summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/engine')
-rw-r--r--src/lib/libcrypto/engine/Makefile.ssl556
-rw-r--r--src/lib/libcrypto/engine/eng_all.c17
-rw-r--r--src/lib/libcrypto/engine/eng_init.c2
-rw-r--r--src/lib/libcrypto/engine/engine.h3
-rw-r--r--src/lib/libcrypto/engine/enginetest.c274
-rw-r--r--src/lib/libcrypto/engine/hw.ec8
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca.c967
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca_err.c149
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca_err.h93
-rw-r--r--src/lib/libcrypto/engine/hw_aep.c1119
-rw-r--r--src/lib/libcrypto/engine/hw_aep_err.c157
-rw-r--r--src/lib/libcrypto/engine/hw_aep_err.h101
-rw-r--r--src/lib/libcrypto/engine/hw_atalla.c592
-rw-r--r--src/lib/libcrypto/engine/hw_atalla_err.c145
-rw-r--r--src/lib/libcrypto/engine/hw_atalla_err.h89
-rw-r--r--src/lib/libcrypto/engine/hw_cryptodev.c1107
-rw-r--r--src/lib/libcrypto/engine/hw_cswift.c924
-rw-r--r--src/lib/libcrypto/engine/hw_cswift_err.c149
-rw-r--r--src/lib/libcrypto/engine/hw_cswift_err.h93
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher.c1342
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher_err.c156
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher_err.h100
-rw-r--r--src/lib/libcrypto/engine/hw_nuron.c416
-rw-r--r--src/lib/libcrypto/engine/hw_nuron_err.c142
-rw-r--r--src/lib/libcrypto/engine/hw_nuron_err.h86
-rw-r--r--src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c594
-rw-r--r--src/lib/libcrypto/engine/hw_sureware_err.c150
-rw-r--r--src/lib/libcrypto/engine/hw_sureware_err.h94
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec.c1059
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec_err.c151
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec_err.h95
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/aep.h178
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/atalla.h48
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/cswift.h234
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h149
35 files changed, 11538 insertions, 1 deletions
diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..8bc8985e02
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile.ssl
@@ -0,0 +1,556 @@
1#
2# OpenSSL/crypto/engine/Makefile
3#
4
5DIR= engine
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKE= make -f Makefile.ssl
14MAKEDEPPROG= makedepend
15MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
16MAKEFILE= Makefile.ssl
17AR= ar r
18
19CFLAGS= $(INCLUDES) $(CFLAG)
20
21GENERAL=Makefile
22TEST= enginetest.c
23APPS=
24
25LIB=$(TOP)/libcrypto.a
26LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
27 eng_table.c eng_pkey.c eng_fat.c eng_all.c \
28 tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
29 eng_openssl.c eng_dyn.c eng_cnf.c \
30 hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
31 hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
32LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
33 eng_table.o eng_pkey.o eng_fat.o eng_all.o \
34 tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
35 eng_openssl.o eng_dyn.o eng_cnf.o \
36 hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
37 hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
38
39SRC= $(LIBSRC)
40
41EXHEADER= engine.h
42HEADER= $(EXHEADER)
43
44ALL= $(GENERAL) $(SRC) $(HEADER)
45
46top:
47 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
48
49all: lib
50
51lib: $(LIBOBJ)
52 $(AR) $(LIB) $(LIBOBJ)
53 $(RANLIB) $(LIB)
54 @touch lib
55
56files:
57 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
58
59links:
60 @sh $(TOP)/util/point.sh Makefile.ssl Makefile
61 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
62 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
63 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
64
65install:
66 @for i in $(EXHEADER) ; \
67 do \
68 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
69 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
70 done;
71
72tags:
73 ctags $(SRC)
74
75errors:
76 $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
77 -nostatic -staticloader -write hw_*.c
78
79tests:
80
81lint:
82 lint -DLINT $(INCLUDES) $(SRC)>fluff
83
84depend:
85 $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
86
87dclean:
88 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
89 mv -f Makefile.new $(MAKEFILE)
90
91clean:
92 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
93
94# DO NOT DELETE THIS LINE -- make depend depends on it.
95
96eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
97eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
98eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
99eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
100eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
101eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
102eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
103eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
104eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
105eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
106eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
107eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
108eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
109eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
110eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
111eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
112eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
113eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
114eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
115eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
116eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
117eng_cnf.o: ../cryptlib.h eng_cnf.c
118eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
119eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
120eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
121eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
122eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
123eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
124eng_ctrl.o: ../../include/openssl/opensslconf.h
125eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
126eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
127eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
128eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
129eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
130eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
131eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
132eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
133eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
134eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
135eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
136eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
137eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
138eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
139eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
140eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
141eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
142eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
143eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
144eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
145eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
146eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
147eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
148eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
149eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
150eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
151eng_err.o: ../../include/openssl/ui.h eng_err.c
152eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
153eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
154eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
155eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
156eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
157eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
158eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
159eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
160eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
161eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
162eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
163eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
164eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
165eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
166eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
167eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
168eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
169eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
170eng_init.o: ../../include/openssl/opensslconf.h
171eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
172eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
173eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
174eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
175eng_init.o: ../cryptlib.h eng_init.c eng_int.h
176eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
177eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
178eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
179eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
180eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
181eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
182eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
183eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
184eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
185eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
186eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
187eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
188eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
189eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
190eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
191eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
192eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
193eng_list.o: ../../include/openssl/opensslconf.h
194eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
195eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
196eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
197eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
198eng_list.o: ../cryptlib.h eng_int.h eng_list.c
199eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
200eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
201eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
202eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
203eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
204eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
205eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
206eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
207eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
208eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
209eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
210eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
211eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
212eng_openssl.o: ../../include/openssl/opensslconf.h
213eng_openssl.o: ../../include/openssl/opensslv.h
214eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
215eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
216eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
217eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
218eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
219eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
220eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
221eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
222eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
223eng_openssl.o: ../cryptlib.h eng_openssl.c
224eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
225eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
226eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
227eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
228eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
229eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
230eng_pkey.o: ../../include/openssl/opensslconf.h
231eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
232eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
233eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
234eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
235eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
236eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
237eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
238eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
239eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
240eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
241eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
242eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
243eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
244eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
245eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
246eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
247eng_table.o: ../../include/openssl/objects.h
248eng_table.o: ../../include/openssl/opensslconf.h
249eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
250eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
251eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
252eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
253eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
254eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
255eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
256eng_table.o: eng_int.h eng_table.c
257hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
258hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
259hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
260hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
261hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
262hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
263hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
264hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
265hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
266hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
267hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
268hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
269hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
270hw_4758_cca.o: ../../include/openssl/opensslconf.h
271hw_4758_cca.o: ../../include/openssl/opensslv.h
272hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
273hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
274hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
275hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
276hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
277hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
278hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
279hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
280hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
281hw_4758_cca.o: vendor_defns/hw_4758_cca.h
282hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
283hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
284hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
285hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
286hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
287hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
288hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
289hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
290hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
291hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
292hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
293hw_aep.o: vendor_defns/aep.h
294hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
295hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
296hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
297hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
298hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
299hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
300hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
301hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
302hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
303hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
304hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
305hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
306hw_atalla.o: vendor_defns/atalla.h
307hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
308hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
309hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
310hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
311hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
312hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
313hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
314hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
315hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
316hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
317hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
318hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
319hw_cswift.o: vendor_defns/cswift.h
320hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
321hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
322hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
323hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
324hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
325hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
326hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
327hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
328hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
329hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
330hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
331hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
332hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
333hw_ncipher.o: ../../include/openssl/opensslconf.h
334hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
335hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
336hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
337hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
338hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
339hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
340hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
341hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
342hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
343hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
344hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
345hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
346hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
347hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
348hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
349hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
350hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
351hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
352hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
353hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
354hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
355hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
356hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
357hw_cryptodev.o: ../../include/openssl/aes.h
358hw_cryptodev.o: ../../include/openssl/asn1.h
359hw_cryptodev.o: ../../include/openssl/bio.h
360hw_cryptodev.o: ../../include/openssl/blowfish.h
361hw_cryptodev.o: ../../include/openssl/bn.h
362hw_cryptodev.o: ../../include/openssl/cast.h
363hw_cryptodev.o: ../../include/openssl/conf.h
364hw_cryptodev.o: ../../include/openssl/crypto.h
365hw_cryptodev.o: ../../include/openssl/des.h
366hw_cryptodev.o: ../../include/openssl/des_old.h
367hw_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
368hw_cryptodev.o: ../../include/openssl/e_os2.h
369hw_cryptodev.o: ../../include/openssl/engine.h
370hw_cryptodev.o: ../../include/openssl/err.h
371hw_cryptodev.o: ../../include/openssl/evp.h
372hw_cryptodev.o: ../../include/openssl/idea.h
373hw_cryptodev.o: ../../include/openssl/lhash.h
374hw_cryptodev.o: ../../include/openssl/md2.h
375hw_cryptodev.o: ../../include/openssl/md4.h
376hw_cryptodev.o: ../../include/openssl/md5.h
377hw_cryptodev.o: ../../include/openssl/mdc2.h
378hw_cryptodev.o: ../../include/openssl/obj_mac.h
379hw_cryptodev.o: ../../include/openssl/objects.h
380hw_cryptodev.o: ../../include/openssl/opensslconf.h
381hw_cryptodev.o: ../../include/openssl/opensslv.h
382hw_cryptodev.o: ../../include/openssl/ossl_typ.h
383hw_cryptodev.o: ../../include/openssl/rand.h
384hw_cryptodev.o: ../../include/openssl/rc2.h
385hw_cryptodev.o: ../../include/openssl/rc4.h
386hw_cryptodev.o: ../../include/openssl/rc5.h
387hw_cryptodev.o: ../../include/openssl/ripemd.h
388hw_cryptodev.o: ../../include/openssl/rsa.h
389hw_cryptodev.o: ../../include/openssl/safestack.h
390hw_cryptodev.o: ../../include/openssl/sha.h
391hw_cryptodev.o: ../../include/openssl/stack.h
392hw_cryptodev.o: ../../include/openssl/symhacks.h
393hw_cryptodev.o: ../../include/openssl/ui.h
394hw_cryptodev.o: ../../include/openssl/ui_compat.h ../evp/evp_locl.h
395hw_cryptodev.o: eng_int.h hw_cryptodev.c
396hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
397hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
398hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
399hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
400hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
401hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
402hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
403hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
404hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
405hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
406hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
407hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
408hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
409hw_sureware.o: ../../include/openssl/opensslconf.h
410hw_sureware.o: ../../include/openssl/opensslv.h
411hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
412hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
413hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
414hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
415hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
416hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
417hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
418hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
419hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
420hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
421hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
422hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
423hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
424hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
425hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
426hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
427hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
428hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
429hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
430hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
431hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
432hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
433hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
434hw_ubsec.o: vendor_defns/hw_ubsec.h
435tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
436tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
437tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
438tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
439tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
440tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
441tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
442tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
443tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
444tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
445tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
446tb_cipher.o: ../../include/openssl/objects.h
447tb_cipher.o: ../../include/openssl/opensslconf.h
448tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
449tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
450tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
451tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
452tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
453tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
454tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
455tb_cipher.o: eng_int.h tb_cipher.c
456tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
457tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
458tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
459tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
460tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
461tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
462tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
463tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
464tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
465tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
466tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
467tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
468tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
469tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
470tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
471tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
472tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
473tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
474tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
475tb_dh.o: tb_dh.c
476tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
477tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
478tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
479tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
480tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
481tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
482tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
483tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
484tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
485tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
486tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
487tb_digest.o: ../../include/openssl/objects.h
488tb_digest.o: ../../include/openssl/opensslconf.h
489tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
490tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
491tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
492tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
493tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
494tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
495tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
496tb_digest.o: eng_int.h tb_digest.c
497tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
498tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
499tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
500tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
501tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
502tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
503tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
504tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
505tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
506tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
507tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
508tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
509tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
510tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
511tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
512tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
513tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
514tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
515tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
516tb_dsa.o: eng_int.h tb_dsa.c
517tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
518tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
519tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
520tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
521tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
522tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
523tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
524tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
525tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
526tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
527tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
528tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
529tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
530tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
531tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
532tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
533tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
534tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
535tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
536tb_rand.o: eng_int.h tb_rand.c
537tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
538tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
539tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
540tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
541tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
542tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
543tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
544tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
545tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
546tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
547tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
548tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
549tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
550tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
551tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
552tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
553tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
554tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
555tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
556tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index b3030fe505..bc50465422 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -60,6 +60,10 @@
60#include <openssl/engine.h> 60#include <openssl/engine.h>
61#include "eng_int.h" 61#include "eng_int.h"
62 62
63#ifdef __OpenBSD__
64static int openbsd_default_loaded = 0;
65#endif
66
63void ENGINE_load_builtin_engines(void) 67void ENGINE_load_builtin_engines(void)
64 { 68 {
65 /* There's no longer any need for an "openssl" ENGINE unless, one day, 69 /* There's no longer any need for an "openssl" ENGINE unless, one day,
@@ -98,5 +102,18 @@ void ENGINE_load_builtin_engines(void)
98#ifdef OPENSSL_OPENBSD_DEV_CRYPTO 102#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
99 ENGINE_load_openbsd_dev_crypto(); 103 ENGINE_load_openbsd_dev_crypto();
100#endif 104#endif
105#ifdef __OpenBSD__
106 ENGINE_load_cryptodev();
107#endif
101#endif 108#endif
102 } 109 }
110
111#ifdef __OpenBSD__
112void ENGINE_setup_openbsd(void) {
113 if (!openbsd_default_loaded) {
114 ENGINE_load_cryptodev();
115 ENGINE_register_all_complete();
116 }
117 openbsd_default_loaded=1;
118}
119#endif
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
index 98caa21e32..170c1791b3 100644
--- a/src/lib/libcrypto/engine/eng_init.c
+++ b/src/lib/libcrypto/engine/eng_init.c
@@ -93,7 +93,7 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
93 * there's a chance that both threads will together take the count from 93 * there's a chance that both threads will together take the count from
94 * 2 to 0 without either calling finish(). */ 94 * 2 to 0 without either calling finish(). */
95 e->funct_ref--; 95 e->funct_ref--;
96 engine_ref_debug(e, 1, -1) 96 engine_ref_debug(e, 1, -1);
97 if((e->funct_ref == 0) && e->finish) 97 if((e->funct_ref == 0) && e->finish)
98 { 98 {
99 if(unlock_for_handlers) 99 if(unlock_for_handlers)
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index cf06618286..fd17ff616d 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -309,6 +309,9 @@ void ENGINE_load_sureware(void);
309void ENGINE_load_4758cca(void); 309void ENGINE_load_4758cca(void);
310void ENGINE_load_openbsd_dev_crypto(void); 310void ENGINE_load_openbsd_dev_crypto(void);
311void ENGINE_load_builtin_engines(void); 311void ENGINE_load_builtin_engines(void);
312#ifdef __OpenBSD__
313void ENGINE_load_cryptodev(void);
314#endif
312 315
313/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation 316/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
314 * "registry" handling. */ 317 * "registry" handling. */
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
new file mode 100644
index 0000000000..87fa8c57b7
--- /dev/null
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -0,0 +1,274 @@
1/* crypto/engine/enginetest.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/e_os2.h>
60#include <stdio.h>
61#include <string.h>
62#include <openssl/buffer.h>
63#include <openssl/crypto.h>
64#include <openssl/engine.h>
65#include <openssl/err.h>
66
67static void display_engine_list()
68 {
69 ENGINE *h;
70 int loop;
71
72 h = ENGINE_get_first();
73 loop = 0;
74 printf("listing available engine types\n");
75 while(h)
76 {
77 printf("engine %i, id = \"%s\", name = \"%s\"\n",
78 loop++, ENGINE_get_id(h), ENGINE_get_name(h));
79 h = ENGINE_get_next(h);
80 }
81 printf("end of list\n");
82 /* ENGINE_get_first() increases the struct_ref counter, so we
83 must call ENGINE_free() to decrease it again */
84 ENGINE_free(h);
85 }
86
87int main(int argc, char *argv[])
88 {
89 ENGINE *block[512];
90 char buf[256];
91 const char *id, *name;
92 ENGINE *ptr;
93 int loop;
94 int to_return = 1;
95 ENGINE *new_h1 = NULL;
96 ENGINE *new_h2 = NULL;
97 ENGINE *new_h3 = NULL;
98 ENGINE *new_h4 = NULL;
99
100 /* enable memory leak checking unless explicitly disabled */
101 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
102 {
103 CRYPTO_malloc_debug_init();
104 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
105 }
106 else
107 {
108 /* OPENSSL_DEBUG_MEMORY=off */
109 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
110 }
111 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
112 ERR_load_crypto_strings();
113
114 memset(block, 0, 512 * sizeof(ENGINE *));
115 if(((new_h1 = ENGINE_new()) == NULL) ||
116 !ENGINE_set_id(new_h1, "test_id0") ||
117 !ENGINE_set_name(new_h1, "First test item") ||
118 ((new_h2 = ENGINE_new()) == NULL) ||
119 !ENGINE_set_id(new_h2, "test_id1") ||
120 !ENGINE_set_name(new_h2, "Second test item") ||
121 ((new_h3 = ENGINE_new()) == NULL) ||
122 !ENGINE_set_id(new_h3, "test_id2") ||
123 !ENGINE_set_name(new_h3, "Third test item") ||
124 ((new_h4 = ENGINE_new()) == NULL) ||
125 !ENGINE_set_id(new_h4, "test_id3") ||
126 !ENGINE_set_name(new_h4, "Fourth test item"))
127 {
128 printf("Couldn't set up test ENGINE structures\n");
129 goto end;
130 }
131 printf("\nenginetest beginning\n\n");
132 display_engine_list();
133 if(!ENGINE_add(new_h1))
134 {
135 printf("Add failed!\n");
136 goto end;
137 }
138 display_engine_list();
139 ptr = ENGINE_get_first();
140 if(!ENGINE_remove(ptr))
141 {
142 printf("Remove failed!\n");
143 goto end;
144 }
145 if (ptr)
146 ENGINE_free(ptr);
147 display_engine_list();
148 if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
149 {
150 printf("Add failed!\n");
151 goto end;
152 }
153 display_engine_list();
154 if(!ENGINE_remove(new_h2))
155 {
156 printf("Remove failed!\n");
157 goto end;
158 }
159 display_engine_list();
160 if(!ENGINE_add(new_h4))
161 {
162 printf("Add failed!\n");
163 goto end;
164 }
165 display_engine_list();
166 if(ENGINE_add(new_h3))
167 {
168 printf("Add *should* have failed but didn't!\n");
169 goto end;
170 }
171 else
172 printf("Add that should fail did.\n");
173 ERR_clear_error();
174 if(ENGINE_remove(new_h2))
175 {
176 printf("Remove *should* have failed but didn't!\n");
177 goto end;
178 }
179 else
180 printf("Remove that should fail did.\n");
181 ERR_clear_error();
182 if(!ENGINE_remove(new_h3))
183 {
184 printf("Remove failed!\n");
185 goto end;
186 }
187 display_engine_list();
188 if(!ENGINE_remove(new_h4))
189 {
190 printf("Remove failed!\n");
191 goto end;
192 }
193 display_engine_list();
194 /* Depending on whether there's any hardware support compiled
195 * in, this remove may be destined to fail. */
196 ptr = ENGINE_get_first();
197 if(ptr)
198 if(!ENGINE_remove(ptr))
199 printf("Remove failed!i - probably no hardware "
200 "support present.\n");
201 if (ptr)
202 ENGINE_free(ptr);
203 display_engine_list();
204 if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
205 {
206 printf("Couldn't add and remove to an empty list!\n");
207 goto end;
208 }
209 else
210 printf("Successfully added and removed to an empty list!\n");
211 printf("About to beef up the engine-type list\n");
212 for(loop = 0; loop < 512; loop++)
213 {
214 sprintf(buf, "id%i", loop);
215 id = BUF_strdup(buf);
216 sprintf(buf, "Fake engine type %i", loop);
217 name = BUF_strdup(buf);
218 if(((block[loop] = ENGINE_new()) == NULL) ||
219 !ENGINE_set_id(block[loop], id) ||
220 !ENGINE_set_name(block[loop], name))
221 {
222 printf("Couldn't create block of ENGINE structures.\n"
223 "I'll probably also core-dump now, damn.\n");
224 goto end;
225 }
226 }
227 for(loop = 0; loop < 512; loop++)
228 {
229 if(!ENGINE_add(block[loop]))
230 {
231 printf("\nAdding stopped at %i, (%s,%s)\n",
232 loop, ENGINE_get_id(block[loop]),
233 ENGINE_get_name(block[loop]));
234 goto cleanup_loop;
235 }
236 else
237 printf("."); fflush(stdout);
238 }
239cleanup_loop:
240 printf("\nAbout to empty the engine-type list\n");
241 while((ptr = ENGINE_get_first()) != NULL)
242 {
243 if(!ENGINE_remove(ptr))
244 {
245 printf("\nRemove failed!\n");
246 goto end;
247 }
248 ENGINE_free(ptr);
249 printf("."); fflush(stdout);
250 }
251 for(loop = 0; loop < 512; loop++)
252 {
253 OPENSSL_free((void *)ENGINE_get_id(block[loop]));
254 OPENSSL_free((void *)ENGINE_get_name(block[loop]));
255 }
256 printf("\nTests completed happily\n");
257 to_return = 0;
258end:
259 if(to_return)
260 ERR_print_errors_fp(stderr);
261 if(new_h1) ENGINE_free(new_h1);
262 if(new_h2) ENGINE_free(new_h2);
263 if(new_h3) ENGINE_free(new_h3);
264 if(new_h4) ENGINE_free(new_h4);
265 for(loop = 0; loop < 512; loop++)
266 if(block[loop])
267 ENGINE_free(block[loop]);
268 ENGINE_cleanup();
269 CRYPTO_cleanup_all_ex_data();
270 ERR_free_strings();
271 ERR_remove_state(0);
272 CRYPTO_mem_leaks_fp(stderr);
273 return to_return;
274 }
diff --git a/src/lib/libcrypto/engine/hw.ec b/src/lib/libcrypto/engine/hw.ec
new file mode 100644
index 0000000000..5481a43918
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw.ec
@@ -0,0 +1,8 @@
1L AEPHK hw_aep_err.h hw_aep_err.c
2L ATALLA hw_atalla_err.h hw_atalla_err.c
3L CSWIFT hw_cswift_err.h hw_cswift_err.c
4L HWCRHK hw_ncipher_err.h hw_ncipher_err.c
5L NURON hw_nuron_err.h hw_nuron_err.c
6L SUREWARE hw_sureware_err.h hw_sureware_err.c
7L UBSEC hw_ubsec_err.h hw_ubsec_err.c
8L CCA4758 hw_4758_cca_err.h hw_4758_cca_err.c
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
new file mode 100644
index 0000000000..f404b1a3b8
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -0,0 +1,967 @@
1/* Author: Maurice Gittens <maurice@gittens.nl> */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57#include <openssl/crypto.h>
58/* #include <openssl/pem.h> */
59#include "cryptlib.h"
60#include <openssl/dso.h>
61#include <openssl/x509.h>
62#include <openssl/objects.h>
63#include <openssl/engine.h>
64
65#ifndef OPENSSL_NO_HW
66#ifndef OPENSSL_NO_HW_4758_CCA
67
68#ifdef FLAT_INC
69#include "hw_4758_cca.h"
70#else
71#include "vendor_defns/hw_4758_cca.h"
72#endif
73
74#include "hw_4758_cca_err.c"
75
76static int ibm_4758_cca_destroy(ENGINE *e);
77static int ibm_4758_cca_init(ENGINE *e);
78static int ibm_4758_cca_finish(ENGINE *e);
79static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
80
81/* rsa functions */
82/*---------------*/
83#ifndef OPENSSL_NO_RSA
84static int cca_rsa_pub_enc(int flen, const unsigned char *from,
85 unsigned char *to, RSA *rsa,int padding);
86static int cca_rsa_priv_dec(int flen, const unsigned char *from,
87 unsigned char *to, RSA *rsa,int padding);
88static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
89 unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
90static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
91 unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
92
93/* utility functions */
94/*-----------------------*/
95static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
96 UI_METHOD *ui_method, void *callback_data);
97static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
98 UI_METHOD *ui_method, void *callback_data);
99
100static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
101 unsigned char *exponent, long *modulusLength,
102 long *modulusFieldLength, unsigned char *modulus);
103#endif
104
105/* RAND number functions */
106/*-----------------------*/
107static int cca_get_random_bytes(unsigned char*, int );
108static int cca_random_status(void);
109
110static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
111 int idx,long argl, void *argp);
112
113/* Function pointers for CCA verbs */
114/*---------------------------------*/
115#ifndef OPENSSL_NO_RSA
116static F_KEYRECORDREAD keyRecordRead;
117static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
118static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
119static F_PUBLICKEYEXTRACT publicKeyExtract;
120static F_PKAENCRYPT pkaEncrypt;
121static F_PKADECRYPT pkaDecrypt;
122#endif
123static F_RANDOMNUMBERGENERATE randomNumberGenerate;
124
125/* static variables */
126/*------------------*/
127static const char *CCA4758_LIB_NAME = NULL;
128static const char *get_CCA4758_LIB_NAME(void)
129 {
130 if(CCA4758_LIB_NAME)
131 return CCA4758_LIB_NAME;
132 return CCA_LIB_NAME;
133 }
134static void free_CCA4758_LIB_NAME(void)
135 {
136 if(CCA4758_LIB_NAME)
137 OPENSSL_free((void*)CCA4758_LIB_NAME);
138 CCA4758_LIB_NAME = NULL;
139 }
140static long set_CCA4758_LIB_NAME(const char *name)
141 {
142 free_CCA4758_LIB_NAME();
143 return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
144 }
145#ifndef OPENSSL_NO_RSA
146static const char* n_keyRecordRead = CSNDKRR;
147static const char* n_digitalSignatureGenerate = CSNDDSG;
148static const char* n_digitalSignatureVerify = CSNDDSV;
149static const char* n_publicKeyExtract = CSNDPKX;
150static const char* n_pkaEncrypt = CSNDPKE;
151static const char* n_pkaDecrypt = CSNDPKD;
152#endif
153static const char* n_randomNumberGenerate = CSNBRNG;
154
155static int hndidx = -1;
156static DSO *dso = NULL;
157
158/* openssl engine initialization structures */
159/*------------------------------------------*/
160
161#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
162static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
163 {CCA4758_CMD_SO_PATH,
164 "SO_PATH",
165 "Specifies the path to the '4758cca' shared library",
166 ENGINE_CMD_FLAG_STRING},
167 {0, NULL, NULL, 0}
168 };
169
170#ifndef OPENSSL_NO_RSA
171static RSA_METHOD ibm_4758_cca_rsa =
172 {
173 "IBM 4758 CCA RSA method",
174 cca_rsa_pub_enc,
175 NULL,
176 NULL,
177 cca_rsa_priv_dec,
178 NULL, /*rsa_mod_exp,*/
179 NULL, /*mod_exp_mont,*/
180 NULL, /* init */
181 NULL, /* finish */
182 RSA_FLAG_SIGN_VER, /* flags */
183 NULL, /* app_data */
184 cca_rsa_sign, /* rsa_sign */
185 cca_rsa_verify /* rsa_verify */
186 };
187#endif
188
189static RAND_METHOD ibm_4758_cca_rand =
190 {
191 /* "IBM 4758 RAND method", */
192 NULL, /* seed */
193 cca_get_random_bytes, /* get random bytes from the card */
194 NULL, /* cleanup */
195 NULL, /* add */
196 cca_get_random_bytes, /* pseudo rand */
197 cca_random_status, /* status */
198 };
199
200static const char *engine_4758_cca_id = "4758cca";
201static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
202
203/* engine implementation */
204/*-----------------------*/
205static int bind_helper(ENGINE *e)
206 {
207 if(!ENGINE_set_id(e, engine_4758_cca_id) ||
208 !ENGINE_set_name(e, engine_4758_cca_name) ||
209#ifndef OPENSSL_NO_RSA
210 !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
211#endif
212 !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
213 !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
214 !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
215 !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
216 !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
217 !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
218 !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
219 !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
220 return 0;
221 /* Ensure the error handling is set up */
222 ERR_load_CCA4758_strings();
223 return 1;
224 }
225
226static ENGINE *engine_4758_cca(void)
227 {
228 ENGINE *ret = ENGINE_new();
229 if(!ret)
230 return NULL;
231 if(!bind_helper(ret))
232 {
233 ENGINE_free(ret);
234 return NULL;
235 }
236 return ret;
237 }
238
239void ENGINE_load_4758cca(void)
240 {
241 ENGINE *e_4758 = engine_4758_cca();
242 if (!e_4758) return;
243 ENGINE_add(e_4758);
244 ENGINE_free(e_4758);
245 ERR_clear_error();
246 }
247
248static int ibm_4758_cca_destroy(ENGINE *e)
249 {
250 ERR_unload_CCA4758_strings();
251 free_CCA4758_LIB_NAME();
252 return 1;
253 }
254
255static int ibm_4758_cca_init(ENGINE *e)
256 {
257 if(dso)
258 {
259 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
260 goto err;
261 }
262
263 dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
264 if(!dso)
265 {
266 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
267 goto err;
268 }
269
270#ifndef OPENSSL_NO_RSA
271 if(!(keyRecordRead = (F_KEYRECORDREAD)
272 DSO_bind_func(dso, n_keyRecordRead)) ||
273 !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
274 DSO_bind_func(dso, n_randomNumberGenerate)) ||
275 !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
276 DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
277 !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
278 DSO_bind_func(dso, n_digitalSignatureVerify)) ||
279 !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
280 DSO_bind_func(dso, n_publicKeyExtract)) ||
281 !(pkaEncrypt = (F_PKAENCRYPT)
282 DSO_bind_func(dso, n_pkaEncrypt)) ||
283 !(pkaDecrypt = (F_PKADECRYPT)
284 DSO_bind_func(dso, n_pkaDecrypt)))
285 {
286 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
287 goto err;
288 }
289#else
290 if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
291 DSO_bind_func(dso, n_randomNumberGenerate)))
292 {
293 CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
294 goto err;
295 }
296#endif
297
298 hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
299 NULL, NULL, cca_ex_free);
300
301 return 1;
302err:
303 if(dso)
304 DSO_free(dso);
305 dso = NULL;
306
307 keyRecordRead = (F_KEYRECORDREAD)0;
308 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
309 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
310 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
311 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
312 pkaEncrypt = (F_PKAENCRYPT)0;
313 pkaDecrypt = (F_PKADECRYPT)0;
314 return 0;
315 }
316
317static int ibm_4758_cca_finish(ENGINE *e)
318 {
319 free_CCA4758_LIB_NAME();
320 if(!dso)
321 {
322 CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
323 CCA4758_R_NOT_LOADED);
324 return 0;
325 }
326 if(!DSO_free(dso))
327 {
328 CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
329 CCA4758_R_UNIT_FAILURE);
330 return 0;
331 }
332 dso = NULL;
333 keyRecordRead = (F_KEYRECORDREAD)0;
334 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
335 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
