diff options
| author | Matt Caswell <matt@openssl.org> | 2015-10-13 15:02:47 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-10-15 17:02:06 +0100 |
| commit | 8b7080b0b7f30669c0784d8aa73388f95bbd056b (patch) | |
| tree | 24bdcefbce7277af57cc0f8a4944bf98a23b8fe3 /engines | |
| parent | f51e5ed6b4b91d12228da873db72aa28109d1797 (diff) | |
| download | openssl-8b7080b0b7f30669c0784d8aa73388f95bbd056b.tar.gz | |
Remove Obsolete engines
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'engines')
31 files changed, 6 insertions, 7761 deletions
diff --git a/engines/Makefile b/engines/Makefile index 3773e74c26..5cd2aa221a 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -3,7 +3,7 @@ # #The following engines have been disabled as they currently do not build -# aep atalla cswift chil nuron sureware ubsec +# sureware ubsec DIR= engines TOP= .. @@ -31,13 +31,11 @@ AFLAGS= $(ASFLAGS) GENERAL=Makefile engines.com install.com engine_vector.mar LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758cca gmp padlock capi -LIBSRC= e_4758cca.c \ - e_gmp.c \ +LIBNAMES= gmp padlock capi +LIBSRC= e_gmp.c \ e_padlock.c \ e_capi.c -LIBOBJ= e_4758cca.o \ - e_gmp.o \ +LIBOBJ= e_gmp.o \ e_padlock.o \ e_capi.o \ $(ENGINES_ASM_OBJ) @@ -48,11 +46,8 @@ TESTLIBOBJ= e_ossltest.o SRC= $(LIBSRC) -HEADER= e_4758cca_err.c e_4758cca_err.h \ - e_gmp_err.c e_gmp_err.h \ +HEADER= e_gmp_err.c e_gmp_err.h \ e_chil_err.c e_chil_err.h \ - e_nuron_err.c e_nuron_err.h \ - e_sureware_err.c e_sureware_err.h \ e_ubsec_err.c e_ubsec_err.h \ e_capi_err.c e_capi_err.h \ e_ossltest_err.c e_ossltest_err.h @@ -159,22 +154,6 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h -e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h -e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h -e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h -e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h -e_4758cca.o: vendor_defns/hw_4758_cca.h e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_capi.o: ../include/openssl/buffer.h ../include/openssl/crypto.h e_capi.o: ../include/openssl/e_os2.h ../include/openssl/ec.h diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c deleted file mode 100644 index 396f2c2b6a..0000000000 --- a/engines/e_4758cca.c +++ /dev/null @@ -1,937 +0,0 @@ -/* Author: Maurice Gittens <maurice@gittens.nl> */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/dso.h> -#include <openssl/x509.h> -#include <openssl/objects.h> -#include <openssl/engine.h> -#include <openssl/rand.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#include <openssl/bn.h> - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_4758_CCA - -# ifdef FLAT_INC -# include "hw_4758_cca.h" -# else -# include "vendor_defns/hw_4758_cca.h" -# endif - -# include "e_4758cca_err.c" - -static int ibm_4758_cca_destroy(ENGINE *e); -static int ibm_4758_cca_init(ENGINE *e); -static int ibm_4758_cca_finish(ENGINE *e); -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); - -/* rsa functions */ -/* -------------*/ -# ifndef OPENSSL_NO_RSA -static int cca_rsa_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int cca_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa); -static int cca_rsa_verify(int dtype, const unsigned char *m, - unsigned int m_len, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); - -/* utility functions */ -/* ---------------------*/ -static EVP_PKEY *ibm_4758_load_privkey(ENGINE *, const char *, - UI_METHOD *ui_method, - void *callback_data); -static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *, const char *, - UI_METHOD *ui_method, - void *callback_data); - -static int getModulusAndExponent(const unsigned char *token, - long *exponentLength, - unsigned char *exponent, long *modulusLength, - long *modulusFieldLength, - unsigned char *modulus); -# endif - -/* RAND number functions */ -/* ---------------------*/ -static int cca_get_random_bytes(unsigned char *, int); -static int cca_random_status(void); - -# ifndef OPENSSL_NO_RSA -static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -# endif - -/* Function pointers for CCA verbs */ -/* -------------------------------*/ -# ifndef OPENSSL_NO_RSA -static F_KEYRECORDREAD keyRecordRead; -static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate; -static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify; -static F_PUBLICKEYEXTRACT publicKeyExtract; -static F_PKAENCRYPT pkaEncrypt; -static F_PKADECRYPT pkaDecrypt; -# endif -static F_RANDOMNUMBERGENERATE randomNumberGenerate; - -/* static variables */ -/* ----------------*/ -static const char *CCA4758_LIB_NAME = NULL; -static const char *get_CCA4758_LIB_NAME(void) -{ - if (CCA4758_LIB_NAME) - return CCA4758_LIB_NAME; - return CCA_LIB_NAME; -} - -static void free_CCA4758_LIB_NAME(void) -{ - if (CCA4758_LIB_NAME) - OPENSSL_free((void *)CCA4758_LIB_NAME); - CCA4758_LIB_NAME = NULL; -} - -static long set_CCA4758_LIB_NAME(const char *name) -{ - free_CCA4758_LIB_NAME(); - return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0); -} - -# ifndef OPENSSL_NO_RSA -static const char *n_keyRecordRead = CSNDKRR; -static const char *n_digitalSignatureGenerate = CSNDDSG; -static const char *n_digitalSignatureVerify = CSNDDSV; -static const char *n_publicKeyExtract = CSNDPKX; -static const char *n_pkaEncrypt = CSNDPKE; -static const char *n_pkaDecrypt = CSNDPKD; -# endif -static const char *n_randomNumberGenerate = CSNBRNG; - -# ifndef OPENSSL_NO_RSA -static int hndidx = -1; -# endif -static DSO *dso = NULL; - -/* openssl engine initialization structures */ -/* ----------------------------------------*/ - -# define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = { - {CCA4758_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the '4758cca' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -static RSA_METHOD ibm_4758_cca_rsa = { - "IBM 4758 CCA RSA method", - cca_rsa_pub_enc, - NULL, - NULL, - cca_rsa_priv_dec, - NULL, /* rsa_mod_exp, */ - NULL, /* mod_exp_mont, */ - NULL, /* init */ - NULL, /* finish */ - RSA_FLAG_SIGN_VER, /* flags */ - NULL, /* app_data */ - cca_rsa_sign, /* rsa_sign */ - cca_rsa_verify, /* rsa_verify */ - NULL /* rsa_keygen */ -}; -# endif - -static RAND_METHOD ibm_4758_cca_rand = { - /* "IBM 4758 RAND method", */ - NULL, /* seed */ - cca_get_random_bytes, /* get random bytes from the card */ - NULL, /* cleanup */ - NULL, /* add */ - cca_get_random_bytes, /* pseudo rand */ - cca_random_status, /* status */ -}; - -static const char *engine_4758_cca_id = "4758cca"; -static const char *engine_4758_cca_name = - "IBM 4758 CCA hardware engine support"; -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -/* Compatibility hack, the dynamic library uses this form in the path */ -static const char *engine_4758_cca_id_alt = "4758_cca"; -# endif - -/* engine implementation */ -/* ---------------------*/ -static int bind_helper(ENGINE *e) -{ - if (!ENGINE_set_id(e, engine_4758_cca_id) || - !ENGINE_set_name(e, engine_4758_cca_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) || -# endif - !ENGINE_set_RAND(e, &ibm_4758_cca_rand) || - !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) || - !ENGINE_set_init_function(e, ibm_4758_cca_init) || - !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || - !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || - !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || -# endif - !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) - return 0; - /* Ensure the error handling is set up */ - ERR_load_CCA4758_strings(); - return 1; -} - -# ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_4758_cca(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_4758cca(void) -{ - ENGINE *e_4758 = engine_4758_cca(); - if (!e_4758) - return; - ENGINE_add(e_4758); - ENGINE_free(e_4758); - ERR_clear_error(); -} -# endif - -static int ibm_4758_cca_destroy(ENGINE *e) -{ - ERR_unload_CCA4758_strings(); - free_CCA4758_LIB_NAME(); - return 1; -} - -static int ibm_4758_cca_init(ENGINE *e) -{ - if (dso) { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED); - goto err; - } - - dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0); - if (!dso) { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); - goto err; - } -#define BINDIT(t, name) (t)DSO_bind_func(dso, name) -# ifndef OPENSSL_NO_RSA - if ((keyRecordRead = BINDIT(F_KEYRECORDREAD, n_keyRecordRead)) == NULL - || (randomNumberGenerate = BINDIT(F_RANDOMNUMBERGENERATE, n_randomNumberGenerate)) == NULL - || (digitalSignatureGenerate = BINDIT(F_DIGITALSIGNATUREGENERATE, n_digitalSignatureGenerate)) == NULL - || (digitalSignatureVerify = BINDIT(F_DIGITALSIGNATUREVERIFY, n_digitalSignatureVerify)) == NULL - || (publicKeyExtract = BINDIT(F_PUBLICKEYEXTRACT, n_publicKeyExtract)) == NULL - || (pkaEncrypt = BINDIT(F_PKAENCRYPT, n_pkaEncrypt)) == NULL - || (pkaDecrypt = BINDIT(F_PKADECRYPT, n_pkaDecrypt)) == NULL) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); - goto err; - } -# else - if ((randomNumberGenerate = BINDIT(F_RANDOMNUMBERGENERATE, n_randomNumberGenerate)) == NULL) { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); - goto err; - } -# endif - -# ifndef OPENSSL_NO_RSA - hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle", - NULL, NULL, cca_ex_free); -# endif - - return 1; - err: - DSO_free(dso); - dso = NULL; - -# ifndef OPENSSL_NO_RSA - keyRecordRead = (F_KEYRECORDREAD) 0; - digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0; - digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; - publicKeyExtract = (F_PUBLICKEYEXTRACT)0; - pkaEncrypt = (F_PKAENCRYPT) 0; - pkaDecrypt = (F_PKADECRYPT) 0; -# endif - randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0; - return 0; -} - -static int ibm_4758_cca_finish(ENGINE *e) -{ - free_CCA4758_LIB_NAME(); - if (!dso) { - CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED); - return 0; - } - if (!DSO_free(dso)) { - CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_UNIT_FAILURE); - return 0; - } - dso = NULL; -# ifndef OPENSSL_NO_RSA - keyRecordRead = (F_KEYRECORDREAD) 0; - randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0; - digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0; - digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; - publicKeyExtract = (F_PUBLICKEYEXTRACT)0; - pkaEncrypt = (F_PKAENCRYPT) 0; - pkaDecrypt = (F_PKADECRYPT) 0; -# endif - randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0; - return 1; -} - -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)) -{ - int initialised = ((dso == NULL) ? 0 : 1); - switch (cmd) { - case CCA4758_CMD_SO_PATH: - if (p == NULL) { - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (initialised) { - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, CCA4758_R_ALREADY_LOADED); - return 0; - } - return set_CCA4758_LIB_NAME((const char *)p); - default: - break; - } - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - CCA4758_R_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -# ifndef OPENSSL_NO_RSA - -# define MAX_CCA_PKA_TOKEN_SIZE 2500 - -static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ - RSA *rtmp = NULL; - EVP_PKEY *res = NULL; - unsigned char *keyToken = NULL; - unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE]; - long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long returnCode; - long reasonCode; - long exitDataLength = 0; - long ruleArrayLength = 0; - unsigned char exitData[8]; - unsigned char ruleArray[8]; - unsigned char keyLabel[64]; - unsigned long keyLabelLength = strlen(key_id); - unsigned char modulus[256]; - long modulusFieldLength = sizeof(modulus); - long modulusLength = 0; - unsigned char exponent[256]; - long exponentLength = sizeof(exponent); - - if (keyLabelLength > sizeof(keyLabel)) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return NULL; - } - - memset(keyLabel, ' ', sizeof(keyLabel)); - memcpy(keyLabel, key_id, keyLabelLength); - - keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); - if (!keyToken) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); - goto err; - } - - keyRecordRead(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, keyLabel, - &keyTokenLength, keyToken + sizeof(long)); - - if (returnCode) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - publicKeyExtract(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken + sizeof(long), &pubKeyTokenLength, - pubKeyToken); - - if (returnCode) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - if (!getModulusAndExponent(pubKeyToken, &exponentLength, - exponent, &modulusLength, &modulusFieldLength, - modulus)) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - (*(long *)keyToken) = keyTokenLength; - rtmp = RSA_new_method(e); - RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); - - rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); - rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); - - return res; - err: - OPENSSL_free(keyToken); - return NULL; -} - -static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ - RSA *rtmp = NULL; - EVP_PKEY *res = NULL; - unsigned char *keyToken = NULL; - long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long returnCode; - long reasonCode; - long exitDataLength = 0; - long ruleArrayLength = 0; - unsigned char exitData[8]; - unsigned char ruleArray[8]; - unsigned char keyLabel[64]; - unsigned long keyLabelLength = strlen(key_id); - unsigned char modulus[512]; - long modulusFieldLength = sizeof(modulus); - long modulusLength = 0; - unsigned char exponent[512]; - long exponentLength = sizeof(exponent); - - if (keyLabelLength > sizeof(keyLabel)) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return NULL; - } - - memset(keyLabel, ' ', sizeof(keyLabel)); - memcpy(keyLabel, key_id, keyLabelLength); - - keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); - if (!keyToken) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE); - goto err; - } - - keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength, - keyToken + sizeof(long)); - - if (returnCode) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength, - exponent, &modulusLength, &modulusFieldLength, - modulus)) { - CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, - CCA4758_R_FAILED_LOADING_PUBLIC_KEY); - goto err; - } - - (*(long *)keyToken) = keyTokenLength; - rtmp = RSA_new_method(e); - RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); - rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); - rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); - - return res; - err: - OPENSSL_free(keyToken); - return NULL; -} - -static int cca_rsa_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - long returnCode; - long reasonCode; - long lflen = flen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.2"; - long dataStructureLength = 0; - unsigned char dataStructure[8]; - long outputLength = RSA_size(rsa); - long keyTokenLength; - unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx); - - keyTokenLength = *(long *)keyToken; - keyToken += sizeof(long); - - pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from, - &dataStructureLength, dataStructure, &keyTokenLength, - keyToken, &outputLength, to); - - if (returnCode || reasonCode) - return -(returnCode << 16 | reasonCode); - return outputLength; -} - -static int cca_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - long returnCode; - long reasonCode; - long lflen = flen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.2"; - long dataStructureLength = 0; - unsigned char dataStructure[8]; - long outputLength = RSA_size(rsa); - long keyTokenLength; - unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx); - - keyTokenLength = *(long *)keyToken; - keyToken += sizeof(long); - - pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from, - &dataStructureLength, dataStructure, &keyTokenLength, - keyToken, &outputLength, to); - - return (returnCode | reasonCode) ? 0 : 1; -} - -# define SSL_SIG_LEN 36 - -static int cca_rsa_verify(int type, const unsigned char *m, - unsigned int m_len, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa) -{ - long returnCode; - long reasonCode; - long lsiglen = siglen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.1"; - long keyTokenLength; - unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx); - long length = SSL_SIG_LEN; - long keyLength; - unsigned char *hashBuffer = NULL; - X509_SIG sig; - ASN1_TYPE parameter; - X509_ALGOR algorithm; - ASN1_OCTET_STRING digest; - - keyTokenLength = *(long *)keyToken; - keyToken += sizeof(long); - - if (type == NID_md5 || type == NID_sha1) { - sig.algor = &algorithm; - algorithm.algorithm = OBJ_nid2obj(type); - - if (!algorithm.algorithm) { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } - - if (!OBJ_length(algorithm.algorithm)) { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); - return 0; - } - - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - algorithm.parameter = ¶meter; - - sig.digest = &digest; - sig.digest->data = (unsigned char *)m; - sig.digest->length = m_len; - - length = i2d_X509_SIG(&sig, NULL); - } - - keyLength = RSA_size(rsa); - - if (length - RSA_PKCS1_PADDING > keyLength) { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - switch (type) { - case NID_md5_sha1: - if (m_len != SSL_SIG_LEN) { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - hashBuffer = (unsigned char *)m; - length = m_len; - break; - case NID_md5: - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1); - if (!hashBuffer) { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE); - return 0; - } - - i2d_X509_SIG(&sig, &ptr); - } - break; - case NID_sha1: - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1); - if (!hashBuffer) { - CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - default: - return 0; - } - - digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, - &keyTokenLength, keyToken, &length, hashBuffer, - &lsiglen, (unsigned char *)sigbuf); - - if (type == NID_sha1 || type == NID_md5) - OPENSSL_clear_free(hashBuffer, keyLength + 1); - - return ((returnCode || reasonCode) ? 0 : 1); -} - -# define SSL_SIG_LEN 36 - -static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa) -{ - long returnCode; - long reasonCode; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.1"; - long outputLength = 256; - long outputBitLength; - long keyTokenLength; - unsigned char *hashBuffer = NULL; - unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx); - long length = SSL_SIG_LEN; - long keyLength; - X509_SIG sig; - ASN1_TYPE parameter; - X509_ALGOR algorithm; - ASN1_OCTET_STRING digest; - - keyTokenLength = *(long *)keyToken; - keyToken += sizeof(long); - - if (type == NID_md5 || type == NID_sha1) { - sig.algor = &algorithm; - algorithm.algorithm = OBJ_nid2obj(type); - - if (!algorithm.algorithm) { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } - - if (!OBJ_length(algorithm.algorithm)) { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); - return 0; - } - - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - algorithm.parameter = ¶meter; - - sig.digest = &digest; - sig.digest->data = (unsigned char *)m; - sig.digest->length = m_len; - - length = i2d_X509_SIG(&sig, NULL); - } - - keyLength = RSA_size(rsa); - - if (length - RSA_PKCS1_PADDING > keyLength) { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - switch (type) { - case NID_md5_sha1: - if (m_len != SSL_SIG_LEN) { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - hashBuffer = (unsigned char *)m; - length = m_len; - break; - case NID_md5: - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1); - if (!hashBuffer) { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - case NID_sha1: - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1); - if (!hashBuffer) { - CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - default: - return 0; - } - - digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, - &keyTokenLength, keyToken, &length, hashBuffer, - &outputLength, &outputBitLength, sigret); - - if (type == NID_sha1 || type == NID_md5) - OPENSSL_clear_free(hashBuffer, keyLength + 1); - - *siglen = outputLength; - - return ((returnCode || reasonCode) ? 