if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF asym process failed, Running in software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+ ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
} else if (ECANCELED == kop.crk_status) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF hardware operation cancelled. Running in Software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+ ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
}
/* else cryptodev operation worked ok ==> ret = 1 */
BN_CTX *ctx)
{
int r;
+ BIGNUM *n = NULL;
+ BIGNUM *d = NULL;
+
ctx = BN_CTX_new();
- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+ RSA_get0_key(rsa, &n, NULL, &d);
+ r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL);
BN_CTX_free(ctx);
return (r);
}
{
struct crypt_kop kop;
int ret = 1;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ BIGNUM *p = NULL;
+ BIGNUM *q = NULL;
+ BIGNUM *dmp1 = NULL;
+ BIGNUM *dmq1 = NULL;
+ BIGNUM *iqmp = NULL;
+ BIGNUM *n = NULL;
+
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+ RSA_get0_key(rsa, &n, NULL, NULL);
+
+ if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
/* XXX 0 means failure?? */
return (0);
}
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_MOD_EXP_CRT;
/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- if (bn2crparam(rsa->p, &kop.crk_param[0]))
+ if (bn2crparam(p, &kop.crk_param[0]))
goto err;
- if (bn2crparam(rsa->q, &kop.crk_param[1]))
+ if (bn2crparam(q, &kop.crk_param[1]))
goto err;
if (bn2crparam(I, &kop.crk_param[2]))
goto err;
- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+ if (bn2crparam(dmp1, &kop.crk_param[3]))
goto err;
- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+ if (bn2crparam(dmq1, &kop.crk_param[4]))
goto err;
- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+ if (bn2crparam(iqmp, &kop.crk_param[5]))
goto err;
kop.crk_iparams = 6;
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+ if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF asym process failed, running in Software\n");
- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
} else if (ECANCELED == kop.crk_status) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF hardware operation cancelled. Running in Software\n");
- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
}
/* else cryptodev operation worked ok ==> ret = 1 */
return (ret);
}
-static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
- NULL, /* rsa_pub_dec */
- NULL, /* rsa_priv_enc */
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* rsa_sign */
- NULL /* rsa_verify */
-};
+static RSA_METHOD *cryptodev_rsa;
#ifndef OPENSSL_NO_DSA
static int
struct crypt_kop kop;
int dhret = 1;
int fd, keylen;
+ BIGNUM *p = NULL;
+ BIGNUM *priv_key = NULL;
if ((fd = get_asym_dev_crypto()) < 0) {
const DH_METHOD *meth = DH_OpenSSL();
- return ((meth->compute_key) (key, pub_key, dh));
+ return DH_meth_get_compute_key(meth)(key, pub_key, dh);
}
- keylen = BN_num_bits(dh->p);
+ DH_get0_pqg(dh, &p, NULL, NULL);
+ DH_get0_key(dh, NULL, &priv_key);
+
+ keylen = BN_num_bits(p);
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DH_COMPUTE_KEY;
/* inputs: dh->priv_key pub_key dh->p key */
- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+ if (bn2crparam(priv_key, &kop.crk_param[0]))
goto err;
if (bn2crparam(pub_key, &kop.crk_param[1]))
goto err;
- if (bn2crparam(dh->p, &kop.crk_param[2]))
+ if (bn2crparam(p, &kop.crk_param[2]))
goto err;
kop.crk_iparams = 3;
if (ioctl(fd, CIOCKEY, &kop) == -1) {
const DH_METHOD *meth = DH_OpenSSL();
- dhret = (meth->compute_key) (key, pub_key, dh);
+ dhret = DH_meth_get_compute_key(meth)(key, pub_key, dh);
}
err:
kop.crk_param[3].crp_p = NULL;
return (dhret);
}
-static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
- NULL,
- NULL,
- NULL,
- NULL,
- 0, /* flags */
- NULL /* app_data */
-};
+static DH_METHOD *cryptodev_dh;
#endif /* ndef OPENSSL_NO_DH */
return;
}
- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
- const RSA_METHOD *rsa_meth = RSA_PKCS1_OpenSSL();
-
- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
- else
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+ cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL());
+ if (cryptodev_rsa != NULL) {
+ RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method");
+ RSA_meth_set_flags(cryptodev_rsa, 0);
+ if (ENGINE_set_RSA(engine, cryptodev_rsa)) {
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp);
+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+ RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp);
+ else
+ RSA_meth_set_mod_exp(cryptodev_rsa,
+ cryptodev_rsa_nocrt_mod_exp);
+ }
}
}
if (cryptodev_asymfeat & CRF_DSA_SIGN)
DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
if (cryptodev_asymfeat & CRF_MOD_EXP) {
- DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp);
+ DSA_meth_set_bn_mod_exp(cryptodev_dsa,
+ cryptodev_dsa_bn_mod_exp);
DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
}
if (cryptodev_asymfeat & CRF_DSA_VERIFY)
#endif
#ifndef OPENSSL_NO_DH
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
- const DH_METHOD *dh_meth = DH_OpenSSL();
-
- cryptodev_dh.generate_key = dh_meth->generate_key;
- cryptodev_dh.compute_key = dh_meth->compute_key;
- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+ cryptodev_dh = DH_meth_dup(DH_OpenSSL());
+ if (cryptodev_dh != NULL) {
+ DH_meth_set1_name(cryptodev_dh, "cryptodev DH method");
+ DH_meth_set_flags(cryptodev_dh, 0);
+ if (ENGINE_set_DH(engine, cryptodev_dh)) {
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh);
+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+ DH_meth_set_compute_key(cryptodev_dh,
+ cryptodev_dh_compute_key);
+ }
}
}
#endif