X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=engines%2Fe_ubsec.c;h=458f37e996ec53a43ba5640882d44a8828d3107b;hb=1e8f69c6a5b52ac2f3941b49d710912ffe0f04ca;hp=7d077c7bc322abbc43bc188c057015d89d1eae98;hpb=ecd45314b88cc4b630955b8f9c8d146b0d7a317b;p=oweals%2Fopenssl.git diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 7d077c7bc3..458f37e996 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -59,10 +59,21 @@ */ #include +#include #include -#include "cryptlib.h" +#include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif +#include #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_UBSEC @@ -74,24 +85,24 @@ #endif #define UBSEC_LIB_NAME "ubsec engine" -#include "hw_ubsec_err.c" +#include "e_ubsec_err.c" #define FAIL_TO_SOFTWARE -15 static int ubsec_destroy(ENGINE *e); static int ubsec_init(ENGINE *e); static int ubsec_finish(ENGINE *e); -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); +#ifndef OPENSSL_NO_RSA static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dp, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx); -#ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); -#endif +static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif #ifndef OPENSSL_NO_DSA #ifdef NOT_USED static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, @@ -143,6 +154,7 @@ static RSA_METHOD ubsec_rsa = 0, NULL, NULL, + NULL, NULL }; #endif @@ -160,7 +172,9 @@ static DSA_METHOD ubsec_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -175,6 +189,7 @@ static DH_METHOD ubsec_dh = NULL, NULL, 0, + NULL, NULL }; #endif @@ -242,6 +257,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_ubsec(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +280,7 @@ void ENGINE_load_ubsec(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the UBSEC library. NB: This is only set (or unset) during an @@ -285,10 +302,10 @@ static t_UBSEC_diffie_hellman_generate_ioctl *p_UBSEC_diffie_hellman_generate_ioctl = NULL; static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL; #endif -/* #ifndef OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_RSA static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL; static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; -/* #endif */ +#endif #ifndef OPENSSL_NO_DSA static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL; static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL; @@ -389,29 +406,38 @@ static int ubsec_init(ENGINE *e) goto err; } - if ( - !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) || - !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) || - !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) || - !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) || + if (!(p1 = (t_UBSEC_ubsec_bytes_to_bits *) + DSO_bind_func(ubsec_dso, UBSEC_F1)) + || !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) + DSO_bind_func(ubsec_dso, UBSEC_F2)) + || !(p3 = (t_UBSEC_ubsec_open *) + DSO_bind_func(ubsec_dso, UBSEC_F3)) + || !(p4 = (t_UBSEC_ubsec_close *) + DSO_bind_func(ubsec_dso, UBSEC_F4)) #ifndef OPENSSL_NO_DH - !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F5)) || - !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F6)) || + || !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F5)) + || !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F6)) #endif /* #ifndef OPENSSL_NO_RSA */ - !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) || - !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) || + || !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F7)) + || !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F8)) /* #endif */ #ifndef OPENSSL_NO_DSA - !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) || - !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) || + || !(p9 = (t_UBSEC_dsa_sign_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F9)) + || !(p10 = (t_UBSEC_dsa_verify_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F10)) #endif - !(p11 = (t_UBSEC_math_accelerate_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F11)) || - !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) || - !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13))) + || !(p11 = (t_UBSEC_math_accelerate_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F11)) + || !(p12 = (t_UBSEC_rng_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F12)) + || !(p13 = (t_UBSEC_max_key_len_ioctl *) + DSO_bind_func(ubsec_dso, UBSEC_F13))) { UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); goto err; @@ -452,6 +478,7 @@ static int ubsec_init(ENGINE *e) err: if(ubsec_dso) DSO_free(ubsec_dso); + ubsec_dso = NULL; p_UBSEC_ubsec_bytes_to_bits = NULL; p_UBSEC_ubsec_bits_to_bytes = NULL; p_UBSEC_ubsec_open = NULL; @@ -511,7 +538,7 @@ static int ubsec_finish(ENGINE *e) return 1; } -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((ubsec_dso == NULL) ? 0 : 1); switch(cmd) @@ -559,11 +586,10 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); return 0; } - memset(r->d, 0, BN_num_bytes(m)); if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); + UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE); return BN_mod_exp(r, a, p, m, ctx); } @@ -584,14 +610,10 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } #ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BN_CTX *ctx; int to_return = 0; - if((ctx = BN_CTX_new()) == NULL) - goto err; - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS); @@ -606,40 +628,35 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) * Do in software as hardware failed. */ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - to_return = (*meth->rsa_mod_exp)(r0, I, rsa); + to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } err: - if(ctx) - BN_CTX_free(ctx); return to_return; } -#endif static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dp, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx) { int y_len, - m_len, fd; - m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1; y_len = BN_num_bits(p) + BN_num_bits(q); /* Check if hardware can't handle this argument. */ if (y_len > max_key_len) { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL); return FAIL_TO_SOFTWARE; } if (!bn_wexpand(r, p->top + q->top + 