0 : 1); -} - -static int getModulusAndExponent(const unsigned char *token, - long *exponentLength, - unsigned char *exponent, long *modulusLength, - long *modulusFieldLength, - unsigned char *modulus) -{ - unsigned long len; - - if (*token++ != (char)0x1E) /* internal PKA token? */ - return 0; - - if (*token++) /* token version must be zero */ - return 0; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - token += 4; /* skip reserved bytes */ - - if (*token++ == (char)0x04) { - if (*token++) /* token version must be zero */ - return 0; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - token += 2; /* skip reserved section */ - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *exponentLength = len; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *modulusLength = len; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *modulusFieldLength = len; - - memcpy(exponent, token, *exponentLength); - token += *exponentLength; - - memcpy(modulus, token, *modulusFieldLength); - return 1; - } - return 0; -} - -# endif /* OPENSSL_NO_RSA */ - -static int cca_random_status(void) -{ - return 1; -} - -static int cca_get_random_bytes(unsigned char *buf, int num) -{ - long ret_code; - long reason_code; - long exit_data_length; - unsigned char exit_data[4]; - unsigned char form[] = "RANDOM "; - unsigned char rand_buf[8]; - - while (num >= (int)sizeof(rand_buf)) { - randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, - exit_data, form, rand_buf); - if (ret_code) - return 0; - num -= sizeof(rand_buf); - memcpy(buf, rand_buf, sizeof(rand_buf)); - buf += sizeof(rand_buf); - } - - if (num) { - randomNumberGenerate(&ret_code, &reason_code, NULL, NULL, - form, rand_buf); - if (ret_code) - return 0; - memcpy(buf, rand_buf, num); - } - - return 1; -} - -# ifndef OPENSSL_NO_RSA -static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) -{ - OPENSSL_free(item); -} -# endif - -/* Goo to handle building as a dynamic engine */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_4758_cca_id) != 0) && - (strcmp(id, engine_4758_cca_id_alt) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -# endif /* !OPENSSL_NO_HW_4758_CCA */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_4758cca.ec b/engines/e_4758cca.ec deleted file mode 100644 index f30ed02c05..0000000000 --- a/engines/e_4758cca.ec +++ /dev/null @@ -1 +0,0 @@ -L CCA4758 e_4758cca_err.h e_4758cca_err.c diff --git a/engines/e_4758cca_err.c b/engines/e_4758cca_err.c deleted file mode 100644 index aed7199759..0000000000 --- a/engines/e_4758cca_err.c +++ /dev/null @@ -1,153 +0,0 @@ -/* e_4758cca_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_4758cca_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA CCA4758_str_functs[] = { - {ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"}, - {ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"}, - {ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"}, - {ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"}, - {ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"}, - {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"}, - {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"}, - {0, NULL} -}; - -static ERR_STRING_DATA CCA4758_str_reasons[] = { - {ERR_REASON(CCA4758_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD), - "asn1 oid unknown for md"}, - {ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED), - "command not implemented"}, - {ERR_REASON(CCA4758_R_DSO_FAILURE), "dso failure"}, - {ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY), - "failed loading private key"}, - {ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY), - "failed loading public key"}, - {ERR_REASON(CCA4758_R_NOT_LOADED), "not loaded"}, - {ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL), - "size too large or too small"}, - {ERR_REASON(CCA4758_R_UNIT_FAILURE), "unit failure"}, - {ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"}, - {0, NULL} -}; - -#endif - -#ifdef CCA4758_LIB_NAME -static ERR_STRING_DATA CCA4758_lib_name[] = { - {0, CCA4758_LIB_NAME}, - {0, NULL} -}; -#endif - -static int CCA4758_lib_error_code = 0; -static int CCA4758_error_init = 1; - -static void ERR_load_CCA4758_strings(void) -{ - if (CCA4758_lib_error_code == 0) - CCA4758_lib_error_code = ERR_get_next_error_library(); - - if (CCA4758_error_init) { - CCA4758_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_functs); - ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_reasons); -#endif - -#ifdef CCA4758_LIB_NAME - CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code, 0, 0); - ERR_load_strings(0, CCA4758_lib_name); -#endif - } -} - -static void ERR_unload_CCA4758_strings(void) -{ - if (CCA4758_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_functs); - ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_reasons); -#endif - -#ifdef CCA4758_LIB_NAME - ERR_unload_strings(0, CCA4758_lib_name); -#endif - CCA4758_error_init = 1; - } -} - -static void ERR_CCA4758_error(int function, int reason, char *file, int line) -{ - if (CCA4758_lib_error_code == 0) - CCA4758_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(CCA4758_lib_error_code, function, reason, file, line); -} diff --git a/engines/e_4758cca_err.h b/engines/e_4758cca_err.h deleted file mode 100644 index 2f29d96fb7..0000000000 --- a/engines/e_4758cca_err.h +++ /dev/null @@ -1,98 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_CCA4758_ERR_H -# define HEADER_CCA4758_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_CCA4758_strings(void); -static void ERR_unload_CCA4758_strings(void); -static void ERR_CCA4758_error(int function, int reason, char *file, int line); -# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the CCA4758 functions. */ - -/* Function codes. */ -# define CCA4758_F_CCA_RSA_SIGN 105 -# define CCA4758_F_CCA_RSA_VERIFY 106 -# define CCA4758_F_IBM_4758_CCA_CTRL 100 -# define CCA4758_F_IBM_4758_CCA_FINISH 101 -# define CCA4758_F_IBM_4758_CCA_INIT 102 -# define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103 -# define CCA4758_F_IBM_4758_LOAD_PUBKEY 104 - -/* Reason codes. */ -# define CCA4758_R_ALREADY_LOADED 100 -# define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101 -# define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102 -# define CCA4758_R_DSO_FAILURE 103 -# define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104 -# define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105 -# define CCA4758_R_NOT_LOADED 106 -# define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107 -# define CCA4758_R_UNIT_FAILURE 108 -# define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/e_aep.c b/engines/e_aep.c deleted file mode 100644 index abcdb1538f..0000000000 --- a/engines/e_aep.c +++ /dev/null @@ -1,1182 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <openssl/bn.h> -#include <string.h> - -#include <openssl/e_os2.h> -#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) || defined(__MINGW32__) -# include <sys/types.h> -# include <unistd.h> -#else -# include <process.h> -typedef int pid_t; -#endif - -#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -# define getpid GetThreadID -extern int GetThreadID(void); -#elif defined(_WIN32) && !defined(__WATCOMC__) -# define getpid _getpid -#endif - -#include <openssl/crypto.h> -#include <openssl/dso.h> -#include <openssl/engine.h> -#include <openssl/buffer.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_DH -# include <openssl/dh.h> -#endif - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_AEP -# ifdef FLAT_INC -# include "aep.h" -# else -# include "vendor_defns/aep.h" -# endif - -# define AEP_LIB_NAME "aep engine" -# define FAIL_TO_SW 0x10101010 - -# include "e_aep_err.c" - -static int aep_init(ENGINE *e); -static int aep_finish(ENGINE *e); -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); -static int aep_destroy(ENGINE *e); - -static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection); -static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection); -static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection); -static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use); - -/* BIGNUM stuff */ -# ifndef OPENSSL_NO_RSA -static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, - BN_CTX *ctx); -# endif - -/* RSA stuff */ -# ifndef OPENSSL_NO_RSA -static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -# endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -# ifndef OPENSSL_NO_RSA -static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -# endif - -/* DSA stuff */ -# ifndef OPENSSL_NO_DSA -static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); - -static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -/* DH stuff */ -/* This function is aliased to mod_exp (with the DH and mont dropped). */ -# ifndef OPENSSL_NO_DH -static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -/* rand stuff */ -# ifdef AEPRAND -static int aep_rand(unsigned char *buf, int num); -static int aep_rand_status(void); -# endif - -/* Bignum conversion stuff */ -static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize); -static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, - unsigned char *AEP_BigNum); -static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize, - unsigned char *AEP_BigNum); - -/* The definitions for control commands specific to this engine */ -# define AEP_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN aep_cmd_defns[] = { - {AEP_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'aep' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD aep_rsa = { - "Aep RSA method", - NULL, /* rsa_pub_encrypt */ - NULL, /* rsa_pub_decrypt */ - NULL, /* rsa_priv_encrypt */ - NULL, /* rsa_priv_encrypt */ - aep_rsa_mod_exp, /* rsa_mod_exp */ - aep_mod_exp_mont, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* rsa_sign */ - NULL, /* rsa_verify */ - NULL /* rsa_keygen */ -}; -# endif - -# ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD aep_dsa = { - "Aep DSA method", - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - aep_dsa_mod_exp, /* dsa_mod_exp */ - aep_mod_exp_dsa, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* dsa_paramgen */ - NULL /* dsa_keygen */ -}; -# endif - -# ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD aep_dh = { - "Aep DH method", - NULL, - NULL, - aep_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL -}; -# endif - -# ifdef AEPRAND -/* our internal RAND_method that we provide pointers to */ -static RAND_METHOD aep_random = { - /* - * "AEP RAND method", - */ - NULL, - aep_rand, - NULL, - NULL, - aep_rand, - aep_rand_status, -}; -# endif - -/* - * Define an array of structures to hold connections - */ -static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS]; - -/* - * Used to determine if this is a new process - */ -static pid_t recorded_pid = 0; - -# ifdef AEPRAND -static AEP_U8 rand_block[RAND_BLK_SIZE]; -static AEP_U32 rand_block_bytes = 0; -# endif - -/* Constants used when creating the ENGINE */ -static const char *engine_aep_id = "aep"; -static const char *engine_aep_name = "Aep hardware engine support"; - -static int max_key_len = 2176; - -/* - * This internal function is used by ENGINE_aep() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_aep(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif -# ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -# endif -# ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -# endif - - if (!ENGINE_set_id(e, engine_aep_id) || - !ENGINE_set_name(e, engine_aep_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &aep_rsa) || -# endif -# ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &aep_dsa) || -# endif -# ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &aep_dh) || -# endif -# ifdef AEPRAND - !ENGINE_set_RAND(e, &aep_random) || -# endif - !ENGINE_set_init_function(e, aep_init) || - !ENGINE_set_destroy_function(e, aep_destroy) || - !ENGINE_set_finish_function(e, aep_finish) || - !ENGINE_set_ctrl_function(e, aep_ctrl) || - !ENGINE_set_cmd_defns(e, aep_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - /* - * We know that the "PKCS1_SSLeay()" functions hook properly to the - * aep-specific mod_exp and mod_exp_crt so we use those functions. NB: We - * don't use ENGINE_openssl() or anything "more generic" because - * something like the RSAref code may not hook properly, and if you own - * one of these cards then you have the right to do RSA operations on it - * anyway! - */ - meth1 = RSA_PKCS1_SSLeay(); - aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -# endif - -# ifndef OPENSSL_NO_DSA - /* - * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits. - */ - meth2 = DSA_OpenSSL(); - aep_dsa.dsa_do_sign = meth2->dsa_do_sign; - aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup; - aep_dsa.dsa_do_verify = meth2->dsa_do_verify; - - aep_dsa = *DSA_get_default_method(); - aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; - aep_dsa.bn_mod_exp = aep_mod_exp_dsa; -# endif - -# ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - aep_dh.generate_key = meth3->generate_key; - aep_dh.compute_key = meth3->compute_key; - aep_dh.bn_mod_exp = meth3->bn_mod_exp; -# endif - - /* Ensure the aep error handling is set up */ - ERR_load_AEPHK_strings(); - - return 1; -} - -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_helper(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_aep_id) != 0)) - return 0; - if (!bind_aep(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# else -static ENGINE *engine_aep(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_aep(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_aep(void) -{ - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_aep(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -} -# endif - -/* - * This is a process-global DSO handle used for loading and unloading the Aep - * library. NB: This is only set (or unset) during an init() or finish() call - * (reference counts permitting) and they're operating with global locks, so - * this should be thread-safe implicitly. - */ -static DSO *aep_dso = NULL; - -/* - * These are the static string constants for the DSO file name and the - * function symbol names to bind to. - */ -static const char *AEP_LIBNAME = NULL; -static const char *get_AEP_LIBNAME(void) -{ - if (AEP_LIBNAME) - return AEP_LIBNAME; - return "aep"; -} - -static void free_AEP_LIBNAME(void) -{ - OPENSSL_free(AEP_LIBNAME); - AEP_LIBNAME = NULL; -} - -static long set_AEP_LIBNAME(const char *name) -{ - free_AEP_LIBNAME(); - return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0); -} - -static const char *AEP_F1 = "AEP_ModExp"; -static const char *AEP_F2 = "AEP_ModExpCrt"; -# ifdef AEPRAND -static const char *AEP_F3 = "AEP_GenRandom"; -# endif -static const char *AEP_F4 = "AEP_Finalize"; -static const char *AEP_F5 = "AEP_Initialize"; -static const char *AEP_F6 = "AEP_OpenConnection"; -static const char *AEP_F7 = "AEP_SetBNCallBacks"; -static const char *AEP_F8 = "AEP_CloseConnection"; - -/* - * These are the function pointers that are (un)set when the library has - * successfully (un)loaded. - */ -static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL; -static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL; -static t_AEP_ModExp *p_AEP_ModExp = NULL; -static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL; -# ifdef AEPRAND -static t_AEP_GenRandom *p_AEP_GenRandom = NULL; -# endif -static t_AEP_Initialize *p_AEP_Initialize = NULL; -static t_AEP_Finalize *p_AEP_Finalize = NULL; -static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL; - -/* (de)initialisation functions. */ -static int aep_init(ENGINE *e) -{ - t_AEP_ModExp *p1; - t_AEP_ModExpCrt *p2; -# ifdef AEPRAND - t_AEP_GenRandom *p3; -# endif - t_AEP_Finalize *p4; - t_AEP_Initialize *p5; - t_AEP_OpenConnection *p6; - t_AEP_SetBNCallBacks *p7; - t_AEP_CloseConnection *p8; - - int to_return = 0; - - if (aep_dso != NULL) { - AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libaep.so. */ - - aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0); - if (aep_dso == NULL) { - AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED); - goto err; - } - -#define BINDIT(t, name) (t *)DSO_bind_func(aep_dso, name) - if ((p1 = BINDIT(t_AEP_ModExp, AEP_F1)) == NULL - || (p2 = BINDIT(t_AEP_ModExpCrt, AEP_F2)) == NULL -# ifdef AEPRAND - || (p3 = BINDIT(t_AEP_GenRandom, AEP_F3)) == NULL -# endif - || (p4 = BINDIT(t_AEP_Finalize, AEP_F4)) == NULL - || (p5 = BINDIT(t_AEP_Initialize, AEP_F5)) == NULL - || (p6 = BINDIT(t_AEP_OpenConnection, AEP_F6)) == NULL - || (p7 = BINDIT(t_AEP_SetBNCallBacks, AEP_F7)) == NULL - || (p8 = BINDIT(t_AEP_CloseConnection, AEP_F8)) == NULL) { - AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED); - goto err; - } - - /* Copy the pointers */ - - p_AEP_ModExp = p1; - p_AEP_ModExpCrt = p2; -# ifdef AEPRAND - p_AEP_GenRandom = p3; -# endif - p_AEP_Finalize = p4; - p_AEP_Initialize = p5; - p_AEP_OpenConnection = p6; - p_AEP_SetBNCallBacks = p7; - p_AEP_CloseConnection = p8; - - to_return = 1; - - return to_return; - - err: - - DSO_free(aep_dso); - aep_dso = NULL; - - p_AEP_OpenConnection = NULL; - p_AEP_ModExp = NULL; - p_AEP_ModExpCrt = NULL; -# ifdef AEPRAND - p_AEP_GenRandom = NULL; -# endif - p_AEP_Initialize = NULL; - p_AEP_Finalize = NULL; - p_AEP_SetBNCallBacks = NULL; - p_AEP_CloseConnection = NULL; - - return to_return; -} - -/* Destructor (complements the "ENGINE_aep()" constructor) */ -static int aep_destroy(ENGINE *e) -{ - free_AEP_LIBNAME(); - ERR_unload_AEPHK_strings(); - return 1; -} - -static int aep_finish(ENGINE *e) -{ - int to_return = 0, in_use; - AEP_RV rv; - - if (aep_dso == NULL) { - AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_NOT_LOADED); - goto err; - } - - rv = aep_close_all_connections(0, &in_use); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CLOSE_HANDLES_FAILED); - goto err; - } - if (in_use) { - AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CONNECTIONS_IN_USE); - goto err; - } - - rv = p_AEP_Finalize(); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_FINALIZE_FAILED); - goto err; - } - - if (!DSO_free(aep_dso)) { - AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_UNIT_FAILURE); - goto err; - } - - aep_dso = NULL; - p_AEP_CloseConnection = NULL; - p_AEP_OpenConnection = NULL; - p_AEP_ModExp = NULL; - p_AEP_ModExpCrt = NULL; -# ifdef AEPRAND - p_AEP_GenRandom = NULL; -# endif - p_AEP_Initialize = NULL; - p_AEP_Finalize = NULL; - p_AEP_SetBNCallBacks = NULL; - - to_return = 1; - err: - return to_return; -} - -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int initialised = ((aep_dso == NULL) ? 0 : 1); - switch (cmd) { - case AEP_CMD_SO_PATH: - if (p == NULL) { - AEPHKerr(AEPHK_F_AEP_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (initialised) { - AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_ALREADY_LOADED); - return 0; - } - return set_AEP_LIBNAME((const char *)p); - default: - break; - } - AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - int to_return = 0; - int r_len = 0; - AEP_CONNECTION_HNDL hConnection; - AEP_RV rv; - - r_len = BN_num_bits(m); - - /* Perform in software if modulus is too large for hardware. */ - - if (r_len > max_key_len) { - AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return BN_mod_exp(r, a, p, m, ctx); - } - - /* - * Grab a connection from the pool - */ - rv = aep_get_connection(&hConnection); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_GET_HANDLE_FAILED); - return BN_mod_exp(r, a, p, m, ctx); - } - - /* - * To the card with the mod exp - */ - rv = p_AEP_ModExp(hConnection, (void *)a, (void *)p, (void *)m, (void *)r, - NULL); - - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_MOD_EXP_FAILED); - rv = aep_close_connection(hConnection); - return BN_mod_exp(r, a, p, m, ctx); - } - - /* - * Return the connection to the pool - */ - rv = aep_return_connection(hConnection); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_RETURN_CONNECTION_FAILED); - goto err; - } - - to_return = 1; - err: - return to_return; -} - -# ifndef OPENSSL_NO_RSA -static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, - BN_CTX *ctx) -{ - AEP_RV rv = AEP_R_OK; - AEP_CONNECTION_HNDL hConnection; - - /* - * Grab a connection from the pool - */ - rv = aep_get_connection(&hConnection); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_GET_HANDLE_FAILED); - return FAIL_TO_SW; - } - - /* - * To the card with the mod exp - */ - rv = p_AEP_ModExpCrt(hConnection, (void *)a, (void *)p, (void *)q, - (void *)dmp1, (void *)dmq1, (void *)iqmp, (void *)r, - NULL); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_MOD_EXP_CRT_FAILED); - rv = aep_close_connection(hConnection); - return FAIL_TO_SW; - } - - /* - * Return the connection to the pool - */ - rv = aep_return_connection(hConnection); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_RETURN_CONNECTION_FAILED); - goto err; - } - - err: - return rv; -} -# endif - -# ifdef AEPRAND -static int aep_rand(unsigned char *buf, int len) -{ - AEP_RV rv = AEP_R_OK; - AEP_CONNECTION_HNDL hConnection; - - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /* - * Can the request be serviced with what's already in the buffer? - */ - if (len <= rand_block_bytes) { - memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len); - rand_block_bytes -= len; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } else - /* - * If not the get another block of random bytes - */ - { - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - rv = aep_get_connection(&hConnection); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_HANDLE_FAILED); - goto err_nounlock; - } - - if (len > RAND_BLK_SIZE) { - rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED); - goto err_nounlock; - } - } else { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, - &rand_block[0], NULL); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED); - - goto err; - } - - rand_block_bytes = RAND_BLK_SIZE; - - memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len); - rand_block_bytes -= len; - - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } - - rv = aep_return_connection(hConnection); - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_RETURN_CONNECTION_FAILED); - - goto err_nounlock; - } - } - - return 1; - err: - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - err_nounlock: - return 0; -} - -static int aep_rand_status(void) -{ - return 1; -} -# endif - -# ifndef OPENSSL_NO_RSA -static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -{ - int to_return = 0; - AEP_RV rv = AEP_R_OK; - - if (!aep_dso) { - AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_NOT_LOADED); - goto err; - } - - /* - * See if we have all the necessary bits for a crt - */ - if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { - rv = aep_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1, - rsa->iqmp, ctx); - - if (rv == FAIL_TO_SW) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); - goto err; - } else if (rv != AEP_R_OK) - goto err; - } else { - if (!rsa->d || !rsa->n) { - AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - rv = aep_mod_exp(r0, I, rsa->d, rsa->n, ctx); - if (rv != AEP_R_OK) - goto err; - - } - - to_return = 1; - - err: - return to_return; -} -# endif - -# ifndef OPENSSL_NO_DSA -static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - BIGNUM t; - int