mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-24 02:23:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable

Browse Source 
appropriate code if any of them is defined.
This commit is contained in:
Richard Levitte 2001-04-26 15:45:12 +00:00
parent 3caff6092a
commit 9e78e6c3f8
10 changed files with 363 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
crypto/engine/engine.h
View File

@ -60,9 +60,15 @@
#define HEADER_ENGINE_H
#include <openssl/bn.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/symhacks.h>
@ -71,6 +77,17 @@
extern "C" {
#endif
/* Fixups for missing algorithms */
#ifdef OPENSSL_NO_RSA
typedef void RSA_METHOD;
#endif
#ifdef OPENSSL_NO_DSA
typedef void DSA_METHOD;
#endif
#ifdef OPENSSL_NO_DH
typedef void DH_METHOD;
#endif
/* These flags are used to control combinations of algorithm (methods)
* by bitwise "OR"ing. */
#define ENGINE_METHOD_RSA (unsigned int)0x0001
@ -442,6 +459,7 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
#define ENGINE_F_ENGINE_FINISH 107
#define ENGINE_F_ENGINE_FREE 108
#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
#define ENGINE_F_ENGINE_GET_NEXT 115
#define ENGINE_F_ENGINE_GET_PREV 116
#define ENGINE_F_ENGINE_INIT 119
@ -492,6 +510,8 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
#define ENGINE_R_CONFLICTING_ENGINE_ID 103
#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
#define ENGINE_R_DH_NOT_IMPLEMENTED 139
#define ENGINE_R_DSA_NOT_IMPLEMENTED 140
#define ENGINE_R_DSO_FAILURE 104
#define ENGINE_R_DSO_FUNCTION_NOT_FOUND 131
#define ENGINE_R_DSO_NOT_FOUND 132
@ -515,9 +535,11 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_NO_REFERENCE 130
#define ENGINE_R_NO_SUCH_ENGINE 116
#define ENGINE_R_NO_UNLOAD_FUNCTION 126
#define ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED 142
#define ENGINE_R_PROVIDE_PARAMETERS 113
#define ENGINE_R_REQUEST_FAILED 114
#define ENGINE_R_REQUEST_FALLBACK 118
#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122
#define ENGINE_R_UNIT_FAILURE 115

5
crypto/engine/engine_err.c
View File

@ -86,6 +86,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"},
{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
@ -139,6 +140,8 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"},
{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"},
{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"},
{ENGINE_R_DSO_FAILURE ,"DSO failure"},
{ENGINE_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"},
{ENGINE_R_DSO_NOT_FOUND ,"dso not found"},
@ -162,9 +165,11 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ENGINE_R_NO_REFERENCE ,"no reference"},
{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
{ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
{ENGINE_R_REQUEST_FAILED ,"request failed"},
{ENGINE_R_REQUEST_FALLBACK ,"request fallback"},
{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"},
{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
{ENGINE_R_UNIT_FAILURE ,"unit failure"},
{0,NULL}

