160, d_len, fd;
737 BIGNUM m, *r=NULL, *s=NULL;
738
739 BN_init(&m);
740
741 s = BN_new();
742 r = BN_new();
743 if ((s == NULL) || (r==NULL))
744 goto err;
745
746 d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
747
748 if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
749 (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
750 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
751 goto err;
752 }
753
754 if (BN_bin2bn(dgst,dlen,&m) == NULL) {
755 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
756 goto err;
757 }
758
759 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
760 const DSA_METHOD *meth;
761 fd = 0;
762 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
763 meth = DSA_OpenSSL();
764 to_return = meth->dsa_do_sign(dgst, dlen, dsa);
765 goto err;
766 }
767
768 if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
769 (unsigned char *)dgst, d_len,
770 NULL, 0, /* compute random value */
771 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
772 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
773 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
774 (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
775 (unsigned char *)r->d, &r_len,
776 (unsigned char *)s->d, &s_len ) != 0) {
777 const DSA_METHOD *meth;
778
779 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
780 p_UBSEC_ubsec_close(fd);
781 meth = DSA_OpenSSL();
782 to_return = meth->dsa_do_sign(dgst, dlen, dsa);
783
784 goto err;
785 }
786
787 p_UBSEC_ubsec_close(fd);
788
789 r->top = (160+BN_BITS2-1)/BN_BITS2;
790 s->top = (160+BN_BITS2-1)/BN_BITS2;
791
792 to_return = DSA_SIG_new();
793 if(to_return == NULL) {
794 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
795 goto err;
796 }
797
798 to_return->r = r;
799 to_return->s = s;
800
801err:
802 if (!to_return) {
803 if (r) BN_free(r);
804 if (s) BN_free(s);
805 }
806 BN_clear_free(&m);
807 return to_return;
808}
809
810static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
811 DSA_SIG *sig, DSA *dsa)
812 {
813 int v_len, d_len;
814 int to_return = 0;
815 int fd;
816 BIGNUM v;
817
818 BN_init(&v);
819
820 if(!bn_wexpand(&v, dsa->p->top)) {
821 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
822 goto err;
823 }
824
825 v_len = BN_num_bits(dsa->p);
826
827 d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
828
829 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
830 const DSA_METHOD *meth;
831 fd = 0;
832 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
833 meth = DSA_OpenSSL();
834 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
835 goto err;
836 }
837
838 if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
839 (unsigned char *)dgst, d_len,
840 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
841 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
842 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
843 (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
844 (unsigned char *)sig->r->d, BN_num_bits(sig->r),
845 (unsigned char *)sig->s->d, BN_num_bits(sig->s),
846 (unsigned char *)v.d, &v_len) != 0) {
847 const DSA_METHOD *meth;
848 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
849 p_UBSEC_ubsec_close(fd);
850
851 meth = DSA_OpenSSL();
852 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
853
854 goto err;
855 }
856
857 p_UBSEC_ubsec_close(fd);
858
859 to_return = 1;
860err:
861 BN_clear_free(&v);
862 return to_return;
863 }
864#endif
865
866#ifndef OPENSSL_NO_DH
867static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
868 {
869 int ret = -1,
870 k_len,
871 fd;
872
873 k_len = BN_num_bits(dh->p);
874
875 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
876 {
877 const DH_METHOD *meth;
878 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
879 meth = DH_OpenSSL();
880 ret = meth->compute_key(key, pub_key, dh);
881 goto err;
882 }
883
884 if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
885 (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
886 (unsigned char *)pub_key->d, BN_num_bits(pub_key),
887 (unsigned char *)dh->p->d, BN_num_bits(dh->p),
888 key, &k_len) != 0)
889 {
890 /* Hardware's a no go, failover to software */
891 const DH_METHOD *meth;
892 ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
893 p_UBSEC_ubsec_close(fd);
894
895 meth = DH_OpenSSL();
896 ret = meth->compute_key(key, pub_key, dh);
897
898 goto err;
899 }
900
901 p_UBSEC_ubsec_close(fd);
902
903 ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
904err:
905 return ret;
906 }
907
908static int ubsec_dh_generate_key (DH *dh)
909 {
910 int ret = 0,
911 random_bits = 0,
912 pub_key_len = 0,
913 priv_key_len = 0,
914 fd;
915 BIGNUM *pub_key = NULL;
916 BIGNUM *priv_key = NULL;
917
918 /*
919 * How many bits should Random x be? dh_key.c
920 * sets the range from 0 to num_bits(modulus) ???
921 */
922
923 if (dh->priv_key == NULL)
924 {
925 priv_key = BN_new();
926 if (priv_key == NULL) goto err;
927 priv_key_len = BN_num_bits(dh->p);
928 bn_wexpand(priv_key, dh->p->top);
929 do
930 if (!BN_rand_range(priv_key, dh->p)) goto err;
931 while (BN_is_zero(priv_key));
932 random_bits = BN_num_bits(priv_key);
933 }
934 else
935 {
936 priv_key = dh->priv_key;
937 }
938
939 if (dh->pub_key == NULL)
940 {
941 pub_key = BN_new();
942 pub_key_len = BN_num_bits(dh->p);
943 bn_wexpand(pub_key, dh->p->top);
944 if(pub_key == NULL) goto err;
945 }
946 else
947 {
948 pub_key = dh->pub_key;
949 }
950
951 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
952 {
953 const DH_METHOD *meth;
954 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
955 meth = DH_OpenSSL();
956 ret = meth->generate_key(dh);
957 goto err;
958 }
959
960 if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
961 (unsigned char *)priv_key->d, &priv_key_len,
962 (unsigned char *)pub_key->d, &pub_key_len,
963 (unsigned char *)dh->g->d, BN_num_bits(dh->g),
964 (unsigned char *)dh->p->d, BN_num_bits(dh->p),
965 0, 0, random_bits) != 0)
966 {
967 /* Hardware's a no go, failover to software */
968 const DH_METHOD *meth;
969
970 ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
971 p_UBSEC_ubsec_close(fd);
972
973 meth = DH_OpenSSL();
974 ret = meth->generate_key(dh);
975
976 goto err;
977 }
978
979 p_UBSEC_ubsec_close(fd);
980
981 dh->pub_key = pub_key;
982 dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
983 dh->priv_key = priv_key;
984 dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
985
986 ret = 1;
987err:
988 return ret;
989 }
990#endif
991
992#ifdef NOT_USED
993static int ubsec_rand_bytes(unsigned char * buf,
994 int num)
995 {
996 int ret = 0,
997 fd;
998
999 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
1000 {
1001 const RAND_METHOD *meth;
1002 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
1003 num = p_UBSEC_ubsec_bits_to_bytes(num);
1004 meth = RAND_SSLeay();
1005 meth->seed(buf, num);
1006 ret = meth->bytes(buf, num);
1007 goto err;
1008 }
1009
1010 num *= 8; /* bytes to bits */
1011
1012 if (p_UBSEC_rng_ioctl(fd,
1013 UBSEC_RNG_DIRECT,
1014 buf,
1015 &num) != 0)
1016 {
1017 /* Hardware's a no go, failover to software */
1018 const RAND_METHOD *meth;
1019
1020 ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
1021 p_UBSEC_ubsec_close(fd);
1022
1023 num = p_UBSEC_ubsec_bits_to_bytes(num);
1024 meth = RAND_SSLeay();
1025 meth->seed(buf, num);
1026 ret = meth->bytes(buf, num);
1027
1028 goto err;
1029 }
1030
1031 p_UBSEC_ubsec_close(fd);
1032
1033 ret = 1;
1034err:
1035 return(ret);
1036 }
1037
1038
1039static int ubsec_rand_status(void)
1040 {
1041 return 0;
1042 }
1043#endif
1044
1045/* This stuff is needed if this ENGINE is being compiled into a self-contained
1046 * shared-library. */
1047#ifdef ENGINE_DYNAMIC_SUPPORT
1048static int bind_fn(ENGINE *e, const char *id)
1049 {
1050 if(id && (strcmp(id, engine_ubsec_id) != 0))
1051 return 0;
1052 if(!bind_helper(e))
1053 return 0;
1054 return 1;
1055 }
1056IMPLEMENT_DYNAMIC_CHECK_FN()
1057IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1058#endif /* ENGINE_DYNAMIC_SUPPORT */
1059
1060#endif /* !OPENSSL_NO_HW_UBSEC */
1061#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.c b/src/lib/libcrypto/engine/hw_ubsec_err.c
new file mode 100644
index 0000000000..d707331fc2
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.c
@@ -0,0 +1,151 @@
1/* hw_ubsec_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_ubsec_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA UBSEC_str_functs[]=
68 {
69{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0), "UBSEC_CTRL"},
70{ERR_PACK(0,UBSEC_F_UBSEC_DH_COMPUTE_KEY,0), "UBSEC_DH_COMPUTE_KEY"},
71{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0), "UBSEC_DSA_SIGN"},
72{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0), "UBSEC_DSA_VERIFY"},