to_return = 0; - BN_init(&t); - - /* let rr = a1 ^ p1 mod m */ - if (!aep_mod_exp(rr, a1, p1, m, ctx)) - goto end; - /* let t = a2 ^ p2 mod m */ - if (!aep_mod_exp(&t, a2, p2, m, ctx)) - goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr, rr, &t, m, ctx)) - goto end; - to_return = 1; - end: - BN_free(&t); - return to_return; -} - -static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return aep_mod_exp(r, a, p, m, ctx); -} -# endif - -# ifndef OPENSSL_NO_RSA -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return aep_mod_exp(r, a, p, m, ctx); -} -# endif - -# ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return aep_mod_exp(r, a, p, m, ctx); -} -# endif - -static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) -{ - int count; - AEP_RV rv = AEP_R_OK; - - /* - * Get the current process id - */ - pid_t curr_pid; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - - curr_pid = getpid(); - - /* - * Check if this is the first time this is being called from the current - * process - */ - if (recorded_pid != curr_pid) { - /* - * Remember our pid so we can check if we're in a new process - */ - recorded_pid = curr_pid; - - /* - * Call Finalize to make sure we have not inherited some data from a - * parent process - */ - p_AEP_Finalize(); - - /* - * Initialise the AEP API - */ - rv = p_AEP_Initialize(NULL); - - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_INIT_FAILURE); - recorded_pid = 0; - goto end; - } - - /* - * Set the AEP big num call back functions - */ - rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum, - &ConvertAEPBigNum); - - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, - AEPHK_R_SETBNCALLBACK_FAILURE); - recorded_pid = 0; - goto end; - } -# ifdef AEPRAND - /* - * Reset the rand byte count - */ - rand_block_bytes = 0; -# endif - - /* - * Init the structures - */ - for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) { - aep_app_conn_table[count].conn_state = NotConnected; - aep_app_conn_table[count].conn_hndl = 0; - } - - /* - * Open a connection - */ - rv = p_AEP_OpenConnection(phConnection); - - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE); - recorded_pid = 0; - goto end; - } - - aep_app_conn_table[0].conn_state = InUse; - aep_app_conn_table[0].conn_hndl = *phConnection; - goto end; - } - /* - * Check the existing connections to see if we can find a free one - */ - for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) { - if (aep_app_conn_table[count].conn_state == Connected) { - aep_app_conn_table[count].conn_state = InUse; - *phConnection = aep_app_conn_table[count].conn_hndl; - goto end; - } - } - /* - * If no connections available, we're going to have to try to open a new - * one - */ - for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) { - if (aep_app_conn_table[count].conn_state == NotConnected) { - /* - * Open a connection - */ - rv = p_AEP_OpenConnection(phConnection); - - if (rv != AEP_R_OK) { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE); - goto end; - } - - aep_app_conn_table[count].conn_state = InUse; - aep_app_conn_table[count].conn_hndl = *phConnection; - goto end; - } - } - rv = AEP_R_GENERAL_ERROR; - end: - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return rv; -} - -static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection) -{ - int count; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - - /* - * Find the connection item that matches this connection handle - */ - for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) { - if (aep_app_conn_table[count].conn_hndl == hConnection) { - aep_app_conn_table[count].conn_state = Connected; - break; - } - } - - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - - return AEP_R_OK; -} - -static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection) -{ - int count; - AEP_RV rv = AEP_R_OK; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - - /* - * Find the connection item that matches this connection handle - */ - for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) { - if (aep_app_conn_table[count].conn_hndl == hConnection) { - rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl); - if (rv != AEP_R_OK) - goto end; - aep_app_conn_table[count].conn_state = NotConnected; - aep_app_conn_table[count].conn_hndl = 0; - break; - } - } - - end: - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return rv; -} - -static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use) -{ - int count; - AEP_RV rv = AEP_R_OK; - - *in_use = 0; - if (use_engine_lock) - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) { - switch (aep_app_conn_table[count].conn_state) { - case Connected: - rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl); - if (rv != AEP_R_OK) - goto end; - aep_app_conn_table[count].conn_state = NotConnected; - aep_app_conn_table[count].conn_hndl = 0; - break; - case InUse: - (*in_use)++; - break; - case NotConnected: - break; - } - } - end: - if (use_engine_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return rv; -} - -/* - * BigNum call back functions, used to convert OpenSSL bignums into AEP - * bignums. Note only 32bit Openssl build support - */ - -static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize) -{ - BIGNUM *bn; - - /* - * Cast the ArbBigNum pointer to our BIGNUM struct - */ - bn = (BIGNUM *)ArbBigNum; - - *BigNumSize = bn->top * BN_BYTES; - - if (BN_BYTES > sizeof(AEP_U32) && (bn->d[bn->top - 1] >> BN_BITS4) == 0) - *BigNumSize -= 4; - - return AEP_R_OK; -} - -static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, - unsigned char *AEP_BigNum) -{ - BIGNUM *bn; - const union { - long one; - char little; - } is_endian = { - 1 - }; - AEP_U32 i, j; - - /* - * Cast the ArbBigNum pointer to our BIGNUM struct - */ - bn = (BIGNUM *)ArbBigNum; - - /* - * Must copy data into a (monotone) least significant byte first format - * performing endian conversion if necessary - */ - if (is_endian.little && sizeof(bn->d[0]) == BN_BYTES) - memcpy(AEP_BigNum, bn->d, BigNumSize); - else { - BN_ULONG di; - - for (i = 0; BigNumSize >= BN_BYTES; i++) { - di = bn->d[i]; - for (j = 0; j < BN_BYTES; j++) { - AEP_BigNum[j] = (unsigned char)di; - di >>= 8; - } - AEP_BigNum += BN_BYTES; - BigNumSize -= BN_BYTES; - } - - if (BigNumSize) { - di = bn->d[i]; - for (j = 0; j < BigNumSize; j++) { - AEP_BigNum[j] = (unsigned char)di; - di >>= 8; - } - } - } - - return AEP_R_OK; -} - -/* - * Turn an AEP Big Num back to a user big num - */ -static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize, - unsigned char *AEP_BigNum) -{ - BIGNUM *bn; - const union { - long one; - char little; - } is_endian = { - 1 - }; - int i, j, top; - - bn = (BIGNUM *)ArbBigNum; - - /* - * Expand the result bn so that it can hold our big num. Size is in bits - */ - top = (BigNumSize + BN_BYTES - 1) / BN_BYTES; - bn_expand(bn, top); - bn->top = top; - bn->d[top - 1] = 0; - - if (is_endian.little && sizeof(bn->d[0]) == BN_BYTES) - memcpy(bn->d, AEP_BigNum, BigNumSize); - else { - BN_ULONG di; - - for (i = 0; BigNumSize >= BN_BYTES; i++) { - for (di = 0, j = BN_BYTES; j != 0;) { - di <<= 8; - di |= AEP_BigNum[--j]; - } - bn->d[i] = di; - AEP_BigNum += BN_BYTES; - BigNumSize -= BN_BYTES; - } - - if (BigNumSize) { - for (di = 0, j = BigNumSize; j != 0;) { - di <<= 8; - di |= AEP_BigNum[--j]; - } - bn->d[i] = di; - } - } - - return AEP_R_OK; -} - -# endif /* !OPENSSL_NO_HW_AEP */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_aep.ec b/engines/e_aep.ec deleted file mode 100644 index 8eae642e06..0000000000 --- a/engines/e_aep.ec +++ /dev/null @@ -1 +0,0 @@ -L AEPHK e_aep_err.h e_aep_err.c diff --git a/engines/e_aep_err.c b/engines/e_aep_err.c deleted file mode 100644 index 718db37964..0000000000 --- a/engines/e_aep_err.c +++ /dev/null @@ -1,159 +0,0 @@ -/* e_aep_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_aep_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA AEPHK_str_functs[] = { - {ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"}, - {ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"}, - {ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"}, - {ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"}, - {ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"}, - {ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"}, - {ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"}, - {ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"}, - {0, NULL} -}; - -static ERR_STRING_DATA AEPHK_str_reasons[] = { - {ERR_REASON(AEPHK_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED), "close handles failed"}, - {ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE), "connections in use"}, - {ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_REASON(AEPHK_R_FINALIZE_FAILED), "finalize failed"}, - {ERR_REASON(AEPHK_R_GET_HANDLE_FAILED), "get handle failed"}, - {ERR_REASON(AEPHK_R_GET_RANDOM_FAILED), "get random failed"}, - {ERR_REASON(AEPHK_R_INIT_FAILURE), "init failure"}, - {ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS), "missing key components"}, - {ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED), "mod exp crt failed"}, - {ERR_REASON(AEPHK_R_MOD_EXP_FAILED), "mod exp failed"}, - {ERR_REASON(AEPHK_R_NOT_LOADED), "not loaded"}, - {ERR_REASON(AEPHK_R_OK), "ok"}, - {ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED), - "return connection failed"}, - {ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE), "setbncallback failure"}, - {ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL), - "size too large or too small"}, - {ERR_REASON(AEPHK_R_UNIT_FAILURE), "unit failure"}, - {0, NULL} -}; - -#endif - -#ifdef AEPHK_LIB_NAME -static ERR_STRING_DATA AEPHK_lib_name[] = { - {0, AEPHK_LIB_NAME}, - {0, NULL} -}; -#endif - -static int AEPHK_lib_error_code = 0; -static int AEPHK_error_init = 1; - -static void ERR_load_AEPHK_strings(void) -{ - if (AEPHK_lib_error_code == 0) - AEPHK_lib_error_code = ERR_get_next_error_library(); - - if (AEPHK_error_init) { - AEPHK_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_functs); - ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_reasons); -#endif - -#ifdef AEPHK_LIB_NAME - AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code, 0, 0); - ERR_load_strings(0, AEPHK_lib_name); -#endif - } -} - -static void ERR_unload_AEPHK_strings(void) -{ - if (AEPHK_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_functs); - ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_reasons); -#endif - -#ifdef AEPHK_LIB_NAME - ERR_unload_strings(0, AEPHK_lib_name); -#endif - AEPHK_error_init = 1; - } -} - -static void ERR_AEPHK_error(int function, int reason, char *file, int line) -{ - if (AEPHK_lib_error_code == 0) - AEPHK_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(AEPHK_lib_error_code, function, reason, file, line); -} diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h deleted file mode 100644 index 2ed01147c2..0000000000 --- a/engines/e_aep_err.h +++ /dev/null @@ -1,106 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_AEPHK_ERR_H -# define HEADER_AEPHK_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_AEPHK_strings(void); -static void ERR_unload_AEPHK_strings(void); -static void ERR_AEPHK_error(int function, int reason, char *file, int line); -# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the AEPHK functions. */ - -/* Function codes. */ -# define AEPHK_F_AEP_CTRL 100 -# define AEPHK_F_AEP_FINISH 101 -# define AEPHK_F_AEP_GET_CONNECTION 102 -# define AEPHK_F_AEP_INIT 103 -# define AEPHK_F_AEP_MOD_EXP 104 -# define AEPHK_F_AEP_MOD_EXP_CRT 105 -# define AEPHK_F_AEP_RAND 106 -# define AEPHK_F_AEP_RSA_MOD_EXP 107 - -/* Reason codes. */ -# define AEPHK_R_ALREADY_LOADED 100 -# define AEPHK_R_CLOSE_HANDLES_FAILED 101 -# define AEPHK_R_CONNECTIONS_IN_USE 102 -# define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -# define AEPHK_R_FINALIZE_FAILED 104 -# define AEPHK_R_GET_HANDLE_FAILED 105 -# define AEPHK_R_GET_RANDOM_FAILED 106 -# define AEPHK_R_INIT_FAILURE 107 -# define AEPHK_R_MISSING_KEY_COMPONENTS 108 -# define AEPHK_R_MOD_EXP_CRT_FAILED 109 -# define AEPHK_R_MOD_EXP_FAILED 110 -# define AEPHK_R_NOT_LOADED 111 -# define AEPHK_R_OK 112 -# define AEPHK_R_RETURN_CONNECTION_FAILED 113 -# define AEPHK_R_SETBNCALLBACK_FAILURE 114 -# define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116 -# define AEPHK_R_UNIT_FAILURE 115 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/e_atalla.c b/engines/e_atalla.c deleted file mode 100644 index 211f29f541..0000000000 --- a/engines/e_atalla.c +++ /dev/null @@ -1,621 +0,0 @@ -/* crypto/engine/hw_atalla.c */ -/* - * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project - * 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/buffer.h> -#include <openssl/dso.h> -#include <openssl/engine.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_DH -# include <openssl/dh.h> -#endif -#include <openssl/bn.h> - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_ATALLA - -# ifdef FLAT_INC -# include "atalla.h" -# else -# include "vendor_defns/atalla.h" -# endif - -# define ATALLA_LIB_NAME "atalla engine" -# include "e_atalla_err.c" - -static int atalla_destroy(ENGINE *e); -static int atalla_init(ENGINE *e); -static int atalla_finish(ENGINE *e); -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); - -/* BIGNUM stuff */ -static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -# ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -# ifndef OPENSSL_NO_DSA -/* DSA stuff */ -static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); -static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -# ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -/* The definitions for control commands specific to this engine */ -# define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN atalla_cmd_defns[] = { - {ATALLA_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'atasi' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD atalla_rsa = { - "Atalla RSA method", - NULL, - NULL, - NULL, - NULL, - atalla_rsa_mod_exp, - atalla_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL, - NULL -}; -# endif - -# ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD atalla_dsa = { - "Atalla DSA method", - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - atalla_dsa_mod_exp, /* dsa_mod_exp */ - atalla_mod_exp_dsa, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* dsa_paramgen */ - NULL /* dsa_keygen */ -}; -# endif - -# ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD atalla_dh = { - "Atalla DH method", - NULL, - NULL, - atalla_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL -}; -# endif - -/* Constants used when creating the ENGINE */ -static const char *engine_atalla_id = "atalla"; -static const char *engine_atalla_name = "Atalla hardware engine support"; - -/* - * This internal function is used by ENGINE_atalla() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif -# ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -# endif -# ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -# endif - if (!ENGINE_set_id(e, engine_atalla_id) || - !ENGINE_set_name(e, engine_atalla_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &atalla_rsa) || -# endif -# ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &atalla_dsa) || -# endif -# ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &atalla_dh) || -# endif - !ENGINE_set_destroy_function(e, atalla_destroy) || - !ENGINE_set_init_function(e, atalla_init) || - !ENGINE_set_finish_function(e, atalla_finish) || - !ENGINE_set_ctrl_function(e, atalla_ctrl) || - !ENGINE_set_cmd_defns(e, atalla_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - /* - * We know that the "PKCS1_SSLeay()" functions hook properly to the - * atalla-specific mod_exp and mod_exp_crt so we use those functions. NB: - * We don't use ENGINE_openssl() or anything "more generic" because - * something like the RSAref code may not hook properly, and if you own - * one of these cards then you have the right to do RSA operations on it - * anyway! - */ - meth1 = RSA_PKCS1_SSLeay(); - atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -# endif - -# ifndef OPENSSL_NO_DSA - /* - * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits. - */ - meth2 = DSA_OpenSSL(); - atalla_dsa.dsa_do_sign = meth2->dsa_do_sign; - atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup; - atalla_dsa.dsa_do_verify = meth2->dsa_do_verify; -# endif - -# ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - atalla_dh.generate_key = meth3->generate_key; - atalla_dh.compute_key = meth3->compute_key; -# endif - - /* Ensure the atalla error handling is set up */ - ERR_load_ATALLA_strings(); - return 1; -} - -# ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_atalla(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_atalla(void) -{ - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_atalla(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -} -# endif - -/* - * This is a process-global DSO handle used for loading and unloading the - * Atalla library. NB: This is only set (or unset) during an init() or - * finish() call (reference counts permitting) and they're operating with - * global locks, so this should be thread-safe implicitly. - */ -static DSO *atalla_dso = NULL; - -/* - * These are the function pointers that are (un)set when the library has - * successfully (un)loaded. - */ -static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL; -static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL; -static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = - NULL; - -/* - * These are the static string constants for the DSO file name and the - * function symbol names to bind to. Regrettably, the DSO name on *nix - * appears to be "atasi.so" rather than something more consistent like - * "libatasi.so". At the time of writing, I'm not sure what the file name on - * win32 is but clearly native name translation is not possible (eg - * libatasi.so on *nix, and atasi.dll on win32). For the purposes of testing, - * I have created a symbollic link called "libatasi.so" so that we can use - * native name-translation - a better solution will be needed. - */ -static const char *ATALLA_LIBNAME = NULL; -static const char *get_ATALLA_LIBNAME(void) -{ - if (ATALLA_LIBNAME) - return ATALLA_LIBNAME; - return "atasi"; -} - -static void free_ATALLA_LIBNAME(void) -{ - OPENSSL_free(ATALLA_LIBNAME); - ATALLA_LIBNAME = NULL; -} - -static long set_ATALLA_LIBNAME(const char *name) -{ - free_ATALLA_LIBNAME(); - return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); -} - -static const char *ATALLA_F1 = "ASI_GetHardwareConfig"; -static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn"; -static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics"; - -/* Destructor (complements the "ENGINE_atalla()" constructor) */ -static int atalla_destroy(ENGINE *e) -{ - free_ATALLA_LIBNAME(); - /* - * Unload the atalla error strings so any error state including our - * functs or reasons won't lead to a segfault (they simply get displayed - * without corresponding string data because none will be found). - */ - ERR_unload_ATALLA_strings(); - return 1; -} - -/* (de)initialisation functions. */ -static int atalla_init(ENGINE *e) -{ - tfnASI_GetHardwareConfig *p1; - tfnASI_RSAPrivateKeyOpFn *p2; - tfnASI_GetPerformanceStatistics *p3; - /* - * Not sure of the origin of this magic value, but Ben's code had it and - * it seemed to have been working for a few people. :-) - */ - unsigned int config_buf[1024]; - - if (atalla_dso != NULL) { - ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_ALREADY_LOADED); - goto err; - } - /* - * Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed - * unfortunately because the Atalla drivers don't have standard library - * names that can be platform-translated well. - */ - /* - * TODO: Work out how to actually map to the names the Atalla drivers - * really use - for now a symbollic link needs to be created on the host - * system from libatasi.so to atasi.so on unix variants. - */ - atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0); - if (atalla_dso == NULL) { - ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED); - goto err; - } -#define BINDIT(t, name) (t *)DSO_bind_func(atalla_dso, name) - if ((p1 = BINDIT(tfnASI_GetHardwareConfig, ATALLA_F1)) == NULL - || (p2 = BINDIT(tfnASI_RSAPrivateKeyOpFn, ATALLA_F2)) == NULL - || (p3 = BINDIT(tfnASI_GetPerformanceStatistics, ATALLA_F3)) == NULL) { - ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED); - goto err; - } - /* Copy the pointers */ - p_Atalla_GetHardwareConfig = p1; - p_Atalla_RSAPrivateKeyOpFn = p2; - p_Atalla_GetPerformanceStatistics = p3; - /* - * Perform a basic test to see if there's actually any unit running. - */ - if (p1(0L, config_buf) != 0) { - ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_UNIT_FAILURE); - goto err; - } - /* Everything's fine. */ - return 1; - err: - DSO_free(atalla_dso); - atalla_dso = NULL; - p_Atalla_GetHardwareConfig = NULL; - p_Atalla_RSAPrivateKeyOpFn = NULL; - p_Atalla_GetPerformanceStatistics = NULL; - return 0; -} - -static int atalla_finish(ENGINE *e) -{ - free_ATALLA_LIBNAME(); - if (atalla_dso == NULL) { - ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_NOT_LOADED); - return 0; - } - if (!DSO_free(atalla_dso)) { - ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_UNIT_FAILURE); - return 0; - } - atalla_dso = NULL; - p_Atalla_GetHardwareConfig = NULL; - p_Atalla_RSAPrivateKeyOpFn = NULL; - p_Atalla_GetPerformanceStatistics = NULL; - return 1; -} - -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int initialised = ((atalla_dso == NULL) ? 