42
crypto/engine/engine_lib.c
View File

@ -67,9 +67,15 @@
* reference and the caller is responsible for freeing that when they
* are finished with it (with a call to ENGINE_finish() *NOT* just
* ENGINE_free()!!!!!!). */
#ifndef OPENSSL_NO_RSA
static ENGINE *engine_def_rsa = NULL;
#endif
#ifndef OPENSSL_NO_DSA
static ENGINE *engine_def_dsa = NULL;
#endif
#ifndef OPENSSL_NO_DH
static ENGINE *engine_def_dh = NULL;
#endif
static ENGINE *engine_def_rand = NULL;
static ENGINE *engine_def_bn_mod_exp = NULL;
static ENGINE *engine_def_bn_mod_exp_crt = NULL;
@ -125,9 +131,15 @@ static void engine_def_check(void)
goto skip_set_defaults;
/* OK, we got a functional reference, so we get one each
* for the defaults too. */
#ifndef OPENSSL_NO_RSA
engine_def_check_util(&engine_def_rsa, e);
#endif
#ifndef OPENSSL_NO_RSA
engine_def_check_util(&engine_def_dsa, e);
#endif
#ifndef OPENSSL_NO_DH
engine_def_check_util(&engine_def_dh, e);
#endif
engine_def_check_util(&engine_def_rand, e);
engine_def_check_util(&engine_def_bn_mod_exp, e);
engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
@ -590,12 +602,18 @@ static ENGINE *engine_get_default_type(ENGINE_TYPE t)
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
#ifndef OPENSSL_NO_RSA
case ENGINE_TYPE_RSA:
ret = engine_def_rsa; break;
#endif
#ifndef OPENSSL_NO_DSA
case ENGINE_TYPE_DSA:
ret = engine_def_dsa; break;
#endif
#ifndef OPENSSL_NO_DH
case ENGINE_TYPE_DH:
ret = engine_def_dh; break;
#endif
case ENGINE_TYPE_RAND:
ret = engine_def_rand; break;
case ENGINE_TYPE_BN_MOD_EXP:
@ -615,20 +633,26 @@ static ENGINE *engine_get_default_type(ENGINE_TYPE t)
return ret;
}
#ifndef OPENSSL_NO_RSA
ENGINE *ENGINE_get_default_RSA(void)
{
return engine_get_default_type(ENGINE_TYPE_RSA);
}
#endif
#ifndef OPENSSL_NO_DSA
ENGINE *ENGINE_get_default_DSA(void)
{
return engine_get_default_type(ENGINE_TYPE_DSA);
}
#endif
#ifndef OPENSSL_NO_DH
ENGINE *ENGINE_get_default_DH(void)
{
return engine_get_default_type(ENGINE_TYPE_DH);
}
#endif
ENGINE *ENGINE_get_default_RAND(void)
{
@ -671,15 +695,21 @@ static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
#ifndef OPENSSL_NO_RSA
case ENGINE_TYPE_RSA:
old = engine_def_rsa;
engine_def_rsa = e; break;
#endif
#ifndef OPENSSL_NO_DSA
case ENGINE_TYPE_DSA:
old = engine_def_dsa;
engine_def_dsa = e; break;
#endif
#ifndef OPENSSL_NO_DH
case ENGINE_TYPE_DH:
old = engine_def_dh;
engine_def_dh = e; break;
#endif
case ENGINE_TYPE_RAND:
old = engine_def_rand;
engine_def_rand = e; break;
@ -702,20 +732,26 @@ static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
return 1;
}
#ifndef OPENSSL_NO_RSA
int ENGINE_set_default_RSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_RSA, e);
}
#endif
#ifndef OPENSSL_NO_DSA
int ENGINE_set_default_DSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DSA, e);
}
#endif
#ifndef OPENSSL_NO_DH
int ENGINE_set_default_DH(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DH, e);
}
#endif
int ENGINE_set_default_RAND(ENGINE *e)
{
@ -734,15 +770,21 @@ int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
int ENGINE_set_default(ENGINE *e, unsigned int flags)
{
#ifndef OPENSSL_NO_RSA
if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
!ENGINE_set_default_RSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DSA
if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
!ENGINE_set_default_DSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DH
if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
!ENGINE_set_default_DH(e))
return 0;
#endif
if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
!ENGINE_set_default_RAND(e))
return 0;

18
crypto/engine/engine_list.c
View File

@ -402,20 +402,32 @@ int ENGINE_set_name(ENGINE *e, const char *name)
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
{
#ifndef OPENSSL_NO_RSA
e->rsa_meth = rsa_meth;
return 1;
#else
return 0;
#endif
}
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
{
#ifndef OPENSSL_NO_DSA
e->dsa_meth = dsa_meth;
return 1;
#else
return 0;
#endif
}
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
{
#ifndef OPENSSL_NO_DH
e->dh_meth = dh_meth;
return 1;
#else
return 0;
#endif
}
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
@ -482,9 +494,15 @@ int ENGINE_cpy(ENGINE *dest, const ENGINE *src)
{
if(ENGINE_set_id(dest, ENGINE_get_id(src)) &&
ENGINE_set_name(dest, ENGINE_get_name(src)) &&
#ifndef OPENSSL_NO_RSA
ENGINE_set_RSA(dest, ENGINE_get_RSA(src)) &&
#endif
#ifndef OPENSSL_NO_RSA
ENGINE_set_DSA(dest, ENGINE_get_DSA(src)) &&
#endif
#ifndef OPENSSL_NO_RSA
ENGINE_set_DH(dest, ENGINE_get_DH(src)) &&
#endif
ENGINE_set_RAND(dest, ENGINE_get_RAND(src)) &&
ENGINE_set_BN_mod_exp(dest,
ENGINE_get_BN_mod_exp(src)) &&

