From a4578a5413c44f1d532903c8bc0727f1fa11b073 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 29 May 2005 19:16:26 +0000 Subject: [PATCH] Change the source and output paths for 'chil' and '4758cca' engines so that dynamic loading is consistent with respect to engine ids. --- CHANGES | 7 + engines/Makefile | 82 +-- engines/e_4758_cca.c | 975 --------------------------- engines/e_4758_cca.ec | 1 - engines/e_4758_cca_err.c | 153 ----- engines/e_4758_cca_err.h | 93 --- engines/e_ncipher.c | 1360 -------------------------------------- engines/e_ncipher.ec | 1 - engines/e_ncipher_err.c | 161 ----- engines/e_ncipher_err.h | 101 --- engines/makeengines.com | 6 +- 11 files changed, 51 insertions(+), 2889 deletions(-) delete mode 100644 engines/e_4758_cca.c delete mode 100644 engines/e_4758_cca.ec delete mode 100644 engines/e_4758_cca_err.c delete mode 100644 engines/e_4758_cca_err.h delete mode 100644 engines/e_ncipher.c delete mode 100644 engines/e_ncipher.ec delete mode 100644 engines/e_ncipher_err.c delete mode 100644 engines/e_ncipher_err.h diff --git a/CHANGES b/CHANGES index 5be91d613c..0103d0c544 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7h and 0.9.8 [xx XXX xxxx] + *) Correct naming of the 'chil' and '4758cca' ENGINEs. This + involves renaming the source and generated shared-libs for + both. The engines will accept the corrected or legacy ids + ('ncipher' and '4758_cca' respectively) when binding. NB, + this only applies when building 'shared'. + [Corinna Vinschen and Geoff Thorpe] + *) Add attribute functions to EVP_PKEY structure. Modify PKCS12_create() to recognize a CSP name attribute and use it. Make -CSP option work again in pkcs12 utility. diff --git a/engines/Makefile b/engines/Makefile index 9ac5471ac6..aa68344728 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -20,23 +20,23 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758_cca aep atalla cswift gmp ncipher nuron sureware ubsec +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec -LIBSRC= e_4758_cca.c \ +LIBSRC= e_4758cca.c \ e_aep.c \ e_atalla.c \ e_cswift.c \ e_gmp.c \ - e_ncipher.c \ + e_chil.c \ e_nuron.c \ e_sureware.c \ e_ubsec.c -LIBOBJ= e_4758_cca.o \ +LIBOBJ= e_4758cca.o \ e_aep.o \ e_atalla.o \ e_cswift.o \ e_gmp.o \ - e_ncipher.o \ + e_chil.o \ e_nuron.o \ e_sureware.o \ e_ubsec.o @@ -44,12 +44,12 @@ LIBOBJ= e_4758_cca.o \ SRC= $(LIBSRC) EXHEADER= -HEADER= e_4758_cca_err.c e_4758_cca_err.h \ +HEADER= e_4758cca_err.c e_4758cca_err.h \ e_aep_err.c e_aep_err.h \ e_atalla_err.c e_atalla_err.h \ e_cswift_err.c e_cswift_err.h \ e_gmp_err.c e_gmp_err.h \ - e_ncipher_err.c e_ncipher_err.h \ + e_chil_err.c e_chil_err.h \ e_nuron_err.c e_nuron_err.h \ e_sureware_err.c e_sureware_err.h \ e_ubsec_err.c e_ubsec_err.h @@ -130,22 +130,22 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -e_4758_cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h -e_4758_cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h -e_4758_cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h -e_4758_cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -e_4758_cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -e_4758_cca.o: ../include/openssl/engine.h ../include/openssl/err.h -e_4758_cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_4758_cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_4758_cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_4758_cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_4758_cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_4758_cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_4758_cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -e_4758_cca.o: e_4758_cca.c e_4758_cca_err.c e_4758_cca_err.h -e_4758_cca.o: vendor_defns/hw_4758_cca.h +e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h +e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h +e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h +e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h +e_4758cca.o: vendor_defns/hw_4758_cca.h e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -184,24 +184,24 @@ e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c -e_ncipher.o: ../include/openssl/asn1.h ../include/openssl/bio.h -e_ncipher.o: ../include/openssl/bn.h ../include/openssl/buffer.h -e_ncipher.o: ../include/openssl/crypto.h ../include/openssl/dh.h -e_ncipher.o: ../include/openssl/dso.h ../include/openssl/e_os2.h -e_ncipher.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -e_ncipher.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -e_ncipher.o: ../include/openssl/err.h ../include/openssl/evp.h -e_ncipher.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -e_ncipher.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -e_ncipher.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -e_ncipher.o: ../include/openssl/pem.h ../include/openssl/pem2.h -e_ncipher.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -e_ncipher.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_ncipher.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_ncipher.o: ../include/openssl/symhacks.h ../include/openssl/ui.h -e_ncipher.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -e_ncipher.o: e_ncipher.c e_ncipher_err.c e_ncipher_err.h -e_ncipher.o: vendor_defns/hwcryptohook.h +e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h +e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h +e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h +e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h +e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_chil.o: e_chil.c e_chil_err.c e_chil_err.h +e_chil.o: vendor_defns/hwcryptohook.h e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c deleted file mode 100644 index d01a037835..0000000000 --- a/engines/e_4758_cca.c +++ /dev/null @@ -1,975 +0,0 @@ -/* Author: Maurice Gittens */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_4758_CCA - -#ifdef FLAT_INC -#include "hw_4758_cca.h" -#else -#include "vendor_defns/hw_4758_cca.h" -#endif - -#include "e_4758_cca_err.c" - -static int ibm_4758_cca_destroy(ENGINE *e); -static int ibm_4758_cca_init(ENGINE *e); -static int ibm_4758_cca_finish(ENGINE *e); -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); - -/* rsa functions */ -/*---------------*/ -#ifndef OPENSSL_NO_RSA -static int cca_rsa_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int cca_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); -static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); - -/* utility functions */ -/*-----------------------*/ -static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*, - UI_METHOD *ui_method, void *callback_data); -static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*, - UI_METHOD *ui_method, void *callback_data); - -static int getModulusAndExponent(const unsigned char *token, long *exponentLength, - unsigned char *exponent, long *modulusLength, - long *modulusFieldLength, unsigned char *modulus); -#endif - -/* RAND number functions */ -/*-----------------------*/ -static int cca_get_random_bytes(unsigned char*, int ); -static int cca_random_status(void); - -static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int idx,long argl, void *argp); - -/* Function pointers for CCA verbs */ -/*---------------------------------*/ -#ifndef OPENSSL_NO_RSA -static F_KEYRECORDREAD keyRecordRead; -static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate; -static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify; -static F_PUBLICKEYEXTRACT publicKeyExtract; -static F_PKAENCRYPT pkaEncrypt; -static F_PKADECRYPT pkaDecrypt; -#endif -static F_RANDOMNUMBERGENERATE randomNumberGenerate; - -/* static variables */ -/*------------------*/ -static const char *CCA4758_LIB_NAME = NULL; -static const char *get_CCA4758_LIB_NAME(void) - { - if(CCA4758_LIB_NAME) - return CCA4758_LIB_NAME; - return CCA_LIB_NAME; - } -static void free_CCA4758_LIB_NAME(void) - { - if(CCA4758_LIB_NAME) - OPENSSL_free((void*)CCA4758_LIB_NAME); - CCA4758_LIB_NAME = NULL; - } -static long set_CCA4758_LIB_NAME(const char *name) - { - free_CCA4758_LIB_NAME(); - return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0); - } -#ifndef OPENSSL_NO_RSA -static const char* n_keyRecordRead = CSNDKRR; -static const char* n_digitalSignatureGenerate = CSNDDSG; -static const char* n_digitalSignatureVerify = CSNDDSV; -static const char* n_publicKeyExtract = CSNDPKX; -static const char* n_pkaEncrypt = CSNDPKE; -static const char* n_pkaDecrypt = CSNDPKD; -#endif -static const char* n_randomNumberGenerate = CSNBRNG; - -static int hndidx = -1; -static DSO *dso = NULL; - -/* openssl engine initialization structures */ -/*------------------------------------------*/ - -#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = { - {CCA4758_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the '4758cca' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -static RSA_METHOD ibm_4758_cca_rsa = - { - "IBM 4758 CCA RSA method", - cca_rsa_pub_enc, - NULL, - NULL, - cca_rsa_priv_dec, - NULL, /*rsa_mod_exp,*/ - NULL, /*mod_exp_mont,*/ - NULL, /* init */ - NULL, /* finish */ - RSA_FLAG_SIGN_VER, /* flags */ - NULL, /* app_data */ - cca_rsa_sign, /* rsa_sign */ - cca_rsa_verify, /* rsa_verify */ - NULL /* rsa_keygen */ - }; -#endif - -static RAND_METHOD ibm_4758_cca_rand = - { - /* "IBM 4758 RAND method", */ - NULL, /* seed */ - cca_get_random_bytes, /* get random bytes from the card */ - NULL, /* cleanup */ - NULL, /* add */ - cca_get_random_bytes, /* pseudo rand */ - cca_random_status, /* status */ - }; - -static const char *engine_4758_cca_id = "4758cca"; -static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support"; -/* Compatibility hack, the dynamic library uses this form in the path */ -static const char *engine_4758_cca_id_alt = "4758_cca"; - -/* engine implementation */ -/*-----------------------*/ -static int bind_helper(ENGINE *e) - { - if(!ENGINE_set_id(e, engine_4758_cca_id) || - !ENGINE_set_name(e, engine_4758_cca_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) || -#endif - !ENGINE_set_RAND(e, &ibm_4758_cca_rand) || - !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) || - !ENGINE_set_init_function(e, ibm_4758_cca_init) || - !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || - !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || - !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || - !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || - !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) - return 0; - /* Ensure the error handling is set up */ - ERR_load_CCA4758_strings(); - return 1; - } - -#ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_4758_cca(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_4758cca(void) - { - ENGINE *e_4758 = engine_4758_cca(); - if (!e_4758) return; - ENGINE_add(e_4758); - ENGINE_free(e_4758); - ERR_clear_error(); - } -#endif - -static int ibm_4758_cca_destroy(ENGINE *e) - { - ERR_unload_CCA4758_strings(); - free_CCA4758_LIB_NAME(); - return 1; - } - -static int ibm_4758_cca_init(ENGINE *e) - { - if(dso) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED); - goto err; - } - - dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0); - if(!dso) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); - goto err; - } - -#ifndef OPENSSL_NO_RSA - if(!(keyRecordRead = (F_KEYRECORDREAD) - DSO_bind_func(dso, n_keyRecordRead)) || - !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) - DSO_bind_func(dso, n_randomNumberGenerate)) || - !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) - DSO_bind_func(dso, n_digitalSignatureGenerate)) || - !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY) - DSO_bind_func(dso, n_digitalSignatureVerify)) || - !(publicKeyExtract = (F_PUBLICKEYEXTRACT) - DSO_bind_func(dso, n_publicKeyExtract)) || - !(pkaEncrypt = (F_PKAENCRYPT) - DSO_bind_func(dso, n_pkaEncrypt)) || - !(pkaDecrypt = (F_PKADECRYPT) - DSO_bind_func(dso, n_pkaDecrypt))) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); - goto err; - } -#else - if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) - DSO_bind_func(dso, n_randomNumberGenerate))) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); - goto err; - } -#endif - - hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle", - NULL, NULL, cca_ex_free); - - return 1; -err: - if(dso) - DSO_free(dso); - dso = NULL; - - keyRecordRead = (F_KEYRECORDREAD)0; - randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; - digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; - digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; - publicKeyExtract = (F_PUBLICKEYEXTRACT)0; - pkaEncrypt = (F_PKAENCRYPT)0; - pkaDecrypt = (F_PKADECRYPT)0; - return 0; - } - -static int ibm_4758_cca_finish(ENGINE *e) - { - free_CCA4758_LIB_NAME(); - if(!dso) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, - CCA4758_R_NOT_LOADED); - return 0; - } - if(!DSO_free(dso)) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, - CCA4758_R_UNIT_FAILURE); - return 0; - } - dso = NULL; - keyRecordRead = (F_KEYRECORDREAD)0; - randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; - digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; - digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; - publicKeyExtract = (F_PUBLICKEYEXTRACT)0; - pkaEncrypt = (F_PKAENCRYPT)0; - pkaDecrypt = (F_PKADECRYPT)0; - return 1; - } - -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) - { - int initialised = ((dso == NULL) ? 0 : 1); - switch(cmd) - { - case CCA4758_CMD_SO_PATH: - if(p == NULL) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - CCA4758_R_ALREADY_LOADED); - return 0; - } - return set_CCA4758_LIB_NAME((const char *)p); - default: - break; - } - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - CCA4758_R_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -#ifndef OPENSSL_NO_RSA - -#define MAX_CCA_PKA_TOKEN_SIZE 2500 - -static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, - UI_METHOD *ui_method, void *callback_data) - { - RSA *rtmp = NULL; - EVP_PKEY *res = NULL; - unsigned char* keyToken = NULL; - unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE]; - long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long returnCode; - long reasonCode; - long exitDataLength = 0; - long ruleArrayLength = 0; - unsigned char exitData[8]; - unsigned char ruleArray[8]; - unsigned char keyLabel[64]; - unsigned long keyLabelLength = strlen(key_id); - unsigned char modulus[256]; - long modulusFieldLength = sizeof(modulus); - long modulusLength = 0; - unsigned char exponent[256]; - long exponentLength = sizeof(exponent); - - if (keyLabelLength > sizeof(keyLabel)) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return NULL; - } - - memset(keyLabel,' ', sizeof(keyLabel)); - memcpy(keyLabel, key_id, keyLabelLength); - - keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); - if (!keyToken) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - keyRecordRead(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, keyLabel, - &keyTokenLength, keyToken+sizeof(long)); - - if (returnCode) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - publicKeyExtract(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken); - - if (returnCode) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - if (!getModulusAndExponent(pubKeyToken, &exponentLength, - exponent, &modulusLength, &modulusFieldLength, - modulus)) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - (*(long*)keyToken) = keyTokenLength; - rtmp = RSA_new_method(e); - RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); - - rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); - rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); - - return res; -err: - if (keyToken) - OPENSSL_free(keyToken); - if (res) - EVP_PKEY_free(res); - if (rtmp) - RSA_free(rtmp); - return NULL; - } - -static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, - UI_METHOD *ui_method, void *callback_data) - { - RSA *rtmp = NULL; - EVP_PKEY *res = NULL; - unsigned char* keyToken = NULL; - long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long returnCode; - long reasonCode; - long exitDataLength = 0; - long ruleArrayLength = 0; - unsigned char exitData[8]; - unsigned char ruleArray[8]; - unsigned char keyLabel[64]; - unsigned long keyLabelLength = strlen(key_id); - unsigned char modulus[512]; - long modulusFieldLength = sizeof(modulus); - long modulusLength = 0; - unsigned char exponent[512]; - long exponentLength = sizeof(exponent); - - if (keyLabelLength > sizeof(keyLabel)) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return NULL; - } - - memset(keyLabel,' ', sizeof(keyLabel)); - memcpy(keyLabel, key_id, keyLabelLength); - - keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); - if (!keyToken) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength, - keyToken+sizeof(long)); - - if (returnCode) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength, - exponent, &modulusLength, &modulusFieldLength, modulus)) - { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, - CCA4758_R_FAILED_LOADING_PUBLIC_KEY); - goto err; - } - - (*(long*)keyToken) = keyTokenLength; - rtmp = RSA_new_method(e); - RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); - rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); - rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); - - return res; -err: - if (keyToken) - OPENSSL_free(keyToken); - if (res) - EVP_PKEY_free(res); - if (rtmp) - RSA_free(rtmp); - return NULL; - } - -static int cca_rsa_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding) - { - long returnCode; - long reasonCode; - long lflen = flen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.2"; - long dataStructureLength = 0; - unsigned char dataStructure[8]; - long outputLength = RSA_size(rsa); - long keyTokenLength; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from, - &dataStructureLength, dataStructure, &keyTokenLength, - keyToken, &outputLength, to); - - if (returnCode || reasonCode) - return -(returnCode << 16 | reasonCode); - return outputLength; - } - -static int cca_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding) - { - long returnCode; - long reasonCode; - long lflen = flen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.2"; - long dataStructureLength = 0; - unsigned char dataStructure[8]; - long outputLength = RSA_size(rsa); - long keyTokenLength; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from, - &dataStructureLength, dataStructure, &keyTokenLength, - keyToken, &outputLength, to); - - return (returnCode | reasonCode) ? 0 : 1; - } - -#define SSL_SIG_LEN 36 - -static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) - { - long returnCode; - long reasonCode; - long lsiglen = siglen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.1"; - long keyTokenLength; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - long length = SSL_SIG_LEN; - long keyLength ; - unsigned char *hashBuffer = NULL; - X509_SIG sig; - ASN1_TYPE parameter; - X509_ALGOR algorithm; - ASN1_OCTET_STRING digest; - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - if (type == NID_md5 || type == NID_sha1) - { - sig.algor = &algorithm; - algorithm.algorithm = OBJ_nid2obj(type); - - if (!algorithm.algorithm) - { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } - - if (!algorithm.algorithm->length) - { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); - return 0; - } - - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - algorithm.parameter = ¶meter; - - sig.digest = &digest; - sig.digest->data = (unsigned char*)m; - sig.digest->length = m_len; - - length = i2d_X509_SIG(&sig, NULL); - } - - keyLength = RSA_size(rsa); - - if (length - RSA_PKCS1_PADDING > keyLength) - { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - switch (type) - { - case NID_md5_sha1 : - if (m_len != SSL_SIG_LEN) - { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - hashBuffer = (unsigned char *)m; - length = m_len; - break; - case NID_md5 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - ERR_R_MALLOC_FAILURE); - return 0; - } - - i2d_X509_SIG(&sig, &ptr); - } - break; - case NID_sha1 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - default: - return 0; - } - - digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken, &length, hashBuffer, &lsiglen, sigbuf); - - if (type == NID_sha1 || type == NID_md5) - { - OPENSSL_cleanse(hashBuffer, keyLength+1); - OPENSSL_free(hashBuffer); - } - - return ((returnCode || reasonCode) ? 0 : 1); - } - -#define SSL_SIG_LEN 36 - -static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) - { - long returnCode; - long reasonCode; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.1"; - long outputLength=256; - long outputBitLength; - long keyTokenLength; - unsigned char *hashBuffer = NULL; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - long length = SSL_SIG_LEN; - long keyLength ; - X509_SIG sig; - ASN1_TYPE parameter; - X509_ALGOR algorithm; - ASN1_OCTET_STRING digest; - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - if (type == NID_md5 || type == NID_sha1) - { - sig.algor = &algorithm; - algorithm.algorithm = OBJ_nid2obj(type); - - if (!algorithm.algorithm) - { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } - - if (!algorithm.algorithm->length) - { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); - return 0; - } - - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - algorithm.parameter = ¶meter; - - sig.digest = &digest; - sig.digest->data = (unsigned char*)m; - sig.digest->length = m_len; - - length = i2d_X509_SIG(&sig, NULL); - } - - keyLength = RSA_size(rsa); - - if (length - RSA_PKCS1_PADDING > keyLength) - { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - switch (type) - { - case NID_md5_sha1 : - if (m_len != SSL_SIG_LEN) - { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - hashBuffer = (unsigned char*)m; - length = m_len; - break; - case NID_md5 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - case NID_sha1 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - default: - return 0; - } - - digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken, &length, hashBuffer, &outputLength, &outputBitLength, - sigret); - - if (type == NID_sha1 || type == NID_md5) - { - OPENSSL_cleanse(hashBuffer, keyLength+1); - OPENSSL_free(hashBuffer); - } - - *siglen = outputLength; - - return ((returnCode || reasonCode) ? 