1)) { - UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL); + UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL); return 0; } if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); + UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE); return FAIL_TO_SOFTWARE; } @@ -651,7 +668,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, (unsigned char *)dq->d, BN_num_bits(dq), (unsigned char *)q->d, BN_num_bits(q), (unsigned char *)r->d, &y_len) != 0) { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED); + UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); return FAIL_TO_SOFTWARE; } @@ -661,6 +678,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2; return 1; } +#endif #ifndef OPENSSL_NO_DSA #ifdef NOT_USED @@ -693,6 +711,8 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, #endif #endif +#ifndef OPENSSL_NO_RSA + /* * This function is aliased to mod_exp (with the mont stuff dropped). */ @@ -701,7 +721,6 @@ static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, { int ret = 0; -#ifndef OPENSSL_NO_RSA /* Do in software if the key is too large for the hardware. */ if (BN_num_bits(m) > max_key_len) { @@ -709,13 +728,13 @@ static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx); } else -#endif { ret = ubsec_mod_exp(r, a, p, m, ctx); } return ret; } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ @@ -745,19 +764,19 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) || (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) { - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); + UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL); goto err; } if (BN_bin2bn(dgst,dlen,&m) == NULL) { - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); + UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL); goto err; } if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DSA_METHOD *meth; fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); + UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE); meth = DSA_OpenSSL(); to_return = meth->dsa_do_sign(dgst, dlen, dsa); goto err; @@ -774,7 +793,7 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) (unsigned char *)s->d, &s_len ) != 0) { const DSA_METHOD *meth; - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED); + UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DSA_OpenSSL(); to_return = meth->dsa_do_sign(dgst, dlen, dsa); @@ -789,7 +808,7 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) to_return = DSA_SIG_new(); if(to_return == NULL) { - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); + UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL); goto err; } @@ -811,12 +830,12 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, int v_len, d_len; int to_return = 0; int fd; - BIGNUM v; + BIGNUM v, *pv = &v; BN_init(&v); - if(!bn_wexpand(&v, dsa->p->top)) { - UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL); + if(!bn_wexpand(pv, dsa->p->top)) { + UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL); goto err; } @@ -827,7 +846,7 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DSA_METHOD *meth; fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); + UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE); meth = DSA_OpenSSL(); to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa); goto err; @@ -843,7 +862,7 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, (unsigned char *)sig->s->d, BN_num_bits(sig->s), (unsigned char *)v.d, &v_len) != 0) { const DSA_METHOD *meth; - UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED); + UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DSA_OpenSSL(); @@ -862,7 +881,7 @@ err: #endif #ifndef OPENSSL_NO_DH -static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh) +static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh) { int ret = -1, k_len, @@ -873,7 +892,7 @@ static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DH_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); + UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE); meth = DH_OpenSSL(); ret = meth->compute_key(key, pub_key, dh); goto err; @@ -887,7 +906,7 @@ static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh { /* Hardware's a no go, failover to software */ const DH_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); + UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DH_OpenSSL(); @@ -903,7 +922,7 @@ err: return ret; } -static int ubsec_dh_generate_key (DH *dh) +static int ubsec_dh_generate_key(DH *dh) { int ret = 0, random_bits = 0, @@ -923,7 +942,7 @@ static int ubsec_dh_generate_key (DH *dh) priv_key = BN_new(); if (priv_key == NULL) goto err; priv_key_len = BN_num_bits(dh->p); - bn_wexpand(priv_key, dh->p->top); + if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err; do if (!BN_rand_range(priv_key, dh->p)) goto err; while (BN_is_zero(priv_key)); @@ -938,7 +957,7 @@ static int ubsec_dh_generate_key (DH *dh) { pub_key = BN_new(); pub_key_len = BN_num_bits(dh->p); - bn_wexpand(pub_key, dh->p->top); + if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err; if(pub_key == NULL) goto err; } else @@ -949,7 +968,7 @@ static int ubsec_dh_generate_key (DH *dh) if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DH_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); + UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE); meth = DH_OpenSSL(); ret = meth->generate_key(dh); goto err; @@ -965,7 +984,7 @@ static int ubsec_dh_generate_key (DH *dh) /* Hardware's a no go, failover to software */ const DH_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); + UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DH_OpenSSL(); @@ -997,7 +1016,7 @@ static int ubsec_rand_bytes(unsigned char * buf, if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const RAND_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); + UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE); num = p_UBSEC_ubsec_bits_to_bytes(num); meth = RAND_SSLeay(); meth->seed(buf, num); @@ -1015,7 +1034,7 @@ static int ubsec_rand_bytes(unsigned char * buf, /* Hardware's a no go, failover to software */ const RAND_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED); + UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); num = p_UBSEC_ubsec_bits_to_bytes(num);