aboutsummaryrefslogtreecommitdiff
path: root/openssl/engines
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/engines')
-rw-r--r--openssl/engines/ccgost/e_gost_err.c256
-rw-r--r--openssl/engines/ccgost/e_gost_err.h161
-rw-r--r--openssl/engines/ccgost/gost2001.c562
-rw-r--r--openssl/engines/ccgost/gost2001_keyx.c514
-rw-r--r--openssl/engines/ccgost/gost2001_keyx.h16
-rw-r--r--openssl/engines/ccgost/gost89.c894
-rw-r--r--openssl/engines/ccgost/gost89.h104
-rw-r--r--openssl/engines/ccgost/gost94_keyx.c487
-rw-r--r--openssl/engines/ccgost/gost_ameth.c1734
-rw-r--r--openssl/engines/ccgost/gost_asn1.c31
-rw-r--r--openssl/engines/ccgost/gost_crypt.c1111
-rw-r--r--openssl/engines/ccgost/gost_ctl.c138
-rw-r--r--openssl/engines/ccgost/gost_eng.c453
-rw-r--r--openssl/engines/ccgost/gost_keywrap.c155
-rw-r--r--openssl/engines/ccgost/gost_keywrap.h60
-rw-r--r--openssl/engines/ccgost/gost_lcl.h265
-rw-r--r--openssl/engines/ccgost/gost_md.c107
-rw-r--r--openssl/engines/ccgost/gost_params.c371
-rw-r--r--openssl/engines/ccgost/gost_params.h28
-rw-r--r--openssl/engines/ccgost/gost_pmeth.c1099
-rw-r--r--openssl/engines/ccgost/gost_sign.c479
-rw-r--r--openssl/engines/ccgost/gosthash.c404
-rw-r--r--openssl/engines/ccgost/gosthash.h54
-rw-r--r--openssl/engines/ccgost/gostsum.c349
-rw-r--r--openssl/engines/e_4758cca.c1673
-rw-r--r--openssl/engines/e_4758cca_err.c130
-rw-r--r--openssl/engines/e_4758cca_err.h43
-rw-r--r--openssl/engines/e_aep.c1881
-rw-r--r--openssl/engines/e_aep_err.c144
-rw-r--r--openssl/engines/e_aep_err.h59
-rw-r--r--openssl/engines/e_atalla.c961
-rw-r--r--openssl/engines/e_atalla_err.c118
-rw-r--r--openssl/engines/e_atalla_err.h35
-rw-r--r--openssl/engines/e_capi.c3162
-rw-r--r--openssl/engines/e_capi_err.c195
-rw-r--r--openssl/engines/e_capi_err.h105
-rw-r--r--openssl/engines/e_chil.c2245
-rw-r--r--openssl/engines/e_chil_err.c141
-rw-r--r--openssl/engines/e_chil_err.h57
-rw-r--r--openssl/engines/e_cswift.c1862
-rw-r--r--openssl/engines/e_cswift_err.c128
-rw-r--r--openssl/engines/e_cswift_err.h45
-rw-r--r--openssl/engines/e_gmp.c718
-rw-r--r--openssl/engines/e_gmp_err.c98
-rw-r--r--openssl/engines/e_gmp_err.h19
-rw-r--r--openssl/engines/e_nuron.c638
-rw-r--r--openssl/engines/e_nuron_err.c112
-rw-r--r--openssl/engines/e_nuron_err.h29
-rw-r--r--openssl/engines/e_padlock.c1935
-rw-r--r--openssl/engines/e_sureware.c1719
-rw-r--r--openssl/engines/e_sureware_err.c136
-rw-r--r--openssl/engines/e_sureware_err.h56
-rw-r--r--openssl/engines/e_ubsec.c1748
-rw-r--r--openssl/engines/e_ubsec_err.c135
-rw-r--r--openssl/engines/e_ubsec_err.h51
-rw-r--r--openssl/engines/vendor_defns/aep.h233
-rw-r--r--openssl/engines/vendor_defns/atalla.h70
-rw-r--r--openssl/engines/vendor_defns/cswift.h391
-rw-r--r--openssl/engines/vendor_defns/hw_4758_cca.h233
-rw-r--r--openssl/engines/vendor_defns/hw_ubsec.h108
-rw-r--r--openssl/engines/vendor_defns/hwcryptohook.h382
-rw-r--r--openssl/engines/vendor_defns/sureware.h347
62 files changed, 16074 insertions, 15900 deletions
diff --git a/openssl/engines/ccgost/e_gost_err.c b/openssl/engines/ccgost/e_gost_err.c
index 9a79a374e..3201b648f 100644
--- a/openssl/engines/ccgost/e_gost_err.c
+++ b/openssl/engines/ccgost/e_gost_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,148 +66,155 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA GOST_str_functs[]=
- {
-{ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
-{ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
-{ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
-{ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
-{ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
-{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
-{ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
-{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"},
-{ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"},
-{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS), "GOST89_GET_ASN1_PARAMETERS"},
-{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS), "GOST89_SET_ASN1_PARAMETERS"},
-{ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
-{ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
-{ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
-{ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
-{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
-{ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
-{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
-{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
-{ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
-{ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
-{ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
-{ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
-{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
-{ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
-{ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
-{ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
-{ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
-{ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
-{ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
-{ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
-{ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
-{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
-{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
-{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
-{ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
-{ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
-{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
-{ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
-{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
-{ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
-{ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA GOST_str_reasons[]=
- {
-{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
-{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
-{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
-{ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"},
-{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
-{ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"},
-{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"},
-{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"},
-{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"},
-{ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS),"invalid cipher params"},
-{ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID),"invalid cipher param oid"},
-{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
-{ERR_REASON(GOST_R_INVALID_GOST94_PARMSET),"invalid gost94 parmset"},
-{ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"},
-{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
-{ERR_REASON(GOST_R_INVALID_PARAMSET) ,"invalid paramset"},
-{ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED),"key is not initalized"},
-{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
-{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
-{ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"},
-{ERR_REASON(GOST_R_MALLOC_FAILURE) ,"malloc failure"},
-{ERR_REASON(GOST_R_NO_MEMORY) ,"no memory"},
-{ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"},
-{ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"},
-{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
-{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
-{ERR_REASON(GOST_R_RANDOM_GENERATOR_ERROR),"random generator error"},
-{ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"},
-{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
-{ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"},
-{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
-{ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"},
-{ERR_REASON(GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND),"unsupported cipher ctl command"},
-{ERR_REASON(GOST_R_UNSUPPORTED_PARAMETER_SET),"unsupported parameter set"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA GOST_str_functs[] = {
+ {ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
+ {ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
+ {ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
+ {ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
+ {ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
+ {ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
+ {ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
+ {ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"},
+ {ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"},
+ {ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),
+ "GOST89_GET_ASN1_PARAMETERS"},
+ {ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),
+ "GOST89_SET_ASN1_PARAMETERS"},
+ {ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
+ {ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
+ {ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
+ {ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
+ {ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
+ {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
+ {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
+ {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
+ {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
+ {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
+ {ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
+ {ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
+ {ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
+ {ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
+ {ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
+ {ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
+ {ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
+ {ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
+ {ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
+ {ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
+ {ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
+ {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
+ {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
+ {ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
+ {ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
+ {ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
+ {ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
+ {ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
+ {ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
+ {ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
+ {ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA GOST_str_reasons[] = {
+ {ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),
+ "bad key parameters format"},
+ {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),
+ "bad pkey parameters format"},
+ {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),
+ "cannot pack ephemeral key"},
+ {ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"},
+ {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),
+ "error computing shared key"},
+ {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),
+ "error packing key transport info"},
+ {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),
+ "error parsing key transport info"},
+ {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"},
+ {ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"},
+ {ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"},
+ {ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"},
+ {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+ {ERR_REASON(GOST_R_INVALID_GOST94_PARMSET), "invalid gost94 parmset"},
+ {ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"},
+ {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"},
+ {ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"},
+ {ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"},
+ {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"},
+ {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"},
+ {ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"},
+ {ERR_REASON(GOST_R_MALLOC_FAILURE), "malloc failure"},
+ {ERR_REASON(GOST_R_NO_MEMORY), "no memory"},
+ {ERR_REASON(GOST_R_NO_PARAMETERS_SET), "no parameters set"},
+ {ERR_REASON(GOST_R_NO_PEER_KEY), "no peer key"},
+ {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),
+ "no private part of non ephemeral keypair"},
+ {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED), "public key undefined"},
+ {ERR_REASON(GOST_R_RANDOM_GENERATOR_ERROR), "random generator error"},
+ {ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE), "random generator failure"},
+ {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),
+ "random number generator failed"},
+ {ERR_REASON(GOST_R_SIGNATURE_MISMATCH), "signature mismatch"},
+ {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),
+ "signature parts greater than q"},
+ {ERR_REASON(GOST_R_UKM_NOT_SET), "ukm not set"},
+ {ERR_REASON(GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND),
+ "unsupported cipher ctl command"},
+ {ERR_REASON(GOST_R_UNSUPPORTED_PARAMETER_SET),
+ "unsupported parameter set"},
+ {0, NULL}
+};
#endif
#ifdef GOST_LIB_NAME
-static ERR_STRING_DATA GOST_lib_name[]=
- {
-{0 ,GOST_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA GOST_lib_name[] = {
+ {0, GOST_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int GOST_lib_error_code=0;
-static int GOST_error_init=1;
+static int GOST_lib_error_code = 0;
+static int GOST_error_init = 1;
void ERR_load_GOST_strings(void)
- {
- if (GOST_lib_error_code == 0)
- GOST_lib_error_code=ERR_get_next_error_library();
+{
+ if (GOST_lib_error_code == 0)
+ GOST_lib_error_code = ERR_get_next_error_library();
- if (GOST_error_init)
- {
- GOST_error_init=0;
+ if (GOST_error_init) {
+ GOST_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(GOST_lib_error_code,GOST_str_functs);
- ERR_load_strings(GOST_lib_error_code,GOST_str_reasons);
+ ERR_load_strings(GOST_lib_error_code, GOST_str_functs);
+ ERR_load_strings(GOST_lib_error_code, GOST_str_reasons);
#endif
#ifdef GOST_LIB_NAME
- GOST_lib_name->error = ERR_PACK(GOST_lib_error_code,0,0);
- ERR_load_strings(0,GOST_lib_name);
+ GOST_lib_name->error = ERR_PACK(GOST_lib_error_code, 0, 0);
+ ERR_load_strings(0, GOST_lib_name);
#endif
- }
- }
+ }
+}
void ERR_unload_GOST_strings(void)
- {
- if (GOST_error_init == 0)
- {
+{
+ if (GOST_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(GOST_lib_error_code,GOST_str_functs);
- ERR_unload_strings(GOST_lib_error_code,GOST_str_reasons);
+ ERR_unload_strings(GOST_lib_error_code, GOST_str_functs);
+ ERR_unload_strings(GOST_lib_error_code, GOST_str_reasons);
#endif
#ifdef GOST_LIB_NAME
- ERR_unload_strings(0,GOST_lib_name);
+ ERR_unload_strings(0, GOST_lib_name);
#endif
- GOST_error_init=1;
- }
- }
+ GOST_error_init = 1;
+ }
+}
void ERR_GOST_error(int function, int reason, char *file, int line)
- {
- if (GOST_lib_error_code == 0)
- GOST_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(GOST_lib_error_code,function,reason,file,line);
- }
+{
+ if (GOST_lib_error_code == 0)
+ GOST_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(GOST_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/ccgost/e_gost_err.h b/openssl/engines/ccgost/e_gost_err.h
index 6dc500079..92be55845 100644
--- a/openssl/engines/ccgost/e_gost_err.h
+++ b/openssl/engines/ccgost/e_gost_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,102 +53,103 @@
*/
#ifndef HEADER_GOST_ERR_H
-#define HEADER_GOST_ERR_H
+# define HEADER_GOST_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_GOST_strings(void);
void ERR_unload_GOST_strings(void);
void ERR_GOST_error(int function, int reason, char *file, int line);
-#define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
+# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
/* Error codes for the GOST functions. */
/* Function codes. */
-#define GOST_F_DECODE_GOST_ALGOR_PARAMS 99
-#define GOST_F_ENCODE_GOST_ALGOR_PARAMS 100
-#define GOST_F_FILL_GOST2001_PARAMS 101
-#define GOST_F_FILL_GOST94_PARAMS 102
-#define GOST_F_GET_ENCRYPTION_PARAMS 103
-#define GOST_F_GOST2001_COMPUTE_PUBLIC 104
-#define GOST_F_GOST2001_DO_SIGN 105
-#define GOST_F_GOST2001_DO_VERIFY 106
-#define GOST_F_GOST2001_KEYGEN 107
-#define GOST_F_GOST89_GET_ASN1_PARAMETERS 108
-#define GOST_F_GOST89_SET_ASN1_PARAMETERS 109
-#define GOST_F_GOST94_COMPUTE_PUBLIC 110
-#define GOST_F_GOST_CIPHER_CTL 111
-#define GOST_F_GOST_DO_SIGN 112
-#define GOST_F_GOST_DO_VERIFY 113
-#define GOST_F_GOST_IMIT_CTRL 114
-#define GOST_F_GOST_IMIT_FINAL 140
-#define GOST_F_GOST_IMIT_UPDATE 115
-#define GOST_F_PARAM_COPY_GOST01 116
-#define GOST_F_PARAM_COPY_GOST94 117
-#define GOST_F_PKEY_GOST01CP_DECRYPT 118
-#define GOST_F_PKEY_GOST01CP_ENCRYPT 119
-#define GOST_F_PKEY_GOST01CP_KEYGEN 120
-#define GOST_F_PKEY_GOST01_PARAMGEN 138
-#define GOST_F_PKEY_GOST2001_DERIVE 121
-#define GOST_F_PKEY_GOST94CP_DECRYPT 122
-#define GOST_F_PKEY_GOST94CP_ENCRYPT 123
-#define GOST_F_PKEY_GOST94CP_KEYGEN 124
-#define GOST_F_PKEY_GOST94_PARAMGEN 139
-#define GOST_F_PKEY_GOST_CTRL 125
-#define GOST_F_PKEY_GOST_CTRL01_STR 126
-#define GOST_F_PKEY_GOST_CTRL94_STR 127
-#define GOST_F_PKEY_GOST_MAC_CTRL 128
-#define GOST_F_PKEY_GOST_MAC_CTRL_STR 129
-#define GOST_F_PKEY_GOST_MAC_KEYGEN 130
-#define GOST_F_PRINT_GOST_01 131
-#define GOST_F_PRIV_DECODE_GOST 132
-#define GOST_F_PUB_DECODE_GOST01 133
-#define GOST_F_PUB_DECODE_GOST94 134
-#define GOST_F_PUB_ENCODE_GOST01 135
-#define GOST_F_UNPACK_CC_SIGNATURE 136
-#define GOST_F_UNPACK_CP_SIGNATURE 137
+# define GOST_F_DECODE_GOST_ALGOR_PARAMS 99
+# define GOST_F_ENCODE_GOST_ALGOR_PARAMS 100
+# define GOST_F_FILL_GOST2001_PARAMS 101
+# define GOST_F_FILL_GOST94_PARAMS 102
+# define GOST_F_GET_ENCRYPTION_PARAMS 103
+# define GOST_F_GOST2001_COMPUTE_PUBLIC 104
+# define GOST_F_GOST2001_DO_SIGN 105
+# define GOST_F_GOST2001_DO_VERIFY 106
+# define GOST_F_GOST2001_KEYGEN 107
+# define GOST_F_GOST89_GET_ASN1_PARAMETERS 108
+# define GOST_F_GOST89_SET_ASN1_PARAMETERS 109
+# define GOST_F_GOST94_COMPUTE_PUBLIC 110
+# define GOST_F_GOST_CIPHER_CTL 111
+# define GOST_F_GOST_DO_SIGN 112
+# define GOST_F_GOST_DO_VERIFY 113
+# define GOST_F_GOST_IMIT_CTRL 114
+# define GOST_F_GOST_IMIT_FINAL 140
+# define GOST_F_GOST_IMIT_UPDATE 115
+# define GOST_F_PARAM_COPY_GOST01 116
+# define GOST_F_PARAM_COPY_GOST94 117
+# define GOST_F_PKEY_GOST01CP_DECRYPT 118
+# define GOST_F_PKEY_GOST01CP_ENCRYPT 119
+# define GOST_F_PKEY_GOST01CP_KEYGEN 120
+# define GOST_F_PKEY_GOST01_PARAMGEN 138
+# define GOST_F_PKEY_GOST2001_DERIVE 121
+# define GOST_F_PKEY_GOST94CP_DECRYPT 122
+# define GOST_F_PKEY_GOST94CP_ENCRYPT 123
+# define GOST_F_PKEY_GOST94CP_KEYGEN 124
+# define GOST_F_PKEY_GOST94_PARAMGEN 139
+# define GOST_F_PKEY_GOST_CTRL 125
+# define GOST_F_PKEY_GOST_CTRL01_STR 126
+# define GOST_F_PKEY_GOST_CTRL94_STR 127
+# define GOST_F_PKEY_GOST_MAC_CTRL 128
+# define GOST_F_PKEY_GOST_MAC_CTRL_STR 129
+# define GOST_F_PKEY_GOST_MAC_KEYGEN 130
+# define GOST_F_PRINT_GOST_01 131
+# define GOST_F_PRIV_DECODE_GOST 132
+# define GOST_F_PUB_DECODE_GOST01 133
+# define GOST_F_PUB_DECODE_GOST94 134
+# define GOST_F_PUB_ENCODE_GOST01 135
+# define GOST_F_UNPACK_CC_SIGNATURE 136
+# define GOST_F_UNPACK_CP_SIGNATURE 137
/* Reason codes. */
-#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 99
-#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 100
-#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 101
-#define GOST_R_CTRL_CALL_FAILED 132
-#define GOST_R_ERROR_COMPUTING_SHARED_KEY 102
-#define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 103
-#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 104
-#define GOST_R_INCOMPATIBLE_ALGORITHMS 105
-#define GOST_R_INCOMPATIBLE_PEER_KEY 131
-#define GOST_R_INVALID_CIPHER_PARAMS 106
-#define GOST_R_INVALID_CIPHER_PARAM_OID 107
-#define GOST_R_INVALID_DIGEST_TYPE 108
-#define GOST_R_INVALID_GOST94_PARMSET 109
-#define GOST_R_INVALID_IV_LENGTH 110
-#define GOST_R_INVALID_MAC_KEY_LENGTH 111
-#define GOST_R_INVALID_PARAMSET 112
-#define GOST_R_KEY_IS_NOT_INITALIZED 113
-#define GOST_R_KEY_IS_NOT_INITIALIZED 114
-#define GOST_R_KEY_PARAMETERS_MISSING 115
-#define GOST_R_MAC_KEY_NOT_SET 116
-#define GOST_R_MALLOC_FAILURE 117
-#define GOST_R_NO_MEMORY 118
-#define GOST_R_NO_PARAMETERS_SET 119
-#define GOST_R_NO_PEER_KEY 120
-#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 121
-#define GOST_R_PUBLIC_KEY_UNDEFINED 122
-#define GOST_R_RANDOM_GENERATOR_ERROR 123
-#define GOST_R_RANDOM_GENERATOR_FAILURE 124
-#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 125
-#define GOST_R_SIGNATURE_MISMATCH 126
-#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 127
-#define GOST_R_UKM_NOT_SET 128
-#define GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND 129
-#define GOST_R_UNSUPPORTED_PARAMETER_SET 130
+# define GOST_R_BAD_KEY_PARAMETERS_FORMAT 99
+# define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 100
+# define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 101
+# define GOST_R_CTRL_CALL_FAILED 132
+# define GOST_R_ERROR_COMPUTING_SHARED_KEY 102
+# define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 103
+# define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 104
+# define GOST_R_INCOMPATIBLE_ALGORITHMS 105
+# define GOST_R_INCOMPATIBLE_PEER_KEY 131
+# define GOST_R_INVALID_CIPHER_PARAMS 106
+# define GOST_R_INVALID_CIPHER_PARAM_OID 107
+# define GOST_R_INVALID_DIGEST_TYPE 108
+# define GOST_R_INVALID_GOST94_PARMSET 109
+# define GOST_R_INVALID_IV_LENGTH 110
+# define GOST_R_INVALID_MAC_KEY_LENGTH 111
+# define GOST_R_INVALID_PARAMSET 112
+# define GOST_R_KEY_IS_NOT_INITALIZED 113
+# define GOST_R_KEY_IS_NOT_INITIALIZED 114
+# define GOST_R_KEY_PARAMETERS_MISSING 115
+# define GOST_R_MAC_KEY_NOT_SET 116
+# define GOST_R_MALLOC_FAILURE 117
+# define GOST_R_NO_MEMORY 118
+# define GOST_R_NO_PARAMETERS_SET 119
+# define GOST_R_NO_PEER_KEY 120
+# define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 121
+# define GOST_R_PUBLIC_KEY_UNDEFINED 122
+# define GOST_R_RANDOM_GENERATOR_ERROR 123
+# define GOST_R_RANDOM_GENERATOR_FAILURE 124
+# define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 125
+# define GOST_R_SIGNATURE_MISMATCH 126
+# define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 127
+# define GOST_R_UKM_NOT_SET 128
+# define GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND 129
+# define GOST_R_UNSUPPORTED_PARAMETER_SET 130
#ifdef __cplusplus
}
diff --git a/openssl/engines/ccgost/gost2001.c b/openssl/engines/ccgost/gost2001.c
index dacd82d2b..2b9669482 100644
--- a/openssl/engines/ccgost/gost2001.c
+++ b/openssl/engines/ccgost/gost2001.c
@@ -3,7 +3,7 @@
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
- * Implementation of GOST R 34.10-2001 *
+ * Implementation of GOST R 34.10-2001 *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include "gost_lcl.h"
@@ -14,13 +14,14 @@
#include <openssl/err.h>
#include "e_gost_err.h"
#ifdef DEBUG_SIGN
-extern
-void dump_signature(const char *message,const unsigned char *buffer,size_t len);
+extern
+void dump_signature(const char *message, const unsigned char *buffer,
+ size_t len);
void dump_dsa_sig(const char *message, DSA_SIG *sig);
#else
-#define dump_signature(a,b,c)
-#define dump_dsa_sig(a,b)
+# define dump_signature(a,b,c)
+# define dump_dsa_sig(a,b)
#endif
/*
@@ -30,314 +31,309 @@ void dump_dsa_sig(const char *message, DSA_SIG *sig);
*
* Also fils DSA->q field with copy of EC_GROUP order field to make
* DSA_size function work
- */
+ */
int fill_GOST2001_params(EC_KEY *eckey, int nid)
- {
- R3410_2001_params *params = R3410_2001_paramset;
- EC_GROUP *grp=NULL;
- BIGNUM *p=NULL,*q=NULL,*a=NULL,*b=NULL,*x=NULL,*y=NULL;
- EC_POINT *P=NULL;
- BN_CTX *ctx=BN_CTX_new();
- int ok=0;
-
- BN_CTX_start(ctx);
- p=BN_CTX_get(ctx);
- a=BN_CTX_get(ctx);
- b=BN_CTX_get(ctx);
- x=BN_CTX_get(ctx);
- y=BN_CTX_get(ctx);
- q=BN_CTX_get(ctx);
- while (params->nid!=NID_undef && params->nid != nid) params++;
- if (params->nid == NID_undef)
- {
- GOSTerr(GOST_F_FILL_GOST2001_PARAMS,GOST_R_UNSUPPORTED_PARAMETER_SET);
- goto err;
- }
- BN_hex2bn(&p,params->p);
- BN_hex2bn(&a,params->a);
- BN_hex2bn(&b,params->b);
-
- grp = EC_GROUP_new_curve_GFp(p,a,b,ctx);
+{
+ R3410_2001_params *params = R3410_2001_paramset;
+ EC_GROUP *grp = NULL;
+ BIGNUM *p = NULL, *q = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
+ EC_POINT *P = NULL;
+ BN_CTX *ctx = BN_CTX_new();
+ int ok = 0;
- P = EC_POINT_new(grp);
+ BN_CTX_start(ctx);
+ p = BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ while (params->nid != NID_undef && params->nid != nid)
+ params++;
+ if (params->nid == NID_undef) {
+ GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
+ GOST_R_UNSUPPORTED_PARAMETER_SET);
+ goto err;
+ }
+ BN_hex2bn(&p, params->p);
+ BN_hex2bn(&a, params->a);
+ BN_hex2bn(&b, params->b);
- BN_hex2bn(&x,params->x);
- BN_hex2bn(&y,params->y);
- EC_POINT_set_affine_coordinates_GFp(grp,P,x,y,ctx);
- BN_hex2bn(&q,params->q);
-#ifdef DEBUG_KEYS
- fprintf(stderr,"Set params index %d oid %s\nq=",
- (params-R3410_2001_paramset),OBJ_nid2sn(params->nid));
- BN_print_fp(stderr,q);
- fprintf(stderr,"\n");
-#endif
+ grp = EC_GROUP_new_curve_GFp(p, a, b, ctx);
+
+ P = EC_POINT_new(grp);
- EC_GROUP_set_generator(grp,P,q,NULL);
- EC_GROUP_set_curve_name(grp,params->nid);
+ BN_hex2bn(&x, params->x);
+ BN_hex2bn(&y, params->y);
+ EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx);
+ BN_hex2bn(&q, params->q);
+#ifdef DEBUG_KEYS
+ fprintf(stderr, "Set params index %d oid %s\nq=",
+ (params - R3410_2001_paramset), OBJ_nid2sn(params->nid));
+ BN_print_fp(stderr, q);
+ fprintf(stderr, "\n");
+#endif
- EC_KEY_set_group(eckey,grp);
- ok=1;
- err:
- EC_POINT_free(P);
- EC_GROUP_free(grp);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return ok;
- }
+ EC_GROUP_set_generator(grp, P, q, NULL);
+ EC_GROUP_set_curve_name(grp, params->nid);
+ EC_KEY_set_group(eckey, grp);
+ ok = 1;
+ err:
+ EC_POINT_free(P);
+ EC_GROUP_free(grp);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return ok;
+}
/*
- * Computes gost2001 signature as DSA_SIG structure
+ * Computes gost2001 signature as DSA_SIG structure
*
*
- */
-DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey)
- {
- DSA_SIG *newsig = NULL;
- BIGNUM *md = hashsum2bn(dgst);
- BIGNUM *order = NULL;
- const EC_GROUP *group;
- const BIGNUM *priv_key;
- BIGNUM *r=NULL,*s=NULL,*X=NULL,*tmp=NULL,*tmp2=NULL, *k=NULL,*e=NULL;
- EC_POINT *C=NULL;
- BN_CTX *ctx = BN_CTX_new();
- BN_CTX_start(ctx);
- OPENSSL_assert(dlen==32);
- newsig=DSA_SIG_new();
- if (!newsig)
- {
- GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_NO_MEMORY);
- goto err;
- }
- group = EC_KEY_get0_group(eckey);
- order=BN_CTX_get(ctx);
- EC_GROUP_get_order(group,order,ctx);
- priv_key = EC_KEY_get0_private_key(eckey);
- e = BN_CTX_get(ctx);
- BN_mod(e,md,order,ctx);
+ */
+DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+ DSA_SIG *newsig = NULL;
+ BIGNUM *md = hashsum2bn(dgst);
+ BIGNUM *order = NULL;
+ const EC_GROUP *group;
+ const BIGNUM *priv_key;
+ BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
+ NULL, *e = NULL;
+ EC_POINT *C = NULL;
+ BN_CTX *ctx = BN_CTX_new();
+ BN_CTX_start(ctx);
+ OPENSSL_assert(dlen == 32);
+ newsig = DSA_SIG_new();
+ if (!newsig) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, GOST_R_NO_MEMORY);
+ goto err;
+ }
+ group = EC_KEY_get0_group(eckey);
+ order = BN_CTX_get(ctx);
+ EC_GROUP_get_order(group, order, ctx);
+ priv_key = EC_KEY_get0_private_key(eckey);
+ e = BN_CTX_get(ctx);
+ BN_mod(e, md, order, ctx);
#ifdef DEBUG_SIGN
- fprintf(stderr,"digest as bignum=");
- BN_print_fp(stderr,md);
- fprintf(stderr,"\ndigest mod q=");
- BN_print_fp(stderr,e);
- fprintf(stderr,"\n");
-#endif
- if (BN_is_zero(e))
- {
- BN_one(e);
- }
- k =BN_CTX_get(ctx);
- C=EC_POINT_new(group);
- do
- {
- do
- {
- if (!BN_rand_range(k,order))
- {
- GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
- DSA_SIG_free(newsig);
- newsig = NULL;
- goto err;
- }
- if (!EC_POINT_mul(group,C,k,NULL,NULL,ctx))
- {
- GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB);
- DSA_SIG_free(newsig);
- newsig = NULL;
- goto err;
- }
- if (!X) X=BN_CTX_get(ctx);
- if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx))
- {
- GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB);
- DSA_SIG_free(newsig);
- newsig = NULL;
- goto err;
- }
- if (!r) r=BN_CTX_get(ctx);
- BN_nnmod(r,X,order,ctx);
- }
- while (BN_is_zero(r));
- /* s = (r*priv_key+k*e) mod order */
- if (!tmp) tmp = BN_CTX_get(ctx);
- BN_mod_mul(tmp,priv_key,r,order,ctx);
- if (!tmp2) tmp2 = BN_CTX_get(ctx);
- BN_mod_mul(tmp2,k,e,order,ctx);
- if (!s) s=BN_CTX_get(ctx);
- BN_mod_add(s,tmp,tmp2,order,ctx);
- }
- while (BN_is_zero(s));
+ fprintf(stderr, "digest as bignum=");
+ BN_print_fp(stderr, md);
+ fprintf(stderr, "\ndigest mod q=");
+ BN_print_fp(stderr, e);
+ fprintf(stderr, "\n");
+#endif
+ if (BN_is_zero(e)) {
+ BN_one(e);
+ }
+ k = BN_CTX_get(ctx);
+ C = EC_POINT_new(group);
+ do {
+ do {
+ if (!BN_rand_range(k, order)) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN,
+ GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+ DSA_SIG_free(newsig);
+ newsig = NULL;
+ goto err;
+ }
+ if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+ DSA_SIG_free(newsig);
+ newsig = NULL;
+ goto err;
+ }
+ if (!X)
+ X = BN_CTX_get(ctx);
+ if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+ DSA_SIG_free(newsig);
+ newsig = NULL;
+ goto err;
+ }
+ if (!r)
+ r = BN_CTX_get(ctx);
+ BN_nnmod(r, X, order, ctx);
+ }
+ while (BN_is_zero(r));
+ /* s = (r*priv_key+k*e) mod order */
+ if (!tmp)
+ tmp = BN_CTX_get(ctx);
+ BN_mod_mul(tmp, priv_key, r, order, ctx);
+ if (!tmp2)
+ tmp2 = BN_CTX_get(ctx);
+ BN_mod_mul(tmp2, k, e, order, ctx);
+ if (!s)
+ s = BN_CTX_get(ctx);
+ BN_mod_add(s, tmp, tmp2, order, ctx);
+ }
+ while (BN_is_zero(s));
+
+ newsig->s = BN_dup(s);
+ newsig->r = BN_dup(r);
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ EC_POINT_free(C);
+ BN_free(md);
+ return newsig;
+}
- newsig->s=BN_dup(s);
- newsig->r=BN_dup(r);
- err:
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- EC_POINT_free(C);
- BN_free(md);
- return newsig;
- }
/*
* Verifies gost 2001 signature
*
- */
-int gost2001_do_verify(const unsigned char *dgst,int dgst_len,
- DSA_SIG *sig, EC_KEY *ec)
- {
- BN_CTX *ctx=BN_CTX_new();
- const EC_GROUP *group = EC_KEY_get0_group(ec);
- BIGNUM *order;
- BIGNUM *md = NULL,*e=NULL,*R=NULL,*v=NULL,*z1=NULL,*z2=NULL;
- BIGNUM *X=NULL,*tmp=NULL;
- EC_POINT *C = NULL;
- const EC_POINT *pub_key=NULL;
- int ok=0;
+ */
+int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, EC_KEY *ec)
+{
+ BN_CTX *ctx = BN_CTX_new();
+ const EC_GROUP *group = EC_KEY_get0_group(ec);
+ BIGNUM *order;
+ BIGNUM *md = NULL, *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 =
+ NULL;
+ BIGNUM *X = NULL, *tmp = NULL;
+ EC_POINT *C = NULL;
+ const EC_POINT *pub_key = NULL;
+ int ok = 0;
+
+ BN_CTX_start(ctx);
+ order = BN_CTX_get(ctx);
+ e = BN_CTX_get(ctx);
+ z1 = BN_CTX_get(ctx);
+ z2 = BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ R = BN_CTX_get(ctx);
+ v = BN_CTX_get(ctx);
- BN_CTX_start(ctx);
- order = BN_CTX_get(ctx);
- e = BN_CTX_get(ctx);
- z1 = BN_CTX_get(ctx);
- z2 = BN_CTX_get(ctx);
- tmp = BN_CTX_get(ctx);
- X= BN_CTX_get(ctx);
- R=BN_CTX_get(ctx);
- v=BN_CTX_get(ctx);
-
- EC_GROUP_get_order(group,order,ctx);
- pub_key = EC_KEY_get0_public_key(ec);
- if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
- (BN_cmp(sig->s,order)>=1) || (BN_cmp(sig->r,order)>=1))
- {
- GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
- goto err;
+ EC_GROUP_get_order(group, order, ctx);
+ pub_key = EC_KEY_get0_public_key(ec);
+ if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
+ (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY,
+ GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
+ goto err;
- }
- md = hashsum2bn(dgst);
+ }
+ md = hashsum2bn(dgst);
- BN_mod(e,md,order,ctx);
+ BN_mod(e, md, order, ctx);
#ifdef DEBUG_SIGN
- fprintf(stderr,"digest as bignum: ");
- BN_print_fp(stderr,md);
- fprintf(stderr,"\ndigest mod q: ");
- BN_print_fp(stderr,e);
-#endif
- if (BN_is_zero(e)) BN_one(e);
- v=BN_mod_inverse(v,e,order,ctx);
- BN_mod_mul(z1,sig->s,v,order,ctx);
- BN_sub(tmp,order,sig->r);
- BN_mod_mul(z2,tmp,v,order,ctx);
+ fprintf(stderr, "digest as bignum: ");
+ BN_print_fp(stderr, md);
+ fprintf(stderr, "\ndigest mod q: ");
+ BN_print_fp(stderr, e);
+#endif
+ if (BN_is_zero(e))
+ BN_one(e);
+ v = BN_mod_inverse(v, e, order, ctx);
+ BN_mod_mul(z1, sig->s, v, order, ctx);
+ BN_sub(tmp, order, sig->r);
+ BN_mod_mul(z2, tmp, v, order, ctx);
#ifdef DEBUG_SIGN
- fprintf(stderr,"\nInverted digest value: ");
- BN_print_fp(stderr,v);
- fprintf(stderr,"\nz1: ");
- BN_print_fp(stderr,z1);
- fprintf(stderr,"\nz2: ");
- BN_print_fp(stderr,z2);
-#endif
- C = EC_POINT_new(group);
- if (!EC_POINT_mul(group,C,z1,pub_key,z2,ctx))
- {
- GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB);
- goto err;
- }
- if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx))
- {
- GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB);
- goto err;
- }
- BN_mod(R,X,order,ctx);
+ fprintf(stderr, "\nInverted digest value: ");
+ BN_print_fp(stderr, v);
+ fprintf(stderr, "\nz1: ");
+ BN_print_fp(stderr, z1);
+ fprintf(stderr, "\nz2: ");
+ BN_print_fp(stderr, z2);
+#endif
+ C = EC_POINT_new(group);
+ if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+ BN_mod(R, X, order, ctx);
#ifdef DEBUG_SIGN
- fprintf(stderr,"\nX=");
- BN_print_fp(stderr,X);
- fprintf(stderr,"\nX mod q=");
- BN_print_fp(stderr,R);
- fprintf(stderr,"\n");
-#endif
- if (BN_cmp(R,sig->r)!=0)
- {
- GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_MISMATCH);
- }
- else
- {
- ok = 1;
- }
- err:
- EC_POINT_free(C);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- BN_free(md);
- return ok;
- }
+ fprintf(stderr, "\nX=");
+ BN_print_fp(stderr, X);
+ fprintf(stderr, "\nX mod q=");
+ BN_print_fp(stderr, R);
+ fprintf(stderr, "\n");
+#endif
+ if (BN_cmp(R, sig->r) != 0) {
+ GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
+ } else {
+ ok = 1;
+ }
+ err:
+ EC_POINT_free(C);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ BN_free(md);
+ return ok;
+}
+
/*
* Computes GOST R 34.10-2001 public key
*
*
- */
-int gost2001_compute_public(EC_KEY *ec)
- {
- const EC_GROUP *group = EC_KEY_get0_group(ec);
- EC_POINT *pub_key=NULL;
- const BIGNUM *priv_key=NULL;
- BN_CTX *ctx=NULL;
- int ok=0;
+ */
+int gost2001_compute_public(EC_KEY *ec)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(ec);
+ EC_POINT *pub_key = NULL;
+ const BIGNUM *priv_key = NULL;
+ BN_CTX *ctx = NULL;
+ int ok = 0;
+
+ if (!group) {
+ GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
+ GOST_R_KEY_IS_NOT_INITIALIZED);
+ return 0;
+ }
+ ctx = BN_CTX_new();
+ BN_CTX_start(ctx);
+ if (!(priv_key = EC_KEY_get0_private_key(ec))) {
+ GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+ goto err;
+ }
- if (!group)
- {
- GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,GOST_R_KEY_IS_NOT_INITIALIZED);
- return 0;
- }
- ctx=BN_CTX_new();
- BN_CTX_start(ctx);
- if (!(priv_key=EC_KEY_get0_private_key(ec)))
- {
- GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB);
- goto err;
- }
+ pub_key = EC_POINT_new(group);
+ if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
+ GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (!EC_KEY_set_public_key(ec, pub_key)) {
+ GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+ goto err;
+ }
+ ok = 256;
+ err:
+ BN_CTX_end(ctx);
+ EC_POINT_free(pub_key);
+ BN_CTX_free(ctx);
+ return ok;
+}
- pub_key = EC_POINT_new(group);
- if (!EC_POINT_mul(group,pub_key,priv_key,NULL,NULL,ctx))
- {
- GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB);
- goto err;
- }
- if (!EC_KEY_set_public_key(ec,pub_key))
- {
- GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB);
- goto err;
- }
- ok = 256;
- err:
- BN_CTX_end(ctx);
- EC_POINT_free(pub_key);
- BN_CTX_free(ctx);
- return ok;
- }
/*
- *
+ *
* Generates GOST R 34.10-2001 keypair
*
*
- */
+ */
int gost2001_keygen(EC_KEY *ec)
- {
- BIGNUM *order = BN_new(),*d=BN_new();
- const EC_GROUP *group = EC_KEY_get0_group(ec);
- EC_GROUP_get_order(group,order,NULL);
-
- do
- {
- if (!BN_rand_range(d,order))
- {
- GOSTerr(GOST_F_GOST2001_KEYGEN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
- BN_free(d);
- BN_free(order);
- return 0;
- }
- }
- while (BN_is_zero(d));
- EC_KEY_set_private_key(ec,d);
- BN_free(d);
- BN_free(order);
- return gost2001_compute_public(ec);
- }
+{
+ BIGNUM *order = BN_new(), *d = BN_new();
+ const EC_GROUP *group = EC_KEY_get0_group(ec);
+ EC_GROUP_get_order(group, order, NULL);
+ do {
+ if (!BN_rand_range(d, order)) {
+ GOSTerr(GOST_F_GOST2001_KEYGEN,
+ GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+ BN_free(d);
+ BN_free(order);
+ return 0;
+ }
+ }
+ while (BN_is_zero(d));
+ EC_KEY_set_private_key(ec, d);
+ BN_free(d);
+ BN_free(order);
+ return gost2001_compute_public(ec);
+}
diff --git a/openssl/engines/ccgost/gost2001_keyx.c b/openssl/engines/ccgost/gost2001_keyx.c
index c74810285..db1bdc18f 100644
--- a/openssl/engines/ccgost/gost2001_keyx.c
+++ b/openssl/engines/ccgost/gost2001_keyx.c
@@ -18,291 +18,275 @@
#include "gost_lcl.h"
#include "gost2001_keyx.h"
-
-
/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
-static int VKO_compute_key(unsigned char *shared_key,size_t shared_key_size,const EC_POINT *pub_key,EC_KEY *priv_key,const unsigned char *ukm)
- {
- unsigned char ukm_be[8],databuf[64],hashbuf[64];
- BIGNUM *UKM=NULL,*p=NULL,*order=NULL,*X=NULL,*Y=NULL;
- const BIGNUM* key=EC_KEY_get0_private_key(priv_key);
- EC_POINT *pnt=EC_POINT_new(EC_KEY_get0_group(priv_key));
- int i;
- gost_hash_ctx hash_ctx;
- BN_CTX *ctx = BN_CTX_new();
-
- for (i=0;i<8;i++)
- {
- ukm_be[7-i]=ukm[i];
- }
- BN_CTX_start(ctx);
- UKM=getbnfrombuf(ukm_be,8);
- p=BN_CTX_get(ctx);
- order = BN_CTX_get(ctx);
- X=BN_CTX_get(ctx);
- Y=BN_CTX_get(ctx);
- EC_GROUP_get_order(EC_KEY_get0_group(priv_key),order,ctx);
- BN_mod_mul(p,key,UKM,order,ctx);
- EC_POINT_mul(EC_KEY_get0_group(priv_key),pnt,NULL,pub_key,p,ctx);
- EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
- pnt,X,Y,ctx);
- /*Serialize elliptic curve point same way as we do it when saving
- * key */
- store_bignum(Y,databuf,32);
- store_bignum(X,databuf+32,32);
- /* And reverse byte order of whole buffer */
- for (i=0;i<64;i++)
- {
- hashbuf[63-i]=databuf[i];
- }
- init_gost_hash_ctx(&hash_ctx,&GostR3411_94_CryptoProParamSet);
- start_hash(&hash_ctx);
- hash_block(&hash_ctx,hashbuf,64);
- finish_hash(&hash_ctx,shared_key);
- done_gost_hash_ctx(&hash_ctx);
- BN_free(UKM);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- EC_POINT_free(pnt);
- return 32;
- }
+static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size,
+ const EC_POINT *pub_key, EC_KEY *priv_key,
+ const unsigned char *ukm)
+{
+ unsigned char ukm_be[8], databuf[64], hashbuf[64];
+ BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL;
+ const BIGNUM *key = EC_KEY_get0_private_key(priv_key);
+ EC_POINT *pnt = EC_POINT_new(EC_KEY_get0_group(priv_key));
+ int i;
+ gost_hash_ctx hash_ctx;
+ BN_CTX *ctx = BN_CTX_new();
+ for (i = 0; i < 8; i++) {
+ ukm_be[7 - i] = ukm[i];
+ }
+ BN_CTX_start(ctx);
+ UKM = getbnfrombuf(ukm_be, 8);
+ p = BN_CTX_get(ctx);
+ order = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx);
+ BN_mod_mul(p, key, UKM, order, ctx);
+ EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
+ EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
+ pnt, X, Y, ctx);
+ /*
+ * Serialize elliptic curve point same way as we do it when saving key
+ */
+ store_bignum(Y, databuf, 32);
+ store_bignum(X, databuf + 32, 32);
+ /* And reverse byte order of whole buffer */
+ for (i = 0; i < 64; i++) {
+ hashbuf[63 - i] = databuf[i];
+ }
+ init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
+ start_hash(&hash_ctx);
+ hash_block(&hash_ctx, hashbuf, 64);
+ finish_hash(&hash_ctx, shared_key);
+ done_gost_hash_ctx(&hash_ctx);
+ BN_free(UKM);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ EC_POINT_free(pnt);
+ return 32;
+}
/*
* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-2001
* algorithm
*/
-int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
{
- /* Public key of peer in the ctx field peerkey
- * Our private key in the ctx pkey
- * ukm is in the algorithm specific context data
- */
- EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
- EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-
- if (!data->shared_ukm) {
- GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET);
- return 0;
- }
-
- if (key == NULL) {
- *keylen = 32;
- return 32;
- }
-
- *keylen=VKO_compute_key(key, 32, EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
- (EC_KEY *)EVP_PKEY_get0(my_key),data->shared_ukm);
- return 1;
-}
+ /*
+ * Public key of peer in the ctx field peerkey Our private key in the ctx
+ * pkey ukm is in the algorithm specific context data
+ */
+ EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
+ EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ if (!data->shared_ukm) {
+ GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET);
+ return 0;
+ }
+ if (key == NULL) {
+ *keylen = 32;
+ return 32;
+ }
+ *keylen =
+ VKO_compute_key(key, 32,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
+ (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm);
+ return 1;
+}
-/*
- * EVP_PKEY_METHOD callback encrypt
- * Implementation of GOST2001 key transport, cryptocom variation
+/*
+ * EVP_PKEY_METHOD callback encrypt
+ * Implementation of GOST2001 key transport, cryptocom variation
*/
-/* Generates ephemeral key based on pubk algorithm
- * computes shared key using VKO and returns filled up
- * GOST_KEY_TRANSPORT structure
+/*
+ * Generates ephemeral key based on pubk algorithm computes shared key using
+ * VKO and returns filled up GOST_KEY_TRANSPORT structure
*/
-/*
- * EVP_PKEY_METHOD callback encrypt
- * Implementation of GOST2001 key transport, cryptopo variation
+/*
+ * EVP_PKEY_METHOD callback encrypt
+ * Implementation of GOST2001 key transport, cryptopo variation
*/
-int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key,size_t key_len)
- {
- GOST_KEY_TRANSPORT *gkt=NULL;
- EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
- const struct gost_cipher_info *param=get_encryption_params(NULL);
- unsigned char ukm[8], shared_key[32], crypted_key[44];
- int ret=0;
- int key_is_ephemeral=1;
- gost_ctx cctx;
- EVP_PKEY *sec_key=EVP_PKEY_CTX_get0_peerkey(pctx);
- if (data->shared_ukm)
- {
- memcpy(ukm, data->shared_ukm,8);
- }
- else if (out)
- {
-
- if (RAND_bytes(ukm,8)<=0)
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
- GOST_R_RANDOM_GENERATOR_FAILURE);
- return 0;
- }
- }
- /* Check for private key in the peer_key of context */
- if (sec_key)
- {
- key_is_ephemeral=0;
- if (!gost_get0_priv_key(sec_key))
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
- GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
- goto err;
- }
- }
- else
- {
- key_is_ephemeral=1;
- if (out)
- {
- sec_key = EVP_PKEY_new();
- EVP_PKEY_assign(sec_key,EVP_PKEY_base_id(pubk),EC_KEY_new());
- EVP_PKEY_copy_parameters(sec_key,pubk);
- if (!gost2001_keygen(EVP_PKEY_get0(sec_key)))
- {
- goto err;
- }
- }
- }
- if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list)
- {
- param= gost_cipher_list+1;
- }
- if (out)
- {
- VKO_compute_key(shared_key,32,EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),EVP_PKEY_get0(sec_key),ukm);
- gost_init(&cctx,param->sblock);
- keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key);
- }
- gkt = GOST_KEY_TRANSPORT_new();
- if (!gkt)
- {
- goto err;
- }
- if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv,
- ukm,8))
- {
- goto err;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4))
- {
- goto err;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32))
- {
- goto err;
- }
- if (key_is_ephemeral) {
- if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?sec_key:pubk))
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
- GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
- goto err;
- }
- }
- ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
- gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
- if (key_is_ephemeral && sec_key) EVP_PKEY_free(sec_key);
- if (!key_is_ephemeral)
- {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
- GOST_R_CTRL_CALL_FAILED);
- goto err;
- }
- }
- if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL))>0) ret =1;
- GOST_KEY_TRANSPORT_free(gkt);
- return ret;
- err:
- if (key_is_ephemeral && sec_key) EVP_PKEY_free(sec_key);
- GOST_KEY_TRANSPORT_free(gkt);
- return -1;
- }
-/*
- * EVP_PKEY_METHOD callback decrypt
- * Implementation of GOST2001 key transport, cryptopo variation
+int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
+ size_t *out_len, const unsigned char *key,
+ size_t key_len)
+{
+ GOST_KEY_TRANSPORT *gkt = NULL;
+ EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+ const struct gost_cipher_info *param = get_encryption_params(NULL);
+ unsigned char ukm[8], shared_key[32], crypted_key[44];
+ int ret = 0;
+ int key_is_ephemeral = 1;
+ gost_ctx cctx;
+ EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
+ if (data->shared_ukm) {
+ memcpy(ukm, data->shared_ukm, 8);
+ } else if (out) {
+
+ if (RAND_bytes(ukm, 8) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
+ GOST_R_RANDOM_GENERATOR_FAILURE);
+ return 0;
+ }
+ }
+ /* Check for private key in the peer_key of context */
+ if (sec_key) {
+ key_is_ephemeral = 0;
+ if (!gost_get0_priv_key(sec_key)) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
+ GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
+ goto err;
+ }
+ } else {
+ key_is_ephemeral = 1;
+ if (out) {
+ sec_key = EVP_PKEY_new();
+ EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
+ EVP_PKEY_copy_parameters(sec_key, pubk);
+ if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {
+ goto err;
+ }
+ }
+ }
+ if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
+ && param == gost_cipher_list) {
+ param = gost_cipher_list + 1;
+ }
+ if (out) {
+ VKO_compute_key(shared_key, 32,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
+ EVP_PKEY_get0(sec_key), ukm);
+ gost_init(&cctx, param->sblock);
+ keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
+ }
+ gkt = GOST_KEY_TRANSPORT_new();
+ if (!gkt) {
+ goto err;
+ }
+ if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
+ goto err;
+ }
+ if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
+ goto err;
+ }
+ if (!ASN1_OCTET_STRING_set
+ (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
+ goto err;
+ }
+ if (key_is_ephemeral) {
+ if (!X509_PUBKEY_set
+ (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
+ GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+ goto err;
+ }
+ }
+ ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
+ gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
+ if (key_is_ephemeral && sec_key)
+ EVP_PKEY_free(sec_key);
+ if (!key_is_ephemeral) {
+ /* Set control "public key from client certificate used" */
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
+ <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
+ goto err;
+ }
+ }
+ if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
+ ret = 1;
+ GOST_KEY_TRANSPORT_free(gkt);
+ return ret;
+ err:
+ if (key_is_ephemeral && sec_key)
+ EVP_PKEY_free(sec_key);
+ GOST_KEY_TRANSPORT_free(gkt);
+ return -1;
+}
+
+/*
+ * EVP_PKEY_METHOD callback decrypt
+ * Implementation of GOST2001 key transport, cryptopo variation
*/
-int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_len, const unsigned char *in, size_t in_len)
- {
- const unsigned char *p = in;
- EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
- GOST_KEY_TRANSPORT *gkt = NULL;
- int ret=0;
- unsigned char wrappedKey[44];
- unsigned char sharedKey[32];
- gost_ctx ctx;
- const struct gost_cipher_info *param=NULL;
- EVP_PKEY *eph_key=NULL, *peerkey=NULL;
+int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
+ size_t *key_len, const unsigned char *in,
+ size_t in_len)
+{
+ const unsigned char *p = in;
+ EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
+ GOST_KEY_TRANSPORT *gkt = NULL;
+ int ret = 0;
+ unsigned char wrappedKey[44];
+ unsigned char sharedKey[32];
+ gost_ctx ctx;
+ const struct gost_cipher_info *param = NULL;
+ EVP_PKEY *eph_key = NULL, *peerkey = NULL;
- if (!key)
- {
- *key_len = 32;
- return 1;
- }
- gkt = d2i_GOST_KEY_TRANSPORT(NULL,(const unsigned char **)&p,
- in_len);
- if (!gkt)
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
- return -1;
- }
+ if (!key) {
+ *key_len = 32;
+ return 1;
+ }
+ gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
+ if (!gkt) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
+ GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
+ return -1;
+ }
- /* If key transport structure contains public key, use it */
- eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
- if (eph_key)
- {
- if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0)
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
- GOST_R_INCOMPATIBLE_PEER_KEY);
- goto err;
- }
- }
- else
- {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
- GOST_R_CTRL_CALL_FAILED);
- goto err;
- }
- }
- peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
- if (!peerkey)
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
- GOST_R_NO_PEER_KEY);
- goto err;
- }
-
- param = get_encryption_params(gkt->key_agreement_info->cipher);
- if(!param){
+ /* If key transport structure contains public key, use it */
+ eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
+ if (eph_key) {
+ if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
+ GOST_R_INCOMPATIBLE_PEER_KEY);
+ goto err;
+ }
+ } else {
+ /* Set control "public key from client certificate used" */
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
+ <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
+ goto err;
+ }
+ }
+ peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
+ if (!peerkey) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_NO_PEER_KEY);
goto err;
}
- gost_init(&ctx,param->sblock);
- OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
- memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
- OPENSSL_assert(gkt->key_info->encrypted_key->length==32);
- memcpy(wrappedKey+8,gkt->key_info->encrypted_key->data,32);
- OPENSSL_assert(gkt->key_info->imit->length==4);
- memcpy(wrappedKey+40,gkt->key_info->imit->data,4);
- VKO_compute_key(sharedKey,32,EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
- EVP_PKEY_get0(priv),wrappedKey);
- if (!keyUnwrapCryptoPro(&ctx,sharedKey,wrappedKey,key))
- {
- GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
- GOST_R_ERROR_COMPUTING_SHARED_KEY);
- goto err;
- }
-
- ret=1;
-err:
- if (eph_key) EVP_PKEY_free(eph_key);
- if (gkt) GOST_KEY_TRANSPORT_free(gkt);
- return ret;
- }
+ param = get_encryption_params(gkt->key_agreement_info->cipher);
+ if (!param) {
+ goto err;
+ }
+
+ gost_init(&ctx, param->sblock);
+ OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
+ memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
+ OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
+ memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
+ OPENSSL_assert(gkt->key_info->imit->length == 4);
+ memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
+ VKO_compute_key(sharedKey, 32,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
+ EVP_PKEY_get0(priv), wrappedKey);
+ if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) {
+ GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
+ GOST_R_ERROR_COMPUTING_SHARED_KEY);
+ goto err;
+ }
+
+ ret = 1;
+ err:
+ if (eph_key)
+ EVP_PKEY_free(eph_key);
+ if (gkt)
+ GOST_KEY_TRANSPORT_free(gkt);
+ return ret;
+}
diff --git a/openssl/engines/ccgost/gost2001_keyx.h b/openssl/engines/ccgost/gost2001_keyx.h
index a014d9c1e..2d29113a3 100644
--- a/openssl/engines/ccgost/gost2001_keyx.h
+++ b/openssl/engines/ccgost/gost2001_keyx.h
@@ -1,10 +1,10 @@
-GOST_KEY_TRANSPORT *
-make_rfc4490_keytransport_2001(EVP_PKEY *pubk, BIGNUM *eph_key,
- const unsigned char *key, size_t keylen,
- unsigned char *ukm, size_t ukm_len);
+GOST_KEY_TRANSPORT *make_rfc4490_keytransport_2001(EVP_PKEY *pubk,
+ BIGNUM *eph_key,
+ const unsigned char *key,
+ size_t keylen,
+ unsigned char *ukm,
+ size_t ukm_len);
int decrypt_rfc4490_shared_key_2001(EVP_PKEY *priv,
- GOST_KEY_TRANSPORT *gkt,
- unsigned char *key_buf,
- int key_buf_len) ;
-
+ GOST_KEY_TRANSPORT * gkt,
+ unsigned char *key_buf, int key_buf_len);
diff --git a/openssl/engines/ccgost/gost89.c b/openssl/engines/ccgost/gost89.c
index b0568c6b3..945509db8 100644
--- a/openssl/engines/ccgost/gost89.c
+++ b/openssl/engines/ccgost/gost89.c
@@ -6,416 +6,568 @@
* Implementation of GOST 28147-89 encryption algorithm *
* No OpenSSL libraries required to compile and use *
* this code *
- **********************************************************************/
+ **********************************************************************/
#include <string.h>
#include "gost89.h"
-/* Substitution blocks from RFC 4357
-
- Note: our implementation of gost 28147-89 algorithm
- uses S-box matrix rotated 90 degrees counterclockwise, relative to
+/*-
+ Substitution blocks from RFC 4357
+
+ Note: our implementation of gost 28147-89 algorithm
+ uses S-box matrix rotated 90 degrees counterclockwise, relative to
examples given in RFC.
-
+
*/
/* Substitution blocks from test examples for GOST R 34.11-94*/
gost_subst_block GostR3411_94_TestParamSet = {
- {0X1,0XF,0XD,0X0,0X5,0X7,0XA,0X4,0X9,0X2,0X3,0XE,0X6,0XB,0X8,0XC},
- {0XD,0XB,0X4,0X1,0X3,0XF,0X5,0X9,0X0,0XA,0XE,0X7,0X6,0X8,0X2,0XC},
- {0X4,0XB,0XA,0X0,0X7,0X2,0X1,0XD,0X3,0X6,0X8,0X5,0X9,0XC,0XF,0XE},
- {0X6,0XC,0X7,0X1,0X5,0XF,0XD,0X8,0X4,0XA,0X9,0XE,0X0,0X3,0XB,0X2},
- {0X7,0XD,0XA,0X1,0X0,0X8,0X9,0XF,0XE,0X4,0X6,0XC,0XB,0X2,0X5,0X3},
- {0X5,0X8,0X1,0XD,0XA,0X3,0X4,0X2,0XE,0XF,0XC,0X7,0X6,0X0,0X9,0XB},
- {0XE,0XB,0X4,0XC,0X6,0XD,0XF,0XA,0X2,0X3,0X8,0X1,0X0,0X7,0X5,0X9},
- {0X4,0XA,0X9,0X2,0XD,0X8,0X0,0XE,0X6,0XB,0X1,0XC,0X7,0XF,0X5,0X3}
- };
+ {0X1, 0XF, 0XD, 0X0, 0X5, 0X7, 0XA, 0X4, 0X9, 0X2, 0X3, 0XE, 0X6, 0XB,
+ 0X8, 0XC}
+ ,
+ {0XD, 0XB, 0X4, 0X1, 0X3, 0XF, 0X5, 0X9, 0X0, 0XA, 0XE, 0X7, 0X6, 0X8,
+ 0X2, 0XC}
+ ,
+ {0X4, 0XB, 0XA, 0X0, 0X7, 0X2, 0X1, 0XD, 0X3, 0X6, 0X8, 0X5, 0X9, 0XC,
+ 0XF, 0XE}
+ ,
+ {0X6, 0XC, 0X7, 0X1, 0X5, 0XF, 0XD, 0X8, 0X4, 0XA, 0X9, 0XE, 0X0, 0X3,
+ 0XB, 0X2}
+ ,
+ {0X7, 0XD, 0XA, 0X1, 0X0, 0X8, 0X9, 0XF, 0XE, 0X4, 0X6, 0XC, 0XB, 0X2,
+ 0X5, 0X3}
+ ,
+ {0X5, 0X8, 0X1, 0XD, 0XA, 0X3, 0X4, 0X2, 0XE, 0XF, 0XC, 0X7, 0X6, 0X0,
+ 0X9, 0XB}
+ ,
+ {0XE, 0XB, 0X4, 0XC, 0X6, 0XD, 0XF, 0XA, 0X2, 0X3, 0X8, 0X1, 0X0, 0X7,
+ 0X5, 0X9}
+ ,
+ {0X4, 0XA, 0X9, 0X2, 0XD, 0X8, 0X0, 0XE, 0X6, 0XB, 0X1, 0XC, 0X7, 0XF,
+ 0X5, 0X3}
+};
+
/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */
-gost_subst_block GostR3411_94_CryptoProParamSet= {
- {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
- {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
- {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
- {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
- {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
- {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
- {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
- {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
- } ;
+gost_subst_block GostR3411_94_CryptoProParamSet = {
+ {0x1, 0x3, 0xA, 0x9, 0x5, 0xB, 0x4, 0xF, 0x8, 0x6, 0x7, 0xE, 0xD, 0x0,
+ 0x2, 0xC}
+ ,
+ {0xD, 0xE, 0x4, 0x1, 0x7, 0x0, 0x5, 0xA, 0x3, 0xC, 0x8, 0xF, 0x6, 0x2,
+ 0x9, 0xB}
+ ,
+ {0x7, 0x6, 0x2, 0x4, 0xD, 0x9, 0xF, 0x0, 0xA, 0x1, 0x5, 0xB, 0x8, 0xE,
+ 0xC, 0x3}
+ ,
+ {0x7, 0x6, 0x4, 0xB, 0x9, 0xC, 0x2, 0xA, 0x1, 0x8, 0x0, 0xE, 0xF, 0xD,
+ 0x3, 0x5}
+ ,
+ {0x4, 0xA, 0x7, 0xC, 0x0, 0xF, 0x2, 0x8, 0xE, 0x1, 0x6, 0x5, 0xD, 0xB,
+ 0x9, 0x3}
+ ,
+ {0x7, 0xF, 0xC, 0xE, 0x9, 0x4, 0x1, 0x0, 0x3, 0xB, 0x5, 0x2, 0x6, 0xA,
+ 0x8, 0xD}
+ ,
+ {0x5, 0xF, 0x4, 0x0, 0x2, 0xD, 0xB, 0x9, 0x1, 0x7, 0x6, 0x3, 0xC, 0xE,
+ 0xA, 0x8}
+ ,
+ {0xA, 0x4, 0x5, 0x6, 0x8, 0x1, 0x3, 0x7, 0xD, 0xC, 0xE, 0x0, 0x9, 0x2,
+ 0xB, 0xF}
+};
/* Test paramset from GOST 28147 */
-gost_subst_block Gost28147_TestParamSet =
- {
- {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8},
- {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD},
- {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4},
- {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4},
- {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8},
- {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB},
- {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5},
- {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6}
- };
-
-
-
+gost_subst_block Gost28147_TestParamSet = {
+ {0xC, 0x6, 0x5, 0x2, 0xB, 0x0, 0x9, 0xD, 0x3, 0xE, 0x7, 0xA, 0xF, 0x4,
+ 0x1, 0x8}
+ ,
+ {0x9, 0xB, 0xC, 0x0, 0x3, 0x6, 0x7, 0x5, 0x4, 0x8, 0xE, 0xF, 0x1, 0xA,
+ 0x2, 0xD}
+ ,
+ {0x8, 0xF, 0x6, 0xB, 0x1, 0x9, 0xC, 0x5, 0xD, 0x3, 0x7, 0xA, 0x0, 0xE,
+ 0x2, 0x4}
+ ,
+ {0x3, 0xE, 0x5, 0x9, 0x6, 0x8, 0x0, 0xD, 0xA, 0xB, 0x7, 0xC, 0x2, 0x1,
+ 0xF, 0x4}
+ ,
+ {0xE, 0x9, 0xB, 0x2, 0x5, 0xF, 0x7, 0x1, 0x0, 0xD, 0xC, 0x6, 0xA, 0x4,
+ 0x3, 0x8}
+ ,
+ {0xD, 0x8, 0xE, 0xC, 0x7, 0x3, 0x9, 0xA, 0x1, 0x5, 0x2, 0x4, 0x6, 0xF,
+ 0x0, 0xB}
+ ,
+ {0xC, 0x9, 0xF, 0xE, 0x8, 0x1, 0x3, 0xA, 0x2, 0x7, 0x4, 0xD, 0x6, 0x0,
+ 0xB, 0x5}
+ ,
+ {0x4, 0x2, 0xF, 0x5, 0x9, 0x1, 0x0, 0x8, 0xE, 0x3, 0xB, 0xC, 0xD, 0x7,
+ 0xA, 0x6}
+};
/* 1.2.643.2.2.31.1 */
-gost_subst_block Gost28147_CryptoProParamSetA= {
- {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4},
- {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE},
- {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6},
- {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6},
- {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6},
- {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9},
- {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1},
- {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5}
- };
+gost_subst_block Gost28147_CryptoProParamSetA = {
+ {0xB, 0xA, 0xF, 0x5, 0x0, 0xC, 0xE, 0x8, 0x6, 0x2, 0x3, 0x9, 0x1, 0x7,
+ 0xD, 0x4}
+ ,
+ {0x1, 0xD, 0x2, 0x9, 0x7, 0xA, 0x6, 0x0, 0x8, 0xC, 0x4, 0x5, 0xF, 0x3,
+ 0xB, 0xE}
+ ,
+ {0x3, 0xA, 0xD, 0xC, 0x1, 0x2, 0x0, 0xB, 0x7, 0x5, 0x9, 0x4, 0x8, 0xF,
+ 0xE, 0x6}
+ ,
+ {0xB, 0x5, 0x1, 0x9, 0x8, 0xD, 0xF, 0x0, 0xE, 0x4, 0x2, 0x3, 0xC, 0x7,
+ 0xA, 0x6}
+ ,
+ {0xE, 0x7, 0xA, 0xC, 0xD, 0x1, 0x3, 0x9, 0x0, 0x2, 0xB, 0x4, 0xF, 0x8,
+ 0x5, 0x6}
+ ,
+ {0xE, 0x4, 0x6, 0x2, 0xB, 0x3, 0xD, 0x8, 0xC, 0xF, 0x5, 0xA, 0x0, 0x7,
+ 0x1, 0x9}
+ ,
+ {0x3, 0x7, 0xE, 0x9, 0x8, 0xA, 0xF, 0x0, 0x5, 0x2, 0x6, 0xC, 0xB, 0x4,
+ 0xD, 0x1}
+ ,
+ {0x9, 0x6, 0x3, 0x2, 0x8, 0xB, 0x1, 0x7, 0xA, 0x4, 0xE, 0xF, 0xC, 0x0,
+ 0xD, 0x5}
+};
+
/* 1.2.643.2.2.31.2 */
-gost_subst_block Gost28147_CryptoProParamSetB=
- {
- {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC},
- {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE},
- {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5},
- {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3},
- {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8},
- {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4},
- {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE},
- {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF}
- };
+gost_subst_block Gost28147_CryptoProParamSetB = {
+ {0x0, 0x4, 0xB, 0xE, 0x8, 0x3, 0x7, 0x1, 0xA, 0x2, 0x9, 0x6, 0xF, 0xD,
+ 0x5, 0xC}
+ ,
+ {0x5, 0x2, 0xA, 0xB, 0x9, 0x1, 0xC, 0x3, 0x7, 0x4, 0xD, 0x0, 0x6, 0xF,
+ 0x8, 0xE}
+ ,
+ {0x8, 0x3, 0x2, 0x6, 0x4, 0xD, 0xE, 0xB, 0xC, 0x1, 0x7, 0xF, 0xA, 0x0,
+ 0x9, 0x5}
+ ,
+ {0x2, 0x7, 0xC, 0xF, 0x9, 0x5, 0xA, 0xB, 0x1, 0x4, 0x0, 0xD, 0x6, 0x8,
+ 0xE, 0x3}
+ ,
+ {0x7, 0x5, 0x0, 0xD, 0xB, 0x6, 0x1, 0x2, 0x3, 0xA, 0xC, 0xF, 0x4, 0xE,
+ 0x9, 0x8}
+ ,
+ {0xE, 0xC, 0x0, 0xA, 0x9, 0x2, 0xD, 0xB, 0x7, 0x5, 0x8, 0xF, 0x3, 0x6,
+ 0x1, 0x4}
+ ,
+ {0x0, 0x1, 0x2, 0xA, 0x4, 0xD, 0x5, 0xC, 0x9, 0x7, 0x3, 0xF, 0xB, 0x8,
+ 0x6, 0xE}
+ ,
+ {0x8, 0x4, 0xB, 0x1, 0x3, 0x5, 0x0, 0x9, 0x2, 0xE, 0xA, 0xC, 0xD, 0x6,
+ 0x7, 0xF}
+};
+
/* 1.2.643.2.2.31.3 */
-gost_subst_block Gost28147_CryptoProParamSetC=
- {
- {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8},
- {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7},
- {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD},
- {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7},
- {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4},
- {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB},
- {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3},
- {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3}
- };
-
-/* 1.2.643.2.2.31.4 */
-gost_subst_block Gost28147_CryptoProParamSetD=
- {
- {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE},
- {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7},
- {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6},
- {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1},
- {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8},
- {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2},
- {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1},
- {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3}
- };
-
-
-const byte CryptoProKeyMeshingKey[]={
- 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
- 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
- 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12,
- 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B
- };
+gost_subst_block Gost28147_CryptoProParamSetC = {
+ {0x7, 0x4, 0x0, 0x5, 0xA, 0x2, 0xF, 0xE, 0xC, 0x6, 0x1, 0xB, 0xD, 0x9,
+ 0x3, 0x8}
+ ,
+ {0xA, 0x9, 0x6, 0x8, 0xD, 0xE, 0x2, 0x0, 0xF, 0x3, 0x5, 0xB, 0x4, 0x1,
+ 0xC, 0x7}
+ ,
+ {0xC, 0x9, 0xB, 0x1, 0x8, 0xE, 0x2, 0x4, 0x7, 0x3, 0x6, 0x5, 0xA, 0x0,
+ 0xF, 0xD}
+ ,
+ {0x8, 0xD, 0xB, 0x0, 0x4, 0x5, 0x1, 0x2, 0x9, 0x3, 0xC, 0xE, 0x6, 0xF,
+ 0xA, 0x7}
+ ,
+ {0x3, 0x6, 0x0, 0x1, 0x5, 0xD, 0xA, 0x8, 0xB, 0x2, 0x9, 0x7, 0xE, 0xF,
+ 0xC, 0x4}
+ ,
+ {0x8, 0x2, 0x5, 0x0, 0x4, 0x9, 0xF, 0xA, 0x3, 0x7, 0xC, 0xD, 0x6, 0xE,
+ 0x1, 0xB}
+ ,
+ {0x0, 0x1, 0x7, 0xD, 0xB, 0x4, 0x5, 0x2, 0x8, 0xE, 0xF, 0xC, 0x9, 0xA,
+ 0x6, 0x3}
+ ,
+ {0x1, 0xB, 0xC, 0x2, 0x9, 0xD, 0x0, 0xF, 0x4, 0x5, 0x8, 0xE, 0xA, 0x7,
+ 0x6, 0x3}
+};
+
+/* 1.2.643.2.2.31.4 */
+gost_subst_block Gost28147_CryptoProParamSetD = {
+ {0x1, 0xA, 0x6, 0x8, 0xF, 0xB, 0x0, 0x4, 0xC, 0x3, 0x5, 0x9, 0x7, 0xD,
+ 0x2, 0xE}
+ ,
+ {0x3, 0x0, 0x6, 0xF, 0x1, 0xE, 0x9, 0x2, 0xD, 0x8, 0xC, 0x4, 0xB, 0xA,
+ 0x5, 0x7}
+ ,
+ {0x8, 0x0, 0xF, 0x3, 0x2, 0x5, 0xE, 0xB, 0x1, 0xA, 0x4, 0x7, 0xC, 0x9,
+ 0xD, 0x6}
+ ,
+ {0x0, 0xC, 0x8, 0x9, 0xD, 0x2, 0xA, 0xB, 0x7, 0x3, 0x6, 0x5, 0x4, 0xE,
+ 0xF, 0x1}
+ ,
+ {0x1, 0x5, 0xE, 0xC, 0xA, 0x7, 0x0, 0xD, 0x6, 0x2, 0xB, 0x4, 0x9, 0x3,
+ 0xF, 0x8}
+ ,
+ {0x1, 0xC, 0xB, 0x0, 0xF, 0xE, 0x6, 0x5, 0xA, 0xD, 0x4, 0x8, 0x9, 0x3,
+ 0x7, 0x2}
+ ,
+ {0xB, 0x6, 0x3, 0x4, 0xC, 0xF, 0xE, 0x2, 0x7, 0xD, 0x8, 0x0, 0x5, 0xA,
+ 0x9, 0x1}
+ ,
+ {0xF, 0xC, 0x2, 0xA, 0x6, 0x4, 0x5, 0x0, 0x7, 0x9, 0xE, 0xD, 0x1, 0xB,
+ 0x8, 0x3}
+};
+
+const byte CryptoProKeyMeshingKey[] = {
+ 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
+ 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
+ 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12,
+ 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B
+};
+
/* Initialization of gost_ctx subst blocks*/
-static void kboxinit(gost_ctx *c, const gost_subst_block *b)
- {
- int i;
-
- for (i = 0; i < 256; i++)
- {
- c->k87[i] = (b->k8[i>>4] <<4 | b->k7 [i &15])<<24;
- c->k65[i] = (b->k6[i>>4] << 4 | b->k5 [i &15])<<16;
- c->k43[i] = (b->k4[i>>4] <<4 | b->k3 [i &15])<<8;
- c->k21[i] = b->k2[i>>4] <<4 | b->k1 [i &15];
-
- }
- }
+static void kboxinit(gost_ctx * c, const gost_subst_block * b)
+{
+ int i;
+
+ for (i = 0; i < 256; i++) {
+ c->k87[i] = (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24;
+ c->k65[i] = (b->k6[i >> 4] << 4 | b->k5[i & 15]) << 16;
+ c->k43[i] = (b->k4[i >> 4] << 4 | b->k3[i & 15]) << 8;
+ c->k21[i] = b->k2[i >> 4] << 4 | b->k1[i & 15];
+
+ }
+}
/* Part of GOST 28147 algorithm moved into separate function */
-static word32 f(gost_ctx *c,word32 x)
- {
- x = c->k87[x>>24 & 255] | c->k65[x>>16 & 255]|
- c->k43[x>> 8 & 255] | c->k21[x & 255];
- /* Rotate left 11 bits */
- return x<<11 | x>>(32-11);
- }
+static word32 f(gost_ctx * c, word32 x)
+{
+ x = c->k87[x >> 24 & 255] | c->k65[x >> 16 & 255] |
+ c->k43[x >> 8 & 255] | c->k21[x & 255];
+ /* Rotate left 11 bits */
+ return x << 11 | x >> (32 - 11);
+}
+
/* Low-level encryption routine - encrypts one 64 bit block*/
-void gostcrypt(gost_ctx *c, const byte *in, byte *out)
- {
- register word32 n1, n2; /* As named in the GOST */
- n1 = in[0]|(in[1]<<8)|(in[2]<<16)|(in[3]<<24);
- n2 = in[4]|(in[5]<<8)|(in[6]<<16)|(in[7]<<24);
- /* Instead of swapping halves, swap names each round */
-
- n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
- n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
- n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
- n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
-
- n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
- n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
- n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
- n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
-
- n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
- n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
- n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
- n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
-
- n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
- n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
- n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
- n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
-
- out[0] = (byte)(n2&0xff); out[1] = (byte)((n2>>8)&0xff);
- out[2] = (byte)((n2>>16)&0xff); out[3]=(byte)(n2>>24);
- out[4] = (byte)(n1&0xff); out[5] = (byte)((n1>>8)&0xff);
- out[6] = (byte)((n1>>16)&0xff); out[7] = (byte)(n1>>24);
- }
+void gostcrypt(gost_ctx * c, const byte * in, byte * out)
+{
+ register word32 n1, n2; /* As named in the GOST */
+ n1 = in[0] | (in[1] << 8) | (in[2] << 16) | (in[3] << 24);
+ n2 = in[4] | (in[5] << 8) | (in[6] << 16) | (in[7] << 24);
+ /* Instead of swapping halves, swap names each round */
+
+ n2 ^= f(c, n1 + c->k[0]);
+ n1 ^= f(c, n2 + c->k[1]);
+ n2 ^= f(c, n1 + c->k[2]);
+ n1 ^= f(c, n2 + c->k[3]);
+ n2 ^= f(c, n1 + c->k[4]);
+ n1 ^= f(c, n2 + c->k[5]);
+ n2 ^= f(c, n1 + c->k[6]);
+ n1 ^= f(c, n2 + c->k[7]);
+
+ n2 ^= f(c, n1 + c->k[0]);
+ n1 ^= f(c, n2 + c->k[1]);
+ n2 ^= f(c, n1 + c->k[2]);
+ n1 ^= f(c, n2 + c->k[3]);
+ n2 ^= f(c, n1 + c->k[4]);
+ n1 ^= f(c, n2 + c->k[5]);
+ n2 ^= f(c, n1 + c->k[6]);
+ n1 ^= f(c, n2 + c->k[7]);
+
+ n2 ^= f(c, n1 + c->k[0]);
+ n1 ^= f(c, n2 + c->k[1]);
+ n2 ^= f(c, n1 + c->k[2]);
+ n1 ^= f(c, n2 + c->k[3]);
+ n2 ^= f(c, n1 + c->k[4]);
+ n1 ^= f(c, n2 + c->k[5]);
+ n2 ^= f(c, n1 + c->k[6]);
+ n1 ^= f(c, n2 + c->k[7]);
+
+ n2 ^= f(c, n1 + c->k[7]);
+ n1 ^= f(c, n2 + c->k[6]);
+ n2 ^= f(c, n1 + c->k[5]);
+ n1 ^= f(c, n2 + c->k[4]);
+ n2 ^= f(c, n1 + c->k[3]);
+ n1 ^= f(c, n2 + c->k[2]);
+ n2 ^= f(c, n1 + c->k[1]);
+ n1 ^= f(c, n2 + c->k[0]);
+
+ out[0] = (byte) (n2 & 0xff);
+ out[1] = (byte) ((n2 >> 8) & 0xff);
+ out[2] = (byte) ((n2 >> 16) & 0xff);
+ out[3] = (byte) (n2 >> 24);
+ out[4] = (byte) (n1 & 0xff);
+ out[5] = (byte) ((n1 >> 8) & 0xff);
+ out[6] = (byte) ((n1 >> 16) & 0xff);
+ out[7] = (byte) (n1 >> 24);
+}
+
/* Low-level decryption routine. Decrypts one 64-bit block */
-void gostdecrypt(gost_ctx *c, const byte *in,byte *out)
- {
- register word32 n1, n2; /* As named in the GOST */
- n1 = in[0]|(in[1]<<8)|(in[2]<<16)|(in[3]<<24);
- n2 = in[4]|(in[5]<<8)|(in[6]<<16)|(in[7]<<24);
-
- n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
- n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
- n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
- n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
-
- n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
- n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
- n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
- n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
-
- n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
- n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
- n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
- n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
-
- n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
- n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
- n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
- n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
-
- out[0] = (byte)(n2&0xff); out[1] = (byte)((n2>>8)&0xff);
- out[2] = (byte)((n2>>16)&0xff); out[3]=(byte)(n2>>24);
- out[4] = (byte)(n1&0xff); out[5] = (byte)((n1>>8)&0xff);
- out[6] = (byte)((n1>>16)&0xff); out[7] = (byte)(n1>>24);
- }
+void gostdecrypt(gost_ctx * c, const byte * in, byte * out)
+{
+ register word32 n1, n2; /* As named in the GOST */
+ n1 = in[0] | (in[1] << 8) | (in[2] << 16) | (in[3] << 24);
+ n2 = in[4] | (in[5] << 8) | (in[6] << 16) | (in[7] << 24);
+
+ n2 ^= f(c, n1 + c->k[0]);
+ n1 ^= f(c, n2 + c->k[1]);
+ n2 ^= f(c, n1 + c->k[2]);
+ n1 ^= f(c, n2 + c->k[3]);
+ n2 ^= f(c, n1 + c->k[4]);
+ n1 ^= f(c, n2 + c->k[5]);
+ n2 ^= f(c, n1 + c->k[6]);
+ n1 ^= f(c, n2 + c->k[7]);
+
+ n2 ^= f(c, n1 + c->k[7]);
+ n1 ^= f(c, n2 + c->k[6]);
+ n2 ^= f(c, n1 + c->k[5]);
+ n1 ^= f(c, n2 + c->k[4]);
+ n2 ^= f(c, n1 + c->k[3]);
+ n1 ^= f(c, n2 + c->k[2]);
+ n2 ^= f(c, n1 + c->k[1]);
+ n1 ^= f(c, n2 + c->k[0]);
+
+ n2 ^= f(c, n1 + c->k[7]);
+ n1 ^= f(c, n2 + c->k[6]);
+ n2 ^= f(c, n1 + c->k[5]);
+ n1 ^= f(c, n2 + c->k[4]);
+ n2 ^= f(c, n1 + c->k[3]);
+ n1 ^= f(c, n2 + c->k[2]);
+ n2 ^= f(c, n1 + c->k[1]);
+ n1 ^= f(c, n2 + c->k[0]);
+
+ n2 ^= f(c, n1 + c->k[7]);
+ n1 ^= f(c, n2 + c->k[6]);
+ n2 ^= f(c, n1 + c->k[5]);
+ n1 ^= f(c, n2 + c->k[4]);
+ n2 ^= f(c, n1 + c->k[3]);
+ n1 ^= f(c, n2 + c->k[2]);
+ n2 ^= f(c, n1 + c->k[1]);
+ n1 ^= f(c, n2 + c->k[0]);
+
+ out[0] = (byte) (n2 & 0xff);
+ out[1] = (byte) ((n2 >> 8) & 0xff);
+ out[2] = (byte) ((n2 >> 16) & 0xff);
+ out[3] = (byte) (n2 >> 24);
+ out[4] = (byte) (n1 & 0xff);
+ out[5] = (byte) ((n1 >> 8) & 0xff);
+ out[6] = (byte) ((n1 >> 16) & 0xff);
+ out[7] = (byte) (n1 >> 24);
+}
/* Encrypts several blocks in ECB mode */
-void gost_enc(gost_ctx *c,const byte *clear,byte *cipher, int blocks)
- {
- int i;
- for(i=0;i<blocks;i++)
- {
- gostcrypt(c,clear,cipher);
- clear+=8;
- cipher+=8;
- }
- }
+void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks)
+{
+ int i;
+ for (i = 0; i < blocks; i++) {
+ gostcrypt(c, clear, cipher);
+ clear += 8;
+ cipher += 8;
+ }
+}
+
/* Decrypts several blocks in ECB mode */
-void gost_dec(gost_ctx *c, const byte *cipher,byte *clear, int blocks)
- {
- int i;
- for(i=0;i<blocks;i++)
- {
- gostdecrypt(c,cipher,clear);
- clear+=8;
- cipher+=8;
- }
- }
+void gost_dec(gost_ctx * c, const byte * cipher, byte * clear, int blocks)
+{
+ int i;
+ for (i = 0; i < blocks; i++) {
+ gostdecrypt(c, cipher, clear);
+ clear += 8;
+ cipher += 8;
+ }
+}
/* Encrypts several full blocks in CFB mode using 8byte IV */
-void gost_enc_cfb(gost_ctx *ctx,const byte *iv,const byte *clear,byte *cipher, int blocks)
- {
- byte cur_iv[8];
- byte gamma[8];
- int i,j;
- const byte *in;
- byte *out;
- memcpy(cur_iv,iv,8);
- for(i=0,in=clear,out=cipher;i<blocks;i++,in+=8,out+=8)
- {
- gostcrypt(ctx,cur_iv,gamma);
- for (j=0;j<8;j++)
- {
- cur_iv[j]=out[j]=in[j]^gamma[j];
- }
- }
- }
+void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear,
+ byte * cipher, int blocks)
+{
+ byte cur_iv[8];
+ byte gamma[8];
+ int i, j;
+ const byte *in;
+ byte *out;
+ memcpy(cur_iv, iv, 8);
+ for (i = 0, in = clear, out = cipher; i < blocks; i++, in += 8, out += 8) {
+ gostcrypt(ctx, cur_iv, gamma);
+ for (j = 0; j < 8; j++) {
+ cur_iv[j] = out[j] = in[j] ^ gamma[j];
+ }
+ }
+}
+
/* Decrypts several full blocks in CFB mode using 8byte IV */
-void gost_dec_cfb(gost_ctx *ctx,const byte *iv,const byte *cipher,byte *clear, int blocks)
- {
- byte cur_iv[8];
- byte gamma[8];
- int i,j;
- const byte *in;
- byte *out;
- memcpy(cur_iv,iv,8);
- for(i=0,in=cipher,out=clear;i<blocks;i++,in+=8,out+=8)
- {
- gostcrypt(ctx,cur_iv,gamma);
- for (j=0;j<8;j++)
- {
- out[j]=(cur_iv[j]=in[j])^gamma[j];
- }
- }
- }
+void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher,
+ byte * clear, int blocks)
+{
+ byte cur_iv[8];
+ byte gamma[8];
+ int i, j;
+ const byte *in;
+ byte *out;
+ memcpy(cur_iv, iv, 8);
+ for (i = 0, in = cipher, out = clear; i < blocks; i++, in += 8, out += 8) {
+ gostcrypt(ctx, cur_iv, gamma);
+ for (j = 0; j < 8; j++) {
+ out[j] = (cur_iv[j] = in[j]) ^ gamma[j];
+ }
+ }
+}
/* Encrypts one block using specified key */
-void gost_enc_with_key(gost_ctx *c,byte *key,byte *inblock,byte *outblock)
- {
- gost_key(c,key);
- gostcrypt(c,inblock,outblock);
- }
+void gost_enc_with_key(gost_ctx * c, byte * key, byte * inblock,
+ byte * outblock)
+{
+ gost_key(c, key);
+ gostcrypt(c, inblock, outblock);
+}
/* Set 256 bit key into context */
-void gost_key(gost_ctx *c, const byte *k)
- {
- int i,j;
- for(i=0,j=0;i<8;i++,j+=4)
- {
- c->k[i]=k[j]|(k[j+1]<<8)|(k[j+2]<<16)|(k[j+3]<<24);
- }
- }
+void gost_key(gost_ctx * c, const byte * k)
+{
+ int i, j;
+ for (i = 0, j = 0; i < 8; i++, j += 4) {
+ c->k[i] =
+ k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | (k[j + 3] << 24);
+ }
+}
/* Retrieve 256-bit key from context */
-void gost_get_key(gost_ctx *c, byte *k)
- {
- int i,j;
- for(i=0,j=0;i<8;i++,j+=4)
- {
- k[j]=(byte)(c->k[i]& 0xFF);
- k[j+1]=(byte)((c->k[i]>>8 )&0xFF);
- k[j+2]=(byte)((c->k[i]>>16) &0xFF);
- k[j+3]=(byte)((c->k[i]>>24) &0xFF);
- }
- }
+void gost_get_key(gost_ctx * c, byte * k)
+{
+ int i, j;
+ for (i = 0, j = 0; i < 8; i++, j += 4) {
+ k[j] = (byte) (c->k[i] & 0xFF);
+ k[j + 1] = (byte) ((c->k[i] >> 8) & 0xFF);
+ k[j + 2] = (byte) ((c->k[i] >> 16) & 0xFF);
+ k[j + 3] = (byte) ((c->k[i] >> 24) & 0xFF);
+ }
+}
/* Initalize context. Provides default value for subst_block */
-void gost_init(gost_ctx *c, const gost_subst_block *b)
- {
- if(!b)
- {
- b=&GostR3411_94_TestParamSet;
- }
- kboxinit(c,b);
- }
+void gost_init(gost_ctx * c, const gost_subst_block * b)
+{
+ if (!b) {
+ b = &GostR3411_94_TestParamSet;
+ }
+ kboxinit(c, b);
+}
/* Cleans up key from context */
-void gost_destroy(gost_ctx *c)
- {
- int i; for(i=0;i<8;i++) c->k[i]=0;
- }
-
-/* Compute GOST 28147 mac block
- *
- * Parameters
- * gost_ctx *c - context initalized with substitution blocks and key
- * buffer - 8-byte mac state buffer
- * block 8-byte block to process.
- * */
-void mac_block(gost_ctx *c,byte *buffer,const byte *block)
- {
- register word32 n1, n2; /* As named in the GOST */
- int i;
- for (i=0; i<8; i++)
- {
- buffer[i]^=block[i];
- }
- n1 = buffer[0]|(buffer[1]<<8)|(buffer[2]<<16)|(buffer[3]<<24);
- n2 = buffer[4]|(buffer[5]<<8)|(buffer[6]<<16)|(buffer[7]<<24);
- /* Instead of swapping halves, swap names each round */
-
- n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
- n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
- n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
- n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
-
- n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
- n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
- n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
- n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
-
- buffer[0] = (byte)(n1&0xff); buffer[1] = (byte)((n1>>8)&0xff);
- buffer[2] = (byte)((n1>>16)&0xff); buffer[3] = (byte)(n1>>24);
- buffer[4] = (byte)(n2&0xff); buffer[5] = (byte)((n2>>8)&0xff);
- buffer[6] = (byte)((n2>>16)&0xff); buffer[7] = (byte)(n2>>24);
- }
+void gost_destroy(gost_ctx * c)
+{
+ int i;
+ for (i = 0; i < 8; i++)
+ c->k[i] = 0;
+}
+
+/*
+ * Compute GOST 28147 mac block Parameters gost_ctx *c - context initalized
+ * with substitution blocks and key buffer - 8-byte mac state buffer block
+ * 8-byte block to process.
+ */
+void mac_block(gost_ctx * c, byte * buffer, const byte * block)
+{
+ register word32 n1, n2; /* As named in the GOST */
+ int i;
+ for (i = 0; i < 8; i++) {
+ buffer[i] ^= block[i];
+ }
+ n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | (buffer[3] << 24);
+ n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | (buffer[7] << 24);
+ /* Instead of swapping halves, swap names each round */
+
+ n2 ^= f(c, n1 + c->k[0]);
+ n1 ^= f(c, n2 + c->k[1]);
+ n2 ^= f(c, n1 + c->k[2]);
+ n1 ^= f(c, n2 + c->k[3]);
+ n2 ^= f(c, n1 + c->k[4]);
+ n1 ^= f(c, n2 + c->k[5]);
+ n2 ^= f(c, n1 + c->k[6]);
+ n1 ^= f(c, n2 + c->k[7]);
+
+ n2 ^= f(c, n1 + c->k[0]);
+ n1 ^= f(c, n2 + c->k[1]);
+ n2 ^= f(c, n1 + c->k[2]);
+ n1 ^= f(c, n2 + c->k[3]);
+ n2 ^= f(c, n1 + c->k[4]);
+ n1 ^= f(c, n2 + c->k[5]);
+ n2 ^= f(c, n1 + c->k[6]);
+ n1 ^= f(c, n2 + c->k[7]);
+
+ buffer[0] = (byte) (n1 & 0xff);
+ buffer[1] = (byte) ((n1 >> 8) & 0xff);
+ buffer[2] = (byte) ((n1 >> 16) & 0xff);
+ buffer[3] = (byte) (n1 >> 24);
+ buffer[4] = (byte) (n2 & 0xff);
+ buffer[5] = (byte) ((n2 >> 8) & 0xff);
+ buffer[6] = (byte) ((n2 >> 16) & 0xff);
+ buffer[7] = (byte) (n2 >> 24);
+}
/* Get mac with specified number of bits from MAC state buffer */
-void get_mac(byte *buffer,int nbits,byte *out)
- {
- int nbytes= nbits >> 3;
- int rembits = nbits & 7;
- int mask =rembits?((1<rembits)-1):0;
- int i;
- for (i=0;i<nbytes;i++) out[i]=buffer[i];
- if (rembits) out[i]=buffer[i]&mask;
- }
-
-/* Compute mac of specified length (in bits) from data.
- * Context should be initialized with key and subst blocks */
-int gost_mac(gost_ctx *ctx,int mac_len,const unsigned char *data,
- unsigned int data_len,unsigned char *mac)
- {
- byte buffer[8]={0,0,0,0,0,0,0,0};
- byte buf2[8];
- unsigned int i;
- for (i=0;i+8<=data_len;i+=8)
- mac_block(ctx,buffer,data+i);
- if (i<data_len)
- {
- memset(buf2,0,8);
- memcpy(buf2,data+i,data_len-i);
- mac_block(ctx,buffer,buf2);
- i+=8;
- }
- if (i==8)
- {
- memset(buf2,0,8);
- mac_block(ctx,buffer,buf2);
- }
- get_mac(buffer,mac_len,mac);
- return 1;
- }
+void get_mac(byte * buffer, int nbits, byte * out)
+{
+ int nbytes = nbits >> 3;
+ int rembits = nbits & 7;
+ int mask = rembits ? ((1 < rembits) - 1) : 0;
+ int i;
+ for (i = 0; i < nbytes; i++)
+ out[i] = buffer[i];
+ if (rembits)
+ out[i] = buffer[i] & mask;
+}
+
+/*
+ * Compute mac of specified length (in bits) from data. Context should be
+ * initialized with key and subst blocks
+ */
+int gost_mac(gost_ctx * ctx, int mac_len, const unsigned char *data,
+ unsigned int data_len, unsigned char *mac)
+{
+ byte buffer[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+ byte buf2[8];
+ unsigned int i;
+ for (i = 0; i + 8 <= data_len; i += 8)
+ mac_block(ctx, buffer, data + i);
+ if (i < data_len) {
+ memset(buf2, 0, 8);
+ memcpy(buf2, data + i, data_len - i);
+ mac_block(ctx, buffer, buf2);
+ i += 8;
+ }
+ if (i == 8) {
+ memset(buf2, 0, 8);
+ mac_block(ctx, buffer, buf2);
+ }
+ get_mac(buffer, mac_len, mac);
+ return 1;
+}
/* Compute MAC with non-zero IV. Used in some RFC 4357 algorithms */
-int gost_mac_iv(gost_ctx *ctx,int mac_len,const unsigned char *iv,const unsigned char *data,
- unsigned int data_len,unsigned char *mac)
- {
- byte buffer[8];
- byte buf2[8];
- unsigned int i;
- memcpy (buffer,iv,8);
- for (i=0;i+8<=data_len;i+=8)
- mac_block(ctx,buffer,data+i);
- if (i<data_len)
- {
- memset(buf2,0,8);
- memcpy(buf2,data+i,data_len-i);
- mac_block(ctx,buffer,buf2);
- i+=8;
- }
- if (i==8)
- {
- memset(buf2,0,8);
- mac_block(ctx,buffer,buf2);
- }
- get_mac(buffer,mac_len,mac);
- return 1;
- }
+int gost_mac_iv(gost_ctx * ctx, int mac_len, const unsigned char *iv,
+ const unsigned char *data, unsigned int data_len,
+ unsigned char *mac)
+{
+ byte buffer[8];
+ byte buf2[8];
+ unsigned int i;
+ memcpy(buffer, iv, 8);
+ for (i = 0; i + 8 <= data_len; i += 8)
+ mac_block(ctx, buffer, data + i);
+ if (i < data_len) {
+ memset(buf2, 0, 8);
+ memcpy(buf2, data + i, data_len - i);
+ mac_block(ctx, buffer, buf2);
+ i += 8;
+ }
+ if (i == 8) {
+ memset(buf2, 0, 8);
+ mac_block(ctx, buffer, buf2);
+ }
+ get_mac(buffer, mac_len, mac);
+ return 1;
+}
/* Implements key meshing algorithm by modifing ctx and IV in place */
-void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv)
- {
- unsigned char newkey[32],newiv[8];
- /* Set static keymeshing key */
- /* "Decrypt" key with keymeshing key */
- gost_dec(ctx,CryptoProKeyMeshingKey,newkey,4);
- /* set new key */
- gost_key(ctx,newkey);
- /* Encrypt iv with new key */
- gostcrypt(ctx,iv,newiv);
- memcpy(iv,newiv,8);
- }
+void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv)
+{
+ unsigned char newkey[32], newiv[8];
+ /* Set static keymeshing key */
+ /* "Decrypt" key with keymeshing key */
+ gost_dec(ctx, CryptoProKeyMeshingKey, newkey, 4);
+ /* set new key */
+ gost_key(ctx, newkey);
+ /* Encrypt iv with new key */
+ gostcrypt(ctx, iv, newiv);
+ memcpy(iv, newiv, 8);
+}
diff --git a/openssl/engines/ccgost/gost89.h b/openssl/engines/ccgost/gost89.h
index 8da2407b0..e5b877f44 100644
--- a/openssl/engines/ccgost/gost89.h
+++ b/openssl/engines/ccgost/gost89.h
@@ -6,78 +6,84 @@
* Declarations for GOST 28147-89 encryption algorithm *
* No OpenSSL libraries required to compile and use *
* this code *
- **********************************************************************/
+ **********************************************************************/
#ifndef GOST89_H
-#define GOST89_H
+# define GOST89_H
/* Typedef for unsigned 32-bit integer */
-#if __LONG_MAX__ > 2147483647L
-typedef unsigned int u4;
-#else
-typedef unsigned long u4;
-#endif
+# if __LONG_MAX__ > 2147483647L
+typedef unsigned int u4;
+# else
+typedef unsigned long u4;
+# endif
/* Typedef for unsigned 8-bit integer */
-typedef unsigned char byte;
+typedef unsigned char byte;
/* Internal representation of GOST substitution blocks */
typedef struct {
- byte k8[16];
- byte k7[16];
- byte k6[16];
- byte k5[16];
- byte k4[16];
- byte k3[16];
- byte k2[16];
- byte k1[16];
-} gost_subst_block;
-
+ byte k8[16];
+ byte k7[16];
+ byte k6[16];
+ byte k5[16];
+ byte k4[16];
+ byte k3[16];
+ byte k2[16];
+ byte k1[16];
+} gost_subst_block;
/* Cipher context includes key and preprocessed substitution block */
-typedef struct {
- u4 k[8];
- /* Constant s-boxes -- set up in gost_init(). */
- u4 k87[256],k65[256],k43[256],k21[256];
-} gost_ctx;
-/* Note: encrypt and decrypt expect full blocks--padding blocks is
- caller's responsibility. All bulk encryption is done in
- ECB mode by these calls. Other modes may be added easily
- enough. */
+typedef struct {
+ u4 k[8];
+ /* Constant s-boxes -- set up in gost_init(). */
+ u4 k87[256], k65[256], k43[256], k21[256];
+} gost_ctx;
+/*
+ * Note: encrypt and decrypt expect full blocks--padding blocks is caller's
+ * responsibility. All bulk encryption is done in ECB mode by these calls.
+ * Other modes may be added easily enough.