0 : 1); - } - -static int getModulusAndExponent(const unsigned char*token, long *exponentLength, - unsigned char *exponent, long *modulusLength, long *modulusFieldLength, - unsigned char *modulus) - { - unsigned long len; - - if (*token++ != (char)0x1E) /* internal PKA token? */ - return 0; - - if (*token++) /* token version must be zero */ - return 0; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - token += 4; /* skip reserved bytes */ - - if (*token++ == (char)0x04) - { - if (*token++) /* token version must be zero */ - return 0; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - token+=2; /* skip reserved section */ - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *exponentLength = len; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *modulusLength = len; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *modulusFieldLength = len; - - memcpy(exponent, token, *exponentLength); - token+= *exponentLength; - - memcpy(modulus, token, *modulusFieldLength); - return 1; - } - return 0; - } - -#endif /* OPENSSL_NO_RSA */ - -static int cca_random_status(void) - { - return 1; - } - -static int cca_get_random_bytes(unsigned char* buf, int num) - { - long ret_code; - long reason_code; - long exit_data_length; - unsigned char exit_data[4]; - unsigned char form[] = "RANDOM "; - unsigned char rand_buf[8]; - - while(num >= (int)sizeof(rand_buf)) - { - randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, - exit_data, form, rand_buf); - if (ret_code) - return 0; - num -= sizeof(rand_buf); - memcpy(buf, rand_buf, sizeof(rand_buf)); - buf += sizeof(rand_buf); - } - - if (num) - { - randomNumberGenerate(&ret_code, &reason_code, NULL, NULL, - form, rand_buf); - if (ret_code) - return 0; - memcpy(buf, rand_buf, num); - } - - return 1; - } - -static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) - { - if (item) - OPENSSL_free(item); - } - -/* Goo to handle building as a dynamic engine */ -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_4758_cca_id) != 0) && - (strcmp(id, engine_4758_cca_id_alt) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ - -#endif /* !OPENSSL_NO_HW_4758_CCA */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_4758_cca.ec b/engines/e_4758_cca.ec deleted file mode 100644 index 2919969466..0000000000 --- a/engines/e_4758_cca.ec +++ /dev/null @@ -1 +0,0 @@ -L CCA4758 e_4758_cca_err.h e_4758_cca_err.c diff --git a/engines/e_4758_cca_err.c b/engines/e_4758_cca_err.c deleted file mode 100644 index 5d26450fe1..0000000000 --- a/engines/e_4758_cca_err.c +++ /dev/null @@ -1,153 +0,0 @@ -/* e_4758_cca_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "e_4758_cca_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(0,func,0) -#define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA CCA4758_str_functs[]= - { -{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"}, -{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"}, -{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"}, -{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"}, -{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"}, -{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"}, -{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"}, -{0,NULL} - }; - -static ERR_STRING_DATA CCA4758_str_reasons[]= - { -{ERR_REASON(CCA4758_R_ALREADY_LOADED) ,"already loaded"}, -{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),"asn1 oid unknown for md"}, -{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),"command not implemented"}, -{ERR_REASON(CCA4758_R_DSO_FAILURE) ,"dso failure"}, -{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"}, -{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"}, -{ERR_REASON(CCA4758_R_NOT_LOADED) ,"not loaded"}, -{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"}, -{ERR_REASON(CCA4758_R_UNIT_FAILURE) ,"unit failure"}, -{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, -{0,NULL} - }; - -#endif - -#ifdef CCA4758_LIB_NAME -static ERR_STRING_DATA CCA4758_lib_name[]= - { -{0 ,CCA4758_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int CCA4758_lib_error_code=0; -static int CCA4758_error_init=1; - -static void ERR_load_CCA4758_strings(void) - { - if (CCA4758_lib_error_code == 0) - CCA4758_lib_error_code=ERR_get_next_error_library(); - - if (CCA4758_error_init) - { - CCA4758_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs); - ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons); -#endif - -#ifdef CCA4758_LIB_NAME - CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0); - ERR_load_strings(0,CCA4758_lib_name); -#endif - } - } - -static void ERR_unload_CCA4758_strings(void) - { - if (CCA4758_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs); - ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons); -#endif - -#ifdef CCA4758_LIB_NAME - ERR_unload_strings(0,CCA4758_lib_name); -#endif - CCA4758_error_init=1; - } - } - -static void ERR_CCA4758_error(int function, int reason, char *file, int line) - { - if (CCA4758_lib_error_code == 0) - CCA4758_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line); - } diff --git a/engines/e_4758_cca_err.h b/engines/e_4758_cca_err.h deleted file mode 100644 index 3d4276be91..0000000000 --- a/engines/e_4758_cca_err.h +++ /dev/null @@ -1,93 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_CCA4758_ERR_H -#define HEADER_CCA4758_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_CCA4758_strings(void); -static void ERR_unload_CCA4758_strings(void); -static void ERR_CCA4758_error(int function, int reason, char *file, int line); -#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the CCA4758 functions. */ - -/* Function codes. */ -#define CCA4758_F_CCA_RSA_SIGN 105 -#define CCA4758_F_CCA_RSA_VERIFY 106 -#define CCA4758_F_IBM_4758_CCA_CTRL 100 -#define CCA4758_F_IBM_4758_CCA_FINISH 101 -#define CCA4758_F_IBM_4758_CCA_INIT 102 -#define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103 -#define CCA4758_F_IBM_4758_LOAD_PUBKEY 104 - -/* Reason codes. */ -#define CCA4758_R_ALREADY_LOADED 100 -#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101 -#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102 -#define CCA4758_R_DSO_FAILURE 103 -#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104 -#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105 -#define CCA4758_R_NOT_LOADED 106 -#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107 -#define CCA4758_R_UNIT_FAILURE 108 -#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c deleted file mode 100644 index 11ae5aec82..0000000000 --- a/engines/e_ncipher.c +++ /dev/null @@ -1,1360 +0,0 @@ -/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */ -/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe - * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com) - * for the OpenSSL project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_NCIPHER - -/* Attribution notice: nCipher have said several times that it's OK for - * us to implement a general interface to their boxes, and recently declared - * their HWCryptoHook to be public, and therefore available for us to use. - * Thanks, nCipher. - * - * The hwcryptohook.h included here is from May 2000. - * [Richard Levitte] - */ -#ifdef FLAT_INC -#include "hwcryptohook.h" -#else -#include "vendor_defns/hwcryptohook.h" -#endif - -#define HWCRHK_LIB_NAME "hwcrhk engine" -#include "e_ncipher_err.c" - -static int hwcrhk_destroy(ENGINE *e); -static int hwcrhk_init(ENGINE *e); -static int hwcrhk_finish(ENGINE *e); -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); - -/* Functions to handle mutexes */ -static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*); -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*); -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); - -/* BIGNUM stuff */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -#ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - -#ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -#endif - -/* RAND stuff */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num); -static int hwcrhk_rand_status(void); - -/* KM stuff */ -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp); - -/* Interaction stuff */ -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx); -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx); -static void hwcrhk_log_message(void *logstr, const char *message); - -/* The definitions for control commands specific to this engine */ -#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE -#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1) -#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2) -#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3) -#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4) -static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = { - {HWCRHK_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'hwcrhk' shared library", - ENGINE_CMD_FLAG_STRING}, - {HWCRHK_CMD_FORK_CHECK, - "FORK_CHECK", - "Turns fork() checking on or off (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_THREAD_LOCKING, - "THREAD_LOCKING", - "Turns thread-safe locking on or off (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_SET_USER_INTERFACE, - "SET_USER_INTERFACE", - "Set the global user interface (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {HWCRHK_CMD_SET_CALLBACK_DATA, - "SET_CALLBACK_DATA", - "Set the global user interface extra data (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD hwcrhk_rsa = - { - "nCipher RSA method", - NULL, - NULL, - NULL, - NULL, - hwcrhk_rsa_mod_exp, - hwcrhk_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL, - NULL - }; -#endif - -#ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD hwcrhk_dh = - { - "nCipher DH method", - NULL, - NULL, - hwcrhk_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL - }; -#endif - -static RAND_METHOD hwcrhk_rand = - { - /* "nCipher RAND method", */ - NULL, - hwcrhk_rand_bytes, - NULL, - NULL, - hwcrhk_rand_bytes, - hwcrhk_rand_status, - }; - -/* Constants used when creating the ENGINE */ -static const char *engine_hwcrhk_id = "chil"; -static const char *engine_hwcrhk_name = "nCipher hardware engine support"; -/* Compatibility hack, the dynamic library uses this form in the path */ -static const char *engine_hwcrhk_id_alt = "ncipher"; - -/* Internal stuff for HWCryptoHook */ - -/* Some structures needed for proper use of thread locks */ -/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue - into HWCryptoHook_Mutex */ -struct HWCryptoHook_MutexValue - { - int lockid; - }; - -/* hwcryptohook.h has some typedefs that turn - struct HWCryptoHook_PassphraseContextValue - into HWCryptoHook_PassphraseContext */ -struct HWCryptoHook_PassphraseContextValue - { - UI_METHOD *ui_method; - void *callback_data; - }; - -/* hwcryptohook.h has some typedefs that turn - struct HWCryptoHook_CallerContextValue - into HWCryptoHook_CallerContext */ -struct HWCryptoHook_CallerContextValue - { - pem_password_cb *password_callback; /* Deprecated! Only present for - backward compatibility! */ - UI_METHOD *ui_method; - void *callback_data; - }; - -/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL - BIGNUM's, so lets define a couple of conversion macros */ -#define BN2MPI(mp, bn) \ - {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} -#define MPI2BN(bn, mp) \ - {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} - -static BIO *logstream = NULL; -static int disable_mutex_callbacks = 0; - -/* One might wonder why these are needed, since one can pass down at least - a UI_METHOD and a pointer to callback data to the key-loading functions. - The thing is that the ModExp and RSAImmed functions can load keys as well, - if the data they get is in a special, nCipher-defined format (hint: if you - look at the private exponent of the RSA data as a string, you'll see this - string: "nCipher KM tool key id", followed by some bytes, followed a key - identity string, followed by more bytes. This happens when you use "embed" - keys instead of "hwcrhk" keys). Unfortunately, those functions do not take - any passphrase or caller context, and our functions can't really take any - callback data either. Still, the "insert_card" and "get_passphrase" - callbacks may be called down the line, and will need to know what user - interface callbacks to call, and having callback data from the application - may be a nice thing as well, so we need to keep track of that globally. */ -static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL }; - -/* Stuff to pass to the HWCryptoHook library */ -static HWCryptoHook_InitInfo hwcrhk_globals = { - HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */ - &logstream, /* logstream */ - sizeof(BN_ULONG), /* limbsize */ - 0, /* mslimb first: false for BNs */ - -1, /* msbyte first: use native */ - 0, /* Max mutexes, 0 = no small limit */ - 0, /* Max simultaneous, 0 = default */ - - /* The next few are mutex stuff: we write wrapper functions - around the OS mutex functions. We initialise them to 0 - here, and change that to actual function pointers in hwcrhk_init() - if dynamic locks are supported (that is, if the application - programmer has made sure of setting up callbacks bafore starting - this engine) *and* if disable_mutex_callbacks hasn't been set by - a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */ - sizeof(HWCryptoHook_Mutex), - 0, - 0, - 0, - 0, - - /* The next few are condvar stuff: we write wrapper functions - round the OS functions. Currently not implemented and not - and absolute necessity even in threaded programs, therefore - 0'ed. Will hopefully be implemented some day, since it - enhances the efficiency of HWCryptoHook. */ - 0, /* sizeof(HWCryptoHook_CondVar), */ - 0, /* hwcrhk_cv_init, */ - 0, /* hwcrhk_cv_wait, */ - 0, /* hwcrhk_cv_signal, */ - 0, /* hwcrhk_cv_broadcast, */ - 0, /* hwcrhk_cv_destroy, */ - - hwcrhk_get_pass, /* pass phrase */ - hwcrhk_insert_card, /* insert a card */ - hwcrhk_log_message /* Log message */ -}; - - -/* Now, to our own code */ - -/* This internal function is used by ENGINE_ncipher() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DH - const DH_METHOD *meth2; -#endif - if(!ENGINE_set_id(e, engine_hwcrhk_id) || - !ENGINE_set_name(e, engine_hwcrhk_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &hwcrhk_rsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &hwcrhk_dh) || -#endif - !ENGINE_set_RAND(e, &hwcrhk_rand) || - !ENGINE_set_destroy_function(e, hwcrhk_destroy) || - !ENGINE_set_init_function(e, hwcrhk_init) || - !ENGINE_set_finish_function(e, hwcrhk_finish) || - !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || - !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || - !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || - !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the cswift-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); - hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -#endif - -#ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth2 = DH_OpenSSL(); - hwcrhk_dh.generate_key = meth2->generate_key; - hwcrhk_dh.compute_key = meth2->compute_key; -#endif - - /* Ensure the hwcrhk error handling is set up */ - ERR_load_HWCRHK_strings(); - return 1; - } - -#ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_ncipher(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_chil(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_ncipher(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } -#endif - -/* This is a process-global DSO handle used for loading and unloading - * the HWCryptoHook library. NB: This is only set (or unset) during an - * init() or finish() call (reference counts permitting) and they're - * operating with global locks, so this should be thread-safe - * implicitly. */ -static DSO *hwcrhk_dso = NULL; -static HWCryptoHook_ContextHandle hwcrhk_context = 0; -#ifndef OPENSSL_NO_RSA -static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */ -#endif - -/* These are the function pointers that are (un)set when the library has - * successfully (un)loaded. */ -static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL; -static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL; -static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL; -#ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL; -#endif -static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL; -#ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL; -static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL; -static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; -#endif -static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; - -/* Used in the DSO operations. */ -static const char *HWCRHK_LIBNAME = NULL; -static void free_HWCRHK_LIBNAME(void) - { - if(HWCRHK_LIBNAME) - OPENSSL_free((void*)HWCRHK_LIBNAME); - HWCRHK_LIBNAME = NULL; - } -static const char *get_HWCRHK_LIBNAME(void) - { - if(HWCRHK_LIBNAME) - return HWCRHK_LIBNAME; - return "nfhwcrhk"; - } -static long set_HWCRHK_LIBNAME(const char *name) - { - free_HWCRHK_LIBNAME(); - return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); - } -static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; -static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; -static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; -#ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA"; -#endif -static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes"; -#ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey"; -static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey"; -static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey"; -#endif -static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT"; - -/* HWCryptoHook library functions and mechanics - these are used by the - * higher-level functions further down. NB: As and where there's no - * error checking, take a look lower down where these functions are - * called, the checking and error handling is probably down there. */ - -/* utility function to obtain a context */ -static int get_context(HWCryptoHook_ContextHandle *hac, - HWCryptoHook_CallerContext *cac) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, - cac); - if (!*hac) - return 0; - return 1; - } - -/* similarly to release one. */ -static void release_context(HWCryptoHook_ContextHandle hac) - { - p_hwcrhk_Finish(hac); - } - -/* Destructor (complements the "ENGINE_ncipher()" constructor) */ -static int hwcrhk_destroy(ENGINE *e) - { - free_HWCRHK_LIBNAME(); - ERR_unload_HWCRHK_strings(); - return 1; - } - -/* (de)initialisation functions. */ -static int hwcrhk_init(ENGINE *e) - { - HWCryptoHook_Init_t *p1; - HWCryptoHook_Finish_t *p2; - HWCryptoHook_ModExp_t *p3; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_RSA_t *p4; - HWCryptoHook_RSALoadKey_t *p5; - HWCryptoHook_RSAGetPublicKey_t *p6; - HWCryptoHook_RSAUnloadKey_t *p7; -#endif - HWCryptoHook_RandomBytes_t *p8; - HWCryptoHook_ModExpCRT_t *p9; - - if(hwcrhk_dso != NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ - hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0); - if(hwcrhk_dso == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); - goto err; - } - if(!(p1 = (HWCryptoHook_Init_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) || - !(p2 = (HWCryptoHook_Finish_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || - !(p3 = (HWCryptoHook_ModExp_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || -#ifndef OPENSSL_NO_RSA - !(p4 = (HWCryptoHook_RSA_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || - !(p5 = (HWCryptoHook_RSALoadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) || - !(p6 = (HWCryptoHook_RSAGetPublicKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || - !(p7 = (HWCryptoHook_RSAUnloadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || -#endif - !(p8 = (HWCryptoHook_RandomBytes_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || - !(p9 = (HWCryptoHook_ModExpCRT_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); - goto err; - } - /* Copy the pointers */ - p_hwcrhk_Init = p1; - p_hwcrhk_Finish = p2; - p_hwcrhk_ModExp = p3; -#ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = p4; - p_hwcrhk_RSALoadKey = p5; - p_hwcrhk_RSAGetPublicKey = p6; - p_hwcrhk_RSAUnloadKey = p7; -#endif - p_hwcrhk_RandomBytes = p8; - p_hwcrhk_ModExpCRT = p9; - - /* Check if the application decided to support dynamic locks, - and if it does, use them. */ - if (disable_mutex_callbacks == 0) - { - if (CRYPTO_get_dynlock_create_callback() != NULL && - CRYPTO_get_dynlock_lock_callback() != NULL && - CRYPTO_get_dynlock_destroy_callback() != NULL) - { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; - } - else if (CRYPTO_get_locking_callback() != NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING); - ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()"); - goto err; - } - } - - /* Try and get a context - if not, we may have a DSO but no - * accelerator! */ - if(!get_context(&hwcrhk_context, &password_context)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE); - goto err; - } - /* Everything's fine. */ -#ifndef OPENSSL_NO_RSA - if (hndidx_rsa == -1) - hndidx_rsa = RSA_get_ex_new_index(0, - "nFast HWCryptoHook RSA key handle", - NULL, NULL, hwcrhk_ex_free); -#endif - return 1; -err: - if(hwcrhk_dso) - DSO_free(hwcrhk_dso); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -#ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -#endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return 0; - } - -static int hwcrhk_finish(ENGINE *e) - { - int to_return = 1; - free_HWCRHK_LIBNAME(); - if(hwcrhk_dso == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED); - to_return = 0; - goto err; - } - release_context(hwcrhk_context); - if(!DSO_free(hwcrhk_dso)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE); - to_return = 0; - goto err; - } - err: - if (logstream) - BIO_free(logstream); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -#ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -#endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return to_return; - } - -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) - { - int to_return = 1; - - switch(cmd) - { - case HWCRHK_CMD_SO_PATH: - if(hwcrhk_dso) - { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED); - return 0; - } - if(p == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return set_HWCRHK_LIBNAME((const char *)p); - case ENGINE_CTRL_SET_LOGSTREAM: - { - BIO *bio = (BIO *)p; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if (logstream) - { - BIO_free(logstream); - logstream = NULL; - } - if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1) - logstream = bio; - else - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED); - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case ENGINE_CTRL_SET_PASSWORD_CALLBACK: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - password_context.password_callback = (pem_password_cb *)f; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case ENGINE_CTRL_SET_USER_INTERFACE: - case HWCRHK_CMD_SET_USER_INTERFACE: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - password_context.ui_method = (UI_METHOD *)p; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case ENGINE_CTRL_SET_CALLBACK_DATA: - case HWCRHK_CMD_SET_CALLBACK_DATA: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - password_context.callback_data = p; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - /* this enables or disables the "SimpleForkCheck" flag used in the - * initialisation structure. */ - case ENGINE_CTRL_CHIL_SET_FORKCHECK: - case HWCRHK_CMD_FORK_CHECK: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(i) - hwcrhk_globals.flags |= - HWCryptoHook_InitFlags_SimpleForkCheck; - else - hwcrhk_globals.flags &= - ~HWCryptoHook_InitFlags_SimpleForkCheck; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - /* This will prevent the initialisation function from "installing" - * the mutex-handling callbacks, even if they are available from - * within the library (or were provided to the library from the - * calling application). This is to remove any baggage for - * applications not using multithreading. */ - case ENGINE_CTRL_CHIL_NO_LOCKING: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - disable_mutex_callbacks = 1; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case HWCRHK_CMD_THREAD_LOCKING: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - disable_mutex_callbacks = ((i == 0) ? 