abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-30 01:33:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source 
# Conflicts:
#	README.md
This commit is contained in:
Zhi Guan
2017-02-14 16:12:29 +08:00
parent d2254170b8
commit 43fed1108d
3503 changed files with 320546 additions and 408546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

355
engines/Makefile
View File

@@ -1,355 +0,0 @@
#
# OpenSSL/engines/Makefile
#
DIR= engines
TOP= ..
CC= cc
INCLUDES= -I../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
ENGDIRS= ccgost
RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \
$(MAKE) -e TOP=../.. DIR=$$i $$target ) || exit 1; \
done;
PEX_LIBS=
EX_LIBS=
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile engines.com install.com engine_vector.mar
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi
LIBSRC= e_4758cca.c \
e_aep.c \
e_atalla.c \
e_cswift.c \
e_gmp.c \
e_chil.c \
e_nuron.c \
e_sureware.c \
e_ubsec.c \
e_padlock.c \
e_capi.c
LIBOBJ= e_4758cca.o \
e_aep.o \
e_atalla.o \
e_cswift.o \
e_gmp.o \
e_chil.o \
e_nuron.o \
e_sureware.o \
e_ubsec.o \
e_padlock.o \
e_capi.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= e_4758cca_err.c e_4758cca_err.h \
e_aep_err.c e_aep_err.h \
e_atalla_err.c e_atalla_err.h \
e_cswift_err.c e_cswift_err.h \
e_gmp_err.c e_gmp_err.h \
e_chil_err.c e_chil_err.h \
e_nuron_err.c e_nuron_err.h \
e_sureware_err.c e_sureware_err.h \
e_ubsec_err.c e_ubsec_err.h \
e_capi_err.c e_capi_err.h
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ..; $(MAKE) DIRS=$(DIR) all)
all: lib subdirs
lib: $(LIBOBJ)
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
$(MAKE) -f ../Makefile.shared -e \
LIBNAME=$$l LIBEXTRAS=e_$$l.o \
LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
link_o.$(SHLIB_TARGET); \
done; \
else \
$(AR) $(LIB) $(LIBOBJ); \
$(RANLIB) $(LIB) || echo Never mind.; \
fi; \
touch lib
subdirs:
echo $(EDIRS)
@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@target=files; $(RECURSIVE_MAKE)
links:
@target=links; $(RECURSIVE_MAKE)
# XXXXX This currently only works on systems that use .so as suffix
# for shared libraries as well as for Cygwin which uses the
# dlfcn_name_converter and therefore stores the engines with .so suffix, too.
# XXXXX This was extended to HP-UX dl targets, which use .sl suffix.
# XXXXX This was extended to mingw targets, which use eay32.dll suffix without lib as prefix.
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
*DSO_DL*) sfx=".sl";; \
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
errors:
set -e; for l in $(LIBNAMES); do \
$(PERL) ../util/mkerr.pl -conf e_$$l.ec \
-nostatic -staticloader -write e_$$l.c; \
done
(cd ccgost; $(MAKE) PERL=$(PERL) errors)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
@target=lint; $(RECURSIVE_MAKE)
update: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
@target=dclean; $(RECURSIVE_MAKE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@target=clean; $(RECURSIVE_MAKE)
# DO NOT DELETE THIS LINE -- make depend depends on it.
e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h
e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
e_4758cca.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_4758cca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_4758cca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_4758cca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_4758cca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_4758cca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_4758cca.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_4758cca.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_4758cca.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_4758cca.o: ../include/openssl/x509_vfy.h e_4758cca.c e_4758cca_err.c
e_4758cca.o: e_4758cca_err.h vendor_defns/hw_4758_cca.h
e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h
e_aep.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_aep.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_aep.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_aep.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_aep.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_aep.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c
e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h
e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h
e_atalla.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_atalla.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_atalla.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_atalla.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_atalla.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_atalla.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c
e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h
e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_capi.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
e_capi.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_capi.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_capi.o: ../include/openssl/engine.h ../include/openssl/err.h
e_capi.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_capi.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_capi.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_capi.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_capi.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
e_capi.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_capi.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_capi.o: ../include/openssl/x509_vfy.h e_capi.c
e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
e_chil.o: ../include/openssl/kdf.h ../include/openssl/lhash.h
e_chil.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
e_chil.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
e_chil.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
e_chil.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
e_chil.o: ../include/openssl/rand.h ../include/openssl/rsa.h
e_chil.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_chil.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_chil.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_chil.o: ../include/openssl/ui.h ../include/openssl/x509.h
e_chil.o: ../include/openssl/x509_vfy.h e_chil.c e_chil_err.c e_chil_err.h
e_chil.o: vendor_defns/hwcryptohook.h
e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h
e_cswift.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_cswift.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_cswift.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_cswift.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_cswift.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_cswift.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_cswift.o: ../include/openssl/x509_vfy.h e_cswift.c e_cswift_err.c
e_cswift.o: e_cswift_err.h vendor_defns/cswift.h
e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
e_gmp.o: ../include/openssl/err.h ../include/openssl/evp.h
e_gmp.o: ../include/openssl/kdf.h ../include/openssl/lhash.h
e_gmp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_gmp.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_gmp.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_gmp.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c
e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h
e_nuron.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_nuron.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_nuron.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_nuron.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_nuron.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_nuron.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c
e_nuron.o: e_nuron_err.c e_nuron_err.h
e_padlock.o: ../include/openssl/aes.h ../include/openssl/asn1.h
e_padlock.o: ../include/openssl/bio.h ../include/openssl/buffer.h
e_padlock.o: ../include/openssl/crypto.h ../include/openssl/dso.h
e_padlock.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_padlock.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_padlock.o: ../include/openssl/engine.h ../include/openssl/err.h
e_padlock.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_padlock.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_padlock.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_padlock.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_padlock.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_padlock.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_padlock.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_padlock.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_padlock.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
e_padlock.o: e_padlock.c
e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h
e_sureware.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_sureware.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_sureware.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_sureware.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_sureware.o: ../include/openssl/pem.h ../include/openssl/pem2.h
e_sureware.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_sureware.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_sureware.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_sureware.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c
e_sureware.o: e_sureware_err.h vendor_defns/sureware.h
e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h
e_ubsec.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_ubsec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_ubsec.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_ubsec.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_ubsec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c
e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h

377
engines/Makefile.save
View File

@@ -1,377 +0,0 @@
#
# OpenSSL/engines/Makefile
#
DIR= engines
TOP= ..
CC= cc
INCLUDES= -I../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
ENGDIRS= ccgost
RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \
$(MAKE) -e TOP=../.. DIR=$$i $$target ) || exit 1; \
done;
PEX_LIBS=
EX_LIBS=
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile engines.com install.com engine_vector.mar
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock skf capi
LIBSRC= e_4758cca.c \
e_aep.c \
e_atalla.c \
e_cswift.c \
e_gmp.c \
e_chil.c \
e_nuron.c \
e_sureware.c \
e_ubsec.c \
e_padlock.c \
e_skf.c \
e_capi.c
LIBOBJ= e_4758cca.o \
e_aep.o \
e_atalla.o \
e_cswift.o \
e_gmp.o \
e_chil.o \
e_nuron.o \
e_sureware.o \
e_ubsec.o \
e_padlock.o \
e_skf.o \
e_capi.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= e_4758cca_err.c e_4758cca_err.h \
e_aep_err.c e_aep_err.h \
e_atalla_err.c e_atalla_err.h \
e_cswift_err.c e_cswift_err.h \
e_gmp_err.c e_gmp_err.h \
e_chil_err.c e_chil_err.h \
e_nuron_err.c e_nuron_err.h \
e_sureware_err.c e_sureware_err.h \
e_ubsec_err.c e_ubsec_err.h \
e_skf_err.c e_skf_err.h \
e_capi_err.c e_capi_err.h
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ..; $(MAKE) DIRS=$(DIR) all)
all: lib subdirs
lib: $(LIBOBJ)
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
$(MAKE) -f ../Makefile.shared -e \
LIBNAME=$$l LIBEXTRAS=e_$$l.o \
LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
link_o.$(SHLIB_TARGET); \
done; \
else \
$(AR) $(LIB) $(LIBOBJ); \
$(RANLIB) $(LIB) || echo Never mind.; \
fi; \
touch lib
subdirs:
echo $(EDIRS)
@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@target=files; $(RECURSIVE_MAKE)
links:
@target=links; $(RECURSIVE_MAKE)
# XXXXX This currently only works on systems that use .so as suffix
# for shared libraries as well as for Cygwin which uses the
# dlfcn_name_converter and therefore stores the engines with .so suffix, too.
# XXXXX This was extended to HP-UX dl targets, which use .sl suffix.
# XXXXX This was extended to mingw targets, which use eay32.dll suffix without lib as prefix.
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
*DSO_DL*) sfx=".sl";; \
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
errors:
set -e; for l in $(LIBNAMES); do \
$(PERL) ../util/mkerr.pl -conf e_$$l.ec \
-nostatic -staticloader -write e_$$l.c; \
done
(cd ccgost; $(MAKE) PERL=$(PERL) errors)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
@target=lint; $(RECURSIVE_MAKE)
update: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
@target=dclean; $(RECURSIVE_MAKE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@target=clean; $(RECURSIVE_MAKE)
# DO NOT DELETE THIS LINE -- make depend depends on it.
e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h
e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
e_4758cca.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_4758cca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_4758cca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_4758cca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_4758cca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_4758cca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_4758cca.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_4758cca.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_4758cca.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_4758cca.o: ../include/openssl/x509_vfy.h e_4758cca.c e_4758cca_err.c
e_4758cca.o: e_4758cca_err.h vendor_defns/hw_4758_cca.h
e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h
e_aep.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_aep.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_aep.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_aep.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_aep.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_aep.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c
e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h
e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h
e_atalla.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_atalla.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_atalla.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_atalla.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_atalla.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_atalla.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c
e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h
e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_capi.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
e_capi.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_capi.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_capi.o: ../include/openssl/engine.h ../include/openssl/err.h
e_capi.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_capi.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_capi.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_capi.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_capi.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
e_capi.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_capi.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_capi.o: ../include/openssl/x509_vfy.h e_capi.c
e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
e_chil.o: ../include/openssl/kdf.h ../include/openssl/lhash.h
e_chil.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
e_chil.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
e_chil.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
e_chil.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
e_chil.o: ../include/openssl/rand.h ../include/openssl/rsa.h
e_chil.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_chil.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_chil.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_chil.o: ../include/openssl/ui.h ../include/openssl/x509.h
e_chil.o: ../include/openssl/x509_vfy.h e_chil.c e_chil_err.c e_chil_err.h
e_chil.o: vendor_defns/hwcryptohook.h
e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h
e_cswift.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_cswift.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_cswift.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_cswift.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_cswift.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_cswift.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_cswift.o: ../include/openssl/x509_vfy.h e_cswift.c e_cswift_err.c
e_cswift.o: e_cswift_err.h vendor_defns/cswift.h
e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
e_gmp.o: ../include/openssl/err.h ../include/openssl/evp.h
e_gmp.o: ../include/openssl/kdf.h ../include/openssl/lhash.h
e_gmp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_gmp.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_gmp.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_gmp.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c
e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h
e_nuron.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_nuron.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_nuron.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_nuron.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_nuron.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_nuron.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c
e_nuron.o: e_nuron_err.c e_nuron_err.h
e_padlock.o: ../include/openssl/aes.h ../include/openssl/asn1.h
e_padlock.o: ../include/openssl/bio.h ../include/openssl/buffer.h
e_padlock.o: ../include/openssl/crypto.h ../include/openssl/dso.h
e_padlock.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_padlock.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_padlock.o: ../include/openssl/engine.h ../include/openssl/err.h
e_padlock.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_padlock.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_padlock.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_padlock.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_padlock.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_padlock.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_padlock.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_padlock.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_padlock.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
e_padlock.o: e_padlock.c
e_skf.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_skf.o: ../include/openssl/buffer.h ../include/openssl/cbcmac.h
e_skf.o: ../include/openssl/cmac.h ../include/openssl/crypto.h
e_skf.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_skf.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_skf.o: ../include/openssl/engine.h ../include/openssl/err.h
e_skf.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_skf.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_skf.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_skf.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_skf.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_skf.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_skf.o: ../include/openssl/skf.h ../include/openssl/skf_ex.h
e_skf.o: ../include/openssl/sm1.h ../include/openssl/sm2.h
e_skf.o: ../include/openssl/sm3.h ../include/openssl/sm9.h
e_skf.o: ../include/openssl/sms4.h ../include/openssl/ssf33.h
e_skf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_skf.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_skf.c
e_skf.o: e_skf_err.h
e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h
e_sureware.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_sureware.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_sureware.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_sureware.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_sureware.o: ../include/openssl/pem.h ../include/openssl/pem2.h
e_sureware.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
e_sureware.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_sureware.o: ../include/openssl/sha.h ../include/openssl/sm2.h
e_sureware.o: ../include/openssl/sm3.h ../include/openssl/stack.h
e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c
e_sureware.o: e_sureware_err.h vendor_defns/sureware.h
e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h
e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h
e_ubsec.o: ../include/openssl/evp.h ../include/openssl/kdf.h
e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
e_ubsec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
e_ubsec.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
e_ubsec.o: ../include/openssl/sm2.h ../include/openssl/sm3.h
e_ubsec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c
e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h

13
engines/afalg/build.info Normal file
View File

@@ -0,0 +1,13 @@
IF[{- !$disabled{"engine"} -}]
IF[{- !$disabled{afalg} -}]
IF[{- $disabled{"dynamic-engine"} -}]
LIBS=../../libcrypto
SOURCE[../../libcrypto]=e_afalg.c e_afalg_err.c
ELSE
ENGINES=afalg
SOURCE[afalg]=e_afalg.c e_afalg_err.c
DEPEND[afalg]=../../libcrypto
INCLUDE[afalg]= ../../include
ENDIF
ENDIF
ENDIF

834
engines/afalg/e_afalg.c Normal file
View File

@@ -0,0 +1,834 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Required for vmsplice */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/err.h>
#include <sys/socket.h>
#include <linux/version.h>
#define K_MAJ 4
#define K_MIN1 1
#define K_MIN2 0
#if LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \
!defined(AF_ALG)
# ifndef PEDANTIC
# warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
# warning "Skipping Compilation of AFALG engine"
# endif
void engine_load_afalg_int(void);
void engine_load_afalg_int(void)
{
}
#else
# include <linux/if_alg.h>
# include <fcntl.h>
# include <sys/utsname.h>
# include <linux/aio_abi.h>
# include <sys/syscall.h>
# include <errno.h>
# include "e_afalg.h"
# define AFALG_LIB_NAME "AFALG"
# include "e_afalg_err.h"
# ifndef SOL_ALG
# define SOL_ALG 279
# endif
# ifdef ALG_ZERO_COPY
# ifndef SPLICE_F_GIFT
# define SPLICE_F_GIFT (0x08)
# endif
# endif
# define ALG_AES_IV_LEN 16
# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len))
# define ALG_OP_TYPE unsigned int
# define ALG_OP_LEN (sizeof(ALG_OP_TYPE))
#define ALG_MAX_SALG_NAME 64
#define ALG_MAX_SALG_TYPE 14
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
void engine_load_afalg_int(void);
# endif
/* Local Linkage Functions */
static int afalg_init_aio(afalg_aio *aio);
static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd,
unsigned char *buf, size_t len);
static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
const char *ciphername);
static int afalg_destroy(ENGINE *e);
static int afalg_init(ENGINE *e);
static int afalg_finish(ENGINE *e);
const EVP_CIPHER *afalg_aes_128_cbc(void);
static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx);
static int afalg_chk_platform(void);
/* Engine Id and Name */
static const char *engine_afalg_id = "afalg";
static const char *engine_afalg_name = "AFALG engine support";
static int afalg_cipher_nids[] = {
NID_aes_128_cbc
};
static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
{
return syscall(__NR_io_setup, n, ctx);
}
static ossl_inline int eventfd(int n)
{
return syscall(__NR_eventfd, n);
}
static ossl_inline int io_destroy(aio_context_t ctx)
{
return syscall(__NR_io_destroy, ctx);
}
static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
{
return syscall(__NR_io_submit, ctx, n, iocb);
}
static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
struct io_event *events,
struct timespec *timeout)
{
return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
}
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD waitfd, void *custom)
{
close(waitfd);
}
static int afalg_setup_async_event_notification(afalg_aio *aio)
{
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
void *custom = NULL;
int ret;
if ((job = ASYNC_get_current_job()) != NULL) {
/* Async mode */
waitctx = ASYNC_get_wait_ctx(job);
if (waitctx == NULL) {
ALG_WARN("%s: ASYNC_get_wait_ctx error", __func__);
return 0;
}
/* Get waitfd from ASYNC_WAIT_CTX if it is alreday set */
ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
&aio->efd, &custom);
if (ret == 0) {
/*
* waitfd is not set in ASYNC_WAIT_CTX, create a new one
* and set it. efd will be signaled when AIO operation completes
*/
aio->efd = eventfd(0);
if (aio->efd == -1) {
ALG_PERR("%s: Failed to get eventfd : ", __func__);
AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
AFALG_R_EVENTFD_FAILED);
return 0;
}
ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
aio->efd, custom,
afalg_waitfd_cleanup);
if (ret == 0) {
ALG_WARN("%s: Failed to set wait fd", __func__);
close(aio->efd);
return 0;
}
/* make fd non-blocking in async mode */
if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) {
ALG_WARN("%s: Failed to set event fd as NONBLOCKING",
__func__);
}
}
aio->mode = MODE_ASYNC;
} else {
/* Sync mode */
aio->efd = eventfd(0);
if (aio->efd == -1) {
ALG_PERR("%s: Failed to get eventfd : ", __func__);
AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
AFALG_R_EVENTFD_FAILED);
return 0;
}
aio->mode = MODE_SYNC;
}
return 1;
}
int afalg_init_aio(afalg_aio *aio)
{
int r = -1;
/* Initialise for AIO */
aio->aio_ctx = 0;
r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx);
if (r < 0) {
ALG_PERR("%s: io_setup error : ", __func__);
AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED);
return 0;
}
memset(aio->cbt, 0, sizeof(aio->cbt));
aio->efd = -1;
aio->mode = MODE_UNINIT;
return 1;
}
int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
size_t len)
{
int r;
int retry = 0;
unsigned int done = 0;
struct iocb *cb;
struct timespec timeout;
struct io_event events[MAX_INFLIGHTS];
u_int64_t eval = 0;
timeout.tv_sec = 0;
timeout.tv_nsec = 0;
/* if efd has not been initialised yet do it here */
if (aio->mode == MODE_UNINIT) {
r = afalg_setup_async_event_notification(aio);
if (r == 0)
return 0;
}
cb = &(aio->cbt[0 % MAX_INFLIGHTS]);
memset(cb, '\0', sizeof(*cb));
cb->aio_fildes = sfd;
cb->aio_lio_opcode = IOCB_CMD_PREAD;
if (sizeof(buf) != sizeof(cb->aio_buf)) {
/*
* The pointer has to be converted to 32 bit unsigned value first
* to avoid sign extension on cast to 64 bit value
*/
cb->aio_buf = (uint64_t)(unsigned long)buf;
} else {
cb->aio_buf = (uint64_t)buf;
}
cb->aio_offset = 0;
cb->aio_data = 0;
cb->aio_nbytes = len;
cb->aio_flags = IOCB_FLAG_RESFD;
cb->aio_resfd = aio->efd;
/*
* Perform AIO read on AFALG socket, this in turn performs an async
* crypto operation in kernel space
*/
r = io_read(aio->aio_ctx, 1, &cb);
if (r < 0) {
ALG_PWARN("%s: io_read failed : ", __func__);
return 0;
}
do {
/* While AIO read is being performed pause job */
ASYNC_pause_job();
/* Check for completion of AIO read */
r = read(aio->efd, &eval, sizeof(eval));
if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK)
continue;
ALG_PERR("%s: read failed for event fd : ", __func__);
return 0;
} else if (r == 0 || eval <= 0) {
ALG_WARN("%s: eventfd read %d bytes, eval = %lu\n", __func__, r,
eval);
}
if (eval > 0) {
/* Get results of AIO read */
r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
events, &timeout);
if (r > 0) {
/*
* events.res indicates the actual status of the operation.
* Handle the error condition first.
*/
if (events[0].res < 0) {
/*
* Underlying operation cannot be completed at the time
* of previous submission. Resubmit for the operation.
*/
if (events[0].res == -EBUSY && retry++ < 3) {
r = io_read(aio->aio_ctx, 1, &cb);
if (r < 0) {
ALG_PERR("%s: retry %d for io_read failed : ",
__func__, retry);
return 0;
}
continue;
} else {
/*
* Retries exceed for -EBUSY or unrecoverable error
* condition for this instance of operation.
*/
ALG_WARN
("%s: Crypto Operation failed with code %lld\n",
__func__, events[0].res);
return 0;
}
}
/* Operation successful. */
done = 1;
} else if (r < 0) {
ALG_PERR("%s: io_getevents failed : ", __func__);
return 0;
} else {
ALG_WARN("%s: io_geteventd read 0 bytes\n", __func__);
}
}
} while (!done);
return 1;
}
static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
const ALG_OP_TYPE op)
{
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN);
memcpy(CMSG_DATA(cmsg), &op, ALG_OP_LEN);
}
static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
const unsigned int len)
{
struct af_alg_iv *aiv;
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(ALG_IV_LEN(len));
aiv = (struct af_alg_iv *)CMSG_DATA(cmsg);
aiv->ivlen = len;
memcpy(aiv->iv, iv, len);
}
static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
const int klen)
{
int ret;
ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
if (ret < 0) {
ALG_PERR("%s: Failed to set socket option : ", __func__);
AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
return 0;
}
return 1;
}
static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
const char *ciphername)
{
struct sockaddr_alg sa;
actx->bfd = actx->sfd = -1;
int r = -1;
memset(&sa, 0, sizeof(sa));
sa.salg_family = AF_ALG;
strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE);
sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0';
strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0';
actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (actx->bfd == -1) {
ALG_PERR("%s: Failed to open socket : ", __func__);
AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED);
goto err;
}
r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa));
if (r < 0) {
ALG_PERR("%s: Failed to bind socket : ", __func__);
AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED);
goto err;
}
actx->sfd = accept(actx->bfd, NULL, 0);
if (actx->sfd < 0) {
ALG_PERR("%s: Socket Accept Failed : ", __func__);
AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED);
goto err;
}
return 1;
err:
if (actx->bfd >= 0)
close(actx->bfd);
if (actx->sfd >= 0)
close(actx->sfd);
actx->bfd = actx->sfd = -1;
return 0;
}
static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
size_t inl, const unsigned char *iv,
unsigned int enc)
{
struct msghdr msg = { 0 };
struct cmsghdr *cmsg;
struct iovec iov;
ssize_t sbytes;
# ifdef ALG_ZERO_COPY
int ret;
# endif
char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)];
memset(cbuf, 0, sizeof(cbuf));
msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);
/*
* cipher direction (i.e. encrypt or decrypt) and iv are sent to the
* kernel as part of sendmsg()'s ancillary data
*/
cmsg = CMSG_FIRSTHDR(&msg);
afalg_set_op_sk(cmsg, enc);
cmsg = CMSG_NXTHDR(&msg, cmsg);
afalg_set_iv_sk(cmsg, iv, ALG_AES_IV_LEN);
/* iov that describes input data */
iov.iov_base = (unsigned char *)in;
iov.iov_len = inl;
msg.msg_flags = MSG_MORE;
# ifdef ALG_ZERO_COPY
/*
* ZERO_COPY mode
* Works best when buffer is 4k aligned
* OPENS: out of place processing (i.e. out != in)
*/
/* Input data is not sent as part of call to sendmsg() */
msg.msg_iovlen = 0;
msg.msg_iov = NULL;
/* Sendmsg() sends iv and cipher direction to the kernel */
sbytes = sendmsg(actx->sfd, &msg, 0);
if (sbytes < 0) {
ALG_PERR("%s: sendmsg failed for zero copy cipher operation : ",
__func__);
return 0;
}
/*
* vmsplice and splice are used to pin the user space input buffer for
* kernel space processing avoiding copys from user to kernel space
*/
ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT);
if (ret < 0) {
ALG_PERR("%s: vmsplice failed : ", __func__);
return 0;
}
ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0);
if (ret < 0) {
ALG_PERR("%s: splice failed : ", __func__);
return 0;
}
# else
msg.msg_iovlen = 1;
msg.msg_iov = &iov;
/* Sendmsg() sends iv, cipher direction and input data to the kernel */
sbytes = sendmsg(actx->sfd, &msg, 0);
if (sbytes < 0) {
ALG_PERR("%s: sendmsg failed for cipher operation : ", __func__);
return 0;
}
if (sbytes != (ssize_t) inl) {
ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
inl);
return 0;
}
# endif
return 1;
}
static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ciphertype;
int ret;
afalg_ctx *actx;
char ciphername[ALG_MAX_SALG_NAME];
if (ctx == NULL || key == NULL) {
ALG_WARN("%s: Null Parameter\n", __func__);
return 0;
}
if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
ALG_WARN("%s: Cipher object NULL\n", __func__);
return 0;
}
actx = EVP_CIPHER_CTX_get_cipher_data(ctx);
if (actx == NULL) {
ALG_WARN("%s: Cipher data NULL\n", __func__);
return 0;
}
ciphertype = EVP_CIPHER_CTX_nid(ctx);
switch (ciphertype) {
case NID_aes_128_cbc:
strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
break;
default:
ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype);
return 0;
}
ciphername[ALG_MAX_SALG_NAME-1]='\0';
if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
ALG_WARN("%s: Unsupported IV length :%d\n", __func__,
EVP_CIPHER_CTX_iv_length(ctx));
return 0;
}
/* Setup AFALG socket for crypto processing */
ret = afalg_create_sk(actx, "skcipher", ciphername);
if (ret < 1)
return 0;
ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
if (ret < 1)
goto err;
/* Setup AIO ctx to allow async AFALG crypto processing */
if (afalg_init_aio(&actx->aio) == 0)
goto err;
# ifdef ALG_ZERO_COPY
pipe(actx->zc_pipe);
# endif
actx->init_done = MAGIC_INIT_NUM;
return 1;
err:
close(actx->sfd);
close(actx->bfd);
return 0;
}
static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
afalg_ctx *actx;
int ret;
char nxtiv[ALG_AES_IV_LEN] = { 0 };
if (ctx == NULL || out == NULL || in == NULL) {
ALG_WARN("NULL parameter passed to function %s\n", __func__);
return 0;
}
actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
ALG_WARN("%s afalg ctx passed\n",
ctx == NULL ? "NULL" : "Uninitialised");
return 0;
}
/*
* set iv now for decrypt operation as the input buffer can be
* overwritten for inplace operation where in = out.
*/
if (EVP_CIPHER_CTX_encrypting(ctx) == 0) {
memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN);
}
/* Send input data to kernel space */
ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl,
EVP_CIPHER_CTX_iv(ctx),
EVP_CIPHER_CTX_encrypting(ctx));
if (ret < 1) {
return 0;
}
/* Perform async crypto operation in kernel space */
ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl);
if (ret < 1)
return 0;
if (EVP_CIPHER_CTX_encrypting(ctx)) {
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
ALG_AES_IV_LEN);
} else {
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN);
}
return 1;
}
static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
{
afalg_ctx *actx;
if (ctx == NULL) {
ALG_WARN("NULL parameter passed to function %s\n", __func__);
return 0;
}
actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
ALG_WARN("%s afalg ctx passed\n",
ctx == NULL ? "NULL" : "Uninitialised");
return 0;
}
close(actx->sfd);
close(actx->bfd);
# ifdef ALG_ZERO_COPY
close(actx->zc_pipe[0]);
close(actx->zc_pipe[1]);
# endif
/* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */
if (actx->aio.mode == MODE_SYNC)
close(actx->aio.efd);
io_destroy(actx->aio.aio_ctx);
return 1;
}
const EVP_CIPHER *afalg_aes_128_cbc(void)
{
if (_hidden_aes_128_cbc == NULL
&& ((_hidden_aes_128_cbc =
EVP_CIPHER_meth_new(NID_aes_128_cbc,
AES_BLOCK_SIZE,
AES_KEY_SIZE_128)) == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
EVP_CIPH_CBC_MODE |
EVP_CIPH_FLAG_DEFAULT_ASN1)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
afalg_cipher_init)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
afalg_do_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
afalg_cipher_cleanup)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
sizeof(afalg_ctx)))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
return _hidden_aes_128_cbc;
}
static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int r = 1;
if (cipher == NULL) {
*nids = afalg_cipher_nids;
return (sizeof(afalg_cipher_nids) / sizeof(afalg_cipher_nids[0]));
}
switch (nid) {
case NID_aes_128_cbc:
*cipher = afalg_aes_128_cbc();
break;
default:
*cipher = NULL;
r = 0;
}
return r;
}
static int bind_afalg(ENGINE *e)
{
/* Ensure the afalg error handling is set up */
ERR_load_AFALG_strings();
if (!ENGINE_set_id(e, engine_afalg_id)
|| !ENGINE_set_name(e, engine_afalg_name)
|| !ENGINE_set_destroy_function(e, afalg_destroy)
|| !ENGINE_set_init_function(e, afalg_init)
|| !ENGINE_set_finish_function(e, afalg_finish)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
/*
* Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc
* now, as bind_aflag can only be called by one thread at a
* time.
*/
if (afalg_aes_128_cbc() == NULL) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
return 1;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_afalg_id) != 0))
return 0;
if (!afalg_chk_platform())
return 0;
if (!bind_afalg(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
# endif
static int afalg_chk_platform(void)
{
int ret;
int i;
int kver[3] = { -1, -1, -1 };
int sock;
char *str;
struct utsname ut;
ret = uname(&ut);
if (ret != 0) {
AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
AFALG_R_FAILED_TO_GET_PLATFORM_INFO);
return 0;
}
str = strtok(ut.release, ".");
for (i = 0; i < 3 && str != NULL; i++) {
kver[i] = atoi(str);
str = strtok(NULL, ".");
}
if (KERNEL_VERSION(kver[0], kver[1], kver[2])
< KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) {
ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
kver[0], kver[1], kver[2]);
ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
K_MAJ, K_MIN1, K_MIN2);
AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG);
return 0;
}
/* Test if we can actually create an AF_ALG socket */
sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (sock == -1) {
AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
return 0;
}
close(sock);
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_afalg(void)
{
ENGINE *ret = ENGINE_new();
if (ret == NULL)
return NULL;
if (!bind_afalg(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void engine_load_afalg_int(void)
{
ENGINE *toadd;
if (!afalg_chk_platform())
return;
toadd = engine_afalg();
if (toadd == NULL)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
static int afalg_init(ENGINE *e)
{
return 1;
}
static int afalg_finish(ENGINE *e)
{
return 1;
}
static int afalg_destroy(ENGINE *e)
{
ERR_unload_AFALG_strings();
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
return 1;
}
#endif /* KERNEL VERSION */

1
engines/afalg/e_afalg.ec Normal file
View File

@@ -0,0 +1 @@
L AFALG e_afalg_err.h e_afalg_err.c

75
engines/afalg/e_afalg.h Normal file
View File

@@ -0,0 +1,75 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_AFALG_H
# define HEADER_AFALG_H
# ifdef ALG_DEBUG
# define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
# define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__)
# define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__)
# else
# define ALG_DGB(x, ...)
# define ALG_INFO(x, ...)
# define ALG_WARN(x, ...)
# endif
# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__)
# define ALG_PERR(x, ...) \
do { \
fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
perror(NULL); \
} while(0)
# define ALG_PWARN(x, ...) \
do { \
fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
perror(NULL); \
} while(0)
# ifndef AES_BLOCK_SIZE
# define AES_BLOCK_SIZE 16
# endif
# define AES_KEY_SIZE_128 16
# define AES_IV_LEN 16
# define MAX_INFLIGHTS 1
typedef enum {
MODE_UNINIT = 0,
MODE_SYNC,
MODE_ASYNC
} op_mode;
struct afalg_aio_st {
int efd;
op_mode mode;
aio_context_t aio_ctx;
struct io_event events[MAX_INFLIGHTS];
struct iocb cbt[MAX_INFLIGHTS];
};
typedef struct afalg_aio_st afalg_aio;
/*
* MAGIC Number to identify correct initialisation
* of afalg_ctx.
*/
# define MAGIC_INIT_NUM 0x1890671
struct afalg_ctx_st {
int init_done;
int sfd;
int bfd;
# ifdef ALG_ZERO_COPY
int zc_pipe[2];
# endif
afalg_aio aio;
};
typedef struct afalg_ctx_st afalg_ctx;
#endif

111
engines/afalg/e_afalg_err.c Normal file
View File

@@ -0,0 +1,111 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_afalg_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA AFALG_str_functs[] = {
{ERR_FUNC(AFALG_F_AFALG_CHK_PLATFORM), "afalg_chk_platform"},
{ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SK), "afalg_create_bind_sk"},
{ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SOCKET), "afalg_create_bind_sk"},
{ERR_FUNC(AFALG_F_AFALG_CREATE_SK), "afalg_create_sk"},
{ERR_FUNC(AFALG_F_AFALG_INIT_AIO), "afalg_init_aio"},
{ERR_FUNC(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION),
"afalg_setup_async_event_notification"},
{ERR_FUNC(AFALG_F_AFALG_SET_KEY), "afalg_set_key"},
{ERR_FUNC(AFALG_F_AFALG_SOCKET), "afalg_socket"},
{ERR_FUNC(AFALG_F_AFALG_START_CIPHER_SK), "afalg_start_cipher_sk"},
{ERR_FUNC(AFALG_F_BIND_AFALG), "bind_afalg"},
{0, NULL}
};
static ERR_STRING_DATA AFALG_str_reasons[] = {
{ERR_REASON(AFALG_R_EVENTFD_FAILED), "eventfd failed"},
{ERR_REASON(AFALG_R_FAILED_TO_GET_PLATFORM_INFO),
"failed to get platform info"},
{ERR_REASON(AFALG_R_INIT_FAILED), "init failed"},
{ERR_REASON(AFALG_R_IO_SETUP_FAILED), "io setup failed"},
{ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG),
"kernel does not support afalg"},
{ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG),
"kernel does not support async afalg"},
{ERR_REASON(AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"},
{ERR_REASON(AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"},
{ERR_REASON(AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"},
{ERR_REASON(AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"},
{ERR_REASON(AFALG_R_SOCKET_OPERATION_FAILED), "socket operation failed"},
{ERR_REASON(AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"},
{0, NULL}
};
#endif
#ifdef AFALG_LIB_NAME
static ERR_STRING_DATA AFALG_lib_name[] = {
{0, AFALG_LIB_NAME},
{0, NULL}
};
#endif
static int AFALG_lib_error_code = 0;
static int AFALG_error_init = 1;
void ERR_load_AFALG_strings(void)
{
if (AFALG_lib_error_code == 0)
AFALG_lib_error_code = ERR_get_next_error_library();
if (AFALG_error_init) {
AFALG_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(AFALG_lib_error_code, AFALG_str_functs);
ERR_load_strings(AFALG_lib_error_code, AFALG_str_reasons);
#endif
#ifdef AFALG_LIB_NAME
AFALG_lib_name->error = ERR_PACK(AFALG_lib_error_code, 0, 0);
ERR_load_strings(0, AFALG_lib_name);
#endif
}
}
void ERR_unload_AFALG_strings(void)
{
if (AFALG_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(AFALG_lib_error_code, AFALG_str_functs);
ERR_unload_strings(AFALG_lib_error_code, AFALG_str_reasons);
#endif
#ifdef AFALG_LIB_NAME
ERR_unload_strings(0, AFALG_lib_name);
#endif
AFALG_error_init = 1;
}
}
void ERR_AFALG_error(int function, int reason, char *file, int line)
{
if (AFALG_lib_error_code == 0)
AFALG_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(AFALG_lib_error_code, function, reason, file, line);
}

60
engines/afalg/e_afalg_err.h Normal file
View File

@@ -0,0 +1,60 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#ifndef HEADER_AFALG_ERR_H
# define HEADER_AFALG_ERR_H
# ifdef __cplusplus
extern "C" {
# endif
/* BEGIN ERROR CODES */
void ERR_load_AFALG_strings(void);
void ERR_unload_AFALG_strings(void);
void ERR_AFALG_error(int function, int reason, char *file, int line);
# define AFALGerr(f,r) ERR_AFALG_error((f),(r),__FILE__,__LINE__)
/* Error codes for the AFALG functions. */
/* Function codes. */
# define AFALG_F_AFALG_CHK_PLATFORM 100
# define AFALG_F_AFALG_CREATE_BIND_SK 106
# define AFALG_F_AFALG_CREATE_BIND_SOCKET 105
# define AFALG_F_AFALG_CREATE_SK 108
# define AFALG_F_AFALG_INIT_AIO 101
# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 107
# define AFALG_F_AFALG_SET_KEY 109
# define AFALG_F_AFALG_SOCKET 102
# define AFALG_F_AFALG_START_CIPHER_SK 103
# define AFALG_F_BIND_AFALG 104
/* Reason codes. */
# define AFALG_R_EVENTFD_FAILED 108
# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111
# define AFALG_R_INIT_FAILED 100
# define AFALG_R_IO_SETUP_FAILED 105
# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101
# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107
# define AFALG_R_MEM_ALLOC_FAILED 102
# define AFALG_R_SOCKET_ACCEPT_FAILED 110
# define AFALG_R_SOCKET_BIND_FAILED 103
# define AFALG_R_SOCKET_CREATE_FAILED 109
# define AFALG_R_SOCKET_OPERATION_FAILED 104
# define AFALG_R_SOCKET_SET_KEY_FAILED 106
#ifdef __cplusplus
}
#endif
#endif

1
engines/alpha.opt
View File

@@ -1 +0,0 @@
SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)