+ */
/* Encrypt several full blocks in ECB mode */
-void gost_enc(gost_ctx *ctx, const byte *clear,byte *cipher, int blocks);
+void gost_enc(gost_ctx * ctx, const byte * clear, byte * cipher, int blocks);
/* Decrypt several full blocks in ECB mode */
-void gost_dec(gost_ctx *ctx, const byte *cipher,byte *clear, int blocks);
+void gost_dec(gost_ctx * ctx, const byte * cipher, byte * clear, int blocks);
/* Encrypts several full blocks in CFB mode using 8byte IV */
-void gost_enc_cfb(gost_ctx *ctx,const byte *iv,const byte *clear,byte *cipher,int blocks);
+void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear,
+ byte * cipher, int blocks);
/* Decrypts several full blocks in CFB mode using 8byte IV */
-void gost_dec_cfb(gost_ctx *ctx,const byte *iv,const byte *cipher,byte *clear,int blocks);
+void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher,
+ byte * clear, int blocks);
/* Encrypt one block */
-void gostcrypt(gost_ctx *c, const byte *in, byte *out);
+void gostcrypt(gost_ctx * c, const byte * in, byte * out);
/* Decrypt one block */
-void gostdecrypt(gost_ctx *c, const byte *in,byte *out);
+void gostdecrypt(gost_ctx * c, const byte * in, byte * out);
/* Set key into context */
-void gost_key(gost_ctx *ctx, const byte *key);
+void gost_key(gost_ctx * ctx, const byte * key);
/* Get key from context */
-void gost_get_key(gost_ctx *ctx, byte *key);
+void gost_get_key(gost_ctx * ctx, byte * key);
/* Set S-blocks into context */
-void gost_init(gost_ctx *ctx, const gost_subst_block *subst_block);
+void gost_init(gost_ctx * ctx, const gost_subst_block * subst_block);
/* Clean up context */
-void gost_destroy(gost_ctx *ctx);
+void gost_destroy(gost_ctx * ctx);
/* Intermediate function used for calculate hash */
-void gost_enc_with_key(gost_ctx *,byte *key,byte *inblock,byte *outblock);
+void gost_enc_with_key(gost_ctx *, byte * key, byte * inblock,
+ byte * outblock);
/* Compute MAC of given length in bits from data */
-int gost_mac(gost_ctx *ctx,int hmac_len,const unsigned char *data,
- unsigned int data_len,unsigned char *hmac) ;
-/* Compute MAC of given length in bits from data, using non-zero 8-byte
- * IV (non-standard, for use in CryptoPro key transport only */
-int gost_mac_iv(gost_ctx *ctx,int hmac_len,const unsigned char *iv,const unsigned char *data,
- unsigned int data_len,unsigned char *hmac) ;
+int gost_mac(gost_ctx * ctx, int hmac_len, const unsigned char *data,
+ unsigned int data_len, unsigned char *hmac);
+/*
+ * Compute MAC of given length in bits from data, using non-zero 8-byte IV
+ * (non-standard, for use in CryptoPro key transport only
+ */
+int gost_mac_iv(gost_ctx * ctx, int hmac_len, const unsigned char *iv,
+ const unsigned char *data, unsigned int data_len,
+ unsigned char *hmac);
/* Perform one step of MAC calculation like gostcrypt */
-void mac_block(gost_ctx *c,byte *buffer,const byte *block);
+void mac_block(gost_ctx * c, byte * buffer, const byte * block);
/* Extracts MAC value from mac state buffer */
-void get_mac(byte *buffer,int nbits,byte *out);
+void get_mac(byte * buffer, int nbits, byte * out);
/* Implements cryptopro key meshing algorithm. Expect IV to be 8-byte size*/
-void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv);
+void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv);
/* Parameter sets specified in RFC 4357 */
extern gost_subst_block GostR3411_94_TestParamSet;
extern gost_subst_block GostR3411_94_CryptoProParamSet;
@@ -86,7 +92,7 @@ extern gost_subst_block Gost28147_CryptoProParamSetA;
extern gost_subst_block Gost28147_CryptoProParamSetB;
extern gost_subst_block Gost28147_CryptoProParamSetC;
extern gost_subst_block Gost28147_CryptoProParamSetD;
-extern const byte CryptoProKeyMeshingKey[];
-typedef unsigned int word32;
+extern const byte CryptoProKeyMeshingKey[];
+typedef unsigned int word32;
#endif
diff --git a/openssl/engines/ccgost/gost94_keyx.c b/openssl/engines/ccgost/gost94_keyx.c
index 0d7d3ffe6..85f4bc899 100644
--- a/openssl/engines/ccgost/gost94_keyx.c
+++ b/openssl/engines/ccgost/gost94_keyx.c
@@ -4,8 +4,8 @@
* This file is distributed under the same license as OpenSSL *
* *
* Implements generation and parsing of GOST_KEY_TRANSPORT for *
- * GOST R 34.10-94 algorithms *
- * *
+ * GOST R 34.10-94 algorithms *
+ * *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <string.h>
@@ -20,272 +20,259 @@
#include "gost_keywrap.h"
#include "gost_lcl.h"
/* Common functions for both 94 and 2001 key exchange schemes */
-/* Implementation of the Diffi-Hellman key agreement scheme based on
- * GOST-94 keys */
+/*
+ * Implementation of the Diffi-Hellman key agreement scheme based on GOST-94
+ * keys
+ */
-/* Computes Diffie-Hellman key and stores it into buffer in
- * little-endian byte order as expected by both versions of GOST 94
- * algorithm
+/*
+ * Computes Diffie-Hellman key and stores it into buffer in little-endian
+ * byte order as expected by both versions of GOST 94 algorithm
*/
-static int compute_pair_key_le(unsigned char *pair_key,BIGNUM *pub_key,DH *dh)
- {
- unsigned char be_key[128];
- int i,key_size;
- key_size=DH_compute_key(be_key,pub_key,dh);
- if (!key_size) return 0;
- memset(pair_key,0,128);
- for (i=0;i<key_size;i++)
- {
- pair_key[i]=be_key[key_size-1-i];
- }
- return key_size;
- }
+static int compute_pair_key_le(unsigned char *pair_key, BIGNUM *pub_key,
+ DH *dh)
+{
+ unsigned char be_key[128];
+ int i, key_size;
+ key_size = DH_compute_key(be_key, pub_key, dh);
+ if (!key_size)
+ return 0;
+ memset(pair_key, 0, 128);
+ for (i = 0; i < key_size; i++) {
+ pair_key[i] = be_key[key_size - 1 - i];
+ }
+ return key_size;
+}
/*
- * Computes 256 bit Key exchange key as specified in RFC 4357
+ * Computes 256 bit Key exchange key as specified in RFC 4357
*/
-static int make_cp_exchange_key(BIGNUM *priv_key,EVP_PKEY *pubk, unsigned char *shared_key)
- {
- unsigned char dh_key [128];
- int ret;
- gost_hash_ctx hash_ctx;
- DH *dh = DH_new();
-
- if (!dh)
- return 0;
- memset(dh_key,0,128);
- dh->g = BN_dup(pubk->pkey.dsa->g);
- dh->p = BN_dup(pubk->pkey.dsa->p);
- dh->priv_key = BN_dup(priv_key);
- ret=compute_pair_key_le(dh_key,((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,dh) ;
- DH_free(dh);
- if (!ret) return 0;
- init_gost_hash_ctx(&hash_ctx,&GostR3411_94_CryptoProParamSet);
- start_hash(&hash_ctx);
- hash_block(&hash_ctx,dh_key,128);
- finish_hash(&hash_ctx,shared_key);
- done_gost_hash_ctx(&hash_ctx);
- return 1;
- }
+static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk,
+ unsigned char *shared_key)
+{
+ unsigned char dh_key[128];
+ int ret;
+ gost_hash_ctx hash_ctx;
+ DH *dh = DH_new();
+
+ if (!dh)
+ return 0;
+ memset(dh_key, 0, 128);
+ dh->g = BN_dup(pubk->pkey.dsa->g);
+ dh->p = BN_dup(pubk->pkey.dsa->p);
+ dh->priv_key = BN_dup(priv_key);
+ ret =
+ compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,
+ dh);
+ DH_free(dh);
+ if (!ret)
+ return 0;
+ init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
+ start_hash(&hash_ctx);
+ hash_block(&hash_ctx, dh_key, 128);
+ finish_hash(&hash_ctx, shared_key);
+ done_gost_hash_ctx(&hash_ctx);
+ return 1;
+}
/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx,unsigned char *key,size_t *keylen)
- {
- EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
- EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
- *keylen = 32;
- if (key == NULL) return 1;
+int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+{
+ EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
+ EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
+ *keylen = 32;
+ if (key == NULL)
+ return 1;
- return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
- }
+ return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
+}
-/* EVP_PKEY_METHOD callback encrypt for
- * GOST R 34.10-94 cryptopro modification
+/*
+ * EVP_PKEY_METHOD callback encrypt for GOST R 34.10-94 cryptopro
+ * modification
*/
+int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *key,
+ size_t key_len)
+{
+ GOST_KEY_TRANSPORT *gkt = NULL;
+ unsigned char shared_key[32], ukm[8], crypted_key[44];
+ const struct gost_cipher_info *param = get_encryption_params(NULL);
+ EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ gost_ctx cctx;
+ int key_is_ephemeral = 1;
+ EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len )
- {
- GOST_KEY_TRANSPORT *gkt=NULL;
- unsigned char shared_key[32], ukm[8],crypted_key[44];
- const struct gost_cipher_info *param=get_encryption_params(NULL);
- EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- gost_ctx cctx;
- int key_is_ephemeral=1;
- EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
+ /* Do not use vizir cipher parameters with cryptopro */
+ if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
+ && param == gost_cipher_list) {
+ param = gost_cipher_list + 1;
+ }
- /* Do not use vizir cipher parameters with cryptopro */
- if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list)
- {
- param= gost_cipher_list+1;
- }
+ if (mykey) {
+ /* If key already set, it is not ephemeral */
+ key_is_ephemeral = 0;
+ if (!gost_get0_priv_key(mykey)) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
+ GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
+ goto err;
+ }
+ } else {
+ /* Otherwise generate ephemeral key */
+ key_is_ephemeral = 1;
+ if (out) {
+ mykey = EVP_PKEY_new();
+ EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
+ EVP_PKEY_copy_parameters(mykey, pubk);
+ if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {
+ goto err;
+ }
+ }
+ }
+ if (out)
+ make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, shared_key);
+ if (data->shared_ukm) {
+ memcpy(ukm, data->shared_ukm, 8);
+ } else if (out) {
+ if (RAND_bytes(ukm, 8) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
+ GOST_R_RANDOM_GENERATOR_FAILURE);
+ goto err;
+ }
+ }
- if (mykey)
- {
- /* If key already set, it is not ephemeral */
- key_is_ephemeral=0;
- if (!gost_get0_priv_key(mykey))
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
- goto err;
- }
- }
- else
- {
- /* Otherwise generate ephemeral key */
- key_is_ephemeral = 1;
- if (out)
- {
- mykey = EVP_PKEY_new();
- EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk),DSA_new());
- EVP_PKEY_copy_parameters(mykey,pubk);
- if (!gost_sign_keygen(EVP_PKEY_get0(mykey)))
- {
- goto err;
- }
- }
- }
- if (out)
- make_cp_exchange_key(gost_get0_priv_key(mykey),pubk,shared_key);
- if (data->shared_ukm)
- {
- memcpy(ukm,data->shared_ukm,8);
- }
- else if (out)
- {
- if (RAND_bytes(ukm,8)<=0)
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_RANDOM_GENERATOR_FAILURE);
- goto err;
- }
- }
-
- if (out) {
- gost_init(&cctx,param->sblock);
- keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key);
- }
- gkt = GOST_KEY_TRANSPORT_new();
- if (!gkt)
- {
- goto memerr;
- }
- if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv,
- ukm,8))
- {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4))
- {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32))
- {
- goto memerr;
- }
- if (key_is_ephemeral) {
- if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?mykey:pubk))
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
- goto err;
- }
- if (out) EVP_PKEY_free(mykey);
- }
- ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
- gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
- *outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL);
- if (*outlen <= 0)
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
- goto err;
- }
- if (!key_is_ephemeral)
- {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_CTRL_CALL_FAILED);
- goto err;
- }
- }
- GOST_KEY_TRANSPORT_free(gkt);
- return 1;
- memerr:
- if (key_is_ephemeral) {
- EVP_PKEY_free(mykey);
- }
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_MALLOC_FAILURE);
- err:
- GOST_KEY_TRANSPORT_free(gkt);
- return -1;
- }
+ if (out) {
+ gost_init(&cctx, param->sblock);
+ keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
+ }
+ gkt = GOST_KEY_TRANSPORT_new();
+ if (!gkt) {
+ goto memerr;
+ }
+ if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
+ goto memerr;
+ }
+ if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
+ goto memerr;
+ }
+ if (!ASN1_OCTET_STRING_set
+ (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
+ goto memerr;
+ }
+ if (key_is_ephemeral) {
+ if (!X509_PUBKEY_set
+ (&gkt->key_agreement_info->ephem_key, out ? mykey : pubk)) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
+ GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+ goto err;
+ }
+ if (out)
+ EVP_PKEY_free(mykey);
+ }
+ ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
+ gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
+ *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
+ if (*outlen <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
+ GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
+ goto err;
+ }
+ if (!key_is_ephemeral) {
+ /* Set control "public key from client certificate used" */
+ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
+ 0) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
+ goto err;
+ }
+ }
+ GOST_KEY_TRANSPORT_free(gkt);
+ return 1;
+ memerr:
+ if (key_is_ephemeral) {
+ EVP_PKEY_free(mykey);
+ }
+ GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_MALLOC_FAILURE);
+ err:
+ GOST_KEY_TRANSPORT_free(gkt);
+ return -1;
+}
-
-/* EVP_PLEY_METHOD callback decrypt for
- * GOST R 34.10-94 cryptopro modification
+/*
+ * EVP_PLEY_METHOD callback decrypt for GOST R 34.10-94 cryptopro
+ * modification
*/
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len,const unsigned char *in, size_t in_len) {
- const unsigned char *p = in;
- GOST_KEY_TRANSPORT *gkt = NULL;
- unsigned char wrappedKey[44];
- unsigned char sharedKey[32];
- gost_ctx cctx;
- const struct gost_cipher_info *param=NULL;
- EVP_PKEY *eph_key=NULL, *peerkey=NULL;
- EVP_PKEY *priv= EVP_PKEY_CTX_get0_pkey(ctx);
-
- if (!key)
- {
- *key_len = 32;
- return 1;
- }
-
- gkt = d2i_GOST_KEY_TRANSPORT(NULL,(const unsigned char **)&p,
- in_len);
- if (!gkt)
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
- return 0;
- }
- eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
- if (eph_key)
- {
- if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0)
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_INCOMPATIBLE_PEER_KEY);
- goto err;
- }
- }
- else
- {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_CTRL_CALL_FAILED);
- goto err;
- }
- }
- peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
- if (!peerkey)
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_NO_PEER_KEY);
- goto err;
- }
+int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *key_len, const unsigned char *in,
+ size_t in_len)
+{
+ const unsigned char *p = in;
+ GOST_KEY_TRANSPORT *gkt = NULL;
+ unsigned char wrappedKey[44];
+ unsigned char sharedKey[32];
+ gost_ctx cctx;
+ const struct gost_cipher_info *param = NULL;
+ EVP_PKEY *eph_key = NULL, *peerkey = NULL;
+ EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(ctx);
+
+ if (!key) {
+ *key_len = 32;
+ return 1;
+ }
+
+ gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
+ if (!gkt) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
+ GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
+ return 0;
+ }
+ eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
+ if (eph_key) {
+ if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
+ GOST_R_INCOMPATIBLE_PEER_KEY);
+ goto err;
+ }
+ } else {
+ /* Set control "public key from client certificate used" */
+ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
+ 0) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
+ goto err;
+ }
+ }
+ peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
+ if (!peerkey) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY);
+ goto err;
+ }
+
+ param = get_encryption_params(gkt->key_agreement_info->cipher);
+ if (!param) {
+ goto err;
+ }
- param = get_encryption_params(gkt->key_agreement_info->cipher);
- if(!param){
+ gost_init(&cctx, param->sblock);
+ OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
+ memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
+ OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
+ memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
+ OPENSSL_assert(gkt->key_info->imit->length == 4);
+ memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
+ make_cp_exchange_key(gost_get0_priv_key(priv), peerkey, sharedKey);
+ if (!keyUnwrapCryptoPro(&cctx, sharedKey, wrappedKey, key)) {
+ GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
+ GOST_R_ERROR_COMPUTING_SHARED_KEY);
goto err;
}
-
- gost_init(&cctx,param->sblock);
- OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
- memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
- OPENSSL_assert(gkt->key_info->encrypted_key->length==32);
- memcpy(wrappedKey+8,gkt->key_info->encrypted_key->data,32);
- OPENSSL_assert(gkt->key_info->imit->length==4);
- memcpy(wrappedKey+40,gkt->key_info->imit->data,4);
- make_cp_exchange_key(gost_get0_priv_key(priv),peerkey,sharedKey);
- if (!keyUnwrapCryptoPro(&cctx,sharedKey,wrappedKey,key))
- {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_ERROR_COMPUTING_SHARED_KEY);
- goto err;
- }
-
- EVP_PKEY_free(eph_key);
- GOST_KEY_TRANSPORT_free(gkt);
- return 1;
-err:
- EVP_PKEY_free(eph_key);
- GOST_KEY_TRANSPORT_free(gkt);
- return -1;
- }
+ EVP_PKEY_free(eph_key);
+ GOST_KEY_TRANSPORT_free(gkt);
+ return 1;
+ err:
+ EVP_PKEY_free(eph_key);
+ GOST_KEY_TRANSPORT_free(gkt);
+ return -1;
+}
diff --git a/openssl/engines/ccgost/gost_ameth.c b/openssl/engines/ccgost/gost_ameth.c
index 8b9230b9a..713a0face 100644
--- a/openssl/engines/ccgost/gost_ameth.c
+++ b/openssl/engines/ccgost/gost_ameth.c
@@ -14,932 +14,904 @@
#include <openssl/evp.h>
#include <openssl/asn1.h>
#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
+# include <openssl/cms.h>
#endif
#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
-int gost94_nid_by_params(DSA *p)
- {
- R3410_params *gost_params;
- BIGNUM *q=BN_new();
- for (gost_params = R3410_paramset;gost_params->q!=NULL; gost_params++)
- {
- BN_dec2bn(&q,gost_params->q);
- if (!BN_cmp(q,p->q))
- {
- BN_free(q);
- return gost_params->nid;
- }
- }
- BN_free(q);
- return NID_undef;
- }
-
-static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
- {
- ASN1_STRING *params = ASN1_STRING_new();
- GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
- int pkey_param_nid = NID_undef;
-
- if (!params || !gkp)
- {
- GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
- ERR_R_MALLOC_FAILURE);
- ASN1_STRING_free(params);
- params = NULL;
- goto err;
- }
- switch (EVP_PKEY_base_id(key))
- {
- case NID_id_GostR3410_2001:
- pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key)));
- break;
- case NID_id_GostR3410_94:
- pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
- if (pkey_param_nid == NID_undef)
- {
- GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
- GOST_R_INVALID_GOST94_PARMSET);
- ASN1_STRING_free(params);
- params=NULL;
- goto err;
- }
- break;
- }
- gkp->key_params = OBJ_nid2obj(pkey_param_nid);
- gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
- /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);*/
- params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
- if (params->length <=0 )
- {
- GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
- ERR_R_MALLOC_FAILURE);
- ASN1_STRING_free(params);
- params = NULL;
- goto err;
- }
- params ->type = V_ASN1_SEQUENCE;
- err:
- GOST_KEY_PARAMS_free(gkp);
- return params;
- }
-
-/* Parses GOST algorithm parameters from X509_ALGOR and
- * modifies pkey setting NID and parameters
+int gost94_nid_by_params(DSA *p)
+{
+ R3410_params *gost_params;
+ BIGNUM *q = BN_new();
+ for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) {
+ BN_dec2bn(&q, gost_params->q);
+ if (!BN_cmp(q, p->q)) {
+ BN_free(q);
+ return gost_params->nid;
+ }
+ }
+ BN_free(q);
+ return NID_undef;
+}
+
+static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
+{
+ ASN1_STRING *params = ASN1_STRING_new();
+ GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
+ int pkey_param_nid = NID_undef;
+
+ if (!params || !gkp) {
+ GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
+ ASN1_STRING_free(params);
+ params = NULL;
+ goto err;
+ }
+ switch (EVP_PKEY_base_id(key)) {
+ case NID_id_GostR3410_2001:
+ pkey_param_nid =
+ EC_GROUP_get_curve_name(EC_KEY_get0_group
+ (EVP_PKEY_get0((EVP_PKEY *)key)));
+ break;
+ case NID_id_GostR3410_94:
+ pkey_param_nid =
+ (int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
+ if (pkey_param_nid == NID_undef) {
+ GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
+ GOST_R_INVALID_GOST94_PARMSET);
+ ASN1_STRING_free(params);
+ params = NULL;
+ goto err;
+ }
+ break;
+ }
+ gkp->key_params = OBJ_nid2obj(pkey_param_nid);
+ gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
+ /*
+ * gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);
+ */
+ params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
+ if (params->length <= 0) {
+ GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
+ ASN1_STRING_free(params);
+ params = NULL;
+ goto err;
+ }
+ params->type = V_ASN1_SEQUENCE;
+ err:
+ GOST_KEY_PARAMS_free(gkp);
+ return params;
+}
+
+/*
+ * Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting
+ * NID and parameters
*/
-static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
- {
- ASN1_OBJECT *palg_obj =NULL;
- int ptype = V_ASN1_UNDEF;
- int pkey_nid = NID_undef,param_nid = NID_undef;
- void *_pval;
- ASN1_STRING *pval = NULL;
- const unsigned char *p;
- GOST_KEY_PARAMS *gkp = NULL;
-
- X509_ALGOR_get0(&palg_obj, &ptype, &_pval, palg);
- pval = _pval;
- if (ptype != V_ASN1_SEQUENCE)
- {
- GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
- GOST_R_BAD_KEY_PARAMETERS_FORMAT);
- return 0;
- }
- p=pval->data;
- pkey_nid = OBJ_obj2nid(palg_obj);
-
- gkp = d2i_GOST_KEY_PARAMS(NULL,&p,pval->length);
- if (!gkp)
- {
- GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
- GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
- return 0;
- }
- param_nid = OBJ_obj2nid(gkp->key_params);
- GOST_KEY_PARAMS_free(gkp);
- EVP_PKEY_set_type(pkey,pkey_nid);
- switch (pkey_nid)
- {
- case NID_id_GostR3410_94:
- {
- DSA *dsa= EVP_PKEY_get0(pkey);
- if (!dsa)
- {
- dsa = DSA_new();
- if (!EVP_PKEY_assign(pkey,pkey_nid,dsa)) return 0;
- }
- if (!fill_GOST94_params(dsa,param_nid)) return 0;
- break;
- }
- case NID_id_GostR3410_2001:
- {
- EC_KEY *ec = EVP_PKEY_get0(pkey);
- if (!ec)
- {
- ec = EC_KEY_new();
- if (!EVP_PKEY_assign(pkey,pkey_nid,ec)) return 0;
- }
- if (!fill_GOST2001_params(ec,param_nid)) return 0;
- }
- }
-
- return 1;
- }
-
-static int gost_set_priv_key(EVP_PKEY *pkey,BIGNUM *priv)
- {
- switch (EVP_PKEY_base_id(pkey))
- {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0(pkey);
- if (!dsa)
- {
- dsa = DSA_new();
- EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),dsa);
- }
- dsa->priv_key = BN_dup(priv);
- if (!EVP_PKEY_missing_parameters(pkey))
- gost94_compute_public(dsa);
- break;
- }
- case NID_id_GostR3410_2001:
- {
- EC_KEY *ec = EVP_PKEY_get0(pkey);
- if (!ec)
- {
- ec = EC_KEY_new();
- EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),ec);
- }
- if (!EC_KEY_set_private_key(ec,priv)) return 0;
- if (!EVP_PKEY_missing_parameters(pkey))
- gost2001_compute_public(ec);
- break;
- }
- }
- return 1;
- }
-BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey)
- {
- switch (EVP_PKEY_base_id(pkey))
- {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
- if (!dsa)
- {
- return NULL;
- }
- if (!dsa->priv_key) return NULL;
- return dsa->priv_key;
- break;
- }
- case NID_id_GostR3410_2001:
- {
- EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
- const BIGNUM* priv;
- if (!ec)
- {
- return NULL;
- }
- if (!(priv=EC_KEY_get0_private_key(ec))) return NULL;
- return (BIGNUM *)priv;
- break;
- }
- }
- return NULL;
- }
-
-static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
- long arg1, void *arg2)
- {
- switch (op)
- {
- case ASN1_PKEY_CTRL_PKCS7_SIGN:
- if (arg1 == 0)
- {
- X509_ALGOR *alg1 = NULL, *alg2 = NULL;
- int nid = EVP_PKEY_base_id(pkey);
- PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO*)arg2,
- NULL, &alg1, &alg2);
- X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
- V_ASN1_NULL, 0);
- if (nid == NID_undef)
- {
- return (-1);
- }
- X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
- }
- return 1;
+static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
+{
+ ASN1_OBJECT *palg_obj = NULL;
+ int ptype = V_ASN1_UNDEF;
+ int pkey_nid = NID_undef, param_nid = NID_undef;
+ void *_pval;
+ ASN1_STRING *pval = NULL;
+ const unsigned char *p;
+ GOST_KEY_PARAMS *gkp = NULL;
+
+ X509_ALGOR_get0(&palg_obj, &ptype, &_pval, palg);
+ pval = _pval;
+ if (ptype != V_ASN1_SEQUENCE) {
+ GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
+ GOST_R_BAD_KEY_PARAMETERS_FORMAT);
+ return 0;
+ }
+ p = pval->data;
+ pkey_nid = OBJ_obj2nid(palg_obj);
+
+ gkp = d2i_GOST_KEY_PARAMS(NULL, &p, pval->length);
+ if (!gkp) {
+ GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
+ GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
+ return 0;
+ }
+ param_nid = OBJ_obj2nid(gkp->key_params);
+ GOST_KEY_PARAMS_free(gkp);
+ EVP_PKEY_set_type(pkey, pkey_nid);
+ switch (pkey_nid) {
+ case NID_id_GostR3410_94:
+ {
+ DSA *dsa = EVP_PKEY_get0(pkey);
+ if (!dsa) {
+ dsa = DSA_new();
+ if (!EVP_PKEY_assign(pkey, pkey_nid, dsa))
+ return 0;
+ }
+ if (!fill_GOST94_params(dsa, param_nid))
+ return 0;
+ break;
+ }
+ case NID_id_GostR3410_2001:
+ {
+ EC_KEY *ec = EVP_PKEY_get0(pkey);
+ if (!ec) {
+ ec = EC_KEY_new();
+ if (!EVP_PKEY_assign(pkey, pkey_nid, ec))
+ return 0;
+ }
+ if (!fill_GOST2001_params(ec, param_nid))
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
+{
+ switch (EVP_PKEY_base_id(pkey)) {
+ case NID_id_GostR3410_94:
+ {
+ DSA *dsa = EVP_PKEY_get0(pkey);
+ if (!dsa) {
+ dsa = DSA_new();
+ EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa);
+ }
+ dsa->priv_key = BN_dup(priv);
+ if (!EVP_PKEY_missing_parameters(pkey))
+ gost94_compute_public(dsa);
+ break;
+ }
+ case NID_id_GostR3410_2001:
+ {
+ EC_KEY *ec = EVP_PKEY_get0(pkey);
+ if (!ec) {
+ ec = EC_KEY_new();
+ EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), ec);
+ }
+ if (!EC_KEY_set_private_key(ec, priv))
+ return 0;
+ if (!EVP_PKEY_missing_parameters(pkey))
+ gost2001_compute_public(ec);
+ break;
+ }
+ }
+ return 1;
+}
+
+BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
+{
+ switch (EVP_PKEY_base_id(pkey)) {
+ case NID_id_GostR3410_94:
+ {
+ DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
+ if (!dsa) {
+ return NULL;
+ }
+ if (!dsa->priv_key)
+ return NULL;
+ return dsa->priv_key;
+ break;
+ }
+ case NID_id_GostR3410_2001:
+ {
+ EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
+ const BIGNUM *priv;
+ if (!ec) {
+ return NULL;
+ }
+ if (!(priv = EC_KEY_get0_private_key(ec)))
+ return NULL;
+ return (BIGNUM *)priv;
+ break;
+ }
+ }
+ return NULL;
+}
+
+static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+ switch (op) {
+ case ASN1_PKEY_CTRL_PKCS7_SIGN:
+ if (arg1 == 0) {
+ X509_ALGOR *alg1 = NULL, *alg2 = NULL;
+ int nid = EVP_PKEY_base_id(pkey);
+ PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2,
+ NULL, &alg1, &alg2);
+ X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
+ V_ASN1_NULL, 0);
+ if (nid == NID_undef) {
+ return (-1);
+ }
+ X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
+ }
+ return 1;
#ifndef OPENSSL_NO_CMS
- case ASN1_PKEY_CTRL_CMS_SIGN:
- if (arg1 == 0)
- {
- X509_ALGOR *alg1 = NULL, *alg2 = NULL;
- int nid = EVP_PKEY_base_id(pkey);
- CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
- NULL, NULL, &alg1, &alg2);
- X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
- V_ASN1_NULL, 0);
- if (nid == NID_undef)
- {
- return (-1);
- }
- X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
- }
- return 1;
+ case ASN1_PKEY_CTRL_CMS_SIGN:
+ if (arg1 == 0) {
+ X509_ALGOR *alg1 = NULL, *alg2 = NULL;
+ int nid = EVP_PKEY_base_id(pkey);
+ CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
+ NULL, NULL, &alg1, &alg2);
+ X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
+ V_ASN1_NULL, 0);
+ if (nid == NID_undef) {
+ return (-1);
+ }
+ X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
+ }
+ return 1;
#endif
- case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
- if (arg1 == 0)
- {
- X509_ALGOR *alg;
- ASN1_STRING * params = encode_gost_algor_params(pkey);
- if (!params)
- {
- return -1;
- }
- PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO*)arg2, &alg);
- X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
- V_ASN1_SEQUENCE, params);
- }
- return 1;
+ case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+ if (arg1 == 0) {
+ X509_ALGOR *alg;
+ ASN1_STRING *params = encode_gost_algor_params(pkey);
+ if (!params) {
+ return -1;
+ }
+ PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg);
+ X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
+ V_ASN1_SEQUENCE, params);
+ }
+ return 1;
#ifndef OPENSSL_NO_CMS
- case ASN1_PKEY_CTRL_CMS_ENVELOPE:
- if (arg1 == 0)
- {
- X509_ALGOR *alg = NULL;
- ASN1_STRING * params = encode_gost_algor_params(pkey);
- if (!params)
- {
- return -1;
- }
- CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, NULL, &alg);
- X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
- V_ASN1_SEQUENCE, params);
- }
- return 1;
+ case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+ if (arg1 == 0) {
+ X509_ALGOR *alg = NULL;
+ ASN1_STRING *params = encode_gost_algor_params(pkey);
+ if (!params) {
+ return -1;
+ }
+ CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL,
+ NULL, &alg);
+ X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type), V_ASN1_SEQUENCE,
+ params);
+ }
+ return 1;
#endif
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_id_GostR3411_94;
- return 2;
- }
-
- return -2;
- }
-/*----------------------- free functions * ------------------------------*/
-static void pkey_free_gost94(EVP_PKEY *key)
- {
- if (key->pkey.dsa)
- {
- DSA_free(key->pkey.dsa);
- }
- }
-
-static void pkey_free_gost01(EVP_PKEY *key)
- {
- if (key->pkey.ec)
- {
- EC_KEY_free(key->pkey.ec);
- }
- }
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+ *(int *)arg2 = NID_id_GostR3411_94;
+ return 2;
+ }
+
+ return -2;
+}
+
+/* --------------------- free functions * ------------------------------*/
+static void pkey_free_gost94(EVP_PKEY *key)
+{
+ if (key->pkey.dsa) {
+ DSA_free(key->pkey.dsa);
+ }
+}
+
+static void pkey_free_gost01(EVP_PKEY *key)
+{
+ if (key->pkey.ec) {
+ EC_KEY_free(key->pkey.ec);
+ }
+}
/* ------------------ private key functions -----------------------------*/
-static int priv_decode_gost( EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
- {
- const unsigned char *pkey_buf = NULL,*p=NULL;
- int priv_len = 0;
- BIGNUM *pk_num=NULL;
- int ret =0;
- X509_ALGOR *palg =NULL;
- ASN1_OBJECT *palg_obj = NULL;
- ASN1_INTEGER *priv_key=NULL;
-
- if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf))
- return 0;
- p = pkey_buf;
- if (!decode_gost_algor_params(pk,palg))
- {
- return 0;
- }
- if (V_ASN1_OCTET_STRING == *p)
- {
- /* New format - Little endian octet string */
- unsigned char rev_buf[32];
- int i;
- ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len);
- if (!s||s->length !=32)
- {
- GOSTerr(GOST_F_PRIV_DECODE_GOST,
- EVP_R_DECODE_ERROR);
- return 0;
- }
- for (i=0;i<32;i++)
- {
- rev_buf[31-i]=s->data[i];
- }
- ASN1_STRING_free(s);
- pk_num = getbnfrombuf(rev_buf,32);
- }
- else
- {
- priv_key=d2i_ASN1_INTEGER(NULL,&p,priv_len);
- if (!priv_key) return 0;
- ret= ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL))!=NULL) ;
- ASN1_INTEGER_free(priv_key);
- if (!ret)
- {
- GOSTerr(GOST_F_PRIV_DECODE_GOST,
- EVP_R_DECODE_ERROR);
- return 0;
- }
- }
-
- ret= gost_set_priv_key(pk,pk_num);
- BN_free(pk_num);
- return ret;
- }
+static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+ const unsigned char *pkey_buf = NULL, *p = NULL;
+ int priv_len = 0;
+ BIGNUM *pk_num = NULL;
+ int ret = 0;
+ X509_ALGOR *palg = NULL;
+ ASN1_OBJECT *palg_obj = NULL;
+ ASN1_INTEGER *priv_key = NULL;
+
+ if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
+ return 0;
+ p = pkey_buf;
+ if (!decode_gost_algor_params(pk, palg)) {
+ return 0;
+ }
+ if (V_ASN1_OCTET_STRING == *p) {
+ /* New format - Little endian octet string */
+ unsigned char rev_buf[32];
+ int i;
+ ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
+ if (!s || s->length != 32) {
+ GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+ for (i = 0; i < 32; i++) {
+ rev_buf[31 - i] = s->data[i];
+ }
+ ASN1_STRING_free(s);
+ pk_num = getbnfrombuf(rev_buf, 32);
+ } else {
+ priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
+ if (!priv_key)
+ return 0;
+ ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
+ ASN1_INTEGER_free(priv_key);
+ if (!ret) {
+ GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+ }
+
+ ret = gost_set_priv_key(pk, pk_num);
+ BN_free(pk_num);
+ return ret;
+}
/* ----------------------------------------------------------------------*/
static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
- {
- ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
- ASN1_STRING *params = encode_gost_algor_params(pk);
- unsigned char *priv_buf = NULL;
- int priv_len;
-
- ASN1_INTEGER *asn1key=NULL;
- if (!params)
- {
- return 0;
- }
- asn1key = BN_to_ASN1_INTEGER(gost_get0_priv_key(pk),NULL);
- priv_len = i2d_ASN1_INTEGER(asn1key,&priv_buf);
- ASN1_INTEGER_free(asn1key);
- return PKCS8_pkey_set0(p8,algobj,0,V_ASN1_SEQUENCE,params,
- priv_buf,priv_len);
- }
+{
+ ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
+ ASN1_STRING *params = encode_gost_algor_params(pk);
+ unsigned char *priv_buf = NULL;
+ int priv_len;
+
+ ASN1_INTEGER *asn1key = NULL;
+ if (!params) {
+ return 0;
+ }
+ asn1key = BN_to_ASN1_INTEGER(gost_get0_priv_key(pk), NULL);
+ priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
+ ASN1_INTEGER_free(asn1key);
+ return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
+ priv_buf, priv_len);
+}
+
/* --------- printing keys --------------------------------*/
static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx, int type)
- {
- int param_nid = NID_undef;
-
- if (type == 2)
- {
- BIGNUM *key;
-
- if (!BIO_indent(out,indent,128)) return 0;
- BIO_printf(out,"Private key: ");
- key = gost_get0_priv_key(pkey);
- if (!key)
- BIO_printf(out,"<undefined>");
- else
- BN_print(out,key);
- BIO_printf(out,"\n");
- }
- if (type >= 1)
- {
- BIGNUM *pubkey;
-
- pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
- BIO_indent(out,indent,128);
- BIO_printf(out,"Public key: ");
- BN_print(out,pubkey);
- BIO_printf(out,"\n");
- }
-
- param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
- BIO_indent(out,indent,128);
- BIO_printf(out, "Parameter set: %s\n",OBJ_nid2ln(param_nid));
- return 1;
+ ASN1_PCTX *pctx, int type)
+{
+ int param_nid = NID_undef;
+
+ if (type == 2) {
+ BIGNUM *key;
+
+ if (!BIO_indent(out, indent, 128))
+ return 0;
+ BIO_printf(out, "Private key: ");
+ key = gost_get0_priv_key(pkey);
+ if (!key)
+ BIO_printf(out, "<undefined>");
+ else
+ BN_print(out, key);
+ BIO_printf(out, "\n");
+ }
+ if (type >= 1) {
+ BIGNUM *pubkey;
+
+ pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
+ BIO_indent(out, indent, 128);
+ BIO_printf(out, "Public key: ");
+ BN_print(out, pubkey);
+ BIO_printf(out, "\n");
+ }
+
+ param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
+ BIO_indent(out, indent, 128);
+ BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
+ return 1;
}
static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
- {
- return print_gost_94(out, pkey, indent, pctx,0);
- }
+ ASN1_PCTX *pctx)
+{
+ return print_gost_94(out, pkey, indent, pctx, 0);
+}
static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
- {
- return print_gost_94(out,pkey, indent, pctx,1);
- }
-static int priv_print_gost94(BIO *out,const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
- {
- return print_gost_94(out,pkey,indent,pctx,2);
- }
+ ASN1_PCTX *pctx)
+{
+ return print_gost_94(out, pkey, indent, pctx, 1);
+}
+
+static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
+ ASN1_PCTX *pctx)
+{
+ return print_gost_94(out, pkey, indent, pctx, 2);
+}
static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx, int type)
- {
- int param_nid = NID_undef;
- if (type == 2)
- {
- BIGNUM *key;
-
- if (!BIO_indent(out,indent,128)) return 0;
- BIO_printf(out,"Private key: ");
- key = gost_get0_priv_key(pkey);
- if (!key)
- BIO_printf(out,"<undefined)");
- else
- BN_print(out,key);
- BIO_printf(out,"\n");
- }
- if (type >= 1)
- {
- BN_CTX *ctx = BN_CTX_new();
- BIGNUM *X,*Y;
- const EC_POINT *pubkey;
- const EC_GROUP *group;
-
- if (!ctx)
- {
- GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- BN_CTX_start(ctx);
- X = BN_CTX_get(ctx);
- Y = BN_CTX_get(ctx);
- pubkey = EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
- group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
- if (!EC_POINT_get_affine_coordinates_GFp(group,pubkey,X,Y,ctx))
- {
- GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_EC_LIB);
- BN_CTX_free(ctx);
- return 0;
- }
- if (!BIO_indent(out,indent,128)) return 0;
- BIO_printf(out,"Public key:\n");
- if (!BIO_indent(out,indent+3,128)) return 0;
- BIO_printf(out,"X:");
- BN_print(out,X);
- BIO_printf(out,"\n");
- BIO_indent(out,indent+3,128);
- BIO_printf(out,"Y:");
- BN_print(out,Y);
- BIO_printf(out,"\n");
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
- param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
- if (!BIO_indent(out,indent,128)) return 0;
- BIO_printf(out,"Parameter set: %s\n",OBJ_nid2ln(param_nid));
- return 1;
+ ASN1_PCTX *pctx, int type)
+{
+ int param_nid = NID_undef;
+ if (type == 2) {
+ BIGNUM *key;
+
+ if (!BIO_indent(out, indent, 128))
+ return 0;
+ BIO_printf(out, "Private key: ");
+ key = gost_get0_priv_key(pkey);
+ if (!key)
+ BIO_printf(out, "<undefined)");
+ else
+ BN_print(out, key);
+ BIO_printf(out, "\n");
+ }
+ if (type >= 1) {
+ BN_CTX *ctx = BN_CTX_new();
+ BIGNUM *X, *Y;
+ const EC_POINT *pubkey;
+ const EC_GROUP *group;
+
+ if (!ctx) {
+ GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ BN_CTX_start(ctx);
+ X = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ pubkey =
+ EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
+ group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
+ if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
+ GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_EC_LIB);
+ BN_CTX_free(ctx);
+ return 0;
+ }
+ if (!BIO_indent(out, indent, 128))
+ return 0;
+ BIO_printf(out, "Public key:\n");
+ if (!BIO_indent(out, indent + 3, 128))
+ return 0;
+ BIO_printf(out, "X:");
+ BN_print(out, X);
+ BIO_printf(out, "\n");
+ BIO_indent(out, indent + 3, 128);
+ BIO_printf(out, "Y:");
+ BN_print(out, Y);
+ BIO_printf(out, "\n");
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ param_nid =
+ EC_GROUP_get_curve_name(EC_KEY_get0_group
+ (EVP_PKEY_get0((EVP_PKEY *)pkey)));
+ if (!BIO_indent(out, indent, 128))
+ return 0;
+ BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
+ return 1;
}
+
static int param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
- {
- return print_gost_01(out,pkey,indent,pctx,0);
- }
+ ASN1_PCTX *pctx)
+{
+ return print_gost_01(out, pkey, indent, pctx, 0);
+}
+
static int pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
- {
- return print_gost_01(out,pkey, indent, pctx,1);
- }
-static int priv_print_gost01(BIO *out,const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
- {
- return print_gost_01(out,pkey,indent,pctx,2);
- }
+ ASN1_PCTX *pctx)
+{
+ return print_gost_01(out, pkey, indent, pctx, 1);
+}
+
+static int priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
+ ASN1_PCTX *pctx)
+{
+ return print_gost_01(out, pkey, indent, pctx, 2);
+}
+
/* ---------------------------------------------------------------------*/
-static int param_missing_gost94(const EVP_PKEY *pk)
- {
- const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
- if (!dsa) return 1;
- if (!dsa->q) return 1;
- return 0;
- }
-
-static int param_missing_gost01(const EVP_PKEY *pk)
- {
- const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
- if (!ec) return 1;
- if (!EC_KEY_get0_group(ec)) return 1;
- return 0;
- }
-
-static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
- {
- const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
- DSA *dto = EVP_PKEY_get0(to);
- if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to))
- {
- GOSTerr(GOST_F_PARAM_COPY_GOST94,
- GOST_R_INCOMPATIBLE_ALGORITHMS);
- return 0;
- }
- if (!dfrom)
- {
- GOSTerr(GOST_F_PARAM_COPY_GOST94,
- GOST_R_KEY_PARAMETERS_MISSING);
- return 0;
- }
- if (!dto)
- {
- dto = DSA_new();
- EVP_PKEY_assign(to,EVP_PKEY_base_id(from),dto);
- }
-#define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x);
- COPYBIGNUM(dto,dfrom,p)
- COPYBIGNUM(dto,dfrom,q)
- COPYBIGNUM(dto,dfrom,g)
-
- if (dto->priv_key)
- gost94_compute_public(dto);
- return 1;
- }
-static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
- {
- EC_KEY *eto = EVP_PKEY_get0(to);
- const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
- if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to))
- {
- GOSTerr(GOST_F_PARAM_COPY_GOST01,
- GOST_R_INCOMPATIBLE_ALGORITHMS);
- return 0;
- }
- if (!efrom)
- {
- GOSTerr(GOST_F_PARAM_COPY_GOST01,
- GOST_R_KEY_PARAMETERS_MISSING);
- return 0;
- }
- if (!eto)
- {
- eto = EC_KEY_new();
- EVP_PKEY_assign(to,EVP_PKEY_base_id(from),eto);
- }
- EC_KEY_set_group(eto,EC_KEY_get0_group(efrom));
- if (EC_KEY_get0_private_key(eto))
- {
- gost2001_compute_public(eto);
- }
- return 1;
- }
-
-static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
- const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
- if (!BN_cmp(da->q,db->q)) return 1;
- return 0;
- }
-
-static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- if (EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)a)))==
- EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)b))))
- {
- return 1;
- }
- return 0;
-
- }
+static int param_missing_gost94(const EVP_PKEY *pk)
+{
+ const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
+ if (!dsa)
+ return 1;
+ if (!dsa->q)
+ return 1;
+ return 0;
+}
+
+static int param_missing_gost01(const EVP_PKEY *pk)
+{
+ const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
+ if (!ec)
+ return 1;
+ if (!EC_KEY_get0_group(ec))
+ return 1;
+ return 0;
+}
+
+static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
+{
+ const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
+ DSA *dto = EVP_PKEY_get0(to);
+ if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
+ GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS);
+ return 0;
+ }
+ if (!dfrom) {
+ GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING);
+ return 0;
+ }
+ if (!dto) {
+ dto = DSA_new();
+ EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto);
+ }
+#define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x);
+ COPYBIGNUM(dto, dfrom, p)
+ COPYBIGNUM(dto, dfrom, q)
+ COPYBIGNUM(dto, dfrom, g)
+
+ if (dto->priv_key)
+ gost94_compute_public(dto);
+ return 1;
+}
+
+static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
+{
+ EC_KEY *eto = EVP_PKEY_get0(to);
+ const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
+ if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
+ GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_INCOMPATIBLE_ALGORITHMS);
+ return 0;
+ }
+ if (!efrom) {
+ GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_KEY_PARAMETERS_MISSING);
+ return 0;
+ }
+ if (!eto) {
+ eto = EC_KEY_new();
+ EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto);
+ }
+ EC_KEY_set_group(eto, EC_KEY_get0_group(efrom));
+ if (EC_KEY_get0_private_key(eto)) {
+ gost2001_compute_public(eto);
+ }
+ return 1;
+}
+
+static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+ const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
+ const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
+ if (!BN_cmp(da->q, db->q))
+ return 1;
+ return 0;
+}
+
+static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+ if (EC_GROUP_get_curve_name
+ (EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)a))) ==
+ EC_GROUP_get_curve_name(EC_KEY_get0_group
+ (EVP_PKEY_get0((EVP_PKEY *)b)))) {
+ return 1;
+ }
+ return 0;
+
+}
/* ---------- Public key functions * --------------------------------------*/
static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
- {
- X509_ALGOR *palg = NULL;
- const unsigned char *pubkey_buf = NULL;
- unsigned char *databuf;
- ASN1_OBJECT *palgobj = NULL;
- int pub_len,i,j;
- DSA *dsa;
- ASN1_OCTET_STRING *octet= NULL;
-
- if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len,
- &palg, pub)) return 0;
- EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL);
- if (!decode_gost_algor_params(pk,palg)) return 0;
- octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len);
- if (!octet)
- {
- GOSTerr(GOST_F_PUB_DECODE_GOST94,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- databuf = OPENSSL_malloc(octet->length);
- for (i=0,j=octet->length-1;i<octet->length;i++,j--)
- {
- databuf[j]=octet->data[i];
- }
- dsa = EVP_PKEY_get0(pk);
- dsa->pub_key=BN_bin2bn(databuf,octet->length,NULL);
- ASN1_OCTET_STRING_free(octet);
- OPENSSL_free(databuf);
- return 1;
-
- }
-
-static int pub_encode_gost94(X509_PUBKEY *pub,const EVP_PKEY *pk)
- {
- ASN1_OBJECT *algobj = NULL;
- ASN1_OCTET_STRING *octet = NULL;
- void *pval = NULL;
- unsigned char *buf=NULL,*databuf,*sptr;
- int i,j,data_len,ret=0;
-
- int ptype = V_ASN1_UNDEF;
- DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
- algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
- if (pk->save_parameters)
- {
- ASN1_STRING *params = encode_gost_algor_params(pk);
- pval = params;
- ptype = V_ASN1_SEQUENCE;
- }
- data_len = BN_num_bytes(dsa->pub_key);
- databuf = OPENSSL_malloc(data_len);
- BN_bn2bin(dsa->pub_key,databuf);
- octet = ASN1_OCTET_STRING_new();
- ASN1_STRING_set(octet,NULL,data_len);
- sptr = ASN1_STRING_data(octet);
- for (i=0,j=data_len-1; i< data_len;i++,j--)
- {
- sptr[i]=databuf[j];
- }
- OPENSSL_free(databuf);
- ret = i2d_ASN1_OCTET_STRING(octet,&buf);
- ASN1_BIT_STRING_free(octet);
- if (ret <0) return 0;
- return X509_PUBKEY_set0_param(pub,algobj,ptype,pval,buf,ret);
- }
-
-static int pub_decode_gost01(EVP_PKEY *pk,X509_PUBKEY *pub)
- {
- X509_ALGOR *palg = NULL;
- const unsigned char *pubkey_buf = NULL;
- unsigned char *databuf;
- ASN1_OBJECT *palgobj = NULL;
- int pub_len,i,j;
- EC_POINT *pub_key;
- BIGNUM *X,*Y;
- ASN1_OCTET_STRING *octet= NULL;
- int len;
- const EC_GROUP *group;
-
- if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len,
- &palg, pub)) return 0;
- EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL);
- if (!decode_gost_algor_params(pk,palg)) return 0;
- group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
- octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len);
- if (!octet)
- {
- GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- databuf = OPENSSL_malloc(octet->length);
- for (i=0,j=octet->length-1;i<octet->length;i++,j--)
- {
- databuf[j]=octet->data[i];
- }
- len=octet->length/2;
- ASN1_OCTET_STRING_free(octet);
-
- Y= getbnfrombuf(databuf,len);
- X= getbnfrombuf(databuf+len,len);
- OPENSSL_free(databuf);
- pub_key = EC_POINT_new(group);
- if (!EC_POINT_set_affine_coordinates_GFp(group
- ,pub_key,X,Y,NULL))
- {
- GOSTerr(GOST_F_PUB_DECODE_GOST01,
- ERR_R_EC_LIB);
- EC_POINT_free(pub_key);
- BN_free(X);
- BN_free(Y);
- return 0;
- }
- BN_free(X);
- BN_free(Y);
- if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk),pub_key))
- {
- GOSTerr(GOST_F_PUB_DECODE_GOST01,
- ERR_R_EC_LIB);
- EC_POINT_free(pub_key);
- return 0;
- }
- EC_POINT_free(pub_key);
- return 1;
-
- }
-
-static int pub_encode_gost01(X509_PUBKEY *pub,const EVP_PKEY *pk)
- {
- ASN1_OBJECT *algobj = NULL;
- ASN1_OCTET_STRING *octet = NULL;
- void *pval = NULL;
- unsigned char *buf=NULL,*databuf,*sptr;
- int i,j,data_len,ret=0;
- const EC_POINT *pub_key;
- BIGNUM *X,*Y,*order;
- const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
- int ptype = V_ASN1_UNDEF;
-
- algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
- if (pk->save_parameters)
- {
- ASN1_STRING *params = encode_gost_algor_params(pk);
- pval = params;
- ptype = V_ASN1_SEQUENCE;
- }
- order = BN_new();
- EC_GROUP_get_order(EC_KEY_get0_group(ec),order,NULL);
- pub_key=EC_KEY_get0_public_key(ec);
- if (!pub_key)
- {
- GOSTerr(GOST_F_PUB_ENCODE_GOST01,
- GOST_R_PUBLIC_KEY_UNDEFINED);
- return 0;
- }
- X=BN_new();
- Y=BN_new();
- EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
- pub_key,X,Y,NULL);
- data_len = 2*BN_num_bytes(order);
- BN_free(order);
- databuf = OPENSSL_malloc(data_len);
- memset(databuf,0,data_len);
-
- store_bignum(X,databuf+data_len/2,data_len/2);
- store_bignum(Y,databuf,data_len/2);
-
- BN_free(X);
- BN_free(Y);
- octet = ASN1_OCTET_STRING_new();
- ASN1_STRING_set(octet,NULL,data_len);
- sptr=ASN1_STRING_data(octet);
- for (i=0,j=data_len-1;i<data_len;i++,j--)
- {
- sptr[i]=databuf[j];
- }
+{
+ X509_ALGOR *palg = NULL;
+ const unsigned char *pubkey_buf = NULL;
+ unsigned char *databuf;
+ ASN1_OBJECT *palgobj = NULL;
+ int pub_len, i, j;
+ DSA *dsa;
+ ASN1_OCTET_STRING *octet = NULL;
+
+ if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
+ return 0;
+ EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
+ if (!decode_gost_algor_params(pk, palg))
+ return 0;
+ octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
+ if (!octet) {
+ GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ databuf = OPENSSL_malloc(octet->length);
+ for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
+ databuf[j] = octet->data[i];
+ }
+ dsa = EVP_PKEY_get0(pk);
+ dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL);
+ ASN1_OCTET_STRING_free(octet);
OPENSSL_free(databuf);
- ret = i2d_ASN1_OCTET_STRING(octet,&buf);
- ASN1_BIT_STRING_free(octet);
- if (ret <0) return 0;
- return X509_PUBKEY_set0_param(pub,algobj,ptype,pval,buf,ret);
- }
+ return 1;
-static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
- const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
- if (da && db && da->pub_key && db->pub_key
- && !BN_cmp(da->pub_key,db->pub_key))
- {
- return 1;
- }
- return 0;
- }
-
-static int pub_cmp_gost01(const EVP_PKEY *a,const EVP_PKEY *b)
- {
- const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
- const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
- const EC_POINT *ka,*kb;
- int ret=0;
- if (!ea || !eb) return 0;
- ka = EC_KEY_get0_public_key(ea);
- kb = EC_KEY_get0_public_key(eb);
- if (!ka || !kb) return 0;
- ret = (0==EC_POINT_cmp(EC_KEY_get0_group(ea),ka,kb,NULL)) ;
- return ret;
- }
+}
+
+static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
+{
+ ASN1_OBJECT *algobj = NULL;
+ ASN1_OCTET_STRING *octet = NULL;
+ void *pval = NULL;
+ unsigned char *buf = NULL, *databuf, *sptr;
+ int i, j, data_len, ret = 0;
+
+ int ptype = V_ASN1_UNDEF;
+ DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
+ algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
+ if (pk->save_parameters) {
+ ASN1_STRING *params = encode_gost_algor_params(pk);
+ pval = params;
+ ptype = V_ASN1_SEQUENCE;
+ }
+ data_len = BN_num_bytes(dsa->pub_key);
+ databuf = OPENSSL_malloc(data_len);
+ BN_bn2bin(dsa->pub_key, databuf);
+ octet = ASN1_OCTET_STRING_new();
+ ASN1_STRING_set(octet, NULL, data_len);
+ sptr = ASN1_STRING_data(octet);
+ for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
+ sptr[i] = databuf[j];
+ }
+ OPENSSL_free(databuf);
+ ret = i2d_ASN1_OCTET_STRING(octet, &buf);
+ ASN1_BIT_STRING_free(octet);
+ if (ret < 0)
+ return 0;
+ return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
+}
+static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
+{
+ X509_ALGOR *palg = NULL;
+ const unsigned char *pubkey_buf = NULL;
+ unsigned char *databuf;
+ ASN1_OBJECT *palgobj = NULL;
+ int pub_len, i, j;
+ EC_POINT *pub_key;
+ BIGNUM *X, *Y;
+ ASN1_OCTET_STRING *octet = NULL;
+ int len;
+ const EC_GROUP *group;
+
+ if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
+ return 0;
+ EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
+ if (!decode_gost_algor_params(pk, palg))
+ return 0;
+ group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
+ octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
+ if (!octet) {
+ GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ databuf = OPENSSL_malloc(octet->length);
+ for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
+ databuf[j] = octet->data[i];
+ }
+ len = octet->length / 2;
+ ASN1_OCTET_STRING_free(octet);
+
+ Y = getbnfrombuf(databuf, len);
+ X = getbnfrombuf(databuf + len, len);
+ OPENSSL_free(databuf);
+ pub_key = EC_POINT_new(group);
+ if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) {
+ GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
+ EC_POINT_free(pub_key);
+ BN_free(X);
+ BN_free(Y);
+ return 0;
+ }
+ BN_free(X);
+ BN_free(Y);
+ if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key)) {
+ GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
+ EC_POINT_free(pub_key);
+ return 0;
+ }
+ EC_POINT_free(pub_key);
+ return 1;
+
+}
+
+static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
+{
+ ASN1_OBJECT *algobj = NULL;
+ ASN1_OCTET_STRING *octet = NULL;
+ void *pval = NULL;
+ unsigned char *buf = NULL, *databuf, *sptr;
+ int i, j, data_len, ret = 0;
+ const EC_POINT *pub_key;
+ BIGNUM *X, *Y, *order;
+ const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
+ int ptype = V_ASN1_UNDEF;
+
+ algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
+ if (pk->save_parameters) {
+ ASN1_STRING *params = encode_gost_algor_params(pk);
+ pval = params;
+ ptype = V_ASN1_SEQUENCE;
+ }
+ order = BN_new();
+ EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);
+ pub_key = EC_KEY_get0_public_key(ec);
+ if (!pub_key) {
+ GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
+ return 0;
+ }
+ X = BN_new();
+ Y = BN_new();
+ EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
+ pub_key, X, Y, NULL);
+ data_len = 2 * BN_num_bytes(order);
+ BN_free(order);
+ databuf = OPENSSL_malloc(data_len);
+ memset(databuf, 0, data_len);
+
+ store_bignum(X, databuf + data_len / 2, data_len / 2);
+ store_bignum(Y, databuf, data_len / 2);
+
+ BN_free(X);
+ BN_free(Y);
+ octet = ASN1_OCTET_STRING_new();
+ ASN1_STRING_set(octet, NULL, data_len);
+ sptr = ASN1_STRING_data(octet);
+ for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
+ sptr[i] = databuf[j];
+ }
+ OPENSSL_free(databuf);
+ ret = i2d_ASN1_OCTET_STRING(octet, &buf);
+ ASN1_BIT_STRING_free(octet);
+ if (ret < 0)
+ return 0;
+ return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
+}
+static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+ const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
+ const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
+ if (da && db && da->pub_key && db->pub_key
+ && !BN_cmp(da->pub_key, db->pub_key)) {
+ return 1;
+ }
+ return 0;
+}
+static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+ const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
+ const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
+ const EC_POINT *ka, *kb;
+ int ret = 0;
+ if (!ea || !eb)
+ return 0;
+ ka = EC_KEY_get0_public_key(ea);
+ kb = EC_KEY_get0_public_key(eb);
+ if (!ka || !kb)
+ return 0;
+ ret = (0 == EC_POINT_cmp(EC_KEY_get0_group(ea), ka, kb, NULL));
+ return ret;
+}
static int pkey_size_gost(const EVP_PKEY *pk)
- {
- return 64;
- }
+{
+ return 64;
+}
static int pkey_bits_gost(const EVP_PKEY *pk)
- {
- return 256;
- }
-/*------------------------ ASN1 METHOD for GOST MAC -------------------*/
-static void mackey_free_gost(EVP_PKEY *pk)
- {
- if (pk->pkey.ptr) {
- OPENSSL_free(pk->pkey.ptr);
- }
- }
+{
+ return 256;
+}
+
+/* ---------------------- ASN1 METHOD for GOST MAC -------------------*/
+static void mackey_free_gost(EVP_PKEY *pk)
+{
+ if (pk->pkey.ptr) {
+ OPENSSL_free(pk->pkey.ptr);
+ }
+}
+
static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
- switch (op)
- {
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_id_Gost28147_89_MAC;
- return 2;
- }
- return -2;
-}
-
-static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
- int nid=gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
- return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder);
-}
-static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
- int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
- return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder);
-}
-
-static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
-{
- ASN1_OBJECT *obj=NULL;
- DSA *dsa = EVP_PKEY_get0(pkey);
- int nid;
- if (d2i_ASN1_OBJECT(&obj,pder,derlen)==NULL) {
- return 0;
- }
- nid = OBJ_obj2nid(obj);
- ASN1_OBJECT_free(obj);
- if (!dsa)
- {
- dsa=DSA_new();
- if (!EVP_PKEY_assign(pkey,NID_id_GostR3410_94,dsa)) return 0;
- }
- if (!fill_GOST94_params(dsa,nid)) return 0;
- return 1;
-}
-
-static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) {
- ASN1_OBJECT *obj=NULL;
- int nid;
- EC_KEY *ec = EVP_PKEY_get0(pkey);
- if (d2i_ASN1_OBJECT(&obj,pder,derlen)==NULL) {
- return 0;
- }
- nid = OBJ_obj2nid(obj);
- ASN1_OBJECT_free(obj);
- if (!ec)
- {
- ec = EC_KEY_new();
- if (!EVP_PKEY_assign(pkey,NID_id_GostR3410_2001,ec)) return 0;
- }
- if (!fill_GOST2001_params(ec, nid)) return 0;
- return 1;
-}
+ switch (op) {
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+ *(int *)arg2 = NID_id_Gost28147_89_MAC;
+ return 2;
+ }
+ return -2;
+}
+static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+ int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
+ return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
+}
+static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+ int nid =
+ EC_GROUP_get_curve_name(EC_KEY_get0_group
+ (EVP_PKEY_get0((EVP_PKEY *)pkey)));
+ return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
+}
+static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
+ int derlen)
+{
+ ASN1_OBJECT *obj = NULL;
+ DSA *dsa = EVP_PKEY_get0(pkey);
+ int nid;
+ if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
+ return 0;
+ }
+ nid = OBJ_obj2nid(obj);
+ ASN1_OBJECT_free(obj);
+ if (!dsa) {
+ dsa = DSA_new();
+ if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))
+ return 0;
+ }
+ if (!fill_GOST94_params(dsa, nid))
+ return 0;
+ return 1;
+}
+static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
+ int derlen)
+{
+ ASN1_OBJECT *obj = NULL;
+ int nid;
+ EC_KEY *ec = EVP_PKEY_get0(pkey);
+ if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
+ return 0;
+ }
+ nid = OBJ_obj2nid(obj);
+ ASN1_OBJECT_free(obj);
+ if (!ec) {
+ ec = EC_KEY_new();
+ if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec))
+ return 0;
+ }
+ if (!fill_GOST2001_params(ec, nid))
+ return 0;
+ return 1;
+}
/* ----------------------------------------------------------------------*/
-int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pemstr, const char* info)
- {
- *ameth = EVP_PKEY_asn1_new(nid,
- ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
- if (!*ameth) return 0;
- switch (nid)
- {
- case NID_id_GostR3410_94:
- EVP_PKEY_asn1_set_free (*ameth, pkey_free_gost94);
- EVP_PKEY_asn1_set_private (*ameth,
- priv_decode_gost, priv_encode_gost,
- priv_print_gost94);
-
- EVP_PKEY_asn1_set_param (*ameth,
- gost94_param_decode, gost94_param_encode,
- param_missing_gost94, param_copy_gost94,
- param_cmp_gost94,param_print_gost94 );
- EVP_PKEY_asn1_set_public (*ameth,
- pub_decode_gost94, pub_encode_gost94,
- pub_cmp_gost94, pub_print_gost94,
- pkey_size_gost, pkey_bits_gost);
-
- EVP_PKEY_asn1_set_ctrl (*ameth, pkey_ctrl_gost);
- break;
- case NID_id_GostR3410_2001:
- EVP_PKEY_asn1_set_free (*ameth, pkey_free_gost01);
- EVP_PKEY_asn1_set_private (*ameth,
- priv_decode_gost, priv_encode_gost,
- priv_print_gost01);
-
- EVP_PKEY_asn1_set_param (*ameth,
- gost2001_param_decode, gost2001_param_encode,
- param_missing_gost01, param_copy_gost01,
- param_cmp_gost01, param_print_gost01);
- EVP_PKEY_asn1_set_public (*ameth,
- pub_decode_gost01, pub_encode_gost01,
- pub_cmp_gost01, pub_print_gost01,
- pkey_size_gost, pkey_bits_gost);
-
- EVP_PKEY_asn1_set_ctrl (*ameth, pkey_ctrl_gost);
- break;
- case NID_id_Gost28147_89_MAC:
- EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
- EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost);
- break;
- }
- return 1;
- }
+int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
+ const char *pemstr, const char *info)
+{
+ *ameth = EVP_PKEY_asn1_new(nid, ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
+ if (!*ameth)
+ return 0;
+ switch (nid) {
+ case NID_id_GostR3410_94:
+ EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94);
+ EVP_PKEY_asn1_set_private(*ameth,
+ priv_decode_gost, priv_encode_gost,
+ priv_print_gost94);
+
+ EVP_PKEY_asn1_set_param(*ameth,
+ gost94_param_decode, gost94_param_encode,
+ param_missing_gost94, param_copy_gost94,
+ param_cmp_gost94, param_print_gost94);
+ EVP_PKEY_asn1_set_public(*ameth,
+ pub_decode_gost94, pub_encode_gost94,
+ pub_cmp_gost94, pub_print_gost94,
+ pkey_size_gost, pkey_bits_gost);
+
+ EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
+ break;
+ case NID_id_GostR3410_2001:
+ EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01);
+ EVP_PKEY_asn1_set_private(*ameth,
+ priv_decode_gost, priv_encode_gost,
+ priv_print_gost01);
+
+ EVP_PKEY_asn1_set_param(*ameth,
+ gost2001_param_decode, gost2001_param_encode,
+ param_missing_gost01, param_copy_gost01,
+ param_cmp_gost01, param_print_gost01);
+ EVP_PKEY_asn1_set_public(*ameth,
+ pub_decode_gost01, pub_encode_gost01,
+ pub_cmp_gost01, pub_print_gost01,
+ pkey_size_gost, pkey_bits_gost);
+
+ EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
+ break;
+ case NID_id_Gost28147_89_MAC:
+ EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
+ EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost);
+ break;
+ }
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gost_asn1.c b/openssl/engines/ccgost/gost_asn1.c
index 318ecfce5..11686339b 100644
--- a/openssl/engines/ccgost/gost_asn1.c
+++ b/openssl/engines/ccgost/gost_asn1.c
@@ -12,44 +12,45 @@
#include "gost_lcl.h"
ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = {
- ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO),
- ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0)
+ ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO),
+ ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0)
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = {
- ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING),
- ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING)
+ ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING)
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO)
ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = {
- ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT),
- ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0),
- ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING)
+ ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT),
+ ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0),
+ ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING)
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = {
- ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT),
- ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT),
- ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT),
+ ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT),
+ ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT),
+ ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT),
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = {
- ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING),
- ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT),
+ ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT),
} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
-ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /*FIXME incomplete*/
- ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT)
-} ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
+ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */
+ ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT)
+}
+ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
diff --git a/openssl/engines/ccgost/gost_crypt.c b/openssl/engines/ccgost/gost_crypt.c
index 52aef15ac..aae941e54 100644
--- a/openssl/engines/ccgost/gost_crypt.c
+++ b/openssl/engines/ccgost/gost_crypt.c
@@ -19,59 +19,57 @@
#endif
#include <assert.h>
-static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-/* Handles block of data in CFB mode */
-static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl);
-/* Handles block of data in CNT mode */
-static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl);
-/* Cleanup function */
+static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+/* Handles block of data in CFB mode */
+static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
+/* Handles block of data in CNT mode */
+static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
+/* Cleanup function */
static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
/* set/get cipher parameters */
-static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
-static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
+static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
+static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
/* Control function */
-static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr);
-
-EVP_CIPHER cipher_gost =
- {
- NID_id_Gost28147_89,
- 1,/*block_size*/
- 32,/*key_size*/
- 8,/*iv_len */
- EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
- EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
- gost_cipher_init,
- gost_cipher_do_cfb,
- gost_cipher_cleanup,
- sizeof(struct ossl_gost_cipher_ctx),/* ctx_size */
- gost89_set_asn1_parameters,
- gost89_get_asn1_parameters,
- gost_cipher_ctl,
- NULL,
- };
-
-EVP_CIPHER cipher_gost_cpacnt =
- {
- NID_gost89_cnt,
- 1,/*block_size*/
- 32,/*key_size*/
- 8,/*iv_len */
- EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
- EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
- gost_cipher_init_cpa,
- gost_cipher_do_cnt,
- gost_cipher_cleanup,
- sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
- gost89_set_asn1_parameters,
- gost89_get_asn1_parameters,
- gost_cipher_ctl,
- NULL,
- };
+static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+
+EVP_CIPHER cipher_gost = {
+ NID_id_Gost28147_89,
+ 1, /* block_size */
+ 32, /* key_size */
+ 8, /* iv_len */
+ EVP_CIPH_CFB_MODE | EVP_CIPH_NO_PADDING |
+ EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
+ gost_cipher_init,
+ gost_cipher_do_cfb,
+ gost_cipher_cleanup,
+ sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
+ gost89_set_asn1_parameters,
+ gost89_get_asn1_parameters,
+ gost_cipher_ctl,
+ NULL,
+};
+
+EVP_CIPHER cipher_gost_cpacnt = {
+ NID_gost89_cnt,
+ 1, /* block_size */
+ 32, /* key_size */
+ 8, /* iv_len */
+ EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING |
+ EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
+ gost_cipher_init_cpa,
+ gost_cipher_do_cnt,
+ gost_cipher_cleanup,
+ sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
+ gost89_set_asn1_parameters,
+ gost89_get_asn1_parameters,
+ gost_cipher_ctl,
+ NULL,
+};
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
/* Init functions which set specific parameters */
@@ -79,556 +77,547 @@ static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
/* process block of data */
static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
/* Return computed value */
-static int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md);
+static int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md);
/* Copies context */
-static int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from);
+static int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
static int gost_imit_cleanup(EVP_MD_CTX *ctx);
/* Control function, knows how to set MAC key.*/
-static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr);
-
-EVP_MD imit_gost_cpa =
- {
- NID_id_Gost28147_89_MAC,
- NID_undef,
- 4,
- 0,
- gost_imit_init_cpa,
- gost_imit_update,
- gost_imit_final,
- gost_imit_copy,
- gost_imit_cleanup,
- NULL,
- NULL,
- {0,0,0,0,0},
- 8,
- sizeof(struct ossl_gost_imit_ctx),
- gost_imit_ctrl
- };
-
-/*
+static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
+
+EVP_MD imit_gost_cpa = {
+ NID_id_Gost28147_89_MAC,
+ NID_undef,
+ 4,
+ 0,
+ gost_imit_init_cpa,
+ gost_imit_update,
+ gost_imit_final,
+ gost_imit_copy,
+ gost_imit_cleanup,
+ NULL,
+ NULL,
+ {0, 0, 0, 0, 0},
+ 8,
+ sizeof(struct ossl_gost_imit_ctx),
+ gost_imit_ctrl
+};
+
+/*
* Correspondence between gost parameter OIDs and substitution blocks
* NID field is filed by register_gost_NID function in engine.c
* upon engine initialization
*/
-struct gost_cipher_info gost_cipher_list[]=
- {
-/* NID */ /* Subst block */ /* Key meshing*/
-/*{NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},*/
- {NID_id_Gost28147_89_cc,&GostR3411_94_CryptoProParamSet,0},
- {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
- {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
- {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
- {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
- {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,1},
- {NID_undef,NULL,0}
- };
-
-/* get encryption parameters from crypto network settings
- FIXME For now we use environment var CRYPT_PARAMS as place to
- store these settings. Actually, it is better to use engine control command, read from configuration file to set them */
+struct gost_cipher_info gost_cipher_list[] = {
+ /*- NID *//*
+ * Subst block
+ *//*
+ * Key meshing
+ */
+ /*
+ * {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
+ */
+ {NID_id_Gost28147_89_cc, &GostR3411_94_CryptoProParamSet, 0},
+ {NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
+ 1},
+ {NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
+ 1},
+ {NID_id_Gost28147_89_CryptoPro_C_ParamSet, &Gost28147_CryptoProParamSetC,
+ 1},
+ {NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD,
+ 1},
+ {NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1},
+ {NID_undef, NULL, 0}
+};
+
+/*
+ * get encryption parameters from crypto network settings FIXME For now we
+ * use environment var CRYPT_PARAMS as place to store these settings.
+ * Actually, it is better to use engine control command, read from
+ * configuration file to set them
+ */
const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
- {
- int nid;
- struct gost_cipher_info *param;
- if (!obj)
- {
- const char * params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
- if (!params || !strlen(params))
- return &gost_cipher_list[1];
-
- nid = OBJ_txt2nid(params);
- if (nid == NID_undef)
- {
- GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
- GOST_R_INVALID_CIPHER_PARAM_OID);
- return NULL;
- }
- }
- else
- {
- nid= OBJ_obj2nid(obj);
- }
- for (param=gost_cipher_list;param->sblock!=NULL && param->nid!=nid;
- param++);
- if (!param->sblock)
- {
- GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,GOST_R_INVALID_CIPHER_PARAMS);
- return NULL;
- }
- return param;
- }
+{
+ int nid;
+ struct gost_cipher_info *param;
+ if (!obj) {
+ const char *params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
+ if (!params || !strlen(params))
+ return &gost_cipher_list[1];
+
+ nid = OBJ_txt2nid(params);
+ if (nid == NID_undef) {
+ GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
+ GOST_R_INVALID_CIPHER_PARAM_OID);
+ return NULL;
+ }
+ } else {
+ nid = OBJ_obj2nid(obj);
+ }
+ for (param = gost_cipher_list; param->sblock != NULL && param->nid != nid;
+ param++) ;
+ if (!param->sblock) {
+ GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
+ return NULL;
+ }
+ return param;
+}
/* Sets cipher param from paramset NID. */
-static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c,int nid)
- {
- const struct gost_cipher_info *param;
- param=get_encryption_params((nid==NID_undef?NULL:OBJ_nid2obj(nid)));
- if (!param) return 0;
-
- c->paramNID = param->nid;
- c->key_meshing=param->key_meshing;
- c->count=0;
- gost_init(&(c->cctx), param->sblock);
- return 1;
- }
+static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c, int nid)
+{
+ const struct gost_cipher_info *param;
+ param =
+ get_encryption_params((nid == NID_undef ? NULL : OBJ_nid2obj(nid)));
+ if (!param)
+ return 0;
+
+ c->paramNID = param->nid;
+ c->key_meshing = param->key_meshing;
+ c->count = 0;
+ gost_init(&(c->cctx), param->sblock);
+ return 1;
+}
/* Initializes EVP_CIPHER_CTX by paramset NID */
-static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc, int paramNID,int mode)
- {
- struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
- if (ctx->app_data == NULL)
- {
- if (!gost_cipher_set_param(c,paramNID)) return 0;
- ctx->app_data = ctx->cipher_data;
- }
- if (key) gost_key(&(c->cctx),key);
- if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
- return 1;
- }
+static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc,
+ int paramNID, int mode)
+{
+ struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
+ if (ctx->app_data == NULL) {
+ if (!gost_cipher_set_param(c, paramNID))
+ return 0;
+ ctx->app_data = ctx->cipher_data;
+ }
+ if (key)
+ gost_key(&(c->cctx), key);
+ if (iv)
+ memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+ memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+ return 1;
+}
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
- gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
- c->key_meshing=1;
- c->count=0;
- if(key) gost_key(&(c->cctx),key);
- if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
- return 1;
- }
+ const unsigned char *iv, int enc)
+{
+ struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
+ gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
+ c->key_meshing = 1;
+ c->count = 0;
+ if (key)
+ gost_key(&(c->cctx), key);
+ if (iv)
+ memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+ memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+ return 1;
+}
/* Initializes EVP_CIPHER_CTX with default values */
int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- return gost_cipher_init_param(ctx,key,iv,enc,NID_undef,EVP_CIPH_CFB_MODE);
- }
-/* Wrapper around gostcrypt function from gost89.c which perform
- * key meshing when nesseccary
+ const unsigned char *iv, int enc)
+{
+ return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
+ EVP_CIPH_CFB_MODE);
+}
+
+/*
+ * Wrapper around gostcrypt function from gost89.c which perform key meshing
+ * when nesseccary
*/
-static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
- {
- struct ossl_gost_cipher_ctx *c = ctx;
- assert(c->count%8 == 0 && c->count <= 1024);
- if (c->key_meshing && c->count==1024)
- {
- cryptopro_key_meshing(&(c->cctx),iv);
- }
- gostcrypt(&(c->cctx),iv,buf);
- c->count = c->count%1024 + 8;
- }
-
-static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
- {
- struct ossl_gost_cipher_ctx *c = ctx;
- word32 g,go;
- unsigned char buf1[8];
- assert(c->count%8 == 0 && c->count <= 1024);
- if (c->key_meshing && c->count==1024)
- {
- cryptopro_key_meshing(&(c->cctx),iv);
- }
- if (c->count==0)
- {
- gostcrypt(&(c->cctx),iv,buf1);
- }
- else
- {
- memcpy(buf1,iv,8);
- }
- g = buf1[0]|(buf1[1]<<8)|(buf1[2]<<16)|(buf1[3]<<24);
- g += 0x01010101;
- buf1[0]=(unsigned char)(g&0xff);
- buf1[1]=(unsigned char)((g>>8)&0xff);
- buf1[2]=(unsigned char)((g>>16)&0xff);
- buf1[3]=(unsigned char)((g>>24)&0xff);
- g = buf1[4]|(buf1[5]<<8)|(buf1[6]<<16)|(buf1[7]<<24);
- go = g;
- g += 0x01010104;
- if (go > g) /* overflow*/
- g++;
- buf1[4]=(unsigned char)(g&0xff);
- buf1[5]=(unsigned char)((g>>8)&0xff);
- buf1[6]=(unsigned char)((g>>16)&0xff);
- buf1[7]=(unsigned char)((g>>24)&0xff);
- memcpy(iv,buf1,8);
- gostcrypt(&(c->cctx),buf1,buf);
- c->count = c->count%1024 + 8;
- }
+static void gost_crypt_mesh(void *ctx, unsigned char *iv, unsigned char *buf)
+{
+ struct ossl_gost_cipher_ctx *c = ctx;
+ assert(c->count % 8 == 0 && c->count <= 1024);
+ if (c->key_meshing && c->count == 1024) {
+ cryptopro_key_meshing(&(c->cctx), iv);
+ }
+ gostcrypt(&(c->cctx), iv, buf);
+ c->count = c->count % 1024 + 8;
+}
+
+static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf)
+{
+ struct ossl_gost_cipher_ctx *c = ctx;
+ word32 g, go;
+ unsigned char buf1[8];
+ assert(c->count % 8 == 0 && c->count <= 1024);
+ if (c->key_meshing && c->count == 1024) {
+ cryptopro_key_meshing(&(c->cctx), iv);
+ }
+ if (c->count == 0) {
+ gostcrypt(&(c->cctx), iv, buf1);
+ } else {
+ memcpy(buf1, iv, 8);
+ }
+ g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | (buf1[3] << 24);
+ g += 0x01010101;
+ buf1[0] = (unsigned char)(g & 0xff);
+ buf1[1] = (unsigned char)((g >> 8) & 0xff);
+ buf1[2] = (unsigned char)((g >> 16) & 0xff);
+ buf1[3] = (unsigned char)((g >> 24) & 0xff);
+ g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | (buf1[7] << 24);
+ go = g;
+ g += 0x01010104;
+ if (go > g) /* overflow */
+ g++;
+ buf1[4] = (unsigned char)(g & 0xff);
+ buf1[5] = (unsigned char)((g >> 8) & 0xff);
+ buf1[6] = (unsigned char)((g >> 16) & 0xff);
+ buf1[7] = (unsigned char)((g >> 24) & 0xff);
+ memcpy(iv, buf1, 8);
+ gostcrypt(&(c->cctx), buf1, buf);
+ c->count = c->count % 1024 + 8;
+}
/* GOST encryption in CFB mode */
-int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
- {
- const unsigned char *in_ptr=in;
- unsigned char *out_ptr=out;
- size_t i=0;
- size_t j=0;
+int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ const unsigned char *in_ptr = in;
+ unsigned char *out_ptr = out;
+ size_t i = 0;
+ size_t j = 0;
/* process partial block if any */
- if (ctx->num)
- {
- for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
- {
- if (!ctx->encrypt) ctx->buf[j+8]=*in_ptr;
- *out_ptr=ctx->buf[j]^(*in_ptr);
- if (ctx->encrypt) ctx->buf[j+8]=*out_ptr;
- }
- if (j==8)
- {
- memcpy(ctx->iv,ctx->buf+8,8);
- ctx->num=0;
- }
- else
- {
- ctx->num=j;
- return 1;
- }
- }
-
- for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
- {
- /*block cipher current iv */
- gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
- /*xor next block of input text with it and output it*/
- /*output this block */
- if (!ctx->encrypt) memcpy(ctx->iv,in_ptr,8);
- for (j=0;j<8;j++)
- {
- out_ptr[j]=ctx->buf[j]^in_ptr[j];
- }
- /* Encrypt */
- /* Next iv is next block of cipher text*/
- if (ctx->encrypt) memcpy(ctx->iv,out_ptr,8);
- }
+ if (ctx->num) {
+ for (j = ctx->num, i = 0; j < 8 && i < inl;
+ j++, i++, in_ptr++, out_ptr++) {
+ if (!ctx->encrypt)
+ ctx->buf[j + 8] = *in_ptr;
+ *out_ptr = ctx->buf[j] ^ (*in_ptr);
+ if (ctx->encrypt)
+ ctx->buf[j + 8] = *out_ptr;
+ }
+ if (j == 8) {
+ memcpy(ctx->iv, ctx->buf + 8, 8);
+ ctx->num = 0;
+ } else {
+ ctx->num = j;
+ return 1;
+ }
+ }
+
+ for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
+ /*
+ * block cipher current iv
+ */
+ gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf);
+ /*
+ * xor next block of input text with it and output it
+ */
+ /*
+ * output this block
+ */
+ if (!ctx->encrypt)
+ memcpy(ctx->iv, in_ptr, 8);
+ for (j = 0; j < 8; j++) {
+ out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
+ }
+ /* Encrypt */
+ /* Next iv is next block of cipher text */
+ if (ctx->encrypt)
+ memcpy(ctx->iv, out_ptr, 8);
+ }
/* Process rest of buffer */
- if (i<inl)
- {
- gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
- if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i);
- for (j=0;i<inl;j++,i++)
- {
- out_ptr[j]=ctx->buf[j]^in_ptr[j];
- }
- ctx->num = j;
- if (ctx->encrypt) memcpy(ctx->buf+8,out_ptr,j);
- }
- else
- {
- ctx->num = 0;
- }
- return 1;
- }
+ if (i < inl) {
+ gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf);
+ if (!ctx->encrypt)
+ memcpy(ctx->buf + 8, in_ptr, inl - i);
+ for (j = 0; i < inl; j++, i++) {
+ out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
+ }
+ ctx->num = j;
+ if (ctx->encrypt)
+ memcpy(ctx->buf + 8, out_ptr, j);
+ } else {
+ ctx->num = 0;
+ }
+ return 1;
+}
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
- {
- const unsigned char *in_ptr=in;
- unsigned char *out_ptr=out;
- size_t i=0;
- size_t j;
+ const unsigned char *in, size_t inl)
+{
+ const unsigned char *in_ptr = in;
+ unsigned char *out_ptr = out;
+ size_t i = 0;
+ size_t j;
/* process partial block if any */
- if (ctx->num)
- {
- for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
- {
- *out_ptr=ctx->buf[j]^(*in_ptr);
- }
- if (j==8)
- {
- ctx->num=0;
- }
- else
- {
- ctx->num=j;
- return 1;
- }
- }
-
- for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
- {
- /*block cipher current iv */
- /* Encrypt */
- gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
- /*xor next block of input text with it and output it*/
- /*output this block */
- for (j=0;j<8;j++)
- {
- out_ptr[j]=ctx->buf[j]^in_ptr[j];
- }
- }
+ if (ctx->num) {
+ for (j = ctx->num, i = 0; j < 8 && i < inl;
+ j++, i++, in_ptr++, out_ptr++) {
+ *out_ptr = ctx->buf[j] ^ (*in_ptr);
+ }
+ if (j == 8) {
+ ctx->num = 0;
+ } else {
+ ctx->num = j;
+ return 1;
+ }
+ }
+
+ for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
+ /*
+ * block cipher current iv
+ */
+ /* Encrypt */
+ gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf);
+ /*
+ * xor next block of input text with it and output it
+ */
+ /*
+ * output this block
+ */
+ for (j = 0; j < 8; j++) {
+ out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
+ }
+ }
/* Process rest of buffer */
- if (i<inl)
- {
- gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
- for (j=0;i<inl;j++,i++)
- {
- out_ptr[j]=ctx->buf[j]^in_ptr[j];
- }
- ctx->num = j;
- }
- else
- {
- ctx->num = 0;
- }
- return 1;
- }
+ if (i < inl) {
+ gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf);
+ for (j = 0; i < inl; j++, i++) {
+ out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
+ }
+ ctx->num = j;
+ } else {
+ ctx->num = 0;
+ }
+ return 1;
+}
/* Cleaning up of EVP_CIPHER_CTX */
-int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
- {
- gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx);
- ctx->app_data = NULL;
- return 1;
- }
+int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx);
+ ctx->app_data = NULL;
+ return 1;
+}
/* Control function for gost cipher */
-int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr)
- {
- switch (type)
- {
- case EVP_CTRL_RAND_KEY:
- {
- if (RAND_bytes((unsigned char *)ptr,ctx->key_len)<=0)
- {
- GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_RANDOM_GENERATOR_ERROR);
- return -1;
- }
- break;
- }
- case EVP_CTRL_PBE_PRF_NID:
- if (ptr) {
- *((int *)ptr)= NID_id_HMACGostR3411_94;
- return 1;
- } else {
- return 0;
- }
-
- default:
- GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
- return -1;
- }
- return 1;
- }
+int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+ switch (type) {
+ case EVP_CTRL_RAND_KEY:
+ {
+ if (RAND_bytes((unsigned char *)ptr, ctx->key_len) <= 0) {
+ GOSTerr(GOST_F_GOST_CIPHER_CTL,
+ GOST_R_RANDOM_GENERATOR_ERROR);
+ return -1;
+ }
+ break;
+ }
+ case EVP_CTRL_PBE_PRF_NID:
+ if (ptr) {
+ *((int *)ptr) = NID_id_HMACGostR3411_94;
+ return 1;
+ } else {
+ return 0;
+ }
+
+ default:
+ GOSTerr(GOST_F_GOST_CIPHER_CTL,
+ GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
+ return -1;
+ }
+ return 1;
+}
/* Set cipher parameters from ASN1 structure */
-int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
- {
- int len=0;
- unsigned char *buf=NULL;
- unsigned char *p=NULL;
- struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
- GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
- ASN1_OCTET_STRING *os = NULL;
- if (!gcp)
- {
- GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
- return 0;
- }
- if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len))
- {
- GOST_CIPHER_PARAMS_free(gcp);
- GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
- return 0;
- }
- ASN1_OBJECT_free(gcp->enc_param_set);
- gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
-
- len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
- p = buf = (unsigned char*)OPENSSL_malloc(len);
- if (!buf)
- {
- GOST_CIPHER_PARAMS_free(gcp);
- GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
- return 0;
- }
- i2d_GOST_CIPHER_PARAMS(gcp, &p);
- GOST_CIPHER_PARAMS_free(gcp);
-
- os = ASN1_OCTET_STRING_new();
-
- if(!os || !ASN1_OCTET_STRING_set(os, buf, len))
- {
- OPENSSL_free(buf);
- GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
- return 0;
- }
- OPENSSL_free(buf);
-
- ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
- return 1;
- }
+int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
+{
+ int len = 0;
+ unsigned char *buf = NULL;
+ unsigned char *p = NULL;
+ struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
+ GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
+ ASN1_OCTET_STRING *os = NULL;
+ if (!gcp) {
+ GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
+ return 0;
+ }
+ if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) {
+ GOST_CIPHER_PARAMS_free(gcp);
+ GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
+ return 0;
+ }
+ ASN1_OBJECT_free(gcp->enc_param_set);
+ gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
+
+ len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
+ p = buf = (unsigned char *)OPENSSL_malloc(len);
+ if (!buf) {
+ GOST_CIPHER_PARAMS_free(gcp);
+ GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
+ return 0;
+ }
+ i2d_GOST_CIPHER_PARAMS(gcp, &p);
+ GOST_CIPHER_PARAMS_free(gcp);
+
+ os = ASN1_OCTET_STRING_new();
+
+ if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
+ OPENSSL_free(buf);
+ GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
+ return 0;
+ }
+ OPENSSL_free(buf);
+
+ ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
+ return 1;
+}
/* Store parameters into ASN1 structure */
-int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
- {
- int ret = -1;
- int len;
- GOST_CIPHER_PARAMS *gcp = NULL;
- unsigned char *p;
- struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
- if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)
- {
- return ret;
- }
-
- p = params->value.sequence->data;
-
- gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
- params->value.sequence->length);
-
- len = gcp->iv->length;
- if (len != ctx->cipher->iv_len)
- {
- GOST_CIPHER_PARAMS_free(gcp);
- GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
- GOST_R_INVALID_IV_LENGTH);
- return -1;
- }
- if (!gost_cipher_set_param(c,OBJ_obj2nid(gcp->enc_param_set)))
- {
- GOST_CIPHER_PARAMS_free(gcp);
- return -1;
- }
- memcpy(ctx->oiv, gcp->iv->data, len);
-
- GOST_CIPHER_PARAMS_free(gcp);
-
- return 1;
- }
-
+int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
+{
+ int ret = -1;
+ int len;
+ GOST_CIPHER_PARAMS *gcp = NULL;
+ unsigned char *p;
+ struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
+ if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
+ return ret;
+ }
+
+ p = params->value.sequence->data;
+
+ gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
+ params->value.sequence->length);
+
+ len = gcp->iv->length;
+ if (len != ctx->cipher->iv_len) {
+ GOST_CIPHER_PARAMS_free(gcp);
+ GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, GOST_R_INVALID_IV_LENGTH);
+ return -1;
+ }
+ if (!gost_cipher_set_param(c, OBJ_obj2nid(gcp->enc_param_set))) {
+ GOST_CIPHER_PARAMS_free(gcp);
+ return -1;
+ }
+ memcpy(ctx->oiv, gcp->iv->data, len);
+
+ GOST_CIPHER_PARAMS_free(gcp);
+
+ return 1;
+}
int gost_imit_init_cpa(EVP_MD_CTX *ctx)
- {
- struct ossl_gost_imit_ctx *c = ctx->md_data;
- memset(c->buffer,0,sizeof(c->buffer));
- memset(c->partial_block,0,sizeof(c->partial_block));
- c->count = 0;
- c->bytes_left=0;
- c->key_meshing=1;
- gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
- return 1;
- }
-
-static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data)
- {
- unsigned char buffer[8];
- /* We are using local buffer for iv because CryptoPro doesn't
- * interpret internal state of MAC algorithm as iv during keymeshing
- * (but does initialize internal state from iv in key transport
- */
- assert(c->count%8 == 0 && c->count <= 1024);
- if (c->key_meshing && c->count==1024)
- {
- cryptopro_key_meshing(&(c->cctx),buffer);
- }
- mac_block(&(c->cctx),c->buffer,data);
- c->count = c->count%1024 + 8;
- }
+{
+ struct ossl_gost_imit_ctx *c = ctx->md_data;
+ memset(c->buffer, 0, sizeof(c->buffer));
+ memset(c->partial_block, 0, sizeof(c->partial_block));
+ c->count = 0;
+ c->bytes_left = 0;
+ c->key_meshing = 1;
+ gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
+ return 1;
+}
+
+static void mac_block_mesh(struct ossl_gost_imit_ctx *c,
+ const unsigned char *data)
+{
+ unsigned char buffer[8];
+ /*
+ * We are using local buffer for iv because CryptoPro doesn't interpret
+ * internal state of MAC algorithm as iv during keymeshing (but does
+ * initialize internal state from iv in key transport
+ */
+ assert(c->count % 8 == 0 && c->count <= 1024);
+ if (c->key_meshing && c->count == 1024) {
+ cryptopro_key_meshing(&(c->cctx), buffer);
+ }
+ mac_block(&(c->cctx), c->buffer, data);
+ c->count = c->count % 1024 + 8;
+}
int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
- {
- struct ossl_gost_imit_ctx *c = ctx->md_data;
- const unsigned char *p = data;
- size_t bytes = count,i;
- if (!(c->key_set)) {
- GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
- return 0;
- }
- if (c->bytes_left)
- {
- for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++)
- {
- c->partial_block[i]=*p;
- }
- if (i==8)
- {
- mac_block_mesh(c,c->partial_block);
- }
- else
- {
- c->bytes_left = i;
- return 1;
- }
- }
- while (bytes>8)
- {
- mac_block_mesh(c,p);
- p+=8;
- bytes-=8;
- }
- if (bytes>0)
- {
- memcpy(c->partial_block,p,bytes);
- }
- c->bytes_left=bytes;
- return 1;
- }
-
-int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
- {
- struct ossl_gost_imit_ctx *c = ctx->md_data;
- if (!c->key_set) {
- GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
- return 0;
- }
- if (c->count==0 && c->bytes_left)
- {
- unsigned char buffer[8];
- memset(buffer, 0, 8);
- gost_imit_update(ctx, buffer, 8);
- }
- if (c->bytes_left)
- {
- int i;
- for (i=c->bytes_left;i<8;i++)
- {
- c->partial_block[i]=0;
- }
- mac_block_mesh(c,c->partial_block);
- }
- get_mac(c->buffer,32,md);
- return 1;
- }
-
-int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr)
- {
- switch (type)
- {
- case EVP_MD_CTRL_KEY_LEN:
- *((unsigned int*)(ptr)) = 32;
- return 1;
- case EVP_MD_CTRL_SET_KEY:
- {
- if (arg!=32) {
- GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
- return 0;
- }
-
- gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ;
- ((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1;
- return 1;
-
- }
- default:
- return 0;
- }
- }
-
-int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
- {
- memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_imit_ctx));
- return 1;
- }
+{
+ struct ossl_gost_imit_ctx *c = ctx->md_data;
+ const unsigned char *p = data;
+ size_t bytes = count, i;
+ if (!(c->key_set)) {
+ GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
+ return 0;
+ }
+ if (c->bytes_left) {
+ for (i = c->bytes_left; i < 8 && bytes > 0; bytes--, i++, p++) {
+ c->partial_block[i] = *p;
+ }
+ if (i == 8) {
+ mac_block_mesh(c, c->partial_block);
+ } else {
+ c->bytes_left = i;
+ return 1;
+ }
+ }
+ while (bytes > 8) {
+ mac_block_mesh(c, p);
+ p += 8;
+ bytes -= 8;
+ }
+ if (bytes > 0) {
+ memcpy(c->partial_block, p, bytes);
+ }
+ c->bytes_left = bytes;
+ return 1;
+}
+
+int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ struct ossl_gost_imit_ctx *c = ctx->md_data;
+ if (!c->key_set) {
+ GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
+ return 0;
+ }
+ if (c->count == 0 && c->bytes_left) {
+ unsigned char buffer[8];
+ memset(buffer, 0, 8);
+ gost_imit_update(ctx, buffer, 8);
+ }
+ if (c->bytes_left) {
+ int i;
+ for (i = c->bytes_left; i < 8; i++) {
+ c->partial_block[i] = 0;
+ }
+ mac_block_mesh(c, c->partial_block);
+ }
+ get_mac(c->buffer, 32, md);
+ return 1;
+}
+
+int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
+{
+ switch (type) {
+ case EVP_MD_CTRL_KEY_LEN:
+ *((unsigned int *)(ptr)) = 32;
+ return 1;
+ case EVP_MD_CTRL_SET_KEY:
+ {
+ if (arg != 32) {
+ GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
+ return 0;
+ }
+
+ gost_key(&(((struct ossl_gost_imit_ctx *)(ctx->md_data))->cctx),
+ ptr);
+ ((struct ossl_gost_imit_ctx *)(ctx->md_data))->key_set = 1;
+ return 1;
+
+ }
+ default:
+ return 0;
+ }
+}
+
+int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+ memcpy(to->md_data, from->md_data, sizeof(struct ossl_gost_imit_ctx));
+ return 1;
+}
/* Clean up imit ctx */
int gost_imit_cleanup(EVP_MD_CTX *ctx)
- {
- memset(ctx->md_data,0,sizeof(struct ossl_gost_imit_ctx));
- return 1;
- }
-
+{
+ memset(ctx->md_data, 0, sizeof(struct ossl_gost_imit_ctx));
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gost_ctl.c b/openssl/engines/ccgost/gost_ctl.c
index d3cd17181..6c93c4584 100644
--- a/openssl/engines/ccgost/gost_ctl.c
+++ b/openssl/engines/ccgost/gost_ctl.c
@@ -5,7 +5,7 @@
* *
* Implementation of control commands for GOST engine *
* OpenSSL 0.9.9 libraries required *
- **********************************************************************/
+ **********************************************************************/
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
@@ -14,76 +14,80 @@
#include <openssl/buffer.h>
#include "gost_lcl.h"
-static char *gost_params[GOST_PARAM_MAX+1]={NULL};
-static const char *gost_envnames[]={"CRYPT_PARAMS"};
-const ENGINE_CMD_DEFN gost_cmds[]=
- {
-/* { GOST_CTRL_RNG,
- "RNG",
- "Type of random number generator to use",
- ENGINE_CMD_FLAG_STRING
- },
- { GOST_CTRL_RNG_PARAMS,
- "RNG_PARAMS",
- "Parameter for random number generator",
- ENGINE_CMD_FLAG_STRING
- },
-*/ { GOST_CTRL_CRYPT_PARAMS,
- "CRYPT_PARAMS",
- "OID of default GOST 28147-89 parameters",
- ENGINE_CMD_FLAG_STRING
- },
-{0,NULL,NULL,0}
- };
+static char *gost_params[GOST_PARAM_MAX + 1] = { NULL };
+static const char *gost_envnames[] = { "CRYPT_PARAMS" };
-void gost_param_free()
+const ENGINE_CMD_DEFN gost_cmds[] = {
+/*- { GOST_CTRL_RNG,
+ "RNG",
+ "Type of random number generator to use",
+ ENGINE_CMD_FLAG_STRING
+ },
+ { GOST_CTRL_RNG_PARAMS,
+ "RNG_PARAMS",
+ "Parameter for random number generator",
+ ENGINE_CMD_FLAG_STRING
+ },
+*/ {GOST_CTRL_CRYPT_PARAMS,
+ "CRYPT_PARAMS",
+ "OID of default GOST 28147-89 parameters",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+void gost_param_free()
{
- int i;
- for (i=0;i<=GOST_PARAM_MAX;i++)
- if (gost_params[i]!=NULL)
- {
- OPENSSL_free(gost_params[i]);
- gost_params[i]=NULL;
- }
-
+ int i;
+ for (i = 0; i <= GOST_PARAM_MAX; i++)
+ if (gost_params[i] != NULL) {
+ OPENSSL_free(gost_params[i]);
+ gost_params[i] = NULL;
+ }
+
}
-int gost_control_func(ENGINE *e,int cmd,long i, void *p, void (*f)(void))
- {
- int param = cmd-ENGINE_CMD_BASE;
- int ret=0;
- if (param <0 || param >GOST_PARAM_MAX) return -1;
- ret=gost_set_default_param(param,p);
- return ret;
- }
+int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int param = cmd - ENGINE_CMD_BASE;
+ int ret = 0;
+ if (param < 0 || param > GOST_PARAM_MAX)
+ return -1;
+ ret = gost_set_default_param(param, p);
+ return ret;
+}
-const char *get_gost_engine_param(int param)
- {
- char *tmp;
- if (param <0 || param >GOST_PARAM_MAX) return NULL;
- if (gost_params[param]!=NULL)
- {
- return gost_params[param];
- }
- tmp = getenv(gost_envnames[param]);
- if (tmp)
- {
- if (gost_params[param]) OPENSSL_free(gost_params[param]);
- gost_params[param] = BUF_strdup(tmp);
- return gost_params[param];
- }
- return NULL;
- }
+const char *get_gost_engine_param(int param)
+{
+ char *tmp;
+ if (param < 0 || param > GOST_PARAM_MAX)
+ return NULL;
+ if (gost_params[param] != NULL) {
+ return gost_params[param];
+ }
+ tmp = getenv(gost_envnames[param]);
+ if (tmp) {
+ if (gost_params[param])
+ OPENSSL_free(gost_params[param]);
+ gost_params[param] = BUF_strdup(tmp);
+ return gost_params[param];
+ }
+ return NULL;
+}
-int gost_set_default_param(int param, const char *value)
- {
- const char *tmp;
- if (param <0 || param >GOST_PARAM_MAX) return 0;
- tmp = getenv(gost_envnames[param]);
- /* if there is value in the environment, use it, else -passed string * */
- if (!tmp) tmp=value;
- if (gost_params[param]) OPENSSL_free(gost_params[param]);
- gost_params[param] = BUF_strdup(tmp);
+int gost_set_default_param(int param, const char *value)
+{
+ const char *tmp;
+ if (param < 0 || param > GOST_PARAM_MAX)
+ return 0;
+ tmp = getenv(gost_envnames[param]);
+ /*
+ * if there is value in the environment, use it, else -passed string *
+ */
+ if (!tmp)
+ tmp = value;
+ if (gost_params[param])
+ OPENSSL_free(gost_params[param]);
+ gost_params[param] = BUF_strdup(tmp);
- return 1;
- }
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gost_eng.c b/openssl/engines/ccgost/gost_eng.c
index 8f29bf6f8..5924791b7 100644
--- a/openssl/engines/ccgost/gost_eng.c
+++ b/openssl/engines/ccgost/gost_eng.c
@@ -16,273 +16,266 @@
#include "e_gost_err.h"
#include "gost_lcl.h"
static const char *engine_gost_id = "gost";
-static const char *engine_gost_name = "Reference implementation of GOST engine";
+static const char *engine_gost_name =
+ "Reference implementation of GOST engine";
/* Symmetric cipher and digest function registrar */
static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid);
+ const int **nids, int nid);
static int gost_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int ind);
+ const int **nids, int ind);
-static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth,
- const int **nids, int nid);
+static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+ const int **nids, int nid);
-static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
- const int **nids, int nid);
+static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
+ const int **nids, int nid);
-static int gost_cipher_nids[] =
- {NID_id_Gost28147_89, NID_gost89_cnt,0};
+static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
static int gost_digest_nids[] =
- {NID_id_GostR3411_94,NID_id_Gost28147_89_MAC, 0};
+ { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
-static int gost_pkey_meth_nids[] =
- {NID_id_GostR3410_94,
- NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0};
+static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
+ NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
+};
static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
- *pmeth_GostR3410_2001 = NULL,
- *pmeth_Gost28147_MAC = NULL;
+ *pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
- *ameth_GostR3410_2001 = NULL,
- *ameth_Gost28147_MAC = NULL;
-
+ *ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
static int gost_engine_init(ENGINE *e)
- {
- return 1;
- }
+{
+ return 1;
+}
static int gost_engine_finish(ENGINE *e)
- {
- return 1;
- }
+{
+ return 1;
+}
static int gost_engine_destroy(ENGINE *e)
- {
- gost_param_free();
+{
+ gost_param_free();
- pmeth_GostR3410_94 = NULL;
- pmeth_GostR3410_2001 = NULL;
- pmeth_Gost28147_MAC = NULL;
- ameth_GostR3410_94 = NULL;
- ameth_GostR3410_2001 = NULL;
- ameth_Gost28147_MAC = NULL;
- return 1;
- }
+ pmeth_GostR3410_94 = NULL;
+ pmeth_GostR3410_2001 = NULL;
+ pmeth_Gost28147_MAC = NULL;
+ ameth_GostR3410_94 = NULL;
+ ameth_GostR3410_2001 = NULL;
+ ameth_Gost28147_MAC = NULL;
+ return 1;
+}
-static int bind_gost (ENGINE *e,const char *id)
- {
- int ret = 0;
- if (id && strcmp(id, engine_gost_id)) return 0;
- if (ameth_GostR3410_94)
- {
- printf("GOST engine already loaded\n");
- goto end;
- }
+static int bind_gost(ENGINE *e, const char *id)
+{
+ int ret = 0;
+ if (id && strcmp(id, engine_gost_id))
+ return 0;
+ if (ameth_GostR3410_94) {
+ printf("GOST engine already loaded\n");
+ goto end;
+ }
- if (!ENGINE_set_id(e, engine_gost_id))
- {
- printf("ENGINE_set_id failed\n");
- goto end;
- }
- if (!ENGINE_set_name(e, engine_gost_name))
- {
- printf("ENGINE_set_name failed\n");
- goto end;
- }
- if (!ENGINE_set_digests(e, gost_digests))
- {
- printf("ENGINE_set_digests failed\n");
- goto end;
- }
- if (! ENGINE_set_ciphers(e, gost_ciphers))
- {
- printf("ENGINE_set_ciphers failed\n");
- goto end;
- }
- if (! ENGINE_set_pkey_meths(e, gost_pkey_meths))
- {
- printf("ENGINE_set_pkey_meths failed\n");
- goto end;
- }
- if (! ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths))
- {
- printf("ENGINE_set_pkey_asn1_meths failed\n");
- goto end;
- }
- /* Control function and commands */
- if (!ENGINE_set_cmd_defns(e,gost_cmds))
- {
- fprintf(stderr,"ENGINE_set_cmd_defns failed\n");
- goto end;
- }
- if (!ENGINE_set_ctrl_function(e,gost_control_func))
- {
- fprintf(stderr,"ENGINE_set_ctrl_func failed\n");
- goto end;
- }
- if ( ! ENGINE_set_destroy_function(e, gost_engine_destroy)
- || ! ENGINE_set_init_function(e,gost_engine_init)
- || ! ENGINE_set_finish_function(e,gost_engine_finish))
- {
- goto end;
- }
+ if (!ENGINE_set_id(e, engine_gost_id)) {
+ printf("ENGINE_set_id failed\n");
+ goto end;
+ }
+ if (!ENGINE_set_name(e, engine_gost_name)) {
+ printf("ENGINE_set_name failed\n");
+ goto end;
+ }
+ if (!ENGINE_set_digests(e, gost_digests)) {
+ printf("ENGINE_set_digests failed\n");
+ goto end;
+ }
+ if (!ENGINE_set_ciphers(e, gost_ciphers)) {
+ printf("ENGINE_set_ciphers failed\n");
+ goto end;
+ }
+ if (!ENGINE_set_pkey_meths(e, gost_pkey_meths)) {
+ printf("ENGINE_set_pkey_meths failed\n");
+ goto end;
+ }
+ if (!ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths)) {
+ printf("ENGINE_set_pkey_asn1_meths failed\n");
+ goto end;
+ }
+ /* Control function and commands */
+ if (!ENGINE_set_cmd_defns(e, gost_cmds)) {
+ fprintf(stderr, "ENGINE_set_cmd_defns failed\n");
+ goto end;
+ }
+ if (!ENGINE_set_ctrl_function(e, gost_control_func)) {
+ fprintf(stderr, "ENGINE_set_ctrl_func failed\n");
+ goto end;
+ }
+ if (!ENGINE_set_destroy_function(e, gost_engine_destroy)
+ || !ENGINE_set_init_function(e, gost_engine_init)
+ || !ENGINE_set_finish_function(e, gost_engine_finish)) {
+ goto end;
+ }
- if (!register_ameth_gost(NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94", "GOST R 34.10-94")) goto end;
- if (!register_ameth_gost(NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001", "GOST R 34.10-2001")) goto end;
- if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
- "GOST-MAC", "GOST 28147-89 MAC")) goto end;
+ if (!register_ameth_gost
+ (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94",
+ "GOST R 34.10-94"))
+ goto end;
+ if (!register_ameth_gost
+ (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
+ "GOST R 34.10-2001"))
+ goto end;
+ if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
+ "GOST-MAC", "GOST 28147-89 MAC"))
+ goto end;
- if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0)) goto end;
- if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0)) goto end;
- if (!register_pmeth_gost(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
- goto end;
- if ( ! ENGINE_register_ciphers(e)
- || ! ENGINE_register_digests(e)
- || ! ENGINE_register_pkey_meths(e)
- /* These two actually should go in LIST_ADD command */
- || ! EVP_add_cipher(&cipher_gost)
- || ! EVP_add_cipher(&cipher_gost_cpacnt)
- || ! EVP_add_digest(&digest_gost)
- || ! EVP_add_digest(&imit_gost_cpa)
- )
- {
- goto end;
- }
+ if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
+ goto end;
+ if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
+ goto end;
+ if (!register_pmeth_gost
+ (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
+ goto end;
+ if (!ENGINE_register_ciphers(e)
+ || !ENGINE_register_digests(e)
+ || !ENGINE_register_pkey_meths(e)
+ /* These two actually should go in LIST_ADD command */
+ || !EVP_add_cipher(&cipher_gost)
+ || !EVP_add_cipher(&cipher_gost_cpacnt)
+ || !EVP_add_digest(&digest_gost)
+ || !EVP_add_digest(&imit_gost_cpa)
+ ) {
+ goto end;
+ }
- ERR_load_GOST_strings();
- ret = 1;
- end:
- return ret;
- }
+ ERR_load_GOST_strings();
+ ret = 1;
+ end:
+ return ret;
+}
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
IMPLEMENT_DYNAMIC_BIND_FN(bind_gost)
-IMPLEMENT_DYNAMIC_CHECK_FN()
-#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */
-
+ IMPLEMENT_DYNAMIC_CHECK_FN()
+#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */
static int gost_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
- {
- int ok =1 ;
- if (!digest)
- {
- *nids = gost_digest_nids;
- return 2;
- }
- /*printf("Digest no %d requested\n",nid);*/
- if(nid == NID_id_GostR3411_94)
- {
- *digest = &digest_gost;
- }
- else if (nid == NID_id_Gost28147_89_MAC)
- {
- *digest = &imit_gost_cpa;
- }
- else
- {
- ok =0;
- *digest = NULL;
- }
- return ok;
- }
-
-static int gost_ciphers (ENGINE *e,const EVP_CIPHER **cipher,
- const int **nids, int nid)
- {
- int ok = 1;
- if (!cipher)
- {
- *nids = gost_cipher_nids;
- return 2; /* two ciphers are supported */
- }
+ const int **nids, int nid)
+{
+ int ok = 1;
+ if (!digest) {
+ *nids = gost_digest_nids;
+ return 2;
+ }
+ /*
+ * printf("Digest no %d requested\n",nid);
+ */
+ if (nid == NID_id_GostR3411_94) {
+ *digest = &digest_gost;
+ } else if (nid == NID_id_Gost28147_89_MAC) {
+ *digest = &imit_gost_cpa;
+ } else {
+ ok = 0;
+ *digest = NULL;
+ }
+ return ok;
+}
+
+static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid)
+{
+ int ok = 1;
+ if (!cipher) {
+ *nids = gost_cipher_nids;
+ return 2; /* two ciphers are supported */
+ }
+
+ if (nid == NID_id_Gost28147_89) {
+ *cipher = &cipher_gost;
+ } else if (nid == NID_gost89_cnt) {
+ *cipher = &cipher_gost_cpacnt;
+ } else {
+ ok = 0;
+ *cipher = NULL;
+ }
+ return ok;
+}
- if(nid == NID_id_Gost28147_89)
- {
- *cipher = &cipher_gost;
- }
- else if (nid == NID_gost89_cnt)
- {
- *cipher = &cipher_gost_cpacnt;
- }
- else
- {
- ok = 0;
- *cipher = NULL;
- }
- return ok;
- }
+static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+ const int **nids, int nid)
+{
+ if (!pmeth) {
+ *nids = gost_pkey_meth_nids;
+ return 3;
+ }
-static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth,
- const int **nids, int nid)
- {
- if (!pmeth)
- {
- *nids = gost_pkey_meth_nids;
- return 3;
- }
+ switch (nid) {
+ case NID_id_GostR3410_94:
+ *pmeth = pmeth_GostR3410_94;
+ return 1;
+ case NID_id_GostR3410_2001:
+ *pmeth = pmeth_GostR3410_2001;
+ return 1;
+ case NID_id_Gost28147_89_MAC:
+ *pmeth = pmeth_Gost28147_MAC;
+ return 1;
+ default:;
+ }
- switch (nid)
- {
- case NID_id_GostR3410_94: *pmeth = pmeth_GostR3410_94; return 1;
- case NID_id_GostR3410_2001: *pmeth = pmeth_GostR3410_2001; return 1;
- case NID_id_Gost28147_89_MAC: *pmeth = pmeth_Gost28147_MAC; return 1;
- default:;
- }
-
- *pmeth = NULL;
- return 0;
- }
+ *pmeth = NULL;
+ return 0;
+}
-static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
- const int **nids, int nid)
- {
- if (!ameth)
- {
- *nids = gost_pkey_meth_nids;
- return 3;
- }
- switch (nid)
- {
- case NID_id_GostR3410_94: *ameth = ameth_GostR3410_94; return 1;
- case NID_id_GostR3410_2001: *ameth = ameth_GostR3410_2001; return 1;
- case NID_id_Gost28147_89_MAC: *ameth = ameth_Gost28147_MAC; return 1;
-
- default:;
- }
-
- *ameth = NULL;
- return 0;
- }
+static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
+ const int **nids, int nid)
+{
+ if (!ameth) {
+ *nids = gost_pkey_meth_nids;
+ return 3;
+ }
+ switch (nid) {
+ case NID_id_GostR3410_94:
+ *ameth = ameth_GostR3410_94;
+ return 1;
+ case NID_id_GostR3410_2001:
+ *ameth = ameth_GostR3410_2001;
+ return 1;
+ case NID_id_Gost28147_89_MAC:
+ *ameth = ameth_Gost28147_MAC;
+ return 1;
+
+ default:;
+ }
+
+ *ameth = NULL;
+ return 0;
+}
#ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_gost(void)
- {
- ENGINE *ret = ENGINE_new();
- if (!ret)
- return NULL;
- if (!bind_gost(ret,engine_gost_id))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_gost(void)
- {
- ENGINE *toadd;
- if (pmeth_GostR3410_94)
- return;
- toadd = engine_gost();
- if (!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_gost(ret, engine_gost_id)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+void ENGINE_load_gost(void)
+{
+ ENGINE *toadd;
+ if (pmeth_GostR3410_94)
+ return;
+ toadd = engine_gost();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+#endif
diff --git a/openssl/engines/ccgost/gost_keywrap.c b/openssl/engines/ccgost/gost_keywrap.c
index c618f6da2..502a83c62 100644
--- a/openssl/engines/ccgost/gost_keywrap.c
+++ b/openssl/engines/ccgost/gost_keywrap.c
@@ -11,99 +11,96 @@
#include "gost89.h"
#include "gost_keywrap.h"
-/* Diversifies key using random UserKey Material
- * Implements RFC 4357 p 6.5 key diversification algorithm
- *
+/*-
+ * Diversifies key using random UserKey Material
+ * Implements RFC 4357 p 6.5 key diversification algorithm
+ *
* inputKey - 32byte key to be diversified
* ukm - 8byte user key material
- * outputKey - 32byte buffer to store diversified key
+ * outputKey - 32byte buffer to store diversified key
*
*/
-void keyDiversifyCryptoPro(gost_ctx *ctx,const unsigned char *inputKey, const unsigned char *ukm, unsigned char *outputKey)
- {
+void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey,
+ const unsigned char *ukm, unsigned char *outputKey)
+{
- u4 k,s1,s2;
- int i,j,mask;
- unsigned char S[8];
- memcpy(outputKey,inputKey,32);
- for (i=0;i<8;i++)
- {
- /* Make array of integers from key */
- /* Compute IV S*/
- s1=0,s2=0;
- for (j=0,mask=1;j<8;j++,mask<<=1)
- {
- k=((u4)outputKey[4*j])|(outputKey[4*j+1]<<8)|
- (outputKey[4*j+2]<<16)|(outputKey[4*j+3]<<24);
- if (mask & ukm[i])
- {
- s1+=k;
- }
- else
- {
- s2+=k;
- }
- }
- S[0]=(unsigned char)(s1&0xff);
- S[1]=(unsigned char)((s1>>8)&0xff);
- S[2]=(unsigned char)((s1>>16)&0xff);
- S[3]=(unsigned char)((s1>>24)&0xff);
- S[4]=(unsigned char)(s2&0xff);
- S[5]=(unsigned char)((s2>>8)&0xff);
- S[6]=(unsigned char)((s2>>16)&0xff);
- S[7]=(unsigned char)((s2>>24)&0xff);
- gost_key(ctx,outputKey);
- gost_enc_cfb(ctx,S,outputKey,outputKey,4);
- }
- }
-
+ u4 k, s1, s2;
+ int i, j, mask;
+ unsigned char S[8];
+ memcpy(outputKey, inputKey, 32);
+ for (i = 0; i < 8; i++) {
+ /* Make array of integers from key */
+ /* Compute IV S */
+ s1 = 0, s2 = 0;
+ for (j = 0, mask = 1; j < 8; j++, mask <<= 1) {
+ k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) |
+ (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24);
+ if (mask & ukm[i]) {
+ s1 += k;
+ } else {
+ s2 += k;
+ }
+ }
+ S[0] = (unsigned char)(s1 & 0xff);
+ S[1] = (unsigned char)((s1 >> 8) & 0xff);
+ S[2] = (unsigned char)((s1 >> 16) & 0xff);
+ S[3] = (unsigned char)((s1 >> 24) & 0xff);
+ S[4] = (unsigned char)(s2 & 0xff);
+ S[5] = (unsigned char)((s2 >> 8) & 0xff);
+ S[6] = (unsigned char)((s2 >> 16) & 0xff);
+ S[7] = (unsigned char)((s2 >> 24) & 0xff);
+ gost_key(ctx, outputKey);
+ gost_enc_cfb(ctx, S, outputKey, outputKey, 4);
+ }
+}
-/*
+/*-
* Wraps key using RFC 4357 6.3
- * ctx - gost encryption context, initialized with some S-boxes
+ * ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey (KEK) 32-byte (256-bit) shared key
- * ukm - 8 byte (64 bit) user key material,
+ * ukm - 8 byte (64 bit) user key material,
* sessionKey - 32-byte (256-bit) key to be wrapped
* wrappedKey - 44-byte buffer to store wrapped key
- */
+ */
-int keyWrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, const unsigned char *ukm,
- const unsigned char *sessionKey, unsigned char *wrappedKey)
- {
- unsigned char kek_ukm[32];
- keyDiversifyCryptoPro(ctx,keyExchangeKey,ukm,kek_ukm);
- gost_key(ctx,kek_ukm);
- memcpy(wrappedKey,ukm,8);
- gost_enc(ctx,sessionKey,wrappedKey+8,4);
- gost_mac_iv(ctx,32,ukm,sessionKey,32,wrappedKey+40);
- return 1;
- }
-/*
+int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
+ const unsigned char *ukm,
+ const unsigned char *sessionKey,
+ unsigned char *wrappedKey)
+{
+ unsigned char kek_ukm[32];
+ keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm);
+ gost_key(ctx, kek_ukm);
+ memcpy(wrappedKey, ukm, 8);
+ gost_enc(ctx, sessionKey, wrappedKey + 8, 4);
+ gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40);
+ return 1;
+}
+
+/*-
* Unwraps key using RFC 4357 6.4
- * ctx - gost encryption context, initialized with some S-boxes
+ * ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey 32-byte shared key
* wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
- * 32 byte encrypted key and 4 byte MAC
- *
+ * 32 byte encrypted key and 4 byte MAC
+ *
* sessionKEy - 32byte buffer to store sessionKey in
* Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
- */
-
-int keyUnwrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey,
- const unsigned char *wrappedKey, unsigned char *sessionKey)
- {
- unsigned char kek_ukm[32],cek_mac[4];
- keyDiversifyCryptoPro(ctx,keyExchangeKey,wrappedKey
- /* First 8 bytes of wrapped Key is ukm */
- ,kek_ukm);
- gost_key(ctx,kek_ukm);
- gost_dec(ctx,wrappedKey+8,sessionKey,4);
- gost_mac_iv(ctx,32,wrappedKey,sessionKey,32,cek_mac);
- if (memcmp(cek_mac,wrappedKey+40,4))
- {
- return 0;
- }
- return 1;
- }
-
+ */
+int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
+ const unsigned char *wrappedKey,
+ unsigned char *sessionKey)
+{
+ unsigned char kek_ukm[32], cek_mac[4];
+ keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey
+ /* First 8 bytes of wrapped Key is ukm */
+ , kek_ukm);
+ gost_key(ctx, kek_ukm);
+ gost_dec(ctx, wrappedKey + 8, sessionKey, 4);
+ gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac);
+ if (memcmp(cek_mac, wrappedKey + 40, 4)) {
+ return 0;
+ }
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gost_keywrap.h b/openssl/engines/ccgost/gost_keywrap.h
index 37c2a0f73..7def4c9fe 100644
--- a/openssl/engines/ccgost/gost_keywrap.h
+++ b/openssl/engines/ccgost/gost_keywrap.h
@@ -8,49 +8,49 @@
* Doesn't need OpenSSL *
**********************************************************************/
#ifndef GOST_KEYWRAP_H
-#define GOST_KEYWRAP_H
-#include <string.h>
-#include "gost89.h"
-/* Diversifies key using random UserKey Material
- * Implements RFC 4357 p 6.5 key diversification algorithm
- *
+# define GOST_KEYWRAP_H
+# include <string.h>
+# include "gost89.h"
+/*-
+ * Diversifies key using random UserKey Material
+ * Implements RFC 4357 p 6.5 key diversification algorithm
+ *
* inputKey - 32byte key to be diversified
* ukm - 8byte user key material
- * outputKey - 32byte buffer to store diversified key
+ * outputKey - 32byte buffer to store diversified key
*
*/
-void keyDiversifyCryptoPro(gost_ctx *ctx,
- const unsigned char *inputKey,
- const unsigned char *ukm,
- unsigned char *outputKey);
-/*
+void keyDiversifyCryptoPro(gost_ctx * ctx,
+ const unsigned char *inputKey,
+ const unsigned char *ukm,
+ unsigned char *outputKey);
+/*-
* Wraps key using RFC 4357 6.3
- * ctx - gost encryption context, initialized with some S-boxes
+ * ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey (KEK) 32-byte (256-bit) shared key
- * ukm - 8 byte (64 bit) user key material,
+ * ukm - 8 byte (64 bit) user key material,
* sessionKey - 32-byte (256-bit) key to be wrapped
* wrappedKey - 44-byte buffer to store wrapped key
- */
+ */
-int keyWrapCryptoPro(gost_ctx *ctx,
- const unsigned char *keyExchangeKey,
- const unsigned char *ukm,
- const unsigned char *sessionKey,
- unsigned char *wrappedKey) ;
-/*
+int keyWrapCryptoPro(gost_ctx * ctx,
+ const unsigned char *keyExchangeKey,
+ const unsigned char *ukm,
+ const unsigned char *sessionKey,
+ unsigned char *wrappedKey);
+/*-
* Unwraps key using RFC 4357 6.4
- * ctx - gost encryption context, initialized with some S-boxes
+ * ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey 32-byte shared key
* wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
- * 32 byte encrypted key and 4 byte MAC
- *
+ * 32 byte encrypted key and 4 byte MAC
+ *
* sessionKEy - 32byte buffer to store sessionKey in
* Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
- */
-
+ */
-int keyUnwrapCryptoPro(gost_ctx *ctx,
- const unsigned char *keyExchangeKey,
- const unsigned char *wrappedKey,
- unsigned char *sessionKey) ;
+int keyUnwrapCryptoPro(gost_ctx * ctx,
+ const unsigned char *keyExchangeKey,
+ const unsigned char *wrappedKey,
+ unsigned char *sessionKey);
#endif
diff --git a/openssl/engines/ccgost/gost_lcl.h b/openssl/engines/ccgost/gost_lcl.h
index 00aa42cea..3a2c7d570 100644
--- a/openssl/engines/ccgost/gost_lcl.h
+++ b/openssl/engines/ccgost/gost_lcl.h
@@ -1,5 +1,5 @@
#ifndef GOST_TOOLS_H
-#define GOST_TOOLS_H
+# define GOST_TOOLS_H
/**********************************************************************
* gost_lcl.h *
* Copyright (c) 2006 Cryptocom LTD *
@@ -8,154 +8,155 @@
* Internal declarations used in GOST engine *
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
- **********************************************************************/
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/engine.h>
-#include <openssl/ec.h>
-#include "gost89.h"
-#include "gosthash.h"
+ **********************************************************************/
+# include <openssl/bn.h>
+# include <openssl/evp.h>
+# include <openssl/dsa.h>
+# include <openssl/asn1t.h>
+# include <openssl/x509.h>
+# include <openssl/engine.h>
+# include <openssl/ec.h>
+# include "gost89.h"
+# include "gosthash.h"
/* Control commands */
-#define GOST_PARAM_CRYPT_PARAMS 0
-#define GOST_PARAM_MAX 0
-#define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
+# define GOST_PARAM_CRYPT_PARAMS 0
+# define GOST_PARAM_MAX 0
+# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
- extern const ENGINE_CMD_DEFN gost_cmds[];
- int gost_control_func(ENGINE *e,int cmd, long i, void *p, void (*f)(void));
- const char *get_gost_engine_param(int param);
- int gost_set_default_param(int param, const char *value);
- void gost_param_free(void);
+extern const ENGINE_CMD_DEFN gost_cmds[];
+int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+const char *get_gost_engine_param(int param);
+int gost_set_default_param(int param, const char *value);
+void gost_param_free(void);
/* method registration */
- int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pemstr, const char* info);
- int register_pmeth_gost (int id, EVP_PKEY_METHOD **pmeth, int flags);
+int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
+ const char *pemstr, const char *info);
+int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags);
/* Gost-specific pmeth control-function parameters */
/* For GOST R34.10 parameters */
-#define param_ctrl_string "paramset"
-#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
+# define param_ctrl_string "paramset"
+# define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
/* For GOST 28147 MAC */
-#define key_ctrl_string "key"
-#define hexkey_ctrl_string "hexkey"
-#define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
+# define key_ctrl_string "key"
+# define hexkey_ctrl_string "hexkey"
+# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
/* Pmeth internal representation */
- struct gost_pmeth_data {
- int sign_param_nid; /* Should be set whenever parameters are filled */
- EVP_MD *md;
- unsigned char *shared_ukm;
- int peer_key_used;
- };
-
- struct gost_mac_pmeth_data {
- int key_set;
- EVP_MD *md;
- unsigned char key[32];
- } ;
-/* GOST-specific ASN1 structures */
+struct gost_pmeth_data {
+ int sign_param_nid; /* Should be set whenever parameters are
+ * filled */
+ EVP_MD *md;
+ unsigned char *shared_ukm;
+ int peer_key_used;
+};
+struct gost_mac_pmeth_data {
+ int key_set;
+ EVP_MD *md;
+ unsigned char key[32];
+};
+/* GOST-specific ASN1 structures */
typedef struct {
- ASN1_OCTET_STRING *encrypted_key;
- ASN1_OCTET_STRING *imit;
+ ASN1_OCTET_STRING *encrypted_key;
+ ASN1_OCTET_STRING *imit;
} GOST_KEY_INFO;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
typedef struct {
- ASN1_OBJECT *cipher;
- X509_PUBKEY *ephem_key;
- ASN1_OCTET_STRING *eph_iv;
+ ASN1_OBJECT *cipher;
+ X509_PUBKEY *ephem_key;
+ ASN1_OCTET_STRING *eph_iv;
} GOST_KEY_AGREEMENT_INFO;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
-
+
typedef struct {
- GOST_KEY_INFO *key_info;
- GOST_KEY_AGREEMENT_INFO *key_agreement_info;
+ GOST_KEY_INFO *key_info;
+ GOST_KEY_AGREEMENT_INFO *key_agreement_info;
} GOST_KEY_TRANSPORT;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
-typedef struct { /* FIXME incomplete */
- GOST_KEY_TRANSPORT *gkt;
+typedef struct { /* FIXME incomplete */
+ GOST_KEY_TRANSPORT *gkt;
} GOST_CLIENT_KEY_EXCHANGE_PARAMS;
-/* Hacks to shorten symbols to 31 characters or less, or OpenVMS.