0 : 1); - switch (cmd) { - case ATALLA_CMD_SO_PATH: - if (p == NULL) { - ATALLAerr(ATALLA_F_ATALLA_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (initialised) { - ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_ALREADY_LOADED); - return 0; - } - return set_ATALLA_LIBNAME((const char *)p); - default: - break; - } - ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - /* - * I need somewhere to store temporary serialised values for use with the - * Atalla API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but - * access their arrays directly as byte arrays <grin>. This way I don't - * have to clean anything up. - */ - BIGNUM *modulus; - BIGNUM *exponent; - BIGNUM *argument; - BIGNUM *result; - RSAPrivateKey keydata; - int to_return, numbytes; - - modulus = exponent = argument = result = NULL; - to_return = 0; /* expect failure */ - - if (!atalla_dso) { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_NOT_LOADED); - goto err; - } - /* Prepare the params */ - BN_CTX_start(ctx); - modulus = BN_CTX_get(ctx); - exponent = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if (!result) { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_CTX_FULL); - goto err; - } - if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) || - !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_EXPAND_FAIL); - goto err; - } - /* Prepare the key-data */ - memset(&keydata, 0, sizeof(keydata)); - numbytes = BN_num_bytes(m); - memset(exponent->d, 0, numbytes); - memset(modulus->d, 0, numbytes); - BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p)); - BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m)); - keydata.privateExponent.data = (unsigned char *)exponent->d; - keydata.privateExponent.len = numbytes; - keydata.modulus.data = (unsigned char *)modulus->d; - keydata.modulus.len = numbytes; - /* Prepare the argument */ - memset(argument->d, 0, numbytes); - memset(result->d, 0, numbytes); - BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a)); - /* Perform the operation */ - if (p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d, - (unsigned char *)argument->d, - keydata.modulus.len) != 0) { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_REQUEST_FAILED); - goto err; - } - /* Convert the response */ - BN_bin2bn((unsigned char *)result->d, numbytes, r); - to_return = 1; - err: - BN_CTX_end(ctx); - return to_return; -} - -# ifndef OPENSSL_NO_RSA -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - int to_return = 0; - - if (!atalla_dso) { - ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP, ATALLA_R_NOT_LOADED); - goto err; - } - if (!rsa->d || !rsa->n) { - ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP, - ATALLA_R_MISSING_KEY_COMPONENTS); - goto err; - } - to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx); - err: - return to_return; -} -# endif - -# ifndef OPENSSL_NO_DSA -/* - * This code was liberated and adapted from the commented-out code in - * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it - * doesn't have a CRT form for RSA), this function means that an Atalla - * system running with a DSA server certificate can handshake around 5 or 6 - * times faster/more than an equivalent system running with RSA. Just check - * out the "signs" statistics from the RSA and DSA parts of "openssl speed - * -engine atalla dsa1024 rsa1024". - */ -static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - BIGNUM t; - int to_return = 0; - - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!atalla_mod_exp(rr, a1, p1, m, ctx)) - goto end; - /* let t = a2 ^ p2 mod m */ - if (!atalla_mod_exp(&t, a2, p2, m, ctx)) - goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr, rr, &t, m, ctx)) - goto end; - to_return = 1; - end: - BN_free(&t); - return to_return; -} - -static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return atalla_mod_exp(r, a, p, m, ctx); -} -# endif - -# ifndef OPENSSL_NO_RSA -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return atalla_mod_exp(r, a, p, m, ctx); -} -# endif - -# ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return atalla_mod_exp(r, a, p, m, ctx); -} -# endif - -/* - * This stuff is needed if this ENGINE is being compiled into a - * self-contained shared-library. - */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_atalla_id) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -# endif /* !OPENSSL_NO_HW_ATALLA */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_atalla.ec b/engines/e_atalla.ec deleted file mode 100644 index 1d735e1b20..0000000000 --- a/engines/e_atalla.ec +++ /dev/null @@ -1 +0,0 @@ -L ATALLA e_atalla_err.h e_atalla_err.c diff --git a/engines/e_atalla_err.c b/engines/e_atalla_err.c deleted file mode 100644 index ff47322389..0000000000 --- a/engines/e_atalla_err.c +++ /dev/null @@ -1,145 +0,0 @@ -/* e_atalla_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_atalla_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA ATALLA_str_functs[] = { - {ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"}, - {ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"}, - {ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"}, - {ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"}, - {ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"}, - {0, NULL} -}; - -static ERR_STRING_DATA ATALLA_str_reasons[] = { - {ERR_REASON(ATALLA_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(ATALLA_R_BN_CTX_FULL), "bn ctx full"}, - {ERR_REASON(ATALLA_R_BN_EXPAND_FAIL), "bn expand fail"}, - {ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS), "missing key components"}, - {ERR_REASON(ATALLA_R_NOT_LOADED), "not loaded"}, - {ERR_REASON(ATALLA_R_REQUEST_FAILED), "request failed"}, - {ERR_REASON(ATALLA_R_UNIT_FAILURE), "unit failure"}, - {0, NULL} -}; - -#endif - -#ifdef ATALLA_LIB_NAME -static ERR_STRING_DATA ATALLA_lib_name[] = { - {0, ATALLA_LIB_NAME}, - {0, NULL} -}; -#endif - -static int ATALLA_lib_error_code = 0; -static int ATALLA_error_init = 1; - -static void ERR_load_ATALLA_strings(void) -{ - if (ATALLA_lib_error_code == 0) - ATALLA_lib_error_code = ERR_get_next_error_library(); - - if (ATALLA_error_init) { - ATALLA_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_functs); - ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_reasons); -#endif - -#ifdef ATALLA_LIB_NAME - ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code, 0, 0); - ERR_load_strings(0, ATALLA_lib_name); -#endif - } -} - -static void ERR_unload_ATALLA_strings(void) -{ - if (ATALLA_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_functs); - ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_reasons); -#endif - -#ifdef ATALLA_LIB_NAME - ERR_unload_strings(0, ATALLA_lib_name); -#endif - ATALLA_error_init = 1; - } -} - -static void ERR_ATALLA_error(int function, int reason, char *file, int line) -{ - if (ATALLA_lib_error_code == 0) - ATALLA_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(ATALLA_lib_error_code, function, reason, file, line); -} diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h deleted file mode 100644 index 7b71eff407..0000000000 --- a/engines/e_atalla_err.h +++ /dev/null @@ -1,94 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_ATALLA_ERR_H -# define HEADER_ATALLA_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_ATALLA_strings(void); -static void ERR_unload_ATALLA_strings(void); -static void ERR_ATALLA_error(int function, int reason, char *file, int line); -# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the ATALLA functions. */ - -/* Function codes. */ -# define ATALLA_F_ATALLA_CTRL 100 -# define ATALLA_F_ATALLA_FINISH 101 -# define ATALLA_F_ATALLA_INIT 102 -# define ATALLA_F_ATALLA_MOD_EXP 103 -# define ATALLA_F_ATALLA_RSA_MOD_EXP 104 - -/* Reason codes. */ -# define ATALLA_R_ALREADY_LOADED 100 -# define ATALLA_R_BN_CTX_FULL 101 -# define ATALLA_R_BN_EXPAND_FAIL 102 -# define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -# define ATALLA_R_MISSING_KEY_COMPONENTS 104 -# define ATALLA_R_NOT_LOADED 105 -# define ATALLA_R_REQUEST_FAILED 106 -# define ATALLA_R_UNIT_FAILURE 107 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/e_cswift.c b/engines/e_cswift.c deleted file mode 100644 index 5553794998..0000000000 --- a/engines/e_cswift.c +++ /dev/null @@ -1,1081 +0,0 @@ -/* crypto/engine/hw_cswift.c */ -/* - * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project - * 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/buffer.h> -#include <openssl/dso.h> -#include <openssl/engine.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_DH -# include <openssl/dh.h> -#endif -#include <openssl/rand.h> -#include <openssl/bn.h> - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_CSWIFT - -/* - * Attribution notice: Rainbow have generously allowed me to reproduce the - * necessary definitions here from their API. This means the support can - * build independently of whether application builders have the API or - * hardware. This will allow developers to easily produce software that has - * latent hardware support for any users that have accelerators installed, - * without the developers themselves needing anything extra. I have only - * clipped the parts from the CryptoSwift header files that are (or seem) - * relevant to the CryptoSwift support code. This is simply to keep the file - * sizes reasonable. [Geoff] - */ -# ifdef FLAT_INC -# include "cswift.h" -# else -# include "vendor_defns/cswift.h" -# endif - -# define CSWIFT_LIB_NAME "cswift engine" -# include "e_cswift_err.c" - -# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) - -static int cswift_destroy(ENGINE *e); -static int cswift_init(ENGINE *e); -static int cswift_finish(ENGINE *e); -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); -# ifndef OPENSSL_NO_RSA -static int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in); -# endif - -/* BIGNUM stuff */ -static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); -# ifndef OPENSSL_NO_RSA -static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, - BN_CTX *ctx); -# endif - -# ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -# ifndef OPENSSL_NO_DSA -/* DSA stuff */ -static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, - DSA *dsa); -static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -# endif - -# ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -/* RAND stuff */ -static int cswift_rand_bytes(unsigned char *buf, int num); -static int cswift_rand_status(void); - -/* The definitions for control commands specific to this engine */ -# define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN cswift_cmd_defns[] = { - {CSWIFT_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'cswift' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD cswift_rsa = { - "CryptoSwift RSA method", - NULL, - NULL, - NULL, - NULL, - cswift_rsa_mod_exp, - cswift_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL, - NULL -}; -# endif - -# ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD cswift_dsa = { - "CryptoSwift DSA method", - cswift_dsa_sign, - NULL, /* dsa_sign_setup */ - cswift_dsa_verify, - NULL, /* dsa_mod_exp */ - NULL, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* dsa_paramgen */ - NULL /* dsa_keygen */ -}; -# endif - -# ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD cswift_dh = { - "CryptoSwift DH method", - NULL, - NULL, - cswift_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL -}; -# endif - -static RAND_METHOD cswift_random = { - /* "CryptoSwift RAND method", */ - NULL, - cswift_rand_bytes, - NULL, - NULL, - cswift_rand_bytes, - cswift_rand_status, -}; - -/* Constants used when creating the ENGINE */ -static const char *engine_cswift_id = "cswift"; -static const char *engine_cswift_name = "CryptoSwift hardware engine support"; - -/* - * This internal function is used by ENGINE_cswift() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif -# ifndef OPENSSL_NO_DH - const DH_METHOD *meth2; -# endif - if (!ENGINE_set_id(e, engine_cswift_id) || - !ENGINE_set_name(e, engine_cswift_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &cswift_rsa) || -# endif -# ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &cswift_dsa) || -# endif -# ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &cswift_dh) || -# endif - !ENGINE_set_RAND(e, &cswift_random) || - !ENGINE_set_destroy_function(e, cswift_destroy) || - !ENGINE_set_init_function(e, cswift_init) || - !ENGINE_set_finish_function(e, cswift_finish) || - !ENGINE_set_ctrl_function(e, cswift_ctrl) || - !ENGINE_set_cmd_defns(e, cswift_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - /* - * We know that the "PKCS1_SSLeay()" functions hook properly to the - * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: - * We don't use ENGINE_openssl() or anything "more generic" because - * something like the RSAref code may not hook properly, and if you own - * one of these cards then you have the right to do RSA operations on it - * anyway! - */ - meth1 = RSA_PKCS1_SSLeay(); - cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -# endif - -# ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth2 = DH_OpenSSL(); - cswift_dh.generate_key = meth2->generate_key; - cswift_dh.compute_key = meth2->compute_key; -# endif - - /* Ensure the cswift error handling is set up */ - ERR_load_CSWIFT_strings(); - return 1; -} - -# ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_cswift(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_cswift(void) -{ - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_cswift(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -} -# endif - -/* - * This is a process-global DSO handle used for loading and unloading the - * CryptoSwift library. NB: This is only set (or unset) during an init() or - * finish() call (reference counts permitting) and they're operating with - * global locks, so this should be thread-safe implicitly. - */ -static DSO *cswift_dso = NULL; - -/* - * These are the function pointers that are (un)set when the library has - * successfully (un)loaded. - */ -t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL; -t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL; -t_swSimpleRequest *p_CSwift_SimpleRequest = NULL; -t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL; - -/* Used in the DSO operations. */ -static const char *CSWIFT_LIBNAME = NULL; -static const char *get_CSWIFT_LIBNAME(void) -{ - if (CSWIFT_LIBNAME) - return CSWIFT_LIBNAME; - return "swift"; -} - -static void free_CSWIFT_LIBNAME(void) -{ - OPENSSL_free(CSWIFT_LIBNAME); - CSWIFT_LIBNAME = NULL; -} - -static long set_CSWIFT_LIBNAME(const char *name) -{ - free_CSWIFT_LIBNAME(); - return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); -} - -static const char *CSWIFT_F1 = "swAcquireAccContext"; -static const char *CSWIFT_F2 = "swAttachKeyParam"; -static const char *CSWIFT_F3 = "swSimpleRequest"; -static const char *CSWIFT_F4 = "swReleaseAccContext"; - -/* - * CryptoSwift library functions and mechanics - these are used by the - * higher-level functions further down. NB: As and where there's no error - * checking, take a look lower down where these functions are called, the - * checking and error handling is probably down there. - */ - -/* utility function to obtain a context */ -static int get_context(SW_CONTEXT_HANDLE *hac) -{ - SW_STATUS status; - - status = p_CSwift_AcquireAccContext(hac); - if (status != SW_OK) - return 0; - return 1; -} - -/* similarly to release one. */ -static void release_context(SW_CONTEXT_HANDLE hac) -{ - p_CSwift_ReleaseAccContext(hac); -} - -/* Destructor (complements the "ENGINE_cswift()" constructor) */ -static int cswift_destroy(ENGINE *e) -{ - free_CSWIFT_LIBNAME(); - ERR_unload_CSWIFT_strings(); - return 1; -} - -/* (de)initialisation functions. */ -static int cswift_init(ENGINE *e) -{ - SW_CONTEXT_HANDLE hac; - t_swAcquireAccContext *p1; - t_swAttachKeyParam *p2; - t_swSimpleRequest *p3; - t_swReleaseAccContext *p4; - - if (cswift_dso != NULL) { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libswift.so/swift.dll/whatever. */ - cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0); - if (cswift_dso == NULL) { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED); - goto err; - } - -#define BINDIT(t, name) (t *)DSO_bind_func(cswift_dso, name) - if ((p1 = BINDIT(t_swAcquireAccContext, CSWIFT_F1)) == NULL - || (p2 = BINDIT(t_swAttachKeyParam, CSWIFT_F2)) == NULL - || (p3 = BINDIT(t_swSimpleRequest *) DSO_bind_func(cswift_dso, CSWIFT_F3)) == NULL - || (p4 = BINDIT(t_swReleaseAccContext *) DSO_bind_func(cswift_dso, CSWIFT_F4)) == NULL) { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED); - goto err; - } - /* Copy the pointers */ - p_CSwift_AcquireAccContext = p1; - p_CSwift_AttachKeyParam = p2; - p_CSwift_SimpleRequest = p3; - p_CSwift_ReleaseAccContext = p4; - /* - * Try and get a context - if not, we may have a DSO but no accelerator! - */ - if (!get_context(&hac)) { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_UNIT_FAILURE); - goto err; - } - release_context(hac); - /* Everything's fine. */ - return 1; - err: - DSO_free(cswift_dso); - cswift_dso = NULL; - p_CSwift_AcquireAccContext = NULL; - p_CSwift_AttachKeyParam = NULL; - p_CSwift_SimpleRequest = NULL; - p_CSwift_ReleaseAccContext = NULL; - return 0; -} - -static int cswift_finish(ENGINE *e) -{ - free_CSWIFT_LIBNAME(); - if (cswift_dso == NULL) { - CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_NOT_LOADED); - return 0; - } - if (!DSO_free(cswift_dso)) { - CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_UNIT_FAILURE); - return 0; - } - cswift_dso = NULL; - p_CSwift_AcquireAccContext = NULL; - p_CSwift_AttachKeyParam = NULL; - p_CSwift_SimpleRequest = NULL; - p_CSwift_ReleaseAccContext = NULL; - return 1; -} - -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int initialised = ((cswift_dso == NULL) ? 0 : 1); - switch (cmd) { - case CSWIFT_CMD_SO_PATH: - if (p == NULL) { - CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (initialised) { - CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_ALREADY_LOADED); - return 0; - } - return set_CSWIFT_LIBNAME((const char *)p); - default: - break; - } - CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -/* Un petit mod_exp */ -static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - /* - * I need somewhere to store temporary serialised values for use with the - * CryptoSwift API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX - * but access their arrays directly as byte arrays <grin>. This way I - * don't have to clean anything up. - */ - BIGNUM *modulus; - BIGNUM *exponent; - BIGNUM *argument; - BIGNUM *result; - SW_STATUS sw_status; - SW_LARGENUMBER arg, res; - SW_PARAM sw_param; - SW_CONTEXT_HANDLE hac; - int to_return, acquired; - - modulus = exponent = argument = result = NULL; - to_return = 0; /* expect failure */ - acquired = 0; - - if (!get_context(&hac)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - /* Prepare the params */ - BN_CTX_start(ctx); - modulus = BN_CTX_get(ctx); - exponent = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if (!result) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_CTX_FULL); - goto err; - } - if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) || - !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - sw_param.type = SW_ALG_EXP; - sw_param.up.exp.modulus.nbytes = BN_bn2bin(m, - (unsigned char *)modulus->d); - sw_param.up.exp.modulus.value = (unsigned char *)modulus->d; - sw_param.up.exp.exponent.nbytes = BN_bn2bin(p, - (unsigned char *)exponent->d); - sw_param.up.exp.exponent.value = (unsigned char *)exponent->d; - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch (sw_status) { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d); - arg.value = (unsigned char *)argument->d; - res.nbytes = BN_num_bytes(m); - memset(result->d, 0, res.nbytes); - res.value = (unsigned char *)result->d; - /* Perform the operation */ - if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, - &res, 1)) != SW_OK) { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - goto err; - } - /* Convert the response */ - BN_bin2bn((unsigned char *)result->d, res.nbytes, r); - to_return = 1; - err: - if (acquired) - release_context(hac); - BN_CTX_end(ctx); - return to_return; -} - -# ifndef OPENSSL_NO_RSA -int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in) -{ - int mod; - int numbytes = BN_num_bytes(in); - - mod = 0; - while (((out->nbytes = (numbytes + mod)) % 32)) { - mod++; - } - out->value = OPENSSL_malloc(out->nbytes); - if (!out->value) { - return 0; - } - BN_bn2bin(in, &out->value[mod]); - if (mod) - memset(out->value, 0, mod); - - return 1; -} -# endif - -# ifndef OPENSSL_NO_RSA -/* Un petit mod_exp chinois */ -static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, - BN_CTX *ctx) -{ - SW_STATUS sw_status; - SW_LARGENUMBER arg, res; - SW_PARAM sw_param; - SW_CONTEXT_HANDLE hac; - BIGNUM *result = NULL; - BIGNUM *argument = NULL; - int to_return = 0; /* expect failure */ - int acquired = 0; - - sw_param.up.crt.p.value = NULL; - sw_param.up.crt.q.value = NULL; - sw_param.up.crt.dmp1.value = NULL; - sw_param.up.crt.dmq1.value = NULL; - sw_param.up.crt.iqmp.value = NULL; - - if (!get_context(&hac)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - - /* Prepare the params */ - argument = BN_new(); - result = BN_new(); - if (!result || !argument) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_CTX_FULL); - goto err; - } - - sw_param.type = SW_ALG_CRT; - /************************************************************************/ - /* - * 04/02/2003 - */ - /* - * Modified by Frederic Giudicelli (deny-all.com) to overcome the - */ - /* - * limitation of cswift with values not a multiple of 32 - */ - /************************************************************************/ - if (!cswift_bn_32copy(&sw_param.up.crt.p, p)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - if (!cswift_bn_32copy(&sw_param.up.crt.q, q)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - if (!