618
engines/asm/e_padlock-x86.pl Normal file
View File

@@ -0,0 +1,618 @@
#! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# ====================================================================
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
# September 2011
#
# Assembler helpers for Padlock engine. Compared to original engine
# version relying on inline assembler and compiled with gcc 3.4.6 it
# was measured to provide ~100% improvement on misaligned data in ECB
# mode and ~75% in CBC mode. For aligned data improvement can be
# observed for short inputs only, e.g. 45% for 64-byte messages in
# ECB mode, 20% in CBC. Difference in performance for aligned vs.
# misaligned data depends on misalignment and is either ~1.8x or 2.9x.
# These are approximately same factors as for hardware support, so
# there is little reason to rely on the latter. On the contrary, it
# might actually hurt performance in mixture of aligned and misaligned
# buffers, because a) if you choose to flip 'align' flag in control
# word on per-buffer basis, then you'd have to reload key context,
# which incurs penalty; b) if you choose to set 'align' flag
# permanently, it limits performance even for aligned data to ~1/2.
# All above mentioned results were collected on 1.5GHz C7. Nano on the
# other hand handles unaligned data more gracefully. Depending on
# algorithm and how unaligned data is, hardware can be up to 70% more
# efficient than below software alignment procedures, nor does 'align'
# flag have affect on aligned performance [if has any meaning at all].
# Therefore suggestion is to unconditionally set 'align' flag on Nano
# for optimal performance.
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../crypto/perlasm");
require "x86asm.pl";
$output=pop;
open STDOUT,">$output";
&asm_init($ARGV[0],$0);
%PADLOCK_PREFETCH=(ecb=>128, cbc=>64); # prefetch errata
$PADLOCK_CHUNK=512; # Must be a power of 2 larger than 16
$ctx="edx";
$out="edi";
$inp="esi";
$len="ecx";
$chunk="ebx";
&function_begin_B("padlock_capability");
&push ("ebx");
&pushf ();
&pop ("eax");
&mov ("ecx","eax");
&xor ("eax",1<<21);
&push ("eax");
&popf ();
&pushf ();
&pop ("eax");
&xor ("ecx","eax");
&xor ("eax","eax");
&bt ("ecx",21);
&jnc (&label("noluck"));
&cpuid ();
&xor ("eax","eax");
&cmp ("ebx","0x".unpack("H*",'tneC'));
&jne (&label("noluck"));
&cmp ("edx","0x".unpack("H*",'Hrua'));
&jne (&label("noluck"));
&cmp ("ecx","0x".unpack("H*",'slua'));
&jne (&label("noluck"));
&mov ("eax",0xC0000000);
&cpuid ();
&mov ("edx","eax");
&xor ("eax","eax");
&cmp ("edx",0xC0000001);
&jb (&label("noluck"));
&mov ("eax",1);
&cpuid ();
&or ("eax",0x0f);
&xor ("ebx","ebx");
&and ("eax",0x0fff);
&cmp ("eax",0x06ff); # check for Nano
&sete ("bl");
&mov ("eax",0xC0000001);
&push ("ebx");
&cpuid ();
&pop ("ebx");
&mov ("eax","edx");
&shl ("ebx",4); # bit#4 denotes Nano
&and ("eax",0xffffffef);
&or ("eax","ebx")
&set_label("noluck");
&pop ("ebx");
&ret ();
&function_end_B("padlock_capability")
&function_begin_B("padlock_key_bswap");
&mov ("edx",&wparam(0));
&mov ("ecx",&DWP(240,"edx"));
&set_label("bswap_loop");
&mov ("eax",&DWP(0,"edx"));
&bswap ("eax");
&mov (&DWP(0,"edx"),"eax");
&lea ("edx",&DWP(4,"edx"));
&sub ("ecx",1);
&jnz (&label("bswap_loop"));
&ret ();
&function_end_B("padlock_key_bswap");
# This is heuristic key context tracing. At first one
# believes that one should use atomic swap instructions,
# but it's not actually necessary. Point is that if
# padlock_saved_context was changed by another thread
# after we've read it and before we compare it with ctx,
# our key *shall* be reloaded upon thread context switch
# and we are therefore set in either case...
&static_label("padlock_saved_context");
&function_begin_B("padlock_verify_context");
&mov ($ctx,&wparam(0));
&lea ("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
&DWP(&label("padlock_saved_context")."-".&label("verify_pic_point")));
&pushf ();
&call ("_padlock_verify_ctx");
&set_label("verify_pic_point");
&lea ("esp",&DWP(4,"esp"));
&ret ();
&function_end_B("padlock_verify_context");
&function_begin_B("_padlock_verify_ctx");
&add ("eax",&DWP(0,"esp")) if(!($::win32 or $::coff));# &padlock_saved_context
&bt (&DWP(4,"esp"),30); # eflags
&jnc (&label("verified"));
&cmp ($ctx,&DWP(0,"eax"));
&je (&label("verified"));
&pushf ();
&popf ();
&set_label("verified");
&mov (&DWP(0,"eax"),$ctx);
&ret ();
&function_end_B("_padlock_verify_ctx");
&function_begin_B("padlock_reload_key");
&pushf ();
&popf ();
&ret ();
&function_end_B("padlock_reload_key");
&function_begin_B("padlock_aes_block");
&push ("edi");
&push ("esi");
&push ("ebx");
&mov ($out,&wparam(0)); # must be 16-byte aligned
&mov ($inp,&wparam(1)); # must be 16-byte aligned
&mov ($ctx,&wparam(2));
&mov ($len,1);
&lea ("ebx",&DWP(32,$ctx)); # key
&lea ($ctx,&DWP(16,$ctx)); # control word
&data_byte(0xf3,0x0f,0xa7,0xc8); # rep xcryptecb
&pop ("ebx");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_aes_block");
sub generate_mode {
my ($mode,$opcode) = @_;
# int padlock_$mode_encrypt(void *out, const void *inp,
# struct padlock_cipher_data *ctx, size_t len);
&function_begin("padlock_${mode}_encrypt");
&mov ($out,&wparam(0));
&mov ($inp,&wparam(1));
&mov ($ctx,&wparam(2));
&mov ($len,&wparam(3));
&test ($ctx,15);
&jnz (&label("${mode}_abort"));
&test ($len,15);
&jnz (&label("${mode}_abort"));
&lea ("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
&DWP(&label("padlock_saved_context")."-".&label("${mode}_pic_point")));
&pushf ();
&cld ();
&call ("_padlock_verify_ctx");
&set_label("${mode}_pic_point");
&lea ($ctx,&DWP(16,$ctx)); # control word
&xor ("eax","eax");
if ($mode eq "ctr32") {
&movq ("mm0",&QWP(-16,$ctx)); # load [upper part of] counter
} else {
&xor ("ebx","ebx");
&test (&DWP(0,$ctx),1<<5); # align bit in control word
&jnz (&label("${mode}_aligned"));
&test ($out,0x0f);
&setz ("al"); # !out_misaligned
&test ($inp,0x0f);
&setz ("bl"); # !inp_misaligned
&test ("eax","ebx");
&jnz (&label("${mode}_aligned"));
&neg ("eax");
}
&mov ($chunk,$PADLOCK_CHUNK);
&not ("eax"); # out_misaligned?-1:0
&lea ("ebp",&DWP(-24,"esp"));
&cmp ($len,$chunk);
&cmovc ($chunk,$len); # chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
&and ("eax",$chunk); # out_misaligned?chunk:0
&mov ($chunk,$len);
&neg ("eax");
&and ($chunk,$PADLOCK_CHUNK-1); # chunk=len%PADLOCK_CHUNK
&lea ("esp",&DWP(0,"eax","ebp")); # alloca
&mov ("eax",$PADLOCK_CHUNK);
&cmovz ($chunk,"eax"); # chunk=chunk?:PADLOCK_CHUNK
&mov ("eax","ebp");
&and ("ebp",-16);
&and ("esp",-16);
&mov (&DWP(16,"ebp"),"eax");
if ($PADLOCK_PREFETCH{$mode}) {
&cmp ($len,$chunk);
&ja (&label("${mode}_loop"));
&mov ("eax",$inp); # check if prefetch crosses page
&cmp ("ebp","esp");
&cmove ("eax",$out);
&add ("eax",$len);
&neg ("eax");
&and ("eax",0xfff); # distance to page boundary
&cmp ("eax",$PADLOCK_PREFETCH{$mode});
&mov ("eax",-$PADLOCK_PREFETCH{$mode});
&cmovae ("eax",$chunk); # mask=distance<prefetch?-prefetch:-1
&and ($chunk,"eax");
&jz (&label("${mode}_unaligned_tail"));
}
&jmp (&label("${mode}_loop"));
&set_label("${mode}_loop",16);
&mov (&DWP(0,"ebp"),$out); # save parameters
&mov (&DWP(4,"ebp"),$inp);
&mov (&DWP(8,"ebp"),$len);
&mov ($len,$chunk);
&mov (&DWP(12,"ebp"),$chunk); # chunk
if ($mode eq "ctr32") {
&mov ("ecx",&DWP(-4,$ctx));
&xor ($out,$out);
&mov ("eax",&DWP(-8,$ctx)); # borrow $len
&set_label("${mode}_prepare");
&mov (&DWP(12,"esp",$out),"ecx");
&bswap ("ecx");
&movq (&QWP(0,"esp",$out),"mm0");
&inc ("ecx");
&mov (&DWP(8,"esp",$out),"eax");
&bswap ("ecx");
&lea ($out,&DWP(16,$out));
&cmp ($out,$chunk);
&jb (&label("${mode}_prepare"));
&mov (&DWP(-4,$ctx),"ecx");
&lea ($inp,&DWP(0,"esp"));
&lea ($out,&DWP(0,"esp"));
&mov ($len,$chunk);
} else {
&test ($out,0x0f); # out_misaligned
&cmovnz ($out,"esp");
&test ($inp,0x0f); # inp_misaligned
&jz (&label("${mode}_inp_aligned"));
&shr ($len,2);
&data_byte(0xf3,0xa5); # rep movsl
&sub ($out,$chunk);
&mov ($len,$chunk);
&mov ($inp,$out);
&set_label("${mode}_inp_aligned");
}
&lea ("eax",&DWP(-16,$ctx)); # ivp
&lea ("ebx",&DWP(16,$ctx)); # key
&shr ($len,4); # len/=AES_BLOCK_SIZE
&data_byte(0xf3,0x0f,0xa7,$opcode); # rep xcrypt*
if ($mode !~ /ecb|ctr/) {
&movaps ("xmm0",&QWP(0,"eax"));
&movaps (&QWP(-16,$ctx),"xmm0"); # copy [or refresh] iv
}
&mov ($out,&DWP(0,"ebp")); # restore parameters
&mov ($chunk,&DWP(12,"ebp"));
if ($mode eq "ctr32") {
&mov ($inp,&DWP(4,"ebp"));
&xor ($len,$len);
&set_label("${mode}_xor");
&movups ("xmm1",&QWP(0,$inp,$len));
&lea ($len,&DWP(16,$len));
&pxor ("xmm1",&QWP(-16,"esp",$len));
&movups (&QWP(-16,$out,$len),"xmm1");
&cmp ($len,$chunk);
&jb (&label("${mode}_xor"));
} else {
&test ($out,0x0f);
&jz (&label("${mode}_out_aligned"));
&mov ($len,$chunk);
&lea ($inp,&DWP(0,"esp"));
&shr ($len,2);
&data_byte(0xf3,0xa5); # rep movsl
&sub ($out,$chunk);
&set_label("${mode}_out_aligned");
&mov ($inp,&DWP(4,"ebp"));
}
&mov ($len,&DWP(8,"ebp"));
&add ($out,$chunk);
&add ($inp,$chunk);
&sub ($len,$chunk);
&mov ($chunk,$PADLOCK_CHUNK);
if (!$PADLOCK_PREFETCH{$mode}) {
&jnz (&label("${mode}_loop"));
} else {
&jz (&label("${mode}_break"));
&cmp ($len,$chunk);
&jae (&label("${mode}_loop"));
&set_label("${mode}_unaligned_tail");
&xor ("eax","eax");
&cmp ("esp","ebp");
&cmove ("eax",$len);
&sub ("esp","eax"); # alloca
&mov ("eax", $out); # save parameters
&mov ($chunk,$len);
&shr ($len,2);
&lea ($out,&DWP(0,"esp"));
&data_byte(0xf3,0xa5); # rep movsl
&mov ($inp,"esp");
&mov ($out,"eax"); # restore parameters
&mov ($len,$chunk);
&jmp (&label("${mode}_loop"));
&set_label("${mode}_break",16);
}
if ($mode ne "ctr32") {
&cmp ("esp","ebp");
&je (&label("${mode}_done"));
}
&pxor ("xmm0","xmm0");
&lea ("eax",&DWP(0,"esp"));
&set_label("${mode}_bzero");
&movaps (&QWP(0,"eax"),"xmm0");
&lea ("eax",&DWP(16,"eax"));
&cmp ("ebp","eax");
&ja (&label("${mode}_bzero"));
&set_label("${mode}_done");
&mov ("ebp",&DWP(16,"ebp"));
&lea ("esp",&DWP(24,"ebp"));
if ($mode ne "ctr32") {
&jmp (&label("${mode}_exit"));
&set_label("${mode}_aligned",16);
if ($PADLOCK_PREFETCH{$mode}) {
&lea ("ebp",&DWP(0,$inp,$len));
&neg ("ebp");
&and ("ebp",0xfff); # distance to page boundary
&xor ("eax","eax");
&cmp ("ebp",$PADLOCK_PREFETCH{$mode});
&mov ("ebp",$PADLOCK_PREFETCH{$mode}-1);
&cmovae ("ebp","eax");
&and ("ebp",$len); # remainder
&sub ($len,"ebp");
&jz (&label("${mode}_aligned_tail"));
}
&lea ("eax",&DWP(-16,$ctx)); # ivp
&lea ("ebx",&DWP(16,$ctx)); # key
&shr ($len,4); # len/=AES_BLOCK_SIZE
&data_byte(0xf3,0x0f,0xa7,$opcode); # rep xcrypt*
if ($mode ne "ecb") {
&movaps ("xmm0",&QWP(0,"eax"));
&movaps (&QWP(-16,$ctx),"xmm0"); # copy [or refresh] iv
}
if ($PADLOCK_PREFETCH{$mode}) {
&test ("ebp","ebp");
&jz (&label("${mode}_exit"));
&set_label("${mode}_aligned_tail");
&mov ($len,"ebp");
&lea ("ebp",&DWP(-24,"esp"));
&mov ("esp","ebp");
&mov ("eax","ebp");
&sub ("esp",$len);
&and ("ebp",-16);
&and ("esp",-16);
&mov (&DWP(16,"ebp"),"eax");
&mov ("eax", $out); # save parameters
&mov ($chunk,$len);
&shr ($len,2);
&lea ($out,&DWP(0,"esp"));
&data_byte(0xf3,0xa5); # rep movsl
&mov ($inp,"esp");
&mov ($out,"eax"); # restore parameters
&mov ($len,$chunk);
&jmp (&label("${mode}_loop"));
}
&set_label("${mode}_exit"); }
&mov ("eax",1);
&lea ("esp",&DWP(4,"esp")); # popf
&emms () if ($mode eq "ctr32");
&set_label("${mode}_abort");
&function_end("padlock_${mode}_encrypt");
}
&generate_mode("ecb",0xc8);
&generate_mode("cbc",0xd0);
&generate_mode("cfb",0xe0);
&generate_mode("ofb",0xe8);
&generate_mode("ctr32",0xc8); # yes, it implements own CTR with ECB opcode,
# because hardware CTR was introduced later
# and even has errata on certain C7 stepping.
# own implementation *always* works, though
# ~15% slower than dedicated hardware...
&function_begin_B("padlock_xstore");
&push ("edi");
&mov ("edi",&wparam(0));
&mov ("edx",&wparam(1));
&data_byte(0x0f,0xa7,0xc0); # xstore
&pop ("edi");
&ret ();
&function_end_B("padlock_xstore");
&function_begin_B("_win32_segv_handler");
&mov ("eax",1); # ExceptionContinueSearch
&mov ("edx",&wparam(0)); # *ExceptionRecord
&mov ("ecx",&wparam(2)); # *ContextRecord
&cmp (&DWP(0,"edx"),0xC0000005) # ExceptionRecord->ExceptionCode == STATUS_ACCESS_VIOLATION
&jne (&label("ret"));
&add (&DWP(184,"ecx"),4); # skip over rep sha*
&mov ("eax",0); # ExceptionContinueExecution
&set_label("ret");
&ret ();
&function_end_B("_win32_segv_handler");
&safeseh("_win32_segv_handler") if ($::win32);
&function_begin_B("padlock_sha1_oneshot");
&push ("edi");
&push ("esi");
&xor ("eax","eax");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
if ($::win32 or $::coff) {
&push (&::islabel("_win32_segv_handler"));
&data_byte(0x64,0xff,0x30); # push %fs:(%eax)
&data_byte(0x64,0x89,0x20); # mov %esp,%fs:(%eax)
}
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128); # 32 is enough but spec says 128
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&mov ("eax",&DWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&mov (&DWP(16,"esp"),"eax");
&xor ("eax","eax");
&data_byte(0xf3,0x0f,0xa6,0xc8); # rep xsha1
&movaps ("xmm0",&QWP(0,"esp"));
&mov ("eax",&DWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
if ($::win32 or $::coff) {
&data_byte(0x64,0x8f,0x05,0,0,0,0); # pop %fs:0
&lea ("esp",&DWP(4,"esp"));
}
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&mov (&DWP(16,"edi"),"eax");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha1_oneshot");
&function_begin_B("padlock_sha1_blocks");
&push ("edi");
&push ("esi");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("edx","esp"); # put aside %esp
&mov ("ecx",&wparam(2));
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&mov ("eax",&DWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&mov (&DWP(16,"esp"),"eax");
&mov ("eax",-1);
&data_byte(0xf3,0x0f,0xa6,0xc8); # rep xsha1
&movaps ("xmm0",&QWP(0,"esp"));
&mov ("eax",&DWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&mov (&DWP(16,"edi"),"eax");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha1_blocks");
&function_begin_B("padlock_sha256_oneshot");
&push ("edi");
&push ("esi");
&xor ("eax","eax");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
if ($::win32 or $::coff) {
&push (&::islabel("_win32_segv_handler"));
&data_byte(0x64,0xff,0x30); # push %fs:(%eax)
&data_byte(0x64,0x89,0x20); # mov %esp,%fs:(%eax)
}
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&movups ("xmm1",&QWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&movaps (&QWP(16,"esp"),"xmm1");
&xor ("eax","eax");
&data_byte(0xf3,0x0f,0xa6,0xd0); # rep xsha256
&movaps ("xmm0",&QWP(0,"esp"));
&movaps ("xmm1",&QWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
if ($::win32 or $::coff) {
&data_byte(0x64,0x8f,0x05,0,0,0,0); # pop %fs:0
&lea ("esp",&DWP(4,"esp"));
}
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&movups (&QWP(16,"edi"),"xmm1");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha256_oneshot");
&function_begin_B("padlock_sha256_blocks");
&push ("edi");
&push ("esi");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&movups ("xmm1",&QWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&movaps (&QWP(16,"esp"),"xmm1");
&mov ("eax",-1);
&data_byte(0xf3,0x0f,0xa6,0xd0); # rep xsha256
&movaps ("xmm0",&QWP(0,"esp"));
&movaps ("xmm1",&QWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&movups (&QWP(16,"edi"),"xmm1");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha256_blocks");
&function_begin_B("padlock_sha512_blocks");
&push ("edi");
&push ("esi");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&movups ("xmm1",&QWP(16,"edi"));
&movups ("xmm2",&QWP(32,"edi"));
&movups ("xmm3",&QWP(48,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&movaps (&QWP(16,"esp"),"xmm1");
&movaps (&QWP(32,"esp"),"xmm2");
&movaps (&QWP(48,"esp"),"xmm3");
&data_byte(0xf3,0x0f,0xa6,0xe0); # rep xsha512
&movaps ("xmm0",&QWP(0,"esp"));
&movaps ("xmm1",&QWP(16,"esp"));
&movaps ("xmm2",&QWP(32,"esp"));
&movaps ("xmm3",&QWP(48,"esp"));
&mov ("esp","edx"); # restore %esp
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&movups (&QWP(16,"edi"),"xmm1");
&movups (&QWP(32,"edi"),"xmm2");
&movups (&QWP(48,"edi"),"xmm3");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha512_blocks");
&asciz ("VIA Padlock x86 module, CRYPTOGAMS by <appro\@openssl.org>");
&align (16);
&dataseg();
# Essentially this variable belongs in thread local storage.
# Having this variable global on the other hand can only cause
# few bogus key reloads [if any at all on signle-CPU system],
# so we accept the penalty...
&set_label("padlock_saved_context",4);
&data_word(0);
&asm_finish();
close STDOUT;

574
engines/asm/e_padlock-x86_64.pl Normal file
View File

@@ -0,0 +1,574 @@
#! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# ====================================================================
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
# September 2011
#
# Assembler helpers for Padlock engine. See even e_padlock-x86.pl for
# details.
$flavour = shift;
$output = shift;
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$code=".text\n";
%PADLOCK_PREFETCH=(ecb=>128, cbc=>64, ctr32=>32); # prefetch errata
$PADLOCK_CHUNK=512; # Must be a power of 2 between 32 and 2^20
$ctx="%rdx";
$out="%rdi";
$inp="%rsi";
$len="%rcx";
$chunk="%rbx";
($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
("%rdi","%rsi","%rdx","%rcx"); # Unix order
$code.=<<___;
.globl padlock_capability
.type padlock_capability,\@abi-omnipotent
.align 16
padlock_capability:
mov %rbx,%r8
xor %eax,%eax
cpuid
xor %eax,%eax
cmp \$`"0x".unpack("H*",'tneC')`,%ebx
jne .Lnoluck
cmp \$`"0x".unpack("H*",'Hrua')`,%edx
jne .Lnoluck
cmp \$`"0x".unpack("H*",'slua')`,%ecx
jne .Lnoluck
mov \$0xC0000000,%eax
cpuid
mov %eax,%edx
xor %eax,%eax
cmp \$0xC0000001,%edx
jb .Lnoluck
mov \$0xC0000001,%eax
cpuid
mov %edx,%eax
and \$0xffffffef,%eax
or \$0x10,%eax # set Nano bit#4
.Lnoluck:
mov %r8,%rbx
ret
.size padlock_capability,.-padlock_capability
.globl padlock_key_bswap
.type padlock_key_bswap,\@abi-omnipotent,0
.align 16
padlock_key_bswap:
mov 240($arg1),%edx
.Lbswap_loop:
mov ($arg1),%eax
bswap %eax
mov %eax,($arg1)
lea 4($arg1),$arg1
sub \$1,%edx
jnz .Lbswap_loop
ret
.size padlock_key_bswap,.-padlock_key_bswap
.globl padlock_verify_context
.type padlock_verify_context,\@abi-omnipotent
.align 16
padlock_verify_context:
mov $arg1,$ctx
pushf
lea .Lpadlock_saved_context(%rip),%rax
call _padlock_verify_ctx
lea 8(%rsp),%rsp
ret
.size padlock_verify_context,.-padlock_verify_context
.type _padlock_verify_ctx,\@abi-omnipotent
.align 16
_padlock_verify_ctx:
mov 8(%rsp),%r8
bt \$30,%r8
jnc .Lverified
cmp (%rax),$ctx
je .Lverified
pushf
popf
.Lverified:
mov $ctx,(%rax)
ret
.size _padlock_verify_ctx,.-_padlock_verify_ctx
.globl padlock_reload_key
.type padlock_reload_key,\@abi-omnipotent
.align 16
padlock_reload_key:
pushf
popf
ret
.size padlock_reload_key,.-padlock_reload_key
.globl padlock_aes_block
.type padlock_aes_block,\@function,3
.align 16
padlock_aes_block:
mov %rbx,%r8
mov \$1,$len
lea 32($ctx),%rbx # key
lea 16($ctx),$ctx # control word
.byte 0xf3,0x0f,0xa7,0xc8 # rep xcryptecb
mov %r8,%rbx
ret
.size padlock_aes_block,.-padlock_aes_block
.globl padlock_xstore
.type padlock_xstore,\@function,2
.align 16
padlock_xstore:
mov %esi,%edx
.byte 0x0f,0xa7,0xc0 # xstore
ret
.size padlock_xstore,.-padlock_xstore
.globl padlock_sha1_oneshot
.type padlock_sha1_oneshot,\@function,3
.align 16
padlock_sha1_oneshot:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
mov 16(%rdi),%eax
movaps %xmm0,(%rsp)
mov %rsp,%rdi
mov %eax,16(%rsp)
xor %rax,%rax
.byte 0xf3,0x0f,0xa6,0xc8 # rep xsha1
movaps (%rsp),%xmm0
mov 16(%rsp),%eax
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
mov %eax,16(%rdx)
ret
.size padlock_sha1_oneshot,.-padlock_sha1_oneshot
.globl padlock_sha1_blocks
.type padlock_sha1_blocks,\@function,3
.align 16
padlock_sha1_blocks:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
mov 16(%rdi),%eax
movaps %xmm0,(%rsp)
mov %rsp,%rdi
mov %eax,16(%rsp)
mov \$-1,%rax
.byte 0xf3,0x0f,0xa6,0xc8 # rep xsha1
movaps (%rsp),%xmm0
mov 16(%rsp),%eax
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
mov %eax,16(%rdx)
ret
.size padlock_sha1_blocks,.-padlock_sha1_blocks
.globl padlock_sha256_oneshot
.type padlock_sha256_oneshot,\@function,3
.align 16
padlock_sha256_oneshot:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
movups 16(%rdi),%xmm1
movaps %xmm0,(%rsp)
mov %rsp,%rdi
movaps %xmm1,16(%rsp)
xor %rax,%rax
.byte 0xf3,0x0f,0xa6,0xd0 # rep xsha256
movaps (%rsp),%xmm0
movaps 16(%rsp),%xmm1
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
movups %xmm1,16(%rdx)
ret
.size padlock_sha256_oneshot,.-padlock_sha256_oneshot
.globl padlock_sha256_blocks
.type padlock_sha256_blocks,\@function,3
.align 16
padlock_sha256_blocks:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
movups 16(%rdi),%xmm1
movaps %xmm0,(%rsp)
mov %rsp,%rdi
movaps %xmm1,16(%rsp)
mov \$-1,%rax
.byte 0xf3,0x0f,0xa6,0xd0 # rep xsha256
movaps (%rsp),%xmm0
movaps 16(%rsp),%xmm1
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
movups %xmm1,16(%rdx)
ret
.size padlock_sha256_blocks,.-padlock_sha256_blocks
.globl padlock_sha512_blocks
.type padlock_sha512_blocks,\@function,3
.align 16
padlock_sha512_blocks:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
movups 16(%rdi),%xmm1
movups 32(%rdi),%xmm2
movups 48(%rdi),%xmm3
movaps %xmm0,(%rsp)
mov %rsp,%rdi
movaps %xmm1,16(%rsp)
movaps %xmm2,32(%rsp)
movaps %xmm3,48(%rsp)
.byte 0xf3,0x0f,0xa6,0xe0 # rep xha512
movaps (%rsp),%xmm0
movaps 16(%rsp),%xmm1
movaps 32(%rsp),%xmm2
movaps 48(%rsp),%xmm3
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
movups %xmm1,16(%rdx)
movups %xmm2,32(%rdx)
movups %xmm3,48(%rdx)
ret
.size padlock_sha512_blocks,.-padlock_sha512_blocks
___
sub generate_mode {
my ($mode,$opcode) = @_;
# int padlock_$mode_encrypt(void *out, const void *inp,
# struct padlock_cipher_data *ctx, size_t len);
$code.=<<___;
.globl padlock_${mode}_encrypt
.type padlock_${mode}_encrypt,\@function,4
.align 16
padlock_${mode}_encrypt:
push %rbp
push %rbx
xor %eax,%eax
test \$15,$ctx
jnz .L${mode}_abort
test \$15,$len
jnz .L${mode}_abort
lea .Lpadlock_saved_context(%rip),%rax
pushf
cld
call _padlock_verify_ctx
lea 16($ctx),$ctx # control word
xor %eax,%eax
xor %ebx,%ebx
testl \$`1<<5`,($ctx) # align bit in control word
jnz .L${mode}_aligned
test \$0x0f,$out
setz %al # !out_misaligned
test \$0x0f,$inp
setz %bl # !inp_misaligned
test %ebx,%eax
jnz .L${mode}_aligned
neg %rax
mov \$$PADLOCK_CHUNK,$chunk
not %rax # out_misaligned?-1:0
lea (%rsp),%rbp
cmp $chunk,$len
cmovc $len,$chunk # chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
and $chunk,%rax # out_misaligned?chunk:0
mov $len,$chunk
neg %rax
and \$$PADLOCK_CHUNK-1,$chunk # chunk%=PADLOCK_CHUNK
lea (%rax,%rbp),%rsp
mov \$$PADLOCK_CHUNK,%rax
cmovz %rax,$chunk # chunk=chunk?:PADLOCK_CHUNK
___
$code.=<<___ if ($mode eq "ctr32");
.L${mode}_reenter:
mov -4($ctx),%eax # pull 32-bit counter
bswap %eax
neg %eax
and \$`$PADLOCK_CHUNK/16-1`,%eax
mov \$$PADLOCK_CHUNK,$chunk
shl \$4,%eax
cmovz $chunk,%rax
cmp %rax,$len
cmova %rax,$chunk # don't let counter cross PADLOCK_CHUNK
cmovbe $len,$chunk
___
$code.=<<___ if ($PADLOCK_PREFETCH{$mode});
cmp $chunk,$len
ja .L${mode}_loop
mov $inp,%rax # check if prefetch crosses page
cmp %rsp,%rbp
cmove $out,%rax
add $len,%rax
neg %rax
and \$0xfff,%rax # distance to page boundary
cmp \$$PADLOCK_PREFETCH{$mode},%rax
mov \$-$PADLOCK_PREFETCH{$mode},%rax
cmovae $chunk,%rax # mask=distance<prefetch?-prefetch:-1
and %rax,$chunk
jz .L${mode}_unaligned_tail
___
$code.=<<___;
jmp .L${mode}_loop
.align 16
.L${mode}_loop:
cmp $len,$chunk # ctr32 artefact
cmova $len,$chunk # ctr32 artefact
mov $out,%r8 # save parameters
mov $inp,%r9
mov $len,%r10
mov $chunk,$len
mov $chunk,%r11
test \$0x0f,$out # out_misaligned
cmovnz %rsp,$out
test \$0x0f,$inp # inp_misaligned
jz .L${mode}_inp_aligned
shr \$3,$len
.byte 0xf3,0x48,0xa5 # rep movsq
sub $chunk,$out
mov $chunk,$len
mov $out,$inp
.L${mode}_inp_aligned:
lea -16($ctx),%rax # ivp
lea 16($ctx),%rbx # key
shr \$4,$len
.byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
___
$code.=<<___ if ($mode !~ /ecb|ctr/);
movdqa (%rax),%xmm0
movdqa %xmm0,-16($ctx) # copy [or refresh] iv
___
$code.=<<___ if ($mode eq "ctr32");
mov -4($ctx),%eax # pull 32-bit counter
test \$0xffff0000,%eax
jnz .L${mode}_no_carry
bswap %eax
add \$0x10000,%eax
bswap %eax
mov %eax,-4($ctx)
.L${mode}_no_carry:
___
$code.=<<___;
mov %r8,$out # restore parameters
mov %r11,$chunk
test \$0x0f,$out
jz .L${mode}_out_aligned
mov $chunk,$len
lea (%rsp),$inp
shr \$3,$len
.byte 0xf3,0x48,0xa5 # rep movsq
sub $chunk,$out
.L${mode}_out_aligned:
mov %r9,$inp
mov %r10,$len
add $chunk,$out
add $chunk,$inp
sub $chunk,$len
mov \$$PADLOCK_CHUNK,$chunk
___
if (!$PADLOCK_PREFETCH{$mode}) {
$code.=<<___;
jnz .L${mode}_loop
___
} else {
$code.=<<___;
jz .L${mode}_break
cmp $chunk,$len
jae .L${mode}_loop
___
$code.=<<___ if ($mode eq "ctr32");
mov $len,$chunk
mov $inp,%rax # check if prefetch crosses page
cmp %rsp,%rbp
cmove $out,%rax
add $len,%rax
neg %rax
and \$0xfff,%rax # distance to page boundary
cmp \$$PADLOCK_PREFETCH{$mode},%rax
mov \$-$PADLOCK_PREFETCH{$mode},%rax
cmovae $chunk,%rax
and %rax,$chunk
jnz .L${mode}_loop
___
$code.=<<___;
.L${mode}_unaligned_tail:
xor %eax,%eax
cmp %rsp,%rbp
cmove $len,%rax
mov $out,%r8 # save parameters
mov $len,$chunk
sub %rax,%rsp # alloca
shr \$3,$len
lea (%rsp),$out
.byte 0xf3,0x48,0xa5 # rep movsq
mov %rsp,$inp
mov %r8, $out # restore parameters
mov $chunk,$len
jmp .L${mode}_loop
.align 16
.L${mode}_break:
___
}
$code.=<<___;
cmp %rbp,%rsp
je .L${mode}_done
pxor %xmm0,%xmm0
lea (%rsp),%rax
.L${mode}_bzero:
movaps %xmm0,(%rax)
lea 16(%rax),%rax
cmp %rax,%rbp
ja .L${mode}_bzero
.L${mode}_done:
lea (%rbp),%rsp
jmp .L${mode}_exit
.align 16
.L${mode}_aligned:
___
$code.=<<___ if ($mode eq "ctr32");
mov -4($ctx),%eax # pull 32-bit counter
bswap %eax
neg %eax
and \$0xffff,%eax
mov \$`16*0x10000`,$chunk
shl \$4,%eax
cmovz $chunk,%rax
cmp %rax,$len
cmova %rax,$chunk # don't let counter cross 2^16
cmovbe $len,$chunk
jbe .L${mode}_aligned_skip
.L${mode}_aligned_loop:
mov $len,%r10 # save parameters
mov $chunk,$len
mov $chunk,%r11
lea -16($ctx),%rax # ivp
lea 16($ctx),%rbx # key
shr \$4,$len # len/=AES_BLOCK_SIZE
.byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
mov -4($ctx),%eax # pull 32-bit counter
bswap %eax
add \$0x10000,%eax
bswap %eax
mov %eax,-4($ctx)
mov %r10,$len # restore parameters
sub %r11,$len
mov \$`16*0x10000`,$chunk
jz .L${mode}_exit
cmp $chunk,$len
jae .L${mode}_aligned_loop
.L${mode}_aligned_skip:
___
$code.=<<___ if ($PADLOCK_PREFETCH{$mode});
lea ($inp,$len),%rbp
neg %rbp
and \$0xfff,%rbp # distance to page boundary
xor %eax,%eax
cmp \$$PADLOCK_PREFETCH{$mode},%rbp
mov \$$PADLOCK_PREFETCH{$mode}-1,%rbp
cmovae %rax,%rbp
and $len,%rbp # remainder
sub %rbp,$len
jz .L${mode}_aligned_tail
___
$code.=<<___;
lea -16($ctx),%rax # ivp
lea 16($ctx),%rbx # key
shr \$4,$len # len/=AES_BLOCK_SIZE
.byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
___
$code.=<<___ if ($mode !~ /ecb|ctr/);
movdqa (%rax),%xmm0
movdqa %xmm0,-16($ctx) # copy [or refresh] iv
___
$code.=<<___ if ($PADLOCK_PREFETCH{$mode});
test %rbp,%rbp # check remainder
jz .L${mode}_exit
.L${mode}_aligned_tail:
mov $out,%r8
mov %rbp,$chunk
mov %rbp,$len
lea (%rsp),%rbp
sub $len,%rsp
shr \$3,$len
lea (%rsp),$out
.byte 0xf3,0x48,0xa5 # rep movsq
lea (%r8),$out
lea (%rsp),$inp
mov $chunk,$len
jmp .L${mode}_loop
___
$code.=<<___;
.L${mode}_exit:
mov \$1,%eax
lea 8(%rsp),%rsp
.L${mode}_abort:
pop %rbx
pop %rbp
ret
.size padlock_${mode}_encrypt,.-padlock_${mode}_encrypt
___
}
&generate_mode("ecb",0xc8);
&generate_mode("cbc",0xd0);
&generate_mode("cfb",0xe0);
&generate_mode("ofb",0xe8);
&generate_mode("ctr32",0xd8); # all 64-bit CPUs have working CTR...
$code.=<<___;
.asciz "VIA Padlock x86_64 module, CRYPTOGAMS by <appro\@openssl.org>"
.align 16
.data
.align 8
.Lpadlock_saved_context:
.quad 0
___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code;
close STDOUT;

1
engines/axp.opt
View File

@@ -1 +0,0 @@
SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)

32
engines/build.info Normal file
View File

@@ -0,0 +1,32 @@
IF[{- !$disabled{"engine"} -}]
IF[{- $disabled{"dynamic-engine"} -}]
LIBS=../libcrypto
SOURCE[../libcrypto]=\
e_padlock.c {- $target{padlock_asm_src} -}
IF[{- !$disabled{capieng} -}]
SOURCE[../libcrypto]=e_capi.c
ENDIF
ELSE
ENGINES=padlock
SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
DEPEND[padlock]=../libcrypto
INCLUDE[padlock]=../include
IF[{- !$disabled{capieng} -}]
ENGINES=capi
SOURCE[capi]=e_capi.c
DEPEND[capi]=../libcrypto
INCLUDE[capi]=../include
ENDIF
ENGINES_NO_INST=ossltest dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto
INCLUDE[ossltest]=../include
ENDIF
GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
ENDIF

1
engines/capierr.bat
View File

@@ -1 +0,0 @@
perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c

297
engines/ccgost/Makefile
View File

@@ -1,297 +0,0 @@
DIR=ccgost
TOP=../..
CC=cc
INCLUDES= -I../../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
LIB=$(TOP)/libcrypto.a
LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
SRC=$(LIBSRC)
LIBNAME=gost
top:
(cd $(TOP); $(MAKE) DIRS=engines EDIRS=$(DIR) sub_all)
all: lib
tags:
ctags $(SRC)
errors:
$(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC)
lib: $(LIBOBJ)
if [ -n "$(SHARED_LIBS)" ]; then \
$(MAKE) -f $(TOP)/Makefile.shared -e \
LIBNAME=$(LIBNAME) \
LIBEXTRAS='$(LIBOBJ)' \
LIBDEPS='-L$(TOP) -lcrypto' \
link_o.$(SHLIB_TARGET); \
else \
$(AR) $(LIB) $(LIBOBJ); \
fi
@touch lib
install:
[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
echo installing $(LIBNAME); \
pfx=lib; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
sfx=".so"; \
cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
*DSO_DL*) sfx=".sl";; \
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
fi
links:
tests:
update: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll
# DO NOT DELETE THIS LINE -- make depend depends on it.
gost2001.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost2001.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost2001.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost2001.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost2001.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost2001.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost2001.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost2001.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost2001.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost2001.o: ../../include/openssl/opensslconf.h
gost2001.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost2001.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost2001.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h
gost2001.o: gosthash.h
gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost2001_keyx.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost2001_keyx.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost2001_keyx.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost2001_keyx.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost2001_keyx.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost2001_keyx.o: ../../include/openssl/obj_mac.h
gost2001_keyx.o: ../../include/openssl/objects.h
gost2001_keyx.o: ../../include/openssl/opensslconf.h
gost2001_keyx.o: ../../include/openssl/opensslv.h
gost2001_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
gost2001_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
gost2001_keyx.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost2001_keyx.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost2001_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c
gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h
gost89.o: gost89.c gost89.h
gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost94_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost94_keyx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
gost94_keyx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
gost94_keyx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
gost94_keyx.o: ../../include/openssl/engine.h ../../include/openssl/err.h
gost94_keyx.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
gost94_keyx.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
gost94_keyx.o: ../../include/openssl/objects.h
gost94_keyx.o: ../../include/openssl/opensslconf.h
gost94_keyx.o: ../../include/openssl/opensslv.h
gost94_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
gost94_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
gost94_keyx.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost94_keyx.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost94_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
gost_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
gost_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
gost_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
gost_ameth.o: ../../include/openssl/engine.h ../../include/openssl/err.h
gost_ameth.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
gost_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
gost_ameth.o: ../../include/openssl/objects.h
gost_ameth.o: ../../include/openssl/opensslconf.h
gost_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_ameth.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h
gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_asn1.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_asn1.o: ../../include/openssl/opensslconf.h
gost_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_asn1.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_asn1.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_asn1.o: ../../include/openssl/x509_vfy.h gost89.h gost_asn1.c gost_lcl.h
gost_asn1.o: gosthash.h
gost_crypt.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_crypt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_crypt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_crypt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_crypt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_crypt.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_crypt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_crypt.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_crypt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_crypt.o: ../../include/openssl/opensslconf.h
gost_crypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_crypt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
gost_crypt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost_crypt.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost_crypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_crypt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_crypt.o: e_gost_err.h gost89.h gost_crypt.c gost_lcl.h gosthash.h
gost_ctl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_ctl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_ctl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_ctl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_ctl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_ctl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_ctl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_ctl.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_ctl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_ctl.o: ../../include/openssl/opensslconf.h
gost_ctl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_ctl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_ctl.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_ctl.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_ctl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_ctl.o: ../../include/openssl/x509_vfy.h gost89.h gost_ctl.c gost_lcl.h
gost_ctl.o: gosthash.h
gost_eng.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_eng.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_eng.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_eng.o: ../../include/openssl/opensslconf.h
gost_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_eng.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_eng.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_eng.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_eng.c
gost_eng.o: gost_lcl.h gosthash.h
gost_keywrap.o: gost89.h gost_keywrap.c gost_keywrap.h
gost_md.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_md.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_md.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_md.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_md.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_md.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
gost_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost_md.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h
gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
gost_params.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_params.o: ../../include/openssl/opensslconf.h
gost_params.o: ../../include/openssl/opensslv.h
gost_params.o: ../../include/openssl/ossl_typ.h
gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/err.h
gost_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
gost_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
gost_pmeth.o: ../../include/openssl/objects.h
gost_pmeth.o: ../../include/openssl/opensslconf.h
gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_pmeth.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c
gost_pmeth.o: gosthash.h
gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_sign.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_sign.o: ../../include/openssl/opensslconf.h
gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost_sign.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_sign.c
gost_sign.o: gosthash.h
gosthash.o: gost89.h gosthash.c gosthash.h

297
engines/ccgost/Makefile.save
View File

@@ -1,297 +0,0 @@
DIR=ccgost
TOP=../..
CC=cc
INCLUDES= -I../../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
LIB=$(TOP)/libcrypto.a
LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
SRC=$(LIBSRC)
LIBNAME=gost
top:
(cd $(TOP); $(MAKE) DIRS=engines EDIRS=$(DIR) sub_all)
all: lib
tags:
ctags $(SRC)
errors:
$(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC)
lib: $(LIBOBJ)
if [ -n "$(SHARED_LIBS)" ]; then \
$(MAKE) -f $(TOP)/Makefile.shared -e \
LIBNAME=$(LIBNAME) \
LIBEXTRAS='$(LIBOBJ)' \
LIBDEPS='-L$(TOP) -lcrypto' \
link_o.$(SHLIB_TARGET); \
else \
$(AR) $(LIB) $(LIBOBJ); \
fi
@touch lib
install:
[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
echo installing $(LIBNAME); \
pfx=lib; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
sfx=".so"; \
cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
*DSO_DL*) sfx=".sl";; \
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
fi
links:
tests:
update: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll
# DO NOT DELETE THIS LINE -- make depend depends on it.
gost2001.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost2001.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost2001.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost2001.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost2001.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost2001.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost2001.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost2001.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost2001.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost2001.o: ../../include/openssl/opensslconf.h
gost2001.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost2001.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost2001.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h
gost2001.o: gosthash.h
gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost2001_keyx.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost2001_keyx.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost2001_keyx.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost2001_keyx.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost2001_keyx.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost2001_keyx.o: ../../include/openssl/obj_mac.h
gost2001_keyx.o: ../../include/openssl/objects.h
gost2001_keyx.o: ../../include/openssl/opensslconf.h
gost2001_keyx.o: ../../include/openssl/opensslv.h
gost2001_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
gost2001_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
gost2001_keyx.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost2001_keyx.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost2001_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c
gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h
gost89.o: gost89.c gost89.h
gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost94_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost94_keyx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
gost94_keyx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
gost94_keyx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
gost94_keyx.o: ../../include/openssl/engine.h ../../include/openssl/err.h
gost94_keyx.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
gost94_keyx.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
gost94_keyx.o: ../../include/openssl/objects.h
gost94_keyx.o: ../../include/openssl/opensslconf.h
gost94_keyx.o: ../../include/openssl/opensslv.h
gost94_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
gost94_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
gost94_keyx.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost94_keyx.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost94_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
gost_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
gost_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
gost_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
gost_ameth.o: ../../include/openssl/engine.h ../../include/openssl/err.h
gost_ameth.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
gost_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
gost_ameth.o: ../../include/openssl/objects.h
gost_ameth.o: ../../include/openssl/opensslconf.h
gost_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_ameth.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h
gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_asn1.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_asn1.o: ../../include/openssl/opensslconf.h
gost_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_asn1.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_asn1.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_asn1.o: ../../include/openssl/x509_vfy.h gost89.h gost_asn1.c gost_lcl.h
gost_asn1.o: gosthash.h
gost_crypt.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_crypt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_crypt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_crypt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_crypt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_crypt.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_crypt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_crypt.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_crypt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_crypt.o: ../../include/openssl/opensslconf.h
gost_crypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_crypt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
gost_crypt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost_crypt.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost_crypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_crypt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_crypt.o: e_gost_err.h gost89.h gost_crypt.c gost_lcl.h gosthash.h
gost_ctl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_ctl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_ctl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_ctl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_ctl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_ctl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_ctl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_ctl.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_ctl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_ctl.o: ../../include/openssl/opensslconf.h
gost_ctl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_ctl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_ctl.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_ctl.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_ctl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_ctl.o: ../../include/openssl/x509_vfy.h gost89.h gost_ctl.c gost_lcl.h
gost_ctl.o: gosthash.h
gost_eng.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_eng.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_eng.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_eng.o: ../../include/openssl/opensslconf.h
gost_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_eng.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_eng.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_eng.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_eng.c
gost_eng.o: gost_lcl.h gosthash.h
gost_keywrap.o: gost89.h gost_keywrap.c gost_keywrap.h
gost_md.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_md.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_md.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_md.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_md.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_md.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
gost_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost_md.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h
gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
gost_params.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_params.o: ../../include/openssl/opensslconf.h
gost_params.o: ../../include/openssl/opensslv.h
gost_params.o: ../../include/openssl/ossl_typ.h
gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/err.h
gost_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
gost_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
gost_pmeth.o: ../../include/openssl/objects.h
gost_pmeth.o: ../../include/openssl/opensslconf.h
gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
gost_pmeth.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c
gost_pmeth.o: gosthash.h
gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
gost_sign.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
gost_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_sign.o: ../../include/openssl/opensslconf.h
gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost_sign.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_sign.c
gost_sign.o: gosthash.h
gosthash.o: gost89.h gosthash.c gosthash.h

300
engines/ccgost/README.gost
View File

@@ -1,300 +0,0 @@
GOST ENGINE
This engine provides implementation of Russian cryptography standard.
This is also an example of adding new cryptoalgorithms into OpenSSL
without changing its core. If OpenSSL is compiled with dynamic engine
support, new algorithms can be added even without recompilation of
OpenSSL and applications which use it.
ALGORITHMS SUPPORTED
GOST R 34.10-94 and GOST R 34.10-2001 - digital signature algorithms.
Also support key exchange based on public keys. See RFC 4357 for
details of VKO key exchange algorithm. These algorithms use
256 bit private keys. Public keys are 1024 bit for 94 and 512 bit for
2001 (which is elliptic-curve based). Key exchange algorithms
(VKO R 34.10) are supported on these keys too.
GOST R 34.11-94 Message digest algorithm. 256-bit hash value
GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are
defined in the standard, but only CFB and CNT modes are implemented
in the engine. To make statistical analysis more difficult, key
meshing is supported (see RFC 4357).
GOST 28147-89 MAC mode. Message authentication code. While most MAC
algorithms out there are based on hash functions using HMAC
algorithm, this algoritm is based on symmetric cipher.
It has 256-bit symmetric key and only 32 bits of MAC value
(while HMAC has same key size and value size).
It is implemented as combination of EVP_PKEY type and EVP_MD type.
USAGE OF THESE ALGORITHMS
This engine is designed to allow usage of this algorithms in the
high-level openssl functions, such as PKI, S/MIME and TLS.
See RFC 4490 for S/MIME with GOST algorithms and RFC 4491 for PKI.
TLS support is implemented according IETF
draft-chudov-cryptopro-cptls-03.txt and is compatible with
CryptoPro CSP 3.0 and 3.6 as well as with MagPro CSP.
GOST ciphersuites implemented in CryptoPro CSP 2.0 are not supported
because they use ciphersuite numbers used now by AES ciphersuites.
To use the engine you have to load it via openssl configuration
file. Applications should read openssl configuration file or provide
their own means to load engines. Also, applications which operate with
private keys, should use generic EVP_PKEY API instead of using RSA or
other algorithm-specific API.
CONFIGURATION FILE
Configuration file should include following statement in the global
section, i.e. before first bracketed section header (see config(5) for details)
openssl_conf = openssl_def
where openssl_def is name of the section in configuration file which
describes global defaults.
This section should contain following statement:
[openssl_def]
engines = engine_section
which points to the section which describes list of the engines to be
loaded. This section should contain:
[engine_section]
gost = gost_section
And section which describes configuration of the engine should contain
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/ssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
Where engine_id parameter specifies name of engine (should be "gost").
dynamic_path is a location of the loadable shared library implementing the
engine. If the engine is compiled statically or is located in the OpenSSL
engines directory, this line can be omitted.
default_algorithms parameter specifies that all algorithms, provided by
engine, should be used.
The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose
between different parameter sets of symmetric cipher algorithm. RFC 4357
specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL
doesn't provide user interface to choose one when encrypting. So use engine
configuration parameter instead.
Value of this parameter can be either short name, defined in OpenSSL
obj_dat.h header file or numeric representation of OID, defined in RFC
4357.
USAGE WITH COMMAND LINE openssl UTILITY
1. Generation of private key
openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem
Use -algorithm option to specify algorithm.
Use -pkeyopt option to pass paramset to algorithm. The following paramsets
are supported by
gost94: 0,A,B,C,D,XA,XB,XC
gost2001: 0,A,B,C,XA,XB
You can also use numeric representation of OID as to destinate
paramset.
Paramsets starting with X are intended to use for key exchange keys.
Paramsets without X are for digital signature keys.
Paramset for both algorithms 0 is the test paramset which should be used
only for test purposes.
There are no algorithm-specific things with generation of certificate
request once you have a private key.
2. Generation of certificate request along with private/public keypar
openssl req -newkey gost2001 -pkeyopt paramset:A
Syntax of -pkeyopt parameter is identical with genpkey command.
You can also use oldstyle syntax -newkey gost2001:paramfile, but in
this case you should create parameter file first.
It can be created with
openssl genpkey -genparam -algorithm gost2001 -pkeyopt paramset:A\
-out paramfile.
3. S/MIME operations
If you want to send encrypted mail using GOST algorithms, don't forget
to specify -gost89 as encryption algorithm for OpenSSL smime command.
While OpenSSL is clever enough to find out that GOST R 34.11-94 digest
must be used for digital signing with GOST private key, it have no way
to derive symmetric encryption algorithm from key exchange keys.
4. TLS operations
OpenSSL supports all four ciphersuites defined in the IETF draft.
Once you've loaded GOST key and certificate into your TLS server,
ciphersuites which use GOST 28147-89 encryption are enabled.
Ciphersuites with NULL encryption should be enabled explicitely if
needed.
GOST2001-GOST89-GOST89 Uses GOST R 34.10-2001 for auth and key exchange
GOST 28147-89 for encryption and GOST 28147-89 MAC
GOST94-GOST89-GOST89 Uses GOST R 34.10-94 for auth and key exchange
GOST 28147-89 for encryption and GOST 28147-89 MAC
GOST2001-NULL-GOST94 Uses GOST R 34.10-2001 for auth and key exchange,
no encryption and HMAC, based on GOST R 34.11-94
GOST94-NULL-GOST94 Uses GOST R 34.10-94 for auth and key exchange,
no encryption and HMAC, based on GOST R 34.11-94
Gost 94 and gost 2001 keys can be used simultaneously in the TLS server.
RSA, DSA and EC keys can be used simultaneously with GOST keys, if
server implementation supports loading more than two private
key/certificate pairs. In this case ciphersuites which use any of loaded
keys would be supported and clients can negotiate ones they wish.
This allows creation of TLS servers which use GOST ciphersuites for
Russian clients and RSA/DSA ciphersuites for foreign clients.
5. Calculation of digests and symmetric encryption
OpenSSL provides specific commands (like sha1, aes etc) for calculation
of digests and symmetric encryption. Since such commands cannot be
added dynamically, no such commands are provided for GOST algorithms.
Use generic commands 'dgst' and 'enc'.
Calculation of GOST R 34.11-94 message digest
openssl dgst -md_gost94 datafile
Note that GOST R 34.11-94 specifies that digest value should be
interpreted as little-endian number, but OpenSSL outputs just hex dump
of digest value.
So, to obtain correct digest value, such as produced by gostsum utility
included in the engine distribution, bytes of output should be
reversed.
Calculation of HMAC based on GOST R 34.11-94
openssl dgst -md_gost94 -mac hmac -macopt key:<32 bytes of key> datafile
(or use hexkey if key contain NUL bytes)
Calculation of GOST 28147 MAC
openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile
Note absense of an option that specifies digest algorithm. gost-mac
algorithm supports only one digest (which is actually part of
implementation of this mac) and OpenSSL is clever enough to find out
this.
Encryption with GOST 28147 CFB mode
openssl enc -gost89 -out encrypted-file -in plain-text-file -k <passphrase>
Encryption with GOST 28147 CNT mode
openssl enc -gost89-cnt -out encrypted-file -in plain-text-file -k <passphrase>
6. Encrypting private keys and PKCS12
To produce PKCS12 files compatible with MagPro CSP, you need to use
GOST algorithm for encryption of PKCS12 file and also GOST R 34.11-94
hash to derive key from password.
openssl pksc12 -export -inkey gost.pem -in gost_cert.pem -keypbe gost89\
-certpbe gost89 -macalg md_gost94
7. Testing speed of symmetric ciphers.
To test performance of GOST symmetric ciphers you should use -evp switch
of the openssl speed command. Engine-provided ciphers couldn't be
accessed by cipher-specific functions, only via generic evp interface
openssl speed -evp gost89
openssl speed -evp gost89-cnt
PROGRAMMING INTERFACES DETAILS
Applications never should access engine directly. They only use provided
EVP_PKEY API. But there are some details, which should be taken into
account.
EVP provides two kinds of API for key exchange:
1. EVP_PKEY_encrypt/EVP_PKEY_decrypt functions, intended to use with
RSA-like public key encryption algorithms
2. EVP_PKEY_derive, intended to use with Diffie-Hellman-like shared key
computing algorithms.
Although VKO R 34.10 algorithms, described in the RFC 4357 are
definitely second case, engine provides BOTH API for GOST R 34.10 keys.
EVP_PKEY_derive just invokes appropriate VKO algorithm and computes
256 bit shared key. VKO R 34.10-2001 requires 64 bits of random user key
material (UKM). This UKM should be transmitted to other party, so it is
not generated inside derive function.
It should be set by EVP_PKEY_CTX_ctrl function using
EVP_PKEY_CTRL_SET_IV command after call of EVP_PKEY_derive_init, but
before EVP_PKEY_derive.
unsigned char ukm[8];
RAND_bytes(ukm,8);
EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, 8, ukm)
EVP_PKEY_encrypt encrypts provided session key with VKO shared key and
packs it into GOST key transport structure, described in the RFC 4490.
It typically uses ephemeral key pair to compute shared key and packs its
public part along with encrypted key. So, for most cases use of
EVP_PKEY_encrypt/EVP_PKEY_decrypt with GOST keys is almost same as with
RSA.
However, if peerkey field in the EVP_PKEY_CTX structure is set (using
EVP_PKEY_derive_set_peerkey function) to EVP_PKEY structure which has private
key and uses same parameters as the public key from which this EVP_PKEY_CTX is
created, EVP_PKEY_encrypt will use this private key to compute shared key and
set ephemeral key in the GOST_key_transport structure to NULL. In this case
pkey and peerkey fields in the EVP_PKEY_CTX are used upside-down.
If EVP_PKEY_decrypt encounters GOST_key_transport structure with NULL
public key field, it tries to use peerkey field from the context to
compute shared key. In this case peerkey field should really contain
peer public key.
Encrypt operation supports EVP_PKEY_CTRL_SET_IV operation as well.
It can be used when some specific restriction on UKM are imposed by
higher level protocol. For instance, description of GOST ciphersuites
requires UKM to be derived from shared secret.
If UKM is not set by this control command, encrypt operation would
generate random UKM.
This sources include implementation of GOST 28147-89 and GOST R 34.11-94
which are completely indepentent from OpenSSL and can be used separately
(files gost89.c, gost89.h, gosthash.c, gosthash.h) Utility gostsum (file
gostsum.c) is provided as example of such separate usage. This is
program, simular to md5sum and sha1sum utilities, but calculates GOST R
34.11-94 hash.
Makefile doesn't include rule for compiling gostsum.
Use command
$(CC) -o gostsum gostsum.c gost89.c gosthash.c
where $(CC) is name of your C compiler.
Implementations of GOST R 34.10-xx, including VKO algorithms heavily
depends on OpenSSL BIGNUM and Elliptic Curve libraries.