73{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0), "UBSEC_FINISH"},
74{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0), "UBSEC_INIT"},
75{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0), "UBSEC_MOD_EXP"},
76{ERR_PACK(0,UBSEC_F_UBSEC_RNG_BYTES,0), "UBSEC_RNG_BYTES"},
77{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0), "UBSEC_RSA_MOD_EXP"},
78{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0), "UBSEC_RSA_MOD_EXP_CRT"},
79{0,NULL}
80 };
81
82static ERR_STRING_DATA UBSEC_str_reasons[]=
83 {
84{UBSEC_R_ALREADY_LOADED ,"already loaded"},
85{UBSEC_R_BN_EXPAND_FAIL ,"bn expand fail"},
86{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
87{UBSEC_R_DSO_FAILURE ,"dso failure"},
88{UBSEC_R_MISSING_KEY_COMPONENTS ,"missing key components"},
89{UBSEC_R_NOT_LOADED ,"not loaded"},
90{UBSEC_R_REQUEST_FAILED ,"request failed"},
91{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
92{UBSEC_R_UNIT_FAILURE ,"unit failure"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef UBSEC_LIB_NAME
99static ERR_STRING_DATA UBSEC_lib_name[]=
100 {
101{0 ,UBSEC_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int UBSEC_lib_error_code=0;
108static int UBSEC_error_init=1;
109
110static void ERR_load_UBSEC_strings(void)
111 {
112 if (UBSEC_lib_error_code == 0)
113 UBSEC_lib_error_code=ERR_get_next_error_library();
114
115 if (UBSEC_error_init)
116 {
117 UBSEC_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
120 ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
121#endif
122
123#ifdef UBSEC_LIB_NAME
124 UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
125 ERR_load_strings(0,UBSEC_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_UBSEC_strings(void)
131 {
132 if (UBSEC_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
136 ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
137#endif
138
139#ifdef UBSEC_LIB_NAME
140 ERR_unload_strings(0,UBSEC_lib_name);
141#endif
142 UBSEC_error_init=1;
143 }
144 }
145
146static void ERR_UBSEC_error(int function, int reason, char *file, int line)
147 {
148 if (UBSEC_lib_error_code == 0)
149 UBSEC_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.h b/src/lib/libcrypto/engine/hw_ubsec_err.h
new file mode 100644
index 0000000000..023d3be771
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.h
@@ -0,0 +1,95 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_UBSEC_ERR_H
56#define HEADER_UBSEC_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_UBSEC_strings(void);
63static void ERR_unload_UBSEC_strings(void);
64static void ERR_UBSEC_error(int function, int reason, char *file, int line);
65#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the UBSEC functions. */
68
69/* Function codes. */
70#define UBSEC_F_UBSEC_CTRL 100
71#define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
72#define UBSEC_F_UBSEC_DSA_SIGN 102
73#define UBSEC_F_UBSEC_DSA_VERIFY 103
74#define UBSEC_F_UBSEC_FINISH 104
75#define UBSEC_F_UBSEC_INIT 105
76#define UBSEC_F_UBSEC_MOD_EXP 106
77#define UBSEC_F_UBSEC_RNG_BYTES 107
78#define UBSEC_F_UBSEC_RSA_MOD_EXP 108
79#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
80
81/* Reason codes. */
82#define UBSEC_R_ALREADY_LOADED 100
83#define UBSEC_R_BN_EXPAND_FAIL 101
84#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
85#define UBSEC_R_DSO_FAILURE 103
86#define UBSEC_R_MISSING_KEY_COMPONENTS 104
87#define UBSEC_R_NOT_LOADED 105
88#define UBSEC_R_REQUEST_FAILED 106
89#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
90#define UBSEC_R_UNIT_FAILURE 108
91
92#ifdef __cplusplus
93}
94#endif
95#endif
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
new file mode 100644
index 0000000000..50b3cec1fa
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_cipher.c
@@ -0,0 +1,145 @@
1/* ====================================================================
2 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/evp.h>
56#include <openssl/engine.h>
57#include "eng_int.h"
58
59/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
60 * is used by EVP to hook in cipher code and cache defaults (etc), will display
61 * brief debugging summaries to stderr with the 'nid'. */
62/* #define ENGINE_CIPHER_DEBUG */
63
64static ENGINE_TABLE *cipher_table = NULL;
65
66void ENGINE_unregister_ciphers(ENGINE *e)
67 {
68 engine_table_unregister(&cipher_table, e);
69 }
70
71static void engine_unregister_all_ciphers(void)
72 {
73 engine_table_cleanup(&cipher_table);
74 }
75
76int ENGINE_register_ciphers(ENGINE *e)
77 {
78 if(e->ciphers)
79 {
80 const int *nids;
81 int num_nids = e->ciphers(e, NULL, &nids, 0);
82 if(num_nids > 0)
83 return engine_table_register(&cipher_table,
84 engine_unregister_all_ciphers, e, nids,
85 num_nids, 0);
86 }
87 return 1;
88 }
89
90void ENGINE_register_all_ciphers()
91 {
92 ENGINE *e;
93
94 for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
95 ENGINE_register_ciphers(e);
96 }
97
98int ENGINE_set_default_ciphers(ENGINE *e)
99 {
100 if(e->ciphers)
101 {
102 const int *nids;
103 int num_nids = e->ciphers(e, NULL, &nids, 0);
104 if(num_nids > 0)
105 return engine_table_register(&cipher_table,
106 engine_unregister_all_ciphers, e, nids,
107 num_nids, 1);
108 }
109 return 1;
110 }
111
112/* Exposed API function to get a functional reference from the implementation
113 * table (ie. try to get a functional reference from the tabled structural
114 * references) for a given cipher 'nid' */
115ENGINE *ENGINE_get_cipher_engine(int nid)
116 {
117 return engine_table_select(&cipher_table, nid);
118 }
119
120/* Obtains a cipher implementation from an ENGINE functional reference */
121const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
122 {
123 const EVP_CIPHER *ret;
124 ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
125 if(!fn || !fn(e, &ret, NULL, nid))
126 {
127 ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
128 ENGINE_R_UNIMPLEMENTED_CIPHER);
129 return NULL;
130 }
131 return ret;
132 }
133
134/* Gets the cipher callback from an ENGINE structure */
135ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
136 {
137 return e->ciphers;
138 }
139
140/* Sets the cipher callback in an ENGINE structure */
141int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
142 {
143 e->ciphers = f;
144 return 1;
145 }
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
new file mode 100644
index 0000000000..e290e1702b
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_dh.c
@@ -0,0 +1,120 @@
1/* ====================================================================
2 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/evp.h>
56#include <openssl/engine.h>
57#include "eng_int.h"
58
59/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
60 * used by DH to hook in implementation code and cache defaults (etc), will
61 * display brief debugging summaries to stderr with the 'nid'. */
62/* #define ENGINE_DH_DEBUG */
63
64static ENGINE_TABLE *dh_table = NULL;
65static const int dummy_nid = 1;
66
67void ENGINE_unregister_DH(ENGINE *e)
68 {
69 engine_table_unregister(&dh_table, e);
70 }
71
72static void engine_unregister_all_DH(void)
73 {
74 engine_table_cleanup(&dh_table);
75 }
76
77int ENGINE_register_DH(ENGINE *e)
78 {
79 if(e->dh_meth)
80 return engine_table_register(&dh_table,
81 engine_unregister_all_DH, e, &dummy_nid, 1, 0);
82 return 1;
83 }
84
85void ENGINE_register_all_DH()
86 {
87 ENGINE *e;
88
89 for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
90 ENGINE_register_DH(e);
91 }
92
93int ENGINE_set_default_DH(ENGINE *e)
94 {
95 if(e->dh_meth)
96 return engine_table_register(&dh_table,
97 engine_unregister_all_DH, e, &dummy_nid, 1, 1);
98 return 1;
99 }
100
101/* Exposed API function to get a functional reference from the implementation
102 * table (ie. try to get a functional reference from the tabled structural
103 * references). */
104ENGINE *ENGINE_get_default_DH(void)
105 {
106 return engine_table_select(&dh_table, dummy_nid);
107 }
108
109/* Obtains an DH implementation from an ENGINE functional reference */
110const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
111 {
112 return e->dh_meth;
113 }
114
115/* Sets an DH implementation in an ENGINE structure */
116int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
117 {
118 e->dh_meth = dh_meth;
119 return 1;
120 }
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
new file mode 100644
index 0000000000..e82d2a17c9
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_digest.c
@@ -0,0 +1,145 @@
1/* ====================================================================
2 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/evp.h>
56#include <openssl/engine.h>
57#include "eng_int.h"
58
59/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
60 * is used by EVP to hook in digest code and cache defaults (etc), will display
