From d6e0927a98d2b936d171fcdf2ac1c56b694a3705 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Thu, 5 Sep 2002 12:51:53 +0000 Subject: This commit was manufactured by cvs2git to create tag 'OPENSSL_0_9_7_BETA1'. --- src/lib/libcrypto/engine/Makefile.ssl | 453 +++++++++++ src/lib/libcrypto/engine/hw_cryptodev.c | 926 ----------------------- src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c | 594 +++++++++++++++ 3 files changed, 1047 insertions(+), 926 deletions(-) create mode 100644 src/lib/libcrypto/engine/Makefile.ssl delete mode 100644 src/lib/libcrypto/engine/hw_cryptodev.c create mode 100644 src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c (limited to 'src/lib/libcrypto/engine') diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl new file mode 100644 index 0000000000..eeea47fbf5 --- /dev/null +++ b/src/lib/libcrypto/engine/Makefile.ssl @@ -0,0 +1,453 @@ +# +# OpenSSL/crypto/engine/Makefile +# + +DIR= engine +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= enginetest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ + eng_table.c eng_pkey.c eng_fat.c eng_all.c \ + tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \ + eng_openssl.c eng_dyn.c eng_cnf.c \ + hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ + hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c hw_4758_cca.c +LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ + eng_table.o eng_pkey.o eng_fat.o eng_all.o \ + tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \ + eng_openssl.o eng_dyn.o eng_cnf.o \ + hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ + hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o hw_4758_cca.o + +SRC= $(LIBSRC) + +EXHEADER= engine.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +errors: + $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \ + -nostatic -staticloader -write hw_*.c; \ + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h +eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h +eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_cnf.o: ../cryptlib.h eng_cnf.c +eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h +eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_ctrl.o: ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h +eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h +eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h +eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/ui.h eng_err.c +eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h +eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h +eng_init.o: ../../e_os.h ../../include/openssl/asn1.h +eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_init.o: ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_init.o: ../cryptlib.h eng_init.c eng_int.h +eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h +eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c +eng_list.o: ../../e_os.h ../../include/openssl/asn1.h +eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_list.o: ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_list.o: ../cryptlib.h eng_int.h eng_list.c +eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h +eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_openssl.o: ../../include/openssl/opensslconf.h +eng_openssl.o: ../../include/openssl/opensslv.h +eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h +eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_openssl.o: ../cryptlib.h eng_openssl.c +eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h +eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_pkey.o: ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c +eng_table.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_table.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_table.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_table.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/opensslconf.h +eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_table.o: eng_int.h eng_table.c +hw_4758_cca.o: ../../e_os.h ../../include/openssl/asn1.h +hw_4758_cca.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_4758_cca.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_4758_cca.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_4758_cca.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_4758_cca.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hw_4758_cca.o: ../../include/openssl/opensslconf.h +hw_4758_cca.o: ../../include/openssl/opensslv.h +hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +hw_4758_cca.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_4758_cca.c +hw_4758_cca.o: hw_4758_cca_err.c hw_4758_cca_err.h vendor_defns/hw_4758_cca.h +hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +hw_aep.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_aep.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_aep.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_aep.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +hw_aep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hw_aep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_aep.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hw_aep.