11
crypto/engine/engine_openssl.c
View File

@ -62,11 +62,6 @@
#include "cryptlib.h"
#include <openssl/engine.h>
#include <openssl/dso.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
/* This is the only function we need to implement as OpenSSL
* doesn't have a native CRT mod_exp. Perhaps this should be
@ -88,9 +83,15 @@ ENGINE *ENGINE_openssl()
return NULL;
if(!ENGINE_set_id(ret, engine_openssl_id) ||
!ENGINE_set_name(ret, engine_openssl_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, DH_get_default_openssl_method()) ||
#endif
!ENGINE_set_RAND(ret, RAND_SSLeay()) ||
!ENGINE_set_BN_mod_exp(ret, BN_mod_exp) ||
!ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt))

38
crypto/engine/hw_atalla.c
View File

@ -79,12 +79,15 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#ifndef OPENSSL_NO_DSA
/* DSA stuff */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
@ -92,12 +95,15 @@ static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
#endif
#ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#endif
/* The definitions for control commands specific to this engine */
#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
@ -109,6 +115,7 @@ static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
{0, NULL, NULL, 0}
};
#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD atalla_rsa =
{
@ -126,7 +133,9 @@ static RSA_METHOD atalla_rsa =
NULL,
NULL
};
#endif
#ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD atalla_dsa =
{
@ -141,7 +150,9 @@ static DSA_METHOD atalla_dsa =
0, /* flags */
NULL /* app_data */
};
#endif
#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD atalla_dh =
{
@ -154,6 +165,7 @@ static DH_METHOD atalla_dh =
0,
NULL
};
#endif
/* Constants used when creating the ENGINE */
static const char *engine_atalla_id = "atalla";
@ -163,17 +175,29 @@ static const char *engine_atalla_name = "Atalla hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_atalla()
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_atalla_id) ||
!ENGINE_set_name(ret, engine_atalla_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &atalla_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &atalla_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &atalla_dh) ||
#endif
!ENGINE_set_BN_mod_exp(ret, atalla_mod_exp) ||
!ENGINE_set_init_function(ret, atalla_init) ||
!ENGINE_set_finish_function(ret, atalla_finish) ||
@ -184,6 +208,7 @@ ENGINE *ENGINE_atalla()
return NULL;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the atalla-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@ -196,18 +221,23 @@ ENGINE *ENGINE_atalla()
atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
atalla_dh.generate_key = meth3->generate_key;
atalla_dh.compute_key = meth3->compute_key;
#endif
return ret;
}
@ -405,6 +435,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, numbytes, r);
to_return = 1;
@ -413,6 +444,7 @@ err:
return to_return;
}
#ifndef OPENSSL_NO_RSA
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx = NULL;
@ -436,7 +468,9 @@ err:
BN_CTX_free(ctx);
return to_return;
}
#endif
#ifndef OPENSSL_NO_DSA
/* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
* (it doesn't have a CRT form for RSA), this function means that an
@ -464,13 +498,13 @@ end:
return to_return;
}
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@ -479,6 +513,7 @@ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return atalla_mod_exp(r, a, p, m, ctx);
}
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
@ -486,6 +521,7 @@ static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
{
return atalla_mod_exp(r, a, p, m, ctx);
}
#endif
#endif /* !OPENSSL_NO_HW_ATALLA */
#endif /* !OPENSSL_NO_HW */