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - if (!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - if (!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - if (!bn_wexpand(argument, a->top) || !bn_wexpand(result, p->top + q->top)) { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch (sw_status) { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d); - arg.value = (unsigned char *)argument->d; - res.nbytes = 2 * BN_num_bytes(p); - memset(result->d, 0, res.nbytes); - res.value = (unsigned char *)result->d; - /* Perform the operation */ - if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, - &res, 1)) != SW_OK) { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - goto err; - } - /* Convert the response */ - BN_bin2bn((unsigned char *)result->d, res.nbytes, r); - to_return = 1; - err: - OPENSSL_free(sw_param.up.crt.p.value); - OPENSSL_free(sw_param.up.crt.q.value); - OPENSSL_free(sw_param.up.crt.dmp1.value); - OPENSSL_free(sw_param.up.crt.dmq1.value); - OPENSSL_free(sw_param.up.crt.iqmp.value); - BN_free(result); - BN_free(argument); - if (acquired) - release_context(hac); - return to_return; -} -# endif - -# ifndef OPENSSL_NO_RSA -static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - int to_return = 0; - const RSA_METHOD *def_rsa_method; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP, - CSWIFT_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Try the limits of RSA (2048 bits) */ - if (BN_num_bytes(rsa->p) > 128 || - BN_num_bytes(rsa->q) > 128 || - BN_num_bytes(rsa->dmp1) > 128 || - BN_num_bytes(rsa->dmq1) > 128 || BN_num_bytes(rsa->iqmp) > 128) { -# ifdef RSA_NULL - def_rsa_method = RSA_null_method(); -# else - def_rsa_method = RSA_PKCS1_SSLeay(); -# endif - if (def_rsa_method) - return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx); - } - - to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, - rsa->dmq1, rsa->iqmp, ctx); - err: - return to_return; -} - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - const RSA_METHOD *def_rsa_method; - - /* Try the limits of RSA (2048 bits) */ - if (BN_num_bytes(r) > 256 || - BN_num_bytes(a) > 256 || BN_num_bytes(m) > 256) { -# ifdef RSA_NULL - def_rsa_method = RSA_null_method(); -# else - def_rsa_method = RSA_PKCS1_SSLeay(); -# endif - if (def_rsa_method) - return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx); - } - - return cswift_mod_exp(r, a, p, m, ctx); -} -# endif /* OPENSSL_NO_RSA */ - -# ifndef OPENSSL_NO_DSA -static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - SW_CONTEXT_HANDLE hac; - SW_PARAM sw_param; - SW_STATUS sw_status; - SW_LARGENUMBER arg, res; - BN_CTX *ctx; - BIGNUM *dsa_p = NULL; - BIGNUM *dsa_q = NULL; - BIGNUM *dsa_g = NULL; - BIGNUM *dsa_key = NULL; - BIGNUM *result = NULL; - DSA_SIG *to_return = NULL; - int acquired = 0; - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - if (!get_context(&hac)) { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - /* Prepare the params */ - BN_CTX_start(ctx); - dsa_p = BN_CTX_get(ctx); - dsa_q = BN_CTX_get(ctx); - dsa_g = BN_CTX_get(ctx); - dsa_key = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if (!result) { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_CTX_FULL); - goto err; - } - if (!bn_wexpand(dsa_p, dsa->p->top) || - !bn_wexpand(dsa_q, dsa->q->top) || - !bn_wexpand(dsa_g, dsa->g->top) || - !bn_wexpand(dsa_key, dsa->priv_key->top) || - !bn_wexpand(result, dsa->p->top)) { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - sw_param.type = SW_ALG_DSA; - sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d); - sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d; - sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d); - sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d; - sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d); - sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d; - sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key, - (unsigned char *)dsa_key->d); - sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d; - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch (sw_status) { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg.nbytes = dlen; - arg.value = (unsigned char *)dgst; - res.nbytes = BN_num_bytes(dsa->p); - memset(result->d, 0, res.nbytes); - res.value = (unsigned char *)result->d; - /* Perform the operation */ - sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1, - &res, 1); - if (sw_status != SW_OK) { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - goto err; - } - /* Convert the response */ - if ((to_return = DSA_SIG_new()) == NULL) - goto err; - to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL); - to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL); - - err: - if (acquired) - release_context(hac); - if (ctx) - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return to_return; -} - -static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa) -{ - SW_CONTEXT_HANDLE hac; - SW_PARAM sw_param; - SW_STATUS sw_status; - SW_LARGENUMBER arg[2], res; - unsigned long sig_result; - BN_CTX *ctx; - BIGNUM *dsa_p = NULL; - BIGNUM *dsa_q = NULL; - BIGNUM *dsa_g = NULL; - BIGNUM *dsa_key = NULL; - BIGNUM *argument = NULL; - int to_return = -1; - int acquired = 0; - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - if (!get_context(&hac)) { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - /* Prepare the params */ - BN_CTX_start(ctx); - dsa_p = BN_CTX_get(ctx); - dsa_q = BN_CTX_get(ctx); - dsa_g = BN_CTX_get(ctx); - dsa_key = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - if (!argument) { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_CTX_FULL); - goto err; - } - if (!bn_wexpand(dsa_p, dsa->p->top) || - !bn_wexpand(dsa_q, dsa->q->top) || - !bn_wexpand(dsa_g, dsa->g->top) || - !bn_wexpand(dsa_key, dsa->pub_key->top) || - !bn_wexpand(argument, 40)) { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - sw_param.type = SW_ALG_DSA; - sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d); - sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d; - sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d); - sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d; - sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d); - sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d; - sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key, - (unsigned char *)dsa_key->d); - sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d; - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch (sw_status) { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg[0].nbytes = dgst_len; - arg[0].value = (unsigned char *)dgst; - arg[1].nbytes = 40; - arg[1].value = (unsigned char *)argument->d; - memset(arg[1].value, 0, 40); - BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r)); - BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s)); - res.nbytes = 4; /* unsigned long */ - res.value = (unsigned char *)(&sig_result); - /* Perform the operation */ - sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2, - &res, 1); - if (sw_status != SW_OK) { - char tmpbuf[DECIMAL_SIZE(sw_status) + 1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - goto err; - } - /* Convert the response */ - to_return = ((sig_result == 0) ? 0 : 1); - - err: - if (acquired) - release_context(hac); - if (ctx) - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return to_return; -} -# endif - -# ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return cswift_mod_exp(r, a, p, m, ctx); -} -# endif - -/* Random bytes are good */ -static int cswift_rand_bytes(unsigned char *buf, int num) -{ - SW_CONTEXT_HANDLE hac; - SW_STATUS swrc; - SW_LARGENUMBER largenum; - int acquired = 0; - int to_return = 0; /* assume failure */ - unsigned char buf32[1024]; - - if (!get_context(&hac)) { - CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - - /************************************************************************/ - /* - * 04/02/2003 - */ - /* - * Modified by Frederic Giudicelli (deny-all.com) to overcome the - */ - /* - * limitation of cswift with values not a multiple of 32 - */ - /************************************************************************/ - - while (num >= (int)sizeof(buf32)) { - largenum.value = buf; - largenum.nbytes = sizeof(buf32); - /*- - * tell CryptoSwift how many bytes we want and where we want it. - * Note: - CryptoSwift cannot do more than 4096 bytes at a time. - * - CryptoSwift can only do multiple of 32-bits. - */ - swrc = - p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); - if (swrc != SW_OK) { - char tmpbuf[20]; - CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", swrc); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - goto err; - } - buf += sizeof(buf32); - num -= sizeof(buf32); - } - if (num) { - largenum.nbytes = sizeof(buf32); - largenum.value = buf32; - swrc = - p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); - if (swrc != SW_OK) { - char tmpbuf[20]; - CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", swrc); - ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); - goto err; - } - memcpy(buf, largenum.value, num); - } - - to_return = 1; /* success */ - err: - if (acquired) - release_context(hac); - - return to_return; -} - -static int cswift_rand_status(void) -{ - return 1; -} - -/* - * This stuff is needed if this ENGINE is being compiled into a - * self-contained shared-library. - */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_cswift_id) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -# endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_cswift.ec b/engines/e_cswift.ec deleted file mode 100644 index a7f9d11434..0000000000 --- a/engines/e_cswift.ec +++ /dev/null @@ -1 +0,0 @@ -L CSWIFT e_cswift_err.h e_cswift_err.c diff --git a/engines/e_cswift_err.c b/engines/e_cswift_err.c deleted file mode 100644 index f8a2cbb5eb..0000000000 --- a/engines/e_cswift_err.c +++ /dev/null @@ -1,150 +0,0 @@ -/* e_cswift_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_cswift_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA CSWIFT_str_functs[] = { - {ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"}, - {ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"}, - {0, NULL} -}; - -static ERR_STRING_DATA CSWIFT_str_reasons[] = { - {ERR_REASON(CSWIFT_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(CSWIFT_R_BAD_KEY_SIZE), "bad key size"}, - {ERR_REASON(CSWIFT_R_BN_CTX_FULL), "bn ctx full"}, - {ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL), "bn expand fail"}, - {ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS), "missing key components"}, - {ERR_REASON(CSWIFT_R_NOT_LOADED), "not loaded"}, - {ERR_REASON(CSWIFT_R_REQUEST_FAILED), "request failed"}, - {ERR_REASON(CSWIFT_R_UNIT_FAILURE), "unit failure"}, - {0, NULL} -}; - -#endif - -#ifdef CSWIFT_LIB_NAME -static ERR_STRING_DATA CSWIFT_lib_name[] = { - {0, CSWIFT_LIB_NAME}, - {0, NULL} -}; -#endif - -static int CSWIFT_lib_error_code = 0; -static int CSWIFT_error_init = 1; - -static void ERR_load_CSWIFT_strings(void) -{ - if (CSWIFT_lib_error_code == 0) - CSWIFT_lib_error_code = ERR_get_next_error_library(); - - if (CSWIFT_error_init) { - CSWIFT_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_functs); - ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons); -#endif - -#ifdef CSWIFT_LIB_NAME - CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code, 0, 0); - ERR_load_strings(0, CSWIFT_lib_name); -#endif - } -} - -static void ERR_unload_CSWIFT_strings(void) -{ - if (CSWIFT_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_functs); - ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons); -#endif - -#ifdef CSWIFT_LIB_NAME - ERR_unload_strings(0, CSWIFT_lib_name); -#endif - CSWIFT_error_init = 1; - } -} - -static void ERR_CSWIFT_error(int function, int reason, char *file, int line) -{ - if (CSWIFT_lib_error_code == 0) - CSWIFT_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(CSWIFT_lib_error_code, function, reason, file, line); -} diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h deleted file mode 100644 index fde3a8277c..0000000000 --- a/engines/e_cswift_err.h +++ /dev/null @@ -1,99 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_CSWIFT_ERR_H -# define HEADER_CSWIFT_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_CSWIFT_strings(void); -static void ERR_unload_CSWIFT_strings(void); -static void ERR_CSWIFT_error(int function, int reason, char *file, int line); -# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the CSWIFT functions. */ - -/* Function codes. */ -# define CSWIFT_F_CSWIFT_CTRL 100 -# define CSWIFT_F_CSWIFT_DSA_SIGN 101 -# define CSWIFT_F_CSWIFT_DSA_VERIFY 102 -# define CSWIFT_F_CSWIFT_FINISH 103 -# define CSWIFT_F_CSWIFT_INIT 104 -# define CSWIFT_F_CSWIFT_MOD_EXP 105 -# define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106 -# define CSWIFT_F_CSWIFT_RAND_BYTES 108 -# define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107 - -/* Reason codes. */ -# define CSWIFT_R_ALREADY_LOADED 100 -# define CSWIFT_R_BAD_KEY_SIZE 101 -# define CSWIFT_R_BN_CTX_FULL 102 -# define CSWIFT_R_BN_EXPAND_FAIL 103 -# define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104 -# define CSWIFT_R_MISSING_KEY_COMPONENTS 105 -# define CSWIFT_R_NOT_LOADED 106 -# define CSWIFT_R_REQUEST_FAILED 107 -# define CSWIFT_R_UNIT_FAILURE 108 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/e_nuron.c b/engines/e_nuron.c deleted file mode 100644 index 01229b0428..0000000000 --- a/engines/e_nuron.c +++ /dev/null @@ -1,435 +0,0 @@ -/* crypto/engine/hw_nuron.c */ -/* - * Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff - * Thorpe's Atalla implementation. - */ -/* ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stdio.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/buffer.h> -#include <openssl/dso.h> -#include <openssl/engine.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_DH -# include <openssl/dh.h> -#endif -#include <openssl/bn.h> - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_NURON - -# define NURON_LIB_NAME "nuron engine" -# include "e_nuron_err.c" - -static const char *NURON_LIBNAME = NULL; -static const char *get_NURON_LIBNAME(void) -{ - if (NURON_LIBNAME) - return NURON_LIBNAME; - return "nuronssl"; -} - -static void free_NURON_LIBNAME(void) -{ - OPENSSL_free(NURON_LIBNAME); - NURON_LIBNAME = NULL; -} - -static long set_NURON_LIBNAME(const char *name) -{ - free_NURON_LIBNAME(); - return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); -} - -static const char *NURON_F1 = "nuron_mod_exp"; - -/* The definitions for control commands specific to this engine */ -# define NURON_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN nuron_cmd_defns[] = { - {NURON_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'nuronssl' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} -}; - -typedef int tfnModExp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m); -static tfnModExp *pfnModExp = NULL; - -static DSO *pvDSOHandle = NULL; - -static int nuron_destroy(ENGINE *e) -{ - free_NURON_LIBNAME(); - ERR_unload_NURON_strings(); - return 1; -} - -static int nuron_init(ENGINE *e) -{ - if (pvDSOHandle != NULL) { - NURONerr(NURON_F_NURON_INIT, NURON_R_ALREADY_LOADED); - return 0; - } - - pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY); - if (!pvDSOHandle) { - NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_NOT_FOUND); - return 0; - } - - pfnModExp = (tfnModExp *) DSO_bind_func(pvDSOHandle, NURON_F1); - if (!pfnModExp) { - NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_FUNCTION_NOT_FOUND); - return 0; - } - - return 1; -} - -static int nuron_finish(ENGINE *e) -{ - free_NURON_LIBNAME(); - if (pvDSOHandle == NULL) { - NURONerr(NURON_F_NURON_FINISH, NURON_R_NOT_LOADED); - return 0; - } - if (!DSO_free(pvDSOHandle)) { - NURONerr(NURON_F_NURON_FINISH, NURON_R_DSO_FAILURE); - return 0; - } - pvDSOHandle = NULL; - pfnModExp = NULL; - return 1; -} - -static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int initialised = ((pvDSOHandle == NULL) ? 0 : 1); - switch (cmd) { - case NURON_CMD_SO_PATH: - if (p == NULL) { - NURONerr(NURON_F_NURON_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (initialised) { - NURONerr(NURON_F_NURON_CTRL, NURON_R_ALREADY_LOADED); - return 0; - } - return set_NURON_LIBNAME((const char *)p); - default: - break; - } - NURONerr(NURON_F_NURON_CTRL, NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -static int nuron_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - if (!pvDSOHandle) { - NURONerr(NURON_F_NURON_MOD_EXP, NURON_R_NOT_LOADED); - return 0; - } - return pfnModExp(r, a, p, m); -} - -# ifndef OPENSSL_NO_RSA -static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - return nuron_mod_exp(r0, I, rsa->d, rsa->n, ctx); -} -# endif - -# ifndef OPENSSL_NO_DSA -/* - * This code was liberated and adapted from the commented-out code in - * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it - * doesn't have a CRT form for RSA), this function means that an Atalla - * system running with a DSA server certificate can handshake around 5 or 6 - * times faster/more than an equivalent system running with RSA. Just check - * out the "signs" statistics from the RSA and DSA parts of "openssl speed - * -engine atalla dsa1024 rsa1024". - */ -static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - BIGNUM t; - int to_return = 0; - - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!nuron_mod_exp(rr, a1, p1, m, ctx)) - goto end; - /* let t = a2 ^ p2 mod m */ - if (!nuron_mod_exp(&t, a2, p2, m, ctx)) - goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr, rr, &t, m, ctx)) - goto end; - to_return = 1; - end: - BN_free(&t); - return to_return; -} - -static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return nuron_mod_exp(r, a, p, m, ctx); -} -# endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -# ifndef OPENSSL_NO_RSA -static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return nuron_mod_exp(r, a, p, m, ctx); -} -# endif - -# ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return nuron_mod_exp(r, a, p, m, ctx); -} -# endif - -# ifndef OPENSSL_NO_RSA -static RSA_METHOD nuron_rsa = { - "Nuron RSA method", - NULL, - NULL, - NULL, - NULL, - nuron_rsa_mod_exp, - nuron_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL, - NULL -}; -# endif - -# ifndef OPENSSL_NO_DSA -static DSA_METHOD nuron_dsa = { - "Nuron DSA method", - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - nuron_dsa_mod_exp, /* dsa_mod_exp */ - nuron_mod_exp_dsa, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* dsa_paramgen */ - NULL /* dsa_keygen */ -}; -# endif - -# ifndef OPENSSL_NO_DH -static DH_METHOD nuron_dh = { - "Nuron DH method", - NULL, - NULL, - nuron_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL -}; -# endif - -/* Constants used when creating the ENGINE */ -static const char *engine_nuron_id = "nuron"; -static const char *engine_nuron_name = "Nuron hardware engine support"; - -/* - * This internal function is used by ENGINE_nuron() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif -# ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -# endif -# ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -# endif - if (!ENGINE_set_id(e, engine_nuron_id) || - !ENGINE_set_name(e, engine_nuron_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &nuron_rsa) || -# endif -# ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &nuron_dsa) || -# endif -# ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &nuron_dh) || -# endif - !ENGINE_set_destroy_function(e, nuron_destroy) || - !ENGINE_set_init_function(e, nuron_init) || - !ENGINE_set_finish_function(e, nuron_finish) || - !ENGINE_set_ctrl_function(e, nuron_ctrl) || - !ENGINE_set_cmd_defns(e, nuron_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - /* - * We know that the "PKCS1_SSLeay()" functions hook properly to the - * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB: - * We don't use ENGINE_openssl() or anything "more generic" because - * something like the RSAref code may not hook properly, and if you own - * one of these cards then you have the right to do RSA operations on it - * anyway! - */ - meth1 = RSA_PKCS1_SSLeay(); - nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -# endif - -# ifndef OPENSSL_NO_DSA - /* - * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits. - */ - meth2 = DSA_OpenSSL(); - nuron_dsa.dsa_do_sign = meth2->dsa_do_sign; - nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup; - nuron_dsa.dsa_do_verify = meth2->dsa_do_verify; -# endif - -# ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - nuron_dh.generate_key = meth3->generate_key; - nuron_dh.compute_key = meth3->compute_key; -# endif - - /* Ensure the nuron error handling is set up */ - ERR_load_NURON_strings(); - return 1; -} - -# ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_nuron(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_nuron(void) -{ - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_nuron(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -} -# endif - -/* - * This stuff is needed if this ENGINE is being compiled into a - * self-contained shared-library. - */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_nuron_id) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -# endif /* !OPENSSL_NO_HW_NURON */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_nuron.ec b/engines/e_nuron.ec deleted file mode 100644 index cfa430dfcd..0000000000 --- a/engines/e_nuron.ec +++ /dev/null @@ -1 +0,0 @@ -L NURON e_nuron_err.h e_nuron_err.c