From 6851991ea11599a8a5923ff68d230d542d9185cd Mon Sep 17 00:00:00 2001 From: reyk <> Date: Sun, 13 Apr 2014 18:50:36 +0000 Subject: Remove the Atalla engine: It is not standalone and depends on external non-free libraries. OpenSSL should have a better way to include 3rd party engines: either completely free or external. But including a wrapper for a non-free wrapper in the code base does not make much sense and could also be provided by the vendor. ok deraadt@ --- src/lib/libcrypto/doc/engine.pod | 1 - src/lib/libcrypto/engine/eng_all.c | 3 - src/lib/libcrypto/engine/engine.h | 1 - src/lib/libssl/src/config | 12 - src/lib/libssl/src/crypto/engine/eng_all.c | 3 - src/lib/libssl/src/crypto/engine/engine.h | 1 - src/lib/libssl/src/doc/crypto/engine.pod | 1 - src/lib/libssl/src/engines/Makefile | 21 +- src/lib/libssl/src/engines/e_atalla.c | 607 ----------------------- src/lib/libssl/src/engines/e_atalla.ec | 1 - src/lib/libssl/src/engines/e_atalla_err.c | 149 ------ src/lib/libssl/src/engines/e_atalla_err.h | 93 ---- src/lib/libssl/src/engines/vendor_defns/atalla.h | 48 -- 13 files changed, 1 insertion(+), 940 deletions(-) delete mode 100644 src/lib/libssl/src/engines/e_atalla.c delete mode 100644 src/lib/libssl/src/engines/e_atalla.ec delete mode 100644 src/lib/libssl/src/engines/e_atalla_err.c delete mode 100644 src/lib/libssl/src/engines/e_atalla_err.h delete mode 100644 src/lib/libssl/src/engines/vendor_defns/atalla.h (limited to 'src/lib') diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod index ba36974c45..b0cea78cd3 100644 --- a/src/lib/libcrypto/doc/engine.pod +++ b/src/lib/libcrypto/doc/engine.pod @@ -25,7 +25,6 @@ engine - ENGINE cryptographic module support void ENGINE_load_dynamic(void); #ifndef OPENSSL_NO_STATIC_ENGINE void ENGINE_load_aep(void); - void ENGINE_load_atalla(void); void ENGINE_load_chil(void); void ENGINE_load_gmp(void); void ENGINE_load_nuron(void); diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c index f38a73773c..43fb3caf7d 100644 --- a/src/lib/libcrypto/engine/eng_all.c +++ b/src/lib/libcrypto/engine/eng_all.c @@ -85,9 +85,6 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_AEP ENGINE_load_aep(); #endif -#ifndef OPENSSL_NO_HW_ATALLA - ENGINE_load_atalla(); -#endif #ifndef OPENSSL_NO_HW_NCIPHER ENGINE_load_chil(); #endif diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index 289ac5cdac..948b5a18ff 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h @@ -334,7 +334,6 @@ void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); #ifndef OPENSSL_NO_STATIC_ENGINE void ENGINE_load_aep(void); -void ENGINE_load_atalla(void); void ENGINE_load_chil(void); void ENGINE_load_nuron(void); void ENGINE_load_padlock(void); diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config index 88b9bc69da..ed8db0219c 100644 --- a/src/lib/libssl/src/config +++ b/src/lib/libssl/src/config @@ -845,18 +845,6 @@ case "$GUESSOS" in *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac -# NB: This atalla support has been superceded by the ENGINE support -# That contains its own header and definitions anyway. Support can -# be enabled or disabled on any supported platform without external -# headers, eg. by adding the "hw-atalla" switch to ./config or -# perl Configure -# -# See whether we can compile Atalla support -#if [ -f /usr/include/atasi.h ] -#then -# options="$options -DATALLA" -#fi - if expr "$options" : '.*no\-asm' > /dev/null; then :; else sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \ grep \\--noexecstack >/dev/null && \ diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c index f38a73773c..43fb3caf7d 100644 --- a/src/lib/libssl/src/crypto/engine/eng_all.c +++ b/src/lib/libssl/src/crypto/engine/eng_all.c @@ -85,9 +85,6 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_AEP ENGINE_load_aep(); #endif -#ifndef OPENSSL_NO_HW_ATALLA - ENGINE_load_atalla(); -#endif #ifndef OPENSSL_NO_HW_NCIPHER ENGINE_load_chil(); #endif diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h index 289ac5cdac..948b5a18ff 100644 --- a/src/lib/libssl/src/crypto/engine/engine.h +++ b/src/lib/libssl/src/crypto/engine/engine.h @@ -334,7 +334,6 @@ void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); #ifndef OPENSSL_NO_STATIC_ENGINE void ENGINE_load_aep(void); -void ENGINE_load_atalla(void); void ENGINE_load_chil(void); void ENGINE_load_nuron(void); void ENGINE_load_padlock(void); diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod index ba36974c45..b0cea78cd3 100644 --- a/src/lib/libssl/src/doc/crypto/engine.pod +++ b/src/lib/libssl/src/doc/crypto/engine.pod @@ -25,7 +25,6 @@ engine - ENGINE cryptographic module support void ENGINE_load_dynamic(void); #ifndef OPENSSL_NO_STATIC_ENGINE void ENGINE_load_aep(void); - void ENGINE_load_atalla(void); void ENGINE_load_chil(void); void ENGINE_load_gmp(void); void ENGINE_load_nuron(void); diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile index 571d63a66e..7a4b0da8e3 100644 --- a/src/lib/libssl/src/engines/Makefile +++ b/src/lib/libssl/src/engines/Makefile @@ -26,17 +26,15 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= aep atalla gmp chil nuron padlock capi +LIBNAMES= aep gmp chil nuron padlock capi LIBSRC= e_aep.c \ - e_atalla.c \ e_gmp.c \ e_chil.c \ e_nuron.c \ e_padlock.c \ e_capi.c LIBOBJ= e_aep.o \ - e_atalla.o \ e_gmp.o \ e_chil.o \ e_nuron.o \ @@ -47,7 +45,6 @@ SRC= $(LIBSRC) EXHEADER= HEADER= e_aep_err.c e_aep_err.h \ - e_atalla_err.c e_atalla_err.h \ e_gmp_err.c e_gmp_err.h \ e_chil_err.c e_chil_err.h \ e_nuron_err.c e_nuron_err.h \ @@ -168,22 +165,6 @@ e_aep.o: ../include/openssl/sha.h ../include/openssl/stack.h e_aep.o: ../include/openssl/symhacks.h ../include/openssl/x509.h e_aep.o: ../include/openssl/x509_vfy.h e_aep.c e_aep_err.c e_aep_err.h e_aep.o: vendor_defns/aep.h -e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h -e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h -e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h -e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h -e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_atalla.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_atalla.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_atalla.o: ../include/openssl/x509_vfy.h e_atalla.c e_atalla_err.c -e_atalla.o: e_atalla_err.h vendor_defns/atalla.h e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/src/lib/libssl/src/engines/e_atalla.c b/src/lib/libssl/src/engines/e_atalla.c deleted file mode 100644 index fabaa86a52..0000000000 --- a/src/lib/libssl/src/engines/e_atalla.c +++ /dev/null @@ -1,607 +0,0 @@ -/* crypto/engine/hw_atalla.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#ifndef OPENSSL_NO_DH -#include -#endif -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_ATALLA - -#ifdef FLAT_INC -#include "atalla.h" -#else -#include "vendor_defns/atalla.h" -#endif - -#define ATALLA_LIB_NAME "atalla engine" -#include "e_atalla_err.c" - -static int atalla_destroy(ENGINE *e); -static int atalla_init(ENGINE *e); -static int atalla_finish(ENGINE *e); -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); - -/* BIGNUM stuff */ -static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -#ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -#endif - -#ifndef OPENSSL_NO_DSA -/* DSA stuff */ -static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); -static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -#endif - -#ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -#endif - -/* The definitions for control commands specific to this engine */ -#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN atalla_cmd_defns[] = { - {ATALLA_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'atasi' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD atalla_rsa = - { - "Atalla RSA method", - NULL, - NULL, - NULL, - NULL, - atalla_rsa_mod_exp, - atalla_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL, - NULL - }; -#endif - -#ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD atalla_dsa = - { - "Atalla DSA method", - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - atalla_dsa_mod_exp, /* dsa_mod_exp */ - atalla_mod_exp_dsa, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* dsa_paramgen */ - NULL /* dsa_keygen */ - }; -#endif - -#ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD atalla_dh = - { - "Atalla DH method", - NULL, - NULL, - atalla_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL - }; -#endif - -/* Constants used when creating the ENGINE */ -static const char *engine_atalla_id = "atalla"; -static const char *engine_atalla_name = "Atalla hardware engine support"; - -/* This internal function is used by ENGINE_atalla() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -#endif -#ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -#endif - if(!ENGINE_set_id(e, engine_atalla_id) || - !ENGINE_set_name(e, engine_atalla_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &atalla_rsa) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &atalla_dsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &atalla_dh) || -#endif - !ENGINE_set_destroy_function(e, atalla_destroy) || - !ENGINE_set_init_function(e, atalla_init) || - !ENGINE_set_finish_function(e, atalla_finish) || - !ENGINE_set_ctrl_function(e, atalla_ctrl) || - !ENGINE_set_cmd_defns(e, atalla_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the atalla-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); - atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -#endif - -#ifndef OPENSSL_NO_DSA - /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish - * bits. */ - meth2 = DSA_OpenSSL(); - atalla_dsa.dsa_do_sign = meth2->dsa_do_sign; - atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup; - atalla_dsa.dsa_do_verify = meth2->dsa_do_verify; -#endif - -#ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - atalla_dh.generate_key = meth3->generate_key; - atalla_dh.compute_key = meth3->compute_key; -#endif - - /* Ensure the atalla error handling is set up */ - ERR_load_ATALLA_strings(); - return 1; - } - -#ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_atalla(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_atalla(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_atalla(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } -#endif - -/* This is a process-global DSO handle used for loading and unloading - * the Atalla library. NB: This is only set (or unset) during an - * init() or finish() call (reference counts permitting) and they're - * operating with global locks, so this should be thread-safe - * implicitly. */ -static DSO *atalla_dso = NULL; - -/* These are the function pointers that are (un)set when the library has - * successfully (un)loaded. */ -static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL; -static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL; -static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL; - -/* These are the static string constants for the DSO file name and the function - * symbol names to bind to. Regrettably, the DSO name on *nix appears to be - * "atasi.so" rather than something more consistent like "libatasi.so". At the - * time of writing, I'm not sure what the file name on win32 is but clearly - * native name translation is not possible (eg libatasi.so on *nix, and - * atasi.dll on win32). For the purposes of testing, I have created a symbollic - * link called "libatasi.so" so that we can use native name-translation - a - * better solution will be needed. */ -static const char *ATALLA_LIBNAME = NULL; -static const char *get_ATALLA_LIBNAME(void) - { - if(ATALLA_LIBNAME) - return ATALLA_LIBNAME; - return "atasi"; - } -static void free_ATALLA_LIBNAME(void) - { - if(ATALLA_LIBNAME) - OPENSSL_free((void*)ATALLA_LIBNAME); - ATALLA_LIBNAME = NULL; - } -static long set_ATALLA_LIBNAME(const char *name) - { - free_ATALLA_LIBNAME(); - return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); - } -static const char *ATALLA_F1 = "ASI_GetHardwareConfig"; -static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn"; -static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics"; - -/* Destructor (complements the "ENGINE_atalla()" constructor) */ -static int atalla_destroy(ENGINE *e) - { - free_ATALLA_LIBNAME(); - /* Unload the atalla error