- This mimics what's done in symhacks.h, but since this is a very
- local header file, I prefered to put this hack directly here.
- -- Richard Levitte */
-#ifdef OPENSSL_SYS_VMS
-#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it
-#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it
-#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new
-#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new
-#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free
-#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free
-#undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS
-#define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS
-#undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS
-#define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS
-#endif /* End of hack */
+/*
+ * Hacks to shorten symbols to 31 characters or less, or OpenVMS. This mimics
+ * what's done in symhacks.h, but since this is a very local header file, I
+ * prefered to put this hack directly here. -- Richard Levitte
+ */
+# ifdef OPENSSL_SYS_VMS
+# undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it
+# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it
+# undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new
+# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new
+# undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free
+# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free
+# undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS
+# define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS
+# undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS
+# define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS
+# endif /* End of hack */
DECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
typedef struct {
- ASN1_OBJECT *key_params;
- ASN1_OBJECT *hash_params;
- ASN1_OBJECT *cipher_params;
+ ASN1_OBJECT *key_params;
+ ASN1_OBJECT *hash_params;
+ ASN1_OBJECT *cipher_params;
} GOST_KEY_PARAMS;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
typedef struct {
- ASN1_OCTET_STRING *iv;
- ASN1_OBJECT *enc_param_set;
-} GOST_CIPHER_PARAMS;
+ ASN1_OCTET_STRING *iv;
+ ASN1_OBJECT *enc_param_set;
+} GOST_CIPHER_PARAMS;
DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
/*============== Message digest and cipher related structures ==========*/
- /* Structure used as EVP_MD_CTX-md_data.
- * It allows to avoid storing in the md-data pointers to
- * dynamically allocated memory.
- *
- * I cannot invent better way to avoid memory leaks, because
- * openssl insist on invoking Init on Final-ed digests, and there
- * is no reliable way to find out whether pointer in the passed
- * md_data is valid or not.
- * */
+ /*
+ * Structure used as EVP_MD_CTX-md_data. It allows to avoid storing
+ * in the md-data pointers to dynamically allocated memory. I
+ * cannot invent better way to avoid memory leaks, because openssl
+ * insist on invoking Init on Final-ed digests, and there is no
+ * reliable way to find out whether pointer in the passed md_data is
+ * valid or not.
+ */
struct ossl_gost_digest_ctx {
- gost_hash_ctx dctx;
- gost_ctx cctx;
-};
+ gost_hash_ctx dctx;
+ gost_ctx cctx;
+};
/* EVP_MD structure for GOST R 34.11 */
extern EVP_MD digest_gost;
/* EVP_MD structure for GOST 28147 in MAC mode */
extern EVP_MD imit_gost_cpa;
/* Cipher context used for EVP_CIPHER operation */
struct ossl_gost_cipher_ctx {
- int paramNID;
- unsigned int count;
- int key_meshing;
- gost_ctx cctx;
-};
+ int paramNID;
+ unsigned int count;
+ int key_meshing;
+ gost_ctx cctx;
+};
/* Structure to map parameter NID to S-block */
struct gost_cipher_info {
- int nid;
- gost_subst_block *sblock;
- int key_meshing;
+ int nid;
+ gost_subst_block *sblock;
+ int key_meshing;
};
/* Context for MAC */
struct ossl_gost_imit_ctx {
- gost_ctx cctx;
- unsigned char buffer[8];
- unsigned char partial_block[8];
- unsigned int count;
- int key_meshing;
- int bytes_left;
- int key_set;
-};
+ gost_ctx cctx;
+ unsigned char buffer[8];
+ unsigned char partial_block[8];
+ unsigned int count;
+ int key_meshing;
+ int bytes_left;
+ int key_set;
+};
/* Table which maps parameter NID to S-blocks */
extern struct gost_cipher_info gost_cipher_list[];
/* Find encryption params from ASN1_OBJECT */
@@ -163,56 +164,66 @@ const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
extern EVP_CIPHER cipher_gost;
extern EVP_CIPHER cipher_gost_cpacnt;
-#define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
-#define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
+# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
+# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
/* EVP_PKEY_METHOD key encryption callbacks */
/* From gost94_keyx.c */
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len );
+int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *key,
+ size_t key_len);
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len );
+int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t in_len);
/* From gost2001_keyx.c */
-int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len );
+int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *key,
+ size_t key_len);
-int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len );
+int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t in_len);
/* derive functions */
/* From gost2001_keyx.c */
-int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen);
/* From gost94_keyx.c */
int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
/* Internal functions for signature algorithms */
-int fill_GOST94_params(DSA *dsa,int nid);
+int fill_GOST94_params(DSA *dsa, int nid);
int fill_GOST2001_params(EC_KEY *eckey, int nid);
-int gost_sign_keygen(DSA *dsa) ;
-int gost2001_keygen(EC_KEY *ec) ;
+int gost_sign_keygen(DSA *dsa);
+int gost2001_keygen(EC_KEY *ec);
-DSA_SIG *gost_do_sign(const unsigned char *dgst,int dlen, DSA *dsa) ;
-DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey);
+DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
int gost_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa) ;
-int gost2001_do_verify(const unsigned char *dgst,int dgst_len,
- DSA_SIG *sig, EC_KEY *ec);
-int gost2001_compute_public(EC_KEY *ec) ;
-int gost94_compute_public(DSA *dsa) ;
+ DSA_SIG *sig, DSA *dsa);
+int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, EC_KEY *ec);
+int gost2001_compute_public(EC_KEY *ec);
+int gost94_compute_public(DSA *dsa);
/*============== miscellaneous functions============================= */
/* from gost_sign.c */
/* Convert GOST R 34.11 hash sum to bignum according to standard */
-BIGNUM *hashsum2bn(const unsigned char *dgst) ;
-/* Store bignum in byte array of given length, prepending by zeros
- * if nesseccary */
-int store_bignum(BIGNUM *bn, unsigned char *buf,int len);
-/* Read bignum, which can have few MSB all-zeros from buffer*/
-BIGNUM *getbnfrombuf(const unsigned char *buf,size_t len);
+BIGNUM *hashsum2bn(const unsigned char *dgst);
+/*
+ * Store bignum in byte array of given length, prepending by zeros if
+ * nesseccary
+ */
+int store_bignum(BIGNUM *bn, unsigned char *buf, int len);
+/* Read bignum, which can have few MSB all-zeros from buffer*/
+BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len);
/* Pack GOST R 34.10 signature according to CryptoPro rules */
-int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen);
+int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
/* Unpack GOST R 34.10 signature according to CryptoPro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen) ;
+DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen);
/* from ameth.c */
/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/
/* Returns pointer into EVP_PKEY structure */
-BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey) ;
+BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
/* Find NID by GOST 94 parameters */
-int gost94_nid_by_params(DSA *p) ;
-
+int gost94_nid_by_params(DSA *p);
#endif
diff --git a/openssl/engines/ccgost/gost_md.c b/openssl/engines/ccgost/gost_md.c
index 417e10887..1ccc6be0e 100644
--- a/openssl/engines/ccgost/gost_md.c
+++ b/openssl/engines/ccgost/gost_md.c
@@ -13,63 +13,64 @@
/* implementation of GOST 34.11 hash function See gost_md.c*/
static int gost_digest_init(EVP_MD_CTX *ctx);
-static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count);
-static int gost_digest_final(EVP_MD_CTX *ctx,unsigned char *md);
-static int gost_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from);
+static int gost_digest_update(EVP_MD_CTX *ctx, const void *data,
+ size_t count);
+static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
+static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
static int gost_digest_cleanup(EVP_MD_CTX *ctx);
-EVP_MD digest_gost=
- {
- NID_id_GostR3411_94,
- NID_undef,
- 32,
- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
- gost_digest_init,
- gost_digest_update,
- gost_digest_final,
- gost_digest_copy,
- gost_digest_cleanup,
- NULL,
- NULL,
- {NID_undef,NID_undef,0,0,0},
- 32,
- sizeof(struct ossl_gost_digest_ctx ),
- NULL
- };
+EVP_MD digest_gost = {
+ NID_id_GostR3411_94,
+ NID_undef,
+ 32,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+ gost_digest_init,
+ gost_digest_update,
+ gost_digest_final,
+ gost_digest_copy,
+ gost_digest_cleanup,
+ NULL,
+ NULL,
+ {NID_undef, NID_undef, 0, 0, 0},
+ 32,
+ sizeof(struct ossl_gost_digest_ctx),
+ NULL
+};
-int gost_digest_init(EVP_MD_CTX *ctx)
- {
- struct ossl_gost_digest_ctx *c = ctx->md_data;
- memset(&(c->dctx),0,sizeof(gost_hash_ctx));
- gost_init(&(c->cctx),&GostR3411_94_CryptoProParamSet);
- c->dctx.cipher_ctx= &(c->cctx);
- return 1;
- }
+int gost_digest_init(EVP_MD_CTX *ctx)
+{
+ struct ossl_gost_digest_ctx *c = ctx->md_data;
+ memset(&(c->dctx), 0, sizeof(gost_hash_ctx));
+ gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet);
+ c->dctx.cipher_ctx = &(c->cctx);
+ return 1;
+}
-int gost_digest_update(EVP_MD_CTX *ctx,const void *data,size_t count)
- {
- return hash_block((gost_hash_ctx *)ctx->md_data,data,count);
- }
+int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return hash_block((gost_hash_ctx *) ctx->md_data, data, count);
+}
-int gost_digest_final(EVP_MD_CTX *ctx,unsigned char *md)
- {
- return finish_hash((gost_hash_ctx *)ctx->md_data,md);
-
- }
+int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return finish_hash((gost_hash_ctx *) ctx->md_data, md);
-int gost_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
- {
- struct ossl_gost_digest_ctx *md_ctx=to->md_data;
- if (to->md_data && from->md_data) {
- memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_digest_ctx));
- md_ctx->dctx.cipher_ctx=&(md_ctx->cctx);
- }
- return 1;
- }
+}
-int gost_digest_cleanup(EVP_MD_CTX *ctx)
- {
- if (ctx->md_data)
- memset(ctx->md_data,0,sizeof(struct ossl_gost_digest_ctx));
- return 1;
- }
+int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+ struct ossl_gost_digest_ctx *md_ctx = to->md_data;
+ if (to->md_data && from->md_data) {
+ memcpy(to->md_data, from->md_data,
+ sizeof(struct ossl_gost_digest_ctx));
+ md_ctx->dctx.cipher_ctx = &(md_ctx->cctx);
+ }
+ return 1;
+}
+
+int gost_digest_cleanup(EVP_MD_CTX *ctx)
+{
+ if (ctx->md_data)
+ memset(ctx->md_data, 0, sizeof(struct ossl_gost_digest_ctx));
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gost_params.c b/openssl/engines/ccgost/gost_params.c
index 40fc343af..0411534b7 100644
--- a/openssl/engines/ccgost/gost_params.c
+++ b/openssl/engines/ccgost/gost_params.c
@@ -6,193 +6,202 @@
* Definitions of GOST R 34.10 parameter sets, defined in RFC 4357 *
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
- **********************************************************************/
+ **********************************************************************/
#include "gost_params.h"
#include <openssl/objects.h>
/* Parameters of GOST 34.10 */
-R3410_params R3410_paramset[]={
+R3410_params R3410_paramset[] = {
/* Paramset A */
-{NID_id_GostR3410_94_CryptoPro_A_ParamSet,
-"100997906755055304772081815535925224869"
-"8410825720534578748235158755771479905292727772441528526992987964833"
-"5669968284202797289605274717317548059048560713474685214192868091256"
-"1502802222185647539190902656116367847270145019066794290930185446216"
-"3997308722217328898303231940973554032134009725883228768509467406639"
-"62",
-"127021248288932417465907042777176443525"
-"7876535089165358128175072657050312609850984974231883334834011809259"
-"9999512098893413065920561499672425412104927434935707492031276956145"
-"1689224110579311248812610229678534638401693520013288995000362260684"
-"2227508135323070045173416336850045410625869714168836867788425378203"
-"83",
-"683631961449557007844441656118272528951"
-"02170888761442055095051287550314083023"},
-{NID_id_GostR3410_94_CryptoPro_B_ParamSet,
-"429418261486158041438734477379555023926"
-"7234596860714306679811299408947123142002706038521669956384871995765"
-"7284814898909770759462613437669456364882730370838934791080835932647"
-"9767786019153434744009610342313166725786869204821949328786333602033"
-"8479709268434224762105576023501613261478065276102850944540333865234"
-"1",
-"139454871199115825601409655107690713107"
-"0417070599280317977580014543757653577229840941243685222882398330391"
-"1468164807668823692122073732267216074074777170091113455043205380464"
-"7694904686120113087816240740184800477047157336662926249423571248823"
-"9685422217536601433914856808405203368594584948031873412885804895251"
-"63",
-"79885141663410976897627118935756323747307951916507639758300472692338873533959"
-},
-{NID_id_GostR3410_94_CryptoPro_C_ParamSet,
-"816552717970881016017893191415300348226"
-"2544051353358162468249467681876621283478212884286545844013955142622"
-"2087723485023722868022275009502224827866201744494021697716482008353"
-"6398202298024892620480898699335508064332313529725332208819456895108"
-"5155178100221003459370588291073071186553005962149936840737128710832"
-"3",
-"110624679233511963040518952417017040248"
-"5862954819831383774196396298584395948970608956170224210628525560327"
-"8638246716655439297654402921844747893079518669992827880792192992701"
-"1428546551433875806377110443534293554066712653034996277099320715774"
-"3542287621283671843703709141350171945045805050291770503634517804938"
-"01",
-"113468861199819350564868233378875198043"
-"267947776488510997961231672532899549103"
-},
-{NID_id_GostR3410_94_CryptoPro_D_ParamSet,
-"756976611021707301782128757801610628085"
-"5283803109571158829574281419208532589041660017017859858216341400371"
-"4687551412794400562878935266630754392677014598582103365983119173924"
-"4732511225464712252386803315902707727668715343476086350472025298282"
-"7271461690125050616858238384366331089777463541013033926723743254833"
-"7",
-"905457649621929965904290958774625315611"
-"3056083907389766971404812524422262512556054474620855996091570786713"
-"5849550236741915584185990627801066465809510095784713989819413820871"
-"5964648914493053407920737078890520482730623038837767710173664838239"
-"8574828787891286471201460474326612697849693665518073864436497893214"
-"9",
-"108988435796353506912374591498972192620"
-"190487557619582334771735390599299211593"
-},
+ {NID_id_GostR3410_94_CryptoPro_A_ParamSet,
+ "100997906755055304772081815535925224869"
+ "8410825720534578748235158755771479905292727772441528526992987964833"
+ "5669968284202797289605274717317548059048560713474685214192868091256"
+ "1502802222185647539190902656116367847270145019066794290930185446216"
+ "3997308722217328898303231940973554032134009725883228768509467406639"
+ "62",
+ "127021248288932417465907042777176443525"
+ "7876535089165358128175072657050312609850984974231883334834011809259"
+ "9999512098893413065920561499672425412104927434935707492031276956145"
+ "1689224110579311248812610229678534638401693520013288995000362260684"
+ "2227508135323070045173416336850045410625869714168836867788425378203"
+ "83",
+ "683631961449557007844441656118272528951"
+ "02170888761442055095051287550314083023"}
+ ,
+ {NID_id_GostR3410_94_CryptoPro_B_ParamSet,
+ "429418261486158041438734477379555023926"
+ "7234596860714306679811299408947123142002706038521669956384871995765"
+ "7284814898909770759462613437669456364882730370838934791080835932647"
+ "9767786019153434744009610342313166725786869204821949328786333602033"
+ "8479709268434224762105576023501613261478065276102850944540333865234"
+ "1",
+ "139454871199115825601409655107690713107"
+ "0417070599280317977580014543757653577229840941243685222882398330391"
+ "1468164807668823692122073732267216074074777170091113455043205380464"
+ "7694904686120113087816240740184800477047157336662926249423571248823"
+ "9685422217536601433914856808405203368594584948031873412885804895251"
+ "63",
+ "79885141663410976897627118935756323747307951916507639758300472692338873533959"}
+ ,
+ {NID_id_GostR3410_94_CryptoPro_C_ParamSet,
+ "816552717970881016017893191415300348226"
+ "2544051353358162468249467681876621283478212884286545844013955142622"
+ "2087723485023722868022275009502224827866201744494021697716482008353"
+ "6398202298024892620480898699335508064332313529725332208819456895108"
+ "5155178100221003459370588291073071186553005962149936840737128710832"
+ "3",
+ "110624679233511963040518952417017040248"
+ "5862954819831383774196396298584395948970608956170224210628525560327"
+ "8638246716655439297654402921844747893079518669992827880792192992701"
+ "1428546551433875806377110443534293554066712653034996277099320715774"
+ "3542287621283671843703709141350171945045805050291770503634517804938"
+ "01",
+ "113468861199819350564868233378875198043"
+ "267947776488510997961231672532899549103"}
+ ,
+ {NID_id_GostR3410_94_CryptoPro_D_ParamSet,
+ "756976611021707301782128757801610628085"
+ "5283803109571158829574281419208532589041660017017859858216341400371"
+ "4687551412794400562878935266630754392677014598582103365983119173924"
+ "4732511225464712252386803315902707727668715343476086350472025298282"
+ "7271461690125050616858238384366331089777463541013033926723743254833"
+ "7",
+ "905457649621929965904290958774625315611"
+ "3056083907389766971404812524422262512556054474620855996091570786713"
+ "5849550236741915584185990627801066465809510095784713989819413820871"
+ "5964648914493053407920737078890520482730623038837767710173664838239"
+ "8574828787891286471201460474326612697849693665518073864436497893214"
+ "9",
+ "108988435796353506912374591498972192620"
+ "190487557619582334771735390599299211593"}
+ ,
-{NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
-"1335318132727206734338595199483190012179423759678474868994823595993"
-"6964252873471246159040332773182141032801252925387191478859899310331"
-"0567744136196364803064721377826656898686468463277710150809401182608"
-"7702016153249904683329312949209127762411378780302243557466062839716"
-"59376426832674269780880061631528163475887",
-"14201174159756348119636828602231808974327613839524373876287257344192"
-"74593935127189736311660784676003608489466235676257952827747192122419"
-"29071046134208380636394084512691828894000571524625445295769349356752"
-"72895683154177544176313938445719175509684710784659566254794231229333"
-"8483924514339614727760681880609734239",
-"91771529896554605945588149018382750217296858393520724172743325725474"
-"374979801"
-},
-{NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
-"8890864727828423151699995801875757891031463338652579140051973659"
-"3048131440685857067369829407947744496306656291505503608252399443"
-"7900272386749145996230867832228661977543992816745254823298629859"
-"8753575466286051738837854736167685769017780335804511440773337196"
-"2538423532919394477873664752824509986617878992443177",
-"1028946126624994859676552074360530315217970499989304888248413244"
-"8474923022758470167998871003604670704877377286176171227694098633"
-"1539089568784129110109512690503345393869871295783467257264868341"
-"7200196629860561193666752429682367397084815179752036423595736533"
-"68957392061769855284593965042530895046088067160269433",
-"9109671391802626916582318050603555673628769498182593088388796888"
-"5281641595199"
-},
-{NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
-"4430618464297584182473135030809859326863990650118941756995270074"
-"8609973181426950235239623239110557450826919295792878938752101867"
-"7047181623251027516953100431855964837602657827828194249605561893"
-"6965865325513137194483136247773653468410118796740709840825496997"
-"9375560722345106704721086025979309968763193072908334",
-"1246996366993477513607147265794064436203408861395055989217248455"
-"7299870737698999651480662364723992859320868822848751165438350943"
-"3276647222625940615560580450040947211826027729977563540237169063"
-"0448079715771649447778447000597419032457722226253269698374446528"
-"35352729304393746106576383349151001715930924115499549",
-"6787876137336591234380295020065682527118129468050147943114675429"
-"4748422492761"
-},
+ {NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
+ "1335318132727206734338595199483190012179423759678474868994823595993"
+ "6964252873471246159040332773182141032801252925387191478859899310331"
+ "0567744136196364803064721377826656898686468463277710150809401182608"
+ "7702016153249904683329312949209127762411378780302243557466062839716"
+ "59376426832674269780880061631528163475887",
+ "14201174159756348119636828602231808974327613839524373876287257344192"
+ "74593935127189736311660784676003608489466235676257952827747192122419"
+ "29071046134208380636394084512691828894000571524625445295769349356752"
+ "72895683154177544176313938445719175509684710784659566254794231229333"
+ "8483924514339614727760681880609734239",
+ "91771529896554605945588149018382750217296858393520724172743325725474"
+ "374979801"}
+ ,
+ {NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
+ "8890864727828423151699995801875757891031463338652579140051973659"
+ "3048131440685857067369829407947744496306656291505503608252399443"
+ "7900272386749145996230867832228661977543992816745254823298629859"
+ "8753575466286051738837854736167685769017780335804511440773337196"
+ "2538423532919394477873664752824509986617878992443177",
+ "1028946126624994859676552074360530315217970499989304888248413244"
+ "8474923022758470167998871003604670704877377286176171227694098633"
+ "1539089568784129110109512690503345393869871295783467257264868341"
+ "7200196629860561193666752429682367397084815179752036423595736533"
+ "68957392061769855284593965042530895046088067160269433",
+ "9109671391802626916582318050603555673628769498182593088388796888"
+ "5281641595199"}
+ ,
+ {NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
+ "4430618464297584182473135030809859326863990650118941756995270074"
+ "8609973181426950235239623239110557450826919295792878938752101867"
+ "7047181623251027516953100431855964837602657827828194249605561893"
+ "6965865325513137194483136247773653468410118796740709840825496997"
+ "9375560722345106704721086025979309968763193072908334",
+ "1246996366993477513607147265794064436203408861395055989217248455"
+ "7299870737698999651480662364723992859320868822848751165438350943"
+ "3276647222625940615560580450040947211826027729977563540237169063"
+ "0448079715771649447778447000597419032457722226253269698374446528"
+ "35352729304393746106576383349151001715930924115499549",
+ "6787876137336591234380295020065682527118129468050147943114675429"
+ "4748422492761"}
+ ,
-
-{NID_undef,NULL, NULL, NULL}
+ {NID_undef, NULL, NULL, NULL}
};
-
-R3410_2001_params R3410_2001_paramset[]={
- /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
- {NID_id_GostR3410_2001_ParamSet_cc,
- /* A */
- "C0000000000000000000000000000000000000000000000000000000000003c4",
- /* B */
- "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
- /* P */
- "C0000000000000000000000000000000000000000000000000000000000003C7",
- /* Q */
- "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
- /* X */
- "2",
- /* Y */
- "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"
- },
- /* 1.2.643.2.2.35.0 */
- {NID_id_GostR3410_2001_TestParamSet,
- "7",
- "5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E",
- "8000000000000000000000000000000000000000000000000000000000000431",
- "8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3",
- "2",
- "08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8"
- },
- /*1.2.643.2.2.35.1*/
- {NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
- "a6",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
- "1",
- "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"
- },
- /*1.2.643.2.2.35.2*/
- {NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
- "8000000000000000000000000000000000000000000000000000000000000C96",
- "3E1AF419A269A5F866A7D3C25C3DF80AE979259373FF2B182F49D4CE7E1BBC8B",
- "8000000000000000000000000000000000000000000000000000000000000C99",
- "800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F",
- "1",
- "3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC"
- },
- /*1.2.643.2.2.35.3*/
- {NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
- "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
- "805a",
- "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
- "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
- "0",
- "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"
- },
- /*1.2.643.2.2.36.0*/
- {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
- "a6",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
- "1",
- "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"
- },
- /*1.2.643.2.2.36.1*/
- {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
- "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
- "805a",
- "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
- "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
- "0",
- "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"
- },
- { 0,NULL,NULL,NULL,NULL,NULL,NULL
- }
+
+R3410_2001_params R3410_2001_paramset[] = {
+ /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
+ {NID_id_GostR3410_2001_ParamSet_cc,
+ /* A */
+ "C0000000000000000000000000000000000000000000000000000000000003c4",
+ /* B */
+ "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
+ /* P */
+ "C0000000000000000000000000000000000000000000000000000000000003C7",
+ /* Q */
+ "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
+ /* X */
+ "2",
+ /* Y */
+ "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"}
+ ,
+ /* 1.2.643.2.2.35.0 */
+ {NID_id_GostR3410_2001_TestParamSet,
+ "7",
+ "5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E",
+ "8000000000000000000000000000000000000000000000000000000000000431",
+ "8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3",
+ "2",
+ "08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8"}
+ ,
+ /*
+ * 1.2.643.2.2.35.1
+ */
+ {NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
+ "a6",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
+ "1",
+ "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"}
+ ,
+ /*
+ * 1.2.643.2.2.35.2
+ */
+ {NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
+ "8000000000000000000000000000000000000000000000000000000000000C96",
+ "3E1AF419A269A5F866A7D3C25C3DF80AE979259373FF2B182F49D4CE7E1BBC8B",
+ "8000000000000000000000000000000000000000000000000000000000000C99",
+ "800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F",
+ "1",
+ "3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC"}
+ ,
+ /*
+ * 1.2.643.2.2.35.3
+ */
+ {NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
+ "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
+ "805a",
+ "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
+ "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
+ "0",
+ "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"}
+ ,
+ /*
+ * 1.2.643.2.2.36.0
+ */
+ {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
+ "a6",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
+ "1",
+ "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"}
+ ,
+ /*
+ * 1.2.643.2.2.36.1
+ */
+ {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
+ "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
+ "805a",
+ "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
+ "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
+ "0",
+ "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"}
+ ,
+ {0, NULL, NULL, NULL, NULL, NULL, NULL}
};
diff --git a/openssl/engines/ccgost/gost_params.h b/openssl/engines/ccgost/gost_params.h
index 4c3f5567d..0773cbfa5 100644
--- a/openssl/engines/ccgost/gost_params.h
+++ b/openssl/engines/ccgost/gost_params.h
@@ -4,29 +4,29 @@
* This file is distributed under the same license as OpenSSL *
* *
* Declaration of structures used to represent GOST R 34.10 *
- * parameter sets, defined in RFC 4357 *
+ * parameter sets, defined in RFC 4357 *
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
- **********************************************************************/
+ **********************************************************************/
#ifndef GOST_PARAMSET_H
-#define GOST_PARAMSET_H
+# define GOST_PARAMSET_H
typedef struct R3410 {
- int nid;
- char *a;
- char *p;
- char *q;
+ int nid;
+ char *a;
+ char *p;
+ char *q;
} R3410_params;
extern R3410_params R3410_paramset[];
typedef struct R3410_2001 {
- int nid;
- char *a;
- char *b;
- char *p;
- char *q;
- char *x;
- char *y;
+ int nid;
+ char *a;
+ char *b;
+ char *p;
+ char *q;
+ char *x;
+ char *y;
} R3410_2001_params;
extern R3410_2001_params R3410_2001_paramset[];
diff --git a/openssl/engines/ccgost/gost_pmeth.c b/openssl/engines/ccgost/gost_pmeth.c
index f91c9b193..9af7b06d4 100644
--- a/openssl/engines/ccgost/gost_pmeth.c
+++ b/openssl/engines/ccgost/gost_pmeth.c
@@ -10,619 +10,604 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/ec.h>
-#include <openssl/x509v3.h> /*For string_to_hex */
+#include <openssl/x509v3.h> /* For string_to_hex */
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
-/*-------init, cleanup, copy - uniform for all algs ---------------*/
+/* -----init, cleanup, copy - uniform for all algs ---------------*/
/* Allocates new gost_pmeth_data structure and assigns it as data */
static int pkey_gost_init(EVP_PKEY_CTX *ctx)
- {
- struct gost_pmeth_data *data;
- EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
- data = OPENSSL_malloc(sizeof(struct gost_pmeth_data));
- if (!data) return 0;
- memset(data,0,sizeof(struct gost_pmeth_data));
- if (pkey && EVP_PKEY_get0(pkey))
- {
- switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_94:
- data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
- break;
- case NID_id_GostR3410_2001:
- data->sign_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
- break;
- default:
- return 0;
- }
- }
- EVP_PKEY_CTX_set_data(ctx,data);
- return 1;
- }
+{
+ struct gost_pmeth_data *data;
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+ data = OPENSSL_malloc(sizeof(struct gost_pmeth_data));
+ if (!data)
+ return 0;
+ memset(data, 0, sizeof(struct gost_pmeth_data));
+ if (pkey && EVP_PKEY_get0(pkey)) {
+ switch (EVP_PKEY_base_id(pkey)) {
+ case NID_id_GostR3410_94:
+ data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
+ break;
+ case NID_id_GostR3410_2001:
+ data->sign_param_nid =
+ EC_GROUP_get_curve_name(EC_KEY_get0_group
+ (EVP_PKEY_get0((EVP_PKEY *)pkey)));
+ break;
+ default:
+ return 0;
+ }
+ }
+ EVP_PKEY_CTX_set_data(ctx, data);
+ return 1;
+}
/* Copies contents of gost_pmeth_data structure */
static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
- {
- struct gost_pmeth_data *dst_data,*src_data;
- if (!pkey_gost_init(dst))
- {
- return 0;
- }
- src_data = EVP_PKEY_CTX_get_data(src);
- dst_data = EVP_PKEY_CTX_get_data(dst);
- *dst_data = *src_data;
- if (src_data -> shared_ukm) {
- dst_data->shared_ukm=NULL;
- }
- return 1;
- }
+{
+ struct gost_pmeth_data *dst_data, *src_data;
+ if (!pkey_gost_init(dst)) {
+ return 0;
+ }
+ src_data = EVP_PKEY_CTX_get_data(src);
+ dst_data = EVP_PKEY_CTX_get_data(dst);
+ *dst_data = *src_data;
+ if (src_data->shared_ukm) {
+ dst_data->shared_ukm = NULL;
+ }
+ return 1;
+}
/* Frees up gost_pmeth_data structure */
-static void pkey_gost_cleanup (EVP_PKEY_CTX *ctx)
- {
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- if (data->shared_ukm) OPENSSL_free(data->shared_ukm);
- OPENSSL_free(data);
- }
+static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
+{
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ if (data->shared_ukm)
+ OPENSSL_free(data->shared_ukm);
+ OPENSSL_free(data);
+}
/* --------------------- control functions ------------------------------*/
static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
- {
- struct gost_pmeth_data *pctx = (struct gost_pmeth_data*)EVP_PKEY_CTX_get_data(ctx);
- switch (type)
- {
- case EVP_PKEY_CTRL_MD:
- {
- if (EVP_MD_type((const EVP_MD *)p2) != NID_id_GostR3411_94)
- {
- GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
- return 0;
- }
- pctx->md = (EVP_MD *)p2;
- return 1;
- }
- break;
-
- case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
- case EVP_PKEY_CTRL_PKCS7_DECRYPT:
- case EVP_PKEY_CTRL_PKCS7_SIGN:
- case EVP_PKEY_CTRL_DIGESTINIT:
-#ifndef OPENSSL_NO_CMS
- case EVP_PKEY_CTRL_CMS_ENCRYPT:
- case EVP_PKEY_CTRL_CMS_DECRYPT:
- case EVP_PKEY_CTRL_CMS_SIGN:
-#endif
- return 1;
-
- case EVP_PKEY_CTRL_GOST_PARAMSET:
- pctx->sign_param_nid = (int)p1;
- return 1;
- case EVP_PKEY_CTRL_SET_IV:
- pctx->shared_ukm=OPENSSL_malloc((int)p1);
- memcpy(pctx->shared_ukm,p2,(int) p1);
- return 1;
- case EVP_PKEY_CTRL_PEER_KEY:
- if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
- return 1;
- if (p1 == 2) /* TLS: peer key used? */
- return pctx->peer_key_used;
- if (p1 == 3) /* TLS: peer key used! */
- return (pctx->peer_key_used = 1);
- return -2;
- }
- return -2;
- }
-
+{
+ struct gost_pmeth_data *pctx =
+ (struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
+ switch (type) {
+ case EVP_PKEY_CTRL_MD:
+ {
+ if (EVP_MD_type((const EVP_MD *)p2) != NID_id_GostR3411_94) {
+ GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
+ return 0;
+ }
+ pctx->md = (EVP_MD *)p2;
+ return 1;
+ }
+ break;
+
+ case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+ case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+ case EVP_PKEY_CTRL_PKCS7_SIGN:
+ case EVP_PKEY_CTRL_DIGESTINIT:
+#ifndef OPENSSL_NO_CMS
+ case EVP_PKEY_CTRL_CMS_ENCRYPT:
+ case EVP_PKEY_CTRL_CMS_DECRYPT:
+ case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+ return 1;
+
+ case EVP_PKEY_CTRL_GOST_PARAMSET:
+ pctx->sign_param_nid = (int)p1;
+ return 1;
+ case EVP_PKEY_CTRL_SET_IV:
+ pctx->shared_ukm = OPENSSL_malloc((int)p1);
+ memcpy(pctx->shared_ukm, p2, (int)p1);
+ return 1;
+ case EVP_PKEY_CTRL_PEER_KEY:
+ if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
+ return 1;
+ if (p1 == 2) /* TLS: peer key used? */
+ return pctx->peer_key_used;
+ if (p1 == 3) /* TLS: peer key used! */
+ return (pctx->peer_key_used = 1);
+ return -2;
+ }
+ return -2;
+}
static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
- {
- int param_nid=0;
- if(!strcmp(type, param_ctrl_string))
- {
- if (!value)
- {
- return 0;
- }
- if (strlen(value) == 1)
- {
- switch(toupper((unsigned char)value[0]))
- {
- case 'A':
- param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
- break;
- case 'C':
- param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
- break;
- case 'D':
- param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
- break;
- default:
- return 0;
- break;
- }
- }
- else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
- {
- switch (toupper((unsigned char)value[1]))
- {
- case 'A':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
- break;
- case 'C':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
- break;
- default:
- return 0;
- break;
- }
- }
- else
- {
- R3410_params *p = R3410_paramset;
- param_nid = OBJ_txt2nid(value);
- if (param_nid == NID_undef)
- {
- return 0;
- }
- for (;p->nid != NID_undef;p++)
- {
- if (p->nid == param_nid) break;
- }
- if (p->nid == NID_undef)
- {
- GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR,
- GOST_R_INVALID_PARAMSET);
- return 0;
- }
- }
-
- return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
- param_nid, NULL);
- }
- return -2;
- }
+ const char *type, const char *value)
+{
+ int param_nid = 0;
+ if (!strcmp(type, param_ctrl_string)) {
+ if (!value) {
+ return 0;
+ }
+ if (strlen(value) == 1) {
+ switch (toupper((unsigned char)value[0])) {
+ case 'A':
+ param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
+ break;
+ case 'B':
+ param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
+ break;
+ case 'C':
+ param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
+ break;
+ case 'D':
+ param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
+ break;
+ default:
+ return 0;
+ break;
+ }
+ } else if ((strlen(value) == 2)
+ && (toupper((unsigned char)value[0]) == 'X')) {
+ switch (toupper((unsigned char)value[1])) {
+ case 'A':
+ param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
+ break;
+ case 'B':
+ param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
+ break;
+ case 'C':
+ param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
+ break;
+ default:
+ return 0;
+ break;
+ }
+ } else {
+ R3410_params *p = R3410_paramset;
+ param_nid = OBJ_txt2nid(value);
+ if (param_nid == NID_undef) {
+ return 0;
+ }
+ for (; p->nid != NID_undef; p++) {
+ if (p->nid == param_nid)
+ break;
+ }
+ if (p->nid == NID_undef) {
+ GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET);
+ return 0;
+ }
+ }
+
+ return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
+ param_nid, NULL);
+ }
+ return -2;
+}
static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
- {
- int param_nid=0;
- if(!strcmp(type, param_ctrl_string))
- {
- if (!value)
- {
- return 0;
- }
- if (strlen(value) == 1)
- {
- switch(toupper((unsigned char)value[0]))
- {
- case 'A':
- param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
- break;
- case 'C':
- param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
- break;
- case '0':
- param_nid = NID_id_GostR3410_2001_TestParamSet;
- break;
- default:
- return 0;
- break;
- }
- }
- else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
- {
- switch (toupper((unsigned char)value[1]))
- {
- case 'A':
- param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
- break;
- default:
- return 0;
- break;
- }
- }
- else
- {
- R3410_2001_params *p = R3410_2001_paramset;
- param_nid = OBJ_txt2nid(value);
- if (param_nid == NID_undef)
- {
- return 0;
- }
- for (;p->nid != NID_undef;p++)
- {
- if (p->nid == param_nid) break;
- }
- if (p->nid == NID_undef)
- {
- GOSTerr(GOST_F_PKEY_GOST_CTRL01_STR,
- GOST_R_INVALID_PARAMSET);
- return 0;
- }
- }
-
- return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
- param_nid, NULL);
- }
- return -2;
- }
+ const char *type, const char *value)
+{
+ int param_nid = 0;
+ if (!strcmp(type, param_ctrl_string)) {
+ if (!value) {
+ return 0;
+ }
+ if (strlen(value) == 1) {
+ switch (toupper((unsigned char)value[0])) {
+ case 'A':
+ param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
+ break;
+ case 'B':
+ param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
+ break;
+ case 'C':
+ param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
+ break;
+ case '0':
+ param_nid = NID_id_GostR3410_2001_TestParamSet;
+ break;
+ default:
+ return 0;
+ break;
+ }
+ } else if ((strlen(value) == 2)
+ && (toupper((unsigned char)value[0]) == 'X')) {
+ switch (toupper((unsigned char)value[1])) {
+ case 'A':
+ param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
+ break;
+ case 'B':
+ param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
+ break;
+ default:
+ return 0;
+ break;
+ }
+ } else {
+ R3410_2001_params *p = R3410_2001_paramset;
+ param_nid = OBJ_txt2nid(value);
+ if (param_nid == NID_undef) {
+ return 0;
+ }
+ for (; p->nid != NID_undef; p++) {
+ if (p->nid == param_nid)
+ break;
+ }
+ if (p->nid == NID_undef) {
+ GOSTerr(GOST_F_PKEY_GOST_CTRL01_STR, GOST_R_INVALID_PARAMSET);
+ return 0;
+ }
+ }
+
+ return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
+ param_nid, NULL);
+ }
+ return -2;
+}
/* --------------------- key generation --------------------------------*/
-static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx) {
- return 1;
-}
-static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- DSA *dsa=NULL;
- if (data->sign_param_nid == NID_undef)
- {
- GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN,
- GOST_R_NO_PARAMETERS_SET);
- return 0;
- }
- dsa = DSA_new();
- if (!fill_GOST94_params(dsa,data->sign_param_nid))
- {
- DSA_free(dsa);
- return 0;
- }
- EVP_PKEY_assign(pkey,NID_id_GostR3410_94,dsa);
- return 1;
- }
+static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
+{
+ return 1;
+}
+
+static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ DSA *dsa = NULL;
+ if (data->sign_param_nid == NID_undef) {
+ GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
+ return 0;
+ }
+ dsa = DSA_new();
+ if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
+ DSA_free(dsa);
+ return 0;
+ }
+ EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);
+ return 1;
+}
+
static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- EC_KEY *ec=NULL;
-
- if (data->sign_param_nid == NID_undef)
- {
- GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN,
- GOST_R_NO_PARAMETERS_SET);
- return 0;
- }
- if (!ec)
- ec = EC_KEY_new();
- if (!fill_GOST2001_params(ec,data->sign_param_nid))
- {
- EC_KEY_free(ec);
- return 0;
- }
- EVP_PKEY_assign(pkey,NID_id_GostR3410_2001,ec);
- return 1;
- }
+{
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ EC_KEY *ec = NULL;
+
+ if (data->sign_param_nid == NID_undef) {
+ GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
+ return 0;
+ }
+ if (!ec)
+ ec = EC_KEY_new();
+ if (!fill_GOST2001_params(ec, data->sign_param_nid)) {
+ EC_KEY_free(ec);
+ return 0;
+ }
+ EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec);
+ return 1;
+}
/* Generates Gost_R3410_94_cp key */
static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- DSA *dsa;
- if (!pkey_gost94_paramgen(ctx,pkey)) return 0;
- dsa = EVP_PKEY_get0(pkey);
- gost_sign_keygen(dsa);
- return 1;
- }
+{
+ DSA *dsa;
+ if (!pkey_gost94_paramgen(ctx, pkey))
+ return 0;
+ dsa = EVP_PKEY_get0(pkey);
+ gost_sign_keygen(dsa);
+ return 1;
+}
/* Generates GOST_R3410 2001 key and assigns it using specified type */
static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- EC_KEY *ec;
- if (!pkey_gost01_paramgen(ctx,pkey)) return 0;
- ec = EVP_PKEY_get0(pkey);
- gost2001_keygen(ec);
- return 1;
- }
-
-
+{
+ EC_KEY *ec;
+ if (!pkey_gost01_paramgen(ctx, pkey))
+ return 0;
+ ec = EVP_PKEY_get0(pkey);
+ gost2001_keygen(ec);
+ return 1;
+}
/* ----------- sign callbacks --------------------------------------*/
-static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
- const unsigned char *tbs, size_t tbs_len)
- {
- DSA_SIG *unpacked_sig=NULL;
- EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
- if (!siglen) return 0;
- if (!sig)
- {
- *siglen= 64; /* better to check size of pkey->pkey.dsa-q */
- return 1;
- }
- unpacked_sig = gost_do_sign(tbs,tbs_len,EVP_PKEY_get0(pkey));
- if (!unpacked_sig)
- {
- return 0;
- }
- return pack_sign_cp(unpacked_sig,32,sig,siglen);
- }
-
-static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
- const unsigned char *tbs, size_t tbs_len)
- {
- DSA_SIG *unpacked_sig=NULL;
- EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
- if (!siglen) return 0;
- if (!sig)
- {
- *siglen= 64; /* better to check size of curve order*/
- return 1;
- }
- unpacked_sig = gost2001_do_sign(tbs,tbs_len,EVP_PKEY_get0(pkey));
- if (!unpacked_sig)
- {
- return 0;
- }
- return pack_sign_cp(unpacked_sig,32,sig,siglen);
- }
+static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+ size_t *siglen, const unsigned char *tbs,
+ size_t tbs_len)
+{
+ DSA_SIG *unpacked_sig = NULL;
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+ if (!siglen)
+ return 0;
+ if (!sig) {
+ *siglen = 64; /* better to check size of pkey->pkey.dsa-q */
+ return 1;
+ }
+ unpacked_sig = gost_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
+ if (!unpacked_sig) {
+ return 0;
+ }
+ return pack_sign_cp(unpacked_sig, 32, sig, siglen);
+}
+
+static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+ size_t *siglen, const unsigned char *tbs,
+ size_t tbs_len)
+{
+ DSA_SIG *unpacked_sig = NULL;
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+ if (!siglen)
+ return 0;
+ if (!sig) {
+ *siglen = 64; /* better to check size of curve order */
+ return 1;
+ }
+ unpacked_sig = gost2001_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
+ if (!unpacked_sig) {
+ return 0;
+ }
+ return pack_sign_cp(unpacked_sig, 32, sig, siglen);
+}
/* ------------------- verify callbacks ---------------------------*/
static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
- size_t siglen, const unsigned char *tbs, size_t tbs_len)
- {
- int ok = 0;
- EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
- DSA_SIG *s=unpack_cp_signature(sig,siglen);
- if (!s) return 0;
- if (pub_key) ok = gost_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key));
- DSA_SIG_free(s);
- return ok;
- }
-
+ size_t siglen, const unsigned char *tbs,
+ size_t tbs_len)
+{
+ int ok = 0;
+ EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
+ DSA_SIG *s = unpack_cp_signature(sig, siglen);
+ if (!s)
+ return 0;
+ if (pub_key)
+ ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
+ DSA_SIG_free(s);
+ return ok;
+}
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
- size_t siglen, const unsigned char *tbs, size_t tbs_len)
- {
- int ok = 0;
- EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
- DSA_SIG *s=unpack_cp_signature(sig,siglen);
- if (!s) return 0;
-#ifdef DEBUG_SIGN
- fprintf(stderr,"R=");
- BN_print_fp(stderr,s->r);
- fprintf(stderr,"\nS=");
- BN_print_fp(stderr,s->s);
- fprintf(stderr,"\n");
-#endif
- if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key));
- DSA_SIG_free(s);
- return ok;
- }
+ size_t siglen, const unsigned char *tbs,
+ size_t tbs_len)
+{
+ int ok = 0;
+ EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
+ DSA_SIG *s = unpack_cp_signature(sig, siglen);
+ if (!s)
+ return 0;
+#ifdef DEBUG_SIGN
+ fprintf(stderr, "R=");
+ BN_print_fp(stderr, s->r);
+ fprintf(stderr, "\nS=");
+ BN_print_fp(stderr, s->s);
+ fprintf(stderr, "\n");
+#endif
+ if (pub_key)
+ ok = gost2001_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
+ DSA_SIG_free(s);
+ return ok;
+}
/* ------------- encrypt init -------------------------------------*/
/* Generates ephermeral key */
static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
- {
- return 1;
- }
+{
+ return 1;
+}
+
/* --------------- Derive init ------------------------------------*/
static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
{
- return 1;
+ return 1;
}
+
/* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
- {
- struct gost_mac_pmeth_data *data;
- data = OPENSSL_malloc(sizeof(struct gost_mac_pmeth_data));
- if (!data) return 0;
- memset(data,0,sizeof(struct gost_mac_pmeth_data));
- EVP_PKEY_CTX_set_data(ctx,data);
- return 1;
- }
-static void pkey_gost_mac_cleanup (EVP_PKEY_CTX *ctx)
- {
- struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- OPENSSL_free(data);
- }
+{
+ struct gost_mac_pmeth_data *data;
+ data = OPENSSL_malloc(sizeof(struct gost_mac_pmeth_data));
+ if (!data)
+ return 0;
+ memset(data, 0, sizeof(struct gost_mac_pmeth_data));
+ EVP_PKEY_CTX_set_data(ctx, data);
+ return 1;
+}
+
+static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
+{
+ struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ OPENSSL_free(data);
+}
+
static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
- {
- struct gost_mac_pmeth_data *dst_data,*src_data;
- if (!pkey_gost_mac_init(dst))
- {
- return 0;
- }
- src_data = EVP_PKEY_CTX_get_data(src);
- dst_data = EVP_PKEY_CTX_get_data(dst);
- *dst_data = *src_data;
- return 1;
- }
-
+{
+ struct gost_mac_pmeth_data *dst_data, *src_data;
+ if (!pkey_gost_mac_init(dst)) {
+ return 0;
+ }
+ src_data = EVP_PKEY_CTX_get_data(src);
+ dst_data = EVP_PKEY_CTX_get_data(dst);
+ *dst_data = *src_data;
+ return 1;
+}
+
static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
- {
- struct gost_mac_pmeth_data *data =
-(struct gost_mac_pmeth_data*)EVP_PKEY_CTX_get_data(ctx);
-
- switch (type)
- {
- case EVP_PKEY_CTRL_MD:
- {
- if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC)
- {
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE);
- return 0;
- }
- data->md = (EVP_MD *)p2;
- return 1;
- }
- break;
-
- case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
- case EVP_PKEY_CTRL_PKCS7_DECRYPT:
- case EVP_PKEY_CTRL_PKCS7_SIGN:
- return 1;
- case EVP_PKEY_CTRL_SET_MAC_KEY:
- if (p1 != 32)
- {
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
- GOST_R_INVALID_MAC_KEY_LENGTH);
- return 0;
- }
-
- memcpy(data->key,p2,32);
- data->key_set = 1;
- return 1;
- case EVP_PKEY_CTRL_DIGESTINIT:
- {
- EVP_MD_CTX *mctx = p2;
- void *key;
- if (!data->key_set)
- {
- EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
- if (!pkey)
- {
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
- return 0;
- }
- key = EVP_PKEY_get0(pkey);
- if (!key)
- {
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
- return 0;
- }
- } else {
- key = &(data->key);
- }
- return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
- }
- }
- return -2;
- }
+{
+ struct gost_mac_pmeth_data *data =
+ (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
+
+ switch (type) {
+ case EVP_PKEY_CTRL_MD:
+ {
+ if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
+ GOST_R_INVALID_DIGEST_TYPE);
+ return 0;
+ }
+ data->md = (EVP_MD *)p2;
+ return 1;
+ }
+ break;
+
+ case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+ case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+ case EVP_PKEY_CTRL_PKCS7_SIGN:
+ return 1;
+ case EVP_PKEY_CTRL_SET_MAC_KEY:
+ if (p1 != 32) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
+ return 0;
+ }
+
+ memcpy(data->key, p2, 32);
+ data->key_set = 1;
+ return 1;
+ case EVP_PKEY_CTRL_DIGESTINIT:
+ {
+ EVP_MD_CTX *mctx = p2;
+ void *key;
+ if (!data->key_set) {
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+ if (!pkey) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
+ GOST_R_MAC_KEY_NOT_SET);
+ return 0;
+ }
+ key = EVP_PKEY_get0(pkey);
+ if (!key) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
+ GOST_R_MAC_KEY_NOT_SET);
+ return 0;
+ }
+ } else {
+ key = &(data->key);
+ }
+ return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key);
+ }
+ }
+ return -2;
+}
+
static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
- {
- if (!strcmp(type, key_ctrl_string))
- {
- if (strlen(value)!=32)
- {
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
- GOST_R_INVALID_MAC_KEY_LENGTH);
- return 0;
- }
- return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
- 32,(char *)value);
- }
- if (!strcmp(type, hexkey_ctrl_string))
- {
- long keylen; int ret;
- unsigned char *keybuf=string_to_hex(value,&keylen);
- if (keylen != 32)
- {
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
- GOST_R_INVALID_MAC_KEY_LENGTH);
- OPENSSL_free(keybuf);
- return 0;
- }
- ret= pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
- 32,keybuf);
- OPENSSL_free(keybuf);
- return ret;
-
- }
- return -2;
- }
+ const char *type, const char *value)
+{
+ if (!strcmp(type, key_ctrl_string)) {
+ if (strlen(value) != 32) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
+ GOST_R_INVALID_MAC_KEY_LENGTH);
+ return 0;
+ }
+ return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
+ 32, (char *)value);
+ }
+ if (!strcmp(type, hexkey_ctrl_string)) {
+ long keylen;
+ int ret;
+ unsigned char *keybuf = string_to_hex(value, &keylen);
+ if (keylen != 32) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
+ GOST_R_INVALID_MAC_KEY_LENGTH);
+ OPENSSL_free(keybuf);
+ return 0;
+ }
+ ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
+ OPENSSL_free(keybuf);
+ return ret;
+
+ }
+ return -2;
+}
static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- unsigned char *keydata;
- if (!data->key_set)
- {
- GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN,GOST_R_MAC_KEY_NOT_SET);
- return 0;
- }
- keydata = OPENSSL_malloc(32);
- memcpy(keydata,data->key,32);
- EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
- return 1;
- }
+{
+ struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ unsigned char *keydata;
+ if (!data->key_set) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
+ return 0;
+ }
+ keydata = OPENSSL_malloc(32);
+ memcpy(keydata, data->key, 32);
+ EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
+ return 1;
+}
static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
- {
- return 1;
+{
+ return 1;
}
-static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
- {
- unsigned int tmpsiglen=*siglen; /* for platforms where sizeof(int)!=sizeof(size_t)*/
- int ret;
- if (!sig)
- {
- *siglen = 4;
- return 1;
- }
- ret=EVP_DigestFinal_ex(mctx,sig,&tmpsiglen);
- *siglen = tmpsiglen;
- return ret;
- }
-/* ----------------------------------------------------------------*/
-int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth,int flags)
- {
- *pmeth = EVP_PKEY_meth_new(id, flags);
- if (!*pmeth) return 0;
-
- switch (id)
- {
- case NID_id_GostR3410_94:
- EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_ctrl, pkey_gost_ctrl94_str);
- EVP_PKEY_meth_set_keygen(*pmeth,NULL,pkey_gost94cp_keygen);
- EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
- EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
- EVP_PKEY_meth_set_encrypt(*pmeth,
- pkey_gost_encrypt_init, pkey_GOST94cp_encrypt);
- EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
- EVP_PKEY_meth_set_derive(*pmeth,
- pkey_gost_derive_init, pkey_gost94_derive);
- EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,pkey_gost94_paramgen);
- break;
- case NID_id_GostR3410_2001:
- EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_ctrl, pkey_gost_ctrl01_str);
- EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
- EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost01_cp_verify);
-
- EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost01cp_keygen);
-
- EVP_PKEY_meth_set_encrypt(*pmeth,
- pkey_gost_encrypt_init, pkey_GOST01cp_encrypt);
- EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST01cp_decrypt);
- EVP_PKEY_meth_set_derive(*pmeth,
- pkey_gost_derive_init, pkey_gost2001_derive);
- EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,pkey_gost01_paramgen);
- break;
- case NID_id_Gost28147_89_MAC:
- EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_mac_ctrl, pkey_gost_mac_ctrl_str);
- EVP_PKEY_meth_set_signctx(*pmeth,pkey_gost_mac_signctx_init, pkey_gost_mac_signctx);
- EVP_PKEY_meth_set_keygen(*pmeth,NULL, pkey_gost_mac_keygen);
- EVP_PKEY_meth_set_init(*pmeth,pkey_gost_mac_init);
- EVP_PKEY_meth_set_cleanup(*pmeth,pkey_gost_mac_cleanup);
- EVP_PKEY_meth_set_copy(*pmeth,pkey_gost_mac_copy);
- return 1;
- default: /*Unsupported method*/
- return 0;
- }
- EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
- EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
-
- EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
- /*FIXME derive etc...*/
-
- return 1;
- }
+static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
+ size_t *siglen, EVP_MD_CTX *mctx)
+{
+ unsigned int tmpsiglen = *siglen; /* for platforms where
+ * sizeof(int)!=sizeof(size_t) */
+ int ret;
+ if (!sig) {
+ *siglen = 4;
+ return 1;
+ }
+ ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
+ *siglen = tmpsiglen;
+ return ret;
+}
+/* ----------------------------------------------------------------*/
+int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
+{
+ *pmeth = EVP_PKEY_meth_new(id, flags);
+ if (!*pmeth)
+ return 0;
+
+ switch (id) {
+ case NID_id_GostR3410_94:
+ EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str);
+ EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen);
+ EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
+ EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
+ EVP_PKEY_meth_set_encrypt(*pmeth,
+ pkey_gost_encrypt_init,
+ pkey_GOST94cp_encrypt);
+ EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
+ EVP_PKEY_meth_set_derive(*pmeth,
+ pkey_gost_derive_init, pkey_gost94_derive);
+ EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
+ pkey_gost94_paramgen);
+ break;
+ case NID_id_GostR3410_2001:
+ EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str);
+ EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
+ EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost01_cp_verify);
+
+ EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost01cp_keygen);
+
+ EVP_PKEY_meth_set_encrypt(*pmeth,
+ pkey_gost_encrypt_init,
+ pkey_GOST01cp_encrypt);
+ EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST01cp_decrypt);
+ EVP_PKEY_meth_set_derive(*pmeth,
+ pkey_gost_derive_init, pkey_gost2001_derive);
+ EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
+ pkey_gost01_paramgen);
+ break;
+ case NID_id_Gost28147_89_MAC:
+ EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
+ pkey_gost_mac_ctrl_str);
+ EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
+ pkey_gost_mac_signctx);
+ EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen);
+ EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
+ EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
+ EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
+ return 1;
+ default: /* Unsupported method */
+ return 0;
+ }
+ EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
+ EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
+
+ EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
+ /*
+ * FIXME derive etc...
+ */
+
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gost_sign.c b/openssl/engines/ccgost/gost_sign.c
index 409565435..0116e4740 100644
--- a/openssl/engines/ccgost/gost_sign.c
+++ b/openssl/engines/ccgost/gost_sign.c
@@ -18,114 +18,114 @@
#include "e_gost_err.h"
#ifdef DEBUG_SIGN
-void dump_signature(const char *message,const unsigned char *buffer,size_t len)
- {
- size_t i;
- fprintf(stderr,"signature %s Length=%d",message,len);
- for (i=0; i<len; i++)
- {
- if (i% 16 ==0) fputc('\n',stderr);
- fprintf (stderr," %02x",buffer[i]);
- }
- fprintf(stderr,"\nEnd of signature\n");
- }
+void dump_signature(const char *message, const unsigned char *buffer,
+ size_t len)
+{
+ size_t i;
+ fprintf(stderr, "signature %s Length=%d", message, len);
+ for (i = 0; i < len; i++) {
+ if (i % 16 == 0)
+ fputc('\n', stderr);
+ fprintf(stderr, " %02x", buffer[i]);
+ }
+ fprintf(stderr, "\nEnd of signature\n");
+}
void dump_dsa_sig(const char *message, DSA_SIG *sig)
- {
- fprintf(stderr,"%s\nR=",message);
- BN_print_fp(stderr,sig->r);
- fprintf(stderr,"\nS=");
- BN_print_fp(stderr,sig->s);
- fprintf(stderr,"\n");
- }
+{
+ fprintf(stderr, "%s\nR=", message);
+ BN_print_fp(stderr, sig->r);
+ fprintf(stderr, "\nS=");
+ BN_print_fp(stderr, sig->s);
+ fprintf(stderr, "\n");
+}
#else
-#define dump_signature(a,b,c)
-#define dump_dsa_sig(a,b)
+# define dump_signature(a,b,c)
+# define dump_dsa_sig(a,b)
#endif
/*
* Computes signature and returns it as DSA_SIG structure
*/
-DSA_SIG *gost_do_sign(const unsigned char *dgst,int dlen, DSA *dsa)
- {
- BIGNUM *k=NULL,*tmp=NULL,*tmp2=NULL;
- DSA_SIG *newsig = DSA_SIG_new();
- BIGNUM *md = hashsum2bn(dgst);
- /* check if H(M) mod q is zero */
- BN_CTX *ctx=BN_CTX_new();
- BN_CTX_start(ctx);
- if (!newsig)
- {
- GOSTerr(GOST_F_GOST_DO_SIGN,GOST_R_NO_MEMORY);
- goto err;
- }
- tmp=BN_CTX_get(ctx);
- k = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- BN_mod(tmp,md,dsa->q,ctx);
- if (BN_is_zero(tmp))
- {
- BN_one(md);
- }
- do
- {
- do
- {
- /*Generate random number k less than q*/
- BN_rand_range(k,dsa->q);
- /* generate r = (a^x mod p) mod q */
- BN_mod_exp(tmp,dsa->g, k, dsa->p,ctx);
- if (!(newsig->r)) newsig->r=BN_new();
- BN_mod(newsig->r,tmp,dsa->q,ctx);
- }
- while (BN_is_zero(newsig->r));
- /* generate s = (xr + k(Hm)) mod q */
- BN_mod_mul(tmp,dsa->priv_key,newsig->r,dsa->q,ctx);
- BN_mod_mul(tmp2,k,md,dsa->q,ctx);
- if (!newsig->s) newsig->s=BN_new();
- BN_mod_add(newsig->s,tmp,tmp2,dsa->q,ctx);
- }
- while (BN_is_zero(newsig->s));
- err:
- BN_free(md);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return newsig;
- }
-
+DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+ BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
+ DSA_SIG *newsig = DSA_SIG_new();
+ BIGNUM *md = hashsum2bn(dgst);
+ /* check if H(M) mod q is zero */
+ BN_CTX *ctx = BN_CTX_new();
+ BN_CTX_start(ctx);
+ if (!newsig) {
+ GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
+ goto err;
+ }
+ tmp = BN_CTX_get(ctx);
+ k = BN_CTX_get(ctx);
+ tmp2 = BN_CTX_get(ctx);
+ BN_mod(tmp, md, dsa->q, ctx);
+ if (BN_is_zero(tmp)) {
+ BN_one(md);
+ }
+ do {
+ do {
+ /*
+ * Generate random number k less than q
+ */
+ BN_rand_range(k, dsa->q);
+ /* generate r = (a^x mod p) mod q */
+ BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
+ if (!(newsig->r))
+ newsig->r = BN_new();
+ BN_mod(newsig->r, tmp, dsa->q, ctx);
+ }
+ while (BN_is_zero(newsig->r));
+ /* generate s = (xr + k(Hm)) mod q */
+ BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
+ BN_mod_mul(tmp2, k, md, dsa->q, ctx);
+ if (!newsig->s)
+ newsig->s = BN_new();
+ BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
+ }
+ while (BN_is_zero(newsig->s));
+ err:
+ BN_free(md);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return newsig;
+}
/*
* Packs signature according to Cryptocom rules
* and frees up DSA_SIG structure
*/
-/*
+/*-
int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
- {
- *siglen = 2*order;
- memset(sig,0,*siglen);
- store_bignum(s->r, sig,order);
- store_bignum(s->s, sig + order,order);
- dump_signature("serialized",sig,*siglen);
- DSA_SIG_free(s);
- return 1;
- }
+ {
+ *siglen = 2*order;
+ memset(sig,0,*siglen);
+ store_bignum(s->r, sig,order);
+ store_bignum(s->s, sig + order,order);
+ dump_signature("serialized",sig,*siglen);
+ DSA_SIG_free(s);
+ return 1;
+ }
*/
/*
* Packs signature according to Cryptopro rules
* and frees up DSA_SIG structure
*/
-int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
- {
- *siglen = 2*order;
- memset(sig,0,*siglen);
- store_bignum(s->s, sig, order);
- store_bignum(s->r, sig+order,order);
- dump_signature("serialized",sig,*siglen);
- DSA_SIG_free(s);
- return 1;
- }
+int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
+{
+ *siglen = 2 * order;
+ memset(sig, 0, *siglen);
+ store_bignum(s->s, sig, order);
+ store_bignum(s->r, sig + order, order);
+ dump_signature("serialized", sig, *siglen);
+ DSA_SIG_free(s);
+ return 1;
+}
/*
* Verifies signature passed as DSA_SIG structure
@@ -133,106 +133,107 @@ int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
*/
int gost_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
- BIGNUM *md, *tmp=NULL;
- BIGNUM *q2=NULL;
- BIGNUM *u=NULL,*v=NULL,*z1=NULL,*z2=NULL;
- BIGNUM *tmp2=NULL,*tmp3=NULL;
- int ok;
- BN_CTX *ctx = BN_CTX_new();
+ DSA_SIG *sig, DSA *dsa)
+{
+ BIGNUM *md, *tmp = NULL;
+ BIGNUM *q2 = NULL;
+ BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
+ BIGNUM *tmp2 = NULL, *tmp3 = NULL;
+ int ok;
+ BN_CTX *ctx = BN_CTX_new();
+
+ BN_CTX_start(ctx);
+ if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
+ GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
+ return 0;
+ }
+ md = hashsum2bn(dgst);
+
+ tmp = BN_CTX_get(ctx);
+ v = BN_CTX_get(ctx);
+ q2 = BN_CTX_get(ctx);
+ z1 = BN_CTX_get(ctx);
+ z2 = BN_CTX_get(ctx);
+ tmp2 = BN_CTX_get(ctx);
+ tmp3 = BN_CTX_get(ctx);
+ u = BN_CTX_get(ctx);
- BN_CTX_start(ctx);
- if (BN_cmp(sig->s,dsa->q)>=1||
- BN_cmp(sig->r,dsa->q)>=1)
- {
- GOSTerr(GOST_F_GOST_DO_VERIFY,GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
- return 0;
- }
- md=hashsum2bn(dgst);
-
- tmp=BN_CTX_get(ctx);
- v=BN_CTX_get(ctx);
- q2=BN_CTX_get(ctx);
- z1=BN_CTX_get(ctx);
- z2=BN_CTX_get(ctx);
- tmp2=BN_CTX_get(ctx);
- tmp3=BN_CTX_get(ctx);
- u = BN_CTX_get(ctx);
-
- BN_mod(tmp,md,dsa->q,ctx);
- if (BN_is_zero(tmp))
- {
- BN_one(md);
- }
- BN_copy(q2,dsa->q);
- BN_sub_word(q2,2);
- BN_mod_exp(v,md,q2,dsa->q,ctx);
- BN_mod_mul(z1,sig->s,v,dsa->q,ctx);
- BN_sub(tmp,dsa->q,sig->r);
- BN_mod_mul(z2,tmp,v,dsa->p,ctx);
- BN_mod_exp(tmp,dsa->g,z1,dsa->p,ctx);
- BN_mod_exp(tmp2,dsa->pub_key,z2,dsa->p,ctx);
- BN_mod_mul(tmp3,tmp,tmp2,dsa->p,ctx);
- BN_mod(u,tmp3,dsa->q,ctx);
- ok= BN_cmp(u,sig->r);
-
- BN_free(md);
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- if (ok!=0)
- {
- GOSTerr(GOST_F_GOST_DO_VERIFY,GOST_R_SIGNATURE_MISMATCH);
- }
- return (ok==0);
- }
+ BN_mod(tmp, md, dsa->q, ctx);
+ if (BN_is_zero(tmp)) {
+ BN_one(md);
+ }
+ BN_copy(q2, dsa->q);
+ BN_sub_word(q2, 2);
+ BN_mod_exp(v, md, q2, dsa->q, ctx);
+ BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
+ BN_sub(tmp, dsa->q, sig->r);
+ BN_mod_mul(z2, tmp, v, dsa->p, ctx);
+ BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
+ BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
+ BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
+ BN_mod(u, tmp3, dsa->q, ctx);
+ ok = BN_cmp(u, sig->r);
+
+ BN_free(md);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ if (ok != 0) {
+ GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
+ }
+ return (ok == 0);
+}
/*
* Computes public keys for GOST R 34.10-94 algorithm
*
*/
int gost94_compute_public(DSA *dsa)
- {
- /* Now fill algorithm parameters with correct values */
- BN_CTX *ctx = BN_CTX_new();
- if (!dsa->g)
- {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC,GOST_R_KEY_IS_NOT_INITALIZED);
- return 0;
- }
- /* Compute public key y = a^x mod p */
- dsa->pub_key=BN_new();
- BN_mod_exp(dsa->pub_key, dsa->g,dsa->priv_key,dsa->p,ctx);
- BN_CTX_free(ctx);
- return 1;
- }
+{
+ /* Now fill algorithm parameters with correct values */
+ BN_CTX *ctx = BN_CTX_new();
+ if (!dsa->g) {
+ GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
+ return 0;
+ }
+ /* Compute public key y = a^x mod p */
+ dsa->pub_key = BN_new();
+ BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
+ BN_CTX_free(ctx);
+ return 1;
+}
/*
* Fill GOST 94 params, searching them in R3410_paramset array
* by nid of paramset
*
*/
-int fill_GOST94_params(DSA *dsa,int nid)
- {
- R3410_params *params=R3410_paramset;
- while (params->nid!=NID_undef && params->nid !=nid) params++;
- if (params->nid == NID_undef)
- {
- GOSTerr(GOST_F_FILL_GOST94_PARAMS,GOST_R_UNSUPPORTED_PARAMETER_SET);
- return 0;
- }
+int fill_GOST94_params(DSA *dsa, int nid)
+{
+ R3410_params *params = R3410_paramset;
+ while (params->nid != NID_undef && params->nid != nid)
+ params++;
+ if (params->nid == NID_undef) {
+ GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
+ return 0;
+ }
#define dump_signature(a,b,c)
- if (dsa->p) { BN_free(dsa->p); }
- dsa->p=NULL;
- BN_dec2bn(&(dsa->p),params->p);
- if (dsa->q) { BN_free(dsa->q); }
- dsa->q=NULL;
- BN_dec2bn(&(dsa->q),params->q);
- if (dsa->g) { BN_free(dsa->g); }
- dsa->g=NULL;
- BN_dec2bn(&(dsa->g),params->a);
- return 1;
- }
+ if (dsa->p) {
+ BN_free(dsa->p);
+ }
+ dsa->p = NULL;
+ BN_dec2bn(&(dsa->p), params->p);
+ if (dsa->q) {
+ BN_free(dsa->q);
+ }
+ dsa->q = NULL;
+ BN_dec2bn(&(dsa->q), params->q);
+ if (dsa->g) {
+ BN_free(dsa->g);
+ }
+ dsa->g = NULL;
+ BN_dec2bn(&(dsa->g), params->a);
+ return 1;
+}
/*
* Generate GOST R 34.10-94 keypair
@@ -240,82 +241,80 @@ int fill_GOST94_params(DSA *dsa,int nid)
*
*/
int gost_sign_keygen(DSA *dsa)
- {
- dsa->priv_key = BN_new();
- BN_rand_range(dsa->priv_key,dsa->q);
- return gost94_compute_public( dsa);
- }
+{
+ dsa->priv_key = BN_new();
+ BN_rand_range(dsa->priv_key, dsa->q);
+ return gost94_compute_public(dsa);
+}
/* Unpack signature according to cryptocom rules */
-/*
+/*-
DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
- {
- DSA_SIG *s;
- s = DSA_SIG_new();
- if (s == NULL)
- {
- GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
- return(NULL);
- }
- s->r = getbnfrombuf(sig, siglen/2);
- s->s = getbnfrombuf(sig + siglen/2, siglen/2);
- return s;
- }
+ {
+ DSA_SIG *s;
+ s = DSA_SIG_new();
+ if (s == NULL)
+ {
+ GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
+ return(NULL);
+ }
+ s->r = getbnfrombuf(sig, siglen/2);
+ s->s = getbnfrombuf(sig + siglen/2, siglen/2);
+ return s;
+ }
*/
/* Unpack signature according to cryptopro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen)
- {
- DSA_SIG *s;
+DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
+{
+ DSA_SIG *s;
- s = DSA_SIG_new();
- if (s == NULL)
- {
- GOSTerr(GOST_F_UNPACK_CP_SIGNATURE,GOST_R_NO_MEMORY);
- return NULL;
- }
- s->s = getbnfrombuf(sig , siglen/2);
- s->r = getbnfrombuf(sig + siglen/2, siglen/2);
- return s;
- }
+ s = DSA_SIG_new();
+ if (s == NULL) {
+ GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, GOST_R_NO_MEMORY);
+ return NULL;
+ }
+ s->s = getbnfrombuf(sig, siglen / 2);
+ s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
+ return s;
+}
/* Convert little-endian byte array into bignum */
BIGNUM *hashsum2bn(const unsigned char *dgst)
- {
- unsigned char buf[32];
- int i;
- for (i=0;i<32;i++)
- {
- buf[31-i]=dgst[i];
- }
- return getbnfrombuf(buf,32);
- }
+{
+ unsigned char buf[32];
+ int i;
+ for (i = 0; i < 32; i++) {
+ buf[31 - i] = dgst[i];
+ }
+ return getbnfrombuf(buf, 32);
+}
/* Convert byte buffer to bignum, skipping leading zeros*/
-BIGNUM *getbnfrombuf(const unsigned char *buf,size_t len)
- {
- while (*buf==0&&len>0)
- {
- buf++; len--;
- }
- if (len)
- {
- return BN_bin2bn(buf,len,NULL);
- }
- else
- {
- BIGNUM *b=BN_new();
- BN_zero(b);
- return b;
- }
- }
+BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
+{
+ while (*buf == 0 && len > 0) {
+ buf++;
+ len--;
+ }
+ if (len) {
+ return BN_bin2bn(buf, len, NULL);
+ } else {
+ BIGNUM *b = BN_new();
+ BN_zero(b);
+ return b;
+ }
+}
-/* Pack bignum into byte buffer of given size, filling all leading bytes
- * by zeros */
-int store_bignum(BIGNUM *bn, unsigned char *buf,int len)
- {
- int bytes = BN_num_bytes(bn);
- if (bytes>len) return 0;
- memset(buf,0,len);
- BN_bn2bin(bn,buf+len-bytes);
- return 1;
- }
+/*
+ * Pack bignum into byte buffer of given size, filling all leading bytes by
+ * zeros
+ */
+int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
+{
+ int bytes = BN_num_bytes(bn);
+ if (bytes > len)
+ return 0;
+ memset(buf, 0, len);
+ BN_bn2bin(bn, buf + len - bytes);
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gosthash.c b/openssl/engines/ccgost/gosthash.c
index 91b2ce882..72faa24ed 100644
--- a/openssl/engines/ccgost/gosthash.c
+++ b/openssl/engines/ccgost/gosthash.c
@@ -11,8 +11,8 @@
#include "gost89.h"
#include "gosthash.h"
-
-/* Use OPENSSL_malloc for memory allocation if compiled with
+/*
+ * Use OPENSSL_malloc for memory allocation if compiled with
* -DOPENSSL_BUILD, and libc malloc otherwise
*/
#ifndef MYALLOC
@@ -25,230 +25,244 @@
# define MYFREE(ptr) free(ptr)
# endif
#endif
-/* Following functions are various bit meshing routines used in
- * GOST R 34.11-94 algorithms */
-static void swap_bytes (byte *w, byte *k)
- {
- int i,j;
- for (i=0;i<4;i++)
- for (j=0;j<8;j++)
- k[i+4*j]=w[8*i+j];
+/*
+ * Following functions are various bit meshing routines used in GOST R
+ * 34.11-94 algorithms
+ */
+static void swap_bytes(byte * w, byte * k)
+{
+ int i, j;
+ for (i = 0; i < 4; i++)
+ for (j = 0; j < 8; j++)
+ k[i + 4 * j] = w[8 * i + j];
- }
+}
/* was A_A */
-static void circle_xor8 (const byte *w, byte *k)
- {
- byte buf[8];
- int i;
- memcpy(buf,w,8);
- memmove(k,w+8,24);
- for(i=0;i<8;i++)
- k[i+24]=buf[i]^k[i];
- }
+static void circle_xor8(const byte * w, byte * k)
+{
+ byte buf[8];
+ int i;
+ memcpy(buf, w, 8);
+ memmove(k, w + 8, 24);
+ for (i = 0; i < 8; i++)
+ k[i + 24] = buf[i] ^ k[i];
+}
/* was R_R */
-static void transform_3 (byte *data)
- {
- unsigned short int acc;
- acc=(data[0]^data[2]^data[4]^data[6]^data[24]^data[30])|
- ((data[1]^data[3]^data[5]^data[7]^data[25]^data[31])<<8);
- memmove(data,data+2,30);
- data[30]=acc&0xff;
- data[31]=acc>>8;
- }
+static void transform_3(byte * data)
+{
+ unsigned short int acc;
+ acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
+ ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
+ memmove(data, data + 2, 30);
+ data[30] = acc & 0xff;
+ data[31] = acc >> 8;
+}
/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
-static int add_blocks(int n,byte *left, const byte *right)
- {
- int i;
- int carry=0;
- int sum;
- for (i=0;i<n;i++)
- {
- sum=(int)left[i]+(int)right[i]+carry;
- left[i]=sum & 0xff;
- carry=sum>>8;
- }
- return carry;
- }
+static int add_blocks(int n, byte * left, const byte * right)
+{
+ int i;
+ int carry = 0;
+ int sum;
+ for (i = 0; i < n; i++) {
+ sum = (int)left[i] + (int)right[i] + carry;
+ left[i] = sum & 0xff;
+ carry = sum >> 8;
+ }
+ return carry;
+}
/* Xor two sequences of bytes */
-static void xor_blocks (byte *result,const byte *a,const byte *b,size_t len)
- {
- size_t i;
- for (i=0;i<len;i++) result[i]=a[i]^b[i];
- }
+static void xor_blocks(byte * result, const byte * a, const byte * b,
+ size_t len)
+{
+ size_t i;
+ for (i = 0; i < len; i++)
+ result[i] = a[i] ^ b[i];
+}
-/*
- * Calculate H(i+1) = Hash(Hi,Mi)
- * Where H and M are 32 bytes long
+/*
+ * Calculate H(i+1) = Hash(Hi,Mi)
+ * Where H and M are 32 bytes long
*/
-static int hash_step(gost_ctx *c,byte *H,const byte *M)
- {
- byte U[32],W[32],V[32],S[32],Key[32];
- int i;
- /* Compute first key */
- xor_blocks(W,H,M,32);
- swap_bytes(W,Key);
- /* Encrypt first 8 bytes of H with first key*/
- gost_enc_with_key(c,Key,H,S);
- /* Compute second key*/
- circle_xor8(H,U);
- circle_xor8(M,V);
- circle_xor8(V,V);
- xor_blocks(W,U,V,32);
- swap_bytes(W,Key);
- /* encrypt second 8 bytes of H with second key*/
- gost_enc_with_key(c,Key,H+8,S+8);
- /* compute third key */
- circle_xor8(U,U);
- U[31]=~U[31]; U[29]=~U[29]; U[28]=~U[28]; U[24]=~U[24];
- U[23]=~U[23]; U[20]=~U[20]; U[18]=~U[18]; U[17]=~U[17];
- U[14]=~U[14]; U[12]=~U[12]; U[10]=~U[10]; U[ 8]=~U[ 8];
- U[ 7]=~U[ 7]; U[ 5]=~U[ 5]; U[ 3]=~U[ 3]; U[ 1]=~U[ 1];
- circle_xor8(V,V);
- circle_xor8(V,V);
- xor_blocks(W,U,V,32);
- swap_bytes(W,Key);
- /* encrypt third 8 bytes of H with third key*/
- gost_enc_with_key(c,Key,H+16,S+16);
- /* Compute fourth key */
- circle_xor8(U,U);
- circle_xor8(V,V);
- circle_xor8(V,V);
- xor_blocks(W,U,V,32);
- swap_bytes(W,Key);
- /* Encrypt last 8 bytes with fourth key */
- gost_enc_with_key(c,Key,H+24,S+24);
- for (i=0;i<12;i++)
- transform_3(S);
- xor_blocks(S,S,M,32);
- transform_3(S);
- xor_blocks(S,S,H,32);
- for (i=0;i<61;i++)
- transform_3(S);
- memcpy(H,S,32);
- return 1;
- }
+static int hash_step(gost_ctx * c, byte * H, const byte * M)
+{
+ byte U[32], W[32], V[32], S[32], Key[32];
+ int i;
+ /* Compute first key */
+ xor_blocks(W, H, M, 32);
+ swap_bytes(W, Key);
+ /* Encrypt first 8 bytes of H with first key */
+ gost_enc_with_key(c, Key, H, S);
+ /* Compute second key */
+ circle_xor8(H, U);
+ circle_xor8(M, V);
+ circle_xor8(V, V);
+ xor_blocks(W, U, V, 32);
+ swap_bytes(W, Key);
+ /* encrypt second 8 bytes of H with second key */
+ gost_enc_with_key(c, Key, H + 8, S + 8);
+ /* compute third key */
+ circle_xor8(U, U);
+ U[31] = ~U[31];
+ U[29] = ~U[29];
+ U[28] = ~U[28];
+ U[24] = ~U[24];
+ U[23] = ~U[23];
+ U[20] = ~U[20];
+ U[18] = ~U[18];
+ U[17] = ~U[17];
+ U[14] = ~U[14];
+ U[12] = ~U[12];
+ U[10] = ~U[10];
+ U[8] = ~U[8];
+ U[7] = ~U[7];
+ U[5] = ~U[5];
+ U[3] = ~U[3];
+ U[1] = ~U[1];
+ circle_xor8(V, V);
+ circle_xor8(V, V);
+ xor_blocks(W, U, V, 32);
+ swap_bytes(W, Key);
+ /* encrypt third 8 bytes of H with third key */
+ gost_enc_with_key(c, Key, H + 16, S + 16);
+ /* Compute fourth key */
+ circle_xor8(U, U);
+ circle_xor8(V, V);
+ circle_xor8(V, V);
+ xor_blocks(W, U, V, 32);
+ swap_bytes(W, Key);
+ /* Encrypt last 8 bytes with fourth key */
+ gost_enc_with_key(c, Key, H + 24, S + 24);
+ for (i = 0; i < 12; i++)
+ transform_3(S);
+ xor_blocks(S, S, M, 32);
+ transform_3(S);
+ xor_blocks(S, S, H, 32);
+ for (i = 0; i < 61; i++)
+ transform_3(S);
+ memcpy(H, S, 32);
+ return 1;
+}
-/* Initialize gost_hash ctx - cleans up temporary structures and
- * set up substitution blocks
+/*
+ * Initialize gost_hash ctx - cleans up temporary structures and set up
+ * substitution blocks
*/
-int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block)
- {
- memset(ctx,0,sizeof(gost_hash_ctx));
- ctx->cipher_ctx = (gost_ctx *)MYALLOC(sizeof(gost_ctx));
- if (!ctx->cipher_ctx)
- {
- return 0;
- }
- gost_init(ctx->cipher_ctx,subst_block);
- return 1;
- }
+int init_gost_hash_ctx(gost_hash_ctx * ctx,
+ const gost_subst_block * subst_block)
+{
+ memset(ctx, 0, sizeof(gost_hash_ctx));
+ ctx->cipher_ctx = (gost_ctx *) MYALLOC(sizeof(gost_ctx));
+ if (!ctx->cipher_ctx) {
+ return 0;
+ }
+ gost_init(ctx->cipher_ctx, subst_block);
+ return 1;
+}
/*
* Free cipher CTX if it is dynamically allocated. Do not use
* if cipher ctx is statically allocated as in OpenSSL implementation of
* GOST hash algroritm
*
- */
-void done_gost_hash_ctx(gost_hash_ctx *ctx)
- {
- /* No need to use gost_destroy, because cipher keys are not really
- * secret when hashing */
- MYFREE(ctx->cipher_ctx);
- }
+ */
+void done_gost_hash_ctx(gost_hash_ctx * ctx)
+{
+ /*
+ * No need to use gost_destroy, because cipher keys are not really secret
+ * when hashing
+ */
+ MYFREE(ctx->cipher_ctx);
+}
/*
* reset state of hash context to begin hashing new message
*/
-int start_hash(gost_hash_ctx *ctx)
- {
- if (!ctx->cipher_ctx) return 0;
- memset(&(ctx->H),0,32);
- memset(&(ctx->S),0,32);
- ctx->len = 0L;
- ctx->left=0;
- return 1;
- }
+int start_hash(gost_hash_ctx * ctx)
+{
+ if (!ctx->cipher_ctx)
+ return 0;
+ memset(&(ctx->H), 0, 32);
+ memset(&(ctx->S), 0, 32);
+ ctx->len = 0L;
+ ctx->left = 0;
+ return 1;
+}
/*
* Hash block of arbitrary length
*
*
*/
-int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
- {
- if (ctx->left)
- {
- /*There are some bytes from previous step*/
- unsigned int add_bytes = 32-ctx->left;
- if (add_bytes>length)
- {
- add_bytes = length;
- }
- memcpy(&(ctx->remainder[ctx->left]),block,add_bytes);
- ctx->left+=add_bytes;
- if (ctx->left<32)
- {
- return 1;
- }
- block+=add_bytes;
- length-=add_bytes;
- hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
- add_blocks(32,ctx->S,ctx->remainder);
- ctx->len+=32;
- ctx->left=0;
- }
- while (length>=32)
- {
- hash_step(ctx->cipher_ctx,ctx->H,block);
-
- add_blocks(32,ctx->S,block);
- ctx->len+=32;
- block+=32;
- length-=32;
- }
- if (length)
- {
- memcpy(ctx->remainder,block,ctx->left=length);
- }
- return 1;
- }
+int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length)
+{
+ if (ctx->left) {
+ /*
+ * There are some bytes from previous step
+ */
+ unsigned int add_bytes = 32 - ctx->left;
+ if (add_bytes > length) {
+ add_bytes = length;
+ }
+ memcpy(&(ctx->remainder[ctx->left]), block, add_bytes);
+ ctx->left += add_bytes;
+ if (ctx->left < 32) {
+ return 1;
+ }
+ block += add_bytes;
+ length -= add_bytes;
+ hash_step(ctx->cipher_ctx, ctx->H, ctx->remainder);
+ add_blocks(32, ctx->S, ctx->remainder);
+ ctx->len += 32;
+ ctx->left = 0;
+ }
+ while (length >= 32) {
+ hash_step(ctx->cipher_ctx, ctx->H, block);
+
+ add_blocks(32, ctx->S, block);
+ ctx->len += 32;
+ block += 32;
+ length -= 32;
+ }
+ if (length) {
+ memcpy(ctx->remainder, block, ctx->left = length);
+ }
+ return 1;
+}
/*
* Compute hash value from current state of ctx
* state of hash ctx becomes invalid and cannot be used for further
* hashing.
- */
-int finish_hash(gost_hash_ctx *ctx,byte *hashval)
- {
- byte buf[32];
- byte H[32];
- byte S[32];
- ghosthash_len fin_len=ctx->len;
- byte *bptr;
- memcpy(H,ctx->H,32);
- memcpy(S,ctx->S,32);
- if (ctx->left)
- {
- memset(buf,0,32);
- memcpy(buf,ctx->remainder,ctx->left);
- hash_step(ctx->cipher_ctx,H,buf);
- add_blocks(32,S,buf);
- fin_len+=ctx->left;
- }
- memset(buf,0,32);
- bptr=buf;
- fin_len<<=3; /* Hash length in BITS!!*/
- while(fin_len>0)
- {
- *(bptr++)=(byte)(fin_len&0xFF);
- fin_len>>=8;
- };
- hash_step(ctx->cipher_ctx,H,buf);
- hash_step(ctx->cipher_ctx,H,S);
- memcpy(hashval,H,32);
- return 1;
- }
+ */
+int finish_hash(gost_hash_ctx * ctx, byte * hashval)
+{
+ byte buf[32];
+ byte H[32];
+ byte S[32];
+ ghosthash_len fin_len = ctx->len;
+ byte *bptr;
+ memcpy(H, ctx->H, 32);
+ memcpy(S, ctx->S, 32);
+ if (ctx->left) {
+ memset(buf, 0, 32);
+ memcpy(buf, ctx->remainder, ctx->left);
+ hash_step(ctx->cipher_ctx, H, buf);
+ add_blocks(32, S, buf);
+ fin_len += ctx->left;
+ }
+ memset(buf, 0, 32);
+ bptr = buf;
+ fin_len <<= 3; /* Hash length in BITS!! */
+ while (fin_len > 0) {
+ *(bptr++) = (byte) (fin_len & 0xFF);
+ fin_len >>= 8;
+ };
+ hash_step(ctx->cipher_ctx, H, buf);
+ hash_step(ctx->cipher_ctx, H, S);
+ memcpy(hashval, H, 32);
+ return 1;
+}
diff --git a/openssl/engines/ccgost/gosthash.h b/openssl/engines/ccgost/gosthash.h
index 4a2e441ec..003e668e0 100644
--- a/openssl/engines/ccgost/gosthash.h
+++ b/openssl/engines/ccgost/gosthash.h
@@ -7,42 +7,46 @@
* uses and gost89.h Doesn't need OpenSSL *
**********************************************************************/
#ifndef GOSTHASH_H
-#define GOSTHASH_H
-#include "gost89.h"
-#include <stdlib.h>
+# define GOSTHASH_H
+# include "gost89.h"
+# include <stdlib.h>
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
typedef __int64 ghosthash_len;
-#elif defined(__arch64__)
+# elif defined(__arch64__)
typedef long ghosthash_len;
-#else
+# else
typedef long long ghosthash_len;
-#endif
+# endif
typedef struct gost_hash_ctx {
- ghosthash_len len;
- gost_ctx *cipher_ctx;
- int left;
- byte H[32];
- byte S[32];
- byte remainder[32];
-} gost_hash_ctx;
-
+ ghosthash_len len;
+ gost_ctx *cipher_ctx;
+ int left;
+ byte H[32];
+ byte S[32];
+ byte remainder[32];
+} gost_hash_ctx;
/* Initalizes gost hash ctx, including creation of gost cipher ctx */
-int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block);
-void done_gost_hash_ctx(gost_hash_ctx *ctx);
+int init_gost_hash_ctx(gost_hash_ctx * ctx,
+ const gost_subst_block * subst_block);
+void done_gost_hash_ctx(gost_hash_ctx * ctx);
-/* Cleans up all fields, except cipher ctx preparing ctx for computing
- * of new hash value */
-int start_hash(gost_hash_ctx *ctx);
+/*
+ * Cleans up all fields, except cipher ctx preparing ctx for computing of new
+ * hash value
+ */
+int start_hash(gost_hash_ctx * ctx);
/* Hashes block of data */
-int hash_block(gost_hash_ctx *ctx, const byte *block, size_t length);
+int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length);
-/* Finalizes computation of hash and fills buffer (which should be at
- * least 32 bytes long) with value of computed hash. */
-int finish_hash(gost_hash_ctx *ctx, byte *hashval);
+/*
+ * Finalizes computation of hash and fills buffer (which should be at least
+ * 32 bytes long) with value of computed hash.