diff --git a/engines/e_nuron_err.c b/engines/e_nuron_err.c deleted file mode 100644 index a02c4f0459..0000000000 --- a/engines/e_nuron_err.c +++ /dev/null @@ -1,142 +0,0 @@ -/* e_nuron_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_nuron_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA NURON_str_functs[] = { - {ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"}, - {ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"}, - {ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"}, - {ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"}, - {0, NULL} -}; - -static ERR_STRING_DATA NURON_str_reasons[] = { - {ERR_REASON(NURON_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_REASON(NURON_R_DSO_FAILURE), "dso failure"}, - {ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND), "dso function not found"}, - {ERR_REASON(NURON_R_DSO_NOT_FOUND), "dso not found"}, - {ERR_REASON(NURON_R_NOT_LOADED), "not loaded"}, - {0, NULL} -}; - -#endif - -#ifdef NURON_LIB_NAME -static ERR_STRING_DATA NURON_lib_name[] = { - {0, NURON_LIB_NAME}, - {0, NULL} -}; -#endif - -static int NURON_lib_error_code = 0; -static int NURON_error_init = 1; - -static void ERR_load_NURON_strings(void) -{ - if (NURON_lib_error_code == 0) - NURON_lib_error_code = ERR_get_next_error_library(); - - if (NURON_error_init) { - NURON_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(NURON_lib_error_code, NURON_str_functs); - ERR_load_strings(NURON_lib_error_code, NURON_str_reasons); -#endif - -#ifdef NURON_LIB_NAME - NURON_lib_name->error = ERR_PACK(NURON_lib_error_code, 0, 0); - ERR_load_strings(0, NURON_lib_name); -#endif - } -} - -static void ERR_unload_NURON_strings(void) -{ - if (NURON_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(NURON_lib_error_code, NURON_str_functs); - ERR_unload_strings(NURON_lib_error_code, NURON_str_reasons); -#endif - -#ifdef NURON_LIB_NAME - ERR_unload_strings(0, NURON_lib_name); -#endif - NURON_error_init = 1; - } -} - -static void ERR_NURON_error(int function, int reason, char *file, int line) -{ - if (NURON_lib_error_code == 0) - NURON_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(NURON_lib_error_code, function, reason, file, line); -} diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h deleted file mode 100644 index aa7849c6a9..0000000000 --- a/engines/e_nuron_err.h +++ /dev/null @@ -1,91 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_NURON_ERR_H -# define HEADER_NURON_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_NURON_strings(void); -static void ERR_unload_NURON_strings(void); -static void ERR_NURON_error(int function, int reason, char *file, int line); -# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the NURON functions. */ - -/* Function codes. */ -# define NURON_F_NURON_CTRL 100 -# define NURON_F_NURON_FINISH 101 -# define NURON_F_NURON_INIT 102 -# define NURON_F_NURON_MOD_EXP 103 - -/* Reason codes. */ -# define NURON_R_ALREADY_LOADED 100 -# define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101 -# define NURON_R_DSO_FAILURE 102 -# define NURON_R_DSO_FUNCTION_NOT_FOUND 103 -# define NURON_R_DSO_NOT_FOUND 104 -# define NURON_R_NOT_LOADED 105 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/e_sureware.c b/engines/e_sureware.c deleted file mode 100644 index fb5e55c930..0000000000 --- a/engines/e_sureware.c +++ /dev/null @@ -1,1074 +0,0 @@ -/*- -* Written by Corinne Dive-Reclus(cdive@baltimore.com) -* -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that the following conditions -* are met: -* -* 1. Redistributions of source code must retain the above copyright -* notice, this list of conditions and the following disclaimer. -* -* 2. Redistributions in binary form must reproduce the above copyright -* notice, this list of conditions and the following disclaimer in -* the documentation and/or other materials provided with the -* distribution. -* -* 3. All advertising materials mentioning features or use of this -* software must display the following acknowledgment: -* "This product includes software developed by the OpenSSL Project -* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -* -* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -* endorse or promote products derived from this software without -* prior written permission. For written permission, please contact -* licensing@OpenSSL.org. -* -* 5. Products derived from this software may not be called "OpenSSL" -* nor may "OpenSSL" appear in their names without prior written -* permission of the OpenSSL Project. -* -* 6. Redistributions of any form whatsoever must retain the following -* acknowledgment: -* "This product includes software developed by the OpenSSL Project -* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -* -* Written by Corinne Dive-Reclus(cdive@baltimore.com) -* -* Copyright@2001 Baltimore Technologies Ltd. -* All right Reserved. -* * -* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND * -* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * -* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE * -* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * -* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * -* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * -* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * -* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * -* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * -* SUCH DAMAGE. * -====================================================================*/ - -#include <stdio.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/pem.h> -#include <openssl/dso.h> -#include <openssl/engine.h> -#include <openssl/rand.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DSA -# include <openssl/dsa.h> -#endif -#ifndef OPENSSL_NO_DH -# include <openssl/dh.h> -#endif -#include <openssl/bn.h> - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_SUREWARE - -# ifdef FLAT_INC -# include "sureware.h" -# else -# include "vendor_defns/sureware.h" -# endif - -# define SUREWARE_LIB_NAME "sureware engine" -# include "e_sureware_err.c" - -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); -static int surewarehk_destroy(ENGINE *e); -static int surewarehk_init(ENGINE *e); -static int surewarehk_finish(ENGINE *e); -static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -/* RSA stuff */ -# ifndef OPENSSL_NO_RSA -static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int surewarehk_rsa_sign(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -# endif - -/* RAND stuff */ -static int surewarehk_rand_bytes(unsigned char *buf, int num); -static int surewarehk_rand_seed(const void *buf, int num); -static int surewarehk_rand_add(const void *buf, int num, double entropy); - -/* KM stuff */ -static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); -static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); -static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - -# ifndef OPENSSL_NO_RSA -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return surewarehk_modexp(r, a, p, m, ctx); -} - -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD surewarehk_rsa = { - "SureWare RSA method", - NULL, /* pub_enc */ - NULL, /* pub_dec */ - surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc */ - surewarehk_rsa_priv_dec, /* priv_dec */ - NULL, /* mod_exp */ - surewarehk_mod_exp_mont, /* mod_exp_mongomery */ - NULL, /* init */ - NULL, /* finish */ - 0, /* RSA flag */ - NULL, - NULL, /* OpenSSL sign */ - NULL, /* OpenSSL verify */ - NULL /* keygen */ -}; -# endif - -# ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return surewarehk_modexp(r, a, p, m, ctx); -} - -static DH_METHOD surewarehk_dh = { - "SureWare DH method", - NULL, /* gen_key */ - NULL, /* agree, */ - surewarehk_modexp_dh, /* dh mod exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, - NULL -}; -# endif - -static RAND_METHOD surewarehk_rand = { - /* "SureWare RAND method", */ - surewarehk_rand_seed, - surewarehk_rand_bytes, - NULL, /* cleanup */ - surewarehk_rand_add, - surewarehk_rand_bytes, - NULL, /* rand_status */ -}; - -# ifndef OPENSSL_NO_DSA -/* DSA stuff */ -static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, - DSA *dsa); -static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, - BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) -{ - BIGNUM t; - int to_return = 0; - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!surewarehk_modexp(rr, a1, p1, m, ctx)) - goto end; - /* let t = a2 ^ p2 mod m */ - if (!surewarehk_modexp(&t, a2, p2, m, ctx)) - goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr, rr, &t, m, ctx)) - goto end; - to_return = 1; - end: - BN_free(&t); - return to_return; -} - -static DSA_METHOD surewarehk_dsa = { - "SureWare DSA method", - surewarehk_dsa_do_sign, - NULL, /* sign setup */ - NULL, /* verify, */ - surewarehk_dsa_mod_exp, /* mod exp */ - NULL, /* bn mod exp */ - NULL, /* init */ - NULL, /* finish */ - 0, - NULL, - NULL, - NULL -}; -# endif - -static const char *engine_sureware_id = "sureware"; -static const char *engine_sureware_name = "SureWare hardware engine support"; - -/* Now, to our own code */ - -/* - * As this is only ever called once, there's no need for locking (indeed - - * the lock will already be held by our caller!!!) - */ -static int bind_sureware(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif -# ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -# endif -# ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -# endif - - if (!ENGINE_set_id(e, engine_sureware_id) || - !ENGINE_set_name(e, engine_sureware_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &surewarehk_rsa) || -# endif -# ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &surewarehk_dsa) || -# endif -# ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &surewarehk_dh) || -# endif - !ENGINE_set_RAND(e, &surewarehk_rand) || - !ENGINE_set_destroy_function(e, surewarehk_destroy) || - !ENGINE_set_init_function(e, surewarehk_init) || - !ENGINE_set_finish_function(e, surewarehk_finish) || - !ENGINE_set_ctrl_function(e, surewarehk_ctrl) || - !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) || - !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey)) - return 0; - -# ifndef OPENSSL_NO_RSA - /* - * We know that the "PKCS1_SSLeay()" functions hook properly to the - * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: - * We don't use ENGINE_openssl() or anything "more generic" because - * something like the RSAref code may not hook properly, and if you own - * one of these cards then you have the right to do RSA operations on it - * anyway! - */ - meth1 = RSA_PKCS1_SSLeay(); - if (meth1) { - surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - } -# endif - -# ifndef OPENSSL_NO_DSA - /* - * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits. - */ - meth2 = DSA_OpenSSL(); - if (meth2) { - surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify; - } -# endif - -# ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - if (meth3) { - surewarehk_dh.generate_key = meth3->generate_key; - surewarehk_dh.compute_key = meth3->compute_key; - } -# endif - - /* Ensure the sureware error handling is set up */ - ERR_load_SUREWARE_strings(); - return 1; -} - -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_helper(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_sureware_id) != 0)) - return 0; - if (!bind_sureware(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# else -static ENGINE *engine_sureware(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_sureware(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_sureware(void) -{ - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_sureware(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -} -# endif - -/* - * This is a process-global DSO handle used for loading and unloading the - * SureWareHook library. NB: This is only set (or unset) during an init() or - * finish() call (reference counts permitting) and they're operating with - * global locks, so this should be thread-safe implicitly. - */ -static DSO *surewarehk_dso = NULL; -# ifndef OPENSSL_NO_RSA -/* Index for KM handle. Not really used yet. */ -static int rsaHndidx = -1; -# endif -# ifndef OPENSSL_NO_DSA -/* Index for KM handle. Not really used yet. */ -static int dsaHndidx = -1; -# endif - -/* - * These are the function pointers that are (un)set when the library has - * successfully (un)loaded. - */ -static SureWareHook_Init_t *p_surewarehk_Init = NULL; -static SureWareHook_Finish_t *p_surewarehk_Finish = NULL; -static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL; -static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL; -static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL; -static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL; -static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL; -static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL; -static SureWareHook_Free_t *p_surewarehk_Free = NULL; -static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL; -static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL; -static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL; -static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL; - -/* Used in the DSO operations. */ -static const char *surewarehk_LIBNAME = "SureWareHook"; -static const char *n_surewarehk_Init = "SureWareHook_Init"; -static const char *n_surewarehk_Finish = "SureWareHook_Finish"; -static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes"; -static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed"; -static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey"; -static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey"; -static const char *n_surewarehk_Load_Rsa_Pubkey = - "SureWareHook_Load_Rsa_Pubkey"; -static const char *n_surewarehk_Load_Dsa_Pubkey = - "SureWareHook_Load_Dsa_Pubkey"; -static const char *n_surewarehk_Free = "SureWareHook_Free"; -static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec"; -static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign"; -static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign"; -static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp"; -static BIO *logstream = NULL; - -/* - * SureWareHook library functions and mechanics - these are used by the - * higher-level functions further down. NB: As and where there's no error - * checking, take a look lower down where these functions are called, the - * checking and error handling is probably down there. - */ -static int threadsafe = 1; -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)) -{ - int to_return = 1; - - switch (cmd) { - case ENGINE_CTRL_SET_LOGSTREAM: - { - BIO *bio = (BIO *)p; - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - BIO_free(logstream); - logstream = NULL; - if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1) - logstream = bio; - else - SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, - SUREWARE_R_BIO_WAS_FREED); - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - /* - * This will prevent the initialisation function from "installing" - * the mutex-handling callbacks, even if they are available from - * within the library (or were provided to the library from the - * calling application). This is to remove any baggage for - * applications not using multithreading. - */ - case ENGINE_CTRL_CHIL_NO_LOCKING: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - threadsafe = 0; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - - /* The command isn't understood by this engine */ - default: - SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, - ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); - to_return = 0; - break; - } - - return to_return; -} - -/* Destructor (complements the "ENGINE_surewarehk()" constructor) */ -static int surewarehk_destroy(ENGINE *e) -{ - ERR_unload_SUREWARE_strings(); - return 1; -} - -/* (de)initialisation functions. */ -static int surewarehk_init(ENGINE *e) -{ - char msg[64] = "ENGINE_init"; - SureWareHook_Init_t *p1 = NULL; - SureWareHook_Finish_t *p2 = NULL; - SureWareHook_Rand_Bytes_t *p3 = NULL; - SureWareHook_Rand_Seed_t *p4 = NULL; - SureWareHook_Load_Privkey_t *p5 = NULL; - SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL; - SureWareHook_Free_t *p7 = NULL; - SureWareHook_Rsa_Priv_Dec_t *p8 = NULL; - SureWareHook_Rsa_Sign_t *p9 = NULL; - SureWareHook_Dsa_Sign_t *p12 = NULL; - SureWareHook_Info_Pubkey_t *p13 = NULL; - SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL; - SureWareHook_Mod_Exp_t *p15 = NULL; - - if (surewarehk_dso != NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */ - surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0); - if (surewarehk_dso == NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE); - goto err; - } - if (! - (p1 = - (SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Init)) -|| !(p2 = - (SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Finish)) -|| !(p3 = - (SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Rand_Bytes)) -|| !(p4 = - (SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Rand_Seed)) -|| !(p5 = - (SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Load_Privkey)) -|| !(p6 = - (SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Load_Rsa_Pubkey)) -|| !(p7 = - (SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) -|| !(p8 = - (SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Rsa_Priv_Dec)) -|| !(p9 = - (SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Rsa_Sign)) -|| !(p12 = - (SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Dsa_Sign)) -|| !(p13 = - (SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Info_Pubkey)) -|| !(p14 = - (SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Load_Dsa_Pubkey)) -|| !(p15 = - (SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso, - n_surewarehk_Mod_Exp))) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE); - goto err; - } - /* Copy the pointers */ - p_surewarehk_Init = p1; - p_surewarehk_Finish = p2; - p_surewarehk_Rand_Bytes = p3; - p_surewarehk_Rand_Seed = p4; - p_surewarehk_Load_Privkey = p5; - p_surewarehk_Load_Rsa_Pubkey = p6; - p_surewarehk_Free = p7; - p_surewarehk_Rsa_Priv_Dec = p8; - p_surewarehk_Rsa_Sign = p9; - p_surewarehk_Dsa_Sign = p12; - p_surewarehk_Info_Pubkey = p13; - p_surewarehk_Load_Dsa_Pubkey = p14; - p_surewarehk_Mod_Exp = p15; - /* Contact the hardware and initialises it. */ - if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE); - goto err; - } - if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE); - goto err; - } - /* - * try to load the default private key, if failed does not return a - * failure but wait for an explicit ENGINE_load_privakey - */ - surewarehk_load_privkey(e, NULL, NULL, NULL); - - /* Everything's fine. */ -# ifndef OPENSSL_NO_RSA - if (rsaHndidx == -1) - rsaHndidx = RSA_get_ex_new_index(0, - "SureWareHook RSA key handle", - NULL, NULL, surewarehk_ex_free); -# endif -# ifndef OPENSSL_NO_DSA - if (dsaHndidx == -1) - dsaHndidx = DSA_get_ex_new_index(0, - "SureWareHook DSA key handle", - NULL, NULL, surewarehk_ex_free); -# endif - - return 1; - err: - DSO_free(surewarehk_dso); - surewarehk_dso = NULL; - p_surewarehk_Init = NULL; - p_surewarehk_Finish = NULL; - p_surewarehk_Rand_Bytes = NULL; - p_surewarehk_Rand_Seed = NULL; - p_surewarehk_Load_Privkey = NULL; - p_surewarehk_Load_Rsa_Pubkey = NULL; - p_surewarehk_Free = NULL; - p_surewarehk_Rsa_Priv_Dec = NULL; - p_surewarehk_Rsa_Sign = NULL; - p_surewarehk_Dsa_Sign = NULL; - p_surewarehk_Info_Pubkey = NULL; - p_surewarehk_Load_Dsa_Pubkey = NULL; - p_surewarehk_Mod_Exp = NULL; - return 0; -} - -static int surewarehk_finish(ENGINE *e) -{ - int to_return = 1; - if (surewarehk_dso == NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED); - to_return = 0; - goto err; - } - p_surewarehk_Finish(); - if (!DSO_free(surewarehk_dso)) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE); - to_return = 0; - goto err; - } - err: - BIO_free(logstream); - surewarehk_dso = NULL; - p_surewarehk_Init = NULL; - p_surewarehk_Finish = NULL; - p_surewarehk_Rand_Bytes = NULL; - p_surewarehk_Rand_Seed = NULL; - p_surewarehk_Load_Privkey = NULL; - p_surewarehk_Load_Rsa_Pubkey = NULL; - p_surewarehk_Free = NULL; - p_surewarehk_Rsa_Priv_Dec = NULL; - p_surewarehk_Rsa_Sign = NULL; - p_surewarehk_Dsa_Sign = NULL; - p_surewarehk_Info_Pubkey = NULL; - p_surewarehk_Load_Dsa_Pubkey = NULL; - p_surewarehk_Mod_Exp = NULL; - return to_return; -} - -static void surewarehk_error_handling(char *const msg, int func, int ret) -{ - switch (ret) { - case SUREWAREHOOK_ERROR_UNIT_FAILURE: - ENGINEerr(func, SUREWARE_R_UNIT_FAILURE); - break; - case SUREWAREHOOK_ERROR_FALLBACK: - ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK); - break; - case SUREWAREHOOK_ERROR_DATA_SIZE: - ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - break; - case SUREWAREHOOK_ERROR_INVALID_PAD: - ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED); - break; - default: - ENGINEerr(func, SUREWARE_R_REQUEST_FAILED); - break; - case 1: /* nothing */ - msg[0] = '\0'; - } - if (*msg) { - ERR_add_error_data(1, msg); - if (logstream) { - CRYPTO_w_lock(CRYPTO_LOCK_BIO); - BIO_write(logstream, msg, strlen(msg)); - CRYPTO_w_unlock(CRYPTO_LOCK_BIO); - } - } -} - -static int surewarehk_rand_bytes(unsigned char *buf, int num) -{ - int ret = 0; - char msg[64] = "ENGINE_rand_bytes"; - if (!p_surewarehk_Rand_Bytes) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES, - ENGINE_R_NOT_INITIALISED); - } else { - ret = p_surewarehk_Rand_Bytes(msg, buf, num); - surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret); - } - return ret == 1 ? 