32
crypto/engine/hw_cswift.c
View File

@ -94,22 +94,28 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#ifndef OPENSSL_NO_DSA
/* DSA stuff */
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
#endif
#ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#endif
/* The definitions for control commands specific to this engine */
#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
@ -121,6 +127,7 @@ static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
{0, NULL, NULL, 0}
};
#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD cswift_rsa =
{
@ -138,7 +145,9 @@ static RSA_METHOD cswift_rsa =
NULL,
NULL
};
#endif
#ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD cswift_dsa =
{
@ -153,7 +162,9 @@ static DSA_METHOD cswift_dsa =
0, /* flags */
NULL /* app_data */
};
#endif
#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD cswift_dh =
{
@ -166,6 +177,7 @@ static DH_METHOD cswift_dh =
0,
NULL
};
#endif
/* Constants used when creating the ENGINE */
static const char *engine_cswift_id = "cswift";
@ -175,16 +187,26 @@ static const char *engine_cswift_name = "CryptoSwift hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_cswift()
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_cswift_id) ||
!ENGINE_set_name(ret, engine_cswift_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &cswift_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &cswift_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &cswift_dh) ||
#endif
!ENGINE_set_BN_mod_exp(ret, &cswift_mod_exp) ||
!ENGINE_set_BN_mod_exp_crt(ret, &cswift_mod_exp_crt) ||
!ENGINE_set_init_function(ret, cswift_init) ||
@ -196,6 +218,7 @@ ENGINE *ENGINE_cswift()
return NULL;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@ -208,11 +231,14 @@ ENGINE *ENGINE_cswift()
cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth2 = DH_OpenSSL();
cswift_dh.generate_key = meth2->generate_key;
cswift_dh.compute_key = meth2->compute_key;
#endif
return ret;
}
@ -572,6 +598,7 @@ err:
return to_return;
}
#ifndef OPENSSL_NO_RSA
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
@ -591,6 +618,7 @@ err:
BN_CTX_free(ctx);
return to_return;
}
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@ -599,6 +627,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return cswift_mod_exp(r, a, p, m, ctx);
}
#ifndef OPENSSL_NO_DSA
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
@ -823,7 +852,9 @@ err:
}
return to_return;
}
#endif
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
@ -831,6 +862,7 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
{
return cswift_mod_exp(r, a, p, m, ctx);
}
#endif
#endif /* !OPENSSL_NO_HW_CSWIFT */
#endif /* !OPENSSL_NO_HW */