+ */
+int finish_hash(gost_hash_ctx * ctx, byte * hashval);
-#endif
+#endif
diff --git a/openssl/engines/ccgost/gostsum.c b/openssl/engines/ccgost/gostsum.c
index d57112eb5..1021848ef 100644
--- a/openssl/engines/ccgost/gostsum.c
+++ b/openssl/engines/ccgost/gostsum.c
@@ -15,196 +15,173 @@
#include <string.h>
#include "gosthash.h"
#define BUF_SIZE 262144
-int hash_file(gost_hash_ctx *ctx,char *filename,char *sum,int mode);
-int hash_stream(gost_hash_ctx *ctx,int fd, char *sum);
-int get_line(FILE *f,char *hash,char *filename);
+int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode);
+int hash_stream(gost_hash_ctx * ctx, int fd, char *sum);
+int get_line(FILE *f, char *hash, char *filename);
void help()
- {
- fprintf(stderr,"gostsum [-bvt] [-c [file]]| [files]\n"
- "\t-c check message digests (default is generate)\n"
- "\t-v verbose, print file names when checking\n"
- "\t-b read files in binary mode\n"
- "\t-t use test GOST paramset (default is CryptoPro paramset)\n"
- "The input for -c should be the list of message digests and file names\n"
- "that is printed on stdout by this program when it generates digests.\n");
- exit(3);
- }
+{
+ fprintf(stderr, "gostsum [-bvt] [-c [file]]| [files]\n"
+ "\t-c check message digests (default is generate)\n"
+ "\t-v verbose, print file names when checking\n"
+ "\t-b read files in binary mode\n"
+ "\t-t use test GOST paramset (default is CryptoPro paramset)\n"
+ "The input for -c should be the list of message digests and file names\n"
+ "that is printed on stdout by this program when it generates digests.\n");
+ exit(3);
+}
#ifndef O_BINARY
-#define O_BINARY 0
+# define O_BINARY 0
#endif
-int main(int argc,char **argv)
- {
- int c,i;
- int verbose=0;
- int errors=0;
- int open_mode = O_RDONLY;
- gost_subst_block *b= &GostR3411_94_CryptoProParamSet;
- FILE *check_file = NULL;
- gost_hash_ctx ctx;
-
- while( (c=getopt(argc,argv,"bc::tv"))!=-1)
- {
- switch (c)
- {
- case 'v': verbose=1; break;
- case 't': b= &GostR3411_94_TestParamSet; break;
- case 'b': open_mode |= O_BINARY; break;
- case 'c':
- if (optarg)
- {
- check_file = fopen(optarg,"r");
- if (!check_file)
- {
- perror(optarg);
- exit(2);
- }
- }
- else
- {
- check_file= stdin;
- }
- break;
- default:
- fprintf(stderr,"invalid option %c",optopt);
- help();
- }
- }
- init_gost_hash_ctx(&ctx,b);
- if (check_file)
- {
- char inhash[65],calcsum[65],filename[PATH_MAX];
- int failcount=0,count=0;;
- if (check_file==stdin && optind<argc)
- {
- check_file=fopen(argv[optind],"r");
- if (!check_file)
- {
- perror(argv[optind]);
- exit(2);
- }
- }
- while (get_line(check_file,inhash,filename))
- {
- if (!hash_file(&ctx,filename,calcsum,open_mode))
- {
- exit (2);
- }
- count++;
- if (!strncmp(calcsum,inhash,65))
- {
- if (verbose)
- {
- fprintf(stderr,"%s\tOK\n",filename);
- }
- }
- else
- {
- if (verbose)
- {
- fprintf(stderr,"%s\tFAILED\n",filename);
- }
- else
- {
- fprintf(stderr,"%s: GOST hash sum check failed for '%s'\n",
- argv[0],filename);
- }
- failcount++;
- }
- }
- if (verbose && failcount)
- {
- fprintf(stderr,"%s: %d of %d file(f) failed GOST hash sum check\n",
- argv[0],failcount,count);
- }
- exit (failcount?1:0);
- }
- if (optind==argc)
- {
- char sum[65];
- if (!hash_stream(&ctx,fileno(stdin),sum))
- {
- perror("stdin");
- exit(1);
- }
- printf("%s -\n",sum);
- exit(0);
- }
- for (i=optind;i<argc;i++)
- {
- char sum[65];
- if (!hash_file(&ctx,argv[i],sum,open_mode))
- {
- errors++;
- }
- else
- {
- printf("%s %s\n",sum,argv[i]);
- }
- }
- exit(errors?1:0);
- }
+int main(int argc, char **argv)
+{
+ int c, i;
+ int verbose = 0;
+ int errors = 0;
+ int open_mode = O_RDONLY;
+ gost_subst_block *b = &GostR3411_94_CryptoProParamSet;
+ FILE *check_file = NULL;
+ gost_hash_ctx ctx;
-int hash_file(gost_hash_ctx *ctx,char *filename,char *sum,int mode)
- {
- int fd;
- if ((fd=open(filename,mode))<0)
- {
- perror(filename);
- return 0;
- }
- if (!hash_stream(ctx,fd,sum))
- {
- perror(filename);
- return 0;
- }
- close(fd);
- return 1;
- }
+ while ((c = getopt(argc, argv, "bc::tv")) != -1) {
+ switch (c) {
+ case 'v':
+ verbose = 1;
+ break;
+ case 't':
+ b = &GostR3411_94_TestParamSet;
+ break;
+ case 'b':
+ open_mode |= O_BINARY;
+ break;
+ case 'c':
+ if (optarg) {
+ check_file = fopen(optarg, "r");
+ if (!check_file) {
+ perror(optarg);
+ exit(2);
+ }
+ } else {
+ check_file = stdin;
+ }
+ break;
+ default:
+ fprintf(stderr, "invalid option %c", optopt);
+ help();
+ }
+ }
+ init_gost_hash_ctx(&ctx, b);
+ if (check_file) {
+ char inhash[65], calcsum[65], filename[PATH_MAX];
+ int failcount = 0, count = 0;;
+ if (check_file == stdin && optind < argc) {
+ check_file = fopen(argv[optind], "r");
+ if (!check_file) {
+ perror(argv[optind]);
+ exit(2);
+ }
+ }
+ while (get_line(check_file, inhash, filename)) {
+ if (!hash_file(&ctx, filename, calcsum, open_mode)) {
+ exit(2);
+ }
+ count++;
+ if (!strncmp(calcsum, inhash, 65)) {
+ if (verbose) {
+ fprintf(stderr, "%s\tOK\n", filename);
+ }
+ } else {
+ if (verbose) {
+ fprintf(stderr, "%s\tFAILED\n", filename);
+ } else {
+ fprintf(stderr,
+ "%s: GOST hash sum check failed for '%s'\n",
+ argv[0], filename);
+ }
+ failcount++;
+ }
+ }
+ if (verbose && failcount) {
+ fprintf(stderr,
+ "%s: %d of %d file(f) failed GOST hash sum check\n",
+ argv[0], failcount, count);
+ }
+ exit(failcount ? 1 : 0);
+ }
+ if (optind == argc) {
+ char sum[65];
+ if (!hash_stream(&ctx, fileno(stdin), sum)) {
+ perror("stdin");
+ exit(1);
+ }
+ printf("%s -\n", sum);
+ exit(0);
+ }
+ for (i = optind; i < argc; i++) {
+ char sum[65];
+ if (!hash_file(&ctx, argv[i], sum, open_mode)) {
+ errors++;
+ } else {
+ printf("%s %s\n", sum, argv[i]);
+ }
+ }
+ exit(errors ? 1 : 0);
+}
-int hash_stream(gost_hash_ctx *ctx,int fd, char *sum)
- {
- unsigned char buffer[BUF_SIZE];
- ssize_t bytes;
- int i;
- start_hash(ctx);
- while ((bytes=read(fd,buffer,BUF_SIZE))>0)
- {
- hash_block(ctx,buffer,bytes);
- }
- if (bytes<0)
- {
- return 0;
- }
- finish_hash(ctx,buffer);
- for (i=0;i<32;i++)
- {
- sprintf(sum+2*i,"%02x",buffer[31-i]);
- }
- return 1;
- }
-
-int get_line(FILE *f,char *hash,char *filename)
- {
- int i;
- if (fread(hash,1,64,f)<64) return 0;
- hash[64]=0;
- for (i=0;i<64;i++)
- {
- if (hash[i]<'0' || (hash[i]>'9' && hash[i]<'A') || (hash[i]>'F'
- && hash[i]<'a')||hash[i]>'f')
- {
- fprintf(stderr,"Not a hash value '%s'\n",hash);
- return 0;
- }
- }
- if (fgetc(f)!=' ')
- {
- fprintf(stderr,"Malformed input line\n");
- return 0;
- }
- i=strlen(fgets(filename,PATH_MAX,f));
- while (filename[--i]=='\n'||filename[i]=='\r') filename[i]=0;
- return 1;
- }
+int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode)
+{
+ int fd;
+ if ((fd = open(filename, mode)) < 0) {
+ perror(filename);
+ return 0;
+ }
+ if (!hash_stream(ctx, fd, sum)) {
+ perror(filename);
+ return 0;
+ }
+ close(fd);
+ return 1;
+}
+
+int hash_stream(gost_hash_ctx * ctx, int fd, char *sum)
+{
+ unsigned char buffer[BUF_SIZE];
+ ssize_t bytes;
+ int i;
+ start_hash(ctx);
+ while ((bytes = read(fd, buffer, BUF_SIZE)) > 0) {
+ hash_block(ctx, buffer, bytes);
+ }
+ if (bytes < 0) {
+ return 0;
+ }
+ finish_hash(ctx, buffer);
+ for (i = 0; i < 32; i++) {
+ sprintf(sum + 2 * i, "%02x", buffer[31 - i]);
+ }
+ return 1;
+}
+
+int get_line(FILE *f, char *hash, char *filename)
+{
+ int i;
+ if (fread(hash, 1, 64, f) < 64)
+ return 0;
+ hash[64] = 0;
+ for (i = 0; i < 64; i++) {
+ if (hash[i] < '0' || (hash[i] > '9' && hash[i] < 'A')
+ || (hash[i] > 'F' && hash[i] < 'a') || hash[i] > 'f') {
+ fprintf(stderr, "Not a hash value '%s'\n", hash);
+ return 0;
+ }
+ }
+ if (fgetc(f) != ' ') {
+ fprintf(stderr, "Malformed input line\n");
+ return 0;
+ }
+ i = strlen(fgets(filename, PATH_MAX, f));
+ while (filename[--i] == '\n' || filename[i] == '\r')
+ filename[i] = 0;
+ return 1;
+}
diff --git a/openssl/engines/e_4758cca.c b/openssl/engines/e_4758cca.c
index 443182bd3..5f771986c 100644
--- a/openssl/engines/e_4758cca.c
+++ b/openssl/engines/e_4758cca.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -62,926 +62,891 @@
#include <openssl/engine.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
+# ifndef OPENSSL_NO_HW_4758_CCA
-#ifdef FLAT_INC
-#include "hw_4758_cca.h"
-#else
-#include "vendor_defns/hw_4758_cca.h"
-#endif
+# ifdef FLAT_INC
+# include "hw_4758_cca.h"
+# else
+# include "vendor_defns/hw_4758_cca.h"
+# endif
-#include "e_4758cca_err.c"
+# include "e_4758cca_err.c"
static int ibm_4758_cca_destroy(ENGINE *e);
static int ibm_4758_cca_init(ENGINE *e);
static int ibm_4758_cca_finish(ENGINE *e);
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void));
/* rsa functions */
-/*---------------*/
-#ifndef OPENSSL_NO_RSA
+/* -------------*/
+# ifndef OPENSSL_NO_RSA
static int cca_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
+ unsigned char *to, RSA *rsa, int padding);
static int cca_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
+ unsigned char *to, RSA *rsa, int padding);
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
- const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+ unsigned char *sigret, unsigned int *siglen,
+ const RSA *rsa);
+static int cca_rsa_verify(int dtype, const unsigned char *m,
+ unsigned int m_len, const unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa);
/* utility functions */
-/*-----------------------*/
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
- UI_METHOD *ui_method, void *callback_data);
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
- UI_METHOD *ui_method, void *callback_data);
-
-static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
- unsigned char *exponent, long *modulusLength,
- long *modulusFieldLength, unsigned char *modulus);
-#endif
+/* ---------------------*/
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE *, const char *,
+ UI_METHOD *ui_method,
+ void *callback_data);
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *, const char *,
+ UI_METHOD *ui_method,
+ void *callback_data);
+
+static int getModulusAndExponent(const unsigned char *token,
+ long *exponentLength,
+ unsigned char *exponent, long *modulusLength,
+ long *modulusFieldLength,
+ unsigned char *modulus);
+# endif
/* RAND number functions */
-/*-----------------------*/
-static int cca_get_random_bytes(unsigned char*, int);
+/* ---------------------*/
+static int cca_get_random_bytes(unsigned char *, int);
static int cca_random_status(void);
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#endif
+ int idx, long argl, void *argp);
+# endif
/* Function pointers for CCA verbs */
-/*---------------------------------*/
-#ifndef OPENSSL_NO_RSA
+/* -------------------------------*/
+# ifndef OPENSSL_NO_RSA
static F_KEYRECORDREAD keyRecordRead;
static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
static F_PUBLICKEYEXTRACT publicKeyExtract;
static F_PKAENCRYPT pkaEncrypt;
static F_PKADECRYPT pkaDecrypt;
-#endif
+# endif
static F_RANDOMNUMBERGENERATE randomNumberGenerate;
/* static variables */
-/*------------------*/
+/* ----------------*/
static const char *CCA4758_LIB_NAME = NULL;
static const char *get_CCA4758_LIB_NAME(void)
- {
- if(CCA4758_LIB_NAME)
- return CCA4758_LIB_NAME;
- return CCA_LIB_NAME;
- }
+{
+ if (CCA4758_LIB_NAME)
+ return CCA4758_LIB_NAME;
+ return CCA_LIB_NAME;
+}
+
static void free_CCA4758_LIB_NAME(void)
- {
- if(CCA4758_LIB_NAME)
- OPENSSL_free((void*)CCA4758_LIB_NAME);
- CCA4758_LIB_NAME = NULL;
- }
-static long set_CCA4758_LIB_NAME(const char *name)
- {
- free_CCA4758_LIB_NAME();
- return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-#ifndef OPENSSL_NO_RSA
-static const char* n_keyRecordRead = CSNDKRR;
-static const char* n_digitalSignatureGenerate = CSNDDSG;
-static const char* n_digitalSignatureVerify = CSNDDSV;
-static const char* n_publicKeyExtract = CSNDPKX;
-static const char* n_pkaEncrypt = CSNDPKE;
-static const char* n_pkaDecrypt = CSNDPKD;
-#endif
-static const char* n_randomNumberGenerate = CSNBRNG;
+{
+ if (CCA4758_LIB_NAME)
+ OPENSSL_free((void *)CCA4758_LIB_NAME);
+ CCA4758_LIB_NAME = NULL;
+}
-#ifndef OPENSSL_NO_RSA
+static long set_CCA4758_LIB_NAME(const char *name)
+{
+ free_CCA4758_LIB_NAME();
+ return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+# ifndef OPENSSL_NO_RSA
+static const char *n_keyRecordRead = CSNDKRR;
+static const char *n_digitalSignatureGenerate = CSNDDSG;
+static const char *n_digitalSignatureVerify = CSNDDSV;
+static const char *n_publicKeyExtract = CSNDPKX;
+static const char *n_pkaEncrypt = CSNDPKE;
+static const char *n_pkaDecrypt = CSNDPKD;
+# endif
+static const char *n_randomNumberGenerate = CSNBRNG;
+
+# ifndef OPENSSL_NO_RSA
static int hndidx = -1;
-#endif
+# endif
static DSO *dso = NULL;
/* openssl engine initialization structures */
-/*------------------------------------------*/
-
-#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
- {CCA4758_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the '4758cca' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD ibm_4758_cca_rsa =
- {
- "IBM 4758 CCA RSA method",
- cca_rsa_pub_enc,
- NULL,
- NULL,
- cca_rsa_priv_dec,
- NULL, /*rsa_mod_exp,*/
- NULL, /*mod_exp_mont,*/
- NULL, /* init */
- NULL, /* finish */
- RSA_FLAG_SIGN_VER, /* flags */
- NULL, /* app_data */
- cca_rsa_sign, /* rsa_sign */
- cca_rsa_verify, /* rsa_verify */
- NULL /* rsa_keygen */
- };
-#endif
-
-static RAND_METHOD ibm_4758_cca_rand =
- {
- /* "IBM 4758 RAND method", */
- NULL, /* seed */
- cca_get_random_bytes, /* get random bytes from the card */
- NULL, /* cleanup */
- NULL, /* add */
- cca_get_random_bytes, /* pseudo rand */
- cca_random_status, /* status */
- };
+/* ----------------------------------------*/
+
+# define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
+ {CCA4758_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the '4758cca' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+static RSA_METHOD ibm_4758_cca_rsa = {
+ "IBM 4758 CCA RSA method",
+ cca_rsa_pub_enc,
+ NULL,
+ NULL,
+ cca_rsa_priv_dec,
+ NULL, /* rsa_mod_exp, */
+ NULL, /* mod_exp_mont, */
+ NULL, /* init */
+ NULL, /* finish */
+ RSA_FLAG_SIGN_VER, /* flags */
+ NULL, /* app_data */
+ cca_rsa_sign, /* rsa_sign */
+ cca_rsa_verify, /* rsa_verify */
+ NULL /* rsa_keygen */
+};
+# endif
+
+static RAND_METHOD ibm_4758_cca_rand = {
+ /* "IBM 4758 RAND method", */
+ NULL, /* seed */
+ cca_get_random_bytes, /* get random bytes from the card */
+ NULL, /* cleanup */
+ NULL, /* add */
+ cca_get_random_bytes, /* pseudo rand */
+ cca_random_status, /* status */
+};
static const char *engine_4758_cca_id = "4758cca";
-static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static const char *engine_4758_cca_name =
+ "IBM 4758 CCA hardware engine support";
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Compatibility hack, the dynamic library uses this form in the path */
static const char *engine_4758_cca_id_alt = "4758_cca";
-#endif
+# endif
/* engine implementation */
-/*-----------------------*/
+/* ---------------------*/
static int bind_helper(ENGINE *e)
- {
- if(!ENGINE_set_id(e, engine_4758_cca_id) ||
- !ENGINE_set_name(e, engine_4758_cca_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
-#endif
- !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
- !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
- !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
- !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
- !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
-#endif
- !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
- return 0;
- /* Ensure the error handling is set up */
- ERR_load_CCA4758_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+{
+ if (!ENGINE_set_id(e, engine_4758_cca_id) ||
+ !ENGINE_set_name(e, engine_4758_cca_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
+# endif
+ !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
+ !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
+ !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
+ !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
+ !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
+ !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+# endif
+ !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
+ return 0;
+ /* Ensure the error handling is set up */
+ ERR_load_CCA4758_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_4758_cca(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_4758cca(void)
- {
- ENGINE *e_4758 = engine_4758_cca();
- if (!e_4758) return;
- ENGINE_add(e_4758);
- ENGINE_free(e_4758);
- ERR_clear_error();
- }
-#endif
+{
+ ENGINE *e_4758 = engine_4758_cca();
+ if (!e_4758)
+ return;
+ ENGINE_add(e_4758);
+ ENGINE_free(e_4758);
+ ERR_clear_error();
+}
+# endif
static int ibm_4758_cca_destroy(ENGINE *e)
- {
- ERR_unload_CCA4758_strings();
- free_CCA4758_LIB_NAME();
- return 1;
- }
+{
+ ERR_unload_CCA4758_strings();
+ free_CCA4758_LIB_NAME();
+ return 1;
+}
static int ibm_4758_cca_init(ENGINE *e)
- {
- if(dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
- goto err;
- }
-
- dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
- if(!dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-
-#ifndef OPENSSL_NO_RSA
- if(!(keyRecordRead = (F_KEYRECORDREAD)
- DSO_bind_func(dso, n_keyRecordRead)) ||
- !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
- DSO_bind_func(dso, n_randomNumberGenerate)) ||
- !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
- DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
- !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
- DSO_bind_func(dso, n_digitalSignatureVerify)) ||
- !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
- DSO_bind_func(dso, n_publicKeyExtract)) ||
- !(pkaEncrypt = (F_PKAENCRYPT)
- DSO_bind_func(dso, n_pkaEncrypt)) ||
- !(pkaDecrypt = (F_PKADECRYPT)
- DSO_bind_func(dso, n_pkaDecrypt)))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-#else
- if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
- DSO_bind_func(dso, n_randomNumberGenerate)))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
- hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
- NULL, NULL, cca_ex_free);
-#endif
-
- return 1;
-err:
- if(dso)
- DSO_free(dso);
- dso = NULL;
-
-#ifndef OPENSSL_NO_RSA
- keyRecordRead = (F_KEYRECORDREAD)0;
- digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
- digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
- publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
- pkaEncrypt = (F_PKAENCRYPT)0;
- pkaDecrypt = (F_PKADECRYPT)0;
-#endif
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- return 0;
- }
+{
+ if (dso) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED);
+ goto err;
+ }
+
+ dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
+ if (!dso) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
+ goto err;
+ }
+# ifndef OPENSSL_NO_RSA
+ if (!(keyRecordRead = (F_KEYRECORDREAD)
+ DSO_bind_func(dso, n_keyRecordRead)) ||
+ !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+ DSO_bind_func(dso, n_randomNumberGenerate)) ||
+ !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
+ DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
+ !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
+ DSO_bind_func(dso, n_digitalSignatureVerify)) ||
+ !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
+ DSO_bind_func(dso, n_publicKeyExtract)) ||
+ !(pkaEncrypt = (F_PKAENCRYPT)
+ DSO_bind_func(dso, n_pkaEncrypt)) || !(pkaDecrypt = (F_PKADECRYPT)
+ DSO_bind_func(dso,
+ n_pkaDecrypt)))
+ {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
+ goto err;
+ }
+# else
+ if (!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+ DSO_bind_func(dso, n_randomNumberGenerate))) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
+ goto err;
+ }
+# endif
+
+# ifndef OPENSSL_NO_RSA
+ hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
+ NULL, NULL, cca_ex_free);
+# endif
+
+ return 1;
+ err:
+ if (dso)
+ DSO_free(dso);
+ dso = NULL;
+
+# ifndef OPENSSL_NO_RSA
+ keyRecordRead = (F_KEYRECORDREAD) 0;
+ digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
+ digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+ publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+ pkaEncrypt = (F_PKAENCRYPT) 0;
+ pkaDecrypt = (F_PKADECRYPT) 0;
+# endif
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
+ return 0;
+}
static int ibm_4758_cca_finish(ENGINE *e)
- {
- free_CCA4758_LIB_NAME();
- if(!dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
- CCA4758_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(dso))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
- CCA4758_R_UNIT_FAILURE);
- return 0;
- }
- dso = NULL;
-#ifndef OPENSSL_NO_RSA
- keyRecordRead = (F_KEYRECORDREAD)0;
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
- digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
- publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
- pkaEncrypt = (F_PKAENCRYPT)0;
- pkaDecrypt = (F_PKADECRYPT)0;
-#endif
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- return 1;
- }
-
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case CCA4758_CMD_SO_PATH:
- if(p == NULL)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- CCA4758_R_ALREADY_LOADED);
- return 0;
- }
- return set_CCA4758_LIB_NAME((const char *)p);
- default:
- break;
- }
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- CCA4758_R_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-#ifndef OPENSSL_NO_RSA
-
-#define MAX_CCA_PKA_TOKEN_SIZE 2500
-
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- RSA *rtmp = NULL;
- EVP_PKEY *res = NULL;
- unsigned char* keyToken = NULL;
- unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
- long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- long ruleArrayLength = 0;
- unsigned char exitData[8];
- unsigned char ruleArray[8];
- unsigned char keyLabel[64];
- unsigned long keyLabelLength = strlen(key_id);
- unsigned char modulus[256];
- long modulusFieldLength = sizeof(modulus);
- long modulusLength = 0;
- unsigned char exponent[256];
- long exponentLength = sizeof(exponent);
-
- if (keyLabelLength > sizeof(keyLabel))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return NULL;
- }
-
- memset(keyLabel,' ', sizeof(keyLabel));
- memcpy(keyLabel, key_id, keyLabelLength);
-
- keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
- if (!keyToken)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, keyLabel,
- &keyTokenLength, keyToken+sizeof(long));
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- if (!getModulusAndExponent(pubKeyToken, &exponentLength,
- exponent, &modulusLength, &modulusFieldLength,
- modulus))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- (*(long*)keyToken) = keyTokenLength;
- rtmp = RSA_new_method(e);
- RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
-
- rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
- rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
-
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-
- return res;
-err:
- if (keyToken)
- OPENSSL_free(keyToken);
- return NULL;
- }
-
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- RSA *rtmp = NULL;
- EVP_PKEY *res = NULL;
- unsigned char* keyToken = NULL;
- long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- long ruleArrayLength = 0;
- unsigned char exitData[8];
- unsigned char ruleArray[8];
- unsigned char keyLabel[64];
- unsigned long keyLabelLength = strlen(key_id);
- unsigned char modulus[512];
- long modulusFieldLength = sizeof(modulus);
- long modulusLength = 0;
- unsigned char exponent[512];
- long exponentLength = sizeof(exponent);
-
- if (keyLabelLength > sizeof(keyLabel))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return NULL;
- }
-
- memset(keyLabel,' ', sizeof(keyLabel));
- memcpy(keyLabel, key_id, keyLabelLength);
-
- keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
- if (!keyToken)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
- keyToken+sizeof(long));
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
- exponent, &modulusLength, &modulusFieldLength, modulus))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
-
- (*(long*)keyToken) = keyTokenLength;
- rtmp = RSA_new_method(e);
- RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
- rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
- rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-
- return res;
-err:
- if (keyToken)
- OPENSSL_free(keyToken);
- return NULL;
- }
+{
+ free_CCA4758_LIB_NAME();
+ if (!dso) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(dso)) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_UNIT_FAILURE);
+ return 0;
+ }
+ dso = NULL;
+# ifndef OPENSSL_NO_RSA
+ keyRecordRead = (F_KEYRECORDREAD) 0;
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
+ digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
+ digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+ publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+ pkaEncrypt = (F_PKAENCRYPT) 0;
+ pkaDecrypt = (F_PKADECRYPT) 0;
+# endif
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
+ return 1;
+}
+
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void))
+{
+ int initialised = ((dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case CCA4758_CMD_SO_PATH:
+ if (p == NULL) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, CCA4758_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_CCA4758_LIB_NAME((const char *)p);
+ default:
+ break;
+ }
+ CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+ CCA4758_R_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+# ifndef OPENSSL_NO_RSA
+
+# define MAX_CCA_PKA_TOKEN_SIZE 2500
+
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ RSA *rtmp = NULL;
+ EVP_PKEY *res = NULL;
+ unsigned char *keyToken = NULL;
+ unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
+ long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+ long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+ long returnCode;
+ long reasonCode;
+ long exitDataLength = 0;
+ long ruleArrayLength = 0;
+ unsigned char exitData[8];
+ unsigned char ruleArray[8];
+ unsigned char keyLabel[64];
+ unsigned long keyLabelLength = strlen(key_id);
+ unsigned char modulus[256];
+ long modulusFieldLength = sizeof(modulus);
+ long modulusLength = 0;
+ unsigned char exponent[256];
+ long exponentLength = sizeof(exponent);
+
+ if (keyLabelLength > sizeof(keyLabel)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return NULL;
+ }
+
+ memset(keyLabel, ' ', sizeof(keyLabel));
+ memcpy(keyLabel, key_id, keyLabelLength);
+
+ keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+ if (!keyToken) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray, keyLabel,
+ &keyTokenLength, keyToken + sizeof(long));
+
+ if (returnCode) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+
+ publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+ keyToken + sizeof(long), &pubKeyTokenLength,
+ pubKeyToken);
+
+ if (returnCode) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+
+ if (!getModulusAndExponent(pubKeyToken, &exponentLength,
+ exponent, &modulusLength, &modulusFieldLength,
+ modulus)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+
+ (*(long *)keyToken) = keyTokenLength;
+ rtmp = RSA_new_method(e);
+ RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+
+ rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+ rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+ rtmp->flags |= RSA_FLAG_EXT_PKEY;
+
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rtmp);
+
+ return res;
+ err:
+ if (keyToken)
+ OPENSSL_free(keyToken);
+ return NULL;
+}
+
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ RSA *rtmp = NULL;
+ EVP_PKEY *res = NULL;
+ unsigned char *keyToken = NULL;
+ long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+ long returnCode;
+ long reasonCode;
+ long exitDataLength = 0;
+ long ruleArrayLength = 0;
+ unsigned char exitData[8];
+ unsigned char ruleArray[8];
+ unsigned char keyLabel[64];
+ unsigned long keyLabelLength = strlen(key_id);
+ unsigned char modulus[512];
+ long modulusFieldLength = sizeof(modulus);
+ long modulusLength = 0;
+ unsigned char exponent[512];
+ long exponentLength = sizeof(exponent);
+
+ if (keyLabelLength > sizeof(keyLabel)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return NULL;
+ }
+
+ memset(keyLabel, ' ', sizeof(keyLabel));
+ memcpy(keyLabel, key_id, keyLabelLength);
+
+ keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+ if (!keyToken) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
+ &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
+ keyToken + sizeof(long));
+
+ if (returnCode) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength,
+ exponent, &modulusLength, &modulusFieldLength,
+ modulus)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
+ CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
+ goto err;
+ }
+
+ (*(long *)keyToken) = keyTokenLength;
+ rtmp = RSA_new_method(e);
+ RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+ rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+ rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+ rtmp->flags |= RSA_FLAG_EXT_PKEY;
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rtmp);
+
+ return res;
+ err:
+ if (keyToken)
+ OPENSSL_free(keyToken);
+ return NULL;
+}
static int cca_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding)
- {
- long returnCode;
- long reasonCode;
- long lflen = flen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.2";
- long dataStructureLength = 0;
- unsigned char dataStructure[8];
- long outputLength = RSA_size(rsa);
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
- &dataStructureLength, dataStructure, &keyTokenLength,
- keyToken, &outputLength, to);
-
- if (returnCode || reasonCode)
- return -(returnCode << 16 | reasonCode);
- return outputLength;
- }
+ unsigned char *to, RSA *rsa, int padding)
+{
+ long returnCode;
+ long reasonCode;
+ long lflen = flen;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.2";
+ long dataStructureLength = 0;
+ unsigned char dataStructure[8];
+ long outputLength = RSA_size(rsa);
+ long keyTokenLength;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+ &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
+ &dataStructureLength, dataStructure, &keyTokenLength,
+ keyToken, &outputLength, to);
+
+ if (returnCode || reasonCode)
+ return -(returnCode << 16 | reasonCode);
+ return outputLength;
+}
static int cca_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding)
- {
- long returnCode;
- long reasonCode;
- long lflen = flen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.2";
- long dataStructureLength = 0;
- unsigned char dataStructure[8];
- long outputLength = RSA_size(rsa);
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
- &dataStructureLength, dataStructure, &keyTokenLength,
- keyToken, &outputLength, to);
-
- return (returnCode | reasonCode) ? 0 : 1;
- }
-
-#define SSL_SIG_LEN 36
-
-static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
- const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
- {
- long returnCode;
- long reasonCode;
- long lsiglen = siglen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.1";
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
- long length = SSL_SIG_LEN;
- long keyLength ;
- unsigned char *hashBuffer = NULL;
- X509_SIG sig;
- ASN1_TYPE parameter;
- X509_ALGOR algorithm;
- ASN1_OCTET_STRING digest;
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- if (type == NID_md5 || type == NID_sha1)
- {
- sig.algor = &algorithm;
- algorithm.algorithm = OBJ_nid2obj(type);
-
- if (!algorithm.algorithm)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
-
- if (!algorithm.algorithm->length)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
- return 0;
- }
-
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
- algorithm.parameter = &parameter;
-
- sig.digest = &digest;
- sig.digest->data = (unsigned char*)m;
- sig.digest->length = m_len;
-
- length = i2d_X509_SIG(&sig, NULL);
- }
-
- keyLength = RSA_size(rsa);
-
- if (length - RSA_PKCS1_PADDING > keyLength)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- switch (type)
- {
- case NID_md5_sha1 :
- if (m_len != SSL_SIG_LEN)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- hashBuffer = (unsigned char *)m;
- length = m_len;
- break;
- case NID_md5 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- case NID_sha1 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- default:
- return 0;
- }
-
- digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken, &length, hashBuffer, &lsiglen,
- (unsigned char *)sigbuf);
-
- if (type == NID_sha1 || type == NID_md5)
- {
- OPENSSL_cleanse(hashBuffer, keyLength+1);
- OPENSSL_free(hashBuffer);
- }
-
- return ((returnCode || reasonCode) ? 0 : 1);
- }
-
-#define SSL_SIG_LEN 36
+ unsigned char *to, RSA *rsa, int padding)
+{
+ long returnCode;
+ long reasonCode;
+ long lflen = flen;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.2";
+ long dataStructureLength = 0;
+ unsigned char dataStructure[8];
+ long outputLength = RSA_size(rsa);
+ long keyTokenLength;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+ &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
+ &dataStructureLength, dataStructure, &keyTokenLength,
+ keyToken, &outputLength, to);
+
+ return (returnCode | reasonCode) ? 0 : 1;
+}
+
+# define SSL_SIG_LEN 36
+
+static int cca_rsa_verify(int type, const unsigned char *m,
+ unsigned int m_len, const unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa)
+{
+ long returnCode;
+ long reasonCode;
+ long lsiglen = siglen;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.1";
+ long keyTokenLength;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+ long length = SSL_SIG_LEN;
+ long keyLength;
+ unsigned char *hashBuffer = NULL;
+ X509_SIG sig;
+ ASN1_TYPE parameter;
+ X509_ALGOR algorithm;
+ ASN1_OCTET_STRING digest;
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ if (type == NID_md5 || type == NID_sha1) {
+ sig.algor = &algorithm;
+ algorithm.algorithm = OBJ_nid2obj(type);
+
+ if (!algorithm.algorithm) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+ return 0;
+ }
+
+ if (!algorithm.algorithm->length) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+ return 0;
+ }
+
+ parameter.type = V_ASN1_NULL;
+ parameter.value.ptr = NULL;
+ algorithm.parameter = &parameter;
+
+ sig.digest = &digest;
+ sig.digest->data = (unsigned char *)m;
+ sig.digest->length = m_len;
+
+ length = i2d_X509_SIG(&sig, NULL);
+ }
+
+ keyLength = RSA_size(rsa);
+
+ if (length - RSA_PKCS1_PADDING > keyLength) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+
+ switch (type) {
+ case NID_md5_sha1:
+ if (m_len != SSL_SIG_LEN) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+
+ hashBuffer = (unsigned char *)m;
+ length = m_len;
+ break;
+ case NID_md5:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ case NID_sha1:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ default:
+ return 0;
+ }
+
+ digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray,
+ &keyTokenLength, keyToken, &length, hashBuffer,
+ &lsiglen, (unsigned char *)sigbuf);
+
+ if (type == NID_sha1 || type == NID_md5) {
+ OPENSSL_cleanse(hashBuffer, keyLength + 1);
+ OPENSSL_free(hashBuffer);
+ }
+
+ return ((returnCode || reasonCode) ? 0 : 1);
+}
+
+# define SSL_SIG_LEN 36
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- {
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.1";
- long outputLength=256;
- long outputBitLength;
- long keyTokenLength;
- unsigned char *hashBuffer = NULL;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
- long length = SSL_SIG_LEN;
- long keyLength ;
- X509_SIG sig;
- ASN1_TYPE parameter;
- X509_ALGOR algorithm;
- ASN1_OCTET_STRING digest;
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- if (type == NID_md5 || type == NID_sha1)
- {
- sig.algor = &algorithm;
- algorithm.algorithm = OBJ_nid2obj(type);
-
- if (!algorithm.algorithm)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
-
- if (!algorithm.algorithm->length)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
- return 0;
- }
-
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
- algorithm.parameter = &parameter;
-
- sig.digest = &digest;
- sig.digest->data = (unsigned char*)m;
- sig.digest->length = m_len;
-
- length = i2d_X509_SIG(&sig, NULL);
- }
-
- keyLength = RSA_size(rsa);
-
- if (length - RSA_PKCS1_PADDING > keyLength)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- switch (type)
- {
- case NID_md5_sha1 :
- if (m_len != SSL_SIG_LEN)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
- hashBuffer = (unsigned char*)m;
- length = m_len;
- break;
- case NID_md5 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- case NID_sha1 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- default:
- return 0;
- }
-
- digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
- sigret);
-
- if (type == NID_sha1 || type == NID_md5)
- {
- OPENSSL_cleanse(hashBuffer, keyLength+1);
- OPENSSL_free(hashBuffer);
- }
-
- *siglen = outputLength;
-
- return ((returnCode || reasonCode) ? 0 : 1);
- }
-
-static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
- unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
- unsigned char *modulus)
- {
- unsigned long len;
-
- if (*token++ != (char)0x1E) /* internal PKA token? */
- return 0;
-
- if (*token++) /* token version must be zero */
- return 0;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- token += 4; /* skip reserved bytes */
-
- if (*token++ == (char)0x04)
- {
- if (*token++) /* token version must be zero */
- return 0;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- token+=2; /* skip reserved section */
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *exponentLength = len;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *modulusLength = len;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *modulusFieldLength = len;
-
- memcpy(exponent, token, *exponentLength);
- token+= *exponentLength;
-
- memcpy(modulus, token, *modulusFieldLength);
- return 1;
- }
- return 0;
- }
-
-#endif /* OPENSSL_NO_RSA */
+ unsigned char *sigret, unsigned int *siglen,
+ const RSA *rsa)
+{
+ long returnCode;
+ long reasonCode;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.1";
+ long outputLength = 256;
+ long outputBitLength;
+ long keyTokenLength;
+ unsigned char *hashBuffer = NULL;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+ long length = SSL_SIG_LEN;
+ long keyLength;
+ X509_SIG sig;
+ ASN1_TYPE parameter;
+ X509_ALGOR algorithm;
+ ASN1_OCTET_STRING digest;
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ if (type == NID_md5 || type == NID_sha1) {
+ sig.algor = &algorithm;
+ algorithm.algorithm = OBJ_nid2obj(type);
+
+ if (!algorithm.algorithm) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+ return 0;
+ }
+
+ if (!algorithm.algorithm->length) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+ return 0;
+ }
+
+ parameter.type = V_ASN1_NULL;
+ parameter.value.ptr = NULL;
+ algorithm.parameter = &parameter;
+
+ sig.digest = &digest;
+ sig.digest->data = (unsigned char *)m;
+ sig.digest->length = m_len;
+
+ length = i2d_X509_SIG(&sig, NULL);
+ }
+
+ keyLength = RSA_size(rsa);
+
+ if (length - RSA_PKCS1_PADDING > keyLength) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+
+ switch (type) {
+ case NID_md5_sha1:
+ if (m_len != SSL_SIG_LEN) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+ hashBuffer = (unsigned char *)m;
+ length = m_len;
+ break;
+ case NID_md5:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ case NID_sha1:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ default:
+ return 0;
+ }
+
+ digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray,
+ &keyTokenLength, keyToken, &length, hashBuffer,
+ &outputLength, &outputBitLength, sigret);
+
+ if (type == NID_sha1 || type == NID_md5) {
+ OPENSSL_cleanse(hashBuffer, keyLength + 1);
+ OPENSSL_free(hashBuffer);
+ }
+
+ *siglen = outputLength;
+
+ return ((returnCode || reasonCode) ? 0 : 1);
+}
+
+static int getModulusAndExponent(const unsigned char *token,
+ long *exponentLength,
+ unsigned char *exponent, long *modulusLength,
+ long *modulusFieldLength,
+ unsigned char *modulus)
+{
+ unsigned long len;
+
+ if (*token++ != (char)0x1E) /* internal PKA token? */
+ return 0;
+
+ if (*token++) /* token version must be zero */
+ return 0;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ token += 4; /* skip reserved bytes */
+
+ if (*token++ == (char)0x04) {
+ if (*token++) /* token version must be zero */
+ return 0;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ token += 2; /* skip reserved section */
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ *exponentLength = len;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ *modulusLength = len;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ *modulusFieldLength = len;
+
+ memcpy(exponent, token, *exponentLength);
+ token += *exponentLength;
+
+ memcpy(modulus, token, *modulusFieldLength);
+ return 1;
+ }
+ return 0;
+}
+
+# endif /* OPENSSL_NO_RSA */
static int cca_random_status(void)
- {
- return 1;
- }
-
-static int cca_get_random_bytes(unsigned char* buf, int num)
- {
- long ret_code;
- long reason_code;
- long exit_data_length;
- unsigned char exit_data[4];
- unsigned char form[] = "RANDOM ";
- unsigned char rand_buf[8];
-
- while(num >= (int)sizeof(rand_buf))
- {
- randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
- exit_data, form, rand_buf);
- if (ret_code)
- return 0;
- num -= sizeof(rand_buf);
- memcpy(buf, rand_buf, sizeof(rand_buf));
- buf += sizeof(rand_buf);
- }
-
- if (num)
- {
- randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
- form, rand_buf);
- if (ret_code)
- return 0;
- memcpy(buf, rand_buf, num);
- }
-
- return 1;
- }
-
-#ifndef OPENSSL_NO_RSA
+{
+ return 1;
+}
+
+static int cca_get_random_bytes(unsigned char *buf, int num)
+{
+ long ret_code;
+ long reason_code;
+ long exit_data_length;
+ unsigned char exit_data[4];
+ unsigned char form[] = "RANDOM ";
+ unsigned char rand_buf[8];
+
+ while (num >= (int)sizeof(rand_buf)) {
+ randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
+ exit_data, form, rand_buf);
+ if (ret_code)
+ return 0;
+ num -= sizeof(rand_buf);
+ memcpy(buf, rand_buf, sizeof(rand_buf));
+ buf += sizeof(rand_buf);
+ }
+
+ if (num) {
+ randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
+ form, rand_buf);
+ if (ret_code)
+ return 0;
+ memcpy(buf, rand_buf, num);
+ }
+
+ return 1;
+}
+
+# ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
- long argl, void *argp)
- {
- if (item)
- OPENSSL_free(item);
- }
-#endif
+ long argl, void *argp)
+{
+ if (item)
+ OPENSSL_free(item);
+}
+# endif
/* Goo to handle building as a dynamic engine */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_4758_cca_id) != 0) &&
- (strcmp(id, engine_4758_cca_id_alt) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+{
+ if (id && (strcmp(id, engine_4758_cca_id) != 0) &&
+ (strcmp(id, engine_4758_cca_id_alt) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
-#endif /* !OPENSSL_NO_HW_4758_CCA */
-#endif /* !OPENSSL_NO_HW */
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_4758_CCA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_4758cca_err.c b/openssl/engines/e_4758cca_err.c
index 6ecdc6e62..aed719975 100644
--- a/openssl/engines/e_4758cca_err.c
+++ b/openssl/engines/e_4758cca_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,89 +66,88 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CCA4758_str_functs[]=
- {
-{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
-{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CCA4758_str_reasons[]=
- {
-{ERR_REASON(CCA4758_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),"asn1 oid unknown for md"},
-{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),"command not implemented"},
-{ERR_REASON(CCA4758_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(CCA4758_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(CCA4758_R_UNIT_FAILURE) ,"unit failure"},
-{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CCA4758_str_functs[] = {
+ {ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
+ {ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CCA4758_str_reasons[] = {
+ {ERR_REASON(CCA4758_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),
+ "asn1 oid unknown for md"},
+ {ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),
+ "command not implemented"},
+ {ERR_REASON(CCA4758_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),
+ "failed loading private key"},
+ {ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),
+ "failed loading public key"},
+ {ERR_REASON(CCA4758_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(CCA4758_R_UNIT_FAILURE), "unit failure"},
+ {ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
+ {0, NULL}
+};
#endif
#ifdef CCA4758_LIB_NAME
-static ERR_STRING_DATA CCA4758_lib_name[]=
- {
-{0 ,CCA4758_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA CCA4758_lib_name[] = {
+ {0, CCA4758_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int CCA4758_lib_error_code=0;
-static int CCA4758_error_init=1;
+static int CCA4758_lib_error_code = 0;
+static int CCA4758_error_init = 1;
static void ERR_load_CCA4758_strings(void)
- {
- if (CCA4758_lib_error_code == 0)
- CCA4758_lib_error_code=ERR_get_next_error_library();
+{
+ if (CCA4758_lib_error_code == 0)
+ CCA4758_lib_error_code = ERR_get_next_error_library();
- if (CCA4758_error_init)
- {
- CCA4758_error_init=0;
+ if (CCA4758_error_init) {
+ CCA4758_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
- ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+ ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_functs);
+ ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
#endif
#ifdef CCA4758_LIB_NAME
- CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
- ERR_load_strings(0,CCA4758_lib_name);
+ CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code, 0, 0);
+ ERR_load_strings(0, CCA4758_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_CCA4758_strings(void)
- {
- if (CCA4758_error_init == 0)
- {
+{
+ if (CCA4758_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
- ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+ ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_functs);
+ ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
#endif
#ifdef CCA4758_LIB_NAME
- ERR_unload_strings(0,CCA4758_lib_name);
+ ERR_unload_strings(0, CCA4758_lib_name);
#endif
- CCA4758_error_init=1;
- }
- }
+ CCA4758_error_init = 1;
+ }
+}
static void ERR_CCA4758_error(int function, int reason, char *file, int line)
- {
- if (CCA4758_lib_error_code == 0)
- CCA4758_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
- }
+{
+ if (CCA4758_lib_error_code == 0)
+ CCA4758_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(CCA4758_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_4758cca_err.h b/openssl/engines/e_4758cca_err.h
index 26087edbf..2f29d96fb 100644
--- a/openssl/engines/e_4758cca_err.h
+++ b/openssl/engines/e_4758cca_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,43 +53,44 @@
*/
#ifndef HEADER_CCA4758_ERR_H
-#define HEADER_CCA4758_ERR_H
+# define HEADER_CCA4758_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CCA4758_strings(void);
static void ERR_unload_CCA4758_strings(void);
static void ERR_CCA4758_error(int function, int reason, char *file, int line);
-#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CCA4758 functions. */
/* Function codes. */
-#define CCA4758_F_CCA_RSA_SIGN 105
-#define CCA4758_F_CCA_RSA_VERIFY 106
-#define CCA4758_F_IBM_4758_CCA_CTRL 100
-#define CCA4758_F_IBM_4758_CCA_FINISH 101
-#define CCA4758_F_IBM_4758_CCA_INIT 102
-#define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
-#define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
+# define CCA4758_F_CCA_RSA_SIGN 105
+# define CCA4758_F_CCA_RSA_VERIFY 106
+# define CCA4758_F_IBM_4758_CCA_CTRL 100
+# define CCA4758_F_IBM_4758_CCA_FINISH 101
+# define CCA4758_F_IBM_4758_CCA_INIT 102
+# define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
+# define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
/* Reason codes. */
-#define CCA4758_R_ALREADY_LOADED 100
-#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
-#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
-#define CCA4758_R_DSO_FAILURE 103
-#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
-#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
-#define CCA4758_R_NOT_LOADED 106
-#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
-#define CCA4758_R_UNIT_FAILURE 108
-#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
+# define CCA4758_R_ALREADY_LOADED 100
+# define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
+# define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
+# define CCA4758_R_DSO_FAILURE 103
+# define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
+# define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
+# define CCA4758_R_NOT_LOADED 106
+# define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
+# define CCA4758_R_UNIT_FAILURE 108
+# define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_aep.c b/openssl/engines/e_aep.c
index 1953f0643..9bfda76a9 100644
--- a/openssl/engines/e_aep.c
+++ b/openssl/engines/e_aep.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -58,18 +58,18 @@
#include <openssl/e_os2.h>
#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) || defined(__MINGW32__)
-#include <sys/types.h>
-#include <unistd.h>
+# include <sys/types.h>
+# include <unistd.h>
#else
-#include <process.h>
+# include <process.h>
typedef int pid_t;
#endif
#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#define getpid GetThreadID
+# define getpid GetThreadID
extern int GetThreadID(void);
#elif defined(_WIN32) && !defined(__WATCOMC__)
-#define getpid _getpid
+# define getpid _getpid
#endif
#include <openssl/crypto.h>
@@ -77,31 +77,31 @@ extern int GetThreadID(void);
#include <openssl/engine.h>
#include <openssl/buffer.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_AEP
-#ifdef FLAT_INC
-#include "aep.h"
-#else
-#include "vendor_defns/aep.h"
-#endif
+# ifndef OPENSSL_NO_HW_AEP
+# ifdef FLAT_INC
+# include "aep.h"
+# else
+# include "vendor_defns/aep.h"
+# endif
-#define AEP_LIB_NAME "aep engine"
-#define FAIL_TO_SW 0x10101010
+# define AEP_LIB_NAME "aep engine"
+# define FAIL_TO_SW 0x10101010
-#include "e_aep_err.c"
+# include "e_aep_err.c"
static int aep_init(ENGINE *e);
static int aep_finish(ENGINE *e);
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
static int aep_destroy(ENGINE *e);
static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
@@ -110,149 +110,152 @@ static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
/* BIGNUM stuff */
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
-static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-#endif
+static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx);
+# endif
/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
+# ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+# endif
/* DSA stuff */
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
/* DH stuff */
/* This function is aliased to mod_exp (with the DH and mont dropped). */
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
/* rand stuff */
-#ifdef AEPRAND
+# ifdef AEPRAND
static int aep_rand(unsigned char *buf, int num);
static int aep_rand_status(void);
-#endif
+# endif
/* Bignum conversion stuff */
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize);
static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum);
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum);
+ unsigned char *AEP_BigNum);
+static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
+ unsigned char *AEP_BigNum);
/* The definitions for control commands specific to this engine */
-#define AEP_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN aep_cmd_defns[] =
- {
- { AEP_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'aep' shared library",
- ENGINE_CMD_FLAG_STRING
- },
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
+# define AEP_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN aep_cmd_defns[] = {
+ {AEP_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'aep' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD aep_rsa =
- {
- "Aep RSA method",
- NULL, /*rsa_pub_encrypt*/
- NULL, /*rsa_pub_decrypt*/
- NULL, /*rsa_priv_encrypt*/
- NULL, /*rsa_priv_encrypt*/
- aep_rsa_mod_exp, /*rsa_mod_exp*/
- aep_mod_exp_mont, /*bn_mod_exp*/
- NULL, /*init*/
- NULL, /*finish*/
- 0, /*flags*/
- NULL, /*app_data*/
- NULL, /*rsa_sign*/
- NULL, /*rsa_verify*/
- NULL /*rsa_keygen*/
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
+static RSA_METHOD aep_rsa = {
+ "Aep RSA method",
+ NULL, /* rsa_pub_encrypt */
+ NULL, /* rsa_pub_decrypt */
+ NULL, /* rsa_priv_encrypt */
+ NULL, /* rsa_priv_encrypt */
+ aep_rsa_mod_exp, /* rsa_mod_exp */
+ aep_mod_exp_mont, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* rsa_sign */
+ NULL, /* rsa_verify */
+ NULL /* rsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD aep_dsa =
- {
- "Aep DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- aep_dsa_mod_exp, /* dsa_mod_exp */
- aep_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
+static DSA_METHOD aep_dsa = {
+ "Aep DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ aep_dsa_mod_exp, /* dsa_mod_exp */
+ aep_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD aep_dh =
- {
- "Aep DH method",
- NULL,
- NULL,
- aep_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-#ifdef AEPRAND
+static DH_METHOD aep_dh = {
+ "Aep DH method",
+ NULL,
+ NULL,
+ aep_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+# ifdef AEPRAND
/* our internal RAND_method that we provide pointers to */
-static RAND_METHOD aep_random =
- {
- /*"AEP RAND method", */
- NULL,
- aep_rand,
- NULL,
- NULL,
- aep_rand,
- aep_rand_status,
- };
-#endif
-
-/*Define an array of structures to hold connections*/
+static RAND_METHOD aep_random = {
+ /*
+ * "AEP RAND method",
+ */
+ NULL,
+ aep_rand,
+ NULL,
+ NULL,
+ aep_rand,
+ aep_rand_status,
+};
+# endif
+
+/*
+ * Define an array of structures to hold connections
+ */
static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
-/*Used to determine if this is a new process*/
-static pid_t recorded_pid = 0;
+/*
+ * Used to determine if this is a new process
+ */
+static pid_t recorded_pid = 0;
-#ifdef AEPRAND
-static AEP_U8 rand_block[RAND_BLK_SIZE];
-static AEP_U32 rand_block_bytes = 0;
-#endif
+# ifdef AEPRAND
+static AEP_U8 rand_block[RAND_BLK_SIZE];
+static AEP_U32 rand_block_bytes = 0;
+# endif
/* Constants used when creating the ENGINE */
static const char *engine_aep_id = "aep";
@@ -260,880 +263,904 @@ static const char *engine_aep_name = "Aep hardware engine support";
static int max_key_len = 2176;
-
-/* This internal function is used by ENGINE_aep() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_aep() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_aep(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
-
- if(!ENGINE_set_id(e, engine_aep_id) ||
- !ENGINE_set_name(e, engine_aep_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &aep_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &aep_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &aep_dh) ||
-#endif
-#ifdef AEPRAND
- !ENGINE_set_RAND(e, &aep_random) ||
-#endif
- !ENGINE_set_init_function(e, aep_init) ||
- !ENGINE_set_destroy_function(e, aep_destroy) ||
- !ENGINE_set_finish_function(e, aep_finish) ||
- !ENGINE_set_ctrl_function(e, aep_ctrl) ||
- !ENGINE_set_cmd_defns(e, aep_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the aep-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
- aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
-
- aep_dsa = *DSA_get_default_method();
- aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
- aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- aep_dh.generate_key = meth3->generate_key;
- aep_dh.compute_key = meth3->compute_key;
- aep_dh.bn_mod_exp = meth3->bn_mod_exp;
-#endif
-
- /* Ensure the aep error handling is set up */
- ERR_load_AEPHK_strings();
-
- return 1;
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+
+ if (!ENGINE_set_id(e, engine_aep_id) ||
+ !ENGINE_set_name(e, engine_aep_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &aep_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &aep_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &aep_dh) ||
+# endif
+# ifdef AEPRAND
+ !ENGINE_set_RAND(e, &aep_random) ||
+# endif
+ !ENGINE_set_init_function(e, aep_init) ||
+ !ENGINE_set_destroy_function(e, aep_destroy) ||
+ !ENGINE_set_finish_function(e, aep_finish) ||
+ !ENGINE_set_ctrl_function(e, aep_ctrl) ||
+ !ENGINE_set_cmd_defns(e, aep_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * aep-specific mod_exp and mod_exp_crt so we use those functions. NB: We
+ * don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
+
+ aep_dsa = *DSA_get_default_method();
+ aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
+ aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ aep_dh.generate_key = meth3->generate_key;
+ aep_dh.compute_key = meth3->compute_key;
+ aep_dh.bn_mod_exp = meth3->bn_mod_exp;
+# endif
+
+ /* Ensure the aep error handling is set up */
+ ERR_load_AEPHK_strings();
+
+ return 1;
}
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_aep_id) != 0))
- return 0;
- if(!bind_aep(e))
- return 0;
- return 1;
- }
+{
+ if (id && (strcmp(id, engine_aep_id) != 0))
+ return 0;
+ if (!bind_aep(e))
+ return 0;
+ return 1;
+}
+
IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
static ENGINE *engine_aep(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_aep(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_aep(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_aep(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_aep();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_aep();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
-/* This is a process-global DSO handle used for loading and unloading
- * the Aep library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
+/*
+ * This is a process-global DSO handle used for loading and unloading the Aep
+ * library. NB: This is only set (or unset) during an init() or finish() call
+ * (reference counts permitting) and they're operating with global locks, so
+ * this should be thread-safe implicitly.
+ */
static DSO *aep_dso = NULL;
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
-*/
+/*
+ * These are the static string constants for the DSO file name and the
+ * function symbol names to bind to.
+ */
static const char *AEP_LIBNAME = NULL;
static const char *get_AEP_LIBNAME(void)
- {
- if(AEP_LIBNAME)
- return AEP_LIBNAME;
- return "aep";
- }
+{
+ if (AEP_LIBNAME)
+ return AEP_LIBNAME;
+ return "aep";
+}
+
static void free_AEP_LIBNAME(void)
- {
- if(AEP_LIBNAME)
- OPENSSL_free((void*)AEP_LIBNAME);
- AEP_LIBNAME = NULL;
- }
+{
+ if (AEP_LIBNAME)
+ OPENSSL_free((void *)AEP_LIBNAME);
+ AEP_LIBNAME = NULL;
+}
+
static long set_AEP_LIBNAME(const char *name)
- {
- free_AEP_LIBNAME();
- return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
- }
-
-static const char *AEP_F1 = "AEP_ModExp";
-static const char *AEP_F2 = "AEP_ModExpCrt";
-#ifdef AEPRAND
-static const char *AEP_F3 = "AEP_GenRandom";
-#endif
-static const char *AEP_F4 = "AEP_Finalize";
-static const char *AEP_F5 = "AEP_Initialize";
-static const char *AEP_F6 = "AEP_OpenConnection";
-static const char *AEP_F7 = "AEP_SetBNCallBacks";
-static const char *AEP_F8 = "AEP_CloseConnection";
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
-static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
-static t_AEP_ModExp *p_AEP_ModExp = NULL;
-static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
-static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
-#endif
-static t_AEP_Initialize *p_AEP_Initialize = NULL;
-static t_AEP_Finalize *p_AEP_Finalize = NULL;
-static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
+{
+ free_AEP_LIBNAME();
+ return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
+}
+
+static const char *AEP_F1 = "AEP_ModExp";
+static const char *AEP_F2 = "AEP_ModExpCrt";
+# ifdef AEPRAND
+static const char *AEP_F3 = "AEP_GenRandom";
+# endif
+static const char *AEP_F4 = "AEP_Finalize";
+static const char *AEP_F5 = "AEP_Initialize";
+static const char *AEP_F6 = "AEP_OpenConnection";
+static const char *AEP_F7 = "AEP_SetBNCallBacks";
+static const char *AEP_F8 = "AEP_CloseConnection";
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
+static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
+static t_AEP_ModExp *p_AEP_ModExp = NULL;
+static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
+# ifdef AEPRAND
+static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
+# endif
+static t_AEP_Initialize *p_AEP_Initialize = NULL;
+static t_AEP_Finalize *p_AEP_Finalize = NULL;
+static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
/* (de)initialisation functions. */
static int aep_init(ENGINE *e)
- {
- t_AEP_ModExp *p1;
- t_AEP_ModExpCrt *p2;
-#ifdef AEPRAND
- t_AEP_GenRandom *p3;
-#endif
- t_AEP_Finalize *p4;
- t_AEP_Initialize *p5;
- t_AEP_OpenConnection *p6;
- t_AEP_SetBNCallBacks *p7;
- t_AEP_CloseConnection *p8;
-
- int to_return = 0;
-
- if(aep_dso != NULL)
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libaep.so. */
-
- aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
-
- if(aep_dso == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- if( !(p1 = (t_AEP_ModExp *) DSO_bind_func( aep_dso,AEP_F1)) ||
- !(p2 = (t_AEP_ModExpCrt*) DSO_bind_func( aep_dso,AEP_F2)) ||
-#ifdef AEPRAND
- !(p3 = (t_AEP_GenRandom*) DSO_bind_func( aep_dso,AEP_F3)) ||
-#endif
- !(p4 = (t_AEP_Finalize*) DSO_bind_func( aep_dso,AEP_F4)) ||
- !(p5 = (t_AEP_Initialize*) DSO_bind_func( aep_dso,AEP_F5)) ||
- !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6)) ||
- !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7)) ||
- !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- /* Copy the pointers */
-
- p_AEP_ModExp = p1;
- p_AEP_ModExpCrt = p2;
-#ifdef AEPRAND
- p_AEP_GenRandom = p3;
-#endif
- p_AEP_Finalize = p4;
- p_AEP_Initialize = p5;
- p_AEP_OpenConnection = p6;
- p_AEP_SetBNCallBacks = p7;
- p_AEP_CloseConnection = p8;
-
- to_return = 1;
-
- return to_return;
-
- err:
-
- if(aep_dso)
- DSO_free(aep_dso);
- aep_dso = NULL;
-
- p_AEP_OpenConnection = NULL;
- p_AEP_ModExp = NULL;
- p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
- p_AEP_GenRandom = NULL;
-#endif
- p_AEP_Initialize = NULL;
- p_AEP_Finalize = NULL;
- p_AEP_SetBNCallBacks = NULL;
- p_AEP_CloseConnection = NULL;
+{
+ t_AEP_ModExp *p1;
+ t_AEP_ModExpCrt *p2;
+# ifdef AEPRAND
+ t_AEP_GenRandom *p3;
+# endif
+ t_AEP_Finalize *p4;
+ t_AEP_Initialize *p5;
+ t_AEP_OpenConnection *p6;
+ t_AEP_SetBNCallBacks *p7;
+ t_AEP_CloseConnection *p8;
+
+ int to_return = 0;
+
+ if (aep_dso != NULL) {
+ AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libaep.so. */
+
+ aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
+
+ if (aep_dso == NULL) {
+ AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ if (!(p1 = (t_AEP_ModExp *) DSO_bind_func(aep_dso, AEP_F1)) ||
+ !(p2 = (t_AEP_ModExpCrt *) DSO_bind_func(aep_dso, AEP_F2)) ||
+# ifdef AEPRAND
+ !(p3 = (t_AEP_GenRandom *) DSO_bind_func(aep_dso, AEP_F3)) ||
+# endif
+ !(p4 = (t_AEP_Finalize *) DSO_bind_func(aep_dso, AEP_F4)) ||
+ !(p5 = (t_AEP_Initialize *) DSO_bind_func(aep_dso, AEP_F5)) ||
+ !(p6 = (t_AEP_OpenConnection *) DSO_bind_func(aep_dso, AEP_F6)) ||
+ !(p7 = (t_AEP_SetBNCallBacks *) DSO_bind_func(aep_dso, AEP_F7)) ||
+ !(p8 = (t_AEP_CloseConnection *) DSO_bind_func(aep_dso, AEP_F8))) {
+ AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ /* Copy the pointers */
+
+ p_AEP_ModExp = p1;
+ p_AEP_ModExpCrt = p2;
+# ifdef AEPRAND
+ p_AEP_GenRandom = p3;
+# endif
+ p_AEP_Finalize = p4;
+ p_AEP_Initialize = p5;
+ p_AEP_OpenConnection = p6;
+ p_AEP_SetBNCallBacks = p7;
+ p_AEP_CloseConnection = p8;
+
+ to_return = 1;
+
+ return to_return;
- return to_return;
- }
+ err:
+
+ if (aep_dso)
+ DSO_free(aep_dso);
+ aep_dso = NULL;
+
+ p_AEP_OpenConnection = NULL;
+ p_AEP_ModExp = NULL;
+ p_AEP_ModExpCrt = NULL;
+# ifdef AEPRAND
+ p_AEP_GenRandom = NULL;
+# endif
+ p_AEP_Initialize = NULL;
+ p_AEP_Finalize = NULL;
+ p_AEP_SetBNCallBacks = NULL;
+ p_AEP_CloseConnection = NULL;
+
+ return to_return;
+}
/* Destructor (complements the "ENGINE_aep()" constructor) */
static int aep_destroy(ENGINE *e)
- {
- free_AEP_LIBNAME();
- ERR_unload_AEPHK_strings();
- return 1;
- }
+{
+ free_AEP_LIBNAME();
+ ERR_unload_AEPHK_strings();
+ return 1;
+}
static int aep_finish(ENGINE *e)
- {
- int to_return = 0, in_use;
- AEP_RV rv;
-
- if(aep_dso == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- rv = aep_close_all_connections(0, &in_use);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
- goto err;
- }
- if (in_use)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
- goto err;
- }
-
- rv = p_AEP_Finalize();
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
- goto err;
- }
-
- if(!DSO_free(aep_dso))
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
- goto err;
- }
-
- aep_dso = NULL;
- p_AEP_CloseConnection = NULL;
- p_AEP_OpenConnection = NULL;
- p_AEP_ModExp = NULL;
- p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
- p_AEP_GenRandom = NULL;
-#endif
- p_AEP_Initialize = NULL;
- p_AEP_Finalize = NULL;
- p_AEP_SetBNCallBacks = NULL;
-
- to_return = 1;
+{
+ int to_return = 0, in_use;
+ AEP_RV rv;
+
+ if (aep_dso == NULL) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ rv = aep_close_all_connections(0, &in_use);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CLOSE_HANDLES_FAILED);
+ goto err;
+ }
+ if (in_use) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CONNECTIONS_IN_USE);
+ goto err;
+ }
+
+ rv = p_AEP_Finalize();
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_FINALIZE_FAILED);
+ goto err;
+ }
+
+ if (!DSO_free(aep_dso)) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_UNIT_FAILURE);
+ goto err;
+ }
+
+ aep_dso = NULL;
+ p_AEP_CloseConnection = NULL;
+ p_AEP_OpenConnection = NULL;
+ p_AEP_ModExp = NULL;
+ p_AEP_ModExpCrt = NULL;
+# ifdef AEPRAND
+ p_AEP_GenRandom = NULL;
+# endif
+ p_AEP_Initialize = NULL;
+ p_AEP_Finalize = NULL;
+ p_AEP_SetBNCallBacks = NULL;
+
+ to_return = 1;
err:
- return to_return;
- }
-
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((aep_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case AEP_CMD_SO_PATH:
- if(p == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_CTRL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- AEPHKerr(AEPHK_F_AEP_CTRL,
- AEPHK_R_ALREADY_LOADED);
- return 0;
- }
- return set_AEP_LIBNAME((const char*)p);
- default:
- break;
- }
- AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
+ return to_return;
+}
+
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((aep_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case AEP_CMD_SO_PATH:
+ if (p == NULL) {
+ AEPHKerr(AEPHK_F_AEP_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_AEP_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int to_return = 0;
- int r_len = 0;
- AEP_CONNECTION_HNDL hConnection;
- AEP_RV rv;
-
- r_len = BN_num_bits(m);
-
- /* Perform in software if modulus is too large for hardware. */
-
- if (r_len > max_key_len){
- AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*Grab a connection from the pool*/
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*To the card with the mod exp*/
- rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
- rv = aep_close_connection(hConnection);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*Return the connection to the pool*/
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_RETURN_CONNECTION_FAILED);
- goto err;
- }
-
- to_return = 1;
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ int to_return = 0;
+ int r_len = 0;
+ AEP_CONNECTION_HNDL hConnection;
+ AEP_RV rv;
+
+ r_len = BN_num_bits(m);
+
+ /* Perform in software if modulus is too large for hardware. */
+
+ if (r_len > max_key_len) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ /*
+ * Grab a connection from the pool
+ */
+ rv = aep_get_connection(&hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_GET_HANDLE_FAILED);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ /*
+ * To the card with the mod exp
+ */
+ rv = p_AEP_ModExp(hConnection, (void *)a, (void *)p, (void *)m, (void *)r,
+ NULL);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_MOD_EXP_FAILED);
+ rv = aep_close_connection(hConnection);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ /*
+ * Return the connection to the pool
+ */
+ rv = aep_return_connection(hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_RETURN_CONNECTION_FAILED);
+ goto err;
+ }
+
+ to_return = 1;
err:
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
- {
- AEP_RV rv = AEP_R_OK;
- AEP_CONNECTION_HNDL hConnection;
-
- /*Grab a connection from the pool*/
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
- return FAIL_TO_SW;
- }
-
- /*To the card with the mod exp*/
- rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
- (void*)iqmp,(void*)r,NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
- rv = aep_close_connection(hConnection);
- return FAIL_TO_SW;
- }
-
- /*Return the connection to the pool*/
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_RETURN_CONNECTION_FAILED);
- goto err;
- }
-
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx)
+{
+ AEP_RV rv = AEP_R_OK;
+ AEP_CONNECTION_HNDL hConnection;
+
+ /*
+ * Grab a connection from the pool
+ */
+ rv = aep_get_connection(&hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_GET_HANDLE_FAILED);
+ return FAIL_TO_SW;
+ }
+
+ /*
+ * To the card with the mod exp
+ */
+ rv = p_AEP_ModExpCrt(hConnection, (void *)a, (void *)p, (void *)q,
+ (void *)dmp1, (void *)dmq1, (void *)iqmp, (void *)r,
+ NULL);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_MOD_EXP_CRT_FAILED);
+ rv = aep_close_connection(hConnection);
+ return FAIL_TO_SW;
+ }
+
+ /*
+ * Return the connection to the pool
+ */
+ rv = aep_return_connection(hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_RETURN_CONNECTION_FAILED);
+ goto err;
+ }
+
err:
- return rv;
- }
-#endif
-
-
-#ifdef AEPRAND
-static int aep_rand(unsigned char *buf,int len )
- {
- AEP_RV rv = AEP_R_OK;
- AEP_CONNECTION_HNDL hConnection;
-
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- /*Can the request be serviced with what's already in the buffer?*/
- if (len <= rand_block_bytes)
- {
- memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
- rand_block_bytes -= len;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
- else
- /*If not the get another block of random bytes*/
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);
- goto err_nounlock;
- }
-
- if (len > RAND_BLK_SIZE)
- {
- rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
- goto err_nounlock;
- }
- }
- else
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
-
- goto err;
- }
-
- rand_block_bytes = RAND_BLK_SIZE;
-
- memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
- rand_block_bytes -= len;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
-
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
-
- goto err_nounlock;
- }
- }
-
- return 1;
+ return rv;
+}
+# endif
+
+# ifdef AEPRAND
+static int aep_rand(unsigned char *buf, int len)
+{
+ AEP_RV rv = AEP_R_OK;
+ AEP_CONNECTION_HNDL hConnection;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ /*
+ * Can the request be serviced with what's already in the buffer?
+ */
+ if (len <= rand_block_bytes) {
+ memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+ rand_block_bytes -= len;
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ } else
+ /*
+ * If not the get another block of random bytes
+ */
+ {
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+ rv = aep_get_connection(&hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_HANDLE_FAILED);
+ goto err_nounlock;
+ }
+
+ if (len > RAND_BLK_SIZE) {
+ rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
+ goto err_nounlock;
+ }
+ } else {
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2,
+ &rand_block[0], NULL);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
+
+ goto err;
+ }
+
+ rand_block_bytes = RAND_BLK_SIZE;
+
+ memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+ rand_block_bytes -= len;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ }
+
+ rv = aep_return_connection(hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_RETURN_CONNECTION_FAILED);
+
+ goto err_nounlock;
+ }
+ }
+
+ return 1;
err:
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
err_nounlock:
- return 0;
- }
-
+ return 0;
+}
+
static int aep_rand_status(void)
{
- return 1;
+ return 1;
}
-#endif
+# endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
- AEP_RV rv = AEP_R_OK;
-
- if (!aep_dso)
- {
- AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- /*See if we have all the necessary bits for a crt*/
- if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
- {
- rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
-
- if (rv == FAIL_TO_SW){
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- goto err;
- }
- else if (rv != AEP_R_OK)
- goto err;
- }
- else
- {
- if (!rsa->d || !rsa->n)
- {
- AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
- if (rv != AEP_R_OK)
- goto err;
-
- }
-
- to_return = 1;
+{
+ int to_return = 0;
+ AEP_RV rv = AEP_R_OK;
+
+ if (!aep_dso) {
+ AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ /*
+ * See if we have all the necessary bits for a crt
+ */
+ if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
+ rv = aep_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1,
+ rsa->iqmp, ctx);
+
+ if (rv == FAIL_TO_SW) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ goto err;
+ } else if (rv != AEP_R_OK)
+ goto err;
+ } else {
+ if (!rsa->d || !rsa->n) {
+ AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ rv = aep_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+ if (rv != AEP_R_OK)
+ goto err;
+
+ }
+
+ to_return = 1;
err:
- return to_return;
+ return to_return;
}
-#endif
+# endif
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
- BN_init(&t);
-
- /* let rr = a1 ^ p1 mod m */
- if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
- end:
- BN_free(&t);
- return to_return;
- }
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+ BN_init(&t);
+
+ /* let rr = a1 ^ p1 mod m */
+ if (!aep_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!aep_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return aep_mod_exp(r, a, p, m, ctx);
+}
+# endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return aep_mod_exp(r, a, p, m, ctx);
+}
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return aep_mod_exp(r, a, p, m, ctx);
+}
+# endif
static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- /*Get the current process id*/
- pid_t curr_pid;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
- curr_pid = getpid();
-
- /*Check if this is the first time this is being called from the current
- process*/
- if (recorded_pid != curr_pid)
- {
- /*Remember our pid so we can check if we're in a new process*/
- recorded_pid = curr_pid;
-
- /*Call Finalize to make sure we have not inherited some data
- from a parent process*/
- p_AEP_Finalize();
-
- /*Initialise the AEP API*/
- rv = p_AEP_Initialize(NULL);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
- /*Set the AEP big num call back functions*/
- rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
- &ConvertAEPBigNum);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
-#ifdef AEPRAND
- /*Reset the rand byte count*/
- rand_block_bytes = 0;
-#endif
-
- /*Init the structures*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- }
-
- /*Open a connection*/
- rv = p_AEP_OpenConnection(phConnection);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
- aep_app_conn_table[0].conn_state = InUse;
- aep_app_conn_table[0].conn_hndl = *phConnection;
- goto end;
- }
- /*Check the existing connections to see if we can find a free one*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_state == Connected)
- {
- aep_app_conn_table[count].conn_state = InUse;
- *phConnection = aep_app_conn_table[count].conn_hndl;
- goto end;
- }
- }
- /*If no connections available, we're going to have to try
- to open a new one*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_state == NotConnected)
- {
- /*Open a connection*/
- rv = p_AEP_OpenConnection(phConnection);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
- goto end;
- }
-
- aep_app_conn_table[count].conn_state = InUse;
- aep_app_conn_table[count].conn_hndl = *phConnection;
- goto end;
- }
- }
- rv = AEP_R_GENERAL_ERROR;
+{
+ int count;
+ AEP_RV rv = AEP_R_OK;
+
+ /*
+ * Get the current process id
+ */
+ pid_t curr_pid;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+ curr_pid = getpid();
+
+ /*
+ * Check if this is the first time this is being called from the current
+ * process
+ */
+ if (recorded_pid != curr_pid) {
+ /*
+ * Remember our pid so we can check if we're in a new process
+ */
+ recorded_pid = curr_pid;
+
+ /*
+ * Call Finalize to make sure we have not inherited some data from a
+ * parent process
+ */
+ p_AEP_Finalize();
+
+ /*
+ * Initialise the AEP API
+ */
+ rv = p_AEP_Initialize(NULL);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_INIT_FAILURE);
+ recorded_pid = 0;
+ goto end;
+ }
+
+ /*
+ * Set the AEP big num call back functions
+ */
+ rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
+ &ConvertAEPBigNum);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,
+ AEPHK_R_SETBNCALLBACK_FAILURE);
+ recorded_pid = 0;
+ goto end;
+ }
+# ifdef AEPRAND
+ /*
+ * Reset the rand byte count
+ */
+ rand_block_bytes = 0;
+# endif
+
+ /*
+ * Init the structures
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ aep_app_conn_table[count].conn_state = NotConnected;
+ aep_app_conn_table[count].conn_hndl = 0;
+ }
+
+ /*
+ * Open a connection
+ */
+ rv = p_AEP_OpenConnection(phConnection);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
+ recorded_pid = 0;
+ goto end;
+ }
+
+ aep_app_conn_table[0].conn_state = InUse;
+ aep_app_conn_table[0].conn_hndl = *phConnection;
+ goto end;
+ }
+ /*
+ * Check the existing connections to see if we can find a free one
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_state == Connected) {
+ aep_app_conn_table[count].conn_state = InUse;
+ *phConnection = aep_app_conn_table[count].conn_hndl;
+ goto end;
+ }
+ }
+ /*
+ * If no connections available, we're going to have to try to open a new
+ * one
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_state == NotConnected) {
+ /*
+ * Open a connection
+ */
+ rv = p_AEP_OpenConnection(phConnection);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
+ goto end;
+ }
+
+ aep_app_conn_table[count].conn_state = InUse;
+ aep_app_conn_table[count].conn_hndl = *phConnection;
+ goto end;
+ }
+ }
+ rv = AEP_R_GENERAL_ERROR;
end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return rv;
+}
static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
- {
- int count;
+{
+ int count;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- /*Find the connection item that matches this connection handle*/
- for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_hndl == hConnection)
- {
- aep_app_conn_table[count].conn_state = Connected;
- break;
- }
- }
+ /*
+ * Find the connection item that matches this connection handle
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_hndl == hConnection) {
+ aep_app_conn_table[count].conn_state = Connected;
+ break;
+ }
+ }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return AEP_R_OK;
- }
+ return AEP_R_OK;
+}
static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
- /*Find the connection item that matches this connection handle*/
- for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_hndl == hConnection)
- {
- rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
- if (rv != AEP_R_OK)
- goto end;
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- break;
- }
- }
+{
+ int count;
+ AEP_RV rv = AEP_R_OK;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+ /*
+ * Find the connection item that matches this connection handle
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_hndl == hConnection) {
+ rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+ if (rv != AEP_R_OK)
+ goto end;
+ aep_app_conn_table[count].conn_state = NotConnected;
+ aep_app_conn_table[count].conn_hndl = 0;
+ break;
+ }
+ }
end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return rv;
+}
static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- *in_use = 0;
- if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- switch (aep_app_conn_table[count].conn_state)
- {
- case Connected:
- rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
- if (rv != AEP_R_OK)
- goto end;
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- break;
- case InUse:
- (*in_use)++;
- break;
- case NotConnected:
- break;
- }
- }
+{
+ int count;
+ AEP_RV rv = AEP_R_OK;
+
+ *in_use = 0;
+ if (use_engine_lock)
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ switch (aep_app_conn_table[count].conn_state) {
+ case Connected:
+ rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+ if (rv != AEP_R_OK)
+ goto end;
+ aep_app_conn_table[count].conn_state = NotConnected;
+ aep_app_conn_table[count].conn_hndl = 0;
+ break;
+ case InUse:
+ (*in_use)++;
+ break;
+ case NotConnected:
+ break;
+ }
+ }
end:
- if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
-/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
- Note only 32bit Openssl build support*/
-
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
- {
- BIGNUM* bn;
-
- /*Cast the ArbBigNum pointer to our BIGNUM struct*/
- bn = (BIGNUM*) ArbBigNum;
+ if (use_engine_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return rv;
+}
-#ifdef SIXTY_FOUR_BIT_LONG
- *BigNumSize = bn->top << 3;
-#else
- /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
- words) multiplies by 4*/
- *BigNumSize = bn->top << 2;
-#endif
+/*
+ * BigNum call back functions, used to convert OpenSSL bignums into AEP
+ * bignums. Note only 32bit Openssl build support
+ */
- return AEP_R_OK;
- }
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize)
+{
+ BIGNUM *bn;
+
+ /*
+ * Cast the ArbBigNum pointer to our BIGNUM struct
+ */
+ bn = (BIGNUM *)ArbBigNum;
+
+# ifdef SIXTY_FOUR_BIT_LONG
+ *BigNumSize = bn->top << 3;
+# else
+ /*
+ * Size of the bignum in bytes is equal to the bn->top (no of 32 bit
+ * words) multiplies by 4
+ */
+ *BigNumSize = bn->top << 2;
+# endif
+
+ return AEP_R_OK;
+}
static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum)
- {
- BIGNUM* bn;
-
-#ifndef SIXTY_FOUR_BIT_LONG
- unsigned char* buf;
- int i;
-#endif
+ unsigned char *AEP_BigNum)
+{
+ BIGNUM *bn;
+
+# ifndef SIXTY_FOUR_BIT_LONG
+ unsigned char *buf;
+ int i;
+# endif
+
+ /*
+ * Cast the ArbBigNum pointer to our BIGNUM struct
+ */
+ bn = (BIGNUM *)ArbBigNum;
+
+# ifdef SIXTY_FOUR_BIT_LONG
+ memcpy(AEP_BigNum, bn->d, BigNumSize);
+# else
+ /*
+ * Must copy data into a (monotone) least significant byte first format
+ * performing endian conversion if necessary
+ */
+ for (i = 0; i < bn->top; i++) {
+ buf = (unsigned char *)&bn->d[i];
+
+ *((AEP_U32 *)AEP_BigNum) = (AEP_U32)
+ ((unsigned)buf[1] << 8 | buf[0]) |
+ ((unsigned)buf[3] << 8 | buf[2]) << 16;
+
+ AEP_BigNum += 4;
+ }
+# endif
+
+ return AEP_R_OK;
+}
- /*Cast the ArbBigNum pointer to our BIGNUM struct*/
- bn = (BIGNUM*) ArbBigNum;
+/*
+ * Turn an AEP Big Num back to a user big num
+ */
+static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
+ unsigned char *AEP_BigNum)
+{
+ BIGNUM *bn;
+# ifndef SIXTY_FOUR_BIT_LONG
+ int i;
+# endif
-#ifdef SIXTY_FOUR_BIT_LONG
- memcpy(AEP_BigNum, bn->d, BigNumSize);
-#else
- /*Must copy data into a (monotone) least significant byte first format
- performing endian conversion if necessary*/
- for(i=0;i<bn->top;i++)
- {
- buf = (unsigned char*)&bn->d[i];
-
- *((AEP_U32*)AEP_BigNum) = (AEP_U32)
- ((unsigned) buf[1] << 8 | buf[0]) |
- ((unsigned) buf[3] << 8 | buf[2]) << 16;
-
- AEP_BigNum += 4;
- }
-#endif
+ bn = (BIGNUM *)ArbBigNum;
- return AEP_R_OK;
- }
+ /*
+ * Expand the result bn so that it can hold our big num. Size is in bits
+ */
+ bn_expand(bn, (int)(BigNumSize << 3));
-/*Turn an AEP Big Num back to a user big num*/
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum)
- {
- BIGNUM* bn;
-#ifndef SIXTY_FOUR_BIT_LONG
- int i;
-#endif
+# ifdef SIXTY_FOUR_BIT_LONG
+ bn->top = BigNumSize >> 3;
- bn = (BIGNUM*)ArbBigNum;
+ if ((BigNumSize & 7) != 0)
+ bn->top++;
- /*Expand the result bn so that it can hold our big num.
- Size is in bits*/
- bn_expand(bn, (int)(BigNumSize << 3));
+ memset(bn->d, 0, bn->top << 3);
-#ifdef SIXTY_FOUR_BIT_LONG
- bn->top = BigNumSize >> 3;
-
- if((BigNumSize & 7) != 0)
- bn->top++;
+ memcpy(bn->d, AEP_BigNum, BigNumSize);
+# else
+ bn->top = BigNumSize >> 2;
- memset(bn->d, 0, bn->top << 3);
+ for (i = 0; i < bn->top; i++) {
+ bn->d[i] = (AEP_U32)
+ ((unsigned)AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
+ ((unsigned)AEP_BigNum[1] << 8 | AEP_BigNum[0]);
+ AEP_BigNum += 4;
+ }
+# endif
- memcpy(bn->d, AEP_BigNum, BigNumSize);
-#else
- bn->top = BigNumSize >> 2;
-
- for(i=0;i<bn->top;i++)
- {
- bn->d[i] = (AEP_U32)
- ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
- ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
- AEP_BigNum += 4;
- }
-#endif
+ return AEP_R_OK;
+}
- return AEP_R_OK;
-}
-
-#endif /* !OPENSSL_NO_HW_AEP */
-#endif /* !OPENSSL_NO_HW */
+# endif /* !OPENSSL_NO_HW_AEP */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_aep_err.c b/openssl/engines/e_aep_err.c
index 3f95881ca..718db3796 100644
--- a/openssl/engines/e_aep_err.c
+++ b/openssl/engines/e_aep_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,97 +66,94 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA AEPHK_str_functs[]=
- {
-{ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
-{ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
-{ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
-{ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
-{ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
-{ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA AEPHK_str_reasons[]=
- {
-{ERR_REASON(AEPHK_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED),"close handles failed"},
-{ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE) ,"connections in use"},
-{ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(AEPHK_R_FINALIZE_FAILED) ,"finalize failed"},
-{ERR_REASON(AEPHK_R_GET_HANDLE_FAILED) ,"get handle failed"},
-{ERR_REASON(AEPHK_R_GET_RANDOM_FAILED) ,"get random failed"},
-{ERR_REASON(AEPHK_R_INIT_FAILURE) ,"init failure"},
-{ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED) ,"mod exp crt failed"},
-{ERR_REASON(AEPHK_R_MOD_EXP_FAILED) ,"mod exp failed"},
-{ERR_REASON(AEPHK_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(AEPHK_R_OK) ,"ok"},
-{ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),"return connection failed"},
-{ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE),"setbncallback failure"},
-{ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(AEPHK_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA AEPHK_str_functs[] = {
+ {ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
+ {ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
+ {ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
+ {ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
+ {ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
+ {ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
+ {ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
+ {ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA AEPHK_str_reasons[] = {
+ {ERR_REASON(AEPHK_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED), "close handles failed"},
+ {ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE), "connections in use"},
+ {ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(AEPHK_R_FINALIZE_FAILED), "finalize failed"},
+ {ERR_REASON(AEPHK_R_GET_HANDLE_FAILED), "get handle failed"},
+ {ERR_REASON(AEPHK_R_GET_RANDOM_FAILED), "get random failed"},
+ {ERR_REASON(AEPHK_R_INIT_FAILURE), "init failure"},
+ {ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED), "mod exp crt failed"},
+ {ERR_REASON(AEPHK_R_MOD_EXP_FAILED), "mod exp failed"},
+ {ERR_REASON(AEPHK_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(AEPHK_R_OK), "ok"},
+ {ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),
+ "return connection failed"},
+ {ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE), "setbncallback failure"},
+ {ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(AEPHK_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
#endif
#ifdef AEPHK_LIB_NAME
-static ERR_STRING_DATA AEPHK_lib_name[]=
- {
-{0 ,AEPHK_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA AEPHK_lib_name[] = {
+ {0, AEPHK_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int AEPHK_lib_error_code=0;
-static int AEPHK_error_init=1;
+static int AEPHK_lib_error_code = 0;
+static int AEPHK_error_init = 1;
static void ERR_load_AEPHK_strings(void)
- {
- if (AEPHK_lib_error_code == 0)
- AEPHK_lib_error_code=ERR_get_next_error_library();
+{
+ if (AEPHK_lib_error_code == 0)
+ AEPHK_lib_error_code = ERR_get_next_error_library();
- if (AEPHK_error_init)
- {
- AEPHK_error_init=0;
+ if (AEPHK_error_init) {
+ AEPHK_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
- ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+ ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_functs);
+ ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
#endif
#ifdef AEPHK_LIB_NAME
- AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
- ERR_load_strings(0,AEPHK_lib_name);
+ AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code, 0, 0);
+ ERR_load_strings(0, AEPHK_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_AEPHK_strings(void)
- {
- if (AEPHK_error_init == 0)
- {
+{
+ if (AEPHK_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
- ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+ ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_functs);
+ ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
#endif
#ifdef AEPHK_LIB_NAME
- ERR_unload_strings(0,AEPHK_lib_name);
+ ERR_unload_strings(0, AEPHK_lib_name);
#endif
- AEPHK_error_init=1;
- }
- }
+ AEPHK_error_init = 1;
+ }
+}
static void ERR_AEPHK_error(int function, int reason, char *file, int line)
- {
- if (AEPHK_lib_error_code == 0)
- AEPHK_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
- }
+{
+ if (AEPHK_lib_error_code == 0)
+ AEPHK_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(AEPHK_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_aep_err.h b/openssl/engines/e_aep_err.h
index 35b2e7426..2ed01147c 100644
--- a/openssl/engines/e_aep_err.h
+++ b/openssl/engines/e_aep_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,51 +53,52 @@
*/
#ifndef HEADER_AEPHK_ERR_H
-#define HEADER_AEPHK_ERR_H
+# define HEADER_AEPHK_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_AEPHK_strings(void);
static void ERR_unload_AEPHK_strings(void);
static void ERR_AEPHK_error(int function, int reason, char *file, int line);
-#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
/* Error codes for the AEPHK functions. */
/* Function codes. */
-#define AEPHK_F_AEP_CTRL 100
-#define AEPHK_F_AEP_FINISH 101
-#define AEPHK_F_AEP_GET_CONNECTION 102
-#define AEPHK_F_AEP_INIT 103
-#define AEPHK_F_AEP_MOD_EXP 104
-#define AEPHK_F_AEP_MOD_EXP_CRT 105
-#define AEPHK_F_AEP_RAND 106
-#define AEPHK_F_AEP_RSA_MOD_EXP 107
+# define AEPHK_F_AEP_CTRL 100
+# define AEPHK_F_AEP_FINISH 101
+# define AEPHK_F_AEP_GET_CONNECTION 102
+# define AEPHK_F_AEP_INIT 103
+# define AEPHK_F_AEP_MOD_EXP 104
+# define AEPHK_F_AEP_MOD_EXP_CRT 105
+# define AEPHK_F_AEP_RAND 106
+# define AEPHK_F_AEP_RSA_MOD_EXP 107
/* Reason codes. */
-#define AEPHK_R_ALREADY_LOADED 100
-#define AEPHK_R_CLOSE_HANDLES_FAILED 101
-#define AEPHK_R_CONNECTIONS_IN_USE 102
-#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define AEPHK_R_FINALIZE_FAILED 104
-#define AEPHK_R_GET_HANDLE_FAILED 105
-#define AEPHK_R_GET_RANDOM_FAILED 106
-#define AEPHK_R_INIT_FAILURE 107
-#define AEPHK_R_MISSING_KEY_COMPONENTS 108
-#define AEPHK_R_MOD_EXP_CRT_FAILED 109
-#define AEPHK_R_MOD_EXP_FAILED 110
-#define AEPHK_R_NOT_LOADED 111
-#define AEPHK_R_OK 112
-#define AEPHK_R_RETURN_CONNECTION_FAILED 113
-#define AEPHK_R_SETBNCALLBACK_FAILURE 114
-#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
-#define AEPHK_R_UNIT_FAILURE 115
+# define AEPHK_R_ALREADY_LOADED 100
+# define AEPHK_R_CLOSE_HANDLES_FAILED 101
+# define AEPHK_R_CONNECTIONS_IN_USE 102
+# define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define AEPHK_R_FINALIZE_FAILED 104
+# define AEPHK_R_GET_HANDLE_FAILED 105
+# define AEPHK_R_GET_RANDOM_FAILED 106
+# define AEPHK_R_INIT_FAILURE 107
+# define AEPHK_R_MISSING_KEY_COMPONENTS 108
+# define AEPHK_R_MOD_EXP_CRT_FAILED 109
+# define AEPHK_R_MOD_EXP_FAILED 110
+# define AEPHK_R_NOT_LOADED 111
+# define AEPHK_R_OK 112
+# define AEPHK_R_RETURN_CONNECTION_FAILED 113
+# define AEPHK_R_SETBNCALLBACK_FAILURE 114
+# define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
+# define AEPHK_R_UNIT_FAILURE 115
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_atalla.c b/openssl/engines/e_atalla.c
index fabaa86a5..6a324e676 100644
--- a/openssl/engines/e_atalla.c
+++ b/openssl/engines/e_atalla.c
@@ -1,6 +1,7 @@
/* crypto/engine/hw_atalla.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -63,545 +64,563 @@
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_ATALLA
+# ifndef OPENSSL_NO_HW_ATALLA
-#ifdef FLAT_INC
-#include "atalla.h"
-#else
-#include "vendor_defns/atalla.h"
-#endif
+# ifdef FLAT_INC
+# include "atalla.h"
+# else
+# include "vendor_defns/atalla.h"
+# endif
-#define ATALLA_LIB_NAME "atalla engine"
-#include "e_atalla_err.c"
+# define ATALLA_LIB_NAME "atalla engine"
+# include "e_atalla_err.c"
static int atalla_destroy(ENGINE *e);
static int atalla_init(ENGINE *e);
static int atalla_finish(ENGINE *e);
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
/* BIGNUM stuff */
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* RSA stuff */
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
/* DSA stuff */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
/* The definitions for control commands specific to this engine */
-#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
+# define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
- {ATALLA_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'atasi' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
+ {ATALLA_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'atasi' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD atalla_rsa =
- {
- "Atalla RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- atalla_rsa_mod_exp,
- atalla_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
+static RSA_METHOD atalla_rsa = {
+ "Atalla RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ atalla_rsa_mod_exp,
+ atalla_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD atalla_dsa =
- {
- "Atalla DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- atalla_dsa_mod_exp, /* dsa_mod_exp */
- atalla_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
+static DSA_METHOD atalla_dsa = {
+ "Atalla DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ atalla_dsa_mod_exp, /* dsa_mod_exp */
+ atalla_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD atalla_dh =
- {
- "Atalla DH method",
- NULL,
- NULL,
- atalla_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
+static DH_METHOD atalla_dh = {
+ "Atalla DH method",
+ NULL,
+ NULL,
+ atalla_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
/* Constants used when creating the ENGINE */
static const char *engine_atalla_id = "atalla";
static const char *engine_atalla_name = "Atalla hardware engine support";
-/* This internal function is used by ENGINE_atalla() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_atalla() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_atalla_id) ||
- !ENGINE_set_name(e, engine_atalla_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &atalla_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &atalla_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &atalla_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, atalla_destroy) ||
- !ENGINE_set_init_function(e, atalla_init) ||
- !ENGINE_set_finish_function(e, atalla_finish) ||
- !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
- !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the atalla-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
- atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- atalla_dh.generate_key = meth3->generate_key;
- atalla_dh.compute_key = meth3->compute_key;
-#endif
-
- /* Ensure the atalla error handling is set up */
- ERR_load_ATALLA_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+ if (!ENGINE_set_id(e, engine_atalla_id) ||
+ !ENGINE_set_name(e, engine_atalla_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &atalla_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &atalla_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &atalla_dh) ||
+# endif
+ !ENGINE_set_destroy_function(e, atalla_destroy) ||
+ !ENGINE_set_init_function(e, atalla_init) ||
+ !ENGINE_set_finish_function(e, atalla_finish) ||
+ !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
+ !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * atalla-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ atalla_dh.generate_key = meth3->generate_key;
+ atalla_dh.compute_key = meth3->compute_key;
+# endif
+
+ /* Ensure the atalla error handling is set up */
+ ERR_load_ATALLA_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_atalla(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_atalla(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_atalla();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Atalla library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_atalla();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * Atalla library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
static DSO *atalla_dso = NULL;
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
-static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
- * "atasi.so" rather than something more consistent like "libatasi.so". At the
- * time of writing, I'm not sure what the file name on win32 is but clearly
- * native name translation is not possible (eg libatasi.so on *nix, and
- * atasi.dll on win32). For the purposes of testing, I have created a symbollic
- * link called "libatasi.so" so that we can use native name-translation - a
- * better solution will be needed. */
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics =
+ NULL;
+
+/*
+ * These are the static string constants for the DSO file name and the
+ * function symbol names to bind to. Regrettably, the DSO name on *nix
+ * appears to be "atasi.so" rather than something more consistent like
+ * "libatasi.so". At the time of writing, I'm not sure what the file name on
+ * win32 is but clearly native name translation is not possible (eg
+ * libatasi.so on *nix, and atasi.dll on win32). For the purposes of testing,
+ * I have created a symbollic link called "libatasi.so" so that we can use
+ * native name-translation - a better solution will be needed.
+ */
static const char *ATALLA_LIBNAME = NULL;
static const char *get_ATALLA_LIBNAME(void)
- {
- if(ATALLA_LIBNAME)
- return ATALLA_LIBNAME;
- return "atasi";
- }
+{
+ if (ATALLA_LIBNAME)
+ return ATALLA_LIBNAME;
+ return "atasi";
+}
+
static void free_ATALLA_LIBNAME(void)
- {
- if(ATALLA_LIBNAME)
- OPENSSL_free((void*)ATALLA_LIBNAME);
- ATALLA_LIBNAME = NULL;
- }
+{
+ if (ATALLA_LIBNAME)
+ OPENSSL_free((void *)ATALLA_LIBNAME);
+ ATALLA_LIBNAME = NULL;
+}
+
static long set_ATALLA_LIBNAME(const char *name)
- {
- free_ATALLA_LIBNAME();
- return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
+{
+ free_ATALLA_LIBNAME();
+ return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
/* Destructor (complements the "ENGINE_atalla()" constructor) */
static int atalla_destroy(ENGINE *e)
- {
- free_ATALLA_LIBNAME();
- /* Unload the atalla error strings so any error state including our
- * functs or reasons won't lead to a segfault (they simply get displayed
- * without corresponding string data because none will be found). */
- ERR_unload_ATALLA_strings();
- return 1;
- }
+{
+ free_ATALLA_LIBNAME();
+ /*
+ * Unload the atalla error strings so any error state including our
+ * functs or reasons won't lead to a segfault (they simply get displayed
+ * without corresponding string data because none will be found).
+ */
+ ERR_unload_ATALLA_strings();
+ return 1;
+}
/* (de)initialisation functions. */
static int atalla_init(ENGINE *e)
- {
- tfnASI_GetHardwareConfig *p1;
- tfnASI_RSAPrivateKeyOpFn *p2;
- tfnASI_GetPerformanceStatistics *p3;
- /* Not sure of the origin of this magic value, but Ben's code had it
- * and it seemed to have been working for a few people. :-) */
- unsigned int config_buf[1024];
-
- if(atalla_dso != NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
- * changed unfortunately because the Atalla drivers don't have
- * standard library names that can be platform-translated well. */
- /* TODO: Work out how to actually map to the names the Atalla
- * drivers really use - for now a symbollic link needs to be
- * created on the host system from libatasi.so to atasi.so on
- * unix variants. */
- atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
- if(atalla_dso == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
- goto err;
- }
- if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
- atalla_dso, ATALLA_F1)) ||
- !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
- atalla_dso, ATALLA_F2)) ||
- !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
- atalla_dso, ATALLA_F3)))
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
- goto err;
- }
- /* Copy the pointers */
- p_Atalla_GetHardwareConfig = p1;
- p_Atalla_RSAPrivateKeyOpFn = p2;
- p_Atalla_GetPerformanceStatistics = p3;
- /* Perform a basic test to see if there's actually any unit
- * running. */
- if(p1(0L, config_buf) != 0)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
- goto err;
- }
- /* Everything's fine. */
- return 1;
-err:
- if(atalla_dso)
- DSO_free(atalla_dso);
- atalla_dso = NULL;
- p_Atalla_GetHardwareConfig = NULL;
- p_Atalla_RSAPrivateKeyOpFn = NULL;
- p_Atalla_GetPerformanceStatistics = NULL;
- return 0;
- }
+{
+ tfnASI_GetHardwareConfig *p1;
+ tfnASI_RSAPrivateKeyOpFn *p2;
+ tfnASI_GetPerformanceStatistics *p3;
+ /*
+ * Not sure of the origin of this magic value, but Ben's code had it and
+ * it seemed to have been working for a few people. :-)
+ */
+ unsigned int config_buf[1024];
+
+ if (atalla_dso != NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_ALREADY_LOADED);
+ goto err;
+ }
+ /*
+ * Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
+ * unfortunately because the Atalla drivers don't have standard library
+ * names that can be platform-translated well.
+ */
+ /*
+ * TODO: Work out how to actually map to the names the Atalla drivers
+ * really use - for now a symbollic link needs to be created on the host
+ * system from libatasi.so to atasi.so on unix variants.
+ */
+ atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
+ if (atalla_dso == NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ if (!
+ (p1 =
+ (tfnASI_GetHardwareConfig *) DSO_bind_func(atalla_dso, ATALLA_F1))
+|| !(p2 = (tfnASI_RSAPrivateKeyOpFn *) DSO_bind_func(atalla_dso, ATALLA_F2))
+|| !(p3 =
+ (tfnASI_GetPerformanceStatistics *) DSO_bind_func(atalla_dso,
+ ATALLA_F3))) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_Atalla_GetHardwareConfig = p1;
+ p_Atalla_RSAPrivateKeyOpFn = p2;
+ p_Atalla_GetPerformanceStatistics = p3;
+ /*
+ * Perform a basic test to see if there's actually any unit running.
+ */
+ if (p1(0L, config_buf) != 0) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_UNIT_FAILURE);
+ goto err;
+ }
+ /* Everything's fine. */
+ return 1;
+ err:
+ if (atalla_dso)
+ DSO_free(atalla_dso);
+ atalla_dso = NULL;
+ p_Atalla_GetHardwareConfig = NULL;
+ p_Atalla_RSAPrivateKeyOpFn = NULL;
+ p_Atalla_GetPerformanceStatistics = NULL;
+ return 0;
+}
static int atalla_finish(ENGINE *e)
- {
- free_ATALLA_LIBNAME();
- if(atalla_dso == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(atalla_dso))
- {
- ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
- return 0;
- }
- atalla_dso = NULL;
- p_Atalla_GetHardwareConfig = NULL;
- p_Atalla_RSAPrivateKeyOpFn = NULL;
- p_Atalla_GetPerformanceStatistics = NULL;
- return 1;
- }
-
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((atalla_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case ATALLA_CMD_SO_PATH:
- if(p == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
- return 0;
- }
- return set_ATALLA_LIBNAME((const char *)p);
- default:
- break;
- }
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
+{
+ free_ATALLA_LIBNAME();
+ if (atalla_dso == NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(atalla_dso)) {
+ ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_UNIT_FAILURE);
+ return 0;
+ }
+ atalla_dso = NULL;
+ p_Atalla_GetHardwareConfig = NULL;
+ p_Atalla_RSAPrivateKeyOpFn = NULL;
+ p_Atalla_GetPerformanceStatistics = NULL;
+ return 1;
+}
+
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((atalla_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case ATALLA_CMD_SO_PATH:
+ if (p == NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_ATALLA_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the Atalla API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
- BIGNUM *modulus;
- BIGNUM *exponent;
- BIGNUM *argument;
- BIGNUM *result;
- RSAPrivateKey keydata;
- int to_return, numbytes;
-
- modulus = exponent = argument = result = NULL;
- to_return = 0; /* expect failure */
-
- if(!atalla_dso)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
- goto err;
- }
- /* Prepare the params */
- BN_CTX_start(ctx);
- modulus = BN_CTX_get(ctx);
- exponent = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if (!result)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
- !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
- goto err;
- }
- /* Prepare the key-data */
- memset(&keydata, 0,sizeof keydata);
- numbytes = BN_num_bytes(m);
- memset(exponent->d, 0, numbytes);
- memset(modulus->d, 0, numbytes);
- BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
- BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
- keydata.privateExponent.data = (unsigned char *)exponent->d;
- keydata.privateExponent.len = numbytes;
- keydata.modulus.data = (unsigned char *)modulus->d;
- keydata.modulus.len = numbytes;
- /* Prepare the argument */
- memset(argument->d, 0, numbytes);
- memset(result->d, 0, numbytes);
- BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
- /* Perform the operation */
- if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
- (unsigned char *)argument->d,
- keydata.modulus.len) != 0)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, numbytes, r);
- to_return = 1;
-err:
- BN_CTX_end(ctx);
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
-
- if(!atalla_dso)
- {
- ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
- goto err;
- }
- if(!rsa->d || !rsa->n)
- {
- ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
-err:
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Atalla system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine atalla dsa1024 rsa1024". */
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ /*
+ * I need somewhere to store temporary serialised values for use with the
+ * Atalla API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
+ * access their arrays directly as byte arrays <grin>. This way I don't
+ * have to clean anything up.
+ */
+ BIGNUM *modulus;
+ BIGNUM *exponent;
+ BIGNUM *argument;
+ BIGNUM *result;
+ RSAPrivateKey keydata;
+ int to_return, numbytes;
+
+ modulus = exponent = argument = result = NULL;
+ to_return = 0; /* expect failure */
+
+ if (!atalla_dso) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ modulus = BN_CTX_get(ctx);
+ exponent = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if (!result) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+ !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ /* Prepare the key-data */
+ memset(&keydata, 0, sizeof keydata);
+ numbytes = BN_num_bytes(m);
+ memset(exponent->d, 0, numbytes);
+ memset(modulus->d, 0, numbytes);
+ BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+ BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+ keydata.privateExponent.data = (unsigned char *)exponent->d;
+ keydata.privateExponent.len = numbytes;
+ keydata.modulus.data = (unsigned char *)modulus->d;
+ keydata.modulus.len = numbytes;
+ /* Prepare the argument */
+ memset(argument->d, 0, numbytes);
+ memset(result->d, 0, numbytes);
+ BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+ /* Perform the operation */
+ if (p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+ (unsigned char *)argument->d,
+ keydata.modulus.len) != 0) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_REQUEST_FAILED);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, numbytes, r);
+ to_return = 1;
+ err:
+ BN_CTX_end(ctx);
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ int to_return = 0;
+
+ if (!atalla_dso) {
+ ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ if (!rsa->d || !rsa->n) {
+ ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,
+ ATALLA_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+ to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+ err:
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/*
+ * This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
+ * doesn't have a CRT form for RSA), this function means that an Atalla
+ * system running with a DSA server certificate can handshake around 5 or 6
+ * times faster/more than an equivalent system running with RSA. Just check
+ * out the "signs" statistics from the RSA and DSA parts of "openssl speed
+ * -engine atalla dsa1024 rsa1024".
+ */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!atalla_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!atalla_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return atalla_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return atalla_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return atalla_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_atalla_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+{
+ if (id && (strcmp(id, engine_atalla_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
-#endif /* !OPENSSL_NO_HW_ATALLA */
-#endif /* !OPENSSL_NO_HW */
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_ATALLA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_atalla_err.c b/openssl/engines/e_atalla_err.c
index fd3e0049c..ff4732238 100644
--- a/openssl/engines/e_atalla_err.c
+++ b/openssl/engines/e_atalla_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,85 +66,80 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA ATALLA_str_functs[]=
- {
-{ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
-{ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
-{ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
-{ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
-{ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ATALLA_str_reasons[]=
- {
-{ERR_REASON(ATALLA_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(ATALLA_R_BN_CTX_FULL) ,"bn ctx full"},
-{ERR_REASON(ATALLA_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(ATALLA_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(ATALLA_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(ATALLA_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA ATALLA_str_functs[] = {
+ {ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
+ {ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
+ {ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
+ {ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
+ {ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ATALLA_str_reasons[] = {
+ {ERR_REASON(ATALLA_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(ATALLA_R_BN_CTX_FULL), "bn ctx full"},
+ {ERR_REASON(ATALLA_R_BN_EXPAND_FAIL), "bn expand fail"},
+ {ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(ATALLA_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(ATALLA_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(ATALLA_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
#endif
#ifdef ATALLA_LIB_NAME
-static ERR_STRING_DATA ATALLA_lib_name[]=
- {
-{0 ,ATALLA_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA ATALLA_lib_name[] = {
+ {0, ATALLA_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int ATALLA_lib_error_code=0;
-static int ATALLA_error_init=1;
+static int ATALLA_lib_error_code = 0;
+static int ATALLA_error_init = 1;
static void ERR_load_ATALLA_strings(void)
- {
- if (ATALLA_lib_error_code == 0)
- ATALLA_lib_error_code=ERR_get_next_error_library();
+{
+ if (ATALLA_lib_error_code == 0)
+ ATALLA_lib_error_code = ERR_get_next_error_library();
- if (ATALLA_error_init)
- {
- ATALLA_error_init=0;
+ if (ATALLA_error_init) {
+ ATALLA_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
- ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+ ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_functs);
+ ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
#endif
#ifdef ATALLA_LIB_NAME
- ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
- ERR_load_strings(0,ATALLA_lib_name);
+ ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code, 0, 0);
+ ERR_load_strings(0, ATALLA_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_ATALLA_strings(void)
- {
- if (ATALLA_error_init == 0)
- {
+{
+ if (ATALLA_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
- ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+ ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_functs);
+ ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
#endif
#ifdef ATALLA_LIB_NAME
- ERR_unload_strings(0,ATALLA_lib_name);
+ ERR_unload_strings(0, ATALLA_lib_name);
#endif
- ATALLA_error_init=1;
- }
- }
+ ATALLA_error_init = 1;
+ }
+}
static void ERR_ATALLA_error(int function, int reason, char *file, int line)
- {
- if (ATALLA_lib_error_code == 0)
- ATALLA_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
- }
+{
+ if (ATALLA_lib_error_code == 0)
+ ATALLA_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(ATALLA_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_atalla_err.h b/openssl/engines/e_atalla_err.h
index 36e09bf42..7b71eff40 100644
--- a/openssl/engines/e_atalla_err.h
+++ b/openssl/engines/e_atalla_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,39 +53,40 @@
*/
#ifndef HEADER_ATALLA_ERR_H
-#define HEADER_ATALLA_ERR_H
+# define HEADER_ATALLA_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_ATALLA_strings(void);
static void ERR_unload_ATALLA_strings(void);
static void ERR_ATALLA_error(int function, int reason, char *file, int line);
-#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
/* Error codes for the ATALLA functions. */
/* Function codes. */
-#define ATALLA_F_ATALLA_CTRL 100
-#define ATALLA_F_ATALLA_FINISH 101
-#define ATALLA_F_ATALLA_INIT 102
-#define ATALLA_F_ATALLA_MOD_EXP 103
-#define ATALLA_F_ATALLA_RSA_MOD_EXP 104
+# define ATALLA_F_ATALLA_CTRL 100
+# define ATALLA_F_ATALLA_FINISH 101
+# define ATALLA_F_ATALLA_INIT 102
+# define ATALLA_F_ATALLA_MOD_EXP 103
+# define ATALLA_F_ATALLA_RSA_MOD_EXP 104
/* Reason codes. */
-#define ATALLA_R_ALREADY_LOADED 100
-#define ATALLA_R_BN_CTX_FULL 101
-#define ATALLA_R_BN_EXPAND_FAIL 102
-#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define ATALLA_R_MISSING_KEY_COMPONENTS 104
-#define ATALLA_R_NOT_LOADED 105
-#define ATALLA_R_REQUEST_FAILED 106
-#define ATALLA_R_UNIT_FAILURE 107
+# define ATALLA_R_ALREADY_LOADED 100
+# define ATALLA_R_BN_CTX_FULL 101
+# define ATALLA_R_BN_EXPAND_FAIL 102
+# define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define ATALLA_R_MISSING_KEY_COMPONENTS 104
+# define ATALLA_R_NOT_LOADED 105
+# define ATALLA_R_REQUEST_FAILED 106
+# define ATALLA_R_UNIT_FAILURE 107
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_capi.c b/openssl/engines/e_capi.c
index c1085b56c..43dd3106c 100644
--- a/openssl/engines/e_capi.c
+++ b/openssl/engines/e_capi.c
@@ -1,5 +1,6 @@
/* engines/e_capi.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -51,7 +52,6 @@
* ====================================================================
*/
-
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
@@ -59,17 +59,17 @@
#include <openssl/bn.h>
#ifdef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_NO_CAPIENG
+# ifndef OPENSSL_NO_CAPIENG
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
-#include <windows.h>
+# include <windows.h>
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0400
-#endif
+# ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
+# endif
-#include <wincrypt.h>
+# include <wincrypt.h>
/*
* This module uses several "new" interfaces, among which is
@@ -83,39 +83,38 @@
* Yes, it's rather "weak" test and if compilation fails,
* then re-configure with -DOPENSSL_NO_CAPIENG.