336 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
337 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
338 pkaEncrypt = (F_PKAENCRYPT)0;
339 pkaDecrypt = (F_PKADECRYPT)0;
340 return 1;
341 }
342
343static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
344 {
345 int initialised = ((dso == NULL) ? 0 : 1);
346 switch(cmd)
347 {
348 case CCA4758_CMD_SO_PATH:
349 if(p == NULL)
350 {
351 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
352 ERR_R_PASSED_NULL_PARAMETER);
353 return 0;
354 }
355 if(initialised)
356 {
357 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
358 CCA4758_R_ALREADY_LOADED);
359 return 0;
360 }
361 return set_CCA4758_LIB_NAME((const char *)p);
362 default:
363 break;
364 }
365 CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
366 CCA4758_R_COMMAND_NOT_IMPLEMENTED);
367 return 0;
368 }
369
370#ifndef OPENSSL_NO_RSA
371
372#define MAX_CCA_PKA_TOKEN_SIZE 2500
373
374static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
375 UI_METHOD *ui_method, void *callback_data)
376 {
377 RSA *rtmp = NULL;
378 EVP_PKEY *res = NULL;
379 unsigned char* keyToken = NULL;
380 unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
381 long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
382 long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
383 long returnCode;
384 long reasonCode;
385 long exitDataLength = 0;
386 long ruleArrayLength = 0;
387 unsigned char exitData[8];
388 unsigned char ruleArray[8];
389 unsigned char keyLabel[64];
390 long keyLabelLength = strlen(key_id);
391 unsigned char modulus[256];
392 long modulusFieldLength = sizeof(modulus);
393 long modulusLength = 0;
394 unsigned char exponent[256];
395 long exponentLength = sizeof(exponent);
396
397 if (keyLabelLength > sizeof(keyLabel))
398 {
399 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
400 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
401 return NULL;
402 }
403
404 memset(keyLabel,' ', sizeof(keyLabel));
405 memcpy(keyLabel, key_id, keyLabelLength);
406
407 keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
408 if (!keyToken)
409 {
410 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
411 ERR_R_MALLOC_FAILURE);
412 goto err;
413 }
414
415 keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
416 exitData, &ruleArrayLength, ruleArray, keyLabel,
417 &keyTokenLength, keyToken+sizeof(long));
418
419 if (returnCode)
420 {
421 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
422 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
423 goto err;
424 }
425
426 publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
427 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
428 keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
429
430 if (returnCode)
431 {
432 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
433 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
434 goto err;
435 }
436
437 if (!getModulusAndExponent(pubKeyToken, &exponentLength,
438 exponent, &modulusLength, &modulusFieldLength,
439 modulus))
440 {
441 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
442 CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
443 goto err;
444 }
445
446 (*(long*)keyToken) = keyTokenLength;
447 rtmp = RSA_new_method(e);
448 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
449
450 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
451 rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
452 rtmp->flags |= RSA_FLAG_EXT_PKEY;
453
454 res = EVP_PKEY_new();
455 EVP_PKEY_assign_RSA(res, rtmp);
456
457 return res;
458err:
459 if (keyToken)
460 OPENSSL_free(keyToken);
461 if (res)
462 EVP_PKEY_free(res);
463 if (rtmp)
464 RSA_free(rtmp);
465 return NULL;
466 }
467
468static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
469 UI_METHOD *ui_method, void *callback_data)
470 {
471 RSA *rtmp = NULL;
472 EVP_PKEY *res = NULL;
473 unsigned char* keyToken = NULL;
474 long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
475 long returnCode;
476 long reasonCode;
477 long exitDataLength = 0;
478 long ruleArrayLength = 0;
479 unsigned char exitData[8];
480 unsigned char ruleArray[8];
481 unsigned char keyLabel[64];
482 long keyLabelLength = strlen(key_id);
483 unsigned char modulus[512];
484 long modulusFieldLength = sizeof(modulus);
485 long modulusLength = 0;
486 unsigned char exponent[512];
487 long exponentLength = sizeof(exponent);
488
489 if (keyLabelLength > sizeof(keyLabel))
490 {
491 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
492 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
493 return NULL;
494 }
495
496 memset(keyLabel,' ', sizeof(keyLabel));
497 memcpy(keyLabel, key_id, keyLabelLength);
498
499 keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
500 if (!keyToken)
501 {
502 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,
503 ERR_R_MALLOC_FAILURE);
504 goto err;
505 }
506
507 keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
508 &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
509 keyToken+sizeof(long));
510
511 if (returnCode)
512 {
513 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
514 ERR_R_MALLOC_FAILURE);
515 goto err;
516 }
517
518 if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
519 exponent, &modulusLength, &modulusFieldLength, modulus))
520 {
521 CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
522 CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
523 goto err;
524 }
525
526 (*(long*)keyToken) = keyTokenLength;
527 rtmp = RSA_new_method(e);
528 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
529 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
530 rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
531 rtmp->flags |= RSA_FLAG_EXT_PKEY;
532 res = EVP_PKEY_new();
533 EVP_PKEY_assign_RSA(res, rtmp);
534
535 return res;
536err:
537 if (keyToken)
538 OPENSSL_free(keyToken);
539 if (res)
540 EVP_PKEY_free(res);
541 if (rtmp)
542 RSA_free(rtmp);
543 return NULL;
544 }
545
546static int cca_rsa_pub_enc(int flen, const unsigned char *from,
547 unsigned char *to, RSA *rsa,int padding)
548 {
549 long returnCode;
550 long reasonCode;
551 long lflen = flen;
552 long exitDataLength = 0;
553 unsigned char exitData[8];
554 long ruleArrayLength = 1;
555 unsigned char ruleArray[8] = "PKCS-1.2";
556 long dataStructureLength = 0;
557 unsigned char dataStructure[8];
558 long outputLength = RSA_size(rsa);
559 long keyTokenLength;
560 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
561
562 keyTokenLength = *(long*)keyToken;
563 keyToken+=sizeof(long);
564
565 pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
566 &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
567 &dataStructureLength, dataStructure, &keyTokenLength,
568 keyToken, &outputLength, to);
569
570 if (returnCode || reasonCode)
571 return -(returnCode << 16 | reasonCode);
572 return outputLength;
573 }
574
575static int cca_rsa_priv_dec(int flen, const unsigned char *from,
576 unsigned char *to, RSA *rsa,int padding)
577 {
578 long returnCode;
579 long reasonCode;
580 long lflen = flen;
581 long exitDataLength = 0;
582 unsigned char exitData[8];
583 long ruleArrayLength = 1;
584 unsigned char ruleArray[8] = "PKCS-1.2";
585 long dataStructureLength = 0;
586 unsigned char dataStructure[8];
587 long outputLength = RSA_size(rsa);
588 long keyTokenLength;
589 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
590
591 keyTokenLength = *(long*)keyToken;
592 keyToken+=sizeof(long);
593
594 pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
595 &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
596 &dataStructureLength, dataStructure, &keyTokenLength,
597 keyToken, &outputLength, to);
598
599 return (returnCode | reasonCode) ? 0 : 1;
600 }
601
602#define SSL_SIG_LEN 36
603
604static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
605 unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
606 {
607 long returnCode;
608 long reasonCode;
609 long lsiglen = siglen;
610 long exitDataLength = 0;
611 unsigned char exitData[8];
612 long ruleArrayLength = 1;
613 unsigned char ruleArray[8] = "PKCS-1.1";
614 long keyTokenLength;
615 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
616 long length = SSL_SIG_LEN;
617 long keyLength ;
618 unsigned char *hashBuffer = NULL;
619 X509_SIG sig;
620 ASN1_TYPE parameter;
621 X509_ALGOR algorithm;
622 ASN1_OCTET_STRING digest;
623
624 keyTokenLength = *(long*)keyToken;
625 keyToken+=sizeof(long);
626
627 if (type == NID_md5 || type == NID_sha1)
628 {
629 sig.algor = &algorithm;
630 algorithm.algorithm = OBJ_nid2obj(type);
631
632 if (!algorithm.algorithm)
633 {
634 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
635 CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
636 return 0;
637 }
638
639 if (!algorithm.algorithm->length)
640 {
641 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
642 CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
643 return 0;
644 }
645
646 parameter.type = V_ASN1_NULL;
647 parameter.value.ptr = NULL;
648 algorithm.parameter = &parameter;
649
650 sig.digest = &digest;
651 sig.digest->data = (unsigned char*)m;
652 sig.digest->length = m_len;
653
654 length = i2d_X509_SIG(&sig, NULL);
655 }
656
657 keyLength = RSA_size(rsa);
658
659 if (length - RSA_PKCS1_PADDING > keyLength)
660 {
661 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
662 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
663 return 0;
664 }
665
666 switch (type)
667 {
668 case NID_md5_sha1 :
669 if (m_len != SSL_SIG_LEN)
670 {
671 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
672 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
673 return 0;
674 }
675
676 hashBuffer = (unsigned char *)m;
677 length = m_len;
678 break;
679 case NID_md5 :
680 {
681 unsigned char *ptr;
682 ptr = hashBuffer = OPENSSL_malloc(
683 (unsigned int)keyLength+1);
684 if (!hashBuffer)
685 {
686 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
687 ERR_R_MALLOC_FAILURE);
688 return 0;
689 }
690
691 i2d_X509_SIG(&sig, &ptr);
692 }
693 break;
694 case NID_sha1 :
695 {
696 unsigned char *ptr;
697 ptr = hashBuffer = OPENSSL_malloc(
698 (unsigned int)keyLength+1);
699 if (!hashBuffer)
700 {
701 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
702 ERR_R_MALLOC_FAILURE);
703 return 0;
704 }
705 i2d_X509_SIG(&sig, &ptr);
706 }
707 break;
708 default:
709 return 0;
710 }
711
712 digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
713 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
714 keyToken, &length, hashBuffer, &lsiglen, sigbuf);
715
716 if (type == NID_sha1 || type == NID_md5)
717 {
718 memset(hashBuffer, 0, keyLength+1);
719 OPENSSL_free(hashBuffer);
720 }
721
722 return ((returnCode || reasonCode) ? 0 : 1);
723 }
724
725#define SSL_SIG_LEN 36
726
727static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
728 unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
729 {
730 long returnCode;
731 long reasonCode;
732 long exitDataLength = 0;
733 unsigned char exitData[8];
734 long ruleArrayLength = 1;
735 unsigned char ruleArray[8] = "PKCS-1.1";
736 long outputLength=256;
737 long outputBitLength;
738 long keyTokenLength;
739 unsigned char *hashBuffer = NULL;
740 unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
741 long length = SSL_SIG_LEN;
742 long keyLength ;
743 X509_SIG sig;
744 ASN1_TYPE parameter;
745 X509_ALGOR algorithm;
746 ASN1_OCTET_STRING digest;
747
748 keyTokenLength = *(long*)keyToken;
749 keyToken+=sizeof(long);
750
751 if (type == NID_md5 || type == NID_sha1)
752 {
753 sig.algor = &algorithm;
754 algorithm.algorithm = OBJ_nid2obj(type);
755
756 if (!algorithm.algorithm)
757 {
758 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
759 CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
760 return 0;
761 }
762
763 if (!algorithm.algorithm->length)
764 {
765 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
766 CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
767 return 0;
768 }
769
770 parameter.type = V_ASN1_NULL;
771 parameter.value.ptr = NULL;
772 algorithm.parameter = &parameter;
773
774 sig.digest = &digest;
775 sig.digest->data = (unsigned char*)m;
776 sig.digest->length = m_len;
777
778 length = i2d_X509_SIG(&sig, NULL);
779 }
780
781 keyLength = RSA_size(rsa);
782
783 if (length - RSA_PKCS1_PADDING > keyLength)
784 {
785 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
786 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
787 return 0;
788 }
789
790 switch (type)
791 {
792 case NID_md5_sha1 :
793 if (m_len != SSL_SIG_LEN)
794 {
795 CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
796 CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
797 return 0;
798 }
799 hashBuffer = (unsigned char*)m;
800 length = m_len;
801 break;
802 case NID_md5 :
803 {
804 unsigned char *ptr;
805 ptr = hashBuffer = OPENSSL_malloc(
806 (unsigned int)keyLength+1);
807 if (!hashBuffer)
808 {
809 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
810 ERR_R_MALLOC_FAILURE);
811 return 0;
812 }
813 i2d_X509_SIG(&sig, &ptr);
814 }
815 break;
816 case NID_sha1 :
817 {
818 unsigned char *ptr;
819 ptr = hashBuffer = OPENSSL_malloc(
820 (unsigned int)keyLength+1);
821 if (!hashBuffer)
822 {
823 CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
824 ERR_R_MALLOC_FAILURE);
825 return 0;
826 }
827 i2d_X509_SIG(&sig, &ptr);
828 }
829 break;
830 default:
831 return 0;
832 }
833
834 digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
835 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
836 keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
837 sigret);
838
839 if (type == NID_sha1 || type == NID_md5)
840 {
841 memset(hashBuffer, 0, keyLength+1);
842 OPENSSL_free(hashBuffer);
843 }
844
845 *siglen = outputLength;
846
847 return ((returnCode || reasonCode) ? 0 : 1);
848 }
849
850static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
851 unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
852 unsigned char *modulus)
853 {
854 unsigned long len;
855
856 if (*token++ != (char)0x1E) /* internal PKA token? */
857 return 0;
858
859 if (*token++) /* token version must be zero */
860 return 0;
861
862 len = *token++;
863 len = len << 8;
864 len |= (unsigned char)*token++;
865
866 token += 4; /* skip reserved bytes */
867
868 if (*token++ == (char)0x04)
869 {
870 if (*token++) /* token version must be zero */
871 return 0;
872
873 len = *token++;
874 len = len << 8;
875 len |= (unsigned char)*token++;
876
877 token+=2; /* skip reserved section */
878
879 len = *token++;
880 len = len << 8;
881 len |= (unsigned char)*token++;
882
883 *exponentLength = len;
884
885 len = *token++;
886 len = len << 8;
887 len |= (unsigned char)*token++;
888
889 *modulusLength = len;
890
891 len = *token++;
892 len = len << 8;
893 len |= (unsigned char)*token++;
894
895 *modulusFieldLength = len;
896
897 memcpy(exponent, token, *exponentLength);
898 token+= *exponentLength;
899
900 memcpy(modulus, token, *modulusFieldLength);
901 return 1;
902 }
903 return 0;
904 }
905
906#endif /* OPENSSL_NO_RSA */
907
908static int cca_random_status(void)
909 {
910 return 1;
911 }
912
913static int cca_get_random_bytes(unsigned char* buf, int num)
914 {
915 long ret_code;
916 long reason_code;
917 long exit_data_length;
918 unsigned char exit_data[4];
919 unsigned char form[] = "RANDOM ";
920 unsigned char rand_buf[8];
921
922 while(num >= sizeof(rand_buf))
923 {
924 randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
925 exit_data, form, rand_buf);
926 if (ret_code)
927 return 0;
928 num -= sizeof(rand_buf);
929 memcpy(buf, rand_buf, sizeof(rand_buf));
930 buf += sizeof(rand_buf);
931 }
932
933 if (num)
934 {
935 randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
936 form, rand_buf);
937 if (ret_code)
938 return 0;
939 memcpy(buf, rand_buf, num);
940 }
941
942 return 1;
943 }
944
945static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
946 long argl, void *argp)
947 {
948 if (item)
949 OPENSSL_free(item);
950 }
951
952/* Goo to handle building as a dynamic engine */
953#ifdef ENGINE_DYNAMIC_SUPPORT
954static int bind_fn(ENGINE *e, const char *id)
955 {
956 if(id && (strcmp(id, engine_cswift_id) != 0))
957 return 0;
958 if(!bind_helper(e))
959 return 0;
960 return 1;
961 }
962IMPLEMENT_DYNAMIC_CHECK_FN()
963IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
964#endif /* ENGINE_DYNAMIC_SUPPORT */
965
966#endif /* !OPENSSL_NO_HW_4758_CCA */
967#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.c b/src/lib/libcrypto/engine/hw_4758_cca_err.c
new file mode 100644
index 0000000000..7ea5c63707
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.c
@@ -0,0 +1,149 @@
1/* hw_4758_cca_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_4758_cca_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA CCA4758_str_functs[]=
68 {
69{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0), "IBM_4758_CCA_CTRL"},
70{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0), "IBM_4758_CCA_FINISH"},
71{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0), "IBM_4758_CCA_INIT"},
72{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0), "IBM_4758_CCA_LOAD_PRIVKEY"},
73{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0), "IBM_4758_CCA_LOAD_PUBKEY"},
74{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0), "IBM_4758_CCA_SIGN"},
75{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0), "IBM_4758_CCA_VERIFY"},
76{0,NULL}
77 };
78
79static ERR_STRING_DATA CCA4758_str_reasons[]=
80 {
81{CCA4758_R_ALREADY_LOADED ,"already loaded"},
82{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD ,"asn1 oid unknown for md"},
83{CCA4758_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
84{CCA4758_R_DSO_FAILURE ,"dso failure"},
85{CCA4758_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"},
86{CCA4758_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"},
87{CCA4758_R_NOT_LOADED ,"not loaded"},
88{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
89{CCA4758_R_UNIT_FAILURE ,"unit failure"},
90{CCA4758_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
91{0,NULL}
92 };
93
94#endif
95
96#ifdef CCA4758_LIB_NAME
97static ERR_STRING_DATA CCA4758_lib_name[]=
98 {
99{0 ,CCA4758_LIB_NAME},
100{0,NULL}
101 };
102#endif
103
104
105static int CCA4758_lib_error_code=0;
106static int CCA4758_error_init=1;
107
108static void ERR_load_CCA4758_strings(void)
109 {
110 if (CCA4758_lib_error_code == 0)
111 CCA4758_lib_error_code=ERR_get_next_error_library();
112
113 if (CCA4758_error_init)
114 {
115 CCA4758_error_init=0;
116#ifndef OPENSSL_NO_ERR
117 ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
118 ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
119#endif
120
121#ifdef CCA4758_LIB_NAME
122 CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
123 ERR_load_strings(0,CCA4758_lib_name);
124#endif
125 }
126 }
127
128static void ERR_unload_CCA4758_strings(void)
129 {
130 if (CCA4758_error_init == 0)
131 {
132#ifndef OPENSSL_NO_ERR
133 ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
134 ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
135#endif
136
137#ifdef CCA4758_LIB_NAME
138 ERR_unload_strings(0,CCA4758_lib_name);
139#endif
140 CCA4758_error_init=1;
141 }
142 }
143
144static void ERR_CCA4758_error(int function, int reason, char *file, int line)
145 {
146 if (CCA4758_lib_error_code == 0)
147 CCA4758_lib_error_code=ERR_get_next_error_library();
148 ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
149 }
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.h b/src/lib/libcrypto/engine/hw_4758_cca_err.h
new file mode 100644
index 0000000000..2fc563ab11
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.h
@@ -0,0 +1,93 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CCA4758_ERR_H
56#define HEADER_CCA4758_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_CCA4758_strings(void);
63static void ERR_unload_CCA4758_strings(void);
64static void ERR_CCA4758_error(int function, int reason, char *file, int line);
65#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the CCA4758 functions. */
68
69/* Function codes. */
70#define CCA4758_F_IBM_4758_CCA_CTRL 100
71#define CCA4758_F_IBM_4758_CCA_FINISH 101
72#define CCA4758_F_IBM_4758_CCA_INIT 102
73#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY 103
74#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY 104
75#define CCA4758_F_IBM_4758_CCA_SIGN 105
76#define CCA4758_F_IBM_4758_CCA_VERIFY 106
77
78/* Reason codes. */
79#define CCA4758_R_ALREADY_LOADED 100
80#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
81#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
82#define CCA4758_R_DSO_FAILURE 103
83#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
84#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
85#define CCA4758_R_NOT_LOADED 106
86#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
87#define CCA4758_R_UNIT_FAILURE 108
88#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
89
90#ifdef __cplusplus
91}
92#endif
93#endif
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
new file mode 100644
index 0000000000..8b8380a582
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -0,0 +1,1119 @@
1/* crypto/engine/hw_aep.c */
2/*
3 */
4/* ====================================================================
5 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include <openssl/bn.h>
60#include <string.h>
61
62#include <openssl/e_os2.h>
63#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
64#include <sys/types.h>
65#include <unistd.h>
66#else
67#include <process.h>
68typedef int pid_t;
69#endif
70
71#include <openssl/crypto.h>
72#include <openssl/dso.h>
73#include <openssl/engine.h>
74#include <openssl/buffer.h>
75
76#ifndef OPENSSL_NO_HW
77#ifndef OPENSSL_NO_HW_AEP
78#ifdef FLAT_INC
79#include "aep.h"
80#else
81#include "vendor_defns/aep.h"
82#endif
83
84#define AEP_LIB_NAME "aep engine"
85#define FAIL_TO_SW 0x10101010
86
87#include "hw_aep_err.c"
88
89static int aep_init(ENGINE *e);
90static int aep_finish(ENGINE *e);
91static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
92static int aep_destroy(ENGINE *e);
93
94static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
95static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
96static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
97static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
98
99/* BIGNUM stuff */
100static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
101 const BIGNUM *m, BN_CTX *ctx);
102
103static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p,
104 const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
105 const BIGNUM *iqmp, BN_CTX *ctx);
106
107/* RSA stuff */
108#ifndef OPENSSL_NO_RSA
109static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
110#endif
111
112/* This function is aliased to mod_exp (with the mont stuff dropped). */
113static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
114 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
115
116/* DSA stuff */
117#ifndef OPENSSL_NO_DSA
118static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
119 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
120 BN_CTX *ctx, BN_MONT_CTX *in_mont);
121
122static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
123 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
124 BN_MONT_CTX *m_ctx);
125#endif
126
127/* DH stuff */
128/* This function is aliased to mod_exp (with the DH and mont dropped). */
129#ifndef OPENSSL_NO_DH
130static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
131 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
132#endif
133
134/* rand stuff */
135#ifdef AEPRAND
136static int aep_rand(unsigned char *buf, int num);
137static int aep_rand_status(void);
138#endif
139
140/* Bignum conversion stuff */
141static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
142static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
143 unsigned char* AEP_BigNum);
144static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
145 unsigned char* AEP_BigNum);
146
147/* The definitions for control commands specific to this engine */
148#define AEP_CMD_SO_PATH ENGINE_CMD_BASE
149static const ENGINE_CMD_DEFN aep_cmd_defns[] =
150 {
151 { AEP_CMD_SO_PATH,
152 "SO_PATH",
153 "Specifies the path to the 'aep' shared library",
154 ENGINE_CMD_FLAG_STRING
155 },
156 {0, NULL, NULL, 0}
157 };
158
159#ifndef OPENSSL_NO_RSA
160/* Our internal RSA_METHOD that we provide pointers to */
161static RSA_METHOD aep_rsa =
162 {
163 "Aep RSA method",
164 NULL, /*rsa_pub_encrypt*/
165 NULL, /*rsa_pub_decrypt*/
166 NULL, /*rsa_priv_encrypt*/
167 NULL, /*rsa_priv_encrypt*/
168 aep_rsa_mod_exp, /*rsa_mod_exp*/
169 aep_mod_exp_mont, /*bn_mod_exp*/
170 NULL, /*init*/
171 NULL, /*finish*/
172 0, /*flags*/
173 NULL, /*app_data*/
174 NULL, /*rsa_sign*/
175 NULL /*rsa_verify*/
176 };
177#endif
178
179#ifndef OPENSSL_NO_DSA
180/* Our internal DSA_METHOD that we provide pointers to */
181static DSA_METHOD aep_dsa =
182 {
183 "Aep DSA method",
184 NULL, /* dsa_do_sign */
185 NULL, /* dsa_sign_setup */
186 NULL, /* dsa_do_verify */
187 aep_dsa_mod_exp, /* dsa_mod_exp */
188 aep_mod_exp_dsa, /* bn_mod_exp */
189 NULL, /* init */
190 NULL, /* finish */
191 0, /* flags */
192 NULL /* app_data */
193 };
194#endif
195
196#ifndef OPENSSL_NO_DH
197/* Our internal DH_METHOD that we provide pointers to */
198static DH_METHOD aep_dh =
199 {
200 "Aep DH method",
201 NULL,
202 NULL,
203 aep_mod_exp_dh,
204 NULL,
205 NULL,
206 0,
207 NULL
208 };
209#endif
210
211#ifdef AEPRAND
212/* our internal RAND_method that we provide pointers to */
213static RAND_METHOD aep_random =
214 {
215 /*"AEP RAND method", */
216 NULL,
217 aep_rand,
218 NULL,
219 NULL,
220 aep_rand,
221 aep_rand_status,
222 };
223#endif
224
225/*Define an array of structures to hold connections*/
226static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
227
228/*Used to determine if this is a new process*/
229static pid_t recorded_pid = 0;
230
231#ifdef AEPRAND
232static AEP_U8 rand_block[RAND_BLK_SIZE];
233static AEP_U32 rand_block_bytes = 0;
234#endif
235
236/* Constants used when creating the ENGINE */
237static const char *engine_aep_id = "aep";
238static const char *engine_aep_name = "Aep hardware engine support";
239
240static int max_key_len = 2176;
241
242
243/* This internal function is used by ENGINE_aep() and possibly by the
244 * "dynamic" ENGINE support too */
245static int bind_aep(ENGINE *e)
246 {
247#ifndef OPENSSL_NO_RSA
248 const RSA_METHOD *meth1;
249#endif
250#ifndef OPENSSL_NO_DSA
251 const DSA_METHOD *meth2;
252#endif
253#ifndef OPENSSL_NO_DH
254 const DH_METHOD *meth3;
255#endif
256
257 if(!ENGINE_set_id(e, engine_aep_id) ||
258 !ENGINE_set_name(e, engine_aep_name) ||
259#ifndef OPENSSL_NO_RSA
260 !ENGINE_set_RSA(e, &aep_rsa) ||
261#endif
262#ifndef OPENSSL_NO_DSA
263 !ENGINE_set_DSA(e, &aep_dsa) ||
264#endif
265#ifndef OPENSSL_NO_DH
266 !ENGINE_set_DH(e, &aep_dh) ||
267#endif
268#ifdef AEPRAND
269 !ENGINE_set_RAND(e, &aep_random) ||
270#endif
271 !ENGINE_set_init_function(e, aep_init) ||
272 !ENGINE_set_destroy_function(e, aep_destroy) ||
273 !ENGINE_set_finish_function(e, aep_finish) ||
274 !ENGINE_set_ctrl_function(e, aep_ctrl) ||
275 !ENGINE_set_cmd_defns(e, aep_cmd_defns))
276 return 0;
277
278#ifndef OPENSSL_NO_RSA
279 /* We know that the "PKCS1_SSLeay()" functions hook properly
280 * to the aep-specific mod_exp and mod_exp_crt so we use
281 * those functions. NB: We don't use ENGINE_openssl() or
282 * anything "more generic" because something like the RSAref
283 * code may not hook properly, and if you own one of these
284 * cards then you have the right to do RSA operations on it
285 * anyway! */
286 meth1 = RSA_PKCS1_SSLeay();
287 aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
288 aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
289 aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
290 aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
291#endif
292
293
294#ifndef OPENSSL_NO_DSA
295 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
296 * bits. */
297 meth2 = DSA_OpenSSL();
298 aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
299 aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
300 aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
301
302 aep_dsa = *DSA_get_default_method();
303 aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
304 aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
305#endif
306
307#ifndef OPENSSL_NO_DH
308 /* Much the same for Diffie-Hellman */
309 meth3 = DH_OpenSSL();
310 aep_dh.generate_key = meth3->generate_key;
311 aep_dh.compute_key = meth3->compute_key;
312 aep_dh.bn_mod_exp = meth3->bn_mod_exp;
313#endif
314
315 /* Ensure the aep error handling is set up */
316 ERR_load_AEPHK_strings();
317
318 return 1;
319}
320
321#ifdef ENGINE_DYNAMIC_SUPPORT
322static int bind_helper(ENGINE *e, const char *id)
323 {
324 if(id && (strcmp(id, engine_aep_id) != 0))
325 return 0;
326 if(!bind_aep(e))
327 return 0;
328 return 1;
329 }
330IMPLEMENT_DYNAMIC_CHECK_FN()
331IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
332#else
333static ENGINE *engine_aep(void)
334 {
335 ENGINE *ret = ENGINE_new();
336 if(!ret)
337 return NULL;
338 if(!bind_aep(ret))
339 {
340 ENGINE_free(ret);
341 return NULL;
342 }
343 return ret;
344 }
345
346void ENGINE_load_aep(void)
347 {
348 /* Copied from eng_[openssl|dyn].c */
349 ENGINE *toadd = engine_aep();
350 if(!toadd) return;
351 ENGINE_add(toadd);
352 ENGINE_free(toadd);
353 ERR_clear_error();
354 }
355#endif
356
357/* This is a process-global DSO handle used for loading and unloading
358 * the Aep library. NB: This is only set (or unset) during an
359 * init() or finish() call (reference counts permitting) and they're
360 * operating with global locks, so this should be thread-safe
361 * implicitly. */
362static DSO *aep_dso = NULL;
363
364/* These are the static string constants for the DSO file name and the function
365 * symbol names to bind to.
366*/
367static const char *AEP_LIBNAME = NULL;
368static const char *get_AEP_LIBNAME(void)
369 {
370 if(AEP_LIBNAME)
371 return AEP_LIBNAME;
372 return "aep";
373 }
374static void free_AEP_LIBNAME(void)
375 {
376 if(AEP_LIBNAME)
377 OPENSSL_free((void*)AEP_LIBNAME);
378 AEP_LIBNAME = NULL;
379 }
380static long set_AEP_LIBNAME(const char *name)
381 {
382 free_AEP_LIBNAME();
383 return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
384 }
385
386static const char *AEP_F1 = "AEP_ModExp";
387static const char *AEP_F2 = "AEP_ModExpCrt";
388#ifdef AEPRAND
389static const char *AEP_F3 = "AEP_GenRandom";
390#endif
391static const char *AEP_F4 = "AEP_Finalize";
392static const char *AEP_F5 = "AEP_Initialize";
393static const char *AEP_F6 = "AEP_OpenConnection";
394static const char *AEP_F7 = "AEP_SetBNCallBacks";
395static const char *AEP_F8 = "AEP_CloseConnection";
396
397/* These are the function pointers that are (un)set when the library has
398 * successfully (un)loaded. */
399static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
400static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
401static t_AEP_ModExp *p_AEP_ModExp = NULL;
402static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
403#ifdef AEPRAND
404static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
405#endif
406static t_AEP_Initialize *p_AEP_Initialize = NULL;
407static t_AEP_Finalize *p_AEP_Finalize = NULL;
408static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
409
410/* (de)initialisation functions. */
411static int aep_init(ENGINE *e)
412 {
413 t_AEP_ModExp *p1;
414 t_AEP_ModExpCrt *p2;
415#ifdef AEPRAND
416 t_AEP_GenRandom *p3;
417#endif
418 t_AEP_Finalize *p4;
419 t_AEP_Initialize *p5;
420 t_AEP_OpenConnection *p6;
421 t_AEP_SetBNCallBacks *p7;
422 t_AEP_CloseConnection *p8;
423
424 int to_return = 0;
425
426 if(aep_dso != NULL)
427 {
428 AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
429 goto err;
430 }
431 /* Attempt to load libaep.so. */
432
433 aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
434
435 if(aep_dso == NULL)
436 {
437 AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
438 goto err;
439 }
440
441 if( !(p1 = (t_AEP_ModExp *) DSO_bind_func( aep_dso,AEP_F1)) ||
442 !(p2 = (t_AEP_ModExpCrt*) DSO_bind_func( aep_dso,AEP_F2)) ||
443#ifdef AEPRAND
444 !(p3 = (t_AEP_GenRandom*) DSO_bind_func( aep_dso,AEP_F3)) ||
445#endif
446 !(p4 = (t_AEP_Finalize*) DSO_bind_func( aep_dso,AEP_F4)) ||
447 !(p5 = (t_AEP_Initialize*) DSO_bind_func( aep_dso,AEP_F5)) ||
448 !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6)) ||
449 !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7)) ||
450 !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
451 {
452 AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
453 goto err;
454 }
455
456 /* Copy the pointers */
457
458 p_AEP_ModExp = p1;
459 p_AEP_ModExpCrt = p2;
460#ifdef AEPRAND
461 p_AEP_GenRandom = p3;
462#endif
463 p_AEP_Finalize = p4;
464 p_AEP_Initialize = p5;
465 p_AEP_OpenConnection = p6;
466 p_AEP_SetBNCallBacks = p7;
467 p_AEP_CloseConnection = p8;
468
469 to_return = 1;
470
471 return to_return;
472
473 err:
474
475 if(aep_dso)
476 DSO_free(aep_dso);
477
478 p_AEP_OpenConnection = NULL;
479 p_AEP_ModExp = NULL;
480 p_AEP_ModExpCrt = NULL;
481#ifdef AEPRAND
482 p_AEP_GenRandom = NULL;
483#endif
484 p_AEP_Initialize = NULL;
485 p_AEP_Finalize = NULL;
486 p_AEP_SetBNCallBacks = NULL;
487 p_AEP_CloseConnection = NULL;
488
489 return to_return;
490 }
491
492/* Destructor (complements the "ENGINE_aep()" constructor) */
493static int aep_destroy(ENGINE *e)
494 {
495 free_AEP_LIBNAME();
496 ERR_unload_AEPHK_strings();
497 return 1;
498 }
499
500static int aep_finish(ENGINE *e)
501 {
502 int to_return = 0, in_use;
503 AEP_RV rv;
504
505 if(aep_dso == NULL)
506 {
507 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
508 goto err;
509 }
510
511 rv = aep_close_all_connections(0, &in_use);
512 if (rv != AEP_R_OK)
513 {
514 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
515 goto err;
516 }
517 if (in_use)
518 {
519 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
520 goto err;
521 }
522
523 rv = p_AEP_Finalize();
524 if (rv != AEP_R_OK)
525 {
526 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
527 goto err;
528 }
529
530 if(!DSO_free(aep_dso))
531 {
532 AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
533 goto err;
534 }
535
536 aep_dso = NULL;
537 p_AEP_CloseConnection = NULL;
538 p_AEP_OpenConnection = NULL;
539 p_AEP_ModExp = NULL;
540 p_AEP_ModExpCrt = NULL;
541#ifdef AEPRAND
542 p_AEP_GenRandom = NULL;
543#endif
544 p_AEP_Initialize = NULL;
545 p_AEP_Finalize = NULL;
546 p_AEP_SetBNCallBacks = NULL;
547
548 to_return = 1;
549 err:
550 return to_return;
551 }
552
553static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
554 {
555 int initialised = ((aep_dso == NULL) ? 0 : 1);
556 switch(cmd)
557 {
558 case AEP_CMD_SO_PATH:
559 if(p == NULL)
560 {
561 AEPHKerr(AEPHK_F_AEP_CTRL,
562 ERR_R_PASSED_NULL_PARAMETER);
563 return 0;
564 }
565 if(initialised)
566 {
567 AEPHKerr(AEPHK_F_AEP_CTRL,
568 AEPHK_R_ALREADY_LOADED);
569 return 0;
570 }
571 return set_AEP_LIBNAME((const char*)p);
572 default:
573 break;
574 }
575 AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
576 return 0;
577 }
578
579static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
580 const BIGNUM *m, BN_CTX *ctx)
581 {
582 int to_return = 0;
583 int r_len = 0;
584 AEP_CONNECTION_HNDL hConnection;
585 AEP_RV rv;
586
587 r_len = BN_num_bits(m);
588
589 /* Perform in software if modulus is too large for hardware. */
590
591 if (r_len > max_key_len){
592 AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
593 return BN_mod_exp(r, a, p, m, ctx);
594 }
595
596 /*Grab a connection from the pool*/
597 rv = aep_get_connection(&hConnection);
598 if (rv != AEP_R_OK)
599 {
600 AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
601 return BN_mod_exp(r, a, p, m, ctx);
602 }
603
604 /*To the card with the mod exp*/
605 rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
606
607 if (rv != AEP_R_OK)
608 {
609 AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
610 rv = aep_close_connection(hConnection);
611 return BN_mod_exp(r, a, p, m, ctx);
612 }
613
614 /*Return the connection to the pool*/
615 rv = aep_return_connection(hConnection);
616 if (rv != AEP_R_OK)
617 {
618 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
619 goto err;
620 }
621
622 to_return = 1;
623 err:
624 return to_return;
625 }
626
627static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
628 const BIGNUM *q, const BIGNUM *dmp1,
629 const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
630 {
631 AEP_RV rv = AEP_R_OK;
632 AEP_CONNECTION_HNDL hConnection;
633
634 /*Grab a connection from the pool*/
635 rv = aep_get_connection(&hConnection);
636 if (rv != AEP_R_OK)
637 {
638 AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
639 return FAIL_TO_SW;
640 }
641
642 /*To the card with the mod exp*/
643 rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
644 (void*)iqmp,(void*)r,NULL);
645 if (rv != AEP_R_OK)
646 {
647 AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
648 rv = aep_close_connection(hConnection);
649 return FAIL_TO_SW;
650 }
651
652 /*Return the connection to the pool*/
653 rv = aep_return_connection(hConnection);
654 if (rv != AEP_R_OK)
655 {
656 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
657 goto err;
658 }
659
660 err:
661 return rv;
662 }
663
664
665#ifdef AEPRAND
666static int aep_rand(unsigned char *buf,int len )
667 {
668 AEP_RV rv = AEP_R_OK;
669 AEP_CONNECTION_HNDL hConnection;
670
671 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
672
673 /*Can the request be serviced with what's already in the buffer?*/
674 if (len <= rand_block_bytes)
675 {
676 memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
677 rand_block_bytes -= len;
678 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
679 }
680 else
681 /*If not the get another block of random bytes*/
682 {
683 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
684
685 rv = aep_get_connection(&hConnection);
686 if (rv != AEP_R_OK)
687 {
688 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);
689 goto err_nounlock;
690 }
691
692 if (len > RAND_BLK_SIZE)
693 {
694 rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
695 if (rv != AEP_R_OK)
696 {
697 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
698 goto err_nounlock;
699 }
700 }
701 else
702 {
703 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
704
705 rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
706 if (rv != AEP_R_OK)
707 {
708 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
709
710 goto err;
711 }
712
713 rand_block_bytes = RAND_BLK_SIZE;
714
715 memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
716 rand_block_bytes -= len;
717
718 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
719 }
720
721 rv = aep_return_connection(hConnection);
722 if (rv != AEP_R_OK)
723 {
724 AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
725
726 goto err_nounlock;
727 }
728 }
729
730 return 1;
731 err:
732 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
733 err_nounlock:
734 return 0;
735 }
736
737static int aep_rand_status(void)
738{
739 return 1;
740}
741#endif
742
743#ifndef OPENSSL_NO_RSA
744static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
745 {
746 BN_CTX *ctx = NULL;
747 int to_return = 0;
748 AEP_RV rv = AEP_R_OK;
749
750 if ((ctx = BN_CTX_new()) == NULL)
751 goto err;
752
753 if (!aep_dso)
754 {
755 AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
756 goto err;
757 }
758
759 /*See if we have all the necessary bits for a crt*/
760 if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
761 {
762 rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
763
764 if (rv == FAIL_TO_SW){
765 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
766 to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
767 goto err;
768 }
769 else if (rv != AEP_R_OK)
770 goto err;
771 }
772 else
773 {
774 if (!rsa->d || !rsa->n)
775 {
776 AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
777 goto err;
778 }
779
780 rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
781 if (rv != AEP_R_OK)
782 goto err;
783
784 }
785
786 to_return = 1;
787
788 err:
789 if(ctx)
790 BN_CTX_free(ctx);
791 return to_return;
792}
793#endif
794
795#ifndef OPENSSL_NO_DSA
796static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
797 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
798 BN_CTX *ctx, BN_MONT_CTX *in_mont)
799 {
800 BIGNUM t;
801 int to_return = 0;
802 BN_init(&t);
803
804 /* let rr = a1 ^ p1 mod m */
805 if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
806 /* let t = a2 ^ p2 mod m */
807 if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
808 /* let rr = rr * t mod m */
809 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
810 to_return = 1;
811 end:
812 BN_free(&t);
813 return to_return;
814 }
815
816static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
817 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
818 BN_MONT_CTX *m_ctx)
819 {
820 return aep_mod_exp(r, a, p, m, ctx);
821 }
822#endif
823
824/* This function is aliased to mod_exp (with the mont stuff dropped). */
825static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
826 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
827 {
828 return aep_mod_exp(r, a, p, m, ctx);
829 }
830
831#ifndef OPENSSL_NO_DH
832/* This function is aliased to mod_exp (with the dh and mont dropped). */
833static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
834 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
835 BN_MONT_CTX *m_ctx)
836 {
837 return aep_mod_exp(r, a, p, m, ctx);
838 }
839#endif
840
841static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
842 {
843 int count;
844 AEP_RV rv = AEP_R_OK;
845
846 /*Get the current process id*/
847 pid_t curr_pid;
848
849 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
850
851 curr_pid = getpid();
852
853 /*Check if this is the first time this is being called from the current
854 process*/
855 if (recorded_pid != curr_pid)
856 {
857 /*Remember our pid so we can check if we're in a new process*/
858 recorded_pid = curr_pid;
859
860 /*Call Finalize to make sure we have not inherited some data
861 from a parent process*/
862 p_AEP_Finalize();
863
864 /*Initialise the AEP API*/
865 rv = p_AEP_Initialize(NULL);
866
867 if (rv != AEP_R_OK)
868 {
869 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
870 recorded_pid = 0;
871 goto end;
872 }
873
874 /*Set the AEP big num call back functions*/
875 rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
876 &ConvertAEPBigNum);
877
878 if (rv != AEP_R_OK)
879 {
880 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
881 recorded_pid = 0;
882 goto end;
883 }
884
885#ifdef AEPRAND
886 /*Reset the rand byte count*/
887 rand_block_bytes = 0;
888#endif
889
890 /*Init the structures*/
891 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
892 {
893 aep_app_conn_table[count].conn_state = NotConnected;
894 aep_app_conn_table[count].conn_hndl = 0;
895 }
896
897 /*Open a connection*/
898 rv = p_AEP_OpenConnection(phConnection);
899
900 if (rv != AEP_R_OK)
901 {
902 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
903 recorded_pid = 0;
904 goto end;
905 }
906
907 aep_app_conn_table[0].conn_state = InUse;
908 aep_app_conn_table[0].conn_hndl = *phConnection;
909 goto end;
910 }
911 /*Check the existing connections to see if we can find a free one*/
912 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
913 {
914 if (aep_app_conn_table[count].conn_state == Connected)
915 {
916 aep_app_conn_table[count].conn_state = InUse;
917 *phConnection = aep_app_conn_table[count].conn_hndl;
918 goto end;
919 }
920 }
921 /*If no connections available, we're going to have to try
922 to open a new one*/
923 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
924 {
925 if (aep_app_conn_table[count].conn_state == NotConnected)
926 {
927 /*Open a connection*/
928 rv = p_AEP_OpenConnection(phConnection);
929
930 if (rv != AEP_R_OK)
931 {
932 AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
933 goto end;
934 }
935
936 aep_app_conn_table[count].conn_state = InUse;
937 aep_app_conn_table[count].conn_hndl = *phConnection;
938 goto end;
939 }
940 }
941 rv = AEP_R_GENERAL_ERROR;
942 end:
943 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
944 return rv;
945 }
946
947
948static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
949 {
950 int count;
951
952 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
953
954 /*Find the connection item that matches this connection handle*/
955 for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
956 {
957 if (aep_app_conn_table[count].conn_hndl == hConnection)
958 {
959 aep_app_conn_table[count].conn_state = Connected;
960 break;
961 }
962 }
963
964 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
965
966 return AEP_R_OK;
967 }
968
969static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
970 {
971 int count;
972 AEP_RV rv = AEP_R_OK;
973
974 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
975
976 /*Find the connection item that matches this connection handle*/
977 for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
978 {
979 if (aep_app_conn_table[count].conn_hndl == hConnection)
980 {
981 rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
982 if (rv != AEP_R_OK)
983 goto end;
984 aep_app_conn_table[count].conn_state = NotConnected;
985 aep_app_conn_table[count].conn_hndl = 0;
986 break;
987 }
988 }
989
990 end:
991 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
992 return rv;
993 }
994
995static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
996 {
997 int count;
998 AEP_RV rv = AEP_R_OK;
999
1000 *in_use = 0;
1001 if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
1002 for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
1003 {
1004 switch (aep_app_conn_table[count].conn_state)
1005 {
1006 case Connected:
1007 rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
1008 if (rv != AEP_R_OK)
1009 goto end;
1010 aep_app_conn_table[count].conn_state = NotConnected;
1011 aep_app_conn_table[count].conn_hndl = 0;
1012 break;
1013 case InUse:
1014 (*in_use)++;
1015 break;
1016 case NotConnected:
1017 break;
1018 }
1019 }
1020 end:
1021 if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
1022 return rv;
1023 }
1024
1025/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
1026 Note only 32bit Openssl build support*/
1027
1028static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
1029 {
1030 BIGNUM* bn;
1031
1032 /*Cast the ArbBigNum pointer to our BIGNUM struct*/
1033 bn = (BIGNUM*) ArbBigNum;
1034
1035#ifdef SIXTY_FOUR_BIT_LONG
1036 *BigNumSize = bn->top << 3;
1037#else
1038 /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
1039 words) multiplies by 4*/
1040 *BigNumSize = bn->top << 2;
1041#endif
1042
1043 return AEP_R_OK;
1044 }
1045
1046static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
1047 unsigned char* AEP_BigNum)
1048 {
1049 BIGNUM* bn;
1050
1051#ifndef SIXTY_FOUR_BIT_LONG
1052 unsigned char* buf;
1053 int i;
1054#endif
1055
1056 /*Cast the ArbBigNum pointer to our BIGNUM struct*/
1057 bn = (BIGNUM*) ArbBigNum;
1058
1059#ifdef SIXTY_FOUR_BIT_LONG
1060 memcpy(AEP_BigNum, bn->d, BigNumSize);
1061#else
1062 /*Must copy data into a (monotone) least significant byte first format
1063 performing endian conversion if necessary*/
1064 for(i=0;i<bn->top;i++)
1065 {
1066 buf = (unsigned char*)&bn->d[i];
1067
1068 *((AEP_U32*)AEP_BigNum) = (AEP_U32)
1069 ((unsigned) buf[1] << 8 | buf[0]) |
1070 ((unsigned) buf[3] << 8 | buf[2]) << 16;
1071
1072 AEP_BigNum += 4;
1073 }
1074#endif
1075
1076 return AEP_R_OK;
1077 }
1078
1079/*Turn an AEP Big Num back to a user big num*/
1080static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
1081 unsigned char* AEP_BigNum)
1082 {
1083 BIGNUM* bn;
1084#ifndef SIXTY_FOUR_BIT_LONG
1085 int i;
1086#endif
1087
1088 bn = (BIGNUM*)ArbBigNum;
1089
1090 /*Expand the result bn so that it can hold our big num.
