From d4fcd82bb7f6d603bd61e19a81ba97337b89dfca Mon Sep 17 00:00:00 2001 From: markus <> Date: Mon, 12 May 2003 02:18:40 +0000 Subject: merge 0.9.7b with local changes; crank majors for libssl/libcrypto --- src/lib/libcrypto/engine/Makefile.ssl | 64 ++++++++++----------------- src/lib/libcrypto/engine/eng_all.c | 18 +++----- src/lib/libcrypto/engine/eng_err.c | 3 +- src/lib/libcrypto/engine/eng_fat.c | 8 ++-- src/lib/libcrypto/engine/eng_list.c | 33 +++++++++----- src/lib/libcrypto/engine/eng_openssl.c | 18 +++++++- src/lib/libcrypto/engine/engine.h | 13 ++++-- src/lib/libcrypto/engine/enginetest.c | 11 ++++- src/lib/libcrypto/engine/hw_4758_cca.c | 6 ++- src/lib/libcrypto/engine/hw_atalla.c | 2 + src/lib/libcrypto/engine/hw_cryptodev.c | 43 ++++++++++++++---- src/lib/libcrypto/engine/hw_cswift.c | 73 +++++++++++++++++++++++++++++++ src/lib/libcrypto/engine/hw_ncipher.c | 68 +++++++++++++++++++++++----- src/lib/libcrypto/engine/hw_ncipher_err.c | 3 +- src/lib/libcrypto/engine/hw_ncipher_err.h | 1 + src/lib/libcrypto/engine/hw_nuron.c | 2 + src/lib/libcrypto/engine/hw_ubsec.c | 2 + src/lib/libcrypto/engine/tb_cipher.c | 4 +- src/lib/libcrypto/engine/tb_dh.c | 4 +- src/lib/libcrypto/engine/tb_digest.c | 4 +- src/lib/libcrypto/engine/tb_dsa.c | 4 +- src/lib/libcrypto/engine/tb_rand.c | 4 +- src/lib/libcrypto/engine/tb_rsa.c | 4 +- 23 files changed, 281 insertions(+), 111 deletions(-) (limited to 'src/lib/libcrypto/engine') diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl index 8bc8985e02..30a4446ff9 100644 --- a/src/lib/libcrypto/engine/Makefile.ssl +++ b/src/lib/libcrypto/engine/Makefile.ssl @@ -50,7 +50,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: @@ -82,7 +82,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -304,6 +304,27 @@ hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h hw_atalla.o: vendor_defns/atalla.h +hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h +hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +hw_cryptodev.o: ../../include/openssl/objects.h +hw_cryptodev.o: ../../include/openssl/opensslconf.h +hw_cryptodev.o: ../../include/openssl/opensslv.h +hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -354,45 +375,6 @@ hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h -hw_cryptodev.o: ../../include/openssl/aes.h -hw_cryptodev.o: ../../include/openssl/asn1.h -hw_cryptodev.o: ../../include/openssl/bio.h -hw_cryptodev.o: ../../include/openssl/blowfish.h -hw_cryptodev.o: ../../include/openssl/bn.h -hw_cryptodev.o: ../../include/openssl/cast.h -hw_cryptodev.o: ../../include/openssl/conf.h -hw_cryptodev.o: ../../include/openssl/crypto.h -hw_cryptodev.o: ../../include/openssl/des.h -hw_cryptodev.o: ../../include/openssl/des_old.h -hw_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_cryptodev.o: ../../include/openssl/e_os2.h -hw_cryptodev.o: ../../include/openssl/engine.h -hw_cryptodev.o: ../../include/openssl/err.h -hw_cryptodev.o: ../../include/openssl/evp.h -hw_cryptodev.o: ../../include/openssl/idea.h -hw_cryptodev.o: ../../include/openssl/lhash.h -hw_cryptodev.o: ../../include/openssl/md2.h -hw_cryptodev.o: ../../include/openssl/md4.h -hw_cryptodev.o: ../../include/openssl/md5.h -hw_cryptodev.o: ../../include/openssl/mdc2.h -hw_cryptodev.o: ../../include/openssl/obj_mac.h -hw_cryptodev.o: ../../include/openssl/objects.h -hw_cryptodev.o: ../../include/openssl/opensslconf.h -hw_cryptodev.o: ../../include/openssl/opensslv.h -hw_cryptodev.o: ../../include/openssl/ossl_typ.h -hw_cryptodev.o: ../../include/openssl/rand.h -hw_cryptodev.o: ../../include/openssl/rc2.h -hw_cryptodev.o: ../../include/openssl/rc4.h -hw_cryptodev.o: ../../include/openssl/rc5.h -hw_cryptodev.o: ../../include/openssl/ripemd.h -hw_cryptodev.o: ../../include/openssl/rsa.h -hw_cryptodev.o: ../../include/openssl/safestack.h -hw_cryptodev.o: ../../include/openssl/sha.h -hw_cryptodev.o: ../../include/openssl/stack.h -hw_cryptodev.o: ../../include/openssl/symhacks.h -hw_cryptodev.o: ../../include/openssl/ui.h -hw_cryptodev.o: ../../include/openssl/ui_compat.h ../evp/evp_locl.h -hw_cryptodev.o: eng_int.h hw_cryptodev.c hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c index bc50465422..0f6992a40d 100644 --- a/src/lib/libcrypto/engine/eng_all.c +++ b/src/lib/libcrypto/engine/eng_all.c @@ -60,10 +60,6 @@ #include #include "eng_int.h" -#ifdef __OpenBSD__ -static int openbsd_default_loaded = 0; -#endif - void ENGINE_load_builtin_engines(void) { /* There's