221
engines/ccgost/e_gost_err.c
View File

@@ -1,221 +0,0 @@
/* e_gost_err.c */
/* ====================================================================
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_gost_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA GOST_str_functs[] = {
{ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
{ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
{ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
{ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"},
{ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"},
{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),
"GOST89_GET_ASN1_PARAMETERS"},
{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),
"GOST89_SET_ASN1_PARAMETERS"},
{ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
{ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
{ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
{ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
{ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
{ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"},
{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
{ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
{ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
{ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
{ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
{ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
{ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
{ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
{ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
{0, NULL}
};
static ERR_STRING_DATA GOST_str_reasons[] = {
{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),
"bad key parameters format"},
{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),
"bad pkey parameters format"},
{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),
"cannot pack ephemeral key"},
{ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"},
{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),
"error computing shared key"},
{ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),
"error packing key transport info"},
{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),
"error parsing key transport info"},
{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"},
{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"},
{ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"},
{ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"},
{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"},
{ERR_REASON(GOST_R_INVALID_GOST94_PARMSET), "invalid gost94 parmset"},
{ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"},
{ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"},
{ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"},
{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"},
{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"},
{ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"},
{ERR_REASON(GOST_R_MALLOC_FAILURE), "malloc failure"},
{ERR_REASON(GOST_R_NO_MEMORY), "no memory"},
{ERR_REASON(GOST_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(GOST_R_NO_PEER_KEY), "no peer key"},
{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),
"no private part of non ephemeral keypair"},
{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED), "public key undefined"},
{ERR_REASON(GOST_R_RANDOM_GENERATOR_ERROR), "random generator error"},
{ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE), "random generator failure"},
{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),
"random number generator failed"},
{ERR_REASON(GOST_R_SIGNATURE_MISMATCH), "signature mismatch"},
{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),
"signature parts greater than q"},
{ERR_REASON(GOST_R_UKM_NOT_SET), "ukm not set"},
{ERR_REASON(GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND),
"unsupported cipher ctl command"},
{ERR_REASON(GOST_R_UNSUPPORTED_PARAMETER_SET),
"unsupported parameter set"},
{0, NULL}
};
#endif
#ifdef GOST_LIB_NAME
static ERR_STRING_DATA GOST_lib_name[] = {
{0, GOST_LIB_NAME},
{0, NULL}
};
#endif
static int GOST_lib_error_code = 0;
static int GOST_error_init = 1;
void ERR_load_GOST_strings(void)
{
if (GOST_lib_error_code == 0)
GOST_lib_error_code = ERR_get_next_error_library();
if (GOST_error_init) {
GOST_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(GOST_lib_error_code, GOST_str_functs);
ERR_load_strings(GOST_lib_error_code, GOST_str_reasons);
#endif
#ifdef GOST_LIB_NAME
GOST_lib_name->error = ERR_PACK(GOST_lib_error_code, 0, 0);
ERR_load_strings(0, GOST_lib_name);
#endif
}
}
void ERR_unload_GOST_strings(void)
{
if (GOST_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(GOST_lib_error_code, GOST_str_functs);
ERR_unload_strings(GOST_lib_error_code, GOST_str_reasons);
#endif
#ifdef GOST_LIB_NAME
ERR_unload_strings(0, GOST_lib_name);
#endif
GOST_error_init = 1;
}
}
void ERR_GOST_error(int function, int reason, char *file, int line)
{
if (GOST_lib_error_code == 0)
GOST_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(GOST_lib_error_code, function, reason, file, line);
}

158
engines/ccgost/e_gost_err.h
View File

@@ -1,158 +0,0 @@
/* ====================================================================
* Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_GOST_ERR_H
# define HEADER_GOST_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_GOST_strings(void);
void ERR_unload_GOST_strings(void);
void ERR_GOST_error(int function, int reason, char *file, int line);
# define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
/* Error codes for the GOST functions. */
/* Function codes. */
# define GOST_F_DECODE_GOST_ALGOR_PARAMS 99
# define GOST_F_ENCODE_GOST_ALGOR_PARAMS 100
# define GOST_F_FILL_GOST2001_PARAMS 101
# define GOST_F_FILL_GOST94_PARAMS 102
# define GOST_F_GET_ENCRYPTION_PARAMS 103
# define GOST_F_GOST2001_COMPUTE_PUBLIC 104
# define GOST_F_GOST2001_DO_SIGN 105
# define GOST_F_GOST2001_DO_VERIFY 106
# define GOST_F_GOST2001_KEYGEN 107
# define GOST_F_GOST89_GET_ASN1_PARAMETERS 108
# define GOST_F_GOST89_SET_ASN1_PARAMETERS 109
# define GOST_F_GOST94_COMPUTE_PUBLIC 110
# define GOST_F_GOST_CIPHER_CTL 111
# define GOST_F_GOST_DO_SIGN 112
# define GOST_F_GOST_DO_VERIFY 113
# define GOST_F_GOST_IMIT_CTRL 114
# define GOST_F_GOST_IMIT_FINAL 140
# define GOST_F_GOST_IMIT_UPDATE 115
# define GOST_F_GOST_SIGN_KEYGEN 142
# define GOST_F_PARAM_COPY_GOST01 116
# define GOST_F_PARAM_COPY_GOST94 117
# define GOST_F_PKEY_GOST01CP_DECRYPT 118
# define GOST_F_PKEY_GOST01CP_ENCRYPT 119
# define GOST_F_PKEY_GOST01CP_KEYGEN 120
# define GOST_F_PKEY_GOST01_PARAMGEN 138
# define GOST_F_PKEY_GOST2001_DERIVE 121
# define GOST_F_PKEY_GOST94CP_DECRYPT 122
# define GOST_F_PKEY_GOST94CP_ENCRYPT 123
# define GOST_F_PKEY_GOST94CP_KEYGEN 124
# define GOST_F_PKEY_GOST94_PARAMGEN 139
# define GOST_F_PKEY_GOST_CTRL 125
# define GOST_F_PKEY_GOST_CTRL01_STR 126
# define GOST_F_PKEY_GOST_CTRL94_STR 127
# define GOST_F_PKEY_GOST_MAC_CTRL 128
# define GOST_F_PKEY_GOST_MAC_CTRL_STR 129
# define GOST_F_PKEY_GOST_MAC_KEYGEN 130
# define GOST_F_PRINT_GOST_01 131
# define GOST_F_PRIV_DECODE_GOST 132
# define GOST_F_PUB_DECODE_GOST01 133
# define GOST_F_PUB_DECODE_GOST94 134
# define GOST_F_PUB_ENCODE_GOST01 135
# define GOST_F_UNPACK_CC_SIGNATURE 136
# define GOST_F_UNPACK_CP_SIGNATURE 137
/* Reason codes. */
# define GOST_R_BAD_KEY_PARAMETERS_FORMAT 99
# define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 100
# define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 101
# define GOST_R_CTRL_CALL_FAILED 132
# define GOST_R_ERROR_COMPUTING_SHARED_KEY 102
# define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 103
# define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 104
# define GOST_R_INCOMPATIBLE_ALGORITHMS 105
# define GOST_R_INCOMPATIBLE_PEER_KEY 131
# define GOST_R_INVALID_CIPHER_PARAMS 106
# define GOST_R_INVALID_CIPHER_PARAM_OID 107
# define GOST_R_INVALID_DIGEST_TYPE 108
# define GOST_R_INVALID_GOST94_PARMSET 109
# define GOST_R_INVALID_IV_LENGTH 110
# define GOST_R_INVALID_MAC_KEY_LENGTH 111
# define GOST_R_INVALID_PARAMSET 112
# define GOST_R_KEY_IS_NOT_INITALIZED 113
# define GOST_R_KEY_IS_NOT_INITIALIZED 114
# define GOST_R_KEY_PARAMETERS_MISSING 115
# define GOST_R_MAC_KEY_NOT_SET 116
# define GOST_R_MALLOC_FAILURE 117
# define GOST_R_NO_MEMORY 118
# define GOST_R_NO_PARAMETERS_SET 119
# define GOST_R_NO_PEER_KEY 120
# define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 121
# define GOST_R_PUBLIC_KEY_UNDEFINED 122
# define GOST_R_RANDOM_GENERATOR_ERROR 123
# define GOST_R_RANDOM_GENERATOR_FAILURE 124
# define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 125
# define GOST_R_SIGNATURE_MISMATCH 126
# define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 127
# define GOST_R_UKM_NOT_SET 128
# define GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND 129
# define GOST_R_UNSUPPORTED_PARAMETER_SET 130
#ifdef __cplusplus
}
#endif
#endif

61
engines/ccgost/e_gost_err.proto
View File

@@ -1,61 +0,0 @@
/* ====================================================================
* Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_GOST_ERR_H
#define HEADER_GOST_ERR_H
#define GOST_LIB_NAME "GOST engine"
#ifdef __cplusplus
extern "C" {
#endif

5
engines/ccgost/gost.ec
View File

@@ -1,5 +0,0 @@
L GOST e_gost_err.h e_gost_err.c
L NONE asymm.h NONE
L NONE md.h NONE
L NONE crypt.h NONE
L NONE gostkeyx.h NONE

466
engines/ccgost/gost2001.c
View File

@@ -1,466 +0,0 @@
/**********************************************************************
* gost2001.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of GOST R 34.10-2001 *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include "gost_lcl.h"
#include "gost_params.h"
#include <string.h>
#include <openssl/rand.h>
#include <openssl/ecdsa.h>
#include <openssl/err.h>
#include "e_gost_err.h"
#ifdef DEBUG_SIGN
extern
void dump_signature(const char *message, const unsigned char *buffer,
size_t len);
void dump_dsa_sig(const char *message, DSA_SIG *sig);
#else
# define dump_signature(a,b,c)
# define dump_dsa_sig(a,b)
#endif
/*
* Fills EC_KEY structure hidden in the app_data field of DSA structure
* with parameter information, extracted from parameter array in
* params.c file.
*
* Also fils DSA->q field with copy of EC_GROUP order field to make
* DSA_size function work
*/
int fill_GOST2001_params(EC_KEY *eckey, int nid)
{
R3410_2001_params *params = R3410_2001_paramset;
EC_GROUP *grp = NULL;
BIGNUM *p = NULL, *q = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
EC_POINT *P = NULL;
BN_CTX *ctx = BN_CTX_new();
int ok = 0;
if(!ctx) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_CTX_start(ctx);
p = BN_CTX_get(ctx);
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
if(!p || !a || !b || !x || !y || !q) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
goto err;
}
while (params->nid != NID_undef && params->nid != nid)
params++;
if (params->nid == NID_undef) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
GOST_R_UNSUPPORTED_PARAMETER_SET);
goto err;
}
if(!BN_hex2bn(&p, params->p)
|| !BN_hex2bn(&a, params->a)
|| !BN_hex2bn(&b, params->b)) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS,
ERR_R_INTERNAL_ERROR);
goto err;
}
grp = EC_GROUP_new_curve_GFp(p, a, b, ctx);
if(!grp) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
goto err;
}
P = EC_POINT_new(grp);
if(!P) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE);
goto err;
}
if(!BN_hex2bn(&x, params->x)
|| !BN_hex2bn(&y, params->y)
|| !EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx)
|| !BN_hex2bn(&q, params->q)) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifdef DEBUG_KEYS
fprintf(stderr, "Set params index %d oid %s\nq=",
(params - R3410_2001_paramset), OBJ_nid2sn(params->nid));
BN_print_fp(stderr, q);
fprintf(stderr, "\n");
#endif
if(!EC_GROUP_set_generator(grp, P, q, NULL)) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
goto err;
}
EC_GROUP_set_curve_name(grp, params->nid);
if(!EC_KEY_set_group(eckey, grp)) {
GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR);
goto err;
}
ok = 1;
err:
if (P) EC_POINT_free(P);
if (grp) EC_GROUP_free(grp);
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return ok;
}
/*
* Computes gost2001 signature as DSA_SIG structure
*
*
*/
DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
{
DSA_SIG *newsig = NULL, *ret = NULL;
BIGNUM *md = hashsum2bn(dgst);
BIGNUM *order = NULL;
const EC_GROUP *group;
const BIGNUM *priv_key;
BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
NULL, *e = NULL;
EC_POINT *C = NULL;
BN_CTX *ctx = BN_CTX_new();
if(!ctx || !md) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_CTX_start(ctx);
OPENSSL_assert(dlen == 32);
newsig = DSA_SIG_new();
if (!newsig) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, GOST_R_NO_MEMORY);
goto err;
}
group = EC_KEY_get0_group(eckey);
if(!group) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
goto err;
}
order = BN_CTX_get(ctx);
if(!order || !EC_GROUP_get_order(group, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
goto err;
}
priv_key = EC_KEY_get0_private_key(eckey);
if(!priv_key) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
goto err;
}
e = BN_CTX_get(ctx);
if(!e || !BN_mod(e, md, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifdef DEBUG_SIGN
fprintf(stderr, "digest as bignum=");
BN_print_fp(stderr, md);
fprintf(stderr, "\ndigest mod q=");
BN_print_fp(stderr, e);
fprintf(stderr, "\n");
#endif
if (BN_is_zero(e)) {
BN_one(e);
}
k = BN_CTX_get(ctx);
C = EC_POINT_new(group);
if(!k || !C) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
do {
do {
if (!BN_rand_range(k, order)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN,
GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
goto err;
}
if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
if (!X)
X = BN_CTX_get(ctx);
if (!r)
r = BN_CTX_get(ctx);
if (!X || !r) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
if(!BN_nnmod(r, X, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
goto err;
}
}
while (BN_is_zero(r));
/* s = (r*priv_key+k*e) mod order */
if (!tmp)
tmp = BN_CTX_get(ctx);
if (!tmp2)
tmp2 = BN_CTX_get(ctx);
if (!s)
s = BN_CTX_get(ctx);
if (!tmp || !tmp2 || !s) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
if(!BN_mod_mul(tmp, priv_key, r, order, ctx)
|| !BN_mod_mul(tmp2, k, e, order, ctx)
|| !BN_mod_add(s, tmp, tmp2, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR);
goto err;
}
}
while (BN_is_zero(s));
newsig->s = BN_dup(s);
newsig->r = BN_dup(r);
if(!newsig->s || !newsig->r) {
GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
ret = newsig;
err:
if(ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (C) EC_POINT_free(C);
if (md) BN_free(md);
if (!ret && newsig) {
DSA_SIG_free(newsig);
}
return ret;
}
/*
* Verifies gost 2001 signature
*
*/
int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, EC_KEY *ec)
{
BN_CTX *ctx = BN_CTX_new();
const EC_GROUP *group = EC_KEY_get0_group(ec);
BIGNUM *order;
BIGNUM *md = NULL, *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 =
NULL;
BIGNUM *X = NULL, *tmp = NULL;
EC_POINT *C = NULL;
const EC_POINT *pub_key = NULL;
int ok = 0;
if(!ctx || !group) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
BN_CTX_start(ctx);
order = BN_CTX_get(ctx);
e = BN_CTX_get(ctx);
z1 = BN_CTX_get(ctx);
z2 = BN_CTX_get(ctx);
tmp = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
R = BN_CTX_get(ctx);
v = BN_CTX_get(ctx);
if(!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
pub_key = EC_KEY_get0_public_key(ec);
if(!pub_key || !EC_GROUP_get_order(group, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
(BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY,
GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
goto err;
}
md = hashsum2bn(dgst);
if(!md || !BN_mod(e, md, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifdef DEBUG_SIGN
fprintf(stderr, "digest as bignum: ");
BN_print_fp(stderr, md);
fprintf(stderr, "\ndigest mod q: ");
BN_print_fp(stderr, e);
#endif
if (BN_is_zero(e) && !BN_one(e)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
v = BN_mod_inverse(v, e, order, ctx);
if(!v
|| !BN_mod_mul(z1, sig->s, v, order, ctx)
|| !BN_sub(tmp, order, sig->r)
|| !BN_mod_mul(z2, tmp, v, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifdef DEBUG_SIGN
fprintf(stderr, "\nInverted digest value: ");
BN_print_fp(stderr, v);
fprintf(stderr, "\nz1: ");
BN_print_fp(stderr, z1);
fprintf(stderr, "\nz2: ");
BN_print_fp(stderr, z2);
#endif
C = EC_POINT_new(group);
if (!C) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
if(!BN_mod(R, X, order, ctx)) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifdef DEBUG_SIGN
fprintf(stderr, "\nX=");
BN_print_fp(stderr, X);
fprintf(stderr, "\nX mod q=");
BN_print_fp(stderr, R);
fprintf(stderr, "\n");
#endif
if (BN_cmp(R, sig->r) != 0) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
} else {
ok = 1;
}
err:
if (C) EC_POINT_free(C);
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (md) BN_free(md);
return ok;
}
/*
* Computes GOST R 34.10-2001 public key
*
*
*/
int gost2001_compute_public(EC_KEY *ec)
{
const EC_GROUP *group = EC_KEY_get0_group(ec);
EC_POINT *pub_key = NULL;
const BIGNUM *priv_key = NULL;
BN_CTX *ctx = NULL;
int ok = 0;
if (!group) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
GOST_R_KEY_IS_NOT_INITIALIZED);
return 0;
}
ctx = BN_CTX_new();
if(!ctx) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_CTX_start(ctx);
if (!(priv_key = EC_KEY_get0_private_key(ec))) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
goto err;
}
pub_key = EC_POINT_new(group);
if(!pub_key) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
goto err;
}
if (!EC_KEY_set_public_key(ec, pub_key)) {
GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
goto err;
}
ok = 256;
err:
if (pub_key) EC_POINT_free(pub_key);
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return ok;
}
/*
*
* Generates GOST R 34.10-2001 keypair
*
*
*/
int gost2001_keygen(EC_KEY *ec)
{
BIGNUM *order = BN_new(), *d = BN_new();
const EC_GROUP *group = EC_KEY_get0_group(ec);
if(!group || !EC_GROUP_get_order(group, order, NULL)) {
GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
BN_free(d);
BN_free(order);
return 0;
}
do {
if (!BN_rand_range(d, order)) {
GOSTerr(GOST_F_GOST2001_KEYGEN,
GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
BN_free(d);
BN_free(order);
return 0;
}
}
while (BN_is_zero(d));
if(!EC_KEY_set_private_key(ec, d)) {
GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
BN_free(d);
BN_free(order);
return 0;
}
BN_free(d);
BN_free(order);
return gost2001_compute_public(ec);
}

292
engines/ccgost/gost2001_keyx.c
View File

@@ -1,292 +0,0 @@
/**********************************************************************
* gost_keyx.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* VK0 34.10-2001 key exchange and GOST R 34.10-2001 *
* based PKCS7/SMIME support *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <string.h>
#include <openssl/objects.h>
#include "gost89.h"
#include "gosthash.h"
#include "e_gost_err.h"
#include "gost_keywrap.h"
#include "gost_lcl.h"
#include "gost2001_keyx.h"
/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size,
const EC_POINT *pub_key, EC_KEY *priv_key,
const unsigned char *ukm)
{
unsigned char ukm_be[8], databuf[64], hashbuf[64];
BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL;
const BIGNUM *key = EC_KEY_get0_private_key(priv_key);
EC_POINT *pnt = EC_POINT_new(EC_KEY_get0_group(priv_key));
int i;
gost_hash_ctx hash_ctx;
BN_CTX *ctx = BN_CTX_new();
for (i = 0; i < 8; i++) {
ukm_be[7 - i] = ukm[i];
}
BN_CTX_start(ctx);
UKM = getbnfrombuf(ukm_be, 8);
p = BN_CTX_get(ctx);
order = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx);
BN_mod_mul(p, key, UKM, order, ctx);
EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
pnt, X, Y, ctx);
/*
* Serialize elliptic curve point same way as we do it when saving key
*/
store_bignum(Y, databuf, 32);
store_bignum(X, databuf + 32, 32);
/* And reverse byte order of whole buffer */
for (i = 0; i < 64; i++) {
hashbuf[63 - i] = databuf[i];
}
init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
start_hash(&hash_ctx);
hash_block(&hash_ctx, hashbuf, 64);
finish_hash(&hash_ctx, shared_key);
done_gost_hash_ctx(&hash_ctx);
BN_free(UKM);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
EC_POINT_free(pnt);
return 32;
}
/*
* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-2001
* algorithm
*/
int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
/*
* Public key of peer in the ctx field peerkey Our private key in the ctx
* pkey ukm is in the algorithm specific context data
*/
EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
if (!data->shared_ukm) {
GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET);
return 0;
}
if (key == NULL) {
*keylen = 32;
return 32;
}
*keylen =
VKO_compute_key(key, 32,
EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
(EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm);
return 1;
}
/*
* EVP_PKEY_METHOD callback encrypt
* Implementation of GOST2001 key transport, cryptocom variation
*/
/*
* Generates ephemeral key based on pubk algorithm computes shared key using
* VKO and returns filled up GOST_KEY_TRANSPORT structure
*/
/*
* EVP_PKEY_METHOD callback encrypt
* Implementation of GOST2001 key transport, cryptopo variation
*/
int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
size_t *out_len, const unsigned char *key,
size_t key_len)
{
GOST_KEY_TRANSPORT *gkt = NULL;
EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
const struct gost_cipher_info *param = get_encryption_params(NULL);
unsigned char ukm[8], shared_key[32], crypted_key[44];
int ret = 0;
int key_is_ephemeral = 1;
gost_ctx cctx;
EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
if (data->shared_ukm) {
memcpy(ukm, data->shared_ukm, 8);
} else if (out) {
if (RAND_bytes(ukm, 8) <= 0) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
GOST_R_RANDOM_GENERATOR_FAILURE);
return 0;
}
}
/* Check for private key in the peer_key of context */
if (sec_key) {
key_is_ephemeral = 0;
if (!gost_get0_priv_key(sec_key)) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
goto err;
}
} else {
key_is_ephemeral = 1;
if (out) {
sec_key = EVP_PKEY_new();
EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
EVP_PKEY_copy_parameters(sec_key, pubk);
if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {
goto err;
}
}
}
if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
&& param == gost_cipher_list) {
param = gost_cipher_list + 1;
}
if (out) {
VKO_compute_key(shared_key, 32,
EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
EVP_PKEY_get0(sec_key), ukm);
gost_init(&cctx, param->sblock);
keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
}
gkt = GOST_KEY_TRANSPORT_new();
if (!gkt) {
goto err;
}
if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
goto err;
}
if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
goto err;
}
if (!ASN1_OCTET_STRING_set
(gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
goto err;
}
if (key_is_ephemeral) {
if (!X509_PUBKEY_set
(&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
goto err;
}
}
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
if (key_is_ephemeral && sec_key)
EVP_PKEY_free(sec_key);
if (!key_is_ephemeral) {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
<= 0) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
goto err;
}
}
if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
ret = 1;
GOST_KEY_TRANSPORT_free(gkt);
return ret;
err:
if (key_is_ephemeral && sec_key)
EVP_PKEY_free(sec_key);
GOST_KEY_TRANSPORT_free(gkt);
return -1;
}
/*
* EVP_PKEY_METHOD callback decrypt
* Implementation of GOST2001 key transport, cryptopo variation
*/
int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
size_t *key_len, const unsigned char *in,
size_t in_len)
{
const unsigned char *p = in;
EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
GOST_KEY_TRANSPORT *gkt = NULL;
int ret = 0;
unsigned char wrappedKey[44];
unsigned char sharedKey[32];
gost_ctx ctx;
const struct gost_cipher_info *param = NULL;
EVP_PKEY *eph_key = NULL, *peerkey = NULL;
if (!key) {
*key_len = 32;
return 1;
}
gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
if (!gkt) {
GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
return -1;
}
/* If key transport structure contains public key, use it */
eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
if (eph_key) {
if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
GOST_R_INCOMPATIBLE_PEER_KEY);
goto err;
}
} else {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
<= 0) {
GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
goto err;
}
}
peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
if (!peerkey) {
GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_NO_PEER_KEY);
goto err;
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
if (!param) {
goto err;
}
gost_init(&ctx, param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
OPENSSL_assert(gkt->key_info->imit->length == 4);
memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
VKO_compute_key(sharedKey, 32,
EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
EVP_PKEY_get0(priv), wrappedKey);
if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) {
GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
GOST_R_ERROR_COMPUTING_SHARED_KEY);
goto err;
}
ret = 1;
err:
if (eph_key)
EVP_PKEY_free(eph_key);
if (gkt)
GOST_KEY_TRANSPORT_free(gkt);
return ret;
}

10
engines/ccgost/gost2001_keyx.h
View File

@@ -1,10 +0,0 @@
GOST_KEY_TRANSPORT *make_rfc4490_keytransport_2001(EVP_PKEY *pubk,
BIGNUM *eph_key,
const unsigned char *key,
size_t keylen,
unsigned char *ukm,
size_t ukm_len);
int decrypt_rfc4490_shared_key_2001(EVP_PKEY *priv,
GOST_KEY_TRANSPORT * gkt,
unsigned char *key_buf, int key_buf_len);

576
engines/ccgost/gost89.c
View File

@@ -1,576 +0,0 @@
/**********************************************************************
* gost89.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of GOST 28147-89 encryption algorithm *
* No OpenSSL libraries required to compile and use *
* this code *
**********************************************************************/
#include <string.h>
#include "gost89.h"
/*-
Substitution blocks from RFC 4357
Note: our implementation of gost 28147-89 algorithm
uses S-box matrix rotated 90 degrees counterclockwise, relative to
examples given in RFC.
*/
/* Substitution blocks from test examples for GOST R 34.11-94*/
gost_subst_block GostR3411_94_TestParamSet = {
{0X1, 0XF, 0XD, 0X0, 0X5, 0X7, 0XA, 0X4, 0X9, 0X2, 0X3, 0XE, 0X6, 0XB,
0X8, 0XC}
,
{0XD, 0XB, 0X4, 0X1, 0X3, 0XF, 0X5, 0X9, 0X0, 0XA, 0XE, 0X7, 0X6, 0X8,
0X2, 0XC}
,
{0X4, 0XB, 0XA, 0X0, 0X7, 0X2, 0X1, 0XD, 0X3, 0X6, 0X8, 0X5, 0X9, 0XC,
0XF, 0XE}
,
{0X6, 0XC, 0X7, 0X1, 0X5, 0XF, 0XD, 0X8, 0X4, 0XA, 0X9, 0XE, 0X0, 0X3,
0XB, 0X2}
,
{0X7, 0XD, 0XA, 0X1, 0X0, 0X8, 0X9, 0XF, 0XE, 0X4, 0X6, 0XC, 0XB, 0X2,
0X5, 0X3}
,
{0X5, 0X8, 0X1, 0XD, 0XA, 0X3, 0X4, 0X2, 0XE, 0XF, 0XC, 0X7, 0X6, 0X0,
0X9, 0XB}
,
{0XE, 0XB, 0X4, 0XC, 0X6, 0XD, 0XF, 0XA, 0X2, 0X3, 0X8, 0X1, 0X0, 0X7,
0X5, 0X9}
,
{0X4, 0XA, 0X9, 0X2, 0XD, 0X8, 0X0, 0XE, 0X6, 0XB, 0X1, 0XC, 0X7, 0XF,
0X5, 0X3}
};
/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */
gost_subst_block GostR3411_94_CryptoProParamSet = {
{0x1, 0x3, 0xA, 0x9, 0x5, 0xB, 0x4, 0xF, 0x8, 0x6, 0x7, 0xE, 0xD, 0x0,
0x2, 0xC}
,
{0xD, 0xE, 0x4, 0x1, 0x7, 0x0, 0x5, 0xA, 0x3, 0xC, 0x8, 0xF, 0x6, 0x2,
0x9, 0xB}
,
{0x7, 0x6, 0x2, 0x4, 0xD, 0x9, 0xF, 0x0, 0xA, 0x1, 0x5, 0xB, 0x8, 0xE,
0xC, 0x3}
,
{0x7, 0x6, 0x4, 0xB, 0x9, 0xC, 0x2, 0xA, 0x1, 0x8, 0x0, 0xE, 0xF, 0xD,
0x3, 0x5}
,
{0x4, 0xA, 0x7, 0xC, 0x0, 0xF, 0x2, 0x8, 0xE, 0x1, 0x6, 0x5, 0xD, 0xB,
0x9, 0x3}
,
{0x7, 0xF, 0xC, 0xE, 0x9, 0x4, 0x1, 0x0, 0x3, 0xB, 0x5, 0x2, 0x6, 0xA,
0x8, 0xD}
,
{0x5, 0xF, 0x4, 0x0, 0x2, 0xD, 0xB, 0x9, 0x1, 0x7, 0x6, 0x3, 0xC, 0xE,
0xA, 0x8}
,
{0xA, 0x4, 0x5, 0x6, 0x8, 0x1, 0x3, 0x7, 0xD, 0xC, 0xE, 0x0, 0x9, 0x2,
0xB, 0xF}
};
/* Test paramset from GOST 28147 */
gost_subst_block Gost28147_TestParamSet = {
{0xC, 0x6, 0x5, 0x2, 0xB, 0x0, 0x9, 0xD, 0x3, 0xE, 0x7, 0xA, 0xF, 0x4,
0x1, 0x8}
,
{0x9, 0xB, 0xC, 0x0, 0x3, 0x6, 0x7, 0x5, 0x4, 0x8, 0xE, 0xF, 0x1, 0xA,
0x2, 0xD}
,
{0x8, 0xF, 0x6, 0xB, 0x1, 0x9, 0xC, 0x5, 0xD, 0x3, 0x7, 0xA, 0x0, 0xE,
0x2, 0x4}
,
{0x3, 0xE, 0x5, 0x9, 0x6, 0x8, 0x0, 0xD, 0xA, 0xB, 0x7, 0xC, 0x2, 0x1,
0xF, 0x4}
,
{0xE, 0x9, 0xB, 0x2, 0x5, 0xF, 0x7, 0x1, 0x0, 0xD, 0xC, 0x6, 0xA, 0x4,
0x3, 0x8}
,
{0xD, 0x8, 0xE, 0xC, 0x7, 0x3, 0x9, 0xA, 0x1, 0x5, 0x2, 0x4, 0x6, 0xF,
0x0, 0xB}
,
{0xC, 0x9, 0xF, 0xE, 0x8, 0x1, 0x3, 0xA, 0x2, 0x7, 0x4, 0xD, 0x6, 0x0,
0xB, 0x5}
,
{0x4, 0x2, 0xF, 0x5, 0x9, 0x1, 0x0, 0x8, 0xE, 0x3, 0xB, 0xC, 0xD, 0x7,
0xA, 0x6}
};
/* 1.2.643.2.2.31.1 */
gost_subst_block Gost28147_CryptoProParamSetA = {
{0xB, 0xA, 0xF, 0x5, 0x0, 0xC, 0xE, 0x8, 0x6, 0x2, 0x3, 0x9, 0x1, 0x7,
0xD, 0x4}
,
{0x1, 0xD, 0x2, 0x9, 0x7, 0xA, 0x6, 0x0, 0x8, 0xC, 0x4, 0x5, 0xF, 0x3,
0xB, 0xE}
,
{0x3, 0xA, 0xD, 0xC, 0x1, 0x2, 0x0, 0xB, 0x7, 0x5, 0x9, 0x4, 0x8, 0xF,
0xE, 0x6}
,
{0xB, 0x5, 0x1, 0x9, 0x8, 0xD, 0xF, 0x0, 0xE, 0x4, 0x2, 0x3, 0xC, 0x7,
0xA, 0x6}
,
{0xE, 0x7, 0xA, 0xC, 0xD, 0x1, 0x3, 0x9, 0x0, 0x2, 0xB, 0x4, 0xF, 0x8,
0x5, 0x6}
,
{0xE, 0x4, 0x6, 0x2, 0xB, 0x3, 0xD, 0x8, 0xC, 0xF, 0x5, 0xA, 0x0, 0x7,
0x1, 0x9}
,
{0x3, 0x7, 0xE, 0x9, 0x8, 0xA, 0xF, 0x0, 0x5, 0x2, 0x6, 0xC, 0xB, 0x4,
0xD, 0x1}
,
{0x9, 0x6, 0x3, 0x2, 0x8, 0xB, 0x1, 0x7, 0xA, 0x4, 0xE, 0xF, 0xC, 0x0,
0xD, 0x5}
};
/* 1.2.643.2.2.31.2 */
gost_subst_block Gost28147_CryptoProParamSetB = {
{0x0, 0x4, 0xB, 0xE, 0x8, 0x3, 0x7, 0x1, 0xA, 0x2, 0x9, 0x6, 0xF, 0xD,
0x5, 0xC}
,
{0x5, 0x2, 0xA, 0xB, 0x9, 0x1, 0xC, 0x3, 0x7, 0x4, 0xD, 0x0, 0x6, 0xF,
0x8, 0xE}
,
{0x8, 0x3, 0x2, 0x6, 0x4, 0xD, 0xE, 0xB, 0xC, 0x1, 0x7, 0xF, 0xA, 0x0,
0x9, 0x5}
,
{0x2, 0x7, 0xC, 0xF, 0x9, 0x5, 0xA, 0xB, 0x1, 0x4, 0x0, 0xD, 0x6, 0x8,
0xE, 0x3}
,
{0x7, 0x5, 0x0, 0xD, 0xB, 0x6, 0x1, 0x2, 0x3, 0xA, 0xC, 0xF, 0x4, 0xE,
0x9, 0x8}
,
{0xE, 0xC, 0x0, 0xA, 0x9, 0x2, 0xD, 0xB, 0x7, 0x5, 0x8, 0xF, 0x3, 0x6,
0x1, 0x4}
,
{0x0, 0x1, 0x2, 0xA, 0x4, 0xD, 0x5, 0xC, 0x9, 0x7, 0x3, 0xF, 0xB, 0x8,
0x6, 0xE}
,
{0x8, 0x4, 0xB, 0x1, 0x3, 0x5, 0x0, 0x9, 0x2, 0xE, 0xA, 0xC, 0xD, 0x6,
0x7, 0xF}
};
/* 1.2.643.2.2.31.3 */
gost_subst_block Gost28147_CryptoProParamSetC = {
{0x7, 0x4, 0x0, 0x5, 0xA, 0x2, 0xF, 0xE, 0xC, 0x6, 0x1, 0xB, 0xD, 0x9,
0x3, 0x8}
,
{0xA, 0x9, 0x6, 0x8, 0xD, 0xE, 0x2, 0x0, 0xF, 0x3, 0x5, 0xB, 0x4, 0x1,
0xC, 0x7}
,
{0xC, 0x9, 0xB, 0x1, 0x8, 0xE, 0x2, 0x4, 0x7, 0x3, 0x6, 0x5, 0xA, 0x0,
0xF, 0xD}
,
{0x8, 0xD, 0xB, 0x0, 0x4, 0x5, 0x1, 0x2, 0x9, 0x3, 0xC, 0xE, 0x6, 0xF,
0xA, 0x7}
,
{0x3, 0x6, 0x0, 0x1, 0x5, 0xD, 0xA, 0x8, 0xB, 0x2, 0x9, 0x7, 0xE, 0xF,
0xC, 0x4}
,
{0x8, 0x2, 0x5, 0x0, 0x4, 0x9, 0xF, 0xA, 0x3, 0x7, 0xC, 0xD, 0x6, 0xE,
0x1, 0xB}
,
{0x0, 0x1, 0x7, 0xD, 0xB, 0x4, 0x5, 0x2, 0x8, 0xE, 0xF, 0xC, 0x9, 0xA,
0x6, 0x3}
,
{0x1, 0xB, 0xC, 0x2, 0x9, 0xD, 0x0, 0xF, 0x4, 0x5, 0x8, 0xE, 0xA, 0x7,
0x6, 0x3}
};
/* 1.2.643.2.2.31.4 */
gost_subst_block Gost28147_CryptoProParamSetD = {
{0x1, 0xA, 0x6, 0x8, 0xF, 0xB, 0x0, 0x4, 0xC, 0x3, 0x5, 0x9, 0x7, 0xD,
0x2, 0xE}
,
{0x3, 0x0, 0x6, 0xF, 0x1, 0xE, 0x9, 0x2, 0xD, 0x8, 0xC, 0x4, 0xB, 0xA,
0x5, 0x7}
,
{0x8, 0x0, 0xF, 0x3, 0x2, 0x5, 0xE, 0xB, 0x1, 0xA, 0x4, 0x7, 0xC, 0x9,
0xD, 0x6}
,
{0x0, 0xC, 0x8, 0x9, 0xD, 0x2, 0xA, 0xB, 0x7, 0x3, 0x6, 0x5, 0x4, 0xE,
0xF, 0x1}
,
{0x1, 0x5, 0xE, 0xC, 0xA, 0x7, 0x0, 0xD, 0x6, 0x2, 0xB, 0x4, 0x9, 0x3,
0xF, 0x8}
,
{0x1, 0xC, 0xB, 0x0, 0xF, 0xE, 0x6, 0x5, 0xA, 0xD, 0x4, 0x8, 0x9, 0x3,
0x7, 0x2}
,
{0xB, 0x6, 0x3, 0x4, 0xC, 0xF, 0xE, 0x2, 0x7, 0xD, 0x8, 0x0, 0x5, 0xA,
0x9, 0x1}
,
{0xF, 0xC, 0x2, 0xA, 0x6, 0x4, 0x5, 0x0, 0x7, 0x9, 0xE, 0xD, 0x1, 0xB,
0x8, 0x3}
};
const byte CryptoProKeyMeshingKey[] = {
0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12,
0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B
};
/* Initialization of gost_ctx subst blocks*/
static void kboxinit(gost_ctx * c, const gost_subst_block * b)
{
int i;
for (i = 0; i < 256; i++) {
c->k87[i] = (word32) (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24;
c->k65[i] = (b->k6[i >> 4] << 4 | b->k5[i & 15]) << 16;
c->k43[i] = (b->k4[i >> 4] << 4 | b->k3[i & 15]) << 8;
c->k21[i] = b->k2[i >> 4] << 4 | b->k1[i & 15];
}
}
/* Part of GOST 28147 algorithm moved into separate function */
static word32 f(gost_ctx * c, word32 x)
{
x = c->k87[x >> 24 & 255] | c->k65[x >> 16 & 255] |
c->k43[x >> 8 & 255] | c->k21[x & 255];
/* Rotate left 11 bits */
return x << 11 | x >> (32 - 11);
}
/* Low-level encryption routine - encrypts one 64 bit block*/
void gostcrypt(gost_ctx * c, const byte * in, byte * out)
{
register word32 n1, n2; /* As named in the GOST */
n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24);
n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24);
/* Instead of swapping halves, swap names each round */
n2 ^= f(c, n1 + c->k[0]);
n1 ^= f(c, n2 + c->k[1]);
n2 ^= f(c, n1 + c->k[2]);
n1 ^= f(c, n2 + c->k[3]);
n2 ^= f(c, n1 + c->k[4]);
n1 ^= f(c, n2 + c->k[5]);
n2 ^= f(c, n1 + c->k[6]);
n1 ^= f(c, n2 + c->k[7]);
n2 ^= f(c, n1 + c->k[0]);
n1 ^= f(c, n2 + c->k[1]);
n2 ^= f(c, n1 + c->k[2]);
n1 ^= f(c, n2 + c->k[3]);
n2 ^= f(c, n1 + c->k[4]);
n1 ^= f(c, n2 + c->k[5]);
n2 ^= f(c, n1 + c->k[6]);
n1 ^= f(c, n2 + c->k[7]);
n2 ^= f(c, n1 + c->k[0]);
n1 ^= f(c, n2 + c->k[1]);
n2 ^= f(c, n1 + c->k[2]);
n1 ^= f(c, n2 + c->k[3]);
n2 ^= f(c, n1 + c->k[4]);
n1 ^= f(c, n2 + c->k[5]);
n2 ^= f(c, n1 + c->k[6]);
n1 ^= f(c, n2 + c->k[7]);
n2 ^= f(c, n1 + c->k[7]);
n1 ^= f(c, n2 + c->k[6]);
n2 ^= f(c, n1 + c->k[5]);
n1 ^= f(c, n2 + c->k[4]);
n2 ^= f(c, n1 + c->k[3]);
n1 ^= f(c, n2 + c->k[2]);
n2 ^= f(c, n1 + c->k[1]);
n1 ^= f(c, n2 + c->k[0]);
out[0] = (byte) (n2 & 0xff);
out[1] = (byte) ((n2 >> 8) & 0xff);
out[2] = (byte) ((n2 >> 16) & 0xff);
out[3] = (byte) (n2 >> 24);
out[4] = (byte) (n1 & 0xff);
out[5] = (byte) ((n1 >> 8) & 0xff);
out[6] = (byte) ((n1 >> 16) & 0xff);
out[7] = (byte) (n1 >> 24);
}
/* Low-level decryption routine. Decrypts one 64-bit block */
void gostdecrypt(gost_ctx * c, const byte * in, byte * out)
{
register word32 n1, n2; /* As named in the GOST */
n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24);
n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24);
n2 ^= f(c, n1 + c->k[0]);
n1 ^= f(c, n2 + c->k[1]);
n2 ^= f(c, n1 + c->k[2]);
n1 ^= f(c, n2 + c->k[3]);
n2 ^= f(c, n1 + c->k[4]);
n1 ^= f(c, n2 + c->k[5]);
n2 ^= f(c, n1 + c->k[6]);
n1 ^= f(c, n2 + c->k[7]);
n2 ^= f(c, n1 + c->k[7]);
n1 ^= f(c, n2 + c->k[6]);
n2 ^= f(c, n1 + c->k[5]);
n1 ^= f(c, n2 + c->k[4]);
n2 ^= f(c, n1 + c->k[3]);
n1 ^= f(c, n2 + c->k[2]);
n2 ^= f(c, n1 + c->k[1]);
n1 ^= f(c, n2 + c->k[0]);
n2 ^= f(c, n1 + c->k[7]);
n1 ^= f(c, n2 + c->k[6]);
n2 ^= f(c, n1 + c->k[5]);
n1 ^= f(c, n2 + c->k[4]);
n2 ^= f(c, n1 + c->k[3]);
n1 ^= f(c, n2 + c->k[2]);
n2 ^= f(c, n1 + c->k[1]);
n1 ^= f(c, n2 + c->k[0]);
n2 ^= f(c, n1 + c->k[7]);
n1 ^= f(c, n2 + c->k[6]);
n2 ^= f(c, n1 + c->k[5]);
n1 ^= f(c, n2 + c->k[4]);
n2 ^= f(c, n1 + c->k[3]);
n1 ^= f(c, n2 + c->k[2]);
n2 ^= f(c, n1 + c->k[1]);
n1 ^= f(c, n2 + c->k[0]);
out[0] = (byte) (n2 & 0xff);
out[1] = (byte) ((n2 >> 8) & 0xff);
out[2] = (byte) ((n2 >> 16) & 0xff);
out[3] = (byte) (n2 >> 24);
out[4] = (byte) (n1 & 0xff);
out[5] = (byte) ((n1 >> 8) & 0xff);
out[6] = (byte) ((n1 >> 16) & 0xff);
out[7] = (byte) (n1 >> 24);
}
/* Encrypts several blocks in ECB mode */
void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks)
{
int i;
for (i = 0; i < blocks; i++) {
gostcrypt(c, clear, cipher);
clear += 8;
cipher += 8;
}
}
/* Decrypts several blocks in ECB mode */
void gost_dec(gost_ctx * c, const byte * cipher, byte * clear, int blocks)
{
int i;
for (i = 0; i < blocks; i++) {
gostdecrypt(c, cipher, clear);
clear += 8;
cipher += 8;
}
}
/* Encrypts several full blocks in CFB mode using 8byte IV */
void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear,
byte * cipher, int blocks)
{
byte cur_iv[8];
byte gamma[8];
int i, j;
const byte *in;
byte *out;
memcpy(cur_iv, iv, 8);
for (i = 0, in = clear, out = cipher; i < blocks; i++, in += 8, out += 8) {
gostcrypt(ctx, cur_iv, gamma);
for (j = 0; j < 8; j++) {
cur_iv[j] = out[j] = in[j] ^ gamma[j];
}
}
}
/* Decrypts several full blocks in CFB mode using 8byte IV */
void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher,
byte * clear, int blocks)
{
byte cur_iv[8];
byte gamma[8];
int i, j;
const byte *in;
byte *out;
memcpy(cur_iv, iv, 8);
for (i = 0, in = cipher, out = clear; i < blocks; i++, in += 8, out += 8) {
gostcrypt(ctx, cur_iv, gamma);
for (j = 0; j < 8; j++) {
out[j] = (cur_iv[j] = in[j]) ^ gamma[j];
}
}
}
/* Encrypts one block using specified key */
void gost_enc_with_key(gost_ctx * c, byte * key, byte * inblock,
byte * outblock)
{
gost_key(c, key);
gostcrypt(c, inblock, outblock);
}
/* Set 256 bit key into context */
void gost_key(gost_ctx * c, const byte * k)
{
int i, j;
for (i = 0, j = 0; i < 8; i++, j += 4) {
c->k[i] =
k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | ((word32) k[j + 3] <<
24);
}
}
/* Retrieve 256-bit key from context */
void gost_get_key(gost_ctx * c, byte * k)
{
int i, j;
for (i = 0, j = 0; i < 8; i++, j += 4) {
k[j] = (byte) (c->k[i] & 0xFF);
k[j + 1] = (byte) ((c->k[i] >> 8) & 0xFF);
k[j + 2] = (byte) ((c->k[i] >> 16) & 0xFF);
k[j + 3] = (byte) ((c->k[i] >> 24) & 0xFF);
}
}
/* Initalize context. Provides default value for subst_block */
void gost_init(gost_ctx * c, const gost_subst_block * b)
{
if (!b) {
b = &GostR3411_94_TestParamSet;
}
kboxinit(c, b);
}
/* Cleans up key from context */
void gost_destroy(gost_ctx * c)
{
int i;
for (i = 0; i < 8; i++)
c->k[i] = 0;
}
/*
* Compute GOST 28147 mac block Parameters gost_ctx *c - context initalized
* with substitution blocks and key buffer - 8-byte mac state buffer block
* 8-byte block to process.
*/
void mac_block(gost_ctx * c, byte * buffer, const byte * block)
{
register word32 n1, n2; /* As named in the GOST */
int i;
for (i = 0; i < 8; i++) {
buffer[i] ^= block[i];
}
n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | ((word32)
buffer[3] << 24);
n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | ((word32)
buffer[7] << 24);
/* Instead of swapping halves, swap names each round */
n2 ^= f(c, n1 + c->k[0]);
n1 ^= f(c, n2 + c->k[1]);
n2 ^= f(c, n1 + c->k[2]);
n1 ^= f(c, n2 + c->k[3]);
n2 ^= f(c, n1 + c->k[4]);
n1 ^= f(c, n2 + c->k[5]);
n2 ^= f(c, n1 + c->k[6]);
n1 ^= f(c, n2 + c->k[7]);
n2 ^= f(c, n1 + c->k[0]);
n1 ^= f(c, n2 + c->k[1]);
n2 ^= f(c, n1 + c->k[2]);
n1 ^= f(c, n2 + c->k[3]);
n2 ^= f(c, n1 + c->k[4]);
n1 ^= f(c, n2 + c->k[5]);
n2 ^= f(c, n1 + c->k[6]);
n1 ^= f(c, n2 + c->k[7]);
buffer[0] = (byte) (n1 & 0xff);
buffer[1] = (byte) ((n1 >> 8) & 0xff);
buffer[2] = (byte) ((n1 >> 16) & 0xff);
buffer[3] = (byte) (n1 >> 24);
buffer[4] = (byte) (n2 & 0xff);
buffer[5] = (byte) ((n2 >> 8) & 0xff);
buffer[6] = (byte) ((n2 >> 16) & 0xff);
buffer[7] = (byte) (n2 >> 24);
}
/* Get mac with specified number of bits from MAC state buffer */
void get_mac(byte * buffer, int nbits, byte * out)
{
int nbytes = nbits >> 3;
int rembits = nbits & 7;
int mask = rembits ? ((1 < rembits) - 1) : 0;
int i;
for (i = 0; i < nbytes; i++)
out[i] = buffer[i];
if (rembits)
out[i] = buffer[i] & mask;
}
/*
* Compute mac of specified length (in bits) from data. Context should be
* initialized with key and subst blocks
*/
int gost_mac(gost_ctx * ctx, int mac_len, const unsigned char *data,
unsigned int data_len, unsigned char *mac)
{
byte buffer[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
byte buf2[8];
unsigned int i;
for (i = 0; i + 8 <= data_len; i += 8)
mac_block(ctx, buffer, data + i);
if (i < data_len) {
memset(buf2, 0, 8);
memcpy(buf2, data + i, data_len - i);
mac_block(ctx, buffer, buf2);
i += 8;
}
if (i == 8) {
memset(buf2, 0, 8);
mac_block(ctx, buffer, buf2);
}
get_mac(buffer, mac_len, mac);
return 1;
}
/* Compute MAC with non-zero IV. Used in some RFC 4357 algorithms */
int gost_mac_iv(gost_ctx * ctx, int mac_len, const unsigned char *iv,
const unsigned char *data, unsigned int data_len,
unsigned char *mac)
{
byte buffer[8];
byte buf2[8];
unsigned int i;
memcpy(buffer, iv, 8);
for (i = 0; i + 8 <= data_len; i += 8)
mac_block(ctx, buffer, data + i);
if (i < data_len) {
memset(buf2, 0, 8);
memcpy(buf2, data + i, data_len - i);
mac_block(ctx, buffer, buf2);
i += 8;
}
if (i == 8) {
memset(buf2, 0, 8);
mac_block(ctx, buffer, buf2);
}
get_mac(buffer, mac_len, mac);
return 1;
}
/* Implements key meshing algorithm by modifing ctx and IV in place */
void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv)
{
unsigned char newkey[32], newiv[8];
/* Set static keymeshing key */
/* "Decrypt" key with keymeshing key */
gost_dec(ctx, CryptoProKeyMeshingKey, newkey, 4);
/* set new key */
gost_key(ctx, newkey);
/* Encrypt iv with new key */
gostcrypt(ctx, iv, newiv);
memcpy(iv, newiv, 8);
}