*/
-#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+# if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
defined(CERT_STORE_PROV_SYSTEM_A) && \
defined(CERT_STORE_READONLY_FLAG)
-# define __COMPILE_CAPIENG
-#endif /* CERT_KEY_PROV_INFO_PROP_ID */
-#endif /* OPENSSL_NO_CAPIENG */
-#endif /* OPENSSL_SYS_WIN32 */
+# define __COMPILE_CAPIENG
+# endif /* CERT_KEY_PROV_INFO_PROP_ID */
+# endif /* OPENSSL_NO_CAPIENG */
+#endif /* OPENSSL_SYS_WIN32 */
#ifdef __COMPILE_CAPIENG
-#undef X509_EXTENSIONS
-#undef X509_CERT_PAIR
+# undef X509_EXTENSIONS
+# undef X509_CERT_PAIR
/* Definitions which may be missing from earlier version of headers */
-#ifndef CERT_STORE_OPEN_EXISTING_FLAG
-#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
-#endif
-
-#ifndef CERT_STORE_CREATE_NEW_FLAG
-#define CERT_STORE_CREATE_NEW_FLAG 0x00002000
-#endif
+# ifndef CERT_STORE_OPEN_EXISTING_FLAG
+# define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
+# endif
-#ifndef CERT_SYSTEM_STORE_CURRENT_USER
-#define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000
-#endif
+# ifndef CERT_STORE_CREATE_NEW_FLAG
+# define CERT_STORE_CREATE_NEW_FLAG 0x00002000
+# endif
-#include <openssl/engine.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
+# ifndef CERT_SYSTEM_STORE_CURRENT_USER
+# define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000
+# endif
-#include "e_capi_err.h"
-#include "e_capi_err.c"
+# include <openssl/engine.h>
+# include <openssl/pem.h>
+# include <openssl/x509v3.h>
+# include "e_capi_err.h"
+# include "e_capi_err.c"
static const char *engine_capi_id = "capi";
static const char *engine_capi_name = "CryptoAPI ENGINE";
@@ -126,1717 +125,1646 @@ typedef struct CAPI_KEY_st CAPI_KEY;
static void capi_addlasterror(void);
static void capi_adderror(DWORD err);
-static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
+static void CAPI_trace(CAPI_CTX * ctx, char *format, ...);
-static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
-static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
-int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
-void capi_free_key(CAPI_KEY *key);
+static int capi_list_providers(CAPI_CTX * ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX * ctx, BIO *out);
+int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY * key);
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore);
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
+ HCERTSTORE hstore);
-CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
+CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id);
static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+ UI_METHOD *ui_method, void *callback_data);
+static int capi_rsa_sign(int dtype, const unsigned char *m,
+ unsigned int m_len, unsigned char *sigret,
+ unsigned int *siglen, const RSA *rsa);
static int capi_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ unsigned char *to, RSA *rsa, int padding);
static int capi_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ unsigned char *to, RSA *rsa, int padding);
static int capi_rsa_free(RSA *rsa);
static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
- DSA *dsa);
+ DSA *dsa);
static int capi_dsa_free(DSA *dsa);
static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **pkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method,
+ void *callback_data);
static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-#ifdef OPENSSL_CAPIENG_DIALOG
+# ifdef OPENSSL_CAPIENG_DIALOG
static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-#endif
+# endif
-typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
- LPCWSTR, DWORD, DWORD,
- void *);
-typedef HWND (WINAPI *GETCONSWIN)(void);
+typedef PCCERT_CONTEXT(WINAPI *CERTDLG) (HCERTSTORE, HWND, LPCWSTR,
+ LPCWSTR, DWORD, DWORD, void *);
+typedef HWND(WINAPI *GETCONSWIN) (void);
-/* This structure contains CAPI ENGINE specific data:
- * it contains various global options and affects how
- * other functions behave.
+/*
+ * This structure contains CAPI ENGINE specific data: it contains various
+ * global options and affects how other functions behave.
*/
-#define CAPI_DBG_TRACE 2
-#define CAPI_DBG_ERROR 1
+# define CAPI_DBG_TRACE 2
+# define CAPI_DBG_ERROR 1
struct CAPI_CTX_st {
- int debug_level;
- char *debug_file;
- /* Parameters to use for container lookup */
- DWORD keytype;
- LPSTR cspname;
- DWORD csptype;
- /* Certificate store name to use */
- LPSTR storename;
- LPSTR ssl_client_store;
- /* System store flags */
- DWORD store_flags;
-
+ int debug_level;
+ char *debug_file;
+ /* Parameters to use for container lookup */
+ DWORD keytype;
+ LPSTR cspname;
+ DWORD csptype;
+ /* Certificate store name to use */
+ LPSTR storename;
+ LPSTR ssl_client_store;
+ /* System store flags */
+ DWORD store_flags;
/* Lookup string meanings in load_private_key */
/* Substring of subject: uses "storename" */
-#define CAPI_LU_SUBSTR 1
+# define CAPI_LU_SUBSTR 1
/* Friendly name: uses storename */
-#define CAPI_LU_FNAME 2
+# define CAPI_LU_FNAME 2
/* Container name: uses cspname, keytype */
-#define CAPI_LU_CONTNAME 3
- int lookup_method;
+# define CAPI_LU_CONTNAME 3
+ int lookup_method;
/* Info to dump with dumpcerts option */
/* Issuer and serial name strings */
-#define CAPI_DMP_SUMMARY 0x1
+# define CAPI_DMP_SUMMARY 0x1
/* Friendly name */
-#define CAPI_DMP_FNAME 0x2
+# define CAPI_DMP_FNAME 0x2
/* Full X509_print dump */
-#define CAPI_DMP_FULL 0x4
+# define CAPI_DMP_FULL 0x4
/* Dump PEM format certificate */
-#define CAPI_DMP_PEM 0x8
+# define CAPI_DMP_PEM 0x8
/* Dump pseudo key (if possible) */
-#define CAPI_DMP_PSKEY 0x10
+# define CAPI_DMP_PSKEY 0x10
/* Dump key info (if possible) */
-#define CAPI_DMP_PKEYINFO 0x20
-
- DWORD dump_flags;
- int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-
- CERTDLG certselectdlg;
- GETCONSWIN getconswindow;
+# define CAPI_DMP_PKEYINFO 0x20
+ DWORD dump_flags;
+ int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+ CERTDLG certselectdlg;
+ GETCONSWIN getconswindow;
};
-
static CAPI_CTX *capi_ctx_new();
-static void capi_ctx_free(CAPI_CTX *ctx);
-static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check);
-static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
-
-#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE
-#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1)
-#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2)
-#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3)
-#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4)
-#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5)
-#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6)
-#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7)
-#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8)
-#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9)
-#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10)
-#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11)
-#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12)
-#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13)
+static void capi_ctx_free(CAPI_CTX * ctx);
+static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
+ int check);
+static int capi_ctx_set_provname_idx(CAPI_CTX * ctx, int idx);
+
+# define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE
+# define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1)
+# define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2)
+# define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3)
+# define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4)
+# define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5)
+# define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6)
+# define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7)
+# define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8)
+# define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9)
+# define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10)
+# define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11)
+# define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12)
+# define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13)
static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
- {CAPI_CMD_LIST_CERTS,
- "list_certs",
- "List all certificates in store",
- ENGINE_CMD_FLAG_NO_INPUT},
- {CAPI_CMD_LOOKUP_CERT,
- "lookup_cert",
- "Lookup and output certificates",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_DEBUG_LEVEL,
- "debug_level",
- "debug level (1=errors, 2=trace)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_DEBUG_FILE,
- "debug_file",
- "debugging filename)",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_KEYTYPE,
- "key_type",
- "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_LIST_CSPS,
- "list_csps",
- "List all CSPs",
- ENGINE_CMD_FLAG_NO_INPUT},
- {CAPI_CMD_SET_CSP_IDX,
- "csp_idx",
- "Set CSP by index",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_SET_CSP_NAME,
- "csp_name",
- "Set CSP name, (default CSP used if not specified)",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_SET_CSP_TYPE,
- "csp_type",
- "Set CSP type, (default RSA_PROV_FULL)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_LIST_CONTAINERS,
- "list_containers",
- "list container names",
- ENGINE_CMD_FLAG_NO_INPUT},
- {CAPI_CMD_LIST_OPTIONS,
- "list_options",
- "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
- "32=private key info)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_LOOKUP_METHOD,
- "lookup_method",
- "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_STORE_NAME,
- "store_name",
- "certificate store name, default \"MY\"",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_STORE_FLAGS,
- "store_flags",
- "Certificate store flags: 1 = system store",
- ENGINE_CMD_FLAG_NUMERIC},
-
- {0, NULL, NULL, 0}
- };
+ {CAPI_CMD_LIST_CERTS,
+ "list_certs",
+ "List all certificates in store",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_LOOKUP_CERT,
+ "lookup_cert",
+ "Lookup and output certificates",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_DEBUG_LEVEL,
+ "debug_level",
+ "debug level (1=errors, 2=trace)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_DEBUG_FILE,
+ "debug_file",
+ "debugging filename)",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_KEYTYPE,
+ "key_type",
+ "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LIST_CSPS,
+ "list_csps",
+ "List all CSPs",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_SET_CSP_IDX,
+ "csp_idx",
+ "Set CSP by index",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_SET_CSP_NAME,
+ "csp_name",
+ "Set CSP name, (default CSP used if not specified)",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_SET_CSP_TYPE,
+ "csp_type",
+ "Set CSP type, (default RSA_PROV_FULL)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LIST_CONTAINERS,
+ "list_containers",
+ "list container names",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_LIST_OPTIONS,
+ "list_options",
+ "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
+ "32=private key info)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LOOKUP_METHOD,
+ "lookup_method",
+ "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_STORE_NAME,
+ "store_name",
+ "certificate store name, default \"MY\"",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_STORE_FLAGS,
+ "store_flags",
+ "Certificate store flags: 1 = system store",
+ ENGINE_CMD_FLAG_NUMERIC},
+
+ {0, NULL, NULL, 0}
+};
static int capi_idx = -1;
static int rsa_capi_idx = -1;
static int dsa_capi_idx = -1;
static int cert_capi_idx = -1;
-static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int ret = 1;
- CAPI_CTX *ctx;
- BIO *out;
- if (capi_idx == -1)
- {
- CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
- return 0;
- }
- ctx = ENGINE_get_ex_data(e, capi_idx);
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- switch (cmd)
- {
- case CAPI_CMD_LIST_CSPS:
- ret = capi_list_providers(ctx, out);
- break;
-
- case CAPI_CMD_LIST_CERTS:
- ret = capi_list_certs(ctx, out, NULL);
- break;
-
- case CAPI_CMD_LOOKUP_CERT:
- ret = capi_list_certs(ctx, out, p);
- break;
-
- case CAPI_CMD_LIST_CONTAINERS:
- ret = capi_list_containers(ctx, out);
- break;
-
- case CAPI_CMD_STORE_NAME:
- if (ctx->storename)
- OPENSSL_free(ctx->storename);
- ctx->storename = BUF_strdup(p);
- CAPI_trace(ctx, "Setting store name to %s\n", p);
- break;
-
- case CAPI_CMD_STORE_FLAGS:
- if (i & 1)
- {
- ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
- ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
- }
- else
- {
- ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
- ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
- }
- CAPI_trace(ctx, "Setting flags to %d\n", i);
- break;
-
- case CAPI_CMD_DEBUG_LEVEL:
- ctx->debug_level = (int)i;
- CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
- break;
-
- case CAPI_CMD_DEBUG_FILE:
- ctx->debug_file = BUF_strdup(p);
- CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
- break;
-
- case CAPI_CMD_KEYTYPE:
- ctx->keytype = i;
- CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
- break;
-
- case CAPI_CMD_SET_CSP_IDX:
- ret = capi_ctx_set_provname_idx(ctx, i);
- break;
-
- case CAPI_CMD_LIST_OPTIONS:
- ctx->dump_flags = i;
- break;
-
- case CAPI_CMD_LOOKUP_METHOD:
- if (i < 1 || i > 3)
- {
- CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
- return 0;
- }
- ctx->lookup_method = i;
- break;
-
- case CAPI_CMD_SET_CSP_NAME:
- ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
- break;
-
- case CAPI_CMD_SET_CSP_TYPE:
- ctx->csptype = i;
- break;
-
- default:
- CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
- ret = 0;
- }
-
- BIO_free(out);
- return ret;
-
- }
-
-static RSA_METHOD capi_rsa_method =
- {
- "CryptoAPI RSA method",
- 0, /* pub_enc */
- 0, /* pub_dec */
- capi_rsa_priv_enc, /* priv_enc */
- capi_rsa_priv_dec, /* priv_dec */
- 0, /* rsa_mod_exp */
- 0, /* bn_mod_exp */
- 0, /* init */
- capi_rsa_free, /* finish */
- RSA_FLAG_SIGN_VER, /* flags */
- NULL, /* app_data */
- capi_rsa_sign, /* rsa_sign */
- 0 /* rsa_verify */
- };
-
-static DSA_METHOD capi_dsa_method =
- {
- "CryptoAPI DSA method",
- capi_dsa_do_sign, /* dsa_do_sign */
- 0, /* dsa_sign_setup */
- 0, /* dsa_do_verify */
- 0, /* dsa_mod_exp */
- 0, /* bn_mod_exp */
- 0, /* init */
- capi_dsa_free, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- 0, /* dsa_paramgen */
- 0 /* dsa_keygen */
- };
-
-static int capi_init(ENGINE *e)
- {
- CAPI_CTX *ctx;
- const RSA_METHOD *ossl_rsa_meth;
- const DSA_METHOD *ossl_dsa_meth;
-
- if (capi_idx < 0)
- {
- capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
- if (capi_idx < 0)
- goto memerr;
-
- cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
-
- /* Setup RSA_METHOD */
- rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
- ossl_rsa_meth = RSA_PKCS1_SSLeay();
- capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
- capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
- capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
- capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
-
- /* Setup DSA Method */
- dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
- ossl_dsa_meth = DSA_OpenSSL();
- capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
- capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
- capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
- }
-
- ctx = capi_ctx_new();
- if (!ctx)
- goto memerr;
-
- ENGINE_set_ex_data(e, capi_idx, ctx);
-
-#ifdef OPENSSL_CAPIENG_DIALOG
- {
- HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
- HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
- if (cryptui)
- ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
- if (kernel)
- ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow");
- if (cryptui && !OPENSSL_isservice())
- ctx->client_cert_select = cert_select_dialog;
- }
-#endif
-
-
- return 1;
+static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int ret = 1;
+ CAPI_CTX *ctx;
+ BIO *out;
+ if (capi_idx == -1) {
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
+ return 0;
+ }
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ switch (cmd) {
+ case CAPI_CMD_LIST_CSPS:
+ ret = capi_list_providers(ctx, out);
+ break;
+
+ case CAPI_CMD_LIST_CERTS:
+ ret = capi_list_certs(ctx, out, NULL);
+ break;
+
+ case CAPI_CMD_LOOKUP_CERT:
+ ret = capi_list_certs(ctx, out, p);
+ break;
+
+ case CAPI_CMD_LIST_CONTAINERS:
+ ret = capi_list_containers(ctx, out);
+ break;
+
+ case CAPI_CMD_STORE_NAME:
+ if (ctx->storename)
+ OPENSSL_free(ctx->storename);
+ ctx->storename = BUF_strdup(p);
+ CAPI_trace(ctx, "Setting store name to %s\n", p);
+ break;
+
+ case CAPI_CMD_STORE_FLAGS:
+ if (i & 1) {
+ ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
+ ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
+ } else {
+ ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
+ ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
+ }
+ CAPI_trace(ctx, "Setting flags to %d\n", i);
+ break;
+
+ case CAPI_CMD_DEBUG_LEVEL:
+ ctx->debug_level = (int)i;
+ CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
+ break;
+
+ case CAPI_CMD_DEBUG_FILE:
+ ctx->debug_file = BUF_strdup(p);
+ CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+ break;
+
+ case CAPI_CMD_KEYTYPE:
+ ctx->keytype = i;
+ CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
+ break;
+
+ case CAPI_CMD_SET_CSP_IDX:
+ ret = capi_ctx_set_provname_idx(ctx, i);
+ break;
+
+ case CAPI_CMD_LIST_OPTIONS:
+ ctx->dump_flags = i;
+ break;
+
+ case CAPI_CMD_LOOKUP_METHOD:
+ if (i < 1 || i > 3) {
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+ return 0;
+ }
+ ctx->lookup_method = i;
+ break;
+
+ case CAPI_CMD_SET_CSP_NAME:
+ ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
+ break;
+
+ case CAPI_CMD_SET_CSP_TYPE:
+ ctx->csptype = i;
+ break;
+
+ default:
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
+ ret = 0;
+ }
+
+ BIO_free(out);
+ return ret;
+
+}
+
+static RSA_METHOD capi_rsa_method = {
+ "CryptoAPI RSA method",
+ 0, /* pub_enc */
+ 0, /* pub_dec */
+ capi_rsa_priv_enc, /* priv_enc */
+ capi_rsa_priv_dec, /* priv_dec */
+ 0, /* rsa_mod_exp */
+ 0, /* bn_mod_exp */
+ 0, /* init */
+ capi_rsa_free, /* finish */
+ RSA_FLAG_SIGN_VER, /* flags */
+ NULL, /* app_data */
+ capi_rsa_sign, /* rsa_sign */
+ 0 /* rsa_verify */
+};
- memerr:
- CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
- return 0;
+static DSA_METHOD capi_dsa_method = {
+ "CryptoAPI DSA method",
+ capi_dsa_do_sign, /* dsa_do_sign */
+ 0, /* dsa_sign_setup */
+ 0, /* dsa_do_verify */
+ 0, /* dsa_mod_exp */
+ 0, /* bn_mod_exp */
+ 0, /* init */
+ capi_dsa_free, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ 0, /* dsa_paramgen */
+ 0 /* dsa_keygen */
+};
- return 1;
- }
+static int capi_init(ENGINE *e)
+{
+ CAPI_CTX *ctx;
+ const RSA_METHOD *ossl_rsa_meth;
+ const DSA_METHOD *ossl_dsa_meth;
+
+ if (capi_idx < 0) {
+ capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ if (capi_idx < 0)
+ goto memerr;
+
+ cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+ /* Setup RSA_METHOD */
+ rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ ossl_rsa_meth = RSA_PKCS1_SSLeay();
+ capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+ capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+ capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+ capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+
+ /* Setup DSA Method */
+ dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ ossl_dsa_meth = DSA_OpenSSL();
+ capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+ capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+ capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+ }
+
+ ctx = capi_ctx_new();
+ if (!ctx)
+ goto memerr;
+
+ ENGINE_set_ex_data(e, capi_idx, ctx);
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+ {
+ HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+ HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
+ if (cryptui)
+ ctx->certselectdlg =
+ (CERTDLG) GetProcAddress(cryptui,
+ "CryptUIDlgSelectCertificateFromStore");
+ if (kernel)
+ ctx->getconswindow =
+ (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
+ if (cryptui && !OPENSSL_isservice())
+ ctx->client_cert_select = cert_select_dialog;
+ }
+# endif
+
+ return 1;
+
+ memerr:
+ CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+
+ return 1;
+}
static int capi_destroy(ENGINE *e)
- {
- ERR_unload_CAPI_strings();
- return 1;
- }
+{
+ ERR_unload_CAPI_strings();
+ return 1;
+}
static int capi_finish(ENGINE *e)
- {
- CAPI_CTX *ctx;
- ctx = ENGINE_get_ex_data(e, capi_idx);
- capi_ctx_free(ctx);
- ENGINE_set_ex_data(e, capi_idx, NULL);
- return 1;
- }
-
-
-/* CryptoAPI key application data. This contains
- * a handle to the private key container (for sign operations)
- * and a handle to the key (for decrypt operations).
+{
+ CAPI_CTX *ctx;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ capi_ctx_free(ctx);
+ ENGINE_set_ex_data(e, capi_idx, NULL);
+ return 1;
+}
+
+/*
+ * CryptoAPI key application data. This contains a handle to the private key
+ * container (for sign operations) and a handle to the key (for decrypt
+ * operations).
*/
-struct CAPI_KEY_st
- {
- /* Associated certificate context (if any) */
- PCCERT_CONTEXT pcert;
- HCRYPTPROV hprov;
- HCRYPTKEY key;
- DWORD keyspec;
- };
+struct CAPI_KEY_st {
+ /* Associated certificate context (if any) */
+ PCCERT_CONTEXT pcert;
+ HCRYPTPROV hprov;
+ HCRYPTKEY key;
+ DWORD keyspec;
+};
static int bind_capi(ENGINE *e)
- {
- if (!ENGINE_set_id(e, engine_capi_id)
- || !ENGINE_set_name(e, engine_capi_name)
- || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
- || !ENGINE_set_init_function(e, capi_init)
- || !ENGINE_set_finish_function(e, capi_finish)
- || !ENGINE_set_destroy_function(e, capi_destroy)
- || !ENGINE_set_RSA(e, &capi_rsa_method)
- || !ENGINE_set_DSA(e, &capi_dsa_method)
- || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
- || !ENGINE_set_load_ssl_client_cert_function(e,
- capi_load_ssl_client_cert)
- || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
- || !ENGINE_set_ctrl_function(e, capi_ctrl))
- return 0;
- ERR_load_CAPI_strings();
-
- return 1;
-
- }
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+{
+ if (!ENGINE_set_id(e, engine_capi_id)
+ || !ENGINE_set_name(e, engine_capi_name)
+ || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
+ || !ENGINE_set_init_function(e, capi_init)
+ || !ENGINE_set_finish_function(e, capi_finish)
+ || !ENGINE_set_destroy_function(e, capi_destroy)
+ || !ENGINE_set_RSA(e, &capi_rsa_method)
+ || !ENGINE_set_DSA(e, &capi_dsa_method)
+ || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
+ || !ENGINE_set_load_ssl_client_cert_function(e,
+ capi_load_ssl_client_cert)
+ || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
+ || !ENGINE_set_ctrl_function(e, capi_ctrl))
+ return 0;
+ ERR_load_CAPI_strings();
+
+ return 1;
+
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_capi_id) != 0))
- return 0;
- if(!bind_capi(e))
- return 0;
- return 1;
- }
+{
+ if (id && (strcmp(id, engine_capi_id) != 0))
+ return 0;
+ if (!bind_capi(e))
+ return 0;
+ return 1;
+}
+
IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
static ENGINE *engine_capi(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_capi(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_capi(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_capi(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_capi();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_capi();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
- {
- int i;
- /* Reverse buffer in place: since this is a keyblob structure
- * that will be freed up after conversion anyway it doesn't
- * matter if we change it.
- */
- for(i = 0; i < binlen / 2; i++)
- {
- unsigned char c;
- c = bin[i];
- bin[i] = bin[binlen - i - 1];
- bin[binlen - i - 1] = c;
- }
-
- if (!BN_bin2bn(bin, binlen, bn))
- return 0;
- return 1;
- }
+{
+ int i;
+ /*
+ * Reverse buffer in place: since this is a keyblob structure that will
+ * be freed up after conversion anyway it doesn't matter if we change
+ * it.
+ */
+ for (i = 0; i < binlen / 2; i++) {
+ unsigned char c;
+ c = bin[i];
+ bin[i] = bin[binlen - i - 1];
+ bin[binlen - i - 1] = c;
+ }
+
+ if (!BN_bin2bn(bin, binlen, bn))
+ return 0;
+ return 1;
+}
/* Given a CAPI_KEY get an EVP_PKEY structure */
-static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
- {
- unsigned char *pubkey = NULL;
- DWORD len;
- BLOBHEADER *bh;
- RSA *rkey = NULL;
- DSA *dkey = NULL;
- EVP_PKEY *ret = NULL;
- if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
- {
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
- capi_addlasterror();
- return NULL;
- }
-
- pubkey = OPENSSL_malloc(len);
-
- if (!pubkey)
- goto memerr;
-
- if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
- {
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
- capi_addlasterror();
- goto err;
- }
-
- bh = (BLOBHEADER *)pubkey;
- if (bh->bType != PUBLICKEYBLOB)
- {
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
- goto err;
- }
- if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
- {
- RSAPUBKEY *rp;
- DWORD rsa_modlen;
- unsigned char *rsa_modulus;
- rp = (RSAPUBKEY *)(bh + 1);
- if (rp->magic != 0x31415352)
- {
- char magstr[10];
- BIO_snprintf(magstr, 10, "%lx", rp->magic);
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
- ERR_add_error_data(2, "magic=0x", magstr);
- goto err;
- }
- rsa_modulus = (unsigned char *)(rp + 1);
- rkey = RSA_new_method(eng);
- if (!rkey)
- goto memerr;
-
- rkey->e = BN_new();
- rkey->n = BN_new();
-
- if (!rkey->e || !rkey->n)
- goto memerr;
-
- if (!BN_set_word(rkey->e, rp->pubexp))
- goto memerr;
-
- rsa_modlen = rp->bitlen / 8;
- if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
- goto memerr;
-
- RSA_set_ex_data(rkey, rsa_capi_idx, key);
-
- if (!(ret = EVP_PKEY_new()))
- goto memerr;
-
- EVP_PKEY_assign_RSA(ret, rkey);
- rkey = NULL;
-
- }
- else if (bh->aiKeyAlg == CALG_DSS_SIGN)
- {
- DSSPUBKEY *dp;
- DWORD dsa_plen;
- unsigned char *btmp;
- dp = (DSSPUBKEY *)(bh + 1);
- if (dp->magic != 0x31535344)
- {
- char magstr[10];
- BIO_snprintf(magstr, 10, "%lx", dp->magic);
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
- ERR_add_error_data(2, "magic=0x", magstr);
- goto err;
- }
- dsa_plen = dp->bitlen / 8;
- btmp = (unsigned char *)(dp + 1);
- dkey = DSA_new_method(eng);
- if (!dkey)
- goto memerr;
- dkey->p = BN_new();
- dkey->q = BN_new();
- dkey->g = BN_new();
- dkey->pub_key = BN_new();
- if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
- goto memerr;
- if (!lend_tobn(dkey->p, btmp, dsa_plen))
- goto memerr;
- btmp += dsa_plen;
- if (!lend_tobn(dkey->q, btmp, 20))
- goto memerr;
- btmp += 20;
- if (!lend_tobn(dkey->g, btmp, dsa_plen))
- goto memerr;
- btmp += dsa_plen;
- if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
- goto memerr;
- btmp += dsa_plen;
-
- DSA_set_ex_data(dkey, dsa_capi_idx, key);
-
- if (!(ret = EVP_PKEY_new()))
- goto memerr;
-
- EVP_PKEY_assign_DSA(ret, dkey);
- dkey = NULL;
- }
- else
- {
- char algstr[10];
- BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
- ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
- goto err;
- }
-
-
- err:
- if (pubkey)
- OPENSSL_free(pubkey);
- if (!ret)
- {
- if (rkey)
- RSA_free(rkey);
- if (dkey)
- DSA_free(dkey);
- }
-
- return ret;
-
-memerr:
- CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
- goto err;
-
- }
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
+{
+ unsigned char *pubkey = NULL;
+ DWORD len;
+ BLOBHEADER *bh;
+ RSA *rkey = NULL;
+ DSA *dkey = NULL;
+ EVP_PKEY *ret = NULL;
+ if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
+ capi_addlasterror();
+ return NULL;
+ }
+
+ pubkey = OPENSSL_malloc(len);
+
+ if (!pubkey)
+ goto memerr;
+
+ if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
+ capi_addlasterror();
+ goto err;
+ }
+
+ bh = (BLOBHEADER *) pubkey;
+ if (bh->bType != PUBLICKEYBLOB) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
+ goto err;
+ }
+ if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) {
+ RSAPUBKEY *rp;
+ DWORD rsa_modlen;
+ unsigned char *rsa_modulus;
+ rp = (RSAPUBKEY *) (bh + 1);
+ if (rp->magic != 0x31415352) {
+ char magstr[10];
+ BIO_snprintf(magstr, 10, "%lx", rp->magic);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY,
+ CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+ ERR_add_error_data(2, "magic=0x", magstr);
+ goto err;
+ }
+ rsa_modulus = (unsigned char *)(rp + 1);
+ rkey = RSA_new_method(eng);
+ if (!rkey)
+ goto memerr;
+
+ rkey->e = BN_new();
+ rkey->n = BN_new();
+
+ if (!rkey->e || !rkey->n)
+ goto memerr;
+
+ if (!BN_set_word(rkey->e, rp->pubexp))
+ goto memerr;
+
+ rsa_modlen = rp->bitlen / 8;
+ if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
+ goto memerr;
+
+ RSA_set_ex_data(rkey, rsa_capi_idx, key);
+
+ if (!(ret = EVP_PKEY_new()))
+ goto memerr;
+
+ EVP_PKEY_assign_RSA(ret, rkey);
+ rkey = NULL;
+
+ } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
+ DSSPUBKEY *dp;
+ DWORD dsa_plen;
+ unsigned char *btmp;
+ dp = (DSSPUBKEY *) (bh + 1);
+ if (dp->magic != 0x31535344) {
+ char magstr[10];
+ BIO_snprintf(magstr, 10, "%lx", dp->magic);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY,
+ CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+ ERR_add_error_data(2, "magic=0x", magstr);
+ goto err;
+ }
+ dsa_plen = dp->bitlen / 8;
+ btmp = (unsigned char *)(dp + 1);
+ dkey = DSA_new_method(eng);
+ if (!dkey)
+ goto memerr;
+ dkey->p = BN_new();
+ dkey->q = BN_new();
+ dkey->g = BN_new();
+ dkey->pub_key = BN_new();
+ if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
+ goto memerr;
+ if (!lend_tobn(dkey->p, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+ if (!lend_tobn(dkey->q, btmp, 20))
+ goto memerr;
+ btmp += 20;
+ if (!lend_tobn(dkey->g, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+ if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+
+ DSA_set_ex_data(dkey, dsa_capi_idx, key);
+
+ if (!(ret = EVP_PKEY_new()))
+ goto memerr;
+
+ EVP_PKEY_assign_DSA(ret, dkey);
+ dkey = NULL;
+ } else {
+ char algstr[10];
+ BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY,
+ CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
+ ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
+ goto err;
+ }
+
+ err:
+ if (pubkey)
+ OPENSSL_free(pubkey);
+ if (!ret) {
+ if (rkey)
+ RSA_free(rkey);
+ if (dkey)
+ DSA_free(dkey);
+ }
+
+ return ret;
+
+ memerr:
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+
+}
static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- CAPI_CTX *ctx;
- CAPI_KEY *key;
- EVP_PKEY *ret;
- ctx = ENGINE_get_ex_data(eng, capi_idx);
+ UI_METHOD *ui_method, void *callback_data)
+{
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ EVP_PKEY *ret;
+ ctx = ENGINE_get_ex_data(eng, capi_idx);
- if (!ctx)
- {
- CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
- return NULL;
- }
+ if (!ctx) {
+ CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
+ return NULL;
+ }
- key = capi_find_key(ctx, key_id);
+ key = capi_find_key(ctx, key_id);
- if (!key)
- return NULL;
+ if (!key)
+ return NULL;
- ret = capi_get_pkey(eng, key);
+ ret = capi_get_pkey(eng, key);
- if (!ret)
- capi_free_key(key);
- return ret;
+ if (!ret)
+ capi_free_key(key);
+ return ret;
- }
+}
/* CryptoAPI RSA operations */
int capi_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
- return -1;
- }
+ unsigned char *to, RSA *rsa, int padding)
+{
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+ return -1;
+}
int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- {
- ALG_ID alg;
- HCRYPTHASH hash;
- DWORD slen;
- unsigned int i;
- int ret = -1;
- CAPI_KEY *capi_key;
- CAPI_CTX *ctx;
-
- ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
-
- CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
-
- capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
- if (!capi_key)
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
- return -1;
- }
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+{
+ ALG_ID alg;
+ HCRYPTHASH hash;
+ DWORD slen;
+ unsigned int i;
+ int ret = -1;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+
+ ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
+
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ if (!capi_key) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
+ return -1;
+ }
/* Convert the signature type to a CryptoAPI algorithm ID */
- switch(dtype)
- {
- case NID_sha1:
- alg = CALG_SHA1;
- break;
-
- case NID_md5:
- alg = CALG_MD5;
- break;
-
- case NID_md5_sha1:
- alg = CALG_SSL3_SHAMD5;
- break;
- default:
- {
- char algstr[10];
- BIO_snprintf(algstr, 10, "%lx", dtype);
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
- ERR_add_error_data(2, "NID=0x", algstr);
- return -1;
- }
- }
-
-
+ switch (dtype) {
+ case NID_sha1:
+ alg = CALG_SHA1;
+ break;
+
+ case NID_md5:
+ alg = CALG_MD5;
+ break;
+
+ case NID_md5_sha1:
+ alg = CALG_SSL3_SHAMD5;
+ break;
+ default:
+ {
+ char algstr[10];
+ BIO_snprintf(algstr, 10, "%lx", dtype);
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
+ ERR_add_error_data(2, "NID=0x", algstr);
+ return -1;
+ }
+ }
/* Create the hash object */
- if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
- capi_addlasterror();
- return -1;
- }
+ if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+ capi_addlasterror();
+ return -1;
+ }
/* Set the hash value to the value passed */
- if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
- capi_addlasterror();
- goto err;
- }
-
+ if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+ capi_addlasterror();
+ goto err;
+ }
/* Finally sign it */
- slen = RSA_size(rsa);
- if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
- capi_addlasterror();
- goto err;
- }
- else
- {
- ret = 1;
- /* Inplace byte reversal of signature */
- for(i = 0; i < slen / 2; i++)
- {
- unsigned char c;
- c = sigret[i];
- sigret[i] = sigret[slen - i - 1];
- sigret[slen - i - 1] = c;
- }
- *siglen = slen;
- }
-
- /* Now cleanup */
-
-err:
- CryptDestroyHash(hash);
-
- return ret;
- }
+ slen = RSA_size(rsa);
+ if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+ capi_addlasterror();
+ goto err;
+ } else {
+ ret = 1;
+ /* Inplace byte reversal of signature */
+ for (i = 0; i < slen / 2; i++) {
+ unsigned char c;
+ c = sigret[i];
+ sigret[i] = sigret[slen - i - 1];
+ sigret[slen - i - 1] = c;
+ }
+ *siglen = slen;
+ }
+
+ /* Now cleanup */
+
+ err:
+ CryptDestroyHash(hash);
+
+ return ret;
+}
int capi_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- int i;
- unsigned char *tmpbuf;
- CAPI_KEY *capi_key;
- CAPI_CTX *ctx;
- ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
-
- CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
-
-
- capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
- if (!capi_key)
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
- return -1;
- }
-
- if(padding != RSA_PKCS1_PADDING)
- {
- char errstr[10];
- BIO_snprintf(errstr, 10, "%d", padding);
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
- ERR_add_error_data(2, "padding=", errstr);
- return -1;
- }
-
- /* Create temp reverse order version of input */
- if(!(tmpbuf = OPENSSL_malloc(flen)) )
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- for(i = 0; i < flen; i++)
- tmpbuf[flen - i - 1] = from[i];
-
- /* Finally decrypt it */
- if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
- capi_addlasterror();
- OPENSSL_free(tmpbuf);
- return -1;
- }
- else memcpy(to, tmpbuf, flen);
-
- OPENSSL_free(tmpbuf);
-
- return flen;
- }
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int i;
+ unsigned char *tmpbuf;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+ ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
+
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ if (!capi_key) {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
+ return -1;
+ }
+
+ if (padding != RSA_PKCS1_PADDING) {
+ char errstr[10];
+ BIO_snprintf(errstr, 10, "%d", padding);
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+ ERR_add_error_data(2, "padding=", errstr);
+ return -1;
+ }
+
+ /* Create temp reverse order version of input */
+ if (!(tmpbuf = OPENSSL_malloc(flen))) {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ for (i = 0; i < flen; i++)
+ tmpbuf[flen - i - 1] = from[i];
+
+ /* Finally decrypt it */
+ if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
+ capi_addlasterror();
+ OPENSSL_free(tmpbuf);
+ return -1;
+ } else
+ memcpy(to, tmpbuf, flen);
+
+ OPENSSL_free(tmpbuf);
+
+ return flen;
+}
static int capi_rsa_free(RSA *rsa)
- {
- CAPI_KEY *capi_key;
- capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
- capi_free_key(capi_key);
- RSA_set_ex_data(rsa, rsa_capi_idx, 0);
- return 1;
- }
+{
+ CAPI_KEY *capi_key;
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ capi_free_key(capi_key);
+ RSA_set_ex_data(rsa, rsa_capi_idx, 0);
+ return 1;
+}
/* CryptoAPI DSA operations */
static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
- DSA *dsa)
- {
- HCRYPTHASH hash;
- DWORD slen;
- DSA_SIG *ret = NULL;
- CAPI_KEY *capi_key;
- CAPI_CTX *ctx;
- unsigned char csigbuf[40];
-
- ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
-
- CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
-
- capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
-
- if (!capi_key)
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
- return NULL;
- }
-
- if (dlen != 20)
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
- return NULL;
- }
-
- /* Create the hash object */
- if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash))
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
- capi_addlasterror();
- return NULL;
- }
-
- /* Set the hash value to the value passed */
- if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0))
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
- capi_addlasterror();
- goto err;
- }
-
-
- /* Finally sign it */
- slen = sizeof(csigbuf);
- if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
- capi_addlasterror();
- goto err;
- }
- else
- {
- ret = DSA_SIG_new();
- if (!ret)
- goto err;
- ret->r = BN_new();
- ret->s = BN_new();
- if (!ret->r || !ret->s)
- goto err;
- if (!lend_tobn(ret->r, csigbuf, 20)
- || !lend_tobn(ret->s, csigbuf + 20, 20))
- {
- DSA_SIG_free(ret);
- ret = NULL;
- goto err;
- }
- }
-
- /* Now cleanup */
-
-err:
- OPENSSL_cleanse(csigbuf, 40);
- CryptDestroyHash(hash);
- return ret;
- }
+ DSA *dsa)
+{
+ HCRYPTHASH hash;
+ DWORD slen;
+ DSA_SIG *ret = NULL;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+ unsigned char csigbuf[40];
+
+ ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
+
+ capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+
+ if (!capi_key) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
+ return NULL;
+ }
+
+ if (dlen != 20) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
+ return NULL;
+ }
+
+ /* Create the hash object */
+ if (!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash)) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+ capi_addlasterror();
+ return NULL;
+ }
+
+ /* Set the hash value to the value passed */
+ if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0)) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+ capi_addlasterror();
+ goto err;
+ }
+
+ /* Finally sign it */
+ slen = sizeof(csigbuf);
+ if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+ capi_addlasterror();
+ goto err;
+ } else {
+ ret = DSA_SIG_new();
+ if (!ret)
+ goto err;
+ ret->r = BN_new();
+ ret->s = BN_new();
+ if (!ret->r || !ret->s)
+ goto err;
+ if (!lend_tobn(ret->r, csigbuf, 20)
+ || !lend_tobn(ret->s, csigbuf + 20, 20)) {
+ DSA_SIG_free(ret);
+ ret = NULL;
+ goto err;
+ }
+ }
+
+ /* Now cleanup */
+
+ err:
+ OPENSSL_cleanse(csigbuf, 40);
+ CryptDestroyHash(hash);
+ return ret;
+}
static int capi_dsa_free(DSA *dsa)
- {
- CAPI_KEY *capi_key;
- capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
- capi_free_key(capi_key);
- DSA_set_ex_data(dsa, dsa_capi_idx, 0);
- return 1;
- }
-
-static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
- {
- BIO *out;
-
- if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
- return;
- out = BIO_new_file(ctx->debug_file, "a+");
- BIO_vprintf(out, format, argptr);
- BIO_free(out);
- }
-
-static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
- {
- va_list args;
- va_start(args, format);
- capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
- va_end(args);
- }
+{
+ CAPI_KEY *capi_key;
+ capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+ capi_free_key(capi_key);
+ DSA_set_ex_data(dsa, dsa_capi_idx, 0);
+ return 1;
+}
+
+static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
+ va_list argptr)
+{
+ BIO *out;
+
+ if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
+ return;
+ out = BIO_new_file(ctx->debug_file, "a+");
+ BIO_vprintf(out, format, argptr);
+ BIO_free(out);
+}
+
+static void CAPI_trace(CAPI_CTX * ctx, char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
+ va_end(args);
+}
static void capi_addlasterror(void)
- {
- capi_adderror(GetLastError());
- }
+{
+ capi_adderror(GetLastError());
+}
static void capi_adderror(DWORD err)
- {
- char errstr[10];
- BIO_snprintf(errstr, 10, "%lX", err);
- ERR_add_error_data(2, "Error code= 0x", errstr);
- }
+{
+ char errstr[10];
+ BIO_snprintf(errstr, 10, "%lX", err);
+ ERR_add_error_data(2, "Error code= 0x", errstr);
+}
static char *wide_to_asc(LPWSTR wstr)
- {
- char *str;
- int len_0,sz;
-
- if (!wstr)
- return NULL;
- len_0 = (int)wcslen(wstr)+1; /* WideCharToMultiByte expects int */
- sz = WideCharToMultiByte(CP_ACP,0,wstr,len_0,NULL,0,NULL,NULL);
- if (!sz)
- {
- CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
- return NULL;
- }
- str = OPENSSL_malloc(sz);
- if (!str)
- {
- CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (!WideCharToMultiByte(CP_ACP,0,wstr,len_0,str,sz,NULL,NULL))
- {
- OPENSSL_free(str);
- CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
- return NULL;
- }
- return str;
- }
-
-static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)
- {
- LPSTR name;
- DWORD len, err;
- CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
- if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len))
- {
- err = GetLastError();
- if (err == ERROR_NO_MORE_ITEMS)
- return 2;
- CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
- capi_adderror(err);
- return 0;
- }
- name = OPENSSL_malloc(len);
- if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len))
- {
- err = GetLastError();
- if (err == ERROR_NO_MORE_ITEMS)
- return 2;
- CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
- capi_adderror(err);
- return 0;
- }
- *pname = name;
- CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype);
-
- return 1;
- }
-
-static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
- {
- DWORD idx, ptype;
- int ret;
- LPSTR provname = NULL;
- CAPI_trace(ctx, "capi_list_providers\n");
- BIO_printf(out, "Available CSPs:\n");
- for(idx = 0; ; idx++)
- {
- ret = capi_get_provname(ctx, &provname, &ptype, idx);
- if (ret == 2)
- break;
- if (ret == 0)
- break;
- BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
- OPENSSL_free(provname);
- }
- return 1;
- }
-
-static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
- {
- int ret = 1;
- HCRYPTPROV hprov;
- DWORD err, idx, flags, buflen = 0, clen;
- LPSTR cname;
- CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
- if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
- {
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
- capi_addlasterror();
- return 0;
- }
- if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
- {
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
- capi_addlasterror();
- CryptReleaseContext(hprov, 0);
- return 0;
- }
- CAPI_trace(ctx, "Got max container len %d\n", buflen);
- if (buflen == 0)
- buflen = 1024;
- cname = OPENSSL_malloc(buflen);
- if (!cname)
- {
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- for (idx = 0;;idx++)
- {
- clen = buflen;
- cname[0] = 0;
-
- if (idx == 0)
- flags = CRYPT_FIRST;
- else
- flags = 0;
- if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
- {
- err = GetLastError();
- if (err == ERROR_NO_MORE_ITEMS)
- goto done;
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
- capi_adderror(err);
- goto err;
- }
- CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
- if (!cname[0] && (clen == buflen))
- {
- CAPI_trace(ctx, "Enumerate bug: using workaround\n");
- goto done;
- }
- BIO_printf(out, "%d. %s\n", idx, cname);
- }
- err:
-
- ret = 0;
-
- done:
- if (cname)
- OPENSSL_free(cname);
- CryptReleaseContext(hprov, 0);
-
- return ret;
- }
-
-CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
- {
- DWORD len;
- CRYPT_KEY_PROV_INFO *pinfo;
-
- if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
- return NULL;
- pinfo = OPENSSL_malloc(len);
- if (!pinfo)
- {
- CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len))
- {
- CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
- capi_addlasterror();
- OPENSSL_free(pinfo);
- return NULL;
- }
- return pinfo;
- }
-
-static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo)
- {
- char *provname = NULL, *contname = NULL;
- if (!pinfo)
- {
- BIO_printf(out, " No Private Key\n");
- return;
- }
- provname = wide_to_asc(pinfo->pwszProvName);
- contname = wide_to_asc(pinfo->pwszContainerName);
- if (!provname || !contname)
- goto err;
-
- BIO_printf(out, " Private Key Info:\n");
- BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname, pinfo->dwProvType);
- BIO_printf(out, " Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec);
- err:
- if (provname)
- OPENSSL_free(provname);
- if (contname)
- OPENSSL_free(contname);
- }
-
-char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
- {
- LPWSTR wfname;
- DWORD dlen;
-
- CAPI_trace(ctx, "capi_cert_get_fname\n");
- if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
- return NULL;
- wfname = OPENSSL_malloc(dlen);
- if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))
- {
- char *fname = wide_to_asc(wfname);
- OPENSSL_free(wfname);
- return fname;
- }
- CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
- capi_addlasterror();
-
- OPENSSL_free(wfname);
- return NULL;
- }
-
-
-void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
- {
- X509 *x;
- unsigned char *p;
- unsigned long flags = ctx->dump_flags;
- if (flags & CAPI_DMP_FNAME)
- {
- char *fname;
- fname = capi_cert_get_fname(ctx, cert);
- if (fname)
- {
- BIO_printf(out, " Friendly Name \"%s\"\n", fname);
- OPENSSL_free(fname);
- }
- else
- BIO_printf(out, " <No Friendly Name>\n");
- }
-
- p = cert->pbCertEncoded;
- x = d2i_X509(NULL, &p, cert->cbCertEncoded);
- if (!x)
- BIO_printf(out, " <Can't parse certificate>\n");
- if (flags & CAPI_DMP_SUMMARY)
- {
- BIO_printf(out, " Subject: ");
- X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
- BIO_printf(out, "\n Issuer: ");
- X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
- BIO_printf(out, "\n");
- }
- if (flags & CAPI_DMP_FULL)
- X509_print_ex(out, x, XN_FLAG_ONELINE,0);
-
- if (flags & CAPI_DMP_PKEYINFO)
- {
- CRYPT_KEY_PROV_INFO *pinfo;
- pinfo = capi_get_prov_info(ctx, cert);
- capi_dump_prov_info(ctx, out, pinfo);
- if (pinfo)
- OPENSSL_free(pinfo);
- }
-
- if (flags & CAPI_DMP_PEM)
- PEM_write_bio_X509(out, x);
- X509_free(x);
- }
-
-HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
- {
- HCERTSTORE hstore;
-
- if (!storename)
- storename = ctx->storename;
- if (!storename)
- storename = "MY";
- CAPI_trace(ctx, "Opening certificate store %s\n", storename);
-
- hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
- ctx->store_flags, storename);
- if (!hstore)
- {
- CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
- capi_addlasterror();
- }
- return hstore;
- }
-
-int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
- {
- char *storename;
- int idx;
- int ret = 1;
- HCERTSTORE hstore;
- PCCERT_CONTEXT cert = NULL;
-
- storename = ctx->storename;
- if (!storename)
- storename = "MY";
- CAPI_trace(ctx, "Listing certs for store %s\n", storename);
-
- hstore = capi_open_store(ctx, storename);
- if (!hstore)
- return 0;
- if (id)
- {
- cert = capi_find_cert(ctx, id, hstore);
- if (!cert)
- {
- ret = 0;
- goto err;
- }
- capi_dump_cert(ctx, out, cert);
- CertFreeCertificateContext(cert);
- }
- else
- {
- for(idx = 0;;idx++)
- {
- LPWSTR fname = NULL;
- cert = CertEnumCertificatesInStore(hstore, cert);
- if (!cert)
- break;
- BIO_printf(out, "Certificate %d\n", idx);
- capi_dump_cert(ctx, out, cert);
- }
- }
- err:
- CertCloseStore(hstore, 0);
- return ret;
- }
-
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore)
- {
- PCCERT_CONTEXT cert = NULL;
- char *fname = NULL;
- int match;
- switch(ctx->lookup_method)
- {
- case CAPI_LU_SUBSTR:
- return CertFindCertificateInStore(hstore,
- X509_ASN_ENCODING, 0,
- CERT_FIND_SUBJECT_STR_A, id, NULL);
- case CAPI_LU_FNAME:
- for(;;)
- {
- cert = CertEnumCertificatesInStore(hstore, cert);
- if (!cert)
- return NULL;
- fname = capi_cert_get_fname(ctx, cert);
- if (fname)
- {
- if (strcmp(fname, id))
- match = 0;
- else
- match = 1;
- OPENSSL_free(fname);
- if (match)
- return cert;
- }
- }
- default:
- return NULL;
- }
- }
-
-static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
- {
- CAPI_KEY *key;
- DWORD dwFlags = 0;
- key = OPENSSL_malloc(sizeof(CAPI_KEY));
- CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
- contname, provname, ptype);
- if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+{
+ char *str;
+ int len_0, sz;
+
+ if (!wstr)
+ return NULL;
+ len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+ sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
+ if (!sz) {
+ CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+ return NULL;
+ }
+ str = OPENSSL_malloc(sz);
+ if (!str) {
+ CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!WideCharToMultiByte(CP_ACP, 0, wstr, len_0, str, sz, NULL, NULL)) {
+ OPENSSL_free(str);
+ CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+ return NULL;
+ }
+ return str;
+}
+
+static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
+ DWORD idx)
+{
+ LPSTR name;
+ DWORD len, err;
+ CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
+ if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len)) {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ return 2;
+ CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+ capi_adderror(err);
+ return 0;
+ }
+ name = OPENSSL_malloc(len);
+ if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len)) {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ return 2;
+ CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+ capi_adderror(err);
+ return 0;
+ }
+ *pname = name;
+ CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name,
+ *ptype);
+
+ return 1;
+}
+
+static int capi_list_providers(CAPI_CTX * ctx, BIO *out)
+{
+ DWORD idx, ptype;
+ int ret;
+ LPSTR provname = NULL;
+ CAPI_trace(ctx, "capi_list_providers\n");
+ BIO_printf(out, "Available CSPs:\n");
+ for (idx = 0;; idx++) {
+ ret = capi_get_provname(ctx, &provname, &ptype, idx);
+ if (ret == 2)
+ break;
+ if (ret == 0)
+ break;
+ BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
+ OPENSSL_free(provname);
+ }
+ return 1;
+}
+
+static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
+{
+ int ret = 1;
+ HCRYPTPROV hprov;
+ DWORD err, idx, flags, buflen = 0, clen;
+ LPSTR cname;
+ CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname,
+ ctx->csptype);
+ if (!CryptAcquireContextA
+ (&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS,
+ CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ return 0;
+ }
+ if (!CryptGetProvParam
+ (hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST)) {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ capi_addlasterror();
+ CryptReleaseContext(hprov, 0);
+ return 0;
+ }
+ CAPI_trace(ctx, "Got max container len %d\n", buflen);
+ if (buflen == 0)
+ buflen = 1024;
+ cname = OPENSSL_malloc(buflen);
+ if (!cname) {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ for (idx = 0;; idx++) {
+ clen = buflen;
+ cname[0] = 0;
+
+ if (idx == 0)
+ flags = CRYPT_FIRST;
+ else
+ flags = 0;
+ if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags)) {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ goto done;
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ capi_adderror(err);
+ goto err;
+ }
+ CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n",
+ cname, clen, idx, flags);
+ if (!cname[0] && (clen == buflen)) {
+ CAPI_trace(ctx, "Enumerate bug: using workaround\n");
+ goto done;
+ }
+ BIO_printf(out, "%d. %s\n", idx, cname);
+ }
+ err:
+
+ ret = 0;
+
+ done:
+ if (cname)
+ OPENSSL_free(cname);
+ CryptReleaseContext(hprov, 0);
+
+ return ret;
+}
+
+CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+{
+ DWORD len;
+ CRYPT_KEY_PROV_INFO *pinfo;
+
+ if (!CertGetCertificateContextProperty
+ (cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
+ return NULL;
+ pinfo = OPENSSL_malloc(len);
+ if (!pinfo) {
+ CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!CertGetCertificateContextProperty
+ (cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) {
+ CAPIerr(CAPI_F_CAPI_GET_PROV_INFO,
+ CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
+ capi_addlasterror();
+ OPENSSL_free(pinfo);
+ return NULL;
+ }
+ return pinfo;
+}
+
+static void capi_dump_prov_info(CAPI_CTX * ctx, BIO *out,
+ CRYPT_KEY_PROV_INFO * pinfo)
+{
+ char *provname = NULL, *contname = NULL;
+ if (!pinfo) {
+ BIO_printf(out, " No Private Key\n");
+ return;
+ }
+ provname = wide_to_asc(pinfo->pwszProvName);
+ contname = wide_to_asc(pinfo->pwszContainerName);
+ if (!provname || !contname)
+ goto err;
+
+ BIO_printf(out, " Private Key Info:\n");
+ BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname,
+ pinfo->dwProvType);
+ BIO_printf(out, " Container Name: %s, Key Type %d\n", contname,
+ pinfo->dwKeySpec);
+ err:
+ if (provname)
+ OPENSSL_free(provname);
+ if (contname)
+ OPENSSL_free(contname);
+}
+
+char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+{
+ LPWSTR wfname;
+ DWORD dlen;
+
+ CAPI_trace(ctx, "capi_cert_get_fname\n");
+ if (!CertGetCertificateContextProperty
+ (cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
+ return NULL;
+ wfname = OPENSSL_malloc(dlen);
+ if (CertGetCertificateContextProperty
+ (cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen)) {
+ char *fname = wide_to_asc(wfname);
+ OPENSSL_free(wfname);
+ return fname;
+ }
+ CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
+ capi_addlasterror();
+
+ OPENSSL_free(wfname);
+ return NULL;
+}
+
+void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
+{
+ X509 *x;
+ unsigned char *p;
+ unsigned long flags = ctx->dump_flags;
+ if (flags & CAPI_DMP_FNAME) {
+ char *fname;
+ fname = capi_cert_get_fname(ctx, cert);
+ if (fname) {
+ BIO_printf(out, " Friendly Name \"%s\"\n", fname);
+ OPENSSL_free(fname);
+ } else
+ BIO_printf(out, " <No Friendly Name>\n");
+ }
+
+ p = cert->pbCertEncoded;
+ x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+ if (!x)
+ BIO_printf(out, " <Can't parse certificate>\n");
+ if (flags & CAPI_DMP_SUMMARY) {
+ BIO_printf(out, " Subject: ");
+ X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+ BIO_printf(out, "\n Issuer: ");
+ X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+ BIO_printf(out, "\n");
+ }
+ if (flags & CAPI_DMP_FULL)
+ X509_print_ex(out, x, XN_FLAG_ONELINE, 0);
+
+ if (flags & CAPI_DMP_PKEYINFO) {
+ CRYPT_KEY_PROV_INFO *pinfo;
+ pinfo = capi_get_prov_info(ctx, cert);
+ capi_dump_prov_info(ctx, out, pinfo);
+ if (pinfo)
+ OPENSSL_free(pinfo);
+ }
+
+ if (flags & CAPI_DMP_PEM)
+ PEM_write_bio_X509(out, x);
+ X509_free(x);
+}
+
+HCERTSTORE capi_open_store(CAPI_CTX * ctx, char *storename)
+{
+ HCERTSTORE hstore;
+
+ if (!storename)
+ storename = ctx->storename;
+ if (!storename)
+ storename = "MY";
+ CAPI_trace(ctx, "Opening certificate store %s\n", storename);
+
+ hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
+ ctx->store_flags, storename);
+ if (!hstore) {
+ CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
+ capi_addlasterror();
+ }
+ return hstore;
+}
+
+int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *id)
+{
+ char *storename;
+ int idx;
+ int ret = 1;
+ HCERTSTORE hstore;
+ PCCERT_CONTEXT cert = NULL;
+
+ storename = ctx->storename;
+ if (!storename)
+ storename = "MY";
+ CAPI_trace(ctx, "Listing certs for store %s\n", storename);
+
+ hstore = capi_open_store(ctx, storename);
+ if (!hstore)
+ return 0;
+ if (id) {
+ cert = capi_find_cert(ctx, id, hstore);
+ if (!cert) {
+ ret = 0;
+ goto err;
+ }
+ capi_dump_cert(ctx, out, cert);
+ CertFreeCertificateContext(cert);
+ } else {
+ for (idx = 0;; idx++) {
+ LPWSTR fname = NULL;
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ break;
+ BIO_printf(out, "Certificate %d\n", idx);
+ capi_dump_cert(ctx, out, cert);
+ }
+ }
+ err:
+ CertCloseStore(hstore, 0);
+ return ret;
+}
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
+ HCERTSTORE hstore)
+{
+ PCCERT_CONTEXT cert = NULL;
+ char *fname = NULL;
+ int match;
+ switch (ctx->lookup_method) {
+ case CAPI_LU_SUBSTR:
+ return CertFindCertificateInStore(hstore,
+ X509_ASN_ENCODING, 0,
+ CERT_FIND_SUBJECT_STR_A, id, NULL);
+ case CAPI_LU_FNAME:
+ for (;;) {
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ return NULL;
+ fname = capi_cert_get_fname(ctx, cert);
+ if (fname) {
+ if (strcmp(fname, id))
+ match = 0;
+ else
+ match = 1;
+ OPENSSL_free(fname);
+ if (match)
+ return cert;
+ }
+ }
+ default:
+ return NULL;
+ }
+}
+
+static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const char *contname,
+ char *provname, DWORD ptype, DWORD keyspec)
+{
+ CAPI_KEY *key;
+ DWORD dwFlags = 0;
+ key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+ contname, provname, ptype);
+ if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
dwFlags = CRYPT_MACHINE_KEYSET;
- if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags))
- {
- CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
- capi_addlasterror();
- goto err;
- }
- if (!CryptGetUserKey(key->hprov, keyspec, &key->key))
- {
- CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
- capi_addlasterror();
- CryptReleaseContext(key->hprov, 0);
- goto err;
- }
- key->keyspec = keyspec;
- key->pcert = NULL;
- return key;
-
- err:
- OPENSSL_free(key);
- return NULL;
- }
-
-static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
- {
- CAPI_KEY *key = NULL;
- CRYPT_KEY_PROV_INFO *pinfo = NULL;
- char *provname = NULL, *contname = NULL;
- pinfo = capi_get_prov_info(ctx, cert);
- if (!pinfo)
- goto err;
- provname = wide_to_asc(pinfo->pwszProvName);
- contname = wide_to_asc(pinfo->pwszContainerName);
- if (!provname || !contname)
- goto err;
- key = capi_get_key(ctx, contname, provname,
- pinfo->dwProvType, pinfo->dwKeySpec);
-
- err:
- if (pinfo)
- OPENSSL_free(pinfo);
- if (provname)
- OPENSSL_free(provname);
- if (contname)
- OPENSSL_free(contname);
- return key;
- }
-
-CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
- {
- PCCERT_CONTEXT cert;
- HCERTSTORE hstore;
- CAPI_KEY *key = NULL;
- switch (ctx->lookup_method)
- {
- case CAPI_LU_SUBSTR:
- case CAPI_LU_FNAME:
- hstore = capi_open_store(ctx, NULL);
- if (!hstore)
- return NULL;
- cert = capi_find_cert(ctx, id, hstore);
- if (cert)
- {
- key = capi_get_cert_key(ctx, cert);
- CertFreeCertificateContext(cert);
- }
- CertCloseStore(hstore, 0);
- break;
-
- case CAPI_LU_CONTNAME:
- key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype,
- ctx->keytype);
- break;
- }
-
- return key;
- }
-
-void capi_free_key(CAPI_KEY *key)
- {
- if (!key)
- return;
- CryptDestroyKey(key->key);
- CryptReleaseContext(key->hprov, 0);
- if (key->pcert)
- CertFreeCertificateContext(key->pcert);
- OPENSSL_free(key);
- }
-
+ if (!CryptAcquireContextA
+ (&key->hprov, contname, provname, ptype, dwFlags)) {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ goto err;
+ }
+ if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
+ capi_addlasterror();
+ CryptReleaseContext(key->hprov, 0);
+ goto err;
+ }
+ key->keyspec = keyspec;
+ key->pcert = NULL;
+ return key;
+
+ err:
+ OPENSSL_free(key);
+ return NULL;
+}
+
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+{
+ CAPI_KEY *key = NULL;
+ CRYPT_KEY_PROV_INFO *pinfo = NULL;
+ char *provname = NULL, *contname = NULL;
+ pinfo = capi_get_prov_info(ctx, cert);
+ if (!pinfo)
+ goto err;
+ provname = wide_to_asc(pinfo->pwszProvName);
+ contname = wide_to_asc(pinfo->pwszContainerName);
+ if (!provname || !contname)
+ goto err;
+ key = capi_get_key(ctx, contname, provname,
+ pinfo->dwProvType, pinfo->dwKeySpec);
+
+ err:
+ if (pinfo)
+ OPENSSL_free(pinfo);
+ if (provname)
+ OPENSSL_free(provname);
+ if (contname)
+ OPENSSL_free(contname);
+ return key;
+}
+
+CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id)
+{
+ PCCERT_CONTEXT cert;
+ HCERTSTORE hstore;
+ CAPI_KEY *key = NULL;
+ switch (ctx->lookup_method) {
+ case CAPI_LU_SUBSTR:
+ case CAPI_LU_FNAME:
+ hstore = capi_open_store(ctx, NULL);
+ if (!hstore)
+ return NULL;
+ cert = capi_find_cert(ctx, id, hstore);
+ if (cert) {
+ key = capi_get_cert_key(ctx, cert);
+ CertFreeCertificateContext(cert);
+ }
+ CertCloseStore(hstore, 0);
+ break;
+
+ case CAPI_LU_CONTNAME:
+ key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype, ctx->keytype);
+ break;
+ }
+
+ return key;
+}
+
+void capi_free_key(CAPI_KEY * key)
+{
+ if (!key)
+ return;
+ CryptDestroyKey(key->key);
+ CryptReleaseContext(key->hprov, 0);
+ if (key->pcert)
+ CertFreeCertificateContext(key->pcert);
+ OPENSSL_free(key);
+}
/* Initialize a CAPI_CTX structure */
static CAPI_CTX *capi_ctx_new()
- {
- CAPI_CTX *ctx;
- ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
- if (!ctx)
- {
- CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- ctx->cspname = NULL;
- ctx->csptype = PROV_RSA_FULL;
- ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME;
- ctx->keytype = AT_KEYEXCHANGE;
- ctx->storename = NULL;
- ctx->ssl_client_store = NULL;
- ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
- CERT_STORE_READONLY_FLAG |
- CERT_SYSTEM_STORE_CURRENT_USER;
- ctx->lookup_method = CAPI_LU_SUBSTR;
- ctx->debug_level = 0;
- ctx->debug_file = NULL;
- ctx->client_cert_select = cert_select_simple;
- return ctx;
- }
-
-static void capi_ctx_free(CAPI_CTX *ctx)
- {
- CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
- if (!ctx)
- return;
- if (ctx->cspname)
- OPENSSL_free(ctx->cspname);
- if (ctx->debug_file)
- OPENSSL_free(ctx->debug_file);
- if (ctx->storename)
- OPENSSL_free(ctx->storename);
- if (ctx->ssl_client_store)
- OPENSSL_free(ctx->ssl_client_store);
- OPENSSL_free(ctx);
- }
-
-static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)
- {
- CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
- if (check)
- {
- HCRYPTPROV hprov;
- if (!CryptAcquireContextA(&hprov, NULL, pname, type,
- CRYPT_VERIFYCONTEXT))
- {
- CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
- capi_addlasterror();
- return 0;
- }
- CryptReleaseContext(hprov, 0);
- }
- if (ctx->cspname)
- OPENSSL_free(ctx->cspname);
- ctx->cspname = BUF_strdup(pname);
- ctx->csptype = type;
- return 1;
- }
-
-static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
- {
- LPSTR pname;
- DWORD type;
- int res;
- if (capi_get_provname(ctx, &pname, &type, idx) != 1)
- return 0;
- res = capi_ctx_set_provname(ctx, pname, type, 0);
- OPENSSL_free(pname);
- return res;
- }
+{
+ CAPI_CTX *ctx;
+ ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
+ if (!ctx) {
+ CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ ctx->cspname = NULL;
+ ctx->csptype = PROV_RSA_FULL;
+ ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;
+ ctx->keytype = AT_KEYEXCHANGE;
+ ctx->storename = NULL;
+ ctx->ssl_client_store = NULL;
+ ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
+ CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;
+ ctx->lookup_method = CAPI_LU_SUBSTR;
+ ctx->debug_level = 0;
+ ctx->debug_file = NULL;
+ ctx->client_cert_select = cert_select_simple;
+ return ctx;
+}
+
+static void capi_ctx_free(CAPI_CTX * ctx)
+{
+ CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
+ if (!ctx)
+ return;
+ if (ctx->cspname)
+ OPENSSL_free(ctx->cspname);
+ if (ctx->debug_file)
+ OPENSSL_free(ctx->debug_file);
+ if (ctx->storename)
+ OPENSSL_free(ctx->storename);
+ if (ctx->ssl_client_store)
+ OPENSSL_free(ctx->ssl_client_store);
+ OPENSSL_free(ctx);
+}
+
+static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
+ int check)
+{
+ CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
+ if (check) {
+ HCRYPTPROV hprov;
+ if (!CryptAcquireContextA(&hprov, NULL, pname, type,
+ CRYPT_VERIFYCONTEXT)) {
+ CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME,
+ CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ return 0;
+ }
+ CryptReleaseContext(hprov, 0);
+ }
+ if (ctx->cspname)
+ OPENSSL_free(ctx->cspname);
+ ctx->cspname = BUF_strdup(pname);
+ ctx->csptype = type;
+ return 1;
+}
+
+static int capi_ctx_set_provname_idx(CAPI_CTX * ctx, int idx)
+{
+ LPSTR pname;
+ DWORD type;
+ int res;
+ if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+ return 0;
+ res = capi_ctx_set_provname(ctx, pname, type, 0);
+ OPENSSL_free(pname);
+ return res;
+}
static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
- {
- int i;
- X509_NAME *nm;
- /* Special case: empty list: match anything */
- if (sk_X509_NAME_num(ca_dn) <= 0)
- return 1;
- for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
- {
- nm = sk_X509_NAME_value(ca_dn, i);
- if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
- return 1;
- }
- return 0;
- }
-
-
+{
+ int i;
+ X509_NAME *nm;
+ /* Special case: empty list: match anything */
+ if (sk_X509_NAME_num(ca_dn) <= 0)
+ return 1;
+ for (i = 0; i < sk_X509_NAME_num(ca_dn); i++) {
+ nm = sk_X509_NAME_value(ca_dn, i);
+ if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+ return 1;
+ }
+ return 0;
+}
static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
- {
- STACK_OF(X509) *certs = NULL;
- X509 *x;
- char *storename;
- const char *p;
- int i, client_cert_idx;
- HCERTSTORE hstore;
- PCCERT_CONTEXT cert = NULL, excert = NULL;
- CAPI_CTX *ctx;
- CAPI_KEY *key;
- ctx = ENGINE_get_ex_data(e, capi_idx);
-
- *pcert = NULL;
- *pkey = NULL;
-
- storename = ctx->ssl_client_store;
- if (!storename)
- storename = "MY";
-
- hstore = capi_open_store(ctx, storename);
- if (!hstore)
- return 0;
- /* Enumerate all certificates collect any matches */
- for(i = 0;;i++)
- {
- cert = CertEnumCertificatesInStore(hstore, cert);
- if (!cert)
- break;
- p = cert->pbCertEncoded;
- x = d2i_X509(NULL, &p, cert->cbCertEncoded);
- if (!x)
- {
- CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
- continue;
- }
- if (cert_issuer_match(ca_dn, x)
- && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0))
- {
- key = capi_get_cert_key(ctx, cert);
- if (!key)
- {
- X509_free(x);
- continue;
- }
- /* Match found: attach extra data to it so
- * we can retrieve the key later.
- */
- excert = CertDuplicateCertificateContext(cert);
- key->pcert = excert;
- X509_set_ex_data(x, cert_capi_idx, key);
-
- if (!certs)
- certs = sk_X509_new_null();
-
- sk_X509_push(certs, x);
- }
- else
- X509_free(x);
-
- }
-
- if (cert)
- CertFreeCertificateContext(cert);
- if (hstore)
- CertCloseStore(hstore, 0);
-
- if (!certs)
- return 0;
-
-
- /* Select the appropriate certificate */
-
- client_cert_idx = ctx->client_cert_select(e, ssl, certs);
-
- /* Set the selected certificate and free the rest */
-
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- if (i == client_cert_idx)
- *pcert = x;
- else
- {
- key = X509_get_ex_data(x, cert_capi_idx);
- capi_free_key(key);
- X509_free(x);
- }
- }
-
- sk_X509_free(certs);
-
- if (!*pcert)
- return 0;
-
- /* Setup key for selected certificate */
-
- key = X509_get_ex_data(*pcert, cert_capi_idx);
- *pkey = capi_get_pkey(e, key);
- X509_set_ex_data(*pcert, cert_capi_idx, NULL);
-
- return 1;
-
- }
-
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **pkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ STACK_OF(X509) *certs = NULL;
+ X509 *x;
+ char *storename;
+ const char *p;
+ int i, client_cert_idx;
+ HCERTSTORE hstore;
+ PCCERT_CONTEXT cert = NULL, excert = NULL;
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+
+ *pcert = NULL;
+ *pkey = NULL;
+
+ storename = ctx->ssl_client_store;
+ if (!storename)
+ storename = "MY";
+
+ hstore = capi_open_store(ctx, storename);
+ if (!hstore)
+ return 0;
+ /* Enumerate all certificates collect any matches */
+ for (i = 0;; i++) {
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ break;
+ p = cert->pbCertEncoded;
+ x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+ if (!x) {
+ CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+ continue;
+ }
+ if (cert_issuer_match(ca_dn, x)
+ && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0)) {
+ key = capi_get_cert_key(ctx, cert);
+ if (!key) {
+ X509_free(x);
+ continue;
+ }
+ /*
+ * Match found: attach extra data to it so we can retrieve the
+ * key later.
+ */
+ excert = CertDuplicateCertificateContext(cert);
+ key->pcert = excert;
+ X509_set_ex_data(x, cert_capi_idx, key);
+
+ if (!certs)
+ certs = sk_X509_new_null();
+
+ sk_X509_push(certs, x);
+ } else
+ X509_free(x);
+
+ }
+
+ if (cert)
+ CertFreeCertificateContext(cert);
+ if (hstore)
+ CertCloseStore(hstore, 0);
+
+ if (!certs)
+ return 0;
+
+ /* Select the appropriate certificate */
+
+ client_cert_idx = ctx->client_cert_select(e, ssl, certs);
+
+ /* Set the selected certificate and free the rest */
+
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (i == client_cert_idx)
+ *pcert = x;
+ else {
+ key = X509_get_ex_data(x, cert_capi_idx);
+ capi_free_key(key);
+ X509_free(x);
+ }
+ }
+
+ sk_X509_free(certs);
+
+ if (!*pcert)
+ return 0;
+
+ /* Setup key for selected certificate */
+
+ key = X509_get_ex_data(*pcert, cert_capi_idx);
+ *pkey = capi_get_pkey(e, key);
+ X509_set_ex_data(*pcert, cert_capi_idx, NULL);
+
+ return 1;
+
+}
/* Simple client cert selection function: always select first */
static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
- {
- return 0;
- }
+{
+ return 0;
+}
-#ifdef OPENSSL_CAPIENG_DIALOG
+# ifdef OPENSSL_CAPIENG_DIALOG
-/* More complex cert selection function, using standard function
+/*
+ * More complex cert selection function, using standard function
* CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
*/
-/* Definitions which are in cryptuiapi.h but this is not present in older
+/*
+ * Definitions which are in cryptuiapi.h but this is not present in older
* versions of headers.
*/
-#ifndef CRYPTUI_SELECT_LOCATION_COLUMN
-#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010
-#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004
-#endif
+# ifndef CRYPTUI_SELECT_LOCATION_COLUMN
+# define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010
+# define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004
+# endif
-#define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
-#define dlg_prompt L"Select a certificate to use for authentication"
-#define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \
- |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
+# define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
+# define dlg_prompt L"Select a certificate to use for authentication"
+# define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \
+ |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
- {
- X509 *x;
- HCERTSTORE dstore;
- PCCERT_CONTEXT cert;
- CAPI_CTX *ctx;
- CAPI_KEY *key;
- HWND hwnd;
- int i, idx = -1;
- if (sk_X509_num(certs) == 1)
- return 0;
- ctx = ENGINE_get_ex_data(e, capi_idx);
- /* Create an in memory store of certificates */
- dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
- CERT_STORE_CREATE_NEW_FLAG, NULL);
- if (!dstore)
- {
- CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
- capi_addlasterror();
- goto err;
- }
- /* Add all certificates to store */
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- key = X509_get_ex_data(x, cert_capi_idx);
-
- if (!CertAddCertificateContextToStore(dstore, key->pcert,
- CERT_STORE_ADD_NEW, NULL))
- {
- CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
- capi_addlasterror();
- goto err;
- }
-
- }
- hwnd = GetForegroundWindow();
- if (!hwnd)
- hwnd = GetActiveWindow();
- if (!hwnd && ctx->getconswindow)
- hwnd = ctx->getconswindow();
- /* Call dialog to select one */
- cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
- dlg_columns, 0, NULL);
-
- /* Find matching cert from list */
- if (cert)
- {
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- key = X509_get_ex_data(x, cert_capi_idx);
- if (CertCompareCertificate(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- cert->pCertInfo,
- key->pcert->pCertInfo))
- {
- idx = i;
- break;
- }
- }
- }
-
- err:
- if (dstore)
- CertCloseStore(dstore, 0);
- return idx;
-
- }
-#endif
-
-#else /* !__COMPILE_CAPIENG */
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+{
+ X509 *x;
+ HCERTSTORE dstore;
+ PCCERT_CONTEXT cert;
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ HWND hwnd;
+ int i, idx = -1;
+ if (sk_X509_num(certs) == 1)
+ return 0;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ /* Create an in memory store of certificates */
+ dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+ CERT_STORE_CREATE_NEW_FLAG, NULL);
+ if (!dstore) {
+ CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
+ capi_addlasterror();
+ goto err;
+ }
+ /* Add all certificates to store */
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ key = X509_get_ex_data(x, cert_capi_idx);
+
+ if (!CertAddCertificateContextToStore(dstore, key->pcert,
+ CERT_STORE_ADD_NEW, NULL)) {
+ CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
+ capi_addlasterror();
+ goto err;
+ }
+
+ }
+ hwnd = GetForegroundWindow();
+ if (!hwnd)
+ hwnd = GetActiveWindow();
+ if (!hwnd && ctx->getconswindow)
+ hwnd = ctx->getconswindow();
+ /* Call dialog to select one */
+ cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
+ dlg_columns, 0, NULL);
+
+ /* Find matching cert from list */
+ if (cert) {
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ key = X509_get_ex_data(x, cert_capi_idx);
+ if (CertCompareCertificate
+ (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo,
+ key->pcert->pCertInfo)) {
+ idx = i;
+ break;
+ }
+ }
+ }
+
+ err:
+ if (dstore)
+ CertCloseStore(dstore, 0);
+ return idx;
+
+}
+# endif
+
+#else /* !__COMPILE_CAPIENG */
+# include <openssl/engine.h>
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+ return 0;
+}
+
IMPLEMENT_DYNAMIC_CHECK_FN()
-#else
-void ENGINE_load_capi(void){}
-#endif
+# else
+void ENGINE_load_capi(void)
+{
+}
+# endif
#endif
diff --git a/openssl/engines/e_capi_err.c b/openssl/engines/e_capi_err.c
index a1fbd04cb..a26613851 100644
--- a/openssl/engines/e_capi_err.c
+++ b/openssl/engines/e_capi_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,120 +66,122 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CAPI_str_functs[]=
- {
-{ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"},
-{ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"},
-{ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"},
-{ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"},
-{ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"},
-{ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"},
-{ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"},
-{ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"},
-{ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"},
-{ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
-{ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
-{ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
-{ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CAPI_str_reasons[]=
- {
-{ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT),"cant create hash object"},
-{ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT),"cant find capi context"},
-{ERR_REASON(CAPI_R_CANT_GET_KEY) ,"cant get key"},
-{ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE) ,"cant set hash value"},
-{ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),"cryptacquirecontext error"},
-{ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR),"cryptenumproviders error"},
-{ERR_REASON(CAPI_R_DECRYPT_ERROR) ,"decrypt error"},
-{ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED),"engine not initialized"},
-{ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR) ,"enumcontainers error"},
-{ERR_REASON(CAPI_R_ERROR_ADDING_CERT) ,"error adding cert"},
-{ERR_REASON(CAPI_R_ERROR_CREATING_STORE) ,"error creating store"},
-{ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),"error getting friendly name"},
-{ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),"error getting key provider info"},
-{ERR_REASON(CAPI_R_ERROR_OPENING_STORE) ,"error opening store"},
-{ERR_REASON(CAPI_R_ERROR_SIGNING_HASH) ,"error signing hash"},
-{ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED),"function not supported"},
-{ERR_REASON(CAPI_R_GETUSERKEY_ERROR) ,"getuserkey error"},
-{ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH),"invalid digest length"},
-{ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid dsa public key blob magic number"},
-{ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD),"invalid lookup method"},
-{ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB),"invalid public key blob"},
-{ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid rsa public key blob magic number"},
-{ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR) ,"pubkey export error"},
-{ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),"pubkey export length error"},
-{ERR_REASON(CAPI_R_UNKNOWN_COMMAND) ,"unknown command"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),"unsupported algorithm nid"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_PADDING) ,"unsupported padding"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),"unsupported public key algorithm"},
-{ERR_REASON(CAPI_R_WIN32_ERROR) ,"win32 error"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CAPI_str_functs[] = {
+ {ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"},
+ {ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"},
+ {ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"},
+ {ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"},
+ {ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"},
+ {ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"},
+ {ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"},
+ {ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"},
+ {ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"},
+ {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
+ {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
+ {ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
+ {ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
+ {ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
+ {ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CAPI_str_reasons[] = {
+ {ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
+ {ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
+ {ERR_REASON(CAPI_R_CANT_GET_KEY), "cant get key"},
+ {ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
+ {ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
+ "cryptacquirecontext error"},
+ {ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR), "cryptenumproviders error"},
+ {ERR_REASON(CAPI_R_DECRYPT_ERROR), "decrypt error"},
+ {ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
+ {ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
+ {ERR_REASON(CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
+ {ERR_REASON(CAPI_R_ERROR_CREATING_STORE), "error creating store"},
+ {ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
+ "error getting friendly name"},
+ {ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
+ "error getting key provider info"},
+ {ERR_REASON(CAPI_R_ERROR_OPENING_STORE), "error opening store"},
+ {ERR_REASON(CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
+ {ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
+ {ERR_REASON(CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
+ {ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
+ {ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+ "invalid dsa public key blob magic number"},
+ {ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
+ {ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
+ {ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+ "invalid rsa public key blob magic number"},
+ {ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
+ {ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
+ "pubkey export length error"},
+ {ERR_REASON(CAPI_R_UNKNOWN_COMMAND), "unknown command"},
+ {ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),
+ "unsupported algorithm nid"},
+ {ERR_REASON(CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
+ {ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
+ "unsupported public key algorithm"},
+ {ERR_REASON(CAPI_R_WIN32_ERROR), "win32 error"},
+ {0, NULL}
+};
#endif
#ifdef CAPI_LIB_NAME
-static ERR_STRING_DATA CAPI_lib_name[]=
- {
-{0 ,CAPI_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA CAPI_lib_name[] = {
+ {0, CAPI_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int CAPI_lib_error_code=0;
-static int CAPI_error_init=1;
+static int CAPI_lib_error_code = 0;
+static int CAPI_error_init = 1;
static void ERR_load_CAPI_strings(void)
- {
- if (CAPI_lib_error_code == 0)
- CAPI_lib_error_code=ERR_get_next_error_library();
+{
+ if (CAPI_lib_error_code == 0)
+ CAPI_lib_error_code = ERR_get_next_error_library();
- if (CAPI_error_init)
- {
- CAPI_error_init=0;
+ if (CAPI_error_init) {
+ CAPI_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CAPI_lib_error_code,CAPI_str_functs);
- ERR_load_strings(CAPI_lib_error_code,CAPI_str_reasons);
+ ERR_load_strings(CAPI_lib_error_code, CAPI_str_functs);
+ ERR_load_strings(CAPI_lib_error_code, CAPI_str_reasons);
#endif
#ifdef CAPI_LIB_NAME
- CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code,0,0);
- ERR_load_strings(0,CAPI_lib_name);
+ CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code, 0, 0);
+ ERR_load_strings(0, CAPI_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_CAPI_strings(void)
- {
- if (CAPI_error_init == 0)
- {
+{
+ if (CAPI_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CAPI_lib_error_code,CAPI_str_functs);
- ERR_unload_strings(CAPI_lib_error_code,CAPI_str_reasons);
+ ERR_unload_strings(CAPI_lib_error_code, CAPI_str_functs);
+ ERR_unload_strings(CAPI_lib_error_code, CAPI_str_reasons);
#endif
#ifdef CAPI_LIB_NAME
- ERR_unload_strings(0,CAPI_lib_name);
+ ERR_unload_strings(0, CAPI_lib_name);
#endif
- CAPI_error_init=1;
- }
- }
+ CAPI_error_init = 1;
+ }
+}
static void ERR_CAPI_error(int function, int reason, char *file, int line)
- {
- if (CAPI_lib_error_code == 0)
- CAPI_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CAPI_lib_error_code,function,reason,file,line);
- }
+{
+ if (CAPI_lib_error_code == 0)
+ CAPI_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(CAPI_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_capi_err.h b/openssl/engines/e_capi_err.h
index efa700103..b5d06dce2 100644
--- a/openssl/engines/e_capi_err.h
+++ b/openssl/engines/e_capi_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,74 +53,75 @@
*/
#ifndef HEADER_CAPI_ERR_H
-#define HEADER_CAPI_ERR_H
+# define HEADER_CAPI_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CAPI_strings(void);
static void ERR_unload_CAPI_strings(void);
static void ERR_CAPI_error(int function, int reason, char *file, int line);
-#define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CAPI functions. */
/* Function codes. */
-#define CAPI_F_CAPI_CERT_GET_FNAME 99
-#define CAPI_F_CAPI_CTRL 100
-#define CAPI_F_CAPI_CTX_NEW 101
-#define CAPI_F_CAPI_CTX_SET_PROVNAME 102
-#define CAPI_F_CAPI_DSA_DO_SIGN 114
-#define CAPI_F_CAPI_GET_KEY 103
-#define CAPI_F_CAPI_GET_PKEY 115
-#define CAPI_F_CAPI_GET_PROVNAME 104
-#define CAPI_F_CAPI_GET_PROV_INFO 105
-#define CAPI_F_CAPI_INIT 106
-#define CAPI_F_CAPI_LIST_CONTAINERS 107
-#define CAPI_F_CAPI_LOAD_PRIVKEY 108
-#define CAPI_F_CAPI_OPEN_STORE 109
-#define CAPI_F_CAPI_RSA_PRIV_DEC 110
-#define CAPI_F_CAPI_RSA_PRIV_ENC 111
-#define CAPI_F_CAPI_RSA_SIGN 112
-#define CAPI_F_CERT_SELECT_DIALOG 117
-#define CAPI_F_CLIENT_CERT_SELECT 116
-#define CAPI_F_WIDE_TO_ASC 113
+# define CAPI_F_CAPI_CERT_GET_FNAME 99
+# define CAPI_F_CAPI_CTRL 100
+# define CAPI_F_CAPI_CTX_NEW 101
+# define CAPI_F_CAPI_CTX_SET_PROVNAME 102
+# define CAPI_F_CAPI_DSA_DO_SIGN 114
+# define CAPI_F_CAPI_GET_KEY 103
+# define CAPI_F_CAPI_GET_PKEY 115
+# define CAPI_F_CAPI_GET_PROVNAME 104
+# define CAPI_F_CAPI_GET_PROV_INFO 105
+# define CAPI_F_CAPI_INIT 106
+# define CAPI_F_CAPI_LIST_CONTAINERS 107
+# define CAPI_F_CAPI_LOAD_PRIVKEY 108
+# define CAPI_F_CAPI_OPEN_STORE 109
+# define CAPI_F_CAPI_RSA_PRIV_DEC 110
+# define CAPI_F_CAPI_RSA_PRIV_ENC 111
+# define CAPI_F_CAPI_RSA_SIGN 112
+# define CAPI_F_CERT_SELECT_DIALOG 117
+# define CAPI_F_CLIENT_CERT_SELECT 116
+# define CAPI_F_WIDE_TO_ASC 113
/* Reason codes. */
-#define CAPI_R_CANT_CREATE_HASH_OBJECT 99
-#define CAPI_R_CANT_FIND_CAPI_CONTEXT 100
-#define CAPI_R_CANT_GET_KEY 101
-#define CAPI_R_CANT_SET_HASH_VALUE 102
-#define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103
-#define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104
-#define CAPI_R_DECRYPT_ERROR 105
-#define CAPI_R_ENGINE_NOT_INITIALIZED 106
-#define CAPI_R_ENUMCONTAINERS_ERROR 107
-#define CAPI_R_ERROR_ADDING_CERT 125
-#define CAPI_R_ERROR_CREATING_STORE 126
-#define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108
-#define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109
-#define CAPI_R_ERROR_OPENING_STORE 110
-#define CAPI_R_ERROR_SIGNING_HASH 111
-#define CAPI_R_FUNCTION_NOT_SUPPORTED 112
-#define CAPI_R_GETUSERKEY_ERROR 113
-#define CAPI_R_INVALID_DIGEST_LENGTH 124
-#define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122
-#define CAPI_R_INVALID_LOOKUP_METHOD 114
-#define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115
-#define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123
-#define CAPI_R_PUBKEY_EXPORT_ERROR 116
-#define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117
-#define CAPI_R_UNKNOWN_COMMAND 118
-#define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119
-#define CAPI_R_UNSUPPORTED_PADDING 120
-#define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121
-#define CAPI_R_WIN32_ERROR 127
+# define CAPI_R_CANT_CREATE_HASH_OBJECT 99
+# define CAPI_R_CANT_FIND_CAPI_CONTEXT 100
+# define CAPI_R_CANT_GET_KEY 101
+# define CAPI_R_CANT_SET_HASH_VALUE 102
+# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103
+# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104
+# define CAPI_R_DECRYPT_ERROR 105
+# define CAPI_R_ENGINE_NOT_INITIALIZED 106
+# define CAPI_R_ENUMCONTAINERS_ERROR 107
+# define CAPI_R_ERROR_ADDING_CERT 125
+# define CAPI_R_ERROR_CREATING_STORE 126
+# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108
+# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109
+# define CAPI_R_ERROR_OPENING_STORE 110
+# define CAPI_R_ERROR_SIGNING_HASH 111
+# define CAPI_R_FUNCTION_NOT_SUPPORTED 112
+# define CAPI_R_GETUSERKEY_ERROR 113
+# define CAPI_R_INVALID_DIGEST_LENGTH 124
+# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122
+# define CAPI_R_INVALID_LOOKUP_METHOD 114
+# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115
+# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123
+# define CAPI_R_PUBKEY_EXPORT_ERROR 116
+# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117
+# define CAPI_R_UNKNOWN_COMMAND 118
+# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119
+# define CAPI_R_UNSUPPORTED_PADDING 120
+# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121
+# define CAPI_R_WIN32_ERROR 127
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_chil.c b/openssl/engines/e_chil.c
index fdc2100e3..69d49d7d3 100644
--- a/openssl/engines/e_chil.c
+++ b/openssl/engines/e_chil.c
@@ -1,7 +1,8 @@
/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
- * (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org)
- * for the OpenSSL project 2000.
+/*
+ * Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org) for
+ * the OpenSSL project 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -11,7 +12,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -66,17 +67,18 @@
#include <openssl/ui.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CHIL
+# ifndef OPENSSL_NO_HW_CHIL
-/* Attribution notice: nCipher have said several times that it's OK for
+/*-
+ * Attribution notice: nCipher have said several times that it's OK for
* us to implement a general interface to their boxes, and recently declared
* their HWCryptoHook to be public, and therefore available for us to use.
* Thanks, nCipher.
@@ -84,46 +86,50 @@
* The hwcryptohook.h included here is from May 2000.
* [Richard Levitte]
*/
-#ifdef FLAT_INC
-#include "hwcryptohook.h"
-#else
-#include "vendor_defns/hwcryptohook.h"
-#endif
+# ifdef FLAT_INC
+# include "hwcryptohook.h"
+# else
+# include "vendor_defns/hwcryptohook.h"
+# endif
-#define HWCRHK_LIB_NAME "CHIL engine"
-#include "e_chil_err.c"
+# define HWCRHK_LIB_NAME "CHIL engine"
+# include "e_chil_err.c"
static int hwcrhk_destroy(ENGINE *e);
static int hwcrhk_init(ENGINE *e);
static int hwcrhk_finish(ENGINE *e);
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
/* Functions to handle mutexes */
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex *,
+ HWCryptoHook_CallerContext *);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *);
/* BIGNUM stuff */
static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* RSA stuff */
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
static int hwcrhk_rsa_finish(RSA *rsa);
-#endif
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
/* RAND stuff */
static int hwcrhk_rand_bytes(unsigned char *buf, int num);
@@ -131,1226 +137,1203 @@ static int hwcrhk_rand_status(void);
/* KM stuff */
static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method,
+ void *callback_data);
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method,
+ void *callback_data);
/* Interaction stuff */
static int hwcrhk_insert_card(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
static int hwcrhk_get_pass(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
static void hwcrhk_log_message(void *logstr, const char *message);
/* The definitions for control commands specific to this engine */
-#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
-#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
-#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
-#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
-#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
+# define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
+# define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
+# define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
+# define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
+# define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
- {HWCRHK_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'hwcrhk' shared library",
- ENGINE_CMD_FLAG_STRING},
- {HWCRHK_CMD_FORK_CHECK,
- "FORK_CHECK",
- "Turns fork() checking on (non-zero) or off (zero)",
- ENGINE_CMD_FLAG_NUMERIC},
- {HWCRHK_CMD_THREAD_LOCKING,
- "THREAD_LOCKING",
- "Turns thread-safe locking on (zero) or off (non-zero)",
- ENGINE_CMD_FLAG_NUMERIC},
- {HWCRHK_CMD_SET_USER_INTERFACE,
- "SET_USER_INTERFACE",
- "Set the global user interface (internal)",
- ENGINE_CMD_FLAG_INTERNAL},
- {HWCRHK_CMD_SET_CALLBACK_DATA,
- "SET_CALLBACK_DATA",
- "Set the global user interface extra data (internal)",
- ENGINE_CMD_FLAG_INTERNAL},
- {0, NULL, NULL, 0}
- };
+ {HWCRHK_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'hwcrhk' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {HWCRHK_CMD_FORK_CHECK,
+ "FORK_CHECK",
+ "Turns fork() checking on (non-zero) or off (zero)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {HWCRHK_CMD_THREAD_LOCKING,
+ "THREAD_LOCKING",
+ "Turns thread-safe locking on (zero) or off (non-zero)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {HWCRHK_CMD_SET_USER_INTERFACE,
+ "SET_USER_INTERFACE",
+ "Set the global user interface (internal)",
+ ENGINE_CMD_FLAG_INTERNAL},
+ {HWCRHK_CMD_SET_CALLBACK_DATA,
+ "SET_CALLBACK_DATA",
+ "Set the global user interface extra data (internal)",
+ ENGINE_CMD_FLAG_INTERNAL},
+ {0, NULL, NULL, 0}
+};
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD hwcrhk_rsa =
- {
- "CHIL RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- hwcrhk_rsa_mod_exp,
- hwcrhk_mod_exp_mont,
- NULL,
- hwcrhk_rsa_finish,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
+static RSA_METHOD hwcrhk_rsa = {
+ "CHIL RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ hwcrhk_rsa_mod_exp,
+ hwcrhk_mod_exp_mont,
+ NULL,
+ hwcrhk_rsa_finish,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD hwcrhk_dh =
- {
- "CHIL DH method",
- NULL,
- NULL,
- hwcrhk_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-static RAND_METHOD hwcrhk_rand =
- {
- /* "CHIL RAND method", */
- NULL,
- hwcrhk_rand_bytes,
- NULL,
- NULL,
- hwcrhk_rand_bytes,
- hwcrhk_rand_status,
- };
+static DH_METHOD hwcrhk_dh = {
+ "CHIL DH method",
+ NULL,
+ NULL,
+ hwcrhk_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+static RAND_METHOD hwcrhk_rand = {
+ /* "CHIL RAND method", */
+ NULL,
+ hwcrhk_rand_bytes,
+ NULL,
+ NULL,
+ hwcrhk_rand_bytes,
+ hwcrhk_rand_status,
+};
/* Constants used when creating the ENGINE */
static const char *engine_hwcrhk_id = "chil";
static const char *engine_hwcrhk_name = "CHIL hardware engine support";
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Compatibility hack, the dynamic library uses this form in the path */
static const char *engine_hwcrhk_id_alt = "ncipher";
-#endif
+# endif
/* Internal stuff for HWCryptoHook */
/* Some structures needed for proper use of thread locks */
-/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
- into HWCryptoHook_Mutex */
-struct HWCryptoHook_MutexValue
- {
- int lockid;
- };
-
-/* hwcryptohook.h has some typedefs that turn
- struct HWCryptoHook_PassphraseContextValue
- into HWCryptoHook_PassphraseContext */
-struct HWCryptoHook_PassphraseContextValue
- {
- UI_METHOD *ui_method;
- void *callback_data;
- };
-
-/* hwcryptohook.h has some typedefs that turn
- struct HWCryptoHook_CallerContextValue
- into HWCryptoHook_CallerContext */
-struct HWCryptoHook_CallerContextValue
- {
- pem_password_cb *password_callback; /* Deprecated! Only present for
- backward compatibility! */
- UI_METHOD *ui_method;
- void *callback_data;
- };
-
-/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
- BIGNUM's, so lets define a couple of conversion macros */
-#define BN2MPI(mp, bn) \
+/*
+ * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+ * into HWCryptoHook_Mutex
+ */
+struct HWCryptoHook_MutexValue {
+ int lockid;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext
+ */
+struct HWCryptoHook_PassphraseContextValue {
+ UI_METHOD *ui_method;
+ void *callback_data;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext
+ */
+struct HWCryptoHook_CallerContextValue {
+ pem_password_cb *password_callback; /* Deprecated! Only present for
+ * backward compatibility! */
+ UI_METHOD *ui_method;
+ void *callback_data;
+};
+
+/*
+ * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+ * BIGNUM's, so lets define a couple of conversion macros
+ */
+# define BN2MPI(mp, bn) \
{mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-#define MPI2BN(bn, mp) \
+# define MPI2BN(bn, mp) \
{mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
static BIO *logstream = NULL;
static int disable_mutex_callbacks = 0;
-/* One might wonder why these are needed, since one can pass down at least
- a UI_METHOD and a pointer to callback data to the key-loading functions.
- The thing is that the ModExp and RSAImmed functions can load keys as well,
- if the data they get is in a special, nCipher-defined format (hint: if you
- look at the private exponent of the RSA data as a string, you'll see this
- string: "nCipher KM tool key id", followed by some bytes, followed a key
- identity string, followed by more bytes. This happens when you use "embed"
- keys instead of "hwcrhk" keys). Unfortunately, those functions do not take
- any passphrase or caller context, and our functions can't really take any
- callback data either. Still, the "insert_card" and "get_passphrase"
- callbacks may be called down the line, and will need to know what user
- interface callbacks to call, and having callback data from the application
- may be a nice thing as well, so we need to keep track of that globally. */
+/*
+ * One might wonder why these are needed, since one can pass down at least a
+ * UI_METHOD and a pointer to callback data to the key-loading functions. The
+ * thing is that the ModExp and RSAImmed functions can load keys as well, if
+ * the data they get is in a special, nCipher-defined format (hint: if you
+ * look at the private exponent of the RSA data as a string, you'll see this
+ * string: "nCipher KM tool key id", followed by some bytes, followed a key
+ * identity string, followed by more bytes. This happens when you use
+ * "embed" keys instead of "hwcrhk" keys). Unfortunately, those functions do
+ * not take any passphrase or caller context, and our functions can't really
+ * take any callback data either. Still, the "insert_card" and
+ * "get_passphrase" callbacks may be called down the line, and will need to
+ * know what user interface callbacks to call, and having callback data from
+ * the application may be a nice thing as well, so we need to keep track of
+ * that globally.
+ */
static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
/* Stuff to pass to the HWCryptoHook library */
static HWCryptoHook_InitInfo hwcrhk_globals = {
- HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
- &logstream, /* logstream */
- sizeof(BN_ULONG), /* limbsize */
- 0, /* mslimb first: false for BNs */
- -1, /* msbyte first: use native */
- 0, /* Max mutexes, 0 = no small limit */
- 0, /* Max simultaneous, 0 = default */
-
- /* The next few are mutex stuff: we write wrapper functions
- around the OS mutex functions. We initialise them to 0
- here, and change that to actual function pointers in hwcrhk_init()
- if dynamic locks are supported (that is, if the application
- programmer has made sure of setting up callbacks bafore starting
- this engine) *and* if disable_mutex_callbacks hasn't been set by
- a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
- sizeof(HWCryptoHook_Mutex),
- 0,
- 0,
- 0,
- 0,
-
- /* The next few are condvar stuff: we write wrapper functions
- round the OS functions. Currently not implemented and not
- and absolute necessity even in threaded programs, therefore
- 0'ed. Will hopefully be implemented some day, since it
- enhances the efficiency of HWCryptoHook. */
- 0, /* sizeof(HWCryptoHook_CondVar), */
- 0, /* hwcrhk_cv_init, */
- 0, /* hwcrhk_cv_wait, */
- 0, /* hwcrhk_cv_signal, */
- 0, /* hwcrhk_cv_broadcast, */
- 0, /* hwcrhk_cv_destroy, */
-
- hwcrhk_get_pass, /* pass phrase */
- hwcrhk_insert_card, /* insert a card */
- hwcrhk_log_message /* Log message */
+ HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
+ &logstream, /* logstream */
+ sizeof(BN_ULONG), /* limbsize */
+ 0, /* mslimb first: false for BNs */
+ -1, /* msbyte first: use native */
+ 0, /* Max mutexes, 0 = no small limit */
+ 0, /* Max simultaneous, 0 = default */
+
+ /*
+ * The next few are mutex stuff: we write wrapper functions around the OS
+ * mutex functions. We initialise them to 0 here, and change that to
+ * actual function pointers in hwcrhk_init() if dynamic locks are
+ * supported (that is, if the application programmer has made sure of
+ * setting up callbacks bafore starting this engine) *and* if
+ * disable_mutex_callbacks hasn't been set by a call to
+ * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING).
+ */
+ sizeof(HWCryptoHook_Mutex),
+ 0,
+ 0,
+ 0,
+ 0,
+
+ /*
+ * The next few are condvar stuff: we write wrapper functions round the
+ * OS functions. Currently not implemented and not and absolute
+ * necessity even in threaded programs, therefore 0'ed. Will hopefully
+ * be implemented some day, since it enhances the efficiency of
+ * HWCryptoHook.
