From 354c3ace73db6eafa235b6db948060a2ab82bb7b Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 18 Aug 2001 10:22:54 +0000 Subject: [PATCH] Add first cut symmetric crypto support. --- CHANGES | 3 + TABLE | 131 +++++++++++++++++--------- apps/apps.c | 4 + apps/engine.c | 10 +- crypto/des/Makefile.ssl | 3 +- crypto/engine/Makefile.ssl | 39 +++++++- crypto/engine/engine.h | 11 +++ crypto/engine/engine_all.c | 10 ++ crypto/engine/engine_evp.c | 98 +++++++++++++++++++ crypto/engine/engine_int.h | 17 ++++ crypto/engine/engine_list.c | 1 + crypto/engine/hw_openbsd_dev_crypto.c | 79 ++++++++++++++++ crypto/evp/Makefile.ssl | 1 + crypto/evp/c_allc.c | 4 - crypto/evp/openbsd_hw.c | 2 - crypto/stack/safestack.h | 20 ++++ crypto/x509/Makefile.ssl | 14 +++ util/libeay.num | 4 + 18 files changed, 398 insertions(+), 53 deletions(-) create mode 100644 crypto/engine/engine_evp.c create mode 100644 crypto/engine/hw_openbsd_dev_crypto.c diff --git a/CHANGES b/CHANGES index ab1037ed04..52593b2e04 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,9 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) Add symmetric cipher support to ENGINE. Expect the API to change! + [Ben Laurie] + +) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(), X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate(). diff --git a/TABLE b/TABLE index 2871c8a70a..01e0383b0a 100644 --- a/TABLE +++ b/TABLE @@ -1,3 +1,4 @@ +Output of `Configure TABLE': *** BC-16 $cc = bcc @@ -70,7 +71,7 @@ $ranlib = *** CygWin32 $cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall +$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -mcpu=i486 -Wall $unistd = $thread_cflag = $sys_id = CYGWIN32 @@ -93,7 +94,7 @@ $ranlib = *** FreeBSD $cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall +$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -mcpu=i486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -139,7 +140,7 @@ $ranlib = *** FreeBSD-elf $cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall +$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -mcpu=i486 -Wall $unistd = $thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE $sys_id = @@ -185,7 +186,7 @@ $ranlib = *** Mingw32 $cc = gcc -$cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall +$cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -mcpu=i486 -Wall $unistd = $thread_cflag = $sys_id = @@ -254,7 +255,7 @@ $ranlib = *** NetBSD-x86 $cc = gcc -$cflags = -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DTERMIOS -O3 -fomit-frame-pointer -mcpu=i486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -369,7 +370,7 @@ $ranlib = *** OpenBSD-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 +$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=i486 $unistd = $thread_cflag = (unknown) $sys_id = @@ -691,12 +692,12 @@ $ranlib = *** alpha-cc $cc = cc -$cflags = -std1 -tune host -O4 -readonly_strings +$cflags = -std1 -tune host -fast -readonly_strings $unistd = -$thread_cflag = (unknown) +$thread_cflag = -pthread $sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$lflags = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$bn_ops = $bn_obj = $des_obj = $bf_obj = @@ -705,11 +706,34 @@ $sha1_obj = $cast_obj = $rc4_obj = $rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= tru64-shared -$shared_cflag = -$shared_extension = .so +$rc5_obj = dlfcn +$dso_scheme = tru64-shared +$shared_target= +$shared_cflag = .so +$shared_extension = +$ranlib = + +*** alpha-cc-rpath +$cc = cc +$cflags = -std1 -tune host -fast -readonly_strings +$unistd = +$thread_cflag = -pthread +$sys_id = +$lflags = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = dlfcn +$dso_scheme = tru64-shared-rpath +$shared_target= +$shared_cflag = .so +$shared_extension = $ranlib = *** alpha-gcc @@ -718,8 +742,8 @@ $cflags = -O3 $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1 +$lflags = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1 +$bn_ops = $bn_obj = $des_obj = $bf_obj = @@ -728,21 +752,44 @@ $sha1_obj = $cast_obj = $rc4_obj = $rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= tru64-shared -$shared_cflag = -$shared_extension = .so +$rc5_obj = dlfcn +$dso_scheme = alpha-osf1-shared +$shared_target= +$shared_cflag = .so +$shared_extension = $ranlib = *** alpha164-cc $cc = cc $cflags = -std1 -tune host -fast -readonly_strings $unistd = +$thread_cflag = -pthread +$sys_id = +$lflags = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = dlfcn +$dso_scheme = tru64-shared +$shared_target= +$shared_cflag = .so +$shared_extension = +$ranlib = + +*** alphaold-cc +$cc = cc +$cflags = -std1 -tune host -O4 -readonly_strings +$unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$lflags = SIXTY_FOUR_BIT_LONG RC4_CHUNK +$bn_ops = $bn_obj = $des_obj = $bf_obj = @@ -751,16 +798,16 @@ $sha1_obj = $cast_obj = $rc4_obj = $rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= tru64-shared -$shared_cflag = -$shared_extension = .so +$rc5_obj = dlfcn +$dso_scheme = alpha-osf1-shared +$shared_target= +$shared_cflag = .so +$shared_extension = $ranlib = *** bsdi-elf-gcc $cc = gcc -$cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall +$cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -mcpu=i486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -783,7 +830,7 @@ $ranlib = *** bsdi-gcc $cc = gcc -$cflags = -O3 -ffast-math -DL_ENDIAN -DPERL5 -m486 +$cflags = -O3 -ffast-math -DL_ENDIAN -DPERL5 -mcpu=i486 $unistd = $thread_cflag = (unknown) $sys_id = @@ -1036,7 +1083,7 @@ $ranlib = *** debug-bodo $cc = gcc -$cflags = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall +$cflags = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -mcpu=i486 -pedantic -Wshadow -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1059,7 +1106,7 @@ $ranlib = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1082,7 +1129,7 @@ $ranlib = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1105,7 +1152,7 @@ $ranlib = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1128,7 +1175,7 @@ $ranlib = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1266,7 +1313,7 @@ $ranlib = *** debug-steve $cc = gcc -$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -m486 -pedantic -Wall -Werror -Wshadow -pipe +$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1289,7 +1336,7 @@ $ranlib = *** debug-ulf $cc = gcc -$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe +$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -mcpu=i486 -Wall -Werror -Wshadow -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1818,7 +1865,7 @@ $ranlib = *** hurd-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2071,7 +2118,7 @@ $ranlib = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=i486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -2094,7 +2141,7 @@ $ranlib = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2807,7 +2854,7 @@ $ranlib = *** solaris-x86-gcc $cc = gcc -$cflags = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM +$cflags = -O3 -fomit-frame-pointer -mcpu=i486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM $unistd = $thread_cflag = -D_REENTRANT $sys_id = diff --git a/apps/apps.c b/apps/apps.c index 31225b3f9c..4d04ea21d1 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1165,7 +1165,11 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) BIO_printf(err,"can't use that engine\n"); return NULL; } + + ENGINE_load_engine_ciphers(e); + BIO_printf(err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ ENGINE_free(e); } diff --git a/apps/engine.c