61 * brief debugging summaries to stderr with the 'nid'. */
62/* #define ENGINE_DIGEST_DEBUG */
63
64static ENGINE_TABLE *digest_table = NULL;
65
66void ENGINE_unregister_digests(ENGINE *e)
67 {
68 engine_table_unregister(&digest_table, e);
69 }
70
71static void engine_unregister_all_digests(void)
72 {
73 engine_table_cleanup(&digest_table);
74 }
75
76int ENGINE_register_digests(ENGINE *e)
77 {
78 if(e->digests)
79 {
80 const int *nids;
81 int num_nids = e->digests(e, NULL, &nids, 0);
82 if(num_nids > 0)
83 return engine_table_register(&digest_table,
84 engine_unregister_all_digests, e, nids,
85 num_nids, 0);
86 }
87 return 1;
88 }
89
90void ENGINE_register_all_digests()
91 {
92 ENGINE *e;
93
94 for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
95 ENGINE_register_digests(e);
96 }
97
98int ENGINE_set_default_digests(ENGINE *e)
99 {
100 if(e->digests)
101 {
102 const int *nids;
103 int num_nids = e->digests(e, NULL, &nids, 0);
104 if(num_nids > 0)
105 return engine_table_register(&digest_table,
106 engine_unregister_all_digests, e, nids,
107 num_nids, 1);
108 }
109 return 1;
110 }
111
112/* Exposed API function to get a functional reference from the implementation
113 * table (ie. try to get a functional reference from the tabled structural
114 * references) for a given digest 'nid' */
115ENGINE *ENGINE_get_digest_engine(int nid)
116 {
117 return engine_table_select(&digest_table, nid);
118 }
119
120/* Obtains a digest implementation from an ENGINE functional reference */
121const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
122 {
123 const EVP_MD *ret;
124 ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
125 if(!fn || !fn(e, &ret, NULL, nid))
126 {
127 ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
128 ENGINE_R_UNIMPLEMENTED_DIGEST);
129 return NULL;
130 }
131 return ret;
132 }
133
134/* Gets the digest callback from an ENGINE structure */
135ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
136 {
137 return e->digests;
138 }
139
140/* Sets the digest callback in an ENGINE structure */
141int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
142 {
143 e->digests = f;
144 return 1;
145 }
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
new file mode 100644
index 0000000000..7efe181927
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_dsa.c
@@ -0,0 +1,120 @@
1/* ====================================================================
2 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/evp.h>
56#include <openssl/engine.h>
57#include "eng_int.h"
58
59/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
60 * used by DSA to hook in implementation code and cache defaults (etc), will
61 * display brief debugging summaries to stderr with the 'nid'. */
62/* #define ENGINE_DSA_DEBUG */
63
64static ENGINE_TABLE *dsa_table = NULL;
65static const int dummy_nid = 1;
66
67void ENGINE_unregister_DSA(ENGINE *e)
68 {
69 engine_table_unregister(&dsa_table, e);
70 }
71
72static void engine_unregister_all_DSA(void)
73 {
74 engine_table_cleanup(&dsa_table);
75 }
76
77int ENGINE_register_DSA(ENGINE *e)
78 {
79 if(e->dsa_meth)
80 return engine_table_register(&dsa_table,
81 engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
82 return 1;
83 }
84
85void ENGINE_register_all_DSA()
86 {
87 ENGINE *e;
88
89 for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
90 ENGINE_register_DSA(e);
91 }
92
93int ENGINE_set_default_DSA(ENGINE *e)
94 {
95 if(e->dsa_meth)
96 return engine_table_register(&dsa_table,
97 engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
98 return 1;
99 }
100
101/* Exposed API function to get a functional reference from the implementation
102 * table (ie. try to get a functional reference from the tabled structural
103 * references). */
104ENGINE *ENGINE_get_default_DSA(void)
105 {
106 return engine_table_select(&dsa_table, dummy_nid);
107 }
108
109/* Obtains an DSA implementation from an ENGINE functional reference */
110const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
111 {
112 return e->dsa_meth;
113 }
114
115/* Sets an DSA implementation in an ENGINE structure */
116int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
117 {
118 e->dsa_meth = dsa_meth;
119 return 1;
120 }
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
new file mode 100644
index 0000000000..69b67111bc
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_rand.c
@@ -0,0 +1,120 @@
1/* ====================================================================
2 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/evp.h>
56#include <openssl/engine.h>
57#include "eng_int.h"
58
59/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
60 * used by RAND to hook in implementation code and cache defaults (etc), will
61 * display brief debugging summaries to stderr with the 'nid'. */
62/* #define ENGINE_RAND_DEBUG */
63
64static ENGINE_TABLE *rand_table = NULL;
65static const int dummy_nid = 1;
66
67void ENGINE_unregister_RAND(ENGINE *e)
68 {
69 engine_table_unregister(&rand_table, e);
70 }
71
72static void engine_unregister_all_RAND(void)
73 {
74 engine_table_cleanup(&rand_table);
75 }
76
77int ENGINE_register_RAND(ENGINE *e)
78 {
79 if(e->rand_meth)
80 return engine_table_register(&rand_table,
81 engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
82 return 1;
83 }
84
85void ENGINE_register_all_RAND()
86 {
87 ENGINE *e;
88
89 for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
90 ENGINE_register_RAND(e);
91 }
92
93int ENGINE_set_default_RAND(ENGINE *e)
94 {
95 if(e->rand_meth)
96 return engine_table_register(&rand_table,
97 engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
98 return 1;
99 }
100
101/* Exposed API function to get a functional reference from the implementation
102 * table (ie. try to get a functional reference from the tabled structural
103 * references). */
104ENGINE *ENGINE_get_default_RAND(void)
105 {
106 return engine_table_select(&rand_table, dummy_nid);
107 }
108
109/* Obtains an RAND implementation from an ENGINE functional reference */
110const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
111 {
112 return e->rand_meth;
113 }
114
115/* Sets an RAND implementation in an ENGINE structure */
116int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
117 {
118 e->rand_meth = rand_meth;
119 return 1;
120 }
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
new file mode 100644
index 0000000000..fee4867f52
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_rsa.c
@@ -0,0 +1,120 @@
1/* ====================================================================
2 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#include <openssl/evp.h>
56#include <openssl/engine.h>
57#include "eng_int.h"
58
59/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
60 * used by RSA to hook in implementation code and cache defaults (etc), will
61 * display brief debugging summaries to stderr with the 'nid'. */
62/* #define ENGINE_RSA_DEBUG */
63
64static ENGINE_TABLE *rsa_table = NULL;
65static const int dummy_nid = 1;
66
67void ENGINE_unregister_RSA(ENGINE *e)
68 {
69 engine_table_unregister(&rsa_table, e);
70 }
71
72static void engine_unregister_all_RSA(void)
73 {
74 engine_table_cleanup(&rsa_table);
75 }
76
77int ENGINE_register_RSA(ENGINE *e)
78 {
79 if(e->rsa_meth)
80 return engine_table_register(&rsa_table,
81 engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
82 return 1;
83 }
84
85void ENGINE_register_all_RSA()
86 {
87 ENGINE *e;
88
89 for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
90 ENGINE_register_RSA(e);
91 }
92
93int ENGINE_set_default_RSA(ENGINE *e)
94 {
95 if(e->rsa_meth)
96 return engine_table_register(&rsa_table,
97 engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
98 return 1;
99 }
100
101/* Exposed API function to get a functional reference from the implementation
102 * table (ie. try to get a functional reference from the tabled structural
103 * references). */
104ENGINE *ENGINE_get_default_RSA(void)
105 {
106 return engine_table_select(&rsa_table, dummy_nid);
107 }
108
109/* Obtains an RSA implementation from an ENGINE functional reference */
110const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
111 {
112 return e->rsa_meth;
113 }
114
115/* Sets an RSA implementation in an ENGINE structure */
116int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
117 {
118 e->rsa_meth = rsa_meth;
119 return 1;
120 }
diff --git a/src/lib/libcrypto/engine/vendor_defns/aep.h b/src/lib/libcrypto/engine/vendor_defns/aep.h
new file mode 100644
index 0000000000..2b2792d2d6
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/aep.h
@@ -0,0 +1,178 @@
1/* This header declares the necessary definitions for using the exponentiation
2 * acceleration capabilities, and rnd number generation of the AEP card.