98
engines/ccgost/gost89.h
View File

@@ -1,98 +0,0 @@
/**********************************************************************
* gost89.h *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Declarations for GOST 28147-89 encryption algorithm *
* No OpenSSL libraries required to compile and use *
* this code *
**********************************************************************/
#ifndef GOST89_H
# define GOST89_H
/* Typedef for unsigned 32-bit integer */
# if __LONG_MAX__ > 2147483647L
typedef unsigned int u4;
# else
typedef unsigned long u4;
# endif
/* Typedef for unsigned 8-bit integer */
typedef unsigned char byte;
/* Internal representation of GOST substitution blocks */
typedef struct {
byte k8[16];
byte k7[16];
byte k6[16];
byte k5[16];
byte k4[16];
byte k3[16];
byte k2[16];
byte k1[16];
} gost_subst_block;
/* Cipher context includes key and preprocessed substitution block */
typedef struct {
u4 k[8];
/* Constant s-boxes -- set up in gost_init(). */
u4 k87[256], k65[256], k43[256], k21[256];
} gost_ctx;
/*
* Note: encrypt and decrypt expect full blocks--padding blocks is caller's
* responsibility. All bulk encryption is done in ECB mode by these calls.
* Other modes may be added easily enough.
*/
/* Encrypt several full blocks in ECB mode */
void gost_enc(gost_ctx * ctx, const byte * clear, byte * cipher, int blocks);
/* Decrypt several full blocks in ECB mode */
void gost_dec(gost_ctx * ctx, const byte * cipher, byte * clear, int blocks);
/* Encrypts several full blocks in CFB mode using 8byte IV */
void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear,
byte * cipher, int blocks);
/* Decrypts several full blocks in CFB mode using 8byte IV */
void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher,
byte * clear, int blocks);
/* Encrypt one block */
void gostcrypt(gost_ctx * c, const byte * in, byte * out);
/* Decrypt one block */
void gostdecrypt(gost_ctx * c, const byte * in, byte * out);
/* Set key into context */
void gost_key(gost_ctx * ctx, const byte * key);
/* Get key from context */
void gost_get_key(gost_ctx * ctx, byte * key);
/* Set S-blocks into context */
void gost_init(gost_ctx * ctx, const gost_subst_block * subst_block);
/* Clean up context */
void gost_destroy(gost_ctx * ctx);
/* Intermediate function used for calculate hash */
void gost_enc_with_key(gost_ctx *, byte * key, byte * inblock,
byte * outblock);
/* Compute MAC of given length in bits from data */
int gost_mac(gost_ctx * ctx, int hmac_len, const unsigned char *data,
unsigned int data_len, unsigned char *hmac);
/*
* Compute MAC of given length in bits from data, using non-zero 8-byte IV
* (non-standard, for use in CryptoPro key transport only
*/
int gost_mac_iv(gost_ctx * ctx, int hmac_len, const unsigned char *iv,
const unsigned char *data, unsigned int data_len,
unsigned char *hmac);
/* Perform one step of MAC calculation like gostcrypt */
void mac_block(gost_ctx * c, byte * buffer, const byte * block);
/* Extracts MAC value from mac state buffer */
void get_mac(byte * buffer, int nbits, byte * out);
/* Implements cryptopro key meshing algorithm. Expect IV to be 8-byte size*/
void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv);
/* Parameter sets specified in RFC 4357 */
extern gost_subst_block GostR3411_94_TestParamSet;
extern gost_subst_block GostR3411_94_CryptoProParamSet;
extern gost_subst_block Gost28147_TestParamSet;
extern gost_subst_block Gost28147_CryptoProParamSetA;
extern gost_subst_block Gost28147_CryptoProParamSetB;
extern gost_subst_block Gost28147_CryptoProParamSetC;
extern gost_subst_block Gost28147_CryptoProParamSetD;
extern const byte CryptoProKeyMeshingKey[];
typedef unsigned int word32;
#endif

280
engines/ccgost/gost94_keyx.c
View File

@@ -1,280 +0,0 @@
/**********************************************************************
* gost94_keyx.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implements generation and parsing of GOST_KEY_TRANSPORT for *
* GOST R 34.10-94 algorithms *
* *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <string.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include "gost89.h"
#include "gosthash.h"
#include "e_gost_err.h"
#include "gost_keywrap.h"
#include "gost_lcl.h"
/* Common functions for both 94 and 2001 key exchange schemes */
/*
* Implementation of the Diffi-Hellman key agreement scheme based on GOST-94
* keys
*/
/*
* Computes Diffie-Hellman key and stores it into buffer in little-endian
* byte order as expected by both versions of GOST 94 algorithm
*/
static int compute_pair_key_le(unsigned char *pair_key, BIGNUM *pub_key,
DH *dh)
{
unsigned char be_key[128];
int i, key_size;
key_size = DH_compute_key(be_key, pub_key, dh);
if (!key_size)
return 0;
memset(pair_key, 0, 128);
for (i = 0; i < key_size; i++) {
pair_key[i] = be_key[key_size - 1 - i];
}
return key_size;
}
/*
* Computes 256 bit Key exchange key as specified in RFC 4357
*/
static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk,
unsigned char *shared_key)
{
unsigned char dh_key[128];
int ret;
gost_hash_ctx hash_ctx;
DH *dh = DH_new();
if (!dh)
return 0;
memset(dh_key, 0, 128);
dh->g = BN_dup(pubk->pkey.dsa->g);
dh->p = BN_dup(pubk->pkey.dsa->p);
dh->priv_key = BN_dup(priv_key);
ret =
compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,
dh);
DH_free(dh);
if (!ret)
return 0;
init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
start_hash(&hash_ctx);
hash_block(&hash_ctx, dh_key, 128);
finish_hash(&hash_ctx, shared_key);
done_gost_hash_ctx(&hash_ctx);
return 1;
}
/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */
int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
*keylen = 32;
if (key == NULL)
return 1;
return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
}
/*
* EVP_PKEY_METHOD callback encrypt for GOST R 34.10-94 cryptopro
* modification
*/
int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *key,
size_t key_len)
{
GOST_KEY_TRANSPORT *gkt = NULL;
unsigned char shared_key[32], ukm[8], crypted_key[44];
const struct gost_cipher_info *param = get_encryption_params(NULL);
EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
gost_ctx cctx;
int key_is_ephemeral = 1;
int tmp_outlen;
EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
/* Do not use vizir cipher parameters with cryptopro */
if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
&& param == gost_cipher_list) {
param = gost_cipher_list + 1;
}
if (mykey) {
/* If key already set, it is not ephemeral */
key_is_ephemeral = 0;
if (!gost_get0_priv_key(mykey)) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
goto err;
}
} else {
/* Otherwise generate ephemeral key */
key_is_ephemeral = 1;
if (out) {
mykey = EVP_PKEY_new();
EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
EVP_PKEY_copy_parameters(mykey, pubk);
if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {
goto err;
}
}
}
if (out)
make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, shared_key);
if (data->shared_ukm) {
memcpy(ukm, data->shared_ukm, 8);
} else if (out) {
if (RAND_bytes(ukm, 8) <= 0) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_RANDOM_GENERATOR_FAILURE);
goto err;
}
}
if (out) {
gost_init(&cctx, param->sblock);
keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
}
gkt = GOST_KEY_TRANSPORT_new();
if (!gkt) {
goto memerr;
}
if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
goto memerr;
}
if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
goto memerr;
}
if (!ASN1_OCTET_STRING_set
(gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
goto memerr;
}
if (key_is_ephemeral) {
if (!X509_PUBKEY_set
(&gkt->key_agreement_info->ephem_key, out ? mykey : pubk)) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
goto err;
}
if (out)
EVP_PKEY_free(mykey);
}
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
if (tmp_outlen <= 0) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err;
}
*outlen = tmp_outlen;
if (!key_is_ephemeral) {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
0) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
goto err;
}
}
GOST_KEY_TRANSPORT_free(gkt);
return 1;
memerr:
if (key_is_ephemeral) {
EVP_PKEY_free(mykey);
}
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_MALLOC_FAILURE);
err:
GOST_KEY_TRANSPORT_free(gkt);
return -1;
}
/*
* EVP_PLEY_METHOD callback decrypt for GOST R 34.10-94 cryptopro
* modification
*/
int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *key_len, const unsigned char *in,
size_t in_len)
{
const unsigned char *p = in;
GOST_KEY_TRANSPORT *gkt = NULL;
unsigned char wrappedKey[44];
unsigned char sharedKey[32];
gost_ctx cctx;
const struct gost_cipher_info *param = NULL;
EVP_PKEY *eph_key = NULL, *peerkey = NULL;
EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(ctx);
if (!key) {
*key_len = 32;
return 1;
}
gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
if (!gkt) {
GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
return 0;
}
eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
if (eph_key) {
if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) {
GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
GOST_R_INCOMPATIBLE_PEER_KEY);
goto err;
}
} else {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
0) {
GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
goto err;
}
}
peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
if (!peerkey) {
GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY);
goto err;
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
if (!param) {
goto err;
}
gost_init(&cctx, param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
OPENSSL_assert(gkt->key_info->imit->length == 4);
memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
make_cp_exchange_key(gost_get0_priv_key(priv), peerkey, sharedKey);
if (!keyUnwrapCryptoPro(&cctx, sharedKey, wrappedKey, key)) {
GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
GOST_R_ERROR_COMPUTING_SHARED_KEY);
goto err;
}
EVP_PKEY_free(eph_key);
GOST_KEY_TRANSPORT_free(gkt);
return 1;
err:
EVP_PKEY_free(eph_key);
GOST_KEY_TRANSPORT_free(gkt);
return -1;
}

943
engines/ccgost/gost_ameth.c
View File

@@ -1,943 +0,0 @@
/**********************************************************************
* gost_ameth.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of RFC 4490/4491 ASN1 method *
* for OpenSSL *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
int gost94_nid_by_params(DSA *p)
{
R3410_params *gost_params;
BIGNUM *q = BN_new();
for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) {
BN_dec2bn(&q, gost_params->q);
if (!BN_cmp(q, p->q)) {
BN_free(q);
return gost_params->nid;
}
}
BN_free(q);
return NID_undef;
}
static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
{
ASN1_STRING *params = ASN1_STRING_new();
GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
int pkey_param_nid = NID_undef;
if (!params || !gkp) {
GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(params);
params = NULL;
goto err;
}
switch (EVP_PKEY_base_id(key)) {
case NID_id_GostR3410_2001:
pkey_param_nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)key)));
break;
case NID_id_GostR3410_94:
pkey_param_nid =
(int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
if (pkey_param_nid == NID_undef) {
GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
GOST_R_INVALID_GOST94_PARMSET);
ASN1_STRING_free(params);
params = NULL;
goto err;
}
break;
}
gkp->key_params = OBJ_nid2obj(pkey_param_nid);
gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
/*
* gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);
*/
params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
if (params->length <= 0) {
GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(params);
params = NULL;
goto err;
}
params->type = V_ASN1_SEQUENCE;
err:
GOST_KEY_PARAMS_free(gkp);
return params;
}
/*
* Parses GOST algorithm parameters from X509_ALGOR and modifies pkey setting
* NID and parameters
*/
static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
{
ASN1_OBJECT *palg_obj = NULL;
int ptype = V_ASN1_UNDEF;
int pkey_nid = NID_undef, param_nid = NID_undef;
void *_pval;
ASN1_STRING *pval = NULL;
const unsigned char *p;
GOST_KEY_PARAMS *gkp = NULL;
X509_ALGOR_get0(&palg_obj, &ptype, &_pval, palg);
pval = _pval;
if (ptype != V_ASN1_SEQUENCE) {
GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
GOST_R_BAD_KEY_PARAMETERS_FORMAT);
return 0;
}
p = pval->data;
pkey_nid = OBJ_obj2nid(palg_obj);
gkp = d2i_GOST_KEY_PARAMS(NULL, &p, pval->length);
if (!gkp) {
GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
return 0;
}
param_nid = OBJ_obj2nid(gkp->key_params);
GOST_KEY_PARAMS_free(gkp);
if(!EVP_PKEY_set_type(pkey, pkey_nid)) {
GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR);
return 0;
}
switch (pkey_nid) {
case NID_id_GostR3410_94:
{
DSA *dsa = EVP_PKEY_get0(pkey);
if (!dsa) {
dsa = DSA_new();
if (!EVP_PKEY_assign(pkey, pkey_nid, dsa))
return 0;
}
if (!fill_GOST94_params(dsa, param_nid))
return 0;
break;
}
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0(pkey);
if (!ec) {
ec = EC_KEY_new();
if (!EVP_PKEY_assign(pkey, pkey_nid, ec))
return 0;
}
if (!fill_GOST2001_params(ec, param_nid))
return 0;
}
}
return 1;
}
static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
{
switch (EVP_PKEY_base_id(pkey)) {
case NID_id_GostR3410_94:
{
DSA *dsa = EVP_PKEY_get0(pkey);
if (!dsa) {
dsa = DSA_new();
EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa);
}
dsa->priv_key = BN_dup(priv);
if (!EVP_PKEY_missing_parameters(pkey))
gost94_compute_public(dsa);
break;
}
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0(pkey);
if (!ec) {
ec = EC_KEY_new();
EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), ec);
}
if (!EC_KEY_set_private_key(ec, priv))
return 0;
if (!EVP_PKEY_missing_parameters(pkey))
gost2001_compute_public(ec);
break;
}
}
return 1;
}
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
{
switch (EVP_PKEY_base_id(pkey)) {
case NID_id_GostR3410_94:
{
DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
if (!dsa) {
return NULL;
}
if (!dsa->priv_key)
return NULL;
return dsa->priv_key;
break;
}
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
const BIGNUM *priv;
if (!ec) {
return NULL;
}
if (!(priv = EC_KEY_get0_private_key(ec)))
return NULL;
return (BIGNUM *)priv;
break;
}
}
return NULL;
}
static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op) {
case ASN1_PKEY_CTRL_PKCS7_SIGN:
if (arg1 == 0) {
X509_ALGOR *alg1 = NULL, *alg2 = NULL;
int nid = EVP_PKEY_base_id(pkey);
PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2,
NULL, &alg1, &alg2);
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
V_ASN1_NULL, 0);
if (nid == NID_undef) {
return (-1);
}
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
}
return 1;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
if (arg1 == 0) {
X509_ALGOR *alg1 = NULL, *alg2 = NULL;
int nid = EVP_PKEY_base_id(pkey);
CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
NULL, NULL, &alg1, &alg2);
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
V_ASN1_NULL, 0);
if (nid == NID_undef) {
return (-1);
}
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
}
return 1;
#endif
case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
if (arg1 == 0) {
X509_ALGOR *alg;
ASN1_STRING *params = encode_gost_algor_params(pkey);
if (!params) {
return -1;
}
PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg);
X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
V_ASN1_SEQUENCE, params);
}
return 1;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_ENVELOPE:
if (arg1 == 0) {
X509_ALGOR *alg = NULL;
ASN1_STRING *params = encode_gost_algor_params(pkey);
if (!params) {
return -1;
}
CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL,
NULL, &alg);
X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type), V_ASN1_SEQUENCE,
params);
}
return 1;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_id_GostR3411_94;
return 2;
}
return -2;
}
/* --------------------- free functions * ------------------------------*/
static void pkey_free_gost94(EVP_PKEY *key)
{
if (key->pkey.dsa) {
DSA_free(key->pkey.dsa);
}
}
static void pkey_free_gost01(EVP_PKEY *key)
{
if (key->pkey.ec) {
EC_KEY_free(key->pkey.ec);
}
}
/* ------------------ private key functions -----------------------------*/
static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
{
const unsigned char *pkey_buf = NULL, *p = NULL;
int priv_len = 0;
BIGNUM *pk_num = NULL;
int ret = 0;
X509_ALGOR *palg = NULL;
ASN1_OBJECT *palg_obj = NULL;
ASN1_INTEGER *priv_key = NULL;
if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
return 0;
p = pkey_buf;
if (!decode_gost_algor_params(pk, palg)) {
return 0;
}
if (V_ASN1_OCTET_STRING == *p) {
/* New format - Little endian octet string */
unsigned char rev_buf[32];
int i;
ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
if (!s || s->length != 32) {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
for (i = 0; i < 32; i++) {
rev_buf[31 - i] = s->data[i];
}
ASN1_STRING_free(s);
pk_num = getbnfrombuf(rev_buf, 32);
} else {
priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
if (!priv_key)
return 0;
ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
ASN1_INTEGER_free(priv_key);
if (!ret) {
GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
return 0;
}
}
ret = gost_set_priv_key(pk, pk_num);
BN_free(pk_num);
return ret;
}
/* ----------------------------------------------------------------------*/
static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
{
ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
ASN1_STRING *params = encode_gost_algor_params(pk);
unsigned char *priv_buf = NULL;
int priv_len;
ASN1_INTEGER *asn1key = NULL;
if (!params) {
return 0;
}
asn1key = BN_to_ASN1_INTEGER(gost_get0_priv_key(pk), NULL);
priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
ASN1_INTEGER_free(asn1key);
return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
priv_buf, priv_len);
}
/* --------- printing keys --------------------------------*/
static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx, int type)
{
int param_nid = NID_undef;
if (type == 2) {
BIGNUM *key;
if (!BIO_indent(out, indent, 128))
return 0;
BIO_printf(out, "Private key: ");
key = gost_get0_priv_key(pkey);
if (!key)
BIO_printf(out, "<undefined>");
else
BN_print(out, key);
BIO_printf(out, "\n");
}
if (type >= 1) {
BIGNUM *pubkey;
pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
BIO_indent(out, indent, 128);
BIO_printf(out, "Public key: ");
BN_print(out, pubkey);
BIO_printf(out, "\n");
}
param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
BIO_indent(out, indent, 128);
BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
return 1;
}
static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx)
{
return print_gost_94(out, pkey, indent, pctx, 0);
}
static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx)
{
return print_gost_94(out, pkey, indent, pctx, 1);
}
static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx)
{
return print_gost_94(out, pkey, indent, pctx, 2);
}
static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx, int type)
{
int param_nid = NID_undef;
if (type == 2) {
BIGNUM *key;
if (!BIO_indent(out, indent, 128))
return 0;
BIO_printf(out, "Private key: ");
key = gost_get0_priv_key(pkey);
if (!key)
BIO_printf(out, "<undefined)");
else
BN_print(out, key);
BIO_printf(out, "\n");
}
if (type >= 1) {
BN_CTX *ctx = BN_CTX_new();
BIGNUM *X, *Y;
const EC_POINT *pubkey;
const EC_GROUP *group;
if (!ctx) {
GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_MALLOC_FAILURE);
return 0;
}
BN_CTX_start(ctx);
X = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
pubkey =
EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_EC_LIB);
BN_CTX_free(ctx);
return 0;
}
if (!BIO_indent(out, indent, 128))
return 0;
BIO_printf(out, "Public key:\n");
if (!BIO_indent(out, indent + 3, 128))
return 0;
BIO_printf(out, "X:");
BN_print(out, X);
BIO_printf(out, "\n");
BIO_indent(out, indent + 3, 128);
BIO_printf(out, "Y:");
BN_print(out, Y);
BIO_printf(out, "\n");
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
param_nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)pkey)));
if (!BIO_indent(out, indent, 128))
return 0;
BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
return 1;
}
static int param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx)
{
return print_gost_01(out, pkey, indent, pctx, 0);
}
static int pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx)
{
return print_gost_01(out, pkey, indent, pctx, 1);
}
static int priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx)
{
return print_gost_01(out, pkey, indent, pctx, 2);
}
/* ---------------------------------------------------------------------*/
static int param_missing_gost94(const EVP_PKEY *pk)
{
const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
if (!dsa)
return 1;
if (!dsa->q)
return 1;
return 0;
}
static int param_missing_gost01(const EVP_PKEY *pk)
{
const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
if (!ec)
return 1;
if (!EC_KEY_get0_group(ec))
return 1;
return 0;
}
static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
{
const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
DSA *dto = EVP_PKEY_get0(to);
if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS);
return 0;
}
if (!dfrom) {
GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING);
return 0;
}
if (!dto) {
dto = DSA_new();
EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto);
}
#define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x);
COPYBIGNUM(dto, dfrom, p)
COPYBIGNUM(dto, dfrom, q)
COPYBIGNUM(dto, dfrom, g)
if (dto->priv_key)
gost94_compute_public(dto);
return 1;
}
static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
{
EC_KEY *eto = EVP_PKEY_get0(to);
const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_INCOMPATIBLE_ALGORITHMS);
return 0;
}
if (!efrom) {
GOSTerr(GOST_F_PARAM_COPY_GOST01, GOST_R_KEY_PARAMETERS_MISSING);
return 0;
}
if (!eto) {
eto = EC_KEY_new();
if(!eto) {
GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_MALLOC_FAILURE);
return 0;
}
if(!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
return 0;
}
}
if(!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR);
return 0;
}
if (EC_KEY_get0_private_key(eto)) {
gost2001_compute_public(eto);
}
return 1;
}
static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
{
const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
if (!BN_cmp(da->q, db->q))
return 1;
return 0;
}
static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
{
if (EC_GROUP_get_curve_name
(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)a))) ==
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)b)))) {
return 1;
}
return 0;
}
/* ---------- Public key functions * --------------------------------------*/
static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
{
X509_ALGOR *palg = NULL;
const unsigned char *pubkey_buf = NULL;
unsigned char *databuf;
ASN1_OBJECT *palgobj = NULL;
int pub_len, i, j;
DSA *dsa;
ASN1_OCTET_STRING *octet = NULL;
if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
return 0;
EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
if (!decode_gost_algor_params(pk, palg))
return 0;
octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
if (!octet) {
GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
return 0;
}
databuf = OPENSSL_malloc(octet->length);
for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
databuf[j] = octet->data[i];
}
dsa = EVP_PKEY_get0(pk);
dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL);
ASN1_OCTET_STRING_free(octet);
OPENSSL_free(databuf);
return 1;
}
static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
{
ASN1_OBJECT *algobj = NULL;
ASN1_OCTET_STRING *octet = NULL;
void *pval = NULL;
unsigned char *buf = NULL, *databuf, *sptr;
int i, j, data_len, ret = 0;
int ptype = V_ASN1_UNDEF;
DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
if (pk->save_parameters) {
ASN1_STRING *params = encode_gost_algor_params(pk);
pval = params;
ptype = V_ASN1_SEQUENCE;
}
data_len = BN_num_bytes(dsa->pub_key);
databuf = OPENSSL_malloc(data_len);
BN_bn2bin(dsa->pub_key, databuf);
octet = ASN1_OCTET_STRING_new();
ASN1_STRING_set(octet, NULL, data_len);
sptr = ASN1_STRING_data(octet);
for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
sptr[i] = databuf[j];
}
OPENSSL_free(databuf);
ret = i2d_ASN1_OCTET_STRING(octet, &buf);
ASN1_BIT_STRING_free(octet);
if (ret < 0)
return 0;
return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
}
static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
{
X509_ALGOR *palg = NULL;
const unsigned char *pubkey_buf = NULL;
unsigned char *databuf;
ASN1_OBJECT *palgobj = NULL;
int pub_len, i, j;
EC_POINT *pub_key;
BIGNUM *X, *Y;
ASN1_OCTET_STRING *octet = NULL;
int len;
const EC_GROUP *group;
if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
return 0;
EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
if (!decode_gost_algor_params(pk, palg))
return 0;
group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
if (!octet) {
GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
return 0;
}
databuf = OPENSSL_malloc(octet->length);
for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
databuf[j] = octet->data[i];
}
len = octet->length / 2;
ASN1_OCTET_STRING_free(octet);
Y = getbnfrombuf(databuf, len);
X = getbnfrombuf(databuf + len, len);
OPENSSL_free(databuf);
pub_key = EC_POINT_new(group);
if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) {
GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
EC_POINT_free(pub_key);
BN_free(X);
BN_free(Y);
return 0;
}
BN_free(X);
BN_free(Y);
if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk), pub_key)) {
GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
EC_POINT_free(pub_key);
return 0;
}
EC_POINT_free(pub_key);
return 1;
}
static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
{
ASN1_OBJECT *algobj = NULL;
ASN1_OCTET_STRING *octet = NULL;
void *pval = NULL;
unsigned char *buf = NULL, *databuf, *sptr;
int i, j, data_len, ret = 0;
const EC_POINT *pub_key;
BIGNUM *X, *Y, *order;
const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
int ptype = V_ASN1_UNDEF;
algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
if (pk->save_parameters) {
ASN1_STRING *params = encode_gost_algor_params(pk);
pval = params;
ptype = V_ASN1_SEQUENCE;
}
order = BN_new();
EC_GROUP_get_order(EC_KEY_get0_group(ec), order, NULL);
pub_key = EC_KEY_get0_public_key(ec);
if (!pub_key) {
GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
return 0;
}
X = BN_new();
Y = BN_new();
if(!X || !Y) {
GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
if(X) BN_free(X);
if(Y) BN_free(Y);
BN_free(order);
return 0;
}
if(!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
pub_key, X, Y, NULL)) {
GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
BN_free(X);
BN_free(Y);
BN_free(order);
return 0;
}
data_len = 2 * BN_num_bytes(order);
BN_free(order);
databuf = OPENSSL_malloc(data_len);
memset(databuf, 0, data_len);
store_bignum(X, databuf + data_len / 2, data_len / 2);
store_bignum(Y, databuf, data_len / 2);
BN_free(X);
BN_free(Y);
octet = ASN1_OCTET_STRING_new();
ASN1_STRING_set(octet, NULL, data_len);
sptr = ASN1_STRING_data(octet);
for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
sptr[i] = databuf[j];
}
OPENSSL_free(databuf);
ret = i2d_ASN1_OCTET_STRING(octet, &buf);
ASN1_BIT_STRING_free(octet);
if (ret < 0)
return 0;
return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
}
static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
{
const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
if (da && db && da->pub_key && db->pub_key
&& !BN_cmp(da->pub_key, db->pub_key)) {
return 1;
}
return 0;
}
static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
{
const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
const EC_POINT *ka, *kb;
int ret = 0;
if (!ea || !eb)
return 0;
ka = EC_KEY_get0_public_key(ea);
kb = EC_KEY_get0_public_key(eb);
if (!ka || !kb)
return 0;
ret = (0 == EC_POINT_cmp(EC_KEY_get0_group(ea), ka, kb, NULL));
return ret;
}
static int pkey_size_gost(const EVP_PKEY *pk)
{
return 64;
}
static int pkey_bits_gost(const EVP_PKEY *pk)
{
return 256;
}
/* ---------------------- ASN1 METHOD for GOST MAC -------------------*/
static void mackey_free_gost(EVP_PKEY *pk)
{
if (pk->pkey.ptr) {
OPENSSL_free(pk->pkey.ptr);
}
}
static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op) {
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_id_Gost28147_89_MAC;
return 2;
}
return -2;
}
static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
}
static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
int nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)pkey)));
return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
}
static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
int derlen)
{
ASN1_OBJECT *obj = NULL;
DSA *dsa = EVP_PKEY_get0(pkey);
int nid;
if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
return 0;
}
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
if (!dsa) {
dsa = DSA_new();
if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))
return 0;
}
if (!fill_GOST94_params(dsa, nid))
return 0;
return 1;
}
static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
int derlen)
{
ASN1_OBJECT *obj = NULL;
int nid;
EC_KEY *ec = EVP_PKEY_get0(pkey);
if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
return 0;
}
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
if (!ec) {
ec = EC_KEY_new();
if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec))
return 0;
}
if (!fill_GOST2001_params(ec, nid))
return 0;
return 1;
}
/* ----------------------------------------------------------------------*/
int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
const char *pemstr, const char *info)
{
*ameth = EVP_PKEY_asn1_new(nid, ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
if (!*ameth)
return 0;
switch (nid) {
case NID_id_GostR3410_94:
EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94);
EVP_PKEY_asn1_set_private(*ameth,
priv_decode_gost, priv_encode_gost,
priv_print_gost94);
EVP_PKEY_asn1_set_param(*ameth,
gost94_param_decode, gost94_param_encode,
param_missing_gost94, param_copy_gost94,
param_cmp_gost94, param_print_gost94);
EVP_PKEY_asn1_set_public(*ameth,
pub_decode_gost94, pub_encode_gost94,
pub_cmp_gost94, pub_print_gost94,
pkey_size_gost, pkey_bits_gost);
EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
break;
case NID_id_GostR3410_2001:
EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01);
EVP_PKEY_asn1_set_private(*ameth,
priv_decode_gost, priv_encode_gost,
priv_print_gost01);
EVP_PKEY_asn1_set_param(*ameth,
gost2001_param_decode, gost2001_param_encode,
param_missing_gost01, param_copy_gost01,
param_cmp_gost01, param_print_gost01);
EVP_PKEY_asn1_set_public(*ameth,
pub_decode_gost01, pub_encode_gost01,
pub_cmp_gost01, pub_print_gost01,
pkey_size_gost, pkey_bits_gost);
EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
break;
case NID_id_Gost28147_89_MAC:
EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost);
break;
}
return 1;
}

56
engines/ccgost/gost_asn1.c
View File

@@ -1,56 +0,0 @@
/**********************************************************************
* gost_keytrans.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* ASN1 structure definition for GOST key transport *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <stdio.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "gost_lcl.h"
ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = {
ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO),
ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0)
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = {
ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING),
ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING)
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO)
ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = {
ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT),
ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0),
ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING)
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = {
ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT),
ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT),
ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT),
} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = {
ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING),
ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT),
} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */
ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT)
}
ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)

623
engines/ccgost/gost_crypt.c
View File

@@ -1,623 +0,0 @@
/**********************************************************************
* gost_crypt.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* OpenSSL interface to GOST 28147-89 cipher functions *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <string.h>
#include "gost89.h"
#include <openssl/rand.h>
#include "e_gost_err.h"
#include "gost_lcl.h"
#if !defined(CCGOST_DEBUG) && !defined(DEBUG)
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
/* Handles block of data in CFB mode */
static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
/* Handles block of data in CNT mode */
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
/* Cleanup function */
static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
/* set/get cipher parameters */
static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params);
/* Control function */
static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
EVP_CIPHER cipher_gost = {
NID_id_Gost28147_89,
1, /* block_size */
32, /* key_size */
8, /* iv_len */
EVP_CIPH_CFB_MODE | EVP_CIPH_NO_PADDING |
EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
gost_cipher_init,
gost_cipher_do_cfb,
gost_cipher_cleanup,
sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
gost89_set_asn1_parameters,
gost89_get_asn1_parameters,
gost_cipher_ctl,
NULL,
};
EVP_CIPHER cipher_gost_cpacnt = {
NID_gost89_cnt,
1, /* block_size */
32, /* key_size */
8, /* iv_len */
EVP_CIPH_OFB_MODE | EVP_CIPH_NO_PADDING |
EVP_CIPH_CUSTOM_IV | EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
gost_cipher_init_cpa,
gost_cipher_do_cnt,
gost_cipher_cleanup,
sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
gost89_set_asn1_parameters,
gost89_get_asn1_parameters,
gost_cipher_ctl,
NULL,
};
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
/* Init functions which set specific parameters */
static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
/* process block of data */
static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
/* Return computed value */
static int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md);
/* Copies context */
static int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
static int gost_imit_cleanup(EVP_MD_CTX *ctx);
/* Control function, knows how to set MAC key.*/
static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
EVP_MD imit_gost_cpa = {
NID_id_Gost28147_89_MAC,
NID_undef,
4,
0,
gost_imit_init_cpa,
gost_imit_update,
gost_imit_final,
gost_imit_copy,
gost_imit_cleanup,
NULL,
NULL,
{0, 0, 0, 0, 0},
8,
sizeof(struct ossl_gost_imit_ctx),
gost_imit_ctrl
};
/*
* Correspondence between gost parameter OIDs and substitution blocks
* NID field is filed by register_gost_NID function in engine.c
* upon engine initialization
*/
struct gost_cipher_info gost_cipher_list[] = {
/*- NID *//*
* Subst block
*//*
* Key meshing
*/
/*
* {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
*/
{NID_id_Gost28147_89_cc, &GostR3411_94_CryptoProParamSet, 0},
{NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
1},
{NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
1},
{NID_id_Gost28147_89_CryptoPro_C_ParamSet, &Gost28147_CryptoProParamSetC,
1},
{NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD,
1},
{NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1},
{NID_undef, NULL, 0}
};
/*
* get encryption parameters from crypto network settings FIXME For now we
* use environment var CRYPT_PARAMS as place to store these settings.
* Actually, it is better to use engine control command, read from
* configuration file to set them
*/
const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
{
int nid;
struct gost_cipher_info *param;
if (!obj) {
const char *params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
if (!params || !strlen(params))
return &gost_cipher_list[1];
nid = OBJ_txt2nid(params);
if (nid == NID_undef) {
GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
GOST_R_INVALID_CIPHER_PARAM_OID);
return NULL;
}
} else {
nid = OBJ_obj2nid(obj);
}
for (param = gost_cipher_list; param->sblock != NULL && param->nid != nid;
param++) ;
if (!param->sblock) {
GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, GOST_R_INVALID_CIPHER_PARAMS);
return NULL;
}
return param;
}
/* Sets cipher param from paramset NID. */
static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c, int nid)
{
const struct gost_cipher_info *param;
param =
get_encryption_params((nid == NID_undef ? NULL : OBJ_nid2obj(nid)));
if (!param)
return 0;
c->paramNID = param->nid;
c->key_meshing = param->key_meshing;
c->count = 0;
gost_init(&(c->cctx), param->sblock);
return 1;
}
/* Initializes EVP_CIPHER_CTX by paramset NID */
static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc,
int paramNID, int mode)
{
struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
if (ctx->app_data == NULL) {
if (!gost_cipher_set_param(c, paramNID))
return 0;
ctx->app_data = ctx->cipher_data;
}
if (key)
gost_key(&(c->cctx), key);
if (iv)
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
return 1;
}
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
c->key_meshing = 1;
c->count = 0;
if (key)
gost_key(&(c->cctx), key);
if (iv)
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
return 1;
}
/* Initializes EVP_CIPHER_CTX with default values */
int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
EVP_CIPH_CFB_MODE);
}
/*
* Wrapper around gostcrypt function from gost89.c which perform key meshing
* when nesseccary
*/
static void gost_crypt_mesh(void *ctx, unsigned char *iv, unsigned char *buf)
{
struct ossl_gost_cipher_ctx *c = ctx;
assert(c->count % 8 == 0 && c->count <= 1024);
if (c->key_meshing && c->count == 1024) {
cryptopro_key_meshing(&(c->cctx), iv);
}
gostcrypt(&(c->cctx), iv, buf);
c->count = c->count % 1024 + 8;
}
static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf)
{
struct ossl_gost_cipher_ctx *c = ctx;
word32 g, go;
unsigned char buf1[8];
assert(c->count % 8 == 0 && c->count <= 1024);
if (c->key_meshing && c->count == 1024) {
cryptopro_key_meshing(&(c->cctx), iv);
}
if (c->count == 0) {
gostcrypt(&(c->cctx), iv, buf1);
} else {
memcpy(buf1, iv, 8);
}
g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32) buf1[3] << 24);
g += 0x01010101;
buf1[0] = (unsigned char)(g & 0xff);
buf1[1] = (unsigned char)((g >> 8) & 0xff);
buf1[2] = (unsigned char)((g >> 16) & 0xff);
buf1[3] = (unsigned char)((g >> 24) & 0xff);
g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32) buf1[7] << 24);
go = g;
g += 0x01010104;
if (go > g) /* overflow */
g++;
buf1[4] = (unsigned char)(g & 0xff);
buf1[5] = (unsigned char)((g >> 8) & 0xff);
buf1[6] = (unsigned char)((g >> 16) & 0xff);
buf1[7] = (unsigned char)((g >> 24) & 0xff);
memcpy(iv, buf1, 8);
gostcrypt(&(c->cctx), buf1, buf);
c->count = c->count % 1024 + 8;
}
/* GOST encryption in CFB mode */
int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
const unsigned char *in_ptr = in;
unsigned char *out_ptr = out;
size_t i = 0;
size_t j = 0;
/* process partial block if any */
if (ctx->num) {
for (j = ctx->num, i = 0; j < 8 && i < inl;
j++, i++, in_ptr++, out_ptr++) {
if (!ctx->encrypt)
ctx->buf[j + 8] = *in_ptr;
*out_ptr = ctx->buf[j] ^ (*in_ptr);
if (ctx->encrypt)
ctx->buf[j + 8] = *out_ptr;
}
if (j == 8) {
memcpy(ctx->iv, ctx->buf + 8, 8);
ctx->num = 0;
} else {
ctx->num = j;
return 1;
}
}
for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
/*
* block cipher current iv
*/
gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf);
/*
* xor next block of input text with it and output it
*/
/*
* output this block
*/
if (!ctx->encrypt)
memcpy(ctx->iv, in_ptr, 8);
for (j = 0; j < 8; j++) {
out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
}
/* Encrypt */
/* Next iv is next block of cipher text */
if (ctx->encrypt)
memcpy(ctx->iv, out_ptr, 8);
}
/* Process rest of buffer */
if (i < inl) {
gost_crypt_mesh(ctx->cipher_data, ctx->iv, ctx->buf);
if (!ctx->encrypt)
memcpy(ctx->buf + 8, in_ptr, inl - i);
for (j = 0; i < inl; j++, i++) {
out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
}
ctx->num = j;
if (ctx->encrypt)
memcpy(ctx->buf + 8, out_ptr, j);
} else {
ctx->num = 0;
}
return 1;
}
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
const unsigned char *in_ptr = in;
unsigned char *out_ptr = out;
size_t i = 0;
size_t j;
/* process partial block if any */
if (ctx->num) {
for (j = ctx->num, i = 0; j < 8 && i < inl;
j++, i++, in_ptr++, out_ptr++) {
*out_ptr = ctx->buf[j] ^ (*in_ptr);
}
if (j == 8) {
ctx->num = 0;
} else {
ctx->num = j;
return 1;
}
}
for (; i + 8 < inl; i += 8, in_ptr += 8, out_ptr += 8) {
/*
* block cipher current iv
*/
/* Encrypt */
gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf);
/*
* xor next block of input text with it and output it
*/
/*
* output this block
*/
for (j = 0; j < 8; j++) {
out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
}
}
/* Process rest of buffer */
if (i < inl) {
gost_cnt_next(ctx->cipher_data, ctx->iv, ctx->buf);
for (j = 0; i < inl; j++, i++) {
out_ptr[j] = ctx->buf[j] ^ in_ptr[j];
}
ctx->num = j;
} else {
ctx->num = 0;
}
return 1;
}
/* Cleaning up of EVP_CIPHER_CTX */
int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
{
gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx);
ctx->app_data = NULL;
return 1;
}
/* Control function for gost cipher */
int gost_cipher_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
switch (type) {
case EVP_CTRL_RAND_KEY:
{
if (RAND_bytes((unsigned char *)ptr, ctx->key_len) <= 0) {
GOSTerr(GOST_F_GOST_CIPHER_CTL,
GOST_R_RANDOM_GENERATOR_ERROR);
return -1;
}
break;
}
case EVP_CTRL_PBE_PRF_NID:
if (ptr) {
*((int *)ptr) = NID_id_HMACGostR3411_94;
return 1;
} else {
return 0;
}
default:
GOSTerr(GOST_F_GOST_CIPHER_CTL,
GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
return -1;
}
return 1;
}
/* Set cipher parameters from ASN1 structure */
int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
{
int len = 0;
unsigned char *buf = NULL;
unsigned char *p = NULL;
struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
ASN1_OCTET_STRING *os = NULL;
if (!gcp) {
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
return 0;
}
if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) {
GOST_CIPHER_PARAMS_free(gcp);
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
return 0;
}
ASN1_OBJECT_free(gcp->enc_param_set);
gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
p = buf = (unsigned char *)OPENSSL_malloc(len);
if (!buf) {
GOST_CIPHER_PARAMS_free(gcp);
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
return 0;
}
i2d_GOST_CIPHER_PARAMS(gcp, &p);
GOST_CIPHER_PARAMS_free(gcp);
os = ASN1_OCTET_STRING_new();
if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
OPENSSL_free(buf);
GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
return 0;
}
OPENSSL_free(buf);
ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
return 1;
}
/* Store parameters into ASN1 structure */
int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
{
int ret = -1;
int len;
GOST_CIPHER_PARAMS *gcp = NULL;
unsigned char *p;
struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
return ret;
}
p = params->value.sequence->data;
gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
params->value.sequence->length);
len = gcp->iv->length;
if (len != ctx->cipher->iv_len) {
GOST_CIPHER_PARAMS_free(gcp);
GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, GOST_R_INVALID_IV_LENGTH);
return -1;
}
if (!gost_cipher_set_param(c, OBJ_obj2nid(gcp->enc_param_set))) {
GOST_CIPHER_PARAMS_free(gcp);
return -1;
}
memcpy(ctx->oiv, gcp->iv->data, len);
GOST_CIPHER_PARAMS_free(gcp);
return 1;
}
int gost_imit_init_cpa(EVP_MD_CTX *ctx)
{
struct ossl_gost_imit_ctx *c = ctx->md_data;
memset(c->buffer, 0, sizeof(c->buffer));
memset(c->partial_block, 0, sizeof(c->partial_block));
c->count = 0;
c->bytes_left = 0;
c->key_meshing = 1;
gost_init(&(c->cctx), &Gost28147_CryptoProParamSetA);
return 1;
}
static void mac_block_mesh(struct ossl_gost_imit_ctx *c,
const unsigned char *data)
{
unsigned char buffer[8];
/*
* We are using local buffer for iv because CryptoPro doesn't interpret
* internal state of MAC algorithm as iv during keymeshing (but does
* initialize internal state from iv in key transport
*/
assert(c->count % 8 == 0 && c->count <= 1024);
if (c->key_meshing && c->count == 1024) {
cryptopro_key_meshing(&(c->cctx), buffer);
}
mac_block(&(c->cctx), c->buffer, data);
c->count = c->count % 1024 + 8;
}
int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
struct ossl_gost_imit_ctx *c = ctx->md_data;
const unsigned char *p = data;
size_t bytes = count, i;
if (!(c->key_set)) {
GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
return 0;
}
if (c->bytes_left) {
for (i = c->bytes_left; i < 8 && bytes > 0; bytes--, i++, p++) {
c->partial_block[i] = *p;
}
if (i == 8) {
mac_block_mesh(c, c->partial_block);
} else {
c->bytes_left = i;
return 1;
}
}
while (bytes > 8) {
mac_block_mesh(c, p);
p += 8;
bytes -= 8;
}
if (bytes > 0) {
memcpy(c->partial_block, p, bytes);
}
c->bytes_left = bytes;
return 1;
}
int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
{
struct ossl_gost_imit_ctx *c = ctx->md_data;
if (!c->key_set) {
GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
return 0;
}
if (c->count == 0 && c->bytes_left) {
unsigned char buffer[8];
memset(buffer, 0, 8);
gost_imit_update(ctx, buffer, 8);
}
if (c->bytes_left) {
int i;
for (i = c->bytes_left; i < 8; i++) {
c->partial_block[i] = 0;
}
mac_block_mesh(c, c->partial_block);
}
get_mac(c->buffer, 32, md);
return 1;
}
int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
{
switch (type) {
case EVP_MD_CTRL_KEY_LEN:
*((unsigned int *)(ptr)) = 32;
return 1;
case EVP_MD_CTRL_SET_KEY:
{
if (arg != 32) {
GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
return 0;
}
gost_key(&(((struct ossl_gost_imit_ctx *)(ctx->md_data))->cctx),
ptr);
((struct ossl_gost_imit_ctx *)(ctx->md_data))->key_set = 1;
return 1;
}
default:
return 0;
}
}
int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
memcpy(to->md_data, from->md_data, sizeof(struct ossl_gost_imit_ctx));
return 1;
}
/* Clean up imit ctx */
int gost_imit_cleanup(EVP_MD_CTX *ctx)
{
memset(ctx->md_data, 0, sizeof(struct ossl_gost_imit_ctx));
return 1;
}