+ */
+ 0, /* sizeof(HWCryptoHook_CondVar), */
+ 0, /* hwcrhk_cv_init, */
+ 0, /* hwcrhk_cv_wait, */
+ 0, /* hwcrhk_cv_signal, */
+ 0, /* hwcrhk_cv_broadcast, */
+ 0, /* hwcrhk_cv_destroy, */
+
+ hwcrhk_get_pass, /* pass phrase */
+ hwcrhk_insert_card, /* insert a card */
+ hwcrhk_log_message /* Log message */
};
-
/* Now, to our own code */
-/* This internal function is used by ENGINE_chil() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_chil() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth2;
-#endif
- if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
- !ENGINE_set_name(e, engine_hwcrhk_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &hwcrhk_dh) ||
-#endif
- !ENGINE_set_RAND(e, &hwcrhk_rand) ||
- !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
- !ENGINE_set_init_function(e, hwcrhk_init) ||
- !ENGINE_set_finish_function(e, hwcrhk_finish) ||
- !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
- !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
- !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth2 = DH_OpenSSL();
- hwcrhk_dh.generate_key = meth2->generate_key;
- hwcrhk_dh.compute_key = meth2->compute_key;
-#endif
-
- /* Ensure the hwcrhk error handling is set up */
- ERR_load_HWCRHK_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth2;
+# endif
+ if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
+ !ENGINE_set_name(e, engine_hwcrhk_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &hwcrhk_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &hwcrhk_rand) ||
+ !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+ !ENGINE_set_init_function(e, hwcrhk_init) ||
+ !ENGINE_set_finish_function(e, hwcrhk_finish) ||
+ !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+ !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+ !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+ !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth2 = DH_OpenSSL();
+ hwcrhk_dh.generate_key = meth2->generate_key;
+ hwcrhk_dh.compute_key = meth2->compute_key;
+# endif
+
+ /* Ensure the hwcrhk error handling is set up */
+ ERR_load_HWCRHK_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_chil(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_chil(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_chil();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the HWCryptoHook library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_chil();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * HWCryptoHook library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
static DSO *hwcrhk_dso = NULL;
static HWCryptoHook_ContextHandle hwcrhk_context = 0;
-#ifndef OPENSSL_NO_RSA
-static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
-#endif
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
+# ifndef OPENSSL_NO_RSA
+/* Index for KM handle. Not really used yet. */
+static int hndidx_rsa = -1;
+# endif
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
-#endif
+# endif
static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
-#endif
+# endif
static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
/* Used in the DSO operations. */
static const char *HWCRHK_LIBNAME = NULL;
static void free_HWCRHK_LIBNAME(void)
- {
- if(HWCRHK_LIBNAME)
- OPENSSL_free((void*)HWCRHK_LIBNAME);
- HWCRHK_LIBNAME = NULL;
- }
+{
+ if (HWCRHK_LIBNAME)
+ OPENSSL_free((void *)HWCRHK_LIBNAME);
+ HWCRHK_LIBNAME = NULL;
+}
+
static const char *get_HWCRHK_LIBNAME(void)
- {
- if(HWCRHK_LIBNAME)
- return HWCRHK_LIBNAME;
- return "nfhwcrhk";
- }
+{
+ if (HWCRHK_LIBNAME)
+ return HWCRHK_LIBNAME;
+ return "nfhwcrhk";
+}
+
static long set_HWCRHK_LIBNAME(const char *name)
- {
- free_HWCRHK_LIBNAME();
- return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
+{
+ free_HWCRHK_LIBNAME();
+ return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
-#endif
+# endif
static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
-#endif
+# endif
static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
-/* HWCryptoHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there. */
+/*
+ * HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
/* utility function to obtain a context */
-static int get_context(HWCryptoHook_ContextHandle *hac,
- HWCryptoHook_CallerContext *cac)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
- cac);
- if (!*hac)
- return 0;
- return 1;
- }
-
+static int get_context(HWCryptoHook_ContextHandle * hac,
+ HWCryptoHook_CallerContext * cac)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac);
+ if (!*hac)
+ return 0;
+ return 1;
+}
+
/* similarly to release one. */
static void release_context(HWCryptoHook_ContextHandle hac)
- {
- p_hwcrhk_Finish(hac);
- }
+{
+ p_hwcrhk_Finish(hac);
+}
/* Destructor (complements the "ENGINE_chil()" constructor) */
static int hwcrhk_destroy(ENGINE *e)
- {
- free_HWCRHK_LIBNAME();
- ERR_unload_HWCRHK_strings();
- return 1;
- }
+{
+ free_HWCRHK_LIBNAME();
+ ERR_unload_HWCRHK_strings();
+ return 1;
+}
/* (de)initialisation functions. */
static int hwcrhk_init(ENGINE *e)
- {
- HWCryptoHook_Init_t *p1;
- HWCryptoHook_Finish_t *p2;
- HWCryptoHook_ModExp_t *p3;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_RSA_t *p4;
- HWCryptoHook_RSALoadKey_t *p5;
- HWCryptoHook_RSAGetPublicKey_t *p6;
- HWCryptoHook_RSAUnloadKey_t *p7;
-#endif
- HWCryptoHook_RandomBytes_t *p8;
- HWCryptoHook_ModExpCRT_t *p9;
-
- if(hwcrhk_dso != NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
- hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
- if(hwcrhk_dso == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
- goto err;
- }
- if(!(p1 = (HWCryptoHook_Init_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
- !(p2 = (HWCryptoHook_Finish_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
- !(p3 = (HWCryptoHook_ModExp_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
-#ifndef OPENSSL_NO_RSA
- !(p4 = (HWCryptoHook_RSA_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
- !(p5 = (HWCryptoHook_RSALoadKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
- !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
- !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
-#endif
- !(p8 = (HWCryptoHook_RandomBytes_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
- !(p9 = (HWCryptoHook_ModExpCRT_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
- goto err;
- }
- /* Copy the pointers */
- p_hwcrhk_Init = p1;
- p_hwcrhk_Finish = p2;
- p_hwcrhk_ModExp = p3;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = p4;
- p_hwcrhk_RSALoadKey = p5;
- p_hwcrhk_RSAGetPublicKey = p6;
- p_hwcrhk_RSAUnloadKey = p7;
-#endif
- p_hwcrhk_RandomBytes = p8;
- p_hwcrhk_ModExpCRT = p9;
-
- /* Check if the application decided to support dynamic locks,
- and if it does, use them. */
- if (disable_mutex_callbacks == 0)
- {
- if (CRYPTO_get_dynlock_create_callback() != NULL &&
- CRYPTO_get_dynlock_lock_callback() != NULL &&
- CRYPTO_get_dynlock_destroy_callback() != NULL)
- {
- hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
- hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
- hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
- hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
- }
- }
-
- /* Try and get a context - if not, we may have a DSO but no
- * accelerator! */
- if(!get_context(&hwcrhk_context, &password_context))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
- goto err;
- }
- /* Everything's fine. */
-#ifndef OPENSSL_NO_RSA
- if (hndidx_rsa == -1)
- hndidx_rsa = RSA_get_ex_new_index(0,
- "nFast HWCryptoHook RSA key handle",
- NULL, NULL, NULL);
-#endif
- return 1;
-err:
- if(hwcrhk_dso)
- DSO_free(hwcrhk_dso);
- hwcrhk_dso = NULL;
- p_hwcrhk_Init = NULL;
- p_hwcrhk_Finish = NULL;
- p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = NULL;
- p_hwcrhk_RSALoadKey = NULL;
- p_hwcrhk_RSAGetPublicKey = NULL;
- p_hwcrhk_RSAUnloadKey = NULL;
-#endif
- p_hwcrhk_ModExpCRT = NULL;
- p_hwcrhk_RandomBytes = NULL;
- return 0;
- }
+{
+ HWCryptoHook_Init_t *p1;
+ HWCryptoHook_Finish_t *p2;
+ HWCryptoHook_ModExp_t *p3;
+# ifndef OPENSSL_NO_RSA
+ HWCryptoHook_RSA_t *p4;
+ HWCryptoHook_RSALoadKey_t *p5;
+ HWCryptoHook_RSAGetPublicKey_t *p6;
+ HWCryptoHook_RSAUnloadKey_t *p7;
+# endif
+ HWCryptoHook_RandomBytes_t *p8;
+ HWCryptoHook_ModExpCRT_t *p9;
+
+ if (hwcrhk_dso != NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+ hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+ if (hwcrhk_dso == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+ goto err;
+ }
+ if (!(p1 = (HWCryptoHook_Init_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+ !(p2 = (HWCryptoHook_Finish_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+ !(p3 = (HWCryptoHook_ModExp_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+# ifndef OPENSSL_NO_RSA
+ !(p4 = (HWCryptoHook_RSA_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+ !(p5 = (HWCryptoHook_RSALoadKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+ !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+ !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+# endif
+ !(p8 = (HWCryptoHook_RandomBytes_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+ !(p9 = (HWCryptoHook_ModExpCRT_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_hwcrhk_Init = p1;
+ p_hwcrhk_Finish = p2;
+ p_hwcrhk_ModExp = p3;
+# ifndef OPENSSL_NO_RSA
+ p_hwcrhk_RSA = p4;
+ p_hwcrhk_RSALoadKey = p5;
+ p_hwcrhk_RSAGetPublicKey = p6;
+ p_hwcrhk_RSAUnloadKey = p7;
+# endif
+ p_hwcrhk_RandomBytes = p8;
+ p_hwcrhk_ModExpCRT = p9;
+
+ /*
+ * Check if the application decided to support dynamic locks, and if it
+ * does, use them.
+ */
+ if (disable_mutex_callbacks == 0) {
+ if (CRYPTO_get_dynlock_create_callback() != NULL &&
+ CRYPTO_get_dynlock_lock_callback() != NULL &&
+ CRYPTO_get_dynlock_destroy_callback() != NULL) {
+ hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+ hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+ hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+ hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+ }
+ }
+
+ /*
+ * Try and get a context - if not, we may have a DSO but no accelerator!
+ */
+ if (!get_context(&hwcrhk_context, &password_context)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE);
+ goto err;
+ }
+ /* Everything's fine. */
+# ifndef OPENSSL_NO_RSA
+ if (hndidx_rsa == -1)
+ hndidx_rsa = RSA_get_ex_new_index(0,
+ "nFast HWCryptoHook RSA key handle",
+ NULL, NULL, NULL);
+# endif
+ return 1;
+ err:
+ if (hwcrhk_dso)
+ DSO_free(hwcrhk_dso);
+ hwcrhk_dso = NULL;
+ p_hwcrhk_Init = NULL;
+ p_hwcrhk_Finish = NULL;
+ p_hwcrhk_ModExp = NULL;
+# ifndef OPENSSL_NO_RSA
+ p_hwcrhk_RSA = NULL;
+ p_hwcrhk_RSALoadKey = NULL;
+ p_hwcrhk_RSAGetPublicKey = NULL;
+ p_hwcrhk_RSAUnloadKey = NULL;
+# endif
+ p_hwcrhk_ModExpCRT = NULL;
+ p_hwcrhk_RandomBytes = NULL;
+ return 0;
+}
static int hwcrhk_finish(ENGINE *e)
- {
- int to_return = 1;
- free_HWCRHK_LIBNAME();
- if(hwcrhk_dso == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
- to_return = 0;
- goto err;
- }
- release_context(hwcrhk_context);
- if(!DSO_free(hwcrhk_dso))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
- to_return = 0;
- goto err;
- }
+{
+ int to_return = 1;
+ free_HWCRHK_LIBNAME();
+ if (hwcrhk_dso == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED);
+ to_return = 0;
+ goto err;
+ }
+ release_context(hwcrhk_context);
+ if (!DSO_free(hwcrhk_dso)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE);
+ to_return = 0;
+ goto err;
+ }
err:
- if (logstream)
- BIO_free(logstream);
- hwcrhk_dso = NULL;
- p_hwcrhk_Init = NULL;
- p_hwcrhk_Finish = NULL;
- p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = NULL;
- p_hwcrhk_RSALoadKey = NULL;
- p_hwcrhk_RSAGetPublicKey = NULL;
- p_hwcrhk_RSAUnloadKey = NULL;
-#endif
- p_hwcrhk_ModExpCRT = NULL;
- p_hwcrhk_RandomBytes = NULL;
- return to_return;
- }
-
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int to_return = 1;
-
- switch(cmd)
- {
- case HWCRHK_CMD_SO_PATH:
- if(hwcrhk_dso)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
- return 0;
- }
- if(p == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- return set_HWCRHK_LIBNAME((const char *)p);
- case ENGINE_CTRL_SET_LOGSTREAM:
- {
- BIO *bio = (BIO *)p;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream)
- {
- BIO_free(logstream);
- logstream = NULL;
- }
- if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
- logstream = bio;
- else
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.password_callback = (pem_password_cb *)f;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_USER_INTERFACE:
- case HWCRHK_CMD_SET_USER_INTERFACE:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.ui_method = (UI_METHOD *)p;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_CALLBACK_DATA:
- case HWCRHK_CMD_SET_CALLBACK_DATA:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.callback_data = p;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* this enables or disables the "SimpleForkCheck" flag used in the
- * initialisation structure. */
- case ENGINE_CTRL_CHIL_SET_FORKCHECK:
- case HWCRHK_CMD_FORK_CHECK:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(i)
- hwcrhk_globals.flags |=
- HWCryptoHook_InitFlags_SimpleForkCheck;
- else
- hwcrhk_globals.flags &=
- ~HWCryptoHook_InitFlags_SimpleForkCheck;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* This will prevent the initialisation function from "installing"
- * the mutex-handling callbacks, even if they are available from
- * within the library (or were provided to the library from the
- * calling application). This is to remove any baggage for
- * applications not using multithreading. */
- case ENGINE_CTRL_CHIL_NO_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- disable_mutex_callbacks = 1;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case HWCRHK_CMD_THREAD_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- disable_mutex_callbacks = ((i == 0) ? 0 : 1);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
-
- /* The command isn't understood by this engine */
- default:
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
- HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
- }
+ if (logstream)
+ BIO_free(logstream);
+ hwcrhk_dso = NULL;
+ p_hwcrhk_Init = NULL;
+ p_hwcrhk_Finish = NULL;
+ p_hwcrhk_ModExp = NULL;
+# ifndef OPENSSL_NO_RSA
+ p_hwcrhk_RSA = NULL;
+ p_hwcrhk_RSALoadKey = NULL;
+ p_hwcrhk_RSAGetPublicKey = NULL;
+ p_hwcrhk_RSAUnloadKey = NULL;
+# endif
+ p_hwcrhk_ModExpCRT = NULL;
+ p_hwcrhk_RandomBytes = NULL;
+ return to_return;
+}
+
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int to_return = 1;
+
+ switch (cmd) {
+ case HWCRHK_CMD_SO_PATH:
+ if (hwcrhk_dso) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);
+ return 0;
+ }
+ if (p == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ return set_HWCRHK_LIBNAME((const char *)p);
+ case ENGINE_CTRL_SET_LOGSTREAM:
+ {
+ BIO *bio = (BIO *)p;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (logstream) {
+ BIO_free(logstream);
+ logstream = NULL;
+ }
+ if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
+ logstream = bio;
+ else
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ password_context.password_callback = (pem_password_cb *)f;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case ENGINE_CTRL_SET_USER_INTERFACE:
+ case HWCRHK_CMD_SET_USER_INTERFACE:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ password_context.ui_method = (UI_METHOD *)p;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case ENGINE_CTRL_SET_CALLBACK_DATA:
+ case HWCRHK_CMD_SET_CALLBACK_DATA:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ password_context.callback_data = p;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /*
+ * this enables or disables the "SimpleForkCheck" flag used in the
+ * initialisation structure.
+ */
+ case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+ case HWCRHK_CMD_FORK_CHECK:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (i)
+ hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
+ else
+ hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /*
+ * This will prevent the initialisation function from "installing"
+ * the mutex-handling callbacks, even if they are available from
+ * within the library (or were provided to the library from the
+ * calling application). This is to remove any baggage for
+ * applications not using multithreading.
+ */
+ case ENGINE_CTRL_CHIL_NO_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ disable_mutex_callbacks = 1;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case HWCRHK_CMD_THREAD_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+
+ /* The command isn't understood by this engine */
+ default:
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+ HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ to_return = 0;
+ break;
+ }
+
+ return to_return;
+}
static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
-#ifndef OPENSSL_NO_RSA
- RSA *rtmp = NULL;
-#endif
- EVP_PKEY *res = NULL;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_MPI e, n;
- HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- HWCryptoHook_PassphraseContext ppctx;
-#endif
-
-#if !defined(OPENSSL_NO_RSA)
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-#endif
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-#ifndef OPENSSL_NO_RSA
- hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
- if (!hptr)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ppctx.ui_method = ui_method;
- ppctx.callback_data = callback_data;
- if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
- &rmsg, &ppctx))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- if (!*hptr)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_NO_KEY);
- goto err;
- }
-#endif
-#ifndef OPENSSL_NO_RSA
- rtmp = RSA_new_method(eng);
- RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
- rtmp->e = BN_new();
- rtmp->n = BN_new();
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
- MPI2BN(rtmp->e, e);
- MPI2BN(rtmp->n, n);
- if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
- != HWCRYPTOHOOK_ERROR_MPISIZE)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
-
- bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
- bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
- MPI2BN(rtmp->e, e);
- MPI2BN(rtmp->n, n);
-
- if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- rtmp->e->top = e.size / sizeof(BN_ULONG);
- bn_fix_top(rtmp->e);
- rtmp->n->top = n.size / sizeof(BN_ULONG);
- bn_fix_top(rtmp->n);
-
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-#endif
-
- if (!res)
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
-
- return res;
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+# ifndef OPENSSL_NO_RSA
+ RSA *rtmp = NULL;
+# endif
+ EVP_PKEY *res = NULL;
+# ifndef OPENSSL_NO_RSA
+ HWCryptoHook_MPI e, n;
+ HWCryptoHook_RSAKeyHandle *hptr;
+# endif
+# if !defined(OPENSSL_NO_RSA)
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ HWCryptoHook_PassphraseContext ppctx;
+# endif
+
+# if !defined(OPENSSL_NO_RSA)
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+# endif
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+# ifndef OPENSSL_NO_RSA
+ hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+ if (!hptr) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ppctx.ui_method = ui_method;
+ ppctx.callback_data = callback_data;
+ if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ if (!*hptr) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY);
+ goto err;
+ }
+# endif
+# ifndef OPENSSL_NO_RSA
+ rtmp = RSA_new_method(eng);
+ RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+ rtmp->e = BN_new();
+ rtmp->n = BN_new();
+ rtmp->flags |= RSA_FLAG_EXT_PKEY;
+ MPI2BN(rtmp->e, e);
+ MPI2BN(rtmp->n, n);
+ if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+ != HWCRYPTOHOOK_ERROR_MPISIZE) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+
+ bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
+ bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
+ MPI2BN(rtmp->e, e);
+ MPI2BN(rtmp->n, n);
+
+ if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ rtmp->e->top = e.size / sizeof(BN_ULONG);
+ bn_fix_top(rtmp->e);
+ rtmp->n->top = n.size / sizeof(BN_ULONG);
+ bn_fix_top(rtmp->n);
+
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rtmp);
+# endif
+
+ if (!res)
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+ HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+
+ return res;
err:
-#ifndef OPENSSL_NO_RSA
- if (rtmp)
- RSA_free(rtmp);
-#endif
- return NULL;
- }
+# ifndef OPENSSL_NO_RSA
+ if (rtmp)
+ RSA_free(rtmp);
+# endif
+ return NULL;
+}
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- EVP_PKEY *res = NULL;
-
-#ifndef OPENSSL_NO_RSA
- res = hwcrhk_load_privkey(eng, key_id,
- ui_method, callback_data);
-#endif
-
- if (res)
- switch(res->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- {
- RSA *rsa = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
- rsa = res->pkey.rsa;
- res->pkey.rsa = RSA_new();
- res->pkey.rsa->n = rsa->n;
- res->pkey.rsa->e = rsa->e;
- rsa->n = NULL;
- rsa->e = NULL;
- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
- RSA_free(rsa);
- }
- break;
-#endif
- default:
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
- HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- goto err;
- }
-
- return res;
+ UI_METHOD *ui_method, void *callback_data)
+{
+ EVP_PKEY *res = NULL;
+
+# ifndef OPENSSL_NO_RSA
+ res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data);
+# endif
+
+ if (res)
+ switch (res->type) {
+# ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ {
+ RSA *rsa = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ rsa = res->pkey.rsa;
+ res->pkey.rsa = RSA_new();
+ res->pkey.rsa->n = rsa->n;
+ res->pkey.rsa->e = rsa->e;
+ rsa->n = NULL;
+ rsa->e = NULL;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ RSA_free(rsa);
+ }
+ break;
+# endif
+ default:
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+ HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ goto err;
+ }
+
+ return res;
err:
- if (res)
- EVP_PKEY_free(res);
- return NULL;
- }
+ if (res)
+ EVP_PKEY_free(res);
+ return NULL;
+}
/* A little mod_exp */
static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
- we use them directly, plus a little macro magic. We only
- thing we need to make sure of is that enough space is allocated. */
- HWCryptoHook_MPI m_a, m_p, m_n, m_r;
- int to_return, ret;
-
- to_return = 0; /* expect failure */
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
- /* Prepare the params */
- bn_expand2(r, m->top); /* Check for error !! */
- BN2MPI(m_a, a);
- BN2MPI(m_p, p);
- BN2MPI(m_n, m);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
-
- to_return = 1;
-err:
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- HWCryptoHook_RSAKeyHandle *hptr;
- int to_return = 0, ret;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-
- /* This provides support for nForce keys. Since that's opaque data
- all we do is provide a handle to the proper key and let HWCryptoHook
- take care of the rest. */
- if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
- != NULL)
- {
- HWCryptoHook_MPI m_a, m_r;
-
- if(!rsa->n)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
- BN2MPI(m_a, I);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- }
- else
- {
- HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
- BN2MPI(m_a, I);
- BN2MPI(m_p, rsa->p);
- BN2MPI(m_q, rsa->q);
- BN2MPI(m_dmp1, rsa->dmp1);
- BN2MPI(m_dmq1, rsa->dmq1);
- BN2MPI(m_iqmp, rsa->iqmp);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
- m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- }
- /* If we're here, we must be here with some semblance of success :-) */
- to_return = 1;
-err:
- return to_return;
- }
-#endif
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ /*
+ * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them
+ * directly, plus a little macro magic. We only thing we need to make
+ * sure of is that enough space is allocated.
+ */
+ HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+ int to_return, ret;
+
+ to_return = 0; /* expect failure */
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+ /* Prepare the params */
+ bn_expand2(r, m->top); /* Check for error !! */
+ BN2MPI(m_a, a);
+ BN2MPI(m_p, p);
+ BN2MPI(m_n, m);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+
+ to_return = 1;
+ err:
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ HWCryptoHook_RSAKeyHandle *hptr;
+ int to_return = 0, ret;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+
+ /*
+ * This provides support for nForce keys. Since that's opaque data all
+ * we do is provide a handle to the proper key and let HWCryptoHook take
+ * care of the rest.
+ */
+ if ((hptr =
+ (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+ != NULL) {
+ HWCryptoHook_MPI m_a, m_r;
+
+ if (!rsa->n) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ /* Prepare the params */
+ bn_expand2(r, rsa->n->top); /* Check for error !! */
+ BN2MPI(m_a, I);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good
+ * thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ } else {
+ HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ /* Prepare the params */
+ bn_expand2(r, rsa->n->top); /* Check for error !! */
+ BN2MPI(m_a, I);
+ BN2MPI(m_p, rsa->p);
+ BN2MPI(m_q, rsa->q);
+ BN2MPI(m_dmp1, rsa->dmp1);
+ BN2MPI(m_dmq1, rsa->dmq1);
+ BN2MPI(m_iqmp, rsa->iqmp);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+ m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good
+ * thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ }
+ /*
+ * If we're here, we must be here with some semblance of success :-)
+ */
+ to_return = 1;
+ err:
+ return to_return;
+}
+# endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return hwcrhk_mod_exp(r, a, p, m, ctx);
- }
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
static int hwcrhk_rsa_finish(RSA *rsa)
- {
- HWCryptoHook_RSAKeyHandle *hptr;
-
- hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if (hptr)
- {
- p_hwcrhk_RSAUnloadKey(*hptr, NULL);
- OPENSSL_free(hptr);
- RSA_set_ex_data(rsa, hndidx_rsa, NULL);
- }
- return 1;
- }
+{
+ HWCryptoHook_RSAKeyHandle *hptr;
-#endif
+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (hptr) {
+ p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+ }
+ return 1;
+}
-#ifndef OPENSSL_NO_DH
+# endif
+
+# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return hwcrhk_mod_exp(r, a, p, m, ctx);
- }
-#endif
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
+# endif
/* Random bytes are good */
static int hwcrhk_rand_bytes(unsigned char *buf, int num)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- int to_return = 0; /* assume failure */
- int ret;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-
- ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- to_return = 1;
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ int to_return = 0; /* assume failure */
+ int ret;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+
+ ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ to_return = 1;
err:
- return to_return;
- }
+ return to_return;
+}
static int hwcrhk_rand_status(void)
- {
- return 1;
- }
+{
+ return 1;
+}
-/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+/*
+ * Mutex calls: since the HWCryptoHook model closely follows the POSIX model
* these just wrap the POSIX functions and add some logging.
*/
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
- HWCryptoHook_CallerContext *cactx)
- {
- mt->lockid = CRYPTO_get_new_dynlockid();
- if (mt->lockid == 0)
- return 1; /* failure */
- return 0; /* success */
- }
-
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
- {
- CRYPTO_w_lock(mt->lockid);
- return 0;
- }
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
+ HWCryptoHook_CallerContext * cactx)
+{
+ mt->lockid = CRYPTO_get_new_dynlockid();
+ if (mt->lockid == 0)
+ return 1; /* failure */
+ return 0; /* success */
+}
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
+{
+ CRYPTO_w_lock(mt->lockid);
+ return 0;
+}
static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
- {
- CRYPTO_w_unlock(mt->lockid);
- }
+{
+ CRYPTO_w_unlock(mt->lockid);
+}
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
- {
- CRYPTO_destroy_dynlockid(mt->lockid);
- }
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
+{
+ CRYPTO_destroy_dynlockid(mt->lockid);
+}
static int hwcrhk_get_pass(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx)
- {
- pem_password_cb *callback = NULL;
- void *callback_data = NULL;
- UI_METHOD *ui_method = NULL;
- /* Despite what the documentation says prompt_info can be
- * an empty string.
- */
- if (prompt_info && !*prompt_info)
- prompt_info = NULL;
-
- if (cactx)
- {
- if (cactx->ui_method)
- ui_method = cactx->ui_method;
- if (cactx->password_callback)
- callback = cactx->password_callback;
- if (cactx->callback_data)
- callback_data = cactx->callback_data;
- }
- if (ppctx)
- {
- if (ppctx->ui_method)
- {
- ui_method = ppctx->ui_method;
- callback = NULL;
- }
- if (ppctx->callback_data)
- callback_data = ppctx->callback_data;
- }
- if (callback == NULL && ui_method == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
- return -1;
- }
-
- if (ui_method)
- {
- UI *ui = UI_new_method(ui_method);
- if (ui)
- {
- int ok;
- char *prompt = UI_construct_prompt(ui,
- "pass phrase", prompt_info);
-
- ok = UI_add_input_string(ui,prompt,
- UI_INPUT_FLAG_DEFAULT_PWD,
- buf,0,(*len_io) - 1);
- UI_add_user_data(ui, callback_data);
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
- if (ok >= 0)
- do
- {
- ok=UI_process(ui);
- }
- while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
- if (ok >= 0)
- *len_io = strlen(buf);
-
- UI_free(ui);
- OPENSSL_free(prompt);
- }
- }
- else
- {
- *len_io = callback(buf, *len_io, 0, callback_data);
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx)
+{
+ pem_password_cb *callback = NULL;
+ void *callback_data = NULL;
+ UI_METHOD *ui_method = NULL;
+ /*
+ * Despite what the documentation says prompt_info can be an empty
+ * string.
+ */
+ if (prompt_info && !*prompt_info)
+ prompt_info = NULL;
+
+ if (cactx) {
+ if (cactx->ui_method)
+ ui_method = cactx->ui_method;
+ if (cactx->password_callback)
+ callback = cactx->password_callback;
+ if (cactx->callback_data)
+ callback_data = cactx->callback_data;
+ }
+ if (ppctx) {
+ if (ppctx->ui_method) {
+ ui_method = ppctx->ui_method;
+ callback = NULL;
+ }
+ if (ppctx->callback_data)
+ callback_data = ppctx->callback_data;
+ }
+ if (callback == NULL && ui_method == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK);
+ return -1;
+ }
+
+ if (ui_method) {
+ UI *ui = UI_new_method(ui_method);
+ if (ui) {
+ int ok;
+ char *prompt = UI_construct_prompt(ui,
+ "pass phrase", prompt_info);
+
+ ok = UI_add_input_string(ui, prompt,
+ UI_INPUT_FLAG_DEFAULT_PWD,
+ buf, 0, (*len_io) - 1);
+ UI_add_user_data(ui, callback_data);
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ do {
+ ok = UI_process(ui);
}
- if(!*len_io)
- return -1;
- return 0;
- }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (ok >= 0)
+ *len_io = strlen(buf);
+
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ }
+ } else {
+ *len_io = callback(buf, *len_io, 0, callback_data);
+ }
+ if (!*len_io)
+ return -1;
+ return 0;
+}
static int hwcrhk_insert_card(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx)
- {
- int ok = -1;
- UI *ui;
- void *callback_data = NULL;
- UI_METHOD *ui_method = NULL;
-
- if (cactx)
- {
- if (cactx->ui_method)
- ui_method = cactx->ui_method;
- if (cactx->callback_data)
- callback_data = cactx->callback_data;
- }
- if (ppctx)
- {
- if (ppctx->ui_method)
- ui_method = ppctx->ui_method;
- if (ppctx->callback_data)
- callback_data = ppctx->callback_data;
- }
- if (ui_method == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
- HWCRHK_R_NO_CALLBACK);
- return -1;
- }
-
- ui = UI_new_method(ui_method);
-
- if (ui)
- {
- char answer;
- char buf[BUFSIZ];
- /* Despite what the documentation says wrong_info can be
- * an empty string.
- */
- if (wrong_info && *wrong_info)
- BIO_snprintf(buf, sizeof(buf)-1,
- "Current card: \"%s\"\n", wrong_info);
- else
- buf[0] = 0;
- ok = UI_dup_info_string(ui, buf);
- if (ok >= 0 && prompt_info)
- {
- BIO_snprintf(buf, sizeof(buf)-1,
- "Insert card \"%s\"", prompt_info);
- ok = UI_dup_input_boolean(ui, buf,
- "\n then hit <enter> or C<enter> to cancel\n",
- "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
- }
- UI_add_user_data(ui, callback_data);
-
- if (ok >= 0)
- ok = UI_process(ui);
- UI_free(ui);
-
- if (ok == -2 || (ok >= 0 && answer == 'C'))
- ok = 1;
- else if (ok < 0)
- ok = -1;
- else
- ok = 0;
- }
- return ok;
- }
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx)
+{
+ int ok = -1;
+ UI *ui;
+ void *callback_data = NULL;
+ UI_METHOD *ui_method = NULL;
+
+ if (cactx) {
+ if (cactx->ui_method)
+ ui_method = cactx->ui_method;
+ if (cactx->callback_data)
+ callback_data = cactx->callback_data;
+ }
+ if (ppctx) {
+ if (ppctx->ui_method)
+ ui_method = ppctx->ui_method;
+ if (ppctx->callback_data)
+ callback_data = ppctx->callback_data;
+ }
+ if (ui_method == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK);
+ return -1;
+ }
+
+ ui = UI_new_method(ui_method);
+
+ if (ui) {
+ char answer;
+ char buf[BUFSIZ];
+ /*
+ * Despite what the documentation says wrong_info can be an empty
+ * string.
+ */
+ if (wrong_info && *wrong_info)
+ BIO_snprintf(buf, sizeof(buf) - 1,
+ "Current card: \"%s\"\n", wrong_info);
+ else
+ buf[0] = 0;
+ ok = UI_dup_info_string(ui, buf);
+ if (ok >= 0 && prompt_info) {
+ BIO_snprintf(buf, sizeof(buf) - 1,
+ "Insert card \"%s\"", prompt_info);
+ ok = UI_dup_input_boolean(ui, buf,
+ "\n then hit <enter> or C<enter> to cancel\n",
+ "\r\n", "Cc", UI_INPUT_FLAG_ECHO,
+ &answer);
+ }
+ UI_add_user_data(ui, callback_data);
+
+ if (ok >= 0)
+ ok = UI_process(ui);
+ UI_free(ui);
+
+ if (ok == -2 || (ok >= 0 && answer == 'C'))
+ ok = 1;
+ else if (ok < 0)
+ ok = -1;
+ else
+ ok = 0;
+ }
+ return ok;
+}
static void hwcrhk_log_message(void *logstr, const char *message)
- {
- BIO *lstream = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_BIO);
- if (logstr)
- lstream=*(BIO **)logstr;
- if (lstream)
- {
- BIO_printf(lstream, "%s\n", message);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
- }
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+{
+ BIO *lstream = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+ if (logstr)
+ lstream = *(BIO **)logstr;
+ if (lstream) {
+ BIO_printf(lstream, "%s\n", message);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_hwcrhk_id) != 0) &&
- (strcmp(id, engine_hwcrhk_id_alt) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+{
+ if (id && (strcmp(id, engine_hwcrhk_id) != 0) &&
+ (strcmp(id, engine_hwcrhk_id_alt) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
-#endif /* !OPENSSL_NO_HW_CHIL */
-#endif /* !OPENSSL_NO_HW */
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_CHIL */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_chil_err.c b/openssl/engines/e_chil_err.c
index c5983b2fd..00fbf8cd5 100644
--- a/openssl/engines/e_chil_err.c
+++ b/openssl/engines/e_chil_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,96 +66,92 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA HWCRHK_str_functs[]=
- {
-{ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA HWCRHK_str_reasons[]=
- {
-{ERR_REASON(HWCRHK_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(HWCRHK_R_BIO_WAS_FREED) ,"bio was freed"},
-{ERR_REASON(HWCRHK_R_CHIL_ERROR) ,"chil error"},
-{ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(HWCRHK_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(HWCRHK_R_NOT_INITIALISED) ,"not initialised"},
-{ERR_REASON(HWCRHK_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(HWCRHK_R_NO_CALLBACK) ,"no callback"},
-{ERR_REASON(HWCRHK_R_NO_KEY) ,"no key"},
-{ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),"private key algorithms disabled"},
-{ERR_REASON(HWCRHK_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(HWCRHK_R_REQUEST_FALLBACK) ,"request fallback"},
-{ERR_REASON(HWCRHK_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA HWCRHK_str_functs[] = {
+ {ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA HWCRHK_str_reasons[] = {
+ {ERR_REASON(HWCRHK_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(HWCRHK_R_BIO_WAS_FREED), "bio was freed"},
+ {ERR_REASON(HWCRHK_R_CHIL_ERROR), "chil error"},
+ {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(HWCRHK_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(HWCRHK_R_NOT_INITIALISED), "not initialised"},
+ {ERR_REASON(HWCRHK_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(HWCRHK_R_NO_CALLBACK), "no callback"},
+ {ERR_REASON(HWCRHK_R_NO_KEY), "no key"},
+ {ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),
+ "private key algorithms disabled"},
+ {ERR_REASON(HWCRHK_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(HWCRHK_R_REQUEST_FALLBACK), "request fallback"},
+ {ERR_REASON(HWCRHK_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
#endif
#ifdef HWCRHK_LIB_NAME
-static ERR_STRING_DATA HWCRHK_lib_name[]=
- {
-{0 ,HWCRHK_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA HWCRHK_lib_name[] = {
+ {0, HWCRHK_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int HWCRHK_lib_error_code=0;
-static int HWCRHK_error_init=1;
+static int HWCRHK_lib_error_code = 0;
+static int HWCRHK_error_init = 1;
static void ERR_load_HWCRHK_strings(void)
- {
- if (HWCRHK_lib_error_code == 0)
- HWCRHK_lib_error_code=ERR_get_next_error_library();
+{
+ if (HWCRHK_lib_error_code == 0)
+ HWCRHK_lib_error_code = ERR_get_next_error_library();
- if (HWCRHK_error_init)
- {
- HWCRHK_error_init=0;
+ if (HWCRHK_error_init) {
+ HWCRHK_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
- ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+ ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
+ ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
#endif
#ifdef HWCRHK_LIB_NAME
- HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
- ERR_load_strings(0,HWCRHK_lib_name);
+ HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code, 0, 0);
+ ERR_load_strings(0, HWCRHK_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_HWCRHK_strings(void)
- {
- if (HWCRHK_error_init == 0)
- {
+{
+ if (HWCRHK_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
- ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+ ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
+ ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
#endif
#ifdef HWCRHK_LIB_NAME
- ERR_unload_strings(0,HWCRHK_lib_name);
+ ERR_unload_strings(0, HWCRHK_lib_name);
#endif
- HWCRHK_error_init=1;
- }
- }
+ HWCRHK_error_init = 1;
+ }
+}
static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
- {
- if (HWCRHK_lib_error_code == 0)
- HWCRHK_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
- }
+{
+ if (HWCRHK_lib_error_code == 0)
+ HWCRHK_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(HWCRHK_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_chil_err.h b/openssl/engines/e_chil_err.h
index 3c42a0239..d86a4ce9a 100644
--- a/openssl/engines/e_chil_err.h
+++ b/openssl/engines/e_chil_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,50 +53,51 @@
*/
#ifndef HEADER_HWCRHK_ERR_H
-#define HEADER_HWCRHK_ERR_H
+# define HEADER_HWCRHK_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_HWCRHK_strings(void);
static void ERR_unload_HWCRHK_strings(void);
static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
-#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
/* Error codes for the HWCRHK functions. */
/* Function codes. */
-#define HWCRHK_F_HWCRHK_CTRL 100
-#define HWCRHK_F_HWCRHK_FINISH 101
-#define HWCRHK_F_HWCRHK_GET_PASS 102
-#define HWCRHK_F_HWCRHK_INIT 103
-#define HWCRHK_F_HWCRHK_INSERT_CARD 104
-#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105
-#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106
-#define HWCRHK_F_HWCRHK_MOD_EXP 107
-#define HWCRHK_F_HWCRHK_RAND_BYTES 108
-#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
+# define HWCRHK_F_HWCRHK_CTRL 100
+# define HWCRHK_F_HWCRHK_FINISH 101
+# define HWCRHK_F_HWCRHK_GET_PASS 102
+# define HWCRHK_F_HWCRHK_INIT 103
+# define HWCRHK_F_HWCRHK_INSERT_CARD 104
+# define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105
+# define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106
+# define HWCRHK_F_HWCRHK_MOD_EXP 107
+# define HWCRHK_F_HWCRHK_RAND_BYTES 108
+# define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
/* Reason codes. */
-#define HWCRHK_R_ALREADY_LOADED 100
-#define HWCRHK_R_BIO_WAS_FREED 101
-#define HWCRHK_R_CHIL_ERROR 102
-#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define HWCRHK_R_DSO_FAILURE 104
-#define HWCRHK_R_MISSING_KEY_COMPONENTS 105
-#define HWCRHK_R_NOT_INITIALISED 106
-#define HWCRHK_R_NOT_LOADED 107
-#define HWCRHK_R_NO_CALLBACK 108
-#define HWCRHK_R_NO_KEY 109
-#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110
-#define HWCRHK_R_REQUEST_FAILED 111
-#define HWCRHK_R_REQUEST_FALLBACK 112
-#define HWCRHK_R_UNIT_FAILURE 113
+# define HWCRHK_R_ALREADY_LOADED 100
+# define HWCRHK_R_BIO_WAS_FREED 101
+# define HWCRHK_R_CHIL_ERROR 102
+# define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define HWCRHK_R_DSO_FAILURE 104
+# define HWCRHK_R_MISSING_KEY_COMPONENTS 105
+# define HWCRHK_R_NOT_INITIALISED 106
+# define HWCRHK_R_NOT_LOADED 107
+# define HWCRHK_R_NO_CALLBACK 108
+# define HWCRHK_R_NO_KEY 109
+# define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110
+# define HWCRHK_R_REQUEST_FAILED 111
+# define HWCRHK_R_REQUEST_FALLBACK 112
+# define HWCRHK_R_UNIT_FAILURE 113
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_cswift.c b/openssl/engines/e_cswift.c
index 2e64ff327..c429802d5 100644
--- a/openssl/engines/e_cswift.c
+++ b/openssl/engines/e_cswift.c
@@ -1,6 +1,7 @@
/* crypto/engine/hw_cswift.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -63,155 +64,155 @@
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#include <openssl/rand.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CSWIFT
-
-/* Attribution notice: Rainbow have generously allowed me to reproduce
- * the necessary definitions here from their API. This means the support
- * can build independently of whether application builders have the
- * API or hardware. This will allow developers to easily produce software
- * that has latent hardware support for any users that have accelerators
- * installed, without the developers themselves needing anything extra.
- *
- * I have only clipped the parts from the CryptoSwift header files that
- * are (or seem) relevant to the CryptoSwift support code. This is
- * simply to keep the file sizes reasonable.
- * [Geoff]
+# ifndef OPENSSL_NO_HW_CSWIFT
+
+/*
+ * Attribution notice: Rainbow have generously allowed me to reproduce the
+ * necessary definitions here from their API. This means the support can
+ * build independently of whether application builders have the API or
+ * hardware. This will allow developers to easily produce software that has
+ * latent hardware support for any users that have accelerators installed,
+ * without the developers themselves needing anything extra. I have only
+ * clipped the parts from the CryptoSwift header files that are (or seem)
+ * relevant to the CryptoSwift support code. This is simply to keep the file
+ * sizes reasonable. [Geoff]
*/
-#ifdef FLAT_INC
-#include "cswift.h"
-#else
-#include "vendor_defns/cswift.h"
-#endif
+# ifdef FLAT_INC
+# include "cswift.h"
+# else
+# include "vendor_defns/cswift.h"
+# endif
-#define CSWIFT_LIB_NAME "cswift engine"
-#include "e_cswift_err.c"
+# define CSWIFT_LIB_NAME "cswift engine"
+# include "e_cswift_err.c"
-#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
static int cswift_destroy(ENGINE *e);
static int cswift_init(ENGINE *e);
static int cswift_finish(ENGINE *e);
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-#ifndef OPENSSL_NO_RSA
-static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
-#endif
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+# ifndef OPENSSL_NO_RSA
+static int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in);
+# endif
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
+ const BIGNUM *m, BN_CTX *ctx);
+# ifndef OPENSSL_NO_RSA
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-#endif
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx);
+# endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* RSA stuff */
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
/* DSA stuff */
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-#endif
+ DSA_SIG *sig, DSA *dsa);
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
/* RAND stuff */
static int cswift_rand_bytes(unsigned char *buf, int num);
static int cswift_rand_status(void);
/* The definitions for control commands specific to this engine */
-#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
+# define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
- {CSWIFT_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'cswift' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
+ {CSWIFT_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'cswift' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD cswift_rsa =
- {
- "CryptoSwift RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- cswift_rsa_mod_exp,
- cswift_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
+static RSA_METHOD cswift_rsa = {
+ "CryptoSwift RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ cswift_rsa_mod_exp,
+ cswift_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD cswift_dsa =
- {
- "CryptoSwift DSA method",
- cswift_dsa_sign,
- NULL, /* dsa_sign_setup */
- cswift_dsa_verify,
- NULL, /* dsa_mod_exp */
- NULL, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
+static DSA_METHOD cswift_dsa = {
+ "CryptoSwift DSA method",
+ cswift_dsa_sign,
+ NULL, /* dsa_sign_setup */
+ cswift_dsa_verify,
+ NULL, /* dsa_mod_exp */
+ NULL, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD cswift_dh =
- {
- "CryptoSwift DH method",
- NULL,
- NULL,
- cswift_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
+static DH_METHOD cswift_dh = {
+ "CryptoSwift DH method",
+ NULL,
+ NULL,
+ cswift_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
-static RAND_METHOD cswift_random =
- {
+static RAND_METHOD cswift_random = {
/* "CryptoSwift RAND method", */
NULL,
cswift_rand_bytes,
@@ -219,103 +220,108 @@ static RAND_METHOD cswift_random =
NULL,
cswift_rand_bytes,
cswift_rand_status,
- };
-
+};
/* Constants used when creating the ENGINE */
static const char *engine_cswift_id = "cswift";
static const char *engine_cswift_name = "CryptoSwift hardware engine support";
-/* This internal function is used by ENGINE_cswift() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_cswift() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth2;
-#endif
- if(!ENGINE_set_id(e, engine_cswift_id) ||
- !ENGINE_set_name(e, engine_cswift_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &cswift_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &cswift_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &cswift_dh) ||
-#endif
- !ENGINE_set_RAND(e, &cswift_random) ||
- !ENGINE_set_destroy_function(e, cswift_destroy) ||
- !ENGINE_set_init_function(e, cswift_init) ||
- !ENGINE_set_finish_function(e, cswift_finish) ||
- !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
- !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth2 = DH_OpenSSL();
- cswift_dh.generate_key = meth2->generate_key;
- cswift_dh.compute_key = meth2->compute_key;
-#endif
-
- /* Ensure the cswift error handling is set up */
- ERR_load_CSWIFT_strings();
- return 1;
- }
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth2;
+# endif
+ if (!ENGINE_set_id(e, engine_cswift_id) ||
+ !ENGINE_set_name(e, engine_cswift_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &cswift_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &cswift_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &cswift_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &cswift_random) ||
+ !ENGINE_set_destroy_function(e, cswift_destroy) ||
+ !ENGINE_set_init_function(e, cswift_init) ||
+ !ENGINE_set_finish_function(e, cswift_finish) ||
+ !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
+ !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth2 = DH_OpenSSL();
+ cswift_dh.generate_key = meth2->generate_key;
+ cswift_dh.compute_key = meth2->compute_key;
+# endif
+
+ /* Ensure the cswift error handling is set up */
+ ERR_load_CSWIFT_strings();
+ return 1;
+}
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_cswift(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_cswift(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_cswift();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_cswift();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
-/* This is a process-global DSO handle used for loading and unloading
- * the CryptoSwift library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * CryptoSwift library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
static DSO *cswift_dso = NULL;
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
@@ -324,806 +330,774 @@ t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
/* Used in the DSO operations. */
static const char *CSWIFT_LIBNAME = NULL;
static const char *get_CSWIFT_LIBNAME(void)
- {
- if(CSWIFT_LIBNAME)
- return CSWIFT_LIBNAME;
- return "swift";
- }
+{
+ if (CSWIFT_LIBNAME)
+ return CSWIFT_LIBNAME;
+ return "swift";
+}
+
static void free_CSWIFT_LIBNAME(void)
- {
- if(CSWIFT_LIBNAME)
- OPENSSL_free((void*)CSWIFT_LIBNAME);
- CSWIFT_LIBNAME = NULL;
- }
+{
+ if (CSWIFT_LIBNAME)
+ OPENSSL_free((void *)CSWIFT_LIBNAME);
+ CSWIFT_LIBNAME = NULL;
+}
+
static long set_CSWIFT_LIBNAME(const char *name)
- {
- free_CSWIFT_LIBNAME();
- return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
+{
+ free_CSWIFT_LIBNAME();
+ return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
static const char *CSWIFT_F1 = "swAcquireAccContext";
static const char *CSWIFT_F2 = "swAttachKeyParam";
static const char *CSWIFT_F3 = "swSimpleRequest";
static const char *CSWIFT_F4 = "swReleaseAccContext";
-
-/* CryptoSwift library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there. */
+/*
+ * CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
/* utility function to obtain a context */
static int get_context(SW_CONTEXT_HANDLE *hac)
- {
- SW_STATUS status;
-
- status = p_CSwift_AcquireAccContext(hac);
- if(status != SW_OK)
- return 0;
- return 1;
- }
-
+{
+ SW_STATUS status;
+
+ status = p_CSwift_AcquireAccContext(hac);
+ if (status != SW_OK)
+ return 0;
+ return 1;
+}
+
/* similarly to release one. */
static void release_context(SW_CONTEXT_HANDLE hac)
- {
- p_CSwift_ReleaseAccContext(hac);
- }
+{
+ p_CSwift_ReleaseAccContext(hac);
+}
/* Destructor (complements the "ENGINE_cswift()" constructor) */
static int cswift_destroy(ENGINE *e)
- {
- free_CSWIFT_LIBNAME();
- ERR_unload_CSWIFT_strings();
- return 1;
- }
+{
+ free_CSWIFT_LIBNAME();
+ ERR_unload_CSWIFT_strings();
+ return 1;
+}
/* (de)initialisation functions. */
static int cswift_init(ENGINE *e)
- {
- SW_CONTEXT_HANDLE hac;
- t_swAcquireAccContext *p1;
- t_swAttachKeyParam *p2;
- t_swSimpleRequest *p3;
- t_swReleaseAccContext *p4;
-
- if(cswift_dso != NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libswift.so/swift.dll/whatever. */
- cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
- if(cswift_dso == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
- goto err;
- }
- if(!(p1 = (t_swAcquireAccContext *)
- DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
- !(p2 = (t_swAttachKeyParam *)
- DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
- !(p3 = (t_swSimpleRequest *)
- DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
- !(p4 = (t_swReleaseAccContext *)
- DSO_bind_func(cswift_dso, CSWIFT_F4)))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
- goto err;
- }
- /* Copy the pointers */
- p_CSwift_AcquireAccContext = p1;
- p_CSwift_AttachKeyParam = p2;
- p_CSwift_SimpleRequest = p3;
- p_CSwift_ReleaseAccContext = p4;
- /* Try and get a context - if not, we may have a DSO but no
- * accelerator! */
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- release_context(hac);
- /* Everything's fine. */
- return 1;
-err:
- if(cswift_dso)
- {
- DSO_free(cswift_dso);
- cswift_dso = NULL;
- }
- p_CSwift_AcquireAccContext = NULL;
- p_CSwift_AttachKeyParam = NULL;
- p_CSwift_SimpleRequest = NULL;
- p_CSwift_ReleaseAccContext = NULL;
- return 0;
- }
+{
+ SW_CONTEXT_HANDLE hac;
+ t_swAcquireAccContext *p1;
+ t_swAttachKeyParam *p2;
+ t_swSimpleRequest *p3;
+ t_swReleaseAccContext *p4;
+
+ if (cswift_dso != NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libswift.so/swift.dll/whatever. */
+ cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
+ if (cswift_dso == NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
+ goto err;
+ }
+ if (!(p1 = (t_swAcquireAccContext *)
+ DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+ !(p2 = (t_swAttachKeyParam *)
+ DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+ !(p3 = (t_swSimpleRequest *)
+ DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+ !(p4 = (t_swReleaseAccContext *)
+ DSO_bind_func(cswift_dso, CSWIFT_F4))) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_CSwift_AcquireAccContext = p1;
+ p_CSwift_AttachKeyParam = p2;
+ p_CSwift_SimpleRequest = p3;
+ p_CSwift_ReleaseAccContext = p4;
+ /*
+ * Try and get a context - if not, we may have a DSO but no accelerator!
+ */
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ release_context(hac);
+ /* Everything's fine. */
+ return 1;
+ err:
+ if (cswift_dso) {
+ DSO_free(cswift_dso);
+ cswift_dso = NULL;
+ }
+ p_CSwift_AcquireAccContext = NULL;
+ p_CSwift_AttachKeyParam = NULL;
+ p_CSwift_SimpleRequest = NULL;
+ p_CSwift_ReleaseAccContext = NULL;
+ return 0;
+}
static int cswift_finish(ENGINE *e)
- {
- free_CSWIFT_LIBNAME();
- if(cswift_dso == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(cswift_dso))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
- return 0;
- }
- cswift_dso = NULL;
- p_CSwift_AcquireAccContext = NULL;
- p_CSwift_AttachKeyParam = NULL;
- p_CSwift_SimpleRequest = NULL;
- p_CSwift_ReleaseAccContext = NULL;
- return 1;
- }
-
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((cswift_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case CSWIFT_CMD_SO_PATH:
- if(p == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
- return 0;
- }
- return set_CSWIFT_LIBNAME((const char *)p);
- default:
- break;
- }
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
+{
+ free_CSWIFT_LIBNAME();
+ if (cswift_dso == NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(cswift_dso)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_UNIT_FAILURE);
+ return 0;
+ }
+ cswift_dso = NULL;
+ p_CSwift_AcquireAccContext = NULL;
+ p_CSwift_AttachKeyParam = NULL;
+ p_CSwift_SimpleRequest = NULL;
+ p_CSwift_ReleaseAccContext = NULL;
+ return 1;
+}
+
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((cswift_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case CSWIFT_CMD_SO_PATH:
+ if (p == NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_CSWIFT_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
/* Un petit mod_exp */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the CryptoSwift API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
- BIGNUM *modulus;
- BIGNUM *exponent;
- BIGNUM *argument;
- BIGNUM *result;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- SW_PARAM sw_param;
- SW_CONTEXT_HANDLE hac;
- int to_return, acquired;
-
- modulus = exponent = argument = result = NULL;
- to_return = 0; /* expect failure */
- acquired = 0;
-
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- modulus = BN_CTX_get(ctx);
- exponent = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
- !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_EXP;
- sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
- (unsigned char *)modulus->d);
- sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
- sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
- (unsigned char *)exponent->d);
- sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
- arg.value = (unsigned char *)argument->d;
- res.nbytes = BN_num_bytes(m);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
- &res, 1)) != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
- to_return = 1;
-err:
- if(acquired)
- release_context(hac);
- BN_CTX_end(ctx);
- return to_return;
- }
-
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ /*
+ * I need somewhere to store temporary serialised values for use with the
+ * CryptoSwift API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX
+ * but access their arrays directly as byte arrays <grin>. This way I
+ * don't have to clean anything up.
+ */
+ BIGNUM *modulus;
+ BIGNUM *exponent;
+ BIGNUM *argument;
+ BIGNUM *result;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ SW_PARAM sw_param;
+ SW_CONTEXT_HANDLE hac;
+ int to_return, acquired;
+
+ modulus = exponent = argument = result = NULL;
+ to_return = 0; /* expect failure */
+ acquired = 0;
+
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ modulus = BN_CTX_get(ctx);
+ exponent = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if (!result) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+ !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_EXP;
+ sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+ (unsigned char *)modulus->d);
+ sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+ sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+ (unsigned char *)exponent->d);
+ sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+ arg.value = (unsigned char *)argument->d;
+ res.nbytes = BN_num_bytes(m);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+ &res, 1)) != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+ to_return = 1;
+ err:
+ if (acquired)
+ release_context(hac);
+ BN_CTX_end(ctx);
+ return to_return;
+}
-#ifndef OPENSSL_NO_RSA
-int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+# ifndef OPENSSL_NO_RSA
+int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in)
{
- int mod;
- int numbytes = BN_num_bytes(in);
-
- mod = 0;
- while( ((out->nbytes = (numbytes+mod)) % 32) )
- {
- mod++;
- }
- out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
- if(!out->value)
- {
- return 0;
- }
- BN_bn2bin(in, &out->value[mod]);
- if(mod)
- memset(out->value, 0, mod);
-
- return 1;
+ int mod;
+ int numbytes = BN_num_bytes(in);
+
+ mod = 0;
+ while (((out->nbytes = (numbytes + mod)) % 32)) {
+ mod++;
+ }
+ out->value = (unsigned char *)OPENSSL_malloc(out->nbytes);
+ if (!out->value) {
+ return 0;
+ }
+ BN_bn2bin(in, &out->value[mod]);
+ if (mod)
+ memset(out->value, 0, mod);
+
+ return 1;
}
-#endif
+# endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
- {
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- SW_PARAM sw_param;
- SW_CONTEXT_HANDLE hac;
- BIGNUM *result = NULL;
- BIGNUM *argument = NULL;
- int to_return = 0; /* expect failure */
- int acquired = 0;
-
- sw_param.up.crt.p.value = NULL;
- sw_param.up.crt.q.value = NULL;
- sw_param.up.crt.dmp1.value = NULL;
- sw_param.up.crt.dmq1.value = NULL;
- sw_param.up.crt.iqmp.value = NULL;
-
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
-
- /* Prepare the params */
- argument = BN_new();
- result = BN_new();
- if(!result || !argument)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
-
-
- sw_param.type = SW_ALG_CRT;
- /************************************************************************/
- /* 04/02/2003 */
- /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
- /* limitation of cswift with values not a multiple of 32 */
- /************************************************************************/
- if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if( !bn_wexpand(argument, a->top) ||
- !bn_wexpand(result, p->top + q->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
- arg.value = (unsigned char *)argument->d;
- res.nbytes = 2 * BN_num_bytes(p);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
- &res, 1)) != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
- to_return = 1;
-err:
- if(sw_param.up.crt.p.value)
- OPENSSL_free(sw_param.up.crt.p.value);
- if(sw_param.up.crt.q.value)
- OPENSSL_free(sw_param.up.crt.q.value);
- if(sw_param.up.crt.dmp1.value)
- OPENSSL_free(sw_param.up.crt.dmp1.value);
- if(sw_param.up.crt.dmq1.value)
- OPENSSL_free(sw_param.up.crt.dmq1.value);
- if(sw_param.up.crt.iqmp.value)
- OPENSSL_free(sw_param.up.crt.iqmp.value);
- if(result)
- BN_free(result);
- if(argument)
- BN_free(argument);
- if(acquired)
- release_context(hac);
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
- const RSA_METHOD * def_rsa_method;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Try the limits of RSA (2048 bits) */
- if(BN_num_bytes(rsa->p) > 128 ||
- BN_num_bytes(rsa->q) > 128 ||
- BN_num_bytes(rsa->dmp1) > 128 ||
- BN_num_bytes(rsa->dmq1) > 128 ||
- BN_num_bytes(rsa->iqmp) > 128)
- {
-#ifdef RSA_NULL
- def_rsa_method=RSA_null_method();
-#else
-#if 0
- def_rsa_method=RSA_PKCS1_RSAref();
-#else
- def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
- if(def_rsa_method)
- return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
- }
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx)
+{
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ SW_PARAM sw_param;
+ SW_CONTEXT_HANDLE hac;
+ BIGNUM *result = NULL;
+ BIGNUM *argument = NULL;
+ int to_return = 0; /* expect failure */
+ int acquired = 0;
+
+ sw_param.up.crt.p.value = NULL;
+ sw_param.up.crt.q.value = NULL;
+ sw_param.up.crt.dmp1.value = NULL;
+ sw_param.up.crt.dmq1.value = NULL;
+ sw_param.up.crt.iqmp.value = NULL;
+
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+
+ /* Prepare the params */
+ argument = BN_new();
+ result = BN_new();
+ if (!result || !argument) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+
+ sw_param.type = SW_ALG_CRT;
+ /************************************************************************/
+ /*
+ * 04/02/2003
+ */
+ /*
+ * Modified by Frederic Giudicelli (deny-all.com) to overcome the
+ */
+ /*
+ * limitation of cswift with values not a multiple of 32
+ */
+ /************************************************************************/
+ if (!cswift_bn_32copy(&sw_param.up.crt.p, p)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.q, q)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!bn_wexpand(argument, a->top) || !bn_wexpand(result, p->top + q->top)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+ arg.value = (unsigned char *)argument->d;
+ res.nbytes = 2 * BN_num_bytes(p);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+ &res, 1)) != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+ to_return = 1;
+ err:
+ if (sw_param.up.crt.p.value)
+ OPENSSL_free(sw_param.up.crt.p.value);
+ if (sw_param.up.crt.q.value)
+ OPENSSL_free(sw_param.up.crt.q.value);
+ if (sw_param.up.crt.dmp1.value)
+ OPENSSL_free(sw_param.up.crt.dmp1.value);
+ if (sw_param.up.crt.dmq1.value)
+ OPENSSL_free(sw_param.up.crt.dmq1.value);
+ if (sw_param.up.crt.iqmp.value)
+ OPENSSL_free(sw_param.up.crt.iqmp.value);
+ if (result)
+ BN_free(result);
+ if (argument)
+ BN_free(argument);
+ if (acquired)
+ release_context(hac);
+ return to_return;
+}
+# endif
- to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
-err:
- return to_return;
- }
+# ifndef OPENSSL_NO_RSA
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ int to_return = 0;
+ const RSA_METHOD *def_rsa_method;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,
+ CSWIFT_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ /* Try the limits of RSA (2048 bits) */
+ if (BN_num_bytes(rsa->p) > 128 ||
+ BN_num_bytes(rsa->q) > 128 ||
+ BN_num_bytes(rsa->dmp1) > 128 ||
+ BN_num_bytes(rsa->dmq1) > 128 || BN_num_bytes(rsa->iqmp) > 128) {
+# ifdef RSA_NULL
+ def_rsa_method = RSA_null_method();
+# else
+# if 0
+ def_rsa_method = RSA_PKCS1_RSAref();
+# else
+ def_rsa_method = RSA_PKCS1_SSLeay();
+# endif
+# endif
+ if (def_rsa_method)
+ return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
+ }
+
+ to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+ rsa->dmq1, rsa->iqmp, ctx);
+ err:
+ return to_return;
+}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- const RSA_METHOD * def_rsa_method;
-
- /* Try the limits of RSA (2048 bits) */
- if(BN_num_bytes(r) > 256 ||
- BN_num_bytes(a) > 256 ||
- BN_num_bytes(m) > 256)
- {
-#ifdef RSA_NULL
- def_rsa_method=RSA_null_method();
-#else
-#if 0
- def_rsa_method=RSA_PKCS1_RSAref();
-#else
- def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
- if(def_rsa_method)
- return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
- }
-
- return cswift_mod_exp(r, a, p, m, ctx);
- }
-#endif /* OPENSSL_NO_RSA */
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ const RSA_METHOD *def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if (BN_num_bytes(r) > 256 ||
+ BN_num_bytes(a) > 256 || BN_num_bytes(m) > 256) {
+# ifdef RSA_NULL
+ def_rsa_method = RSA_null_method();
+# else
+# if 0
+ def_rsa_method = RSA_PKCS1_RSAref();
+# else
+ def_rsa_method = RSA_PKCS1_SSLeay();
+# endif
+# endif
+ if (def_rsa_method)
+ return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+ }
+
+ return cswift_mod_exp(r, a, p, m, ctx);
+}
+# endif /* OPENSSL_NO_RSA */
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- SW_CONTEXT_HANDLE hac;
- SW_PARAM sw_param;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- BN_CTX *ctx;
- BIGNUM *dsa_p = NULL;
- BIGNUM *dsa_q = NULL;
- BIGNUM *dsa_g = NULL;
- BIGNUM *dsa_key = NULL;
- BIGNUM *result = NULL;
- DSA_SIG *to_return = NULL;
- int acquired = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- dsa_p = BN_CTX_get(ctx);
- dsa_q = BN_CTX_get(ctx);
- dsa_g = BN_CTX_get(ctx);
- dsa_key = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(dsa_p, dsa->p->top) ||
- !bn_wexpand(dsa_q, dsa->q->top) ||
- !bn_wexpand(dsa_g, dsa->g->top) ||
- !bn_wexpand(dsa_key, dsa->priv_key->top) ||
- !bn_wexpand(result, dsa->p->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_DSA;
- sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
- (unsigned char *)dsa_p->d);
- sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
- sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
- (unsigned char *)dsa_q->d);
- sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
- sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
- (unsigned char *)dsa_g->d);
- sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
- sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
- (unsigned char *)dsa_key->d);
- sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = dlen;
- arg.value = (unsigned char *)dgst;
- res.nbytes = BN_num_bytes(dsa->p);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
- &res, 1);
- if(sw_status != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- if((to_return = DSA_SIG_new()) == NULL)
- goto err;
- to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
- to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
-
-err:
- if(acquired)
- release_context(hac);
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return to_return;
- }
+{
+ SW_CONTEXT_HANDLE hac;
+ SW_PARAM sw_param;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ BN_CTX *ctx;
+ BIGNUM *dsa_p = NULL;
+ BIGNUM *dsa_q = NULL;
+ BIGNUM *dsa_g = NULL;
+ BIGNUM *dsa_key = NULL;
+ BIGNUM *result = NULL;
+ DSA_SIG *to_return = NULL;
+ int acquired = 0;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ dsa_p = BN_CTX_get(ctx);
+ dsa_q = BN_CTX_get(ctx);
+ dsa_g = BN_CTX_get(ctx);
+ dsa_key = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if (!result) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(dsa_p, dsa->p->top) ||
+ !bn_wexpand(dsa_q, dsa->q->top) ||
+ !bn_wexpand(dsa_g, dsa->g->top) ||
+ !bn_wexpand(dsa_key, dsa->priv_key->top) ||
+ !bn_wexpand(result, dsa->p->top)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_DSA;
+ sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
+ sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+ sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
+ sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+ sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
+ sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+ sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+ (unsigned char *)dsa_key->d);
+ sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = dlen;
+ arg.value = (unsigned char *)dgst;
+ res.nbytes = BN_num_bytes(dsa->p);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+ &res, 1);
+ if (sw_status != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ if ((to_return = DSA_SIG_new()) == NULL)
+ goto err;
+ to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+ to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+ err:
+ if (acquired)
+ release_context(hac);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return to_return;
+}
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
- SW_CONTEXT_HANDLE hac;
- SW_PARAM sw_param;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg[2], res;
- unsigned long sig_result;
- BN_CTX *ctx;
- BIGNUM *dsa_p = NULL;
- BIGNUM *dsa_q = NULL;
- BIGNUM *dsa_g = NULL;
- BIGNUM *dsa_key = NULL;
- BIGNUM *argument = NULL;
- int to_return = -1;
- int acquired = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- dsa_p = BN_CTX_get(ctx);
- dsa_q = BN_CTX_get(ctx);
- dsa_g = BN_CTX_get(ctx);
- dsa_key = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- if(!argument)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(dsa_p, dsa->p->top) ||
- !bn_wexpand(dsa_q, dsa->q->top) ||
- !bn_wexpand(dsa_g, dsa->g->top) ||
- !bn_wexpand(dsa_key, dsa->pub_key->top) ||
- !bn_wexpand(argument, 40))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_DSA;
- sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
- (unsigned char *)dsa_p->d);
- sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
- sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
- (unsigned char *)dsa_q->d);
- sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
- sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
- (unsigned char *)dsa_g->d);
- sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
- sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
- (unsigned char *)dsa_key->d);
- sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg[0].nbytes = dgst_len;
- arg[0].value = (unsigned char *)dgst;
- arg[1].nbytes = 40;
- arg[1].value = (unsigned char *)argument->d;
- memset(arg[1].value, 0, 40);
- BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
- BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
- res.nbytes = 4; /* unsigned long */
- res.value = (unsigned char *)(&sig_result);
- /* Perform the operation */
- sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
- &res, 1);
- if(sw_status != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- to_return = ((sig_result == 0) ? 0 : 1);
-
-err:
- if(acquired)
- release_context(hac);
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return to_return;
- }
-#endif
+ DSA_SIG *sig, DSA *dsa)
+{
+ SW_CONTEXT_HANDLE hac;
+ SW_PARAM sw_param;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg[2], res;
+ unsigned long sig_result;
+ BN_CTX *ctx;
+ BIGNUM *dsa_p = NULL;
+ BIGNUM *dsa_q = NULL;
+ BIGNUM *dsa_g = NULL;
+ BIGNUM *dsa_key = NULL;
+ BIGNUM *argument = NULL;
+ int to_return = -1;
+ int acquired = 0;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ dsa_p = BN_CTX_get(ctx);
+ dsa_q = BN_CTX_get(ctx);
+ dsa_g = BN_CTX_get(ctx);
+ dsa_key = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ if (!argument) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(dsa_p, dsa->p->top) ||
+ !bn_wexpand(dsa_q, dsa->q->top) ||
+ !bn_wexpand(dsa_g, dsa->g->top) ||
+ !bn_wexpand(dsa_key, dsa->pub_key->top) ||
+ !bn_wexpand(argument, 40)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_DSA;
+ sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
+ sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+ sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
+ sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+ sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
+ sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+ sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+ (unsigned char *)dsa_key->d);
+ sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg[0].nbytes = dgst_len;
+ arg[0].value = (unsigned char *)dgst;
+ arg[1].nbytes = 40;
+ arg[1].value = (unsigned char *)argument->d;
+ memset(arg[1].value, 0, 40);
+ BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+ BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+ res.nbytes = 4; /* unsigned long */
+ res.value = (unsigned char *)(&sig_result);
+ /* Perform the operation */
+ sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+ &res, 1);
+ if (sw_status != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ to_return = ((sig_result == 0) ? 0 : 1);
+
+ err:
+ if (acquired)
+ release_context(hac);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return to_return;
+}
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return cswift_mod_exp(r, a, p, m, ctx);
- }
-#endif
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return cswift_mod_exp(r, a, p, m, ctx);
+}
+# endif
/* Random bytes are good */
static int cswift_rand_bytes(unsigned char *buf, int num)
{
- SW_CONTEXT_HANDLE hac;
- SW_STATUS swrc;
- SW_LARGENUMBER largenum;
- int acquired = 0;
- int to_return = 0; /* assume failure */
- unsigned char buf32[1024];
-
-
- if (!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
-
- /************************************************************************/
- /* 04/02/2003 */
- /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
- /* limitation of cswift with values not a multiple of 32 */
- /************************************************************************/
-
- while(num >= (int)sizeof(buf32))
- {
- largenum.value = buf;
- largenum.nbytes = sizeof(buf32);
- /* tell CryptoSwift how many bytes we want and where we want it.
- * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
- * - CryptoSwift can only do multiple of 32-bits. */
- swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
- if (swrc != SW_OK)
- {
- char tmpbuf[20];
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", swrc);
- ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
- goto err;
- }
- buf += sizeof(buf32);
- num -= sizeof(buf32);
- }
- if(num)
- {
- largenum.nbytes = sizeof(buf32);
- largenum.value = buf32;
- swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
- if (swrc != SW_OK)
- {
- char tmpbuf[20];
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", swrc);
- ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
- goto err;
- }
- memcpy(buf, largenum.value, num);
- }
-
- to_return = 1; /* success */
-err:
- if (acquired)
- release_context(hac);
-
- return to_return;
+ SW_CONTEXT_HANDLE hac;
+ SW_STATUS swrc;
+ SW_LARGENUMBER largenum;
+ int acquired = 0;
+ int to_return = 0; /* assume failure */
+ unsigned char buf32[1024];
+
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+
+ /************************************************************************/
+ /*
+ * 04/02/2003
+ */
+ /*
+ * Modified by Frederic Giudicelli (deny-all.com) to overcome the
+ */
+ /*
+ * limitation of cswift with values not a multiple of 32
+ */
+ /************************************************************************/
+
+ while (num >= (int)sizeof(buf32)) {
+ largenum.value = buf;
+ largenum.nbytes = sizeof(buf32);
+ /*-
+ * tell CryptoSwift how many bytes we want and where we want it.
+ * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+ * - CryptoSwift can only do multiple of 32-bits.
+ */
+ swrc =
+ p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK) {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ buf += sizeof(buf32);
+ num -= sizeof(buf32);
+ }
+ if (num) {
+ largenum.nbytes = sizeof(buf32);
+ largenum.value = buf32;
+ swrc =
+ p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK) {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ memcpy(buf, largenum.value, num);
+ }
+
+ to_return = 1; /* success */
+ err:
+ if (acquired)
+ release_context(hac);
+
+ return to_return;
}
static int cswift_rand_status(void)
{
- return 1;
+ return 1;
}
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_cswift_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+{
+ if (id && (strcmp(id, engine_cswift_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-#endif /* !OPENSSL_NO_HW */
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_CSWIFT */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_cswift_err.c b/openssl/engines/e_cswift_err.c
index c7942a31f..f8a2cbb5e 100644
--- a/openssl/engines/e_cswift_err.c
+++ b/openssl/engines/e_cswift_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,90 +66,85 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CSWIFT_str_functs[]=
- {
-{ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CSWIFT_str_reasons[]=
- {
-{ERR_REASON(CSWIFT_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(CSWIFT_R_BAD_KEY_SIZE) ,"bad key size"},
-{ERR_REASON(CSWIFT_R_BN_CTX_FULL) ,"bn ctx full"},
-{ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(CSWIFT_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(CSWIFT_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(CSWIFT_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CSWIFT_str_functs[] = {
+ {ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CSWIFT_str_reasons[] = {
+ {ERR_REASON(CSWIFT_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(CSWIFT_R_BAD_KEY_SIZE), "bad key size"},
+ {ERR_REASON(CSWIFT_R_BN_CTX_FULL), "bn ctx full"},
+ {ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL), "bn expand fail"},
+ {ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(CSWIFT_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(CSWIFT_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(CSWIFT_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
#endif
#ifdef CSWIFT_LIB_NAME
-static ERR_STRING_DATA CSWIFT_lib_name[]=
- {
-{0 ,CSWIFT_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA CSWIFT_lib_name[] = {
+ {0, CSWIFT_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int CSWIFT_lib_error_code=0;
-static int CSWIFT_error_init=1;
+static int CSWIFT_lib_error_code = 0;
+static int CSWIFT_error_init = 1;
static void ERR_load_CSWIFT_strings(void)
- {
- if (CSWIFT_lib_error_code == 0)
- CSWIFT_lib_error_code=ERR_get_next_error_library();
+{
+ if (CSWIFT_lib_error_code == 0)
+ CSWIFT_lib_error_code = ERR_get_next_error_library();
- if (CSWIFT_error_init)
- {
- CSWIFT_error_init=0;
+ if (CSWIFT_error_init) {
+ CSWIFT_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
- ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+ ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
+ ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
#endif
#ifdef CSWIFT_LIB_NAME
- CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
- ERR_load_strings(0,CSWIFT_lib_name);
+ CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code, 0, 0);
+ ERR_load_strings(0, CSWIFT_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_CSWIFT_strings(void)
- {
- if (CSWIFT_error_init == 0)
- {
+{
+ if (CSWIFT_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
- ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+ ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
+ ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
#endif
#ifdef CSWIFT_LIB_NAME
- ERR_unload_strings(0,CSWIFT_lib_name);
+ ERR_unload_strings(0, CSWIFT_lib_name);
#endif
- CSWIFT_error_init=1;
- }
- }
+ CSWIFT_error_init = 1;
+ }
+}
static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
- {
- if (CSWIFT_lib_error_code == 0)
- CSWIFT_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
- }
+{
+ if (CSWIFT_lib_error_code == 0)
+ CSWIFT_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(CSWIFT_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_cswift_err.h b/openssl/engines/e_cswift_err.h
index 69c2a9f87..fde3a8277 100644
--- a/openssl/engines/e_cswift_err.h
+++ b/openssl/engines/e_cswift_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,44 +53,45 @@
*/
#ifndef HEADER_CSWIFT_ERR_H
-#define HEADER_CSWIFT_ERR_H
+# define HEADER_CSWIFT_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CSWIFT_strings(void);
static void ERR_unload_CSWIFT_strings(void);
static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
-#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CSWIFT functions. */
/* Function codes. */
-#define CSWIFT_F_CSWIFT_CTRL 100
-#define CSWIFT_F_CSWIFT_DSA_SIGN 101
-#define CSWIFT_F_CSWIFT_DSA_VERIFY 102
-#define CSWIFT_F_CSWIFT_FINISH 103
-#define CSWIFT_F_CSWIFT_INIT 104
-#define CSWIFT_F_CSWIFT_MOD_EXP 105
-#define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
-#define CSWIFT_F_CSWIFT_RAND_BYTES 108
-#define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
+# define CSWIFT_F_CSWIFT_CTRL 100
+# define CSWIFT_F_CSWIFT_DSA_SIGN 101
+# define CSWIFT_F_CSWIFT_DSA_VERIFY 102
+# define CSWIFT_F_CSWIFT_FINISH 103
+# define CSWIFT_F_CSWIFT_INIT 104
+# define CSWIFT_F_CSWIFT_MOD_EXP 105
+# define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
+# define CSWIFT_F_CSWIFT_RAND_BYTES 108
+# define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
/* Reason codes. */
-#define CSWIFT_R_ALREADY_LOADED 100
-#define CSWIFT_R_BAD_KEY_SIZE 101
-#define CSWIFT_R_BN_CTX_FULL 102
-#define CSWIFT_R_BN_EXPAND_FAIL 103
-#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
-#define CSWIFT_R_MISSING_KEY_COMPONENTS 105
-#define CSWIFT_R_NOT_LOADED 106
-#define CSWIFT_R_REQUEST_FAILED 107
-#define CSWIFT_R_UNIT_FAILURE 108
+# define CSWIFT_R_ALREADY_LOADED 100
+# define CSWIFT_R_BAD_KEY_SIZE 101
+# define CSWIFT_R_BN_CTX_FULL 102
+# define CSWIFT_R_BN_EXPAND_FAIL 103
+# define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
+# define CSWIFT_R_MISSING_KEY_COMPONENTS 105
+# define CSWIFT_R_NOT_LOADED 106
+# define CSWIFT_R_REQUEST_FAILED 107
+# define CSWIFT_R_UNIT_FAILURE 108
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_gmp.c b/openssl/engines/e_gmp.c
index a3d47151e..de5f9c0d3 100644
--- a/openssl/engines/e_gmp.c
+++ b/openssl/engines/e_gmp.c
@@ -1,6 +1,7 @@
/* crypto/engine/e_gmp.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2003.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2003.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -56,13 +57,16 @@
*
*/
-/* This engine is not (currently) compiled in by default. Do enable it,
- * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and
- * headers must reside in one of the paths searched by the compiler/linker,
- * otherwise paths must be specified - eg. try configuring with
- * "enable-gmp -I<includepath> -L<libpath> -lgmp". YMMV. */
+/*
+ * This engine is not (currently) compiled in by default. Do enable it,
+ * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and headers
+ * must reside in one of the paths searched by the compiler/linker, otherwise
+ * paths must be specified - eg. try configuring with "enable-gmp
+ * -I<includepath> -L<libpath> -lgmp". YMMV.
+ */
-/* As for what this does - it's a largely unoptimised implementation of an
+/*-
+ * As for what this does - it's a largely unoptimised implementation of an
* ENGINE that uses the GMP library to perform RSA private key operations. To
* obtain more information about what "unoptimised" means, see my original mail
* on the subject (though ignore the build instructions which have since
@@ -86,395 +90,403 @@
#include <openssl/buffer.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_GMP
+# ifndef OPENSSL_NO_GMP
-#include <gmp.h>
+# include <gmp.h>
-#define E_GMP_LIB_NAME "gmp engine"
-#include "e_gmp_err.c"
+# define E_GMP_LIB_NAME "gmp engine"
+# include "e_gmp_err.c"
static int e_gmp_destroy(ENGINE *e);
static int e_gmp_init(ENGINE *e);
static int e_gmp_finish(ENGINE *e);
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* RSA stuff */
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
static int e_gmp_rsa_finish(RSA *r);
-#endif
+# endif
/* The definitions for control commands specific to this engine */
-/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
+/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
-#if 0
- {E_GMP_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'e_gmp' shared library",
- ENGINE_CMD_FLAG_STRING},
-#endif
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
+# if 0
+ {E_GMP_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'e_gmp' shared library",
+ ENGINE_CMD_FLAG_STRING},
+# endif
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD e_gmp_rsa =
- {
- "GMP RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- e_gmp_rsa_mod_exp,
- NULL,
- NULL,
- e_gmp_rsa_finish,
- /* These flags initialise montgomery crud that GMP ignores, however it
- * makes sure the public key ops (which are done in openssl) don't seem
- * *slower* than usual :-) */
- RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE,
- NULL,
- NULL,
- NULL
- };
-#endif
+static RSA_METHOD e_gmp_rsa = {
+ "GMP RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ e_gmp_rsa_mod_exp,
+ NULL,
+ NULL,
+ e_gmp_rsa_finish,
+ /*
+ * These flags initialise montgomery crud that GMP ignores, however it
+ * makes sure the public key ops (which are done in openssl) don't seem
+ * *slower* than usual :-)
+ */
+ RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
/* Constants used when creating the ENGINE */
static const char *engine_e_gmp_id = "gmp";
static const char *engine_e_gmp_name = "GMP engine support";
-/* This internal function is used by ENGINE_gmp() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_gmp() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
- if(!ENGINE_set_id(e, engine_e_gmp_id) ||
- !ENGINE_set_name(e, engine_e_gmp_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &e_gmp_rsa) ||
-#endif
- !ENGINE_set_destroy_function(e, e_gmp_destroy) ||
- !ENGINE_set_init_function(e, e_gmp_init) ||
- !ENGINE_set_finish_function(e, e_gmp_finish) ||
- !ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
- !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- meth1 = RSA_PKCS1_SSLeay();
- e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
- e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
-#endif
-
- /* Ensure the e_gmp error handling is set up */
- ERR_load_GMP_strings();
- return 1;
- }
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+ if (!ENGINE_set_id(e, engine_e_gmp_id) ||
+ !ENGINE_set_name(e, engine_e_gmp_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &e_gmp_rsa) ||
+# endif
+ !ENGINE_set_destroy_function(e, e_gmp_destroy) ||
+ !ENGINE_set_init_function(e, e_gmp_init) ||
+ !ENGINE_set_finish_function(e, e_gmp_finish) ||
+ !ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
+ !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ meth1 = RSA_PKCS1_SSLeay();
+ e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+ e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
+# endif
+
+ /* Ensure the e_gmp error handling is set up */
+ ERR_load_GMP_strings();
+ return 1;
+}
static ENGINE *engine_gmp(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_gmp(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_gmp();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-
-#ifndef OPENSSL_NO_RSA
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_gmp();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+
+# ifndef OPENSSL_NO_RSA
/* Used to attach our own key-data to an RSA structure */
static int hndidx_rsa = -1;
-#endif
+# endif
static int e_gmp_destroy(ENGINE *e)
- {
- ERR_unload_GMP_strings();
- return 1;
- }
+{
+ ERR_unload_GMP_strings();
+ return 1;
+}
/* (de)initialisation functions. */
static int e_gmp_init(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- if (hndidx_rsa == -1)
- hndidx_rsa = RSA_get_ex_new_index(0,
- "GMP-based RSA key handle",
- NULL, NULL, NULL);
-#endif
- if (hndidx_rsa == -1)
- return 0;
- return 1;
- }
+{
+# ifndef OPENSSL_NO_RSA
+ if (hndidx_rsa == -1)
+ hndidx_rsa = RSA_get_ex_new_index(0,
+ "GMP-based RSA key handle",
+ NULL, NULL, NULL);
+# endif
+ if (hndidx_rsa == -1)
+ return 0;
+ return 1;
+}
static int e_gmp_finish(ENGINE *e)
- {
- return 1;
- }
-
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int to_return = 1;
-
- switch(cmd)
- {
-#if 0
- case E_GMP_CMD_SO_PATH:
- /* ... */
-#endif
- /* The command isn't understood by this engine */
- default:
- GMPerr(GMP_F_E_GMP_CTRL,
- GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
- }
-
-
-/* Most often limb sizes will be the same. If not, we use hex conversion
- * which is neat, but extremely inefficient. */
+{
+ return 1;
+}
+
+static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int to_return = 1;
+
+ switch (cmd) {
+# if 0
+ case E_GMP_CMD_SO_PATH:
+ /* ... */
+# endif
+ /* The command isn't understood by this engine */
+ default:
+ GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ to_return = 0;
+ break;
+ }
+
+ return to_return;
+}
+
+/*
+ * Most often limb sizes will be the same. If not, we use hex conversion
+ * which is neat, but extremely inefficient.
+ */
static int bn2gmp(const BIGNUM *bn, mpz_t g)
- {
- bn_check_top(bn);
- if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
- (BN_BITS2 == GMP_NUMB_BITS))
- {
- /* The common case */
- if(!_mpz_realloc (g, bn->top))
- return 0;
- memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
- g->_mp_size = bn->top;
- if(bn->neg)
- g->_mp_size = -g->_mp_size;
- return 1;
- }
- else
- {
- int toret;
- char *tmpchar = BN_bn2hex(bn);
- if(!tmpchar) return 0;
- toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
- OPENSSL_free(tmpchar);
- return toret;
- }
- }
+{
+ bn_check_top(bn);
+ if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+ (BN_BITS2 == GMP_NUMB_BITS)) {
+ /* The common case */
+ if (!_mpz_realloc(g, bn->top))
+ return 0;
+ memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
+ g->_mp_size = bn->top;
+ if (bn->neg)
+ g->_mp_size = -g->_mp_size;
+ return 1;
+ } else {
+ int toret;
+ char *tmpchar = BN_bn2hex(bn);
+ if (!tmpchar)
+ return 0;
+ toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
+ OPENSSL_free(tmpchar);
+ return toret;
+ }
+}
static int gmp2bn(mpz_t g, BIGNUM *bn)
- {
- if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
- (BN_BITS2 == GMP_NUMB_BITS))
- {
- /* The common case */
- int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
- BN_zero(bn);
- if(bn_expand2 (bn, s) == NULL)
- return 0;
- bn->top = s;
- memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
- bn_correct_top(bn);
- bn->neg = g->_mp_size >= 0 ? 0 : 1;
- return 1;
- }
- else
- {
- int toret;
- char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
- if(!tmpchar) return 0;
- mpz_get_str(tmpchar, 16, g);
- toret = BN_hex2bn(&bn, tmpchar);
- OPENSSL_free(tmpchar);
- return toret;
- }
- }
-
-#ifndef OPENSSL_NO_RSA
-typedef struct st_e_gmp_rsa_ctx
- {
- int public_only;
- mpz_t n;
- mpz_t d;
- mpz_t e;
- mpz_t p;
- mpz_t q;
- mpz_t dmp1;
- mpz_t dmq1;
- mpz_t iqmp;
- mpz_t r0, r1, I0, m1;
- } E_GMP_RSA_CTX;
+{
+ if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+ (BN_BITS2 == GMP_NUMB_BITS)) {
+ /* The common case */
+ int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
+ BN_zero(bn);
+ if (bn_expand2(bn, s) == NULL)
+ return 0;
+ bn->top = s;
+ memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
+ bn_correct_top(bn);
+ bn->neg = g->_mp_size >= 0 ? 0 : 1;
+ return 1;
+ } else {
+ int toret;
+ char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
+ if (!tmpchar)
+ return 0;
+ mpz_get_str(tmpchar, 16, g);
+ toret = BN_hex2bn(&bn, tmpchar);
+ OPENSSL_free(tmpchar);
+ return toret;
+ }
+}
+
+# ifndef OPENSSL_NO_RSA
+typedef struct st_e_gmp_rsa_ctx {
+ int public_only;
+ mpz_t n;
+ mpz_t d;
+ mpz_t e;
+ mpz_t p;
+ mpz_t q;
+ mpz_t dmp1;
+ mpz_t dmq1;
+ mpz_t iqmp;
+ mpz_t r0, r1, I0, m1;
+} E_GMP_RSA_CTX;
static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
- {
- E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if(hptr) return hptr;
- hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
- if(!hptr) return NULL;
- /* These inits could probably be replaced by more intelligent
- * mpz_init2() versions, to reduce malloc-thrashing. */
- mpz_init(hptr->n);
- mpz_init(hptr->d);
- mpz_init(hptr->e);
- mpz_init(hptr->p);
- mpz_init(hptr->q);
- mpz_init(hptr->dmp1);
- mpz_init(hptr->dmq1);
- mpz_init(hptr->iqmp);
- mpz_init(hptr->r0);
- mpz_init(hptr->r1);
- mpz_init(hptr->I0);
- mpz_init(hptr->m1);
- if(!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
- goto err;
- if(!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- hptr->public_only = 1;
- return hptr;
- }
- if(!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
- !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
- !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
- goto err;
- hptr->public_only = 0;
- RSA_set_ex_data(rsa, hndidx_rsa, hptr);
- return hptr;
-err:
- mpz_clear(hptr->n);
- mpz_clear(hptr->d);
- mpz_clear(hptr->e);
- mpz_clear(hptr->p);
- mpz_clear(hptr->q);
- mpz_clear(hptr->dmp1);
- mpz_clear(hptr->dmq1);
- mpz_clear(hptr->iqmp);
- mpz_clear(hptr->r0);
- mpz_clear(hptr->r1);
- mpz_clear(hptr->I0);
- mpz_clear(hptr->m1);
- OPENSSL_free(hptr);
- return NULL;
- }
+{
+ E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (hptr)
+ return hptr;
+ hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
+ if (!hptr)
+ return NULL;
+ /*
+ * These inits could probably be replaced by more intelligent mpz_init2()
+ * versions, to reduce malloc-thrashing.
+ */
+ mpz_init(hptr->n);
+ mpz_init(hptr->d);
+ mpz_init(hptr->e);
+ mpz_init(hptr->p);
+ mpz_init(hptr->q);
+ mpz_init(hptr->dmp1);
+ mpz_init(hptr->dmq1);
+ mpz_init(hptr->iqmp);
+ mpz_init(hptr->r0);
+ mpz_init(hptr->r1);
+ mpz_init(hptr->I0);
+ mpz_init(hptr->m1);
+ if (!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
+ goto err;
+ if (!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1
+ || !rsa->iqmp) {
+ hptr->public_only = 1;
+ return hptr;
+ }
+ if (!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
+ !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
+ !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
+ goto err;
+ hptr->public_only = 0;
+ RSA_set_ex_data(rsa, hndidx_rsa, hptr);
+ return hptr;
+ err:
+ mpz_clear(hptr->n);
+ mpz_clear(hptr->d);
+ mpz_clear(hptr->e);
+ mpz_clear(hptr->p);
+ mpz_clear(hptr->q);
+ mpz_clear(hptr->dmp1);
+ mpz_clear(hptr->dmq1);
+ mpz_clear(hptr->iqmp);
+ mpz_clear(hptr->r0);
+ mpz_clear(hptr->r1);
+ mpz_clear(hptr->I0);
+ mpz_clear(hptr->m1);
+ OPENSSL_free(hptr);
+ return NULL;
+}
static int e_gmp_rsa_finish(RSA *rsa)
- {
- E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if(!hptr) return 0;
- mpz_clear(hptr->n);
- mpz_clear(hptr->d);
- mpz_clear(hptr->e);
- mpz_clear(hptr->p);
- mpz_clear(hptr->q);
- mpz_clear(hptr->dmp1);
- mpz_clear(hptr->dmq1);
- mpz_clear(hptr->iqmp);
- mpz_clear(hptr->r0);
- mpz_clear(hptr->r1);
- mpz_clear(hptr->I0);
- mpz_clear(hptr->m1);
- OPENSSL_free(hptr);
- RSA_set_ex_data(rsa, hndidx_rsa, NULL);
- return 1;
- }
-
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- E_GMP_RSA_CTX *hptr;
- int to_return = 0;
-
- hptr = e_gmp_get_rsa(rsa);
- if(!hptr)
- {
- GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,
- GMP_R_KEY_CONTEXT_ERROR);
- return 0;
- }
- if(hptr->public_only)
- {
- GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,
- GMP_R_MISSING_KEY_COMPONENTS);
- return 0;
- }
-
- /* ugh!!! */
- if(!bn2gmp(I, hptr->I0))
- return 0;
-
- /* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
- * GMP-speak. It may be that GMP's API facilitates cleaner formulations
- * of this stuff, eg. better handling of negatives, or functions that
- * combine operations. */
-
- mpz_mod(hptr->r1, hptr->I0, hptr->q);
- mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
-
- mpz_mod(hptr->r1, hptr->I0, hptr->p);
- mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
-
- mpz_sub(hptr->r0, hptr->r0, hptr->m1);
-
- if(mpz_sgn(hptr->r0) < 0)
- mpz_add(hptr->r0, hptr->r0, hptr->p);
- mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
- mpz_mod(hptr->r0, hptr->r1, hptr->p);
-
- if(mpz_sgn(hptr->r0) < 0)
- mpz_add(hptr->r0, hptr->r0, hptr->p);
- mpz_mul(hptr->r1, hptr->r0, hptr->q);
- mpz_add(hptr->r0, hptr->r1, hptr->m1);
-
- /* ugh!!! */
- if(gmp2bn(hptr->r0, r))
- to_return = 1;
-
- return 1;
- }
-#endif
-
-#endif /* !OPENSSL_NO_GMP */
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+{
+ E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (!hptr)
+ return 0;
+ mpz_clear(hptr->n);
+ mpz_clear(hptr->d);
+ mpz_clear(hptr->e);
+ mpz_clear(hptr->p);
+ mpz_clear(hptr->q);
+ mpz_clear(hptr->dmp1);
+ mpz_clear(hptr->dmq1);
+ mpz_clear(hptr->iqmp);
+ mpz_clear(hptr->r0);
+ mpz_clear(hptr->r1);
+ mpz_clear(hptr->I0);
+ mpz_clear(hptr->m1);
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+ return 1;
+}
+
+static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ E_GMP_RSA_CTX *hptr;
+ int to_return = 0;
+
+ hptr = e_gmp_get_rsa(rsa);
+ if (!hptr) {
+ GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_KEY_CONTEXT_ERROR);
+ return 0;
+ }
+ if (hptr->public_only) {
+ GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_MISSING_KEY_COMPONENTS);
+ return 0;
+ }
+
+ /* ugh!!! */
+ if (!bn2gmp(I, hptr->I0))
+ return 0;
+
+ /*
+ * This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
+ * GMP-speak. It may be that GMP's API facilitates cleaner formulations
+ * of this stuff, eg. better handling of negatives, or functions that
+ * combine operations.
+ */
+
+ mpz_mod(hptr->r1, hptr->I0, hptr->q);
+ mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
+
+ mpz_mod(hptr->r1, hptr->I0, hptr->p);
+ mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
+
+ mpz_sub(hptr->r0, hptr->r0, hptr->m1);
+
+ if (mpz_sgn(hptr->r0) < 0)
+ mpz_add(hptr->r0, hptr->r0, hptr->p);
+ mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
+ mpz_mod(hptr->r0, hptr->r1, hptr->p);
+
+ if (mpz_sgn(hptr->r0) < 0)
+ mpz_add(hptr->r0, hptr->r0, hptr->p);
+ mpz_mul(hptr->r1, hptr->r0, hptr->q);
+ mpz_add(hptr->r0, hptr->r1, hptr->m1);
+
+ /* ugh!!! */
+ if (gmp2bn(hptr->r0, r))
+ to_return = 1;
+
+ return 1;
+}
+# endif
+
+# endif /* !OPENSSL_NO_GMP */
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
IMPLEMENT_DYNAMIC_CHECK_FN()
-#ifndef OPENSSL_NO_GMP
+# ifndef OPENSSL_NO_GMP
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_e_gmp_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
+{
+ if (id && (strcmp(id, engine_e_gmp_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#else
+# else
OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
-#endif
-#endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW */
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+ return 0;
+}
+# endif
+# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_gmp_err.c b/openssl/engines/e_gmp_err.c
index 61db95679..002a3abe1 100644
--- a/openssl/engines/e_gmp_err.c
+++ b/openssl/engines/e_gmp_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,77 +66,72 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
-static ERR_STRING_DATA GMP_str_functs[]=
- {
-{ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
-{ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
-{0,NULL}
- };
+static ERR_STRING_DATA GMP_str_functs[] = {
+ {ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
+ {ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
+ {0, NULL}
+};
-static ERR_STRING_DATA GMP_str_reasons[]=
- {
-{ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(GMP_R_KEY_CONTEXT_ERROR) ,"key context error"},
-{ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{0,NULL}
- };
+static ERR_STRING_DATA GMP_str_reasons[] = {
+ {ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(GMP_R_KEY_CONTEXT_ERROR), "key context error"},
+ {ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {0, NULL}
+};
#endif
#ifdef GMP_LIB_NAME
-static ERR_STRING_DATA GMP_lib_name[]=
- {
-{0 ,GMP_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA GMP_lib_name[] = {
+ {0, GMP_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int GMP_lib_error_code=0;
-static int GMP_error_init=1;
+static int GMP_lib_error_code = 0;
+static int GMP_error_init = 1;
static void ERR_load_GMP_strings(void)
- {
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code=ERR_get_next_error_library();
+{
+ if (GMP_lib_error_code == 0)
+ GMP_lib_error_code = ERR_get_next_error_library();
- if (GMP_error_init)
- {
- GMP_error_init=0;
+ if (GMP_error_init) {
+ GMP_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(GMP_lib_error_code,GMP_str_functs);
- ERR_load_strings(GMP_lib_error_code,GMP_str_reasons);
+ ERR_load_strings(GMP_lib_error_code, GMP_str_functs);
+ ERR_load_strings(GMP_lib_error_code, GMP_str_reasons);
#endif
#ifdef GMP_LIB_NAME
- GMP_lib_name->error = ERR_PACK(GMP_lib_error_code,0,0);
- ERR_load_strings(0,GMP_lib_name);
+ GMP_lib_name->error = ERR_PACK(GMP_lib_error_code, 0, 0);
+ ERR_load_strings(0, GMP_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_GMP_strings(void)
- {
- if (GMP_error_init == 0)
- {
+{
+ if (GMP_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(GMP_lib_error_code,GMP_str_functs);
- ERR_unload_strings(GMP_lib_error_code,GMP_str_reasons);
+ ERR_unload_strings(GMP_lib_error_code, GMP_str_functs);
+ ERR_unload_strings(GMP_lib_error_code, GMP_str_reasons);
#endif
#ifdef GMP_LIB_NAME
- ERR_unload_strings(0,GMP_lib_name);
+ ERR_unload_strings(0, GMP_lib_name);
#endif
- GMP_error_init=1;
- }
- }
+ GMP_error_init = 1;
+ }
+}
static void ERR_GMP_error(int function, int reason, char *file, int line)
- {
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(GMP_lib_error_code,function,reason,file,line);
- }
+{
+ if (GMP_lib_error_code == 0)
+ GMP_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(GMP_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_gmp_err.h b/openssl/engines/e_gmp_err.h
index dd05dfd80..637abbc9a 100644
--- a/openssl/engines/e_gmp_err.h
+++ b/openssl/engines/e_gmp_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,31 +53,32 @@
*/
#ifndef HEADER_GMP_ERR_H
-#define HEADER_GMP_ERR_H
+# define HEADER_GMP_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_GMP_strings(void);
static void ERR_unload_GMP_strings(void);
static void ERR_GMP_error(int function, int reason, char *file, int line);
-#define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
+# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
/* Error codes for the GMP functions. */
/* Function codes. */
-#define GMP_F_E_GMP_CTRL 100
-#define GMP_F_E_GMP_RSA_MOD_EXP 101
+# define GMP_F_E_GMP_CTRL 100
+# define GMP_F_E_GMP_RSA_MOD_EXP 101
/* Reason codes. */
-#define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100
-#define GMP_R_KEY_CONTEXT_ERROR 101
-#define GMP_R_MISSING_KEY_COMPONENTS 102
+# define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100
+# define GMP_R_KEY_CONTEXT_ERROR 101
+# define GMP_R_MISSING_KEY_COMPONENTS 102
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_nuron.c b/openssl/engines/e_nuron.c
index 4c2537cbc..3437f3604 100644
--- a/openssl/engines/e_nuron.c
+++ b/openssl/engines/e_nuron.c
@@ -1,5 +1,6 @@
/* crypto/engine/hw_nuron.c */
-/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
+/*
+ * Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
* Thorpe's Atalla implementation.
*/
/* ====================================================================
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -63,372 +64,373 @@
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_NURON
+# ifndef OPENSSL_NO_HW_NURON
-#define NURON_LIB_NAME "nuron engine"
-#include "e_nuron_err.c"
+# define NURON_LIB_NAME "nuron engine"
+# include "e_nuron_err.c"
static const char *NURON_LIBNAME = NULL;
static const char *get_NURON_LIBNAME(void)
- {
- if(NURON_LIBNAME)
- return NURON_LIBNAME;
- return "nuronssl";
- }
+{
+ if (NURON_LIBNAME)
+ return NURON_LIBNAME;
+ return "nuronssl";
+}
+
static void free_NURON_LIBNAME(void)
- {
- if(NURON_LIBNAME)
- OPENSSL_free((void*)NURON_LIBNAME);
- NURON_LIBNAME = NULL;
- }
+{
+ if (NURON_LIBNAME)
+ OPENSSL_free((void *)NURON_LIBNAME);
+ NURON_LIBNAME = NULL;
+}
+
static long set_NURON_LIBNAME(const char *name)
- {
- free_NURON_LIBNAME();
- return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
+{
+ free_NURON_LIBNAME();
+ return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
static const char *NURON_F1 = "nuron_mod_exp";
/* The definitions for control commands specific to this engine */
-#define NURON_CMD_SO_PATH ENGINE_CMD_BASE
+# define NURON_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
- {NURON_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'nuronssl' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
+ {NURON_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'nuronssl' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+typedef int tfnModExp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m);
static tfnModExp *pfnModExp = NULL;
static DSO *pvDSOHandle = NULL;
static int nuron_destroy(ENGINE *e)
- {
- free_NURON_LIBNAME();
- ERR_unload_NURON_strings();
- return 1;
- }
+{
+ free_NURON_LIBNAME();
+ ERR_unload_NURON_strings();
+ return 1;
+}
static int nuron_init(ENGINE *e)
- {
- if(pvDSOHandle != NULL)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
- return 0;
- }
-
- pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
- DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
- if(!pvDSOHandle)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
- return 0;
- }
-
- pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
- if(!pfnModExp)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
- return 0;
- }
-
- return 1;
- }
+{
+ if (pvDSOHandle != NULL) {
+ NURONerr(NURON_F_NURON_INIT, NURON_R_ALREADY_LOADED);
+ return 0;
+ }
+
+ pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
+ DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
+ if (!pvDSOHandle) {
+ NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_NOT_FOUND);
+ return 0;
+ }
+
+ pfnModExp = (tfnModExp *) DSO_bind_func(pvDSOHandle, NURON_F1);
+ if (!pfnModExp) {
+ NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_FUNCTION_NOT_FOUND);
+ return 0;
+ }
+
+ return 1;
+}
static int nuron_finish(ENGINE *e)
- {
- free_NURON_LIBNAME();
- if(pvDSOHandle == NULL)
- {
- NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(pvDSOHandle))
- {
- NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
- return 0;
- }
- pvDSOHandle=NULL;
- pfnModExp=NULL;
- return 1;
- }
-
-static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
- switch(cmd)
- {
- case NURON_CMD_SO_PATH:
- if(p == NULL)
- {
- NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
- return 0;
- }
- return set_NURON_LIBNAME((const char *)p);
- default:
- break;
- }
- NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
+{
+ free_NURON_LIBNAME();
+ if (pvDSOHandle == NULL) {
+ NURONerr(NURON_F_NURON_FINISH, NURON_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(pvDSOHandle)) {
+ NURONerr(NURON_F_NURON_FINISH, NURON_R_DSO_FAILURE);
+ return 0;
+ }
+ pvDSOHandle = NULL;
+ pfnModExp = NULL;
+ return 1;
}
-static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx)
- {
- if(!pvDSOHandle)
- {
- NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
- return 0;
- }
- return pfnModExp(r,a,p,m);
- }
+static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
+ switch (cmd) {
+ case NURON_CMD_SO_PATH:
+ if (p == NULL) {
+ NURONerr(NURON_F_NURON_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ NURONerr(NURON_F_NURON_CTRL, NURON_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_NURON_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ NURONerr(NURON_F_NURON_CTRL, NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
-#ifndef OPENSSL_NO_RSA
-static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- return nuron_mod_exp(r0,I,rsa->d,rsa->n,ctx);
- }
-#endif
+static int nuron_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!pvDSOHandle) {
+ NURONerr(NURON_F_NURON_MOD_EXP, NURON_R_NOT_LOADED);
+ return 0;
+ }
+ return pfnModExp(r, a, p, m);
+}
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Atalla system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine atalla dsa1024 rsa1024". */
+# ifndef OPENSSL_NO_RSA
+static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ return nuron_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/*
+ * This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
+ * doesn't have a CRT form for RSA), this function means that an Atalla
+ * system running with a DSA server certificate can handshake around 5 or 6
+ * times faster/more than an equivalent system running with RSA. Just check
+ * out the "signs" statistics from the RSA and DSA parts of "openssl speed
+ * -engine atalla dsa1024 rsa1024".
+ */
static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!nuron_mod_exp(rr,a1,p1,m,ctx))
- goto end;
- /* let t = a2 ^ p2 mod m */
- if (!nuron_mod_exp(&t,a2,p2,m,ctx))
- goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx))
- goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
-
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!nuron_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!nuron_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return nuron_mod_exp(r, a, p, m, ctx);
+}
+# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return nuron_mod_exp(r, a, p, m, ctx);
+}
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD nuron_rsa =
- {
- "Nuron RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- nuron_rsa_mod_exp,
- nuron_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static DSA_METHOD nuron_dsa =
- {
- "Nuron DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- nuron_dsa_mod_exp, /* dsa_mod_exp */
- nuron_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-static DH_METHOD nuron_dh =
- {
- "Nuron DH method",
- NULL,
- NULL,
- nuron_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return nuron_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+static RSA_METHOD nuron_rsa = {
+ "Nuron RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ nuron_rsa_mod_exp,
+ nuron_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+static DSA_METHOD nuron_dsa = {
+ "Nuron DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ nuron_dsa_mod_exp, /* dsa_mod_exp */
+ nuron_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+static DH_METHOD nuron_dh = {
+ "Nuron DH method",
+ NULL,
+ NULL,
+ nuron_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
/* Constants used when creating the ENGINE */
static const char *engine_nuron_id = "nuron";
static const char *engine_nuron_name = "Nuron hardware engine support";
-/* This internal function is used by ENGINE_nuron() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_nuron() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_nuron_id) ||
- !ENGINE_set_name(e, engine_nuron_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &nuron_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &nuron_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &nuron_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, nuron_destroy) ||
- !ENGINE_set_init_function(e, nuron_init) ||
- !ENGINE_set_finish_function(e, nuron_finish) ||
- !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
- !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the nuron-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1=RSA_PKCS1_SSLeay();
- nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
- nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
- nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
- nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2=DSA_OpenSSL();
- nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
- nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
- nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3=DH_OpenSSL();
- nuron_dh.generate_key=meth3->generate_key;
- nuron_dh.compute_key=meth3->compute_key;
-#endif
-
- /* Ensure the nuron error handling is set up */
- ERR_load_NURON_strings();
- return 1;
- }
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+ if (!ENGINE_set_id(e, engine_nuron_id) ||
+ !ENGINE_set_name(e, engine_nuron_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &nuron_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &nuron_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &nuron_dh) ||
+# endif
+ !ENGINE_set_destroy_function(e, nuron_destroy) ||
+ !ENGINE_set_init_function(e, nuron_init) ||
+ !ENGINE_set_finish_function(e, nuron_finish) ||
+ !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
+ !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ nuron_dh.generate_key = meth3->generate_key;
+ nuron_dh.compute_key = meth3->compute_key;
+# endif
+
+ /* Ensure the nuron error handling is set up */
+ ERR_load_NURON_strings();
+ return 1;
+}
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_nuron(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_nuron(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_nuron();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_nuron();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_nuron_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+{
+ if (id && (strcmp(id, engine_nuron_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
-#endif /* !OPENSSL_NO_HW_NURON */
-#endif /* !OPENSSL_NO_HW */
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_NURON */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_nuron_err.c b/openssl/engines/e_nuron_err.c
index 9a7864f42..a02c4f045 100644
--- a/openssl/engines/e_nuron_err.c
+++ b/openssl/engines/e_nuron_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,82 +66,77 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA NURON_str_functs[]=
- {
-{ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
-{ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
-{ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
-{ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA NURON_str_reasons[]=
- {
-{ERR_REASON(NURON_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(NURON_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND),"dso function not found"},
-{ERR_REASON(NURON_R_DSO_NOT_FOUND) ,"dso not found"},
-{ERR_REASON(NURON_R_NOT_LOADED) ,"not loaded"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA NURON_str_functs[] = {
+ {ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
+ {ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
+ {ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
+ {ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA NURON_str_reasons[] = {
+ {ERR_REASON(NURON_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(NURON_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND), "dso function not found"},
+ {ERR_REASON(NURON_R_DSO_NOT_FOUND), "dso not found"},
+ {ERR_REASON(NURON_R_NOT_LOADED), "not loaded"},
+ {0, NULL}
+};
#endif
#ifdef NURON_LIB_NAME
-static ERR_STRING_DATA NURON_lib_name[]=
- {
-{0 ,NURON_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA NURON_lib_name[] = {
+ {0, NURON_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int NURON_lib_error_code=0;
-static int NURON_error_init=1;
+static int NURON_lib_error_code = 0;
+static int NURON_error_init = 1;
static void ERR_load_NURON_strings(void)
- {
- if (NURON_lib_error_code == 0)
- NURON_lib_error_code=ERR_get_next_error_library();
+{
+ if (NURON_lib_error_code == 0)
+ NURON_lib_error_code = ERR_get_next_error_library();
- if (NURON_error_init)
- {
- NURON_error_init=0;
+ if (NURON_error_init) {
+ NURON_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
- ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
+ ERR_load_strings(NURON_lib_error_code, NURON_str_functs);
+ ERR_load_strings(NURON_lib_error_code, NURON_str_reasons);
#endif
#ifdef NURON_LIB_NAME
- NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
- ERR_load_strings(0,NURON_lib_name);
+ NURON_lib_name->error = ERR_PACK(NURON_lib_error_code, 0, 0);
+ ERR_load_strings(0, NURON_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_NURON_strings(void)
- {
- if (NURON_error_init == 0)
- {
+{
+ if (NURON_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
- ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
+ ERR_unload_strings(NURON_lib_error_code, NURON_str_functs);
+ ERR_unload_strings(NURON_lib_error_code, NURON_str_reasons);
#endif
#ifdef NURON_LIB_NAME
- ERR_unload_strings(0,NURON_lib_name);
+ ERR_unload_strings(0, NURON_lib_name);
#endif
- NURON_error_init=1;
- }
- }
+ NURON_error_init = 1;
+ }
+}
static void ERR_NURON_error(int function, int reason, char *file, int line)
- {
- if (NURON_lib_error_code == 0)
- NURON_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
- }
+{
+ if (NURON_lib_error_code == 0)
+ NURON_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(NURON_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_nuron_err.h b/openssl/engines/e_nuron_err.h
index 219babbb4..aa7849c6a 100644
--- a/openssl/engines/e_nuron_err.h
+++ b/openssl/engines/e_nuron_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,36 +53,37 @@
*/
#ifndef HEADER_NURON_ERR_H
-#define HEADER_NURON_ERR_H
+# define HEADER_NURON_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_NURON_strings(void);
static void ERR_unload_NURON_strings(void);
static void ERR_NURON_error(int function, int reason, char *file, int line);
-#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
+# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
/* Error codes for the NURON functions. */
/* Function codes. */
-#define NURON_F_NURON_CTRL 100
-#define NURON_F_NURON_FINISH 101
-#define NURON_F_NURON_INIT 102
-#define NURON_F_NURON_MOD_EXP 103
+# define NURON_F_NURON_CTRL 100
+# define NURON_F_NURON_FINISH 101
+# define NURON_F_NURON_INIT 102
+# define NURON_F_NURON_MOD_EXP 103
/* Reason codes. */
-#define NURON_R_ALREADY_LOADED 100
-#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
-#define NURON_R_DSO_FAILURE 102
-#define NURON_R_DSO_FUNCTION_NOT_FOUND 103
-#define NURON_R_DSO_NOT_FOUND 104
-#define NURON_R_NOT_LOADED 105
+# define NURON_R_ALREADY_LOADED 100
+# define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
+# define NURON_R_DSO_FAILURE 102
+# define NURON_R_DSO_FUNCTION_NOT_FOUND 103
+# define NURON_R_DSO_NOT_FOUND 104
+# define NURON_R_NOT_LOADED 105
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_padlock.c b/openssl/engines/e_padlock.c
index 5d252f62a..2898e4c71 100644
--- a/openssl/engines/e_padlock.c
+++ b/openssl/engines/e_padlock.c
@@ -1,10 +1,10 @@
-/*
+/*-
* Support for VIA PadLock Advanced Cryptography Engine (ACE)
* Written by Michal Ludvig <michal@logix.cz>
* http://www.logix.cz/michal
*
- * Big thanks to Andy Polyakov for a help with optimization,
- * assembler fixes, port to MS Windows and a lot of other
+ * Big thanks to Andy Polyakov for a help with optimization,
+ * assembler fixes, port to MS Windows and a lot of other
* valuable work on this engine!