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h hw_aep.c +hw_aep.o: hw_aep_err.c hw_aep_err.h vendor_defns/aep.h +hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h +hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h +hw_atalla.o: vendor_defns/atalla.h +hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h +hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h +hw_cswift.o: vendor_defns/cswift.h +hw_ncipher.o: ../../e_os.h ../../include/openssl/asn1.h +hw_ncipher.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_ncipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_ncipher.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hw_ncipher.o: ../../include/openssl/opensslconf.h +hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +hw_ncipher.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +hw_ncipher.o: ../cryptlib.h hw_ncipher.c hw_ncipher_err.c hw_ncipher_err.h +hw_ncipher.o: vendor_defns/hwcryptohook.h +hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h +hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h +hw_openbsd_dev_crypto.o: ../../include/openssl/asn1.h +hw_openbsd_dev_crypto.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_openbsd_dev_crypto.o: ../../include/openssl/conf.h +hw_openbsd_dev_crypto.o: ../../include/openssl/crypto.h +hw_openbsd_dev_crypto.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_openbsd_dev_crypto.o: ../../include/openssl/e_os2.h +hw_openbsd_dev_crypto.o: ../../include/openssl/engine.h +hw_openbsd_dev_crypto.o: ../../include/openssl/err.h +hw_openbsd_dev_crypto.o: ../../include/openssl/evp.h +hw_openbsd_dev_crypto.o: ../../include/openssl/lhash.h +hw_openbsd_dev_crypto.o: ../../include/openssl/obj_mac.h +hw_openbsd_dev_crypto.o: ../../include/openssl/objects.h +hw_openbsd_dev_crypto.o: ../../include/openssl/opensslconf.h +hw_openbsd_dev_crypto.o: ../../include/openssl/opensslv.h +hw_openbsd_dev_crypto.o: ../../include/openssl/ossl_typ.h +hw_openbsd_dev_crypto.o: ../../include/openssl/rand.h +hw_openbsd_dev_crypto.o: ../../include/openssl/rsa.h +hw_openbsd_dev_crypto.o: ../../include/openssl/safestack.h +hw_openbsd_dev_crypto.o: ../../include/openssl/stack.h +hw_openbsd_dev_crypto.o: ../../include/openssl/symhacks.h +hw_openbsd_dev_crypto.o: ../../include/openssl/ui.h ../evp/evp_locl.h eng_int.h +hw_openbsd_dev_crypto.o: hw_openbsd_dev_crypto.c +hw_sureware.o: ../../e_os.h ../../include/openssl/asn1.h +hw_sureware.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_sureware.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_sureware.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_sureware.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_sureware.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hw_sureware.o: ../../include/openssl/opensslconf.h +hw_sureware.o: ../../include/openssl/opensslv.h +hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +hw_sureware.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h +hw_sureware.o: engine.h hw_sureware.c hw_sureware_err.c hw_sureware_err.h +hw_sureware.o: vendor_defns/sureware.h +hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h +hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h +hw_ubsec.o: vendor_defns/hw_ubsec.h +tb_cipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_cipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/opensslconf.h +tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +tb_cipher.o: eng_int.h tb_cipher.c +tb_dh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_dh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h eng_int.h +tb_dh.o: tb_dh.c +tb_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/opensslconf.h +tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +tb_digest.o: eng_int.h tb_digest.c +tb_dsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_dsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h eng_int.h +tb_dsa.o: tb_dsa.c +tb_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +tb_rand.o: eng_int.h tb_rand.c +tb_rsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_rsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h eng_int.h +tb_rsa.o: tb_rsa.c diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c deleted file mode 100644 index 7c3728f395..0000000000 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ /dev/null @@ -1,926 +0,0 @@ -/* - * Copyright (c) 2002 Bob Beck - * Copyright (c) 2002 Theo de Raadt - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the author nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static int cryptodev_fd = -1; -static int cryptodev_sessions = 0; -static u_int32_t cryptodev_symfeat = 0; - -static int bn2crparam(const BIGNUM *a, struct crparam *crp); -static int crparam2bn(struct crparam *crp, BIGNUM *a); -static void zapparams(struct crypt_kop *kop); - -static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); -static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, - int dlen, DSA *dsa); -static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int cryptodev_dh_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); - -static