strings so any error state including our - * functs or reasons won't lead to a segfault (they simply get displayed - * without corresponding string data because none will be found). */ - ERR_unload_ATALLA_strings(); - return 1; - } - -/* (de)initialisation functions. */ -static int atalla_init(ENGINE *e) - { - tfnASI_GetHardwareConfig *p1; - tfnASI_RSAPrivateKeyOpFn *p2; - tfnASI_GetPerformanceStatistics *p3; - /* Not sure of the origin of this magic value, but Ben's code had it - * and it seemed to have been working for a few people. :-) */ - unsigned int config_buf[1024]; - - if(atalla_dso != NULL) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be - * changed unfortunately because the Atalla drivers don't have - * standard library names that can be platform-translated well. */ - /* TODO: Work out how to actually map to the names the Atalla - * drivers really use - for now a symbollic link needs to be - * created on the host system from libatasi.so to atasi.so on - * unix variants. */ - atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0); - if(atalla_dso == NULL) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); - goto err; - } - if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func( - atalla_dso, ATALLA_F1)) || - !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func( - atalla_dso, ATALLA_F2)) || - !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func( - atalla_dso, ATALLA_F3))) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); - goto err; - } - /* Copy the pointers */ - p_Atalla_GetHardwareConfig = p1; - p_Atalla_RSAPrivateKeyOpFn = p2; - p_Atalla_GetPerformanceStatistics = p3; - /* Perform a basic test to see if there's actually any unit - * running. */ - if(p1(0L, config_buf) != 0) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE); - goto err; - } - /* Everything's fine. */ - return 1; -err: - if(atalla_dso) - DSO_free(atalla_dso); - atalla_dso = NULL; - p_Atalla_GetHardwareConfig = NULL; - p_Atalla_RSAPrivateKeyOpFn = NULL; - p_Atalla_GetPerformanceStatistics = NULL; - return 0; - } - -static int atalla_finish(ENGINE *e) - { - free_ATALLA_LIBNAME(); - if(atalla_dso == NULL) - { - ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED); - return 0; - } - if(!DSO_free(atalla_dso)) - { - ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE); - return 0; - } - atalla_dso = NULL; - p_Atalla_GetHardwareConfig = NULL; - p_Atalla_RSAPrivateKeyOpFn = NULL; - p_Atalla_GetPerformanceStatistics = NULL; - return 1; - } - -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) - { - int initialised = ((atalla_dso == NULL) ? 0 : 1); - switch(cmd) - { - case ATALLA_CMD_SO_PATH: - if(p == NULL) - { - ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED); - return 0; - } - return set_ATALLA_LIBNAME((const char *)p); - default: - break; - } - ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - /* I need somewhere to store temporary serialised values for - * use with the Atalla API calls. A neat cheat - I'll use - * BIGNUMs from the BN_CTX but access their arrays directly as - * byte arrays . This way I don't have to clean anything - * up. */ - BIGNUM *modulus; - BIGNUM *exponent; - BIGNUM *argument; - BIGNUM *result; - RSAPrivateKey keydata; - int to_return, numbytes; - - modulus = exponent = argument = result = NULL; - to_return = 0; /* expect failure */ - - if(!atalla_dso) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED); - goto err; - } - /* Prepare the params */ - BN_CTX_start(ctx); - modulus = BN_CTX_get(ctx); - exponent = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if (!result) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL); - goto err; - } - if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) || - !