aboutsummaryrefslogtreecommitdiff
path: root/openssl/engines
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/engines')
-rw-r--r--openssl/engines/ccgost/gost94_keyx.c2
-rw-r--r--openssl/engines/ccgost/gost_ameth.c2
-rw-r--r--openssl/engines/ccgost/gost_crypt.c6
-rw-r--r--openssl/engines/e_chil.c54
-rw-r--r--openssl/engines/e_ubsec.c2
-rw-r--r--openssl/engines/makeengines.com67
6 files changed, 65 insertions, 68 deletions
diff --git a/openssl/engines/ccgost/gost94_keyx.c b/openssl/engines/ccgost/gost94_keyx.c
index a183edbe8..624be586a 100644
--- a/openssl/engines/ccgost/gost94_keyx.c
+++ b/openssl/engines/ccgost/gost94_keyx.c
@@ -177,7 +177,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
*outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL);
- if (*outlen == 0)
+ if (*outlen <= 0)
{
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err;
diff --git a/openssl/engines/ccgost/gost_ameth.c b/openssl/engines/ccgost/gost_ameth.c
index 16a99ac2b..f620a216c 100644
--- a/openssl/engines/ccgost/gost_ameth.c
+++ b/openssl/engines/ccgost/gost_ameth.c
@@ -801,7 +801,7 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
switch (op)
{
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_undef;
+ *(int *)arg2 = NID_id_Gost28147_89_MAC;
return 2;
}
return -2;
diff --git a/openssl/engines/ccgost/gost_crypt.c b/openssl/engines/ccgost/gost_crypt.c
index eb11f0e32..4977d1dcf 100644
--- a/openssl/engines/ccgost/gost_crypt.c
+++ b/openssl/engines/ccgost/gost_crypt.c
@@ -299,7 +299,7 @@ int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (i<inl)
{
gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
- if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,j);
+ if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i);
for (j=0;i<inl;j++,i++)
{
out_ptr[j]=ctx->buf[j]^in_ptr[j];
@@ -459,13 +459,15 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
int ret = -1;
int len;
GOST_CIPHER_PARAMS *gcp = NULL;
- unsigned char *p = params->value.sequence->data;
+ unsigned char *p;
struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)
{
return ret;
}
+ p = params->value.sequence->data;
+
gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
params->value.sequence->length);
diff --git a/openssl/engines/e_chil.c b/openssl/engines/e_chil.c
index 30693353d..9c2729c96 100644
--- a/openssl/engines/e_chil.c
+++ b/openssl/engines/e_chil.c
@@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
#endif
#ifndef OPENSSL_NO_DH
@@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp);
-#endif
/* Interaction stuff */
static int hwcrhk_insert_card(const char *prompt_info,
@@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa =
hwcrhk_rsa_mod_exp,
hwcrhk_mod_exp_mont,
NULL,
- NULL,
+ hwcrhk_rsa_finish,
0,
NULL,
NULL,
@@ -602,7 +597,7 @@ static int hwcrhk_init(ENGINE *e)
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
- NULL, NULL, hwcrhk_ex_free);
+ NULL, NULL, NULL);
#endif
return 1;
err:
@@ -1078,6 +1073,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
{
return hwcrhk_mod_exp(r, a, p, m, ctx);
}
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+ {
+ HWCryptoHook_RSAKeyHandle *hptr;
+ int ret;
+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (hptr)
+ {
+ ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+ }
+ return 1;
+ }
+
#endif
#ifndef OPENSSL_NO_DH
@@ -1136,34 +1146,6 @@ static int hwcrhk_rand_status(void)
return 1;
}
-/* This cleans up an RSA KM key, called when ex_data is freed */
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp)
-{
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
- int ret;
-#endif
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
-#ifndef OPENSSL_NO_RSA
- hptr = (HWCryptoHook_RSAKeyHandle *) item;
- if(hptr)
- {
- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
- OPENSSL_free(hptr);
- }
-#endif
-}
-#endif
-
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
* these just wrap the POSIX functions and add some logging.