3 *
4 */
5
6/*
7 *
8 * Some AEP defines
9 *
10 */
11
12/*Successful return value*/
13#define AEP_R_OK 0x00000000
14
15/*Miscelleanous unsuccessful return value*/
16#define AEP_R_GENERAL_ERROR 0x10000001
17
18/*Insufficient host memory*/
19#define AEP_R_HOST_MEMORY 0x10000002
20
21#define AEP_R_FUNCTION_FAILED 0x10000006
22
23/*Invalid arguments in function call*/
24#define AEP_R_ARGUMENTS_BAD 0x10020000
25
26#define AEP_R_NO_TARGET_RESOURCES 0x10030000
27
28/*Error occuring on socket operation*/
29#define AEP_R_SOCKERROR 0x10000010
30
31/*Socket has been closed from the other end*/
32#define AEP_R_SOCKEOF 0x10000011
33
34/*Invalid handles*/
35#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
36
37#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
38
39/*Transaction has not yet returned from accelerator*/
40#define AEP_R_TRANSACTION_NOT_READY 0x00010000
41
42/*There is already a thread waiting on this transaction*/
43#define AEP_R_TRANSACTION_CLAIMED 0x10050000
44
45/*The transaction timed out*/
46#define AEP_R_TIMED_OUT 0x10060000
47
48#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
49
50#define AEP_R_TARGET_ERROR 0x10080000
51
52/*Error in the AEP daemon process*/
53#define AEP_R_DAEMON_ERROR 0x10090000
54
55/*Invalid ctx id*/
56#define AEP_R_INVALID_CTX_ID 0x10009000
57
58#define AEP_R_NO_KEY_MANAGER 0x1000a000
59
60/*Error obtaining a mutex*/
61#define AEP_R_MUTEX_BAD 0x000001A0
62
63/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
64#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
65
66/*AEP_Initialise has already been called*/
67#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
68
69/*Maximum number of connections to daemon reached*/
70#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
71
72/*
73 *
74 * Some AEP Type definitions
75 *
76 */
77
78/* an unsigned 8-bit value */
79typedef unsigned char AEP_U8;
80
81/* an unsigned 8-bit character */
82typedef char AEP_CHAR;
83
84/* a BYTE-sized Boolean flag */
85typedef AEP_U8 AEP_BBOOL;
86
87/*Unsigned value, at least 16 bits long*/
88typedef unsigned short AEP_U16;
89
90/* an unsigned value, at least 32 bits long */
91#ifdef SIXTY_FOUR_BIT_LONG
92typedef unsigned int AEP_U32;
93#else
94typedef unsigned long AEP_U32;
95#endif
96
97#ifdef SIXTY_FOUR_BIT_LONG
98typedef unsigned long AEP_U64;
99#else
100typedef struct { unsigned long l1, l2; } AEP_U64;
101#endif
102
103/* at least 32 bits; each bit is a Boolean flag */
104typedef AEP_U32 AEP_FLAGS;
105
106typedef AEP_U8 *AEP_U8_PTR;
107typedef AEP_CHAR *AEP_CHAR_PTR;
108typedef AEP_U32 *AEP_U32_PTR;
109typedef AEP_U64 *AEP_U64_PTR;
110typedef void *AEP_VOID_PTR;
111
112/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
113typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
114
115/*Used to identify an AEP connection handle*/
116typedef AEP_U32 AEP_CONNECTION_HNDL;
117
118/*Pointer to an AEP connection handle*/
119typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
120
121/*Used by an application (in conjunction with the apps process id) to
122identify an individual transaction*/
123typedef AEP_U32 AEP_TRANSACTION_ID;
124
125/*Pointer to an applications transaction identifier*/
126typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
127
128/*Return value type*/
129typedef AEP_U32 AEP_RV;
130
131#define MAX_PROCESS_CONNECTIONS 256
132
133#define RAND_BLK_SIZE 1024
134
135typedef enum{
136 NotConnected= 0,
137 Connected= 1,
138 InUse= 2
139} AEP_CONNECTION_STATE;
140
141
142typedef struct AEP_CONNECTION_ENTRY{
143 AEP_CONNECTION_STATE conn_state;
144 AEP_CONNECTION_HNDL conn_hndl;
145} AEP_CONNECTION_ENTRY;
146
147
148typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
149typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
150
151typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
152 AEP_VOID_PTR pA, AEP_VOID_PTR pP,
153 AEP_VOID_PTR pN,
154 AEP_VOID_PTR pResult,
155 AEP_TRANSACTION_ID* pidTransID);
156
157typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
158 AEP_VOID_PTR pA, AEP_VOID_PTR pP,
159 AEP_VOID_PTR pQ,
160 AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
161 AEP_VOID_PTR pIqmp,
162 AEP_VOID_PTR pResult,
163 AEP_TRANSACTION_ID* pidTransID);
164
165#ifdef AEPRAND
166typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
167 AEP_U32 Len,
168 AEP_U32 Type,
169 AEP_VOID_PTR pResult,
170 AEP_TRANSACTION_ID* pidTransID);
171#endif
172
173typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
174typedef AEP_RV t_AEP_Finalize();
175typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(),
176 AEP_RV (*MakeAEPBigNumFunc)(),
177 AEP_RV (*ConverAEPBigNumFunc)());
178
diff --git a/src/lib/libcrypto/engine/vendor_defns/atalla.h b/src/lib/libcrypto/engine/vendor_defns/atalla.h
new file mode 100644
index 0000000000..149970d441
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/atalla.h
@@ -0,0 +1,48 @@
1/* This header declares the necessary definitions for using the exponentiation
2 * acceleration capabilities of Atalla cards. The only cryptographic operation
3 * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
4 * defines an "RSA private key". However, it is really only performing a
5 * regular mod_exp using the supplied modulus and exponent - no CRT form is
6 * being used. Hence, it is a generic mod_exp function in disguise, and we use
7 * it as such.
8 *
9 * Thanks to the people at Atalla for letting me know these definitions are
10 * fine and that they can be reproduced here.
11 *
12 * Geoff.
13 */
14
15typedef struct ItemStr
16 {
17 unsigned char *data;
18 int len;
19 } Item;
20
21typedef struct RSAPrivateKeyStr
22 {
23 void *reserved;
24 Item version;
25 Item modulus;
26 Item publicExponent;
27 Item privateExponent;
28 Item prime[2];
29 Item exponent[2];
30 Item coefficient;
31 } RSAPrivateKey;
32
33/* Predeclare the function pointer types that we dynamically load from the DSO.
34 * These use the same names and form that Ben's original support code had (in
35 * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
36 * somewhere along the way!
37 */
38
39typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
40 unsigned int *ret_buf);
41
42typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
43
44typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
45 unsigned char *output,
46 unsigned char *input,
47 unsigned int modulus_len);
48
diff --git a/src/lib/libcrypto/engine/vendor_defns/cswift.h b/src/lib/libcrypto/engine/vendor_defns/cswift.h
new file mode 100644
index 0000000000..60079326bb
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/cswift.h
@@ -0,0 +1,234 @@
1/* Attribution notice: Rainbow have generously allowed me to reproduce
2 * the necessary definitions here from their API. This means the support
3 * can build independently of whether application builders have the
4 * API or hardware. This will allow developers to easily produce software
5 * that has latent hardware support for any users that have accelertors
6 * installed, without the developers themselves needing anything extra.
7 *
8 * I have only clipped the parts from the CryptoSwift header files that
9 * are (or seem) relevant to the CryptoSwift support code. This is
10 * simply to keep the file sizes reasonable.
11 * [Geoff]
12 */
13
14
15/* NB: These type widths do *not* seem right in general, in particular
16 * they're not terribly friendly to 64-bit architectures (unsigned long)
17 * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
18 * agree with Rainbow's API and this will only be called into question
19 * on platforms with Rainbow support anyway! ;-) */
20
21#ifdef __cplusplus
22extern "C" {
23#endif /* __cplusplus */
24
25typedef long SW_STATUS; /* status */
26typedef unsigned char SW_BYTE; /* 8 bit byte */
27typedef unsigned short SW_U16; /* 16 bit number */
28#if defined(_IRIX)
29#include <sgidefs.h>
30typedef __uint32_t SW_U32;
31#else
32typedef unsigned long SW_U32; /* 32 bit integer */
33#endif
34
35#if defined(OPENSSL_SYS_WIN32)
36 typedef struct _SW_U64 {
37 SW_U32 low32;
38 SW_U32 high32;
39 } SW_U64; /* 64 bit integer */
40#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
41 typedef longlong SW_U64
42#else /* Unix variants */
43 typedef struct _SW_U64 {
44 SW_U32 low32;
45 SW_U32 high32;
46 } SW_U64; /* 64 bit integer */
47#endif
48
49/* status codes */
50#define SW_OK (0L)
51#define SW_ERR_BASE (-10000L)
52#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
53#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
54 /* up yet */
55#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
56 /* time out */
57#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
58 /* execute the command */
59#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
60 /* NULL */
61#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
62 /* small, too large. */
63#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
64 /* handle */
65#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
66 /* standing at this */
67 /* context handle */
68#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
69#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */
70#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */
71#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */
72 /* in SW_PARAM structure */
73#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */
74 /* context. */
75 /* swAttachKeyParam() is */
76 /* not called. */
77#define SW_ERR_KEY_CMD_MISMATCH \
78 (SW_ERR_BASE-14)/* Cannot perform requested */
79 /* SW_COMMAND_CODE since */
80 /* key attached via */
81 /* swAttachKeyParam() */
82 /* cannot be used for this*/
83 /* SW_COMMAND_CODE. */
84#define SW_ERR_NOT_IMPLEMENTED \
85 (SW_ERR_BASE-15)/* Not implemented */
86#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */
87#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */
88 /* the "initems" or */