1091 Size is in bits*/
1092 bn_expand(bn, (int)(BigNumSize << 3));
1093
1094#ifdef SIXTY_FOUR_BIT_LONG
1095 bn->top = BigNumSize >> 3;
1096
1097 if((BigNumSize & 7) != 0)
1098 bn->top++;
1099
1100 memset(bn->d, 0, bn->top << 3);
1101
1102 memcpy(bn->d, AEP_BigNum, BigNumSize);
1103#else
1104 bn->top = BigNumSize >> 2;
1105
1106 for(i=0;i<bn->top;i++)
1107 {
1108 bn->d[i] = (AEP_U32)
1109 ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
1110 ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
1111 AEP_BigNum += 4;
1112 }
1113#endif
1114
1115 return AEP_R_OK;
1116}
1117
1118#endif /* !OPENSSL_NO_HW_AEP */
1119#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_aep_err.c b/src/lib/libcrypto/engine/hw_aep_err.c
new file mode 100644
index 0000000000..092f532946
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.c
@@ -0,0 +1,157 @@
1/* hw_aep_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_aep_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA AEPHK_str_functs[]=
68 {
69{ERR_PACK(0,AEPHK_F_AEP_CTRL,0), "AEP_CTRL"},
70{ERR_PACK(0,AEPHK_F_AEP_FINISH,0), "AEP_FINISH"},
71{ERR_PACK(0,AEPHK_F_AEP_GET_CONNECTION,0), "AEP_GET_CONNECTION"},
72{ERR_PACK(0,AEPHK_F_AEP_INIT,0), "AEP_INIT"},
73{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP,0), "AEP_MOD_EXP"},
74{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP_CRT,0), "AEP_MOD_EXP_CRT"},
75{ERR_PACK(0,AEPHK_F_AEP_RAND,0), "AEP_RAND"},
76{ERR_PACK(0,AEPHK_F_AEP_RSA_MOD_EXP,0), "AEP_RSA_MOD_EXP"},
77{0,NULL}
78 };
79
80static ERR_STRING_DATA AEPHK_str_reasons[]=
81 {
82{AEPHK_R_ALREADY_LOADED ,"already loaded"},
83{AEPHK_R_CLOSE_HANDLES_FAILED ,"close handles failed"},
84{AEPHK_R_CONNECTIONS_IN_USE ,"connections in use"},
85{AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
86{AEPHK_R_FINALIZE_FAILED ,"finalize failed"},
87{AEPHK_R_GET_HANDLE_FAILED ,"get handle failed"},
88{AEPHK_R_GET_RANDOM_FAILED ,"get random failed"},
89{AEPHK_R_INIT_FAILURE ,"init failure"},
90{AEPHK_R_MISSING_KEY_COMPONENTS ,"missing key components"},
91{AEPHK_R_MOD_EXP_CRT_FAILED ,"mod exp crt failed"},
92{AEPHK_R_MOD_EXP_FAILED ,"mod exp failed"},
93{AEPHK_R_NOT_LOADED ,"not loaded"},
94{AEPHK_R_OK ,"ok"},
95{AEPHK_R_RETURN_CONNECTION_FAILED ,"return connection failed"},
96{AEPHK_R_SETBNCALLBACK_FAILURE ,"setbncallback failure"},
97{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
98{AEPHK_R_UNIT_FAILURE ,"unit failure"},
99{0,NULL}
100 };
101
102#endif
103
104#ifdef AEPHK_LIB_NAME
105static ERR_STRING_DATA AEPHK_lib_name[]=
106 {
107{0 ,AEPHK_LIB_NAME},
108{0,NULL}
109 };
110#endif
111
112
113static int AEPHK_lib_error_code=0;
114static int AEPHK_error_init=1;
115
116static void ERR_load_AEPHK_strings(void)
117 {
118 if (AEPHK_lib_error_code == 0)
119 AEPHK_lib_error_code=ERR_get_next_error_library();
120
121 if (AEPHK_error_init)
122 {
123 AEPHK_error_init=0;
124#ifndef OPENSSL_NO_ERR
125 ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
126 ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
127#endif
128
129#ifdef AEPHK_LIB_NAME
130 AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
131 ERR_load_strings(0,AEPHK_lib_name);
132#endif
133 }
134 }
135
136static void ERR_unload_AEPHK_strings(void)
137 {
138 if (AEPHK_error_init == 0)
139 {
140#ifndef OPENSSL_NO_ERR
141 ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
142 ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
143#endif
144
145#ifdef AEPHK_LIB_NAME
146 ERR_unload_strings(0,AEPHK_lib_name);
147#endif
148 AEPHK_error_init=1;
149 }
150 }
151
152static void ERR_AEPHK_error(int function, int reason, char *file, int line)
153 {
154 if (AEPHK_lib_error_code == 0)
155 AEPHK_lib_error_code=ERR_get_next_error_library();
156 ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
157 }
diff --git a/src/lib/libcrypto/engine/hw_aep_err.h b/src/lib/libcrypto/engine/hw_aep_err.h
new file mode 100644
index 0000000000..8fe4cf921f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.h
@@ -0,0 +1,101 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_AEPHK_ERR_H
56#define HEADER_AEPHK_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_AEPHK_strings(void);
63static void ERR_unload_AEPHK_strings(void);
64static void ERR_AEPHK_error(int function, int reason, char *file, int line);
65#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the AEPHK functions. */
68
69/* Function codes. */
70#define AEPHK_F_AEP_CTRL 100
71#define AEPHK_F_AEP_FINISH 101
72#define AEPHK_F_AEP_GET_CONNECTION 102
73#define AEPHK_F_AEP_INIT 103
74#define AEPHK_F_AEP_MOD_EXP 104
75#define AEPHK_F_AEP_MOD_EXP_CRT 105
76#define AEPHK_F_AEP_RAND 106
77#define AEPHK_F_AEP_RSA_MOD_EXP 107
78
79/* Reason codes. */
80#define AEPHK_R_ALREADY_LOADED 100
81#define AEPHK_R_CLOSE_HANDLES_FAILED 101
82#define AEPHK_R_CONNECTIONS_IN_USE 102
83#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
84#define AEPHK_R_FINALIZE_FAILED 104
85#define AEPHK_R_GET_HANDLE_FAILED 105
86#define AEPHK_R_GET_RANDOM_FAILED 106
87#define AEPHK_R_INIT_FAILURE 107
88#define AEPHK_R_MISSING_KEY_COMPONENTS 108
89#define AEPHK_R_MOD_EXP_CRT_FAILED 109
90#define AEPHK_R_MOD_EXP_FAILED 110
91#define AEPHK_R_NOT_LOADED 111
92#define AEPHK_R_OK 112
93#define AEPHK_R_RETURN_CONNECTION_FAILED 113
94#define AEPHK_R_SETBNCALLBACK_FAILURE 114
95#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
96#define AEPHK_R_UNIT_FAILURE 115
97
98#ifdef __cplusplus
99}
100#endif
101#endif
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
new file mode 100644
index 0000000000..6151c46902
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -0,0 +1,592 @@
1/* crypto/engine/hw_atalla.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/dso.h>
63#include <openssl/engine.h>
64
65#ifndef OPENSSL_NO_HW
66#ifndef OPENSSL_NO_HW_ATALLA
67
68#ifdef FLAT_INC
69#include "atalla.h"
70#else
71#include "vendor_defns/atalla.h"
72#endif
73
74#define ATALLA_LIB_NAME "atalla engine"
75#include "hw_atalla_err.c"
76
77static int atalla_destroy(ENGINE *e);
78static int atalla_init(ENGINE *e);
79static int atalla_finish(ENGINE *e);
80static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
81
82/* BIGNUM stuff */
83static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
84 const BIGNUM *m, BN_CTX *ctx);
85
86#ifndef OPENSSL_NO_RSA
87/* RSA stuff */
88static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
89#endif
90/* This function is aliased to mod_exp (with the mont stuff dropped). */
91static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
92 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
93
94#ifndef OPENSSL_NO_DSA
95/* DSA stuff */
96static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
97 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
98 BN_CTX *ctx, BN_MONT_CTX *in_mont);
99static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
100 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
101 BN_MONT_CTX *m_ctx);
102#endif
103
104#ifndef OPENSSL_NO_DH
105/* DH stuff */
106/* This function is alised to mod_exp (with the DH and mont dropped). */
107static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
108 const BIGNUM *a, const BIGNUM *p,
109 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
110#endif
111
112/* The definitions for control commands specific to this engine */
113#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
114static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
115 {ATALLA_CMD_SO_PATH,
116 "SO_PATH",
117 "Specifies the path to the 'atasi' shared library",
118 ENGINE_CMD_FLAG_STRING},
119 {0, NULL, NULL, 0}
120 };
121
122#ifndef OPENSSL_NO_RSA
123/* Our internal RSA_METHOD that we provide pointers to */
124static RSA_METHOD atalla_rsa =
125 {
126 "Atalla RSA method",
127 NULL,
128 NULL,
129 NULL,
130 NULL,
131 atalla_rsa_mod_exp,
132 atalla_mod_exp_mont,
133 NULL,
134 NULL,
135 0,
136 NULL,
137 NULL,
138 NULL
139 };
140#endif
141
142#ifndef OPENSSL_NO_DSA
143/* Our internal DSA_METHOD that we provide pointers to */
144static DSA_METHOD atalla_dsa =
145 {
146 "Atalla DSA method",
147 NULL, /* dsa_do_sign */
148 NULL, /* dsa_sign_setup */
149 NULL, /* dsa_do_verify */
150 atalla_dsa_mod_exp, /* dsa_mod_exp */
151 atalla_mod_exp_dsa, /* bn_mod_exp */
152 NULL, /* init */
153 NULL, /* finish */
154 0, /* flags */
155 NULL /* app_data */
156 };
157#endif
158
159#ifndef OPENSSL_NO_DH
160/* Our internal DH_METHOD that we provide pointers to */
161static DH_METHOD atalla_dh =
162 {
163 "Atalla DH method",
164 NULL,
165 NULL,
166 atalla_mod_exp_dh,
167 NULL,
168 NULL,
169 0,
170 NULL
171 };
172#endif
173
174/* Constants used when creating the ENGINE */
175static const char *engine_atalla_id = "atalla";
176static const char *engine_atalla_name = "Atalla hardware engine support";
177
178/* This internal function is used by ENGINE_atalla() and possibly by the
179 * "dynamic" ENGINE support too */
180static int bind_helper(ENGINE *e)
181 {
182#ifndef OPENSSL_NO_RSA
183 const RSA_METHOD *meth1;
184#endif
185#ifndef OPENSSL_NO_DSA
186 const DSA_METHOD *meth2;
187#endif
188#ifndef OPENSSL_NO_DH
189 const DH_METHOD *meth3;
190#endif
191 if(!ENGINE_set_id(e, engine_atalla_id) ||
192 !ENGINE_set_name(e, engine_atalla_name) ||
193#ifndef OPENSSL_NO_RSA
194 !ENGINE_set_RSA(e, &atalla_rsa) ||
195#endif
196#ifndef OPENSSL_NO_DSA
197 !ENGINE_set_DSA(e, &atalla_dsa) ||
198#endif
199#ifndef OPENSSL_NO_DH
200 !ENGINE_set_DH(e, &atalla_dh) ||
201#endif
202 !ENGINE_set_destroy_function(e, atalla_destroy) ||
203 !ENGINE_set_init_function(e, atalla_init) ||
204 !ENGINE_set_finish_function(e, atalla_finish) ||
205 !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
206 !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
207 return 0;
208
209#ifndef OPENSSL_NO_RSA
210 /* We know that the "PKCS1_SSLeay()" functions hook properly
211 * to the atalla-specific mod_exp and mod_exp_crt so we use
212 * those functions. NB: We don't use ENGINE_openssl() or
213 * anything "more generic" because something like the RSAref
214 * code may not hook properly, and if you own one of these
215 * cards then you have the right to do RSA operations on it
216 * anyway! */
217 meth1 = RSA_PKCS1_SSLeay();
218 atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
219 atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
220 atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
221 atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
222#endif
223
224#ifndef OPENSSL_NO_DSA
225 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
226 * bits. */
227 meth2 = DSA_OpenSSL();
228 atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
229 atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
230 atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
231#endif
232
233#ifndef OPENSSL_NO_DH
234 /* Much the same for Diffie-Hellman */
235 meth3 = DH_OpenSSL();
236 atalla_dh.generate_key = meth3->generate_key;
237 atalla_dh.compute_key = meth3->compute_key;
238#endif
239
240 /* Ensure the atalla error handling is set up */
241 ERR_load_ATALLA_strings();
242 return 1;
243 }
244
245static ENGINE *engine_atalla(void)
246 {
247 ENGINE *ret = ENGINE_new();
248 if(!ret)
249 return NULL;
250 if(!bind_helper(ret))
251 {
252 ENGINE_free(ret);
253 return NULL;
254 }
255 return ret;
256 }
257
258void ENGINE_load_atalla(void)
259 {
260 /* Copied from eng_[openssl|dyn].c */
261 ENGINE *toadd = engine_atalla();
262 if(!toadd) return;
263 ENGINE_add(toadd);
264 ENGINE_free(toadd);
265 ERR_clear_error();
266 }
267
268/* This is a process-global DSO handle used for loading and unloading
269 * the Atalla library. NB: This is only set (or unset) during an
270 * init() or finish() call (reference counts permitting) and they're
271 * operating with global locks, so this should be thread-safe
272 * implicitly. */
273static DSO *atalla_dso = NULL;
274
275/* These are the function pointers that are (un)set when the library has
276 * successfully (un)loaded. */
277static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
278static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
279static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
280
281/* These are the static string constants for the DSO file name and the function
282 * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
283 * "atasi.so" rather than something more consistent like "libatasi.so". At the
284 * time of writing, I'm not sure what the file name on win32 is but clearly
285 * native name translation is not possible (eg libatasi.so on *nix, and
286 * atasi.dll on win32). For the purposes of testing, I have created a symbollic
287 * link called "libatasi.so" so that we can use native name-translation - a
288 * better solution will be needed. */
289static const char *ATALLA_LIBNAME = NULL;
290static const char *get_ATALLA_LIBNAME(void)
291 {
292 if(ATALLA_LIBNAME)
293 return ATALLA_LIBNAME;
294 return "atasi";
295 }
296static void free_ATALLA_LIBNAME(void)
297 {
298 if(ATALLA_LIBNAME)
299 OPENSSL_free((void*)ATALLA_LIBNAME);
300 ATALLA_LIBNAME = NULL;
301 }
302static long set_ATALLA_LIBNAME(const char *name)
303 {
304 free_ATALLA_LIBNAME();
305 return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
306 }
307static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
308static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
309static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
310
311/* Destructor (complements the "ENGINE_atalla()" constructor) */
312static int atalla_destroy(ENGINE *e)
313 {
314 free_ATALLA_LIBNAME();
315 /* Unload the atalla error strings so any error state including our
316 * functs or reasons won't lead to a segfault (they simply get displayed
317 * without corresponding string data because none will be found). */
318 ERR_unload_ATALLA_strings();
319 return 1;
320 }
321
322/* (de)initialisation functions. */
323static int atalla_init(ENGINE *e)
324 {
325 tfnASI_GetHardwareConfig *p1;
326 tfnASI_RSAPrivateKeyOpFn *p2;
327 tfnASI_GetPerformanceStatistics *p3;
328 /* Not sure of the origin of this magic value, but Ben's code had it
329 * and it seemed to have been working for a few people. :-) */
330 unsigned int config_buf[1024];
331
332 if(atalla_dso != NULL)
333 {
334 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
335 goto err;
336 }
337 /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
338 * changed unfortunately because the Atalla drivers don't have
339 * standard library names that can be platform-translated well. */
340 /* TODO: Work out how to actually map to the names the Atalla
341 * drivers really use - for now a symbollic link needs to be
342 * created on the host system from libatasi.so to atasi.so on
343 * unix variants. */
344 atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
345 if(atalla_dso == NULL)
346 {
347 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
348 goto err;
349 }
350 if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
351 atalla_dso, ATALLA_F1)) ||
352 !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
353 atalla_dso, ATALLA_F2)) ||
354 !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
355 atalla_dso, ATALLA_F3)))
356 {
357 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
358 goto err;
359 }
360 /* Copy the pointers */
361 p_Atalla_GetHardwareConfig = p1;
362 p_Atalla_RSAPrivateKeyOpFn = p2;
363 p_Atalla_GetPerformanceStatistics = p3;
364 /* Perform a basic test to see if there's actually any unit
365 * running. */
366 if(p1(0L, config_buf) != 0)
367 {
368 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
369 goto err;
370 }
371 /* Everything's fine. */
372 return 1;
373err:
374 if(atalla_dso)
375 DSO_free(atalla_dso);
376 p_Atalla_GetHardwareConfig = NULL;
377 p_Atalla_RSAPrivateKeyOpFn = NULL;
378 p_Atalla_GetPerformanceStatistics = NULL;
379 return 0;
380 }
381
382static int atalla_finish(ENGINE *e)
383 {
384 free_ATALLA_LIBNAME();
385 if(atalla_dso == NULL)
386 {
387 ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
388 return 0;
389 }
390 if(!DSO_free(atalla_dso))
391 {
392 ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
393 return 0;
394 }
395 atalla_dso = NULL;
396 p_Atalla_GetHardwareConfig = NULL;
397 p_Atalla_RSAPrivateKeyOpFn = NULL;
398 p_Atalla_GetPerformanceStatistics = NULL;
399 return 1;
400 }
401
402static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
403 {
404 int initialised = ((atalla_dso == NULL) ? 0 : 1);
405 switch(cmd)
406 {
407 case ATALLA_CMD_SO_PATH:
408 if(p == NULL)
409 {
410 ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
411 return 0;
412 }
413 if(initialised)
414 {
415 ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
416 return 0;
417 }
418 return set_ATALLA_LIBNAME((const char *)p);
419 default:
420 break;
421 }
422 ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
423 return 0;
424 }
425
426static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
427 const BIGNUM *m, BN_CTX *ctx)
428 {
429 /* I need somewhere to store temporary serialised values for
430 * use with the Atalla API calls. A neat cheat - I'll use
431 * BIGNUMs from the BN_CTX but access their arrays directly as
432 * byte arrays <grin>. This way I don't have to clean anything
433 * up. */
434 BIGNUM *modulus;
435 BIGNUM *exponent;
436 BIGNUM *argument;
437 BIGNUM *result;
438 RSAPrivateKey keydata;
439 int to_return, numbytes;
440
441 modulus = exponent = argument = result = NULL;
442 to_return = 0; /* expect failure */
443
444 if(!atalla_dso)
445 {
446 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
447 goto err;
448 }
449 /* Prepare the params */
450 BN_CTX_start(ctx);
451 modulus = BN_CTX_get(ctx);
452 exponent = BN_CTX_get(ctx);
453 argument = BN_CTX_get(ctx);
454 result = BN_CTX_get(ctx);
455 if (!result)
456 {
457 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
458 goto err;
459 }
460 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
461 !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
462 {
463 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
464 goto err;
465 }
466 /* Prepare the key-data */
467 memset(&keydata, 0,sizeof keydata);
468 numbytes = BN_num_bytes(m);
469 memset(exponent->d, 0, numbytes);
470 memset(modulus->d, 0, numbytes);
471 BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
472 BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
473 keydata.privateExponent.data = (unsigned char *)exponent->d;
474 keydata.privateExponent.len = numbytes;
475 keydata.modulus.data = (unsigned char *)modulus->d;
476 keydata.modulus.len = numbytes;
477 /* Prepare the argument */
478 memset(argument->d, 0, numbytes);
479 memset(result->d, 0, numbytes);
480 BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
481 /* Perform the operation */
482 if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
483 (unsigned char *)argument->d,
484 keydata.modulus.len) != 0)
485 {
486 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
487 goto err;
488 }
489 /* Convert the response */
490 BN_bin2bn((unsigned char *)result->d, numbytes, r);
491 to_return = 1;
492err:
493 BN_CTX_end(ctx);
494 return to_return;
495 }
496
497#ifndef OPENSSL_NO_RSA
498static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
499 {
500 BN_CTX *ctx = NULL;
501 int to_return = 0;
502
503 if(!atalla_dso)
504 {
505 ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
506 goto err;
507 }
508 if((ctx = BN_CTX_new()) == NULL)
509 goto err;
510 if(!rsa->d || !rsa->n)
511 {
512 ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
513 goto err;
514 }
515 to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
516err:
517 if(ctx)
518 BN_CTX_free(ctx);
519 return to_return;
520 }
521#endif
522
523#ifndef OPENSSL_NO_DSA
524/* This code was liberated and adapted from the commented-out code in
525 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
526 * (it doesn't have a CRT form for RSA), this function means that an
527 * Atalla system running with a DSA server certificate can handshake
528 * around 5 or 6 times faster/more than an equivalent system running with
529 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
530 * of "openssl speed -engine atalla dsa1024 rsa1024". */
531static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
532 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
533 BN_CTX *ctx, BN_MONT_CTX *in_mont)
534 {
535 BIGNUM t;
536 int to_return = 0;
537
538 BN_init(&t);
539 /* let rr = a1 ^ p1 mod m */
540 if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
541 /* let t = a2 ^ p2 mod m */
542 if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
543 /* let rr = rr * t mod m */
544 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
545 to_return = 1;
546end:
547 BN_free(&t);
548 return to_return;
549 }
550
551static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
552 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
553 BN_MONT_CTX *m_ctx)
554 {
555 return atalla_mod_exp(r, a, p, m, ctx);
556 }
557#endif
558
559/* This function is aliased to mod_exp (with the mont stuff dropped). */
560static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
561 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
562 {
563 return atalla_mod_exp(r, a, p, m, ctx);
564 }
565
566#ifndef OPENSSL_NO_DH
567/* This function is aliased to mod_exp (with the dh and mont dropped). */
568static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
569 const BIGNUM *a, const BIGNUM *p,
570 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
571 {
572 return atalla_mod_exp(r, a, p, m, ctx);
573 }
574#endif
575
576/* This stuff is needed if this ENGINE is being compiled into a self-contained
577 * shared-library. */
578#ifdef ENGINE_DYNAMIC_SUPPORT
579static int bind_fn(ENGINE *e, const char *id)
580 {
581 if(id && (strcmp(id, engine_atalla_id) != 0))
582 return 0;
583 if(!bind_helper(e))
584 return 0;
585 return 1;
586 }
587IMPLEMENT_DYNAMIC_CHECK_FN()
588IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
589#endif /* ENGINE_DYNAMIC_SUPPORT */
590
591#endif /* !OPENSSL_NO_HW_ATALLA */
592#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.c b/src/lib/libcrypto/engine/hw_atalla_err.c
new file mode 100644
index 0000000000..1df9c4570c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.c
@@ -0,0 +1,145 @@
1/* hw_atalla_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_atalla_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA ATALLA_str_functs[]=
68 {
69{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0), "ATALLA_CTRL"},
70{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0), "ATALLA_FINISH"},
71{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0), "ATALLA_INIT"},
72{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
73{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0), "ATALLA_RSA_MOD_EXP"},
74{0,NULL}
75 };
76
77static ERR_STRING_DATA ATALLA_str_reasons[]=
78 {
79{ATALLA_R_ALREADY_LOADED ,"already loaded"},
80{ATALLA_R_BN_CTX_FULL ,"bn ctx full"},
81{ATALLA_R_BN_EXPAND_FAIL ,"bn expand fail"},
82{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
83{ATALLA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
84{ATALLA_R_NOT_LOADED ,"not loaded"},
85{ATALLA_R_REQUEST_FAILED ,"request failed"},
86{ATALLA_R_UNIT_FAILURE ,"unit failure"},
87{0,NULL}
88 };
89
90#endif
91
92#ifdef ATALLA_LIB_NAME
93static ERR_STRING_DATA ATALLA_lib_name[]=
94 {
95{0 ,ATALLA_LIB_NAME},
96{0,NULL}
97 };
98#endif
99
100
101static int ATALLA_lib_error_code=0;
102static int ATALLA_error_init=1;
103
104static void ERR_load_ATALLA_strings(void)
105 {
106 if (ATALLA_lib_error_code == 0)
107 ATALLA_lib_error_code=ERR_get_next_error_library();
108
109 if (ATALLA_error_init)
110 {
111 ATALLA_error_init=0;
112#ifndef OPENSSL_NO_ERR
113 ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
114 ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
115#endif
116
117#ifdef ATALLA_LIB_NAME
118 ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
119 ERR_load_strings(0,ATALLA_lib_name);
120#endif
121 }
122 }
123
124static void ERR_unload_ATALLA_strings(void)
125 {
126 if (ATALLA_error_init == 0)
127 {
128#ifndef OPENSSL_NO_ERR
129 ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
130 ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
131#endif
132
133#ifdef ATALLA_LIB_NAME
134 ERR_unload_strings(0,ATALLA_lib_name);
135#endif
136 ATALLA_error_init=1;
137 }
138 }
139
140static void ERR_ATALLA_error(int function, int reason, char *file, int line)
141 {
142 if (ATALLA_lib_error_code == 0)
143 ATALLA_lib_error_code=ERR_get_next_error_library();
144 ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
145 }
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.h b/src/lib/libcrypto/engine/hw_atalla_err.h
new file mode 100644
index 0000000000..cdac052d8c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.h
@@ -0,0 +1,89 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_ATALLA_ERR_H
56#define HEADER_ATALLA_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_ATALLA_strings(void);
63static void ERR_unload_ATALLA_strings(void);
64static void ERR_ATALLA_error(int function, int reason, char *file, int line);
65#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the ATALLA functions. */
68
69/* Function codes. */
70#define ATALLA_F_ATALLA_CTRL 100
71#define ATALLA_F_ATALLA_FINISH 101
72#define ATALLA_F_ATALLA_INIT 102
73#define ATALLA_F_ATALLA_MOD_EXP 103
74#define ATALLA_F_ATALLA_RSA_MOD_EXP 104
75
76/* Reason codes. */
77#define ATALLA_R_ALREADY_LOADED 100
78#define ATALLA_R_BN_CTX_FULL 101
79#define ATALLA_R_BN_EXPAND_FAIL 102
80#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
81#define ATALLA_R_MISSING_KEY_COMPONENTS 104
82#define ATALLA_R_NOT_LOADED 105
83#define ATALLA_R_REQUEST_FAILED 106
84#define ATALLA_R_UNIT_FAILURE 107
85
86#ifdef __cplusplus
87}
88#endif
89#endif
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
new file mode 100644
index 0000000000..954eb85207
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -0,0 +1,1107 @@
1/*
2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
3 * Copyright (c) 2002 Theo de Raadt
4 * Copyright (c) 2002 Markus Friedl
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the author nor the names of contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
20 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 *
30 */
31
32#include <sys/types.h>
33#include <sys/param.h>
34#include <crypto/cryptodev.h>
35#include <sys/ioctl.h>
36#include <errno.h>
37#include <stdio.h>
38#include <unistd.h>
39#include <fcntl.h>
40#include <stdarg.h>
41#include <syslog.h>
42#include <ssl/objects.h>
43#include <ssl/engine.h>
44#include <ssl/evp.h>
45#include <errno.h>
46#include <string.h>
47
48struct dev_crypto_state {
49 struct session_op d_sess;
50 int d_fd;
51};
52
53static u_int32_t cryptodev_asymfeat = 0;
54
55static int get_asym_dev_crypto(void);
56static int open_dev_crypto(void);
57static int get_dev_crypto(void);
58static int cryptodev_max_iv(int cipher);
59static int cryptodev_key_length_valid(int cipher, int len);
60static int cipher_nid_to_cryptodev(int nid);
61static int get_cryptodev_ciphers(const int **cnids);
62static int get_cryptodev_digests(const int **cnids);
63static int cryptodev_usable_ciphers(const int **nids);
64static int cryptodev_usable_digests(const int **nids);
65static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
66 const unsigned char *in, unsigned int inl);
67static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv, int enc);
69static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
70static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
71 const int **nids, int nid);
72static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
73 const int **nids, int nid);
74static int bn2crparam(const BIGNUM *a, struct crparam *crp);
75static int crparam2bn(struct crparam *crp, BIGNUM *a);
76static void zapparams(struct crypt_kop *kop);
77static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
78 int slen, BIGNUM *s);
79
80static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
81 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
82static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
83 RSA *rsa);
84static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
85static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
86 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
87static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
88 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
89 BN_CTX *ctx, BN_MONT_CTX *mont);
90static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
91 int dlen, DSA *dsa);
92static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
93 DSA_SIG *sig, DSA *dsa);
94static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
95 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
96 BN_MONT_CTX *m_ctx);
97static int cryptodev_dh_compute_key(unsigned char *key,
98 const BIGNUM *pub_key, DH *dh);
99static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
100 void (*f)());
101void ENGINE_load_cryptodev(void);
102
103static const ENGINE_CMD_DEFN cryptodev_defns[] = {
104 {ENGINE_CMD_BASE,
105 "SO_PATH",
106 "Specifies the path to the some stupid shared library",
107 ENGINE_CMD_FLAG_STRING},
108 { 0, NULL, NULL, 0 }
109};
110
111static struct {
112 int id;
113 int nid;
114 int ivmax;
115 int keylen;
116} ciphers[] = {
117 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
118 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
119 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
120 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
121 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
122 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
123 { 0, NID_undef, 0, 0, },
124};
125
126static struct {
127 int id;
128 int nid;
129} digests[] = {
130 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
131 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
132 { CRYPTO_MD5_KPDK, NID_undef, },
133 { CRYPTO_SHA1_KPDK, NID_undef, },
134 { CRYPTO_MD5, NID_md5, },
135 { CRYPTO_SHA1, NID_undef, },
136 { 0, NID_undef, },
137};
138
139/*
140 * Return a fd if /dev/crypto seems usable, 0 otherwise.
141 */
142static int
143open_dev_crypto(void)
144{
145 static int fd = -1;
146
147 if (fd == -1) {
148 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
149 return (-1);
150 /* close on exec */
151 if (fcntl(fd, F_SETFD, 1) == -1) {
152 close(fd);
153 fd = -1;
154 return (-1);
155 }
156 }
157 return (fd);
158}
159
160static int
161get_dev_crypto(void)
162{
163 int fd, retfd;
164
165 if ((fd = open_dev_crypto()) == -1)
166 return (-1);
167 if (ioctl(fd, CRIOGET, &retfd) == -1)
168 return (-1);
169
170 /* close on exec */
171 if (fcntl(retfd, F_SETFD, 1) == -1) {
172 close(retfd);
173 return (-1);
174 }
175 return (retfd);
176}
177
178/* Caching version for asym operations */
179static int
180get_asym_dev_crypto(void)
181{
182 static int fd = -1;
183
184 if (fd == -1)
185 fd = get_dev_crypto();
186 return fd;
187}
188
189/*
190 * XXXX this needs to be set for each alg - and determined from
191 * a running card.