1 : 0; -} - -static int surewarehk_rand_seed(const void *buf, int num) -{ - int ret = 0; - char msg[64] = "ENGINE_rand_seed"; - if (!p_surewarehk_Rand_Seed) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED, - ENGINE_R_NOT_INITIALISED); - return 0; - } else { - ret = p_surewarehk_Rand_Seed(msg, buf, num); - surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret); - if (ret == 1) - return 1; - else - return 0; - } -} - -static int surewarehk_rand_add(const void *buf, int num, double entropy) -{ - return surewarehk_rand_seed(buf, num); -} - -static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, - char *hptr, unsigned long el, - char keytype) -{ - EVP_PKEY *res = NULL; -# ifndef OPENSSL_NO_RSA - RSA *rsatmp = NULL; -# endif -# ifndef OPENSSL_NO_DSA - DSA *dsatmp = NULL; -# endif - char msg[64] = "sureware_load_public"; - int ret = 0; - if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) { - SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, - ENGINE_R_NOT_INITIALISED); - goto err; - } - switch (keytype) { -# ifndef OPENSSL_NO_RSA - case 1: - /*RSA*/ - /* set private external reference */ - rsatmp = RSA_new_method(e); - RSA_set_ex_data(rsatmp, rsaHndidx, hptr); - rsatmp->flags |= RSA_FLAG_EXT_PKEY; - - /* set public big nums */ - rsatmp->e = BN_new(); - rsatmp->n = BN_new(); - if (!rsatmp->e || !rsatmp->n) - goto err; - bn_expand2(rsatmp->e, el / sizeof(BN_ULONG)); - bn_expand2(rsatmp->n, el / sizeof(BN_ULONG)); - if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) || - rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG))) - goto err; - ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el, - (unsigned long *)rsatmp->n->d, - (unsigned long *)rsatmp->e->d); - surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret); - if (ret != 1) { - SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, - ENGINE_R_FAILED_LOADING_PUBLIC_KEY); - goto err; - } - /* normalise pub e and pub n */ - rsatmp->e->top = el / sizeof(BN_ULONG); - bn_fix_top(rsatmp->e); - rsatmp->n->top = el / sizeof(BN_ULONG); - bn_fix_top(rsatmp->n); - /* create an EVP object: engine + rsa key */ - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rsatmp); - break; -# endif - -# ifndef OPENSSL_NO_DSA - case 2: - /*DSA*/ - /* set private/public external reference */ - dsatmp = DSA_new_method(e); - DSA_set_ex_data(dsatmp, dsaHndidx, hptr); - /* - * dsatmp->flags |= DSA_FLAG_EXT_PKEY; - */ - - /* set public key */ - dsatmp->pub_key = BN_new(); - dsatmp->p = BN_new(); - dsatmp->q = BN_new(); - dsatmp->g = BN_new(); - if (!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g) - goto err; - bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG)); - bn_expand2(dsatmp->p, el / sizeof(BN_ULONG)); - bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG)); - bn_expand2(dsatmp->g, el / sizeof(BN_ULONG)); - if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG)) - || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG)) - || dsatmp->q->dmax != 20 / sizeof(BN_ULONG) - || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG))) - goto err; - - ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el, - (unsigned long *)dsatmp-> - pub_key->d, - (unsigned long *)dsatmp->p->d, - (unsigned long *)dsatmp->q->d, - (unsigned long *)dsatmp->g->d); - surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret); - if (ret != 1) { - SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, - ENGINE_R_FAILED_LOADING_PUBLIC_KEY); - goto err; - } - /* set parameters */ - /* normalise pubkey and parameters in case of */ - dsatmp->pub_key->top = el / sizeof(BN_ULONG); - bn_fix_top(dsatmp->pub_key); - dsatmp->p->top = el / sizeof(BN_ULONG); - bn_fix_top(dsatmp->p); - dsatmp->q->top = 20 / sizeof(BN_ULONG); - bn_fix_top(dsatmp->q); - dsatmp->g->top = el / sizeof(BN_ULONG); - bn_fix_top(dsatmp->g); - - /* create an EVP object: engine + rsa key */ - res = EVP_PKEY_new(); - EVP_PKEY_assign_DSA(res, dsatmp); - break; -# endif - - default: - SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, - ENGINE_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - return res; - err: -# ifndef OPENSSL_NO_RSA - RSA_free(rsatmp); -# endif -# ifndef OPENSSL_NO_DSA - DSA_free(dsatmp); -# endif - return NULL; -} - -static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ - EVP_PKEY *res = NULL; - int ret = 0; - unsigned long el = 0; - char *hptr = NULL; - char keytype = 0; - char msg[64] = "ENGINE_load_privkey"; - - if (!p_surewarehk_Load_Privkey) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY, - ENGINE_R_NOT_INITIALISED); - } else { - ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype); - if (ret != 1) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY, - ENGINE_R_FAILED_LOADING_PRIVATE_KEY); - ERR_add_error_data(1, msg); - } else - res = sureware_load_public(e, key_id, hptr, el, keytype); - } - return res; -} - -static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ - EVP_PKEY *res = NULL; - int ret = 0; - unsigned long el = 0; - char *hptr = NULL; - char keytype = 0; - char msg[64] = "ENGINE_load_pubkey"; - - if (!p_surewarehk_Info_Pubkey) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY, - ENGINE_R_NOT_INITIALISED); - } else { - /* call once to identify if DSA or RSA */ - ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype); - if (ret != 1) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY, - ENGINE_R_FAILED_LOADING_PUBLIC_KEY); - ERR_add_error_data(1, msg); - } else - res = sureware_load_public(e, key_id, hptr, el, keytype); - } - return res; -} - -/* - * This cleans up an RSA/DSA KM key(do not destroy the key into the hardware) - * , called when ex_data is freed - */ -static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) -{ - if (!p_surewarehk_Free) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED); - } else - p_surewarehk_Free((char *)item, 0); -} - -/* - * return number of decrypted bytes - */ -# ifndef OPENSSL_NO_RSA -static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - int ret = 0, tlen; - char *buf = NULL, *hptr = NULL; - char msg[64] = "ENGINE_rsa_priv_dec"; - if (!p_surewarehk_Rsa_Priv_Dec) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, - ENGINE_R_NOT_INITIALISED); - } - /* extract ref to private key */ - else if ((hptr = RSA_get_ex_data(rsa, rsaHndidx)) == NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, - SUREWARE_R_MISSING_KEY_COMPONENTS); - goto err; - } - /* analyse what padding we can do into the hardware */ - if (padding == RSA_PKCS1_PADDING) { - /* do it one shot */ - ret = - p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen, - to, hptr, SUREWARE_PKCS1_PAD); - surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, - ret); - if (ret != 1) - goto err; - ret = tlen; - } else { /* do with no padding into hardware */ - - ret = - p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen, - to, hptr, SUREWARE_NO_PAD); - surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, - ret); - if (ret != 1) - goto err; - /* intermediate buffer for padding */ - if ((buf = OPENSSL_malloc(tlen)) == NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, - ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(buf, to, tlen); /* transfert to into buf */ - switch (padding) { /* check padding in software */ - case RSA_PKCS1_OAEP_PADDING: - ret = - RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf, - tlen, tlen, NULL, 0); - break; - case RSA_SSLV23_PADDING: - ret = - RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen, - tlen); - break; - case RSA_NO_PADDING: - ret = - RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen, - tlen); - break; - default: - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, - SUREWARE_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (ret < 0) - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, - SUREWARE_R_PADDING_CHECK_FAILED); - } - err: - OPENSSL_clear_free(buf, tlen); - return ret; -} - -/* - * Does what OpenSSL rsa_priv_enc does. - */ -static int surewarehk_rsa_sign(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - int ret = 0, tlen; - char *hptr = NULL; - char msg[64] = "ENGINE_rsa_sign"; - if (!p_surewarehk_Rsa_Sign) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED); - } - /* extract ref to private key */ - else if ((hptr = RSA_get_ex_data(rsa, rsaHndidx)) == NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, - SUREWARE_R_MISSING_KEY_COMPONENTS); - } else { - switch (padding) { - case RSA_PKCS1_PADDING: /* do it in one shot */ - ret = - p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen, - to, hptr, SUREWARE_PKCS1_PAD); - surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN, - ret); - break; - case RSA_NO_PADDING: - default: - SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, - SUREWARE_R_UNKNOWN_PADDING_TYPE); - } - } - return ret == 1 ? tlen : ret; -} - -# endif - -# ifndef OPENSSL_NO_DSA -/* DSA sign and verify */ -static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen, - DSA *dsa) -{ - int ret = 0; - char *hptr = NULL; - DSA_SIG *psign = NULL; - char msg[64] = "ENGINE_dsa_do_sign"; - if (!p_surewarehk_Dsa_Sign) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, - ENGINE_R_NOT_INITIALISED); - goto err; - } - /* extract ref to private key */ - else if ((hptr = DSA_get_ex_data(dsa, dsaHndidx)) == NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, - SUREWARE_R_MISSING_KEY_COMPONENTS); - goto err; - } else { - if ((psign = DSA_SIG_new()) == NULL) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, - ERR_R_MALLOC_FAILURE); - goto err; - } - psign->r = BN_new(); - psign->s = BN_new(); - if (!psign->r || !psign->s) - goto err; - bn_expand2(psign->r, 20 / sizeof(BN_ULONG)); - bn_expand2(psign->s, 20 / sizeof(BN_ULONG)); - if (psign->r->dmax != 20 / sizeof(BN_ULONG) || - psign->s->dmax != 20 / sizeof(BN_ULONG)) - goto err; - ret = p_surewarehk_Dsa_Sign(msg, flen, from, - (unsigned long *)psign->r->d, - (unsigned long *)psign->s->d, hptr); - surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, - ret); - } - psign->r->top = 20 / sizeof(BN_ULONG); - bn_fix_top(psign->r); - psign->s->top = 20 / sizeof(BN_ULONG); - bn_fix_top(psign->s); - - err: - if (psign) { - DSA_SIG_free(psign); - psign = NULL; - } - return psign; -} -# endif - -static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - int ret = 0; - char msg[64] = "ENGINE_modexp"; - if (!p_surewarehk_Mod_Exp) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED); - } else if (r) { - bn_expand2(r, m->top); - if (r->dmax == m->top) { - /* do it */ - ret = p_surewarehk_Mod_Exp(msg, - m->top * sizeof(BN_ULONG), - (unsigned long *)m->d, - p->top * sizeof(BN_ULONG), - (unsigned long *)p->d, - a->top * sizeof(BN_ULONG), - (unsigned long *)a->d, - (unsigned long *)r->d); - surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret); - if (ret == 1) { - /* normalise result */ - r->top = m->top; - bn_fix_top(r); - } - } - } - return ret; -} -# endif /* !OPENSSL_NO_HW_SUREWARE */ -#endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_sureware.ec b/engines/e_sureware.ec deleted file mode 100644 index 3d266b8b7c..0000000000 --- a/engines/e_sureware.ec +++ /dev/null @@ -1 +0,0 @@ -L SUREWARE e_sureware_err.h e_sureware_err.c diff --git a/engines/e_sureware_err.c b/engines/e_sureware_err.c deleted file mode 100644 index f6f7eff3ab..0000000000 --- a/engines/e_sureware_err.c +++ /dev/null @@ -1,154 +0,0 @@ -/* e_sureware_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_sureware_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA SUREWARE_str_functs[] = { - {ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"}, - {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"}, - {ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"}, - {0, NULL} -}; - -static ERR_STRING_DATA SUREWARE_str_reasons[] = { - {ERR_REASON(SUREWARE_R_BIO_WAS_FREED), "bio was freed"}, - {ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS), "missing key components"}, - {ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED), "padding check failed"}, - {ERR_REASON(SUREWARE_R_REQUEST_FAILED), "request failed"}, - {ERR_REASON(SUREWARE_R_REQUEST_FALLBACK), "request fallback"}, - {ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL), - "size too large or too small"}, - {ERR_REASON(SUREWARE_R_UNIT_FAILURE), "unit failure"}, - {ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE), "unknown padding type"}, - {0, NULL} -}; - -#endif - -#ifdef SUREWARE_LIB_NAME -static ERR_STRING_DATA SUREWARE_lib_name[] = { - {0, SUREWARE_LIB_NAME}, - {0, NULL} -}; -#endif - -static int SUREWARE_lib_error_code = 0; -static int SUREWARE_error_init = 1; - -static void ERR_load_SUREWARE_strings(void) -{ - if (SUREWARE_lib_error_code == 0) - SUREWARE_lib_error_code = ERR_get_next_error_library(); - - if (SUREWARE_error_init) { - SUREWARE_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_functs); - ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons); -#endif - -#ifdef SUREWARE_LIB_NAME - SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code, 0, 0); - ERR_load_strings(0, SUREWARE_lib_name); -#endif - } -} - -static void ERR_unload_SUREWARE_strings(void) -{ - if (SUREWARE_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_functs); - ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons); -#endif - -#ifdef SUREWARE_LIB_NAME - ERR_unload_strings(0, SUREWARE_lib_name); -#endif - SUREWARE_error_init = 1; - } -} - -static void ERR_SUREWARE_error(int function, int reason, char *file, int line) -{ - if (SUREWARE_lib_error_code == 0) - SUREWARE_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(SUREWARE_lib_error_code, function, reason, file, line); -} diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h deleted file mode 100644 index bef8623925..0000000000 --- a/engines/e_sureware_err.h +++ /dev/null @@ -1,104 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_SUREWARE_ERR_H -# define HEADER_SUREWARE_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_SUREWARE_strings(void); -static void ERR_unload_SUREWARE_strings(void); -static void ERR_SUREWARE_error(int function, int reason, char *file, - int line); -# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the SUREWARE functions. */ - -/* Function codes. */ -# define SUREWARE_F_SUREWAREHK_CTRL 100 -# define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112 -# define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101 -# define SUREWARE_F_SUREWAREHK_EX_FREE 102 -# define SUREWARE_F_SUREWAREHK_FINISH 103 -# define SUREWARE_F_SUREWAREHK_INIT 104 -# define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105 -# define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113 -# define SUREWARE_F_SUREWAREHK_MODEXP 107 -# define SUREWARE_F_SUREWAREHK_RAND_BYTES 108 -# define SUREWARE_F_SUREWAREHK_RAND_SEED 109 -# define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110 -# define SUREWARE_F_SUREWAREHK_RSA_SIGN 111 -# define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106 - -/* Reason codes. */ -# define SUREWARE_R_BIO_WAS_FREED 100 -# define SUREWARE_R_MISSING_KEY_COMPONENTS 105 -# define SUREWARE_R_PADDING_CHECK_FAILED 106 -# define SUREWARE_R_REQUEST_FAILED 101 -# define SUREWARE_R_REQUEST_FALLBACK 102 -# define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103 -# define SUREWARE_R_UNIT_FAILURE 104 -# define SUREWARE_R_UNKNOWN_PADDING_TYPE 107 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/engines/makeengines.com b/engines/makeengines.com index a0bd168fa2..944e415f20 100644 --- a/engines/makeengines.com +++ b/engines/makeengines.com @@ -94,7 +94,7 @@ $! library that isn't necessarely ported to VMS. $! $ ENGINES = "," + P6 $ IF ENGINES .EQS. "," THEN - - ENGINES = ",4758cca,padlock,capi," + ENGINES = ",padlock,capi," $! $! GOST requires a 64-bit integer type, unavailable on VAX. $! @@ -155,7 +155,6 @@ $ ENGINE_ = "engine_vector.mar" $ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ" $ TV_OBJ = ",''TV_OBJ_NAME'" $ ENDIF -$ ENGINE_4758CCA = "e_4758cca" $ ENGINE_padlock = "e_padlock" $ ENGINE_capi = "e_capi" $ diff --git a/engines/vendor_defns/aep.h b/engines/vendor_defns/aep.h deleted file mode 100644 index 04ab87eb9c..0000000000 --- a/engines/vendor_defns/aep.h +++ /dev/null @@ -1,235 +0,0 @@ -/* - * This header declares the necessary definitions for using the - * exponentiation acceleration capabilities, and rnd number generation of the - * AEP card. - */ - -/* - * - * Some AEP defines - * - */ - -/* - * Successful return value - */ -#define AEP_R_OK 0x00000000 - -/* - * Miscelleanous unsuccessful return value - */ -#define AEP_R_GENERAL_ERROR 0x10000001 - -/* - * Insufficient host memory - */ -#define AEP_R_HOST_MEMORY 0x10000002 - -#define AEP_R_FUNCTION_FAILED 0x10000006 - -/* - * Invalid arguments in function call - */ -#define AEP_R_ARGUMENTS_BAD 0x10020000 - -#define AEP_R_NO_TARGET_RESOURCES 0x10030000 - -/* - * Error occuring on socket operation - */ -#define AEP_R_SOCKERROR 0x10000010 - -/* - * Socket has been closed from the other end - */ -#define AEP_R_SOCKEOF 0x10000011 - -/* - * Invalid handles - */ -#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3 - -#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000 - -/* - * Transaction has not yet returned from accelerator - */ -#define AEP_R_TRANSACTION_NOT_READY 0x00010000 - -/* - * There is already a thread waiting on this transaction - */ -#define AEP_R_TRANSACTION_CLAIMED 0x10050000 - -/* - * The transaction timed out - */ -#define AEP_R_TIMED_OUT 0x10060000 - -#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000 - -#define AEP_R_TARGET_ERROR 0x10080000 - -/* - * Error in the AEP daemon process - */ -#define AEP_R_DAEMON_ERROR 0x10090000 - -/* - * Invalid ctx id - */ -#define AEP_R_INVALID_CTX_ID 0x10009000 - -#define AEP_R_NO_KEY_MANAGER 0x1000a000 - -/* - * Error obtaining a mutex - */ -#define AEP_R_MUTEX_BAD 0x000001A0 - -/* - * Fxn call before AEP_Initialise ot after AEP_Finialise - */ -#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190 - -/* - * AEP_Initialise has already been called - */ -#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191 - -/* - * Maximum number of connections to daemon reached - */ -#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200 - -/* - * - * Some AEP Type definitions - * - */ - -/* an unsigned 8-bit value */ -typedef unsigned char AEP_U8; - -/* an unsigned 8-bit character */ -typedef char AEP_CHAR; - -/* a BYTE-sized Boolean flag */ -typedef AEP_U8 AEP_BBOOL; - -/* - * Unsigned value, at least 16 bits long - */ -typedef unsigned short AEP_U16; - -/* an unsigned value, at least 32 bits long */ -#ifdef SIXTY_FOUR_BIT_LONG -typedef unsigned int AEP_U32; -#else -typedef unsigned long AEP_U32; -#endif - -#ifdef SIXTY_FOUR_BIT_LONG -typedef unsigned long AEP_U64; -#else -typedef struct { - unsigned long l1, l2; -} AEP_U64; -#endif - -/* at least 32 bits; each bit is a Boolean flag */ -typedef AEP_U32 AEP_FLAGS; - -typedef AEP_U8 *AEP_U8_PTR; -typedef AEP_CHAR *AEP_CHAR_PTR; -typedef AEP_U32 *AEP_U32_PTR; -typedef AEP_U64 *AEP_U64_PTR; -typedef void *AEP_VOID_PTR; - -/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */ -typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR; - -/* - * Used to identify an AEP connection handle - */ -typedef AEP_U32 AEP_CONNECTION_HNDL; - -/* - * Pointer to an AEP connection handle - */ -typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR; - -/* - * Used by an application (in conjunction with the apps process id) to - * identify an individual transaction - */ -typedef AEP_U32 AEP_TRANSACTION_ID; - -/* - * Pointer to an applications transaction identifier - */ -typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR; - -/* - * Return value type - */ -typedef AEP_U32 AEP_RV; - -#define MAX_PROCESS_CONNECTIONS 256 - -#define RAND_BLK_SIZE 1024 - -typedef enum { - NotConnected = 0, - Connected = 1, - InUse = 2 -} AEP_CONNECTION_STATE; - -typedef struct AEP_CONNECTION_ENTRY { - AEP_CONNECTION_STATE conn_state; - AEP_CONNECTION_HNDL conn_hndl; -} AEP_CONNECTION_ENTRY; - -typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection); -typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection); - -typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection, - AEP_VOID_PTR pA, AEP_VOID_PTR pP, - AEP_VOID_PTR pN, - AEP_VOID_PTR pResult, - AEP_TRANSACTION_ID *pidTransID); - -typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection, - AEP_VOID_PTR pA, AEP_VOID_PTR pP, - AEP_VOID_PTR pQ, - AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1, - AEP_VOID_PTR pIqmp, - AEP_VOID_PTR pResult, - AEP_TRANSACTION_ID *pidTransID); - -#ifdef AEPRAND -typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection, - AEP_U32 Len, - AEP_U32 Type, - AEP_VOID_PTR pResult, - AEP_TRANSACTION_ID *pidTransID); -#endif - -typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs); -typedef AEP_RV t_AEP_Finalize(void); -typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc) - (AEP_VOID_PTR ArbBigNum, - AEP_U32 *BigNumSize), - AEP_RV (*MakeAEPBigNumFunc) (AEP_VOID_PTR - ArbBigNum, - AEP_U32 - BigNumSize, - unsigned char - *AEP_BigNum), - AEP_RV (*ConverAEPBigNumFunc) (void - *ArbBigNum, - AEP_U32 - BigNumSize, - unsigned - char - *AEP_BigNum)); diff --git a/engines/vendor_defns/atalla.h b/engines/vendor_defns/atalla.h deleted file mode 100644 index 60e7eda5f2..0000000000 --- a/engines/vendor_defns/atalla.