b/apps/engine.c index 1308b6b7f1..1b2fc50cc2 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -94,7 +94,7 @@ static void identity(void *ptr) return; } -static int append_buf(char **buf, char *s, int *size, int step) +static int append_buf(char **buf, const char *s, int *size, int step) { int l = strlen(s); @@ -430,6 +430,7 @@ skip_arg_loop: { int cap_size = 256; char *cap_buf = NULL; + int k,n; if (ENGINE_get_RSA(e) != NULL && !append_buf(&cap_buf, "RSA", @@ -448,6 +449,13 @@ skip_arg_loop: &cap_size, 256)) goto end; + n=ENGINE_cipher_num(e); + for(k=0 ; k < n ; ++k) + if(!append_buf(&cap_buf, + OBJ_nid2sn(ENGINE_get_cipher(e, k)->nid), + &cap_size, 256)) + goto end; + if (cap_buf && (*cap_buf != '\0')) BIO_printf(bio_out, " [%s]", cap_buf); diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index a3a0ee265d..c13a802e68 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -152,8 +152,7 @@ cfb64enc.o: ../../include/openssl/opensslconf.h cfb64enc.c des_locl.h cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h cfb_enc.o: ../../include/openssl/opensslconf.h cfb_enc.c des_locl.h des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h -des_enc.o: ../../include/openssl/opensslconf.h des_enc.c des_locl.h des_locl.h -des_enc.o: ncbc_enc.c +des_enc.o: ../../include/openssl/opensslconf.h des_enc.c des_locl.h ncbc_enc.c ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h ecb3_enc.c ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 99524794b4..934d2e3fb4 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -24,9 +24,13 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= engine_err.c engine_lib.c engine_list.c engine_all.c engine_openssl.c \ - hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c + engine_evp.c \ + hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ + hw_openbsd_dev_crypto.c LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_all.o engine_openssl.o \ - hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o + engine_evp.o \ + hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ + hw_openbsd_dev_crypto.o SRC= $(LIBSRC) @@ -103,6 +107,18 @@ engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h engine_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h engine_err.o: ../../include/openssl/types.h ../../include/openssl/ui.h engine_err.o: engine_err.c +engine_evp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +engine_evp.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +engine_evp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +engine_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +engine_evp.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h +engine_evp.o: ../../include/openssl/objects.h +engine_evp.o: ../../include/openssl/opensslconf.h +engine_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +engine_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +engine_evp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +engine_evp.o: ../../include/openssl/types.h ../../include/openssl/ui.h +engine_evp.o: engine_evp.c engine_int.h engine_lib.o: ../../e_os.h ../../include/openssl/asn1.h engine_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -194,6 +210,25 @@ hw_nuron.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h hw_nuron.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h hw_nuron.o: ../../include/openssl/types.h ../../include/openssl/ui.h hw_nuron.o: ../cryptlib.h hw_nuron.c +hw_openbsd_dev_crypto.o: ../../include/openssl/asn1.h +hw_openbsd_dev_crypto.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +hw_openbsd_dev_crypto.o: ../../include/openssl/crypto.h +hw_openbsd_dev_crypto.