93
engines/ccgost/gost_ctl.c
View File

@@ -1,93 +0,0 @@
/**********************************************************************
* gost_ctl.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of control commands for GOST engine *
* OpenSSL 0.9.9 libraries required *
**********************************************************************/
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/buffer.h>
#include "gost_lcl.h"
static char *gost_params[GOST_PARAM_MAX + 1] = { NULL };
static const char *gost_envnames[] = { "CRYPT_PARAMS" };
const ENGINE_CMD_DEFN gost_cmds[] = {
/*- { GOST_CTRL_RNG,
"RNG",
"Type of random number generator to use",
ENGINE_CMD_FLAG_STRING
},
{ GOST_CTRL_RNG_PARAMS,
"RNG_PARAMS",
"Parameter for random number generator",
ENGINE_CMD_FLAG_STRING
},
*/ {GOST_CTRL_CRYPT_PARAMS,
"CRYPT_PARAMS",
"OID of default GOST 28147-89 parameters",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
void gost_param_free()
{
int i;
for (i = 0; i <= GOST_PARAM_MAX; i++)
if (gost_params[i] != NULL) {
OPENSSL_free(gost_params[i]);
gost_params[i] = NULL;
}
}
int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int param = cmd - ENGINE_CMD_BASE;
int ret = 0;
if (param < 0 || param > GOST_PARAM_MAX)
return -1;
ret = gost_set_default_param(param, p);
return ret;
}
const char *get_gost_engine_param(int param)
{
char *tmp;
if (param < 0 || param > GOST_PARAM_MAX)
return NULL;
if (gost_params[param] != NULL) {
return gost_params[param];
}
tmp = getenv(gost_envnames[param]);
if (tmp) {
if (gost_params[param])
OPENSSL_free(gost_params[param]);
gost_params[param] = BUF_strdup(tmp);
return gost_params[param];
}
return NULL;
}
int gost_set_default_param(int param, const char *value)
{
const char *tmp;
if (param < 0 || param > GOST_PARAM_MAX)
return 0;
tmp = getenv(gost_envnames[param]);
/*
* if there is value in the environment, use it, else -passed string *
*/
if (!tmp)
tmp = value;
if (gost_params[param])
OPENSSL_free(gost_params[param]);
gost_params[param] = BUF_strdup(tmp);
return 1;
}

281
engines/ccgost/gost_eng.c
View File

@@ -1,281 +0,0 @@
/**********************************************************************
* gost_eng.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Main file of GOST engine *
* for OpenSSL *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/obj_mac.h>
#include "e_gost_err.h"
#include "gost_lcl.h"
static const char *engine_gost_id = "gost";
static const char *engine_gost_name =
"Reference implementation of GOST engine";
/* Symmetric cipher and digest function registrar */
static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int gost_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int ind);
static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **nids, int nid);
static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
const int **nids, int nid);
static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
static int gost_digest_nids[] =
{ NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
};
static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
*pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
*ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
static int gost_engine_init(ENGINE *e)
{
return 1;
}
static int gost_engine_finish(ENGINE *e)
{
return 1;
}
static int gost_engine_destroy(ENGINE *e)
{
gost_param_free();
pmeth_GostR3410_94 = NULL;
pmeth_GostR3410_2001 = NULL;
pmeth_Gost28147_MAC = NULL;
ameth_GostR3410_94 = NULL;
ameth_GostR3410_2001 = NULL;
ameth_Gost28147_MAC = NULL;
return 1;
}
static int bind_gost(ENGINE *e, const char *id)
{
int ret = 0;
if (id && strcmp(id, engine_gost_id))
return 0;
if (ameth_GostR3410_94) {
printf("GOST engine already loaded\n");
goto end;
}
if (!ENGINE_set_id(e, engine_gost_id)) {
printf("ENGINE_set_id failed\n");
goto end;
}
if (!ENGINE_set_name(e, engine_gost_name)) {
printf("ENGINE_set_name failed\n");
goto end;
}
if (!ENGINE_set_digests(e, gost_digests)) {
printf("ENGINE_set_digests failed\n");
goto end;
}
if (!ENGINE_set_ciphers(e, gost_ciphers)) {
printf("ENGINE_set_ciphers failed\n");
goto end;
}
if (!ENGINE_set_pkey_meths(e, gost_pkey_meths)) {
printf("ENGINE_set_pkey_meths failed\n");
goto end;
}
if (!ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths)) {
printf("ENGINE_set_pkey_asn1_meths failed\n");
goto end;
}
/* Control function and commands */
if (!ENGINE_set_cmd_defns(e, gost_cmds)) {
fprintf(stderr, "ENGINE_set_cmd_defns failed\n");
goto end;
}
if (!ENGINE_set_ctrl_function(e, gost_control_func)) {
fprintf(stderr, "ENGINE_set_ctrl_func failed\n");
goto end;
}
if (!ENGINE_set_destroy_function(e, gost_engine_destroy)
|| !ENGINE_set_init_function(e, gost_engine_init)
|| !ENGINE_set_finish_function(e, gost_engine_finish)) {
goto end;
}
if (!register_ameth_gost
(NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94",
"GOST R 34.10-94"))
goto end;
if (!register_ameth_gost
(NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
"GOST R 34.10-2001"))
goto end;
if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
"GOST-MAC", "GOST 28147-89 MAC"))
goto end;
if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
goto end;
if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
goto end;
if (!register_pmeth_gost
(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
goto end;
if (!ENGINE_register_ciphers(e)
|| !ENGINE_register_digests(e)
|| !ENGINE_register_pkey_meths(e)
/* These two actually should go in LIST_ADD command */
|| !EVP_add_cipher(&cipher_gost)
|| !EVP_add_cipher(&cipher_gost_cpacnt)
|| !EVP_add_digest(&digest_gost)
|| !EVP_add_digest(&imit_gost_cpa)
) {
goto end;
}
ERR_load_GOST_strings();
ret = 1;
end:
return ret;
}
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
IMPLEMENT_DYNAMIC_BIND_FN(bind_gost)
IMPLEMENT_DYNAMIC_CHECK_FN()
#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */
static int gost_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
int ok = 1;
if (!digest) {
*nids = gost_digest_nids;
return 2;
}
/*
* printf("Digest no %d requested\n",nid);
*/
if (nid == NID_id_GostR3411_94) {
*digest = &digest_gost;
} else if (nid == NID_id_Gost28147_89_MAC) {
*digest = &imit_gost_cpa;
} else {
ok = 0;
*digest = NULL;
}
return ok;
}
static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int ok = 1;
if (!cipher) {
*nids = gost_cipher_nids;
return 2; /* two ciphers are supported */
}
if (nid == NID_id_Gost28147_89) {
*cipher = &cipher_gost;
} else if (nid == NID_gost89_cnt) {
*cipher = &cipher_gost_cpacnt;
} else {
ok = 0;
*cipher = NULL;
}
return ok;
}
static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **nids, int nid)
{
if (!pmeth) {
*nids = gost_pkey_meth_nids;
return 3;
}
switch (nid) {
case NID_id_GostR3410_94:
*pmeth = pmeth_GostR3410_94;
return 1;
case NID_id_GostR3410_2001:
*pmeth = pmeth_GostR3410_2001;
return 1;
case NID_id_Gost28147_89_MAC:
*pmeth = pmeth_Gost28147_MAC;
return 1;
default:;
}
*pmeth = NULL;
return 0;
}
static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
const int **nids, int nid)
{
if (!ameth) {
*nids = gost_pkey_meth_nids;
return 3;
}
switch (nid) {
case NID_id_GostR3410_94:
*ameth = ameth_GostR3410_94;
return 1;
case NID_id_GostR3410_2001:
*ameth = ameth_GostR3410_2001;
return 1;
case NID_id_Gost28147_89_MAC:
*ameth = ameth_Gost28147_MAC;
return 1;
default:;
}
*ameth = NULL;
return 0;
}
#ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_gost(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_gost(ret, engine_gost_id)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_gost(void)
{
ENGINE *toadd;
if (pmeth_GostR3410_94)
return;
toadd = engine_gost();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
#endif

106
engines/ccgost/gost_keywrap.c
View File

@@ -1,106 +0,0 @@
/**********************************************************************
* keywrap.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of CryptoPro key wrap algorithm, as defined in *
* RFC 4357 p 6.3 and 6.4 *
* Doesn't need OpenSSL *
**********************************************************************/
#include <string.h>
#include "gost89.h"
#include "gost_keywrap.h"
/*-
* Diversifies key using random UserKey Material
* Implements RFC 4357 p 6.5 key diversification algorithm
*
* inputKey - 32byte key to be diversified
* ukm - 8byte user key material
* outputKey - 32byte buffer to store diversified key
*
*/
void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey,
const unsigned char *ukm, unsigned char *outputKey)
{
u4 k, s1, s2;
int i, j, mask;
unsigned char S[8];
memcpy(outputKey, inputKey, 32);
for (i = 0; i < 8; i++) {
/* Make array of integers from key */
/* Compute IV S */
s1 = 0, s2 = 0;
for (j = 0, mask = 1; j < 8; j++, mask <<= 1) {
k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) |
(outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24);
if (mask & ukm[i]) {
s1 += k;
} else {
s2 += k;
}
}
S[0] = (unsigned char)(s1 & 0xff);
S[1] = (unsigned char)((s1 >> 8) & 0xff);
S[2] = (unsigned char)((s1 >> 16) & 0xff);
S[3] = (unsigned char)((s1 >> 24) & 0xff);
S[4] = (unsigned char)(s2 & 0xff);
S[5] = (unsigned char)((s2 >> 8) & 0xff);
S[6] = (unsigned char)((s2 >> 16) & 0xff);
S[7] = (unsigned char)((s2 >> 24) & 0xff);
gost_key(ctx, outputKey);
gost_enc_cfb(ctx, S, outputKey, outputKey, 4);
}
}
/*-
* Wraps key using RFC 4357 6.3
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey (KEK) 32-byte (256-bit) shared key
* ukm - 8 byte (64 bit) user key material,
* sessionKey - 32-byte (256-bit) key to be wrapped
* wrappedKey - 44-byte buffer to store wrapped key
*/
int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
const unsigned char *ukm,
const unsigned char *sessionKey,
unsigned char *wrappedKey)
{
unsigned char kek_ukm[32];
keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm);
gost_key(ctx, kek_ukm);
memcpy(wrappedKey, ukm, 8);
gost_enc(ctx, sessionKey, wrappedKey + 8, 4);
gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40);
return 1;
}
/*-
* Unwraps key using RFC 4357 6.4
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey 32-byte shared key
* wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
* 32 byte encrypted key and 4 byte MAC
*
* sessionKEy - 32byte buffer to store sessionKey in
* Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
*/
int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey,
const unsigned char *wrappedKey,
unsigned char *sessionKey)
{
unsigned char kek_ukm[32], cek_mac[4];
keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey
/* First 8 bytes of wrapped Key is ukm */
, kek_ukm);
gost_key(ctx, kek_ukm);
gost_dec(ctx, wrappedKey + 8, sessionKey, 4);
gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac);
if (memcmp(cek_mac, wrappedKey + 40, 4)) {
return 0;
}
return 1;
}

56
engines/ccgost/gost_keywrap.h
View File

@@ -1,56 +0,0 @@
/**********************************************************************
* gost_keywrap.h *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of CryptoPro key wrap algorithm, as defined in *
* RFC 4357 p 6.3 and 6.4 *
* Doesn't need OpenSSL *
**********************************************************************/
#ifndef GOST_KEYWRAP_H
# define GOST_KEYWRAP_H
# include <string.h>
# include "gost89.h"
/*-
* Diversifies key using random UserKey Material
* Implements RFC 4357 p 6.5 key diversification algorithm
*
* inputKey - 32byte key to be diversified
* ukm - 8byte user key material
* outputKey - 32byte buffer to store diversified key
*
*/
void keyDiversifyCryptoPro(gost_ctx * ctx,
const unsigned char *inputKey,
const unsigned char *ukm,
unsigned char *outputKey);
/*-
* Wraps key using RFC 4357 6.3
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey (KEK) 32-byte (256-bit) shared key
* ukm - 8 byte (64 bit) user key material,
* sessionKey - 32-byte (256-bit) key to be wrapped
* wrappedKey - 44-byte buffer to store wrapped key
*/
int keyWrapCryptoPro(gost_ctx * ctx,
const unsigned char *keyExchangeKey,
const unsigned char *ukm,
const unsigned char *sessionKey,
unsigned char *wrappedKey);
/*-
* Unwraps key using RFC 4357 6.4
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey 32-byte shared key
* wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
* 32 byte encrypted key and 4 byte MAC
*
* sessionKEy - 32byte buffer to store sessionKey in
* Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
*/
int keyUnwrapCryptoPro(gost_ctx * ctx,
const unsigned char *keyExchangeKey,
const unsigned char *wrappedKey,
unsigned char *sessionKey);
#endif

229
engines/ccgost/gost_lcl.h
View File

@@ -1,229 +0,0 @@
#ifndef GOST_TOOLS_H
# define GOST_TOOLS_H
/**********************************************************************
* gost_lcl.h *
* Copyright (c) 2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Internal declarations used in GOST engine *
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
**********************************************************************/
# include <openssl/bn.h>
# include <openssl/evp.h>
# include <openssl/dsa.h>
# include <openssl/asn1t.h>
# include <openssl/x509.h>
# include <openssl/engine.h>
# include <openssl/ec.h>
# include "gost89.h"
# include "gosthash.h"
/* Control commands */
# define GOST_PARAM_CRYPT_PARAMS 0
# define GOST_PARAM_MAX 0
# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
extern const ENGINE_CMD_DEFN gost_cmds[];
int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
const char *get_gost_engine_param(int param);
int gost_set_default_param(int param, const char *value);
void gost_param_free(void);
/* method registration */
int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
const char *pemstr, const char *info);
int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags);
/* Gost-specific pmeth control-function parameters */
/* For GOST R34.10 parameters */
# define param_ctrl_string "paramset"
# define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
/* For GOST 28147 MAC */
# define key_ctrl_string "key"
# define hexkey_ctrl_string "hexkey"
# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
/* Pmeth internal representation */
struct gost_pmeth_data {
int sign_param_nid; /* Should be set whenever parameters are
* filled */
EVP_MD *md;
unsigned char *shared_ukm;
int peer_key_used;
};
struct gost_mac_pmeth_data {
int key_set;
EVP_MD *md;
unsigned char key[32];
};
/* GOST-specific ASN1 structures */
typedef struct {
ASN1_OCTET_STRING *encrypted_key;
ASN1_OCTET_STRING *imit;
} GOST_KEY_INFO;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
typedef struct {
ASN1_OBJECT *cipher;
X509_PUBKEY *ephem_key;
ASN1_OCTET_STRING *eph_iv;
} GOST_KEY_AGREEMENT_INFO;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
typedef struct {
GOST_KEY_INFO *key_info;
GOST_KEY_AGREEMENT_INFO *key_agreement_info;
} GOST_KEY_TRANSPORT;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
typedef struct { /* FIXME incomplete */
GOST_KEY_TRANSPORT *gkt;
} GOST_CLIENT_KEY_EXCHANGE_PARAMS;
/*
* Hacks to shorten symbols to 31 characters or less, or OpenVMS. This mimics
* what's done in symhacks.h, but since this is a very local header file, I
* prefered to put this hack directly here. -- Richard Levitte
*/
# ifdef OPENSSL_SYS_VMS
# undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it
# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it
# undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new
# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new
# undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free
# define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free
# undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS
# define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS
# undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS
# define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS
# endif /* End of hack */
DECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
typedef struct {
ASN1_OBJECT *key_params;
ASN1_OBJECT *hash_params;
ASN1_OBJECT *cipher_params;
} GOST_KEY_PARAMS;
DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
typedef struct {
ASN1_OCTET_STRING *iv;
ASN1_OBJECT *enc_param_set;
} GOST_CIPHER_PARAMS;
DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
/*============== Message digest and cipher related structures ==========*/
/*
* Structure used as EVP_MD_CTX-md_data. It allows to avoid storing
* in the md-data pointers to dynamically allocated memory. I
* cannot invent better way to avoid memory leaks, because openssl
* insist on invoking Init on Final-ed digests, and there is no
* reliable way to find out whether pointer in the passed md_data is
* valid or not.
*/
struct ossl_gost_digest_ctx {
gost_hash_ctx dctx;
gost_ctx cctx;
};
/* EVP_MD structure for GOST R 34.11 */
extern EVP_MD digest_gost;
/* EVP_MD structure for GOST 28147 in MAC mode */
extern EVP_MD imit_gost_cpa;
/* Cipher context used for EVP_CIPHER operation */
struct ossl_gost_cipher_ctx {
int paramNID;
unsigned int count;
int key_meshing;
gost_ctx cctx;
};
/* Structure to map parameter NID to S-block */
struct gost_cipher_info {
int nid;
gost_subst_block *sblock;
int key_meshing;
};
/* Context for MAC */
struct ossl_gost_imit_ctx {
gost_ctx cctx;
unsigned char buffer[8];
unsigned char partial_block[8];
unsigned int count;
int key_meshing;
int bytes_left;
int key_set;
};
/* Table which maps parameter NID to S-blocks */
extern struct gost_cipher_info gost_cipher_list[];
/* Find encryption params from ASN1_OBJECT */
const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
extern EVP_CIPHER cipher_gost;
extern EVP_CIPHER cipher_gost_cpacnt;
# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
/* EVP_PKEY_METHOD key encryption callbacks */
/* From gost94_keyx.c */
int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *key,
size_t key_len);
int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t in_len);
/* From gost2001_keyx.c */
int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *key,
size_t key_len);
int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t in_len);
/* derive functions */
/* From gost2001_keyx.c */
int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen);
/* From gost94_keyx.c */
int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
/* Internal functions for signature algorithms */
int fill_GOST94_params(DSA *dsa, int nid);
int fill_GOST2001_params(EC_KEY *eckey, int nid);
int gost_sign_keygen(DSA *dsa);
int gost2001_keygen(EC_KEY *ec);
DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
int gost_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, EC_KEY *ec);
int gost2001_compute_public(EC_KEY *ec);
int gost94_compute_public(DSA *dsa);
/*============== miscellaneous functions============================= */
/* from gost_sign.c */
/* Convert GOST R 34.11 hash sum to bignum according to standard */
BIGNUM *hashsum2bn(const unsigned char *dgst);
/*
* Store bignum in byte array of given length, prepending by zeros if
* nesseccary
*/
int store_bignum(BIGNUM *bn, unsigned char *buf, int len);
/* Read bignum, which can have few MSB all-zeros from buffer*/
BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len);
/* Pack GOST R 34.10 signature according to CryptoPro rules */
int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
/* Unpack GOST R 34.10 signature according to CryptoPro rules */
DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen);
/* from ameth.c */
/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/
/* Returns pointer into EVP_PKEY structure */
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
/* Find NID by GOST 94 parameters */
int gost94_nid_by_params(DSA *p);
#endif

76
engines/ccgost/gost_md.c
View File

@@ -1,76 +0,0 @@
/**********************************************************************
* md_gost.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* OpenSSL interface to GOST R 34.11-94 hash functions *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <string.h>
#include "gost_lcl.h"
#include "gosthash.h"
#include "e_gost_err.h"
/* implementation of GOST 34.11 hash function See gost_md.c*/
static int gost_digest_init(EVP_MD_CTX *ctx);
static int gost_digest_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
static int gost_digest_cleanup(EVP_MD_CTX *ctx);
EVP_MD digest_gost = {
NID_id_GostR3411_94,
NID_undef,
32,
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
gost_digest_init,
gost_digest_update,
gost_digest_final,
gost_digest_copy,
gost_digest_cleanup,
NULL,
NULL,
{NID_undef, NID_undef, 0, 0, 0},
32,
sizeof(struct ossl_gost_digest_ctx),
NULL
};
int gost_digest_init(EVP_MD_CTX *ctx)
{
struct ossl_gost_digest_ctx *c = ctx->md_data;
memset(&(c->dctx), 0, sizeof(gost_hash_ctx));
gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet);
c->dctx.cipher_ctx = &(c->cctx);
return 1;
}
int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
return hash_block((gost_hash_ctx *) ctx->md_data, data, count);
}
int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
{
return finish_hash((gost_hash_ctx *) ctx->md_data, md);
}
int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
struct ossl_gost_digest_ctx *md_ctx = to->md_data;
if (to->md_data && from->md_data) {
memcpy(to->md_data, from->md_data,
sizeof(struct ossl_gost_digest_ctx));
md_ctx->dctx.cipher_ctx = &(md_ctx->cctx);
}
return 1;
}
int gost_digest_cleanup(EVP_MD_CTX *ctx)
{
if (ctx->md_data)
memset(ctx->md_data, 0, sizeof(struct ossl_gost_digest_ctx));
return 1;
}

207
engines/ccgost/gost_params.c
View File

@@ -1,207 +0,0 @@
/**********************************************************************
* params.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Definitions of GOST R 34.10 parameter sets, defined in RFC 4357 *
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
**********************************************************************/
#include "gost_params.h"
#include <openssl/objects.h>
/* Parameters of GOST 34.10 */
R3410_params R3410_paramset[] = {
/* Paramset A */
{NID_id_GostR3410_94_CryptoPro_A_ParamSet,
"100997906755055304772081815535925224869"
"8410825720534578748235158755771479905292727772441528526992987964833"
"5669968284202797289605274717317548059048560713474685214192868091256"
"1502802222185647539190902656116367847270145019066794290930185446216"
"3997308722217328898303231940973554032134009725883228768509467406639"
"62",
"127021248288932417465907042777176443525"
"7876535089165358128175072657050312609850984974231883334834011809259"
"9999512098893413065920561499672425412104927434935707492031276956145"
"1689224110579311248812610229678534638401693520013288995000362260684"
"2227508135323070045173416336850045410625869714168836867788425378203"
"83",
"683631961449557007844441656118272528951"
"02170888761442055095051287550314083023"}
,
{NID_id_GostR3410_94_CryptoPro_B_ParamSet,
"429418261486158041438734477379555023926"
"7234596860714306679811299408947123142002706038521669956384871995765"
"7284814898909770759462613437669456364882730370838934791080835932647"
"9767786019153434744009610342313166725786869204821949328786333602033"
"8479709268434224762105576023501613261478065276102850944540333865234"
"1",
"139454871199115825601409655107690713107"
"0417070599280317977580014543757653577229840941243685222882398330391"
"1468164807668823692122073732267216074074777170091113455043205380464"
"7694904686120113087816240740184800477047157336662926249423571248823"
"9685422217536601433914856808405203368594584948031873412885804895251"
"63",
"79885141663410976897627118935756323747307951916507639758300472692338873533959"}
,
{NID_id_GostR3410_94_CryptoPro_C_ParamSet,
"816552717970881016017893191415300348226"
"2544051353358162468249467681876621283478212884286545844013955142622"
"2087723485023722868022275009502224827866201744494021697716482008353"
"6398202298024892620480898699335508064332313529725332208819456895108"
"5155178100221003459370588291073071186553005962149936840737128710832"
"3",
"110624679233511963040518952417017040248"
"5862954819831383774196396298584395948970608956170224210628525560327"
"8638246716655439297654402921844747893079518669992827880792192992701"
"1428546551433875806377110443534293554066712653034996277099320715774"
"3542287621283671843703709141350171945045805050291770503634517804938"
"01",
"113468861199819350564868233378875198043"
"267947776488510997961231672532899549103"}
,
{NID_id_GostR3410_94_CryptoPro_D_ParamSet,
"756976611021707301782128757801610628085"
"5283803109571158829574281419208532589041660017017859858216341400371"
"4687551412794400562878935266630754392677014598582103365983119173924"
"4732511225464712252386803315902707727668715343476086350472025298282"
"7271461690125050616858238384366331089777463541013033926723743254833"
"7",
"905457649621929965904290958774625315611"
"3056083907389766971404812524422262512556054474620855996091570786713"
"5849550236741915584185990627801066465809510095784713989819413820871"
"5964648914493053407920737078890520482730623038837767710173664838239"
"8574828787891286471201460474326612697849693665518073864436497893214"
"9",
"108988435796353506912374591498972192620"
"190487557619582334771735390599299211593"}
,
{NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
"1335318132727206734338595199483190012179423759678474868994823595993"
"6964252873471246159040332773182141032801252925387191478859899310331"
"0567744136196364803064721377826656898686468463277710150809401182608"
"7702016153249904683329312949209127762411378780302243557466062839716"
"59376426832674269780880061631528163475887",
"14201174159756348119636828602231808974327613839524373876287257344192"
"74593935127189736311660784676003608489466235676257952827747192122419"
"29071046134208380636394084512691828894000571524625445295769349356752"
"72895683154177544176313938445719175509684710784659566254794231229333"
"8483924514339614727760681880609734239",
"91771529896554605945588149018382750217296858393520724172743325725474"
"374979801"}
,
{NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
"8890864727828423151699995801875757891031463338652579140051973659"
"3048131440685857067369829407947744496306656291505503608252399443"
"7900272386749145996230867832228661977543992816745254823298629859"
"8753575466286051738837854736167685769017780335804511440773337196"
"2538423532919394477873664752824509986617878992443177",
"1028946126624994859676552074360530315217970499989304888248413244"
"8474923022758470167998871003604670704877377286176171227694098633"
"1539089568784129110109512690503345393869871295783467257264868341"
"7200196629860561193666752429682367397084815179752036423595736533"
"68957392061769855284593965042530895046088067160269433",
"9109671391802626916582318050603555673628769498182593088388796888"
"5281641595199"}
,
{NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
"4430618464297584182473135030809859326863990650118941756995270074"
"8609973181426950235239623239110557450826919295792878938752101867"
"7047181623251027516953100431855964837602657827828194249605561893"
"6965865325513137194483136247773653468410118796740709840825496997"
"9375560722345106704721086025979309968763193072908334",
"1246996366993477513607147265794064436203408861395055989217248455"
"7299870737698999651480662364723992859320868822848751165438350943"
"3276647222625940615560580450040947211826027729977563540237169063"
"0448079715771649447778447000597419032457722226253269698374446528"
"35352729304393746106576383349151001715930924115499549",
"6787876137336591234380295020065682527118129468050147943114675429"
"4748422492761"}
,
{NID_undef, NULL, NULL, NULL}
};
R3410_2001_params R3410_2001_paramset[] = {
/* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
{NID_id_GostR3410_2001_ParamSet_cc,
/* A */
"C0000000000000000000000000000000000000000000000000000000000003c4",
/* B */
"2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
/* P */
"C0000000000000000000000000000000000000000000000000000000000003C7",
/* Q */
"5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
/* X */
"2",
/* Y */
"a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"}
,
/* 1.2.643.2.2.35.0 */
{NID_id_GostR3410_2001_TestParamSet,
"7",
"5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E",
"8000000000000000000000000000000000000000000000000000000000000431",
"8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3",
"2",
"08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8"}
,
/*
* 1.2.643.2.2.35.1
*/
{NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
"a6",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
"1",
"8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"}
,
/*
* 1.2.643.2.2.35.2
*/
{NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
"8000000000000000000000000000000000000000000000000000000000000C96",
"3E1AF419A269A5F866A7D3C25C3DF80AE979259373FF2B182F49D4CE7E1BBC8B",
"8000000000000000000000000000000000000000000000000000000000000C99",
"800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F",
"1",
"3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC"}
,
/*
* 1.2.643.2.2.35.3
*/
{NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
"9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
"805a",
"9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
"9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
"0",
"41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"}
,
/*
* 1.2.643.2.2.36.0
*/
{NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
"a6",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
"1",
"8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"}
,
/*
* 1.2.643.2.2.36.1
*/
{NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
"9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
"805a",
"9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
"9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
"0",
"41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"}
,
{0, NULL, NULL, NULL, NULL, NULL, NULL}
};

34
engines/ccgost/gost_params.h
View File

@@ -1,34 +0,0 @@
/**********************************************************************
* gost_params.h *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Declaration of structures used to represent GOST R 34.10 *
* parameter sets, defined in RFC 4357 *
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
**********************************************************************/
#ifndef GOST_PARAMSET_H
# define GOST_PARAMSET_H
typedef struct R3410 {
int nid;
char *a;
char *p;
char *q;
} R3410_params;
extern R3410_params R3410_paramset[];
typedef struct R3410_2001 {
int nid;
char *a;
char *b;
char *p;
char *q;
char *x;
char *y;
} R3410_2001_params;
extern R3410_2001_params R3410_2001_paramset[];
#endif

621
engines/ccgost/gost_pmeth.c
View File

@@ -1,621 +0,0 @@
/**********************************************************************
* gost_pmeth.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of RFC 4357 (GOST R 34.10) Publick key method *
* for OpenSSL *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/ec.h>
#include <openssl/x509v3.h> /* For string_to_hex */
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
/* -----init, cleanup, copy - uniform for all algs ---------------*/
/* Allocates new gost_pmeth_data structure and assigns it as data */
static int pkey_gost_init(EVP_PKEY_CTX *ctx)
{
struct gost_pmeth_data *data;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
data = OPENSSL_malloc(sizeof(struct gost_pmeth_data));
if (!data)
return 0;
memset(data, 0, sizeof(struct gost_pmeth_data));
if (pkey && EVP_PKEY_get0(pkey)) {
switch (EVP_PKEY_base_id(pkey)) {
case NID_id_GostR3410_94:
data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
break;
case NID_id_GostR3410_2001:
data->sign_param_nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)pkey)));
break;
default:
return 0;
}
}
EVP_PKEY_CTX_set_data(ctx, data);
return 1;
}
/* Copies contents of gost_pmeth_data structure */
static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
struct gost_pmeth_data *dst_data, *src_data;
if (!pkey_gost_init(dst)) {
return 0;
}
src_data = EVP_PKEY_CTX_get_data(src);
dst_data = EVP_PKEY_CTX_get_data(dst);
*dst_data = *src_data;
if (src_data->shared_ukm) {
dst_data->shared_ukm = NULL;
}
return 1;
}
/* Frees up gost_pmeth_data structure */
static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
{
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
if (data->shared_ukm)
OPENSSL_free(data->shared_ukm);
OPENSSL_free(data);
}
/* --------------------- control functions ------------------------------*/
static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
struct gost_pmeth_data *pctx =
(struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
switch (type) {
case EVP_PKEY_CTRL_MD:
{
if (EVP_MD_type((const EVP_MD *)p2) != NID_id_GostR3411_94) {
GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
return 0;
}
pctx->md = (EVP_MD *)p2;
return 1;
}
break;
case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = pctx->md;
return 1;
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
case EVP_PKEY_CTRL_PKCS7_SIGN:
case EVP_PKEY_CTRL_DIGESTINIT:
#ifndef OPENSSL_NO_CMS
case EVP_PKEY_CTRL_CMS_ENCRYPT:
case EVP_PKEY_CTRL_CMS_DECRYPT:
case EVP_PKEY_CTRL_CMS_SIGN:
#endif
return 1;
case EVP_PKEY_CTRL_GOST_PARAMSET:
pctx->sign_param_nid = (int)p1;
return 1;
case EVP_PKEY_CTRL_SET_IV:
pctx->shared_ukm = OPENSSL_malloc((int)p1);
memcpy(pctx->shared_ukm, p2, (int)p1);
return 1;
case EVP_PKEY_CTRL_PEER_KEY:
if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
return 1;
if (p1 == 2) /* TLS: peer key used? */
return pctx->peer_key_used;
if (p1 == 3) /* TLS: peer key used! */
return (pctx->peer_key_used = 1);
return -2;
}
return -2;
}
static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
int param_nid = 0;
if (!strcmp(type, param_ctrl_string)) {
if (!value) {
return 0;
}
if (strlen(value) == 1) {
switch (toupper((unsigned char)value[0])) {
case 'A':
param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
break;
case 'B':
param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
break;
case 'C':
param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
break;
case 'D':
param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
break;
default:
return 0;
break;
}
} else if ((strlen(value) == 2)
&& (toupper((unsigned char)value[0]) == 'X')) {
switch (toupper((unsigned char)value[1])) {
case 'A':
param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
break;
case 'B':
param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
break;
case 'C':
param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
break;
default:
return 0;
break;
}
} else {
R3410_params *p = R3410_paramset;
param_nid = OBJ_txt2nid(value);
if (param_nid == NID_undef) {
return 0;
}
for (; p->nid != NID_undef; p++) {
if (p->nid == param_nid)
break;
}
if (p->nid == NID_undef) {
GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET);
return 0;
}
}
return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
param_nid, NULL);
}
return -2;
}
static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
int param_nid = 0;
if (!strcmp(type, param_ctrl_string)) {
if (!value) {
return 0;
}
if (strlen(value) == 1) {
switch (toupper((unsigned char)value[0])) {
case 'A':
param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
break;
case 'B':
param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
break;
case 'C':
param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
break;
case '0':
param_nid = NID_id_GostR3410_2001_TestParamSet;
break;
default:
return 0;
break;
}
} else if ((strlen(value) == 2)
&& (toupper((unsigned char)value[0]) == 'X')) {
switch (toupper((unsigned char)value[1])) {
case 'A':
param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
break;
case 'B':
param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
break;
default:
return 0;
break;
}
} else {
R3410_2001_params *p = R3410_2001_paramset;
param_nid = OBJ_txt2nid(value);
if (param_nid == NID_undef) {
return 0;
}
for (; p->nid != NID_undef; p++) {
if (p->nid == param_nid)
break;
}
if (p->nid == NID_undef) {
GOSTerr(GOST_F_PKEY_GOST_CTRL01_STR, GOST_R_INVALID_PARAMSET);
return 0;
}
}
return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
param_nid, NULL);
}
return -2;
}
/* --------------------- key generation --------------------------------*/
static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
{
return 1;
}
static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
DSA *dsa = NULL;
if (data->sign_param_nid == NID_undef) {
GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
return 0;
}
dsa = DSA_new();
if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
DSA_free(dsa);
return 0;
}
EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);
return 1;
}
static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
EC_KEY *ec = NULL;
if (data->sign_param_nid == NID_undef) {
GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
return 0;
}
if (!ec)
ec = EC_KEY_new();
if (!fill_GOST2001_params(ec, data->sign_param_nid)) {
EC_KEY_free(ec);
return 0;
}
EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec);
return 1;
}
/* Generates Gost_R3410_94_cp key */
static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
DSA *dsa;
if (!pkey_gost94_paramgen(ctx, pkey))
return 0;
dsa = EVP_PKEY_get0(pkey);
gost_sign_keygen(dsa);
return 1;
}
/* Generates GOST_R3410 2001 key and assigns it using specified type */
static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
EC_KEY *ec;
if (!pkey_gost01_paramgen(ctx, pkey))
return 0;
ec = EVP_PKEY_get0(pkey);
gost2001_keygen(ec);
return 1;
}
/* ----------- sign callbacks --------------------------------------*/
static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbs_len)
{
DSA_SIG *unpacked_sig = NULL;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
if (!siglen)
return 0;
if (!sig) {
*siglen = 64; /* better to check size of pkey->pkey.dsa-q */
return 1;
}
unpacked_sig = gost_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
if (!unpacked_sig) {
return 0;
}
return pack_sign_cp(unpacked_sig, 32, sig, siglen);
}
static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbs_len)
{
DSA_SIG *unpacked_sig = NULL;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
if (!siglen)
return 0;
if (!sig) {
*siglen = 64; /* better to check size of curve order */
return 1;
}
unpacked_sig = gost2001_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
if (!unpacked_sig) {
return 0;
}
return pack_sign_cp(unpacked_sig, 32, sig, siglen);
}
/* ------------------- verify callbacks ---------------------------*/
static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbs_len)
{
int ok = 0;
EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
DSA_SIG *s = unpack_cp_signature(sig, siglen);
if (!s)
return 0;
if (pub_key)
ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
DSA_SIG_free(s);
return ok;
}
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbs_len)
{
int ok = 0;
EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
DSA_SIG *s = unpack_cp_signature(sig, siglen);
if (!s)
return 0;
#ifdef DEBUG_SIGN
fprintf(stderr, "R=");
BN_print_fp(stderr, s->r);
fprintf(stderr, "\nS=");
BN_print_fp(stderr, s->s);
fprintf(stderr, "\n");
#endif
if (pub_key)
ok = gost2001_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
DSA_SIG_free(s);
return ok;
}
/* ------------- encrypt init -------------------------------------*/
/* Generates ephermeral key */
static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
{
return 1;
}
/* --------------- Derive init ------------------------------------*/
static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
{
return 1;
}
/* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
{
struct gost_mac_pmeth_data *data;
data = OPENSSL_malloc(sizeof(struct gost_mac_pmeth_data));
if (!data)
return 0;
memset(data, 0, sizeof(struct gost_mac_pmeth_data));
EVP_PKEY_CTX_set_data(ctx, data);
return 1;
}
static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
{
struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
OPENSSL_free(data);
}
static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
struct gost_mac_pmeth_data *dst_data, *src_data;
if (!pkey_gost_mac_init(dst)) {
return 0;
}
src_data = EVP_PKEY_CTX_get_data(src);
dst_data = EVP_PKEY_CTX_get_data(dst);
*dst_data = *src_data;
return 1;
}
static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
struct gost_mac_pmeth_data *data =
(struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
switch (type) {
case EVP_PKEY_CTRL_MD:
{
if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
GOST_R_INVALID_DIGEST_TYPE);
return 0;
}
data->md = (EVP_MD *)p2;
return 1;
}
break;
case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = data->md;
return 1;
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
case EVP_PKEY_CTRL_PKCS7_SIGN:
return 1;
case EVP_PKEY_CTRL_SET_MAC_KEY:
if (p1 != 32) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
return 0;
}
memcpy(data->key, p2, 32);
data->key_set = 1;
return 1;
case EVP_PKEY_CTRL_DIGESTINIT:
{
EVP_MD_CTX *mctx = p2;
void *key;
if (!data->key_set) {
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
if (!pkey) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
GOST_R_MAC_KEY_NOT_SET);
return 0;
}
key = EVP_PKEY_get0(pkey);
if (!key) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
GOST_R_MAC_KEY_NOT_SET);
return 0;
}
} else {
key = &(data->key);
}
return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key);
}
}
return -2;
}
static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
if (!strcmp(type, key_ctrl_string)) {
if (strlen(value) != 32) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
GOST_R_INVALID_MAC_KEY_LENGTH);
return 0;
}
return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
32, (char *)value);
}
if (!strcmp(type, hexkey_ctrl_string)) {
long keylen;
int ret;
unsigned char *keybuf = string_to_hex(value, &keylen);
if (!keybuf || keylen != 32) {
GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
GOST_R_INVALID_MAC_KEY_LENGTH);
OPENSSL_free(keybuf);
return 0;
}
ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
OPENSSL_free(keybuf);
return ret;
}
return -2;
}
static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
unsigned char *keydata;
if (!data->key_set) {
GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
return 0;
}
keydata = OPENSSL_malloc(32);
memcpy(keydata, data->key, 32);
EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
return 1;
}
static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
{
return 1;
}
static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, EVP_MD_CTX *mctx)
{
unsigned int tmpsiglen = *siglen; /* for platforms where
* sizeof(int)!=sizeof(size_t) */
int ret;
if (!sig) {
*siglen = 4;
return 1;
}
ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
*siglen = tmpsiglen;
return ret;
}
/* ----------------------------------------------------------------*/
int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
{
*pmeth = EVP_PKEY_meth_new(id, flags);
if (!*pmeth)
return 0;
switch (id) {
case NID_id_GostR3410_94:
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str);
EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen);
EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
EVP_PKEY_meth_set_encrypt(*pmeth,
pkey_gost_encrypt_init,
pkey_GOST94cp_encrypt);
EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
EVP_PKEY_meth_set_derive(*pmeth,
pkey_gost_derive_init, pkey_gost94_derive);
EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
pkey_gost94_paramgen);
break;
case NID_id_GostR3410_2001:
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str);
EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost01_cp_verify);
EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost01cp_keygen);
EVP_PKEY_meth_set_encrypt(*pmeth,
pkey_gost_encrypt_init,
pkey_GOST01cp_encrypt);
EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST01cp_decrypt);
EVP_PKEY_meth_set_derive(*pmeth,
pkey_gost_derive_init, pkey_gost2001_derive);
EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
pkey_gost01_paramgen);
break;
case NID_id_Gost28147_89_MAC:
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
pkey_gost_mac_ctrl_str);
EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
pkey_gost_mac_signctx);
EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen);
EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
return 1;
default: /* Unsupported method */
return 0;
}
EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
/*
* FIXME derive etc...
*/
return 1;
}