const ENGINE_CMD_DEFN cryptodev_defns[] = { - { 0, NULL, NULL, 0 } -}; - -static struct { - int id; - int nid; - int ivmax; - int keylen; -} ciphers[] = { - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, - { CRYPTO_AES_CBC, NID_undef, 8, 24, }, - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 8, }, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { CRYPTO_ARC4, NID_rc4, 8, 16, }, - { 0, NID_undef, 0, 0, }, -}; - -static struct { - int id; - int nid; -} digests[] = { - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, - { CRYPTO_MD5_KPDK, NID_undef, }, - { CRYPTO_SHA1_KPDK, NID_undef, }, - { CRYPTO_MD5, NID_md5, }, - { CRYPTO_SHA1, NID_undef, }, - { 0, NID_undef, }, -}; - -/* - * Return 1 if /dev/crypto seems usable, 0 otherwise , also - * does most of the work of initting the device, if not already - * done.. This should leave is with global fd initialized with CRIOGET. - */ -static int -check_dev_crypto() -{ - int fd; - - if (cryptodev_fd == -1) { - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) - return (0); - if (ioctl(fd, CRIOGET, &cryptodev_fd) == -1) { - close(fd); - return (0); - } - close(fd); - /* close on exec */ - if (fcntl(cryptodev_fd, F_SETFD, 1) == -1) { - close(cryptodev_fd); - cryptodev_fd = -1; - return (0); - } - } - ioctl(cryptodev_fd, CIOCSYMFEAT, &cryptodev_symfeat); - - return (1); -} - -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. - */ -static int -cryptodev_max_iv(int cipher) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].ivmax); - return (0); -} - -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. For now, fake it out - but most of these - * for real devices should return 1 for the supported key - * sizes the device can handle. - */ -static int -cryptodev_key_length_valid(int cipher, int len) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].keylen == len); - return (0); -} - -/* convert libcrypto nids to cryptodev */ -static int -cipher_nid_to_cryptodev(int nid) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].nid == nid) - return (ciphers[i].id); - return (0); -} - -/* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_ciphers routine - */ -static int -get_cryptodev_ciphers(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int i, count = 0; - - memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456781234567812345678"; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; - sess.keylen = ciphers[i].keylen; - sess.mac = 0; - if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 && - ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; - } - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} - -/* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_digests routine - */ -static int -get_cryptodev_digests(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int i, count = 0; - - memset(&sess, 0, sizeof(sess)); - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; - sess.cipher = 0; - if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 && - ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = digests[i].nid; - } - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} - -/* - * Find the useable ciphers|digests from dev/crypto - this is the first - * thing called by the engine init crud which determines what it - * can use for ciphers from this engine. We want to return - * only what we can do, anythine else is handled by software. - * - * If we can't initialize the device to do anything useful for - * any reason, we want to return a NULL array, and 0 length, - * which forces everything to be done is software. By putting - * the initalization of the device in here, we ensure we can - * use this engine as the default, and if for whatever reason - * /dev/crypto won't do what we want it will just be done in - * software - * - * This can (should) be greatly expanded to perhaps take into - * account speed of the device, and what we want to do. - * (although the disabling of particular alg's could be controlled - * by the device driver with sysctl's.) - this is where we - * want most of the decisions made about what we actually want - * to use from /dev/crypto. - */ -int -cryptodev_usable_ciphers(const int **nids) -{ - if (!check_dev_crypto()) { - *nids = NULL; - return (0); - } - - /* find what the device can do. Unfortunately, we don't - * necessarily want all of these yet, because we aren't - * yet set up to do them - */ - return (get_cryptodev_ciphers(nids)); -} - -int -cryptodev_usable_digests(const int **nids) -{ -#if 1 - /* - * XXXX just disable all digests for now, because it sucks. - * we need a better way to decide this - i.e. I may not - * want digests on slow cards like hifn on fast machines, - * but might want them on slow or loaded machines, etc. - * will also want them when using crypto cards that don't - * suck moose gonads - would be nice to be able to decide something - * as reasonable default without having hackery that's card dependent. - * of course, the default should probably be just do everything, - * with perhaps a sysctl to turn algoritms off (or have them off - * by default) on cards that