no longer any need for an "openssl" ENGINE unless, one day, @@ -99,21 +95,19 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_4758_CCA ENGINE_load_4758cca(); #endif -#ifdef OPENSSL_OPENBSD_DEV_CRYPTO - ENGINE_load_openbsd_dev_crypto(); -#endif -#ifdef __OpenBSD__ +#if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif #endif } -#ifdef __OpenBSD__ -void ENGINE_setup_openbsd(void) { - if (!openbsd_default_loaded) { +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void) { + static int bsd_cryptodev_default_loaded = 0; + if (!bsd_cryptodev_default_loaded) { ENGINE_load_cryptodev(); ENGINE_register_all_complete(); } - openbsd_default_loaded=1; + bsd_cryptodev_default_loaded=1; } #endif diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c index f6c5630395..814d95ee32 100644 --- a/src/lib/libcrypto/engine/eng_err.c +++ b/src/lib/libcrypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,6 +96,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, {ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, +{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"}, {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, {ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c index f7edb5ad32..0d7dae00b2 100644 --- a/src/lib/libcrypto/engine/eng_fat.c +++ b/src/lib/libcrypto/engine/eng_fat.c @@ -66,18 +66,18 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) return 0; #ifndef OPENSSL_NO_RSA - if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e)) + if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) return 0; #endif #ifndef OPENSSL_NO_DSA - if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e)) + if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) return 0; #endif #ifndef OPENSSL_NO_DH - if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) + if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif - if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) + if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; return 1; } diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c index 0c220558e7..1cc3217f4c 100644 --- a/src/lib/libcrypto/engine/eng_list.c +++ b/src/lib/libcrypto/engine/eng_list.c @@ -191,14 +191,14 @@ ENGINE *ENGINE_get_first(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = engine_list_head; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -206,14 +206,14 @@ ENGINE *ENGINE_get_last(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - ret = engine_list_tail; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ret = engine_list_tail; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -227,7 +227,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->next; if(ret) { @@ -235,7 +235,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -250,7 +250,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->prev; if(ret) { @@ -258,7 +258,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -346,7 +346,7 @@ ENGINE *ENGINE_by_id(const char *id) ERR_R_PASSED_NULL_PARAMETER); return NULL; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); iterator = engine_list_head; while(iterator && (strcmp(id, iterator->id) != 0)) iterator = iterator->next; @@ -372,7 +372,7 @@ ENGINE *ENGINE_by_id(const char *id) engine_ref_debug(iterator, 0, 1) } } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); if(iterator == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, @@ -381,3 +381,14 @@ ENGINE *ENGINE_by_id(const char *id) } return iterator; } + +int ENGINE_up_ref(ENGINE *e) + { + if (e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE); + return 1; + } diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c index e9d976f46b..54579eea2e 100644 --- a/src/lib/libcrypto/engine/eng_openssl.c +++ b/src/lib/libcrypto/engine/eng_openssl.c @@ -63,6 +63,7 @@ #include #include #include +#include /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no @@ -78,6 +79,21 @@ /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ +/* Now check what of those algorithms are actually enabled */ +#ifdef OPENSSL_NO_RC4 +#undef TEST_ENG_OPENSSL_RC4 +#undef TEST_ENG_OPENSSL_RC4_OTHERS +#undef TEST_ENG_OPENSSL_RC4_P_INIT +#undef TEST_ENG_OPENSSL_RC4_P_CIPHER +#endif +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) +#undef TEST_ENG_OPENSSL_SHA +#undef TEST_ENG_OPENSSL_SHA_OTHERS +#undef TEST_ENG_OPENSSL_SHA_P_INIT +#undef TEST_ENG_OPENSSL_SHA_P_UPDATE +#undef TEST_ENG_OPENSSL_SHA_P_FINAL +#endif + #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); @@ -180,7 +196,6 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) * the "init_key" handler is called. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. */ -#include #include #define TEST_RC4_KEY_SIZE 16 static int test_cipher_nids[] = {NID_rc4,NID_rc4_40}; @@ -265,7 +280,6 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, #ifdef TEST_ENG_OPENSSL_SHA /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -#include #include static int test_digest_nids[] = {NID_sha1}; static int test_digest_nids_number = 1; diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index fd17ff616d..8686879e1a 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h @@ -59,6 +59,12 @@ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H +#include + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + #include #include #ifndef OPENSSL_NO_RSA @@ -307,11 +313,8 @@ void ENGINE_load_ubsec(void); void ENGINE_load_aep(void); void ENGINE_load_sureware(void); void ENGINE_load_4758cca(void); -void ENGINE_load_openbsd_dev_crypto(void); -void ENGINE_load_builtin_engines(void); -#ifdef __OpenBSD__ void ENGINE_load_cryptodev(void); -#endif +void ENGINE_load_builtin_engines(void); /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ @@ -409,6 +412,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * compatibility! */ ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); @@ -665,6 +669,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_TABLE_REGISTER 184 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UP_REF 190 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_INT_ENGINE_CONFIGURE 188 #define ENGINE_F_LOG_MESSAGE 141 diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c index 87fa8c57b7..c2d0297392 100644 --- a/src/lib/libcrypto/engine/enginetest.c +++ b/src/lib/libcrypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include #include #include + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include #include #include #include @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c index 6d41b9ed2a..4f5ae8a46d 100644 --- a/src/lib/libcrypto/engine/hw_4758_cca.c +++ b/src/lib/libcrypto/engine/hw_4758_cca.c @@ -223,6 +223,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_4758_cca(void) { ENGINE *ret = ENGINE_new(); @@ -244,6 +245,7 @@ void ENGINE_load_4758cca(void) ENGINE_free(e_4758); ERR_clear_error(); } +#endif static int ibm_4758_cca_destroy(ENGINE *e) { @@ -715,7 +717,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, if (type == NID_sha1 || type == NID_md5) { - memset(hashBuffer, 0, keyLength+1); + OPENSSL_cleanse(hashBuffer, keyLength+1); OPENSSL_free(hashBuffer); } @@ -838,7 +840,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, if (type == NID_sha1 || type == NID_md5) { - memset(hashBuffer, 0, keyLength+1); + OPENSSL_cleanse(hashBuffer, keyLength+1); OPENSSL_free(hashBuffer); } diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c index 6151c46902..e9eff9fad1 100644 --- a/src/lib/libcrypto/engine/hw_atalla.c +++ b/src/lib/libcrypto/engine/hw_atalla.c @@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_atalla(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +265,7 @@ void ENGINE_load_atalla(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the Atalla library. NB: This is only set (or unset) during an diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index 034c7ca213..139119b80c 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c @@ -29,8 +29,32 @@ * */ -#include +#include +#include +#include + +#if (defined(__unix__) || defined(unix)) && !defined(USG) #include +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) +# define HAVE_CRYPTODEV +# endif +# if (OpenBSD >= 200110) +# define HAVE_SYSLOG_R +# endif +#endif + +#ifndef HAVE_CRYPTODEV + +void +ENGINE_load_cryptodev(void) +{ + /* This is a NOP on platforms without /dev/crypto */ + return; +} + +#else + +#include #include #include #include @@ -39,9 +63,6 @@ #include #include #include -#include -#include -#include #include #include @@ -101,10 +122,6 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void ENGINE_load_cryptodev(void); static const ENGINE_CMD_DEFN cryptodev_defns[] = { - {ENGINE_CMD_BASE, - "SO_PATH", - "Specifies the path to the some stupid shared library", - ENGINE_CMD_FLAG_STRING}, { 0, NULL, NULL, 0 } }; @@ -1011,12 +1028,18 @@ static DH_METHOD cryptodev_dh = { static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) { +#ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; +#endif switch (cmd) { default: +#ifdef HAVE_SYSLOG_R syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); +#else + syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +#endif break; } return (1); @@ -1043,7 +1066,7 @@ ENGINE_load_cryptodev(void) close(fd); if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || !ENGINE_set_digests(engine, cryptodev_engine_digests) || !