373
engines/ccgost/gost_sign.c
View File

@@ -1,373 +0,0 @@
/**********************************************************************
* gost_sign.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of GOST R 34.10-94 signature algorithm *
* for OpenSSL *
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include <string.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
#ifdef DEBUG_SIGN
void dump_signature(const char *message, const unsigned char *buffer,
size_t len)
{
size_t i;
fprintf(stderr, "signature %s Length=%d", message, len);
for (i = 0; i < len; i++) {
if (i % 16 == 0)
fputc('\n', stderr);
fprintf(stderr, " %02x", buffer[i]);
}
fprintf(stderr, "\nEnd of signature\n");
}
void dump_dsa_sig(const char *message, DSA_SIG *sig)
{
fprintf(stderr, "%s\nR=", message);
BN_print_fp(stderr, sig->r);
fprintf(stderr, "\nS=");
BN_print_fp(stderr, sig->s);
fprintf(stderr, "\n");
}
#else
# define dump_signature(a,b,c)
# define dump_dsa_sig(a,b)
#endif
/*
* Computes signature and returns it as DSA_SIG structure
*/
DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
DSA_SIG *newsig = NULL, *ret = NULL;
BIGNUM *md = hashsum2bn(dgst);
/* check if H(M) mod q is zero */
BN_CTX *ctx = BN_CTX_new();
if(!ctx) {
GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_CTX_start(ctx);
newsig = DSA_SIG_new();
if (!newsig) {
GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
goto err;
}
tmp = BN_CTX_get(ctx);
k = BN_CTX_get(ctx);
tmp2 = BN_CTX_get(ctx);
if(!tmp || !k || !tmp2) {
GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_mod(tmp, md, dsa->q, ctx);
if (BN_is_zero(tmp)) {
BN_one(md);
}
do {
do {
/*
* Generate random number k less than q
*/
BN_rand_range(k, dsa->q);
/* generate r = (a^x mod p) mod q */
BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
if (!(newsig->r)) {
newsig->r = BN_new();
if(!newsig->r) {
GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
}
BN_mod(newsig->r, tmp, dsa->q, ctx);
}
while (BN_is_zero(newsig->r));
/* generate s = (xr + k(Hm)) mod q */
BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
BN_mod_mul(tmp2, k, md, dsa->q, ctx);
if (!newsig->s) {
newsig->s = BN_new();
if(!newsig->s) {
GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
}
BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
}
while (BN_is_zero(newsig->s));
ret = newsig;
err:
BN_free(md);
if(ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if(!ret && newsig) {
DSA_SIG_free(newsig);
}
return ret;
}
/*
* Packs signature according to Cryptocom rules
* and frees up DSA_SIG structure
*/
/*-
int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
{
*siglen = 2*order;
memset(sig,0,*siglen);
store_bignum(s->r, sig,order);
store_bignum(s->s, sig + order,order);
dump_signature("serialized",sig,*siglen);
DSA_SIG_free(s);
return 1;
}
*/
/*
* Packs signature according to Cryptopro rules
* and frees up DSA_SIG structure
*/
int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
{
*siglen = 2 * order;
memset(sig, 0, *siglen);
store_bignum(s->s, sig, order);
store_bignum(s->r, sig + order, order);
dump_signature("serialized", sig, *siglen);
DSA_SIG_free(s);
return 1;
}
/*
* Verifies signature passed as DSA_SIG structure
*
*/
int gost_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
BIGNUM *md = NULL, *tmp = NULL;
BIGNUM *q2 = NULL;
BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
BIGNUM *tmp2 = NULL, *tmp3 = NULL;
int ok = 0;
BN_CTX *ctx = BN_CTX_new();
if(!ctx) {
GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_CTX_start(ctx);
if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
goto err;
}
md = hashsum2bn(dgst);
tmp = BN_CTX_get(ctx);
v = BN_CTX_get(ctx);
q2 = BN_CTX_get(ctx);
z1 = BN_CTX_get(ctx);
z2 = BN_CTX_get(ctx);
tmp2 = BN_CTX_get(ctx);
tmp3 = BN_CTX_get(ctx);
u = BN_CTX_get(ctx);
if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_mod(tmp, md, dsa->q, ctx);
if (BN_is_zero(tmp)) {
BN_one(md);
}
BN_copy(q2, dsa->q);
BN_sub_word(q2, 2);
BN_mod_exp(v, md, q2, dsa->q, ctx);
BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
BN_sub(tmp, dsa->q, sig->r);
BN_mod_mul(z2, tmp, v, dsa->p, ctx);
BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
BN_mod(u, tmp3, dsa->q, ctx);
ok = (BN_cmp(u, sig->r) == 0);
if (!ok) {
GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
}
err:
if(md) BN_free(md);
if(ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return ok;
}
/*
* Computes public keys for GOST R 34.10-94 algorithm
*
*/
int gost94_compute_public(DSA *dsa)
{
/* Now fill algorithm parameters with correct values */
BN_CTX *ctx;
if (!dsa->g) {
GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
return 0;
}
ctx = BN_CTX_new();
if(!ctx) {
GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
return 0;
}
dsa->pub_key = BN_new();
if(!dsa->pub_key) {
GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
BN_CTX_free(ctx);
return 0;
}
/* Compute public key y = a^x mod p */
BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
BN_CTX_free(ctx);
return 1;
}
/*
* Fill GOST 94 params, searching them in R3410_paramset array
* by nid of paramset
*
*/
int fill_GOST94_params(DSA *dsa, int nid)
{
R3410_params *params = R3410_paramset;
while (params->nid != NID_undef && params->nid != nid)
params++;
if (params->nid == NID_undef) {
GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
return 0;
}
#define dump_signature(a,b,c)
if (dsa->p) {
BN_free(dsa->p);
}
dsa->p = NULL;
BN_dec2bn(&(dsa->p), params->p);
if (dsa->q) {
BN_free(dsa->q);
}
dsa->q = NULL;
BN_dec2bn(&(dsa->q), params->q);
if (dsa->g) {
BN_free(dsa->g);
}
dsa->g = NULL;
BN_dec2bn(&(dsa->g), params->a);
return 1;
}
/*
* Generate GOST R 34.10-94 keypair
*
*
*/
int gost_sign_keygen(DSA *dsa)
{
dsa->priv_key = BN_new();
if(!dsa->priv_key) {
GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
return 0;
}
BN_rand_range(dsa->priv_key, dsa->q);
return gost94_compute_public(dsa);
}
/* Unpack signature according to cryptocom rules */
/*-
DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
{
DSA_SIG *s;
s = DSA_SIG_new();
if (s == NULL)
{
GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
return(NULL);
}
s->r = getbnfrombuf(sig, siglen/2);
s->s = getbnfrombuf(sig + siglen/2, siglen/2);
return s;
}
*/
/* Unpack signature according to cryptopro rules */
DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
{
DSA_SIG *s;
s = DSA_SIG_new();
if (s == NULL) {
GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, GOST_R_NO_MEMORY);
return NULL;
}
s->s = getbnfrombuf(sig, siglen / 2);
s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
return s;
}
/* Convert little-endian byte array into bignum */
BIGNUM *hashsum2bn(const unsigned char *dgst)
{
unsigned char buf[32];
int i;
for (i = 0; i < 32; i++) {
buf[31 - i] = dgst[i];
}
return getbnfrombuf(buf, 32);
}
/* Convert byte buffer to bignum, skipping leading zeros*/
BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
{
while (*buf == 0 && len > 0) {
buf++;
len--;
}
if (len) {
return BN_bin2bn(buf, len, NULL);
} else {
BIGNUM *b = BN_new();
BN_zero(b);
return b;
}
}
/*
* Pack bignum into byte buffer of given size, filling all leading bytes by
* zeros
*/
int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
{
int bytes = BN_num_bytes(bn);
if (bytes > len)
return 0;
memset(buf, 0, len);
BN_bn2bin(bn, buf + len - bytes);
return 1;
}

268
engines/ccgost/gosthash.c
View File

@@ -1,268 +0,0 @@
/**********************************************************************
* gosthash.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Implementation of GOST R 34.11-94 hash function *
* uses on gost89.c and gost89.h Doesn't need OpenSSL *
**********************************************************************/
#include <string.h>
#include "gost89.h"
#include "gosthash.h"
/*
* Use OPENSSL_malloc for memory allocation if compiled with
* -DOPENSSL_BUILD, and libc malloc otherwise
*/
#ifndef MYALLOC
# ifdef OPENSSL_BUILD
# include <openssl/crypto.h>
# define MYALLOC(size) OPENSSL_malloc(size)
# define MYFREE(ptr) OPENSSL_free(ptr)
# else
# define MYALLOC(size) malloc(size)
# define MYFREE(ptr) free(ptr)
# endif
#endif
/*
* Following functions are various bit meshing routines used in GOST R
* 34.11-94 algorithms
*/
static void swap_bytes(byte * w, byte * k)
{
int i, j;
for (i = 0; i < 4; i++)
for (j = 0; j < 8; j++)
k[i + 4 * j] = w[8 * i + j];
}
/* was A_A */
static void circle_xor8(const byte * w, byte * k)
{
byte buf[8];
int i;
memcpy(buf, w, 8);
memmove(k, w + 8, 24);
for (i = 0; i < 8; i++)
k[i + 24] = buf[i] ^ k[i];
}
/* was R_R */
static void transform_3(byte * data)
{
unsigned short int acc;
acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
memmove(data, data + 2, 30);
data[30] = acc & 0xff;
data[31] = acc >> 8;
}
/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
static int add_blocks(int n, byte * left, const byte * right)
{
int i;
int carry = 0;
int sum;
for (i = 0; i < n; i++) {
sum = (int)left[i] + (int)right[i] + carry;
left[i] = sum & 0xff;
carry = sum >> 8;
}
return carry;
}
/* Xor two sequences of bytes */
static void xor_blocks(byte * result, const byte * a, const byte * b,
size_t len)
{
size_t i;
for (i = 0; i < len; i++)
result[i] = a[i] ^ b[i];
}
/*
* Calculate H(i+1) = Hash(Hi,Mi)
* Where H and M are 32 bytes long
*/
static int hash_step(gost_ctx * c, byte * H, const byte * M)
{
byte U[32], W[32], V[32], S[32], Key[32];
int i;
/* Compute first key */
xor_blocks(W, H, M, 32);
swap_bytes(W, Key);
/* Encrypt first 8 bytes of H with first key */
gost_enc_with_key(c, Key, H, S);
/* Compute second key */
circle_xor8(H, U);
circle_xor8(M, V);
circle_xor8(V, V);
xor_blocks(W, U, V, 32);
swap_bytes(W, Key);
/* encrypt second 8 bytes of H with second key */
gost_enc_with_key(c, Key, H + 8, S + 8);
/* compute third key */
circle_xor8(U, U);
U[31] = ~U[31];
U[29] = ~U[29];
U[28] = ~U[28];
U[24] = ~U[24];
U[23] = ~U[23];
U[20] = ~U[20];
U[18] = ~U[18];
U[17] = ~U[17];
U[14] = ~U[14];
U[12] = ~U[12];
U[10] = ~U[10];
U[8] = ~U[8];
U[7] = ~U[7];
U[5] = ~U[5];
U[3] = ~U[3];
U[1] = ~U[1];
circle_xor8(V, V);
circle_xor8(V, V);
xor_blocks(W, U, V, 32);
swap_bytes(W, Key);
/* encrypt third 8 bytes of H with third key */
gost_enc_with_key(c, Key, H + 16, S + 16);
/* Compute fourth key */
circle_xor8(U, U);
circle_xor8(V, V);
circle_xor8(V, V);
xor_blocks(W, U, V, 32);
swap_bytes(W, Key);
/* Encrypt last 8 bytes with fourth key */
gost_enc_with_key(c, Key, H + 24, S + 24);
for (i = 0; i < 12; i++)
transform_3(S);
xor_blocks(S, S, M, 32);
transform_3(S);
xor_blocks(S, S, H, 32);
for (i = 0; i < 61; i++)
transform_3(S);
memcpy(H, S, 32);
return 1;
}
/*
* Initialize gost_hash ctx - cleans up temporary structures and set up
* substitution blocks
*/
int init_gost_hash_ctx(gost_hash_ctx * ctx,
const gost_subst_block * subst_block)
{
memset(ctx, 0, sizeof(gost_hash_ctx));
ctx->cipher_ctx = (gost_ctx *) MYALLOC(sizeof(gost_ctx));
if (!ctx->cipher_ctx) {
return 0;
}
gost_init(ctx->cipher_ctx, subst_block);
return 1;
}
/*
* Free cipher CTX if it is dynamically allocated. Do not use
* if cipher ctx is statically allocated as in OpenSSL implementation of
* GOST hash algroritm
*
*/
void done_gost_hash_ctx(gost_hash_ctx * ctx)
{
/*
* No need to use gost_destroy, because cipher keys are not really secret
* when hashing
*/
MYFREE(ctx->cipher_ctx);
}
/*
* reset state of hash context to begin hashing new message
*/
int start_hash(gost_hash_ctx * ctx)
{
if (!ctx->cipher_ctx)
return 0;
memset(&(ctx->H), 0, 32);
memset(&(ctx->S), 0, 32);
ctx->len = 0L;
ctx->left = 0;
return 1;
}
/*
* Hash block of arbitrary length
*
*
*/
int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length)
{
if (ctx->left) {
/*
* There are some bytes from previous step
*/
unsigned int add_bytes = 32 - ctx->left;
if (add_bytes > length) {
add_bytes = length;
}
memcpy(&(ctx->remainder[ctx->left]), block, add_bytes);
ctx->left += add_bytes;
if (ctx->left < 32) {
return 1;
}
block += add_bytes;
length -= add_bytes;
hash_step(ctx->cipher_ctx, ctx->H, ctx->remainder);
add_blocks(32, ctx->S, ctx->remainder);
ctx->len += 32;
ctx->left = 0;
}
while (length >= 32) {
hash_step(ctx->cipher_ctx, ctx->H, block);
add_blocks(32, ctx->S, block);
ctx->len += 32;
block += 32;
length -= 32;
}
if (length) {
memcpy(ctx->remainder, block, ctx->left = length);
}
return 1;
}
/*
* Compute hash value from current state of ctx
* state of hash ctx becomes invalid and cannot be used for further
* hashing.
*/
int finish_hash(gost_hash_ctx * ctx, byte * hashval)
{
byte buf[32];
byte H[32];
byte S[32];
ghosthash_len fin_len = ctx->len;
byte *bptr;
memcpy(H, ctx->H, 32);
memcpy(S, ctx->S, 32);
if (ctx->left) {
memset(buf, 0, 32);
memcpy(buf, ctx->remainder, ctx->left);
hash_step(ctx->cipher_ctx, H, buf);
add_blocks(32, S, buf);
fin_len += ctx->left;
}
memset(buf, 0, 32);
bptr = buf;
fin_len <<= 3; /* Hash length in BITS!! */
while (fin_len > 0) {
*(bptr++) = (byte) (fin_len & 0xFF);
fin_len >>= 8;
};
hash_step(ctx->cipher_ctx, H, buf);
hash_step(ctx->cipher_ctx, H, S);
memcpy(hashval, H, 32);
return 1;
}

52
engines/ccgost/gosthash.h
View File

@@ -1,52 +0,0 @@
/**********************************************************************
* gosthash.h *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Declaration of GOST R 34.11-94 hash functions *
* uses and gost89.h Doesn't need OpenSSL *
**********************************************************************/
#ifndef GOSTHASH_H
# define GOSTHASH_H
# include "gost89.h"
# include <stdlib.h>
# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
typedef __int64 ghosthash_len;
# elif defined(__arch64__)
typedef long ghosthash_len;
# else
typedef long long ghosthash_len;
# endif
typedef struct gost_hash_ctx {
ghosthash_len len;
gost_ctx *cipher_ctx;
int left;
byte H[32];
byte S[32];
byte remainder[32];
} gost_hash_ctx;
/* Initalizes gost hash ctx, including creation of gost cipher ctx */
int init_gost_hash_ctx(gost_hash_ctx * ctx,
const gost_subst_block * subst_block);
void done_gost_hash_ctx(gost_hash_ctx * ctx);
/*
* Cleans up all fields, except cipher ctx preparing ctx for computing of new
* hash value
*/
int start_hash(gost_hash_ctx * ctx);
/* Hashes block of data */
int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length);
/*
* Finalizes computation of hash and fills buffer (which should be at least
* 32 bytes long) with value of computed hash.
*/
int finish_hash(gost_hash_ctx * ctx, byte * hashval);
#endif

187
engines/ccgost/gostsum.c
View File

@@ -1,187 +0,0 @@
/**********************************************************************
* gostsum.c *
* Copyright (c) 2005-2006 Cryptocom LTD *
* This file is distributed under the same license as OpenSSL *
* *
* Almost drop-in replacement for md5sum and sha1sum *
* which computes GOST R 34.11-94 hashsum instead *
* *
**********************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <limits.h>
#include <fcntl.h>
#include <string.h>
#include "gosthash.h"
#define BUF_SIZE 262144
int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode);
int hash_stream(gost_hash_ctx * ctx, int fd, char *sum);
int get_line(FILE *f, char *hash, char *filename);
void help()
{
fprintf(stderr, "gostsum [-bvt] [-c [file]]| [files]\n"
"\t-c check message digests (default is generate)\n"
"\t-v verbose, print file names when checking\n"
"\t-b read files in binary mode\n"
"\t-t use test GOST paramset (default is CryptoPro paramset)\n"
"The input for -c should be the list of message digests and file names\n"
"that is printed on stdout by this program when it generates digests.\n");
exit(3);
}
#ifndef O_BINARY
# define O_BINARY 0
#endif
int main(int argc, char **argv)
{
int c, i;
int verbose = 0;
int errors = 0;
int open_mode = O_RDONLY;
gost_subst_block *b = &GostR3411_94_CryptoProParamSet;
FILE *check_file = NULL;
gost_hash_ctx ctx;
while ((c = getopt(argc, argv, "bc::tv")) != -1) {
switch (c) {
case 'v':
verbose = 1;
break;
case 't':
b = &GostR3411_94_TestParamSet;
break;
case 'b':
open_mode |= O_BINARY;
break;
case 'c':
if (optarg) {
check_file = fopen(optarg, "r");
if (!check_file) {
perror(optarg);
exit(2);
}
} else {
check_file = stdin;
}
break;
default:
fprintf(stderr, "invalid option %c", optopt);
help();
}
}
init_gost_hash_ctx(&ctx, b);
if (check_file) {
char inhash[65], calcsum[65], filename[PATH_MAX];
int failcount = 0, count = 0;;
if (check_file == stdin && optind < argc) {
check_file = fopen(argv[optind], "r");
if (!check_file) {
perror(argv[optind]);
exit(2);
}
}
while (get_line(check_file, inhash, filename)) {
if (!hash_file(&ctx, filename, calcsum, open_mode)) {
exit(2);
}
count++;
if (!strncmp(calcsum, inhash, 65)) {
if (verbose) {
fprintf(stderr, "%s\tOK\n", filename);
}
} else {
if (verbose) {
fprintf(stderr, "%s\tFAILED\n", filename);
} else {
fprintf(stderr,
"%s: GOST hash sum check failed for '%s'\n",
argv[0], filename);
}
failcount++;
}
}
if (verbose && failcount) {
fprintf(stderr,
"%s: %d of %d file(f) failed GOST hash sum check\n",
argv[0], failcount, count);
}
exit(failcount ? 1 : 0);
}
if (optind == argc) {
char sum[65];
if (!hash_stream(&ctx, fileno(stdin), sum)) {
perror("stdin");
exit(1);
}
printf("%s -\n", sum);
exit(0);
}
for (i = optind; i < argc; i++) {
char sum[65];
if (!hash_file(&ctx, argv[i], sum, open_mode)) {
errors++;
} else {
printf("%s %s\n", sum, argv[i]);
}
}
exit(errors ? 1 : 0);
}
int hash_file(gost_hash_ctx * ctx, char *filename, char *sum, int mode)
{
int fd;
if ((fd = open(filename, mode)) < 0) {
perror(filename);
return 0;
}
if (!hash_stream(ctx, fd, sum)) {
perror(filename);
return 0;
}
close(fd);
return 1;
}
int hash_stream(gost_hash_ctx * ctx, int fd, char *sum)
{
unsigned char buffer[BUF_SIZE];
ssize_t bytes;
int i;
start_hash(ctx);
while ((bytes = read(fd, buffer, BUF_SIZE)) > 0) {
hash_block(ctx, buffer, bytes);
}
if (bytes < 0) {
return 0;
}
finish_hash(ctx, buffer);
for (i = 0; i < 32; i++) {
sprintf(sum + 2 * i, "%02x", buffer[31 - i]);
}
return 1;
}
int get_line(FILE *f, char *hash, char *filename)
{
int i;
if (fread(hash, 1, 64, f) < 64)
return 0;
hash[64] = 0;
for (i = 0; i < 64; i++) {
if (hash[i] < '0' || (hash[i] > '9' && hash[i] < 'A')
|| (hash[i] > 'F' && hash[i] < 'a') || hash[i] > 'f') {
fprintf(stderr, "Not a hash value '%s'\n", hash);
return 0;
}
}
if (fgetc(f) != ' ') {
fprintf(stderr, "Malformed input line\n");
return 0;
}
i = strlen(fgets(filename, PATH_MAX, f));
while (filename[--i] == '\n' || filename[i] == '\r')
filename[i] = 0;
return 1;
}

BIN
engines/ccgost/libgost.dylib
View File

Binary file not shown.

952
engines/e_4758cca.c
View File

@@ -1,952 +0,0 @@
/* Author: Maurice Gittens <maurice@gittens.nl> */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_4758_CCA
# ifdef FLAT_INC
# include "hw_4758_cca.h"
# else
# include "vendor_defns/hw_4758_cca.h"
# endif
# include "e_4758cca_err.c"
static int ibm_4758_cca_destroy(ENGINE *e);
static int ibm_4758_cca_init(ENGINE *e);
static int ibm_4758_cca_finish(ENGINE *e);
static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void));
/* rsa functions */
/* -------------*/
# ifndef OPENSSL_NO_RSA
static int cca_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cca_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa);
static int cca_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa);
/* utility functions */
/* ---------------------*/
static EVP_PKEY *ibm_4758_load_privkey(ENGINE *, const char *,
UI_METHOD *ui_method,
void *callback_data);
static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *, const char *,
UI_METHOD *ui_method,
void *callback_data);
static int getModulusAndExponent(const unsigned char *token,
long *exponentLength,
unsigned char *exponent, long *modulusLength,
long *modulusFieldLength,
unsigned char *modulus);
# endif
/* RAND number functions */
/* ---------------------*/
static int cca_get_random_bytes(unsigned char *, int);
static int cca_random_status(void);
# ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
# endif
/* Function pointers for CCA verbs */
/* -------------------------------*/
# ifndef OPENSSL_NO_RSA
static F_KEYRECORDREAD keyRecordRead;
static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
static F_PUBLICKEYEXTRACT publicKeyExtract;
static F_PKAENCRYPT pkaEncrypt;
static F_PKADECRYPT pkaDecrypt;
# endif
static F_RANDOMNUMBERGENERATE randomNumberGenerate;
/* static variables */
/* ----------------*/
static const char *CCA4758_LIB_NAME = NULL;
static const char *get_CCA4758_LIB_NAME(void)
{
if (CCA4758_LIB_NAME)
return CCA4758_LIB_NAME;
return CCA_LIB_NAME;
}
static void free_CCA4758_LIB_NAME(void)
{
if (CCA4758_LIB_NAME)
OPENSSL_free((void *)CCA4758_LIB_NAME);
CCA4758_LIB_NAME = NULL;
}
static long set_CCA4758_LIB_NAME(const char *name)
{
free_CCA4758_LIB_NAME();
return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
}
# ifndef OPENSSL_NO_RSA
static const char *n_keyRecordRead = CSNDKRR;
static const char *n_digitalSignatureGenerate = CSNDDSG;
static const char *n_digitalSignatureVerify = CSNDDSV;
static const char *n_publicKeyExtract = CSNDPKX;
static const char *n_pkaEncrypt = CSNDPKE;
static const char *n_pkaDecrypt = CSNDPKD;
# endif
static const char *n_randomNumberGenerate = CSNBRNG;
# ifndef OPENSSL_NO_RSA
static int hndidx = -1;
# endif
static DSO *dso = NULL;
/* openssl engine initialization structures */
/* ----------------------------------------*/
# define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
{CCA4758_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the '4758cca' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
static RSA_METHOD ibm_4758_cca_rsa = {
"IBM 4758 CCA RSA method",
cca_rsa_pub_enc,
NULL,
NULL,
cca_rsa_priv_dec,
NULL, /* rsa_mod_exp, */
NULL, /* mod_exp_mont, */
NULL, /* init */
NULL, /* finish */
RSA_FLAG_SIGN_VER, /* flags */
NULL, /* app_data */
cca_rsa_sign, /* rsa_sign */
cca_rsa_verify, /* rsa_verify */
NULL /* rsa_keygen */
};
# endif
static RAND_METHOD ibm_4758_cca_rand = {
/* "IBM 4758 RAND method", */
NULL, /* seed */
cca_get_random_bytes, /* get random bytes from the card */
NULL, /* cleanup */
NULL, /* add */
cca_get_random_bytes, /* pseudo rand */
cca_random_status, /* status */
};
static const char *engine_4758_cca_id = "4758cca";
static const char *engine_4758_cca_name =
"IBM 4758 CCA hardware engine support";
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Compatibility hack, the dynamic library uses this form in the path */
static const char *engine_4758_cca_id_alt = "4758_cca";
# endif
/* engine implementation */
/* ---------------------*/
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_4758_cca_id) ||
!ENGINE_set_name(e, engine_4758_cca_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
# endif
!ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
!ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
!ENGINE_set_init_function(e, ibm_4758_cca_init) ||
!ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
!ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
!ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
# endif
!ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
return 0;
/* Ensure the error handling is set up */
ERR_load_CCA4758_strings();
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_4758_cca(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_4758cca(void)
{
ENGINE *e_4758 = engine_4758_cca();
if (!e_4758)
return;
ENGINE_add(e_4758);
ENGINE_free(e_4758);
ERR_clear_error();
}
# endif
static int ibm_4758_cca_destroy(ENGINE *e)
{
ERR_unload_CCA4758_strings();
free_CCA4758_LIB_NAME();
return 1;
}
static int ibm_4758_cca_init(ENGINE *e)
{
if (dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED);
goto err;
}
dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
if (!dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# ifndef OPENSSL_NO_RSA
if (!(keyRecordRead = (F_KEYRECORDREAD)
DSO_bind_func(dso, n_keyRecordRead)) ||
!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
DSO_bind_func(dso, n_randomNumberGenerate)) ||
!(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
!(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
DSO_bind_func(dso, n_digitalSignatureVerify)) ||
!(publicKeyExtract = (F_PUBLICKEYEXTRACT)
DSO_bind_func(dso, n_publicKeyExtract)) ||
!(pkaEncrypt = (F_PKAENCRYPT)
DSO_bind_func(dso, n_pkaEncrypt)) || !(pkaDecrypt = (F_PKADECRYPT)
DSO_bind_func(dso,
n_pkaDecrypt)))
{
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# else
if (!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
DSO_bind_func(dso, n_randomNumberGenerate))) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# endif
# ifndef OPENSSL_NO_RSA
hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
NULL, NULL, cca_ex_free);
# endif
return 1;
err:
if (dso)
DSO_free(dso);
dso = NULL;
# ifndef OPENSSL_NO_RSA
keyRecordRead = (F_KEYRECORDREAD) 0;
digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
pkaEncrypt = (F_PKAENCRYPT) 0;
pkaDecrypt = (F_PKADECRYPT) 0;
# endif
randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
return 0;
}
static int ibm_4758_cca_finish(ENGINE *e)
{
free_CCA4758_LIB_NAME();
if (!dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED);
return 0;
}
if (!DSO_free(dso)) {
CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_UNIT_FAILURE);
return 0;
}
dso = NULL;
# ifndef OPENSSL_NO_RSA
keyRecordRead = (F_KEYRECORDREAD) 0;
randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
pkaEncrypt = (F_PKAENCRYPT) 0;
pkaDecrypt = (F_PKADECRYPT) 0;
# endif
randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
return 1;
}
static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void))
{
int initialised = ((dso == NULL) ? 0 : 1);
switch (cmd) {
case CCA4758_CMD_SO_PATH:
if (p == NULL) {
CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, CCA4758_R_ALREADY_LOADED);
return 0;
}
return set_CCA4758_LIB_NAME((const char *)p);
default:
break;
}
CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
CCA4758_R_COMMAND_NOT_IMPLEMENTED);
return 0;
}
# ifndef OPENSSL_NO_RSA
# define MAX_CCA_PKA_TOKEN_SIZE 2500
static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data)
{
RSA *rtmp = NULL;
EVP_PKEY *res = NULL;
unsigned char *keyToken = NULL;
unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
long returnCode;
long reasonCode;
long exitDataLength = 0;
long ruleArrayLength = 0;
unsigned char exitData[8];
unsigned char ruleArray[8];
unsigned char keyLabel[64];
unsigned long keyLabelLength = strlen(key_id);
unsigned char modulus[256];
long modulusFieldLength = sizeof(modulus);
long modulusLength = 0;
unsigned char exponent[256];
long exponentLength = sizeof(exponent);
if (keyLabelLength > sizeof(keyLabel)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return NULL;
}
memset(keyLabel, ' ', sizeof(keyLabel));
memcpy(keyLabel, key_id, keyLabelLength);
keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
if (!keyToken) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray, keyLabel,
&keyTokenLength, keyToken + sizeof(long));
if (returnCode) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
keyToken + sizeof(long), &pubKeyTokenLength,
pubKeyToken);
if (returnCode) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
if (!getModulusAndExponent(pubKeyToken, &exponentLength,
exponent, &modulusLength, &modulusFieldLength,
modulus)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
rtmp->flags |= RSA_FLAG_EXT_PKEY;
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rtmp);
return res;
err:
if (keyToken)
OPENSSL_free(keyToken);
return NULL;
}
static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method,
void *callback_data)
{
RSA *rtmp = NULL;
EVP_PKEY *res = NULL;
unsigned char *keyToken = NULL;
long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
long returnCode;
long reasonCode;
long exitDataLength = 0;
long ruleArrayLength = 0;
unsigned char exitData[8];
unsigned char ruleArray[8];
unsigned char keyLabel[64];
unsigned long keyLabelLength = strlen(key_id);
unsigned char modulus[512];
long modulusFieldLength = sizeof(modulus);
long modulusLength = 0;
unsigned char exponent[512];
long exponentLength = sizeof(exponent);
if (keyLabelLength > sizeof(keyLabel)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return NULL;
}
memset(keyLabel, ' ', sizeof(keyLabel));
memcpy(keyLabel, key_id, keyLabelLength);
keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
if (!keyToken) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
&ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
keyToken + sizeof(long));
if (returnCode) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength,
exponent, &modulusLength, &modulusFieldLength,
modulus)) {
CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
goto err;
}
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
rtmp->flags |= RSA_FLAG_EXT_PKEY;
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rtmp);
return res;
err:
if (keyToken)
OPENSSL_free(keyToken);
return NULL;
}
static int cca_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
long returnCode;
long reasonCode;
long lflen = flen;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.2";
long dataStructureLength = 0;
unsigned char dataStructure[8];
long outputLength = RSA_size(rsa);
long keyTokenLength;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
&ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
&dataStructureLength, dataStructure, &keyTokenLength,
keyToken, &outputLength, to);
if (returnCode || reasonCode)
return -(returnCode << 16 | reasonCode);
return outputLength;
}
static int cca_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
long returnCode;
long reasonCode;
long lflen = flen;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.2";
long dataStructureLength = 0;
unsigned char dataStructure[8];
long outputLength = RSA_size(rsa);
long keyTokenLength;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
&ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
&dataStructureLength, dataStructure, &keyTokenLength,
keyToken, &outputLength, to);
return (returnCode | reasonCode) ? 0 : 1;
}
# define SSL_SIG_LEN 36
static int cca_rsa_verify(int type, const unsigned char *m,
unsigned int m_len, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa)
{
long returnCode;
long reasonCode;
long lsiglen = siglen;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.1";
long keyTokenLength;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
long length = SSL_SIG_LEN;
long keyLength;
unsigned char *hashBuffer = NULL;
X509_SIG sig;
ASN1_TYPE parameter;
X509_ALGOR algorithm;
ASN1_OCTET_STRING digest;
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
if (type == NID_md5 || type == NID_sha1) {
sig.algor = &algorithm;
algorithm.algorithm = OBJ_nid2obj(type);
if (!algorithm.algorithm) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
if (!algorithm.algorithm->length) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
return 0;
}
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
algorithm.parameter = &parameter;
sig.digest = &digest;
sig.digest->data = (unsigned char *)m;
sig.digest->length = m_len;
length = i2d_X509_SIG(&sig, NULL);
}
keyLength = RSA_size(rsa);
if (length - RSA_PKCS1_PADDING > keyLength) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
switch (type) {
case NID_md5_sha1:
if (m_len != SSL_SIG_LEN) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
hashBuffer = (unsigned char *)m;
length = m_len;
break;
case NID_md5:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
case NID_sha1:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
default:
return 0;
}
digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray,
&keyTokenLength, keyToken, &length, hashBuffer,
&lsiglen, (unsigned char *)sigbuf);
if (type == NID_sha1 || type == NID_md5) {
OPENSSL_cleanse(hashBuffer, keyLength + 1);
OPENSSL_free(hashBuffer);
}
return ((returnCode || reasonCode) ? 0 : 1);
}
# define SSL_SIG_LEN 36
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa)
{
long returnCode;
long reasonCode;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.1";
long outputLength = 256;
long outputBitLength;
long keyTokenLength;
unsigned char *hashBuffer = NULL;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
long length = SSL_SIG_LEN;
long keyLength;
X509_SIG sig;
ASN1_TYPE parameter;
X509_ALGOR algorithm;
ASN1_OCTET_STRING digest;
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
if (type == NID_md5 || type == NID_sha1) {
sig.algor = &algorithm;
algorithm.algorithm = OBJ_nid2obj(type);
if (!algorithm.algorithm) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
if (!algorithm.algorithm->length) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
return 0;
}
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
algorithm.parameter = &parameter;
sig.digest = &digest;
sig.digest->data = (unsigned char *)m;
sig.digest->length = m_len;
length = i2d_X509_SIG(&sig, NULL);
}
keyLength = RSA_size(rsa);
if (length - RSA_PKCS1_PADDING > keyLength) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
switch (type) {
case NID_md5_sha1:
if (m_len != SSL_SIG_LEN) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
hashBuffer = (unsigned char *)m;
length = m_len;
break;
case NID_md5:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
case NID_sha1:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
default:
return 0;
}
digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray,
&keyTokenLength, keyToken, &length, hashBuffer,
&outputLength, &outputBitLength, sigret);
if (type == NID_sha1 || type == NID_md5) {
OPENSSL_cleanse(hashBuffer, keyLength + 1);
OPENSSL_free(hashBuffer);
}
*siglen = outputLength;
return ((returnCode || reasonCode) ? 0 : 1);
}
static int getModulusAndExponent(const unsigned char *token,
long *exponentLength,
unsigned char *exponent, long *modulusLength,
long *modulusFieldLength,
unsigned char *modulus)
{
unsigned long len;
if (*token++ != (char)0x1E) /* internal PKA token? */
return 0;
if (*token++) /* token version must be zero */
return 0;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
token += 4; /* skip reserved bytes */
if (*token++ == (char)0x04) {
if (*token++) /* token version must be zero */
return 0;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
token += 2; /* skip reserved section */
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
*exponentLength = len;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
*modulusLength = len;
len = *token++;
len = len << 8;
len |= (unsigned char)*token++;
*modulusFieldLength = len;
memcpy(exponent, token, *exponentLength);
token += *exponentLength;
memcpy(modulus, token, *modulusFieldLength);
return 1;
}
return 0;
}
# endif /* OPENSSL_NO_RSA */
static int cca_random_status(void)
{
return 1;
}
static int cca_get_random_bytes(unsigned char *buf, int num)
{
long ret_code;
long reason_code;
long exit_data_length;
unsigned char exit_data[4];
unsigned char form[] = "RANDOM ";
unsigned char rand_buf[8];
while (num >= (int)sizeof(rand_buf)) {
randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
exit_data, form, rand_buf);
if (ret_code)
return 0;
num -= sizeof(rand_buf);
memcpy(buf, rand_buf, sizeof(rand_buf));
buf += sizeof(rand_buf);
}
if (num) {
randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
form, rand_buf);
if (ret_code)
return 0;
memcpy(buf, rand_buf, num);
}
return 1;
}
# ifndef OPENSSL_NO_RSA
static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
long argl, void *argp)
{
if (item)
OPENSSL_free(item);
}
# endif
/* Goo to handle building as a dynamic engine */
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_4758_cca_id) != 0) &&
(strcmp(id, engine_4758_cca_id_alt) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
# endif /* !OPENSSL_NO_HW_4758_CCA */
#endif /* !OPENSSL_NO_HW */

1
engines/e_4758cca.ec
View File

@@ -1 +0,0 @@
L CCA4758 e_4758cca_err.h e_4758cca_err.c

153
engines/e_4758cca_err.c
View File

@@ -1,153 +0,0 @@
/* e_4758cca_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_4758cca_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA CCA4758_str_functs[] = {
{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
{0, NULL}
};
static ERR_STRING_DATA CCA4758_str_reasons[] = {
{ERR_REASON(CCA4758_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),
"asn1 oid unknown for md"},
{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),
"command not implemented"},
{ERR_REASON(CCA4758_R_DSO_FAILURE), "dso failure"},
{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),
"failed loading private key"},
{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),
"failed loading public key"},
{ERR_REASON(CCA4758_R_NOT_LOADED), "not loaded"},
{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
"size too large or too small"},
{ERR_REASON(CCA4758_R_UNIT_FAILURE), "unit failure"},
{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
{0, NULL}
};
#endif
#ifdef CCA4758_LIB_NAME
static ERR_STRING_DATA CCA4758_lib_name[] = {
{0, CCA4758_LIB_NAME},
{0, NULL}
};
#endif
static int CCA4758_lib_error_code = 0;
static int CCA4758_error_init = 1;
static void ERR_load_CCA4758_strings(void)
{
if (CCA4758_lib_error_code == 0)
CCA4758_lib_error_code = ERR_get_next_error_library();
if (CCA4758_error_init) {
CCA4758_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_functs);
ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
#endif
#ifdef CCA4758_LIB_NAME
CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code, 0, 0);
ERR_load_strings(0, CCA4758_lib_name);
#endif
}
}
static void ERR_unload_CCA4758_strings(void)
{
if (CCA4758_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_functs);
ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
#endif
#ifdef CCA4758_LIB_NAME
ERR_unload_strings(0, CCA4758_lib_name);
#endif
CCA4758_error_init = 1;
}
}
static void ERR_CCA4758_error(int function, int reason, char *file, int line)
{
if (CCA4758_lib_error_code == 0)
CCA4758_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(CCA4758_lib_error_code, function, reason, file, line);
}

98
engines/e_4758cca_err.h
View File

@@ -1,98 +0,0 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_CCA4758_ERR_H
# define HEADER_CCA4758_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CCA4758_strings(void);
static void ERR_unload_CCA4758_strings(void);
static void ERR_CCA4758_error(int function, int reason, char *file, int line);
# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CCA4758 functions. */
/* Function codes. */
# define CCA4758_F_CCA_RSA_SIGN 105
# define CCA4758_F_CCA_RSA_VERIFY 106
# define CCA4758_F_IBM_4758_CCA_CTRL 100
# define CCA4758_F_IBM_4758_CCA_FINISH 101
# define CCA4758_F_IBM_4758_CCA_INIT 102
# define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
# define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
/* Reason codes. */
# define CCA4758_R_ALREADY_LOADED 100
# define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
# define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
# define CCA4758_R_DSO_FAILURE 103
# define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
# define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
# define CCA4758_R_NOT_LOADED 106
# define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
# define CCA4758_R_UNIT_FAILURE 108
# define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
#ifdef __cplusplus
}
#endif
#endif

1166
engines/e_aep.c
View File

File diff suppressed because it is too large Load Diff

1
engines/e_aep.ec
View File

@@ -1 +0,0 @@
L AEPHK e_aep_err.h e_aep_err.c

159
engines/e_aep_err.c
View File

@@ -1,159 +0,0 @@
/* e_aep_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_aep_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA AEPHK_str_functs[] = {
{ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
{ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
{ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
{ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
{ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
{ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
{ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
{ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA AEPHK_str_reasons[] = {
{ERR_REASON(AEPHK_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED), "close handles failed"},
{ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE), "connections in use"},
{ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(AEPHK_R_FINALIZE_FAILED), "finalize failed"},
{ERR_REASON(AEPHK_R_GET_HANDLE_FAILED), "get handle failed"},
{ERR_REASON(AEPHK_R_GET_RANDOM_FAILED), "get random failed"},
{ERR_REASON(AEPHK_R_INIT_FAILURE), "init failure"},
{ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED), "mod exp crt failed"},
{ERR_REASON(AEPHK_R_MOD_EXP_FAILED), "mod exp failed"},
{ERR_REASON(AEPHK_R_NOT_LOADED), "not loaded"},
{ERR_REASON(AEPHK_R_OK), "ok"},
{ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),
"return connection failed"},
{ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE), "setbncallback failure"},
{ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
"size too large or too small"},
{ERR_REASON(AEPHK_R_UNIT_FAILURE), "unit failure"},
{0, NULL}
};
#endif
#ifdef AEPHK_LIB_NAME
static ERR_STRING_DATA AEPHK_lib_name[] = {
{0, AEPHK_LIB_NAME},
{0, NULL}
};
#endif
static int AEPHK_lib_error_code = 0;
static int AEPHK_error_init = 1;
static void ERR_load_AEPHK_strings(void)
{
if (AEPHK_lib_error_code == 0)
AEPHK_lib_error_code = ERR_get_next_error_library();
if (AEPHK_error_init) {
AEPHK_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_functs);
ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
#endif
#ifdef AEPHK_LIB_NAME
AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code, 0, 0);
ERR_load_strings(0, AEPHK_lib_name);
#endif
}
}
static void ERR_unload_AEPHK_strings(void)
{
if (AEPHK_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_functs);
ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
#endif
#ifdef AEPHK_LIB_NAME
ERR_unload_strings(0, AEPHK_lib_name);
#endif
AEPHK_error_init = 1;
}
}
static void ERR_AEPHK_error(int function, int reason, char *file, int line)
{
if (AEPHK_lib_error_code == 0)
AEPHK_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(AEPHK_lib_error_code, function, reason, file, line);
}

106
engines/e_aep_err.h
View File

@@ -1,106 +0,0 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_AEPHK_ERR_H
# define HEADER_AEPHK_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_AEPHK_strings(void);
static void ERR_unload_AEPHK_strings(void);
static void ERR_AEPHK_error(int function, int reason, char *file, int line);
# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
/* Error codes for the AEPHK functions. */
/* Function codes. */
# define AEPHK_F_AEP_CTRL 100
# define AEPHK_F_AEP_FINISH 101
# define AEPHK_F_AEP_GET_CONNECTION 102
# define AEPHK_F_AEP_INIT 103
# define AEPHK_F_AEP_MOD_EXP 104
# define AEPHK_F_AEP_MOD_EXP_CRT 105
# define AEPHK_F_AEP_RAND 106
# define AEPHK_F_AEP_RSA_MOD_EXP 107
/* Reason codes. */
# define AEPHK_R_ALREADY_LOADED 100
# define AEPHK_R_CLOSE_HANDLES_FAILED 101
# define AEPHK_R_CONNECTIONS_IN_USE 102
# define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define AEPHK_R_FINALIZE_FAILED 104
# define AEPHK_R_GET_HANDLE_FAILED 105
# define AEPHK_R_GET_RANDOM_FAILED 106
# define AEPHK_R_INIT_FAILURE 107
# define AEPHK_R_MISSING_KEY_COMPONENTS 108
# define AEPHK_R_MOD_EXP_CRT_FAILED 109
# define AEPHK_R_MOD_EXP_FAILED 110
# define AEPHK_R_NOT_LOADED 111
# define AEPHK_R_OK 112
# define AEPHK_R_RETURN_CONNECTION_FAILED 113
# define AEPHK_R_SETBNCALLBACK_FAILURE 114
# define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
# define AEPHK_R_UNIT_FAILURE 115
#ifdef __cplusplus
}
#endif
#endif