*/
diff --git a/openssl/engines/e_ubsec.c b/openssl/engines/e_ubsec.c
index b68541083..9b747b9ae 100644
--- a/openssl/engines/e_ubsec.c
+++ b/openssl/engines/e_ubsec.c
@@ -302,8 +302,8 @@ static t_UBSEC_diffie_hellman_generate_ioctl
*p_UBSEC_diffie_hellman_generate_ioctl = NULL;
static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
#endif
-static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
#ifndef OPENSSL_NO_RSA
+static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
#endif
#ifndef OPENSSL_NO_DSA
diff --git a/openssl/engines/makeengines.com b/openssl/engines/makeengines.com
index 5f9b8d4d9..6cf423607 100644
--- a/openssl/engines/makeengines.com
+++ b/openssl/engines/makeengines.com
@@ -30,17 +30,6 @@ $! all available engines are built.
$!
$!-----------------------------------------------------------------------------
$!
-$! Set the names of the engines we want to build
-$! NOTE: Some might think this list ugly. However, it's made this way to
-$! reflect the LIBNAMES variable in Makefile as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another
-$! library that isn't necessarely ported to VMS.
-$!
-$ ENGINES = "," + P6
-$ IF ENGINES .EQS. "," THEN -
- ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,ccgost"
-$!
$! Set the default TCP/IP library to link against if needed
$!
$ TCPIP_LIB = ""
@@ -52,7 +41,7 @@ $ THEN
$!
$! The Architecture Is VAX.
$!
-$ ARCH := VAX
+$ ARCH = "VAX"
$!
$! Else...
$!
@@ -67,7 +56,23 @@ $! End The Architecture Check.
$!
$ ENDIF
$!
-$! Set the goal directories, and creat them if necessary
+$! Set the names of the engines we want to build
+$! NOTE: Some might think this list ugly. However, it's made this way to
+$! reflect the LIBNAMES variable in Makefile as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
+$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another
+$! library that isn't necessarely ported to VMS.
+$!
+$ ENGINES = "," + P6
+$ IF ENGINES .EQS. "," THEN -
+ ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
+$!
+$! GOST requires a 64-bit integer type, unavailable on VAX.
+$!
+$ IF (ARCH .NES. "VAX") THEN -
+ ENGINES = ENGINES+ ",ccgost"
+$!
+$! Set the goal directories, and create them if necessary
$!
$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES]
$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES]
@@ -110,7 +115,7 @@ $ ENGINE_chil = "e_chil"
$ ENGINE_nuron = "e_nuron"
$ ENGINE_sureware = "e_sureware"
$ ENGINE_ubsec = "e_ubsec"
-$ ENGINE_ubsec = "e_padlock"
+$ ENGINE_padlock = "e_padlock"
$
$ ENGINE_ccgost_SUBDIR = "ccgost"
$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
@@ -163,9 +168,12 @@ $ ELSE
$ WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")"
$ ENDIF
$!
-$! Create a .OPT file for the object files
+$! Create a .OPT file for the object files (for a real engine name).
$!
-$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
+$ IF ENGINE_NAME .NES. ""
+$ THEN
+$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
+$ ENDIF
$!
$! Here's the start of per-engine module loop.
$!
@@ -217,22 +225,27 @@ $ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ELSE
$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ENDIF
-$ WRITE OBJECTS OBJECT_FILE
+$!
+$! Write the entry to the .OPT file (for a real engine name).
+$!
+$ IF ENGINE_NAME .NES. ""
+$ THEN
+$ WRITE OBJECTS OBJECT_FILE
+$ ENDIF
$!
$! Next file
$!
$ GOTO FILE_NEXT
$!
$ FILE_DONE:
-$ CLOSE OBJECTS
$!
$! Do not link the support files.
$!
$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT
$!
-$! Do not link the support files.
+$! Close the linker options file (for a real engine name).
$!
-$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT
+$ CLOSE OBJECTS
$!
$! Now, there are two ways to handle this. We can either build
$! shareable images or stick the engine object file into libcrypto.
@@ -412,13 +425,13 @@ $! Else...
$!
$ ELSE
$!
-$! Else, Check To See If OPT_PHASE Has A Valid Arguement.
+$! Else, Check To See If OPT_PHASE Has A Valid Argument.
$!
$ IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") -
.NES. ("," + ACCEPT_PHASE + ",")
$ THEN
$!
-$! A Valid Arguement.
+$! A Valid Argument.
$!
$ BUILDALL = OPT_PHASE
$!
@@ -449,7 +462,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -502,7 +515,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -771,7 +784,7 @@ $! Show user the result
$!
$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
@@ -789,7 +802,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -885,7 +898,7 @@ $! Print info
$!
$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!