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hw_openbsd_dev_crypto.o: ../../include/openssl/e_os2.h +hw_openbsd_dev_crypto.o: ../../include/openssl/engine.h +hw_openbsd_dev_crypto.o: ../../include/openssl/evp.h +hw_openbsd_dev_crypto.o: ../../include/openssl/obj_mac.h +hw_openbsd_dev_crypto.o: ../../include/openssl/objects.h +hw_openbsd_dev_crypto.o: ../../include/openssl/opensslconf.h +hw_openbsd_dev_crypto.o: ../../include/openssl/opensslv.h +hw_openbsd_dev_crypto.o: ../../include/openssl/rand.h +hw_openbsd_dev_crypto.o: ../../include/openssl/rsa.h +hw_openbsd_dev_crypto.o: ../../include/openssl/safestack.h +hw_openbsd_dev_crypto.o: ../../include/openssl/stack.h +hw_openbsd_dev_crypto.o: ../../include/openssl/symhacks.h +hw_openbsd_dev_crypto.o: ../../include/openssl/types.h +hw_openbsd_dev_crypto.o: ../../include/openssl/ui.h engine_int.h +hw_openbsd_dev_crypto.o: hw_openbsd_dev_crypto.c hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 693b820894..9955582a62 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -304,8 +304,12 @@ void ENGINE_load_chil(void); void ENGINE_load_atalla(void); void ENGINE_load_nuron(void); void ENGINE_load_ubsec(void); +void ENGINE_load_openbsd_dev_crypto(void); void ENGINE_load_builtin_engines(void); +/* Load all the currently known ciphers from all engines */ +void ENGINE_load_ciphers(void); + /* Send parametrised control commands to the engine. The possibilities to send * down an integer, a pointer to data or a function pointer are provided. Any of * the parameters may or may not be NULL, depending on the command number. In @@ -373,6 +377,7 @@ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c); /* Copies across all ENGINE methods and pointers. NB: This does *not* change * reference counts however. */ int ENGINE_cpy(ENGINE *dest, const ENGINE *src); @@ -399,6 +404,8 @@ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +int ENGINE_cipher_num(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n); BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e); BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); @@ -473,6 +480,10 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags); * no need to call both (although no harm is done). */ int ENGINE_clear_defaults(void); +/* Instruct an engine to load any EVP ciphers it knows of */ +/* XXX make this work via defaults? */ +void ENGINE_load_engine_ciphers(ENGINE *e); + /* Obligatory error function. */ void ERR_load_ENGINE_strings(void); diff --git a/crypto/engine/engine_all.c b/crypto/engine/engine_all.c index 4d0244f351..0e8480155c 100644 --- a/crypto/engine/engine_all.c +++ b/crypto/engine/engine_all.c @@ -117,6 +117,15 @@ void ENGINE_load_ubsec(void) #endif /* !OPENSSL_NO_HW */ } +void ENGINE_load_openbsd_dev_crypto(void) + { +#ifndef OPENSSL_NO_HW +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO + engine_add(ENGINE_openbsd_dev_crypto()); +# endif +#endif /* !OPENSSL_NO_HW */ + } + void ENGINE_load_builtin_engines(void) { static int done=0; @@ -129,4 +138,5 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_atalla(); ENGINE_load_nuron(); ENGINE_load_ubsec(); + ENGINE_load_openbsd_dev_crypto(); } diff --git a/crypto/engine/engine_evp.c b/crypto/engine/engine_evp.c new file mode 100644 index 0000000000..ffd1bff8f6 --- /dev/null +++ b/crypto/engine/engine_evp.c @@ -0,0 +1,98 @@ +/* Written by Ben Laurie August 2001 */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "engine_int.h" +#include + +int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c) + { + ENGINE_EVP_CIPHER *p; + + p=OPENSSL_malloc(sizeof *p); + p->cipher=c; + + if(!e->ciphers) + e->ciphers=sk_ENGINE_EVP_CIPHER_new_null(); + sk_ENGINE_EVP_CIPHER_push(e->ciphers,p); + + return 1; + } + +void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p) + { OPENSSL_free(p); } + +int ENGINE_cipher_num(const ENGINE *e) + { return