89 /* "outitems". */
90#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */
91#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */
92 /* test fail, look at the */
93 /* selfTestBitmap in */
94 /* SW_ACCELERATOR_INFO for*/
95 /* details. */
96#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/
97 /* key materials aligned */
98 /* in certain order, e.g. */
99 /* 128 bit for CRT */
100#define SW_ERR_OUTPUT_NULL_PTR \
101 (SW_ERR_BASE-21)/* a required pointer is */
102 /* NULL */
103#define SW_ERR_OUTPUT_SIZE \
104 (SW_ERR_BASE-22)/* size is invalid, too */
105 /* small, too large. */
106#define SW_ERR_FIRMWARE_CHECKSUM \
107 (SW_ERR_BASE-23)/* firmware checksum mismatch*/
108 /* download failed. */
109#define SW_ERR_UNKNOWN_FIRMWARE \
110 (SW_ERR_BASE-24)/* unknown firmware error */
111#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */
112 /* it's waiting to be */
113 /* completed. */
114#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */
115 /* volatile memory */
116#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */
117 /* writing to NV memory */
118#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */
119 /* failure */
120#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
121#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */
122 /* calculations */
123#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */
124 /* board memory */
125#define SW_ERR_FIRMWARE_VERSION \
126 (SW_ERR_BASE-32)/* Wrong version in firmware */
127 /* update */
128#define SW_ERR_ZERO_WORKING_ACCELERATOR \
129 (SW_ERR_BASE-44)/* All accelerators are bad */
130
131
132 /* algorithm type */
133#define SW_ALG_CRT 1
134#define SW_ALG_EXP 2
135#define SW_ALG_DSA 3
136#define SW_ALG_NVDATA 4
137
138 /* command code */
139#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
140 /* Chinese Remainder Theorem (CRT) */
141#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
142#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
143#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
144#define SW_CMD_RAND 5 /* perform random number generation */
145#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
146#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
147
148typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
149typedef SW_U32 SW_STATE; /* state */
150typedef SW_U32 SW_COMMAND_CODE; /* command code */
151typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
152
153typedef struct _SW_LARGENUMBER {
154 SW_U32 nbytes; /* number of bytes in the buffer "value" */
155 SW_BYTE* value; /* the large integer as a string of */
156 /* bytes in network (big endian) order */
157} SW_LARGENUMBER;
158
159#if defined(OPENSSL_SYS_WIN32)
160 #include <windows.h>
161 typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
162 #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
163 #define SW_CALLCONV _stdcall
164#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
165 /* async callback mechanisms */
166 /* swiftCallbackLevel */
167 #define SW_MAC_CALLBACK_LEVEL_NO 0
168 #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */
169 #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */
170 typedef int SW_MAC_CALLBACK_LEVEL;
171 typedef int SW_OSHANDLE;
172 #define SW_OS_INVALID_HANDLE (-1)
173 #define SW_CALLCONV
174#else /* Unix variants */
175 typedef int SW_OSHANDLE; /* handle to driver */
176 #define SW_OS_INVALID_HANDLE (-1)
177 #define SW_CALLCONV
178#endif
179
180typedef struct _SW_CRT {
181 SW_LARGENUMBER p; /* prime number p */
182 SW_LARGENUMBER q; /* prime number q */
183 SW_LARGENUMBER dmp1; /* exponent1 */
184 SW_LARGENUMBER dmq1; /* exponent2 */
185 SW_LARGENUMBER iqmp; /* CRT coefficient */
186} SW_CRT;
187
188typedef struct _SW_EXP {
189 SW_LARGENUMBER modulus; /* modulus */
190 SW_LARGENUMBER exponent;/* exponent */
191} SW_EXP;
192
193typedef struct _SW_DSA {
194 SW_LARGENUMBER p; /* */
195 SW_LARGENUMBER q; /* */
196 SW_LARGENUMBER g; /* */
197 SW_LARGENUMBER key; /* private/public key */
198} SW_DSA;
199
200typedef struct _SW_NVDATA {
201 SW_U32 accnum; /* accelerator board number */
202 SW_U32 offset; /* offset in byte */
203} SW_NVDATA;
204
205typedef struct _SW_PARAM {
206 SW_ALGTYPE type; /* type of the alogrithm */
207 union {
208 SW_CRT crt;
209 SW_EXP exp;
210 SW_DSA dsa;
211 SW_NVDATA nvdata;
212 } up;
213} SW_PARAM;
214
215typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
216
217
218/* Now the OpenSSL bits, these function types are the for the function
219 * pointers that will bound into the Rainbow shared libraries. */
220typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
221typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
222 SW_PARAM *key_params);
223typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
224 SW_COMMAND_CODE cmd,
225 SW_LARGENUMBER pin[],
226 SW_U32 pin_count,
227 SW_LARGENUMBER pout[],
228 SW_U32 pout_count);
229typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
230
231#ifdef __cplusplus
232}
233#endif /* __cplusplus */
234
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
new file mode 100644
index 0000000000..296636e81a
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
@@ -0,0 +1,149 @@
1/**********************************************************************/
2/* */
3/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
4/* */
5/* Maurice Gittens <maurice@gittens.nl> */
6/* */
7/**********************************************************************/
8
9#ifndef __HW_4758_CCA__
10#define __HW_4758_CCA__
11
12/*
13 * Only WIN32 support for now
14 */
15#if defined(WIN32)
16
17 #define CCA_LIB_NAME "CSUNSAPI"
18
19 #define CSNDPKX "CSNDPKX_32"
20 #define CSNDKRR "CSNDKRR_32"
21 #define CSNDPKE "CSNDPKE_32"
22 #define CSNDPKD "CSNDPKD_32"
23 #define CSNDDSV "CSNDDSV_32"
24 #define CSNDDSG "CSNDDSG_32"
25 #define CSNBRNG "CSNBRNG_32"
26
27 #define SECURITYAPI __stdcall
28#else
29 /* Fixme!!
30 Find out the values of these constants for other platforms.
31 */
32 #define CCA_LIB_NAME "CSUNSAPI"
33
34 #define CSNDPKX "CSNDPKX"
35 #define CSNDKRR "CSNDKRR"
36 #define CSNDPKE "CSNDPKE"
37 #define CSNDPKD "CSNDPKD"
38 #define CSNDDSV "CSNDDSV"
39 #define CSNDDSG "CSNDDSG"
40 #define CSNBRNG "CSNBRNG"
41
42 #define SECURITYAPI
43#endif
44
45/*
46 * security API prototypes
47 */
48
49/* PKA Key Record Read */
50typedef void (SECURITYAPI *F_KEYRECORDREAD)
51 (long * return_code,
52 long * reason_code,
53 long * exit_data_length,
54 unsigned char * exit_data,
55 long * rule_array_count,
56 unsigned char * rule_array,
57 unsigned char * key_label,
58 long * key_token_length,
59 unsigned char * key_token);
60
61/* Random Number Generate */
62typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
63 (long * return_code,
64 long * reason_code,
65 long * exit_data_length,
66 unsigned char * exit_data,
67 unsigned char * form,
68 unsigned char * random_number);
69
70/* Digital Signature Generate */
71typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
72 (long * return_code,
73 long * reason_code,
74 long * exit_data_length,
75 unsigned char * exit_data,
76 long * rule_array_count,
77 unsigned char * rule_array,
78 long * PKA_private_key_id_length,
79 unsigned char * PKA_private_key_id,
80 long * hash_length,
81 unsigned char * hash,
82 long * signature_field_length,
83 long * signature_bit_length,
84 unsigned char * signature_field);
85
86/* Digital Signature Verify */
87typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
88 long * return_code,
89 long * reason_code,
90 long * exit_data_length,
91 unsigned char * exit_data,
92 long * rule_array_count,
93 unsigned char * rule_array,
94 long * PKA_public_key_id_length,
95 unsigned char * PKA_public_key_id,
96 long * hash_length,
97 unsigned char * hash,
98 long * signature_field_length,
99 unsigned char * signature_field);
100
101/* PKA Public Key Extract */
102typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
103 long * return_code,
104 long * reason_code,
105 long * exit_data_length,
106 unsigned char * exit_data,
107 long * rule_array_count,
108 unsigned char * rule_array,
109 long * source_key_identifier_length,
110 unsigned char * source_key_identifier,
111 long * target_key_token_length,
112 unsigned char * target_key_token);
113
114/* PKA Encrypt */
115typedef void (SECURITYAPI *F_PKAENCRYPT)
116 (long * return_code,
117 long * reason_code,
118 long * exit_data_length,
119 unsigned char * exit_data,
120 long * rule_array_count,
121 unsigned char * rule_array,
122 long * key_value_length,
123 unsigned char * key_value,
124 long * data_struct_length,
125 unsigned char * data_struct,
126 long * RSA_public_key_length,
127 unsigned char * RSA_public_key,
128 long * RSA_encipher_length,
129 unsigned char * RSA_encipher );
130
131/* PKA Decrypt */
132typedef void (SECURITYAPI *F_PKADECRYPT)
133 (long * return_code,
134 long * reason_code,
135 long * exit_data_length,
136 unsigned char * exit_data,
137 long * rule_array_count,
138 unsigned char * rule_array,
139 long * enciphered_key_length,
140 unsigned char * enciphered_key,
141 long * data_struct_length,
142 unsigned char * data_struct,
143 long * RSA_private_key_length,
144 unsigned char * RSA_private_key,
145 long * key_value_length,
146 unsigned char * key_value );
147
148
149#endif
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000000..b6619d40f2
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
1/******************************************************************************
2 *
3 * Copyright 2000
4 * Broadcom Corporation
5 * 16215 Alton Parkway
6 * PO Box 57013
7 * Irvine CA 92619-7013
8 *
9 *****************************************************************************/
10/*
11 * Broadcom Corporation uBSec SDK
12 */
13/*
14 * Character device header file.
15 */
16/*
17 * Revision History:
18 *
19 * October 2000 JTT Created.