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL); - goto err; - } - /* Prepare the key-data */ - memset(&keydata, 0,sizeof keydata); - numbytes = BN_num_bytes(m); - memset(exponent->d, 0, numbytes); - memset(modulus->d, 0, numbytes); - BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p)); - BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m)); - keydata.privateExponent.data = (unsigned char *)exponent->d; - keydata.privateExponent.len = numbytes; - keydata.modulus.data = (unsigned char *)modulus->d; - keydata.modulus.len = numbytes; - /* Prepare the argument */ - memset(argument->d, 0, numbytes); - memset(result->d, 0, numbytes); - BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a)); - /* Perform the operation */ - if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d, - (unsigned char *)argument->d, - keydata.modulus.len) != 0) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED); - goto err; - } - /* Convert the response */ - BN_bin2bn((unsigned char *)result->d, numbytes, r); - to_return = 1; -err: - BN_CTX_end(ctx); - return to_return; - } - -#ifndef OPENSSL_NO_RSA -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - int to_return = 0; - - if(!atalla_dso) - { - ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED); - goto err; - } - if(!rsa->d || !rsa->n) - { - ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS); - goto err; - } - to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx); -err: - return to_return; - } -#endif - -#ifndef OPENSSL_NO_DSA -/* This code was liberated and adapted from the commented-out code in - * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration - * (it doesn't have a CRT form for RSA), this function means that an - * Atalla system running with a DSA server certificate can handshake - * around 5 or 6 times faster/more than an equivalent system running with - * RSA. Just check out the "signs" statistics from the RSA and DSA parts - * of "openssl speed -engine atalla dsa1024 rsa1024". */ -static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) - { - BIGNUM t; - int to_return = 0; - - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end; - /* let t = a2 ^ p2 mod m */ - if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; - to_return = 1; -end: - BN_free(&t); - return to_return; - } - -static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - return atalla_mod_exp(r, a, p, m, ctx); - } -#endif - -#ifndef OPENSSL_NO_RSA -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return atalla_mod_exp(r, a, p, m, ctx); - } -#endif - -#ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return atalla_mod_exp(r, a, p, m, ctx); - } -#endif - -/* This stuff is needed if this ENGINE is being compiled into a self-contained - * shared-library. */ -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_atalla_id) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ - -#endif /* !OPENSSL_NO_HW_ATALLA */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libssl/src/engines/e_atalla.ec b/src/lib/libssl/src/engines/e_atalla.ec deleted file mode 100644 index 1d735e1b20..0000000000 --- a/src/lib/libssl/src/engines/e_atalla.ec +++ /dev/null @@ -1 +0,0 @@ -L ATALLA e_atalla_err.h e_atalla_err.c diff --git a/src/lib/libssl/src/engines/e_atalla_err.c b/src/lib/libssl/src/engines/e_atalla_err.c deleted file mode 100644 index fd3e0049ce..0000000000 --- a/src/lib/libssl/src/engines/e_atalla_err.c +++ /dev/null @@ -1,149 +0,0 @@ -/* e_atalla_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "e_atalla_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(0,func,0) -#define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA ATALLA_str_functs[]= - { -{ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"}, -{ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"}, -{ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"}, -{ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"}, -{ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"}, -{0,NULL} - }; - -static ERR_STRING_DATA ATALLA_str_reasons[]= - { -{ERR_REASON(ATALLA_R_ALREADY_LOADED) ,"already loaded"}, -{ERR_REASON(ATALLA_R_BN_CTX_FULL) ,"bn ctx full"}, -{ERR_REASON(ATALLA_R_BN_EXPAND_FAIL) ,"bn expand fail"}, -{ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"}, -{ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS),"missing key components"}, -{ERR_REASON(ATALLA_R_NOT_LOADED) ,"not loaded"}, -{ERR_REASON(ATALLA_R_REQUEST_FAILED) ,"request