generally suck like the hifn. - */ - *nids = NULL; - return (0); -#endif - - if (!check_dev_crypto()) { - *nids = NULL; - return (0); - } - return (get_cryptodev_digests(nids)); -} - - -int -cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) -{ - struct crypt_op cryp; - struct session_op *sess = ctx->cipher_data; - void *iiv; - unsigned char save_iv[EVP_MAX_IV_LENGTH]; - struct syslog_data sd = SYSLOG_DATA_INIT; - - if (cryptodev_fd == -1) - return (0); - if (sess == NULL) - return (0); - if (!inl) - return (1); - if ((inl % ctx->cipher->block_size) != 0) - return (0); - - memset(&cryp, 0, sizeof(cryp)); - - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; - cryp.src = (caddr_t) in; - cryp.dst = (caddr_t) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { - cryp.iv = (caddr_t) ctx->iv; - if (!ctx->encrypt) { - iiv = (void *) in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); - } - } else - cryp.iv = NULL; - - if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) { - /* XXX need better errror handling - * this can fail for a number of different reasons. - */ - syslog_r(LOG_ERR, &sd, "CIOCCRYPT failed (%m)"); - return (0); - } - - if (ctx->cipher->iv_len) { - if (ctx->encrypt) - iiv = (void *) out + inl - ctx->cipher->iv_len; - else - iiv = save_iv; - memcpy(ctx->iv, iiv, ctx->cipher->iv_len); - } - return (1); -} - -int -cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - struct session_op *sess = ctx->cipher_data; - struct syslog_data sd = SYSLOG_DATA_INIT; - int cipher; - - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) - return (0); - - if (!check_dev_crypto()) - return (0); - - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) - return (0); - - if (!cryptodev_key_length_valid(cipher, ctx->key_len)) - return (0); - - memset(sess, 0, sizeof(struct session_op)); - - sess->key = (unsigned char *)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - - if (ioctl(cryptodev_fd, CIOCGSESSION, sess) == -1) { - syslog_r(LOG_ERR, &sd, "CIOCGSESSION failed (%m)"); - return (0); - } - cryptodev_sessions++; - return (1); -} - -/* - * free anything we allocated earlier when initting a - * session, and close the session. - */ -int -cryptodev_cleanup(EVP_CIPHER_CTX *ctx) -{ - int ret = 0; - struct session_op *sess = ctx->cipher_data; - struct syslog_data sd = SYSLOG_DATA_INIT; - - if (sess == NULL) - return (0); - - /* XXX if this ioctl fails, someting's wrong. the invoker - * may have called us with a bogus ctx, or we could - * have a device that for whatever reason just doesn't - * want to play ball - it's not clear what's right - * here - should this be an error? should it just - * increase a counter, hmm. For right now, we return - * 0 - I don't believe that to be "right". we could - * call the gorpy openssl lib error handlers that - * print messages to users of the library. hmm.. - */ - - if (ioctl(cryptodev_fd, CIOCFSESSION, &sess->ses) == -1) { - syslog_r(LOG_ERR, &sd, "CIOCFSESSION failed (%m)"); - ret = 0; - } else { - cryptodev_sessions--; - ret = 1; - } - if (cryptodev_sessions == 0 && cryptodev_fd != -1 ) { - close(cryptodev_fd); /* XXX should this be closed? */ - cryptodev_fd = -1; - } - return (ret); -} - -/* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. - */ - -/* ARC4 (16 byte key) */ -const EVP_CIPHER cryptodev_arc4_cipher = { - NID_rc4, - 1, 16, 0, - EVP_CIPH_VARIABLE_LENGTH, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct session_op), - NULL, - NULL, - NULL -}; - -/* DES CBC EVP */ -const EVP_CIPHER cryptodev_des_cbc = { - NID_des_cbc, - 8, 8, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct session_op), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -/* 3DES CBC EVP */ -const EVP_CIPHER cryptodev_3des_cbc = { - NID_des_ede3_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct session_op), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - - -/* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the - * top level - note, that list is restricted by what we answer with - */ -int -cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (!cipher) - return (cryptodev_usable_ciphers(nids)); - - switch (nid) { - case NID_rc4: - *cipher = &cryptodev_arc4_cipher; - break; - case NID_des_ede3_cbc: - *cipher = &cryptodev_3des_cbc; - break; - case NID_des_cbc: - *cipher = &cryptodev_des_cbc; - break; - default: - *cipher = NULL; - break; - } - return (*cipher != NULL); -} - -int -cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -{ - if (!digest) - return (cryptodev_usable_digests(nids)); - - switch (nid) { - case NID_md5: - *digest = NULL; /* need to make a clean md5 critter */ - break; - default: - *digest = NULL; - break; - } - return (*digest != NULL); -} - - -/* - * Convert a BIGNUM to the representation that /dev/crypto needs. - * Upon completion of use, the caller is responsible for freeing - * crp->crp_p. - */ -static int -bn2crparam(const BIGNUM *a, struct crparam *crp) -{ - int i, j, n; - ssize_t words, bytes, bits; - u_char *b; - - crp->crp_p = NULL; - crp->crp_nbits = 0; - - bits = BN_num_bits(a); - bytes = (bits + 7) / 8; - - b = malloc(bytes); - if (b == NULL) - return (1); - - crp->crp_p = b; - crp->crp_nbits = bits; - - words = (bits + BN_BITS2 - 1) / BN_BITS2; - - n = 0; - for (i = 0; i < words && n < bytes; i++) { - BN_ULONG word; - - word = a->d[i]; - for (j = 0 ; j < BN_BYTES && n < bytes; j++, n++) { - *b++ = (word & 0xff); - word >>= 8; - } - } - return (0); -} - -/* Convert a /dev/crypto parameter to a BIGNUM */ -static int -crparam2bn(struct crparam *crp, BIGNUM *a) -{ - int i, bytes; - - bytes = (crp->crp_nbits + 7)/8; - - BN_zero(a); - for (i = bytes - 1; i >= 0; i--) { - BN_lshift(a, a, 8); - BN_add_word(a, (u_char)crp->crp_p[i]); - } - - return (0); -} - -static void -zapparams(struct crypt_kop *kop) -{ - int i; - - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { - if (kop->crk_param[i].crp_p) - free(kop->crk_param[i].crp_p); - kop->crk_param[i].crp_p = NULL; - kop->crk_param[i].crp_nbits = 0; - } -} - -static int -cryptodev_sym(struct crypt_kop *kop, BIGNUM *r, BIGNUM *s) -{ - int ret = -1; - - if (r) { - kop->crk_param[kop->crk_iparams].crp_p = malloc(256); - kop->crk_param[kop->crk_iparams].crp_nbits = 256 * 8; - kop->crk_oparams++; - } - if (s) { - kop->crk_param[kop->crk_iparams+1].crp_p = malloc(256); - kop->crk_param[kop->crk_iparams+1].crp_nbits = 256 * 8; - kop->crk_oparams++; - } - - if (ioctl(cryptodev_fd, CIOCKEY, &kop) == 0) { - crparam2bn(&kop->crk_param[3], r); - ret = 0; - } - return (ret); -} - -static int -cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - struct crypt_kop kop; - int ret = 0; - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP; - - /* inputs: a m p */ - if (bn2crparam(a, &kop.crk_param[0])) - goto err; - if (bn2crparam(m, &kop.crk_param[1])) - goto err; - if (bn2crparam(p, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - if (cryptodev_sym(&kop, r, NULL) == -1) { - ret = BN_mod_exp(r, a, p, m, ctx); - } -err: - zapparams(&kop); - return (ret); -} - - -static int -cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) -{ - struct crypt_kop kop; - int ret = 0; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - /* XXX 0 means failure?? */ - goto err; - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP_CRT; - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ - if (bn2crparam(rsa->p, &kop.crk_param[0])) - goto err; - if (bn2crparam(rsa->q, &kop.crk_param[1])) - goto err; - if (bn2crparam(I, &kop.crk_param[2])) - goto err; - if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) - goto err; - if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) - goto err; - if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) - goto err; - kop.crk_iparams = 6; - - if (cryptodev_sym(&kop, r0, NULL) == -1) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - - ret = (*meth->rsa_mod_exp)(r0, I, rsa); - } -err: - zapparams(&kop); - return (ret); -} - -static RSA_METHOD cryptodev_rsa = { - "cryptodev RSA method", - NULL, /* rsa_pub_enc */ - NULL, /* rsa_pub_dec */ - NULL, /* rsa_priv_enc */ - NULL, /* rsa_priv_dec */ - cryptodev_rsa_mod_exp, /* rsa_mod_exp */ - cryptodev_bn_mod_exp, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* rsa_sign */ - NULL /* rsa_verify */ -}; - -static int -cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - -static DSA_SIG * -cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - struct crypt_kop kop; - BIGNUM *r = NULL, *s = NULL; - DSA_SIG *dsaret = NULL; - - if ((r = BN_new()) == NULL) - goto err; - if ((s = BN_new()) == NULL) { - BN_free(r); - goto err; - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ - kop.crk_param[0].crp_p = (caddr_t)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; - if (bn2crparam(dsa->q, &kop.crk_param[2])) - goto err; - if (bn2crparam(dsa->g, &kop.crk_param[3])) - goto err; - if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) - goto err; - kop.crk_iparams = 5; - - if (cryptodev_sym(&kop, r, s) == 0) { - dsaret = DSA_SIG_new(); - dsaret->r = r; - dsaret->s = s; - } else { - const DSA_METHOD *meth = DSA_OpenSSL(); - - BN_free(r); - BN_free(s); - dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); - } -err: - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return (dsaret); -} - -static int -cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - DSA_SIG *sig, DSA *dsa) -{ - struct crypt_kop kop; - int dsaret = 0; - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ - kop.crk_param[0].crp_p = (caddr_t)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; - if (bn2crparam(dsa->q, &kop.crk_param[2])) - goto err; - if (bn2crparam(dsa->g, &kop.crk_param[3])) - goto err; - if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) - goto err; - if (bn2crparam(sig->r, &kop.crk_param[5])) - goto err; - if (bn2crparam(sig->s, &kop.crk_param[6])) - goto err; - kop.crk_iparams = 7; - - if (cryptodev_sym(&kop, NULL, NULL) == 0) { - dsaret = kop.crk_status; - } else { - const DSA_METHOD *meth = DSA_OpenSSL(); - - dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); - } -err: - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return (dsaret); -} - -static DSA_METHOD cryptodev_dsa = { - "cryptodev DSA