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || @@ -1104,3 +1127,5 @@ ENGINE_load_cryptodev(void) ENGINE_free(engine); ERR_clear_error(); } + +#endif /* HAVE_CRYPTODEV */ diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c index f5c897bdbb..f128ee5a68 100644 --- a/src/lib/libcrypto/engine/hw_cswift.c +++ b/src/lib/libcrypto/engine/hw_cswift.c @@ -121,6 +121,10 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); #endif +/* RAND stuff */ +static int cswift_rand_bytes(unsigned char *buf, int num); +static int cswift_rand_status(void); + /* The definitions for control commands specific to this engine */ #define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE static const ENGINE_CMD_DEFN cswift_cmd_defns[] = { @@ -183,6 +187,18 @@ static DH_METHOD cswift_dh = }; #endif +static RAND_METHOD cswift_random = + { + /* "CryptoSwift RAND method", */ + NULL, + cswift_rand_bytes, + NULL, + NULL, + cswift_rand_bytes, + cswift_rand_status, + }; + + /* Constants used when creating the ENGINE */ static const char *engine_cswift_id = "cswift"; static const char *engine_cswift_name = "CryptoSwift hardware engine support"; @@ -208,6 +224,7 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &cswift_dh) || #endif + !ENGINE_set_RAND(e, &cswift_random) || !ENGINE_set_destroy_function(e, cswift_destroy) || !ENGINE_set_init_function(e, cswift_init) || !ENGINE_set_finish_function(e, cswift_finish) || @@ -242,6 +259,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_cswift(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +282,7 @@ void ENGINE_load_cswift(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the CryptoSwift library. NB: This is only set (or unset) during an @@ -905,6 +924,60 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, } #endif +/* Random bytes are good */ +static int cswift_rand_bytes(unsigned char *buf, int num) +{ + SW_CONTEXT_HANDLE hac; + SW_STATUS swrc; + SW_LARGENUMBER largenum; + size_t nbytes = 0; + int acquired = 0; + int to_return = 0; /* assume failure */ + + if (!get_context(&hac)) + { + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE); + goto err; + } + acquired = 1; + + while (nbytes < (size_t)num) + { + /* tell CryptoSwift how many bytes we want and where we want it. + * Note: - CryptoSwift cannot do more than 4096 bytes at a time. + * - CryptoSwift can only do multiple of 32-bits. */ + largenum.value = (SW_BYTE *) buf + nbytes; + if (4096 > num - nbytes) + largenum.nbytes = num - nbytes; + else + largenum.nbytes = 4096; + + swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); + if (swrc != SW_OK) + { + char tmpbuf[20]; + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED); + sprintf(tmpbuf, "%ld", swrc); + ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); + goto err; + } + + nbytes += largenum.nbytes; + } + to_return = 1; /* success */ + +err: + if (acquired) + release_context(hac); + return to_return; +} + +static int cswift_rand_status(void) +{ + return 1; +} + + /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ #ifdef ENGINE_DYNAMIC_SUPPORT diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c index a43d4360f2..0d1c6b8df0 100644 --- a/src/lib/libcrypto/engine/hw_ncipher.c +++ b/src/lib/libcrypto/engine/hw_ncipher.c @@ -91,11 +91,19 @@ static int hwcrhk_init(ENGINE *e); static int hwcrhk_finish(ENGINE *e); static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -/* Functions to handle mutexes */ +/* Functions to handle mutexes if have dynamic locks */ static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*); static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*); static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); +#if 1 /* This is a HACK which will disappear in 0.9.8 */ +/* Functions to handle mutexes if only have static locks */ +static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m, + HWCryptoHook_CallerContext *c); +static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m); +static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m); +static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m); +#endif /* BIGNUM stuff */ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -373,6 +381,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_ncipher(void) { ENGINE *ret = ENGINE_new(); @@ -395,6 +404,7 @@ void ENGINE_load_chil(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the HWCryptoHook library. NB: This is only set (or unset) during an @@ -558,15 +568,31 @@ static int hwcrhk_init(ENGINE *e) /* Check if the application decided to support dynamic locks, and if it does, use them. */ - if (disable_mutex_callbacks == 0 && - CRYPTO_get_dynlock_create_callback() != NULL && - CRYPTO_get_dynlock_lock_callback() != NULL && - CRYPTO_get_dynlock_destroy_callback() != NULL) + if (disable_mutex_callbacks == 0) { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; + if (CRYPTO_get_dynlock_create_callback() != NULL && + CRYPTO_get_dynlock_lock_callback() != NULL && + CRYPTO_get_dynlock_destroy_callback() != NULL) + { + hwcrhk_globals.mutex_init = hwcrhk_mutex_init; + hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; + hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; + hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; + } + else if (CRYPTO_get_locking_callback() != NULL) + { + HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING); + ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()"); +#if 1 /* This is a HACK which will disappear in 0.9.8 */ + hwcrhk_globals.maxmutexes = 1; /* Only have one lock */ + hwcrhk_globals.mutex_init = hwcrhk_static_mutex_init; + hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock; + hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock; + hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy; +#else + goto err; +#endif + } } /* Try and get a context - if not, we may have a DSO but no @@ -1020,7 +1046,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) /* Perform the operation */ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, - m_dmp1, m_dmq1, m_iqmp, &m_r, NULL); + m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); @@ -1171,6 +1197,26 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt) CRYPTO_destroy_dynlockid(mt->lockid); } +/* Mutex upcalls to use if the application does not support dynamic locks */ + +static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m, + HWCryptoHook_CallerContext *c) + { + return 0; + } +static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m) + { + CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK); + return 0; + } +static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m) + { + CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK); + } +static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m) + { + } + static int hwcrhk_get_pass(const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext *ppctx, @@ -1318,7 +1364,7 @@ static void hwcrhk_log_message(void *logstr, const char *message) lstream=*(BIO **)logstr; if (lstream) { - BIO_write(lstream, message, strlen(message)); + BIO_printf(lstream, "%s\n", message); } CRYPTO_w_unlock(CRYPTO_LOCK_BIO); } diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c index 24024cfc6f..5bc94581b7 100644 --- a/src/lib/libcrypto/engine/hw_ncipher_err.c +++ b/src/lib/libcrypto/engine/hw_ncipher_err.c @@ -1,6 +1,6 @@ /* hw_ncipher_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ static ERR_STRING_DATA HWCRHK_str_reasons[]= {HWCRHK_R_CHIL_ERROR ,"chil error"}, {HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, {HWCRHK_R_DSO_FAILURE ,"dso failure"}, +{HWCRHK_R_DYNAMIC_LOCKING_MISSING ,"dynamic locking missing"}, {HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"}, {HWCRHK_R_NOT_INITIALISED ,"not initialised"}, {HWCRHK_R_NOT_LOADED ,"not loaded"}, diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h index 4d65b1d470..d232d02319 100644 --- a/src/lib/libcrypto/engine/hw_ncipher_err.h +++ b/src/lib/libcrypto/engine/hw_ncipher_err.h @@ -84,6 +84,7 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line); #define HWCRHK_R_CHIL_ERROR 102 #define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 #define HWCRHK_R_DSO_FAILURE 104 +#define HWCRHK_R_DYNAMIC_LOCKING_MISSING 114 #define HWCRHK_R_MISSING_KEY_COMPONENTS 105 #define HWCRHK_R_NOT_INITIALISED 106 #define HWCRHK_R_NOT_LOADED 107 diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c index 