failed"}, -{ERR_REASON(ATALLA_R_UNIT_FAILURE) ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef ATALLA_LIB_NAME -static ERR_STRING_DATA ATALLA_lib_name[]= - { -{0 ,ATALLA_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int ATALLA_lib_error_code=0; -static int ATALLA_error_init=1; - -static void ERR_load_ATALLA_strings(void) - { - if (ATALLA_lib_error_code == 0) - ATALLA_lib_error_code=ERR_get_next_error_library(); - - if (ATALLA_error_init) - { - ATALLA_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs); - ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons); -#endif - -#ifdef ATALLA_LIB_NAME - ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0); - ERR_load_strings(0,ATALLA_lib_name); -#endif - } - } - -static void ERR_unload_ATALLA_strings(void) - { - if (ATALLA_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs); - ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons); -#endif - -#ifdef ATALLA_LIB_NAME - ERR_unload_strings(0,ATALLA_lib_name); -#endif - ATALLA_error_init=1; - } - } - -static void ERR_ATALLA_error(int function, int reason, char *file, int line) - { - if (ATALLA_lib_error_code == 0) - ATALLA_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libssl/src/engines/e_atalla_err.h b/src/lib/libssl/src/engines/e_atalla_err.h deleted file mode 100644 index 36e09bf42f..0000000000 --- a/src/lib/libssl/src/engines/e_atalla_err.h +++ /dev/null @@ -1,93 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_ATALLA_ERR_H -#define HEADER_ATALLA_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_ATALLA_strings(void); -static void ERR_unload_ATALLA_strings(void); -static void ERR_ATALLA_error(int function, int reason, char *file, int line); -#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the ATALLA functions. */ - -/* Function codes. */ -#define ATALLA_F_ATALLA_CTRL 100 -#define ATALLA_F_ATALLA_FINISH 101 -#define ATALLA_F_ATALLA_INIT 102 -#define ATALLA_F_ATALLA_MOD_EXP 103 -#define ATALLA_F_ATALLA_RSA_MOD_EXP 104 - -/* Reason codes. */ -#define ATALLA_R_ALREADY_LOADED 100 -#define ATALLA_R_BN_CTX_FULL 101 -#define ATALLA_R_BN_EXPAND_FAIL 102 -#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -#define ATALLA_R_MISSING_KEY_COMPONENTS 104 -#define ATALLA_R_NOT_LOADED 105 -#define ATALLA_R_REQUEST_FAILED 106 -#define ATALLA_R_UNIT_FAILURE 107 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libssl/src/engines/vendor_defns/atalla.h b/src/lib/libssl/src/engines/vendor_defns/atalla.h deleted file mode 100644 index 149970d441..0000000000 --- a/src/lib/libssl/src/engines/vendor_defns/atalla.h +++ /dev/null @@ -1,48 +0,0 @@ -/* This header declares the necessary definitions for using the exponentiation - * acceleration capabilities of Atalla cards. The only cryptographic operation - * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that - * defines an "RSA private key". However, it is really only performing a - * regular mod_exp using the supplied modulus and exponent - no CRT form is - * being used. Hence, it is a generic mod_exp function in disguise, and we use - * it as such. - * - * Thanks to the people at Atalla for letting me know these definitions are - * fine and that they can be reproduced here. - * - * Geoff. - */ - -typedef struct ItemStr - { - unsigned char *data; - int len; - } Item; - -typedef struct RSAPrivateKeyStr - { - void *reserved; - Item version; - Item modulus; - Item publicExponent; - Item privateExponent; - Item prime[2]; - Item exponent[2]; - Item coefficient; - } RSAPrivateKey; - -/* Predeclare the function pointer types that we dynamically load from the DSO. - * These use the same names and form that Ben's original support code had (in - * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style - * somewhere along the way! - */ - -typedef int tfnASI_GetPerformanceStatistics(int reset_flag, - unsigned int *ret_buf); - -typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf); - -typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey, - unsigned char *output, - unsigned char *input, - unsigned int modulus_len); - -- cgit v1.2.3-55-g6feb