94
crypto/engine/hw_ncipher.c
View File

@ -95,8 +95,10 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
@ -146,6 +148,7 @@ static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
{0, NULL, NULL, 0}
};
#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD hwcrhk_rsa =
{
@ -163,7 +166,9 @@ static RSA_METHOD hwcrhk_rsa =
NULL,
NULL
};
#endif
#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD hwcrhk_dh =
{
@ -176,6 +181,7 @@ static DH_METHOD hwcrhk_dh =
0,
NULL
};
#endif
static RAND_METHOD hwcrhk_rand =
{
@ -294,15 +300,23 @@ static HWCryptoHook_InitInfo hwcrhk_globals = {
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_ncipher()
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_hwcrhk_id) ||
!ENGINE_set_name(ret, engine_hwcrhk_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &hwcrhk_rsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &hwcrhk_dh) ||
#endif
!ENGINE_set_RAND(ret, &hwcrhk_rand) ||
!ENGINE_set_BN_mod_exp(ret, hwcrhk_mod_exp) ||
!ENGINE_set_init_function(ret, hwcrhk_init) ||
@ -316,6 +330,7 @@ ENGINE *ENGINE_ncipher()
return NULL;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@ -328,11 +343,14 @@ ENGINE *ENGINE_ncipher()
hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth2 = DH_OpenSSL();
hwcrhk_dh.generate_key = meth2->generate_key;
hwcrhk_dh.compute_key = meth2->compute_key;
#endif
return ret;
}
@ -343,18 +361,24 @@ ENGINE *ENGINE_ncipher()
* implicitly. */
static DSO *hwcrhk_dso = NULL;
static HWCryptoHook_ContextHandle hwcrhk_context = 0;
static int hndidx = -1; /* Index for KM handle. Not really used yet. */
#ifndef OPENSSL_NO_RSA
static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
#endif
/* These are the function pointers that are (un)set when the library has
* successfully (un)loaded. */
static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
#ifndef OPENSSL_NO_RSA
static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
#endif
static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
#ifndef OPENSSL_NO_RSA
static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
#endif
static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
/* Used in the DSO operations. */
@ -363,11 +387,15 @@ static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME;
static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
#ifndef OPENSSL_NO_RSA
static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
#endif
static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
#ifndef OPENSSL_NO_RSA
static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
#endif
static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
/* HWCryptoHook library functions and mechanics - these are used by the
@ -403,10 +431,12 @@ static int hwcrhk_init(ENGINE *e)
HWCryptoHook_Init_t *p1;
HWCryptoHook_Finish_t *p2;
HWCryptoHook_ModExp_t *p3;
#ifndef OPENSSL_NO_RSA
HWCryptoHook_RSA_t *p4;
HWCryptoHook_RSALoadKey_t *p5;
HWCryptoHook_RSAGetPublicKey_t *p6;
HWCryptoHook_RSAUnloadKey_t *p7;
#endif
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
@ -428,6 +458,7 @@ static int hwcrhk_init(ENGINE *e)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
!(p3 = (HWCryptoHook_ModExp_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
#ifndef OPENSSL_NO_RSA
!(p4 = (HWCryptoHook_RSA_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
!(p5 = (HWCryptoHook_RSALoadKey_t *)
@ -436,6 +467,7 @@ static int hwcrhk_init(ENGINE *e)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
#endif
!(p8 = (HWCryptoHook_RandomBytes_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
!(p9 = (HWCryptoHook_ModExpCRT_t *)
@ -448,10 +480,12 @@ static int hwcrhk_init(ENGINE *e)
p_hwcrhk_Init = p1;
p_hwcrhk_Finish = p2;
p_hwcrhk_ModExp = p3;
#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = p4;
p_hwcrhk_RSALoadKey = p5;
p_hwcrhk_RSAGetPublicKey = p6;
p_hwcrhk_RSAUnloadKey = p7;
#endif
p_hwcrhk_RandomBytes = p8;
p_hwcrhk_ModExpCRT = p9;
@ -476,10 +510,12 @@ static int hwcrhk_init(ENGINE *e)
goto err;
}
/* Everything's fine. */