*/
@@ -62,7 +62,6 @@
*
*/
-
#include <stdio.h>
#include <string.h>
@@ -72,74 +71,78 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_AES
-#include <openssl/aes.h>
+# include <openssl/aes.h>
#endif
#include <openssl/rand.h>
#include <openssl/err.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_PADLOCK
+# ifndef OPENSSL_NO_HW_PADLOCK
/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
# define DYNAMIC_ENGINE
-# endif
-#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-# ifdef ENGINE_DYNAMIC_SUPPORT
+# endif
+# elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+# ifdef ENGINE_DYNAMIC_SUPPORT
# define DYNAMIC_ENGINE
+# endif
+# else
+# error "Only OpenSSL >= 0.9.7 is supported"
# endif
-#else
-# error "Only OpenSSL >= 0.9.7 is supported"
-#endif
-/* VIA PadLock AES is available *ONLY* on some x86 CPUs.
- Not only that it doesn't exist elsewhere, but it
- even can't be compiled on other platforms!
-
- In addition, because of the heavy use of inline assembler,
- compiler choice is limited to GCC and Microsoft C. */
-#undef COMPILE_HW_PADLOCK
-#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
+/*
+ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
+ * doesn't exist elsewhere, but it even can't be compiled on other platforms!
+ *
+ * In addition, because of the heavy use of inline assembler, compiler choice
+ * is limited to GCC and Microsoft C.
+ */
+# undef COMPILE_HW_PADLOCK
+# if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
+# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
(defined(_MSC_VER) && defined(_M_IX86))
-# define COMPILE_HW_PADLOCK
-# endif
-#endif
+# define COMPILE_HW_PADLOCK
+# endif
+# endif
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-#ifdef COMPILE_HW_PADLOCK
-static ENGINE *ENGINE_padlock (void);
-#endif
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef COMPILE_HW_PADLOCK
+static ENGINE *ENGINE_padlock(void);
+# endif
-void ENGINE_load_padlock (void)
+void ENGINE_load_padlock(void)
{
/* On non-x86 CPUs it just returns. */
-#ifdef COMPILE_HW_PADLOCK
- ENGINE *toadd = ENGINE_padlock ();
- if (!toadd) return;
- ENGINE_add (toadd);
- ENGINE_free (toadd);
- ERR_clear_error ();
-#endif
+# ifdef COMPILE_HW_PADLOCK
+ ENGINE *toadd = ENGINE_padlock();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+# endif
}
-#endif
+# endif
-#ifdef COMPILE_HW_PADLOCK
-/* We do these includes here to avoid header problems on platforms that
- do not have the VIA padlock anyway... */
-#include <stdlib.h>
-#ifdef _WIN32
-# include <malloc.h>
-# ifndef alloca
-# define alloca _alloca
-# endif
-#elif defined(__GNUC__)
-# ifndef alloca
-# define alloca(s) __builtin_alloca(s)
-# endif
-#endif
+# ifdef COMPILE_HW_PADLOCK
+/*
+ * We do these includes here to avoid header problems on platforms that do
+ * not have the VIA padlock anyway...
+ */
+# include <stdlib.h>
+# ifdef _WIN32
+# include <malloc.h>
+# ifndef alloca
+# define alloca _alloca
+# endif
+# elif defined(__GNUC__)
+# ifndef alloca
+# define alloca(s) __builtin_alloca(s)
+# endif
+# endif
/* Function for ENGINE detection and control */
static int padlock_available(void);
@@ -149,139 +152,135 @@ static int padlock_init(ENGINE *e);
static RAND_METHOD padlock_rand;
/* Cipher Stuff */
-#ifndef OPENSSL_NO_AES
-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
-#endif
+# ifndef OPENSSL_NO_AES
+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid);
+# endif
/* Engine names */
static const char *padlock_id = "padlock";
static char padlock_name[100];
/* Available features */
-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
-static int padlock_use_rng = 0; /* Random Number Generator */
-#ifndef OPENSSL_NO_AES
+static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+static int padlock_use_rng = 0; /* Random Number Generator */
+# ifndef OPENSSL_NO_AES
static int padlock_aes_align_required = 1;
-#endif
+# endif
/* ===== Engine "management" functions ===== */
/* Prepare the ENGINE structure for registration */
-static int
-padlock_bind_helper(ENGINE *e)
+static int padlock_bind_helper(ENGINE *e)
{
- /* Check available features */
- padlock_available();
-
-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */
- padlock_use_rng=0;
-#endif
-
- /* Generate a nice engine name with available features */
- BIO_snprintf(padlock_name, sizeof(padlock_name),
- "VIA PadLock (%s, %s)",
- padlock_use_rng ? "RNG" : "no-RNG",
- padlock_use_ace ? "ACE" : "no-ACE");
-
- /* Register everything or return with an error */
- if (!ENGINE_set_id(e, padlock_id) ||
- !ENGINE_set_name(e, padlock_name) ||
-
- !ENGINE_set_init_function(e, padlock_init) ||
-#ifndef OPENSSL_NO_AES
- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
-#endif
- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
- return 0;
- }
-
- /* Everything looks good */
- return 1;
+ /* Check available features */
+ padlock_available();
+
+# if 1 /* disable RNG for now, see commentary in
+ * vicinity of RNG code */
+ padlock_use_rng = 0;
+# endif
+
+ /* Generate a nice engine name with available features */
+ BIO_snprintf(padlock_name, sizeof(padlock_name),
+ "VIA PadLock (%s, %s)",
+ padlock_use_rng ? "RNG" : "no-RNG",
+ padlock_use_ace ? "ACE" : "no-ACE");
+
+ /* Register everything or return with an error */
+ if (!ENGINE_set_id(e, padlock_id) ||
+ !ENGINE_set_name(e, padlock_name) ||
+ !ENGINE_set_init_function(e, padlock_init) ||
+# ifndef OPENSSL_NO_AES
+ (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
+# endif
+ (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
+ return 0;
+ }
+
+ /* Everything looks good */
+ return 1;
}
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
/* Constructor */
-static ENGINE *
-ENGINE_padlock(void)
+static ENGINE *ENGINE_padlock(void)
{
- ENGINE *eng = ENGINE_new();
+ ENGINE *eng = ENGINE_new();
- if (!eng) {
- return NULL;
- }
+ if (!eng) {
+ return NULL;
+ }
- if (!padlock_bind_helper(eng)) {
- ENGINE_free(eng);
- return NULL;
- }
+ if (!padlock_bind_helper(eng)) {
+ ENGINE_free(eng);
+ return NULL;
+ }
- return eng;
+ return eng;
}
-#endif
+# endif
/* Check availability of the engine */
-static int
-padlock_init(ENGINE *e)
+static int padlock_init(ENGINE *e)
{
- return (padlock_use_rng || padlock_use_ace);
+ return (padlock_use_rng || padlock_use_ace);
}
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library.
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
*/
-#ifdef DYNAMIC_ENGINE
-static int
-padlock_bind_fn(ENGINE *e, const char *id)
+# ifdef DYNAMIC_ENGINE
+static int padlock_bind_fn(ENGINE *e, const char *id)
{
- if (id && (strcmp(id, padlock_id) != 0)) {
- return 0;
- }
+ if (id && (strcmp(id, padlock_id) != 0)) {
+ return 0;
+ }
- if (!padlock_bind_helper(e)) {
- return 0;
- }
+ if (!padlock_bind_helper(e)) {
+ return 0;
+ }
- return 1;
+ return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
-#endif /* DYNAMIC_ENGINE */
-
+ IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+# endif /* DYNAMIC_ENGINE */
/* ===== Here comes the "real" engine ===== */
-
-#ifndef OPENSSL_NO_AES
+# ifndef OPENSSL_NO_AES
/* Some AES-related constants */
-#define AES_BLOCK_SIZE 16
-#define AES_KEY_SIZE_128 16
-#define AES_KEY_SIZE_192 24
-#define AES_KEY_SIZE_256 32
-
-/* Here we store the status information relevant to the
- current context. */
-/* BIG FAT WARNING:
- * Inline assembler in PADLOCK_XCRYPT_ASM()
- * depends on the order of items in this structure.
- * Don't blindly modify, reorder, etc!
- */
-struct padlock_cipher_data
-{
- unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
- union { unsigned int pad[4];
- struct {
- int rounds:4;
- int dgst:1; /* n/a in C3 */
- int align:1; /* n/a in C3 */
- int ciphr:1; /* n/a in C3 */
- unsigned int keygen:1;
- int interm:1;
- unsigned int encdec:1;
- int ksize:2;
- } b;
- } cword; /* Control word */
- AES_KEY ks; /* Encryption key */
+# define AES_BLOCK_SIZE 16
+# define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
+ /*
+ * Here we store the status information relevant to the current context.
+ */
+ /*
+ * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
+ * the order of items in this structure. Don't blindly modify, reorder,
+ * etc!
+ */
+struct padlock_cipher_data {
+ unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
+ union {
+ unsigned int pad[4];
+ struct {
+ int rounds:4;
+ int dgst:1; /* n/a in C3 */
+ int align:1; /* n/a in C3 */
+ int ciphr:1; /* n/a in C3 */
+ unsigned int keygen:1;
+ int interm:1;
+ unsigned int encdec:1;
+ int ksize:2;
+ } b;
+ } cword; /* Control word */
+ AES_KEY ks; /* Encryption key */
};
/*
@@ -291,9 +290,9 @@ struct padlock_cipher_data
* so we accept the penatly...
*/
static volatile struct padlock_cipher_data *padlock_saved_context;
-#endif
+# endif
-/*
+/*-
* =======================================================
* Inline assembler section(s).
* =======================================================
@@ -303,7 +302,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
* argument is passed in %ecx and second - in %edx.
* =======================================================
*/
-#if defined(__GNUC__) && __GNUC__>=2
+# if defined(__GNUC__) && __GNUC__>=2
/*
* As for excessive "push %ebx"/"pop %ebx" found all over.
* When generating position-independent code GCC won't let
@@ -311,105 +310,101 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
* in "clobber description." Therefore the trouble...
*/
-/* Helper function - check if a CPUID instruction
- is available on this CPU */
-static int
-padlock_insn_cpuid_available(void)
+/*
+ * Helper function - check if a CPUID instruction is available on this CPU
+ */
+static int padlock_insn_cpuid_available(void)
{
- int result = -1;
-
- /* We're checking if the bit #21 of EFLAGS
- can be toggled. If yes = CPUID is available. */
- asm volatile (
- "pushf\n"
- "popl %%eax\n"
- "xorl $0x200000, %%eax\n"
- "movl %%eax, %%ecx\n"
- "andl $0x200000, %%ecx\n"
- "pushl %%eax\n"
- "popf\n"
- "pushf\n"
- "popl %%eax\n"
- "andl $0x200000, %%eax\n"
- "xorl %%eax, %%ecx\n"
- "movl %%ecx, %0\n"
- : "=r" (result) : : "eax", "ecx");
-
- return (result == 0);
+ int result = -1;
+
+ /*
+ * We're checking if the bit #21 of EFLAGS can be toggled. If yes =
+ * CPUID is available.
+ */
+ asm volatile ("pushf\n"
+ "popl %%eax\n"
+ "xorl $0x200000, %%eax\n"
+ "movl %%eax, %%ecx\n"
+ "andl $0x200000, %%ecx\n"
+ "pushl %%eax\n"
+ "popf\n"
+ "pushf\n"
+ "popl %%eax\n"
+ "andl $0x200000, %%eax\n"
+ "xorl %%eax, %%ecx\n"
+ "movl %%ecx, %0\n":"=r" (result)::"eax", "ecx");
+
+ return (result == 0);
}
-/* Load supported features of the CPU to see if
- the PadLock is available. */
-static int
-padlock_available(void)
+/*
+ * Load supported features of the CPU to see if the PadLock is available.
+ */
+static int padlock_available(void)
{
- char vendor_string[16];
- unsigned int eax, edx;
-
- /* First check if the CPUID instruction is available at all... */
- if (! padlock_insn_cpuid_available())
- return 0;
-
- /* Are we running on the Centaur (VIA) CPU? */
- eax = 0x00000000;
- vendor_string[12] = 0;
- asm volatile (
- "pushl %%ebx\n"
- "cpuid\n"
- "movl %%ebx,(%%edi)\n"
- "movl %%edx,4(%%edi)\n"
- "movl %%ecx,8(%%edi)\n"
- "popl %%ebx"
- : "+a"(eax) : "D"(vendor_string) : "ecx", "edx");
- if (strcmp(vendor_string, "CentaurHauls") != 0)
- return 0;
-
- /* Check for Centaur Extended Feature Flags presence */
- eax = 0xC0000000;
- asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
- : "+a"(eax) : : "ecx", "edx");
- if (eax < 0xC0000001)
- return 0;
-
- /* Read the Centaur Extended Feature Flags */
- eax = 0xC0000001;
- asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
- : "+a"(eax), "=d"(edx) : : "ecx");
-
- /* Fill up some flags */
- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
-
- return padlock_use_ace + padlock_use_rng;
+ char vendor_string[16];
+ unsigned int eax, edx;
+
+ /* First check if the CPUID instruction is available at all... */
+ if (!padlock_insn_cpuid_available())
+ return 0;
+
+ /* Are we running on the Centaur (VIA) CPU? */
+ eax = 0x00000000;
+ vendor_string[12] = 0;
+ asm volatile ("pushl %%ebx\n"
+ "cpuid\n"
+ "movl %%ebx,(%%edi)\n"
+ "movl %%edx,4(%%edi)\n"
+ "movl %%ecx,8(%%edi)\n"
+ "popl %%ebx":"+a" (eax):"D"(vendor_string):"ecx", "edx");
+ if (strcmp(vendor_string, "CentaurHauls") != 0)
+ return 0;
+
+ /* Check for Centaur Extended Feature Flags presence */
+ eax = 0xC0000000;
+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax)::"ecx", "edx");
+ if (eax < 0xC0000001)
+ return 0;
+
+ /* Read the Centaur Extended Feature Flags */
+ eax = 0xC0000001;
+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax),
+ "=d"(edx)::"ecx");
+
+ /* Fill up some flags */
+ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
+ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
+
+ return padlock_use_ace + padlock_use_rng;
}
-#ifndef OPENSSL_NO_AES
-#ifndef AES_ASM
+# ifndef OPENSSL_NO_AES
+# ifndef AES_ASM
/* Our own htonl()/ntohl() */
-static inline void
-padlock_bswapl(AES_KEY *ks)
+static inline void padlock_bswapl(AES_KEY *ks)
{
- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
- unsigned int *key = ks->rd_key;
+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
+ unsigned int *key = ks->rd_key;
- while (i--) {
- asm volatile ("bswapl %0" : "+r"(*key));
- key++;
- }
+ while (i--) {
+ asm volatile ("bswapl %0":"+r" (*key));
+ key++;
+ }
}
-#endif
-#endif
+# endif
+# endif
-/* Force key reload from memory to the CPU microcode.
- Loading EFLAGS from the stack clears EFLAGS[30]
- which does the trick. */
-static inline void
-padlock_reload_key(void)
+/*
+ * Force key reload from memory to the CPU microcode. Loading EFLAGS from the
+ * stack clears EFLAGS[30] which does the trick.
+ */
+static inline void padlock_reload_key(void)
{
- asm volatile ("pushfl; popfl");
+ asm volatile ("pushfl; popfl");
}
-#ifndef OPENSSL_NO_AES
+# ifndef OPENSSL_NO_AES
/*
* This is heuristic key context tracing. At first one
* believes that one should use atomic swap instructions,
@@ -419,90 +414,89 @@ padlock_reload_key(void)
* our key *shall* be reloaded upon thread context switch
* and we are therefore set in either case...
*/
-static inline void
-padlock_verify_context(struct padlock_cipher_data *cdata)
+static inline void padlock_verify_context(struct padlock_cipher_data *cdata)
{
- asm volatile (
- "pushfl\n"
-" btl $30,(%%esp)\n"
-" jnc 1f\n"
-" cmpl %2,%1\n"
-" je 1f\n"
-" popfl\n"
-" subl $4,%%esp\n"
-"1: addl $4,%%esp\n"
-" movl %2,%0"
- :"+m"(padlock_saved_context)
- : "r"(padlock_saved_context), "r"(cdata) : "cc");
+ asm volatile ("pushfl\n"
+ " btl $30,(%%esp)\n"
+ " jnc 1f\n"
+ " cmpl %2,%1\n"
+ " je 1f\n"
+ " popfl\n"
+ " subl $4,%%esp\n"
+ "1: addl $4,%%esp\n"
+ " movl %2,%0":"+m" (padlock_saved_context)
+ :"r"(padlock_saved_context), "r"(cdata):"cc");
}
/* Template for padlock_xcrypt_* modes */
-/* BIG FAT WARNING:
- * The offsets used with 'leal' instructions
- * describe items of the 'padlock_cipher_data'
- * structure.
+/*
+ * BIG FAT WARNING: The offsets used with 'leal' instructions describe items
+ * of the 'padlock_cipher_data' structure.
*/
-#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
-static inline void *name(size_t cnt, \
- struct padlock_cipher_data *cdata, \
- void *out, const void *inp) \
-{ void *iv; \
- asm volatile ( "pushl %%ebx\n" \
- " leal 16(%0),%%edx\n" \
- " leal 32(%0),%%ebx\n" \
- rep_xcrypt "\n" \
- " popl %%ebx" \
- : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
- : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
- : "edx", "cc", "memory"); \
- return iv; \
+# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
+static inline void *name(size_t cnt, \
+ struct padlock_cipher_data *cdata, \
+ void *out, const void *inp) \
+{ void *iv; \
+ asm volatile ( "pushl %%ebx\n" \
+ " leal 16(%0),%%edx\n" \
+ " leal 32(%0),%%ebx\n" \
+ rep_xcrypt "\n" \
+ " popl %%ebx" \
+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
+ : "edx", "cc", "memory"); \
+ return iv; \
}
/* Generate all functions with appropriate opcodes */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
-#endif
-
+/* rep xcryptecb */
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")
+/* rep xcryptcbc */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")
+/* rep xcryptcfb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
+/* rep xcryptofb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
+# endif
/* The RNG call itself */
-static inline unsigned int
-padlock_xstore(void *addr, unsigned int edx_in)
+static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
{
- unsigned int eax_out;
+ unsigned int eax_out;
- asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
- : "=a"(eax_out),"=m"(*(unsigned *)addr)
- : "D"(addr), "d" (edx_in)
- );
+ asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
+ :"=a" (eax_out), "=m"(*(unsigned *)addr)
+ :"D"(addr), "d"(edx_in)
+ );
- return eax_out;
+ return eax_out;
}
-/* Why not inline 'rep movsd'? I failed to find information on what
- * value in Direction Flag one can expect and consequently have to
- * apply "better-safe-than-sorry" approach and assume "undefined."
- * I could explicitly clear it and restore the original value upon
- * return from padlock_aes_cipher, but it's presumably too much
- * trouble for too little gain...
- *
- * In case you wonder 'rep xcrypt*' instructions above are *not*
- * affected by the Direction Flag and pointers advance toward
- * larger addresses unconditionally.
- */
-static inline unsigned char *
-padlock_memcpy(void *dst,const void *src,size_t n)
+/*
+ * Why not inline 'rep movsd'? I failed to find information on what value in
+ * Direction Flag one can expect and consequently have to apply
+ * "better-safe-than-sorry" approach and assume "undefined." I could
+ * explicitly clear it and restore the original value upon return from
+ * padlock_aes_cipher, but it's presumably too much trouble for too little
+ * gain... In case you wonder 'rep xcrypt*' instructions above are *not*
+ * affected by the Direction Flag and pointers advance toward larger
+ * addresses unconditionally.
+ */
+static inline unsigned char *padlock_memcpy(void *dst, const void *src,
+ size_t n)
{
- long *d=dst;
- const long *s=src;
+ long *d = dst;
+ const long *s = src;
- n /= sizeof(*d);
- do { *d++ = *s++; } while (--n);
+ n /= sizeof(*d);
+ do {
+ *d++ = *s++;
+ } while (--n);
- return dst;
+ return dst;
}
-#elif defined(_MSC_VER)
+# elif defined(_MSC_VER)
/*
* Unlike GCC these are real functions. In order to minimize impact
* on performance we adhere to __fastcall calling convention in
@@ -510,26 +504,25 @@ padlock_memcpy(void *dst,const void *src,size_t n)
* Which kind of suits very well, as instructions in question use
* both %ecx and %edx as input:-)
*/
-#define REP_XCRYPT(code) \
- _asm _emit 0xf3 \
- _asm _emit 0x0f _asm _emit 0xa7 \
- _asm _emit code
-
-/* BIG FAT WARNING:
- * The offsets used with 'lea' instructions
- * describe items of the 'padlock_cipher_data'
- * structure.
+# define REP_XCRYPT(code) \
+ _asm _emit 0xf3 \
+ _asm _emit 0x0f _asm _emit 0xa7 \
+ _asm _emit code
+
+/*
+ * BIG FAT WARNING: The offsets used with 'lea' instructions describe items
+ * of the 'padlock_cipher_data' structure.
*/
-#define PADLOCK_XCRYPT_ASM(name,code) \
-static void * __fastcall \
- name (size_t cnt, void *cdata, \
- void *outp, const void *inp) \
-{ _asm mov eax,edx \
- _asm lea edx,[eax+16] \
- _asm lea ebx,[eax+32] \
- _asm mov edi,outp \
- _asm mov esi,inp \
- REP_XCRYPT(code) \
+# define PADLOCK_XCRYPT_ASM(name,code) \
+static void * __fastcall \
+ name (size_t cnt, void *cdata, \
+ void *outp, const void *inp) \
+{ _asm mov eax,edx \
+ _asm lea edx,[eax+16] \
+ _asm lea ebx,[eax+32] \
+ _asm mov edi,outp \
+ _asm mov esi,inp \
+ REP_XCRYPT(code) \
}
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
@@ -537,324 +530,330 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
-static int __fastcall
-padlock_xstore(void *outp,unsigned int code)
-{ _asm mov edi,ecx
- _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
+static int __fastcall padlock_xstore(void *outp, unsigned int code)
+{
+ _asm mov edi,ecx
+ _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
+}
+
+static void __fastcall padlock_reload_key(void)
+{
+ _asm pushfd
+ _asm popfd
}
-static void __fastcall
-padlock_reload_key(void)
-{ _asm pushfd _asm popfd }
-
-static void __fastcall
-padlock_verify_context(void *cdata)
-{ _asm {
- pushfd
- bt DWORD PTR[esp],30
- jnc skip
- cmp ecx,padlock_saved_context
- je skip
- popfd
- sub esp,4
- skip: add esp,4
- mov padlock_saved_context,ecx
- }
+static void __fastcall padlock_verify_context(void *cdata)
+{
+ _asm {
+ pushfd
+ bt DWORD PTR[esp],30
+ jnc skip
+ cmp ecx,padlock_saved_context
+ je skip
+ popfd
+ sub esp,4
+ skip: add esp,4
+ mov padlock_saved_context,ecx
+ }
}
static int
padlock_available(void)
-{ _asm {
- pushfd
- pop eax
- mov ecx,eax
- xor eax,1<<21
- push eax
- popfd
- pushfd
- pop eax
- xor eax,ecx
- bt eax,21
- jnc noluck
- mov eax,0
- cpuid
- xor eax,eax
- cmp ebx,'tneC'
- jne noluck
- cmp edx,'Hrua'
- jne noluck
- cmp ecx,'slua'
- jne noluck
- mov eax,0xC0000000
- cpuid
- mov edx,eax
- xor eax,eax
- cmp edx,0xC0000001
- jb noluck
- mov eax,0xC0000001
- cpuid
- xor eax,eax
- bt edx,6
- jnc skip_a
- bt edx,7
- jnc skip_a
- mov padlock_use_ace,1
- inc eax
- skip_a: bt edx,2
- jnc skip_r
- bt edx,3
- jnc skip_r
- mov padlock_use_rng,1
- inc eax
- skip_r:
- noluck:
- }
+{
+ _asm {
+ pushfd
+ pop eax
+ mov ecx,eax
+ xor eax,1<<21
+ push eax
+ popfd
+ pushfd
+ pop eax
+ xor eax,ecx
+ bt eax,21
+ jnc noluck
+ mov eax,0
+ cpuid
+ xor eax,eax
+ cmp ebx,'tneC'
+ jne noluck
+ cmp edx,'Hrua'
+ jne noluck
+ cmp ecx,'slua'
+ jne noluck
+ mov eax,0xC0000000
+ cpuid
+ mov edx,eax
+ xor eax,eax
+ cmp edx,0xC0000001
+ jb noluck
+ mov eax,0xC0000001
+ cpuid
+ xor eax,eax
+ bt edx,6
+ jnc skip_a
+ bt edx,7
+ jnc skip_a
+ mov padlock_use_ace,1
+ inc eax
+ skip_a: bt edx,2
+ jnc skip_r
+ bt edx,3
+ jnc skip_r
+ mov padlock_use_rng,1
+ inc eax
+ skip_r:
+ noluck:
+ }
}
-static void __fastcall
-padlock_bswapl(void *key)
-{ _asm {
- pushfd
- cld
- mov esi,ecx
- mov edi,ecx
- mov ecx,60
- up: lodsd
- bswap eax
- stosd
- loop up
- popfd
- }
+static void __fastcall padlock_bswapl(void *key)
+{
+ _asm {
+ pushfd
+ cld
+ mov esi,ecx
+ mov edi,ecx
+ mov ecx,60
+ up: lodsd
+ bswap eax
+ stosd
+ loop up
+ popfd
+ }
}
-/* MS actually specifies status of Direction Flag and compiler even
- * manages to compile following as 'rep movsd' all by itself...
+/*
+ * MS actually specifies status of Direction Flag and compiler even manages
+ * to compile following as 'rep movsd' all by itself...
*/
-#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
-#endif
-
+# define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
+# endif
/* ===== AES encryption/decryption ===== */
-#ifndef OPENSSL_NO_AES
-
-#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-#define NID_aes_128_cfb NID_aes_128_cfb128
-#endif
-
-#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-#define NID_aes_128_ofb NID_aes_128_ofb128
-#endif
-
-#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-#define NID_aes_192_cfb NID_aes_192_cfb128
-#endif
-
-#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-#define NID_aes_192_ofb NID_aes_192_ofb128
-#endif
-
-#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-#define NID_aes_256_cfb NID_aes_256_cfb128
-#endif
-
-#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-#define NID_aes_256_ofb NID_aes_256_ofb128
-#endif
-
-/* List of supported ciphers. */
-static int padlock_cipher_nids[] = {
- NID_aes_128_ecb,
- NID_aes_128_cbc,
- NID_aes_128_cfb,
- NID_aes_128_ofb,
-
- NID_aes_192_ecb,
- NID_aes_192_cbc,
- NID_aes_192_cfb,
- NID_aes_192_ofb,
-
- NID_aes_256_ecb,
- NID_aes_256_cbc,
- NID_aes_256_cfb,
- NID_aes_256_ofb,
+# ifndef OPENSSL_NO_AES
+# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+# define NID_aes_128_cfb NID_aes_128_cfb128
+# endif
+# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+# define NID_aes_128_ofb NID_aes_128_ofb128
+# endif
+# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+# define NID_aes_192_cfb NID_aes_192_cfb128
+# endif
+# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+# define NID_aes_192_ofb NID_aes_192_ofb128
+# endif
+# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+# define NID_aes_256_cfb NID_aes_256_cfb128
+# endif
+# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+# define NID_aes_256_ofb NID_aes_256_ofb128
+# endif
+/*
+ * List of supported ciphers.
+ */ static int padlock_cipher_nids[] = {
+ NID_aes_128_ecb,
+ NID_aes_128_cbc,
+ NID_aes_128_cfb,
+ NID_aes_128_ofb,
+
+ NID_aes_192_ecb,
+ NID_aes_192_cbc,
+ NID_aes_192_cfb,
+ NID_aes_192_ofb,
+
+ NID_aes_256_ecb,
+ NID_aes_256_cbc,
+ NID_aes_256_cfb,
+ NID_aes_256_ofb,
};
-static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/
- sizeof(padlock_cipher_nids[0]));
+
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
+ sizeof(padlock_cipher_nids[0]));
/* Function prototypes ... */
static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
+ const unsigned char *iv, int enc);
static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t nbytes);
-
-#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
- ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
-#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
- NEAREST_ALIGNED(ctx->cipher_data))
-
-#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_OFB 1
-#define EVP_CIPHER_block_size_CFB 1
-
-/* Declaring so many ciphers by hand would be a pain.
- Instead introduce a bit of preprocessor magic :-) */
-#define DECLARE_AES_EVP(ksize,lmode,umode) \
-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
- NID_aes_##ksize##_##lmode, \
- EVP_CIPHER_block_size_##umode, \
- AES_KEY_SIZE_##ksize, \
- AES_BLOCK_SIZE, \
- 0 | EVP_CIPH_##umode##_MODE, \
- padlock_aes_init_key, \
- padlock_aes_cipher, \
- NULL, \
- sizeof(struct padlock_cipher_data) + 16, \
- EVP_CIPHER_set_asn1_iv, \
- EVP_CIPHER_get_asn1_iv, \
- NULL, \
- NULL \
+ const unsigned char *in, size_t nbytes);
+
+# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
+ ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
+# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+ NEAREST_ALIGNED(ctx->cipher_data))
+
+# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
+# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
+# define EVP_CIPHER_block_size_OFB 1
+# define EVP_CIPHER_block_size_CFB 1
+
+/*
+ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
+ * of preprocessor magic :-)
+ */
+# define DECLARE_AES_EVP(ksize,lmode,umode) \
+static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
+ NID_aes_##ksize##_##lmode, \
+ EVP_CIPHER_block_size_##umode, \
+ AES_KEY_SIZE_##ksize, \
+ AES_BLOCK_SIZE, \
+ 0 | EVP_CIPH_##umode##_MODE, \
+ padlock_aes_init_key, \
+ padlock_aes_cipher, \
+ NULL, \
+ sizeof(struct padlock_cipher_data) + 16, \
+ EVP_CIPHER_set_asn1_iv, \
+ EVP_CIPHER_get_asn1_iv, \
+ NULL, \
+ NULL \
}
-DECLARE_AES_EVP(128,ecb,ECB);
-DECLARE_AES_EVP(128,cbc,CBC);
-DECLARE_AES_EVP(128,cfb,CFB);
-DECLARE_AES_EVP(128,ofb,OFB);
+DECLARE_AES_EVP(128, ecb, ECB);
+DECLARE_AES_EVP(128, cbc, CBC);
+DECLARE_AES_EVP(128, cfb, CFB);
+DECLARE_AES_EVP(128, ofb, OFB);
-DECLARE_AES_EVP(192,ecb,ECB);
-DECLARE_AES_EVP(192,cbc,CBC);
-DECLARE_AES_EVP(192,cfb,CFB);
-DECLARE_AES_EVP(192,ofb,OFB);
+DECLARE_AES_EVP(192, ecb, ECB);
+DECLARE_AES_EVP(192, cbc, CBC);
+DECLARE_AES_EVP(192, cfb, CFB);
+DECLARE_AES_EVP(192, ofb, OFB);
-DECLARE_AES_EVP(256,ecb,ECB);
-DECLARE_AES_EVP(256,cbc,CBC);
-DECLARE_AES_EVP(256,cfb,CFB);
-DECLARE_AES_EVP(256,ofb,OFB);
+DECLARE_AES_EVP(256, ecb, ECB);
+DECLARE_AES_EVP(256, cbc, CBC);
+DECLARE_AES_EVP(256, cfb, CFB);
+DECLARE_AES_EVP(256, ofb, OFB);
static int
-padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
+padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
+ int nid)
{
- /* No specific cipher => return a list of supported nids ... */
- if (!cipher) {
- *nids = padlock_cipher_nids;
- return padlock_cipher_nids_num;
- }
-
- /* ... or the requested "cipher" otherwise */
- switch (nid) {
- case NID_aes_128_ecb:
- *cipher = &padlock_aes_128_ecb;
- break;
- case NID_aes_128_cbc:
- *cipher = &padlock_aes_128_cbc;
- break;
- case NID_aes_128_cfb:
- *cipher = &padlock_aes_128_cfb;
- break;
- case NID_aes_128_ofb:
- *cipher = &padlock_aes_128_ofb;
- break;
-
- case NID_aes_192_ecb:
- *cipher = &padlock_aes_192_ecb;
- break;
- case NID_aes_192_cbc:
- *cipher = &padlock_aes_192_cbc;
- break;
- case NID_aes_192_cfb:
- *cipher = &padlock_aes_192_cfb;
- break;
- case NID_aes_192_ofb:
- *cipher = &padlock_aes_192_ofb;
- break;
-
- case NID_aes_256_ecb:
- *cipher = &padlock_aes_256_ecb;
- break;
- case NID_aes_256_cbc:
- *cipher = &padlock_aes_256_cbc;
- break;
- case NID_aes_256_cfb:
- *cipher = &padlock_aes_256_cfb;
- break;
- case NID_aes_256_ofb:
- *cipher = &padlock_aes_256_ofb;
- break;
-
- default:
- /* Sorry, we don't support this NID */
- *cipher = NULL;
- return 0;
- }
-
- return 1;
+ /* No specific cipher => return a list of supported nids ... */
+ if (!cipher) {
+ *nids = padlock_cipher_nids;
+ return padlock_cipher_nids_num;
+ }
+
+ /* ... or the requested "cipher" otherwise */
+ switch (nid) {
+ case NID_aes_128_ecb:
+ *cipher = &padlock_aes_128_ecb;
+ break;
+ case NID_aes_128_cbc:
+ *cipher = &padlock_aes_128_cbc;
+ break;
+ case NID_aes_128_cfb:
+ *cipher = &padlock_aes_128_cfb;
+ break;
+ case NID_aes_128_ofb:
+ *cipher = &padlock_aes_128_ofb;
+ break;
+
+ case NID_aes_192_ecb:
+ *cipher = &padlock_aes_192_ecb;
+ break;
+ case NID_aes_192_cbc:
+ *cipher = &padlock_aes_192_cbc;
+ break;
+ case NID_aes_192_cfb:
+ *cipher = &padlock_aes_192_cfb;
+ break;
+ case NID_aes_192_ofb:
+ *cipher = &padlock_aes_192_ofb;
+ break;
+
+ case NID_aes_256_ecb:
+ *cipher = &padlock_aes_256_ecb;
+ break;
+ case NID_aes_256_cbc:
+ *cipher = &padlock_aes_256_cbc;
+ break;
+ case NID_aes_256_cfb:
+ *cipher = &padlock_aes_256_cfb;
+ break;
+ case NID_aes_256_ofb:
+ *cipher = &padlock_aes_256_ofb;
+ break;
+
+ default:
+ /* Sorry, we don't support this NID */
+ *cipher = NULL;
+ return 0;
+ }
+
+ return 1;
}
/* Prepare the encryption key for PadLock usage */
static int
-padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
- struct padlock_cipher_data *cdata;
- int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
-
- if (key==NULL) return 0; /* ERROR */
-
- cdata = ALIGNED_CIPHER_DATA(ctx);
- memset(cdata, 0, sizeof(struct padlock_cipher_data));
-
- /* Prepare Control word. */
- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
- cdata->cword.b.encdec = 0;
- else
- cdata->cword.b.encdec = (ctx->encrypt == 0);
- cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
- cdata->cword.b.ksize = (key_len - 128) / 64;
-
- switch(key_len) {
- case 128:
- /* PadLock can generate an extended key for
- AES128 in hardware */
- memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
- cdata->cword.b.keygen = 0;
- break;
-
- case 192:
- case 256:
- /* Generate an extended AES key in software.
- Needed for AES192/AES256 */
- /* Well, the above applies to Stepping 8 CPUs
- and is listed as hardware errata. They most
- likely will fix it at some point and then
- a check for stepping would be due here. */
- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
- EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE ||
- enc)
- AES_set_encrypt_key(key, key_len, &cdata->ks);
- else
- AES_set_decrypt_key(key, key_len, &cdata->ks);
-#ifndef AES_ASM
- /* OpenSSL C functions use byte-swapped extended key. */
- padlock_bswapl(&cdata->ks);
-#endif
- cdata->cword.b.keygen = 1;
- break;
-
- default:
- /* ERROR */
- return 0;
- }
-
- /*
- * This is done to cover for cases when user reuses the
- * context for new key. The catch is that if we don't do
- * this, padlock_eas_cipher might proceed with old key...
- */
- padlock_reload_key ();
-
- return 1;
+ struct padlock_cipher_data *cdata;
+ int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
+
+ if (key == NULL)
+ return 0; /* ERROR */
+
+ cdata = ALIGNED_CIPHER_DATA(ctx);
+ memset(cdata, 0, sizeof(struct padlock_cipher_data));
+
+ /* Prepare Control word. */
+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+ cdata->cword.b.encdec = 0;
+ else
+ cdata->cword.b.encdec = (ctx->encrypt == 0);
+ cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
+ cdata->cword.b.ksize = (key_len - 128) / 64;
+
+ switch (key_len) {
+ case 128:
+ /*
+ * PadLock can generate an extended key for AES128 in hardware
+ */
+ memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
+ cdata->cword.b.keygen = 0;
+ break;
+
+ case 192:
+ case 256:
+ /*
+ * Generate an extended AES key in software. Needed for AES192/AES256
+ */
+ /*
+ * Well, the above applies to Stepping 8 CPUs and is listed as
+ * hardware errata. They most likely will fix it at some point and
+ * then a check for stepping would be due here.
+ */
+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
+ EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || enc)
+ AES_set_encrypt_key(key, key_len, &cdata->ks);
+ else
+ AES_set_decrypt_key(key, key_len, &cdata->ks);
+# ifndef AES_ASM
+ /*
+ * OpenSSL C functions use byte-swapped extended key.
+ */
+ padlock_bswapl(&cdata->ks);
+# endif
+ cdata->cword.b.keygen = 1;
+ break;
+
+ default:
+ /* ERROR */
+ return 0;
+ }
+
+ /*
+ * This is done to cover for cases when user reuses the
+ * context for new key. The catch is that if we don't do
+ * this, padlock_eas_cipher might proceed with old key...
+ */
+ padlock_reload_key();
+
+ return 1;
}
-/*
+/*-
* Simplified version of padlock_aes_cipher() used when
* 1) both input and output buffers are at aligned addresses.
* or when
@@ -862,314 +861,329 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
*/
static int
padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
- const unsigned char *in_arg, size_t nbytes)
+ const unsigned char *in_arg, size_t nbytes)
{
- struct padlock_cipher_data *cdata;
- void *iv;
-
- cdata = ALIGNED_CIPHER_DATA(ctx);
- padlock_verify_context(cdata);
-
- switch (EVP_CIPHER_CTX_mode(ctx)) {
- case EVP_CIPH_ECB_MODE:
- padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- break;
-
- case EVP_CIPH_CBC_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_CFB_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_OFB_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
- break;
-
- default:
- return 0;
- }
-
- memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
- return 1;
+ struct padlock_cipher_data *cdata;
+ void *iv;
+
+ cdata = ALIGNED_CIPHER_DATA(ctx);
+ padlock_verify_context(cdata);
+
+ switch (EVP_CIPHER_CTX_mode(ctx)) {
+ case EVP_CIPH_ECB_MODE:
+ padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
+ break;
+
+ case EVP_CIPH_CBC_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
+ in_arg);
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_CFB_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
+ in_arg);
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_OFB_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
+ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
+ break;
+
+ default:
+ return 0;
+ }
+
+ memset(cdata->iv, 0, AES_BLOCK_SIZE);
+
+ return 1;
}
-#ifndef PADLOCK_CHUNK
-# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */
-#endif
-#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
-# error "insane PADLOCK_CHUNK..."
-#endif
+# ifndef PADLOCK_CHUNK
+# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */
+# endif
+# if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
+# error "insane PADLOCK_CHUNK..."
+# endif
-/* Re-align the arguments to 16-Bytes boundaries and run the
- encryption function itself. This function is not AES-specific. */
+/*
+ * Re-align the arguments to 16-Bytes boundaries and run the encryption
+ * function itself. This function is not AES-specific.
+ */
static int
padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
- const unsigned char *in_arg, size_t nbytes)
+ const unsigned char *in_arg, size_t nbytes)
{
- struct padlock_cipher_data *cdata;
- const void *inp;
- unsigned char *out;
- void *iv;
- int inp_misaligned, out_misaligned, realign_in_loop;
- size_t chunk, allocated=0;
-
- /* ctx->num is maintained in byte-oriented modes,
- such as CFB and OFB... */
- if ((chunk = ctx->num)) { /* borrow chunk variable */
- unsigned char *ivp=ctx->iv;
-
- switch (EVP_CIPHER_CTX_mode(ctx)) {
- case EVP_CIPH_CFB_MODE:
- if (chunk >= AES_BLOCK_SIZE)
- return 0; /* bogus value */
-
- if (ctx->encrypt)
- while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
- ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
- chunk++, nbytes--;
- }
- else while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
- unsigned char c = *(in_arg++);
- *(out_arg++) = c ^ ivp[chunk];
- ivp[chunk++] = c, nbytes--;
- }
-
- ctx->num = chunk%AES_BLOCK_SIZE;
- break;
- case EVP_CIPH_OFB_MODE:
- if (chunk >= AES_BLOCK_SIZE)
- return 0; /* bogus value */
-
- while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
- *(out_arg++) = *(in_arg++) ^ ivp[chunk];
- chunk++, nbytes--;
- }
-
- ctx->num = chunk%AES_BLOCK_SIZE;
- break;
- }
- }
-
- if (nbytes == 0)
- return 1;
-#if 0
- if (nbytes % AES_BLOCK_SIZE)
- return 0; /* are we expected to do tail processing? */
-#else
- /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC
- modes and arbitrary value in byte-oriented modes, such as
- CFB and OFB... */
-#endif
-
- /* VIA promises CPUs that won't require alignment in the future.
- For now padlock_aes_align_required is initialized to 1 and
- the condition is never met... */
- /* C7 core is capable to manage unaligned input in non-ECB[!]
- mode, but performance penalties appear to be approximately
- same as for software alignment below or ~3x. They promise to
- improve it in the future, but for now we can just as well
- pretend that it can only handle aligned input... */
- if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0)
- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
- inp_misaligned = (((size_t)in_arg) & 0x0F);
- out_misaligned = (((size_t)out_arg) & 0x0F);
-
- /* Note that even if output is aligned and input not,
- * I still prefer to loop instead of copy the whole
- * input and then encrypt in one stroke. This is done
- * in order to improve L1 cache utilization... */
- realign_in_loop = out_misaligned|inp_misaligned;
-
- if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0)
- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
- /* this takes one "if" out of the loops */
- chunk = nbytes;
- chunk %= PADLOCK_CHUNK;
- if (chunk==0) chunk = PADLOCK_CHUNK;
-
- if (out_misaligned) {
- /* optmize for small input */
- allocated = (chunk<nbytes?PADLOCK_CHUNK:nbytes);
- out = alloca(0x10 + allocated);
- out = NEAREST_ALIGNED(out);
- }
- else
- out = out_arg;
-
- cdata = ALIGNED_CIPHER_DATA(ctx);
- padlock_verify_context(cdata);
-
- switch (EVP_CIPHER_CTX_mode(ctx)) {
- case EVP_CIPH_ECB_MODE:
- do {
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- nbytes -= chunk;
- chunk = PADLOCK_CHUNK;
- } while (nbytes);
- break;
-
- case EVP_CIPH_CBC_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- goto cbc_shortcut;
- do {
- if (iv != cdata->iv)
- memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
- chunk = PADLOCK_CHUNK;
- cbc_shortcut: /* optimize for small input */
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- } while (nbytes -= chunk);
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_CFB_MODE:
- memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- chunk &= ~(AES_BLOCK_SIZE-1);
- if (chunk) goto cfb_shortcut;
- else goto cfb_skiploop;
- do {
- if (iv != cdata->iv)
- memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
- chunk = PADLOCK_CHUNK;
- cfb_shortcut: /* optimize for small input */
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- nbytes -= chunk;
- } while (nbytes >= AES_BLOCK_SIZE);
-
- cfb_skiploop:
- if (nbytes) {
- unsigned char *ivp = cdata->iv;
-
- if (iv != ivp) {
- memcpy(ivp, iv, AES_BLOCK_SIZE);
- iv = ivp;
- }
- ctx->num = nbytes;
- if (cdata->cword.b.encdec) {
- cdata->cword.b.encdec=0;
- padlock_reload_key();
- padlock_xcrypt_ecb(1,cdata,ivp,ivp);
- cdata->cword.b.encdec=1;
- padlock_reload_key();
- while(nbytes) {
- unsigned char c = *(in_arg++);
- *(out_arg++) = c ^ *ivp;
- *(ivp++) = c, nbytes--;
- }
- }
- else { padlock_reload_key();
- padlock_xcrypt_ecb(1,cdata,ivp,ivp);
- padlock_reload_key();
- while (nbytes) {
- *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
- ivp++, nbytes--;
- }
- }
- }
-
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_OFB_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- chunk &= ~(AES_BLOCK_SIZE-1);
- if (chunk) do {
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- nbytes -= chunk;
- chunk = PADLOCK_CHUNK;
- } while (nbytes >= AES_BLOCK_SIZE);
-
- if (nbytes) {
- unsigned char *ivp = cdata->iv;
-
- ctx->num = nbytes;
- padlock_reload_key(); /* empirically found */
- padlock_xcrypt_ecb(1,cdata,ivp,ivp);
- padlock_reload_key(); /* empirically found */
- while (nbytes) {
- *(out_arg++) = *(in_arg++) ^ *ivp;
- ivp++, nbytes--;
- }
- }
-
- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
- break;
-
- default:
- return 0;
- }
-
- /* Clean the realign buffer if it was used */
- if (out_misaligned) {
- volatile unsigned long *p=(void *)out;
- size_t n = allocated/sizeof(*p);
- while (n--) *p++=0;
- }
-
- memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
- return 1;
+ struct padlock_cipher_data *cdata;
+ const void *inp;
+ unsigned char *out;
+ void *iv;
+ int inp_misaligned, out_misaligned, realign_in_loop;
+ size_t chunk, allocated = 0;
+
+ /*
+ * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
+ */
+ if ((chunk = ctx->num)) { /* borrow chunk variable */
+ unsigned char *ivp = ctx->iv;
+
+ switch (EVP_CIPHER_CTX_mode(ctx)) {
+ case EVP_CIPH_CFB_MODE:
+ if (chunk >= AES_BLOCK_SIZE)
+ return 0; /* bogus value */
+
+ if (ctx->encrypt)
+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+ ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+ chunk++, nbytes--;
+ } else
+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+ unsigned char c = *(in_arg++);
+ *(out_arg++) = c ^ ivp[chunk];
+ ivp[chunk++] = c, nbytes--;
+ }
+
+ ctx->num = chunk % AES_BLOCK_SIZE;
+ break;
+ case EVP_CIPH_OFB_MODE:
+ if (chunk >= AES_BLOCK_SIZE)
+ return 0; /* bogus value */
+
+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+ *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+ chunk++, nbytes--;
+ }
+
+ ctx->num = chunk % AES_BLOCK_SIZE;
+ break;
+ }
+ }
+
+ if (nbytes == 0)
+ return 1;
+# if 0
+ if (nbytes % AES_BLOCK_SIZE)
+ return 0; /* are we expected to do tail processing? */
+# else
+ /*
+ * nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC modes and
+ * arbitrary value in byte-oriented modes, such as CFB and OFB...
+ */
+# endif
+
+ /*
+ * VIA promises CPUs that won't require alignment in the future. For now
+ * padlock_aes_align_required is initialized to 1 and the condition is
+ * never met...
+ */
+ /*
+ * C7 core is capable to manage unaligned input in non-ECB[!] mode, but
+ * performance penalties appear to be approximately same as for software
+ * alignment below or ~3x. They promise to improve it in the future, but
+ * for now we can just as well pretend that it can only handle aligned
+ * input...
+ */
+ if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0)
+ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
+
+ inp_misaligned = (((size_t)in_arg) & 0x0F);
+ out_misaligned = (((size_t)out_arg) & 0x0F);
+
+ /*
+ * Note that even if output is aligned and input not, I still prefer to
+ * loop instead of copy the whole input and then encrypt in one stroke.
+ * This is done in order to improve L1 cache utilization...
+ */
+ realign_in_loop = out_misaligned | inp_misaligned;
+
+ if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0)
+ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
+
+ /* this takes one "if" out of the loops */
+ chunk = nbytes;
+ chunk %= PADLOCK_CHUNK;
+ if (chunk == 0)
+ chunk = PADLOCK_CHUNK;
+
+ if (out_misaligned) {
+ /* optmize for small input */
+ allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes);
+ out = alloca(0x10 + allocated);
+ out = NEAREST_ALIGNED(out);
+ } else
+ out = out_arg;
+
+ cdata = ALIGNED_CIPHER_DATA(ctx);
+ padlock_verify_context(cdata);
+
+ switch (EVP_CIPHER_CTX_mode(ctx)) {
+ case EVP_CIPH_ECB_MODE:
+ do {
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ nbytes -= chunk;
+ chunk = PADLOCK_CHUNK;
+ } while (nbytes);
+ break;
+
+ case EVP_CIPH_CBC_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ goto cbc_shortcut;
+ do {
+ if (iv != cdata->iv)
+ memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
+ chunk = PADLOCK_CHUNK;
+ cbc_shortcut: /* optimize for small input */
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ } while (nbytes -= chunk);
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_CFB_MODE:
+ memcpy(iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ chunk &= ~(AES_BLOCK_SIZE - 1);
+ if (chunk)
+ goto cfb_shortcut;
+ else
+ goto cfb_skiploop;
+ do {
+ if (iv != cdata->iv)
+ memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
+ chunk = PADLOCK_CHUNK;
+ cfb_shortcut: /* optimize for small input */
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ nbytes -= chunk;
+ } while (nbytes >= AES_BLOCK_SIZE);
+
+ cfb_skiploop:
+ if (nbytes) {
+ unsigned char *ivp = cdata->iv;
+
+ if (iv != ivp) {
+ memcpy(ivp, iv, AES_BLOCK_SIZE);
+ iv = ivp;
+ }
+ ctx->num = nbytes;
+ if (cdata->cword.b.encdec) {
+ cdata->cword.b.encdec = 0;
+ padlock_reload_key();
+ padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+ cdata->cword.b.encdec = 1;
+ padlock_reload_key();
+ while (nbytes) {
+ unsigned char c = *(in_arg++);
+ *(out_arg++) = c ^ *ivp;
+ *(ivp++) = c, nbytes--;
+ }
+ } else {
+ padlock_reload_key();
+ padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+ padlock_reload_key();
+ while (nbytes) {
+ *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
+ ivp++, nbytes--;
+ }
+ }
+ }
+
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_OFB_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ chunk &= ~(AES_BLOCK_SIZE - 1);
+ if (chunk)
+ do {
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ nbytes -= chunk;
+ chunk = PADLOCK_CHUNK;
+ } while (nbytes >= AES_BLOCK_SIZE);
+
+ if (nbytes) {
+ unsigned char *ivp = cdata->iv;
+
+ ctx->num = nbytes;
+ padlock_reload_key(); /* empirically found */
+ padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+ padlock_reload_key(); /* empirically found */
+ while (nbytes) {
+ *(out_arg++) = *(in_arg++) ^ *ivp;
+ ivp++, nbytes--;
+ }
+ }
+
+ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
+ break;
+
+ default:
+ return 0;
+ }
+
+ /* Clean the realign buffer if it was used */
+ if (out_misaligned) {
+ volatile unsigned long *p = (void *)out;
+ size_t n = allocated / sizeof(*p);
+ while (n--)
+ *p++ = 0;
+ }
+
+ memset(cdata->iv, 0, AES_BLOCK_SIZE);
+
+ return 1;
}
-#endif /* OPENSSL_NO_AES */
+# endif /* OPENSSL_NO_AES */
/* ===== Random Number Generator ===== */
/*
@@ -1178,64 +1192,75 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
* (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
* provide meaningful error control...
*/
-/* Wrapper that provides an interface between the API and
- the raw PadLock RNG */
-static int
-padlock_rand_bytes(unsigned char *output, int count)
+/*
+ * Wrapper that provides an interface between the API and the raw PadLock
+ * RNG
+ */
+static int padlock_rand_bytes(unsigned char *output, int count)
{
- unsigned int eax, buf;
-
- while (count >= 8) {
- eax = padlock_xstore(output, 0);
- if (!(eax&(1<<6))) return 0; /* RNG disabled */
- /* this ---vv--- covers DC bias, Raw Bits and String Filter */
- if (eax&(0x1F<<10)) return 0;
- if ((eax&0x1F)==0) continue; /* no data, retry... */
- if ((eax&0x1F)!=8) return 0; /* fatal failure... */
- output += 8;
- count -= 8;
- }
- while (count > 0) {
- eax = padlock_xstore(&buf, 3);
- if (!(eax&(1<<6))) return 0; /* RNG disabled */
- /* this ---vv--- covers DC bias, Raw Bits and String Filter */
- if (eax&(0x1F<<10)) return 0;
- if ((eax&0x1F)==0) continue; /* no data, retry... */
- if ((eax&0x1F)!=1) return 0; /* fatal failure... */
- *output++ = (unsigned char)buf;
- count--;
- }
- *(volatile unsigned int *)&buf=0;
-
- return 1;
+ unsigned int eax, buf;
+
+ while (count >= 8) {
+ eax = padlock_xstore(output, 0);
+ if (!(eax & (1 << 6)))
+ return 0; /* RNG disabled */
+ /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+ if (eax & (0x1F << 10))
+ return 0;
+ if ((eax & 0x1F) == 0)
+ continue; /* no data, retry... */
+ if ((eax & 0x1F) != 8)
+ return 0; /* fatal failure... */
+ output += 8;
+ count -= 8;
+ }
+ while (count > 0) {
+ eax = padlock_xstore(&buf, 3);
+ if (!(eax & (1 << 6)))
+ return 0; /* RNG disabled */
+ /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+ if (eax & (0x1F << 10))
+ return 0;
+ if ((eax & 0x1F) == 0)
+ continue; /* no data, retry... */
+ if ((eax & 0x1F) != 1)
+ return 0; /* fatal failure... */
+ *output++ = (unsigned char)buf;
+ count--;
+ }
+ *(volatile unsigned int *)&buf = 0;
+
+ return 1;
}
/* Dummy but necessary function */
-static int
-padlock_rand_status(void)
+static int padlock_rand_status(void)
{
- return 1;
+ return 1;
}
/* Prepare structure for registration */
static RAND_METHOD padlock_rand = {
- NULL, /* seed */
- padlock_rand_bytes, /* bytes */
- NULL, /* cleanup */
- NULL, /* add */
- padlock_rand_bytes, /* pseudorand */
- padlock_rand_status, /* rand status */
+ NULL, /* seed */
+ padlock_rand_bytes, /* bytes */
+ NULL, /* cleanup */
+ NULL, /* add */
+ padlock_rand_bytes, /* pseudorand */
+ padlock_rand_status, /* rand status */
};
-#else /* !COMPILE_HW_PADLOCK */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# else /* !COMPILE_HW_PADLOCK */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-#endif
-#endif /* COMPILE_HW_PADLOCK */
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+ return 0;
+}
-#endif /* !OPENSSL_NO_HW_PADLOCK */
-#endif /* !OPENSSL_NO_HW */
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# endif
+# endif /* COMPILE_HW_PADLOCK */
+# endif /* !OPENSSL_NO_HW_PADLOCK */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_sureware.c b/openssl/engines/e_sureware.c
index cd0fa4c39..1005dfc90 100644
--- a/openssl/engines/e_sureware.c
+++ b/openssl/engines/e_sureware.c
@@ -1,12 +1,13 @@
-/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
+/*-
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
-* notice, this list of conditions and the following disclaimer.
+* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -36,18 +37,18 @@
*
* Copyright@2001 Baltimore Technologies Ltd.
* All right Reserved.
-* *
-* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
-* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
-* SUCH DAMAGE. *
+* *
+* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
+* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
+* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
+* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
+* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
+* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
+* SUCH DAMAGE. *
====================================================================*/
#include <stdio.h>
@@ -58,42 +59,43 @@
#include <openssl/engine.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_SUREWARE
+# ifndef OPENSSL_NO_HW_SUREWARE
-#ifdef FLAT_INC
-#include "sureware.h"
-#else
-#include "vendor_defns/sureware.h"
-#endif
+# ifdef FLAT_INC
+# include "sureware.h"
+# else
+# include "vendor_defns/sureware.h"
+# endif
-#define SUREWARE_LIB_NAME "sureware engine"
-#include "e_sureware_err.c"
+# define SUREWARE_LIB_NAME "sureware engine"
+# include "e_sureware_err.c"
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void));
static int surewarehk_destroy(ENGINE *e);
static int surewarehk_init(ENGINE *e);
static int surewarehk_finish(ENGINE *e);
static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding);
-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding);
-#endif
+# ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int surewarehk_rsa_sign(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+# endif
/* RAND stuff */
static int surewarehk_rand_bytes(unsigned char *buf, int num);
@@ -102,248 +104,260 @@ static void surewarehk_rand_add(const void *buf, int num, double entropy);
/* KM stuff */
static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method,
+ void *callback_data);
static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method,
+ void *callback_data);
static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#if 0
+ int idx, long argl, void *argp);
+# if 0
static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#endif
+ int idx, long argl, void *argp);
+# endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
- return surewarehk_modexp(r, a, p, m, ctx);
+ return surewarehk_modexp(r, a, p, m, ctx);
}
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD surewarehk_rsa =
- {
- "SureWare RSA method",
- NULL, /* pub_enc*/
- NULL, /* pub_dec*/
- surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
- surewarehk_rsa_priv_dec, /* priv_dec*/
- NULL, /*mod_exp*/
- surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
- NULL, /* init*/
- NULL, /* finish*/
- 0, /* RSA flag*/
- NULL,
- NULL, /* OpenSSL sign*/
- NULL, /* OpenSSL verify*/
- NULL /* keygen */
- };
-#endif
+static RSA_METHOD surewarehk_rsa = {
+ "SureWare RSA method",
+ NULL, /* pub_enc */
+ NULL, /* pub_dec */
+ surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc */
+ surewarehk_rsa_priv_dec, /* priv_dec */
+ NULL, /* mod_exp */
+ surewarehk_mod_exp_mont, /* mod_exp_mongomery */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* RSA flag */
+ NULL,
+ NULL, /* OpenSSL sign */
+ NULL, /* OpenSSL verify */
+ NULL /* keygen */
+};
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
{
- return surewarehk_modexp(r, a, p, m, ctx);
+ return surewarehk_modexp(r, a, p, m, ctx);
}
-static DH_METHOD surewarehk_dh =
- {
- "SureWare DH method",
- NULL,/*gen_key*/
- NULL,/*agree,*/
- surewarehk_modexp_dh, /*dh mod exp*/
- NULL, /* init*/
- NULL, /* finish*/
- 0, /* flags*/
- NULL,
- NULL
- };
-#endif
+static DH_METHOD surewarehk_dh = {
+ "SureWare DH method",
+ NULL, /* gen_key */
+ NULL, /* agree, */
+ surewarehk_modexp_dh, /* dh mod exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL,
+ NULL
+};
+# endif
-static RAND_METHOD surewarehk_rand =
- {
- /* "SureWare RAND method", */
- surewarehk_rand_seed,
- surewarehk_rand_bytes,
- NULL,/*cleanup*/
- surewarehk_rand_add,
- surewarehk_rand_bytes,
- NULL,/*rand_status*/
- };
+static RAND_METHOD surewarehk_rand = {
+ /* "SureWare RAND method", */
+ surewarehk_rand_seed,
+ surewarehk_rand_bytes,
+ NULL, /* cleanup */
+ surewarehk_rand_add,
+ surewarehk_rand_bytes,
+ NULL, /* rand_status */
+};
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
/* DSA stuff */
-static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+ BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
{
- BIGNUM t;
- int to_return = 0;
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
+ BIGNUM t;
+ int to_return = 0;
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!surewarehk_modexp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!surewarehk_modexp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
}
-static DSA_METHOD surewarehk_dsa =
- {
- "SureWare DSA method",
- surewarehk_dsa_do_sign,
- NULL,/*sign setup*/
- NULL,/*verify,*/
- surewarehk_dsa_mod_exp,/*mod exp*/
- NULL,/*bn mod exp*/
- NULL, /*init*/
- NULL,/*finish*/
- 0,
- NULL,
- NULL,
- NULL
- };
-#endif
+static DSA_METHOD surewarehk_dsa = {
+ "SureWare DSA method",
+ surewarehk_dsa_do_sign,
+ NULL, /* sign setup */
+ NULL, /* verify, */
+ surewarehk_dsa_mod_exp, /* mod exp */
+ NULL, /* bn mod exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
static const char *engine_sureware_id = "sureware";
static const char *engine_sureware_name = "SureWare hardware engine support";
/* Now, to our own code */
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
+/*
+ * As this is only ever called once, there's no need for locking (indeed -
+ * the lock will already be held by our caller!!!)
+ */
static int bind_sureware(ENGINE *e)
{
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
- if(!ENGINE_set_id(e, engine_sureware_id) ||
- !ENGINE_set_name(e, engine_sureware_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &surewarehk_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &surewarehk_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &surewarehk_dh) ||
-#endif
- !ENGINE_set_RAND(e, &surewarehk_rand) ||
- !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
- !ENGINE_set_init_function(e, surewarehk_init) ||
- !ENGINE_set_finish_function(e, surewarehk_finish) ||
- !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
- !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
- return 0;
+ if (!ENGINE_set_id(e, engine_sureware_id) ||
+ !ENGINE_set_name(e, engine_sureware_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &surewarehk_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &surewarehk_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &surewarehk_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &surewarehk_rand) ||
+ !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
+ !ENGINE_set_init_function(e, surewarehk_init) ||
+ !ENGINE_set_finish_function(e, surewarehk_finish) ||
+ !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
+ !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
+ !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
+ return 0;
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- if (meth1)
- {
- surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- }
-#endif
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ if (meth1) {
+ surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ }
+# endif
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- if (meth2)
- {
- surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
- }
-#endif
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ if (meth2) {
+ surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
+ }
+# endif
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- if (meth3)
- {
- surewarehk_dh.generate_key = meth3->generate_key;
- surewarehk_dh.compute_key = meth3->compute_key;
- }
-#endif
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ if (meth3) {
+ surewarehk_dh.generate_key = meth3->generate_key;
+ surewarehk_dh.compute_key = meth3->compute_key;
+ }
+# endif
- /* Ensure the sureware error handling is set up */
- ERR_load_SUREWARE_strings();
- return 1;
+ /* Ensure the sureware error handling is set up */
+ ERR_load_SUREWARE_strings();
+ return 1;
}
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_sureware_id) != 0))
- return 0;
- if(!bind_sureware(e))
- return 0;
- return 1;
- }
+{
+ if (id && (strcmp(id, engine_sureware_id) != 0))
+ return 0;
+ if (!bind_sureware(e))
+ return 0;
+ return 1;
+}
+
IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
static ENGINE *engine_sureware(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_sureware(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_sureware(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_sureware(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_sureware();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_sureware();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
-/* This is a process-global DSO handle used for loading and unloading
- * the SureWareHook library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * SureWareHook library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
static DSO *surewarehk_dso = NULL;
-#ifndef OPENSSL_NO_RSA
-static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
-#endif
-#ifndef OPENSSL_NO_DSA
-static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
-#endif
+# ifndef OPENSSL_NO_RSA
+/* Index for KM handle. Not really used yet. */
+static int rsaHndidx = -1;
+# endif
+# ifndef OPENSSL_NO_DSA
+/* Index for KM handle. Not really used yet. */
+static int dsaHndidx = -1;
+# endif
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
static SureWareHook_Init_t *p_surewarehk_Init = NULL;
static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
@@ -352,704 +366,731 @@ static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
-static SureWareHook_Free_t *p_surewarehk_Free=NULL;
-static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
-static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
-static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
-static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
+static SureWareHook_Free_t *p_surewarehk_Free = NULL;
+static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL;
+static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL;
+static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL;
+static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL;
/* Used in the DSO operations. */
static const char *surewarehk_LIBNAME = "SureWareHook";
static const char *n_surewarehk_Init = "SureWareHook_Init";
static const char *n_surewarehk_Finish = "SureWareHook_Finish";
-static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
-static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
-static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
-static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
-static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
-static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
-static const char *n_surewarehk_Free="SureWareHook_Free";
-static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
-static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
-static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
-static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
+static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes";
+static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed";
+static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey";
+static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey";
+static const char *n_surewarehk_Load_Rsa_Pubkey =
+ "SureWareHook_Load_Rsa_Pubkey";
+static const char *n_surewarehk_Load_Dsa_Pubkey =
+ "SureWareHook_Load_Dsa_Pubkey";
+static const char *n_surewarehk_Free = "SureWareHook_Free";
+static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec";
+static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign";
+static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign";
+static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp";
static BIO *logstream = NULL;
-/* SureWareHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there.
-*/
-static int threadsafe=1;
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+/*
+ * SureWareHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
+static int threadsafe = 1;
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void))
{
- int to_return = 1;
+ int to_return = 1;
- switch(cmd)
- {
- case ENGINE_CTRL_SET_LOGSTREAM:
- {
- BIO *bio = (BIO *)p;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream)
- {
- BIO_free(logstream);
- logstream = NULL;
- }
- if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
- logstream = bio;
- else
- SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* This will prevent the initialisation function from "installing"
- * the mutex-handling callbacks, even if they are available from
- * within the library (or were provided to the library from the
- * calling application). This is to remove any baggage for
- * applications not using multithreading. */
- case ENGINE_CTRL_CHIL_NO_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- threadsafe = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
+ switch (cmd) {
+ case ENGINE_CTRL_SET_LOGSTREAM:
+ {
+ BIO *bio = (BIO *)p;
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (logstream) {
+ BIO_free(logstream);
+ logstream = NULL;
+ }
+ if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
+ logstream = bio;
+ else
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+ SUREWARE_R_BIO_WAS_FREED);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /*
+ * This will prevent the initialisation function from "installing"
+ * the mutex-handling callbacks, even if they are available from
+ * within the library (or were provided to the library from the
+ * calling application). This is to remove any baggage for
+ * applications not using multithreading.
+ */
+ case ENGINE_CTRL_CHIL_NO_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ threadsafe = 0;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
- /* The command isn't understood by this engine */
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
- ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
+ /* The command isn't understood by this engine */
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+ ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ to_return = 0;
+ break;
+ }
- return to_return;
+ return to_return;
}
/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
static int surewarehk_destroy(ENGINE *e)
{
- ERR_unload_SUREWARE_strings();
- return 1;
+ ERR_unload_SUREWARE_strings();
+ return 1;
}
/* (de)initialisation functions. */
static int surewarehk_init(ENGINE *e)
{
- char msg[64]="ENGINE_init";
- SureWareHook_Init_t *p1=NULL;
- SureWareHook_Finish_t *p2=NULL;
- SureWareHook_Rand_Bytes_t *p3=NULL;
- SureWareHook_Rand_Seed_t *p4=NULL;
- SureWareHook_Load_Privkey_t *p5=NULL;
- SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
- SureWareHook_Free_t *p7=NULL;
- SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
- SureWareHook_Rsa_Sign_t *p9=NULL;
- SureWareHook_Dsa_Sign_t *p12=NULL;
- SureWareHook_Info_Pubkey_t *p13=NULL;
- SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
- SureWareHook_Mod_Exp_t *p15=NULL;
+ char msg[64] = "ENGINE_init";
+ SureWareHook_Init_t *p1 = NULL;
+ SureWareHook_Finish_t *p2 = NULL;
+ SureWareHook_Rand_Bytes_t *p3 = NULL;
+ SureWareHook_Rand_Seed_t *p4 = NULL;
+ SureWareHook_Load_Privkey_t *p5 = NULL;
+ SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL;
+ SureWareHook_Free_t *p7 = NULL;
+ SureWareHook_Rsa_Priv_Dec_t *p8 = NULL;
+ SureWareHook_Rsa_Sign_t *p9 = NULL;
+ SureWareHook_Dsa_Sign_t *p12 = NULL;
+ SureWareHook_Info_Pubkey_t *p13 = NULL;
+ SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL;
+ SureWareHook_Mod_Exp_t *p15 = NULL;
- if(surewarehk_dso != NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
- surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
- if(surewarehk_dso == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
- goto err;
- }
- if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
- !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
- !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
- !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
- !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
- !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
- !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
- !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
- !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
- !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
- !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
- !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
- !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
- goto err;
- }
- /* Copy the pointers */
- p_surewarehk_Init = p1;
- p_surewarehk_Finish = p2;
- p_surewarehk_Rand_Bytes = p3;
- p_surewarehk_Rand_Seed = p4;
- p_surewarehk_Load_Privkey = p5;
- p_surewarehk_Load_Rsa_Pubkey = p6;
- p_surewarehk_Free = p7;
- p_surewarehk_Rsa_Priv_Dec = p8;
- p_surewarehk_Rsa_Sign = p9;
- p_surewarehk_Dsa_Sign = p12;
- p_surewarehk_Info_Pubkey = p13;
- p_surewarehk_Load_Dsa_Pubkey = p14;
- p_surewarehk_Mod_Exp = p15;
- /* Contact the hardware and initialises it. */
- if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
- goto err;
- }
- if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
- goto err;
- }
- /* try to load the default private key, if failed does not return a failure but
- wait for an explicit ENGINE_load_privakey */
- surewarehk_load_privkey(e,NULL,NULL,NULL);
+ if (surewarehk_dso != NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
+ surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
+ if (surewarehk_dso == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ if (!
+ (p1 =
+ (SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Init))
+|| !(p2 =
+ (SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Finish))
+|| !(p3 =
+ (SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rand_Bytes))
+|| !(p4 =
+ (SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rand_Seed))
+|| !(p5 =
+ (SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Load_Privkey))
+|| !(p6 =
+ (SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Load_Rsa_Pubkey))
+|| !(p7 =
+ (SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free))
+|| !(p8 =
+ (SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rsa_Priv_Dec))
+|| !(p9 =
+ (SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rsa_Sign))
+|| !(p12 =
+ (SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Dsa_Sign))
+|| !(p13 =
+ (SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Info_Pubkey))
+|| !(p14 =
+ (SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Load_Dsa_Pubkey))
+|| !(p15 =
+ (SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Mod_Exp))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_surewarehk_Init = p1;
+ p_surewarehk_Finish = p2;
+ p_surewarehk_Rand_Bytes = p3;
+ p_surewarehk_Rand_Seed = p4;
+ p_surewarehk_Load_Privkey = p5;
+ p_surewarehk_Load_Rsa_Pubkey = p6;
+ p_surewarehk_Free = p7;
+ p_surewarehk_Rsa_Priv_Dec = p8;
+ p_surewarehk_Rsa_Sign = p9;
+ p_surewarehk_Dsa_Sign = p12;
+ p_surewarehk_Info_Pubkey = p13;
+ p_surewarehk_Load_Dsa_Pubkey = p14;
+ p_surewarehk_Mod_Exp = p15;
+ /* Contact the hardware and initialises it. */
+ if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
+ goto err;
+ }
+ if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
+ goto err;
+ }
+ /*
+ * try to load the default private key, if failed does not return a
+ * failure but wait for an explicit ENGINE_load_privakey
+ */
+ surewarehk_load_privkey(e, NULL, NULL, NULL);
- /* Everything's fine. */
-#ifndef OPENSSL_NO_RSA
- if (rsaHndidx == -1)
- rsaHndidx = RSA_get_ex_new_index(0,
- "SureWareHook RSA key handle",
- NULL, NULL, surewarehk_ex_free);
-#endif
-#ifndef OPENSSL_NO_DSA
- if (dsaHndidx == -1)
- dsaHndidx = DSA_get_ex_new_index(0,
- "SureWareHook DSA key handle",
- NULL, NULL, surewarehk_ex_free);
-#endif
+ /* Everything's fine. */
+# ifndef OPENSSL_NO_RSA
+ if (rsaHndidx == -1)
+ rsaHndidx = RSA_get_ex_new_index(0,
+ "SureWareHook RSA key handle",
+ NULL, NULL, surewarehk_ex_free);
+# endif
+# ifndef OPENSSL_NO_DSA
+ if (dsaHndidx == -1)
+ dsaHndidx = DSA_get_ex_new_index(0,
+ "SureWareHook DSA key handle",
+ NULL, NULL, surewarehk_ex_free);
+# endif
- return 1;
-err:
- if(surewarehk_dso)
- DSO_free(surewarehk_dso);
- surewarehk_dso = NULL;
- p_surewarehk_Init = NULL;
- p_surewarehk_Finish = NULL;
- p_surewarehk_Rand_Bytes = NULL;
- p_surewarehk_Rand_Seed = NULL;
- p_surewarehk_Load_Privkey = NULL;
- p_surewarehk_Load_Rsa_Pubkey = NULL;
- p_surewarehk_Free = NULL;
- p_surewarehk_Rsa_Priv_Dec = NULL;
- p_surewarehk_Rsa_Sign = NULL;
- p_surewarehk_Dsa_Sign = NULL;
- p_surewarehk_Info_Pubkey = NULL;
- p_surewarehk_Load_Dsa_Pubkey = NULL;
- p_surewarehk_Mod_Exp = NULL;
- return 0;
+ return 1;
+ err:
+ if (surewarehk_dso)
+ DSO_free(surewarehk_dso);
+ surewarehk_dso = NULL;
+ p_surewarehk_Init = NULL;
+ p_surewarehk_Finish = NULL;
+ p_surewarehk_Rand_Bytes = NULL;
+ p_surewarehk_Rand_Seed = NULL;
+ p_surewarehk_Load_Privkey = NULL;
+ p_surewarehk_Load_Rsa_Pubkey = NULL;
+ p_surewarehk_Free = NULL;
+ p_surewarehk_Rsa_Priv_Dec = NULL;
+ p_surewarehk_Rsa_Sign = NULL;
+ p_surewarehk_Dsa_Sign = NULL;
+ p_surewarehk_Info_Pubkey = NULL;
+ p_surewarehk_Load_Dsa_Pubkey = NULL;
+ p_surewarehk_Mod_Exp = NULL;
+ return 0;
}
static int surewarehk_finish(ENGINE *e)
{
- int to_return = 1;
- if(surewarehk_dso == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
- to_return = 0;
- goto err;
- }
- p_surewarehk_Finish();
- if(!DSO_free(surewarehk_dso))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
- to_return = 0;
- goto err;
- }
+ int to_return = 1;
+ if (surewarehk_dso == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED);
+ to_return = 0;
+ goto err;
+ }
+ p_surewarehk_Finish();
+ if (!DSO_free(surewarehk_dso)) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE);
+ to_return = 0;
+ goto err;
+ }
err:
- if (logstream)
- BIO_free(logstream);
- surewarehk_dso = NULL;
- p_surewarehk_Init = NULL;
- p_surewarehk_Finish = NULL;
- p_surewarehk_Rand_Bytes = NULL;
- p_surewarehk_Rand_Seed = NULL;
- p_surewarehk_Load_Privkey = NULL;
- p_surewarehk_Load_Rsa_Pubkey = NULL;
- p_surewarehk_Free = NULL;
- p_surewarehk_Rsa_Priv_Dec = NULL;
- p_surewarehk_Rsa_Sign = NULL;
- p_surewarehk_Dsa_Sign = NULL;
- p_surewarehk_Info_Pubkey = NULL;
- p_surewarehk_Load_Dsa_Pubkey = NULL;
- p_surewarehk_Mod_Exp = NULL;
- return to_return;
+ if (logstream)
+ BIO_free(logstream);
+ surewarehk_dso = NULL;
+ p_surewarehk_Init = NULL;
+ p_surewarehk_Finish = NULL;
+ p_surewarehk_Rand_Bytes = NULL;
+ p_surewarehk_Rand_Seed = NULL;
+ p_surewarehk_Load_Privkey = NULL;
+ p_surewarehk_Load_Rsa_Pubkey = NULL;
+ p_surewarehk_Free = NULL;
+ p_surewarehk_Rsa_Priv_Dec = NULL;
+ p_surewarehk_Rsa_Sign = NULL;
+ p_surewarehk_Dsa_Sign = NULL;
+ p_surewarehk_Info_Pubkey = NULL;
+ p_surewarehk_Load_Dsa_Pubkey = NULL;
+ p_surewarehk_Mod_Exp = NULL;
+ return to_return;
}
-static void surewarehk_error_handling(char *const msg,int func,int ret)
+static void surewarehk_error_handling(char *const msg, int func, int ret)
{
- switch (ret)
- {
- case SUREWAREHOOK_ERROR_UNIT_FAILURE:
- ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
- break;
- case SUREWAREHOOK_ERROR_FALLBACK:
- ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
- break;
- case SUREWAREHOOK_ERROR_DATA_SIZE:
- ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- break;
- case SUREWAREHOOK_ERROR_INVALID_PAD:
- ENGINEerr(func,SUREWARE_R_PADDING_CHECK_FAILED);
- break;
- default:
- ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
- break;
- case 1:/*nothing*/
- msg[0]='\0';
- }
- if (*msg)
- {
- ERR_add_error_data(1,msg);
- if (logstream)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_BIO);
- BIO_write(logstream, msg, strlen(msg));
- CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
- }
- }
+ switch (ret) {
+ case SUREWAREHOOK_ERROR_UNIT_FAILURE:
+ ENGINEerr(func, SUREWARE_R_UNIT_FAILURE);
+ break;
+ case SUREWAREHOOK_ERROR_FALLBACK:
+ ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK);
+ break;
+ case SUREWAREHOOK_ERROR_DATA_SIZE:
+ ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ break;
+ case SUREWAREHOOK_ERROR_INVALID_PAD:
+ ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED);
+ break;
+ default:
+ ENGINEerr(func, SUREWARE_R_REQUEST_FAILED);
+ break;
+ case 1: /* nothing */
+ msg[0] = '\0';
+ }
+ if (*msg) {
+ ERR_add_error_data(1, msg);
+ if (logstream) {
+ CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+ BIO_write(logstream, msg, strlen(msg));
+ CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+ }
+ }
}
static int surewarehk_rand_bytes(unsigned char *buf, int num)
{
- int ret=0;
- char msg[64]="ENGINE_rand_bytes";
- if(!p_surewarehk_Rand_Bytes)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret = p_surewarehk_Rand_Bytes(msg,buf, num);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
- }
- return ret==1 ? 1 : 0;
+ int ret = 0;
+ char msg[64] = "ENGINE_rand_bytes";
+ if (!p_surewarehk_Rand_Bytes) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ ret = p_surewarehk_Rand_Bytes(msg, buf, num);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret);
+ }
+ return ret == 1 ? 1 : 0;
}
static void surewarehk_rand_seed(const void *buf, int num)
{
- int ret=0;
- char msg[64]="ENGINE_rand_seed";
- if(!p_surewarehk_Rand_Seed)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret = p_surewarehk_Rand_Seed(msg,buf, num);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
- }
+ int ret = 0;
+ char msg[64] = "ENGINE_rand_seed";
+ if (!p_surewarehk_Rand_Seed) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ ret = p_surewarehk_Rand_Seed(msg, buf, num);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret);
+ }
}
static void surewarehk_rand_add(const void *buf, int num, double entropy)
{
- surewarehk_rand_seed(buf,num);
+ surewarehk_rand_seed(buf, num);
}
-static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
+static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
+ char *hptr, unsigned long el,
+ char keytype)
{
- EVP_PKEY *res = NULL;
-#ifndef OPENSSL_NO_RSA
- RSA *rsatmp = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- DSA *dsatmp=NULL;
-#endif
- char msg[64]="sureware_load_public";
- int ret=0;
- if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
- goto err;
- }
- switch (keytype)
- {
-#ifndef OPENSSL_NO_RSA
- case 1: /*RSA*/
- /* set private external reference */
- rsatmp = RSA_new_method(e);
- RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
- rsatmp->flags |= RSA_FLAG_EXT_PKEY;
+ EVP_PKEY *res = NULL;
+# ifndef OPENSSL_NO_RSA
+ RSA *rsatmp = NULL;
+# endif
+# ifndef OPENSSL_NO_DSA
+ DSA *dsatmp = NULL;
+# endif
+ char msg[64] = "sureware_load_public";
+ int ret = 0;
+ if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) {
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+ switch (keytype) {
+# ifndef OPENSSL_NO_RSA
+ case 1:
+ /*RSA*/
+ /* set private external reference */
+ rsatmp = RSA_new_method(e);
+ RSA_set_ex_data(rsatmp, rsaHndidx, hptr);
+ rsatmp->flags |= RSA_FLAG_EXT_PKEY;
- /* set public big nums*/
- rsatmp->e = BN_new();
- rsatmp->n = BN_new();
- bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
- bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
- if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
- !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
- goto err;
- ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
- (unsigned long *)rsatmp->n->d,
- (unsigned long *)rsatmp->e->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
- /* normalise pub e and pub n */
- rsatmp->e->top=el/sizeof(BN_ULONG);
- bn_fix_top(rsatmp->e);
- rsatmp->n->top=el/sizeof(BN_ULONG);
- bn_fix_top(rsatmp->n);
- /* create an EVP object: engine + rsa key */
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rsatmp);
- break;
-#endif
+ /* set public big nums */
+ rsatmp->e = BN_new();
+ rsatmp->n = BN_new();
+ bn_expand2(rsatmp->e, el / sizeof(BN_ULONG));
+ bn_expand2(rsatmp->n, el / sizeof(BN_ULONG));
+ if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
+ !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
+ goto err;
+ ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el,
+ (unsigned long *)rsatmp->n->d,
+ (unsigned long *)rsatmp->e->d);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ goto err;
+ }
+ /* normalise pub e and pub n */
+ rsatmp->e->top = el / sizeof(BN_ULONG);
+ bn_fix_top(rsatmp->e);
+ rsatmp->n->top = el / sizeof(BN_ULONG);
+ bn_fix_top(rsatmp->n);
+ /* create an EVP object: engine + rsa key */
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rsatmp);
+ break;
+# endif
-#ifndef OPENSSL_NO_DSA
- case 2:/*DSA*/
- /* set private/public external reference */
- dsatmp = DSA_new_method(e);
- DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
- /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
+# ifndef OPENSSL_NO_DSA
+ case 2:
+ /*DSA*/
+ /* set private/public external reference */
+ dsatmp = DSA_new_method(e);
+ DSA_set_ex_data(dsatmp, dsaHndidx, hptr);
+ /*
+ * dsatmp->flags |= DSA_FLAG_EXT_PKEY;
+ */
- /* set public key*/
- dsatmp->pub_key = BN_new();
- dsatmp->p = BN_new();
- dsatmp->q = BN_new();
- dsatmp->g = BN_new();
- bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
- bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
- bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
- bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
- if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
- !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
- !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
- !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
- goto err;
+ /* set public key */
+ dsatmp->pub_key = BN_new();
+ dsatmp->p = BN_new();
+ dsatmp->q = BN_new();
+ dsatmp->g = BN_new();
+ bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG));
+ bn_expand2(dsatmp->p, el / sizeof(BN_ULONG));
+ bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG));
+ bn_expand2(dsatmp->g, el / sizeof(BN_ULONG));
+ if (!dsatmp->pub_key
+ || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
+ || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
+ || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
+ || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
+ goto err;
- ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
- (unsigned long *)dsatmp->pub_key->d,
- (unsigned long *)dsatmp->p->d,
- (unsigned long *)dsatmp->q->d,
- (unsigned long *)dsatmp->g->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
- /* set parameters */
- /* normalise pubkey and parameters in case of */
- dsatmp->pub_key->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->pub_key);
- dsatmp->p->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->p);
- dsatmp->q->top=20/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->q);
- dsatmp->g->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->g);
+ ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el,
+ (unsigned long *)dsatmp->
+ pub_key->d,
+ (unsigned long *)dsatmp->p->d,
+ (unsigned long *)dsatmp->q->d,
+ (unsigned long *)dsatmp->g->d);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ goto err;
+ }
+ /* set parameters */
+ /* normalise pubkey and parameters in case of */
+ dsatmp->pub_key->top = el / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->pub_key);
+ dsatmp->p->top = el / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->p);
+ dsatmp->q->top = 20 / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->q);
+ dsatmp->g->top = el / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->g);
- /* create an EVP object: engine + rsa key */
- res = EVP_PKEY_new();
- EVP_PKEY_assign_DSA(res, dsatmp);
- break;
-#endif
+ /* create an EVP object: engine + rsa key */
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_DSA(res, dsatmp);
+ break;
+# endif
- default:
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
- return res;
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+ return res;
err:
-#ifndef OPENSSL_NO_RSA
- if (rsatmp)
- RSA_free(rsatmp);
-#endif
-#ifndef OPENSSL_NO_DSA
- if (dsatmp)
- DSA_free(dsatmp);
-#endif
- return NULL;
+# ifndef OPENSSL_NO_RSA
+ if (rsatmp)
+ RSA_free(rsatmp);
+# endif
+# ifndef OPENSSL_NO_DSA
+ if (dsatmp)
+ DSA_free(dsatmp);
+# endif
+ return NULL;
}
static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
+ UI_METHOD *ui_method,
+ void *callback_data)
{
- EVP_PKEY *res = NULL;
- int ret=0;
- unsigned long el=0;
- char *hptr=NULL;
- char keytype=0;
- char msg[64]="ENGINE_load_privkey";
+ EVP_PKEY *res = NULL;
+ int ret = 0;
+ unsigned long el = 0;
+ char *hptr = NULL;
+ char keytype = 0;
+ char msg[64] = "ENGINE_load_privkey";
- if(!p_surewarehk_Load_Privkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- ERR_add_error_data(1,msg);
- }
- else
- res=sureware_load_public(e,key_id,hptr,el,keytype);
- }
- return res;
+ if (!p_surewarehk_Load_Privkey) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+ ERR_add_error_data(1, msg);
+ } else
+ res = sureware_load_public(e, key_id, hptr, el, keytype);
+ }
+ return res;
}
static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
+ UI_METHOD *ui_method,
+ void *callback_data)
{
- EVP_PKEY *res = NULL;
- int ret=0;
- unsigned long el=0;
- char *hptr=NULL;
- char keytype=0;
- char msg[64]="ENGINE_load_pubkey";
+ EVP_PKEY *res = NULL;
+ int ret = 0;
+ unsigned long el = 0;
+ char *hptr = NULL;
+ char keytype = 0;
+ char msg[64] = "ENGINE_load_pubkey";
- if(!p_surewarehk_Info_Pubkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- /* call once to identify if DSA or RSA */
- ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- ERR_add_error_data(1,msg);
- }
- else
- res=sureware_load_public(e,key_id,hptr,el,keytype);
- }
- return res;
+ if (!p_surewarehk_Info_Pubkey) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ /* call once to identify if DSA or RSA */
+ ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ ERR_add_error_data(1, msg);
+ } else
+ res = sureware_load_public(e, key_id, hptr, el, keytype);
+ }
+ return res;
}
-/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
-, called when ex_data is freed */
+/*
+ * This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
+ * , called when ex_data is freed
+ */
static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp)
+ int idx, long argl, void *argp)
{
- if(!p_surewarehk_Free)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
- }
- else
- p_surewarehk_Free((char *)item,0);
+ if (!p_surewarehk_Free) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED);
+ } else
+ p_surewarehk_Free((char *)item, 0);
}
-#if 0
+# if 0
/* not currently used (bug?) */
-/* This cleans up an DH KM key (destroys the key into hardware),
-called when ex_data is freed */
+/*
+ * This cleans up an DH KM key (destroys the key into hardware), called when
+ * ex_data is freed
+ */
static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp)
+ int idx, long argl, void *argp)
{
- if(!p_surewarehk_Free)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,ENGINE_R_NOT_INITIALISED);
- }
- else
- p_surewarehk_Free((char *)item,1);
+ if (!p_surewarehk_Free) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,
+ ENGINE_R_NOT_INITIALISED);
+ } else
+ p_surewarehk_Free((char *)item, 1);
}
-#endif
+# endif
/*
-* return number of decrypted bytes
-*/
-#ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding)
+ * return number of decrypted bytes
+ */
+# ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
{
- int ret=0,tlen;
- char *buf=NULL,*hptr=NULL;
- char msg[64]="ENGINE_rsa_priv_dec";
- if (!p_surewarehk_Rsa_Priv_Dec)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
- }
- /* extract ref to private key */
- else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- /* analyse what padding we can do into the hardware */
- if (padding==RSA_PKCS1_PADDING)
- {
- /* do it one shot */
- ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
- if (ret!=1)
- goto err;
- ret=tlen;
- }
- else /* do with no padding into hardware */
- {
- ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
- if (ret!=1)
- goto err;
- /* intermediate buffer for padding */
- if ((buf=OPENSSL_malloc(tlen)) == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(buf,to,tlen);/* transfert to into buf */
- switch (padding) /* check padding in software */
- {
-#ifndef OPENSSL_NO_SHA
- case RSA_PKCS1_OAEP_PADDING:
- ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
- break;
-#endif
- case RSA_SSLV23_PADDING:
- ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
- break;
- case RSA_NO_PADDING:
- ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
- break;
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (ret < 0)
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED);
- }
-err:
- if (buf)
- {
- OPENSSL_cleanse(buf,tlen);
- OPENSSL_free(buf);
- }
- return ret;
+ int ret = 0, tlen;
+ char *buf = NULL, *hptr = NULL;
+ char msg[64] = "ENGINE_rsa_priv_dec";
+ if (!p_surewarehk_Rsa_Priv_Dec) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ENGINE_R_NOT_INITIALISED);
+ }
+ /* extract ref to private key */
+ else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ SUREWARE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+ /* analyse what padding we can do into the hardware */
+ if (padding == RSA_PKCS1_PADDING) {
+ /* do it one shot */
+ ret =
+ p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
+ to, hptr, SUREWARE_PKCS1_PAD);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ret);
+ if (ret != 1)
+ goto err;
+ ret = tlen;
+ } else { /* do with no padding into hardware */
+
+ ret =
+ p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
+ to, hptr, SUREWARE_NO_PAD);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ret);
+ if (ret != 1)
+ goto err;
+ /* intermediate buffer for padding */
+ if ((buf = OPENSSL_malloc(tlen)) == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ memcpy(buf, to, tlen); /* transfert to into buf */
+ switch (padding) { /* check padding in software */
+# ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ ret =
+ RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf,
+ tlen, tlen, NULL, 0);
+ break;
+# endif
+ case RSA_SSLV23_PADDING:
+ ret =
+ RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen,
+ tlen);
+ break;
+ case RSA_NO_PADDING:
+ ret =
+ RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen,
+ tlen);
+ break;
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ SUREWARE_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (ret < 0)
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ SUREWARE_R_PADDING_CHECK_FAILED);
+ }
+ err:
+ if (buf) {
+ OPENSSL_cleanse(buf, tlen);
+ OPENSSL_free(buf);
+ }
+ return ret;
}
/*
-* Does what OpenSSL rsa_priv_enc does.
-*/
-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding)
+ * Does what OpenSSL rsa_priv_enc does.
+ */
+static int surewarehk_rsa_sign(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
{
- int ret=0,tlen;
- char *hptr=NULL;
- char msg[64]="ENGINE_rsa_sign";
- if (!p_surewarehk_Rsa_Sign)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED);
- }
- /* extract ref to private key */
- else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
- }
- else
- {
- switch (padding)
- {
- case RSA_PKCS1_PADDING: /* do it in one shot */
- ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret);
- break;
- case RSA_NO_PADDING:
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE);
- }
- }
- return ret==1 ? tlen : ret;
+ int ret = 0, tlen;
+ char *hptr = NULL;
+ char msg[64] = "ENGINE_rsa_sign";
+ if (!p_surewarehk_Rsa_Sign) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED);
+ }
+ /* extract ref to private key */
+ else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
+ SUREWARE_R_MISSING_KEY_COMPONENTS);
+ } else {
+ switch (padding) {
+ case RSA_PKCS1_PADDING: /* do it in one shot */
+ ret =
+ p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen,
+ to, hptr, SUREWARE_PKCS1_PAD);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN,
+ ret);
+ break;
+ case RSA_NO_PADDING:
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
+ SUREWARE_R_UNKNOWN_PADDING_TYPE);
+ }
+ }
+ return ret == 1 ? tlen : ret;
}
-#endif
+# endif
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
/* DSA sign and verify */
-static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
+static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen,
+ DSA *dsa)
{
- int ret=0;
- char *hptr=NULL;
- DSA_SIG *psign=NULL;
- char msg[64]="ENGINE_dsa_do_sign";
- if (!p_surewarehk_Dsa_Sign)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
- goto err;
- }
- /* extract ref to private key */
- else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- else
- {
- if((psign = DSA_SIG_new()) == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- psign->r=BN_new();
- psign->s=BN_new();
- bn_expand2(psign->r, 20/sizeof(BN_ULONG));
- bn_expand2(psign->s, 20/sizeof(BN_ULONG));
- if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
- !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
- goto err;
- ret=p_surewarehk_Dsa_Sign(msg,flen,from,
- (unsigned long *)psign->r->d,
- (unsigned long *)psign->s->d,
- hptr);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
- }
- psign->r->top=20/sizeof(BN_ULONG);
- bn_fix_top(psign->r);
- psign->s->top=20/sizeof(BN_ULONG);
- bn_fix_top(psign->s);
+ int ret = 0;
+ char *hptr = NULL;
+ DSA_SIG *psign = NULL;
+ char msg[64] = "ENGINE_dsa_do_sign";
+ if (!p_surewarehk_Dsa_Sign) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+ /* extract ref to private key */
+ else if (!(hptr = DSA_get_ex_data(dsa, dsaHndidx))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ SUREWARE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ } else {
+ if ((psign = DSA_SIG_new()) == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ psign->r = BN_new();
+ psign->s = BN_new();
+ bn_expand2(psign->r, 20 / sizeof(BN_ULONG));
+ bn_expand2(psign->s, 20 / sizeof(BN_ULONG));
+ if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) ||
+ !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG))
+ goto err;
+ ret = p_surewarehk_Dsa_Sign(msg, flen, from,
+ (unsigned long *)psign->r->d,
+ (unsigned long *)psign->s->d, hptr);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ ret);
+ }
+ psign->r->top = 20 / sizeof(BN_ULONG);
+ bn_fix_top(psign->r);
+ psign->s->top = 20 / sizeof(BN_ULONG);
+ bn_fix_top(psign->s);
-err:
- if (psign)
- {
- DSA_SIG_free(psign);
- psign=NULL;
- }
- return psign;
+ err:
+ if (psign) {
+ DSA_SIG_free(psign);
+ psign = NULL;
+ }
+ return psign;
}
-#endif
+# endif
static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
+ const BIGNUM *m, BN_CTX *ctx)
{
- int ret=0;
- char msg[64]="ENGINE_modexp";
- if (!p_surewarehk_Mod_Exp)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- bn_expand2(r,m->top);
- if (r && r->dmax==m->top)
- {
- /* do it*/
- ret=p_surewarehk_Mod_Exp(msg,
- m->top*sizeof(BN_ULONG),
- (unsigned long *)m->d,
- p->top*sizeof(BN_ULONG),
- (unsigned long *)p->d,
- a->top*sizeof(BN_ULONG),
- (unsigned long *)a->d,
- (unsigned long *)r->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MODEXP,ret);
- if (ret==1)
- {
- /* normalise result */
- r->top=m->top;
- bn_fix_top(r);
- }
- }
- }
- return ret;
+ int ret = 0;
+ char msg[64] = "ENGINE_modexp";
+ if (!p_surewarehk_Mod_Exp) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED);
+ } else {
+ bn_expand2(r, m->top);
+ if (r && r->dmax == m->top) {
+ /* do it */
+ ret = p_surewarehk_Mod_Exp(msg,
+ m->top * sizeof(BN_ULONG),
+ (unsigned long *)m->d,
+ p->top * sizeof(BN_ULONG),
+ (unsigned long *)p->d,
+ a->top * sizeof(BN_ULONG),
+ (unsigned long *)a->d,
+ (unsigned long *)r->d);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret);
+ if (ret == 1) {
+ /* normalise result */
+ r->top = m->top;
+ bn_fix_top(r);
+ }
+ }
+ }
+ return ret;
}
-#endif /* !OPENSSL_NO_HW_SureWare */
-#endif /* !OPENSSL_NO_HW */
+# endif /* !OPENSSL_NO_HW_SureWare */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_sureware_err.c b/openssl/engines/e_sureware_err.c
index d4ca68c1d..f6f7eff3a 100644
--- a/openssl/engines/e_sureware_err.c
+++ b/openssl/engines/e_sureware_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,94 +66,89 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA SUREWARE_str_functs[]=
- {
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
-{ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA SUREWARE_str_reasons[]=
- {
-{ERR_REASON(SUREWARE_R_BIO_WAS_FREED) ,"bio was freed"},
-{ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED),"padding check failed"},
-{ERR_REASON(SUREWARE_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(SUREWARE_R_REQUEST_FALLBACK) ,"request fallback"},
-{ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(SUREWARE_R_UNIT_FAILURE) ,"unit failure"},
-{ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE),"unknown padding type"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA SUREWARE_str_functs[] = {
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
+ {ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA SUREWARE_str_reasons[] = {
+ {ERR_REASON(SUREWARE_R_BIO_WAS_FREED), "bio was freed"},
+ {ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED), "padding check failed"},
+ {ERR_REASON(SUREWARE_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(SUREWARE_R_REQUEST_FALLBACK), "request fallback"},
+ {ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(SUREWARE_R_UNIT_FAILURE), "unit failure"},
+ {ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
+ {0, NULL}
+};
#endif
#ifdef SUREWARE_LIB_NAME
-static ERR_STRING_DATA SUREWARE_lib_name[]=
- {
-{0 ,SUREWARE_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA SUREWARE_lib_name[] = {
+ {0, SUREWARE_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int SUREWARE_lib_error_code=0;
-static int SUREWARE_error_init=1;
+static int SUREWARE_lib_error_code = 0;
+static int SUREWARE_error_init = 1;
static void ERR_load_SUREWARE_strings(void)
- {
- if (SUREWARE_lib_error_code == 0)
- SUREWARE_lib_error_code=ERR_get_next_error_library();
+{
+ if (SUREWARE_lib_error_code == 0)
+ SUREWARE_lib_error_code = ERR_get_next_error_library();
- if (SUREWARE_error_init)
- {
- SUREWARE_error_init=0;
+ if (SUREWARE_error_init) {
+ SUREWARE_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
- ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+ ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
+ ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
#endif
#ifdef SUREWARE_LIB_NAME
- SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
- ERR_load_strings(0,SUREWARE_lib_name);
+ SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code, 0, 0);
+ ERR_load_strings(0, SUREWARE_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_SUREWARE_strings(void)
- {
- if (SUREWARE_error_init == 0)
- {
+{
+ if (SUREWARE_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
- ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+ ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
+ ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
#endif
#ifdef SUREWARE_LIB_NAME
- ERR_unload_strings(0,SUREWARE_lib_name);
+ ERR_unload_strings(0, SUREWARE_lib_name);
#endif
- SUREWARE_error_init=1;
- }
- }
+ SUREWARE_error_init = 1;
+ }
+}
static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
- {
- if (SUREWARE_lib_error_code == 0)
- SUREWARE_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
- }
+{
+ if (SUREWARE_lib_error_code == 0)
+ SUREWARE_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(SUREWARE_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_sureware_err.h b/openssl/engines/e_sureware_err.h
index ec8ed0c59..bef862392 100644
--- a/openssl/engines/e_sureware_err.h
+++ b/openssl/engines/e_sureware_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,48 +53,50 @@
*/
#ifndef HEADER_SUREWARE_ERR_H
-#define HEADER_SUREWARE_ERR_H
+# define HEADER_SUREWARE_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_SUREWARE_strings(void);
static void ERR_unload_SUREWARE_strings(void);
-static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
-#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
+static void ERR_SUREWARE_error(int function, int reason, char *file,
+ int line);
+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
/* Error codes for the SUREWARE functions. */
/* Function codes. */
-#define SUREWARE_F_SUREWAREHK_CTRL 100
-#define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112
-#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
-#define SUREWARE_F_SUREWAREHK_EX_FREE 102
-#define SUREWARE_F_SUREWAREHK_FINISH 103
-#define SUREWARE_F_SUREWAREHK_INIT 104
-#define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105
-#define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113
-#define SUREWARE_F_SUREWAREHK_MODEXP 107
-#define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
-#define SUREWARE_F_SUREWAREHK_RAND_SEED 109
-#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
-#define SUREWARE_F_SUREWAREHK_RSA_SIGN 111
-#define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106
+# define SUREWARE_F_SUREWAREHK_CTRL 100
+# define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112
+# define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
+# define SUREWARE_F_SUREWAREHK_EX_FREE 102
+# define SUREWARE_F_SUREWAREHK_FINISH 103
+# define SUREWARE_F_SUREWAREHK_INIT 104
+# define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105
+# define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113
+# define SUREWARE_F_SUREWAREHK_MODEXP 107
+# define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
+# define SUREWARE_F_SUREWAREHK_RAND_SEED 109
+# define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
+# define SUREWARE_F_SUREWAREHK_RSA_SIGN 111
+# define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106
/* Reason codes. */
-#define SUREWARE_R_BIO_WAS_FREED 100
-#define SUREWARE_R_MISSING_KEY_COMPONENTS 105
-#define SUREWARE_R_PADDING_CHECK_FAILED 106
-#define SUREWARE_R_REQUEST_FAILED 101
-#define SUREWARE_R_REQUEST_FALLBACK 102
-#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
-#define SUREWARE_R_UNIT_FAILURE 104
-#define SUREWARE_R_UNKNOWN_PADDING_TYPE 107
+# define SUREWARE_R_BIO_WAS_FREED 100
+# define SUREWARE_R_MISSING_KEY_COMPONENTS 105
+# define SUREWARE_R_PADDING_CHECK_FAILED 106
+# define SUREWARE_R_REQUEST_FAILED 101
+# define SUREWARE_R_REQUEST_FALLBACK 102
+# define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
+# define SUREWARE_R_UNIT_FAILURE 104
+# define SUREWARE_R_UNKNOWN_PADDING_TYPE 107
#ifdef __cplusplus
}
diff --git a/openssl/engines/e_ubsec.c b/openssl/engines/e_ubsec.c
index aa5709bd8..6f09ffb96 100644
--- a/openssl/engines/e_ubsec.c
+++ b/openssl/engines/e_ubsec.c
@@ -1,8 +1,7 @@
/* crypto/engine/hw_ubsec.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- *
- * Cloned shamelessly by Joe Tardo.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000. Cloned shamelessly by Joe Tardo.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -12,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -65,1005 +64,1022 @@
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_UBSEC
+# ifndef OPENSSL_NO_HW_UBSEC
-#ifdef FLAT_INC
-#include "hw_ubsec.h"
-#else
-#include "vendor_defns/hw_ubsec.h"
-#endif
+# ifdef FLAT_INC
+# include "hw_ubsec.h"
+# else
+# include "vendor_defns/hw_ubsec.h"
+# endif
-#define UBSEC_LIB_NAME "ubsec engine"
-#include "e_ubsec_err.c"
+# define UBSEC_LIB_NAME "ubsec engine"
+# include "e_ubsec_err.c"
-#define FAIL_TO_SOFTWARE -15
+# define FAIL_TO_SOFTWARE -15
static int ubsec_destroy(ENGINE *e);
static int ubsec_init(ENGINE *e);
static int ubsec_finish(ENGINE *e);
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
+ const BIGNUM *m, BN_CTX *ctx);
+# ifndef OPENSSL_NO_RSA
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dp,
- const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ const BIGNUM *q, const BIGNUM *dp,
+ const BIGNUM *dq, const BIGNUM *qinv,
+ BN_CTX *ctx);
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-#ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+# ifndef OPENSSL_NO_DSA
+# ifdef NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_DH
+ DSA_SIG *sig, DSA *dsa);
+# endif
+# ifndef OPENSSL_NO_DH
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int ubsec_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh);
static int ubsec_dh_generate_key(DH *dh);
-#endif
+# endif
-#ifdef NOT_USED
+# ifdef NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num);
static int ubsec_rand_status(void);
-#endif
+# endif
-#define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
+# define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
- {UBSEC_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'ubsec' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
+ {UBSEC_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'ubsec' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD ubsec_rsa =
- {
- "UBSEC RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- ubsec_rsa_mod_exp,
- ubsec_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
+static RSA_METHOD ubsec_rsa = {
+ "UBSEC RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ ubsec_rsa_mod_exp,
+ ubsec_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD ubsec_dsa =
- {
- "UBSEC DSA method",
- ubsec_dsa_do_sign, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- ubsec_dsa_verify, /* dsa_do_verify */
- NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
- NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
+static DSA_METHOD ubsec_dsa = {
+ "UBSEC DSA method",
+ ubsec_dsa_do_sign, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ ubsec_dsa_verify, /* dsa_do_verify */
+ NULL, /* ubsec_dsa_mod_exp *//* dsa_mod_exp */
+ NULL, /* ubsec_mod_exp_dsa *//* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD ubsec_dh =
- {
- "UBSEC DH method",
- ubsec_dh_generate_key,
- ubsec_dh_compute_key,
- ubsec_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
+static DH_METHOD ubsec_dh = {
+ "UBSEC DH method",
+ ubsec_dh_generate_key,
+ ubsec_dh_compute_key,
+ ubsec_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
/* Constants used when creating the ENGINE */
static const char *engine_ubsec_id = "ubsec";
static const char *engine_ubsec_name = "UBSEC hardware engine support";
-/* This internal function is used by ENGINE_ubsec() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_ubsec() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
-#ifndef HAVE_UBSEC_DH
- const DH_METHOD *meth3;
-#endif /* HAVE_UBSEC_DH */
-#endif
- if(!ENGINE_set_id(e, engine_ubsec_id) ||
- !ENGINE_set_name(e, engine_ubsec_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ubsec_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &ubsec_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &ubsec_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, ubsec_destroy) ||
- !ENGINE_set_init_function(e, ubsec_init) ||
- !ENGINE_set_finish_function(e, ubsec_finish) ||
- !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
- !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the Broadcom-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
-#ifndef HAVE_UBSEC_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- ubsec_dh.generate_key = meth3->generate_key;
- ubsec_dh.compute_key = meth3->compute_key;
-#endif /* HAVE_UBSEC_DH */
-#endif
-
- /* Ensure the ubsec error handling is set up */
- ERR_load_UBSEC_strings();
- return 1;
- }
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DH
+# ifndef HAVE_UBSEC_DH
+ const DH_METHOD *meth3;
+# endif /* HAVE_UBSEC_DH */
+# endif
+ if (!ENGINE_set_id(e, engine_ubsec_id) ||
+ !ENGINE_set_name(e, engine_ubsec_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &ubsec_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &ubsec_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &ubsec_dh) ||
+# endif
+ !ENGINE_set_destroy_function(e, ubsec_destroy) ||
+ !ENGINE_set_init_function(e, ubsec_init) ||
+ !ENGINE_set_finish_function(e, ubsec_finish) ||
+ !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
+ !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * Broadcom-specific mod_exp and mod_exp_crt so we use those functions.