method", - cryptodev_dsa_do_sign, - NULL, /* dsa_sign_setup */ - cryptodev_dsa_verify, - NULL, /* dsa_mod_exp */ - cryptodev_dsa_bn_mod_exp, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ -}; - -static int -cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - -static int -cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - struct crypt_kop kop; - int dhret = 0; - int keylen; - - keylen = BN_num_bits(dh->p); - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DH_COMPUTE_KEY; - - /* inputs: dh->priv_key pub_key dh->p key */ - if (bn2crparam(dh->priv_key, &kop.crk_param[0])) - goto err; - if (bn2crparam(pub_key, &kop.crk_param[1])) - goto err; - if (bn2crparam(dh->p, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - kop.crk_param[3].crp_p = key; - kop.crk_param[3].crp_nbits = keylen * 8; - kop.crk_oparams = 1; - - if (ioctl(cryptodev_fd, CIOCKEY, &kop) == -1) { - const DH_METHOD *meth = DH_OpenSSL(); - - dhret = (meth->compute_key)(key, pub_key, dh); - } -err: - kop.crk_param[3].crp_p = NULL; - zapparams(&kop); - return (dhret); -} - -static DH_METHOD cryptodev_dh = { - "cryptodev DH method", - NULL, /* cryptodev_dh_generate_key */ - cryptodev_dh_compute_key, - cryptodev_mod_exp_dh, - NULL, - NULL, - 0, /* flags */ - NULL /* app_data */ -}; - -/* - * ctrl right now is just a wrapper that doesn't do much - * but I expect we'll want some options soon. - */ -static int -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) -{ - struct syslog_data sd = SYSLOG_DATA_INIT; - - switch (cmd) { - default: - syslog_r(LOG_ERR, &sd, - "cryptodev_ctrl: unknown command %d", cmd); - break; - } - return (1); -} - -void -ENGINE_load_cryptodev(void) -{ - ENGINE *engine = ENGINE_new(); - const RSA_METHOD *rsa_meth; - const DH_METHOD *dh_meth; - - if (engine == NULL) - return; - - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || - !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { - ENGINE_free(engine); - return; - } - - if ((cryptodev_symfeat & CRSFEAT_RSA) && - ENGINE_set_RSA(engine, &cryptodev_rsa)) { - rsa_meth = RSA_PKCS1_SSLeay(); - cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; - cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; - cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_dec; - cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; - } - - if ((cryptodev_symfeat & CRSFEAT_DSA) && - ENGINE_set_DSA(engine, &cryptodev_dsa)) { - } - - if ((cryptodev_symfeat & CRSFEAT_DH) && - ENGINE_set_DH(engine, &cryptodev_dh)) { - dh_meth = DH_OpenSSL(); - cryptodev_dh.generate_key = dh_meth->generate_key; - cryptodev_dh.compute_key = dh_meth->compute_key; - } - - ENGINE_add(engine); - ENGINE_free(engine); - ERR_clear_error(); -} diff --git a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c new file mode 100644 index 0000000000..f946389b8a --- /dev/null +++ b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c @@ -0,0 +1,594 @@ +/* Written by Ben Laurie August 2001 */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" +/* Maybe this is needed? ... */ +#ifdef FLAT_INC +#include "evp_locl.h" +#else +#include "../evp/evp_locl.h" +#endif +#include + +#ifndef OPENSSL_OPENBSD_DEV_CRYPTO + +void ENGINE_load_openbsd_dev_crypto(void) + { + /* This is a NOP unless OPENSSL_OPENBSD_DEV_CRYPTO is defined */ + return; + } + +#else /* OPENSSL_OPENBSD_DEV_CRYPTO */ + +#include +#include +#include +#include +#include +#include + +#include + +/****************************************************/ +/* Declare the normal generic ENGINE stuff here ... */ + +static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid); +static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid); + +static const char dev_crypto_id[] = "openbsd_dev_crypto"; +static const char dev_crypto_name[] = "OpenBSD /dev/crypto"; + +static long allow_misaligned; + +#define DEV_CRYPTO_CMD_ALLOW_MISALIGNED ENGINE_CMD_BASE +static const ENGINE_CMD_DEFN dev_crypto_cmd_defns[]= + { + { DEV_CRYPTO_CMD_ALLOW_MISALIGNED, + "allow_misaligned", + "Permit misaligned data to be used", + ENGINE_CMD_FLAG_NUMERIC }, + { 0, NULL, NULL, 0 } + }; + +static int dev_crypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + switch(cmd) + { + case DEV_CRYPTO_CMD_ALLOW_MISALIGNED: + allow_misaligned=i; + printf("allow misaligned=%ld\n",allow_misaligned); + break; + } + + return 1; + } + +static ENGINE *engine_openbsd_dev_crypto(void) + { + ENGINE *engine=ENGINE_new(); + + if(!ENGINE_set_id(engine, dev_crypto_id) || + !ENGINE_set_name(engine, dev_crypto_name) || + !ENGINE_set_ciphers(engine, dev_crypto_ciphers) || + !ENGINE_set_digests(engine, dev_crypto_digests) || + !ENGINE_set_ctrl_function(engine, dev_crypto_ctrl) || + !ENGINE_set_cmd_defns(engine, dev_crypto_cmd_defns)) + { + ENGINE_free(engine); + return NULL; + } + + return engine; + } + +void ENGINE_load_openbsd_dev_crypto(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_openbsd_dev_crypto(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + +/******************************************************************************/ +/* Clip in the stuff from crypto/evp/openbsd_hw.c here. NB: What has