if (hndidx == -1)
hndidx = RSA_get_ex_new_index(0,
#ifndef OPENSSL_NO_RSA
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, hwcrhk_ex_free);
#endif
return 1;
err:
if(hwcrhk_dso)
@ -488,10 +524,12 @@ err:
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
p_hwcrhk_ModExp = NULL;
#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = NULL;
p_hwcrhk_RSALoadKey = NULL;
p_hwcrhk_RSAGetPublicKey = NULL;
p_hwcrhk_RSAUnloadKey = NULL;
#endif
p_hwcrhk_ModExpCRT = NULL;
p_hwcrhk_RandomBytes = NULL;
return 0;
@ -520,10 +558,12 @@ static int hwcrhk_finish(ENGINE *e)
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
p_hwcrhk_ModExp = NULL;
#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = NULL;
p_hwcrhk_RSALoadKey = NULL;
p_hwcrhk_RSAGetPublicKey = NULL;
p_hwcrhk_RSAUnloadKey = NULL;
#endif
p_hwcrhk_ModExpCRT = NULL;
p_hwcrhk_RandomBytes = NULL;
return to_return;
@ -613,11 +653,17 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
const char *passphrase)
{
#ifndef OPENSSL_NO_RSA
RSA *rtmp = NULL;
#endif
EVP_PKEY *res = NULL;
#ifndef OPENSSL_NO_RSA
HWCryptoHook_MPI e, n;
HWCryptoHook_RSAKeyHandle *hptr;
#endif
#if !defined(OPENSSL_NO_RSA)
HWCryptoHook_ErrMsgBuf rmsg;
#endif
if(!hwcrhk_context)
{
@ -625,6 +671,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
ENGINE_R_NOT_INITIALISED);
goto err;
}
#ifndef OPENSSL_NO_RSA
hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
if (!hptr)
{
@ -646,8 +693,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
ENGINE_R_NO_KEY);
goto err;
}
#endif
#ifndef OPENSSL_NO_RSA
rtmp = RSA_new_method(eng);
RSA_set_ex_data(rtmp, hndidx, (char *)hptr);
RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
rtmp->e = BN_new();
rtmp->n = BN_new();
rtmp->flags |= RSA_FLAG_EXT_PKEY;
@ -660,7 +709,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
ERR_add_error_data(1,rmsg.buf);
goto err;
}
bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
MPI2BN(rtmp->e, e);
@ -680,24 +729,36 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rtmp);
#endif
if (!res)
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
return res;
err:
if (res)
EVP_PKEY_free(res);
#ifndef OPENSSL_NO_RSA
if (rtmp)
RSA_free(rtmp);
#endif
return NULL;
}
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
const char *passphrase)
{
EVP_PKEY *res = hwcrhk_load_privkey(eng, key_id, passphrase);
EVP_PKEY *res = NULL;
#ifndef OPENSSL_NO_RSA
res = hwcrhk_load_privkey(eng, key_id, passphrase);
#endif
if (res)
switch(res->type)
{
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
{
RSA *rsa = NULL;
@ -710,6 +771,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
RSA_free(rsa);
}
#endif
default:
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
@ -779,7 +841,8 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
err:
return to_return;
}
#ifndef OPENSSL_NO_RSA
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
{
char tempbuf[1024];
@ -796,7 +859,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
/* This provides support for nForce keys. Since that's opaque data
all we do is provide a handle to the proper key and let HWCryptoHook
take care of the rest. */
if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx))
if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
!= NULL)
{
HWCryptoHook_MPI m_a, m_r;
@ -894,6 +957,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
err:
return to_return;
}
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@ -961,16 +1025,24 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
{
char tempbuf[1024];
HWCryptoHook_ErrMsgBuf rmsg;
#ifndef OPENSSL_NO_RSA
HWCryptoHook_RSAKeyHandle *hptr;
#endif
#if !defined(OPENSSL_NO_RSA)
int ret;
#endif
rmsg.buf = tempbuf;
rmsg.size = 1024;
#ifndef OPENSSL_NO_RSA
hptr = (HWCryptoHook_RSAKeyHandle *) item;
if(!hptr) return;
ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
OPENSSL_free(hptr);
if(hptr)
{
ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
OPENSSL_free(hptr);
}
#endif
}
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model