20 */
21
22#define MAX_PUBLIC_KEY_BITS (1024)
23#define MAX_PUBLIC_KEY_BYTES (1024/8)
24#define SHA_BIT_SIZE (160)
25#define MAX_CRYPTO_KEY_LENGTH 24
26#define MAX_MAC_KEY_LENGTH 64
27#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
28#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
29
30/* Math command types. */
31#define UBSEC_MATH_MODADD 0x0001
32#define UBSEC_MATH_MODSUB 0x0002
33#define UBSEC_MATH_MODMUL 0x0004
34#define UBSEC_MATH_MODEXP 0x0008
35#define UBSEC_MATH_MODREM 0x0010
36#define UBSEC_MATH_MODINV 0x0020
37
38typedef long ubsec_MathCommand_t;
39typedef long ubsec_RNGCommand_t;
40
41typedef struct ubsec_crypto_context_s {
42 unsigned int flags;
43 unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
44 unsigned char auth[MAX_MAC_KEY_LENGTH];
45} ubsec_crypto_context_t, *ubsec_crypto_context_p;
46
47/*
48 * Predeclare the function pointer types that we dynamically load from the DSO.
49 */
50
51typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
52
53typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
54
55typedef int t_UBSEC_ubsec_open(unsigned char *device);
56
57typedef int t_UBSEC_ubsec_close(int fd);
58
59typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
60 unsigned char *x, int *x_len, unsigned char *y, int *y_len,
61 unsigned char *g, int g_len, unsigned char *m, int m_len,
62 unsigned char *userX, int userX_len, int random_bits);
63
64typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
65 unsigned char *x, int x_len, unsigned char *y, int y_len,
66 unsigned char *m, int m_len, unsigned char *k, int *k_len);
67
68typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
69 unsigned char *x, int x_len, unsigned char *m, int m_len,
70 unsigned char *e, int e_len, unsigned char *y, int *y_len);
71
72typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
73 unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
74 unsigned char *edq, int edq_len, unsigned char *q, int q_len,
75 unsigned char *edp, int edp_len, unsigned char *p, int p_len,
76 unsigned char *y, int *y_len);
77
78typedef int t_UBSEC_dsa_sign_ioctl (int fd,
79 int hash, unsigned char *data, int data_len,
80 unsigned char *rndom, int random_len,
81 unsigned char *p, int p_len, unsigned char *q, int q_len,
82 unsigned char *g, int g_len, unsigned char *key, int key_len,
83 unsigned char *r, int *r_len, unsigned char *s, int *s_len);
84
85typedef int t_UBSEC_dsa_verify_ioctl (int fd,
86 int hash, unsigned char *data, int data_len,
87 unsigned char *p, int p_len, unsigned char *q, int q_len,
88 unsigned char *g, int g_len, unsigned char *key, int key_len,
89 unsigned char *r, int r_len, unsigned char *s, int s_len,
90 unsigned char *v, int *v_len);
91
92typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
93 unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
94 unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
95 unsigned char *Result, int *Result_len);
96
97typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
98 unsigned char *Result, int *Result_len);
99
100typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000000..aaa4d4575e
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
1/*
2 * ModExp / RSA (with/without KM) plugin API
3 *
4 * The application will load a dynamic library which
5 * exports entrypoint(s) defined in this file.
6 *
7 * This set of entrypoints provides only a multithreaded,
8 * synchronous-within-each-thread, facility.
9 *
10 *
11 * This file is Copyright 1998-2000 nCipher Corporation Limited.
12 *
13 * Redistribution and use in source and binary forms, with opr without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * 1. Redistributions of source code must retain the copyright notice,
18 * this list of conditions, and the following disclaimer.
19 *
20 * 2. Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions, and the following
22 * disclaimer, in the documentation and/or other materials provided
23 * with the distribution
24 *
25 * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
26 * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
27 * damages arising directly or indirectly from this file, its use or
28 * this licence. Without prejudice to the generality of the
29 * foregoing: all liability shall be excluded for direct, indirect,
30 * special, incidental, consequential or other damages or any loss of
31 * profits, business, revenue goodwill or anticipated savings;
32 * liability shall be excluded even if nCipher or anyone else has been
33 * advised of the possibility of damage. In any event, if the
34 * exclusion of liability is not effective, the liability of nCipher
35 * or any author or distributor shall be limited to the lesser of the
36 * price paid and 1,000 pounds sterling. This licence only fails to
37 * exclude or limit liability for death or personal injury arising out
38 * of negligence, and only to the extent that such an exclusion or
39 * limitation is not effective.
40 *
41 * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
42 * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
43 * limited to, any implied warranties of merchantability, fitness for
44 * a particular purpose, satisfactory quality, and/or non-infringement
45 * of any third party rights.
46 *
47 * US Government use: This software and documentation is Commercial
48 * Computer Software and Computer Software Documentation, as defined in
49 * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
50 * Noncommercial Computer Software and Noncommercial Computer Software
51 * Documentation." Use, duplication or disclosure by the Government is
52 * subject to the terms and conditions specified here.
53 *
54 * By using or distributing this file you will be accepting these
55 * terms and conditions, including the limitation of liability and
56 * lack of warranty. If you do not wish to accept these terms and
57 * conditions, DO NOT USE THE FILE.
58 *
59 *
60 * The actual dynamically loadable plugin, and the library files for
61 * static linking, which are also provided in some distributions, are
62 * not covered by the licence described above. You should have
63 * received a separate licence with terms and conditions for these
64 * library files; if you received the library files without a licence,
65 * please contact nCipher.
66 *
67 *
68 * $Id: hwcryptohook.h,v 1.1.1.1 2003/05/11 21:35:16 markus Exp $
69 */
70
71#ifndef HWCRYPTOHOOK_H
72#define HWCRYPTOHOOK_H
73
74#include <sys/types.h>
75#include <stdio.h>
76
77#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
78#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
79#endif
80
81#define HWCRYPTOHOOK_ERROR_FAILED -1
82#define HWCRYPTOHOOK_ERROR_FALLBACK -2
83#define HWCRYPTOHOOK_ERROR_MPISIZE -3
84
85#if HWCRYPTOHOOK_DECLARE_APPTYPES
86
87/* These structs are defined by the application and opaque to the
88 * crypto plugin. The application may define these as it sees fit.
89 * Default declarations are provided here, but the application may
90 * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
91 * to prevent these declarations, and instead provide its own
92 * declarations of these types. (Pointers to them must still be
93 * ordinary pointers to structs or unions, or the resulting combined
94 * program will have a type inconsistency.)
95 */
96typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
97typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
98typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
99typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
100
101#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
102
103/* These next two structs are opaque to the application. The crypto
104 * plugin will return pointers to them; the caller simply manipulates
105 * the pointers.
106 */
107typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
108typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
109
110typedef struct {
111 char *buf;
112 size_t size;
113} HWCryptoHook_ErrMsgBuf;
114/* Used for error reporting. When a HWCryptoHook function fails it
115 * will return a sentinel value (0 for pointer-valued functions, or a
116 * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
117 * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
118 * an error message there.
119 *
120 * size is the size of the buffer, and will not be modified. If you
121 * pass 0 for size you must pass 0 for buf, and nothing will be
122 * recorded (just as if you passed 0 for the struct pointer).
123 * Messages written to the buffer will always be null-terminated, even
124 * when truncated to fit within size bytes.
125 *
126 * The contents of the buffer are not defined if there is no error.
127 */
128
129typedef struct HWCryptoHook_MPIStruct {
130 unsigned char *buf;
131 size_t size;
132} HWCryptoHook_MPI;
133/* When one of these is returned, a pointer is passed to the function.
134 * At call, size is the space available. Afterwards it is updated to
135 * be set to the actual length (which may be more than the space available,
136 * if there was not enough room and the result was truncated).
137 * buf (the pointer) is not updated.
138 *
139 * size is in bytes and may be zero at call or return, but must be a
140 * multiple of the limb size. Zero limbs at the MS end are not
141 * permitted.
142 */
143
144#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
145#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
146/* Enable requesting fallback to software in case of problems with the
147 * hardware support. This indicates to the crypto provider that the
148 * application is prepared to fall back to software operation if the
149 * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
150 * Without this flag those calls will never return
151 * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
152 * provider to avoid repeatedly attempting to contact dead hardware
153 * within a short interval, if appropriate.
154 */
155
156#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
157/* Without _SimpleForkCheck the library is allowed to assume that the
158 * application will not fork and call the library in the child(ren).
159 *
160 * When it is specified, this is allowed. However, after a fork
161 * neither parent nor child may unload any loaded keys or call
162 * _Finish. Instead, they should call exit (or die with a signal)
163 * without calling _Finish. After all the children have died the
164 * parent may unload keys or call _Finish.
165 *
166 * This flag only has any effect on UN*X platforms.
167 */
168
169typedef struct {
170 unsigned long flags;
171 void *logstream; /* usually a FILE*. See below. */
172
173 size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
174 int mslimbfirst; /* 0 or 1 */
175 int msbytefirst; /* 0 or 1; -1 = native */
176
177 /* All the callback functions should return 0 on success, or a
178 * nonzero integer (whose value will be visible in the error message
179 * put in the buffer passed to the call).
180 *
181 * If a callback is not available pass a null function pointer.
182 *
183 * The callbacks may not call down again into the crypto plugin.
184 */
185
186 /* For thread-safety. Set everything to 0 if you promise only to be
187 * singlethreaded. maxsimultaneous is the number of calls to
188 * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
189 * put there then say 0 and the hook library will use a default.