626
engines/e_atalla.c
View File

@@ -1,626 +0,0 @@
/* crypto/engine/hw_atalla.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_ATALLA
# ifdef FLAT_INC
# include "atalla.h"
# else
# include "vendor_defns/atalla.h"
# endif
# define ATALLA_LIB_NAME "atalla engine"
# include "e_atalla_err.c"
static int atalla_destroy(ENGINE *e);
static int atalla_init(ENGINE *e);
static int atalla_finish(ENGINE *e);
static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
/* BIGNUM stuff */
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
# ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
# ifndef OPENSSL_NO_DSA
/* DSA stuff */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
/* The definitions for control commands specific to this engine */
# define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
{ATALLA_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'atasi' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD atalla_rsa = {
"Atalla RSA method",
NULL,
NULL,
NULL,
NULL,
atalla_rsa_mod_exp,
atalla_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
# endif
# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD atalla_dsa = {
"Atalla DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
atalla_dsa_mod_exp, /* dsa_mod_exp */
atalla_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* app_data */
NULL, /* dsa_paramgen */
NULL /* dsa_keygen */
};
# endif
# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD atalla_dh = {
"Atalla DH method",
NULL,
NULL,
atalla_mod_exp_dh,
NULL,
NULL,
0,
NULL,
NULL
};
# endif
/* Constants used when creating the ENGINE */
static const char *engine_atalla_id = "atalla";
static const char *engine_atalla_name = "Atalla hardware engine support";
/*
* This internal function is used by ENGINE_atalla() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_atalla_id) ||
!ENGINE_set_name(e, engine_atalla_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &atalla_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &atalla_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &atalla_dh) ||
# endif
!ENGINE_set_destroy_function(e, atalla_destroy) ||
!ENGINE_set_init_function(e, atalla_init) ||
!ENGINE_set_finish_function(e, atalla_finish) ||
!ENGINE_set_ctrl_function(e, atalla_ctrl) ||
!ENGINE_set_cmd_defns(e, atalla_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* atalla-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
atalla_dh.generate_key = meth3->generate_key;
atalla_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the atalla error handling is set up */
ERR_load_ATALLA_strings();
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_atalla(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_atalla(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_atalla();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
/*
* This is a process-global DSO handle used for loading and unloading the
* Atalla library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *atalla_dso = NULL;
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics =
NULL;
/*
* These are the static string constants for the DSO file name and the
* function symbol names to bind to. Regrettably, the DSO name on *nix
* appears to be "atasi.so" rather than something more consistent like
* "libatasi.so". At the time of writing, I'm not sure what the file name on
* win32 is but clearly native name translation is not possible (eg
* libatasi.so on *nix, and atasi.dll on win32). For the purposes of testing,
* I have created a symbollic link called "libatasi.so" so that we can use
* native name-translation - a better solution will be needed.
*/
static const char *ATALLA_LIBNAME = NULL;
static const char *get_ATALLA_LIBNAME(void)
{
if (ATALLA_LIBNAME)
return ATALLA_LIBNAME;
return "atasi";
}
static void free_ATALLA_LIBNAME(void)
{
if (ATALLA_LIBNAME)
OPENSSL_free((void *)ATALLA_LIBNAME);
ATALLA_LIBNAME = NULL;
}
static long set_ATALLA_LIBNAME(const char *name)
{
free_ATALLA_LIBNAME();
return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
}
static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
/* Destructor (complements the "ENGINE_atalla()" constructor) */
static int atalla_destroy(ENGINE *e)
{
free_ATALLA_LIBNAME();
/*
* Unload the atalla error strings so any error state including our
* functs or reasons won't lead to a segfault (they simply get displayed
* without corresponding string data because none will be found).
*/
ERR_unload_ATALLA_strings();
return 1;
}
/* (de)initialisation functions. */
static int atalla_init(ENGINE *e)
{
tfnASI_GetHardwareConfig *p1;
tfnASI_RSAPrivateKeyOpFn *p2;
tfnASI_GetPerformanceStatistics *p3;
/*
* Not sure of the origin of this magic value, but Ben's code had it and
* it seemed to have been working for a few people. :-)
*/
unsigned int config_buf[1024];
if (atalla_dso != NULL) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_ALREADY_LOADED);
goto err;
}
/*
* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
* unfortunately because the Atalla drivers don't have standard library
* names that can be platform-translated well.
*/
/*
* TODO: Work out how to actually map to the names the Atalla drivers
* really use - for now a symbollic link needs to be created on the host
* system from libatasi.so to atasi.so on unix variants.
*/
atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
if (atalla_dso == NULL) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
goto err;
}
if (!
(p1 =
(tfnASI_GetHardwareConfig *) DSO_bind_func(atalla_dso, ATALLA_F1))
|| !(p2 = (tfnASI_RSAPrivateKeyOpFn *) DSO_bind_func(atalla_dso, ATALLA_F2))
|| !(p3 =
(tfnASI_GetPerformanceStatistics *) DSO_bind_func(atalla_dso,
ATALLA_F3))) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
goto err;
}
/* Copy the pointers */
p_Atalla_GetHardwareConfig = p1;
p_Atalla_RSAPrivateKeyOpFn = p2;
p_Atalla_GetPerformanceStatistics = p3;
/*
* Perform a basic test to see if there's actually any unit running.
*/
if (p1(0L, config_buf) != 0) {
ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_UNIT_FAILURE);
goto err;
}
/* Everything's fine. */
return 1;
err:
if (atalla_dso)
DSO_free(atalla_dso);
atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
return 0;
}
static int atalla_finish(ENGINE *e)
{
free_ATALLA_LIBNAME();
if (atalla_dso == NULL) {
ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_NOT_LOADED);
return 0;
}
if (!DSO_free(atalla_dso)) {
ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_UNIT_FAILURE);
return 0;
}
atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
return 1;
}
static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int initialised = ((atalla_dso == NULL) ? 0 : 1);
switch (cmd) {
case ATALLA_CMD_SO_PATH:
if (p == NULL) {
ATALLAerr(ATALLA_F_ATALLA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_ALREADY_LOADED);
return 0;
}
return set_ATALLA_LIBNAME((const char *)p);
default:
break;
}
ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/*
* I need somewhere to store temporary serialised values for use with the
* Atalla API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
* access their arrays directly as byte arrays <grin>. This way I don't
* have to clean anything up.
*/
BIGNUM *modulus;
BIGNUM *exponent;
BIGNUM *argument;
BIGNUM *result;
RSAPrivateKey keydata;
int to_return, numbytes;
modulus = exponent = argument = result = NULL;
to_return = 0; /* expect failure */
if (!atalla_dso) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_NOT_LOADED);
goto err;
}
/* Prepare the params */
BN_CTX_start(ctx);
modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if (!result) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_EXPAND_FAIL);
goto err;
}
/* Prepare the key-data */
memset(&keydata, 0, sizeof keydata);
numbytes = BN_num_bytes(m);
memset(exponent->d, 0, numbytes);
memset(modulus->d, 0, numbytes);
BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
keydata.privateExponent.data = (unsigned char *)exponent->d;
keydata.privateExponent.len = numbytes;
keydata.modulus.data = (unsigned char *)modulus->d;
keydata.modulus.len = numbytes;
/* Prepare the argument */
memset(argument->d, 0, numbytes);
memset(result->d, 0, numbytes);
BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
/* Perform the operation */
if (p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
(unsigned char *)argument->d,
keydata.modulus.len) != 0) {
ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, numbytes, r);
to_return = 1;
err:
BN_CTX_end(ctx);
return to_return;
}
# ifndef OPENSSL_NO_RSA
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
int to_return = 0;
if (!atalla_dso) {
ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP, ATALLA_R_NOT_LOADED);
goto err;
}
if (!rsa->d || !rsa->n) {
ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,
ATALLA_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
err:
return to_return;
}
# endif
# ifndef OPENSSL_NO_DSA
/*
* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
* doesn't have a CRT form for RSA), this function means that an Atalla
* system running with a DSA server certificate can handshake around 5 or 6
* times faster/more than an equivalent system running with RSA. Just check
* out the "signs" statistics from the RSA and DSA parts of "openssl speed
* -engine atalla dsa1024 rsa1024".
*/
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!atalla_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!atalla_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
# endif
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_atalla_id) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
# endif /* !OPENSSL_NO_HW_ATALLA */
#endif /* !OPENSSL_NO_HW */

1
engines/e_atalla.ec
View File

@@ -1 +0,0 @@
L ATALLA e_atalla_err.h e_atalla_err.c

145
engines/e_atalla_err.c
View File

@@ -1,145 +0,0 @@
/* e_atalla_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_atalla_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA ATALLA_str_functs[] = {
{ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
{ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
{ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
{ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
{ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA ATALLA_str_reasons[] = {
{ERR_REASON(ATALLA_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(ATALLA_R_BN_CTX_FULL), "bn ctx full"},
{ERR_REASON(ATALLA_R_BN_EXPAND_FAIL), "bn expand fail"},
{ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(ATALLA_R_NOT_LOADED), "not loaded"},
{ERR_REASON(ATALLA_R_REQUEST_FAILED), "request failed"},
{ERR_REASON(ATALLA_R_UNIT_FAILURE), "unit failure"},
{0, NULL}
};
#endif
#ifdef ATALLA_LIB_NAME
static ERR_STRING_DATA ATALLA_lib_name[] = {
{0, ATALLA_LIB_NAME},
{0, NULL}
};
#endif
static int ATALLA_lib_error_code = 0;
static int ATALLA_error_init = 1;
static void ERR_load_ATALLA_strings(void)
{
if (ATALLA_lib_error_code == 0)
ATALLA_lib_error_code = ERR_get_next_error_library();
if (ATALLA_error_init) {
ATALLA_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_functs);
ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
#endif
#ifdef ATALLA_LIB_NAME
ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code, 0, 0);
ERR_load_strings(0, ATALLA_lib_name);
#endif
}
}
static void ERR_unload_ATALLA_strings(void)
{
if (ATALLA_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_functs);
ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
#endif
#ifdef ATALLA_LIB_NAME
ERR_unload_strings(0, ATALLA_lib_name);
#endif
ATALLA_error_init = 1;
}
}
static void ERR_ATALLA_error(int function, int reason, char *file, int line)
{
if (ATALLA_lib_error_code == 0)
ATALLA_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(ATALLA_lib_error_code, function, reason, file, line);
}

94
engines/e_atalla_err.h
View File

@@ -1,94 +0,0 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ATALLA_ERR_H
# define HEADER_ATALLA_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_ATALLA_strings(void);
static void ERR_unload_ATALLA_strings(void);
static void ERR_ATALLA_error(int function, int reason, char *file, int line);
# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
/* Error codes for the ATALLA functions. */
/* Function codes. */
# define ATALLA_F_ATALLA_CTRL 100
# define ATALLA_F_ATALLA_FINISH 101
# define ATALLA_F_ATALLA_INIT 102
# define ATALLA_F_ATALLA_MOD_EXP 103
# define ATALLA_F_ATALLA_RSA_MOD_EXP 104
/* Reason codes. */
# define ATALLA_R_ALREADY_LOADED 100
# define ATALLA_R_BN_CTX_FULL 101
# define ATALLA_R_BN_EXPAND_FAIL 102
# define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define ATALLA_R_MISSING_KEY_COMPONENTS 104
# define ATALLA_R_NOT_LOADED 105
# define ATALLA_R_REQUEST_FAILED 106
# define ATALLA_R_UNIT_FAILURE 107
#ifdef __cplusplus
}
#endif
#endif

512
engines/e_capi.c
View File

@@ -1,80 +1,35 @@
/* engines/e_capi.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#ifdef _WIN32
# ifndef _WIN32_WINNT
# define _WIN32_WINNT 0x0400
# endif
# include <windows.h>
# include <wincrypt.h>
#include <openssl/crypto.h>
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
# include <malloc.h>
# ifndef alloca
# define alloca _alloca
# endif
# include <openssl/crypto.h>
#ifdef OPENSSL_SYS_WIN32
# ifndef OPENSSL_NO_CAPIENG
# include <openssl/buffer.h>
# include <openssl/bn.h>
# include <openssl/rsa.h>
# ifndef _WIN32_WINNT
# define _WIN32_WINNT 0x0400
# endif
# include <windows.h>
# include <wincrypt.h>
# include <malloc.h>
# ifndef alloca
# define alloca _alloca
# endif
# include <openssl/dsa.h>
/*
* This module uses several "new" interfaces, among which is
@@ -94,12 +49,11 @@
# define __COMPILE_CAPIENG
# endif /* CERT_KEY_PROV_INFO_PROP_ID */
# endif /* OPENSSL_NO_CAPIENG */
#endif /* OPENSSL_SYS_WIN32 */
#endif /* _WIN32 */
#ifdef __COMPILE_CAPIENG
# undef X509_EXTENSIONS
# undef X509_CERT_PAIR
/* Definitions which may be missing from earlier version of headers */
# ifndef CERT_STORE_OPEN_EXISTING_FLAG
@@ -114,6 +68,30 @@
# define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000
# endif
# ifndef ALG_SID_SHA_256
# define ALG_SID_SHA_256 12
# endif
# ifndef ALG_SID_SHA_384
# define ALG_SID_SHA_384 13
# endif
# ifndef ALG_SID_SHA_512
# define ALG_SID_SHA_512 14
# endif
# ifndef CALG_SHA_256
# define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
# endif
# ifndef CALG_SHA_384
# define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
# endif
# ifndef CALG_SHA_512
# define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
# endif
# ifndef PROV_RSA_AES
# define PROV_RSA_AES 24
# endif
# include <openssl/engine.h>
# include <openssl/pem.h>
# include <openssl/x509v3.h>
@@ -153,9 +131,11 @@ static int capi_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int capi_rsa_free(RSA *rsa);
# ifndef OPENSSL_NO_DSA
static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
DSA *dsa);
static int capi_dsa_free(DSA *dsa);
# endif
static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
@@ -168,6 +148,8 @@ static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
# endif
void engine_load_capi_int(void);
typedef PCCERT_CONTEXT(WINAPI *CERTDLG) (HCERTSTORE, HWND, LPCWSTR,
LPCWSTR, DWORD, DWORD, void *);
typedef HWND(WINAPI *GETCONSWIN) (void);
@@ -219,7 +201,7 @@ struct CAPI_CTX_st {
GETCONSWIN getconswindow;
};
static CAPI_CTX *capi_ctx_new();
static CAPI_CTX *capi_ctx_new(void);
static void capi_ctx_free(CAPI_CTX * ctx);
static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
int check);
@@ -312,12 +294,17 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
int ret = 1;
CAPI_CTX *ctx;
BIO *out;
LPSTR tmpstr;
if (capi_idx == -1) {
CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
return 0;
}
ctx = ENGINE_get_ex_data(e, capi_idx);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if (out == NULL) {
CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
return 0;
}
switch (cmd) {
case CAPI_CMD_LIST_CSPS:
ret = capi_list_providers(ctx, out);
@@ -336,10 +323,15 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
break;
case CAPI_CMD_STORE_NAME:
if (ctx->storename)
tmpstr = OPENSSL_strdup(p);
if (tmpstr != NULL) {
OPENSSL_free(ctx->storename);
ctx->storename = BUF_strdup(p);
CAPI_trace(ctx, "Setting store name to %s\n", p);
ctx->storename = tmpstr;
CAPI_trace(ctx, "Setting store name to %s\n", p);
} else {
CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
ret = 0;
}
break;
case CAPI_CMD_STORE_FLAGS:
@@ -359,8 +351,14 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
break;
case CAPI_CMD_DEBUG_FILE:
ctx->debug_file = BUF_strdup(p);
CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
tmpstr = OPENSSL_strdup(p);
if (tmpstr != NULL) {
ctx->debug_file = tmpstr;
CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
} else {
CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
ret = 0;
}
break;
case CAPI_CMD_KEYTYPE:
@@ -379,6 +377,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
case CAPI_CMD_LOOKUP_METHOD:
if (i < 1 || i > 3) {
CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
BIO_free(out);
return 0;
}
ctx->lookup_method = i;
@@ -402,42 +401,21 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
}
static RSA_METHOD capi_rsa_method = {
"CryptoAPI RSA method",
0, /* pub_enc */
0, /* pub_dec */
capi_rsa_priv_enc, /* priv_enc */
capi_rsa_priv_dec, /* priv_dec */
0, /* rsa_mod_exp */
0, /* bn_mod_exp */
0, /* init */
capi_rsa_free, /* finish */
RSA_FLAG_SIGN_VER, /* flags */
NULL, /* app_data */
capi_rsa_sign, /* rsa_sign */
0 /* rsa_verify */
};
static RSA_METHOD *capi_rsa_method = NULL;
# ifndef OPENSSL_NO_DSA
static DSA_METHOD *capi_dsa_method = NULL;
# endif
static DSA_METHOD capi_dsa_method = {
"CryptoAPI DSA method",
capi_dsa_do_sign, /* dsa_do_sign */
0, /* dsa_sign_setup */
0, /* dsa_do_verify */
0, /* dsa_mod_exp */
0, /* bn_mod_exp */
0, /* init */
capi_dsa_free, /* finish */
0, /* flags */
NULL, /* app_data */
0, /* dsa_paramgen */
0 /* dsa_keygen */
};
static int use_aes_csp = 0;
static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *ossl_dsa_meth;
# endif
HCRYPTPROV hprov;
if (capi_idx < 0) {
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
@@ -448,22 +426,41 @@ static int capi_init(ENGINE *e)
/* Setup RSA_METHOD */
rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_rsa_meth = RSA_PKCS1_SSLeay();
capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
ossl_rsa_meth = RSA_PKCS1_OpenSSL();
if ( !RSA_meth_set_pub_enc(capi_rsa_method,
RSA_meth_get_pub_enc(ossl_rsa_meth))
|| !RSA_meth_set_pub_dec(capi_rsa_method,
RSA_meth_get_pub_dec(ossl_rsa_meth))
|| !RSA_meth_set_priv_enc(capi_rsa_method, capi_rsa_priv_enc)
|| !RSA_meth_set_priv_dec(capi_rsa_method, capi_rsa_priv_dec)
|| !RSA_meth_set_mod_exp(capi_rsa_method,
RSA_meth_get_mod_exp(ossl_rsa_meth))
|| !RSA_meth_set_bn_mod_exp(capi_rsa_method,
RSA_meth_get_bn_mod_exp(ossl_rsa_meth))
|| !RSA_meth_set_finish(capi_rsa_method, capi_rsa_free)
|| !RSA_meth_set_sign(capi_rsa_method, capi_rsa_sign)) {
goto memerr;
}
# ifndef OPENSSL_NO_DSA
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
if ( !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign)
|| !DSA_meth_set_verify(capi_dsa_method,
DSA_meth_get_verify(ossl_dsa_meth))
|| !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free)
|| !DSA_meth_set_mod_exp(capi_dsa_method,
DSA_meth_get_mod_exp(ossl_dsa_meth))
|| !DSA_meth_set_bn_mod_exp(capi_dsa_method,
DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
goto memerr;
}
# endif
}
ctx = capi_ctx_new();
if (!ctx)
if (ctx == NULL)
goto memerr;
ENGINE_set_ex_data(e, capi_idx, ctx);
@@ -484,6 +481,14 @@ static int capi_init(ENGINE *e)
}
# endif
/* See if we support AES CSP */
if (CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_AES,
CRYPT_VERIFYCONTEXT)) {
use_aes_csp = 1;
CryptReleaseContext(hprov, 0);
}
return 1;
memerr:
@@ -495,6 +500,12 @@ static int capi_init(ENGINE *e)
static int capi_destroy(ENGINE *e)
{
RSA_meth_free(capi_rsa_method);
capi_rsa_method = NULL;
# ifndef OPENSSL_NO_DSA
DSA_meth_free(capi_dsa_method);
capi_dsa_method = NULL;
# endif
ERR_unload_CAPI_strings();
return 1;
}
@@ -524,24 +535,41 @@ struct CAPI_KEY_st {
static int bind_capi(ENGINE *e)
{
capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
if (capi_rsa_method == NULL)
return 0;
# ifndef OPENSSL_NO_DSA
capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
if (capi_dsa_method == NULL)
goto memerr;
# endif
if (!ENGINE_set_id(e, engine_capi_id)
|| !ENGINE_set_name(e, engine_capi_name)
|| !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
|| !ENGINE_set_init_function(e, capi_init)
|| !ENGINE_set_finish_function(e, capi_finish)
|| !ENGINE_set_destroy_function(e, capi_destroy)
|| !ENGINE_set_RSA(e, &capi_rsa_method)
|| !ENGINE_set_DSA(e, &capi_dsa_method)
|| !ENGINE_set_RSA(e, capi_rsa_method)
# ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, capi_dsa_method)
# endif
|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)
|| !ENGINE_set_load_ssl_client_cert_function(e,
capi_load_ssl_client_cert)
|| !ENGINE_set_cmd_defns(e, capi_cmd_defns)
|| !ENGINE_set_ctrl_function(e, capi_ctrl))
return 0;
goto memerr;
ERR_load_CAPI_strings();
return 1;
memerr:
RSA_meth_free(capi_rsa_method);
capi_rsa_method = NULL;
# ifndef OPENSSL_NO_DSA
DSA_meth_free(capi_dsa_method);
capi_dsa_method = NULL;
# endif
return 0;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
@@ -560,7 +588,7 @@ IMPLEMENT_DYNAMIC_CHECK_FN()
static ENGINE *engine_capi(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
if (ret == NULL)
return NULL;
if (!bind_capi(ret)) {
ENGINE_free(ret);
@@ -569,7 +597,7 @@ static ENGINE *engine_capi(void)
return ret;
}
void ENGINE_load_capi(void)
void engine_load_capi_int(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_capi();
@@ -619,7 +647,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
pubkey = OPENSSL_malloc(len);
if (!pubkey)
if (pubkey == NULL)
goto memerr;
if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
@@ -636,6 +664,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) {
RSAPUBKEY *rp;
DWORD rsa_modlen;
BIGNUM *e = NULL, *n = NULL;
unsigned char *rsa_modulus;
rp = (RSAPUBKEY *) (bh + 1);
if (rp->magic != 0x31415352) {
@@ -651,31 +680,38 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
if (!rkey)
goto memerr;
rkey->e = BN_new();
rkey->n = BN_new();
e = BN_new();
n = BN_new();
if (!rkey->e || !rkey->n)
if (e == NULL || n == NULL) {
BN_free(e);
BN_free(n);
goto memerr;
}
if (!BN_set_word(rkey->e, rp->pubexp))
RSA_set0_key(rkey, n, e, NULL);
if (!BN_set_word(e, rp->pubexp))
goto memerr;
rsa_modlen = rp->bitlen / 8;
if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
if (!lend_tobn(n, rsa_modulus, rsa_modlen))
goto memerr;
RSA_set_ex_data(rkey, rsa_capi_idx, key);
if (!(ret = EVP_PKEY_new()))
if ((ret = EVP_PKEY_new()) == NULL)
goto memerr;
EVP_PKEY_assign_RSA(ret, rkey);
rkey = NULL;
# ifndef OPENSSL_NO_DSA
} else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
DSSPUBKEY *dp;
DWORD dsa_plen;
unsigned char *btmp;
BIGNUM *p, *q, *g, *pub_key;
dp = (DSSPUBKEY *) (bh + 1);
if (dp->magic != 0x31535344) {
char magstr[10];
@@ -690,35 +726,43 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
dkey = DSA_new_method(eng);
if (!dkey)
goto memerr;
dkey->p = BN_new();
dkey->q = BN_new();
dkey->g = BN_new();
dkey->pub_key = BN_new();
if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
p = BN_new();
q = BN_new();
g = BN_new();
pub_key = BN_new();
if (p == NULL || q == NULL || g == NULL || pub_key == NULL) {
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(pub_key);
goto memerr;
if (!lend_tobn(dkey->p, btmp, dsa_plen))
}
DSA_set0_pqg(dkey, p, q, g);
DSA_set0_key(dkey, pub_key, NULL);
if (!lend_tobn(p, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
if (!lend_tobn(dkey->q, btmp, 20))
if (!lend_tobn(q, btmp, 20))
goto memerr;
btmp += 20;
if (!lend_tobn(dkey->g, btmp, dsa_plen))
if (!lend_tobn(g, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
if (!lend_tobn(pub_key, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
DSA_set_ex_data(dkey, dsa_capi_idx, key);
if (!(ret = EVP_PKEY_new()))
if ((ret = EVP_PKEY_new()) == NULL)
goto memerr;
EVP_PKEY_assign_DSA(ret, dkey);
dkey = NULL;
# endif
} else {
char algstr[10];
BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg);
CAPIerr(CAPI_F_CAPI_GET_PKEY,
CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
@@ -726,13 +770,12 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
}
err:
if (pubkey)
OPENSSL_free(pubkey);
OPENSSL_free(pubkey);
if (!ret) {
if (rkey)
RSA_free(rkey);
if (dkey)
DSA_free(dkey);
RSA_free(rkey);
# ifndef OPENSSL_NO_DSA
DSA_free(dkey);
# endif
}
return ret;
@@ -789,7 +832,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
CAPI_KEY *capi_key;
CAPI_CTX *ctx;
ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
@@ -800,6 +843,18 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
}
/* Convert the signature type to a CryptoAPI algorithm ID */
switch (dtype) {
case NID_sha256:
alg = CALG_SHA_256;
break;
case NID_sha384:
alg = CALG_SHA_384;
break;
case NID_sha512:
alg = CALG_SHA_512;
break;
case NID_sha1:
alg = CALG_SHA1;
break;
@@ -814,7 +869,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
default:
{
char algstr[10];
BIO_snprintf(algstr, 10, "%lx", dtype);
BIO_snprintf(algstr, 10, "%x", dtype);
CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
ERR_add_error_data(2, "NID=0x", algstr);
return -1;
@@ -868,7 +923,12 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *tmpbuf;
CAPI_KEY *capi_key;
CAPI_CTX *ctx;
ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
DWORD dlen;
if (flen <= 0)
return flen;
ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
@@ -887,7 +947,7 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from,
}
/* Create temp reverse order version of input */
if (!(tmpbuf = OPENSSL_malloc(flen))) {
if ((tmpbuf = OPENSSL_malloc(flen)) == NULL) {
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
return -1;
}
@@ -895,13 +955,14 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from,
tmpbuf[flen - i - 1] = from[i];
/* Finally decrypt it */
if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) {
dlen = flen;
if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &dlen)) {
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
capi_addlasterror();
OPENSSL_free(tmpbuf);
return -1;
} else
memcpy(to, tmpbuf, flen);
memcpy(to, tmpbuf, (flen = (int)dlen));
OPENSSL_free(tmpbuf);
@@ -917,6 +978,7 @@ static int capi_rsa_free(RSA *rsa)
return 1;
}
# ifndef OPENSSL_NO_DSA
/* CryptoAPI DSA operations */
static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
@@ -929,7 +991,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
CAPI_CTX *ctx;
unsigned char csigbuf[40];
ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
@@ -966,19 +1028,17 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
capi_addlasterror();
goto err;
} else {
ret = DSA_SIG_new();
if (!ret)
goto err;
ret->r = BN_new();
ret->s = BN_new();
if (!ret->r || !ret->s)
goto err;
if (!lend_tobn(ret->r, csigbuf, 20)
|| !lend_tobn(ret->s, csigbuf + 20, 20)) {
DSA_SIG_free(ret);
ret = NULL;
BIGNUM *r = BN_new(), *s = BN_new();
if (r == NULL || s == NULL
|| !lend_tobn(r, csigbuf, 20)
|| !lend_tobn(s, csigbuf + 20, 20)
|| (ret = DSA_SIG_new()) == NULL) {
BN_free(r); /* BN_free checks for BIGNUM * being NULL */
BN_free(s);
goto err;
}
DSA_SIG_set0(ret, r, s);
}
/* Now cleanup */
@@ -997,6 +1057,7 @@ static int capi_dsa_free(DSA *dsa)
DSA_set_ex_data(dsa, dsa_capi_idx, 0);
return 1;
}
# endif
static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
va_list argptr)
@@ -1006,6 +1067,10 @@ static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
return;
out = BIO_new_file(ctx->debug_file, "a+");
if (out == NULL) {
CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
return;
}
BIO_vprintf(out, format, argptr);
BIO_free(out);
}
@@ -1044,7 +1109,7 @@ static char *wide_to_asc(LPCWSTR wstr)
return NULL;
}
str = OPENSSL_malloc(sz);
if (!str) {
if (str == NULL) {
CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -1070,21 +1135,26 @@ static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
capi_adderror(err);
return 0;
}
if (sizeof(TCHAR) != sizeof(char))
name = alloca(len);
else
name = OPENSSL_malloc(len);
name = OPENSSL_malloc(len);
if (name == NULL) {
CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) {
err = GetLastError();
OPENSSL_free(name);
if (err == ERROR_NO_MORE_ITEMS)
return 2;
CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
capi_adderror(err);
return 0;
}
if (sizeof(TCHAR) != sizeof(char))
if (sizeof(TCHAR) != sizeof(char)) {
*pname = wide_to_asc((WCHAR *)name);
else
OPENSSL_free(name);
if (*pname == NULL)
return 0;
} else
*pname = (char *)name;
CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname,
*ptype);
@@ -1105,7 +1175,7 @@ static int capi_list_providers(CAPI_CTX * ctx, BIO *out)
break;
if (ret == 0)
break;
BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
BIO_printf(out, "%lu. %s, type %lu\n", idx, provname, ptype);
OPENSSL_free(provname);
}
return 1;
@@ -1153,7 +1223,7 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
if (buflen == 0)
buflen = 1024;
cname = OPENSSL_malloc(buflen);
if (!cname) {
if (cname == NULL) {
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -1181,21 +1251,20 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
CAPI_trace(ctx, "Enumerate bug: using workaround\n");
goto done;
}
BIO_printf(out, "%d. %s\n", idx, cname);
BIO_printf(out, "%lu. %s\n", idx, cname);
}
err:
ret = 0;
done:
if (cname)
OPENSSL_free(cname);
OPENSSL_free(cname);
CryptReleaseContext(hprov, 0);
return ret;
}
CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
{
DWORD len;
CRYPT_KEY_PROV_INFO *pinfo;
@@ -1204,7 +1273,7 @@ CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
return NULL;
pinfo = OPENSSL_malloc(len);
if (!pinfo) {
if (pinfo == NULL) {
CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -1233,18 +1302,16 @@ static void capi_dump_prov_info(CAPI_CTX * ctx, BIO *out,
goto err;
BIO_printf(out, " Private Key Info:\n");
BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname,
BIO_printf(out, " Provider Name: %s, Provider Type %lu\n", provname,
pinfo->dwProvType);
BIO_printf(out, " Container Name: %s, Key Type %d\n", contname,
BIO_printf(out, " Container Name: %s, Key Type %lu\n", contname,
pinfo->dwKeySpec);
err:
if (provname)
OPENSSL_free(provname);
if (contname)
OPENSSL_free(contname);
OPENSSL_free(provname);
OPENSSL_free(contname);
}
char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
static char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
{
LPWSTR wfname;
DWORD dlen;
@@ -1254,6 +1321,8 @@ char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
return NULL;
wfname = OPENSSL_malloc(dlen);
if (wfname == NULL)
return NULL;
if (CertGetCertificateContextProperty
(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen)) {
char *fname = wide_to_asc(wfname);
@@ -1267,10 +1336,10 @@ char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
return NULL;
}
void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
static void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
{
X509 *x;
unsigned char *p;
const unsigned char *p;
unsigned long flags = ctx->dump_flags;
if (flags & CAPI_DMP_FNAME) {
char *fname;
@@ -1300,8 +1369,7 @@ void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
CRYPT_KEY_PROV_INFO *pinfo;
pinfo = capi_get_prov_info(ctx, cert);
capi_dump_prov_info(ctx, out, pinfo);
if (pinfo)
OPENSSL_free(pinfo);
OPENSSL_free(pinfo);
}
if (flags & CAPI_DMP_PEM)
@@ -1309,7 +1377,7 @@ void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
X509_free(x);
}
HCERTSTORE capi_open_store(CAPI_CTX * ctx, char *storename)
static HCERTSTORE capi_open_store(CAPI_CTX * ctx, char *storename)
{
HCERTSTORE hstore;
@@ -1401,23 +1469,28 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname,
TCHAR *provname, DWORD ptype, DWORD keyspec)
{
CAPI_KEY *key;
DWORD dwFlags = 0;
key = OPENSSL_malloc(sizeof(CAPI_KEY));
if (sizeof(TCHAR) == sizeof(char))
CAPI_KEY *key = OPENSSL_malloc(sizeof(*key));
if (key == NULL)
return NULL;
/* If PROV_RSA_AES supported use it instead */
if (ptype == PROV_RSA_FULL && use_aes_csp) {
provname = NULL;
ptype = PROV_RSA_AES;
CAPI_trace(ctx, "capi_get_key, contname=%s, RSA_AES_CSP\n", contname);
} else if (sizeof(TCHAR) == sizeof(char)) {
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
} else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
/* above 'if' is optimization to minimize malloc-ations */
char *_contname = wide_to_asc((WCHAR *)contname);
char *_provname = wide_to_asc((WCHAR *)provname);
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
_contname, _provname, ptype);
if (_provname)
OPENSSL_free(_provname);
if (_contname)
OPENSSL_free(_contname);
OPENSSL_free(_provname);
OPENSSL_free(_contname);
}
if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
dwFlags = CRYPT_MACHINE_KEYSET;
@@ -1463,12 +1536,9 @@ static CAPI_KEY *capi_get_cert_key(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
}
err:
if (pinfo)
OPENSSL_free(pinfo);
if (provname)
OPENSSL_free(provname);
if (contname)
OPENSSL_free(contname);
OPENSSL_free(pinfo);
OPENSSL_free(provname);
OPENSSL_free(contname);
return key;
}
@@ -1534,25 +1604,20 @@ void capi_free_key(CAPI_KEY * key)
/* Initialize a CAPI_CTX structure */
static CAPI_CTX *capi_ctx_new()
static CAPI_CTX *capi_ctx_new(void)
{
CAPI_CTX *ctx;
ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
if (!ctx) {
CAPI_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL) {
CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
ctx->cspname = NULL;
ctx->csptype = PROV_RSA_FULL;
ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;
ctx->keytype = AT_KEYEXCHANGE;
ctx->storename = NULL;
ctx->ssl_client_store = NULL;
ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;
ctx->lookup_method = CAPI_LU_SUBSTR;
ctx->debug_level = 0;
ctx->debug_file = NULL;
ctx->client_cert_select = cert_select_simple;
return ctx;
}
@@ -1562,20 +1627,18 @@ static void capi_ctx_free(CAPI_CTX * ctx)
CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
if (!ctx)
return;
if (ctx->cspname)
OPENSSL_free(ctx->cspname);
if (ctx->debug_file)
OPENSSL_free(ctx->debug_file);
if (ctx->storename)
OPENSSL_free(ctx->storename);
if (ctx->ssl_client_store)
OPENSSL_free(ctx->ssl_client_store);
OPENSSL_free(ctx->cspname);
OPENSSL_free(ctx->debug_file);
OPENSSL_free(ctx->storename);
OPENSSL_free(ctx->ssl_client_store);
OPENSSL_free(ctx);
}
static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
int check)
{
LPSTR tmpcspname;
CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
if (check) {
HCRYPTPROV hprov;
@@ -1599,9 +1662,13 @@ static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
}
CryptReleaseContext(hprov, 0);
}
if (ctx->cspname)
OPENSSL_free(ctx->cspname);
ctx->cspname = BUF_strdup(pname);
tmpcspname = OPENSSL_strdup(pname);
if (tmpcspname == NULL) {
CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, ERR_R_MALLOC_FAILURE);
return 0;
}
OPENSSL_free(ctx->cspname);
ctx->cspname = tmpcspname;
ctx->csptype = type;
return 1;
}
@@ -1642,7 +1709,7 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
STACK_OF(X509) *certs = NULL;
X509 *x;
char *storename;
const char *p;
const unsigned char *p;
int i, client_cert_idx;
HCERTSTORE hstore;
PCCERT_CONTEXT cert = NULL, excert = NULL;
@@ -1841,7 +1908,8 @@ OPENSSL_EXPORT
IMPLEMENT_DYNAMIC_CHECK_FN()
# else
void ENGINE_load_capi(void)
void engine_load_capi_int(void);
void engine_load_capi_int(void)
{
}
# endif

60
engines/e_capi_err.c
View File

@@ -1,56 +1,10 @@
/* e_capi_err.c */
/* ====================================================================
* Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
@@ -86,6 +40,7 @@ static ERR_STRING_DATA CAPI_str_functs[] = {
{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
{ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
{ERR_FUNC(CAPI_F_CAPI_VTRACE), "CAPI_VTRACE"},
{ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
{ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
{ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
@@ -111,6 +66,7 @@ static ERR_STRING_DATA CAPI_str_reasons[] = {
"error getting key provider info"},
{ERR_REASON(CAPI_R_ERROR_OPENING_STORE), "error opening store"},
{ERR_REASON(CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
{ERR_REASON(CAPI_R_FILE_OPEN_ERROR), "file open error"},
{ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
{ERR_REASON(CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
{ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},

71
engines/e_capi_err.h
View File

@@ -1,55 +1,16 @@
/* ====================================================================
* Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#ifndef HEADER_CAPI_ERR_H
@@ -60,14 +21,10 @@ extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CAPI_strings(void);
static void ERR_unload_CAPI_strings(void);
static void ERR_CAPI_error(int function, int reason, char *file, int line);
# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
/* Error codes for the CAPI functions. */
@@ -88,6 +45,7 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line);
# define CAPI_F_CAPI_RSA_PRIV_DEC 110
# define CAPI_F_CAPI_RSA_PRIV_ENC 111
# define CAPI_F_CAPI_RSA_SIGN 112
# define CAPI_F_CAPI_VTRACE 118
# define CAPI_F_CERT_SELECT_DIALOG 117
# define CAPI_F_CLIENT_CERT_SELECT 116
# define CAPI_F_WIDE_TO_ASC 113
@@ -108,6 +66,7 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line);
# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109
# define CAPI_R_ERROR_OPENING_STORE 110
# define CAPI_R_ERROR_SIGNING_HASH 111
# define CAPI_R_FILE_OPEN_ERROR 128
# define CAPI_R_FUNCTION_NOT_SUPPORTED 112
# define CAPI_R_GETUSERKEY_ERROR 113
# define CAPI_R_INVALID_DIGEST_LENGTH 124

206
engines/e_chil.c
View File

@@ -1,68 +1,17 @@
/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
/*
* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
* (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org) for
* the OpenSSL project 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/dso.h>
#include "internal/dso.h"
#include <openssl/engine.h>
#include <openssl/ui.h>
#include <openssl/rand.h>
@@ -95,6 +44,8 @@
# define HWCRHK_LIB_NAME "CHIL engine"
# include "e_chil_err.c"
static CRYPTO_RWLOCK *chil_lock;
static int hwcrhk_destroy(ENGINE *e);
static int hwcrhk_init(ENGINE *e);
static int hwcrhk_finish(ENGINE *e);
@@ -245,7 +196,7 @@ static const char *engine_hwcrhk_id_alt = "ncipher";
* into HWCryptoHook_Mutex
*/
struct HWCryptoHook_MutexValue {
int lockid;
CRYPTO_RWLOCK *lock;
};
/*
@@ -356,6 +307,13 @@ static int bind_helper(ENGINE *e)
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
# endif
chil_lock = CRYPTO_THREAD_lock_new();
if (chil_lock == NULL) {
HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
!ENGINE_set_name(e, engine_hwcrhk_name) ||
# ifndef OPENSSL_NO_RSA
@@ -376,14 +334,14 @@ static int bind_helper(ENGINE *e)
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* We know that the "PKCS1_OpenSSL()" functions hook properly to the
* cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
meth1 = RSA_PKCS1_OpenSSL();
hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
@@ -399,6 +357,7 @@ static int bind_helper(ENGINE *e)
/* Ensure the hwcrhk error handling is set up */
ERR_load_HWCRHK_strings();
return 1;
}
@@ -406,7 +365,7 @@ static int bind_helper(ENGINE *e)
static ENGINE *engine_chil(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
if (ret == NULL)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
@@ -462,8 +421,7 @@ static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
static const char *HWCRHK_LIBNAME = NULL;
static void free_HWCRHK_LIBNAME(void)
{
if (HWCRHK_LIBNAME)
OPENSSL_free((void *)HWCRHK_LIBNAME);
OPENSSL_free(HWCRHK_LIBNAME);
HWCRHK_LIBNAME = NULL;
}
@@ -477,7 +435,7 @@ static const char *get_HWCRHK_LIBNAME(void)
static long set_HWCRHK_LIBNAME(const char *name)
{
free_HWCRHK_LIBNAME();
return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
return (((HWCRHK_LIBNAME = OPENSSL_strdup(name)) != NULL) ? 1 : 0);
}
static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
@@ -528,6 +486,7 @@ static int hwcrhk_destroy(ENGINE *e)
{
free_HWCRHK_LIBNAME();
ERR_unload_HWCRHK_strings();
CRYPTO_THREAD_lock_free(chil_lock);
return 1;
}
@@ -556,26 +515,19 @@ static int hwcrhk_init(ENGINE *e)
HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
goto err;
}
if (!(p1 = (HWCryptoHook_Init_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
!(p2 = (HWCryptoHook_Finish_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
!(p3 = (HWCryptoHook_ModExp_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
#define BINDIT(t, name) (t *)DSO_bind_func(hwcrhk_dso, name)
if ((p1 = BINDIT(HWCryptoHook_Init_t, n_hwcrhk_Init)) == NULL
|| (p2 = BINDIT(HWCryptoHook_Finish_t, n_hwcrhk_Finish)) == NULL
|| (p3 = BINDIT(HWCryptoHook_ModExp_t, n_hwcrhk_ModExp)) == NULL
# ifndef OPENSSL_NO_RSA
!(p4 = (HWCryptoHook_RSA_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
!(p5 = (HWCryptoHook_RSALoadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
!(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
|| (p4 = BINDIT(HWCryptoHook_RSA_t, n_hwcrhk_RSA)) == NULL
|| (p5 = BINDIT(HWCryptoHook_RSALoadKey_t, n_hwcrhk_RSALoadKey)) == NULL
|| (p6 = BINDIT(HWCryptoHook_RSAGetPublicKey_t, n_hwcrhk_RSAGetPublicKey)) == NULL
|| (p7 = BINDIT(HWCryptoHook_RSAUnloadKey_t, n_hwcrhk_RSAUnloadKey)) == NULL
# endif
!(p8 = (HWCryptoHook_RandomBytes_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
!(p9 = (HWCryptoHook_ModExpCRT_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) {
|| (p8 = BINDIT(HWCryptoHook_RandomBytes_t, n_hwcrhk_RandomBytes)) == NULL
|| (p9 = BINDIT(HWCryptoHook_ModExpCRT_t, n_hwcrhk_ModExpCRT)) == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
goto err;
}
@@ -597,14 +549,10 @@ static int hwcrhk_init(ENGINE *e)
* does, use them.
*/
if (disable_mutex_callbacks == 0) {
if (CRYPTO_get_dynlock_create_callback() != NULL &&
CRYPTO_get_dynlock_lock_callback() != NULL &&
CRYPTO_get_dynlock_destroy_callback() != NULL) {
hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
}
hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
}
/*
@@ -623,8 +571,7 @@ static int hwcrhk_init(ENGINE *e)
# endif
return 1;
err:
if (hwcrhk_dso)
DSO_free(hwcrhk_dso);
DSO_free(hwcrhk_dso);
hwcrhk_dso = NULL;
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
@@ -656,8 +603,7 @@ static int hwcrhk_finish(ENGINE *e)
goto err;
}
err:
if (logstream)
BIO_free(logstream);
BIO_free(logstream);
hwcrhk_dso = NULL;
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
@@ -692,34 +638,32 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
BIO *bio = (BIO *)p;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if (logstream) {
BIO_free(logstream);
logstream = NULL;
}
if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
CRYPTO_THREAD_write_lock(chil_lock);
BIO_free(logstream);
logstream = NULL;
if (BIO_up_ref(bio))
logstream = bio;
else
HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
password_context.password_callback = (pem_password_cb *)f;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case ENGINE_CTRL_SET_USER_INTERFACE:
case HWCRHK_CMD_SET_USER_INTERFACE:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
password_context.ui_method = (UI_METHOD *)p;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case ENGINE_CTRL_SET_CALLBACK_DATA:
case HWCRHK_CMD_SET_CALLBACK_DATA:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
password_context.callback_data = p;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
/*
* this enables or disables the "SimpleForkCheck" flag used in the
@@ -727,12 +671,12 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
*/
case ENGINE_CTRL_CHIL_SET_FORKCHECK:
case HWCRHK_CMD_FORK_CHECK:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
if (i)
hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
else
hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
/*
* This will prevent the initialisation function from "installing"
@@ -742,14 +686,14 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
* applications not using multithreading.
*/
case ENGINE_CTRL_CHIL_NO_LOCKING:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
disable_mutex_callbacks = 1;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case HWCRHK_CMD_THREAD_LOCKING:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
disable_mutex_callbacks = ((i == 0) ? 0 : 1);
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
/* The command isn't understood by this engine */
@@ -791,8 +735,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
goto err;
}
# ifndef OPENSSL_NO_RSA
hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
if (!hptr) {
hptr = OPENSSL_malloc(sizeof(*hptr));
if (hptr == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -839,18 +783,21 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
bn_fix_top(rtmp->n);
res = EVP_PKEY_new();
if (res == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
goto err;
}
EVP_PKEY_assign_RSA(res, rtmp);
# endif
if (!res)
if (res == NULL)
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
return res;
err:
# ifndef OPENSSL_NO_RSA
if (rtmp)
RSA_free(rtmp);
RSA_free(rtmp);
# endif
return NULL;
}
@@ -871,14 +818,14 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
{
RSA *rsa = NULL;
CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
CRYPTO_THREAD_write_lock(chil_lock);
rsa = res->pkey.rsa;
res->pkey.rsa = RSA_new();
res->pkey.rsa->n = rsa->n;
res->pkey.rsa->e = rsa->e;
rsa->n = NULL;
rsa->e = NULL;
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
CRYPTO_THREAD_unlock(chil_lock);
RSA_free(rsa);
}
break;
@@ -891,8 +838,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
return res;
err:
if (res)
EVP_PKEY_free(res);
EVP_PKEY_free(res);
return NULL;
}
@@ -1147,26 +1093,28 @@ static int hwcrhk_rand_status(void)
static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
HWCryptoHook_CallerContext * cactx)
{
mt->lockid = CRYPTO_get_new_dynlockid();
if (mt->lockid == 0)
mt->lock = CRYPTO_THREAD_lock_new();
if (mt->lock == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE);
return 1; /* failure */
}
return 0; /* success */
}
static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
{
CRYPTO_w_lock(mt->lockid);
CRYPTO_THREAD_write_lock(mt->lock);
return 0;
}
static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
{
CRYPTO_w_unlock(mt->lockid);
CRYPTO_THREAD_unlock(mt->lock);
}
static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
{
CRYPTO_destroy_dynlockid(mt->lockid);
CRYPTO_THREAD_lock_free(mt->lock);
}
static int hwcrhk_get_pass(const char *prompt_info,
@@ -1268,7 +1216,7 @@ static int hwcrhk_insert_card(const char *prompt_info,
ui = UI_new_method(ui_method);
if (ui) {
char answer;
char answer = '\0';
char buf[BUFSIZ];
/*
* Despite what the documentation says wrong_info can be an empty
@@ -1308,13 +1256,11 @@ static void hwcrhk_log_message(void *logstr, const char *message)
{
BIO *lstream = NULL;
CRYPTO_w_lock(CRYPTO_LOCK_BIO);
if (logstr)
lstream = *(BIO **)logstr;
if (lstream) {
BIO_printf(lstream, "%s\n", message);
}
CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
}
/*

58
engines/e_chil_err.c
View File

@@ -1,56 +1,10 @@
/* e_chil_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*

71
engines/e_chil_err.h
View File

@@ -1,55 +1,16 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#ifndef HEADER_HWCRHK_ERR_H
@@ -60,14 +21,10 @@ extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_HWCRHK_strings(void);
static void ERR_unload_HWCRHK_strings(void);
static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
/* Error codes for the HWCRHK functions. */
@@ -82,6 +39,8 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
# define HWCRHK_F_HWCRHK_MOD_EXP 107
# define HWCRHK_F_HWCRHK_RAND_BYTES 108
# define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
# define HWCRHK_F_BIND_HELPER 110
# define HWCRHK_F_HWCRHK_MUTEX_INIT 111
/* Reason codes. */
# define HWCRHK_R_ALREADY_LOADED 100