30
crypto/engine/hw_nuron.c
View File

@ -164,11 +164,14 @@ static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
return pfnModExp(r,a,p,m);
}
#ifndef OPENSSL_NO_RSA
static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
}
#endif
#ifndef OPENSSL_NO_DSA
/* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
* (it doesn't have a CRT form for RSA), this function means that an
@ -206,6 +209,7 @@ static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
{
return nuron_mod_exp(r, a, p, m, ctx);
}
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@ -214,6 +218,7 @@ static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return nuron_mod_exp(r, a, p, m, ctx);
}
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
@ -221,7 +226,9 @@ static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
{
return nuron_mod_exp(r, a, p, m, ctx);
}
#endif
#ifndef OPENSSL_NO_RSA
static RSA_METHOD nuron_rsa =
{
"Nuron RSA method",
@ -238,7 +245,9 @@ static RSA_METHOD nuron_rsa =
NULL,
NULL
};
#endif
#ifndef OPENSSL_NO_DSA
static DSA_METHOD nuron_dsa =
{
"Nuron DSA method",
@ -252,7 +261,9 @@ static DSA_METHOD nuron_dsa =
0, /* flags */
NULL /* app_data */
};
#endif
#ifndef OPENSSL_NO_DH
static DH_METHOD nuron_dh =
{
"Nuron DH method",
@ -264,6 +275,7 @@ static DH_METHOD nuron_dh =
0,
NULL
};
#endif
/* Constants used when creating the ENGINE */
static const char *engine_nuron_id = "nuron";
@ -273,17 +285,29 @@ static const char *engine_nuron_name = "Nuron hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_nuron()
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_nuron_id) ||
!ENGINE_set_name(ret, engine_nuron_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &nuron_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &nuron_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &nuron_dh) ||
#endif
!ENGINE_set_BN_mod_exp(ret, nuron_mod_exp) ||
!ENGINE_set_init_function(ret, nuron_init) ||
!ENGINE_set_finish_function(ret, nuron_finish) ||
@ -294,6 +318,7 @@ ENGINE *ENGINE_nuron()
return NULL;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the nuron-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@ -306,18 +331,23 @@ ENGINE *ENGINE_nuron()
nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2=DSA_OpenSSL();
nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3=DH_OpenSSL();
nuron_dh.generate_key=meth3->generate_key;
nuron_dh.compute_key=meth3->compute_key;
#endif
return ret;
}