190 *
191 * maxmutexes is a small limit on the number of simultaneous mutexes
192 * which will be requested by the library. If there is no small
193 * limit, set it to 0. If the crypto plugin cannot create the
194 * advertised number of mutexes the calls to its functions may fail.
195 * If a low number of mutexes is advertised the plugin will try to
196 * do the best it can. Making larger numbers of mutexes available
197 * may improve performance and parallelism by reducing contention
198 * over critical sections. Unavailability of any mutexes, implying
199 * single-threaded operation, should be indicated by the setting
200 * mutex_init et al to 0.
201 */
202 int maxmutexes;
203 int maxsimultaneous;
204 size_t mutexsize;
205 int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
206 int (*mutex_acquire)(HWCryptoHook_Mutex*);
207 void (*mutex_release)(HWCryptoHook_Mutex*);
208 void (*mutex_destroy)(HWCryptoHook_Mutex*);
209
210 /* For greater efficiency, can use condition vars internally for
211 * synchronisation. In this case maxsimultaneous is ignored, but
212 * the other mutex stuff must be available. In singlethreaded
213 * programs, set everything to 0.
214 */
215 size_t condvarsize;
216 int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
217 int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
218 void (*condvar_signal)(HWCryptoHook_CondVar*);
219 void (*condvar_broadcast)(HWCryptoHook_CondVar*);
220 void (*condvar_destroy)(HWCryptoHook_CondVar*);
221
222 /* The semantics of acquiring and releasing mutexes and broadcasting
223 * and waiting on condition variables are expected to be those from
224 * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
225 * fast mutexes, recursive mutexes, or nonrecursive ones.
226 *
227 * The _release/_signal/_broadcast and _destroy functions must
228 * always succeed when given a valid argument; if they are given an
229 * invalid argument then the program (crypto plugin + application)
230 * has an internal error, and they should abort the program.
231 */
232
233 int (*getpassphrase)(const char *prompt_info,
234 int *len_io, char *buf,
235 HWCryptoHook_PassphraseContext *ppctx,
236 HWCryptoHook_CallerContext *cactx);
237 /* Passphrases and the prompt_info, if they contain high-bit-set
238 * characters, are UTF-8. The prompt_info may be a null pointer if
239 * no prompt information is available (it should not be an empty
240 * string). It will not contain text like `enter passphrase';
241 * instead it might say something like `Operator Card for John
242 * Smith' or `SmartCard in nFast Module #1, Slot #1'.
243 *
244 * buf points to a buffer in which to return the passphrase; on
245 * entry *len_io is the length of the buffer. It should be updated
246 * by the callback. The returned passphrase should not be
247 * null-terminated by the callback.
248 */
249
250 int (*getphystoken)(const char *prompt_info,
251 const char *wrong_info,
252 HWCryptoHook_PassphraseContext *ppctx,
253 HWCryptoHook_CallerContext *cactx);
254 /* Requests that the human user physically insert a different
255 * smartcard, DataKey, etc. The plugin should check whether the
256 * currently inserted token(s) are appropriate, and if they are it
257 * should not make this call.
258 *
259 * prompt_info is as before. wrong_info is a description of the
260 * currently inserted token(s) so that the user is told what
261 * something is. wrong_info, like prompt_info, may be null, but
262 * should not be an empty string. Its contents should be
263 * syntactically similar to that of prompt_info.
264 */
265
266 /* Note that a single LoadKey operation might cause several calls to
267 * getpassphrase and/or requestphystoken. If requestphystoken is
268 * not provided (ie, a null pointer is passed) then the plugin may
269 * not support loading keys for which authorisation by several cards
270 * is required. If getpassphrase is not provided then cards with
271 * passphrases may not be supported.
272 *
273 * getpassphrase and getphystoken do not need to check that the
274 * passphrase has been entered correctly or the correct token
275 * inserted; the crypto plugin will do that. If this is not the
276 * case then the crypto plugin is responsible for calling these
277 * routines again as appropriate until the correct token(s) and
278 * passphrase(s) are supplied as required, or until any retry limits
279 * implemented by the crypto plugin are reached.
280 *
281 * In either case, the application must allow the user to say `no'
282 * or `cancel' to indicate that they do not know the passphrase or
283 * have the appropriate token; this should cause the callback to
284 * return nonzero indicating error.
285 */
286
287 void (*logmessage)(void *logstream, const char *message);
288 /* A log message will be generated at least every time something goes
289 * wrong and an ErrMsgBuf is filled in (or would be if one was
290 * provided). Other diagnostic information may be written there too,
291 * including more detailed reasons for errors which are reported in an
292 * ErrMsgBuf.
293 *
294 * When a log message is generated, this callback is called. It
295 * should write a message to the relevant logging arrangements.
296 *
297 * The message string passed will be null-terminated and may be of arbitrary
298 * length. It will not be prefixed by the time and date, nor by the
299 * name of the library that is generating it - if this is required,
300 * the logmessage callback must do it. The message will not have a
301 * trailing newline (though it may contain internal newlines).
302 *
303 * If a null pointer is passed for logmessage a default function is
304 * used. The default function treats logstream as a FILE* which has
305 * been converted to a void*. If logstream is 0 it does nothing.
306 * Otherwise it prepends the date and time and library name and
307 * writes the message to logstream. Each line will be prefixed by a
308 * descriptive string containing the date, time and identity of the
309 * crypto plugin. Errors on the logstream are not reported
310 * anywhere, and the default function doesn't flush the stream, so
311 * the application must set the buffering how it wants it.
312 *
313 * The crypto plugin may also provide a facility to have copies of
314 * log messages sent elsewhere, and or for adjusting the verbosity
315 * of the log messages; any such facilities will be configured by
316 * external means.
317 */
318
319} HWCryptoHook_InitInfo;
320
321typedef
322HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
323 size_t initinfosize,
324 const HWCryptoHook_ErrMsgBuf *errors,
325 HWCryptoHook_CallerContext *cactx);
326extern HWCryptoHook_Init_t HWCryptoHook_Init;
327
328/* Caller should set initinfosize to the size of the HWCryptoHook struct,
329 * so it can be extended later.
330 *
331 * On success, a message for display or logging by the server,
332 * including the name and version number of the plugin, will be filled
333 * in into *errors; on failure *errors is used for error handling, as
334 * usual.
335 */
336
337/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
338 * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
339 * the output MPI buffer(s) was too small; the sizes of all have been
340 * set to the desired size (and for those where the buffer was large
341 * enough, the value may have been copied in), and no error message
342 * has been recorded.
343 *
344 * You may pass 0 for the errors struct. In any case, unless you set
345 * _NoStderr at init time then messages may be reported to stderr.
346 */
347
348/* The RSAImmed* functions (and key managed RSA) only work with
349 * modules which have an RSA patent licence - currently that means KM
350 * units; the ModExp* ones work with all modules, so you need a patent
351 * licence in the software in the US. They are otherwise identical.
352 */
353
354typedef
355void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
356extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
357/* You must not have any calls going or keys loaded when you call this. */
358
359typedef
360int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
361 unsigned char *buf, size_t len,
362 const HWCryptoHook_ErrMsgBuf *errors);
363extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
364
365typedef
366int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
367 HWCryptoHook_MPI a,
368 HWCryptoHook_MPI p,
369 HWCryptoHook_MPI n,
370 HWCryptoHook_MPI *r,
371 const HWCryptoHook_ErrMsgBuf *errors);
372extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
373
374typedef
375int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
376 HWCryptoHook_MPI m,
377 HWCryptoHook_MPI e,
378 HWCryptoHook_MPI n,
379 HWCryptoHook_MPI *r,
380 const HWCryptoHook_ErrMsgBuf *errors);
381extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
382
383typedef
384int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
385 HWCryptoHook_MPI a,
386 HWCryptoHook_MPI p,
387 HWCryptoHook_MPI q,
388 HWCryptoHook_MPI dmp1,
389 HWCryptoHook_MPI dmq1,
390 HWCryptoHook_MPI iqmp,
391 HWCryptoHook_MPI *r,
392 const HWCryptoHook_ErrMsgBuf *errors);
393extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
394
395typedef
396int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
397 HWCryptoHook_MPI m,
398 HWCryptoHook_MPI p,
399 HWCryptoHook_MPI q,
400 HWCryptoHook_MPI dmp1,
401 HWCryptoHook_MPI dmq1,
402 HWCryptoHook_MPI iqmp,
403 HWCryptoHook_MPI *r,
404 const HWCryptoHook_ErrMsgBuf *errors);
405extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
406
407/* The RSAImmed* and ModExp* functions may return E_FAILED or
408 * E_FALLBACK for failure.
409 *
410 * E_FAILED means the failure is permanent and definite and there
411 * should be no attempt to fall back to software. (Eg, for some
412 * applications, which support only the acceleration-only
413 * functions, the `key material' may actually be an encoded key
414 * identifier, and doing the operation in software would give wrong
415 * answers.)
416 *
417 * E_FALLBACK means that doing the computation in software would seem
418 * reasonable. If an application pays attention to this and is
419 * able to fall back, it should also set the Fallback init flags.
420 */
421
422typedef
423int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
424 const char *key_ident,
425 HWCryptoHook_RSAKeyHandle *keyhandle_r,
426 const HWCryptoHook_ErrMsgBuf *errors,
427 HWCryptoHook_PassphraseContext *ppctx);
428extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
429/* The key_ident is a null-terminated string configured by the
430 * user via the application's usual configuration mechanisms.