192 */
193static int
194cryptodev_max_iv(int cipher)
195{
196 int i;
197
198 for (i = 0; ciphers[i].id; i++)
199 if (ciphers[i].id == cipher)
200 return (ciphers[i].ivmax);
201 return (0);
202}
203
204/*
205 * XXXX this needs to be set for each alg - and determined from
206 * a running card. For now, fake it out - but most of these
207 * for real devices should return 1 for the supported key
208 * sizes the device can handle.
209 */
210static int
211cryptodev_key_length_valid(int cipher, int len)
212{
213 int i;
214
215 for (i = 0; ciphers[i].id; i++)
216 if (ciphers[i].id == cipher)
217 return (ciphers[i].keylen == len);
218 return (0);
219}
220
221/* convert libcrypto nids to cryptodev */
222static int
223cipher_nid_to_cryptodev(int nid)
224{
225 int i;
226
227 for (i = 0; ciphers[i].id; i++)
228 if (ciphers[i].nid == nid)
229 return (ciphers[i].id);
230 return (0);
231}
232
233/*
234 * Find out what ciphers /dev/crypto will let us have a session for.
235 * XXX note, that some of these openssl doesn't deal with yet!
236 * returning them here is harmless, as long as we return NULL
237 * when asked for a handler in the cryptodev_engine_ciphers routine
238 */
239static int
240get_cryptodev_ciphers(const int **cnids)
241{
242 static int nids[CRYPTO_ALGORITHM_MAX];
243 struct session_op sess;
244 int fd, i, count = 0;
245
246 if ((fd = get_dev_crypto()) < 0) {
247 *nids = NULL;
248 return (0);
249 }
250 memset(&sess, 0, sizeof(sess));
251 sess.key = (caddr_t)"123456781234567812345678";
252
253 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
254 if (ciphers[i].nid == NID_undef)
255 continue;
256 sess.cipher = ciphers[i].id;
257 sess.keylen = ciphers[i].keylen;
258 sess.mac = 0;
259 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
260 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
261 nids[count++] = ciphers[i].nid;
262 }
263 close(fd);
264
265 if (count > 0)
266 *cnids = nids;
267 else
268 *cnids = NULL;
269 return (count);
270}
271
272/*
273 * Find out what digests /dev/crypto will let us have a session for.
274 * XXX note, that some of these openssl doesn't deal with yet!
275 * returning them here is harmless, as long as we return NULL
276 * when asked for a handler in the cryptodev_engine_digests routine
277 */
278static int
279get_cryptodev_digests(const int **cnids)
280{
281 static int nids[CRYPTO_ALGORITHM_MAX];
282 struct session_op sess;
283 int fd, i, count = 0;
284
285 if ((fd = get_dev_crypto()) < 0) {
286 *nids = NULL;
287 return (0);
288 }
289 memset(&sess, 0, sizeof(sess));
290 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
291 if (digests[i].nid == NID_undef)
292 continue;
293 sess.mac = digests[i].id;
294 sess.cipher = 0;
295 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
296 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
297 nids[count++] = digests[i].nid;
298 }
299 close(fd);
300
301 if (count > 0)
302 *cnids = nids;
303 else
304 *cnids = NULL;
305 return (count);
306}
307
308/*
309 * Find the useable ciphers|digests from dev/crypto - this is the first
310 * thing called by the engine init crud which determines what it
311 * can use for ciphers from this engine. We want to return
312 * only what we can do, anythine else is handled by software.
313 *
314 * If we can't initialize the device to do anything useful for
315 * any reason, we want to return a NULL array, and 0 length,
316 * which forces everything to be done is software. By putting
317 * the initalization of the device in here, we ensure we can
318 * use this engine as the default, and if for whatever reason
319 * /dev/crypto won't do what we want it will just be done in
320 * software
321 *
322 * This can (should) be greatly expanded to perhaps take into
323 * account speed of the device, and what we want to do.
324 * (although the disabling of particular alg's could be controlled
325 * by the device driver with sysctl's.) - this is where we
326 * want most of the decisions made about what we actually want
327 * to use from /dev/crypto.
328 */
329static int
330cryptodev_usable_ciphers(const int **nids)
331{
332 return (get_cryptodev_ciphers(nids));
333}
334
335static int
336cryptodev_usable_digests(const int **nids)
337{
338 /*
339 * XXXX just disable all digests for now, because it sucks.
340 * we need a better way to decide this - i.e. I may not
341 * want digests on slow cards like hifn on fast machines,
342 * but might want them on slow or loaded machines, etc.
343 * will also want them when using crypto cards that don't
344 * suck moose gonads - would be nice to be able to decide something
345 * as reasonable default without having hackery that's card dependent.
346 * of course, the default should probably be just do everything,
347 * with perhaps a sysctl to turn algoritms off (or have them off
348 * by default) on cards that generally suck like the hifn.
349 */
350 *nids = NULL;
351 return (0);
352}
353
354static int
355cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
356 const unsigned char *in, unsigned int inl)
357{
358 struct crypt_op cryp;
359 struct dev_crypto_state *state = ctx->cipher_data;
360 struct session_op *sess = &state->d_sess;
361 void *iiv;
362 unsigned char save_iv[EVP_MAX_IV_LENGTH];
363
364 if (state->d_fd < 0)
365 return (0);
366 if (!inl)
367 return (1);
368 if ((inl % ctx->cipher->block_size) != 0)
369 return (0);
370
371 memset(&cryp, 0, sizeof(cryp));
372
373 cryp.ses = sess->ses;
374 cryp.flags = 0;
375 cryp.len = inl;
376 cryp.src = (caddr_t) in;
377 cryp.dst = (caddr_t) out;
378 cryp.mac = 0;
379
380 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
381
382 if (ctx->cipher->iv_len) {
383 cryp.iv = (caddr_t) ctx->iv;
384 if (!ctx->encrypt) {
385 iiv = (void *) in + inl - ctx->cipher->iv_len;
386 memcpy(save_iv, iiv, ctx->cipher->iv_len);
387 }
388 } else
389 cryp.iv = NULL;
390
391 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
392 /* XXX need better errror handling
393 * this can fail for a number of different reasons.
394 */
395 return (0);
396 }
397
398 if (ctx->cipher->iv_len) {
399 if (ctx->encrypt)
400 iiv = (void *) out + inl - ctx->cipher->iv_len;
401 else
402 iiv = save_iv;
403 memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
404 }
405 return (1);
406}
407
408static int
409cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
410 const unsigned char *iv, int enc)
411{
412 struct dev_crypto_state *state = ctx->cipher_data;
413 struct session_op *sess = &state->d_sess;
414 int cipher;
415
416 if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
417 return (0);
418
419 if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
420 return (0);
421
422 if (!cryptodev_key_length_valid(cipher, ctx->key_len))
423 return (0);
424
425 memset(sess, 0, sizeof(struct session_op));
426
427 if ((state->d_fd = get_dev_crypto()) < 0)
428 return (0);
429
430 sess->key = (unsigned char *)key;
431 sess->keylen = ctx->key_len;
432 sess->cipher = cipher;
433
434 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
435 close(state->d_fd);
436 state->d_fd = -1;
437 return (0);
438 }
439 return (1);
440}
441
442/*
443 * free anything we allocated earlier when initting a
444 * session, and close the session.
445 */
446static int
447cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
448{
449 int ret = 0;
450 struct dev_crypto_state *state = ctx->cipher_data;
451 struct session_op *sess = &state->d_sess;
452
453 if (state->d_fd < 0)
454 return (0);
455
456 /* XXX if this ioctl fails, someting's wrong. the invoker
457 * may have called us with a bogus ctx, or we could
458 * have a device that for whatever reason just doesn't
459 * want to play ball - it's not clear what's right
460 * here - should this be an error? should it just
461 * increase a counter, hmm. For right now, we return
462 * 0 - I don't believe that to be "right". we could
463 * call the gorpy openssl lib error handlers that
464 * print messages to users of the library. hmm..
465 */
466
467 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
468 ret = 0;
469 } else {
470 ret = 1;
471 }
472 close(state->d_fd);
473 state->d_fd = -1;
474
475 return (ret);
476}
477
478/*
479 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
480 * gets called when libcrypto requests a cipher NID.
481 */
482
483/* DES CBC EVP */
484const EVP_CIPHER cryptodev_des_cbc = {
485 NID_des_cbc,
486 8, 8, 8,
487 EVP_CIPH_CBC_MODE,
488 cryptodev_init_key,
489 cryptodev_cipher,
490 cryptodev_cleanup,
491 sizeof(struct dev_crypto_state),
492 EVP_CIPHER_set_asn1_iv,
493 EVP_CIPHER_get_asn1_iv,
494 NULL
495};
496
497/* 3DES CBC EVP */
498const EVP_CIPHER cryptodev_3des_cbc = {
499 NID_des_ede3_cbc,
500 8, 24, 8,
501 EVP_CIPH_CBC_MODE,
502 cryptodev_init_key,
503 cryptodev_cipher,
504 cryptodev_cleanup,
505 sizeof(struct dev_crypto_state),
506 EVP_CIPHER_set_asn1_iv,
507 EVP_CIPHER_get_asn1_iv,
508 NULL
509};
510
511const EVP_CIPHER cryptodev_bf_cbc = {
512 NID_bf_cbc,
513 8, 16, 8,
514 EVP_CIPH_CBC_MODE,
515 cryptodev_init_key,
516 cryptodev_cipher,
517 cryptodev_cleanup,
518 sizeof(struct dev_crypto_state),
519 EVP_CIPHER_set_asn1_iv,
520 EVP_CIPHER_get_asn1_iv,
521 NULL
522};
523
524const EVP_CIPHER cryptodev_cast_cbc = {
525 NID_cast5_cbc,
526 8, 16, 8,
527 EVP_CIPH_CBC_MODE,
528 cryptodev_init_key,
529 cryptodev_cipher,
530 cryptodev_cleanup,
531 sizeof(struct dev_crypto_state),
532 EVP_CIPHER_set_asn1_iv,
533 EVP_CIPHER_get_asn1_iv,
534 NULL
535};
536
537const EVP_CIPHER cryptodev_aes_cbc = {
538 NID_aes_128_cbc,
539 16, 16, 16,
540 EVP_CIPH_CBC_MODE,
541 cryptodev_init_key,
542 cryptodev_cipher,
543 cryptodev_cleanup,
544 sizeof(struct dev_crypto_state),
545 EVP_CIPHER_set_asn1_iv,
546 EVP_CIPHER_get_asn1_iv,
547 NULL
548};
549
550/*
551 * Registered by the ENGINE when used to find out how to deal with
552 * a particular NID in the ENGINE. this says what we'll do at the
553 * top level - note, that list is restricted by what we answer with
554 */
555static int
556cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
557 const int **nids, int nid)
558{
559 if (!cipher)
560 return (cryptodev_usable_ciphers(nids));
561
562 switch (nid) {
563 case NID_des_ede3_cbc:
564 *cipher = &cryptodev_3des_cbc;
565 break;
566 case NID_des_cbc:
567 *cipher = &cryptodev_des_cbc;
568 break;
569 case NID_bf_cbc:
570 *cipher = &cryptodev_bf_cbc;
571 break;
572 case NID_cast5_cbc:
573 *cipher = &cryptodev_cast_cbc;
574 break;
575 case NID_aes_128_cbc:
576 *cipher = &cryptodev_aes_cbc;
577 break;
578 default:
579 *cipher = NULL;
580 break;
581 }
582 return (*cipher != NULL);
583}
584
585static int
586cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
587 const int **nids, int nid)
588{
589 if (!digest)
590 return (cryptodev_usable_digests(nids));
591
592 switch (nid) {
593 case NID_md5:
594 *digest = NULL; /* need to make a clean md5 critter */
595 break;
596 default:
597 *digest = NULL;
598 break;
599 }
600 return (*digest != NULL);
601}
602
603/*
604 * Convert a BIGNUM to the representation that /dev/crypto needs.
605 * Upon completion of use, the caller is responsible for freeing
606 * crp->crp_p.
607 */
608static int
609bn2crparam(const BIGNUM *a, struct crparam *crp)
610{
611 int i, j, k;
612 ssize_t words, bytes, bits;
613 u_char *b;
614
615 crp->crp_p = NULL;
616 crp->crp_nbits = 0;
617
618 bits = BN_num_bits(a);
619 bytes = (bits + 7) / 8;
620
621 b = malloc(bytes);
622 if (b == NULL)
623 return (1);
624
625 crp->crp_p = b;
626 crp->crp_nbits = bits;
627
628 for (i = 0, j = 0; i < a->top; i++) {
629 for (k = 0; k < BN_BITS2 / 8; k++) {
630 if ((j + k) >= bytes)
631 return (0);
632 b[j + k] = a->d[i] >> (k * 8);
633 }
634 j += BN_BITS2 / 8;
635 }
636 return (0);
637}
638
639/* Convert a /dev/crypto parameter to a BIGNUM */
640static int
641crparam2bn(struct crparam *crp, BIGNUM *a)
642{
643 u_int8_t *pd;
644 int i, bytes;
645
646 bytes = (crp->crp_nbits + 7) / 8;
647
648 if (bytes == 0)
649 return (-1);
650
651 if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
652 return (-1);
653
654 for (i = 0; i < bytes; i++)
655 pd[i] = crp->crp_p[bytes - i - 1];
656
657 BN_bin2bn(pd, bytes, a);
658 free(pd);
659
660 return (0);
661}
662
663static void
664zapparams(struct crypt_kop *kop)
665{
666 int i;
667
668 for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
669 if (kop->crk_param[i].crp_p)
670 free(kop->crk_param[i].crp_p);
671 kop->crk_param[i].crp_p = NULL;
672 kop->crk_param[i].crp_nbits = 0;
673 }
674}
675
676static int
677cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
678{
679 int fd, ret = -1;
680
681 if ((fd = get_asym_dev_crypto()) < 0)
682 return (ret);
683
684 if (r) {
685 kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
686 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
687 kop->crk_oparams++;
688 }
689 if (s) {
690 kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
691 kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
692 kop->crk_oparams++;
693 }
694
695 if (ioctl(fd, CIOCKEY, kop) == 0) {
696 if (r)
697 crparam2bn(&kop->crk_param[kop->crk_iparams], r);
698 if (s)
699 crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
700 ret = 0;
701 }
702
703 return (ret);
704}
705
706static int
707cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
708 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
709{
710 struct crypt_kop kop;
711 int ret = 1;
712
713 /* Currently, we know we can do mod exp iff we can do any
714 * asymmetric operations at all.
715 */
716 if (cryptodev_asymfeat == 0) {
717 ret = BN_mod_exp(r, a, p, m, ctx);
718 return (ret);
719 }
720
721 memset(&kop, 0, sizeof kop);
722 kop.crk_op = CRK_MOD_EXP;
723
724 /* inputs: a^p % m */
725 if (bn2crparam(a, &kop.crk_param[0]))
726 goto err;
727 if (bn2crparam(p, &kop.crk_param[1]))
728 goto err;
729 if (bn2crparam(m, &kop.crk_param[2]))
730 goto err;
731 kop.crk_iparams = 3;
732
733 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
734 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
735 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
736 }
737err:
738 zapparams(&kop);
739 return (ret);
740}
741
742static int
743cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
744{
745 int r;
746 BN_CTX *ctx;
747
748 ctx = BN_CTX_new();
749 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
750 BN_CTX_free(ctx);
751 return (r);
752}
753
754static int
755cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
756{
757 struct crypt_kop kop;
758 int ret = 1;
759
760 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
761 /* XXX 0 means failure?? */
762 return (0);
763 }
764
765 memset(&kop, 0, sizeof kop);
766 kop.crk_op = CRK_MOD_EXP_CRT;
767 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
768 if (bn2crparam(rsa->p, &kop.crk_param[0]))
769 goto err;
770 if (bn2crparam(rsa->q, &kop.crk_param[1]))
771 goto err;
772 if (bn2crparam(I, &kop.crk_param[2]))
773 goto err;
774 if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
775 goto err;
776 if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
777 goto err;
778 if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
779 goto err;
780 kop.crk_iparams = 6;
781
782 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
783 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
784 ret = (*meth->rsa_mod_exp)(r0, I, rsa);
785 }
786err:
787 zapparams(&kop);
788 return (ret);
789}
790
791static RSA_METHOD cryptodev_rsa = {
792 "cryptodev RSA method",
793 NULL, /* rsa_pub_enc */
794 NULL, /* rsa_pub_dec */
795 NULL, /* rsa_priv_enc */
796 NULL, /* rsa_priv_dec */
797 NULL,
798 NULL,
799 NULL, /* init */
800 NULL, /* finish */
801 0, /* flags */
802 NULL, /* app_data */
803 NULL, /* rsa_sign */
804 NULL /* rsa_verify */
805};
806
807static int
808cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
809 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
810{
811 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
812}
813
814static int
815cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
816 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
817 BN_CTX *ctx, BN_MONT_CTX *mont)
818{
819 BIGNUM t2;
820 int ret = 0;
821
822 BN_init(&t2);
823
824 /* v = ( g^u1 * y^u2 mod p ) mod q */
825 /* let t1 = g ^ u1 mod p */
826 ret = 0;
827
828 if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
829 goto err;
830
831 /* let t2 = y ^ u2 mod p */
832 if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
833 goto err;
834 /* let u1 = t1 * t2 mod p */
835 if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
836 goto err;
837
838 BN_copy(t1,u1);
839
840 ret = 1;
841err:
842 BN_free(&t2);
843 return(ret);
844}
845
846static DSA_SIG *
847cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
848{
849 struct crypt_kop kop;
850 BIGNUM *r = NULL, *s = NULL;
851 DSA_SIG *dsaret = NULL;
852
853 if ((r = BN_new()) == NULL)
854 goto err;
855 if ((s = BN_new()) == NULL) {
856 BN_free(r);
857 goto err;
858 }
859
860 printf("bar\n");
861 memset(&kop, 0, sizeof kop);
862 kop.crk_op = CRK_DSA_SIGN;
863
864 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
865 kop.crk_param[0].crp_p = (caddr_t)dgst;
866 kop.crk_param[0].crp_nbits = dlen * 8;
867 if (bn2crparam(dsa->p, &kop.crk_param[1]))
868 goto err;
869 if (bn2crparam(dsa->q, &kop.crk_param[2]))
870 goto err;
871 if (bn2crparam(dsa->g, &kop.crk_param[3]))
872 goto err;
873 if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
874 goto err;
875 kop.crk_iparams = 5;
876
877 if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
878 BN_num_bytes(dsa->q), s) == 0) {
879 dsaret = DSA_SIG_new();
880 dsaret->r = r;
881 dsaret->s = s;
882 } else {
883 const DSA_METHOD *meth = DSA_OpenSSL();
884 BN_free(r);
885 BN_free(s);
886 dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
887 }
888err:
889 kop.crk_param[0].crp_p = NULL;
890 zapparams(&kop);
891 return (dsaret);
892}
893
894static int
895cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
896 DSA_SIG *sig, DSA *dsa)
897{
898 struct crypt_kop kop;
899 int dsaret = 1;
900
901 memset(&kop, 0, sizeof kop);
902 kop.crk_op = CRK_DSA_VERIFY;
903
904 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
905 kop.crk_param[0].crp_p = (caddr_t)dgst;
906 kop.crk_param[0].crp_nbits = dlen * 8;
907 if (bn2crparam(dsa->p, &kop.crk_param[1]))
908 goto err;
909 if (bn2crparam(dsa->q, &kop.crk_param[2]))
910 goto err;
911 if (bn2crparam(dsa->g, &kop.crk_param[3]))
912 goto err;
913 if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
914 goto err;
915 if (bn2crparam(sig->r, &kop.crk_param[5]))
916 goto err;
917 if (bn2crparam(sig->s, &kop.crk_param[6]))
918 goto err;
919 kop.crk_iparams = 7;
920
921 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
922 dsaret = kop.crk_status;
923 } else {
924 const DSA_METHOD *meth = DSA_OpenSSL();
925
926 dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
927 }
928err:
929 kop.crk_param[0].crp_p = NULL;
930 zapparams(&kop);
931 return (dsaret);
932}
933
934static DSA_METHOD cryptodev_dsa = {
935 "cryptodev DSA method",
936 NULL,
937 NULL, /* dsa_sign_setup */
938 NULL,
939 NULL, /* dsa_mod_exp */
940 NULL,
941 NULL, /* init */
942 NULL, /* finish */
943 0, /* flags */
944 NULL /* app_data */
945};
946
947static int
948cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
949 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
950 BN_MONT_CTX *m_ctx)
951{
952 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
953}
954
955static int
956cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
957{
958 struct crypt_kop kop;
959 int dhret = 1;
960 int fd, keylen;
961
962 if ((fd = get_asym_dev_crypto()) < 0) {
963 const DH_METHOD *meth = DH_OpenSSL();
964
965 return ((meth->compute_key)(key, pub_key, dh));
966 }
967
968 keylen = BN_num_bits(dh->p);
969
970 memset(&kop, 0, sizeof kop);
971 kop.crk_op = CRK_DH_COMPUTE_KEY;
972
973 /* inputs: dh->priv_key pub_key dh->p key */
974 if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
975 goto err;
976 if (bn2crparam(pub_key, &kop.crk_param[1]))
977 goto err;
978 if (bn2crparam(dh->p, &kop.crk_param[2]))
979 goto err;
980 kop.crk_iparams = 3;
981
982 kop.crk_param[3].crp_p = key;
983 kop.crk_param[3].crp_nbits = keylen * 8;
984 kop.crk_oparams = 1;
985
986 if (ioctl(fd, CIOCKEY, &kop) == -1) {
987 const DH_METHOD *meth = DH_OpenSSL();
988
989 dhret = (meth->compute_key)(key, pub_key, dh);
990 }
991err:
992 kop.crk_param[3].crp_p = NULL;
993 zapparams(&kop);
994 return (dhret);
995}
996
997static DH_METHOD cryptodev_dh = {
998 "cryptodev DH method",
999 NULL, /* cryptodev_dh_generate_key */
1000 NULL,
1001 NULL,
1002 NULL,
1003 NULL,
1004 0, /* flags */
1005 NULL /* app_data */
1006};
1007
1008/*
1009 * ctrl right now is just a wrapper that doesn't do much
1010 * but I expect we'll want some options soon.
1011 */
1012static int
1013cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
1014{
1015 struct syslog_data sd = SYSLOG_DATA_INIT;
1016
1017 switch (cmd) {
1018 default:
1019 syslog_r(LOG_ERR, &sd,
1020 "cryptodev_ctrl: unknown command %d", cmd);
1021 break;
1022 }
1023 return (1);
1024}
1025
1026void
1027ENGINE_load_cryptodev(void)
1028{
1029 ENGINE *engine = ENGINE_new();
1030 int fd;
1031
1032 if (engine == NULL)
1033 return;
1034 if ((fd = get_dev_crypto()) < 0)
1035 return;
1036
1037 /*
1038 * find out what asymmetric crypto algorithms we support
1039 */
1040 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1041 close(fd);
1042 return;
1043 }
1044 close(fd);
1045
1046 if (!ENGINE_set_id(engine, "cryptodev") ||
1047 !ENGINE_set_name(engine, "OpenBSD cryptodev engine") ||
1048 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
1049 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
1050 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
1051 !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
1052 ENGINE_free(engine);
1053 return;
1054 }
1055
1056 if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
1057 const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
1058
1059 cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
1060 cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
1061 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
1062 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
1063 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
1064 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1065 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1066 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1067 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1068 cryptodev_rsa.rsa_mod_exp =
1069 cryptodev_rsa_mod_exp;
1070 else
1071 cryptodev_rsa.rsa_mod_exp =
1072 cryptodev_rsa_nocrt_mod_exp;
1073 }
1074 }
1075
1076 if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
1077 const DSA_METHOD *meth = DSA_OpenSSL();
1078
1079 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1080 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1081 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1082 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1083 cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1084 cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
1085 }
1086 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1087 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1088 }
1089
1090 if (ENGINE_set_DH(engine, &cryptodev_dh)){
1091 const DH_METHOD *dh_meth = DH_OpenSSL();
1092
1093 cryptodev_dh.generate_key = dh_meth->generate_key;
1094 cryptodev_dh.compute_key = dh_meth->compute_key;
1095 cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1096 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1097 cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1098 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1099 cryptodev_dh.compute_key =
1100 cryptodev_dh_compute_key;
1101 }
1102 }
1103
1104 ENGINE_add(engine);
1105 ENGINE_free(engine);
1106 ERR_clear_error();
1107}
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
new file mode 100644
index 0000000000..f5c897bdbb
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -0,0 +1,924 @@
1/* crypto/engine/hw_cswift.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/dso.h>
63#include <openssl/engine.h>
64
65#ifndef OPENSSL_NO_HW
66#ifndef OPENSSL_NO_HW_CSWIFT
67
68/* Attribution notice: Rainbow have generously allowed me to reproduce
69 * the necessary definitions here from their API. This means the support
70 * can build independently of whether application builders have the
71 * API or hardware. This will allow developers to easily produce software
72 * that has latent hardware support for any users that have accelerators
73 * installed, without the developers themselves needing anything extra.
74 *
75 * I have only clipped the parts from the CryptoSwift header files that
76 * are (or seem) relevant to the CryptoSwift support code. This is
77 * simply to keep the file sizes reasonable.
78 * [Geoff]
79 */
80#ifdef FLAT_INC
81#include "cswift.h"
82#else
83#include "vendor_defns/cswift.h"
84#endif
85
86#define CSWIFT_LIB_NAME "cswift engine"
87#include "hw_cswift_err.c"
88
89static int cswift_destroy(ENGINE *e);
90static int cswift_init(ENGINE *e);
91static int cswift_finish(ENGINE *e);
92static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
93
94/* BIGNUM stuff */
95static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
96 const BIGNUM *m, BN_CTX *ctx);
97static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
98 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
99 const BIGNUM *iqmp, BN_CTX *ctx);
100
101#ifndef OPENSSL_NO_RSA
102/* RSA stuff */
103static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
104#endif
105/* This function is aliased to mod_exp (with the mont stuff dropped). */
106static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
107 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
108
109#ifndef OPENSSL_NO_DSA
110/* DSA stuff */
111static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
112static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
113 DSA_SIG *sig, DSA *dsa);
114#endif
115
116#ifndef OPENSSL_NO_DH
117/* DH stuff */
118/* This function is alised to mod_exp (with the DH and mont dropped). */
119static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
120 const BIGNUM *a, const BIGNUM *p,
121 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
122#endif
123
124/* The definitions for control commands specific to this engine */
125#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
126static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
127 {CSWIFT_CMD_SO_PATH,
128 "SO_PATH",
129 "Specifies the path to the 'cswift' shared library",
130 ENGINE_CMD_FLAG_STRING},
131 {0, NULL, NULL, 0}
132 };
133
134#ifndef OPENSSL_NO_RSA
135/* Our internal RSA_METHOD that we provide pointers to */
136static RSA_METHOD cswift_rsa =
137 {
138 "CryptoSwift RSA method",
139 NULL,
140 NULL,
141 NULL,
142 NULL,
143 cswift_rsa_mod_exp,
144 cswift_mod_exp_mont,
145 NULL,
146 NULL,
147 0,
148 NULL,
149 NULL,
150 NULL
151 };
152#endif
153
154#ifndef OPENSSL_NO_DSA
155/* Our internal DSA_METHOD that we provide pointers to */
156static DSA_METHOD cswift_dsa =
157 {
158 "CryptoSwift DSA method",
159 cswift_dsa_sign,
160 NULL, /* dsa_sign_setup */
161 cswift_dsa_verify,
162 NULL, /* dsa_mod_exp */
163 NULL, /* bn_mod_exp */
164 NULL, /* init */
165 NULL, /* finish */
166 0, /* flags */
167 NULL /* app_data */
168 };
169#endif
170
171#ifndef OPENSSL_NO_DH
172/* Our internal DH_METHOD that we provide pointers to */
173static DH_METHOD cswift_dh =
174 {
175 "CryptoSwift DH method",
176 NULL,
177 NULL,
178 cswift_mod_exp_dh,
179 NULL,
180 NULL,
181 0,
182 NULL
183 };
184#endif
185
186/* Constants used when creating the ENGINE */
187static const char *engine_cswift_id = "cswift";
188static const char *engine_cswift_name = "CryptoSwift hardware engine support";
189
190/* This internal function is used by ENGINE_cswift() and possibly by the
191 * "dynamic" ENGINE support too */
192static int bind_helper(ENGINE *e)
193 {
194#ifndef OPENSSL_NO_RSA
195 const RSA_METHOD *meth1;
196#endif
197#ifndef OPENSSL_NO_DH
198 const DH_METHOD *meth2;
199#endif
200 if(!ENGINE_set_id(e, engine_cswift_id) ||
201 !ENGINE_set_name(e, engine_cswift_name) ||
202#ifndef OPENSSL_NO_RSA
203 !ENGINE_set_RSA(e, &cswift_rsa) ||
204#endif
205#ifndef OPENSSL_NO_DSA
206 !ENGINE_set_DSA(e, &cswift_dsa) ||
207#endif
208#ifndef OPENSSL_NO_DH
209 !ENGINE_set_DH(e, &cswift_dh) ||
210#endif
211 !ENGINE_set_destroy_function(e, cswift_destroy) ||
212 !ENGINE_set_init_function(e, cswift_init) ||
213 !ENGINE_set_finish_function(e, cswift_finish) ||
214 !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
215 !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
216 return 0;
217
218#ifndef OPENSSL_NO_RSA
219 /* We know that the "PKCS1_SSLeay()" functions hook properly
220 * to the cswift-specific mod_exp and mod_exp_crt so we use
221 * those functions. NB: We don't use ENGINE_openssl() or
222 * anything "more generic" because something like the RSAref
223 * code may not hook properly, and if you own one of these
224 * cards then you have the right to do RSA operations on it
225 * anyway! */
226 meth1 = RSA_PKCS1_SSLeay();
227 cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
228 cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
229 cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
230 cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
231#endif
232
233#ifndef OPENSSL_NO_DH
234 /* Much the same for Diffie-Hellman */
235 meth2 = DH_OpenSSL();
236 cswift_dh.generate_key = meth2->generate_key;
237 cswift_dh.compute_key = meth2->compute_key;
238#endif
239
240 /* Ensure the cswift error handling is set up */
241 ERR_load_CSWIFT_strings();
242 return 1;
243 }
244
245static ENGINE *engine_cswift(void)
246 {
247 ENGINE *ret = ENGINE_new();
248 if(!ret)
249 return NULL;
250 if(!bind_helper(ret))
251 {
252 ENGINE_free(ret);
253 return NULL;
254 }
255 return ret;
256 }
257
258void ENGINE_load_cswift(void)
259 {
260 /* Copied from eng_[openssl|dyn].c */
261 ENGINE *toadd = engine_cswift();
262 if(!toadd) return;
263 ENGINE_add(toadd);
264 ENGINE_free(toadd);
265 ERR_clear_error();
266 }
267
268/* This is a process-global DSO handle used for loading and unloading
269 * the CryptoSwift library. NB: This is only set (or unset) during an
270 * init() or finish() call (reference counts permitting) and they're
271 * operating with global locks, so this should be thread-safe
272 * implicitly. */
273static DSO *cswift_dso = NULL;
274
275/* These are the function pointers that are (un)set when the library has
276 * successfully (un)loaded. */
277t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
278t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
279t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
280t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
281
282/* Used in the DSO operations. */
283static const char *CSWIFT_LIBNAME = NULL;
284static const char *get_CSWIFT_LIBNAME(void)
285 {
286 if(CSWIFT_LIBNAME)
287 return CSWIFT_LIBNAME;
288 return "swift";
289 }
290static void free_CSWIFT_LIBNAME(void)
291 {
292 if(CSWIFT_LIBNAME)
293 OPENSSL_free((void*)CSWIFT_LIBNAME);
294 CSWIFT_LIBNAME = NULL;
295 }
296static long set_CSWIFT_LIBNAME(const char *name)
297 {
298 free_CSWIFT_LIBNAME();
299 return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
300 }
301static const char *CSWIFT_F1 = "swAcquireAccContext";
302static const char *CSWIFT_F2 = "swAttachKeyParam";
303static const char *CSWIFT_F3 = "swSimpleRequest";
304static const char *CSWIFT_F4 = "swReleaseAccContext";
305
306
307/* CryptoSwift library functions and mechanics - these are used by the
308 * higher-level functions further down. NB: As and where there's no
309 * error checking, take a look lower down where these functions are
310 * called, the checking and error handling is probably down there. */
311
312/* utility function to obtain a context */
313static int get_context(SW_CONTEXT_HANDLE *hac)
314 {
315 SW_STATUS status;
316
317 status = p_CSwift_AcquireAccContext(hac);
318 if(status != SW_OK)
319 return 0;
320 return 1;
321 }
322
323/* similarly to release one. */
324static void release_context(SW_CONTEXT_HANDLE hac)
325 {
326 p_CSwift_ReleaseAccContext(hac);
327 }
328
329/* Destructor (complements the "ENGINE_cswift()" constructor) */
330static int cswift_destroy(ENGINE *e)
331 {
332 free_CSWIFT_LIBNAME();
333 ERR_unload_CSWIFT_strings();
334 return 1;
335 }
336
337/* (de)initialisation functions. */
338static int cswift_init(ENGINE *e)
339 {
340 SW_CONTEXT_HANDLE hac;
341 t_swAcquireAccContext *p1;
342 t_swAttachKeyParam *p2;
343 t_swSimpleRequest *p3;
344 t_swReleaseAccContext *p4;
345
346 if(cswift_dso != NULL)
347 {
348 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
349 goto err;
350 }
351 /* Attempt to load libswift.so/swift.dll/whatever. */
352 cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
353 if(cswift_dso == NULL)
354 {
355 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
356 goto err;
357 }
358 if(!(p1 = (t_swAcquireAccContext *)
359 DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
360 !(p2 = (t_swAttachKeyParam *)
361 DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
362 !(p3 = (t_swSimpleRequest *)
363 DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
364 !(p4 = (t_swReleaseAccContext *)
365 DSO_bind_func(cswift_dso, CSWIFT_F4)))
366 {
367 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
368 goto err;
369 }
370 /* Copy the pointers */
371 p_CSwift_AcquireAccContext = p1;
372 p_CSwift_AttachKeyParam = p2;
373 p_CSwift_SimpleRequest = p3;
374 p_CSwift_ReleaseAccContext = p4;
375 /* Try and get a context - if not, we may have a DSO but no
376 * accelerator! */
377 if(!get_context(&hac))
378 {
379 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
380 goto err;
381 }
382 release_context(hac);
383 /* Everything's fine. */
384 return 1;
385err:
386 if(cswift_dso)
387 DSO_free(cswift_dso);
388 p_CSwift_AcquireAccContext = NULL;
389 p_CSwift_AttachKeyParam = NULL;
390 p_CSwift_SimpleRequest = NULL;
391 p_CSwift_ReleaseAccContext = NULL;
392 return 0;
393 }
394
395static int cswift_finish(ENGINE *e)
396 {
397 free_CSWIFT_LIBNAME();
398 if(cswift_dso == NULL)
399 {
400 CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
401 return 0;
402 }
403 if(!DSO_free(cswift_dso))
404 {
405 CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
406 return 0;
407 }
408 cswift_dso = NULL;
409 p_CSwift_AcquireAccContext = NULL;
410 p_CSwift_AttachKeyParam = NULL;
411 p_CSwift_SimpleRequest = NULL;
412 p_CSwift_ReleaseAccContext = NULL;
413 return 1;
414 }
415
416static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
417 {
418 int initialised = ((cswift_dso == NULL) ? 0 : 1);
419 switch(cmd)
420 {
421 case CSWIFT_CMD_SO_PATH:
422 if(p == NULL)
423 {
424 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
425 return 0;
426 }
427 if(initialised)
428 {
429 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
430 return 0;
431 }
432 return set_CSWIFT_LIBNAME((const char *)p);
433 default:
434 break;
435 }
436 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
437 return 0;
438 }
439
440/* Un petit mod_exp */
441static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
442 const BIGNUM *m, BN_CTX *ctx)
443 {
444 /* I need somewhere to store temporary serialised values for
445 * use with the CryptoSwift API calls. A neat cheat - I'll use
446 * BIGNUMs from the BN_CTX but access their arrays directly as
447 * byte arrays <grin>. This way I don't have to clean anything
448 * up. */
449 BIGNUM *modulus;
450 BIGNUM *exponent;
451 BIGNUM *argument;
452 BIGNUM *result;
453 SW_STATUS sw_status;
454 SW_LARGENUMBER arg, res;
455 SW_PARAM sw_param;
456 SW_CONTEXT_HANDLE hac;
457 int to_return, acquired;
458
459 modulus = exponent = argument = result = NULL;
460 to_return = 0; /* expect failure */
461 acquired = 0;
462
463 if(!get_context(&hac))
464 {
465 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
466 goto err;
467 }
468 acquired = 1;
469 /* Prepare the params */
470 BN_CTX_start(ctx);
471 modulus = BN_CTX_get(ctx);
472 exponent = BN_CTX_get(ctx);
473 argument = BN_CTX_get(ctx);
474 result = BN_CTX_get(ctx);
475 if(!result)
476 {
477 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
478 goto err;
479 }
480 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
481 !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
482 {
483 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
484 goto err;
485 }
486 sw_param.type = SW_ALG_EXP;
487 sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
488 (unsigned char *)modulus->d);