94
crypto/engine/hw_ubsec.c
View File

@ -81,9 +81,12 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dp,
const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
#ifndef OPENSSL_NO_RSA
static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
#endif
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#ifndef OPENSSL_NO_DSA
#if NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
@ -95,11 +98,14 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
#endif
#ifndef OPENSSL_NO_DH
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
static int ubsec_dh_generate_key(DH *dh);
#endif
#if NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num);
@ -115,8 +121,8 @@ static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
{0, NULL, NULL, 0}
};
#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD ubsec_rsa =
{
"UBSEC RSA method",
@ -133,7 +139,9 @@ static RSA_METHOD ubsec_rsa =
NULL,
NULL
};
#endif
#ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD ubsec_dsa =
{
@ -148,7 +156,9 @@ static DSA_METHOD ubsec_dsa =
0, /* flags */
NULL /* app_data */
};
#endif
#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD ubsec_dh =
{
@ -161,6 +171,7 @@ static DH_METHOD ubsec_dh =
0,
NULL
};
#endif
/* Constants used when creating the ENGINE */
static const char *engine_ubsec_id = "ubsec";
@ -170,18 +181,28 @@ static const char *engine_ubsec_name = "UBSEC hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_ubsec()
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DH
#ifndef HAVE_UBSEC_DH
const DH_METHOD *meth3;
#endif /* HAVE_UBSEC_DH */
#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_ubsec_id) ||
!ENGINE_set_name(ret, engine_ubsec_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &ubsec_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &ubsec_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &ubsec_dh) ||
#endif
!ENGINE_set_BN_mod_exp(ret, ubsec_mod_exp) ||
!ENGINE_set_BN_mod_exp_crt(ret, ubsec_mod_exp_crt) ||
!ENGINE_set_init_function(ret, ubsec_init) ||
@ -193,6 +214,7 @@ ENGINE *ENGINE_ubsec()
return NULL;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the Broadcom-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@ -205,13 +227,16 @@ ENGINE *ENGINE_ubsec()
ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DH
#ifndef HAVE_UBSEC_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
ubsec_dh.generate_key = meth3->generate_key;
ubsec_dh.compute_key = meth3->compute_key;
#endif /* HAVE_UBSEC_DH */
#endif
return ret;
}
@ -231,13 +256,19 @@ static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
#ifndef OPENSSL_NO_DH
static t_UBSEC_diffie_hellman_generate_ioctl
*p_UBSEC_diffie_hellman_generate_ioctl = NULL;
static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
/* #ifndef OPENSSL_NO_RSA */
static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
/* #endif */
#ifndef OPENSSL_NO_DSA
static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
#endif
static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
@ -251,12 +282,18 @@ static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
static const char *UBSEC_F3 = "ubsec_open";
static const char *UBSEC_F4 = "ubsec_close";
#ifndef OPENSSL_NO_DH
static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
#endif
/* #ifndef OPENSSL_NO_RSA */
static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
/* #endif */
#ifndef OPENSSL_NO_DSA
static const char *UBSEC_F9 = "dsa_sign_ioctl";
static const char *UBSEC_F10 = "dsa_verify_ioctl";
#endif
static const char *UBSEC_F11 = "math_accelerate_ioctl";
static const char *UBSEC_F12 = "rng_ioctl";
@ -267,12 +304,18 @@ static int ubsec_init(ENGINE *e)
t_UBSEC_ubsec_bits_to_bytes *p2;
t_UBSEC_ubsec_open *p3;
t_UBSEC_ubsec_close *p4;
#ifndef OPENSSL_NO_DH
t_UBSEC_diffie_hellman_generate_ioctl *p5;
t_UBSEC_diffie_hellman_agree_ioctl *p6;
#endif
/* #ifndef OPENSSL_NO_RSA */
t_UBSEC_rsa_mod_exp_ioctl *p7;
t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
/* #endif */
#ifndef OPENSSL_NO_DSA
t_UBSEC_dsa_sign_ioctl *p9;
t_UBSEC_dsa_verify_ioctl *p10;
#endif
t_UBSEC_math_accelerate_ioctl *p11;
t_UBSEC_rng_ioctl *p12;
int fd = 0;
@ -297,14 +340,20 @@ static int ubsec_init(ENGINE *e)
!(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
!(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
!(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
#ifndef OPENSSL_NO_DH
!(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
!(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
#endif
/* #ifndef OPENSSL_NO_RSA */
!(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
!(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
/* #endif */
#ifndef OPENSSL_NO_DSA
!(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
!(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
#endif
!(p11 = (t_UBSEC_math_accelerate_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
!(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)))
@ -318,12 +367,18 @@ static int ubsec_init(ENGINE *e)
p_UBSEC_ubsec_bits_to_bytes = p2;
p_UBSEC_ubsec_open = p3;
p_UBSEC_ubsec_close = p4;
#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = p5;
p_UBSEC_diffie_hellman_agree_ioctl = p6;
#endif
#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = p7;
p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
#endif
#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = p9;
p_UBSEC_dsa_verify_ioctl = p10;
#endif
p_UBSEC_math_accelerate_ioctl = p11;
p_UBSEC_rng_ioctl = p12;
@ -345,12 +400,18 @@ err:
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
p_UBSEC_ubsec_close = NULL;
#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = NULL;
p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = NULL;
p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = NULL;
p_UBSEC_dsa_verify_ioctl = NULL;
#endif
p_UBSEC_math_accelerate_ioctl = NULL;
p_UBSEC_rng_ioctl = NULL;
@ -374,12 +435,18 @@ static int ubsec_finish(ENGINE *e)
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
p_UBSEC_ubsec_close = NULL;
#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = NULL;
p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = NULL;
p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = NULL;
p_UBSEC_dsa_verify_ioctl = NULL;
#endif
p_UBSEC_math_accelerate_ioctl = NULL;
p_UBSEC_rng_ioctl = NULL;
return 1;
@ -456,6 +523,7 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return 1;
}
#ifndef OPENSSL_NO_RSA
static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
@ -485,6 +553,7 @@ err:
BN_CTX_free(ctx);
return to_return;
}
#endif
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dp,
@ -532,6 +601,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return 1;
}
#ifndef OPENSSL_NO_DSA
#if NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
@ -560,26 +630,33 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
return ubsec_mod_exp(r, a, p, m, ctx);
}
#endif
#endif
/*
* This function is aliased to mod_exp (with the mont stuff dropped).
*/
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
{
int ret = 0;
#ifndef OPENSSL_NO_RSA
/* Do in software if the key is too large for the hardware. */
if (BN_num_bits(m) > 1024) {
if (BN_num_bits(m) > 1024)
{
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
} else {
}
else
#endif
{
ret = ubsec_mod_exp(r, a, p, m, ctx);
}
}
return ret;
}
}
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
@ -587,7 +664,9 @@ static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
{
return ubsec_mod_exp(r, a, p, m, ctx);
}
#endif
#ifndef OPENSSL_NO_DSA
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
DSA_SIG *to_return = NULL;
@ -701,7 +780,9 @@ err:
BN_clear_free(&v);
return to_return;
}
#endif
#ifndef OPENSSL_NO_DSA
static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
{
return 0;
@ -711,6 +792,7 @@ static int ubsec_dh_generate_key (DH *dh)
{
return 0;
}
#endif
#ifdef NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num)