431 * It is provided to the user by the crypto provider's key management
432 * system. The user must be able to enter at least any string of between
433 * 1 and 1023 characters inclusive, consisting of printable 7-bit
434 * ASCII characters. The provider should avoid using
435 * any characters except alphanumerics and the punctuation
436 * characters _ - + . / @ ~ (the user is expected to be able
437 * to enter these without quoting). The string may be case-sensitive.
438 * The application may allow the user to enter other NULL-terminated strings,
439 * and the provider must cope (returning an error if the string is not
440 * valid).
441 *
442 * If the key does not exist, no error is recorded and 0 is returned;
443 * keyhandle_r will be set to 0 instead of to a key handle.
444 */
445
446typedef
447int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
448 HWCryptoHook_MPI *n,
449 HWCryptoHook_MPI *e,
450 const HWCryptoHook_ErrMsgBuf *errors);
451extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
452/* The crypto plugin will not store certificates.
453 *
454 * Although this function for acquiring the public key value is
455 * provided, it is not the purpose of this API to deal fully with the
456 * handling of the public key.
457 *
458 * It is expected that the crypto supplier's key generation program
459 * will provide general facilities for producing X.509
460 * self-certificates and certificate requests in PEM format. These
461 * will be given to the user so that they can configure them in the
462 * application, send them to CAs, or whatever.
463 *
464 * In case this kind of certificate handling is not appropriate, the
465 * crypto supplier's key generation program should be able to be
466 * configured not to generate such a self-certificate or certificate
467 * request. Then the application will need to do all of this, and
468 * will need to store and handle the public key and certificates
469 * itself.
470 */
471
472typedef
473int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
474 const HWCryptoHook_ErrMsgBuf *errors);
475extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
476/* Might fail due to locking problems, or other serious internal problems. */
477
478typedef
479int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
480 HWCryptoHook_RSAKeyHandle k,
481 HWCryptoHook_MPI *r,
482 const HWCryptoHook_ErrMsgBuf *errors);
483extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
484/* RSA private key operation (sign or decrypt) - raw, unpadded. */
485
486#endif /*HWCRYPTOHOOK_H*/
diff --git a/src/lib/libcrypto/engine/vendor_defns/sureware.h b/src/lib/libcrypto/engine/vendor_defns/sureware.h
new file mode 100644
index 0000000000..4bc22027f9
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
1/*
2* Written by Corinne Dive-Reclus(cdive@baltimore.com)
3*
4* Copyright@2001 Baltimore Technologies Ltd.
5* *
6* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
7* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
8* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
9* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
10* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
11* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
12* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
13* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
14* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
15* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
16* SUCH DAMAGE. *
17*
18*
19*/
20#ifdef WIN32
21#define SW_EXPORT __declspec ( dllexport )
22#else
23#define SW_EXPORT
24#endif
25
26/*
27* List of exposed SureWare errors
28*/
29#define SUREWAREHOOK_ERROR_FAILED -1
30#define SUREWAREHOOK_ERROR_FALLBACK -2
31#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
32#define SUREWAREHOOK_ERROR_DATA_SIZE -4
33#define SUREWAREHOOK_ERROR_INVALID_PAD -5
34/*
35* -----------------WARNING-----------------------------------
36* In all the following functions:
37* msg is a string with at least 24 bytes free.
38* A 24 bytes string will be concatenated to the existing content of msg.
39*/
40/*
41* SureWare Initialisation function
42* in param threadsafe, if !=0, thread safe enabled
43* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
44*/
45typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
46extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
47/*
48* SureWare Finish function
49*/
50typedef void SureWareHook_Finish_t();
51extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
52/*
53* PRE_CONDITION:
54* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
55*/
56/*
57* SureWare RAND Bytes function
58* In case of failure, the content of buf is unpredictable.
59* return 1 if success
60* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
61* SureWareHOOK_ERROR_FAILED if error while processing
62* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
63* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
64*
65* in/out param buf : a num bytes long buffer where random bytes will be put
66* in param num : the number of bytes into buf
67*/
68typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
69extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
70
71/*
72* SureWare RAND Seed function
73* Adds some seed to the Hardware Random Number Generator
74* return 1 if success
75* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
76* SureWareHOOK_ERROR_FAILED if error while processing
77* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
78* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
79*
80* in param buf : the seed to add into the HRNG
81* in param num : the number of bytes into buf
82*/
83typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
84extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
85
86/*
87* SureWare Load Private Key function
88* return 1 if success
89* SureWareHOOK_ERROR_FAILED if error while processing
90* No hardware is contact for this function.
91*
92* in param key_id :the name of the private protected key file without the extension
93 ".sws"
94* out param hptr : a pointer to a buffer allocated by SureWare_Hook
95* out param num: the effective key length in bytes
96* out param keytype: 1 if RSA 2 if DSA
97*/
98typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
99extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
100
101/*
102* SureWare Info Public Key function
103* return 1 if success
104* SureWareHOOK_ERROR_FAILED if error while processing
105* No hardware is contact for this function.
106*
107* in param key_id :the name of the private protected key file without the extension
108 ".swp"
109* out param hptr : a pointer to a buffer allocated by SureWare_Hook
110* out param num: the effective key length in bytes
111* out param keytype: 1 if RSA 2 if DSA
112*/
113typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
114 char *keytype);
115extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
116
117/*
118* SureWare Load Public Key function
119* return 1 if success
120* SureWareHOOK_ERROR_FAILED if error while processing
121* No hardware is contact for this function.
122*
123* in param key_id :the name of the public protected key file without the extension
124 ".swp"
125* in param num : the bytes size of n and e
126* out param n: where to write modulus in bn format
127* out param e: where to write exponent in bn format
128*/
129typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
130 unsigned long *n, unsigned long *e);
131extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
132
133/*
134* SureWare Load DSA Public Key function
135* return 1 if success
136* SureWareHOOK_ERROR_FAILED if error while processing
137* No hardware is contact for this function.
138*
139* in param key_id :the name of the public protected key file without the extension
140 ".swp"
141* in param num : the bytes size of n and e
142* out param pub: where to write pub key in bn format
143* out param p: where to write prime in bn format
144* out param q: where to write sunprime (length 20 bytes) in bn format
145* out param g: where to write base in bn format
146*/
147typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
148 unsigned long *pub, unsigned long *p,unsigned long*q,
149 unsigned long *g);
150extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
151
152/*
153* SureWare Free function
154* Destroy the key into the hardware if destroy==1
155*/
156typedef void SureWareHook_Free_t(char *p,int destroy);
157extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
158
159#define SUREWARE_PKCS1_PAD 1
160#define SUREWARE_ISO9796_PAD 2
161#define SUREWARE_NO_PAD 0
162/*
163* SureWare RSA Private Decryption
164* return 1 if success
165* SureWareHOOK_ERROR_FAILED if error while processing
166* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
167* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
168*
169* in param flen : byte size of from and to
170* in param from : encrypted data buffer, should be a not-null valid pointer
171* out param tlen: byte size of decrypted data, if error, unexpected value
172* out param to : decrypted data buffer, should be a not-null valid pointer
173* in param prsa: a protected key pointer, should be a not-null valid pointer
174* int padding: padding id as follow
175* SUREWARE_PKCS1_PAD
176* SUREWARE_NO_PAD
177*
178*/
179typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
180 int *tlen,unsigned char *to,
181 char *prsa,int padding);
182extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
183/*
184* SureWare RSA Signature
185* return 1 if success
186* SureWareHOOK_ERROR_FAILED if error while processing
187* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
188* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
189*
190* in param flen : byte size of from and to
191* in param from : encrypted data buffer, should be a not-null valid pointer
192* out param tlen: byte size of decrypted data, if error, unexpected value
193* out param to : decrypted data buffer, should be a not-null valid pointer
194* in param prsa: a protected key pointer, should be a not-null valid pointer
195* int padding: padding id as follow
196* SUREWARE_PKCS1_PAD
197* SUREWARE_ISO9796_PAD
198*
199*/
200typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
201 int *tlen,unsigned char *to,
202 char *prsa,int padding);
203extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
204/*
205* SureWare DSA Signature
206* return 1 if success
207* SureWareHOOK_ERROR_FAILED if error while processing
208* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
209* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
210*
211* in param flen : byte size of from and to
212* in param from : encrypted data buffer, should be a not-null valid pointer
213* out param to : decrypted data buffer, should be a 40bytes valid pointer
214* in param pdsa: a protected key pointer, should be a not-null valid pointer
215*
216*/
217typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
218 unsigned long *r,unsigned long *s,char *pdsa);
219extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
220
221
222/*
223* SureWare Mod Exp
224* return 1 if success
225* SureWareHOOK_ERROR_FAILED if error while processing
226* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
227* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
228*
229* mod and res are mlen bytes long.
230* exp is elen bytes long
231* data is dlen bytes long
232* mlen,elen and dlen are all multiple of sizeof(unsigned long)
233*/
234typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
235 int elen,const unsigned long *exponent,
236 int dlen,unsigned long *data,
237 unsigned long *res);
238extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
239
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 05:26:27 +0000