sk_ENGINE_EVP_CIPHER_num(e->ciphers); } + +const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n) + { return sk_ENGINE_EVP_CIPHER_value(e->ciphers, n)->cipher; } + +void ENGINE_load_ciphers() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_load_engine_ciphers(e); + } + +void ENGINE_load_engine_ciphers(ENGINE *e) + { + int n; + + for(n=0 ; n < sk_ENGINE_EVP_CIPHER_num(e->ciphers) ; ++n) + EVP_add_cipher(sk_ENGINE_EVP_CIPHER_value(e->ciphers,n)->cipher); + } diff --git a/crypto/engine/engine_int.h b/crypto/engine/engine_int.h index e57cfcb06b..126fef746e 100644 --- a/crypto/engine/engine_int.h +++ b/crypto/engine/engine_int.h @@ -87,6 +87,15 @@ extern "C" { #endif +typedef struct engine_evp_cipher_st + { + const EVP_CIPHER *cipher; + } ENGINE_EVP_CIPHER; + +DECLARE_STACK_OF(ENGINE_EVP_CIPHER) + +void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p); + /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed * in engine.h. */ @@ -100,6 +109,7 @@ struct engine_st const DSA_METHOD *dsa_meth; const DH_METHOD *dh_meth; const RAND_METHOD *rand_meth; + BN_MOD_EXP bn_mod_exp; BN_MOD_EXP_CRT bn_mod_exp_crt; ENGINE_GEN_INT_FUNC_PTR init; @@ -107,6 +117,9 @@ struct engine_st ENGINE_CTRL_FUNC_PTR ctrl; ENGINE_LOAD_KEY_PTR load_privkey; ENGINE_LOAD_KEY_PTR load_pubkey; + + STACK_OF(ENGINE_EVP_CIPHER) *ciphers; + const ENGINE_CMD_DEFN *cmd_defns; int flags; /* reference count on the structure itself */ @@ -156,6 +169,10 @@ ENGINE *ENGINE_nuron(); ENGINE *ENGINE_ubsec(); #endif /* !OPENSSL_NO_HW_UBSEC */ +#ifdef OPENSSL_OPENBSD_DEV_CRYPTO +ENGINE *ENGINE_openbsd_dev_crypto(void); +#endif + #endif /* !OPENSSL_NO_HW */ #ifdef __cplusplus diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c index 087a0df15b..53eadbbd47 100644 --- a/crypto/engine/engine_list.c +++ b/crypto/engine/engine_list.c @@ -417,6 +417,7 @@ int ENGINE_free(ENGINE *e) abort(); } #endif + sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher); CRYPTO_free_ex_data(engine_ex_data_stack, e, &e->ex_data); OPENSSL_free(e); return 1; diff --git a/crypto/engine/hw_openbsd_dev_crypto.c b/crypto/engine/hw_openbsd_dev_crypto.c new file mode 100644 index 0000000000..10a271cd04 --- /dev/null +++ b/crypto/engine/hw_openbsd_dev_crypto.c @@ -0,0 +1,79 @@ +/* Written by Ben Laurie August 2001 */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "engine_int.h" + +static void load_ciphers(ENGINE *e) + { + ENGINE_add_cipher(e,EVP_dev_crypto_des_ede3_cbc()); + } + +ENGINE *ENGINE_openbsd_dev_crypto(void) + { + ENGINE *engine=ENGINE_new(); + + if(!ENGINE_set_id(engine,"openbsd_dev_crypto") + || !ENGINE_set_name(engine,"OpenBSD /dev/crypto")) + { + ENGINE_free(engine); + return NULL; + } + load_ciphers(engine); + + return engine; + } + diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 8093b623fa..1d92d8e84a 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -513,6 +513,7 @@ names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h names.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h names.o: ../cryptlib.h names.c +openbsd_hw.o: openbsd_hw.c p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index def53b6785..0fe5457425 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -82,11 +82,7 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_des_cbc,"DES"); EVP_add_cipher_alias(SN_des_cbc,"des"); EVP_add_cipher(EVP_des_ede_cbc()); -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO - EVP_add_cipher(EVP_dev_crypto_des_ede3_cbc()); -# else EVP_add_cipher(EVP_des_ede3_cbc()); -# endif EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c index c77adc1405..e60eafcefb 100644 --- a/crypto/evp/openbsd_hw.c +++ b/crypto/evp/openbsd_hw.c @@ -106,7 +106,6 @@ static int dev_crypto_init(EVP_CIPHER_CTX *ctx) static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx) { - fprintf(stderr,"clean up session %d\n",data(ctx)->ses); if(ioctl(fd,CIOCFSESSION,&data(ctx)->ses) == -1) err("CIOCFSESSION failed"); @@ -140,7 +139,6 @@ static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx, ctx->cipher=EVP_des_ede3_cbc(); return ctx->cipher->init(ctx,key,iv,enc); } - fprintf(stderr,"created session %d\n",data(ctx)->ses); return 1; } diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index f9e494dba0..d997f95c5c 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -424,6 +424,26 @@ STACK_OF(type) \ #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) +#define sk_ENGINE_EVP_CIPHER_new(st) SKM_sk_new(ENGINE_EVP_CIPHER, (st)) +#define sk_ENGINE_EVP_CIPHER_new_null() SKM_sk_new_null(ENGINE_EVP_CIPHER) +#define sk_ENGINE_EVP_CIPHER_free(st) SKM_sk_free(ENGINE_EVP_CIPHER, (st)) +#define sk_ENGINE_EVP_CIPHER_num(st) SKM_sk_num(ENGINE_EVP_CIPHER, (st)) +#define sk_ENGINE_EVP_CIPHER_value(st, i) SKM_sk_value(ENGINE_EVP_CIPHER, (st), (i)) +#define sk_ENGINE_EVP_CIPHER_set(st, i, val) SKM_sk_set(ENGINE_EVP_CIPHER, (st), (i), (val)) +#define sk_ENGINE_EVP_CIPHER_zero(st) SKM_sk_zero(ENGINE_EVP_CIPHER, (st)) +#define sk_ENGINE_EVP_CIPHER_push(st, val) SKM_sk_push(ENGINE_EVP_CIPHER, (st), (val)) +#define sk_ENGINE_EVP_CIPHER_unshift(st, val) SKM_sk_unshift(ENGINE_EVP_CIPHER, (st), (val)) +#define sk_ENGINE_EVP_CIPHER_find(st, val) SKM_sk_find(ENGINE_EVP_CIPHER, (st), (val)) +#define sk_ENGINE_EVP_CIPHER_delete(st, i) SKM_sk_delete(ENGINE_EVP_CIPHER, (st), (i)) +#define sk_ENGINE_EVP_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_EVP_CIPHER, (st), (ptr)) +#define sk_ENGINE_EVP_CIPHER_insert(st, val, i) SKM_sk_insert(ENGINE_EVP_CIPHER, (st), (val), (i)) +#define sk_ENGINE_EVP_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_EVP_CIPHER, (st), (cmp)) +#define sk_ENGINE_EVP_CIPHER_dup(st) SKM_sk_dup(ENGINE_EVP_CIPHER, st) +#define sk_ENGINE_EVP_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_EVP_CIPHER, (st), (free_func)) +#define sk_ENGINE_EVP_CIPHER_shift(st) SKM_sk_shift(ENGINE_EVP_CIPHER, (st)) +#define sk_ENGINE_EVP_CIPHER_pop(st) SKM_sk_pop(ENGINE_EVP_CIPHER, (st)) +#define sk_ENGINE_EVP_CIPHER_sort(st) SKM_sk_sort(ENGINE_EVP_CIPHER, (st)) + #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl index b8183712d2..d69b8ffb68 100644 --- a/crypto/x509/Makefile.ssl +++ b/crypto/x509/Makefile.ssl @@ -325,6 +325,20 @@ x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c +x509cset.o: ../../e_os.h ../../include/openssl/asn1.h +x509cset.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +x509cset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +x509cset.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509cset.o: ../../include/openssl/opensslconf.h +x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +x509cset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509cset.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h +x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509cset.o: ../cryptlib.h x509cset.c x509name.o: ../../e_os.h ../../include/openssl/asn1.h x509name.o: ../../include/openssl/bio.h ../../include/openssl/bn.h x509name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/util/libeay.num b/util/libeay.num index 7d9d0f3b81..933c979055 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2628,3 +2628,7 @@ HMAC_CTX_cleanup 3076 EXIST::FUNCTION:HMAC EVP_MD_CTX_cleanup 3077 EXIST::FUNCTION: EVP_MD_CTX_destroy 3078 EXIST::FUNCTION: des_release_key 3079 EXIST::FUNCTION:DES +ENGINE_load_openbsd_dev_crypto 3080 EXIST::FUNCTION: +ENGINE_add_all_evp 3081 EXIST::FUNCTION: +ENGINE_add_evp_cipher 3082 EXIST::FUNCTION: +ENGINE_load_evp 3083 EXIST::FUNCTION: -- 2.25.1