diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 48300fe769..a85cfff87b 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -60,9 +60,15 @@ #define HEADER_ENGINE_H #include +#ifndef OPENSSL_NO_RSA #include +#endif +#ifndef OPENSSL_NO_DSA #include +#endif +#ifndef OPENSSL_NO_DH #include +#endif #include #include #include @@ -71,6 +77,17 @@ extern "C" { #endif +/* Fixups for missing algorithms */ +#ifdef OPENSSL_NO_RSA +typedef void RSA_METHOD; +#endif +#ifdef OPENSSL_NO_DSA +typedef void DSA_METHOD; +#endif +#ifdef OPENSSL_NO_DH +typedef void DH_METHOD; +#endif + /* These flags are used to control combinations of algorithm (methods) * by bitwise "OR"ing. */ #define ENGINE_METHOD_RSA (unsigned int)0x0001 @@ -442,6 +459,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 #define ENGINE_F_ENGINE_FINISH 107 #define ENGINE_F_ENGINE_FREE 108 +#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 #define ENGINE_F_ENGINE_GET_NEXT 115 #define ENGINE_F_ENGINE_GET_PREV 116 #define ENGINE_F_ENGINE_INIT 119 @@ -492,6 +510,8 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 #define ENGINE_R_CONFLICTING_ENGINE_ID 103 #define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +#define ENGINE_R_DH_NOT_IMPLEMENTED 139 +#define ENGINE_R_DSA_NOT_IMPLEMENTED 140 #define ENGINE_R_DSO_FAILURE 104 #define ENGINE_R_DSO_FUNCTION_NOT_FOUND 131 #define ENGINE_R_DSO_NOT_FOUND 132 @@ -515,9 +535,11 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_NO_REFERENCE 130 #define ENGINE_R_NO_SUCH_ENGINE 116 #define ENGINE_R_NO_UNLOAD_FUNCTION 126 +#define ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED 142 #define ENGINE_R_PROVIDE_PARAMETERS 113 #define ENGINE_R_REQUEST_FAILED 114 #define ENGINE_R_REQUEST_FALLBACK 118 +#define ENGINE_R_RSA_NOT_IMPLEMENTED 141 #define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122 #define ENGINE_R_UNIT_FAILURE 115 diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c index 24202a1bee..33e1ede2db 100644 --- a/crypto/engine/engine_err.c +++ b/crypto/engine/engine_err.c @@ -86,6 +86,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"}, {ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, {ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"}, +{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"}, {ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"}, {ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"}, {ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, @@ -139,6 +140,8 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"}, {ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, {ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"}, +{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"}, {ENGINE_R_DSO_FAILURE ,"DSO failure"}, {ENGINE_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"}, {ENGINE_R_DSO_NOT_FOUND ,"dso not found"}, @@ -162,9 +165,11 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ENGINE_R_NO_REFERENCE ,"no reference"}, {ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, {ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, +{ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"}, {ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, {ENGINE_R_REQUEST_FAILED ,"request failed"}, {ENGINE_R_REQUEST_FALLBACK ,"request fallback"}, +{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"}, {ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, {ENGINE_R_UNIT_FAILURE ,"unit failure"}, {0,NULL} diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c index eb9f2c4daa..ef94227e04 100644 --- a/crypto/engine/engine_lib.c +++ b/crypto/engine/engine_lib.c @@ -67,9 +67,15 @@ * reference and the caller is responsible for freeing that when they * are finished with it (with a call to ENGINE_finish() *NOT* just * ENGINE_free()!!!!!!). */ +#ifndef OPENSSL_NO_RSA static ENGINE *engine_def_rsa = NULL; +#endif +#ifndef OPENSSL_NO_DSA static ENGINE *engine_def_dsa = NULL; +#endif +#ifndef OPENSSL_NO_DH static ENGINE *engine_def_dh = NULL; +#endif static ENGINE *engine_def_rand = NULL; static ENGINE *engine_def_bn_mod_exp = NULL; static ENGINE *engine_def_bn_mod_exp_crt = NULL; @@ -125,9 +131,15 @@ static void engine_def_check(void) goto skip_set_defaults; /* OK, we got a functional reference, so we get one each * for the defaults too. */ +#ifndef OPENSSL_NO_RSA engine_def_check_util(&engine_def_rsa, e); +#endif +#ifndef OPENSSL_NO_RSA engine_def_check_util(&engine_def_dsa, e); +#endif +#ifndef OPENSSL_NO_DH engine_def_check_util(&engine_def_dh, e); +#endif engine_def_check_util(&engine_def_rand, e); engine_def_check_util(&engine_def_bn_mod_exp, e); engine_def_check_util(&engine_def_bn_mod_exp_crt, e); @@ -590,12 +602,18 @@ static ENGINE *engine_get_default_type(ENGINE_TYPE t) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); switch(t) { +#ifndef OPENSSL_NO_RSA case ENGINE_TYPE_RSA: ret = engine_def_rsa; break; +#endif +#ifndef OPENSSL_NO_DSA case ENGINE_TYPE_DSA: ret = engine_def_dsa; break; +#endif +#ifndef OPENSSL_NO_DH case ENGINE_TYPE_DH: ret = engine_def_dh; break; +#endif case ENGINE_TYPE_RAND: ret = engine_def_rand; break; case ENGINE_TYPE_BN_MOD_EXP: @@ -615,20 +633,26 @@ static ENGINE *engine_get_default_type(ENGINE_TYPE t) return ret; } +#ifndef OPENSSL_NO_RSA ENGINE *ENGINE_get_default_RSA(void) { return engine_get_default_type(ENGINE_TYPE_RSA); } +#endif +#ifndef OPENSSL_NO_DSA ENGINE *ENGINE_get_default_DSA(void) { return engine_get_default_type(ENGINE_TYPE_DSA); } +#endif +#ifndef OPENSSL_NO_DH ENGINE *ENGINE_get_default_DH(void) { return engine_get_default_type(ENGINE_TYPE_DH); } +#endif ENGINE *ENGINE_get_default_RAND(void) { @@ -671,15 +695,21 @@ static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); switch(t) { +#ifndef OPENSSL_NO_RSA case ENGINE_TYPE_RSA: old = engine_def_rsa; engine_def_rsa = e; break; +#endif +#ifndef OPENSSL_NO_DSA case ENGINE_TYPE_DSA: old = engine_def_dsa; engine_def_dsa = e; break; +#endif +#ifndef OPENSSL_NO_DH case ENGINE_TYPE_DH: old = engine_def_dh; engine_def_dh = e; break; +#endif case ENGINE_TYPE_RAND: old = engine_def_rand; engine_def_rand = e; break; @@ -702,20 +732,26 @@ static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e) return 1; } +#ifndef OPENSSL_NO_RSA int ENGINE_set_default_RSA(ENGINE *e) { return engine_set_default_type(ENGINE_TYPE_RSA, e); } +#endif +#ifndef OPENSSL_NO_DSA int ENGINE_set_default_DSA(ENGINE *e) { return engine_set_default_type(ENGINE_TYPE_DSA, e); } +#endif +#ifndef OPENSSL_NO_DH int ENGINE_set_default_DH(ENGINE *e) { return engine_set_default_type(ENGINE_TYPE_DH, e); } +#endif int ENGINE_set_default_RAND(ENGINE *e) { @@ -734,15 +770,21 @@ int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e) int ENGINE_set_default(ENGINE *e, unsigned int flags) { +#ifndef OPENSSL_NO_RSA if((flags & ENGINE_METHOD_RSA) && e->rsa_meth && !ENGINE_set_default_RSA(e)) return 0; +#endif +#ifndef OPENSSL_NO_DSA if((flags & ENGINE_METHOD_DSA) && e->dsa_meth && !ENGINE_set_default_DSA(e)) return 0; +#endif +#ifndef OPENSSL_NO_DH if((flags & ENGINE_METHOD_DH) && e->dh_meth && !ENGINE_set_default_DH(e)) return 0; +#endif if((flags & ENGINE_METHOD_RAND) && e->rand_meth && !ENGINE_set_default_RAND(e)) return 0; diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c index 530207e8a6..cc57e658ab 100644 --- a/crypto/engine/engine_list.c +++ b/crypto/engine/engine_list.c @@ -402,20 +402,32 @@ int ENGINE_set_name(ENGINE *e, const char *name) int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) { +#ifndef OPENSSL_NO_RSA e->rsa_meth = rsa_meth; return 1; +#else + return 0; +#endif } int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) { +#ifndef OPENSSL_NO_DSA e->dsa_meth = dsa_meth; return 1; +#else + return 0; +#endif } int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) { +#ifndef OPENSSL_NO_DH e->dh_meth = dh_meth; return 1; +#else + return 0; +#endif } int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) @@ -482,9 +494,15 @@ int ENGINE_cpy(ENGINE *dest, const ENGINE *src) { if(ENGINE_set_id(dest, ENGINE_get_id(src)) && ENGINE_set_name(dest, ENGINE_get_name(src)) && +#ifndef OPENSSL_NO_RSA ENGINE_set_RSA(dest, ENGINE_get_RSA(src)) && +#endif +#ifndef OPENSSL_NO_RSA ENGINE_set_DSA(dest, ENGINE_get_DSA(src)) && +#endif +#ifndef OPENSSL_NO_RSA ENGINE_set_DH(dest, ENGINE_get_DH(src)) && +#endif ENGINE_set_RAND(dest, ENGINE_get_RAND(src)) && ENGINE_set_BN_mod_exp(dest, ENGINE_get_BN_mod_exp(src)) && diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c index 35cfd2354a..cd885c0409 100644 --- a/crypto/engine/engine_openssl.c +++ b/crypto/engine/engine_openssl.c @@ -62,11 +62,6 @@ #include "cryptlib.h" #include #include -#include -#include -#include -#include -#include /* This is the only function we need to implement as OpenSSL * doesn't have a native CRT mod_exp. Perhaps this should be @@ -88,9 +83,15 @@ ENGINE *ENGINE_openssl() return NULL; if(!ENGINE_set_id(ret, engine_openssl_id) || !ENGINE_set_name(ret, engine_openssl_name) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) || +#endif +#ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) || +#endif +#ifndef OPENSSL_NO_DH !ENGINE_set_DH(ret, DH_get_default_openssl_method()) || +#endif !ENGINE_set_RAND(ret, RAND_SSLeay()) || !ENGINE_set_BN_mod_exp(ret, BN_mod_exp) || !ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt)) diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c index 8bf702aac0..5deb2c4382 100644 --- a/crypto/engine/hw_atalla.c +++ b/crypto/engine/hw_atalla.c @@ -79,12 +79,15 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); +#ifndef OPENSSL_NO_RSA /* RSA stuff */ static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#ifndef OPENSSL_NO_DSA /* DSA stuff */ static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, @@ -92,12 +95,15 @@ static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif +#ifndef OPENSSL_NO_DH /* DH stuff */ /* This function is alised to mod_exp (with the DH and mont dropped). */ static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif /* The definitions for control commands specific to this engine */ #define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE @@ -109,6 +115,7 @@ static const ENGINE_CMD_DEFN atalla_cmd_defns[] = { {0, NULL, NULL, 0} }; +#ifndef OPENSSL_NO_RSA /* Our internal RSA_METHOD that we provide pointers to */ static RSA_METHOD atalla_rsa = { @@ -126,7 +133,9 @@ static RSA_METHOD atalla_rsa = NULL, NULL }; +#endif +#ifndef OPENSSL_NO_DSA /* Our internal DSA_METHOD that we provide pointers to */ static DSA_METHOD atalla_dsa = { @@ -141,7 +150,9 @@ static DSA_METHOD atalla_dsa = 0, /* flags */ NULL /* app_data */ }; +#endif +#ifndef OPENSSL_NO_DH /* Our internal DH_METHOD that we provide pointers to */ static DH_METHOD atalla_dh = { @@ -154,6 +165,7 @@ static DH_METHOD atalla_dh = 0, NULL }; +#endif /* Constants used when creating the ENGINE */ static const char *engine_atalla_id = "atalla"; @@ -163,17 +175,29 @@ static const char *engine_atalla_name = "Atalla hardware engine support"; * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_atalla() { +#ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; +#endif +#ifndef OPENSSL_NO_DSA const DSA_METHOD *meth2; +#endif +#ifndef OPENSSL_NO_DH const DH_METHOD *meth3; +#endif ENGINE *ret = ENGINE_new(); if(!ret) return NULL; if(!ENGINE_set_id(ret, engine_atalla_id) || !ENGINE_set_name(ret, engine_atalla_name) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(ret, &atalla_rsa) || +#endif +#ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(ret, &atalla_dsa) || +#endif +#ifndef OPENSSL_NO_DH !ENGINE_set_DH(ret, &atalla_dh) || +#endif !ENGINE_set_BN_mod_exp(ret, atalla_mod_exp) || !ENGINE_set_init_function(ret, atalla_init) || !ENGINE_set_finish_function(ret, atalla_finish) || @@ -184,6 +208,7 @@ ENGINE *ENGINE_atalla() return NULL; } +#ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the atalla-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or @@ -196,18 +221,23 @@ ENGINE *ENGINE_atalla() atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec; atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc; atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec; +#endif +#ifndef OPENSSL_NO_DSA /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish * bits. */ meth2 = DSA_OpenSSL(); atalla_dsa.dsa_do_sign = meth2->dsa_do_sign; atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup; atalla_dsa.dsa_do_verify = meth2->dsa_do_verify; +#endif +#ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth3 = DH_OpenSSL(); atalla_dh.generate_key = meth3->generate_key; atalla_dh.compute_key = meth3->compute_key; +#endif return ret; } @@ -405,6 +435,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED); goto err; } + /* Convert the response */ BN_bin2bn((unsigned char *)result->d, numbytes, r); to_return = 1; @@ -413,6 +444,7 @@ err: return to_return; } +#ifndef OPENSSL_NO_RSA static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { BN_CTX *ctx = NULL; @@ -436,7 +468,9 @@ err: BN_CTX_free(ctx); return to_return; } +#endif +#ifndef OPENSSL_NO_DSA /* This code was liberated and adapted from the commented-out code in * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration * (it doesn't have a CRT form for RSA), this function means that an @@ -464,13 +498,13 @@ end: return to_return; } - static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return atalla_mod_exp(r, a, p, m, ctx); } +#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -479,6 +513,7 @@ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return atalla_mod_exp(r, a, p, m, ctx); } +#ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -486,6 +521,7 @@ static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, { return atalla_mod_exp(r, a, p, m, ctx); } +#endif #endif /* !OPENSSL_NO_HW_ATALLA */ #endif /* !OPENSSL_NO_HW */ diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 15983525e1..5471dbe501 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -94,22 +94,28 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); +#ifndef OPENSSL_NO_RSA /* RSA stuff */ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#ifndef OPENSSL_NO_DSA /* DSA stuff */ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); +#endif +#ifndef OPENSSL_NO_DH /* DH stuff */ /* This function is alised to mod_exp (with the DH and mont dropped). */ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif /* The definitions for control commands specific to this engine */ #define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE @@ -121,6 +127,7 @@ static const ENGINE_CMD_DEFN cswift_cmd_defns[] = { {0, NULL, NULL, 0} }; +#ifndef OPENSSL_NO_RSA /* Our internal RSA_METHOD that we provide pointers to */ static RSA_METHOD cswift_rsa = { @@ -138,7 +145,9 @@ static RSA_METHOD cswift_rsa = NULL, NULL }; +#endif +#ifndef OPENSSL_NO_DSA /* Our internal DSA_METHOD that we provide pointers to */ static DSA_METHOD cswift_dsa = { @@ -153,7 +162,9 @@ static DSA_METHOD cswift_dsa = 0, /* flags */ NULL /* app_data */ }; +#endif +#ifndef OPENSSL_NO_DH /* Our internal DH_METHOD that we provide pointers to */ static DH_METHOD cswift_dh = { @@ -166,6 +177,7 @@ static DH_METHOD cswift_dh = 0, NULL }; +#endif /* Constants used when creating the ENGINE */ static const char *engine_cswift_id = "cswift"; @@ -175,16 +187,26 @@ static const char *engine_cswift_name = "CryptoSwift hardware engine support"; * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_cswift() { +#ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; +#endif +#ifndef OPENSSL_NO_DH const DH_METHOD *meth2; +#endif ENGINE *ret = ENGINE_new(); if(!ret) return NULL; if(!ENGINE_set_id(ret, engine_cswift_id) || !ENGINE_set_name(ret, engine_cswift_name) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(ret, &cswift_rsa) || +#endif +#ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(ret, &cswift_dsa) || +#endif +#ifndef OPENSSL_NO_DH !ENGINE_set_DH(ret, &cswift_dh) || +#endif !ENGINE_set_BN_mod_exp(ret, &cswift_mod_exp) || !ENGINE_set_BN_mod_exp_crt(ret, &cswift_mod_exp_crt) || !ENGINE_set_init_function(ret, cswift_init) || @@ -196,6 +218,7 @@ ENGINE *ENGINE_cswift() return NULL; } +#ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the cswift-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or @@ -208,11 +231,14 @@ ENGINE *ENGINE_cswift() cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec; cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc; cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec; +#endif +#ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth2 = DH_OpenSSL(); cswift_dh.generate_key = meth2->generate_key; cswift_dh.compute_key = meth2->compute_key; +#endif return ret; } @@ -572,6 +598,7 @@ err: return to_return; } +#ifndef OPENSSL_NO_RSA static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { BN_CTX *ctx; @@ -591,6 +618,7 @@ err: BN_CTX_free(ctx); return to_return; } +#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -599,6 +627,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return cswift_mod_exp(r, a, p, m, ctx); } +#ifndef OPENSSL_NO_DSA static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) { SW_CONTEXT_HANDLE hac; @@ -823,7 +852,9 @@ err: } return to_return; } +#endif +#ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -831,6 +862,7 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, { return cswift_mod_exp(r, a, p, m, ctx); } +#endif #endif /* !OPENSSL_NO_HW_CSWIFT */ #endif /* !OPENSSL_NO_HW */ diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c index dc645d554b..597471ff58 100644 --- a/crypto/engine/hw_ncipher.c +++ b/crypto/engine/hw_ncipher.c @@ -95,8 +95,10 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); +#ifndef OPENSSL_NO_RSA /* RSA stuff */ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); +#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -146,6 +148,7 @@ static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = { {0, NULL, NULL, 0} }; +#ifndef OPENSSL_NO_RSA /* Our internal RSA_METHOD that we provide pointers to */ static RSA_METHOD hwcrhk_rsa = { @@ -163,7 +166,9 @@ static RSA_METHOD hwcrhk_rsa = NULL, NULL }; +#endif +#ifndef OPENSSL_NO_DH /* Our internal DH_METHOD that we provide pointers to */ static DH_METHOD hwcrhk_dh = { @@ -176,6 +181,7 @@ static DH_METHOD hwcrhk_dh = 0, NULL }; +#endif static RAND_METHOD hwcrhk_rand = { @@ -294,15 +300,23 @@ static HWCryptoHook_InitInfo hwcrhk_globals = { * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_ncipher() { +#ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; +#endif +#ifndef OPENSSL_NO_DH const DH_METHOD *meth2; +#endif ENGINE *ret = ENGINE_new(); if(!ret) return NULL; if(!ENGINE_set_id(ret, engine_hwcrhk_id) || !ENGINE_set_name(ret, engine_hwcrhk_name) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(ret, &hwcrhk_rsa) || +#endif +#ifndef OPENSSL_NO_DH !ENGINE_set_DH(ret, &hwcrhk_dh) || +#endif !ENGINE_set_RAND(ret, &hwcrhk_rand) || !ENGINE_set_BN_mod_exp(ret, hwcrhk_mod_exp) || !ENGINE_set_init_function(ret, hwcrhk_init) || @@ -316,6 +330,7 @@ ENGINE *ENGINE_ncipher() return NULL; } +#ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the cswift-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or @@ -328,11 +343,14 @@ ENGINE *ENGINE_ncipher() hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; +#endif +#ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth2 = DH_OpenSSL(); hwcrhk_dh.generate_key = meth2->generate_key; hwcrhk_dh.compute_key = meth2->compute_key; +#endif return ret; } @@ -343,18 +361,24 @@ ENGINE *ENGINE_ncipher() * implicitly. */ static DSO *hwcrhk_dso = NULL; static HWCryptoHook_ContextHandle hwcrhk_context = 0; -static int hndidx = -1; /* Index for KM handle. Not really used yet. */ +#ifndef OPENSSL_NO_RSA +static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */ +#endif /* These are the function pointers that are (un)set when the library has * successfully (un)loaded. */ static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL; static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL; static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL; +#ifndef OPENSSL_NO_RSA static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL; +#endif static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL; +#ifndef OPENSSL_NO_RSA static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL; static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL; static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; +#endif static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; /* Used in the DSO operations. */ @@ -363,11 +387,15 @@ static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME; static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; +#ifndef OPENSSL_NO_RSA static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA"; +#endif static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes"; +#ifndef OPENSSL_NO_RSA static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey"; static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey"; static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey"; +#endif static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT"; /* HWCryptoHook library functions and mechanics - these are used by the @@ -403,10 +431,12 @@ static int hwcrhk_init(ENGINE *e) HWCryptoHook_Init_t *p1; HWCryptoHook_Finish_t *p2; HWCryptoHook_ModExp_t *p3; +#ifndef OPENSSL_NO_RSA HWCryptoHook_RSA_t *p4; HWCryptoHook_RSALoadKey_t *p5; HWCryptoHook_RSAGetPublicKey_t *p6; HWCryptoHook_RSAUnloadKey_t *p7; +#endif HWCryptoHook_RandomBytes_t *p8; HWCryptoHook_ModExpCRT_t *p9; @@ -428,6 +458,7 @@ static int hwcrhk_init(ENGINE *e) DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || !(p3 = (HWCryptoHook_ModExp_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || +#ifndef OPENSSL_NO_RSA !(p4 = (HWCryptoHook_RSA_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || !(p5 = (HWCryptoHook_RSALoadKey_t *) @@ -436,6 +467,7 @@ static int hwcrhk_init(ENGINE *e) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || !(p7 = (HWCryptoHook_RSAUnloadKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || +#endif !(p8 = (HWCryptoHook_RandomBytes_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || !(p9 = (HWCryptoHook_ModExpCRT_t *) @@ -448,10 +480,12 @@ static int hwcrhk_init(ENGINE *e) p_hwcrhk_Init = p1; p_hwcrhk_Finish = p2; p_hwcrhk_ModExp = p3; +#ifndef OPENSSL_NO_RSA p_hwcrhk_RSA = p4; p_hwcrhk_RSALoadKey = p5; p_hwcrhk_RSAGetPublicKey = p6; p_hwcrhk_RSAUnloadKey = p7; +#endif p_hwcrhk_RandomBytes = p8; p_hwcrhk_ModExpCRT = p9; @@ -476,10 +510,12 @@ static int hwcrhk_init(ENGINE *e) goto err; } /* Everything's fine. */ - if (hndidx == -1) - hndidx = RSA_get_ex_new_index(0, +#ifndef OPENSSL_NO_RSA + if (hndidx_rsa == -1) + hndidx_rsa = RSA_get_ex_new_index(0, "nFast HWCryptoHook RSA key handle", NULL, NULL, hwcrhk_ex_free); +#endif return 1; err: if(hwcrhk_dso) @@ -488,10 +524,12 @@ err: p_hwcrhk_Init = NULL; p_hwcrhk_Finish = NULL; p_hwcrhk_ModExp = NULL; +#ifndef OPENSSL_NO_RSA p_hwcrhk_RSA = NULL; p_hwcrhk_RSALoadKey = NULL; p_hwcrhk_RSAGetPublicKey = NULL; p_hwcrhk_RSAUnloadKey = NULL; +#endif p_hwcrhk_ModExpCRT = NULL; p_hwcrhk_RandomBytes = NULL; return 0; @@ -520,10 +558,12 @@ static int hwcrhk_finish(ENGINE *e) p_hwcrhk_Init = NULL; p_hwcrhk_Finish = NULL; p_hwcrhk_ModExp = NULL; +#ifndef OPENSSL_NO_RSA p_hwcrhk_RSA = NULL; p_hwcrhk_RSALoadKey = NULL; p_hwcrhk_RSAGetPublicKey = NULL; p_hwcrhk_RSAUnloadKey = NULL; +#endif p_hwcrhk_ModExpCRT = NULL; p_hwcrhk_RandomBytes = NULL; return to_return; @@ -613,11 +653,17 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, const char *passphrase) { +#ifndef OPENSSL_NO_RSA RSA *rtmp = NULL; +#endif EVP_PKEY *res = NULL; +#ifndef OPENSSL_NO_RSA HWCryptoHook_MPI e, n; HWCryptoHook_RSAKeyHandle *hptr; +#endif +#if !defined(OPENSSL_NO_RSA) HWCryptoHook_ErrMsgBuf rmsg; +#endif if(!hwcrhk_context) { @@ -625,6 +671,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, ENGINE_R_NOT_INITIALISED); goto err; } +#ifndef OPENSSL_NO_RSA hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); if (!hptr) { @@ -646,8 +693,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, ENGINE_R_NO_KEY); goto err; } +#endif +#ifndef OPENSSL_NO_RSA rtmp = RSA_new_method(eng); - RSA_set_ex_data(rtmp, hndidx, (char *)hptr); + RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr); rtmp->e = BN_new(); rtmp->n = BN_new(); rtmp->flags |= RSA_FLAG_EXT_PKEY; @@ -660,7 +709,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, ERR_add_error_data(1,rmsg.buf); goto err; } - + bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG)); bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG)); MPI2BN(rtmp->e, e); @@ -680,24 +729,36 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, res = EVP_PKEY_new(); EVP_PKEY_assign_RSA(res, rtmp); +#endif + + if (!res) + ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, + ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED); return res; err: if (res) EVP_PKEY_free(res); +#ifndef OPENSSL_NO_RSA if (rtmp) RSA_free(rtmp); +#endif return NULL; } static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, const char *passphrase) { - EVP_PKEY *res = hwcrhk_load_privkey(eng, key_id, passphrase); + EVP_PKEY *res = NULL; + +#ifndef OPENSSL_NO_RSA + res = hwcrhk_load_privkey(eng, key_id, passphrase); +#endif if (res) switch(res->type) { +#ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: { RSA *rsa = NULL; @@ -710,6 +771,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); RSA_free(rsa); } +#endif default: ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); @@ -779,7 +841,8 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, err: return to_return; } - + +#ifndef OPENSSL_NO_RSA static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) { char tempbuf[1024]; @@ -796,7 +859,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) /* This provides support for nForce keys. Since that's opaque data all we do is provide a handle to the proper key and let HWCryptoHook take care of the rest. */ - if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx)) + if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa)) != NULL) { HWCryptoHook_MPI m_a, m_r; @@ -894,6 +957,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) err: return to_return; } +#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -961,16 +1025,24 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, { char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; +#ifndef OPENSSL_NO_RSA HWCryptoHook_RSAKeyHandle *hptr; +#endif +#if !defined(OPENSSL_NO_RSA) int ret; +#endif rmsg.buf = tempbuf; rmsg.size = 1024; +#ifndef OPENSSL_NO_RSA hptr = (HWCryptoHook_RSAKeyHandle *) item; - if(!hptr) return; - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); - OPENSSL_free(hptr); + if(hptr) + { + ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); + OPENSSL_free(hptr); + } +#endif } /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model diff --git a/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c index d5697dade6..06eafa7176 100644 --- a/crypto/engine/hw_nuron.c +++ b/crypto/engine/hw_nuron.c @@ -164,11 +164,14 @@ static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p, return pfnModExp(r,a,p,m); } +#ifndef OPENSSL_NO_RSA static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL); } +#endif +#ifndef OPENSSL_NO_DSA /* This code was liberated and adapted from the commented-out code in * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration * (it doesn't have a CRT form for RSA), this function means that an @@ -206,6 +209,7 @@ static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, { return nuron_mod_exp(r, a, p, m, ctx); } +#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -214,6 +218,7 @@ static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return nuron_mod_exp(r, a, p, m, ctx); } +#ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -221,7 +226,9 @@ static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r, { return nuron_mod_exp(r, a, p, m, ctx); } +#endif +#ifndef OPENSSL_NO_RSA static RSA_METHOD nuron_rsa = { "Nuron RSA method", @@ -238,7 +245,9 @@ static RSA_METHOD nuron_rsa = NULL, NULL }; +#endif +#ifndef OPENSSL_NO_DSA static DSA_METHOD nuron_dsa = { "Nuron DSA method", @@ -252,7 +261,9 @@ static DSA_METHOD nuron_dsa = 0, /* flags */ NULL /* app_data */ }; +#endif +#ifndef OPENSSL_NO_DH static DH_METHOD nuron_dh = { "Nuron DH method", @@ -264,6 +275,7 @@ static DH_METHOD nuron_dh = 0, NULL }; +#endif /* Constants used when creating the ENGINE */ static const char *engine_nuron_id = "nuron"; @@ -273,17 +285,29 @@ static const char *engine_nuron_name = "Nuron hardware engine support"; * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_nuron() { +#ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; +#endif +#ifndef OPENSSL_NO_DSA const DSA_METHOD *meth2; +#endif +#ifndef OPENSSL_NO_DH const DH_METHOD *meth3; +#endif ENGINE *ret = ENGINE_new(); if(!ret) return NULL; if(!ENGINE_set_id(ret, engine_nuron_id) || !ENGINE_set_name(ret, engine_nuron_name) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(ret, &nuron_rsa) || +#endif +#ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(ret, &nuron_dsa) || +#endif +#ifndef OPENSSL_NO_DH !ENGINE_set_DH(ret, &nuron_dh) || +#endif !ENGINE_set_BN_mod_exp(ret, nuron_mod_exp) || !ENGINE_set_init_function(ret, nuron_init) || !ENGINE_set_finish_function(ret, nuron_finish) || @@ -294,6 +318,7 @@ ENGINE *ENGINE_nuron() return NULL; } +#ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the nuron-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or @@ -306,18 +331,23 @@ ENGINE *ENGINE_nuron() nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec; nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc; nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec; +#endif +#ifndef OPENSSL_NO_DSA /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish * bits. */ meth2=DSA_OpenSSL(); nuron_dsa.dsa_do_sign=meth2->dsa_do_sign; nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup; nuron_dsa.dsa_do_verify=meth2->dsa_do_verify; +#endif +#ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth3=DH_OpenSSL(); nuron_dh.generate_key=meth3->generate_key; nuron_dh.compute_key=meth3->compute_key; +#endif return ret; } diff --git a/crypto/engine/hw_ubsec.c b/crypto/engine/hw_ubsec.c index d948135568..ca14d36c76 100644 --- a/crypto/engine/hw_ubsec.c +++ b/crypto/engine/hw_ubsec.c @@ -81,9 +81,12 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dp, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx); +#ifndef OPENSSL_NO_RSA static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +#endif static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#ifndef OPENSSL_NO_DSA #if NOT_USED static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, @@ -95,11 +98,14 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); +#endif +#ifndef OPENSSL_NO_DH static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); static int ubsec_dh_generate_key(DH *dh); +#endif #if NOT_USED static int ubsec_rand_bytes(unsigned char *buf, int num); @@ -115,8 +121,8 @@ static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = { {0, NULL, NULL, 0} }; +#ifndef OPENSSL_NO_RSA /* Our internal RSA_METHOD that we provide pointers to */ - static RSA_METHOD ubsec_rsa = { "UBSEC RSA method", @@ -133,7 +139,9 @@ static RSA_METHOD ubsec_rsa = NULL, NULL }; +#endif +#ifndef OPENSSL_NO_DSA /* Our internal DSA_METHOD that we provide pointers to */ static DSA_METHOD ubsec_dsa = { @@ -148,7 +156,9 @@ static DSA_METHOD ubsec_dsa = 0, /* flags */ NULL /* app_data */ }; +#endif +#ifndef OPENSSL_NO_DH /* Our internal DH_METHOD that we provide pointers to */ static DH_METHOD ubsec_dh = { @@ -161,6 +171,7 @@ static DH_METHOD ubsec_dh = 0, NULL }; +#endif /* Constants used when creating the ENGINE */ static const char *engine_ubsec_id = "ubsec"; @@ -170,18 +181,28 @@ static const char *engine_ubsec_name = "UBSEC hardware engine support"; * (indeed - the lock will already be held by our caller!!!) */ ENGINE *ENGINE_ubsec() { +#ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; +#endif +#ifndef OPENSSL_NO_DH #ifndef HAVE_UBSEC_DH const DH_METHOD *meth3; #endif /* HAVE_UBSEC_DH */ +#endif ENGINE *ret = ENGINE_new(); if(!ret) return NULL; if(!ENGINE_set_id(ret, engine_ubsec_id) || !ENGINE_set_name(ret, engine_ubsec_name) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(ret, &ubsec_rsa) || +#endif +#ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(ret, &ubsec_dsa) || +#endif +#ifndef OPENSSL_NO_DH !ENGINE_set_DH(ret, &ubsec_dh) || +#endif !ENGINE_set_BN_mod_exp(ret, ubsec_mod_exp) || !ENGINE_set_BN_mod_exp_crt(ret, ubsec_mod_exp_crt) || !ENGINE_set_init_function(ret, ubsec_init) || @@ -193,6 +214,7 @@ ENGINE *ENGINE_ubsec() return NULL; } +#ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the Broadcom-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or @@ -205,13 +227,16 @@ ENGINE *ENGINE_ubsec() ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec; ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc; ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec; +#endif +#ifndef OPENSSL_NO_DH #ifndef HAVE_UBSEC_DH /* Much the same for Diffie-Hellman */ meth3 = DH_OpenSSL(); ubsec_dh.generate_key = meth3->generate_key; ubsec_dh.compute_key = meth3->compute_key; #endif /* HAVE_UBSEC_DH */ +#endif return ret; } @@ -231,13 +256,19 @@ static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL; static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL; static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL; static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL; +#ifndef OPENSSL_NO_DH static t_UBSEC_diffie_hellman_generate_ioctl *p_UBSEC_diffie_hellman_generate_ioctl = NULL; static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL; +#endif +/* #ifndef OPENSSL_NO_RSA */ static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL; static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; +/* #endif */ +#ifndef OPENSSL_NO_DSA static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL; static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL; +#endif static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL; static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL; @@ -251,12 +282,18 @@ static const char *UBSEC_F1 = "ubsec_bytes_to_bits"; static const char *UBSEC_F2 = "ubsec_bits_to_bytes"; static const char *UBSEC_F3 = "ubsec_open"; static const char *UBSEC_F4 = "ubsec_close"; +#ifndef OPENSSL_NO_DH static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl"; static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl"; +#endif +/* #ifndef OPENSSL_NO_RSA */ static const char *UBSEC_F7 = "rsa_mod_exp_ioctl"; static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl"; +/* #endif */ +#ifndef OPENSSL_NO_DSA static const char *UBSEC_F9 = "dsa_sign_ioctl"; static const char *UBSEC_F10 = "dsa_verify_ioctl"; +#endif static const char *UBSEC_F11 = "math_accelerate_ioctl"; static const char *UBSEC_F12 = "rng_ioctl"; @@ -267,12 +304,18 @@ static int ubsec_init(ENGINE *e) t_UBSEC_ubsec_bits_to_bytes *p2; t_UBSEC_ubsec_open *p3; t_UBSEC_ubsec_close *p4; +#ifndef OPENSSL_NO_DH t_UBSEC_diffie_hellman_generate_ioctl *p5; t_UBSEC_diffie_hellman_agree_ioctl *p6; +#endif +/* #ifndef OPENSSL_NO_RSA */ t_UBSEC_rsa_mod_exp_ioctl *p7; t_UBSEC_rsa_mod_exp_crt_ioctl *p8; +/* #endif */ +#ifndef OPENSSL_NO_DSA t_UBSEC_dsa_sign_ioctl *p9; t_UBSEC_dsa_verify_ioctl *p10; +#endif t_UBSEC_math_accelerate_ioctl *p11; t_UBSEC_rng_ioctl *p12; int fd = 0; @@ -297,14 +340,20 @@ static int ubsec_init(ENGINE *e) !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) || !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) || !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) || +#ifndef OPENSSL_NO_DH !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F5)) || !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F6)) || +#endif +/* #ifndef OPENSSL_NO_RSA */ !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) || !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) || +/* #endif */ +#ifndef OPENSSL_NO_DSA !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) || !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) || +#endif !(p11 = (t_UBSEC_math_accelerate_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F11)) || !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12))) @@ -318,12 +367,18 @@ static int ubsec_init(ENGINE *e) p_UBSEC_ubsec_bits_to_bytes = p2; p_UBSEC_ubsec_open = p3; p_UBSEC_ubsec_close = p4; +#ifndef OPENSSL_NO_DH p_UBSEC_diffie_hellman_generate_ioctl = p5; p_UBSEC_diffie_hellman_agree_ioctl = p6; +#endif +#ifndef OPENSSL_NO_RSA p_UBSEC_rsa_mod_exp_ioctl = p7; p_UBSEC_rsa_mod_exp_crt_ioctl = p8; +#endif +#ifndef OPENSSL_NO_DSA p_UBSEC_dsa_sign_ioctl = p9; p_UBSEC_dsa_verify_ioctl = p10; +#endif p_UBSEC_math_accelerate_ioctl = p11; p_UBSEC_rng_ioctl = p12; @@ -345,12 +400,18 @@ err: p_UBSEC_ubsec_bits_to_bytes = NULL; p_UBSEC_ubsec_open = NULL; p_UBSEC_ubsec_close = NULL; +#ifndef OPENSSL_NO_DH p_UBSEC_diffie_hellman_generate_ioctl = NULL; p_UBSEC_diffie_hellman_agree_ioctl = NULL; +#endif +#ifndef OPENSSL_NO_RSA p_UBSEC_rsa_mod_exp_ioctl = NULL; p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; +#endif +#ifndef OPENSSL_NO_DSA p_UBSEC_dsa_sign_ioctl = NULL; p_UBSEC_dsa_verify_ioctl = NULL; +#endif p_UBSEC_math_accelerate_ioctl = NULL; p_UBSEC_rng_ioctl = NULL; @@ -374,12 +435,18 @@ static int ubsec_finish(ENGINE *e) p_UBSEC_ubsec_bits_to_bytes = NULL; p_UBSEC_ubsec_open = NULL; p_UBSEC_ubsec_close = NULL; +#ifndef OPENSSL_NO_DH p_UBSEC_diffie_hellman_generate_ioctl = NULL; p_UBSEC_diffie_hellman_agree_ioctl = NULL; +#endif +#ifndef OPENSSL_NO_RSA p_UBSEC_rsa_mod_exp_ioctl = NULL; p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; +#endif +#ifndef OPENSSL_NO_DSA p_UBSEC_dsa_sign_ioctl = NULL; p_UBSEC_dsa_verify_ioctl = NULL; +#endif p_UBSEC_math_accelerate_ioctl = NULL; p_UBSEC_rng_ioctl = NULL; return 1; @@ -456,6 +523,7 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return 1; } +#ifndef OPENSSL_NO_RSA static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { BN_CTX *ctx; @@ -485,6 +553,7 @@ err: BN_CTX_free(ctx); return to_return; } +#endif static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dp, @@ -532,6 +601,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return 1; } +#ifndef OPENSSL_NO_DSA #if NOT_USED static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, @@ -560,26 +630,33 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, return ubsec_mod_exp(r, a, p, m, ctx); } #endif +#endif /* * This function is aliased to mod_exp (with the mont stuff dropped). */ static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ + { int ret = 0; +#ifndef OPENSSL_NO_RSA /* Do in software if the key is too large for the hardware. */ - if (BN_num_bits(m) > 1024) { + if (BN_num_bits(m) > 1024) + { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx); - } else { + } + else +#endif + { ret = ubsec_mod_exp(r, a, p, m, ctx); - } + } return ret; -} + } +#ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, @@ -587,7 +664,9 @@ static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, { return ubsec_mod_exp(r, a, p, m, ctx); } +#endif +#ifndef OPENSSL_NO_DSA static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { DSA_SIG *to_return = NULL; @@ -701,7 +780,9 @@ err: BN_clear_free(&v); return to_return; } +#endif +#ifndef OPENSSL_NO_DSA static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh) { return 0; @@ -711,6 +792,7 @@ static int ubsec_dh_generate_key (DH *dh) { return 0; } +#endif #ifdef NOT_USED static int ubsec_rand_bytes(unsigned char *buf, int num)