+ * NB: We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DH
+# ifndef HAVE_UBSEC_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ ubsec_dh.generate_key = meth3->generate_key;
+ ubsec_dh.compute_key = meth3->compute_key;
+# endif /* HAVE_UBSEC_DH */
+# endif
+
+ /* Ensure the ubsec error handling is set up */
+ ERR_load_UBSEC_strings();
+ return 1;
+}
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_ubsec(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_ubsec(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_ubsec();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_ubsec();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
-/* This is a process-global DSO handle used for loading and unloading
- * the UBSEC library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * UBSEC library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
static DSO *ubsec_dso = NULL;
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
-static t_UBSEC_diffie_hellman_generate_ioctl
- *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
-static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_DH
+static t_UBSEC_diffie_hellman_generate_ioctl
+ * p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl
+ = NULL;
+# endif
+# ifndef OPENSSL_NO_RSA
static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
+# endif
+# ifndef OPENSSL_NO_DSA
static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
+# endif
static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
static int max_key_len = 1024; /* ??? */
-/*
+/*
* These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
+ * symbol names to bind to.
*/
static const char *UBSEC_LIBNAME = NULL;
static const char *get_UBSEC_LIBNAME(void)
- {
- if(UBSEC_LIBNAME)
- return UBSEC_LIBNAME;
- return "ubsec";
- }
+{
+ if (UBSEC_LIBNAME)
+ return UBSEC_LIBNAME;
+ return "ubsec";
+}
+
static void free_UBSEC_LIBNAME(void)
- {
- if(UBSEC_LIBNAME)
- OPENSSL_free((void*)UBSEC_LIBNAME);
- UBSEC_LIBNAME = NULL;
- }
+{
+ if (UBSEC_LIBNAME)
+ OPENSSL_free((void *)UBSEC_LIBNAME);
+ UBSEC_LIBNAME = NULL;
+}
+
static long set_UBSEC_LIBNAME(const char *name)
- {
- free_UBSEC_LIBNAME();
- return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
+{
+ free_UBSEC_LIBNAME();
+ return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
static const char *UBSEC_F3 = "ubsec_open";
static const char *UBSEC_F4 = "ubsec_close";
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
-#endif
+# endif
/* #ifndef OPENSSL_NO_RSA */
static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
/* #endif */
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
static const char *UBSEC_F9 = "dsa_sign_ioctl";
static const char *UBSEC_F10 = "dsa_verify_ioctl";
-#endif
+# endif
static const char *UBSEC_F11 = "math_accelerate_ioctl";
static const char *UBSEC_F12 = "rng_ioctl";
static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
/* Destructor (complements the "ENGINE_ubsec()" constructor) */
static int ubsec_destroy(ENGINE *e)
- {
- free_UBSEC_LIBNAME();
- ERR_unload_UBSEC_strings();
- return 1;
- }
+{
+ free_UBSEC_LIBNAME();
+ ERR_unload_UBSEC_strings();
+ return 1;
+}
/* (de)initialisation functions. */
static int ubsec_init(ENGINE *e)
- {
- t_UBSEC_ubsec_bytes_to_bits *p1;
- t_UBSEC_ubsec_bits_to_bytes *p2;
- t_UBSEC_ubsec_open *p3;
- t_UBSEC_ubsec_close *p4;
-#ifndef OPENSSL_NO_DH
- t_UBSEC_diffie_hellman_generate_ioctl *p5;
- t_UBSEC_diffie_hellman_agree_ioctl *p6;
-#endif
+{
+ t_UBSEC_ubsec_bytes_to_bits *p1;
+ t_UBSEC_ubsec_bits_to_bytes *p2;
+ t_UBSEC_ubsec_open *p3;
+ t_UBSEC_ubsec_close *p4;
+# ifndef OPENSSL_NO_DH
+ t_UBSEC_diffie_hellman_generate_ioctl *p5;
+ t_UBSEC_diffie_hellman_agree_ioctl *p6;
+# endif
/* #ifndef OPENSSL_NO_RSA */
- t_UBSEC_rsa_mod_exp_ioctl *p7;
- t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
+ t_UBSEC_rsa_mod_exp_ioctl *p7;
+ t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
/* #endif */
-#ifndef OPENSSL_NO_DSA
- t_UBSEC_dsa_sign_ioctl *p9;
- t_UBSEC_dsa_verify_ioctl *p10;
-#endif
- t_UBSEC_math_accelerate_ioctl *p11;
- t_UBSEC_rng_ioctl *p12;
- t_UBSEC_max_key_len_ioctl *p13;
- int fd = 0;
-
- if(ubsec_dso != NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
- goto err;
- }
- /*
- * Attempt to load libubsec.so/ubsec.dll/whatever.
- */
- ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
- goto err;
- }
-
- if (
- !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
- !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
- !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
- !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
-#ifndef OPENSSL_NO_DH
- !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
- !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
-#endif
+# ifndef OPENSSL_NO_DSA
+ t_UBSEC_dsa_sign_ioctl *p9;
+ t_UBSEC_dsa_verify_ioctl *p10;
+# endif
+ t_UBSEC_math_accelerate_ioctl *p11;
+ t_UBSEC_rng_ioctl *p12;
+ t_UBSEC_max_key_len_ioctl *p13;
+ int fd = 0;
+
+ if (ubsec_dso != NULL) {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
+ goto err;
+ }
+ /*
+ * Attempt to load libubsec.so/ubsec.dll/whatever.
+ */
+ ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
+ if (ubsec_dso == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+ goto err;
+ }
+
+ if (!(p1 = (t_UBSEC_ubsec_bytes_to_bits *)
+ DSO_bind_func(ubsec_dso, UBSEC_F1))
+ || !(p2 = (t_UBSEC_ubsec_bits_to_bytes *)
+ DSO_bind_func(ubsec_dso, UBSEC_F2))
+ || !(p3 = (t_UBSEC_ubsec_open *)
+ DSO_bind_func(ubsec_dso, UBSEC_F3))
+ || !(p4 = (t_UBSEC_ubsec_close *)
+ DSO_bind_func(ubsec_dso, UBSEC_F4))
+# ifndef OPENSSL_NO_DH
+ || !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F5))
+ || !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F6))
+# endif
/* #ifndef OPENSSL_NO_RSA */
- !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
- !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
+ || !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F7))
+ || !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F8))
/* #endif */
-#ifndef OPENSSL_NO_DSA
- !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
- !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
-#endif
- !(p11 = (t_UBSEC_math_accelerate_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
- !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
- !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
- goto err;
- }
-
- /* Copy the pointers */
- p_UBSEC_ubsec_bytes_to_bits = p1;
- p_UBSEC_ubsec_bits_to_bytes = p2;
- p_UBSEC_ubsec_open = p3;
- p_UBSEC_ubsec_close = p4;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = p5;
- p_UBSEC_diffie_hellman_agree_ioctl = p6;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = p7;
- p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = p9;
- p_UBSEC_dsa_verify_ioctl = p10;
-#endif
- p_UBSEC_math_accelerate_ioctl = p11;
- p_UBSEC_rng_ioctl = p12;
- p_UBSEC_max_key_len_ioctl = p13;
-
- /* Perform an open to see if there's actually any unit running. */
- if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
- {
- p_UBSEC_ubsec_close(fd);
- return 1;
- }
- else
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
- }
-
-err:
- if(ubsec_dso)
- DSO_free(ubsec_dso);
- ubsec_dso = NULL;
- p_UBSEC_ubsec_bytes_to_bits = NULL;
- p_UBSEC_ubsec_bits_to_bytes = NULL;
- p_UBSEC_ubsec_open = NULL;
- p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = NULL;
- p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = NULL;
- p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = NULL;
- p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
- p_UBSEC_math_accelerate_ioctl = NULL;
- p_UBSEC_rng_ioctl = NULL;
- p_UBSEC_max_key_len_ioctl = NULL;
-
- return 0;
- }
+# ifndef OPENSSL_NO_DSA
+ || !(p9 = (t_UBSEC_dsa_sign_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F9))
+ || !(p10 = (t_UBSEC_dsa_verify_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F10))
+# endif
+ || !(p11 = (t_UBSEC_math_accelerate_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F11))
+ || !(p12 = (t_UBSEC_rng_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F12))
+ || !(p13 = (t_UBSEC_max_key_len_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F13))) {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+ goto err;
+ }
+
+ /* Copy the pointers */
+ p_UBSEC_ubsec_bytes_to_bits = p1;
+ p_UBSEC_ubsec_bits_to_bytes = p2;
+ p_UBSEC_ubsec_open = p3;
+ p_UBSEC_ubsec_close = p4;
+# ifndef OPENSSL_NO_DH
+ p_UBSEC_diffie_hellman_generate_ioctl = p5;
+ p_UBSEC_diffie_hellman_agree_ioctl = p6;
+# endif
+# ifndef OPENSSL_NO_RSA
+ p_UBSEC_rsa_mod_exp_ioctl = p7;
+ p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p_UBSEC_dsa_sign_ioctl = p9;
+ p_UBSEC_dsa_verify_ioctl = p10;
+# endif
+ p_UBSEC_math_accelerate_ioctl = p11;
+ p_UBSEC_rng_ioctl = p12;
+ p_UBSEC_max_key_len_ioctl = p13;
+
+ /* Perform an open to see if there's actually any unit running. */
+ if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0)
+ && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0)) {
+ p_UBSEC_ubsec_close(fd);
+ return 1;
+ } else {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+ }
+
+ err:
+ if (ubsec_dso)
+ DSO_free(ubsec_dso);
+ ubsec_dso = NULL;
+ p_UBSEC_ubsec_bytes_to_bits = NULL;
+ p_UBSEC_ubsec_bits_to_bytes = NULL;
+ p_UBSEC_ubsec_open = NULL;
+ p_UBSEC_ubsec_close = NULL;
+# ifndef OPENSSL_NO_DH
+ p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+ p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_RSA
+ p_UBSEC_rsa_mod_exp_ioctl = NULL;
+ p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p_UBSEC_dsa_sign_ioctl = NULL;
+ p_UBSEC_dsa_verify_ioctl = NULL;
+# endif
+ p_UBSEC_math_accelerate_ioctl = NULL;
+ p_UBSEC_rng_ioctl = NULL;
+ p_UBSEC_max_key_len_ioctl = NULL;
+
+ return 0;
+}
static int ubsec_finish(ENGINE *e)
- {
- free_UBSEC_LIBNAME();
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(ubsec_dso))
- {
- UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
- return 0;
- }
- ubsec_dso = NULL;
- p_UBSEC_ubsec_bytes_to_bits = NULL;
- p_UBSEC_ubsec_bits_to_bytes = NULL;
- p_UBSEC_ubsec_open = NULL;
- p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = NULL;
- p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = NULL;
- p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = NULL;
- p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
- p_UBSEC_math_accelerate_ioctl = NULL;
- p_UBSEC_rng_ioctl = NULL;
- p_UBSEC_max_key_len_ioctl = NULL;
- return 1;
- }
-
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((ubsec_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case UBSEC_CMD_SO_PATH:
- if(p == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
- return 0;
- }
- return set_UBSEC_LIBNAME((const char *)p);
- default:
- break;
- }
- UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
+{
+ free_UBSEC_LIBNAME();
+ if (ubsec_dso == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(ubsec_dso)) {
+ UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
+ return 0;
+ }
+ ubsec_dso = NULL;
+ p_UBSEC_ubsec_bytes_to_bits = NULL;
+ p_UBSEC_ubsec_bits_to_bytes = NULL;
+ p_UBSEC_ubsec_open = NULL;
+ p_UBSEC_ubsec_close = NULL;
+# ifndef OPENSSL_NO_DH
+ p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+ p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_RSA
+ p_UBSEC_rsa_mod_exp_ioctl = NULL;
+ p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p_UBSEC_dsa_sign_ioctl = NULL;
+ p_UBSEC_dsa_verify_ioctl = NULL;
+# endif
+ p_UBSEC_math_accelerate_ioctl = NULL;
+ p_UBSEC_rng_ioctl = NULL;
+ p_UBSEC_max_key_len_ioctl = NULL;
+ return 1;
+}
+
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((ubsec_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case UBSEC_CMD_SO_PATH:
+ if (p == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ UBSECerr(UBSEC_F_UBSEC_CTRL, UBSEC_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_UBSEC_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ UBSECerr(UBSEC_F_UBSEC_CTRL, UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int y_len = 0;
- int fd;
-
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
- return 0;
- }
-
- /* Check if hardware can't handle this argument. */
- y_len = BN_num_bits(m);
- if (y_len > max_key_len) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- if(!bn_wexpand(r, m->top))
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
- (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d,
- BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
- return 1;
- }
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ int y_len = 0;
+ int fd;
+
+ if (ubsec_dso == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
+ return 0;
+ }
+
+ /* Check if hardware can't handle this argument. */
+ y_len = BN_num_bits(m);
+ if (y_len > max_key_len) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ if (!bn_wexpand(r, m->top)) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
+ return 0;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
+ (unsigned char *)m->d, BN_num_bits(m),
+ (unsigned char *)p->d, BN_num_bits(p),
+ (unsigned char *)r->d, &y_len) != 0) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
-#ifndef OPENSSL_NO_RSA
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
- if (to_return == FAIL_TO_SOFTWARE)
- {
- /*
- * Do in software as hardware failed.
- */
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- }
-err:
- return to_return;
- }
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+ return 1;
+}
+
+# ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ int to_return = 0;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+ rsa->dmq1, rsa->iqmp, ctx);
+ if (to_return == FAIL_TO_SOFTWARE) {
+ /*
+ * Do in software as hardware failed.
+ */
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ }
+ err:
+ return to_return;
+}
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dp,
- const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
- {
- int y_len,
- fd;
-
- y_len = BN_num_bits(p) + BN_num_bits(q);
-
- /* Check if hardware can't handle this argument. */
- if (y_len > max_key_len) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return FAIL_TO_SOFTWARE;
- }
-
- if (!bn_wexpand(r, p->top + q->top + 1)) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
- return FAIL_TO_SOFTWARE;
- }
-
- if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
- (unsigned char *)a->d, BN_num_bits(a),
- (unsigned char *)qinv->d, BN_num_bits(qinv),
- (unsigned char *)dp->d, BN_num_bits(dp),
- (unsigned char *)p->d, BN_num_bits(p),
- (unsigned char *)dq->d, BN_num_bits(dq),
- (unsigned char *)q->d, BN_num_bits(q),
- (unsigned char *)r->d, &y_len) != 0) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
- return FAIL_TO_SOFTWARE;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
- return 1;
+ const BIGNUM *q, const BIGNUM *dp,
+ const BIGNUM *dq, const BIGNUM *qinv,
+ BN_CTX *ctx)
+{
+ int y_len, fd;
+
+ y_len = BN_num_bits(p) + BN_num_bits(q);
+
+ /* Check if hardware can't handle this argument. */
+ if (y_len > max_key_len) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT,
+ UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return FAIL_TO_SOFTWARE;
+ }
+
+ if (!bn_wexpand(r, p->top + q->top + 1)) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
+ return 0;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
+ return FAIL_TO_SOFTWARE;
+ }
+
+ if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
+ (unsigned char *)a->d, BN_num_bits(a),
+ (unsigned char *)qinv->d,
+ BN_num_bits(qinv),
+ (unsigned char *)dp->d, BN_num_bits(dp),
+ (unsigned char *)p->d, BN_num_bits(p),
+ (unsigned char *)dq->d, BN_num_bits(dq),
+ (unsigned char *)q->d, BN_num_bits(q),
+ (unsigned char *)r->d, &y_len) != 0) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+ return FAIL_TO_SOFTWARE;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1) / BN_BITS2;
+ return 1;
}
-#endif
+# endif
-#ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
+# ifndef OPENSSL_NO_DSA
+# ifdef NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!ubsec_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!ubsec_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ubsec_mod_exp(r, a, p, m, ctx);
- }
-#endif
-#endif
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return ubsec_mod_exp(r, a, p, m, ctx);
+}
+# endif
+# endif
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/*
* This function is aliased to mod_exp (with the mont stuff dropped).
*/
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- int ret = 0;
-
- /* Do in software if the key is too large for the hardware. */
- if (BN_num_bits(m) > max_key_len)
- {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
- }
- else
- {
- ret = ubsec_mod_exp(r, a, p, m, ctx);
- }
-
- return ret;
- }
-#endif
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ int ret = 0;
+
+ /* Do in software if the key is too large for the hardware. */
+ if (BN_num_bits(m) > max_key_len) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ ret = (*meth->bn_mod_exp) (r, a, p, m, ctx, m_ctx);
+ } else {
+ ret = ubsec_mod_exp(r, a, p, m, ctx);
+ }
+
+ return ret;
+}
+# endif
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ubsec_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- DSA_SIG *to_return = NULL;
- int s_len = 160, r_len = 160, d_len, fd;
- BIGNUM m, *r=NULL, *s=NULL;
-
- BN_init(&m);
-
- s = BN_new();
- r = BN_new();
- if ((s == NULL) || (r==NULL))
- goto err;
-
- d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
-
- if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
- (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- if (BN_bin2bn(dgst,dlen,&m) == NULL) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- const DSA_METHOD *meth;
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_sign(dgst, dlen, dsa);
- goto err;
- }
-
- if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
- (unsigned char *)dgst, d_len,
- NULL, 0, /* compute random value */
- (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
- (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
- (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
- (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
- (unsigned char *)r->d, &r_len,
- (unsigned char *)s->d, &s_len ) != 0) {
- const DSA_METHOD *meth;
-
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_sign(dgst, dlen, dsa);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (160+BN_BITS2-1)/BN_BITS2;
- s->top = (160+BN_BITS2-1)/BN_BITS2;
-
- to_return = DSA_SIG_new();
- if(to_return == NULL) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- to_return->r = r;
- to_return->s = s;
-
-err:
- if (!to_return) {
- if (r) BN_free(r);
- if (s) BN_free(s);
- }
- BN_clear_free(&m);
- return to_return;
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return ubsec_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DSA
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa)
+{
+ DSA_SIG *to_return = NULL;
+ int s_len = 160, r_len = 160, d_len, fd;
+ BIGNUM m, *r = NULL, *s = NULL;
+
+ BN_init(&m);
+
+ s = BN_new();
+ r = BN_new();
+ if ((s == NULL) || (r == NULL))
+ goto err;
+
+ d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
+
+ if (!bn_wexpand(r, (160 + BN_BITS2 - 1) / BN_BITS2) ||
+ (!bn_wexpand(s, (160 + BN_BITS2 - 1) / BN_BITS2))) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ if (BN_bin2bn(dgst, dlen, &m) == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DSA_METHOD *meth;
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+ goto err;
+ }
+
+ if (p_UBSEC_dsa_sign_ioctl(fd,
+ /* compute hash before signing */
+ 0, (unsigned char *)dgst, d_len, NULL,
+ /* compute random value */
+ 0,
+ (unsigned char *)dsa->p->d,
+ BN_num_bits(dsa->p),
+ (unsigned char *)dsa->q->d,
+ BN_num_bits(dsa->q),
+ (unsigned char *)dsa->g->d,
+ BN_num_bits(dsa->g),
+ (unsigned char *)dsa->priv_key->d,
+ BN_num_bits(dsa->priv_key),
+ (unsigned char *)r->d, &r_len,
+ (unsigned char *)s->d, &s_len) != 0) {
+ const DSA_METHOD *meth;
+
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+
+ goto err;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ r->top = (160 + BN_BITS2 - 1) / BN_BITS2;
+ s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
+
+ to_return = DSA_SIG_new();
+ if (to_return == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ to_return->r = r;
+ to_return->s = s;
+
+ err:
+ if (!to_return) {
+ if (r)
+ BN_free(r);
+ if (s)
+ BN_free(s);
+ }
+ BN_clear_free(&m);
+ return to_return;
}
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
- int v_len, d_len;
- int to_return = 0;
- int fd;
- BIGNUM v, *pv = &v;
-
- BN_init(&v);
-
- if(!bn_wexpand(pv, dsa->p->top)) {
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- v_len = BN_num_bits(dsa->p);
-
- d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- const DSA_METHOD *meth;
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
- goto err;
- }
-
- if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
- (unsigned char *)dgst, d_len,
- (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
- (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
- (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
- (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
- (unsigned char *)sig->r->d, BN_num_bits(sig->r),
- (unsigned char *)sig->s->d, BN_num_bits(sig->s),
- (unsigned char *)v.d, &v_len) != 0) {
- const DSA_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- to_return = 1;
-err:
- BN_clear_free(&v);
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
- {
- int ret = -1,
- k_len,
- fd;
-
- k_len = BN_num_bits(dh->p);
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
- meth = DH_OpenSSL();
- ret = meth->compute_key(key, pub_key, dh);
- goto err;
- }
-
- if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
- (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
- (unsigned char *)pub_key->d, BN_num_bits(pub_key),
- (unsigned char *)dh->p->d, BN_num_bits(dh->p),
- key, &k_len) != 0)
- {
- /* Hardware's a no go, failover to software */
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DH_OpenSSL();
- ret = meth->compute_key(key, pub_key, dh);
+ DSA_SIG *sig, DSA *dsa)
+{
+ int v_len, d_len;
+ int to_return = 0;
+ int fd;
+ BIGNUM v, *pv = &v;
+
+ BN_init(&v);
+
+ if (!bn_wexpand(pv, dsa->p->top)) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ v_len = BN_num_bits(dsa->p);
+
+ d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DSA_METHOD *meth;
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+ goto err;
+ }
+
+ if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
+ (unsigned char *)dgst, d_len,
+ (unsigned char *)dsa->p->d,
+ BN_num_bits(dsa->p),
+ (unsigned char *)dsa->q->d,
+ BN_num_bits(dsa->q),
+ (unsigned char *)dsa->g->d,
+ BN_num_bits(dsa->g),
+ (unsigned char *)dsa->pub_key->d,
+ BN_num_bits(dsa->pub_key),
+ (unsigned char *)sig->r->d,
+ BN_num_bits(sig->r),
+ (unsigned char *)sig->s->d,
+ BN_num_bits(sig->s), (unsigned char *)v.d,
+ &v_len) != 0) {
+ const DSA_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
- goto err;
- }
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
- p_UBSEC_ubsec_close(fd);
+ goto err;
+ }
- ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
-err:
- return ret;
- }
+ p_UBSEC_ubsec_close(fd);
-static int ubsec_dh_generate_key(DH *dh)
- {
- int ret = 0,
- random_bits = 0,
- pub_key_len = 0,
- priv_key_len = 0,
- fd;
- BIGNUM *pub_key = NULL;
- BIGNUM *priv_key = NULL;
-
- /*
- * How many bits should Random x be? dh_key.c
- * sets the range from 0 to num_bits(modulus) ???
- */
+ to_return = 1;
+ err:
+ BN_clear_free(&v);
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_DH
+static int ubsec_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh)
+{
+ int ret = -1, k_len, fd;
+
+ k_len = BN_num_bits(dh->p);
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DH_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
+ meth = DH_OpenSSL();
+ ret = meth->compute_key(key, pub_key, dh);
+ goto err;
+ }
+
+ if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
+ (unsigned char *)dh->priv_key->d,
+ BN_num_bits(dh->priv_key),
+ (unsigned char *)pub_key->d,
+ BN_num_bits(pub_key),
+ (unsigned char *)dh->p->d,
+ BN_num_bits(dh->p), key,
+ &k_len) != 0) {
+ /* Hardware's a no go, failover to software */
+ const DH_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
- if (dh->priv_key == NULL)
- {
- priv_key = BN_new();
- if (priv_key == NULL) goto err;
- priv_key_len = BN_num_bits(dh->p);
- if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err;
- do
- if (!BN_rand_range(priv_key, dh->p)) goto err;
- while (BN_is_zero(priv_key));
- random_bits = BN_num_bits(priv_key);
- }
- else
- {
- priv_key = dh->priv_key;
- }
-
- if (dh->pub_key == NULL)
- {
- pub_key = BN_new();
- pub_key_len = BN_num_bits(dh->p);
- if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err;
- if(pub_key == NULL) goto err;
- }
- else
- {
- pub_key = dh->pub_key;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
- meth = DH_OpenSSL();
- ret = meth->generate_key(dh);
- goto err;
- }
+ meth = DH_OpenSSL();
+ ret = meth->compute_key(key, pub_key, dh);
- if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
- (unsigned char *)priv_key->d, &priv_key_len,
- (unsigned char *)pub_key->d, &pub_key_len,
- (unsigned char *)dh->g->d, BN_num_bits(dh->g),
- (unsigned char *)dh->p->d, BN_num_bits(dh->p),
- 0, 0, random_bits) != 0)
- {
- /* Hardware's a no go, failover to software */
- const DH_METHOD *meth;
+ goto err;
+ }
- UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
+ p_UBSEC_ubsec_close(fd);
- meth = DH_OpenSSL();
- ret = meth->generate_key(dh);
+ ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
+ err:
+ return ret;
+}
+static int ubsec_dh_generate_key(DH *dh)
+{
+ int ret = 0, random_bits = 0, pub_key_len = 0, priv_key_len = 0, fd;
+ BIGNUM *pub_key = NULL;
+ BIGNUM *priv_key = NULL;
+
+ /*
+ * How many bits should Random x be? dh_key.c
+ * sets the range from 0 to num_bits(modulus) ???
+ */
+
+ if (dh->priv_key == NULL) {
+ priv_key = BN_new();
+ if (priv_key == NULL)
+ goto err;
+ priv_key_len = BN_num_bits(dh->p);
+ if (bn_wexpand(priv_key, dh->p->top) == NULL)
+ goto err;
+ do
+ if (!BN_rand_range(priv_key, dh->p))
goto err;
- }
-
+ while (BN_is_zero(priv_key)) ;
+ random_bits = BN_num_bits(priv_key);
+ } else {
+ priv_key = dh->priv_key;
+ }
+
+ if (dh->pub_key == NULL) {
+ pub_key = BN_new();
+ if (pub_key == NULL)
+ goto err;
+ pub_key_len = BN_num_bits(dh->p);
+ if (bn_wexpand(pub_key, dh->p->top) == NULL)
+ goto err;
+ } else {
+ pub_key = dh->pub_key;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DH_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
+ meth = DH_OpenSSL();
+ ret = meth->generate_key(dh);
+ goto err;
+ }
+
+ if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
+ (unsigned char *)priv_key->d,
+ &priv_key_len,
+ (unsigned char *)pub_key->d,
+ &pub_key_len,
+ (unsigned char *)dh->g->d,
+ BN_num_bits(dh->g),
+ (unsigned char *)dh->p->d,
+ BN_num_bits(dh->p), 0, 0,
+ random_bits) != 0) {
+ /* Hardware's a no go, failover to software */
+ const DH_METHOD *meth;
+
+ UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
p_UBSEC_ubsec_close(fd);
- dh->pub_key = pub_key;
- dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
- dh->priv_key = priv_key;
- dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
-
- ret = 1;
-err:
- return ret;
- }
-#endif
-
-#ifdef NOT_USED
-static int ubsec_rand_bytes(unsigned char * buf,
- int num)
- {
- int ret = 0,
- fd;
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const RAND_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
- num = p_UBSEC_ubsec_bits_to_bytes(num);
- meth = RAND_SSLeay();
- meth->seed(buf, num);
- ret = meth->bytes(buf, num);
- goto err;
- }
+ meth = DH_OpenSSL();
+ ret = meth->generate_key(dh);
- num *= 8; /* bytes to bits */
+ goto err;
+ }
- if (p_UBSEC_rng_ioctl(fd,
- UBSEC_RNG_DIRECT,
- buf,
- &num) != 0)
- {
- /* Hardware's a no go, failover to software */
- const RAND_METHOD *meth;
+ p_UBSEC_ubsec_close(fd);
- UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
+ dh->pub_key = pub_key;
+ dh->pub_key->top = (pub_key_len + BN_BITS2 - 1) / BN_BITS2;
+ dh->priv_key = priv_key;
+ dh->priv_key->top = (priv_key_len + BN_BITS2 - 1) / BN_BITS2;
- num = p_UBSEC_ubsec_bits_to_bytes(num);
- meth = RAND_SSLeay();
- meth->seed(buf, num);
- ret = meth->bytes(buf, num);
+ ret = 1;
+ err:
+ return ret;
+}
+# endif
+
+# ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char *buf, int num)
+{
+ int ret = 0, fd;
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const RAND_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
+ num = p_UBSEC_ubsec_bits_to_bytes(num);
+ meth = RAND_SSLeay();
+ meth->seed(buf, num);
+ ret = meth->bytes(buf, num);
+ goto err;
+ }
+
+ num *= 8; /* bytes to bits */
+
+ if (p_UBSEC_rng_ioctl(fd, UBSEC_RNG_DIRECT, buf, &num) != 0) {
+ /* Hardware's a no go, failover to software */
+ const RAND_METHOD *meth;
+
+ UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
- goto err;
- }
+ num = p_UBSEC_ubsec_bits_to_bytes(num);
+ meth = RAND_SSLeay();
+ meth->seed(buf, num);
+ ret = meth->bytes(buf, num);
- p_UBSEC_ubsec_close(fd);
+ goto err;
+ }
- ret = 1;
-err:
- return(ret);
- }
+ p_UBSEC_ubsec_close(fd);
+ ret = 1;
+ err:
+ return (ret);
+}
static int ubsec_rand_status(void)
- {
- return 0;
- }
-#endif
+{
+ return 0;
+}
+# endif
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_ubsec_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+{
+ if (id && (strcmp(id, engine_ubsec_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
-#endif /* !OPENSSL_NO_HW_UBSEC */
-#endif /* !OPENSSL_NO_HW */
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_UBSEC */
+#endif /* !OPENSSL_NO_HW */
diff --git a/openssl/engines/e_ubsec_err.c b/openssl/engines/e_ubsec_err.c
index 14c3d61e2..fefc5b074 100644
--- a/openssl/engines/e_ubsec_err.c
+++ b/openssl/engines/e_ubsec_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,93 +66,89 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA UBSEC_str_functs[]=
- {
-{ERR_FUNC(UBSEC_F_UBSEC_CTRL), "UBSEC_CTRL"},
-{ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY), "UBSEC_DH_COMPUTE_KEY"},
-{ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY), "UBSEC_DH_GENERATE_KEY"},
-{ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN), "UBSEC_DSA_DO_SIGN"},
-{ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY), "UBSEC_DSA_VERIFY"},
-{ERR_FUNC(UBSEC_F_UBSEC_FINISH), "UBSEC_FINISH"},
-{ERR_FUNC(UBSEC_F_UBSEC_INIT), "UBSEC_INIT"},
-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP), "UBSEC_MOD_EXP"},
-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT), "UBSEC_MOD_EXP_CRT"},
-{ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES), "UBSEC_RAND_BYTES"},
-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP), "UBSEC_RSA_MOD_EXP"},
-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT), "UBSEC_RSA_MOD_EXP_CRT"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA UBSEC_str_reasons[]=
- {
-{ERR_REASON(UBSEC_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(UBSEC_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(UBSEC_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(UBSEC_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(UBSEC_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(UBSEC_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA UBSEC_str_functs[] = {
+ {ERR_FUNC(UBSEC_F_UBSEC_CTRL), "UBSEC_CTRL"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY), "UBSEC_DH_COMPUTE_KEY"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY), "UBSEC_DH_GENERATE_KEY"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN), "UBSEC_DSA_DO_SIGN"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY), "UBSEC_DSA_VERIFY"},
+ {ERR_FUNC(UBSEC_F_UBSEC_FINISH), "UBSEC_FINISH"},
+ {ERR_FUNC(UBSEC_F_UBSEC_INIT), "UBSEC_INIT"},
+ {ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP), "UBSEC_MOD_EXP"},
+ {ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT), "UBSEC_MOD_EXP_CRT"},
+ {ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES), "UBSEC_RAND_BYTES"},
+ {ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP), "UBSEC_RSA_MOD_EXP"},
+ {ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT), "UBSEC_RSA_MOD_EXP_CRT"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA UBSEC_str_reasons[] = {
+ {ERR_REASON(UBSEC_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(UBSEC_R_BN_EXPAND_FAIL), "bn expand fail"},
+ {ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(UBSEC_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(UBSEC_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(UBSEC_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(UBSEC_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
#endif
#ifdef UBSEC_LIB_NAME
-static ERR_STRING_DATA UBSEC_lib_name[]=
- {
-{0 ,UBSEC_LIB_NAME},
-{0,NULL}
- };
+static ERR_STRING_DATA UBSEC_lib_name[] = {
+ {0, UBSEC_LIB_NAME},
+ {0, NULL}
+};
#endif
-
-static int UBSEC_lib_error_code=0;
-static int UBSEC_error_init=1;
+static int UBSEC_lib_error_code = 0;
+static int UBSEC_error_init = 1;
static void ERR_load_UBSEC_strings(void)
- {
- if (UBSEC_lib_error_code == 0)
- UBSEC_lib_error_code=ERR_get_next_error_library();
+{
+ if (UBSEC_lib_error_code == 0)
+ UBSEC_lib_error_code = ERR_get_next_error_library();
- if (UBSEC_error_init)
- {
- UBSEC_error_init=0;
+ if (UBSEC_error_init) {
+ UBSEC_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
- ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+ ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_functs);
+ ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
#endif
#ifdef UBSEC_LIB_NAME
- UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
- ERR_load_strings(0,UBSEC_lib_name);
+ UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code, 0, 0);
+ ERR_load_strings(0, UBSEC_lib_name);
#endif
- }
- }
+ }
+}
static void ERR_unload_UBSEC_strings(void)
- {
- if (UBSEC_error_init == 0)
- {
+{
+ if (UBSEC_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
- ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+ ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_functs);
+ ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
#endif
#ifdef UBSEC_LIB_NAME
- ERR_unload_strings(0,UBSEC_lib_name);
+ ERR_unload_strings(0, UBSEC_lib_name);
#endif
- UBSEC_error_init=1;
- }
- }
+ UBSEC_error_init = 1;
+ }
+}
static void ERR_UBSEC_error(int function, int reason, char *file, int line)
- {
- if (UBSEC_lib_error_code == 0)
- UBSEC_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
- }
+{
+ if (UBSEC_lib_error_code == 0)
+ UBSEC_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(UBSEC_lib_error_code, function, reason, file, line);
+}
diff --git a/openssl/engines/e_ubsec_err.h b/openssl/engines/e_ubsec_err.h
index b10b2387f..c8aec7c32 100644
--- a/openssl/engines/e_ubsec_err.h
+++ b/openssl/engines/e_ubsec_err.h
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,47 +53,48 @@
*/
#ifndef HEADER_UBSEC_ERR_H
-#define HEADER_UBSEC_ERR_H
+# define HEADER_UBSEC_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_UBSEC_strings(void);
static void ERR_unload_UBSEC_strings(void);
static void ERR_UBSEC_error(int function, int reason, char *file, int line);
-#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
/* Error codes for the UBSEC functions. */
/* Function codes. */
-#define UBSEC_F_UBSEC_CTRL 100
-#define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
-#define UBSEC_F_UBSEC_DH_GENERATE_KEY 111
-#define UBSEC_F_UBSEC_DSA_DO_SIGN 102
-#define UBSEC_F_UBSEC_DSA_VERIFY 103
-#define UBSEC_F_UBSEC_FINISH 104
-#define UBSEC_F_UBSEC_INIT 105
-#define UBSEC_F_UBSEC_MOD_EXP 106
-#define UBSEC_F_UBSEC_MOD_EXP_CRT 110
-#define UBSEC_F_UBSEC_RAND_BYTES 107
-#define UBSEC_F_UBSEC_RSA_MOD_EXP 108
-#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
+# define UBSEC_F_UBSEC_CTRL 100
+# define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
+# define UBSEC_F_UBSEC_DH_GENERATE_KEY 111
+# define UBSEC_F_UBSEC_DSA_DO_SIGN 102
+# define UBSEC_F_UBSEC_DSA_VERIFY 103
+# define UBSEC_F_UBSEC_FINISH 104
+# define UBSEC_F_UBSEC_INIT 105
+# define UBSEC_F_UBSEC_MOD_EXP 106
+# define UBSEC_F_UBSEC_MOD_EXP_CRT 110
+# define UBSEC_F_UBSEC_RAND_BYTES 107
+# define UBSEC_F_UBSEC_RSA_MOD_EXP 108
+# define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
/* Reason codes. */
-#define UBSEC_R_ALREADY_LOADED 100
-#define UBSEC_R_BN_EXPAND_FAIL 101
-#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
-#define UBSEC_R_DSO_FAILURE 103
-#define UBSEC_R_MISSING_KEY_COMPONENTS 104
-#define UBSEC_R_NOT_LOADED 105
-#define UBSEC_R_REQUEST_FAILED 106
-#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
-#define UBSEC_R_UNIT_FAILURE 108
+# define UBSEC_R_ALREADY_LOADED 100
+# define UBSEC_R_BN_EXPAND_FAIL 101
+# define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
+# define UBSEC_R_DSO_FAILURE 103
+# define UBSEC_R_MISSING_KEY_COMPONENTS 104
+# define UBSEC_R_NOT_LOADED 105
+# define UBSEC_R_REQUEST_FAILED 106
+# define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
+# define UBSEC_R_UNIT_FAILURE 108
#ifdef __cplusplus
}
diff --git a/openssl/engines/vendor_defns/aep.h b/openssl/engines/vendor_defns/aep.h
index 5e9754fe4..04ab87eb9 100644
--- a/openssl/engines/vendor_defns/aep.h
+++ b/openssl/engines/vendor_defns/aep.h
@@ -1,6 +1,7 @@
-/* This header declares the necessary definitions for using the exponentiation
- * acceleration capabilities, and rnd number generation of the AEP card.
- *
+/*
+ * This header declares the necessary definitions for using the
+ * exponentiation acceleration capabilities, and rnd number generation of the
+ * AEP card.
*/
/*
@@ -9,65 +10,97 @@
*
*/
-/*Successful return value*/
+/*
+ * Successful return value
+ */
#define AEP_R_OK 0x00000000
-/*Miscelleanous unsuccessful return value*/
+/*
+ * Miscelleanous unsuccessful return value
+ */
#define AEP_R_GENERAL_ERROR 0x10000001
-/*Insufficient host memory*/
+/*
+ * Insufficient host memory
+ */
#define AEP_R_HOST_MEMORY 0x10000002
#define AEP_R_FUNCTION_FAILED 0x10000006
-/*Invalid arguments in function call*/
+/*
+ * Invalid arguments in function call
+ */
#define AEP_R_ARGUMENTS_BAD 0x10020000
-#define AEP_R_NO_TARGET_RESOURCES 0x10030000
+#define AEP_R_NO_TARGET_RESOURCES 0x10030000
-/*Error occuring on socket operation*/
-#define AEP_R_SOCKERROR 0x10000010
+/*
+ * Error occuring on socket operation
+ */
+#define AEP_R_SOCKERROR 0x10000010
-/*Socket has been closed from the other end*/
-#define AEP_R_SOCKEOF 0x10000011
+/*
+ * Socket has been closed from the other end
+ */
+#define AEP_R_SOCKEOF 0x10000011
-/*Invalid handles*/
+/*
+ * Invalid handles
+ */
#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
-#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
+#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
-/*Transaction has not yet returned from accelerator*/
-#define AEP_R_TRANSACTION_NOT_READY 0x00010000
+/*
+ * Transaction has not yet returned from accelerator
+ */
+#define AEP_R_TRANSACTION_NOT_READY 0x00010000
-/*There is already a thread waiting on this transaction*/
-#define AEP_R_TRANSACTION_CLAIMED 0x10050000
+/*
+ * There is already a thread waiting on this transaction
+ */
+#define AEP_R_TRANSACTION_CLAIMED 0x10050000
-/*The transaction timed out*/
-#define AEP_R_TIMED_OUT 0x10060000
+/*
+ * The transaction timed out
+ */
+#define AEP_R_TIMED_OUT 0x10060000
-#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
+#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
-#define AEP_R_TARGET_ERROR 0x10080000
+#define AEP_R_TARGET_ERROR 0x10080000
-/*Error in the AEP daemon process*/
-#define AEP_R_DAEMON_ERROR 0x10090000
+/*
+ * Error in the AEP daemon process
+ */
+#define AEP_R_DAEMON_ERROR 0x10090000
-/*Invalid ctx id*/
-#define AEP_R_INVALID_CTX_ID 0x10009000
+/*
+ * Invalid ctx id
+ */
+#define AEP_R_INVALID_CTX_ID 0x10009000
-#define AEP_R_NO_KEY_MANAGER 0x1000a000
+#define AEP_R_NO_KEY_MANAGER 0x1000a000
-/*Error obtaining a mutex*/
+/*
+ * Error obtaining a mutex
+ */
#define AEP_R_MUTEX_BAD 0x000001A0
-/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
-#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
+/*
+ * Fxn call before AEP_Initialise ot after AEP_Finialise
+ */
+#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
-/*AEP_Initialise has already been called*/
-#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
+/*
+ * AEP_Initialise has already been called
+ */
+#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
-/*Maximum number of connections to daemon reached*/
-#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
+/*
+ * Maximum number of connections to daemon reached
+ */
+#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
/*
*
@@ -76,103 +109,127 @@
*/
/* an unsigned 8-bit value */
-typedef unsigned char AEP_U8;
+typedef unsigned char AEP_U8;
/* an unsigned 8-bit character */
-typedef char AEP_CHAR;
+typedef char AEP_CHAR;
/* a BYTE-sized Boolean flag */
-typedef AEP_U8 AEP_BBOOL;
+typedef AEP_U8 AEP_BBOOL;
-/*Unsigned value, at least 16 bits long*/
-typedef unsigned short AEP_U16;
+/*
+ * Unsigned value, at least 16 bits long
+ */
+typedef unsigned short AEP_U16;
/* an unsigned value, at least 32 bits long */
#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned int AEP_U32;
+typedef unsigned int AEP_U32;
#else
-typedef unsigned long AEP_U32;
+typedef unsigned long AEP_U32;
#endif
#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned long AEP_U64;
+typedef unsigned long AEP_U64;
#else
-typedef struct { unsigned long l1, l2; } AEP_U64;
+typedef struct {
+ unsigned long l1, l2;
+} AEP_U64;
#endif
/* at least 32 bits; each bit is a Boolean flag */
-typedef AEP_U32 AEP_FLAGS;
+typedef AEP_U32 AEP_FLAGS;
-typedef AEP_U8 *AEP_U8_PTR;
-typedef AEP_CHAR *AEP_CHAR_PTR;
-typedef AEP_U32 *AEP_U32_PTR;
-typedef AEP_U64 *AEP_U64_PTR;
-typedef void *AEP_VOID_PTR;
+typedef AEP_U8 *AEP_U8_PTR;
+typedef AEP_CHAR *AEP_CHAR_PTR;
+typedef AEP_U32 *AEP_U32_PTR;
+typedef AEP_U64 *AEP_U64_PTR;
+typedef void *AEP_VOID_PTR;
/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
-typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
+typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
-/*Used to identify an AEP connection handle*/
-typedef AEP_U32 AEP_CONNECTION_HNDL;
+/*
+ * Used to identify an AEP connection handle
+ */
+typedef AEP_U32 AEP_CONNECTION_HNDL;
-/*Pointer to an AEP connection handle*/
-typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
+/*
+ * Pointer to an AEP connection handle
+ */
+typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
-/*Used by an application (in conjunction with the apps process id) to
-identify an individual transaction*/
-typedef AEP_U32 AEP_TRANSACTION_ID;
+/*
+ * Used by an application (in conjunction with the apps process id) to
+ * identify an individual transaction
+ */
+typedef AEP_U32 AEP_TRANSACTION_ID;
-/*Pointer to an applications transaction identifier*/
-typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
+/*
+ * Pointer to an applications transaction identifier
+ */
+typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
-/*Return value type*/
-typedef AEP_U32 AEP_RV;
+/*
+ * Return value type
+ */
+typedef AEP_U32 AEP_RV;
#define MAX_PROCESS_CONNECTIONS 256
#define RAND_BLK_SIZE 1024
-typedef enum{
- NotConnected= 0,
- Connected= 1,
- InUse= 2
+typedef enum {
+ NotConnected = 0,
+ Connected = 1,
+ InUse = 2
} AEP_CONNECTION_STATE;
-
-typedef struct AEP_CONNECTION_ENTRY{
- AEP_CONNECTION_STATE conn_state;
- AEP_CONNECTION_HNDL conn_hndl;
+typedef struct AEP_CONNECTION_ENTRY {
+ AEP_CONNECTION_STATE conn_state;
+ AEP_CONNECTION_HNDL conn_hndl;
} AEP_CONNECTION_ENTRY;
-
typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
- AEP_VOID_PTR pA, AEP_VOID_PTR pP,
- AEP_VOID_PTR pN,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
+ AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+ AEP_VOID_PTR pN,
+ AEP_VOID_PTR pResult,
+ AEP_TRANSACTION_ID *pidTransID);
typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
- AEP_VOID_PTR pA, AEP_VOID_PTR pP,
- AEP_VOID_PTR pQ,
- AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
- AEP_VOID_PTR pIqmp,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
+ AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+ AEP_VOID_PTR pQ,
+ AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
+ AEP_VOID_PTR pIqmp,
+ AEP_VOID_PTR pResult,
+ AEP_TRANSACTION_ID *pidTransID);
#ifdef AEPRAND
typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
- AEP_U32 Len,
- AEP_U32 Type,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
+ AEP_U32 Len,
+ AEP_U32 Type,
+ AEP_VOID_PTR pResult,
+ AEP_TRANSACTION_ID *pidTransID);
#endif
typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
typedef AEP_RV t_AEP_Finalize(void);
-typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize),
- AEP_RV (*MakeAEPBigNumFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum),
- AEP_RV (*ConverAEPBigNumFunc)(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum));
-
+typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)
+ (AEP_VOID_PTR ArbBigNum,
+ AEP_U32 *BigNumSize),
+ AEP_RV (*MakeAEPBigNumFunc) (AEP_VOID_PTR
+ ArbBigNum,
+ AEP_U32
+ BigNumSize,
+ unsigned char
+ *AEP_BigNum),
+ AEP_RV (*ConverAEPBigNumFunc) (void
+ *ArbBigNum,
+ AEP_U32
+ BigNumSize,
+ unsigned
+ char
+ *AEP_BigNum));
diff --git a/openssl/engines/vendor_defns/atalla.h b/openssl/engines/vendor_defns/atalla.h
index 149970d44..60e7eda5f 100644
--- a/openssl/engines/vendor_defns/atalla.h
+++ b/openssl/engines/vendor_defns/atalla.h
@@ -1,48 +1,44 @@
-/* This header declares the necessary definitions for using the exponentiation
- * acceleration capabilities of Atalla cards. The only cryptographic operation
- * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
- * defines an "RSA private key". However, it is really only performing a
- * regular mod_exp using the supplied modulus and exponent - no CRT form is
- * being used. Hence, it is a generic mod_exp function in disguise, and we use
- * it as such.
- *
- * Thanks to the people at Atalla for letting me know these definitions are
- * fine and that they can be reproduced here.
- *
- * Geoff.
+/*
+ * This header declares the necessary definitions for using the
+ * exponentiation acceleration capabilities of Atalla cards. The only
+ * cryptographic operation is performed by "ASI_RSAPrivateKeyOpFn" and this
+ * takes a structure that defines an "RSA private key". However, it is really
+ * only performing a regular mod_exp using the supplied modulus and exponent
+ * - no CRT form is being used. Hence, it is a generic mod_exp function in
+ * disguise, and we use it as such. Thanks to the people at Atalla for
+ * letting me know these definitions are fine and that they can be reproduced
+ * here. Geoff.
*/
-typedef struct ItemStr
- {
- unsigned char *data;
- int len;
- } Item;
+typedef struct ItemStr {
+ unsigned char *data;
+ int len;
+} Item;
-typedef struct RSAPrivateKeyStr
- {
- void *reserved;
- Item version;
- Item modulus;
- Item publicExponent;
- Item privateExponent;
- Item prime[2];
- Item exponent[2];
- Item coefficient;
- } RSAPrivateKey;
+typedef struct RSAPrivateKeyStr {
+ void *reserved;
+ Item version;
+ Item modulus;
+ Item publicExponent;
+ Item privateExponent;
+ Item prime[2];
+ Item exponent[2];
+ Item coefficient;
+} RSAPrivateKey;
-/* Predeclare the function pointer types that we dynamically load from the DSO.
- * These use the same names and form that Ben's original support code had (in
- * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
- * somewhere along the way!
+/*
+ * Predeclare the function pointer types that we dynamically load from the
+ * DSO. These use the same names and form that Ben's original support code
+ * had (in crypto/bn/bn_exp.c) unless of course I've inadvertently changed
+ * the style somewhere along the way!
*/
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
- unsigned int *ret_buf);
+ unsigned int *ret_buf);
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
- unsigned char *output,
- unsigned char *input,
- unsigned int modulus_len);
-
+ unsigned char *output,
+ unsigned char *input,
+ unsigned int modulus_len);
diff --git a/openssl/engines/vendor_defns/cswift.h b/openssl/engines/vendor_defns/cswift.h
index 60079326b..6dcd5fed0 100644
--- a/openssl/engines/vendor_defns/cswift.h
+++ b/openssl/engines/vendor_defns/cswift.h
@@ -1,234 +1,235 @@
-/* Attribution notice: Rainbow have generously allowed me to reproduce
- * the necessary definitions here from their API. This means the support
- * can build independently of whether application builders have the
- * API or hardware. This will allow developers to easily produce software
- * that has latent hardware support for any users that have accelertors
- * installed, without the developers themselves needing anything extra.
- *
- * I have only clipped the parts from the CryptoSwift header files that
- * are (or seem) relevant to the CryptoSwift support code. This is
- * simply to keep the file sizes reasonable.
- * [Geoff]
+/*
+ * Attribution notice: Rainbow have generously allowed me to reproduce the
+ * necessary definitions here from their API. This means the support can
+ * build independently of whether application builders have the API or
+ * hardware. This will allow developers to easily produce software that has
+ * latent hardware support for any users that have accelertors installed,
+ * without the developers themselves needing anything extra. I have only
+ * clipped the parts from the CryptoSwift header files that are (or seem)
+ * relevant to the CryptoSwift support code. This is simply to keep the file
+ * sizes reasonable. [Geoff]
*/
-
-/* NB: These type widths do *not* seem right in general, in particular
- * they're not terribly friendly to 64-bit architectures (unsigned long)
- * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
- * agree with Rainbow's API and this will only be called into question
- * on platforms with Rainbow support anyway! ;-) */
+/*
+ * NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long) will
+ * be 64-bit on IA-64 for a start. I'm leaving these alone as they agree with
+ * Rainbow's API and this will only be called into question on platforms with
+ * Rainbow support anyway! ;-)
+ */
#ifdef __cplusplus
extern "C" {
-#endif /* __cplusplus */
+#endif /* __cplusplus */
-typedef long SW_STATUS; /* status */
-typedef unsigned char SW_BYTE; /* 8 bit byte */
-typedef unsigned short SW_U16; /* 16 bit number */
+ typedef long SW_STATUS; /* status */
+ typedef unsigned char SW_BYTE; /* 8 bit byte */
+ typedef unsigned short SW_U16; /* 16 bit number */
#if defined(_IRIX)
-#include <sgidefs.h>
-typedef __uint32_t SW_U32;
+# include <sgidefs.h>
+ typedef __uint32_t SW_U32;
#else
-typedef unsigned long SW_U32; /* 32 bit integer */
+ typedef unsigned long SW_U32; /* 32 bit integer */
#endif
-
+
#if defined(OPENSSL_SYS_WIN32)
- typedef struct _SW_U64 {
- SW_U32 low32;
- SW_U32 high32;
- } SW_U64; /* 64 bit integer */
+ typedef struct _SW_U64 {
+ SW_U32 low32;
+ SW_U32 high32;
+ } SW_U64; /* 64 bit integer */
#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
- typedef longlong SW_U64
-#else /* Unix variants */
- typedef struct _SW_U64 {
- SW_U32 low32;
- SW_U32 high32;
- } SW_U64; /* 64 bit integer */
+ typedef longlong SW_U64
+#else /* Unix variants */
+ typedef struct _SW_U64 {
+ SW_U32 low32;
+ SW_U32 high32;
+ } SW_U64; /* 64 bit integer */
#endif
/* status codes */
#define SW_OK (0L)
#define SW_ERR_BASE (-10000L)
-#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
-#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
- /* up yet */
-#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
- /* time out */
-#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
- /* execute the command */
-#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
- /* NULL */
-#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
- /* small, too large. */
-#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
- /* handle */
+#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
+ /* up yet */
+#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
+ /* time out */
+#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
+ /* execute the command */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
+ /* NULL */
+#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
+ /* small, too large. */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
+ /* handle */
#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
- /* standing at this */
- /* context handle */
-#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
-#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */
-#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */
-#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */
- /* in SW_PARAM structure */
-#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */
- /* context. */
- /* swAttachKeyParam() is */
- /* not called. */
+ /* standing at this */
+ /* context handle */
+#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
+#define SW_ERR_NO_PENDING (SW_ERR_BASE-10) /* No request is pending. */
+#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11) /* Not enough memory */
+#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12) /* Invalid algorithm type */
+ /* in SW_PARAM structure */
+#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13) /* No key is associated with */
+ /* context. */
+ /* swAttachKeyParam() is */
+ /* not called. */
#define SW_ERR_KEY_CMD_MISMATCH \
- (SW_ERR_BASE-14)/* Cannot perform requested */
- /* SW_COMMAND_CODE since */
- /* key attached via */
- /* swAttachKeyParam() */
- /* cannot be used for this*/
- /* SW_COMMAND_CODE. */
+ (SW_ERR_BASE-14) /* Cannot perform requested */
+ /* SW_COMMAND_CODE since */
+ /* key attached via */
+ /* swAttachKeyParam() */
+ /* cannot be used for this */
+ /* SW_COMMAND_CODE. */
#define SW_ERR_NOT_IMPLEMENTED \
- (SW_ERR_BASE-15)/* Not implemented */
-#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */
-#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */
- /* the "initems" or */
- /* "outitems". */
-#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */
-#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */
- /* test fail, look at the */
- /* selfTestBitmap in */
- /* SW_ACCELERATOR_INFO for*/
- /* details. */
-#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/
- /* key materials aligned */
- /* in certain order, e.g. */
- /* 128 bit for CRT */
+ (SW_ERR_BASE-15) /* Not implemented */
+#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16) /* Bad command code */
+#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17) /* too small or too large in */
+ /* the "initems" or */
+ /* "outitems". */
+#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18) /* Bad accelerator number */
+#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19) /* At least one of the self */
+ /* test fail, look at the */
+ /* selfTestBitmap in */
+ /* SW_ACCELERATOR_INFO for */
+ /* details. */
+#define SW_ERR_MISALIGN (SW_ERR_BASE-20) /* Certain alogrithms require */
+ /* key materials aligned */
+ /* in certain order, e.g. */
+ /* 128 bit for CRT */
#define SW_ERR_OUTPUT_NULL_PTR \
- (SW_ERR_BASE-21)/* a required pointer is */
- /* NULL */
+ (SW_ERR_BASE-21) /* a required pointer is */
+ /* NULL */
#define SW_ERR_OUTPUT_SIZE \
- (SW_ERR_BASE-22)/* size is invalid, too */
- /* small, too large. */
+ (SW_ERR_BASE-22) /* size is invalid, too */
+ /* small, too large. */
#define SW_ERR_FIRMWARE_CHECKSUM \
- (SW_ERR_BASE-23)/* firmware checksum mismatch*/
- /* download failed. */
+ (SW_ERR_BASE-23) /* firmware checksum mismatch */
+ /* download failed. */
#define SW_ERR_UNKNOWN_FIRMWARE \
- (SW_ERR_BASE-24)/* unknown firmware error */
-#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */
- /* it's waiting to be */
- /* completed. */
-#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */
- /* volatile memory */
-#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */
- /* writing to NV memory */
-#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */
- /* failure */
-#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
-#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */
- /* calculations */
-#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */
- /* board memory */
+ (SW_ERR_BASE-24) /* unknown firmware error */
+#define SW_ERR_INTERRUPT (SW_ERR_BASE-25) /* request is abort when */
+ /* it's waiting to be */
+ /* completed. */
+#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26) /* error in writing to Non- */
+ /* volatile memory */
+#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27) /* out of range error in */
+ /* writing to NV memory */
+#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28) /* Random Number Generation */
+ /* failure */
+#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29) /* DSS Sign or Verify failure */
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30) /* Failure in various math */
+ /* calculations */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31) /* Error in accessing on - */
+ /* board memory */
#define SW_ERR_FIRMWARE_VERSION \
- (SW_ERR_BASE-32)/* Wrong version in firmware */
- /* update */
+ (SW_ERR_BASE-32) /* Wrong version in firmware */
+ /* update */
#define SW_ERR_ZERO_WORKING_ACCELERATOR \
- (SW_ERR_BASE-44)/* All accelerators are bad */
-
+ (SW_ERR_BASE-44) /* All accelerators are bad */
- /* algorithm type */
+ /* algorithm type */
#define SW_ALG_CRT 1
#define SW_ALG_EXP 2
#define SW_ALG_DSA 3
#define SW_ALG_NVDATA 4
- /* command code */
-#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
- /* Chinese Remainder Theorem (CRT) */
-#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
-#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
-#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
-#define SW_CMD_RAND 5 /* perform random number generation */
-#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
-#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
-
-typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
-typedef SW_U32 SW_STATE; /* state */
-typedef SW_U32 SW_COMMAND_CODE; /* command code */
-typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
-
-typedef struct _SW_LARGENUMBER {
- SW_U32 nbytes; /* number of bytes in the buffer "value" */
- SW_BYTE* value; /* the large integer as a string of */
- /* bytes in network (big endian) order */
-} SW_LARGENUMBER;
+ /* command code */
+#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
+ /* Chinese Remainder Theorem (CRT) */
+#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
+#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
+#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
+#define SW_CMD_RAND 5 /* perform random number generation */
+#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
+#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
+
+ typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
+ typedef SW_U32 SW_STATE; /* state */
+ typedef SW_U32 SW_COMMAND_CODE; /* command code */
+ typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
+
+ typedef struct _SW_LARGENUMBER {
+ SW_U32 nbytes; /* number of bytes in the buffer "value" */
+ SW_BYTE *value; /* the large integer as a string of */
+ /* bytes in network (big endian) order */
+ } SW_LARGENUMBER;
#if defined(OPENSSL_SYS_WIN32)
- #include <windows.h>
- typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
- #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
- #define SW_CALLCONV _stdcall
+# include <windows.h>
+ typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
+# define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
+# define SW_CALLCONV _stdcall
#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
/* async callback mechanisms */
/* swiftCallbackLevel */
- #define SW_MAC_CALLBACK_LEVEL_NO 0
- #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */
- #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */
- typedef int SW_MAC_CALLBACK_LEVEL;
- typedef int SW_OSHANDLE;
- #define SW_OS_INVALID_HANDLE (-1)
- #define SW_CALLCONV
-#else /* Unix variants */
- typedef int SW_OSHANDLE; /* handle to driver */
- #define SW_OS_INVALID_HANDLE (-1)
- #define SW_CALLCONV
-#endif
-
-typedef struct _SW_CRT {
- SW_LARGENUMBER p; /* prime number p */
- SW_LARGENUMBER q; /* prime number q */
- SW_LARGENUMBER dmp1; /* exponent1 */
- SW_LARGENUMBER dmq1; /* exponent2 */
- SW_LARGENUMBER iqmp; /* CRT coefficient */
-} SW_CRT;
-
-typedef struct _SW_EXP {
- SW_LARGENUMBER modulus; /* modulus */
- SW_LARGENUMBER exponent;/* exponent */
-} SW_EXP;
-
-typedef struct _SW_DSA {
- SW_LARGENUMBER p; /* */
- SW_LARGENUMBER q; /* */
- SW_LARGENUMBER g; /* */
- SW_LARGENUMBER key; /* private/public key */
-} SW_DSA;
-
-typedef struct _SW_NVDATA {
- SW_U32 accnum; /* accelerator board number */
- SW_U32 offset; /* offset in byte */
-} SW_NVDATA;
-
-typedef struct _SW_PARAM {
- SW_ALGTYPE type; /* type of the alogrithm */
- union {
- SW_CRT crt;
- SW_EXP exp;
- SW_DSA dsa;
- SW_NVDATA nvdata;
- } up;
-} SW_PARAM;
-
-typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
-
-
-/* Now the OpenSSL bits, these function types are the for the function
- * pointers that will bound into the Rainbow shared libraries. */
-typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
-typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
- SW_PARAM *key_params);
-typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
- SW_COMMAND_CODE cmd,
- SW_LARGENUMBER pin[],
- SW_U32 pin_count,
- SW_LARGENUMBER pout[],
- SW_U32 pout_count);
-typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
+# define SW_MAC_CALLBACK_LEVEL_NO 0
+# define SW_MAC_CALLBACK_LEVEL_HARDWARE 1/* from the hardware ISR */
+# define SW_MAC_CALLBACK_LEVEL_SECONDARY 2/* as secondary ISR */
+ typedef int SW_MAC_CALLBACK_LEVEL;
+ typedef int SW_OSHANDLE;
+# define SW_OS_INVALID_HANDLE (-1)
+# define SW_CALLCONV
+#else /* Unix variants */
+ typedef int SW_OSHANDLE; /* handle to driver */
+# define SW_OS_INVALID_HANDLE (-1)
+# define SW_CALLCONV
+#endif
+
+ typedef struct _SW_CRT {
+ SW_LARGENUMBER p; /* prime number p */
+ SW_LARGENUMBER q; /* prime number q */
+ SW_LARGENUMBER dmp1; /* exponent1 */
+ SW_LARGENUMBER dmq1; /* exponent2 */
+ SW_LARGENUMBER iqmp; /* CRT coefficient */
+ } SW_CRT;
+
+ typedef struct _SW_EXP {
+ SW_LARGENUMBER modulus; /* modulus */
+ SW_LARGENUMBER exponent; /* exponent */
+ } SW_EXP;
+
+ typedef struct _SW_DSA {
+ SW_LARGENUMBER p; /* */
+ SW_LARGENUMBER q; /* */
+ SW_LARGENUMBER g; /* */
+ SW_LARGENUMBER key; /* private/public key */
+ } SW_DSA;
+
+ typedef struct _SW_NVDATA {
+ SW_U32 accnum; /* accelerator board number */
+ SW_U32 offset; /* offset in byte */
+ } SW_NVDATA;
+
+ typedef struct _SW_PARAM {
+ SW_ALGTYPE type; /* type of the alogrithm */
+ union {
+ SW_CRT crt;
+ SW_EXP exp;
+ SW_DSA dsa;
+ SW_NVDATA nvdata;
+ } up;
+ } SW_PARAM;
+
+ typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+
+ /*
+ * Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries.
+ */
+ typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE
+ *hac);
+ typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+ SW_PARAM *key_params);
+ typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+ SW_COMMAND_CODE cmd,
+ SW_LARGENUMBER pin[],
+ SW_U32 pin_count,
+ SW_LARGENUMBER pout[],
+ SW_U32 pout_count);
+ typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE
+ hac);
#ifdef __cplusplus
}
-#endif /* __cplusplus */
-
+#endif /* __cplusplus */
diff --git a/openssl/engines/vendor_defns/hw_4758_cca.h b/openssl/engines/vendor_defns/hw_4758_cca.h
index 296636e81..235543ad7 100644
--- a/openssl/engines/vendor_defns/hw_4758_cca.h
+++ b/openssl/engines/vendor_defns/hw_4758_cca.h
@@ -7,143 +7,144 @@
/**********************************************************************/
#ifndef __HW_4758_CCA__
-#define __HW_4758_CCA__
+# define __HW_4758_CCA__
/*
* Only WIN32 support for now
*/
-#if defined(WIN32)
-
- #define CCA_LIB_NAME "CSUNSAPI"
-
- #define CSNDPKX "CSNDPKX_32"
- #define CSNDKRR "CSNDKRR_32"
- #define CSNDPKE "CSNDPKE_32"
- #define CSNDPKD "CSNDPKD_32"
- #define CSNDDSV "CSNDDSV_32"
- #define CSNDDSG "CSNDDSG_32"
- #define CSNBRNG "CSNBRNG_32"
-
- #define SECURITYAPI __stdcall
-#else
- /* Fixme!!
- Find out the values of these constants for other platforms.
- */
- #define CCA_LIB_NAME "CSUNSAPI"
-
- #define CSNDPKX "CSNDPKX"
- #define CSNDKRR "CSNDKRR"
- #define CSNDPKE "CSNDPKE"
- #define CSNDPKD "CSNDPKD"
- #define CSNDDSV "CSNDDSV"
- #define CSNDDSG "CSNDDSG"
- #define CSNBRNG "CSNBRNG"
-
- #define SECURITYAPI
-#endif
+# if defined(WIN32)
+
+# define CCA_LIB_NAME "CSUNSAPI"
+
+# define CSNDPKX "CSNDPKX_32"
+# define CSNDKRR "CSNDKRR_32"
+# define CSNDPKE "CSNDPKE_32"
+# define CSNDPKD "CSNDPKD_32"
+# define CSNDDSV "CSNDDSV_32"
+# define CSNDDSG "CSNDDSG_32"
+# define CSNBRNG "CSNBRNG_32"
+
+# define SECURITYAPI __stdcall
+# else
+ /*
+ * Fixme!! Find out the values of these constants for other platforms.
+ */
+# define CCA_LIB_NAME "CSUNSAPI"
+
+# define CSNDPKX "CSNDPKX"
+# define CSNDKRR "CSNDKRR"
+# define CSNDPKE "CSNDPKE"
+# define CSNDPKD "CSNDPKD"
+# define CSNDDSV "CSNDDSV"
+# define CSNDDSG "CSNDDSG"
+# define CSNBRNG "CSNBRNG"
+
+# define SECURITYAPI
+# endif
/*
* security API prototypes
*/
/* PKA Key Record Read */
-typedef void (SECURITYAPI *F_KEYRECORDREAD)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- unsigned char * key_label,
- long * key_token_length,
- unsigned char * key_token);
+typedef void (SECURITYAPI * F_KEYRECORDREAD)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ unsigned char *key_label, long *key_token_length, unsigned char *key_token);
/* Random Number Generate */
-typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- unsigned char * form,
- unsigned char * random_number);
+typedef void (SECURITYAPI * F_RANDOMNUMBERGENERATE)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ unsigned char *form, unsigned char *random_number);
/* Digital Signature Generate */
-typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * PKA_private_key_id_length,
- unsigned char * PKA_private_key_id,
- long * hash_length,
- unsigned char * hash,
- long * signature_field_length,
- long * signature_bit_length,
- unsigned char * signature_field);
+typedef void (SECURITYAPI * F_DIGITALSIGNATUREGENERATE)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long *PKA_private_key_id_length,
+ unsigned char *PKA_private_key_id,
+ long *hash_length,
+ unsigned char *hash,
+ long *signature_field_length,
+ long *signature_bit_length, unsigned char *signature_field);
/* Digital Signature Verify */
-typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
- long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * PKA_public_key_id_length,
- unsigned char * PKA_public_key_id,
- long * hash_length,
- unsigned char * hash,
- long * signature_field_length,
- unsigned char * signature_field);
+typedef void (SECURITYAPI * F_DIGITALSIGNATUREVERIFY) (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char
+ *exit_data,
+ long *rule_array_count,
+ unsigned char
+ *rule_array,
+ long
+ *PKA_public_key_id_length,
+ unsigned char
+ *PKA_public_key_id,
+ long *hash_length,
+ unsigned char *hash,
+ long
+ *signature_field_length,
+ unsigned char
+ *signature_field);
/* PKA Public Key Extract */
-typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
- long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * source_key_identifier_length,
- unsigned char * source_key_identifier,
- long * target_key_token_length,
- unsigned char * target_key_token);
+typedef void (SECURITYAPI * F_PUBLICKEYEXTRACT) (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long
+ *source_key_identifier_length,
+ unsigned char
+ *source_key_identifier,
+ long
+ *target_key_token_length,
+ unsigned char
+ *target_key_token);
/* PKA Encrypt */
-typedef void (SECURITYAPI *F_PKAENCRYPT)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * key_value_length,
- unsigned char * key_value,
- long * data_struct_length,
- unsigned char * data_struct,
- long * RSA_public_key_length,
- unsigned char * RSA_public_key,
- long * RSA_encipher_length,
- unsigned char * RSA_encipher );
+typedef void (SECURITYAPI * F_PKAENCRYPT)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long *key_value_length,
+ unsigned char *key_value,
+ long *data_struct_length,
+ unsigned char *data_struct,
+ long *RSA_public_key_length,
+ unsigned char *RSA_public_key,
+ long *RSA_encipher_length, unsigned char *RSA_encipher);
/* PKA Decrypt */
-typedef void (SECURITYAPI *F_PKADECRYPT)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * enciphered_key_length,
- unsigned char * enciphered_key,
- long * data_struct_length,
- unsigned char * data_struct,
- long * RSA_private_key_length,
- unsigned char * RSA_private_key,
- long * key_value_length,
- unsigned char * key_value );
-
+typedef void (SECURITYAPI * F_PKADECRYPT)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long *enciphered_key_length,
+ unsigned char *enciphered_key,
+ long *data_struct_length,
+ unsigned char *data_struct,
+ long *RSA_private_key_length,
+ unsigned char *RSA_private_key,
+ long *key_value_length, unsigned char *key_value);
#endif
diff --git a/openssl/engines/vendor_defns/hw_ubsec.h b/openssl/engines/vendor_defns/hw_ubsec.h
index b6619d40f..a4e67fc53 100644
--- a/openssl/engines/vendor_defns/hw_ubsec.h
+++ b/openssl/engines/vendor_defns/hw_ubsec.h
@@ -7,8 +7,8 @@
* Irvine CA 92619-7013
*
*****************************************************************************/
-/*
- * Broadcom Corporation uBSec SDK
+/*
+ * Broadcom Corporation uBSec SDK
*/
/*
* Character device header file.
@@ -39,12 +39,12 @@ typedef long ubsec_MathCommand_t;
typedef long ubsec_RNGCommand_t;
typedef struct ubsec_crypto_context_s {
- unsigned int flags;
- unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
- unsigned char auth[MAX_MAC_KEY_LENGTH];
+ unsigned int flags;
+ unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
+ unsigned char auth[MAX_MAC_KEY_LENGTH];
} ubsec_crypto_context_t, *ubsec_crypto_context_p;
-/*
+/*
* Predeclare the function pointer types that we dynamically load from the DSO.
*/
@@ -56,45 +56,69 @@ typedef int t_UBSEC_ubsec_open(unsigned char *device);
typedef int t_UBSEC_ubsec_close(int fd);
-typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
- unsigned char *x, int *x_len, unsigned char *y, int *y_len,
- unsigned char *g, int g_len, unsigned char *m, int m_len,
- unsigned char *userX, int userX_len, int random_bits);
-
-typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *y, int y_len,
- unsigned char *m, int m_len, unsigned char *k, int *k_len);
-
-typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *m, int m_len,
- unsigned char *e, int e_len, unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
- unsigned char *edq, int edq_len, unsigned char *q, int q_len,
- unsigned char *edp, int edp_len, unsigned char *p, int p_len,
- unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_dsa_sign_ioctl (int fd,
- int hash, unsigned char *data, int data_len,
- unsigned char *rndom, int random_len,
- unsigned char *p, int p_len, unsigned char *q, int q_len,
- unsigned char *g, int g_len, unsigned char *key, int key_len,
- unsigned char *r, int *r_len, unsigned char *s, int *s_len);
-
-typedef int t_UBSEC_dsa_verify_ioctl (int fd,
- int hash, unsigned char *data, int data_len,
- unsigned char *p, int p_len, unsigned char *q, int q_len,
- unsigned char *g, int g_len, unsigned char *key, int key_len,
- unsigned char *r, int r_len, unsigned char *s, int s_len,
- unsigned char *v, int *v_len);
+typedef int t_UBSEC_diffie_hellman_generate_ioctl(int fd,
+ unsigned char *x,
+ int *x_len,
+ unsigned char *y,
+ int *y_len,
+ unsigned char *g, int g_len,
+ unsigned char *m, int m_len,
+ unsigned char *userX,
+ int userX_len,
+ int random_bits);
+
+typedef int t_UBSEC_diffie_hellman_agree_ioctl(int fd,
+ unsigned char *x, int x_len,
+ unsigned char *y, int y_len,
+ unsigned char *m, int m_len,
+ unsigned char *k, int *k_len);
+
+typedef int t_UBSEC_rsa_mod_exp_ioctl(int fd,
+ unsigned char *x, int x_len,
+ unsigned char *m, int m_len,
+ unsigned char *e, int e_len,
+ unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_rsa_mod_exp_crt_ioctl(int fd,
+ unsigned char *x, int x_len,
+ unsigned char *qinv, int qinv_len,
+ unsigned char *edq, int edq_len,
+ unsigned char *q, int q_len,
+ unsigned char *edp, int edp_len,
+ unsigned char *p, int p_len,
+ unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_dsa_sign_ioctl(int fd,
+ int hash, unsigned char *data,
+ int data_len, unsigned char *rndom,
+ int random_len, unsigned char *p,
+ int p_len, unsigned char *q, int q_len,
+ unsigned char *g, int g_len,
+ unsigned char *key, int key_len,
+ unsigned char *r, int *r_len,
+ unsigned char *s, int *s_len);
+
+typedef int t_UBSEC_dsa_verify_ioctl(int fd,
+ int hash, unsigned char *data,
+ int data_len, unsigned char *p,
+ int p_len, unsigned char *q, int q_len,
+ unsigned char *g, int g_len,
+ unsigned char *key, int key_len,
+ unsigned char *r, int r_len,
+ unsigned char *s, int s_len,
+ unsigned char *v, int *v_len);
typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
- unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
- unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
- unsigned char *Result, int *Result_len);
+ unsigned char *ModN, int *ModN_len,
+ unsigned char *ExpE, int *ExpE_len,
+ unsigned char *ParamA,
+ int *ParamA_len,
+ unsigned char *ParamB,
+ int *ParamB_len,
+ unsigned char *Result,
+ int *Result_len);
typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
- unsigned char *Result, int *Result_len);
+ unsigned char *Result, int *Result_len);
typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/openssl/engines/vendor_defns/hwcryptohook.h b/openssl/engines/vendor_defns/hwcryptohook.h
index 482f1f2d1..9fc7b89ac 100644
--- a/openssl/engines/vendor_defns/hwcryptohook.h
+++ b/openssl/engines/vendor_defns/hwcryptohook.h
@@ -1,4 +1,4 @@
-/*
+/*-
* ModExp / RSA (with/without KM) plugin API
*
* The application will load a dynamic library which
@@ -69,22 +69,23 @@
*/
#ifndef HWCRYPTOHOOK_H
-#define HWCRYPTOHOOK_H
+# define HWCRYPTOHOOK_H
-#include <sys/types.h>
-#include <stdio.h>
+# include <sys/types.h>
+# include <stdio.h>
-#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
-#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
-#endif
+# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+# define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+# endif
-#define HWCRYPTOHOOK_ERROR_FAILED -1
-#define HWCRYPTOHOOK_ERROR_FALLBACK -2
-#define HWCRYPTOHOOK_ERROR_MPISIZE -3
+# define HWCRYPTOHOOK_ERROR_FAILED -1
+# define HWCRYPTOHOOK_ERROR_FALLBACK -2
+# define HWCRYPTOHOOK_ERROR_MPISIZE -3
-#if HWCRYPTOHOOK_DECLARE_APPTYPES
+# if HWCRYPTOHOOK_DECLARE_APPTYPES
-/* These structs are defined by the application and opaque to the
+/*-
+ * These structs are defined by the application and opaque to the
* crypto plugin. The application may define these as it sees fit.
* Default declarations are provided here, but the application may
* #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
@@ -95,12 +96,14 @@
*/
typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
-typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_PassphraseContextValue
+ HWCryptoHook_PassphraseContext;
typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
-#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+# endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
-/* These next two structs are opaque to the application. The crypto
+/*-
+ * These next two structs are opaque to the application. The crypto
* plugin will return pointers to them; the caller simply manipulates
* the pointers.
*/
@@ -108,15 +111,16 @@ typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
typedef struct {
- char *buf;
- size_t size;
+ char *buf;
+ size_t size;
} HWCryptoHook_ErrMsgBuf;
-/* Used for error reporting. When a HWCryptoHook function fails it
+/*-
+ * Used for error reporting. When a HWCryptoHook function fails it
* will return a sentinel value (0 for pointer-valued functions, or a
* negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
* integer-valued ones). It will, if an ErrMsgBuf is passed, also put
* an error message there.
- *
+ *
* size is the size of the buffer, and will not be modified. If you
* pass 0 for size you must pass 0 for buf, and nothing will be
* recorded (just as if you passed 0 for the struct pointer).
@@ -127,10 +131,11 @@ typedef struct {
*/
typedef struct HWCryptoHook_MPIStruct {
- unsigned char *buf;
- size_t size;
+ unsigned char *buf;
+ size_t size;
} HWCryptoHook_MPI;
-/* When one of these is returned, a pointer is passed to the function.
+/*-
+ * When one of these is returned, a pointer is passed to the function.
* At call, size is the space available. Afterwards it is updated to
* be set to the actual length (which may be more than the space available,
* if there was not enough room and the result was truncated).
@@ -141,9 +146,10 @@ typedef struct HWCryptoHook_MPIStruct {
* permitted.
*/
-#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
-#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
-/* Enable requesting fallback to software in case of problems with the
+# define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
+# define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
+/*-
+ * Enable requesting fallback to software in case of problems with the
* hardware support. This indicates to the crypto provider that the
* application is prepared to fall back to software operation if the
* ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
@@ -153,8 +159,9 @@ typedef struct HWCryptoHook_MPIStruct {
* within a short interval, if appropriate.
*/
-#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
-/* Without _SimpleForkCheck the library is allowed to assume that the
+# define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
+/*-
+ * Without _SimpleForkCheck the library is allowed to assume that the
* application will not fork and call the library in the child(ren).
*
* When it is specified, this is allowed. However, after a fork
@@ -167,14 +174,14 @@ typedef struct HWCryptoHook_MPIStruct {
*/
typedef struct {
- unsigned long flags;
- void *logstream; /* usually a FILE*. See below. */
-
- size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
- int mslimbfirst; /* 0 or 1 */
- int msbytefirst; /* 0 or 1; -1 = native */
-
- /* All the callback functions should return 0 on success, or a
+ unsigned long flags;
+ void *logstream; /* usually a FILE*. See below. */
+ size_t limbsize; /* bignum format - size of radix type, must
+ * be power of 2 */
+ int mslimbfirst; /* 0 or 1 */
+ int msbytefirst; /* 0 or 1; -1 = native */
+ /*-
+ * All the callback functions should return 0 on success, or a
* nonzero integer (whose value will be visible in the error message
* put in the buffer passed to the call).
*
@@ -182,8 +189,8 @@ typedef struct {
*
* The callbacks may not call down again into the crypto plugin.
*/
-
- /* For thread-safety. Set everything to 0 if you promise only to be
+ /*-
+ * For thread-safety. Set everything to 0 if you promise only to be
* singlethreaded. maxsimultaneous is the number of calls to
* ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
* put there then say 0 and the hook library will use a default.
@@ -199,133 +206,137 @@ typedef struct {
* single-threaded operation, should be indicated by the setting
* mutex_init et al to 0.
*/
- int maxmutexes;
- int maxsimultaneous;
- size_t mutexsize;
- int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
- int (*mutex_acquire)(HWCryptoHook_Mutex*);
- void (*mutex_release)(HWCryptoHook_Mutex*);
- void (*mutex_destroy)(HWCryptoHook_Mutex*);
-
- /* For greater efficiency, can use condition vars internally for
- * synchronisation. In this case maxsimultaneous is ignored, but
- * the other mutex stuff must be available. In singlethreaded
- * programs, set everything to 0.
- */
- size_t condvarsize;
- int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
- int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
- void (*condvar_signal)(HWCryptoHook_CondVar*);
- void (*condvar_broadcast)(HWCryptoHook_CondVar*);
- void (*condvar_destroy)(HWCryptoHook_CondVar*);
-
- /* The semantics of acquiring and releasing mutexes and broadcasting
- * and waiting on condition variables are expected to be those from
- * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
- * fast mutexes, recursive mutexes, or nonrecursive ones.
- *
- * The _release/_signal/_broadcast and _destroy functions must
- * always succeed when given a valid argument; if they are given an
- * invalid argument then the program (crypto plugin + application)
- * has an internal error, and they should abort the program.
- */
-
- int (*getpassphrase)(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
- /* Passphrases and the prompt_info, if they contain high-bit-set
- * characters, are UTF-8. The prompt_info may be a null pointer if
- * no prompt information is available (it should not be an empty
- * string). It will not contain text like `enter passphrase';
- * instead it might say something like `Operator Card for John
- * Smith' or `SmartCard in nFast Module #1, Slot #1'.
- *
- * buf points to a buffer in which to return the passphrase; on
- * entry *len_io is the length of the buffer. It should be updated
- * by the callback. The returned passphrase should not be
- * null-terminated by the callback.
- */
-
- int (*getphystoken)(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
- /* Requests that the human user physically insert a different
- * smartcard, DataKey, etc. The plugin should check whether the
- * currently inserted token(s) are appropriate, and if they are it
- * should not make this call.
- *
- * prompt_info is as before. wrong_info is a description of the
- * currently inserted token(s) so that the user is told what
- * something is. wrong_info, like prompt_info, may be null, but
- * should not be an empty string. Its contents should be
- * syntactically similar to that of prompt_info.
- */
-
- /* Note that a single LoadKey operation might cause several calls to
- * getpassphrase and/or requestphystoken. If requestphystoken is
- * not provided (ie, a null pointer is passed) then the plugin may
- * not support loading keys for which authorisation by several cards
- * is required. If getpassphrase is not provided then cards with
- * passphrases may not be supported.
- *
- * getpassphrase and getphystoken do not need to check that the
- * passphrase has been entered correctly or the correct token
- * inserted; the crypto plugin will do that. If this is not the
- * case then the crypto plugin is responsible for calling these
- * routines again as appropriate until the correct token(s) and
- * passphrase(s) are supplied as required, or until any retry limits
- * implemented by the crypto plugin are reached.
- *
- * In either case, the application must allow the user to say `no'
- * or `cancel' to indicate that they do not know the passphrase or
- * have the appropriate token; this should cause the callback to
- * return nonzero indicating error.
- */
-
- void (*logmessage)(void *logstream, const char *message);
- /* A log message will be generated at least every time something goes
- * wrong and an ErrMsgBuf is filled in (or would be if one was
- * provided). Other diagnostic information may be written there too,
- * including more detailed reasons for errors which are reported in an
- * ErrMsgBuf.
- *
- * When a log message is generated, this callback is called. It
- * should write a message to the relevant logging arrangements.
- *
- * The message string passed will be null-terminated and may be of arbitrary
- * length. It will not be prefixed by the time and date, nor by the
- * name of the library that is generating it - if this is required,
- * the logmessage callback must do it. The message will not have a
- * trailing newline (though it may contain internal newlines).
- *
- * If a null pointer is passed for logmessage a default function is
- * used. The default function treats logstream as a FILE* which has
- * been converted to a void*. If logstream is 0 it does nothing.
- * Otherwise it prepends the date and time and library name and
- * writes the message to logstream. Each line will be prefixed by a
- * descriptive string containing the date, time and identity of the
- * crypto plugin. Errors on the logstream are not reported
- * anywhere, and the default function doesn't flush the stream, so
- * the application must set the buffering how it wants it.
- *
- * The crypto plugin may also provide a facility to have copies of
- * log messages sent elsewhere, and or for adjusting the verbosity
- * of the log messages; any such facilities will be configured by
- * external means.
- */
-
+ int maxmutexes;
+ int maxsimultaneous;
+ size_t mutexsize;
+ int (*mutex_init) (HWCryptoHook_Mutex *,
+ HWCryptoHook_CallerContext * cactx);
+ int (*mutex_acquire) (HWCryptoHook_Mutex *);
+ void (*mutex_release) (HWCryptoHook_Mutex *);
+ void (*mutex_destroy) (HWCryptoHook_Mutex *);
+ /*-
+ * For greater efficiency, can use condition vars internally for
+ * synchronisation. In this case maxsimultaneous is ignored, but
+ * the other mutex stuff must be available. In singlethreaded
+ * programs, set everything to 0.
+ */
+ size_t condvarsize;
+ int (*condvar_init) (HWCryptoHook_CondVar *,
+ HWCryptoHook_CallerContext * cactx);
+ int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
+ void (*condvar_signal) (HWCryptoHook_CondVar *);
+ void (*condvar_broadcast) (HWCryptoHook_CondVar *);
+ void (*condvar_destroy) (HWCryptoHook_CondVar *);
+ /*-
+ * The semantics of acquiring and releasing mutexes and broadcasting
+ * and waiting on condition variables are expected to be those from
+ * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
+ * fast mutexes, recursive mutexes, or nonrecursive ones.
+ *
+ * The _release/_signal/_broadcast and _destroy functions must
+ * always succeed when given a valid argument; if they are given an
+ * invalid argument then the program (crypto plugin + application)
+ * has an internal error, and they should abort the program.
+ */
+ int (*getpassphrase) (const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
+ /*-
+ * Passphrases and the prompt_info, if they contain high-bit-set
+ * characters, are UTF-8. The prompt_info may be a null pointer if
+ * no prompt information is available (it should not be an empty
+ * string). It will not contain text like `enter passphrase';
+ * instead it might say something like `Operator Card for John
+ * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+ *
+ * buf points to a buffer in which to return the passphrase; on
+ * entry *len_io is the length of the buffer. It should be updated
+ * by the callback. The returned passphrase should not be
+ * null-terminated by the callback.
+ */
+ int (*getphystoken) (const char *prompt_info,
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
+ /*-
+ * Requests that the human user physically insert a different
+ * smartcard, DataKey, etc. The plugin should check whether the
+ * currently inserted token(s) are appropriate, and if they are it
+ * should not make this call.
+ *
+ * prompt_info is as before. wrong_info is a description of the
+ * currently inserted token(s) so that the user is told what
+ * something is. wrong_info, like prompt_info, may be null, but
+ * should not be an empty string. Its contents should be
+ * syntactically similar to that of prompt_info.
+ */
+ /*-
+ * Note that a single LoadKey operation might cause several calls to
+ * getpassphrase and/or requestphystoken. If requestphystoken is
+ * not provided (ie, a null pointer is passed) then the plugin may
+ * not support loading keys for which authorisation by several cards
+ * is required. If getpassphrase is not provided then cards with
+ * passphrases may not be supported.
+ *
+ * getpassphrase and getphystoken do not need to check that the
+ * passphrase has been entered correctly or the correct token
+ * inserted; the crypto plugin will do that. If this is not the
+ * case then the crypto plugin is responsible for calling these
+ * routines again as appropriate until the correct token(s) and
+ * passphrase(s) are supplied as required, or until any retry limits
+ * implemented by the crypto plugin are reached.
+ *
+ * In either case, the application must allow the user to say `no'
+ * or `cancel' to indicate that they do not know the passphrase or
+ * have the appropriate token; this should cause the callback to
+ * return nonzero indicating error.
+ */
+ void (*logmessage) (void *logstream, const char *message);
+ /*-
+ * A log message will be generated at least every time something goes
+ * wrong and an ErrMsgBuf is filled in (or would be if one was
+ * provided). Other diagnostic information may be written there too,
+ * including more detailed reasons for errors which are reported in an
+ * ErrMsgBuf.
+ *
+ * When a log message is generated, this callback is called. It
+ * should write a message to the relevant logging arrangements.
+ *
+ * The message string passed will be null-terminated and may be of arbitrary
+ * length. It will not be prefixed by the time and date, nor by the
+ * name of the library that is generating it - if this is required,
+ * the logmessage callback must do it. The message will not have a
+ * trailing newline (though it may contain internal newlines).
+ *
+ * If a null pointer is passed for logmessage a default function is
+ * used. The default function treats logstream as a FILE* which has
+ * been converted to a void*. If logstream is 0 it does nothing.
+ * Otherwise it prepends the date and time and library name and
+ * writes the message to logstream. Each line will be prefixed by a
+ * descriptive string containing the date, time and identity of the
+ * crypto plugin. Errors on the logstream are not reported
+ * anywhere, and the default function doesn't flush the stream, so
+ * the application must set the buffering how it wants it.
+ *
+ * The crypto plugin may also provide a facility to have copies of
+ * log messages sent elsewhere, and or for adjusting the verbosity
+ * of the log messages; any such facilities will be configured by
+ * external means.
+ */
} HWCryptoHook_InitInfo;
typedef
-HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
- size_t initinfosize,
- const HWCryptoHook_ErrMsgBuf *errors,
- HWCryptoHook_CallerContext *cactx);
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
+ initinfo, size_t initinfosize,
+ const HWCryptoHook_ErrMsgBuf *
+ errors,
+ HWCryptoHook_CallerContext *
+ cactx);
extern HWCryptoHook_Init_t HWCryptoHook_Init;
-/* Caller should set initinfosize to the size of the HWCryptoHook struct,
+/*-
+ * Caller should set initinfosize to the size of the HWCryptoHook struct,
* so it can be extended later.
*
* On success, a message for display or logging by the server,
@@ -334,7 +345,8 @@ extern HWCryptoHook_Init_t HWCryptoHook_Init;
* usual.
*/
-/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+/*-
+ * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
* on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
* the output MPI buffer(s) was too small; the sizes of all have been
* set to the desired size (and for those where the buffer was large
@@ -345,7 +357,8 @@ extern HWCryptoHook_Init_t HWCryptoHook_Init;
* _NoStderr at init time then messages may be reported to stderr.
*/
-/* The RSAImmed* functions (and key managed RSA) only work with
+/*-
+ * The RSAImmed* functions (and key managed RSA) only work with
* modules which have an RSA patent licence - currently that means KM
* units; the ModExp* ones work with all modules, so you need a patent
* licence in the software in the US. They are otherwise identical.
@@ -359,7 +372,7 @@ extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
typedef
int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
unsigned char *buf, size_t len,
- const HWCryptoHook_ErrMsgBuf *errors);
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
typedef
@@ -367,8 +380,8 @@ int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI a,
HWCryptoHook_MPI p,
HWCryptoHook_MPI n,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
typedef
@@ -376,8 +389,8 @@ int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI m,
HWCryptoHook_MPI e,
HWCryptoHook_MPI n,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
typedef
@@ -388,8 +401,8 @@ int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
typedef
@@ -400,11 +413,12 @@ int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
-/* The RSAImmed* and ModExp* functions may return E_FAILED or
+/*-
+ * The RSAImmed* and ModExp* functions may return E_FAILED or
* E_FALLBACK for failure.
*
* E_FAILED means the failure is permanent and definite and there
@@ -422,11 +436,12 @@ extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
typedef
int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
const char *key_ident,
- HWCryptoHook_RSAKeyHandle *keyhandle_r,
- const HWCryptoHook_ErrMsgBuf *errors,
- HWCryptoHook_PassphraseContext *ppctx);
+ HWCryptoHook_RSAKeyHandle * keyhandle_r,
+ const HWCryptoHook_ErrMsgBuf * errors,
+ HWCryptoHook_PassphraseContext * ppctx);
extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
-/* The key_ident is a null-terminated string configured by the
+/*-
+ * The key_ident is a null-terminated string configured by the
* user via the application's usual configuration mechanisms.
* It is provided to the user by the crypto provider's key management
* system. The user must be able to enter at least any string of between
@@ -445,11 +460,12 @@ extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
typedef
int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
- HWCryptoHook_MPI *n,
- HWCryptoHook_MPI *e,
- const HWCryptoHook_ErrMsgBuf *errors);
+ HWCryptoHook_MPI * n,
+ HWCryptoHook_MPI * e,
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
-/* The crypto plugin will not store certificates.
+/*-
+ * The crypto plugin will not store certificates.
*
* Although this function for acquiring the public key value is
* provided, it is not the purpose of this API to deal fully with the
@@ -471,16 +487,16 @@ extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
typedef
int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
- const HWCryptoHook_ErrMsgBuf *errors);
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
/* Might fail due to locking problems, or other serious internal problems. */
typedef
int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
HWCryptoHook_RSAKeyHandle k,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
/* RSA private key operation (sign or decrypt) - raw, unpadded. */
-#endif /*HWCRYPTOHOOK_H*/
+#endif /* HWCRYPTOHOOK_H */
diff --git a/openssl/engines/vendor_defns/sureware.h b/openssl/engines/vendor_defns/sureware.h
index e46b000dd..b1423e197 100644
--- a/openssl/engines/vendor_defns/sureware.h
+++ b/openssl/engines/vendor_defns/sureware.h
@@ -1,239 +1,250 @@
-/*
-* Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
-* Copyright@2001 Baltimore Technologies Ltd.
-* *
-* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
-* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
-* SUCH DAMAGE. *
-*
-*
-*/
+/*-
+ * Written by Corinne Dive-Reclus(cdive@baltimore.com)
+ *
+ * Copyright@2001 Baltimore Technologies Ltd.
+ *
+ * THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
#ifdef WIN32
-#define SW_EXPORT __declspec ( dllexport )
+# define SW_EXPORT __declspec ( dllexport )
#else
-#define SW_EXPORT
+# define SW_EXPORT
#endif
/*
-* List of exposed SureWare errors
-*/
-#define SUREWAREHOOK_ERROR_FAILED -1
-#define SUREWAREHOOK_ERROR_FALLBACK -2
+ * List of exposed SureWare errors
+ */
+#define SUREWAREHOOK_ERROR_FAILED -1
+#define SUREWAREHOOK_ERROR_FALLBACK -2
#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
#define SUREWAREHOOK_ERROR_DATA_SIZE -4
#define SUREWAREHOOK_ERROR_INVALID_PAD -5
-/*
+/*-
* -----------------WARNING-----------------------------------
* In all the following functions:
* msg is a string with at least 24 bytes free.
-* A 24 bytes string will be concatenated to the existing content of msg.
+* A 24 bytes string will be concatenated to the existing content of msg.
*/
-/*
-* SureWare Initialisation function
-* in param threadsafe, if !=0, thread safe enabled
-* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
+/*-
+* SureWare Initialisation function
+* in param threadsafe, if !=0, thread safe enabled
+* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
*/
-typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
+typedef int SureWareHook_Init_t(char *const msg, int threadsafe);
extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
-/*
-* SureWare Finish function
+/*-
+* SureWare Finish function
*/
typedef void SureWareHook_Finish_t(void);
extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
-/*
-* PRE_CONDITION:
-* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
-*/
-/*
-* SureWare RAND Bytes function
-* In case of failure, the content of buf is unpredictable.
-* return 1 if success
-* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+/*-
+* PRE_CONDITION:
+* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
+*/
+/*-
+* SureWare RAND Bytes function
+* In case of failure, the content of buf is unpredictable.
+* return 1 if success
+* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
-* in/out param buf : a num bytes long buffer where random bytes will be put
-* in param num : the number of bytes into buf
+* in/out param buf : a num bytes long buffer where random bytes will be put
+* in param num : the number of bytes into buf
*/
-typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
+typedef int SureWareHook_Rand_Bytes_t(char *const msg, unsigned char *buf,
+ int num);
extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
-/*
-* SureWare RAND Seed function
-* Adds some seed to the Hardware Random Number Generator
-* return 1 if success
-* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+/*-
+* SureWare RAND Seed function
+* Adds some seed to the Hardware Random Number Generator
+* return 1 if success
+* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
-* in param buf : the seed to add into the HRNG
-* in param num : the number of bytes into buf
+* in param buf : the seed to add into the HRNG
+* in param num : the number of bytes into buf
*/
-typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
+typedef int SureWareHook_Rand_Seed_t(char *const msg, const void *buf,
+ int num);
extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
-/*
-* SureWare Load Private Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
+/*-
+* SureWare Load Private Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
*
-* in param key_id :the name of the private protected key file without the extension
- ".sws"
-* out param hptr : a pointer to a buffer allocated by SureWare_Hook
-* out param num: the effective key length in bytes
-* out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
+* in param key_id :the name of the private protected key file without the extension
+ ".sws"
+* out param hptr : a pointer to a buffer allocated by SureWare_Hook
+* out param num: the effective key length in bytes
+* out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Load_Privkey_t(char *const msg, const char *key_id,
+ char **hptr, unsigned long *num,
+ char *keytype);
extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
-/*
-* SureWare Info Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
+/*-
+* SureWare Info Public Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
*
-* in param key_id :the name of the private protected key file without the extension
- ".swp"
-* out param hptr : a pointer to a buffer allocated by SureWare_Hook
-* out param num: the effective key length in bytes
-* out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
- char *keytype);
+* in param key_id :the name of the private protected key file without the extension
+ ".swp"
+* out param hptr : a pointer to a buffer allocated by SureWare_Hook
+* out param num: the effective key length in bytes
+* out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Info_Pubkey_t(char *const msg, const char *key_id,
+ unsigned long *num, char *keytype);
extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
-/*
-* SureWare Load Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
+/*-
+* SureWare Load Public Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
*
-* in param key_id :the name of the public protected key file without the extension
- ".swp"
-* in param num : the bytes size of n and e
-* out param n: where to write modulus in bn format
-* out param e: where to write exponent in bn format
-*/
-typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
- unsigned long *n, unsigned long *e);
+* in param key_id :the name of the public protected key file without the extension
+ ".swp"
+* in param num : the bytes size of n and e
+* out param n: where to write modulus in bn format
+* out param e: where to write exponent in bn format
+*/
+typedef int SureWareHook_Load_Rsa_Pubkey_t(char *const msg,
+ const char *key_id,
+ unsigned long num,
+ unsigned long *n,
+ unsigned long *e);
extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
-/*
-* SureWare Load DSA Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
+/*-
+* SureWare Load DSA Public Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
*
-* in param key_id :the name of the public protected key file without the extension
- ".swp"
-* in param num : the bytes size of n and e
-* out param pub: where to write pub key in bn format
-* out param p: where to write prime in bn format
-* out param q: where to write sunprime (length 20 bytes) in bn format
-* out param g: where to write base in bn format
-*/
-typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
- unsigned long *pub, unsigned long *p,unsigned long*q,
- unsigned long *g);
+* in param key_id :the name of the public protected key file without the extension
+ ".swp"
+* in param num : the bytes size of n and e
+* out param pub: where to write pub key in bn format
+* out param p: where to write prime in bn format
+* out param q: where to write sunprime (length 20 bytes) in bn format
+* out param g: where to write base in bn format
+*/
+typedef int SureWareHook_Load_Dsa_Pubkey_t(char *const msg,
+ const char *key_id,
+ unsigned long num,
+ unsigned long *pub,
+ unsigned long *p, unsigned long *q,
+ unsigned long *g);
extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
-/*
-* SureWare Free function
-* Destroy the key into the hardware if destroy==1
+/*-
+* SureWare Free function
+* Destroy the key into the hardware if destroy==1
*/
-typedef void SureWareHook_Free_t(char *p,int destroy);
+typedef void SureWareHook_Free_t(char *p, int destroy);
extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
#define SUREWARE_PKCS1_PAD 1
#define SUREWARE_ISO9796_PAD 2
#define SUREWARE_NO_PAD 0
-/*
+/*-
* SureWare RSA Private Decryption
* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param tlen: byte size of decrypted data, if error, unexpected value
-* out param to : decrypted data buffer, should be a not-null valid pointer
+* in param flen : byte size of from and to
+* in param from : encrypted data buffer, should be a not-null valid pointer
+* out param tlen: byte size of decrypted data, if error, unexpected value
+* out param to : decrypted data buffer, should be a not-null valid pointer
* in param prsa: a protected key pointer, should be a not-null valid pointer
* int padding: padding id as follow
-* SUREWARE_PKCS1_PAD
-* SUREWARE_NO_PAD
+* SUREWARE_PKCS1_PAD
+* SUREWARE_NO_PAD
*
*/
-typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
- int *tlen,unsigned char *to,
- char *prsa,int padding);
+typedef int SureWareHook_Rsa_Priv_Dec_t(char *const msg, int flen,
+ unsigned char *from, int *tlen,
+ unsigned char *to, char *prsa,
+ int padding);
extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
-/*
+/*-
* SureWare RSA Signature
* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param tlen: byte size of decrypted data, if error, unexpected value
-* out param to : decrypted data buffer, should be a not-null valid pointer
+* in param flen : byte size of from and to
+* in param from : encrypted data buffer, should be a not-null valid pointer
+* out param tlen: byte size of decrypted data, if error, unexpected value
+* out param to : decrypted data buffer, should be a not-null valid pointer
* in param prsa: a protected key pointer, should be a not-null valid pointer
* int padding: padding id as follow
-* SUREWARE_PKCS1_PAD
-* SUREWARE_ISO9796_PAD
+* SUREWARE_PKCS1_PAD
+* SUREWARE_ISO9796_PAD
*
*/
-typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
- int *tlen,unsigned char *to,
- char *prsa,int padding);
+typedef int SureWareHook_Rsa_Sign_t(char *const msg, int flen,
+ unsigned char *from, int *tlen,
+ unsigned char *to, char *prsa,
+ int padding);
extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
-/*
+/*-
* SureWare DSA Signature
* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param to : decrypted data buffer, should be a 40bytes valid pointer
+* in param flen : byte size of from and to
+* in param from : encrypted data buffer, should be a not-null valid pointer
+* out param to : decrypted data buffer, should be a 40bytes valid pointer
* in param pdsa: a protected key pointer, should be a not-null valid pointer
*
*/
-typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
- unsigned long *r,unsigned long *s,char *pdsa);
+typedef int SureWareHook_Dsa_Sign_t(char *const msg, int flen,
+ const unsigned char *from,
+ unsigned long *r, unsigned long *s,
+ char *pdsa);
extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
-
-/*
+/*-
* SureWare Mod Exp
* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
-* mod and res are mlen bytes long.
-* exp is elen bytes long
-* data is dlen bytes long
-* mlen,elen and dlen are all multiple of sizeof(unsigned long)
-*/
-typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
- int elen,const unsigned long *exponent,
- int dlen,unsigned long *data,
- unsigned long *res);
+* mod and res are mlen bytes long.
+* exp is elen bytes long
+* data is dlen bytes long
+* mlen,elen and dlen are all multiple of sizeof(unsigned long)
+*/
+typedef int SureWareHook_Mod_Exp_t(char *const msg, int mlen,
+ const unsigned long *mod, int elen,
+ const unsigned long *exponent, int dlen,
+ unsigned long *data, unsigned long *res);
extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
-