489 sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
490 sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
491 (unsigned char *)exponent->d);
492 sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
493 /* Attach the key params */
494 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
495 switch(sw_status)
496 {
497 case SW_OK:
498 break;
499 case SW_ERR_INPUT_SIZE:
500 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
501 goto err;
502 default:
503 {
504 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
505 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
506 sprintf(tmpbuf, "%ld", sw_status);
507 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
508 }
509 goto err;
510 }
511 /* Prepare the argument and response */
512 arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
513 arg.value = (unsigned char *)argument->d;
514 res.nbytes = BN_num_bytes(m);
515 memset(result->d, 0, res.nbytes);
516 res.value = (unsigned char *)result->d;
517 /* Perform the operation */
518 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
519 &res, 1)) != SW_OK)
520 {
521 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
522 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
523 sprintf(tmpbuf, "%ld", sw_status);
524 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
525 goto err;
526 }
527 /* Convert the response */
528 BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
529 to_return = 1;
530err:
531 if(acquired)
532 release_context(hac);
533 BN_CTX_end(ctx);
534 return to_return;
535 }
536
537/* Un petit mod_exp chinois */
538static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
539 const BIGNUM *q, const BIGNUM *dmp1,
540 const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
541 {
542 SW_STATUS sw_status;
543 SW_LARGENUMBER arg, res;
544 SW_PARAM sw_param;
545 SW_CONTEXT_HANDLE hac;
546 BIGNUM *rsa_p = NULL;
547 BIGNUM *rsa_q = NULL;
548 BIGNUM *rsa_dmp1 = NULL;
549 BIGNUM *rsa_dmq1 = NULL;
550 BIGNUM *rsa_iqmp = NULL;
551 BIGNUM *argument = NULL;
552 BIGNUM *result = NULL;
553 int to_return = 0; /* expect failure */
554 int acquired = 0;
555
556 if(!get_context(&hac))
557 {
558 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
559 goto err;
560 }
561 acquired = 1;
562 /* Prepare the params */
563 BN_CTX_start(ctx);
564 rsa_p = BN_CTX_get(ctx);
565 rsa_q = BN_CTX_get(ctx);
566 rsa_dmp1 = BN_CTX_get(ctx);
567 rsa_dmq1 = BN_CTX_get(ctx);
568 rsa_iqmp = BN_CTX_get(ctx);
569 argument = BN_CTX_get(ctx);
570 result = BN_CTX_get(ctx);
571 if(!result)
572 {
573 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
574 goto err;
575 }
576 if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
577 !bn_wexpand(rsa_dmp1, dmp1->top) ||
578 !bn_wexpand(rsa_dmq1, dmq1->top) ||
579 !bn_wexpand(rsa_iqmp, iqmp->top) ||
580 !bn_wexpand(argument, a->top) ||
581 !bn_wexpand(result, p->top + q->top))
582 {
583 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
584 goto err;
585 }
586 sw_param.type = SW_ALG_CRT;
587 sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
588 sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
589 sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
590 sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
591 sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
592 (unsigned char *)rsa_dmp1->d);
593 sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
594 sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
595 (unsigned char *)rsa_dmq1->d);
596 sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
597 sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
598 (unsigned char *)rsa_iqmp->d);
599 sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
600 /* Attach the key params */
601 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
602 switch(sw_status)
603 {
604 case SW_OK:
605 break;
606 case SW_ERR_INPUT_SIZE:
607 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
608 goto err;
609 default:
610 {
611 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
612 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
613 sprintf(tmpbuf, "%ld", sw_status);
614 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
615 }
616 goto err;
617 }
618 /* Prepare the argument and response */
619 arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
620 arg.value = (unsigned char *)argument->d;
621 res.nbytes = 2 * BN_num_bytes(p);
622 memset(result->d, 0, res.nbytes);
623 res.value = (unsigned char *)result->d;
624 /* Perform the operation */
625 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
626 &res, 1)) != SW_OK)
627 {
628 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
629 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
630 sprintf(tmpbuf, "%ld", sw_status);
631 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
632 goto err;
633 }
634 /* Convert the response */
635 BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
636 to_return = 1;
637err:
638 if(acquired)
639 release_context(hac);
640 BN_CTX_end(ctx);
641 return to_return;
642 }
643
644#ifndef OPENSSL_NO_RSA
645static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
646 {
647 BN_CTX *ctx;
648 int to_return = 0;
649
650 if((ctx = BN_CTX_new()) == NULL)
651 goto err;
652 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
653 {
654 CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
655 goto err;
656 }
657 to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
658 rsa->dmq1, rsa->iqmp, ctx);
659err:
660 if(ctx)
661 BN_CTX_free(ctx);
662 return to_return;
663 }
664#endif
665
666/* This function is aliased to mod_exp (with the mont stuff dropped). */
667static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
668 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
669 {
670 return cswift_mod_exp(r, a, p, m, ctx);
671 }
672
673#ifndef OPENSSL_NO_DSA
674static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
675 {
676 SW_CONTEXT_HANDLE hac;
677 SW_PARAM sw_param;
678 SW_STATUS sw_status;
679 SW_LARGENUMBER arg, res;
680 unsigned char *ptr;
681 BN_CTX *ctx;
682 BIGNUM *dsa_p = NULL;
683 BIGNUM *dsa_q = NULL;
684 BIGNUM *dsa_g = NULL;
685 BIGNUM *dsa_key = NULL;
686 BIGNUM *result = NULL;
687 DSA_SIG *to_return = NULL;
688 int acquired = 0;
689
690 if((ctx = BN_CTX_new()) == NULL)
691 goto err;
692 if(!get_context(&hac))
693 {
694 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
695 goto err;
696 }
697 acquired = 1;
698 /* Prepare the params */
699 BN_CTX_start(ctx);
700 dsa_p = BN_CTX_get(ctx);
701 dsa_q = BN_CTX_get(ctx);
702 dsa_g = BN_CTX_get(ctx);
703 dsa_key = BN_CTX_get(ctx);
704 result = BN_CTX_get(ctx);
705 if(!result)
706 {
707 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
708 goto err;
709 }
710 if(!bn_wexpand(dsa_p, dsa->p->top) ||
711 !bn_wexpand(dsa_q, dsa->q->top) ||
712 !bn_wexpand(dsa_g, dsa->g->top) ||
713 !bn_wexpand(dsa_key, dsa->priv_key->top) ||
714 !bn_wexpand(result, dsa->p->top))
715 {
716 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
717 goto err;
718 }
719 sw_param.type = SW_ALG_DSA;
720 sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
721 (unsigned char *)dsa_p->d);
722 sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
723 sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
724 (unsigned char *)dsa_q->d);
725 sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
726 sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
727 (unsigned char *)dsa_g->d);
728 sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
729 sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
730 (unsigned char *)dsa_key->d);
731 sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
732 /* Attach the key params */
733 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
734 switch(sw_status)
735 {
736 case SW_OK:
737 break;
738 case SW_ERR_INPUT_SIZE:
739 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
740 goto err;
741 default:
742 {
743 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
744 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
745 sprintf(tmpbuf, "%ld", sw_status);
746 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
747 }
748 goto err;
749 }
750 /* Prepare the argument and response */
751 arg.nbytes = dlen;
752 arg.value = (unsigned char *)dgst;
753 res.nbytes = BN_num_bytes(dsa->p);
754 memset(result->d, 0, res.nbytes);
755 res.value = (unsigned char *)result->d;
756 /* Perform the operation */
757 sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
758 &res, 1);
759 if(sw_status != SW_OK)
760 {
761 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
762 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
763 sprintf(tmpbuf, "%ld", sw_status);
764 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
765 goto err;
766 }
767 /* Convert the response */
768 ptr = (unsigned char *)result->d;
769 if((to_return = DSA_SIG_new()) == NULL)
770 goto err;
771 to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
772 to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
773
774err:
775 if(acquired)
776 release_context(hac);
777 if(ctx)
778 {
779 BN_CTX_end(ctx);
780 BN_CTX_free(ctx);
781 }
782 return to_return;
783 }
784
785static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
786 DSA_SIG *sig, DSA *dsa)
787 {
788 SW_CONTEXT_HANDLE hac;
789 SW_PARAM sw_param;
790 SW_STATUS sw_status;
791 SW_LARGENUMBER arg[2], res;
792 unsigned long sig_result;
793 BN_CTX *ctx;
794 BIGNUM *dsa_p = NULL;
795 BIGNUM *dsa_q = NULL;
796 BIGNUM *dsa_g = NULL;
797 BIGNUM *dsa_key = NULL;
798 BIGNUM *argument = NULL;
799 int to_return = -1;
800 int acquired = 0;
801
802 if((ctx = BN_CTX_new()) == NULL)
803 goto err;
804 if(!get_context(&hac))
805 {
806 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
807 goto err;
808 }
809 acquired = 1;
810 /* Prepare the params */
811 BN_CTX_start(ctx);
812 dsa_p = BN_CTX_get(ctx);
813 dsa_q = BN_CTX_get(ctx);
814 dsa_g = BN_CTX_get(ctx);
815 dsa_key = BN_CTX_get(ctx);
816 argument = BN_CTX_get(ctx);
817 if(!argument)
818 {
819 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
820 goto err;
821 }
822 if(!bn_wexpand(dsa_p, dsa->p->top) ||
823 !bn_wexpand(dsa_q, dsa->q->top) ||
824 !bn_wexpand(dsa_g, dsa->g->top) ||
825 !bn_wexpand(dsa_key, dsa->pub_key->top) ||
826 !bn_wexpand(argument, 40))
827 {
828 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
829 goto err;
830 }
831 sw_param.type = SW_ALG_DSA;
832 sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
833 (unsigned char *)dsa_p->d);
834 sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
835 sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
836 (unsigned char *)dsa_q->d);
837 sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
838 sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
839 (unsigned char *)dsa_g->d);
840 sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
841 sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
842 (unsigned char *)dsa_key->d);
843 sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
844 /* Attach the key params */
845 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
846 switch(sw_status)
847 {
848 case SW_OK:
849 break;
850 case SW_ERR_INPUT_SIZE:
851 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
852 goto err;
853 default:
854 {
855 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
856 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
857 sprintf(tmpbuf, "%ld", sw_status);
858 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
859 }
860 goto err;
861 }
862 /* Prepare the argument and response */
863 arg[0].nbytes = dgst_len;
864 arg[0].value = (unsigned char *)dgst;
865 arg[1].nbytes = 40;
866 arg[1].value = (unsigned char *)argument->d;
867 memset(arg[1].value, 0, 40);
868 BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
869 BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
870 res.nbytes = 4; /* unsigned long */
871 res.value = (unsigned char *)(&sig_result);
872 /* Perform the operation */
873 sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
874 &res, 1);
875 if(sw_status != SW_OK)
876 {
877 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
878 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
879 sprintf(tmpbuf, "%ld", sw_status);
880 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
881 goto err;
882 }
883 /* Convert the response */
884 to_return = ((sig_result == 0) ? 0 : 1);
885
886err:
887 if(acquired)
888 release_context(hac);
889 if(ctx)
890 {
891 BN_CTX_end(ctx);
892 BN_CTX_free(ctx);
893 }
894 return to_return;
895 }
896#endif
897
898#ifndef OPENSSL_NO_DH
899/* This function is aliased to mod_exp (with the dh and mont dropped). */
900static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
901 const BIGNUM *a, const BIGNUM *p,
902 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
903 {
904 return cswift_mod_exp(r, a, p, m, ctx);
905 }
906#endif
907
908/* This stuff is needed if this ENGINE is being compiled into a self-contained
909 * shared-library. */
910#ifdef ENGINE_DYNAMIC_SUPPORT
911static int bind_fn(ENGINE *e, const char *id)
912 {
913 if(id && (strcmp(id, engine_cswift_id) != 0))
914 return 0;
915 if(!bind_helper(e))
916 return 0;
917 return 1;
918 }
919IMPLEMENT_DYNAMIC_CHECK_FN()
920IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
921#endif /* ENGINE_DYNAMIC_SUPPORT */
922
923#endif /* !OPENSSL_NO_HW_CSWIFT */
924#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.c b/src/lib/libcrypto/engine/hw_cswift_err.c
new file mode 100644
index 0000000000..684f53bf27
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.c
@@ -0,0 +1,149 @@
1/* hw_cswift_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_cswift_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA CSWIFT_str_functs[]=
68 {
69{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0), "CSWIFT_CTRL"},
70{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"},
71{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"},
72{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
73{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0), "CSWIFT_INIT"},
74{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
75{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"},
76{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"},
77{0,NULL}
78 };
79
80static ERR_STRING_DATA CSWIFT_str_reasons[]=
81 {
82{CSWIFT_R_ALREADY_LOADED ,"already loaded"},
83{CSWIFT_R_BAD_KEY_SIZE ,"bad key size"},
84{CSWIFT_R_BN_CTX_FULL ,"bn ctx full"},
85{CSWIFT_R_BN_EXPAND_FAIL ,"bn expand fail"},
86{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
87{CSWIFT_R_MISSING_KEY_COMPONENTS ,"missing key components"},
88{CSWIFT_R_NOT_LOADED ,"not loaded"},
89{CSWIFT_R_REQUEST_FAILED ,"request failed"},
90{CSWIFT_R_UNIT_FAILURE ,"unit failure"},
91{0,NULL}
92 };
93
94#endif
95
96#ifdef CSWIFT_LIB_NAME
97static ERR_STRING_DATA CSWIFT_lib_name[]=
98 {
99{0 ,CSWIFT_LIB_NAME},
100{0,NULL}
101 };
102#endif
103
104
105static int CSWIFT_lib_error_code=0;
106static int CSWIFT_error_init=1;
107
108static void ERR_load_CSWIFT_strings(void)
109 {
110 if (CSWIFT_lib_error_code == 0)
111 CSWIFT_lib_error_code=ERR_get_next_error_library();
112
113 if (CSWIFT_error_init)
114 {
115 CSWIFT_error_init=0;
116#ifndef OPENSSL_NO_ERR
117 ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
118 ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
119#endif
120
121#ifdef CSWIFT_LIB_NAME
122 CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
123 ERR_load_strings(0,CSWIFT_lib_name);
124#endif
125 }
126 }
127
128static void ERR_unload_CSWIFT_strings(void)
129 {
130 if (CSWIFT_error_init == 0)
131 {
132#ifndef OPENSSL_NO_ERR
133 ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
134 ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
135#endif
136
137#ifdef CSWIFT_LIB_NAME
138 ERR_unload_strings(0,CSWIFT_lib_name);
139#endif
140 CSWIFT_error_init=1;
141 }
142 }
143
144static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
145 {
146 if (CSWIFT_lib_error_code == 0)
147 CSWIFT_lib_error_code=ERR_get_next_error_library();
148 ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
149 }
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.h b/src/lib/libcrypto/engine/hw_cswift_err.h
new file mode 100644
index 0000000000..7120c3216f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.h
@@ -0,0 +1,93 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CSWIFT_ERR_H
56#define HEADER_CSWIFT_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_CSWIFT_strings(void);
63static void ERR_unload_CSWIFT_strings(void);
64static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
65#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the CSWIFT functions. */
68
69/* Function codes. */
70#define CSWIFT_F_CSWIFT_CTRL 100
71#define CSWIFT_F_CSWIFT_DSA_SIGN 101
72#define CSWIFT_F_CSWIFT_DSA_VERIFY 102
73#define CSWIFT_F_CSWIFT_FINISH 103
74#define CSWIFT_F_CSWIFT_INIT 104
75#define CSWIFT_F_CSWIFT_MOD_EXP 105
76#define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
77#define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
78
79/* Reason codes. */
80#define CSWIFT_R_ALREADY_LOADED 100
81#define CSWIFT_R_BAD_KEY_SIZE 101
82#define CSWIFT_R_BN_CTX_FULL 102
83#define CSWIFT_R_BN_EXPAND_FAIL 103
84#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
85#define CSWIFT_R_MISSING_KEY_COMPONENTS 105
86#define CSWIFT_R_NOT_LOADED 106
87#define CSWIFT_R_REQUEST_FAILED 107
88#define CSWIFT_R_UNIT_FAILURE 108
89
90#ifdef __cplusplus
91}
92#endif
93#endif
diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c
new file mode 100644
index 0000000000..a43d4360f2
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher.c
@@ -0,0 +1,1342 @@
1/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
2/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
3 * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
4 * for the OpenSSL project 2000.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include <string.h>
62#include "cryptlib.h"
63#include <openssl/crypto.h>
64#include <openssl/pem.h>
65#include <openssl/dso.h>
66#include <openssl/engine.h>
67#include <openssl/ui.h>
68
69#ifndef OPENSSL_NO_HW
70#ifndef OPENSSL_NO_HW_NCIPHER
71
72/* Attribution notice: nCipher have said several times that it's OK for
73 * us to implement a general interface to their boxes, and recently declared
74 * their HWCryptoHook to be public, and therefore available for us to use.
75 * Thanks, nCipher.
76 *
77 * The hwcryptohook.h included here is from May 2000.
78 * [Richard Levitte]
79 */
80#ifdef FLAT_INC
81#include "hwcryptohook.h"
82#else
83#include "vendor_defns/hwcryptohook.h"
84#endif
85
86#define HWCRHK_LIB_NAME "hwcrhk engine"
87#include "hw_ncipher_err.c"
88
89static int hwcrhk_destroy(ENGINE *e);
90static int hwcrhk_init(ENGINE *e);
91static int hwcrhk_finish(ENGINE *e);
92static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
93
94/* Functions to handle mutexes */
95static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
96static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
97static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
98static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
99
100/* BIGNUM stuff */
101static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
102 const BIGNUM *m, BN_CTX *ctx);
103
104#ifndef OPENSSL_NO_RSA
105/* RSA stuff */
106static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
107#endif
108/* This function is aliased to mod_exp (with the mont stuff dropped). */
109static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
110 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
111
112#ifndef OPENSSL_NO_DH
113/* DH stuff */
114/* This function is alised to mod_exp (with the DH and mont dropped). */
115static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
116 const BIGNUM *a, const BIGNUM *p,
117 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
118#endif
119
120/* RAND stuff */
121static int hwcrhk_rand_bytes(unsigned char *buf, int num);
122static int hwcrhk_rand_status(void);
123
124/* KM stuff */
125static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
126 UI_METHOD *ui_method, void *callback_data);
127static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
128 UI_METHOD *ui_method, void *callback_data);
129static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
130 int ind,long argl, void *argp);
131
132/* Interaction stuff */
133static int hwcrhk_insert_card(const char *prompt_info,
134 const char *wrong_info,
135 HWCryptoHook_PassphraseContext *ppctx,
136 HWCryptoHook_CallerContext *cactx);
137static int hwcrhk_get_pass(const char *prompt_info,
138 int *len_io, char *buf,
139 HWCryptoHook_PassphraseContext *ppctx,
140 HWCryptoHook_CallerContext *cactx);
141static void hwcrhk_log_message(void *logstr, const char *message);
142
143/* The definitions for control commands specific to this engine */
144#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
145#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
146#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
147#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
148#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
149static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
150 {HWCRHK_CMD_SO_PATH,
151 "SO_PATH",
152 "Specifies the path to the 'hwcrhk' shared library",
153 ENGINE_CMD_FLAG_STRING},
154 {HWCRHK_CMD_FORK_CHECK,
155 "FORK_CHECK",
156 "Turns fork() checking on or off (boolean)",
157 ENGINE_CMD_FLAG_NUMERIC},
158 {HWCRHK_CMD_THREAD_LOCKING,
159 "THREAD_LOCKING",
160 "Turns thread-safe locking on or off (boolean)",
161 ENGINE_CMD_FLAG_NUMERIC},
162 {HWCRHK_CMD_SET_USER_INTERFACE,
163 "SET_USER_INTERFACE",
164 "Set the global user interface (internal)",
165 ENGINE_CMD_FLAG_INTERNAL},
166 {HWCRHK_CMD_SET_CALLBACK_DATA,
167 "SET_CALLBACK_DATA",
168 "Set the global user interface extra data (internal)",
169 ENGINE_CMD_FLAG_INTERNAL},
170 {0, NULL, NULL, 0}
171 };
172
173#ifndef OPENSSL_NO_RSA
174/* Our internal RSA_METHOD that we provide pointers to */
175static RSA_METHOD hwcrhk_rsa =
176 {
177 "nCipher RSA method",
178 NULL,
179 NULL,
180 NULL,
181 NULL,
182 hwcrhk_rsa_mod_exp,
183 hwcrhk_mod_exp_mont,
184 NULL,
185 NULL,
186 0,
187 NULL,
188 NULL,
189 NULL
190 };
191#endif
192
193#ifndef OPENSSL_NO_DH
194/* Our internal DH_METHOD that we provide pointers to */
195static DH_METHOD hwcrhk_dh =
196 {
197 "nCipher DH method",
198 NULL,
199 NULL,
200 hwcrhk_mod_exp_dh,
201 NULL,
202 NULL,
203 0,
204 NULL
205 };
206#endif
207
208static RAND_METHOD hwcrhk_rand =
209 {
210 /* "nCipher RAND method", */
211 NULL,
212 hwcrhk_rand_bytes,
213 NULL,
214 NULL,
215 hwcrhk_rand_bytes,
216 hwcrhk_rand_status,
217 };
218
219/* Constants used when creating the ENGINE */
220static const char *engine_hwcrhk_id = "chil";
221static const char *engine_hwcrhk_name = "nCipher hardware engine support";
222
223/* Internal stuff for HWCryptoHook */
224
225/* Some structures needed for proper use of thread locks */
226/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
227 into HWCryptoHook_Mutex */
228struct HWCryptoHook_MutexValue
229 {
230 int lockid;
231 };
232
233/* hwcryptohook.h has some typedefs that turn
234 struct HWCryptoHook_PassphraseContextValue
235 into HWCryptoHook_PassphraseContext */
236struct HWCryptoHook_PassphraseContextValue
237 {
238 UI_METHOD *ui_method;
239 void *callback_data;
240 };
241
242/* hwcryptohook.h has some typedefs that turn
243 struct HWCryptoHook_CallerContextValue
244 into HWCryptoHook_CallerContext */
245struct HWCryptoHook_CallerContextValue
246 {
247 pem_password_cb *password_callback; /* Deprecated! Only present for
248 backward compatibility! */
249 UI_METHOD *ui_method;
250 void *callback_data;
251 };
252
253/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
254 BIGNUM's, so lets define a couple of conversion macros */
255#define BN2MPI(mp, bn) \
256 {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
257#define MPI2BN(bn, mp) \
258 {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
259
260static BIO *logstream = NULL;
261static int disable_mutex_callbacks = 0;
262
263/* One might wonder why these are needed, since one can pass down at least
264 a UI_METHOD and a pointer to callback data to the key-loading functions.
265 The thing is that the ModExp and RSAImmed functions can load keys as well,
266 if the data they get is in a special, nCipher-defined format (hint: if you
267 look at the private exponent of the RSA data as a string, you'll see this
268 string: "nCipher KM tool key id", followed by some bytes, followed a key
269 identity string, followed by more bytes. This happens when you use "embed"
270 keys instead of "hwcrhk" keys). Unfortunately, those functions do not take
271 any passphrase or caller context, and our functions can't really take any
272 callback data either. Still, the "insert_card" and "get_passphrase"
273 callbacks may be called down the line, and will need to know what user
274 interface callbacks to call, and having callback data from the application
275 may be a nice thing as well, so we need to keep track of that globally. */
276static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
277
278/* Stuff to pass to the HWCryptoHook library */
279static HWCryptoHook_InitInfo hwcrhk_globals = {
280 HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
281 &logstream, /* logstream */
282 sizeof(BN_ULONG), /* limbsize */
283 0, /* mslimb first: false for BNs */
284 -1, /* msbyte first: use native */
285 0, /* Max mutexes, 0 = no small limit */
286 0, /* Max simultaneous, 0 = default */
287
288 /* The next few are mutex stuff: we write wrapper functions
289 around the OS mutex functions. We initialise them to 0
290 here, and change that to actual function pointers in hwcrhk_init()
291 if dynamic locks are supported (that is, if the application
292 programmer has made sure of setting up callbacks bafore starting
293 this engine) *and* if disable_mutex_callbacks hasn't been set by
294 a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
295 sizeof(HWCryptoHook_Mutex),
296 0,
297 0,
298 0,
299 0,
300
301 /* The next few are condvar stuff: we write wrapper functions
302 round the OS functions. Currently not implemented and not
303 and absolute necessity even in threaded programs, therefore
304 0'ed. Will hopefully be implemented some day, since it
305 enhances the efficiency of HWCryptoHook. */
306 0, /* sizeof(HWCryptoHook_CondVar), */
307 0, /* hwcrhk_cv_init, */
308 0, /* hwcrhk_cv_wait, */
309 0, /* hwcrhk_cv_signal, */
310 0, /* hwcrhk_cv_broadcast, */
311 0, /* hwcrhk_cv_destroy, */
312
313 hwcrhk_get_pass, /* pass phrase */
314 hwcrhk_insert_card, /* insert a card */
315 hwcrhk_log_message /* Log message */
316};
317
318
319/* Now, to our own code */
320
321/* This internal function is used by ENGINE_ncipher() and possibly by the
322 * "dynamic" ENGINE support too */
323static int bind_helper(ENGINE *e)
324 {
325#ifndef OPENSSL_NO_RSA
326 const RSA_METHOD *meth1;
327#endif
328#ifndef OPENSSL_NO_DH
329 const DH_METHOD *meth2;
330#endif
331 if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
332 !ENGINE_set_name(e, engine_hwcrhk_name) ||
333#ifndef OPENSSL_NO_RSA
334 !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
335#endif
336#ifndef OPENSSL_NO_DH
337 !ENGINE_set_DH(e, &hwcrhk_dh) ||
338#endif
339 !ENGINE_set_RAND(e, &hwcrhk_rand) ||
340 !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
341 !ENGINE_set_init_function(e, hwcrhk_init) ||
342 !ENGINE_set_finish_function(e, hwcrhk_finish) ||
343 !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
344 !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
345 !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
346 !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
347 return 0;
348
349#ifndef OPENSSL_NO_RSA
350 /* We know that the "PKCS1_SSLeay()" functions hook properly
351 * to the cswift-specific mod_exp and mod_exp_crt so we use
352 * those functions. NB: We don't use ENGINE_openssl() or
353 * anything "more generic" because something like the RSAref
354 * code may not hook properly, and if you own one of these
355 * cards then you have the right to do RSA operations on it
356 * anyway! */
357 meth1 = RSA_PKCS1_SSLeay();
358 hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
359 hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
360 hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
361 hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
362#endif
363
364#ifndef OPENSSL_NO_DH
365 /* Much the same for Diffie-Hellman */
366 meth2 = DH_OpenSSL();
367 hwcrhk_dh.generate_key = meth2->generate_key;
368 hwcrhk_dh.compute_key = meth2->compute_key;
369#endif
370
371 /* Ensure the hwcrhk error handling is set up */
372 ERR_load_HWCRHK_strings();
373 return 1;
374 }
375
376static ENGINE *engine_ncipher(void)
377 {
378 ENGINE *ret = ENGINE_new();
379 if(!ret)
380 return NULL;
381 if(!bind_helper(ret))
382 {
383 ENGINE_free(ret);
384 return NULL;
385 }
386 return ret;
387 }
388
389void ENGINE_load_chil(void)
390 {
391 /* Copied from eng_[openssl|dyn].c */
392 ENGINE *toadd = engine_ncipher();
393 if(!toadd) return;
394 ENGINE_add(toadd);
395 ENGINE_free(toadd);
396 ERR_clear_error();
397 }
398
399/* This is a process-global DSO handle used for loading and unloading
400 * the HWCryptoHook library. NB: This is only set (or unset) during an
401 * init() or finish() call (reference counts permitting) and they're
402 * operating with global locks, so this should be thread-safe
403 * implicitly. */
404static DSO *hwcrhk_dso = NULL;
405static HWCryptoHook_ContextHandle hwcrhk_context = 0;
406#ifndef OPENSSL_NO_RSA
407static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
408#endif
409
410/* These are the function pointers that are (un)set when the library has
411 * successfully (un)loaded. */
412static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
413static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
414static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
415#ifndef OPENSSL_NO_RSA
416static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
417#endif
418static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
419#ifndef OPENSSL_NO_RSA
420static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
421static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
422static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
423#endif
424static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
425
426/* Used in the DSO operations. */
427static const char *HWCRHK_LIBNAME = NULL;
428static void free_HWCRHK_LIBNAME(void)
429 {
430 if(HWCRHK_LIBNAME)
431 OPENSSL_free((void*)HWCRHK_LIBNAME);
432 HWCRHK_LIBNAME = NULL;
433 }
434static const char *get_HWCRHK_LIBNAME(void)
435 {
436 if(HWCRHK_LIBNAME)
437 return HWCRHK_LIBNAME;
438 return "nfhwcrhk";
439 }
440static long set_HWCRHK_LIBNAME(const char *name)
441 {
442 free_HWCRHK_LIBNAME();
443 return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
444 }
445static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
446static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
447static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
448#ifndef OPENSSL_NO_RSA
449static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
450#endif
451static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
452#ifndef OPENSSL_NO_RSA
453static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
454static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
455static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
456#endif
457static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
458
459/* HWCryptoHook library functions and mechanics - these are used by the
460 * higher-level functions further down. NB: As and where there's no
461 * error checking, take a look lower down where these functions are
462 * called, the checking and error handling is probably down there. */
463
464/* utility function to obtain a context */
465static int get_context(HWCryptoHook_ContextHandle *hac,
466 HWCryptoHook_CallerContext *cac)
467 {
468 char tempbuf[1024];
469 HWCryptoHook_ErrMsgBuf rmsg;
470
471 rmsg.buf = tempbuf;
472 rmsg.size = sizeof(tempbuf);
473
474 *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
475 cac);
476 if (!*hac)
477 return 0;
478 return 1;
479 }
480
481/* similarly to release one. */
482static void release_context(HWCryptoHook_ContextHandle hac)
483 {
484 p_hwcrhk_Finish(hac);
485 }
486
487/* Destructor (complements the "ENGINE_ncipher()" constructor) */
488static int hwcrhk_destroy(ENGINE *e)
489 {
490 free_HWCRHK_LIBNAME();
491 ERR_unload_HWCRHK_strings();
492 return 1;
493 }
494
495/* (de)initialisation functions. */
496static int hwcrhk_init(ENGINE *e)
497 {
498 HWCryptoHook_Init_t *p1;
499 HWCryptoHook_Finish_t *p2;
500 HWCryptoHook_ModExp_t *p3;
501#ifndef OPENSSL_NO_RSA
502 HWCryptoHook_RSA_t *p4;
503 HWCryptoHook_RSALoadKey_t *p5;
504 HWCryptoHook_RSAGetPublicKey_t *p6;
505 HWCryptoHook_RSAUnloadKey_t *p7;
506#endif
507 HWCryptoHook_RandomBytes_t *p8;
508 HWCryptoHook_ModExpCRT_t *p9;
509
510 if(hwcrhk_dso != NULL)
511 {
512 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
513 goto err;
514 }
515 /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
516 hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
517 if(hwcrhk_dso == NULL)
518 {
519 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
520 goto err;
521 }
522 if(!(p1 = (HWCryptoHook_Init_t *)
523 DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
524 !(p2 = (HWCryptoHook_Finish_t *)
525 DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
526 !(p3 = (HWCryptoHook_ModExp_t *)
527 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
528#ifndef OPENSSL_NO_RSA
529 !(p4 = (HWCryptoHook_RSA_t *)
530 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
531 !(p5 = (HWCryptoHook_RSALoadKey_t *)
532 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
533 !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
534 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
535 !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
536 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
537#endif
538 !(p8 = (HWCryptoHook_RandomBytes_t *)
539 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
540 !(p9 = (HWCryptoHook_ModExpCRT_t *)
541 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
542 {
543 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
544 goto err;
545 }
546 /* Copy the pointers */
547 p_hwcrhk_Init = p1;
548 p_hwcrhk_Finish = p2;
549 p_hwcrhk_ModExp = p3;
550#ifndef OPENSSL_NO_RSA
551 p_hwcrhk_RSA = p4;
552 p_hwcrhk_RSALoadKey = p5;
553 p_hwcrhk_RSAGetPublicKey = p6;
554 p_hwcrhk_RSAUnloadKey = p7;
555#endif
556 p_hwcrhk_RandomBytes = p8;
557 p_hwcrhk_ModExpCRT = p9;
558
559 /* Check if the application decided to support dynamic locks,
560 and if it does, use them. */
561 if (disable_mutex_callbacks == 0 &&
562 CRYPTO_get_dynlock_create_callback() != NULL &&
563 CRYPTO_get_dynlock_lock_callback() != NULL &&
564 CRYPTO_get_dynlock_destroy_callback() != NULL)
565 {
566 hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
567 hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
568 hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
569 hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
570 }
571
572 /* Try and get a context - if not, we may have a DSO but no
573 * accelerator! */
574 if(!get_context(&hwcrhk_context, &password_context))
575 {
576 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
577 goto err;
578 }
579 /* Everything's fine. */
580#ifndef OPENSSL_NO_RSA
581 if (hndidx_rsa == -1)
582 hndidx_rsa = RSA_get_ex_new_index(0,
583 "nFast HWCryptoHook RSA key handle",
584 NULL, NULL, hwcrhk_ex_free);
585#endif
586 return 1;
587err:
588 if(hwcrhk_dso)
589 DSO_free(hwcrhk_dso);
590 hwcrhk_dso = NULL;
591 p_hwcrhk_Init = NULL;
592 p_hwcrhk_Finish = NULL;
593 p_hwcrhk_ModExp = NULL;
594#ifndef OPENSSL_NO_RSA
595 p_hwcrhk_RSA = NULL;
596 p_hwcrhk_RSALoadKey = NULL;
597 p_hwcrhk_RSAGetPublicKey = NULL;
598 p_hwcrhk_RSAUnloadKey = NULL;
599#endif
600 p_hwcrhk_ModExpCRT = NULL;
601 p_hwcrhk_RandomBytes = NULL;
602 return 0;
603 }
604
605static int hwcrhk_finish(ENGINE *e)
606 {
607 int to_return = 1;
608 free_HWCRHK_LIBNAME();
609 if(hwcrhk_dso == NULL)
610 {
611 HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
612 to_return = 0;
613 goto err;
614 }
615 release_context(hwcrhk_context);
616 if(!DSO_free(hwcrhk_dso))
617 {
618 HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
619 to_return = 0;
620 goto err;
621 }
622 err:
623 if (logstream)
624 BIO_free(logstream);
625 hwcrhk_dso = NULL;