changed? */ +/* I've removed the exposed EVP_*** functions, they're accessed through the */ +/* "dev_crypto_[ciphers|digests]" handlers. I've also moved the EVP_CIPHER */ +/* and EVP_MD structures to the bottom where they are close to the handlers */ +/* that expose them. What should be done? The global data (file-descriptors, */ +/* etc) should be put into ENGINE's ex_data support, and per-context data */ +/* (also file-descriptors perhaps) should be put into the contexts. Also code */ +/* formatting, fprintf statements, and OpenSSL-style error handling should be */ +/* added (dynamically, like the other ENGINEs). Also, "dynamic" support */ +/* be added to this ENGINE once it's up and running so that it could be built */ +/* as a shared-library. What else? device initialisation should take place */ +/* inside an ENGINE 'init()' handler (and likewise 'finish()'). ciphers and */ +/* digests won't be used by the framework unless the ENGINE has been */ +/* successfully initialised (that's one of the things you get for free) so */ +/* initialisation, including returning failure if device setup fails, can be */ +/* handled quite cleanly. This could presumably handle the opening (and then */ +/* closing inside 'finish()') of the 'cryptodev_fd' file-descriptor). */ + +/* longest key supported in hardware */ +#define MAX_HW_KEY 24 +#define MAX_HW_IV 8 + +#define MD5_DIGEST_LENGTH 16 +#define MD5_CBLOCK 64 + +static int fd; +static int dev_failed; + +typedef struct session_op session_op; + +#define CDATA(ctx) EVP_C_DATA(session_op,ctx) + +static void err(const char *str) + { + fprintf(stderr,"%s: errno %d\n",str,errno); + } + +static int dev_crypto_init(session_op *ses) + { + if(dev_failed) + return 0; + if(!fd) + { + int cryptodev_fd; + + if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0) + { + err("/dev/crypto"); + dev_failed=1; + return 0; + } + if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1) + { + err("CRIOGET failed"); + close(cryptodev_fd); + dev_failed=1; + return 0; + } + close(cryptodev_fd); + } + assert(ses); + memset(ses,'\0',sizeof *ses); + + return 1; + } + +static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx) + { + fprintf(stderr,"cleanup %d\n",CDATA(ctx)->ses); + if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1) + err("CIOCFSESSION failed"); + + OPENSSL_free(CDATA(ctx)->key); + + return 1; + } + +static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher, + const unsigned char *key,int klen) + { + if(!dev_crypto_init(CDATA(ctx))) + return 0; + + CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY); + + assert(ctx->cipher->iv_len <= MAX_HW_IV); + + memcpy(CDATA(ctx)->key,key,klen); + + CDATA(ctx)->cipher=cipher; + CDATA(ctx)->keylen=klen; + + if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1) + { + err("CIOCGSESSION failed"); + return 0; + } + return 1; + } + +static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, + const unsigned char *in,unsigned int inl) + { + struct crypt_op cryp; + unsigned char lb[MAX_HW_IV]; + + if(!inl) + return 1; + + assert(CDATA(ctx)); + assert(!dev_failed); + + memset(&cryp,'\0',sizeof cryp); + cryp.ses=CDATA(ctx)->ses; + cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; + cryp.flags=0; + cryp.len=inl; + assert((inl&(ctx->cipher->block_size-1)) == 0); + cryp.src=(caddr_t)in; + cryp.dst=(caddr_t)out; + cryp.mac=0; + if(ctx->cipher->iv_len) + cryp.iv=(caddr_t)ctx->iv; + + if(!ctx->encrypt) + memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len); + + if(ioctl(fd, CIOCCRYPT, &cryp) == -1) + { + if(errno == EINVAL) /* buffers are misaligned */ + { + unsigned int cinl=0; + char *cin=NULL; + char *cout=NULL; + + /* NB: this can only make cinl != inl with stream ciphers */ + cinl=(inl+3)/4*4; + + if(((unsigned long)in&3) || cinl != inl) + { + cin=OPENSSL_malloc(cinl); + memcpy(cin,in,inl); + cryp.src=cin; + } + + if(((unsigned long)out&3) || cinl != inl) + { + cout=OPENSSL_malloc(cinl); + cryp.dst=cout; + } + + cryp.len=cinl; + + if(ioctl(fd, CIOCCRYPT, &cryp) == -1) + { + err("CIOCCRYPT(2) failed"); + printf("src=%p dst=%p\n",cryp.src,cryp.dst); + abort(); + return 0; + } + + if(cout) + { + memcpy(out,cout,inl); + OPENSSL_free(cout); + } + if(cin) + OPENSSL_free(cin); + } + else + { + err("CIOCCRYPT failed"); + abort(); + return 0; + } + } + + if(ctx->encrypt) + memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len); + else + memcpy(ctx->iv,lb,ctx->cipher->iv_len); + + return 1; + } + +static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc) + { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); } + +static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc) + { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); } + +typedef struct + { + session_op sess; + char *data; + int len; + unsigned char md[EVP_MAX_MD_SIZE]; + } MD_DATA; + +static int dev_crypto_init_digest(MD_DATA *md_data,int mac) + { + if(!dev_crypto_init(&md_data->sess)) + return 0; + + md_data->len=0; + md_data->data=NULL; + + md_data->sess.mac=mac; + + if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1) + { + err("CIOCGSESSION failed"); + return 