0 : 1); - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - - /* The command isn't understood by this engine */ - default: - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - to_return = 0; - break; - } - - return to_return; - } - -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { -#ifndef OPENSSL_NO_RSA - RSA *rtmp = NULL; -#endif - EVP_PKEY *res = NULL; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_MPI e, n; - HWCryptoHook_RSAKeyHandle *hptr; -#endif -#if !defined(OPENSSL_NO_RSA) - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; -#endif - HWCryptoHook_PassphraseContext ppctx; - -#if !defined(OPENSSL_NO_RSA) - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); -#endif - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_NOT_INITIALISED); - goto err; - } -#ifndef OPENSSL_NO_RSA - hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); - if (!hptr) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - ppctx.ui_method = ui_method; - ppctx.callback_data = callback_data; - if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, - &rmsg, &ppctx)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1,rmsg.buf); - goto err; - } - if (!*hptr) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_NO_KEY); - goto err; - } -#endif -#ifndef OPENSSL_NO_RSA - rtmp = RSA_new_method(eng); - RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr); - rtmp->e = BN_new(); - rtmp->n = BN_new(); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg) - != HWCRYPTOHOOK_ERROR_MPISIZE) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1,rmsg.buf); - goto err; - } - - bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG)); - bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG)); - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1,rmsg.buf); - goto err; - } - rtmp->e->top = e.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->e); - rtmp->n->top = n.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->n); - - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); -#endif - - if (!res) - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); - - return res; - err: - if (res) - EVP_PKEY_free(res); -#ifndef OPENSSL_NO_RSA - if (rtmp) - RSA_free(rtmp); -#endif - return NULL; - } - -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { - EVP_PKEY *res = NULL; - -#ifndef OPENSSL_NO_RSA - res = hwcrhk_load_privkey(eng, key_id, - ui_method, callback_data); -#endif - - if (res) - switch(res->type) - { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - { - RSA *rsa = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); - rsa = res->pkey.rsa; - res->pkey.rsa = RSA_new(); - res->pkey.rsa->n = rsa->n; - res->pkey.rsa->e = rsa->e; - rsa->n = NULL; - rsa->e = NULL; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); - RSA_free(rsa); - } - break; -#endif - default: - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - goto err; - } - - return res; - err: - if (res) - EVP_PKEY_free(res); - return NULL; - } - -/* A little mod_exp */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, - we use them directly, plus a little macro magic. We only - thing we need to make sure of is that enough space is allocated. */ - HWCryptoHook_MPI m_a, m_p, m_n, m_r; - int to_return, ret; - - to_return = 0; /* expect failure */ - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED); - goto err; - } - /* Prepare the params */ - bn_expand2(r, m->top); /* Check for error !! */ - BN2MPI(m_a, a); - BN2MPI(m_p, p); - BN2MPI(m_n, m); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - - to_return = 1; -err: - return to_return; - } - -#ifndef OPENSSL_NO_RSA -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - HWCryptoHook_RSAKeyHandle *hptr; - int to_return = 0, ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,HWCRHK_R_NOT_INITIALISED); - goto err; - } - - /* This provides support for nForce keys. Since that's opaque data - all we do is provide a handle to the proper key and let HWCryptoHook - take care of the rest. */ - if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa)) - != NULL) - { - HWCryptoHook_MPI m_a, m_r; - - if(!rsa->n) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - } - else - { - HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r; - - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - BN2MPI(m_p, rsa->p); - BN2MPI(m_q, rsa->q); - BN2MPI(m_dmp1, rsa->dmp1); - BN2MPI(m_dmq1, rsa->dmq1); - BN2MPI(m_iqmp, rsa->iqmp); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, - m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - } - /* If we're here, we must be here with some semblance of success :-) */ - to_return = 1; -err: - return to_return; - } -#endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return hwcrhk_mod_exp(r, a, p, m, ctx); - } - -#ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return hwcrhk_mod_exp(r, a, p, m, ctx); - } -#endif - -/* Random bytes are good */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - int to_return = 0; /* assume failure */ - int ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED); - goto err; - } - - ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg); - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, - HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - to_return = 1; - err: - return to_return; - } - -static int hwcrhk_rand_status(void) - { - return 1; - } - -/* This cleans up an RSA KM key, called when ex_data is freed */ - -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_RSAKeyHandle *hptr; -#endif -#if !defined(OPENSSL_NO_RSA) - int ret; -#endif - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - -#ifndef OPENSSL_NO_RSA - hptr = (HWCryptoHook_RSAKeyHandle *) item; - if(hptr) - { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); - OPENSSL_free(hptr); - } -#endif -} - -/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model - * these just wrap the POSIX functions and add some logging. - */ - -static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt, - HWCryptoHook_CallerContext *cactx) - { - mt->lockid = CRYPTO_get_new_dynlockid(); - if (mt->lockid == 0) - return 1; /* failure */ - return 0; /* success */ - } - -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt) - { - CRYPTO_w_lock(mt->lockid); - return 0; - } - -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt) - { - CRYPTO_w_unlock(mt->lockid); - } - -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt) - { - CRYPTO_destroy_dynlockid(mt->lockid); - } - -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx) - { - pem_password_cb *callback = NULL; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - - if (cactx) - { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->password_callback) - callback = cactx->password_callback; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) - { - if (ppctx->ui_method) - { - ui_method = ppctx->ui_method; - callback = NULL; - } - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (callback == NULL && ui_method == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK); - return -1; - } - - if (ui_method) - { - UI *ui = UI_new_method(ui_method); - if (ui) - { - int ok; - char *prompt = UI_construct_prompt(ui, - "pass phrase", prompt_info); - - ok = UI_add_input_string(ui,prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - buf,0,(*len_io) - 1); - UI_add_user_data(ui, callback_data); - UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); - - if (ok >= 0) - do - { - ok=UI_process(ui); - } - while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - - if (ok >= 0) - *len_io = strlen(buf); - - UI_free(ui); - OPENSSL_free(prompt); - } - } - else - { - *len_io = callback(buf, *len_io, 0, callback_data); - } - if(!