626 p_hwcrhk_Init = NULL;
627 p_hwcrhk_Finish = NULL;
628 p_hwcrhk_ModExp = NULL;
629#ifndef OPENSSL_NO_RSA
630 p_hwcrhk_RSA = NULL;
631 p_hwcrhk_RSALoadKey = NULL;
632 p_hwcrhk_RSAGetPublicKey = NULL;
633 p_hwcrhk_RSAUnloadKey = NULL;
634#endif
635 p_hwcrhk_ModExpCRT = NULL;
636 p_hwcrhk_RandomBytes = NULL;
637 return to_return;
638 }
639
640static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
641 {
642 int to_return = 1;
643
644 switch(cmd)
645 {
646 case HWCRHK_CMD_SO_PATH:
647 if(hwcrhk_dso)
648 {
649 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
650 return 0;
651 }
652 if(p == NULL)
653 {
654 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
655 return 0;
656 }
657 return set_HWCRHK_LIBNAME((const char *)p);
658 case ENGINE_CTRL_SET_LOGSTREAM:
659 {
660 BIO *bio = (BIO *)p;
661
662 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
663 if (logstream)
664 {
665 BIO_free(logstream);
666 logstream = NULL;
667 }
668 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
669 logstream = bio;
670 else
671 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
672 }
673 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
674 break;
675 case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
676 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
677 password_context.password_callback = (pem_password_cb *)f;
678 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
679 break;
680 case ENGINE_CTRL_SET_USER_INTERFACE:
681 case HWCRHK_CMD_SET_USER_INTERFACE:
682 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
683 password_context.ui_method = (UI_METHOD *)p;
684 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
685 break;
686 case ENGINE_CTRL_SET_CALLBACK_DATA:
687 case HWCRHK_CMD_SET_CALLBACK_DATA:
688 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
689 password_context.callback_data = p;
690 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
691 break;
692 /* this enables or disables the "SimpleForkCheck" flag used in the
693 * initialisation structure. */
694 case ENGINE_CTRL_CHIL_SET_FORKCHECK:
695 case HWCRHK_CMD_FORK_CHECK:
696 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
697 if(i)
698 hwcrhk_globals.flags |=
699 HWCryptoHook_InitFlags_SimpleForkCheck;
700 else
701 hwcrhk_globals.flags &=
702 ~HWCryptoHook_InitFlags_SimpleForkCheck;
703 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
704 break;
705 /* This will prevent the initialisation function from "installing"
706 * the mutex-handling callbacks, even if they are available from
707 * within the library (or were provided to the library from the
708 * calling application). This is to remove any baggage for
709 * applications not using multithreading. */
710 case ENGINE_CTRL_CHIL_NO_LOCKING:
711 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
712 disable_mutex_callbacks = 1;
713 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
714 break;
715 case HWCRHK_CMD_THREAD_LOCKING:
716 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
717 disable_mutex_callbacks = ((i == 0) ? 0 : 1);
718 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
719 break;
720
721 /* The command isn't understood by this engine */
722 default:
723 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
724 HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
725 to_return = 0;
726 break;
727 }
728
729 return to_return;
730 }
731
732static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
733 UI_METHOD *ui_method, void *callback_data)
734 {
735#ifndef OPENSSL_NO_RSA
736 RSA *rtmp = NULL;
737#endif
738 EVP_PKEY *res = NULL;
739#ifndef OPENSSL_NO_RSA
740 HWCryptoHook_MPI e, n;
741 HWCryptoHook_RSAKeyHandle *hptr;
742#endif
743#if !defined(OPENSSL_NO_RSA)
744 char tempbuf[1024];
745 HWCryptoHook_ErrMsgBuf rmsg;
746#endif
747 HWCryptoHook_PassphraseContext ppctx;
748
749#if !defined(OPENSSL_NO_RSA)
750 rmsg.buf = tempbuf;
751 rmsg.size = sizeof(tempbuf);
752#endif
753
754 if(!hwcrhk_context)
755 {
756 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
757 HWCRHK_R_NOT_INITIALISED);
758 goto err;
759 }
760#ifndef OPENSSL_NO_RSA
761 hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
762 if (!hptr)
763 {
764 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
765 ERR_R_MALLOC_FAILURE);
766 goto err;
767 }
768 ppctx.ui_method = ui_method;
769 ppctx.callback_data = callback_data;
770 if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
771 &rmsg, &ppctx))
772 {
773 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
774 HWCRHK_R_CHIL_ERROR);
775 ERR_add_error_data(1,rmsg.buf);
776 goto err;
777 }
778 if (!*hptr)
779 {
780 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
781 HWCRHK_R_NO_KEY);
782 goto err;
783 }
784#endif
785#ifndef OPENSSL_NO_RSA
786 rtmp = RSA_new_method(eng);
787 RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
788 rtmp->e = BN_new();
789 rtmp->n = BN_new();
790 rtmp->flags |= RSA_FLAG_EXT_PKEY;
791 MPI2BN(rtmp->e, e);
792 MPI2BN(rtmp->n, n);
793 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
794 != HWCRYPTOHOOK_ERROR_MPISIZE)
795 {
796 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
797 ERR_add_error_data(1,rmsg.buf);
798 goto err;
799 }
800
801 bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
802 bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
803 MPI2BN(rtmp->e, e);
804 MPI2BN(rtmp->n, n);
805
806 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
807 {
808 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
809 HWCRHK_R_CHIL_ERROR);
810 ERR_add_error_data(1,rmsg.buf);
811 goto err;
812 }
813 rtmp->e->top = e.size / sizeof(BN_ULONG);
814 bn_fix_top(rtmp->e);
815 rtmp->n->top = n.size / sizeof(BN_ULONG);
816 bn_fix_top(rtmp->n);
817
818 res = EVP_PKEY_new();
819 EVP_PKEY_assign_RSA(res, rtmp);
820#endif
821
822 if (!res)
823 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
824 HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
825
826 return res;
827 err:
828 if (res)
829 EVP_PKEY_free(res);
830#ifndef OPENSSL_NO_RSA
831 if (rtmp)
832 RSA_free(rtmp);
833#endif
834 return NULL;
835 }
836
837static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
838 UI_METHOD *ui_method, void *callback_data)
839 {
840 EVP_PKEY *res = NULL;
841
842#ifndef OPENSSL_NO_RSA
843 res = hwcrhk_load_privkey(eng, key_id,
844 ui_method, callback_data);
845#endif
846
847 if (res)
848 switch(res->type)
849 {
850#ifndef OPENSSL_NO_RSA
851 case EVP_PKEY_RSA:
852 {
853 RSA *rsa = NULL;
854
855 CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
856 rsa = res->pkey.rsa;
857 res->pkey.rsa = RSA_new();
858 res->pkey.rsa->n = rsa->n;
859 res->pkey.rsa->e = rsa->e;
860 rsa->n = NULL;
861 rsa->e = NULL;
862 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
863 RSA_free(rsa);
864 }
865 break;
866#endif
867 default:
868 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
869 HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
870 goto err;
871 }
872
873 return res;
874 err:
875 if (res)
876 EVP_PKEY_free(res);
877 return NULL;
878 }
879
880/* A little mod_exp */
881static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
882 const BIGNUM *m, BN_CTX *ctx)
883 {
884 char tempbuf[1024];
885 HWCryptoHook_ErrMsgBuf rmsg;
886 /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
887 we use them directly, plus a little macro magic. We only
888 thing we need to make sure of is that enough space is allocated. */
889 HWCryptoHook_MPI m_a, m_p, m_n, m_r;
890 int to_return, ret;
891
892 to_return = 0; /* expect failure */
893 rmsg.buf = tempbuf;
894 rmsg.size = sizeof(tempbuf);
895
896 if(!hwcrhk_context)
897 {
898 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
899 goto err;
900 }
901 /* Prepare the params */
902 bn_expand2(r, m->top); /* Check for error !! */
903 BN2MPI(m_a, a);
904 BN2MPI(m_p, p);
905 BN2MPI(m_n, m);
906 MPI2BN(r, m_r);
907
908 /* Perform the operation */
909 ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
910
911 /* Convert the response */
912 r->top = m_r.size / sizeof(BN_ULONG);
913 bn_fix_top(r);
914
915 if (ret < 0)
916 {
917 /* FIXME: When this error is returned, HWCryptoHook is
918 telling us that falling back to software computation
919 might be a good thing. */
920 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
921 {
922 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
923 }
924 else
925 {
926 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
927 }
928 ERR_add_error_data(1,rmsg.buf);
929 goto err;
930 }
931
932 to_return = 1;
933err:
934 return to_return;
935 }
936
937#ifndef OPENSSL_NO_RSA
938static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
939 {
940 char tempbuf[1024];
941 HWCryptoHook_ErrMsgBuf rmsg;
942 HWCryptoHook_RSAKeyHandle *hptr;
943 int to_return = 0, ret;
944
945 rmsg.buf = tempbuf;
946 rmsg.size = sizeof(tempbuf);
947
948 if(!hwcrhk_context)
949 {
950 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
951 goto err;
952 }
953
954 /* This provides support for nForce keys. Since that's opaque data
955 all we do is provide a handle to the proper key and let HWCryptoHook
956 take care of the rest. */
957 if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
958 != NULL)
959 {
960 HWCryptoHook_MPI m_a, m_r;
961
962 if(!rsa->n)
963 {
964 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
965 HWCRHK_R_MISSING_KEY_COMPONENTS);
966 goto err;
967 }
968
969 /* Prepare the params */
970 bn_expand2(r, rsa->n->top); /* Check for error !! */
971 BN2MPI(m_a, I);
972 MPI2BN(r, m_r);
973
974 /* Perform the operation */
975 ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
976
977 /* Convert the response */
978 r->top = m_r.size / sizeof(BN_ULONG);
979 bn_fix_top(r);
980
981 if (ret < 0)
982 {
983 /* FIXME: When this error is returned, HWCryptoHook is
984 telling us that falling back to software computation
985 might be a good thing. */
986 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
987 {
988 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
989 HWCRHK_R_REQUEST_FALLBACK);
990 }
991 else
992 {
993 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
994 HWCRHK_R_REQUEST_FAILED);
995 }
996 ERR_add_error_data(1,rmsg.buf);
997 goto err;
998 }
999 }
1000 else
1001 {
1002 HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
1003
1004 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
1005 {
1006 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1007 HWCRHK_R_MISSING_KEY_COMPONENTS);
1008 goto err;
1009 }
1010
1011 /* Prepare the params */
1012 bn_expand2(r, rsa->n->top); /* Check for error !! */
1013 BN2MPI(m_a, I);
1014 BN2MPI(m_p, rsa->p);
1015 BN2MPI(m_q, rsa->q);
1016 BN2MPI(m_dmp1, rsa->dmp1);
1017 BN2MPI(m_dmq1, rsa->dmq1);
1018 BN2MPI(m_iqmp, rsa->iqmp);
1019 MPI2BN(r, m_r);
1020
1021 /* Perform the operation */
1022 ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
1023 m_dmp1, m_dmq1, m_iqmp, &m_r, NULL);
1024
1025 /* Convert the response */
1026 r->top = m_r.size / sizeof(BN_ULONG);
1027 bn_fix_top(r);
1028
1029 if (ret < 0)
1030 {
1031 /* FIXME: When this error is returned, HWCryptoHook is
1032 telling us that falling back to software computation
1033 might be a good thing. */
1034 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
1035 {
1036 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1037 HWCRHK_R_REQUEST_FALLBACK);
1038 }
1039 else
1040 {
1041 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1042 HWCRHK_R_REQUEST_FAILED);
1043 }
1044 ERR_add_error_data(1,rmsg.buf);
1045 goto err;
1046 }
1047 }
1048 /* If we're here, we must be here with some semblance of success :-) */
1049 to_return = 1;
1050err:
1051 return to_return;
1052 }
1053#endif
1054
1055/* This function is aliased to mod_exp (with the mont stuff dropped). */
1056static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1057 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1058 {
1059 return hwcrhk_mod_exp(r, a, p, m, ctx);
1060 }
1061
1062#ifndef OPENSSL_NO_DH
1063/* This function is aliased to mod_exp (with the dh and mont dropped). */
1064static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
1065 const BIGNUM *a, const BIGNUM *p,
1066 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1067 {
1068 return hwcrhk_mod_exp(r, a, p, m, ctx);
1069 }
1070#endif
1071
1072/* Random bytes are good */
1073static int hwcrhk_rand_bytes(unsigned char *buf, int num)
1074 {
1075 char tempbuf[1024];
1076 HWCryptoHook_ErrMsgBuf rmsg;
1077 int to_return = 0; /* assume failure */
1078 int ret;
1079
1080 rmsg.buf = tempbuf;
1081 rmsg.size = sizeof(tempbuf);
1082
1083 if(!hwcrhk_context)
1084 {
1085 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
1086 goto err;
1087 }
1088
1089 ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
1090 if (ret < 0)
1091 {
1092 /* FIXME: When this error is returned, HWCryptoHook is
1093 telling us that falling back to software computation
1094 might be a good thing. */
1095 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
1096 {
1097 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
1098 HWCRHK_R_REQUEST_FALLBACK);
1099 }
1100 else
1101 {
1102 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
1103 HWCRHK_R_REQUEST_FAILED);
1104 }
1105 ERR_add_error_data(1,rmsg.buf);
1106 goto err;
1107 }
1108 to_return = 1;
1109 err:
1110 return to_return;
1111 }
1112
1113static int hwcrhk_rand_status(void)
1114 {
1115 return 1;
1116 }
1117
1118/* This cleans up an RSA KM key, called when ex_data is freed */
1119
1120static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
1121 int ind,long argl, void *argp)
1122{
1123 char tempbuf[1024];
1124 HWCryptoHook_ErrMsgBuf rmsg;
1125#ifndef OPENSSL_NO_RSA
1126 HWCryptoHook_RSAKeyHandle *hptr;
1127#endif
1128#if !defined(OPENSSL_NO_RSA)
1129 int ret;
1130#endif
1131
1132 rmsg.buf = tempbuf;
1133 rmsg.size = sizeof(tempbuf);
1134
1135#ifndef OPENSSL_NO_RSA
1136 hptr = (HWCryptoHook_RSAKeyHandle *) item;
1137 if(hptr)
1138 {
1139 ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
1140 OPENSSL_free(hptr);
1141 }
1142#endif
1143}
1144
1145/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
1146 * these just wrap the POSIX functions and add some logging.
1147 */
1148
1149static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
1150 HWCryptoHook_CallerContext *cactx)
1151 {
1152 mt->lockid = CRYPTO_get_new_dynlockid();
1153 if (mt->lockid == 0)
1154 return 1; /* failure */
1155 return 0; /* success */
1156 }
1157
1158static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
1159 {
1160 CRYPTO_w_lock(mt->lockid);
1161 return 0;
1162 }
1163
1164static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
1165 {
1166 CRYPTO_w_unlock(mt->lockid);
1167 }
1168
1169static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
1170 {
1171 CRYPTO_destroy_dynlockid(mt->lockid);
1172 }
1173
1174static int hwcrhk_get_pass(const char *prompt_info,
1175 int *len_io, char *buf,
1176 HWCryptoHook_PassphraseContext *ppctx,
1177 HWCryptoHook_CallerContext *cactx)
1178 {
1179 pem_password_cb *callback = NULL;
1180 void *callback_data = NULL;
1181 UI_METHOD *ui_method = NULL;
1182
1183 if (cactx)
1184 {
1185 if (cactx->ui_method)
1186 ui_method = cactx->ui_method;
1187 if (cactx->password_callback)
1188 callback = cactx->password_callback;
1189 if (cactx->callback_data)
1190 callback_data = cactx->callback_data;
1191 }
1192 if (ppctx)
1193 {
1194 if (ppctx->ui_method)
1195 {
1196 ui_method = ppctx->ui_method;
1197 callback = NULL;
1198 }
1199 if (ppctx->callback_data)
1200 callback_data = ppctx->callback_data;
1201 }
1202 if (callback == NULL && ui_method == NULL)
1203 {
1204 HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
1205 return -1;
1206 }
1207
1208 if (ui_method)
1209 {
1210 UI *ui = UI_new_method(ui_method);
1211 if (ui)
1212 {
1213 int ok;
1214 char *prompt = UI_construct_prompt(ui,
1215 "pass phrase", prompt_info);
1216
1217 ok = UI_add_input_string(ui,prompt,
1218 UI_INPUT_FLAG_DEFAULT_PWD,
1219 buf,0,(*len_io) - 1);
1220 UI_add_user_data(ui, callback_data);
1221 UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
1222
1223 if (ok >= 0)
1224 do
1225 {
1226 ok=UI_process(ui);
1227 }
1228 while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
1229
1230 if (ok >= 0)
1231 *len_io = strlen(buf);
1232
1233 UI_free(ui);
1234 OPENSSL_free(prompt);
1235 }
1236 }
1237 else
1238 {
1239 *len_io = callback(buf, *len_io, 0, callback_data);
1240 }
1241 if(!*len_io)
1242 return -1;
1243 return 0;
1244 }
1245
1246static int hwcrhk_insert_card(const char *prompt_info,
1247 const char *wrong_info,
1248 HWCryptoHook_PassphraseContext *ppctx,
1249 HWCryptoHook_CallerContext *cactx)
1250 {
1251 int ok = -1;
1252 UI *ui;
1253 void *callback_data = NULL;
1254 UI_METHOD *ui_method = NULL;
1255
1256 if (cactx)
1257 {
1258 if (cactx->ui_method)
1259 ui_method = cactx->ui_method;
1260 if (cactx->callback_data)
1261 callback_data = cactx->callback_data;
1262 }
1263 if (ppctx)
1264 {
1265 if (ppctx->ui_method)
1266 ui_method = ppctx->ui_method;
1267 if (ppctx->callback_data)
1268 callback_data = ppctx->callback_data;
1269 }
1270 if (ui_method == NULL)
1271 {
1272 HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
1273 HWCRHK_R_NO_CALLBACK);
1274 return -1;
1275 }
1276
1277 ui = UI_new_method(ui_method);
1278
1279 if (ui)
1280 {
1281 char answer;
1282 char buf[BUFSIZ];
1283
1284 if (wrong_info)
1285 BIO_snprintf(buf, sizeof(buf)-1,
1286 "Current card: \"%s\"\n", wrong_info);
1287 ok = UI_dup_info_string(ui, buf);
1288 if (ok >= 0 && prompt_info)
1289 {
1290 BIO_snprintf(buf, sizeof(buf)-1,
1291 "Insert card \"%s\"", prompt_info);
1292 ok = UI_dup_input_boolean(ui, buf,
1293 "\n then hit <enter> or C<enter> to cancel\n",
1294 "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
1295 }
1296 UI_add_user_data(ui, callback_data);
1297
1298 if (ok >= 0)
1299 ok = UI_process(ui);
1300 UI_free(ui);
1301
1302 if (ok == -2 || (ok >= 0 && answer == 'C'))
1303 ok = 1;
1304 else if (ok < 0)
1305 ok = -1;
1306 else
1307 ok = 0;
1308 }
1309 return ok;
1310 }
1311
1312static void hwcrhk_log_message(void *logstr, const char *message)
1313 {
1314 BIO *lstream = NULL;
1315
1316 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
1317 if (logstr)
1318 lstream=*(BIO **)logstr;
1319 if (lstream)
1320 {
1321 BIO_write(lstream, message, strlen(message));
1322 }
1323 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
1324 }
1325
1326/* This stuff is needed if this ENGINE is being compiled into a self-contained
1327 * shared-library. */
1328#ifdef ENGINE_DYNAMIC_SUPPORT
1329static int bind_fn(ENGINE *e, const char *id)
1330 {
1331 if(id && (strcmp(id, engine_hwcrhk_id) != 0))
1332 return 0;
1333 if(!bind_helper(e))
1334 return 0;
1335 return 1;
1336 }
1337IMPLEMENT_DYNAMIC_CHECK_FN()
1338IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1339#endif /* ENGINE_DYNAMIC_SUPPORT */
1340
1341#endif /* !OPENSSL_NO_HW_NCIPHER */
1342#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c
new file mode 100644
index 0000000000..24024cfc6f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.c
@@ -0,0 +1,156 @@
1/* hw_ncipher_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_ncipher_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA HWCRHK_str_functs[]=
68 {
69{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"},
70{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
71{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"},
72{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0), "HWCRHK_INIT"},
73{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0), "HWCRHK_INSERT_CARD"},
74{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"},
75{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"},
76{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
77{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"},
78{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0), "HWCRHK_RSA_MOD_EXP"},
79{0,NULL}
80 };
81
82static ERR_STRING_DATA HWCRHK_str_reasons[]=
83 {
84{HWCRHK_R_ALREADY_LOADED ,"already loaded"},
85{HWCRHK_R_BIO_WAS_FREED ,"bio was freed"},
86{HWCRHK_R_CHIL_ERROR ,"chil error"},
87{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
88{HWCRHK_R_DSO_FAILURE ,"dso failure"},
89{HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"},
90{HWCRHK_R_NOT_INITIALISED ,"not initialised"},
91{HWCRHK_R_NOT_LOADED ,"not loaded"},
92{HWCRHK_R_NO_CALLBACK ,"no callback"},
93{HWCRHK_R_NO_KEY ,"no key"},
94{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
95{HWCRHK_R_REQUEST_FAILED ,"request failed"},
96{HWCRHK_R_REQUEST_FALLBACK ,"request fallback"},
97{HWCRHK_R_UNIT_FAILURE ,"unit failure"},
98{0,NULL}
99 };
100
101#endif
102
103#ifdef HWCRHK_LIB_NAME
104static ERR_STRING_DATA HWCRHK_lib_name[]=
105 {
106{0 ,HWCRHK_LIB_NAME},
107{0,NULL}
108 };
109#endif
110
111
112static int HWCRHK_lib_error_code=0;
113static int HWCRHK_error_init=1;
114
115static void ERR_load_HWCRHK_strings(void)
116 {
117 if (HWCRHK_lib_error_code == 0)
118 HWCRHK_lib_error_code=ERR_get_next_error_library();
119
120 if (HWCRHK_error_init)
121 {
122 HWCRHK_error_init=0;
123#ifndef OPENSSL_NO_ERR
124 ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
125 ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
126#endif
127
128#ifdef HWCRHK_LIB_NAME
129 HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
130 ERR_load_strings(0,HWCRHK_lib_name);
131#endif
132 }
133 }
134
135static void ERR_unload_HWCRHK_strings(void)
136 {
137 if (HWCRHK_error_init == 0)
138 {
139#ifndef OPENSSL_NO_ERR
140 ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
141 ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
142#endif
143
144#ifdef HWCRHK_LIB_NAME
145 ERR_unload_strings(0,HWCRHK_lib_name);
146#endif
147 HWCRHK_error_init=1;
148 }
149 }
150
151static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
152 {
153 if (HWCRHK_lib_error_code == 0)
154 HWCRHK_lib_error_code=ERR_get_next_error_library();
155 ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
156 }
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h
new file mode 100644
index 0000000000..4d65b1d470
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.h
@@ -0,0 +1,100 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_HWCRHK_ERR_H
56#define HEADER_HWCRHK_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_HWCRHK_strings(void);
63static void ERR_unload_HWCRHK_strings(void);
64static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
65#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the HWCRHK functions. */
68
69/* Function codes. */
70#define HWCRHK_F_HWCRHK_CTRL 100
71#define HWCRHK_F_HWCRHK_FINISH 101
72#define HWCRHK_F_HWCRHK_GET_PASS 102
73#define HWCRHK_F_HWCRHK_INIT 103
74#define HWCRHK_F_HWCRHK_INSERT_CARD 104
75#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105
76#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106
77#define HWCRHK_F_HWCRHK_MOD_EXP 107
78#define HWCRHK_F_HWCRHK_RAND_BYTES 108
79#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
80
81/* Reason codes. */
82#define HWCRHK_R_ALREADY_LOADED 100
83#define HWCRHK_R_BIO_WAS_FREED 101
84#define HWCRHK_R_CHIL_ERROR 102
85#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
86#define HWCRHK_R_DSO_FAILURE 104
87#define HWCRHK_R_MISSING_KEY_COMPONENTS 105
88#define HWCRHK_R_NOT_INITIALISED 106
89#define HWCRHK_R_NOT_LOADED 107
90#define HWCRHK_R_NO_CALLBACK 108
91#define HWCRHK_R_NO_KEY 109
92#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110
93#define HWCRHK_R_REQUEST_FAILED 111
94#define HWCRHK_R_REQUEST_FALLBACK 112
95#define HWCRHK_R_UNIT_FAILURE 113
96
97#ifdef __cplusplus
98}
99#endif
100#endif
diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c
new file mode 100644
index 0000000000..130b6d8b40
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron.c
@@ -0,0 +1,416 @@
1/* crypto/engine/hw_nuron.c */
2/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
3 * Thorpe's Atalla implementation.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/dso.h>
63#include <openssl/engine.h>
64
65
66#ifndef OPENSSL_NO_HW
67#ifndef OPENSSL_NO_HW_NURON
68
69#define NURON_LIB_NAME "nuron engine"
70#include "hw_nuron_err.c"
71
72static const char *NURON_LIBNAME = NULL;
73static const char *get_NURON_LIBNAME(void)
74 {
75 if(NURON_LIBNAME)
76 return NURON_LIBNAME;
77 return "nuronssl";
78 }
79static void free_NURON_LIBNAME(void)
80 {
81 if(NURON_LIBNAME)
82 OPENSSL_free((void*)NURON_LIBNAME);
83 NURON_LIBNAME = NULL;
84 }
85static long set_NURON_LIBNAME(const char *name)
86 {
87 free_NURON_LIBNAME();
88 return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
89 }
90static const char *NURON_F1 = "nuron_mod_exp";
91
92/* The definitions for control commands specific to this engine */
93#define NURON_CMD_SO_PATH ENGINE_CMD_BASE
94static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
95 {NURON_CMD_SO_PATH,
96 "SO_PATH",
97 "Specifies the path to the 'nuronssl' shared library",
98 ENGINE_CMD_FLAG_STRING},
99 {0, NULL, NULL, 0}
100 };
101
102typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
103static tfnModExp *pfnModExp = NULL;
104
105static DSO *pvDSOHandle = NULL;
106
107static int nuron_destroy(ENGINE *e)
108 {
109 free_NURON_LIBNAME();
110 ERR_unload_NURON_strings();
111 return 1;
112 }
113
114static int nuron_init(ENGINE *e)
115 {
116 if(pvDSOHandle != NULL)
117 {
118 NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
119 return 0;
120 }
121
122 pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
123 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
124 if(!pvDSOHandle)
125 {
126 NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
127 return 0;
128 }
129
130 pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
131 if(!pfnModExp)
132 {
133 NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
134 return 0;
135 }
136
137 return 1;
138 }
139
140static int nuron_finish(ENGINE *e)
141 {
142 free_NURON_LIBNAME();
143 if(pvDSOHandle == NULL)
144 {
145 NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
146 return 0;
147 }
148 if(!DSO_free(pvDSOHandle))
149 {
150 NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
151 return 0;
152 }
153 pvDSOHandle=NULL;
154 pfnModExp=NULL;
155 return 1;
156 }
157
158static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
159 {
160 int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
161 switch(cmd)
162 {
163 case NURON_CMD_SO_PATH:
164 if(p == NULL)
165 {
166 NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
167 return 0;
168 }
169 if(initialised)
170 {
171 NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
172 return 0;
173 }
174 return set_NURON_LIBNAME((const char *)p);
175 default:
176 break;
177 }
178 NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
179 return 0;
180}
181
182static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
183 const BIGNUM *m,BN_CTX *ctx)
184 {
185 if(!pvDSOHandle)
186 {
187 NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
188 return 0;
189 }
190 return pfnModExp(r,a,p,m);
191 }
192
193#ifndef OPENSSL_NO_RSA
194static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
195 {
196 return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
197 }
198#endif
199
200#ifndef OPENSSL_NO_DSA
201/* This code was liberated and adapted from the commented-out code in
202 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
203 * (it doesn't have a CRT form for RSA), this function means that an
204 * Atalla system running with a DSA server certificate can handshake
205 * around 5 or 6 times faster/more than an equivalent system running with
206 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
207 * of "openssl speed -engine atalla dsa1024 rsa1024". */
208static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
209 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
210 BN_CTX *ctx, BN_MONT_CTX *in_mont)
211 {
212 BIGNUM t;
213 int to_return = 0;
214
215 BN_init(&t);
216 /* let rr = a1 ^ p1 mod m */
217 if (!nuron_mod_exp(rr,a1,p1,m,ctx))
218 goto end;
219 /* let t = a2 ^ p2 mod m */
220 if (!nuron_mod_exp(&t,a2,p2,m,ctx))
221 goto end;
222 /* let rr = rr * t mod m */
223 if (!BN_mod_mul(rr,rr,&t,m,ctx))
224 goto end;
225 to_return = 1;
226end:
227 BN_free(&t);
228 return to_return;
229 }
230
231
232static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
233 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
234 BN_MONT_CTX *m_ctx)
235 {
236 return nuron_mod_exp(r, a, p, m, ctx);
237 }
238#endif
239
240/* This function is aliased to mod_exp (with the mont stuff dropped). */
241static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
242 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
243 {
244 return nuron_mod_exp(r, a, p, m, ctx);
245 }
246
247#ifndef OPENSSL_NO_DH
248/* This function is aliased to mod_exp (with the dh and mont dropped). */
249static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
250 const BIGNUM *a, const BIGNUM *p,
251 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
252 {
253 return nuron_mod_exp(r, a, p, m, ctx);
254 }
255#endif
256
257#ifndef OPENSSL_NO_RSA
258static RSA_METHOD nuron_rsa =
259 {
260 "Nuron RSA method",
261 NULL,
262 NULL,
263 NULL,
264 NULL,
265 nuron_rsa_mod_exp,
266 nuron_mod_exp_mont,
267 NULL,
268 NULL,
269 0,
270 NULL,
271 NULL,
272 NULL
273 };
274#endif
275
276#ifndef OPENSSL_NO_DSA
277static DSA_METHOD nuron_dsa =
278 {
279 "Nuron DSA method",
280 NULL, /* dsa_do_sign */
281 NULL, /* dsa_sign_setup */
282 NULL, /* dsa_do_verify */
283 nuron_dsa_mod_exp, /* dsa_mod_exp */
284 nuron_mod_exp_dsa, /* bn_mod_exp */
285 NULL, /* init */
286 NULL, /* finish */
287 0, /* flags */
288 NULL /* app_data */
289 };
290#endif
291
292#ifndef OPENSSL_NO_DH
293static DH_METHOD nuron_dh =
294 {
295 "Nuron DH method",
296 NULL,
297 NULL,
298 nuron_mod_exp_dh,
299 NULL,
300 NULL,
301 0,
302 NULL
303 };
304#endif
305
306/* Constants used when creating the ENGINE */
307static const char *engine_nuron_id = "nuron";
308static const char *engine_nuron_name = "Nuron hardware engine support";
309
310/* This internal function is used by ENGINE_nuron() and possibly by the
311 * "dynamic" ENGINE support too */
312static int bind_helper(ENGINE *e)
313 {
314#ifndef OPENSSL_NO_RSA
315 const RSA_METHOD *meth1;
316#endif
317#ifndef OPENSSL_NO_DSA
318 const DSA_METHOD *meth2;
319#endif
320#ifndef OPENSSL_NO_DH
321 const DH_METHOD *meth3;
322#endif
323 if(!ENGINE_set_id(e, engine_nuron_id) ||
324 !ENGINE_set_name(e, engine_nuron_name) ||
325#ifndef OPENSSL_NO_RSA
326 !ENGINE_set_RSA(e, &nuron_rsa) ||
327#endif
328#ifndef OPENSSL_NO_DSA
329 !ENGINE_set_DSA(e, &nuron_dsa) ||
330#endif
331#ifndef OPENSSL_NO_DH
332 !ENGINE_set_DH(e, &nuron_dh) ||
333#endif
334 !ENGINE_set_destroy_function(e, nuron_destroy) ||
335 !ENGINE_set_init_function(e, nuron_init) ||
336 !ENGINE_set_finish_function(e, nuron_finish) ||
337 !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
338 !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
339 return 0;
340
341#ifndef OPENSSL_NO_RSA
342 /* We know that the "PKCS1_SSLeay()" functions hook properly
343 * to the nuron-specific mod_exp and mod_exp_crt so we use
344 * those functions. NB: We don't use ENGINE_openssl() or
345 * anything "more generic" because something like the RSAref
346 * code may not hook properly, and if you own one of these
347 * cards then you have the right to do RSA operations on it
348 * anyway! */
349 meth1=RSA_PKCS1_SSLeay();
350 nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
351 nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
352 nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
353 nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
354#endif
355
356#ifndef OPENSSL_NO_DSA
357 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
358 * bits. */
359 meth2=DSA_OpenSSL();
360 nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
361 nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
362 nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
363#endif
364
365#ifndef OPENSSL_NO_DH
366 /* Much the same for Diffie-Hellman */
367 meth3=DH_OpenSSL();
368 nuron_dh.generate_key=meth3->generate_key;
369 nuron_dh.compute_key=meth3->compute_key;
370#endif
371
372 /* Ensure the nuron error handling is set up */
373 ERR_load_NURON_strings();
374 return 1;
375 }
376
377static ENGINE *engine_nuron(void)
378 {
379 ENGINE *ret = ENGINE_new();
380 if(!ret)
381 return NULL;
382 if(!bind_helper(ret))
383 {
384 ENGINE_free(ret);
385 return NULL;
386 }
387 return ret;
388 }
389
390void ENGINE_load_nuron(void)
391 {
392 /* Copied from eng_[openssl|dyn].c */
393 ENGINE *toadd = engine_nuron();
394 if(!toadd) return;
395 ENGINE_add(toadd);
396 ENGINE_free(toadd);
397 ERR_clear_error();
398 }
399
400/* This stuff is needed if this ENGINE is being compiled into a self-contained
401 * shared-library. */
402#ifdef ENGINE_DYNAMIC_SUPPORT
403static int bind_fn(ENGINE *e, const char *id)
404 {
405 if(id && (strcmp(id, engine_nuron_id) != 0))
406 return 0;
407 if(!bind_helper(e))
408 return 0;
409 return 1;
410 }
411IMPLEMENT_DYNAMIC_CHECK_FN()
412IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
413#endif /* ENGINE_DYNAMIC_SUPPORT */
414
415#endif /* !OPENSSL_NO_HW_NURON */
416#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.c b/src/lib/libcrypto/engine/hw_nuron_err.c
new file mode 100644
index 0000000000..df9d7bde76
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.c
@@ -0,0 +1,142 @@
1/* hw_nuron_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_nuron_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA NURON_str_functs[]=
68 {
69{ERR_PACK(0,NURON_F_NURON_CTRL,0), "NURON_CTRL"},
70{ERR_PACK(0,NURON_F_NURON_FINISH,0), "NURON_FINISH"},
71{ERR_PACK(0,NURON_F_NURON_INIT,0), "NURON_INIT"},
72{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"},
73{0,NULL}
74 };
75
76static ERR_STRING_DATA NURON_str_reasons[]=
77 {
78{NURON_R_ALREADY_LOADED ,"already loaded"},
79{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
80{NURON_R_DSO_FAILURE ,"dso failure"},
81{NURON_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"},
82{NURON_R_DSO_NOT_FOUND ,"dso not found"},
83{NURON_R_NOT_LOADED ,"not loaded"},
84{0,NULL}
85 };
86
87#endif
88
89#ifdef NURON_LIB_NAME
90static ERR_STRING_DATA NURON_lib_name[]=
91 {
92{0 ,NURON_LIB_NAME},
93{0,NULL}
94 };
95#endif
96
97
98static int NURON_lib_error_code=0;
99static int NURON_error_init=1;
100
101static void ERR_load_NURON_strings(void)
102 {
103 if (NURON_lib_error_code == 0)
104 NURON_lib_error_code=ERR_get_next_error_library();
105
106 if (NURON_error_init)
107 {
108 NURON_error_init=0;
109#ifndef OPENSSL_NO_ERR
110 ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
111 ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
112#endif
113
114#ifdef NURON_LIB_NAME
115 NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
116 ERR_load_strings(0,NURON_lib_name);
117#endif
118 }
119 }
120
121static void ERR_unload_NURON_strings(void)
122 {
123 if (NURON_error_init == 0)
124 {
125#ifndef OPENSSL_NO_ERR
126 ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
127 ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
128#endif
129
130#ifdef NURON_LIB_NAME
131 ERR_unload_strings(0,NURON_lib_name);
132#endif
133 NURON_error_init=1;
134 }
135 }
136
137static void ERR_NURON_error(int function, int reason, char *file, int line)
138 {
139 if (NURON_lib_error_code == 0)
140 NURON_lib_error_code=ERR_get_next_error_library();
141 ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
142 }
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.h b/src/lib/libcrypto/engine/hw_nuron_err.h
new file mode 100644
index 0000000000..a56bfdf303
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.h
@@ -0,0 +1,86 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_NURON_ERR_H
56#define HEADER_NURON_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_NURON_strings(void);
63static void ERR_unload_NURON_strings(void);
64static void ERR_NURON_error(int function, int reason, char *file, int line);
65#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the NURON functions. */
68
69/* Function codes. */
70#define NURON_F_NURON_CTRL 100
71#define NURON_F_NURON_FINISH 101
72#define NURON_F_NURON_INIT 102
73#define NURON_F_NURON_MOD_EXP 103
74
75/* Reason codes. */
76#define NURON_R_ALREADY_LOADED 100
77#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
78#define NURON_R_DSO_FAILURE 102
79#define NURON_R_DSO_FUNCTION_NOT_FOUND 103
80#define NURON_R_DSO_NOT_FOUND 104
81#define NURON_R_NOT_LOADED 105
82
83#ifdef __cplusplus
84}
85#endif
86#endif
diff --git a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
new file mode 100644
index 0000000000..f946389b8a