130b6d8b40..fb9188bfe5 100644 --- a/src/lib/libcrypto/engine/hw_nuron.c +++ b/src/lib/libcrypto/engine/hw_nuron.c @@ -374,6 +374,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_nuron(void) { ENGINE *ret = ENGINE_new(); @@ -396,6 +397,7 @@ void ENGINE_load_nuron(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c index ed8401ec16..6286dd851c 100644 --- a/src/lib/libcrypto/engine/hw_ubsec.c +++ b/src/lib/libcrypto/engine/hw_ubsec.c @@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_ubsec(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +265,7 @@ void ENGINE_load_ubsec(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the UBSEC library. NB: This is only set (or unset) during an diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c index c5a50fc910..50b3cec1fa 100644 --- a/src/lib/libcrypto/engine/tb_cipher.c +++ b/src/lib/libcrypto/engine/tb_cipher.c @@ -81,7 +81,7 @@ int ENGINE_register_ciphers(ENGINE *e) int num_nids = e->ciphers(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&cipher_table, - &engine_unregister_all_ciphers, e, nids, + engine_unregister_all_ciphers, e, nids, num_nids, 0); } return 1; @@ -103,7 +103,7 @@ int ENGINE_set_default_ciphers(ENGINE *e) int num_nids = e->ciphers(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&cipher_table, - &engine_unregister_all_ciphers, e, nids, + engine_unregister_all_ciphers, e, nids, num_nids, 1); } return 1; diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c index c9347235ea..e290e1702b 100644 --- a/src/lib/libcrypto/engine/tb_dh.c +++ b/src/lib/libcrypto/engine/tb_dh.c @@ -78,7 +78,7 @@ int ENGINE_register_DH(ENGINE *e) { if(e->dh_meth) return engine_table_register(&dh_table, - &engine_unregister_all_DH, e, &dummy_nid, 1, 0); + engine_unregister_all_DH, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_DH(ENGINE *e) { if(e->dh_meth) return engine_table_register(&dh_table, - &engine_unregister_all_DH, e, &dummy_nid, 1, 1); + engine_unregister_all_DH, e, &dummy_nid, 1, 1); return 1; } diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c index 2c4dd6f796..e82d2a17c9 100644 --- a/src/lib/libcrypto/engine/tb_digest.c +++ b/src/lib/libcrypto/engine/tb_digest.c @@ -81,7 +81,7 @@ int ENGINE_register_digests(ENGINE *e) int num_nids = e->digests(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&digest_table, - &engine_unregister_all_digests, e, nids, + engine_unregister_all_digests, e, nids, num_nids, 0); } return 1; @@ -103,7 +103,7 @@ int ENGINE_set_default_digests(ENGINE *e) int num_nids = e->digests(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&digest_table, - &engine_unregister_all_digests, e, nids, + engine_unregister_all_digests, e, nids, num_nids, 1); } return 1; diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c index e9209476b8..80170591f2 100644 --- a/src/lib/libcrypto/engine/tb_dsa.c +++ b/src/lib/libcrypto/engine/tb_dsa.c @@ -78,7 +78,7 @@ int ENGINE_register_DSA(ENGINE *e) { if(e->dsa_meth) return engine_table_register(&dsa_table, - &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e) { if(e->dsa_meth) return engine_table_register(&dsa_table, - &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 0); return 1; } diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c index 0b1d031f1e..69b67111bc 100644 --- a/src/lib/libcrypto/engine/tb_rand.c +++ b/src/lib/libcrypto/engine/tb_rand.c @@ -78,7 +78,7 @@ int ENGINE_register_RAND(ENGINE *e) { if(e->rand_meth) return engine_table_register(&rand_table, - &engine_unregister_all_RAND, e, &dummy_nid, 1, 0); + engine_unregister_all_RAND, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_RAND(ENGINE *e) { if(e->rand_meth) return engine_table_register(&rand_table, - &engine_unregister_all_RAND, e, &dummy_nid, 1, 1); + engine_unregister_all_RAND, e, &dummy_nid, 1, 1); return 1; } diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c index f84fea3968..fee4867f52 100644 --- a/src/lib/libcrypto/engine/tb_rsa.c +++ b/src/lib/libcrypto/engine/tb_rsa.c @@ -78,7 +78,7 @@ int ENGINE_register_RSA(ENGINE *e) { if(e->rsa_meth) return engine_table_register(&rsa_table, - &engine_unregister_all_RSA, e, &dummy_nid, 1, 0); + engine_unregister_all_RSA, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_RSA(ENGINE *e) { if(e->rsa_meth) return engine_table_register(&rsa_table, - &engine_unregister_all_RSA, e, &dummy_nid, 1, 1); + engine_unregister_all_RSA, e, &dummy_nid, 1, 1); return 1; } -- cgit v1.2.3-55-g6feb