*len_io) - return -1; - return 0; - } - -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx) - { - int ok = -1; - UI *ui; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - - if (cactx) - { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) - { - if (ppctx->ui_method) - ui_method = ppctx->ui_method; - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (ui_method == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, - HWCRHK_R_NO_CALLBACK); - return -1; - } - - ui = UI_new_method(ui_method); - - if (ui) - { - char answer; - char buf[BUFSIZ]; - - if (wrong_info) - BIO_snprintf(buf, sizeof(buf)-1, - "Current card: \"%s\"\n", wrong_info); - ok = UI_dup_info_string(ui, buf); - if (ok >= 0 && prompt_info) - { - BIO_snprintf(buf, sizeof(buf)-1, - "Insert card \"%s\"", prompt_info); - ok = UI_dup_input_boolean(ui, buf, - "\n then hit or C to cancel\n", - "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer); - } - UI_add_user_data(ui, callback_data); - - if (ok >= 0) - ok = UI_process(ui); - UI_free(ui); - - if (ok == -2 || (ok >= 0 && answer == 'C')) - ok = 1; - else if (ok < 0) - ok = -1; - else - ok = 0; - } - return ok; - } - -static void hwcrhk_log_message(void *logstr, const char *message) - { - BIO *lstream = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_BIO); - if (logstr) - lstream=*(BIO **)logstr; - if (lstream) - { - BIO_printf(lstream, "%s\n", message); - } - CRYPTO_w_unlock(CRYPTO_LOCK_BIO); - } - -/* This stuff is needed if this ENGINE is being compiled into a self-contained - * shared-library. */ -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_hwcrhk_id) != 0) && - (strcmp(id, engine_hwcrhk_id_alt) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ - -#endif /* !OPENSSL_NO_HW_NCIPHER */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_ncipher.ec b/engines/e_ncipher.ec deleted file mode 100644 index 561db41e52..0000000000 --- a/engines/e_ncipher.ec +++ /dev/null @@ -1 +0,0 @@ -L HWCRHK e_ncipher_err.h e_ncipher_err.c diff --git a/engines/e_ncipher_err.c b/engines/e_ncipher_err.c deleted file mode 100644 index b219a88616..0000000000 --- a/engines/e_ncipher_err.c +++ /dev/null @@ -1,161 +0,0 @@ -/* e_ncipher_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "e_ncipher_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(0,func,0) -#define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA HWCRHK_str_functs[]= - { -{ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"}, -{ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"}, -{0,NULL} - }; - -static ERR_STRING_DATA HWCRHK_str_reasons[]= - { -{ERR_REASON(HWCRHK_R_ALREADY_LOADED) ,"already loaded"}, -{ERR_REASON(HWCRHK_R_BIO_WAS_FREED) ,"bio was freed"}, -{ERR_REASON(HWCRHK_R_CHIL_ERROR) ,"chil error"}, -{ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"}, -{ERR_REASON(HWCRHK_R_DSO_FAILURE) ,"dso failure"}, -{ERR_REASON(HWCRHK_R_LOCKING_MISSING) ,"locking missing"}, -{ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS),"missing key components"}, -{ERR_REASON(HWCRHK_R_NOT_INITIALISED) ,"not initialised"}, -{ERR_REASON(HWCRHK_R_NOT_LOADED) ,"not loaded"}, -{ERR_REASON(HWCRHK_R_NO_CALLBACK) ,"no callback"}, -{ERR_REASON(HWCRHK_R_NO_KEY) ,"no key"}, -{ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),"private key algorithms disabled"}, -{ERR_REASON(HWCRHK_R_REQUEST_FAILED) ,"request failed"}, -{ERR_REASON(HWCRHK_R_REQUEST_FALLBACK) ,"request fallback"}, -{ERR_REASON(HWCRHK_R_UNIT_FAILURE) ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef HWCRHK_LIB_NAME -static ERR_STRING_DATA HWCRHK_lib_name[]= - { -{0 ,HWCRHK_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int HWCRHK_lib_error_code=0; -static int HWCRHK_error_init=1; - -static void ERR_load_HWCRHK_strings(void) - { - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code=ERR_get_next_error_library(); - - if (HWCRHK_error_init) - { - HWCRHK_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs); - ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0); - ERR_load_strings(0,HWCRHK_lib_name); -#endif - } - } - -static void ERR_unload_HWCRHK_strings(void) - { - if (HWCRHK_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs); - ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - ERR_unload_strings(0,HWCRHK_lib_name); -#endif - HWCRHK_error_init=1; - } - } - -static void ERR_HWCRHK_error(int function, int reason, char *file, int line) - { - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line); - } diff --git a/engines/e_ncipher_err.h b/engines/e_ncipher_err.h deleted file mode 100644 index 482086e3b5..0000000000 --- a/engines/e_ncipher_err.h +++ /dev/null @@ -1,101 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_HWCRHK_ERR_H -#define HEADER_HWCRHK_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_HWCRHK_strings(void); -static void ERR_unload_HWCRHK_strings(void); -static void ERR_HWCRHK_error(int function, int reason, char *file, int line); -#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the HWCRHK functions. */ - -/* Function codes. */ -#define HWCRHK_F_HWCRHK_CTRL 100 -#define HWCRHK_F_HWCRHK_FINISH 101 -#define HWCRHK_F_HWCRHK_GET_PASS 102 -#define HWCRHK_F_HWCRHK_INIT 103 -#define HWCRHK_F_HWCRHK_INSERT_CARD 104 -#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105 -#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106 -#define HWCRHK_F_HWCRHK_MOD_EXP 107 -#define HWCRHK_F_HWCRHK_RAND_BYTES 108 -#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109 - -/* Reason codes. */ -#define HWCRHK_R_ALREADY_LOADED 100 -#define HWCRHK_R_BIO_WAS_FREED 101 -#define HWCRHK_R_CHIL_ERROR 102 -#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -#define HWCRHK_R_DSO_FAILURE 104 -#define HWCRHK_R_LOCKING_MISSING 114 -#define HWCRHK_R_MISSING_KEY_COMPONENTS 105 -#define HWCRHK_R_NOT_INITIALISED 106 -#define HWCRHK_R_NOT_LOADED 107 -#define HWCRHK_R_NO_CALLBACK 108 -#define HWCRHK_R_NO_KEY 109 -#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110 -#define HWCRHK_R_REQUEST_FAILED 111 -#define HWCRHK_R_REQUEST_FALLBACK 112 -#define HWCRHK_R_UNIT_FAILURE 113 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/makeengines.com b/engines/makeengines.com index 2191a2242d..4a7474e010 100644 --- a/engines/makeengines.com +++ b/engines/makeengines.com @@ -34,7 +34,7 @@ $! Set the names of the engines we want to build $! $ ENGINES = "," + P6 $ IF ENGINES .EQS. "," THEN - - ENGINES = ",4758_cca,aep,atalla,cswift,ncipher,nuron,sureware,ubsec" + ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec" $! $! Set the default TCP/IP library to link against if needed $! @@ -79,11 +79,11 @@ $ THEN $ ENGINE_ = "engine_vector.mar" $ EXTRA_OBJ := ,'OBJ_DIR'ENGINE_VECTOR.OBJ $ ENDIF -$ ENGINE_4758_CCA = "e_4758_cca" +$ ENGINE_4758CCA = "e_4758cca" $ ENGINE_aep = "e_aep" $ ENGINE_atalla = "e_atalla" $ ENGINE_cswift = "e_cswift" -$ ENGINE_ncipher = "e_ncipher" +$ ENGINE_chil = "e_chil" $ ENGINE_nuron = "e_nuron" $ ENGINE_sureware = "e_sureware" $ ENGINE_ubsec = "e_ubsec"