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
@@ -0,0 +1,594 @@
1/* Written by Ben Laurie <ben@algroup.co.uk> August 2001 */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/engine.h>
57#include <openssl/evp.h>
58#include "eng_int.h"
59/* Maybe this is needed? ... */
60#ifdef FLAT_INC
61#include "evp_locl.h"
62#else
63#include "../evp/evp_locl.h"
64#endif
65#include <openssl/conf.h>
66
67#ifndef OPENSSL_OPENBSD_DEV_CRYPTO
68
69void ENGINE_load_openbsd_dev_crypto(void)
70 {
71 /* This is a NOP unless OPENSSL_OPENBSD_DEV_CRYPTO is defined */
72 return;
73 }
74
75#else /* OPENSSL_OPENBSD_DEV_CRYPTO */
76
77#include <fcntl.h>
78#include <stdio.h>
79#include <errno.h>
80#include <assert.h>
81#include <unistd.h>
82#include <sys/ioctl.h>
83
84#include <crypto/cryptodev.h>
85
86/****************************************************/
87/* Declare the normal generic ENGINE stuff here ... */
88
89static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
90 const int **nids, int nid);
91static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
92 const int **nids, int nid);
93
94static const char dev_crypto_id[] = "openbsd_dev_crypto";
95static const char dev_crypto_name[] = "OpenBSD /dev/crypto";
96
97static long allow_misaligned;
98
99#define DEV_CRYPTO_CMD_ALLOW_MISALIGNED ENGINE_CMD_BASE
100static const ENGINE_CMD_DEFN dev_crypto_cmd_defns[]=
101 {
102 { DEV_CRYPTO_CMD_ALLOW_MISALIGNED,
103 "allow_misaligned",
104 "Permit misaligned data to be used",
105 ENGINE_CMD_FLAG_NUMERIC },
106 { 0, NULL, NULL, 0 }
107 };
108
109static int dev_crypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
110 {
111 switch(cmd)
112 {
113 case DEV_CRYPTO_CMD_ALLOW_MISALIGNED:
114 allow_misaligned=i;
115 printf("allow misaligned=%ld\n",allow_misaligned);
116 break;
117 }
118
119 return 1;
120 }
121
122static ENGINE *engine_openbsd_dev_crypto(void)
123 {
124 ENGINE *engine=ENGINE_new();
125
126 if(!ENGINE_set_id(engine, dev_crypto_id) ||
127 !ENGINE_set_name(engine, dev_crypto_name) ||
128 !ENGINE_set_ciphers(engine, dev_crypto_ciphers) ||
129 !ENGINE_set_digests(engine, dev_crypto_digests) ||
130 !ENGINE_set_ctrl_function(engine, dev_crypto_ctrl) ||
131 !ENGINE_set_cmd_defns(engine, dev_crypto_cmd_defns))
132 {
133 ENGINE_free(engine);
134 return NULL;
135 }
136
137 return engine;
138 }
139
140void ENGINE_load_openbsd_dev_crypto(void)
141 {
142 /* Copied from eng_[openssl|dyn].c */
143 ENGINE *toadd = engine_openbsd_dev_crypto();
144 if(!toadd) return;
145 ENGINE_add(toadd);
146 ENGINE_free(toadd);
147 ERR_clear_error();
148 }
149
150/******************************************************************************/
151/* Clip in the stuff from crypto/evp/openbsd_hw.c here. NB: What has changed? */
152/* I've removed the exposed EVP_*** functions, they're accessed through the */
153/* "dev_crypto_[ciphers|digests]" handlers. I've also moved the EVP_CIPHER */
154/* and EVP_MD structures to the bottom where they are close to the handlers */
155/* that expose them. What should be done? The global data (file-descriptors, */
156/* etc) should be put into ENGINE's ex_data support, and per-context data */
157/* (also file-descriptors perhaps) should be put into the contexts. Also code */
158/* formatting, fprintf statements, and OpenSSL-style error handling should be */
159/* added (dynamically, like the other ENGINEs). Also, "dynamic" support */
160/* be added to this ENGINE once it's up and running so that it could be built */
161/* as a shared-library. What else? device initialisation should take place */
162/* inside an ENGINE 'init()' handler (and likewise 'finish()'). ciphers and */
163/* digests won't be used by the framework unless the ENGINE has been */
164/* successfully initialised (that's one of the things you get for free) so */
165/* initialisation, including returning failure if device setup fails, can be */
166/* handled quite cleanly. This could presumably handle the opening (and then */
167/* closing inside 'finish()') of the 'cryptodev_fd' file-descriptor). */
168
169/* longest key supported in hardware */
170#define MAX_HW_KEY 24
171#define MAX_HW_IV 8
172
173#define MD5_DIGEST_LENGTH 16
174#define MD5_CBLOCK 64
175
176static int fd;
177static int dev_failed;
178
179typedef struct session_op session_op;
180
181#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
182
183static void err(const char *str)
184 {
185 fprintf(stderr,"%s: errno %d\n",str,errno);
186 }
187
188static int dev_crypto_init(session_op *ses)
189 {
190 if(dev_failed)
191 return 0;
192 if(!fd)
193 {
194 int cryptodev_fd;
195
196 if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
197 {
198 err("/dev/crypto");
199 dev_failed=1;
200 return 0;
201 }
202 if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
203 {
204 err("CRIOGET failed");
205 close(cryptodev_fd);
206 dev_failed=1;
207 return 0;
208 }
209 close(cryptodev_fd);
210 }
211 assert(ses);
212 memset(ses,'\0',sizeof *ses);
213
214 return 1;
215 }
216
217static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
218 {
219 fprintf(stderr,"cleanup %d\n",CDATA(ctx)->ses);
220 if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
221 err("CIOCFSESSION failed");
222
223 OPENSSL_free(CDATA(ctx)->key);
224
225 return 1;
226 }
227
228static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
229 const unsigned char *key,int klen)
230 {
231 if(!dev_crypto_init(CDATA(ctx)))
232 return 0;
233
234 CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
235
236 assert(ctx->cipher->iv_len <= MAX_HW_IV);
237
238 memcpy(CDATA(ctx)->key,key,klen);
239
240 CDATA(ctx)->cipher=cipher;
241 CDATA(ctx)->keylen=klen;
242
243 if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
244 {
245 err("CIOCGSESSION failed");
246 return 0;
247 }
248 return 1;
249 }
250
251static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
252 const unsigned char *in,unsigned int inl)
253 {
254 struct crypt_op cryp;
255 unsigned char lb[MAX_HW_IV];
256
257 if(!inl)
258 return 1;
259
260 assert(CDATA(ctx));
261 assert(!dev_failed);
262
263 memset(&cryp,'\0',sizeof cryp);
264 cryp.ses=CDATA(ctx)->ses;
265 cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
266 cryp.flags=0;
267 cryp.len=inl;
268 assert((inl&(ctx->cipher->block_size-1)) == 0);
269 cryp.src=(caddr_t)in;
270 cryp.dst=(caddr_t)out;
271 cryp.mac=0;
272 if(ctx->cipher->iv_len)
273 cryp.iv=(caddr_t)ctx->iv;
274
275 if(!ctx->encrypt)
276 memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
277
278 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
279 {
280 if(errno == EINVAL) /* buffers are misaligned */
281 {
282 unsigned int cinl=0;
283 char *cin=NULL;
284 char *cout=NULL;
285
286 /* NB: this can only make cinl != inl with stream ciphers */
287 cinl=(inl+3)/4*4;
288
289 if(((unsigned long)in&3) || cinl != inl)
290 {
291 cin=OPENSSL_malloc(cinl);
292 memcpy(cin,in,inl);
293 cryp.src=cin;
294 }
295
296 if(((unsigned long)out&3) || cinl != inl)
297 {
298 cout=OPENSSL_malloc(cinl);
299 cryp.dst=cout;
300 }
301
302 cryp.len=cinl;
303
304 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
305 {
306 err("CIOCCRYPT(2) failed");
307 printf("src=%p dst=%p\n",cryp.src,cryp.dst);
308 abort();
309 return 0;
310 }
311
312 if(cout)
313 {
314 memcpy(out,cout,inl);
315 OPENSSL_free(cout);
316 }
317 if(cin)
318 OPENSSL_free(cin);
319 }
320 else
321 {
322 err("CIOCCRYPT failed");
323 abort();
324 return 0;
325 }
326 }
327
328 if(ctx->encrypt)
329 memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
330 else
331 memcpy(ctx->iv,lb,ctx->cipher->iv_len);
332
333 return 1;
334 }
335
336static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
337 const unsigned char *key,
338 const unsigned char *iv, int enc)
339 { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
340
341static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
342 const unsigned char *key,
343 const unsigned char *iv, int enc)
344 { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
345
346typedef struct
347 {
348 session_op sess;
349 char *data;
350 int len;
351 unsigned char md[EVP_MAX_MD_SIZE];
352 } MD_DATA;
353
354static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
355 {
356 if(!dev_crypto_init(&md_data->sess))
357 return 0;
358
359 md_data->len=0;
360 md_data->data=NULL;
361
362 md_data->sess.mac=mac;
363
364 if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
365 {
366 err("CIOCGSESSION failed");
367 return 0;
368 }
369 fprintf(stderr,"opened %d\n",md_data->sess.ses);
370 return 1;
371 }
372
373static int dev_crypto_cleanup_digest(MD_DATA *md_data)
374 {
375 fprintf(stderr,"cleanup %d\n",md_data->sess.ses);
376 if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
377 {
378 err("CIOCFSESSION failed");
379 return 0;
380 }
381
382 return 1;
383 }
384
385/* FIXME: if device can do chained MACs, then don't accumulate */
386/* FIXME: move accumulation to the framework */
387static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
388 { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
389
390static int do_digest(int ses,unsigned char *md,const void *data,int len)
391 {
392 struct crypt_op cryp;
393 static unsigned char md5zero[16]=
394 {
395 0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
396 0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
397 };
398
399 /* some cards can't do zero length */
400 if(!len)
401 {
402 memcpy(md,md5zero,16);
403 return 1;
404 }
405
406 memset(&cryp,'\0',sizeof cryp);
407 cryp.ses=ses;
408 cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
409 cryp.len=len;
410 cryp.src=(caddr_t)data;
411 cryp.dst=(caddr_t)data; // FIXME!!!
412 cryp.mac=(caddr_t)md;
413
414 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
415 {
416 if(errno == EINVAL && allow_misaligned) /* buffer is misaligned */
417 {
418 char *dcopy;
419
420 dcopy=OPENSSL_malloc(len);
421 memcpy(dcopy,data,len);
422 cryp.src=dcopy;
423 cryp.dst=cryp.src; // FIXME!!!
424
425 if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
426 {
427 err("CIOCCRYPT(MAC2) failed");
428 abort();
429 return 0;
430 }
431 OPENSSL_free(dcopy);
432 }
433 else
434 {
435 err("CIOCCRYPT(MAC) failed");
436 abort();
437 return 0;
438 }
439 }
440 // printf("done\n");
441
442 return 1;
443 }
444
445static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
446 unsigned long len)
447 {
448 MD_DATA *md_data=ctx->md_data;
449
450 if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
451 return do_digest(md_data->sess.ses,md_data->md,data,len);
452
453 md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
454 memcpy(md_data->data+md_data->len,data,len);
455 md_data->len+=len;
456
457 return 1;
458 }
459
460static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
461 {
462 int ret;
463 MD_DATA *md_data=ctx->md_data;
464
465 if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
466 {
467 memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
468 ret=1;
469 }
470 else
471 {
472 ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
473 OPENSSL_free(md_data->data);
474 md_data->data=NULL;
475 md_data->len=0;
476 }
477
478 return ret;
479 }
480
481static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
482 {
483 const MD_DATA *from_md=from->md_data;
484 MD_DATA *to_md=to->md_data;
485
486 // How do we copy sessions?
487 assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
488
489 to_md->data=OPENSSL_malloc(from_md->len);
490 memcpy(to_md->data,from_md->data,from_md->len);
491
492 return 1;
493 }
494
495static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
496 {
497 return dev_crypto_cleanup_digest(ctx->md_data);
498 }
499
500/**************************************************************************/
501/* Here are the moved declarations of the EVP_CIPHER and EVP_MD */
502/* implementations. They're down here to be within easy editor-distance */
503/* of the digests and ciphers handler functions. */
504
505#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
506
507BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
508 0, dev_crypto_des_ede3_init_key,
509 dev_crypto_cleanup,
510 EVP_CIPHER_set_asn1_iv,
511 EVP_CIPHER_get_asn1_iv,
512 NULL)
513
514static const EVP_CIPHER r4_cipher=
515 {
516 NID_rc4,
517 1,16,0, /* FIXME: key should be up to 256 bytes */
518 EVP_CIPH_VARIABLE_LENGTH,
519 dev_crypto_rc4_init_key,
520 dev_crypto_cipher,
521 dev_crypto_cleanup,
522 sizeof(session_op),
523 NULL,
524 NULL,
525 NULL
526 };
527
528static const EVP_MD md5_md=
529 {
530 NID_md5,
531 NID_md5WithRSAEncryption,
532 MD5_DIGEST_LENGTH,
533 EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
534 dev_crypto_md5_init,
535 dev_crypto_md5_update,
536 dev_crypto_md5_final,
537 dev_crypto_md5_copy,
538 dev_crypto_md5_cleanup,
539 EVP_PKEY_RSA_method,
540 MD5_CBLOCK,
541 sizeof(MD_DATA),
542 };
543
544/****************************************************************/
545/* Implement the dev_crypto_[ciphers|digests] handlers here ... */
546
547static int cipher_nids[] = {NID_des_ede3_cbc, NID_rc4};
548static int cipher_nids_num = 2;
549static int digest_nids[] = {NID_md5};
550static int digest_nids_num = 1;
551
552static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
553 const int **nids, int nid)
554 {
555 if(!cipher)
556 {
557 /* We are returning a list of supported nids */
558 *nids = cipher_nids;
559 return cipher_nids_num;
560 }
561 /* We are being asked for a specific cipher */
562 if(nid == NID_rc4)
563 *cipher = &r4_cipher;
564 else if(nid == NID_des_ede3_cbc)
565 *cipher = &dev_crypto_des_ede3_cbc;
566 else
567 {
568 *cipher = NULL;
569 return 0;
570 }
571 return 1;
572 }
573
574static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
575 const int **nids, int nid)
576 {
577 if(!digest)
578 {
579 /* We are returning a list of supported nids */
580 *nids = digest_nids;
581 return digest_nids_num;
582 }
583 /* We are being asked for a specific digest */
584 if(nid == NID_md5)
585 *digest = &md5_md;
586 else
587 {
588 *digest = NULL;
589 return 0;
590 }
591 return 1;
592 }
593
594#endif /* OPENSSL_OPENBSD_DEV_CRYPTO */
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.c b/src/lib/libcrypto/engine/hw_sureware_err.c
new file mode 100644
index 0000000000..69955dadbb
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.c
@@ -0,0 +1,150 @@
1/* hw_sureware_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_sureware_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA SUREWARE_str_functs[]=
68 {
69{ERR_PACK(0,SUREWARE_F_SUREWAREHK_CTRL,0), "SUREWAREHK_CTRL"},
70{ERR_PACK(0,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,0), "SUREWAREHK_DSA_DO_SIGN"},
71{ERR_PACK(0,SUREWARE_F_SUREWAREHK_EX_FREE,0), "SUREWAREHK_EX_FREE"},
72{ERR_PACK(0,SUREWARE_F_SUREWAREHK_FINISH,0), "SUREWAREHK_FINISH"},
73{ERR_PACK(0,SUREWARE_F_SUREWAREHK_INIT,0), "SUREWAREHK_INIT"},
74{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0), "SUREWAREHK_LOAD_PRIVATE_KEY"},
75{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0), "SUREWAREHK_LOAD_PUBLIC_KEY"},
76{ERR_PACK(0,SUREWARE_F_SUREWAREHK_MOD_EXP,0), "SUREWAREHK_MOD_EXP"},
77{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_BYTES,0), "SUREWAREHK_RAND_BYTES"},
78{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_SEED,0), "SUREWAREHK_RAND_SEED"},
79{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,0), "SUREWAREHK_RSA_PRIV_DEC"},
80{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,0), "SUREWAREHK_RSA_PRIV_ENC"},
81{0,NULL}
82 };
83
84static ERR_STRING_DATA SUREWARE_str_reasons[]=
85 {
86{SUREWARE_R_BIO_WAS_FREED ,"bio was freed"},
87{SUREWARE_R_MISSING_KEY_COMPONENTS ,"missing key components"},
88{SUREWARE_R_REQUEST_FAILED ,"request failed"},
89{SUREWARE_R_REQUEST_FALLBACK ,"request fallback"},
90{SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
91{SUREWARE_R_UNIT_FAILURE ,"unit failure"},
92{0,NULL}
93 };
94
95#endif
96
97#ifdef SUREWARE_LIB_NAME
98static ERR_STRING_DATA SUREWARE_lib_name[]=
99 {
100{0 ,SUREWARE_LIB_NAME},
101{0,NULL}
102 };
103#endif
104
105
106static int SUREWARE_lib_error_code=0;
107static int SUREWARE_error_init=1;
108
109static void ERR_load_SUREWARE_strings(void)
110 {
111 if (SUREWARE_lib_error_code == 0)
112 SUREWARE_lib_error_code=ERR_get_next_error_library();
113
114 if (SUREWARE_error_init)
115 {
116 SUREWARE_error_init=0;
117#ifndef OPENSSL_NO_ERR
118 ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
119 ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
120#endif
121
122#ifdef SUREWARE_LIB_NAME
123 SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
124 ERR_load_strings(0,SUREWARE_lib_name);
125#endif
126 }
127 }
128
129static void ERR_unload_SUREWARE_strings(void)
130 {
131 if (SUREWARE_error_init == 0)
132 {
133#ifndef OPENSSL_NO_ERR
134 ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
135 ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
136#endif
137
138#ifdef SUREWARE_LIB_NAME
139 ERR_unload_strings(0,SUREWARE_lib_name);
140#endif
141 SUREWARE_error_init=1;
142 }
143 }
144
145static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
146 {
147 if (SUREWARE_lib_error_code == 0)
148 SUREWARE_lib_error_code=ERR_get_next_error_library();
149 ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
150 }
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.h b/src/lib/libcrypto/engine/hw_sureware_err.h
new file mode 100644
index 0000000000..bc52af5e05
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.h
@@ -0,0 +1,94 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_SUREWARE_ERR_H
56#define HEADER_SUREWARE_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_SUREWARE_strings(void);
63static void ERR_unload_SUREWARE_strings(void);
64static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
65#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the SUREWARE functions. */
68
69/* Function codes. */
70#define SUREWARE_F_SUREWAREHK_CTRL 100
71#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
72#define SUREWARE_F_SUREWAREHK_EX_FREE 102
73#define SUREWARE_F_SUREWAREHK_FINISH 103
74#define SUREWARE_F_SUREWAREHK_INIT 104
75#define SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY 105
76#define SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY 106
77#define SUREWARE_F_SUREWAREHK_MOD_EXP 107
78#define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
79#define SUREWARE_F_SUREWAREHK_RAND_SEED 109
80#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
81#define SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC 111
82
83/* Reason codes. */
84#define SUREWARE_R_BIO_WAS_FREED 100
85#define SUREWARE_R_MISSING_KEY_COMPONENTS 105
86#define SUREWARE_R_REQUEST_FAILED 101
87#define SUREWARE_R_REQUEST_FALLBACK 102
88#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
89#define SUREWARE_R_UNIT_FAILURE 104
90
91#ifdef __cplusplus
92}
93#endif
94#endif
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
new file mode 100644
index 0000000000..63397f868c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -0,0 +1,1059 @@
1/* crypto/engine/hw_ubsec.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 *
5 * Cloned shamelessly by Joe Tardo.
6 */
7/* ====================================================================
8 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in
19 * the documentation and/or other materials provided with the
20 * distribution.
21 *
22 * 3. All advertising materials mentioning features or use of this
23 * software must display the following acknowledgment:
24 * "This product includes software developed by the OpenSSL Project
25 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 *
27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28 * endorse or promote products derived from this software without
29 * prior written permission. For written permission, please contact
30 * licensing@OpenSSL.org.
31 *
32 * 5. Products derived from this software may not be called "OpenSSL"
33 * nor may "OpenSSL" appear in their names without prior written
34 * permission of the OpenSSL Project.
35 *
36 * 6. Redistributions of any form whatsoever must retain the following
37 * acknowledgment:
38 * "This product includes software developed by the OpenSSL Project
39 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52 * OF THE POSSIBILITY OF SUCH DAMAGE.
53 * ====================================================================
54 *
55 * This product includes cryptographic software written by Eric Young
56 * (eay@cryptsoft.com). This product includes software written by Tim
57 * Hudson (tjh@cryptsoft.com).
58 *
59 */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include "cryptlib.h"
64#include <openssl/dso.h>
65#include <openssl/engine.h>
66
67#ifndef OPENSSL_NO_HW
68#ifndef OPENSSL_NO_HW_UBSEC
69
70#ifdef FLAT_INC
71#include "hw_ubsec.h"
72#else
73#include "vendor_defns/hw_ubsec.h"
74#endif
75
76#define UBSEC_LIB_NAME "ubsec engine"
77#include "hw_ubsec_err.c"
78
79#define FAIL_TO_SOFTWARE -15
80
81static int ubsec_destroy(ENGINE *e);
82static int ubsec_init(ENGINE *e);
83static int ubsec_finish(ENGINE *e);
84static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
85static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
86 const BIGNUM *m, BN_CTX *ctx);
87static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
88 const BIGNUM *q, const BIGNUM *dp,
89 const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
90#ifndef OPENSSL_NO_RSA
91static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
92#endif
93static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95#ifndef OPENSSL_NO_DSA
96#if NOT_USED
97static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
98 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
99 BN_CTX *ctx, BN_MONT_CTX *in_mont);
100static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
101 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
102 BN_MONT_CTX *m_ctx);
103#endif
104static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
105static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
106 DSA_SIG *sig, DSA *dsa);
107#endif
108#ifndef OPENSSL_NO_DH
109static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
110 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
111 BN_MONT_CTX *m_ctx);
112static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
113static int ubsec_dh_generate_key(DH *dh);
114#endif
115
116#if NOT_USED
117static int ubsec_rand_bytes(unsigned char *buf, int num);
118static int ubsec_rand_status(void);
119#endif
120
121#define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
122static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
123 {UBSEC_CMD_SO_PATH,
124 "SO_PATH",
125 "Specifies the path to the 'ubsec' shared library",
126 ENGINE_CMD_FLAG_STRING},
127 {0, NULL, NULL, 0}
128 };
129
130#ifndef OPENSSL_NO_RSA
131/* Our internal RSA_METHOD that we provide pointers to */
132static RSA_METHOD ubsec_rsa =
133 {
134 "UBSEC RSA method",
135 NULL,
136 NULL,
137 NULL,
138 NULL,
139 ubsec_rsa_mod_exp,
140 ubsec_mod_exp_mont,
141 NULL,
142 NULL,
143 0,
144 NULL,
145 NULL,
146 NULL
147 };
148#endif
149
150#ifndef OPENSSL_NO_DSA
151/* Our internal DSA_METHOD that we provide pointers to */
152static DSA_METHOD ubsec_dsa =
153 {
154 "UBSEC DSA method",
155 ubsec_dsa_do_sign, /* dsa_do_sign */
156 NULL, /* dsa_sign_setup */
157 ubsec_dsa_verify, /* dsa_do_verify */
158 NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
159 NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
160 NULL, /* init */
161 NULL, /* finish */
162 0, /* flags */
163 NULL /* app_data */
164 };
165#endif
166
167#ifndef OPENSSL_NO_DH
168/* Our internal DH_METHOD that we provide pointers to */
169static DH_METHOD ubsec_dh =
170 {
171 "UBSEC DH method",
172 ubsec_dh_generate_key,
173 ubsec_dh_compute_key,
174 ubsec_mod_exp_dh,
175 NULL,
176 NULL,
177 0,
178 NULL
179 };
180#endif
181
182/* Constants used when creating the ENGINE */
183static const char *engine_ubsec_id = "ubsec";
184static const char *engine_ubsec_name = "UBSEC hardware engine support";
185
186/* This internal function is used by ENGINE_ubsec() and possibly by the
187 * "dynamic" ENGINE support too */
188static int bind_helper(ENGINE *e)
189 {
190#ifndef OPENSSL_NO_RSA
191 const RSA_METHOD *meth1;
192#endif
193#ifndef OPENSSL_NO_DH
194#ifndef HAVE_UBSEC_DH
195 const DH_METHOD *meth3;
196#endif /* HAVE_UBSEC_DH */
197#endif
198 if(!ENGINE_set_id(e, engine_ubsec_id) ||
199 !ENGINE_set_name(e, engine_ubsec_name) ||
200#ifndef OPENSSL_NO_RSA
201 !ENGINE_set_RSA(e, &ubsec_rsa) ||
202#endif
203#ifndef OPENSSL_NO_DSA
204 !ENGINE_set_DSA(e, &ubsec_dsa) ||
205#endif
206#ifndef OPENSSL_NO_DH
207 !ENGINE_set_DH(e, &ubsec_dh) ||
208#endif
209 !ENGINE_set_destroy_function(e, ubsec_destroy) ||
210 !ENGINE_set_init_function(e, ubsec_init) ||
211 !ENGINE_set_finish_function(e, ubsec_finish) ||
212 !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
213 !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
214 return 0;
215
216#ifndef OPENSSL_NO_RSA
217 /* We know that the "PKCS1_SSLeay()" functions hook properly
218 * to the Broadcom-specific mod_exp and mod_exp_crt so we use
219 * those functions. NB: We don't use ENGINE_openssl() or
220 * anything "more generic" because something like the RSAref
221 * code may not hook properly, and if you own one of these
222 * cards then you have the right to do RSA operations on it
223 * anyway! */
224 meth1 = RSA_PKCS1_SSLeay();
225 ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
226 ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
227 ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
228 ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
229#endif
230
231#ifndef OPENSSL_NO_DH
232#ifndef HAVE_UBSEC_DH
233 /* Much the same for Diffie-Hellman */
234 meth3 = DH_OpenSSL();
235 ubsec_dh.generate_key = meth3->generate_key;
236 ubsec_dh.compute_key = meth3->compute_key;
237#endif /* HAVE_UBSEC_DH */
238#endif
239
240 /* Ensure the ubsec error handling is set up */
241 ERR_load_UBSEC_strings();
242 return 1;
243 }
244
245static ENGINE *engine_ubsec(void)
246 {
247 ENGINE *ret = ENGINE_new();
248 if(!ret)
249 return NULL;
250 if(!bind_helper(ret))
251 {
252 ENGINE_free(ret);
253 return NULL;
254 }
255 return ret;
256 }
257
258void ENGINE_load_ubsec(void)
259 {
260 /* Copied from eng_[openssl|dyn].c */
261 ENGINE *toadd = engine_ubsec();
262 if(!toadd) return;
263 ENGINE_add(toadd);
264 ENGINE_free(toadd);
265 ERR_clear_error();
266 }
267
268/* This is a process-global DSO handle used for loading and unloading
269 * the UBSEC library. NB: This is only set (or unset) during an
270 * init() or finish() call (reference counts permitting) and they're
271 * operating with global locks, so this should be thread-safe
272 * implicitly. */
273
274static DSO *ubsec_dso = NULL;
275
276/* These are the function pointers that are (un)set when the library has
277 * successfully (un)loaded. */
278
279static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
280static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
281static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
282static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
283#ifndef OPENSSL_NO_DH
284static t_UBSEC_diffie_hellman_generate_ioctl
285 *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
286static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
287#endif
288/* #ifndef OPENSSL_NO_RSA */
289static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
290static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
291/* #endif */
292#ifndef OPENSSL_NO_DSA
293static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
294static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
295#endif
296static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
297static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
298static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
299
300static int max_key_len = 1024; /* ??? */
301
302/*
303 * These are the static string constants for the DSO file name and the function
304 * symbol names to bind to.
305 */
306
307static const char *UBSEC_LIBNAME = NULL;
308static const char *get_UBSEC_LIBNAME(void)
309 {
310 if(UBSEC_LIBNAME)
311 return UBSEC_LIBNAME;
312 return "ubsec";
313 }
314static void free_UBSEC_LIBNAME(void)
315 {
316 if(UBSEC_LIBNAME)
317 OPENSSL_free((void*)UBSEC_LIBNAME);
318 UBSEC_LIBNAME = NULL;
319 }
320static long set_UBSEC_LIBNAME(const char *name)
321 {
322 free_UBSEC_LIBNAME();
323 return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
324 }
325static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
326static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
327static const char *UBSEC_F3 = "ubsec_open";
328static const char *UBSEC_F4 = "ubsec_close";
329#ifndef OPENSSL_NO_DH
330static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
331static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
332#endif
333/* #ifndef OPENSSL_NO_RSA */
334static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
335static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
336/* #endif */
337#ifndef OPENSSL_NO_DSA
338static const char *UBSEC_F9 = "dsa_sign_ioctl";
339static const char *UBSEC_F10 = "dsa_verify_ioctl";
340#endif
341static const char *UBSEC_F11 = "math_accelerate_ioctl";
342static const char *UBSEC_F12 = "rng_ioctl";
343static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
344
345/* Destructor (complements the "ENGINE_ubsec()" constructor) */
346static int ubsec_destroy(ENGINE *e)
347 {
348 free_UBSEC_LIBNAME();
349 ERR_unload_UBSEC_strings();
350 return 1;
351 }
352
353/* (de)initialisation functions. */
354static int ubsec_init(ENGINE *e)
355 {
356 t_UBSEC_ubsec_bytes_to_bits *p1;
357 t_UBSEC_ubsec_bits_to_bytes *p2;
358 t_UBSEC_ubsec_open *p3;
359 t_UBSEC_ubsec_close *p4;
360#ifndef OPENSSL_NO_DH
361 t_UBSEC_diffie_hellman_generate_ioctl *p5;
362 t_UBSEC_diffie_hellman_agree_ioctl *p6;
363#endif
364/* #ifndef OPENSSL_NO_RSA */
365 t_UBSEC_rsa_mod_exp_ioctl *p7;
366 t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
367/* #endif */
368#ifndef OPENSSL_NO_DSA
369 t_UBSEC_dsa_sign_ioctl *p9;
370 t_UBSEC_dsa_verify_ioctl *p10;
371#endif
372 t_UBSEC_math_accelerate_ioctl *p11;
373 t_UBSEC_rng_ioctl *p12;
374 t_UBSEC_max_key_len_ioctl *p13;
375 int fd = 0;
376
377 if(ubsec_dso != NULL)
378 {
379 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
380 goto err;
381 }
382 /*
383 * Attempt to load libubsec.so/ubsec.dll/whatever.
384 */
385 ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
386 if(ubsec_dso == NULL)
387 {
388 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
389 goto err;
390 }
391
392 if (
393 !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
394 !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
395 !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
396 !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
397#ifndef OPENSSL_NO_DH
398 !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
399 DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
400 !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
401 DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
402#endif
403/* #ifndef OPENSSL_NO_RSA */
404 !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
405 !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
406/* #endif */
407#ifndef OPENSSL_NO_DSA
408 !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
409 !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
410#endif
411 !(p11 = (t_UBSEC_math_accelerate_ioctl *)
412 DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
413 !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
414 !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
415 {
416 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
417 goto err;
418 }
419
420 /* Copy the pointers */
421 p_UBSEC_ubsec_bytes_to_bits = p1;
422 p_UBSEC_ubsec_bits_to_bytes = p2;
423 p_UBSEC_ubsec_open = p3;
424 p_UBSEC_ubsec_close = p4;
425#ifndef OPENSSL_NO_DH
426 p_UBSEC_diffie_hellman_generate_ioctl = p5;
427 p_UBSEC_diffie_hellman_agree_ioctl = p6;
428#endif
429#ifndef OPENSSL_NO_RSA
430 p_UBSEC_rsa_mod_exp_ioctl = p7;
431 p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
432#endif
433#ifndef OPENSSL_NO_DSA
434 p_UBSEC_dsa_sign_ioctl = p9;
435 p_UBSEC_dsa_verify_ioctl = p10;
436#endif
437 p_UBSEC_math_accelerate_ioctl = p11;
438 p_UBSEC_rng_ioctl = p12;
439 p_UBSEC_max_key_len_ioctl = p13;
440
441 /* Perform an open to see if there's actually any unit running. */
442 if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
443 {
444 p_UBSEC_ubsec_close(fd);
445 return 1;
446 }
447 else
448 {
449 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
450 }
451
452err:
453 if(ubsec_dso)
454 DSO_free(ubsec_dso);
455 p_UBSEC_ubsec_bytes_to_bits = NULL;
456 p_UBSEC_ubsec_bits_to_bytes = NULL;
457 p_UBSEC_ubsec_open = NULL;
458 p_UBSEC_ubsec_close = NULL;
459#ifndef OPENSSL_NO_DH
460 p_UBSEC_diffie_hellman_generate_ioctl = NULL;
461 p_UBSEC_diffie_hellman_agree_ioctl = NULL;
462#endif
463#ifndef OPENSSL_NO_RSA
464 p_UBSEC_rsa_mod_exp_ioctl = NULL;
465 p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
466#endif
467#ifndef OPENSSL_NO_DSA
468 p_UBSEC_dsa_sign_ioctl = NULL;
469 p_UBSEC_dsa_verify_ioctl = NULL;
470#endif
471 p_UBSEC_math_accelerate_ioctl = NULL;
472 p_UBSEC_rng_ioctl = NULL;
473 p_UBSEC_max_key_len_ioctl = NULL;
474
475 return 0;
476 }
477
478static int ubsec_finish(ENGINE *e)
479 {
480 free_UBSEC_LIBNAME();
481 if(ubsec_dso == NULL)
482 {
483 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
484 return 0;
485 }
486 if(!DSO_free(ubsec_dso))
487 {
488 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
489 return 0;
490 }
491 ubsec_dso = NULL;
492 p_UBSEC_ubsec_bytes_to_bits = NULL;
493 p_UBSEC_ubsec_bits_to_bytes = NULL;
494 p_UBSEC_ubsec_open = NULL;
495 p_UBSEC_ubsec_close = NULL;
496#ifndef OPENSSL_NO_DH
497 p_UBSEC_diffie_hellman_generate_ioctl = NULL;
498 p_UBSEC_diffie_hellman_agree_ioctl = NULL;
499#endif
500#ifndef OPENSSL_NO_RSA
501 p_UBSEC_rsa_mod_exp_ioctl = NULL;
502 p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
503#endif
504#ifndef OPENSSL_NO_DSA
505 p_UBSEC_dsa_sign_ioctl = NULL;
506 p_UBSEC_dsa_verify_ioctl = NULL;
507#endif
508 p_UBSEC_math_accelerate_ioctl = NULL;
509 p_UBSEC_rng_ioctl = NULL;
510 p_UBSEC_max_key_len_ioctl = NULL;
511 return 1;
512 }
513
514static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
515 {
516 int initialised = ((ubsec_dso == NULL) ? 0 : 1);
517 switch(cmd)
518 {
519 case UBSEC_CMD_SO_PATH:
520 if(p == NULL)
521 {
522 UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
523 return 0;
524 }
525 if(initialised)
526 {
527 UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
528 return 0;
529 }
530 return set_UBSEC_LIBNAME((const char *)p);
531 default:
532 break;
533 }
534 UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
535 return 0;
536 }
537
538static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
539 const BIGNUM *m, BN_CTX *ctx)
540 {
541 int y_len = 0;
542 int fd;
543
544 if(ubsec_dso == NULL)
545 {
546 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
547 return 0;
548 }
549
550 /* Check if hardware can't handle this argument. */
551 y_len = BN_num_bits(m);
552 if (y_len > max_key_len) {
553 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
554 return BN_mod_exp(r, a, p, m, ctx);
555 }
556
557 if(!bn_wexpand(r, m->top))
558 {
559 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
560 return 0;
561 }
562 memset(r->d, 0, BN_num_bytes(m));
563
564 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
565 fd = 0;
566 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
567 return BN_mod_exp(r, a, p, m, ctx);
568 }
569
570 if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
571 (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d,
572 BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
573 {
574 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
575 p_UBSEC_ubsec_close(fd);
576
577 return BN_mod_exp(r, a, p, m, ctx);
578 }
579
580 p_UBSEC_ubsec_close(fd);
581
582 r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
583 return 1;
584 }
585
586#ifndef OPENSSL_NO_RSA
587static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
588 {
589 BN_CTX *ctx;
590 int to_return = 0;
591
592 if((ctx = BN_CTX_new()) == NULL)
593 goto err;
594
595 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
596 {
597 UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
598 goto err;
599 }
600
601 to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
602 rsa->dmq1, rsa->iqmp, ctx);
603 if (to_return == FAIL_TO_SOFTWARE)
604 {
605 /*
606 * Do in software as hardware failed.