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * This header declares the necessary definitions for using the - * exponentiation acceleration capabilities of Atalla cards. The only - * cryptographic operation is performed by "ASI_RSAPrivateKeyOpFn" and this - * takes a structure that defines an "RSA private key". However, it is really - * only performing a regular mod_exp using the supplied modulus and exponent - * - no CRT form is being used. Hence, it is a generic mod_exp function in - * disguise, and we use it as such. Thanks to the people at Atalla for - * letting me know these definitions are fine and that they can be reproduced - * here. Geoff. - */ - -typedef struct ItemStr { - unsigned char *data; - int len; -} Item; - -typedef struct RSAPrivateKeyStr { - void *reserved; - Item version; - Item modulus; - Item publicExponent; - Item privateExponent; - Item prime[2]; - Item exponent[2]; - Item coefficient; -} RSAPrivateKey; - -/* - * Predeclare the function pointer types that we dynamically load from the - * DSO. These use the same names and form that Ben's original support code - * had (in crypto/bn/bn_exp.c) unless of course I've inadvertently changed - * the style somewhere along the way! - */ - -typedef int tfnASI_GetPerformanceStatistics(int reset_flag, - unsigned int *ret_buf); - -typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf); - -typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey, - unsigned char *output, - unsigned char *input, - unsigned int modulus_len); diff --git a/engines/vendor_defns/cswift.h b/engines/vendor_defns/cswift.h deleted file mode 100644 index a5af7621b5..0000000000 --- a/engines/vendor_defns/cswift.h +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Attribution notice: Rainbow have generously allowed me to reproduce the - * necessary definitions here from their API. This means the support can - * build independently of whether application builders have the API or - * hardware. This will allow developers to easily produce software that has - * latent hardware support for any users that have accelertors installed, - * without the developers themselves needing anything extra. I have only - * clipped the parts from the CryptoSwift header files that are (or seem) - * relevant to the CryptoSwift support code. This is simply to keep the file - * sizes reasonable. [Geoff] - */ - -/* - * NB: These type widths do *not* seem right in general, in particular - * they're not terribly friendly to 64-bit architectures (unsigned long) will - * be 64-bit on IA-64 for a start. I'm leaving these alone as they agree with - * Rainbow's API and this will only be called into question on platforms with - * Rainbow support anyway! ;-) - */ - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - - typedef long SW_STATUS; /* status */ - typedef unsigned char SW_BYTE; /* 8 bit byte */ - typedef unsigned short SW_U16; /* 16 bit number */ -#if defined(_IRIX) -# include <sgidefs.h> - typedef __uint32_t SW_U32; -#else - typedef unsigned long SW_U32; /* 32 bit integer */ -#endif - -#if defined(OPENSSL_SYS_WIN32) - typedef struct _SW_U64 { - SW_U32 low32; - SW_U32 high32; - } SW_U64; /* 64 bit integer */ -#else /* Unix variants */ - typedef struct _SW_U64 { - SW_U32 low32; - SW_U32 high32; - } SW_U64; /* 64 bit integer */ -#endif - -/* status codes */ -#define SW_OK (0L) -#define SW_ERR_BASE (-10000L) -#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */ -#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */ - /* up yet */ -#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */ - /* time out */ -#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */ - /* execute the command */ -#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */ - /* NULL */ -#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */ - /* small, too large. */ -#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */ - /* handle */ -#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */ - /* standing at this */ - /* context handle */ -#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */ -#define SW_ERR_NO_PENDING (SW_ERR_BASE-10) /* No request is pending. */ -#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11) /* Not enough memory */ -#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12) /* Invalid algorithm type */ - /* in SW_PARAM structure */ -#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13) /* No key is associated with */ - /* context. */ - /* swAttachKeyParam() is */ - /* not called. */ -#define SW_ERR_KEY_CMD_MISMATCH \ - (SW_ERR_BASE-14) /* Cannot perform requested */ - /* SW_COMMAND_CODE since */ - /* key attached via */ - /* swAttachKeyParam() */ - /* cannot be used for this */ - /* SW_COMMAND_CODE. */ -#define SW_ERR_NOT_IMPLEMENTED \ - (SW_ERR_BASE-15) /* Not implemented */ -#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16) /* Bad command code */ -#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17) /* too small or too large in */ - /* the "initems" or */ - /* "outitems". */ -#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18) /* Bad accelerator number */ -#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19) /* At least one of the self */ - /* test fail, look at the */ - /* selfTestBitmap in */ - /* SW_ACCELERATOR_INFO for */ - /* details. */ -#define SW_ERR_MISALIGN (SW_ERR_BASE-20) /* Certain alogrithms require */ - /* key materials aligned */ - /* in certain order, e.g. */ - /* 128 bit for CRT */ -#define SW_ERR_OUTPUT_NULL_PTR \ - (SW_ERR_BASE-21) /* a required pointer is */ - /* NULL */ -#define SW_ERR_OUTPUT_SIZE \ - (SW_ERR_BASE-22) /* size is invalid, too */ - /* small, too large. */ -#define SW_ERR_FIRMWARE_CHECKSUM \ - (SW_ERR_BASE-23) /* firmware checksum mismatch */ - /* download failed. */ -#define SW_ERR_UNKNOWN_FIRMWARE \ - (SW_ERR_BASE-24) /* unknown firmware error */ -#define SW_ERR_INTERRUPT (SW_ERR_BASE-25) /* request is abort when */ - /* it's waiting to be */ - /* completed. */ -#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26) /* error in writing to Non- */ - /* volatile memory */ -#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27) /* out of range error in */ - /* writing to NV memory */ -#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28) /* Random Number Generation */ - /* failure */ -#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29) /* DSS Sign or Verify failure */ -#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30) /* Failure in various math */ - /* calculations */ -#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31) /* Error in accessing on - */ - /* board memory */ -#define SW_ERR_FIRMWARE_VERSION \ - (SW_ERR_BASE-32) /* Wrong version in firmware */ - /* update */ -#define SW_ERR_ZERO_WORKING_ACCELERATOR \ - (SW_ERR_BASE-44) /* All accelerators are bad */ - - /* algorithm type */ -#define SW_ALG_CRT 1 -#define SW_ALG_EXP 2 -#define SW_ALG_DSA 3 -#define SW_ALG_NVDATA 4 - - /* command code */ -#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */ - /* Chinese Remainder Theorem (CRT) */ -#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */ -#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */ -#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */ -#define SW_CMD_RAND 5 /* perform random number generation */ -#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */ -#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */ - - typedef SW_U32 SW_ALGTYPE; /* alogrithm type */ - typedef SW_U32 SW_STATE; /* state */ - typedef SW_U32 SW_COMMAND_CODE; /* command code */ - typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */ - - typedef struct _SW_LARGENUMBER { - SW_U32 nbytes; /* number of bytes in the buffer "value" */ - SW_BYTE *value; /* the large integer as a string of */ - /* bytes in network (big endian) order */ - } SW_LARGENUMBER; - -#if defined(OPENSSL_SYS_WIN32) -# include <windows.h> - typedef HANDLE SW_OSHANDLE; /* handle to kernel object */ -# define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE -# define SW_CALLCONV _stdcall -#else /* Unix variants */ - typedef int SW_OSHANDLE; /* handle to driver */ -# define SW_OS_INVALID_HANDLE (-1) -# define SW_CALLCONV -#endif - - typedef struct _SW_CRT { - SW_LARGENUMBER p; /* prime number p */ - SW_LARGENUMBER q; /* prime number q */ - SW_LARGENUMBER dmp1; /* exponent1 */ - SW_LARGENUMBER dmq1; /* exponent2 */ - SW_LARGENUMBER iqmp; /* CRT coefficient */ - } SW_CRT; - - typedef struct _SW_EXP { - SW_LARGENUMBER modulus; /* modulus */ - SW_LARGENUMBER exponent; /* exponent */ - } SW_EXP; - - typedef struct _SW_DSA { - SW_LARGENUMBER p; /* */ - SW_LARGENUMBER q; /* */ - SW_LARGENUMBER g; /* */ - SW_LARGENUMBER key; /* private/public key */ - } SW_DSA; - - typedef struct _SW_NVDATA { - SW_U32 accnum; /* accelerator board number */ - SW_U32 offset; /* offset in byte */ - } SW_NVDATA; - - typedef struct _SW_PARAM { - SW_ALGTYPE type; /* type of the alogrithm */ - union { - SW_CRT crt; - SW_EXP exp; - SW_DSA dsa; - SW_NVDATA nvdata; - } up; - } SW_PARAM; - - typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */ - - /* - * Now the OpenSSL bits, these function types are the for the function - * pointers that will bound into the Rainbow shared libraries. - */ - typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE - *hac); - typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac, - SW_PARAM *key_params); - typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac, - SW_COMMAND_CODE cmd, - SW_LARGENUMBER pin[], - SW_U32 pin_count, - SW_LARGENUMBER pout[], - SW_U32 pout_count); - typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE - hac); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ diff --git a/engines/vendor_defns/hw_4758_cca.h b/engines/vendor_defns/hw_4758_cca.h deleted file mode 100644 index 235543ad71..0000000000 --- a/engines/vendor_defns/hw_4758_cca.h +++ /dev/null @@ -1,150 +0,0 @@ -/**********************************************************************/ -/* */ -/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */ -/* */ -/* Maurice Gittens <maurice@gittens.nl> */ -/* */ -/**********************************************************************/ - -#ifndef __HW_4758_CCA__ -# define __HW_4758_CCA__ - -/* - * Only WIN32 support for now - */ -# if defined(WIN32) - -# define CCA_LIB_NAME "CSUNSAPI" - -# define CSNDPKX "CSNDPKX_32" -# define CSNDKRR "CSNDKRR_32" -# define CSNDPKE "CSNDPKE_32" -# define CSNDPKD "CSNDPKD_32" -# define CSNDDSV "CSNDDSV_32" -# define CSNDDSG "CSNDDSG_32" -# define CSNBRNG "CSNBRNG_32" - -# define SECURITYAPI __stdcall -# else - /* - * Fixme!! Find out the values of these constants for other platforms. - */ -# define CCA_LIB_NAME "CSUNSAPI" - -# define CSNDPKX "CSNDPKX" -# define CSNDKRR "CSNDKRR" -# define CSNDPKE "CSNDPKE" -# define CSNDPKD "CSNDPKD" -# define CSNDDSV "CSNDDSV" -# define CSNDDSG "CSNDDSG" -# define CSNBRNG "CSNBRNG" - -# define SECURITYAPI -# endif - -/* - * security API prototypes - */ - -/* PKA Key Record Read */ -typedef void (SECURITYAPI * F_KEYRECORDREAD) - (long *return_code, - long *reason_code, - long *exit_data_length, - unsigned char *exit_data, - long *rule_array_count, - unsigned char *rule_array, - unsigned char *key_label, long *key_token_length, unsigned char *key_token); - -/* Random Number Generate */ -typedef void (SECURITYAPI * F_RANDOMNUMBERGENERATE) - (long *return_code, - long *reason_code, - long *exit_data_length, - unsigned char *exit_data, - unsigned char *form, unsigned char *random_number); - -/* Digital Signature Generate */ -typedef void (SECURITYAPI * F_DIGITALSIGNATUREGENERATE) - (long *return_code, - long *reason_code, - long *exit_data_length, - unsigned char *exit_data, - long *rule_array_count, - unsigned char *rule_array, - long *PKA_private_key_id_length, - unsigned char *PKA_private_key_id, - long *hash_length, - unsigned char *hash, - long *signature_field_length, - long *signature_bit_length, unsigned char *signature_field); - -/* Digital Signature Verify */ -typedef void (SECURITYAPI * F_DIGITALSIGNATUREVERIFY) (long *return_code, - long *reason_code, - long *exit_data_length, - unsigned char - *exit_data, - long *rule_array_count, - unsigned char - *rule_array, - long - *PKA_public_key_id_length, - unsigned char - *PKA_public_key_id, - long *hash_length, - unsigned char *hash, - long - *signature_field_length, - unsigned char - *signature_field); - -/* PKA Public Key Extract */ -typedef void (SECURITYAPI * F_PUBLICKEYEXTRACT) (long *return_code, - long *reason_code, - long *exit_data_length, - unsigned char *exit_data, - long *rule_array_count, - unsigned char *rule_array, - long - *source_key_identifier_length, - unsigned char - *source_key_identifier, - long - *target_key_token_length, - unsigned char - *target_key_token); - -/* PKA Encrypt */ -typedef void (SECURITYAPI * F_PKAENCRYPT) - (long *return_code, - long *reason_code, - long *exit_data_length, - unsigned char *exit_data, - long *rule_array_count, - unsigned char *rule_array, - long *key_value_length, - unsigned char *key_value, - long *data_struct_length, - unsigned char *data_struct, - long *RSA_public_key_length, - unsigned char *RSA_public_key, - long *RSA_encipher_length, unsigned char *RSA_encipher); - -/* PKA Decrypt */ -typedef void (SECURITYAPI * F_PKADECRYPT) - (long *return_code, - long *reason_code, - long *exit_data_length, - unsigned char *exit_data, - long *rule_array_count, - unsigned char *rule_array, - long *enciphered_key_length, - unsigned char *enciphered_key, - long *data_struct_length, - unsigned char *data_struct, - long *RSA_private_key_length, - unsigned char *RSA_private_key, - long *key_value_length, unsigned char *key_value); - -#endif diff --git a/engines/vendor_defns/sureware.h b/engines/vendor_defns/sureware.h deleted file mode 100644 index b1423e1979..0000000000 --- a/engines/vendor_defns/sureware.h +++ /dev/null @@ -1,250 +0,0 @@ -/*- - * Written by Corinne Dive-Reclus(cdive@baltimore.com) - * - * Copyright@2001 Baltimore Technologies Ltd. - * - * THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef WIN32 -# define SW_EXPORT __declspec ( dllexport ) -#else -# define SW_EXPORT -#endif - -/* - * List of exposed SureWare errors - */ -#define SUREWAREHOOK_ERROR_FAILED -1 -#define SUREWAREHOOK_ERROR_FALLBACK -2 -#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3 -#define SUREWAREHOOK_ERROR_DATA_SIZE -4 -#define SUREWAREHOOK_ERROR_INVALID_PAD -5 -/*- -* -----------------WARNING----------------------------------- -* In all the following functions: -* msg is a string with at least 24 bytes free. -* A 24 bytes string will be concatenated to the existing content of msg. -*/ -/*- -* SureWare Initialisation function -* in param threadsafe, if !=0, thread safe enabled -* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success -*/ -typedef int SureWareHook_Init_t(char *const msg, int threadsafe); -extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init; -/*- -* SureWare Finish function -*/ -typedef void SureWareHook_Finish_t(void); -extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish; -/*- -* PRE_CONDITION: -* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE -*/ -/*- -* SureWare RAND Bytes function -* In case of failure, the content of buf is unpredictable. -* return 1 if success -* SureWareHOOK_ERROR_FALLBACK if function not available in hardware -* SureWareHOOK_ERROR_FAILED if error while processing -* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure -* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf -* -* in/out param buf : a num bytes long buffer where random bytes will be put -* in param num : the number of bytes into buf -*/ -typedef int SureWareHook_Rand_Bytes_t(char *const msg, unsigned char *buf, - int num); -extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes; - -/*- -* SureWare RAND Seed function -* Adds some seed to the Hardware Random Number Generator -* return 1 if success -* SureWareHOOK_ERROR_FALLBACK if function not available in hardware -* SureWareHOOK_ERROR_FAILED if error while processing -* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure -* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf -* -* in param buf : the seed to add into the HRNG -* in param num : the number of bytes into buf -*/ -typedef int SureWareHook_Rand_Seed_t(char *const msg, const void *buf, - int num); -extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed; - -/*- -* SureWare Load Private Key function -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* No hardware is contact for this function. -* -* in param key_id :the name of the private protected key file without the extension - ".sws" -* out param hptr : a pointer to a buffer allocated by SureWare_Hook -* out param num: the effective key length in bytes -* out param keytype: 1 if RSA 2 if DSA -*/ -typedef int SureWareHook_Load_Privkey_t(char *const msg, const char *key_id, - char **hptr, unsigned long *num, - char *keytype); -extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey; - -/*- -* SureWare Info Public Key function -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* No hardware is contact for this function. -* -* in param key_id :the name of the private protected key file without the extension - ".swp" -* out param hptr : a pointer to a buffer allocated by SureWare_Hook -* out param num: the effective key length in bytes -* out param keytype: 1 if RSA 2 if DSA -*/ -typedef int SureWareHook_Info_Pubkey_t(char *const msg, const char *key_id, - unsigned long *num, char *keytype); -extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey; - -/*- -* SureWare Load Public Key function -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* No hardware is contact for this function. -* -* in param key_id :the name of the public protected key file without the extension - ".swp" -* in param num : the bytes size of n and e -* out param n: where to write modulus in bn format -* out param e: where to write exponent in bn format -*/ -typedef int SureWareHook_Load_Rsa_Pubkey_t(char *const msg, - const char *key_id, - unsigned long num, - unsigned long *n, - unsigned long *e); -extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey; - -/*- -* SureWare Load DSA Public Key function -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* No hardware is contact for this function. -* -* in param key_id :the name of the public protected key file without the extension - ".swp" -* in param num : the bytes size of n and e -* out param pub: where to write pub key in bn format -* out param p: where to write prime in bn format -* out param q: where to write sunprime (length 20 bytes) in bn format -* out param g: where to write base in bn format -*/ -typedef int SureWareHook_Load_Dsa_Pubkey_t(char *const msg, - const char *key_id, - unsigned long num, - unsigned long *pub, - unsigned long *p, unsigned long *q, - unsigned long *g); -extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey; - -/*- -* SureWare Free function -* Destroy the key into the hardware if destroy==1 -*/ -typedef void SureWareHook_Free_t(char *p, int destroy); -extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free; - -#define SUREWARE_PKCS1_PAD 1 -#define SUREWARE_ISO9796_PAD 2 -#define SUREWARE_NO_PAD 0 -/*- -* SureWare RSA Private Decryption -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure -* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf -* -* in param flen : byte size of from and to -* in param from : encrypted data buffer, should be a not-null valid pointer -* out param tlen: byte size of decrypted data, if error, unexpected value -* out param to : decrypted data buffer, should be a not-null valid pointer -* in param prsa: a protected key pointer, should be a not-null valid pointer -* int padding: padding id as follow -* SUREWARE_PKCS1_PAD -* SUREWARE_NO_PAD -* -*/ -typedef int SureWareHook_Rsa_Priv_Dec_t(char *const msg, int flen, - unsigned char *from, int *tlen, - unsigned char *to, char *prsa, - int padding); -extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec; -/*- -* SureWare RSA Signature -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure -* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf -* -* in param flen : byte size of from and to -* in param from : encrypted data buffer, should be a not-null valid pointer -* out param tlen: byte size of decrypted data, if error, unexpected value -* out param to : decrypted data buffer, should be a not-null valid pointer -* in param prsa: a protected key pointer, should be a not-null valid pointer -* int padding: padding id as follow -* SUREWARE_PKCS1_PAD -* SUREWARE_ISO9796_PAD -* -*/ -typedef int SureWareHook_Rsa_Sign_t(char *const msg, int flen, - unsigned char *from, int *tlen, - unsigned char *to, char *prsa, - int padding); -extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign; -/*- -* SureWare DSA Signature -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure -* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf -* -* in param flen : byte size of from and to -* in param from : encrypted data buffer, should be a not-null valid pointer -* out param to : decrypted data buffer, should be a 40bytes valid pointer -* in param pdsa: a protected key pointer, should be a not-null valid pointer -* -*/ -typedef int SureWareHook_Dsa_Sign_t(char *const msg, int flen, - const unsigned char *from, - unsigned long *r, unsigned long *s, - char *pdsa); -extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign; - -/*- -* SureWare Mod Exp -* return 1 if success -* SureWareHOOK_ERROR_FAILED if error while processing -* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure -* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf -* -* mod and res are mlen bytes long. -* exp is elen bytes long -* data is dlen bytes long -* mlen,elen and dlen are all multiple of sizeof(unsigned long) -*/ -typedef int SureWareHook_Mod_Exp_t(char *const msg, int mlen, - const unsigned long *mod, int elen, - const unsigned long *exponent, int dlen, - unsigned long *data, unsigned long *res); -extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp; |