0; + } + fprintf(stderr,"opened %d\n",md_data->sess.ses); + return 1; + } + +static int dev_crypto_cleanup_digest(MD_DATA *md_data) + { + fprintf(stderr,"cleanup %d\n",md_data->sess.ses); + if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1) + { + err("CIOCFSESSION failed"); + return 0; + } + + return 1; + } + +/* FIXME: if device can do chained MACs, then don't accumulate */ +/* FIXME: move accumulation to the framework */ +static int dev_crypto_md5_init(EVP_MD_CTX *ctx) + { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); } + +static int do_digest(int ses,unsigned char *md,const void *data,int len) + { + struct crypt_op cryp; + static unsigned char md5zero[16]= + { + 0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04, + 0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e + }; + + /* some cards can't do zero length */ + if(!len) + { + memcpy(md,md5zero,16); + return 1; + } + + memset(&cryp,'\0',sizeof cryp); + cryp.ses=ses; + cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */ + cryp.len=len; + cryp.src=(caddr_t)data; + cryp.dst=(caddr_t)data; // FIXME!!! + cryp.mac=(caddr_t)md; + + if(ioctl(fd, CIOCCRYPT, &cryp) == -1) + { + if(errno == EINVAL && allow_misaligned) /* buffer is misaligned */ + { + char *dcopy; + + dcopy=OPENSSL_malloc(len); + memcpy(dcopy,data,len); + cryp.src=dcopy; + cryp.dst=cryp.src; // FIXME!!! + + if(ioctl(fd, CIOCCRYPT, &cryp) == -1) + { + err("CIOCCRYPT(MAC2) failed"); + abort(); + return 0; + } + OPENSSL_free(dcopy); + } + else + { + err("CIOCCRYPT(MAC) failed"); + abort(); + return 0; + } + } + // printf("done\n"); + + return 1; + } + +static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data, + unsigned long len) + { + MD_DATA *md_data=ctx->md_data; + + if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT) + return do_digest(md_data->sess.ses,md_data->md,data,len); + + md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len); + memcpy(md_data->data+md_data->len,data,len); + md_data->len+=len; + + return 1; + } + +static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md) + { + int ret; + MD_DATA *md_data=ctx->md_data; + + if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT) + { + memcpy(md,md_data->md,MD5_DIGEST_LENGTH); + ret=1; + } + else + { + ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len); + OPENSSL_free(md_data->data); + md_data->data=NULL; + md_data->len=0; + } + + return ret; + } + +static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) + { + const MD_DATA *from_md=from->md_data; + MD_DATA *to_md=to->md_data; + + // How do we copy sessions? + assert(from->digest->flags&EVP_MD_FLAG_ONESHOT); + + to_md->data=OPENSSL_malloc(from_md->len); + memcpy(to_md->data,from_md->data,from_md->len); + + return 1; + } + +static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx) + { + return dev_crypto_cleanup_digest(ctx->md_data); + } + +/**************************************************************************/ +/* Here are the moved declarations of the EVP_CIPHER and EVP_MD */ +/* implementations. They're down here to be within easy editor-distance */ +/* of the digests and ciphers handler functions. */ + +#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher + +BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8, + 0, dev_crypto_des_ede3_init_key, + dev_crypto_cleanup, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) + +static const EVP_CIPHER r4_cipher= + { + NID_rc4, + 1,16,0, /* FIXME: key should be up to 256 bytes */ + EVP_CIPH_VARIABLE_LENGTH, + dev_crypto_rc4_init_key, + dev_crypto_cipher, + dev_crypto_cleanup, + sizeof(session_op), + NULL, + NULL, + NULL + }; + +static const EVP_MD md5_md= + { + NID_md5, + NID_md5WithRSAEncryption, + MD5_DIGEST_LENGTH, + EVP_MD_FLAG_ONESHOT, // XXX: set according to device info... + dev_crypto_md5_init, + dev_crypto_md5_update, + dev_crypto_md5_final, + dev_crypto_md5_copy, + dev_crypto_md5_cleanup, + EVP_PKEY_RSA_method, + MD5_CBLOCK, + sizeof(MD_DATA), + }; + +/****************************************************************/ +/* Implement the dev_crypto_[ciphers|digests] handlers here ... */ + +static int cipher_nids[] = {NID_des_ede3_cbc, NID_rc4}; +static int cipher_nids_num = 2; +static int digest_nids[] = {NID_md5}; +static int digest_nids_num = 1; + +static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid) + { + if(!cipher) + { + /* We are returning a list of supported nids */ + *nids = cipher_nids; + return cipher_nids_num; + } + /* We are being asked for a specific cipher */ + if(nid == NID_rc4) + *cipher = &r4_cipher; + else if(nid == NID_des_ede3_cbc) + *cipher = &dev_crypto_des_ede3_cbc; + else + { + *cipher = NULL; + return 0; + } + return 1; + } + +static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid) + { + if(!digest) + { + /* We are returning a list of supported nids */ + *nids = digest_nids; + return digest_nids_num; + } + /* We are being asked for a specific digest */ + if(nid == NID_md5) + *digest = &md5_md; + else + { + *digest = NULL; + return 0; + } + return 1; + } + +#endif /* OPENSSL_OPENBSD_DEV_CRYPTO */ -- cgit v1.2.3-55-g6feb