607 */
608 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
609 to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
610 }
611err:
612 if(ctx)
613 BN_CTX_free(ctx);
614 return to_return;
615 }
616#endif
617
618static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
619 const BIGNUM *q, const BIGNUM *dp,
620 const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
621 {
622 int y_len,
623 m_len,
624 fd;
625
626 m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
627 y_len = BN_num_bits(p) + BN_num_bits(q);
628
629 /* Check if hardware can't handle this argument. */
630 if (y_len > max_key_len) {
631 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
632 return FAIL_TO_SOFTWARE;
633 }
634
635 if (!bn_wexpand(r, p->top + q->top + 1)) {
636 UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
637 return 0;
638 }
639
640 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
641 fd = 0;
642 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
643 return FAIL_TO_SOFTWARE;
644 }
645
646 if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
647 (unsigned char *)a->d, BN_num_bits(a),
648 (unsigned char *)qinv->d, BN_num_bits(qinv),
649 (unsigned char *)dp->d, BN_num_bits(dp),
650 (unsigned char *)p->d, BN_num_bits(p),
651 (unsigned char *)dq->d, BN_num_bits(dq),
652 (unsigned char *)q->d, BN_num_bits(q),
653 (unsigned char *)r->d, &y_len) != 0) {
654 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
655 p_UBSEC_ubsec_close(fd);
656 return FAIL_TO_SOFTWARE;
657 }
658
659 p_UBSEC_ubsec_close(fd);
660
661 r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
662 return 1;
663}
664
665#ifndef OPENSSL_NO_DSA
666#if NOT_USED
667static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
668 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
669 BN_CTX *ctx, BN_MONT_CTX *in_mont)
670 {
671 BIGNUM t;
672 int to_return = 0;
673
674 BN_init(&t);
675 /* let rr = a1 ^ p1 mod m */
676 if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
677 /* let t = a2 ^ p2 mod m */
678 if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
679 /* let rr = rr * t mod m */
680 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
681 to_return = 1;
682end:
683 BN_free(&t);
684 return to_return;
685 }
686
687static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
688 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
689 BN_MONT_CTX *m_ctx)
690 {
691 return ubsec_mod_exp(r, a, p, m, ctx);
692 }
693#endif
694#endif
695
696/*
697 * This function is aliased to mod_exp (with the mont stuff dropped).
698 */
699static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
700 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
701 {
702 int ret = 0;
703
704#ifndef OPENSSL_NO_RSA
705 /* Do in software if the key is too large for the hardware. */
706 if (BN_num_bits(m) > max_key_len)
707 {
708 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
709 ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
710 }
711 else
712#endif
713 {
714 ret = ubsec_mod_exp(r, a, p, m, ctx);
715 }
716
717 return ret;
718 }
719
720#ifndef OPENSSL_NO_DH
721/* This function is aliased to mod_exp (with the dh and mont dropped). */
722static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
723 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
724 BN_MONT_CTX *m_ctx)
725 {
726 return ubsec_mod_exp(r, a, p, m, ctx);
727 }
728#endif
729
730#ifndef OPENSSL_NO_DSA
731static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
732 {
733 DSA_SIG *to_return = NULL;
734 int s_len = 160, r_len = 160, d_len, fd;
735 BIGNUM m, *r=NULL, *s=NULL;
736
737 BN_init(&m);
738
739 s = BN_new();
740 r = BN_new();
741 if ((s == NULL) || (r==NULL))
742 goto err;
743
744 d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
745
746 if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
747 (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
748 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
749 goto err;
750 }
751
752 if (BN_bin2bn(dgst,dlen,&m) == NULL) {
753 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
754 goto err;
755 }
756
757 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
758 const DSA_METHOD *meth;
759 fd = 0;
760 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
761 meth = DSA_OpenSSL();
762 to_return = meth->dsa_do_sign(dgst, dlen, dsa);
763 goto err;
764 }
765
766 if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
767 (unsigned char *)dgst, d_len,
768 NULL, 0, /* compute random value */
769 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
770 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
771 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
772 (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
773 (unsigned char *)r->d, &r_len,
774 (unsigned char *)s->d, &s_len ) != 0) {
775 const DSA_METHOD *meth;
776
777 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
778 p_UBSEC_ubsec_close(fd);
779 meth = DSA_OpenSSL();
780 to_return = meth->dsa_do_sign(dgst, dlen, dsa);
781
782 goto err;
783 }
784
785 p_UBSEC_ubsec_close(fd);
786
787 r->top = (160+BN_BITS2-1)/BN_BITS2;
788 s->top = (160+BN_BITS2-1)/BN_BITS2;
789
790 to_return = DSA_SIG_new();
791 if(to_return == NULL) {
792 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
793 goto err;
794 }
795
796 to_return->r = r;
797 to_return->s = s;
798
799err:
800 if (!to_return) {
801 if (r) BN_free(r);
802 if (s) BN_free(s);
803 }
804 BN_clear_free(&m);
805 return to_return;
806}
807
808static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
809 DSA_SIG *sig, DSA *dsa)
810 {
811 int v_len, d_len;
812 int to_return = 0;
813 int fd;
814 BIGNUM v;
815
816 BN_init(&v);
817
818 if(!bn_wexpand(&v, dsa->p->top)) {
819 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
820 goto err;
821 }
822
823 v_len = BN_num_bits(dsa->p);
824
825 d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
826
827 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
828 const DSA_METHOD *meth;
829 fd = 0;
830 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
831 meth = DSA_OpenSSL();
832 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
833 goto err;
834 }
835
836 if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
837 (unsigned char *)dgst, d_len,
838 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
839 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
840 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
841 (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
842 (unsigned char *)sig->r->d, BN_num_bits(sig->r),
843 (unsigned char *)sig->s->d, BN_num_bits(sig->s),
844 (unsigned char *)v.d, &v_len) != 0) {
845 const DSA_METHOD *meth;
846 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
847 p_UBSEC_ubsec_close(fd);
848
849 meth = DSA_OpenSSL();
850 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
851
852 goto err;
853 }
854
855 p_UBSEC_ubsec_close(fd);
856
857 to_return = 1;
858err:
859 BN_clear_free(&v);
860 return to_return;
861 }
862#endif
863
864#ifndef OPENSSL_NO_DH
865static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
866 {
867 int ret = -1,
868 k_len,
869 fd;
870
871 k_len = BN_num_bits(dh->p);
872
873 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
874 {
875 const DH_METHOD *meth;
876 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
877 meth = DH_OpenSSL();
878 ret = meth->compute_key(key, pub_key, dh);
879 goto err;
880 }
881
882 if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
883 (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
884 (unsigned char *)pub_key->d, BN_num_bits(pub_key),
885 (unsigned char *)dh->p->d, BN_num_bits(dh->p),
886 key, &k_len) != 0)
887 {
888 /* Hardware's a no go, failover to software */
889 const DH_METHOD *meth;
890 ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
891 p_UBSEC_ubsec_close(fd);
892
893 meth = DH_OpenSSL();
894 ret = meth->compute_key(key, pub_key, dh);
895
896 goto err;
897 }
898
899 p_UBSEC_ubsec_close(fd);
900
901 ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
902err:
903 return ret;
904 }
905
906static int ubsec_dh_generate_key (DH *dh)
907 {
908 int ret = 0,
909 random_bits = 0,
910 pub_key_len = 0,
911 priv_key_len = 0,
912 fd;
913 BIGNUM *pub_key = NULL;
914 BIGNUM *priv_key = NULL;
915
916 /*
917 * How many bits should Random x be? dh_key.c
918 * sets the range from 0 to num_bits(modulus) ???
919 */
920
921 if (dh->priv_key == NULL)
922 {
923 priv_key = BN_new();
924 if (priv_key == NULL) goto err;
925 priv_key_len = BN_num_bits(dh->p);
926 bn_wexpand(priv_key, dh->p->top);
927 do
928 if (!BN_rand_range(priv_key, dh->p)) goto err;
929 while (BN_is_zero(priv_key));
930 random_bits = BN_num_bits(priv_key);
931 }
932 else
933 {
934 priv_key = dh->priv_key;
935 }
936
937 if (dh->pub_key == NULL)
938 {
939 pub_key = BN_new();
940 pub_key_len = BN_num_bits(dh->p);
941 bn_wexpand(pub_key, dh->p->top);
942 if(pub_key == NULL) goto err;
943 }
944 else
945 {
946 pub_key = dh->pub_key;
947 }
948
949 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
950 {
951 const DH_METHOD *meth;
952 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
953 meth = DH_OpenSSL();
954 ret = meth->generate_key(dh);
955 goto err;
956 }
957
958 if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
959 (unsigned char *)priv_key->d, &priv_key_len,
960 (unsigned char *)pub_key->d, &pub_key_len,
961 (unsigned char *)dh->g->d, BN_num_bits(dh->g),
962 (unsigned char *)dh->p->d, BN_num_bits(dh->p),
963 0, 0, random_bits) != 0)
964 {
965 /* Hardware's a no go, failover to software */
966 const DH_METHOD *meth;
967
968 ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
969 p_UBSEC_ubsec_close(fd);
970
971 meth = DH_OpenSSL();
972 ret = meth->generate_key(dh);
973
974 goto err;
975 }
976
977 p_UBSEC_ubsec_close(fd);
978
979 dh->pub_key = pub_key;
980 dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
981 dh->priv_key = priv_key;
982 dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
983
984 ret = 1;
985err:
986 return ret;
987 }
988#endif
989
990#if NOT_USED
991static int ubsec_rand_bytes(unsigned char * buf,
992 int num)
993 {
994 int ret = 0,
995 fd;
996
997 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
998 {
999 const RAND_METHOD *meth;
1000 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
1001 num = p_UBSEC_ubsec_bits_to_bytes(num);
1002 meth = RAND_SSLeay();
1003 meth->seed(buf, num);
1004 ret = meth->bytes(buf, num);
1005 goto err;
1006 }
1007
1008 num *= 8; /* bytes to bits */
1009
1010 if (p_UBSEC_rng_ioctl(fd,
1011 UBSEC_RNG_DIRECT,
1012 buf,
1013 &num) != 0)
1014 {
1015 /* Hardware's a no go, failover to software */
1016 const RAND_METHOD *meth;
1017
1018 ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
1019 p_UBSEC_ubsec_close(fd);
1020
1021 num = p_UBSEC_ubsec_bits_to_bytes(num);
1022 meth = RAND_SSLeay();
1023 meth->seed(buf, num);
1024 ret = meth->bytes(buf, num);
1025
1026 goto err;
1027 }
1028
1029 p_UBSEC_ubsec_close(fd);
1030
1031 ret = 1;
1032err:
1033 return(ret);
1034 }
1035
1036
1037static int ubsec_rand_status(void)
1038 {
1039 return 0;
1040 }
1041#endif
1042
1043/* This stuff is needed if this ENGINE is being compiled into a self-contained
1044 * shared-library. */
1045#ifdef ENGINE_DYNAMIC_SUPPORT
1046static int bind_fn(ENGINE *e, const char *id)
1047 {
1048 if(id && (strcmp(id, engine_ubsec_id) != 0))
1049 return 0;
1050 if(!bind_helper(e))
1051 return 0;
1052 return 1;
1053 }
1054IMPLEMENT_DYNAMIC_CHECK_FN()
1055IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1056#endif /* ENGINE_DYNAMIC_SUPPORT */
1057
1058#endif /* !OPENSSL_NO_HW_UBSEC */
1059#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.c b/src/lib/libcrypto/engine/hw_ubsec_err.c
new file mode 100644
index 0000000000..d707331fc2
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.c
@@ -0,0 +1,151 @@
1/* hw_ubsec_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_ubsec_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA UBSEC_str_functs[]=
68 {
69{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0), "UBSEC_CTRL"},
70{ERR_PACK(0,UBSEC_F_UBSEC_DH_COMPUTE_KEY,0), "UBSEC_DH_COMPUTE_KEY"},
71{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0), "UBSEC_DSA_SIGN"},
72{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0), "UBSEC_DSA_VERIFY"},
73{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0), "UBSEC_FINISH"},
74{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0), "UBSEC_INIT"},
75{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0), "UBSEC_MOD_EXP"},
76{ERR_PACK(0,UBSEC_F_UBSEC_RNG_BYTES,0), "UBSEC_RNG_BYTES"},
77{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0), "UBSEC_RSA_MOD_EXP"},
78{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0), "UBSEC_RSA_MOD_EXP_CRT"},
79{0,NULL}
80 };
81
82static ERR_STRING_DATA UBSEC_str_reasons[]=
83 {
84{UBSEC_R_ALREADY_LOADED ,"already loaded"},
85{UBSEC_R_BN_EXPAND_FAIL ,"bn expand fail"},
86{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
87{UBSEC_R_DSO_FAILURE ,"dso failure"},
88{UBSEC_R_MISSING_KEY_COMPONENTS ,"missing key components"},
89{UBSEC_R_NOT_LOADED ,"not loaded"},
90{UBSEC_R_REQUEST_FAILED ,"request failed"},
91{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
92{UBSEC_R_UNIT_FAILURE ,"unit failure"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef UBSEC_LIB_NAME
99static ERR_STRING_DATA UBSEC_lib_name[]=
100 {
101{0 ,UBSEC_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int UBSEC_lib_error_code=0;
108static int UBSEC_error_init=1;
109
110static void ERR_load_UBSEC_strings(void)
111 {
112 if (UBSEC_lib_error_code == 0)
113 UBSEC_lib_error_code=ERR_get_next_error_library();
114
115 if (UBSEC_error_init)
116 {
117 UBSEC_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
120 ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
121#endif
122
123#ifdef UBSEC_LIB_NAME
124 UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
125 ERR_load_strings(0,UBSEC_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_UBSEC_strings(void)
131 {
132 if (UBSEC_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
136 ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
137#endif
138
139#ifdef UBSEC_LIB_NAME
140 ERR_unload_strings(0,UBSEC_lib_name);
141#endif
142 UBSEC_error_init=1;
143 }
144 }
145
146static void ERR_UBSEC_error(int function, int reason, char *file, int line)
147 {
148 if (UBSEC_lib_error_code == 0)
149 UBSEC_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.h b/src/lib/libcrypto/engine/hw_ubsec_err.h
new file mode 100644
index 0000000000..023d3be771
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.h
@@ -0,0 +1,95 @@
1/* ====================================================================
2 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_UBSEC_ERR_H
56#define HEADER_UBSEC_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_UBSEC_strings(void);
63static void ERR_unload_UBSEC_strings(void);
64static void ERR_UBSEC_error(int function, int reason, char *file, int line);
65#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the UBSEC functions. */
68
69/* Function codes. */
70#define UBSEC_F_UBSEC_CTRL 100
71#define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
72#define UBSEC_F_UBSEC_DSA_SIGN 102
73#define UBSEC_F_UBSEC_DSA_VERIFY 103
74#define UBSEC_F_UBSEC_FINISH 104
75#define UBSEC_F_UBSEC_INIT 105
76#define UBSEC_F_UBSEC_MOD_EXP 106
77#define UBSEC_F_UBSEC_RNG_BYTES 107
78#define UBSEC_F_UBSEC_RSA_MOD_EXP 108
79#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
80
81/* Reason codes. */
82#define UBSEC_R_ALREADY_LOADED 100
83#define UBSEC_R_BN_EXPAND_FAIL 101
84#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
85#define UBSEC_R_DSO_FAILURE 103
86#define UBSEC_R_MISSING_KEY_COMPONENTS 104
87#define UBSEC_R_NOT_LOADED 105
88#define UBSEC_R_REQUEST_FAILED 106
89#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
90#define UBSEC_R_UNIT_FAILURE 108
91
92#ifdef __cplusplus
93}
94#endif
95#endif
diff --git a/src/lib/libcrypto/engine/vendor_defns/aep.h b/src/lib/libcrypto/engine/vendor_defns/aep.h
new file mode 100644
index 0000000000..2b2792d2d6
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/aep.h
@@ -0,0 +1,178 @@
1/* This header declares the necessary definitions for using the exponentiation
2 * acceleration capabilities, and rnd number generation of the AEP card.
3 *
4 */
5
6/*
7 *
8 * Some AEP defines
9 *
10 */
11
12/*Successful return value*/
13#define AEP_R_OK 0x00000000
14
15/*Miscelleanous unsuccessful return value*/
16#define AEP_R_GENERAL_ERROR 0x10000001
17
18/*Insufficient host memory*/
19#define AEP_R_HOST_MEMORY 0x10000002
20
21#define AEP_R_FUNCTION_FAILED 0x10000006
22
23/*Invalid arguments in function call*/
24#define AEP_R_ARGUMENTS_BAD 0x10020000
25
26#define AEP_R_NO_TARGET_RESOURCES 0x10030000
27
28/*Error occuring on socket operation*/
29#define AEP_R_SOCKERROR 0x10000010
30
31/*Socket has been closed from the other end*/
32#define AEP_R_SOCKEOF 0x10000011
33
34/*Invalid handles*/
35#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
36
37#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
38
39/*Transaction has not yet returned from accelerator*/
40#define AEP_R_TRANSACTION_NOT_READY 0x00010000
41
42/*There is already a thread waiting on this transaction*/
43#define AEP_R_TRANSACTION_CLAIMED 0x10050000
44
45/*The transaction timed out*/
46#define AEP_R_TIMED_OUT 0x10060000
47
48#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
49
50#define AEP_R_TARGET_ERROR 0x10080000
51
52/*Error in the AEP daemon process*/
53#define AEP_R_DAEMON_ERROR 0x10090000
54
55/*Invalid ctx id*/
56#define AEP_R_INVALID_CTX_ID 0x10009000
57
58#define AEP_R_NO_KEY_MANAGER 0x1000a000
59
60/*Error obtaining a mutex*/
61#define AEP_R_MUTEX_BAD 0x000001A0
62
63/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
64#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
65
66/*AEP_Initialise has already been called*/
67#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
68
69/*Maximum number of connections to daemon reached*/
70#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
71
72/*
73 *
74 * Some AEP Type definitions
75 *
76 */
77
78/* an unsigned 8-bit value */
79typedef unsigned char AEP_U8;
80
81/* an unsigned 8-bit character */
82typedef char AEP_CHAR;
83
84/* a BYTE-sized Boolean flag */
85typedef AEP_U8 AEP_BBOOL;
86
87/*Unsigned value, at least 16 bits long*/
88typedef unsigned short AEP_U16;
89
90/* an unsigned value, at least 32 bits long */
91#ifdef SIXTY_FOUR_BIT_LONG
92typedef unsigned int AEP_U32;
93#else
94typedef unsigned long AEP_U32;
95#endif
96
97#ifdef SIXTY_FOUR_BIT_LONG
98typedef unsigned long AEP_U64;
99#else
100typedef struct { unsigned long l1, l2; } AEP_U64;
101#endif
102
103/* at least 32 bits; each bit is a Boolean flag */
104typedef AEP_U32 AEP_FLAGS;
105
106typedef AEP_U8 *AEP_U8_PTR;
107typedef AEP_CHAR *AEP_CHAR_PTR;
108typedef AEP_U32 *AEP_U32_PTR;
109typedef AEP_U64 *AEP_U64_PTR;
110typedef void *AEP_VOID_PTR;
111
112/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
113typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
114
115/*Used to identify an AEP connection handle*/
116typedef AEP_U32 AEP_CONNECTION_HNDL;
117
118/*Pointer to an AEP connection handle*/
119typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
120
121/*Used by an application (in conjunction with the apps process id) to
122identify an individual transaction*/
123typedef AEP_U32 AEP_TRANSACTION_ID;
124
125/*Pointer to an applications transaction identifier*/
126typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
127
128/*Return value type*/
129typedef AEP_U32 AEP_RV;
130
131#define MAX_PROCESS_CONNECTIONS 256
132
133#define RAND_BLK_SIZE 1024
134
135typedef enum{
136 NotConnected= 0,
137 Connected= 1,
138 InUse= 2
139} AEP_CONNECTION_STATE;
140
141
142typedef struct AEP_CONNECTION_ENTRY{
143 AEP_CONNECTION_STATE conn_state;
144 AEP_CONNECTION_HNDL conn_hndl;
145} AEP_CONNECTION_ENTRY;
146
147
148typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
149typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
150
151typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
152 AEP_VOID_PTR pA, AEP_VOID_PTR pP,
153 AEP_VOID_PTR pN,
154 AEP_VOID_PTR pResult,
155 AEP_TRANSACTION_ID* pidTransID);
156
157typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
158 AEP_VOID_PTR pA, AEP_VOID_PTR pP,
159 AEP_VOID_PTR pQ,
160 AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
161 AEP_VOID_PTR pIqmp,
162 AEP_VOID_PTR pResult,
163 AEP_TRANSACTION_ID* pidTransID);
164
165#ifdef AEPRAND
166typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
167 AEP_U32 Len,
168 AEP_U32 Type,
169 AEP_VOID_PTR pResult,
170 AEP_TRANSACTION_ID* pidTransID);
171#endif
172
173typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
174typedef AEP_RV t_AEP_Finalize();
175typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(),
176 AEP_RV (*MakeAEPBigNumFunc)(),
177 AEP_RV (*ConverAEPBigNumFunc)());
178
diff --git a/src/lib/libcrypto/engine/vendor_defns/atalla.h b/src/lib/libcrypto/engine/vendor_defns/atalla.h
new file mode 100644
index 0000000000..149970d441
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/atalla.h
@@ -0,0 +1,48 @@
1/* This header declares the necessary definitions for using the exponentiation
2 * acceleration capabilities of Atalla cards. The only cryptographic operation
3 * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
4 * defines an "RSA private key". However, it is really only performing a
5 * regular mod_exp using the supplied modulus and exponent - no CRT form is
6 * being used. Hence, it is a generic mod_exp function in disguise, and we use
7 * it as such.
8 *
9 * Thanks to the people at Atalla for letting me know these definitions are
10 * fine and that they can be reproduced here.
11 *
12 * Geoff.
13 */
14
15typedef struct ItemStr
16 {
17 unsigned char *data;
18 int len;
19 } Item;
20
21typedef struct RSAPrivateKeyStr
22 {
23 void *reserved;
24 Item version;
25 Item modulus;
26 Item publicExponent;
27 Item privateExponent;
28 Item prime[2];
29 Item exponent[2];
30 Item coefficient;
31 } RSAPrivateKey;
32
33/* Predeclare the function pointer types that we dynamically load from the DSO.
34 * These use the same names and form that Ben's original support code had (in
35 * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
36 * somewhere along the way!
37 */
38
39typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
40 unsigned int *ret_buf);
41
42typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
43
44typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
45 unsigned char *output,
46 unsigned char *input,
47 unsigned int modulus_len);
48
diff --git a/src/lib/libcrypto/engine/vendor_defns/cswift.h b/src/lib/libcrypto/engine/vendor_defns/cswift.h
new file mode 100644
index 0000000000..60079326bb
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/cswift.h
@@ -0,0 +1,234 @@
1/* Attribution notice: Rainbow have generously allowed me to reproduce
2 * the necessary definitions here from their API. This means the support
3 * can build independently of whether application builders have the
4 * API or hardware. This will allow developers to easily produce software
5 * that has latent hardware support for any users that have accelertors
6 * installed, without the developers themselves needing anything extra.
7 *
8 * I have only clipped the parts from the CryptoSwift header files that
9 * are (or seem) relevant to the CryptoSwift support code. This is
10 * simply to keep the file sizes reasonable.
11 * [Geoff]
12 */
13
14
15/* NB: These type widths do *not* seem right in general, in particular
16 * they're not terribly friendly to 64-bit architectures (unsigned long)
17 * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
18 * agree with Rainbow's API and this will only be called into question
19 * on platforms with Rainbow support anyway! ;-) */
20
21#ifdef __cplusplus
22extern "C" {
23#endif /* __cplusplus */
24
25typedef long SW_STATUS; /* status */
26typedef unsigned char SW_BYTE; /* 8 bit byte */
27typedef unsigned short SW_U16; /* 16 bit number */
28#if defined(_IRIX)
29#include <sgidefs.h>
30typedef __uint32_t SW_U32;
31#else
32typedef unsigned long SW_U32; /* 32 bit integer */
33#endif
34
35#if defined(OPENSSL_SYS_WIN32)
36 typedef struct _SW_U64 {
37 SW_U32 low32;
38 SW_U32 high32;
39 } SW_U64; /* 64 bit integer */
40#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
41 typedef longlong SW_U64
42#else /* Unix variants */
43 typedef struct _SW_U64 {
44 SW_U32 low32;
45 SW_U32 high32;
46 } SW_U64; /* 64 bit integer */
47#endif
48
49/* status codes */
50#define SW_OK (0L)
51#define SW_ERR_BASE (-10000L)
52#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
53#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
54 /* up yet */
55#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
56 /* time out */
57#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
58 /* execute the command */
59#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
60 /* NULL */
61#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
62 /* small, too large. */
63#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
64 /* handle */
65#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
66 /* standing at this */
67 /* context handle */
68#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
69#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */
70#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */
71#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */
72 /* in SW_PARAM structure */
73#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */
74 /* context. */
75 /* swAttachKeyParam() is */
76 /* not called. */
77#define SW_ERR_KEY_CMD_MISMATCH \
78 (SW_ERR_BASE-14)/* Cannot perform requested */
79 /* SW_COMMAND_CODE since */
80 /* key attached via */
81 /* swAttachKeyParam() */
82 /* cannot be used for this*/
83 /* SW_COMMAND_CODE. */
84#define SW_ERR_NOT_IMPLEMENTED \
85 (SW_ERR_BASE-15)/* Not implemented */
86#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */
87#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */
88 /* the "initems" or */
89 /* "outitems". */
90#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */
91#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */
92 /* test fail, look at the */
93 /* selfTestBitmap in */
94 /* SW_ACCELERATOR_INFO for*/
95 /* details. */
96#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/
97 /* key materials aligned */
98 /* in certain order, e.g. */
99 /* 128 bit for CRT */
100#define SW_ERR_OUTPUT_NULL_PTR \
101 (SW_ERR_BASE-21)/* a required pointer is */
102 /* NULL */
103#define SW_ERR_OUTPUT_SIZE \
104 (SW_ERR_BASE-22)/* size is invalid, too */
105 /* small, too large. */
106#define SW_ERR_FIRMWARE_CHECKSUM \
107 (SW_ERR_BASE-23)/* firmware checksum mismatch*/
108 /* download failed. */
109#define SW_ERR_UNKNOWN_FIRMWARE \
110 (SW_ERR_BASE-24)/* unknown firmware error */
111#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */
112 /* it's waiting to be */
113 /* completed. */
114#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */
115 /* volatile memory */
116#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */
117 /* writing to NV memory */
118#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */
119 /* failure */
120#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
121#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */
122 /* calculations */
123#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */
124 /* board memory */
125#define SW_ERR_FIRMWARE_VERSION \
126 (SW_ERR_BASE-32)/* Wrong version in firmware */
127 /* update */
128#define SW_ERR_ZERO_WORKING_ACCELERATOR \
129 (SW_ERR_BASE-44)/* All accelerators are bad */
130
131
132 /* algorithm type */
133#define SW_ALG_CRT 1
134#define SW_ALG_EXP 2
135#define SW_ALG_DSA 3
136#define SW_ALG_NVDATA 4
137
138 /* command code */
139#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
140 /* Chinese Remainder Theorem (CRT) */
141#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
142#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
143#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
144#define SW_CMD_RAND 5 /* perform random number generation */
145#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
146#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
147
148typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
149typedef SW_U32 SW_STATE; /* state */
150typedef SW_U32 SW_COMMAND_CODE; /* command code */
151typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
152
153typedef struct _SW_LARGENUMBER {
154 SW_U32 nbytes; /* number of bytes in the buffer "value" */
155 SW_BYTE* value; /* the large integer as a string of */
156 /* bytes in network (big endian) order */
157} SW_LARGENUMBER;
158
159#if defined(OPENSSL_SYS_WIN32)
160 #include <windows.h>
161 typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
162 #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
163 #define SW_CALLCONV _stdcall
164#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
165 /* async callback mechanisms */
166 /* swiftCallbackLevel */
167 #define SW_MAC_CALLBACK_LEVEL_NO 0
168 #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */
169 #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */
170 typedef int SW_MAC_CALLBACK_LEVEL;
171 typedef int SW_OSHANDLE;
172 #define SW_OS_INVALID_HANDLE (-1)
173 #define SW_CALLCONV
174#else /* Unix variants */
175 typedef int SW_OSHANDLE; /* handle to driver */
176 #define SW_OS_INVALID_HANDLE (-1)
177 #define SW_CALLCONV
178#endif
179
180typedef struct _SW_CRT {
181 SW_LARGENUMBER p; /* prime number p */
182 SW_LARGENUMBER q; /* prime number q */
183 SW_LARGENUMBER dmp1; /* exponent1 */
184 SW_LARGENUMBER dmq1; /* exponent2 */
185 SW_LARGENUMBER iqmp; /* CRT coefficient */
186} SW_CRT;
187
188typedef struct _SW_EXP {
189 SW_LARGENUMBER modulus; /* modulus */
190 SW_LARGENUMBER exponent;/* exponent */
191} SW_EXP;
192
193typedef struct _SW_DSA {
194 SW_LARGENUMBER p; /* */
195 SW_LARGENUMBER q; /* */
196 SW_LARGENUMBER g; /* */
197 SW_LARGENUMBER key; /* private/public key */
198} SW_DSA;
199
200typedef struct _SW_NVDATA {
201 SW_U32 accnum; /* accelerator board number */
202 SW_U32 offset; /* offset in byte */
203} SW_NVDATA;
204
205typedef struct _SW_PARAM {
206 SW_ALGTYPE type; /* type of the alogrithm */
207 union {
208 SW_CRT crt;
209 SW_EXP exp;
210 SW_DSA dsa;
211 SW_NVDATA nvdata;
212 } up;
213} SW_PARAM;
214
215typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
216
217
218/* Now the OpenSSL bits, these function types are the for the function
219 * pointers that will bound into the Rainbow shared libraries. */
220typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
221typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
222 SW_PARAM *key_params);
223typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
224 SW_COMMAND_CODE cmd,
225 SW_LARGENUMBER pin[],
226 SW_U32 pin_count,
227 SW_LARGENUMBER pout[],
228 SW_U32 pout_count);
229typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
230
231#ifdef __cplusplus
232}
233#endif /* __cplusplus */
234
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
new file mode 100644
index 0000000000..296636e81a
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
@@ -0,0 +1,149 @@
1/**********************************************************************/
2/* */
3/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
4/* */
5/* Maurice Gittens <maurice@gittens.nl> */
6/* */
7/**********************************************************************/
8
9#ifndef __HW_4758_CCA__
10#define __HW_4758_CCA__
11
12/*
13 * Only WIN32 support for now
14 */
15#if defined(WIN32)
16
17 #define CCA_LIB_NAME "CSUNSAPI"
18
19 #define CSNDPKX "CSNDPKX_32"
20 #define CSNDKRR "CSNDKRR_32"
21 #define CSNDPKE "CSNDPKE_32"
22 #define CSNDPKD "CSNDPKD_32"
23 #define CSNDDSV "CSNDDSV_32"
24 #define CSNDDSG "CSNDDSG_32"
25 #define CSNBRNG "CSNBRNG_32"
26
27 #define SECURITYAPI __stdcall
28#else
29 /* Fixme!!
30 Find out the values of these constants for other platforms.
31 */
32 #define CCA_LIB_NAME "CSUNSAPI"
33
34 #define CSNDPKX "CSNDPKX"
35 #define CSNDKRR "CSNDKRR"
36 #define CSNDPKE "CSNDPKE"
37 #define CSNDPKD "CSNDPKD"
38 #define CSNDDSV "CSNDDSV"
39 #define CSNDDSG "CSNDDSG"
40 #define CSNBRNG "CSNBRNG"
41
42 #define SECURITYAPI
43#endif
44
45/*
46 * security API prototypes
47 */
48
49/* PKA Key Record Read */
50typedef void (SECURITYAPI *F_KEYRECORDREAD)
51 (long * return_code,
52 long * reason_code,
53 long * exit_data_length,
54 unsigned char * exit_data,
55 long * rule_array_count,
56 unsigned char * rule_array,
57 unsigned char * key_label,
58 long * key_token_length,
59 unsigned char * key_token);
60
61/* Random Number Generate */
62typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
63 (long * return_code,
64 long * reason_code,
65 long * exit_data_length,
66 unsigned char * exit_data,
67 unsigned char * form,
68 unsigned char * random_number);
69
70/* Digital Signature Generate */
71typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
72 (long * return_code,
73 long * reason_code,
74 long * exit_data_length,
75 unsigned char * exit_data,
76 long * rule_array_count,
77 unsigned char * rule_array,
78 long * PKA_private_key_id_length,
79 unsigned char * PKA_private_key_id,
80 long * hash_length,
81 unsigned char * hash,
82 long * signature_field_length,
83 long * signature_bit_length,
84 unsigned char * signature_field);
85
86/* Digital Signature Verify */
87typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
88 long * return_code,
89 long * reason_code,
90 long * exit_data_length,
91 unsigned char * exit_data,
92 long * rule_array_count,
93 unsigned char * rule_array,
94 long * PKA_public_key_id_length,
95 unsigned char * PKA_public_key_id,
96 long * hash_length,
97 unsigned char * hash,
98 long * signature_field_length,
99 unsigned char * signature_field);
100
101/* PKA Public Key Extract */
102typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
103 long * return_code,
104 long * reason_code,
105 long * exit_data_length,
106 unsigned char * exit_data,
107 long * rule_array_count,
108 unsigned char * rule_array,
109 long * source_key_identifier_length,
110 unsigned char * source_key_identifier,
111 long * target_key_token_length,
112 unsigned char * target_key_token);
113
114/* PKA Encrypt */
115typedef void (SECURITYAPI *F_PKAENCRYPT)
116 (long * return_code,
117 long * reason_code,
118 long * exit_data_length,
119 unsigned char * exit_data,
120 long * rule_array_count,
121 unsigned char * rule_array,
122 long * key_value_length,
123 unsigned char * key_value,
124 long * data_struct_length,
125 unsigned char * data_struct,
126 long * RSA_public_key_length,
127 unsigned char * RSA_public_key,
128 long * RSA_encipher_length,
129 unsigned char * RSA_encipher );
130
131/* PKA Decrypt */
132typedef void (SECURITYAPI *F_PKADECRYPT)
133 (long * return_code,
134 long * reason_code,
135 long * exit_data_length,
136 unsigned char * exit_data,
137 long * rule_array_count,
138 unsigned char * rule_array,
139 long * enciphered_key_length,
140 unsigned char * enciphered_key,
141 long * data_struct_length,
142 unsigned char * data_struct,
143 long * RSA_private_key_length,
144 unsigned char * RSA_private_key,
145 long * key_value_length,
146 unsigned char * key_value );
147
148
149#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-06 17:08:41 +0000