1103
engines/e_cswift.c
View File

File diff suppressed because it is too large Load Diff

1
engines/e_cswift.ec
View File

@@ -1 +0,0 @@
L CSWIFT e_cswift_err.h e_cswift_err.c

150
engines/e_cswift_err.c
View File

@@ -1,150 +0,0 @@
/* e_cswift_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_cswift_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA CSWIFT_str_functs[] = {
{ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
{ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
{ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
{ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
{ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA CSWIFT_str_reasons[] = {
{ERR_REASON(CSWIFT_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(CSWIFT_R_BAD_KEY_SIZE), "bad key size"},
{ERR_REASON(CSWIFT_R_BN_CTX_FULL), "bn ctx full"},
{ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL), "bn expand fail"},
{ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(CSWIFT_R_NOT_LOADED), "not loaded"},
{ERR_REASON(CSWIFT_R_REQUEST_FAILED), "request failed"},
{ERR_REASON(CSWIFT_R_UNIT_FAILURE), "unit failure"},
{0, NULL}
};
#endif
#ifdef CSWIFT_LIB_NAME
static ERR_STRING_DATA CSWIFT_lib_name[] = {
{0, CSWIFT_LIB_NAME},
{0, NULL}
};
#endif
static int CSWIFT_lib_error_code = 0;
static int CSWIFT_error_init = 1;
static void ERR_load_CSWIFT_strings(void)
{
if (CSWIFT_lib_error_code == 0)
CSWIFT_lib_error_code = ERR_get_next_error_library();
if (CSWIFT_error_init) {
CSWIFT_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
#endif
#ifdef CSWIFT_LIB_NAME
CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code, 0, 0);
ERR_load_strings(0, CSWIFT_lib_name);
#endif
}
}
static void ERR_unload_CSWIFT_strings(void)
{
if (CSWIFT_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
#endif
#ifdef CSWIFT_LIB_NAME
ERR_unload_strings(0, CSWIFT_lib_name);
#endif
CSWIFT_error_init = 1;
}
}
static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
{
if (CSWIFT_lib_error_code == 0)
CSWIFT_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(CSWIFT_lib_error_code, function, reason, file, line);
}

99
engines/e_cswift_err.h
View File

@@ -1,99 +0,0 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_CSWIFT_ERR_H
# define HEADER_CSWIFT_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CSWIFT_strings(void);
static void ERR_unload_CSWIFT_strings(void);
static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CSWIFT functions. */
/* Function codes. */
# define CSWIFT_F_CSWIFT_CTRL 100
# define CSWIFT_F_CSWIFT_DSA_SIGN 101
# define CSWIFT_F_CSWIFT_DSA_VERIFY 102
# define CSWIFT_F_CSWIFT_FINISH 103
# define CSWIFT_F_CSWIFT_INIT 104
# define CSWIFT_F_CSWIFT_MOD_EXP 105
# define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
# define CSWIFT_F_CSWIFT_RAND_BYTES 108
# define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
/* Reason codes. */
# define CSWIFT_R_ALREADY_LOADED 100
# define CSWIFT_R_BAD_KEY_SIZE 101
# define CSWIFT_R_BN_CTX_FULL 102
# define CSWIFT_R_BN_EXPAND_FAIL 103
# define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
# define CSWIFT_R_MISSING_KEY_COMPONENTS 105
# define CSWIFT_R_NOT_LOADED 106
# define CSWIFT_R_REQUEST_FAILED 107
# define CSWIFT_R_UNIT_FAILURE 108
#ifdef __cplusplus
}
#endif
#endif

769
engines/e_dasync.c Normal file
View File

@@ -0,0 +1,769 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#if defined(_WIN32)
# include <windows.h>
#endif
#include <stdio.h>
#include <string.h>
#include <openssl/engine.h>
#include <openssl/sha.h>
#include <openssl/aes.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/async.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/modes.h>
#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) && defined(OPENSSL_THREADS)
# undef ASYNC_POSIX
# define ASYNC_POSIX
# include <unistd.h>
#elif defined(_WIN32)
# undef ASYNC_WIN
# define ASYNC_WIN
#endif
#define DASYNC_LIB_NAME "DASYNC"
#include "e_dasync_err.c"
/* Engine Id and Name */
static const char *engine_dasync_id = "dasync";
static const char *engine_dasync_name = "Dummy Async engine support";
/* Engine Lifetime functions */
static int dasync_destroy(ENGINE *e);
static int dasync_init(ENGINE *e);
static int dasync_finish(ENGINE *e);
void engine_load_dasync_int(void);
/* Set up digests. Just SHA1 for now */
static int dasync_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid);
static void dummy_pause_job(void);
/* SHA1 */
static int dasync_sha1_init(EVP_MD_CTX *ctx);
static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
/*
* Holds the EVP_MD object for sha1 in this engine. Set up once only during
* engine bind and can then be reused many times.
*/
static EVP_MD *_hidden_sha1_md = NULL;
static const EVP_MD *dasync_sha1(void)
{
return _hidden_sha1_md;
}
static void destroy_digests(void)
{
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
}
static int dasync_digest_nids(const int **nids)
{
static int digest_nids[2] = { 0, 0 };
static int pos = 0;
static int init = 0;
if (!init) {
const EVP_MD *md;
if ((md = dasync_sha1()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
digest_nids[pos] = 0;
init = 1;
}
*nids = digest_nids;
return pos;
}
/* RSA */
static int dasync_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
static int dasync_rsa_init(RSA *rsa);
static int dasync_rsa_finish(RSA *rsa);
static RSA_METHOD *dasync_rsa_method = NULL;
/* AES */
static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr);
static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
int arg, void *ptr);
static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv,
int enc);
static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
size_t inl);
static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
struct dasync_pipeline_ctx {
void *inner_cipher_data;
unsigned int numpipes;
unsigned char **inbufs;
unsigned char **outbufs;
size_t *lens;
int enc;
unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
unsigned int aadctr;
};
/*
* Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
* during engine bind and can then be reused many times.
*/
static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
static const EVP_CIPHER *dasync_aes_128_cbc(void)
{
return _hidden_aes_128_cbc;
}
/*
* Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
* once only during engine bind and can then be reused many times.
*/
static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
{
return _hidden_aes_128_cbc_hmac_sha1;
}
static void destroy_ciphers(void)
{
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
_hidden_aes_128_cbc = NULL;
_hidden_aes_128_cbc_hmac_sha1 = NULL;
}
static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int dasync_cipher_nids[] = {
NID_aes_128_cbc,
NID_aes_128_cbc_hmac_sha1,
0
};
static int bind_dasync(ENGINE *e)
{
/* Setup RSA_METHOD */
if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
|| RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
|| RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
|| RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
|| RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
|| RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
|| RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
|| RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
|| RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/* Ensure the dasync error handling is set up */
ERR_load_DASYNC_strings();
if (!ENGINE_set_id(e, engine_dasync_id)
|| !ENGINE_set_name(e, engine_dasync_name)
|| !ENGINE_set_RSA(e, dasync_rsa_method)
|| !ENGINE_set_digests(e, dasync_digests)
|| !ENGINE_set_ciphers(e, dasync_ciphers)
|| !ENGINE_set_destroy_function(e, dasync_destroy)
|| !ENGINE_set_init_function(e, dasync_init)
|| !ENGINE_set_finish_function(e, dasync_finish)) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/*
* Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
* supplied by this engine
*/
_hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
if (_hidden_sha1_md == NULL
|| !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
sizeof(EVP_MD *) + sizeof(SHA_CTX))
|| !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
|| !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
|| !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
}
_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
dasync_aes128_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
dasync_aes128_cbc_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
dasync_aes128_cbc_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
dasync_aes128_cbc_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
_hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
NID_aes_128_cbc_hmac_sha1,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc_hmac_sha1 == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_FLAG_AEAD_CIPHER
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
_hidden_aes_128_cbc_hmac_sha1 = NULL;
}
return 1;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_dasync_id) != 0))
return 0;
if (!bind_dasync(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
# endif
static ENGINE *engine_dasync(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_dasync(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void engine_load_dasync_int(void)
{
ENGINE *toadd = engine_dasync();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
static int dasync_init(ENGINE *e)
{
return 1;
}
static int dasync_finish(ENGINE *e)
{
return 1;
}
static int dasync_destroy(ENGINE *e)
{
destroy_digests();
destroy_ciphers();
RSA_meth_free(dasync_rsa_method);
ERR_unload_DASYNC_strings();
return 1;
}
static int dasync_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
int ok = 1;
if (!digest) {
/* We are returning a list of supported nids */
return dasync_digest_nids(nids);
}
/* We are being asked for a specific digest */
switch (nid) {
case NID_sha1:
*digest = dasync_sha1();
break;
default:
ok = 0;
*digest = NULL;
break;
}
return ok;
}
static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int ok = 1;
if (cipher == NULL) {
/* We are returning a list of supported nids */
*nids = dasync_cipher_nids;
return (sizeof(dasync_cipher_nids) -
1) / sizeof(dasync_cipher_nids[0]);
}
/* We are being asked for a specific cipher */
switch (nid) {
case NID_aes_128_cbc:
*cipher = dasync_aes_128_cbc();
break;
case NID_aes_128_cbc_hmac_sha1:
*cipher = dasync_aes_128_cbc_hmac_sha1();
break;
default:
ok = 0;
*cipher = NULL;
break;
}
return ok;
}
static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD readfd, void *pvwritefd)
{
OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
#if defined(ASYNC_WIN)
CloseHandle(readfd);
CloseHandle(*pwritefd);
#elif defined(ASYNC_POSIX)
close(readfd);
close(*pwritefd);
#endif
OPENSSL_free(pwritefd);
}
#define DUMMY_CHAR 'X'
static void dummy_pause_job(void) {
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
OSSL_ASYNC_FD pipefds[2] = {0, 0};
OSSL_ASYNC_FD *writefd;
#if defined(ASYNC_WIN)
DWORD numwritten, numread;
char buf = DUMMY_CHAR;
#elif defined(ASYNC_POSIX)
char buf = DUMMY_CHAR;
#endif
if ((job = ASYNC_get_current_job()) == NULL)
return;
waitctx = ASYNC_get_wait_ctx(job);
if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
(void **)&writefd)) {
pipefds[1] = *writefd;
} else {
writefd = OPENSSL_malloc(sizeof(*writefd));
if (writefd == NULL)
return;
#if defined(ASYNC_WIN)
if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
OPENSSL_free(writefd);
return;
}
#elif defined(ASYNC_POSIX)
if (pipe(pipefds) != 0) {
OPENSSL_free(writefd);
return;
}
#endif
*writefd = pipefds[1];
if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
writefd, wait_cleanup)) {
wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
return;
}
}
/*
* In the Dummy async engine we are cheating. We signal that the job
* is complete by waking it before the call to ASYNC_pause_job(). A real
* async engine would only wake when the job was actually complete
*/
#if defined(ASYNC_WIN)
WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
#elif defined(ASYNC_POSIX)
if (write(pipefds[1], &buf, 1) < 0)
return;
#endif
/* Ignore errors - we carry on anyway */
ASYNC_pause_job();
/* Clear the wake signal */
#if defined(ASYNC_WIN)
ReadFile(pipefds[0], &buf, 1, &numread, NULL);
#elif defined(ASYNC_POSIX)
if (read(pipefds[0], &buf, 1) < 0)
return;
#endif
}
/*
* SHA1 implementation. At the moment we just defer to the standard
* implementation
*/
#undef data
#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int dasync_sha1_init(EVP_MD_CTX *ctx)
{
dummy_pause_job();
return SHA1_Init(data(ctx));
}
static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
dummy_pause_job();
return SHA1_Update(data(ctx), data, (size_t)count);
}
static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
{
dummy_pause_job();
return SHA1_Final(md, data(ctx));
}
/*
* RSA implementation
*/
static int dasync_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx);
}
static int dasync_rsa_init(RSA *rsa)
{
return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa);
}
static int dasync_rsa_finish(RSA *rsa)
{
return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa);
}
/* Cipher helper functions */
static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr, int aeadcapable)
{
int ret;
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
if (pipe_ctx == NULL)
return 0;
switch (type) {
case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
pipe_ctx->numpipes = arg;
pipe_ctx->outbufs = (unsigned char **)ptr;
break;
case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
pipe_ctx->numpipes = arg;
pipe_ctx->inbufs = (unsigned char **)ptr;
break;
case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
pipe_ctx->numpipes = arg;
pipe_ctx->lens = (size_t *)ptr;
break;
case EVP_CTRL_AEAD_SET_MAC_KEY:
if (!aeadcapable)
return -1;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
(ctx, type, arg, ptr);
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
return ret;
case EVP_CTRL_AEAD_TLS1_AAD:
{
unsigned char *p = ptr;
unsigned int len;
if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
return -1;
if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
return -1;
memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
EVP_AEAD_TLS1_AAD_LEN);
pipe_ctx->aadctr++;
len = p[arg - 2] << 8 | p[arg - 1];
if (pipe_ctx->enc) {
if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
len -= AES_BLOCK_SIZE;
}
return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
& -AES_BLOCK_SIZE) - len;
} else {
return SHA_DIGEST_LENGTH;
}
}
default:
return 0;
}
return 1;
}
static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc,
const EVP_CIPHER *cipher)
{
int ret;
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
if (pipe_ctx->inner_cipher_data == NULL
&& EVP_CIPHER_impl_ctx_size(cipher) != 0) {
pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
EVP_CIPHER_impl_ctx_size(cipher));
if (pipe_ctx->inner_cipher_data == NULL) {
DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER,
ERR_R_MALLOC_FAILURE);
return 0;
}
}
pipe_ctx->numpipes = 0;
pipe_ctx->aadctr = 0;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
return ret;
}
static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl,
const EVP_CIPHER *cipher)
{
int ret = 1;
unsigned int i, pipes;
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
pipes = pipe_ctx->numpipes;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
if (pipes == 0) {
if (pipe_ctx->aadctr != 0) {
if (pipe_ctx->aadctr != 1)
return -1;
EVP_CIPHER_meth_get_ctrl(cipher)
(ctx, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN,
pipe_ctx->tlsaad[0]);
}
ret = EVP_CIPHER_meth_get_do_cipher(cipher)
(ctx, out, in, inl);
} else {
if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
return -1;
for (i = 0; i < pipes; i++) {
if (pipe_ctx->aadctr > 0) {
EVP_CIPHER_meth_get_ctrl(cipher)
(ctx, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN,
pipe_ctx->tlsaad[i]);
}
ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
(ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
pipe_ctx->lens[i]);
}
pipe_ctx->numpipes = 0;
}
pipe_ctx->aadctr = 0;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
return ret;
}
static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher)
{
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
EVP_CIPHER_impl_ctx_size(cipher));
return 1;
}
/*
* AES128 CBC Implementation
*/
static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr)
{
return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0);
}
static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
}
static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
}
static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
{
return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
}
/*
* AES128 CBC HMAC SHA1 Implementation
*/
static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
int arg, void *ptr)
{
return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1);
}
static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv,
int enc)
{
return dasync_cipher_init_key_helper(ctx, key, iv, enc,
EVP_aes_128_cbc_hmac_sha1());
}
static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
size_t inl)
{
return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
}
static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
{
return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
}

1
engines/e_dasync.ec Normal file
View File

@@ -0,0 +1 @@
L DASYNC e_dasync_err.h e_dasync_err.c

102
engines/e_dasync_err.c Normal file
View File

@@ -0,0 +1,102 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_dasync_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA DASYNC_str_functs[] = {
{ERR_FUNC(DASYNC_F_BIND_DASYNC), "bind_dasync"},
{ERR_FUNC(DASYNC_F_CIPHER_AES_128_CBC_CODE), "CIPHER_AES_128_CBC_CODE"},
{ERR_FUNC(DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY),
"dasync_aes128_cbc_hmac_sha1_init_key"},
{ERR_FUNC(DASYNC_F_DASYNC_AES128_INIT_KEY), "dasync_aes128_init_key"},
{ERR_FUNC(DASYNC_F_DASYNC_BN_MOD_EXP), "DASYNC_BN_MOD_EXP"},
{ERR_FUNC(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER),
"dasync_cipher_init_key_helper"},
{ERR_FUNC(DASYNC_F_DASYNC_MOD_EXP), "DASYNC_MOD_EXP"},
{ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_DECRYPT), "DASYNC_PRIVATE_DECRYPT"},
{ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_ENCRYPT), "DASYNC_PRIVATE_ENCRYPT"},
{ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_DECRYPT), "DASYNC_PUBLIC_DECRYPT"},
{ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_ENCRYPT), "DASYNC_PUBLIC_ENCRYPT"},
{0, NULL}
};
static ERR_STRING_DATA DASYNC_str_reasons[] = {
{ERR_REASON(DASYNC_R_INIT_FAILED), "init failed"},
{ERR_REASON(DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED),
"length not block aligned"},
{ERR_REASON(DASYNC_R_UNKNOWN_FAULT), "unknown fault"},
{0, NULL}
};
#endif
#ifdef DASYNC_LIB_NAME
static ERR_STRING_DATA DASYNC_lib_name[] = {
{0, DASYNC_LIB_NAME},
{0, NULL}
};
#endif
static int DASYNC_lib_error_code = 0;
static int DASYNC_error_init = 1;
static void ERR_load_DASYNC_strings(void)
{
if (DASYNC_lib_error_code == 0)
DASYNC_lib_error_code = ERR_get_next_error_library();
if (DASYNC_error_init) {
DASYNC_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_functs);
ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_reasons);
#endif
#ifdef DASYNC_LIB_NAME
DASYNC_lib_name->error = ERR_PACK(DASYNC_lib_error_code, 0, 0);
ERR_load_strings(0, DASYNC_lib_name);
#endif
}
}
static void ERR_unload_DASYNC_strings(void)
{
if (DASYNC_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_functs);
ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_reasons);
#endif
#ifdef DASYNC_LIB_NAME
ERR_unload_strings(0, DASYNC_lib_name);
#endif
DASYNC_error_init = 1;
}
}
static void ERR_DASYNC_error(int function, int reason, char *file, int line)
{
if (DASYNC_lib_error_code == 0)
DASYNC_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(DASYNC_lib_error_code, function, reason, file, line);
}

52
engines/e_dasync_err.h Normal file
View File

@@ -0,0 +1,52 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#ifndef HEADER_DASYNC_ERR_H
# define HEADER_DASYNC_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
static void ERR_load_DASYNC_strings(void);
static void ERR_unload_DASYNC_strings(void);
static void ERR_DASYNC_error(int function, int reason, char *file, int line);
# define DASYNCerr(f,r) ERR_DASYNC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
/* Error codes for the DASYNC functions. */
/* Function codes. */
# define DASYNC_F_BIND_DASYNC 107
# define DASYNC_F_CIPHER_AES_128_CBC_CODE 100
# define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY 109
# define DASYNC_F_DASYNC_AES128_INIT_KEY 108
# define DASYNC_F_DASYNC_BN_MOD_EXP 101
# define DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER 110
# define DASYNC_F_DASYNC_MOD_EXP 102
# define DASYNC_F_DASYNC_PRIVATE_DECRYPT 103
# define DASYNC_F_DASYNC_PRIVATE_ENCRYPT 104
# define DASYNC_F_DASYNC_PUBLIC_DECRYPT 105
# define DASYNC_F_DASYNC_PUBLIC_ENCRYPT 106
/* Reason codes. */
# define DASYNC_R_INIT_FAILED 102
# define DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED 100
# define DASYNC_R_UNKNOWN_FAULT 101
#ifdef __cplusplus
}
#endif
#endif

492
engines/e_gmp.c
View File

@@ -1,492 +0,0 @@
/* crypto/engine/e_gmp.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2003.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* This engine is not (currently) compiled in by default. Do enable it,
* reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and headers
* must reside in one of the paths searched by the compiler/linker, otherwise
* paths must be specified - eg. try configuring with "enable-gmp
* -I<includepath> -L<libpath> -lgmp". YMMV.
*/
/*-
* As for what this does - it's a largely unoptimised implementation of an
* ENGINE that uses the GMP library to perform RSA private key operations. To
* obtain more information about what "unoptimised" means, see my original mail
* on the subject (though ignore the build instructions which have since
* changed);
*
* http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html
*
* On my athlon system at least, it appears the builtin OpenSSL code is now
* slightly faster, which is to say that the RSA-related MPI performance
* between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty
* balanced for this chip, and so the performance degradation in this ENGINE by
* having to convert to/from GMP formats (and not being able to cache
* montgomery forms) is probably the difference. However, if some unconfirmed
* reports from users is anything to go by, the situation on some other
* chipsets might be a good deal more favourable to the GMP version (eg. PPC).
* Feedback welcome. */
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_GMP
# include <gmp.h>
# define E_GMP_LIB_NAME "gmp engine"
# include "e_gmp_err.c"
static int e_gmp_destroy(ENGINE *e);
static int e_gmp_init(ENGINE *e);
static int e_gmp_finish(ENGINE *e);
static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
# ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
static int e_gmp_rsa_finish(RSA *r);
# endif
/* The definitions for control commands specific to this engine */
/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
# if 0
{E_GMP_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'e_gmp' shared library",
ENGINE_CMD_FLAG_STRING},
# endif
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD e_gmp_rsa = {
"GMP RSA method",
NULL,
NULL,
NULL,
NULL,
e_gmp_rsa_mod_exp,
NULL,
NULL,
e_gmp_rsa_finish,
/*
* These flags initialise montgomery crud that GMP ignores, however it
* makes sure the public key ops (which are done in openssl) don't seem
* *slower* than usual :-)
*/
RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE,
NULL,
NULL,
NULL
};
# endif
/* Constants used when creating the ENGINE */
static const char *engine_e_gmp_id = "gmp";
static const char *engine_e_gmp_name = "GMP engine support";
/*
* This internal function is used by ENGINE_gmp() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
if (!ENGINE_set_id(e, engine_e_gmp_id) ||
!ENGINE_set_name(e, engine_e_gmp_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &e_gmp_rsa) ||
# endif
!ENGINE_set_destroy_function(e, e_gmp_destroy) ||
!ENGINE_set_init_function(e, e_gmp_init) ||
!ENGINE_set_finish_function(e, e_gmp_finish) ||
!ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
!ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
meth1 = RSA_PKCS1_SSLeay();
e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
# endif
/* Ensure the e_gmp error handling is set up */
ERR_load_GMP_strings();
return 1;
}
static ENGINE *engine_gmp(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_gmp(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_gmp();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# ifndef OPENSSL_NO_RSA
/* Used to attach our own key-data to an RSA structure */
static int hndidx_rsa = -1;
# endif
static int e_gmp_destroy(ENGINE *e)
{
ERR_unload_GMP_strings();
return 1;
}
/* (de)initialisation functions. */
static int e_gmp_init(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"GMP-based RSA key handle",
NULL, NULL, NULL);
# endif
if (hndidx_rsa == -1)
return 0;
return 1;
}
static int e_gmp_finish(ENGINE *e)
{
return 1;
}
static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int to_return = 1;
switch (cmd) {
# if 0
case E_GMP_CMD_SO_PATH:
/* ... */
# endif
/* The command isn't understood by this engine */
default:
GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
to_return = 0;
break;
}
return to_return;
}
/*
* Most often limb sizes will be the same. If not, we use hex conversion
* which is neat, but extremely inefficient.
*/
static int bn2gmp(const BIGNUM *bn, mpz_t g)
{
bn_check_top(bn);
if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
(BN_BITS2 == GMP_NUMB_BITS)) {
/* The common case */
if (!_mpz_realloc(g, bn->top))
return 0;
memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
g->_mp_size = bn->top;
if (bn->neg)
g->_mp_size = -g->_mp_size;
return 1;
} else {
int toret;
char *tmpchar = BN_bn2hex(bn);
if (!tmpchar)
return 0;
toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
OPENSSL_free(tmpchar);
return toret;
}
}
static int gmp2bn(mpz_t g, BIGNUM *bn)
{
if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
(BN_BITS2 == GMP_NUMB_BITS)) {
/* The common case */
int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
BN_zero(bn);
if (bn_expand2(bn, s) == NULL)
return 0;
bn->top = s;
memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
bn_correct_top(bn);
bn->neg = g->_mp_size >= 0 ? 0 : 1;
return 1;
} else {
int toret;
char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
if (!tmpchar)
return 0;
mpz_get_str(tmpchar, 16, g);
toret = BN_hex2bn(&bn, tmpchar);
OPENSSL_free(tmpchar);
return toret;
}
}
# ifndef OPENSSL_NO_RSA
typedef struct st_e_gmp_rsa_ctx {
int public_only;
mpz_t n;
mpz_t d;
mpz_t e;
mpz_t p;
mpz_t q;
mpz_t dmp1;
mpz_t dmq1;
mpz_t iqmp;
mpz_t r0, r1, I0, m1;
} E_GMP_RSA_CTX;
static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
{
E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
if (hptr)
return hptr;
hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
if (!hptr)
return NULL;
/*
* These inits could probably be replaced by more intelligent mpz_init2()
* versions, to reduce malloc-thrashing.
*/
mpz_init(hptr->n);
mpz_init(hptr->d);
mpz_init(hptr->e);
mpz_init(hptr->p);
mpz_init(hptr->q);
mpz_init(hptr->dmp1);
mpz_init(hptr->dmq1);
mpz_init(hptr->iqmp);
mpz_init(hptr->r0);
mpz_init(hptr->r1);
mpz_init(hptr->I0);
mpz_init(hptr->m1);
if (!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
goto err;
if (!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1
|| !rsa->iqmp) {
hptr->public_only = 1;
return hptr;
}
if (!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
!bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
!bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
goto err;
hptr->public_only = 0;
RSA_set_ex_data(rsa, hndidx_rsa, hptr);
return hptr;
err:
mpz_clear(hptr->n);
mpz_clear(hptr->d);
mpz_clear(hptr->e);
mpz_clear(hptr->p);
mpz_clear(hptr->q);
mpz_clear(hptr->dmp1);
mpz_clear(hptr->dmq1);
mpz_clear(hptr->iqmp);
mpz_clear(hptr->r0);
mpz_clear(hptr->r1);
mpz_clear(hptr->I0);
mpz_clear(hptr->m1);
OPENSSL_free(hptr);
return NULL;
}
static int e_gmp_rsa_finish(RSA *rsa)
{
E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
if (!hptr)
return 0;
mpz_clear(hptr->n);
mpz_clear(hptr->d);
mpz_clear(hptr->e);
mpz_clear(hptr->p);
mpz_clear(hptr->q);
mpz_clear(hptr->dmp1);
mpz_clear(hptr->dmq1);
mpz_clear(hptr->iqmp);
mpz_clear(hptr->r0);
mpz_clear(hptr->r1);
mpz_clear(hptr->I0);
mpz_clear(hptr->m1);
OPENSSL_free(hptr);
RSA_set_ex_data(rsa, hndidx_rsa, NULL);
return 1;
}
static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
E_GMP_RSA_CTX *hptr;
int to_return = 0;
hptr = e_gmp_get_rsa(rsa);
if (!hptr) {
GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_KEY_CONTEXT_ERROR);
return 0;
}
if (hptr->public_only) {
GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_MISSING_KEY_COMPONENTS);
return 0;
}
/* ugh!!! */
if (!bn2gmp(I, hptr->I0))
return 0;
/*
* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
* GMP-speak. It may be that GMP's API facilitates cleaner formulations
* of this stuff, eg. better handling of negatives, or functions that
* combine operations.
*/
mpz_mod(hptr->r1, hptr->I0, hptr->q);
mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
mpz_mod(hptr->r1, hptr->I0, hptr->p);
mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
mpz_sub(hptr->r0, hptr->r0, hptr->m1);
if (mpz_sgn(hptr->r0) < 0)
mpz_add(hptr->r0, hptr->r0, hptr->p);
mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
mpz_mod(hptr->r0, hptr->r1, hptr->p);
if (mpz_sgn(hptr->r0) < 0)
mpz_add(hptr->r0, hptr->r0, hptr->p);
mpz_mul(hptr->r1, hptr->r0, hptr->q);
mpz_add(hptr->r0, hptr->r1, hptr->m1);
/* ugh!!! */
if (gmp2bn(hptr->r0, r))
to_return = 1;
return 1;
}
# endif
# endif /* !OPENSSL_NO_GMP */
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
IMPLEMENT_DYNAMIC_CHECK_FN()
# ifndef OPENSSL_NO_GMP
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_e_gmp_id) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# else
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
{
return 0;
}
# endif
# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
#endif /* !OPENSSL_NO_HW */

1
engines/e_gmp.ec
View File

@@ -1 +0,0 @@
L GMP e_gmp_err.h e_gmp_err.c

137
engines/e_gmp_err.c
View File

@@ -1,137 +0,0 @@
/* e_gmp_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_gmp_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA GMP_str_functs[] = {
{ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
{ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA GMP_str_reasons[] = {
{ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(GMP_R_KEY_CONTEXT_ERROR), "key context error"},
{ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS), "missing key components"},
{0, NULL}
};
#endif
#ifdef GMP_LIB_NAME
static ERR_STRING_DATA GMP_lib_name[] = {
{0, GMP_LIB_NAME},
{0, NULL}
};
#endif
static int GMP_lib_error_code = 0;
static int GMP_error_init = 1;
static void ERR_load_GMP_strings(void)
{
if (GMP_lib_error_code == 0)
GMP_lib_error_code = ERR_get_next_error_library();
if (GMP_error_init) {
GMP_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(GMP_lib_error_code, GMP_str_functs);
ERR_load_strings(GMP_lib_error_code, GMP_str_reasons);
#endif
#ifdef GMP_LIB_NAME
GMP_lib_name->error = ERR_PACK(GMP_lib_error_code, 0, 0);
ERR_load_strings(0, GMP_lib_name);
#endif
}
}
static void ERR_unload_GMP_strings(void)
{
if (GMP_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(GMP_lib_error_code, GMP_str_functs);
ERR_unload_strings(GMP_lib_error_code, GMP_str_reasons);
#endif
#ifdef GMP_LIB_NAME
ERR_unload_strings(0, GMP_lib_name);
#endif
GMP_error_init = 1;
}
}
static void ERR_GMP_error(int function, int reason, char *file, int line)
{
if (GMP_lib_error_code == 0)
GMP_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(GMP_lib_error_code, function, reason, file, line);
}

86
engines/e_gmp_err.h
View File

@@ -1,86 +0,0 @@
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_GMP_ERR_H
# define HEADER_GMP_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_GMP_strings(void);
static void ERR_unload_GMP_strings(void);
static void ERR_GMP_error(int function, int reason, char *file, int line);
# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
/* Error codes for the GMP functions. */
/* Function codes. */
# define GMP_F_E_GMP_CTRL 100
# define GMP_F_E_GMP_RSA_MOD_EXP 101
/* Reason codes. */
# define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100
# define GMP_R_KEY_CONTEXT_ERROR 101
# define GMP_R_MISSING_KEY_COMPONENTS 102
#ifdef __cplusplus
}
#endif
#endif

436
engines/e_nuron.c
View File

@@ -1,436 +0,0 @@
/* crypto/engine/hw_nuron.c */
/*
* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
* Thorpe's Atalla implementation.
*/
/* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_NURON
# define NURON_LIB_NAME "nuron engine"
# include "e_nuron_err.c"
static const char *NURON_LIBNAME = NULL;
static const char *get_NURON_LIBNAME(void)
{
if (NURON_LIBNAME)
return NURON_LIBNAME;
return "nuronssl";
}
static void free_NURON_LIBNAME(void)
{
if (NURON_LIBNAME)
OPENSSL_free((void *)NURON_LIBNAME);
NURON_LIBNAME = NULL;
}
static long set_NURON_LIBNAME(const char *name)
{
free_NURON_LIBNAME();
return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
}
static const char *NURON_F1 = "nuron_mod_exp";
/* The definitions for control commands specific to this engine */
# define NURON_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
{NURON_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'nuronssl' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
typedef int tfnModExp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m);
static tfnModExp *pfnModExp = NULL;
static DSO *pvDSOHandle = NULL;
static int nuron_destroy(ENGINE *e)
{
free_NURON_LIBNAME();
ERR_unload_NURON_strings();
return 1;
}
static int nuron_init(ENGINE *e)
{
if (pvDSOHandle != NULL) {
NURONerr(NURON_F_NURON_INIT, NURON_R_ALREADY_LOADED);
return 0;
}
pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
if (!pvDSOHandle) {
NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_NOT_FOUND);
return 0;
}
pfnModExp = (tfnModExp *) DSO_bind_func(pvDSOHandle, NURON_F1);
if (!pfnModExp) {
NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_FUNCTION_NOT_FOUND);
return 0;
}
return 1;
}
static int nuron_finish(ENGINE *e)
{
free_NURON_LIBNAME();
if (pvDSOHandle == NULL) {
NURONerr(NURON_F_NURON_FINISH, NURON_R_NOT_LOADED);
return 0;
}
if (!DSO_free(pvDSOHandle)) {
NURONerr(NURON_F_NURON_FINISH, NURON_R_DSO_FAILURE);
return 0;
}
pvDSOHandle = NULL;
pfnModExp = NULL;
return 1;
}
static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
switch (cmd) {
case NURON_CMD_SO_PATH:
if (p == NULL) {
NURONerr(NURON_F_NURON_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
NURONerr(NURON_F_NURON_CTRL, NURON_R_ALREADY_LOADED);
return 0;
}
return set_NURON_LIBNAME((const char *)p);
default:
break;
}
NURONerr(NURON_F_NURON_CTRL, NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int nuron_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
if (!pvDSOHandle) {
NURONerr(NURON_F_NURON_MOD_EXP, NURON_R_NOT_LOADED);
return 0;
}
return pfnModExp(r, a, p, m);
}
# ifndef OPENSSL_NO_RSA
static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
return nuron_mod_exp(r0, I, rsa->d, rsa->n, ctx);
}
# endif
# ifndef OPENSSL_NO_DSA
/*
* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
* doesn't have a CRT form for RSA), this function means that an Atalla
* system running with a DSA server certificate can handshake around 5 or 6
* times faster/more than an equivalent system running with RSA. Just check
* out the "signs" statistics from the RSA and DSA parts of "openssl speed
* -engine atalla dsa1024 rsa1024".
*/
static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!nuron_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!nuron_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return nuron_mod_exp(r, a, p, m, ctx);
}
# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
# ifndef OPENSSL_NO_RSA
static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return nuron_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return nuron_mod_exp(r, a, p, m, ctx);
}
# endif
# ifndef OPENSSL_NO_RSA
static RSA_METHOD nuron_rsa = {
"Nuron RSA method",
NULL,
NULL,
NULL,
NULL,
nuron_rsa_mod_exp,
nuron_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};
# endif
# ifndef OPENSSL_NO_DSA
static DSA_METHOD nuron_dsa = {
"Nuron DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
nuron_dsa_mod_exp, /* dsa_mod_exp */
nuron_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* app_data */
NULL, /* dsa_paramgen */
NULL /* dsa_keygen */
};
# endif
# ifndef OPENSSL_NO_DH
static DH_METHOD nuron_dh = {
"Nuron DH method",
NULL,
NULL,
nuron_mod_exp_dh,
NULL,
NULL,
0,
NULL,
NULL
};
# endif
/* Constants used when creating the ENGINE */
static const char *engine_nuron_id = "nuron";
static const char *engine_nuron_name = "Nuron hardware engine support";
/*
* This internal function is used by ENGINE_nuron() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_nuron_id) ||
!ENGINE_set_name(e, engine_nuron_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &nuron_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &nuron_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &nuron_dh) ||
# endif
!ENGINE_set_destroy_function(e, nuron_destroy) ||
!ENGINE_set_init_function(e, nuron_init) ||
!ENGINE_set_finish_function(e, nuron_finish) ||
!ENGINE_set_ctrl_function(e, nuron_ctrl) ||
!ENGINE_set_cmd_defns(e, nuron_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
nuron_dh.generate_key = meth3->generate_key;
nuron_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the nuron error handling is set up */
ERR_load_NURON_strings();
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_nuron(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_nuron(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_nuron();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_nuron_id) != 0))
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
# endif /* !OPENSSL_NO_HW_NURON */
#endif /* !OPENSSL_NO_HW */

1
engines/e_nuron.ec
View File

@@ -1 +0,0 @@
L NURON e_nuron_err.h e_nuron_err.c

142
engines/e_nuron_err.c
View File

@@ -1,142 +0,0 @@
/* e_nuron_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_nuron_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA NURON_str_functs[] = {
{ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
{ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
{ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
{ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA NURON_str_reasons[] = {
{ERR_REASON(NURON_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(NURON_R_DSO_FAILURE), "dso failure"},
{ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND), "dso function not found"},
{ERR_REASON(NURON_R_DSO_NOT_FOUND), "dso not found"},
{ERR_REASON(NURON_R_NOT_LOADED), "not loaded"},
{0, NULL}
};
#endif
#ifdef NURON_LIB_NAME
static ERR_STRING_DATA NURON_lib_name[] = {
{0, NURON_LIB_NAME},
{0, NULL}
};
#endif
static int NURON_lib_error_code = 0;
static int NURON_error_init = 1;
static void ERR_load_NURON_strings(void)
{
if (NURON_lib_error_code == 0)
NURON_lib_error_code = ERR_get_next_error_library();
if (NURON_error_init) {
NURON_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(NURON_lib_error_code, NURON_str_functs);
ERR_load_strings(NURON_lib_error_code, NURON_str_reasons);
#endif
#ifdef NURON_LIB_NAME
NURON_lib_name->error = ERR_PACK(NURON_lib_error_code, 0, 0);
ERR_load_strings(0, NURON_lib_name);
#endif
}
}
static void ERR_unload_NURON_strings(void)
{
if (NURON_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(NURON_lib_error_code, NURON_str_functs);
ERR_unload_strings(NURON_lib_error_code, NURON_str_reasons);
#endif
#ifdef NURON_LIB_NAME
ERR_unload_strings(0, NURON_lib_name);
#endif
NURON_error_init = 1;
}
}
static void ERR_NURON_error(int function, int reason, char *file, int line)
{
if (NURON_lib_error_code == 0)
NURON_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(NURON_lib_error_code, function, reason, file, line);
}

91
engines/e_nuron_err.h
View File

@@ -1,91 +0,0 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_NURON_ERR_H
# define HEADER_NURON_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_NURON_strings(void);
static void ERR_unload_NURON_strings(void);
static void ERR_NURON_error(int function, int reason, char *file, int line);
# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
/* Error codes for the NURON functions. */
/* Function codes. */
# define NURON_F_NURON_CTRL 100
# define NURON_F_NURON_FINISH 101
# define NURON_F_NURON_INIT 102
# define NURON_F_NURON_MOD_EXP 103
/* Reason codes. */
# define NURON_R_ALREADY_LOADED 100
# define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
# define NURON_R_DSO_FAILURE 102
# define NURON_R_DSO_FUNCTION_NOT_FOUND 103
# define NURON_R_DSO_NOT_FOUND 104
# define NURON_R_NOT_LOADED 105
#ifdef __cplusplus
}
#endif
#endif

568
engines/e_ossltest.c Normal file
View File

@@ -0,0 +1,568 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This is the OSSLTEST engine. It provides deliberately crippled digest
* implementations for test purposes. It is highly insecure and must NOT be
* used for any purpose except testing
*/
#include <stdio.h>
#include <string.h>
#include <openssl/engine.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/modes.h>
#include <openssl/aes.h>
#include <openssl/crypto.h>
#define OSSLTEST_LIB_NAME "OSSLTEST"
#include "e_ossltest_err.c"
/* Engine Id and Name */
static const char *engine_ossltest_id = "ossltest";
static const char *engine_ossltest_name = "OpenSSL Test engine support";
/* Engine Lifetime functions */
static int ossltest_destroy(ENGINE *e);
static int ossltest_init(ENGINE *e);
static int ossltest_finish(ENGINE *e);
void ENGINE_load_ossltest(void);
/* Set up digests */
static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid);
/* MD5 */
static int digest_md5_init(EVP_MD_CTX *ctx);
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_md5_md = NULL;
static const EVP_MD *digest_md5(void)
{
if (_hidden_md5_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(MD5_CTX))
|| !EVP_MD_meth_set_flags(md, 0)
|| !EVP_MD_meth_set_init(md, digest_md5_init)
|| !EVP_MD_meth_set_update(md, digest_md5_update)
|| !EVP_MD_meth_set_final(md, digest_md5_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_md5_md = md;
}
return _hidden_md5_md;
}
/* SHA1 */
static int digest_sha1_init(EVP_MD_CTX *ctx);
static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_sha1_md = NULL;
static const EVP_MD *digest_sha1(void)
{
if (_hidden_sha1_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha1_init)
|| !EVP_MD_meth_set_update(md, digest_sha1_update)
|| !EVP_MD_meth_set_final(md, digest_sha1_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha1_md = md;
}
return _hidden_sha1_md;
}
/* SHA256 */
static int digest_sha256_init(EVP_MD_CTX *ctx);
static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_sha256_md = NULL;
static const EVP_MD *digest_sha256(void)
{
if (_hidden_sha256_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA256_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha256_init)
|| !EVP_MD_meth_set_update(md, digest_sha256_update)
|| !EVP_MD_meth_set_final(md, digest_sha256_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha256_md = md;
}
return _hidden_sha256_md;
}
/* SHA384/SHA512 */
static int digest_sha384_init(EVP_MD_CTX *ctx);
static int digest_sha512_init(EVP_MD_CTX *ctx);
static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_sha384_md = NULL;
static const EVP_MD *digest_sha384(void)
{
if (_hidden_sha384_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA512_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha384_init)
|| !EVP_MD_meth_set_update(md, digest_sha512_update)
|| !EVP_MD_meth_set_final(md, digest_sha384_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha384_md = md;
}
return _hidden_sha384_md;
}
static EVP_MD *_hidden_sha512_md = NULL;
static const EVP_MD *digest_sha512(void)
{
if (_hidden_sha512_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA512_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha512_init)
|| !EVP_MD_meth_set_update(md, digest_sha512_update)
|| !EVP_MD_meth_set_final(md, digest_sha512_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha512_md = md;
}
return _hidden_sha512_md;
}
static void destroy_digests(void)
{
EVP_MD_meth_free(_hidden_md5_md);
_hidden_md5_md = NULL;
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
EVP_MD_meth_free(_hidden_sha256_md);
_hidden_sha256_md = NULL;
EVP_MD_meth_free(_hidden_sha384_md);
_hidden_sha384_md = NULL;
EVP_MD_meth_free(_hidden_sha512_md);
_hidden_sha512_md = NULL;
}
static int ossltest_digest_nids(const int **nids)
{
static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
static int pos = 0;
static int init = 0;
if (!init) {
const EVP_MD *md;
if ((md = digest_md5()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha1()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha256()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha384()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha512()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
digest_nids[pos] = 0;
init = 1;
}
*nids = digest_nids;
return pos;
}
/* Setup ciphers */
static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
const int **, int);
static int ossltest_cipher_nids[] = {
NID_aes_128_cbc, 0
};
/* AES128 */
int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
static const EVP_CIPHER *ossltest_aes_128_cbc(void)
{
if (_hidden_aes_128_cbc == NULL
&& ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
16 /* block size */,
16 /* key len */)) == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_CBC_MODE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
ossltest_aes128_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
ossltest_aes128_cbc_cipher)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
return _hidden_aes_128_cbc;
}
static void destroy_ciphers(void)
{
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
static int bind_ossltest(ENGINE *e)
{
/* Ensure the ossltest error handling is set up */
ERR_load_OSSLTEST_strings();
if (!ENGINE_set_id(e, engine_ossltest_id)
|| !ENGINE_set_name(e, engine_ossltest_name)
|| !ENGINE_set_digests(e, ossltest_digests)
|| !ENGINE_set_ciphers(e, ossltest_ciphers)
|| !ENGINE_set_destroy_function(e, ossltest_destroy)
|| !ENGINE_set_init_function(e, ossltest_init)
|| !ENGINE_set_finish_function(e, ossltest_finish)) {
OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
return 0;
}
return 1;
}
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_ossltest_id) != 0))
return 0;
if (!bind_ossltest(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
#endif
static ENGINE *engine_ossltest(void)
{
ENGINE *ret = ENGINE_new();
if (ret == NULL)
return NULL;
if (!bind_ossltest(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_ossltest(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_ossltest();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
static int ossltest_init(ENGINE *e)
{
return 1;
}
static int ossltest_finish(ENGINE *e)
{
return 1;
}
static int ossltest_destroy(ENGINE *e)
{
destroy_digests();
destroy_ciphers();
ERR_unload_OSSLTEST_strings();
return 1;
}
static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
int ok = 1;
if (!digest) {
/* We are returning a list of supported nids */
return ossltest_digest_nids(nids);
}
/* We are being asked for a specific digest */
switch (nid) {
case NID_md5:
*digest = digest_md5();
break;
case NID_sha1:
*digest = digest_sha1();
break;
case NID_sha256:
*digest = digest_sha256();
break;
case NID_sha384:
*digest = digest_sha384();
break;
case NID_sha512:
*digest = digest_sha512();
break;
default:
ok = 0;
*digest = NULL;
break;
}
return ok;
}
static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int ok = 1;
if (!cipher) {
/* We are returning a list of supported nids */
*nids = ossltest_cipher_nids;
return (sizeof(ossltest_cipher_nids) - 1)
/ sizeof(ossltest_cipher_nids[0]);
}
/* We are being asked for a specific cipher */
switch (nid) {
case NID_aes_128_cbc:
*cipher = ossltest_aes_128_cbc();
break;
default:
ok = 0;
*cipher = NULL;
break;
}
return ok;
}
static void fill_known_data(unsigned char *md, unsigned int len)
{
unsigned int i;
for (i=0; i<len; i++) {
md[i] = (unsigned char)(i & 0xff);
}
}
/*
* MD5 implementation. We go through the motions of doing MD5 by deferring to
* the standard implementation. Then we overwrite the result with a will defined
* value, so that all "MD5" digests using the test engine always end up with
* the same value.
*/
#undef data
#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_md5_init(EVP_MD_CTX *ctx)
{
return MD5_Init(data(ctx));
}
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return MD5_Update(data(ctx), data, (size_t)count);
}
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = MD5_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, MD5_DIGEST_LENGTH);
}
return ret;
}
/*
* SHA1 implementation.
*/
#undef data
#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha1_init(EVP_MD_CTX *ctx)
{
return SHA1_Init(data(ctx));
}
static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return SHA1_Update(data(ctx), data, (size_t)count);
}
static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = SHA1_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA_DIGEST_LENGTH);
}
return ret;
}
/*
* SHA256 implementation.
*/
#undef data
#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha256_init(EVP_MD_CTX *ctx)
{
return SHA256_Init(data(ctx));
}
static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return SHA256_Update(data(ctx), data, (size_t)count);
}
static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = SHA256_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA256_DIGEST_LENGTH);
}
return ret;
}
/*
* SHA384/512 implementation.
*/
#undef data
#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha384_init(EVP_MD_CTX *ctx)
{
return SHA384_Init(data(ctx));
}
static int digest_sha512_init(EVP_MD_CTX *ctx)
{
return SHA512_Init(data(ctx));
}
static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return SHA512_Update(data(ctx), data, (size_t)count);
}
static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
/* Actually uses SHA512_Final! */
ret = SHA512_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA384_DIGEST_LENGTH);
}
return ret;
}
static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = SHA512_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA512_DIGEST_LENGTH);
}
return ret;
}
/*
* AES128 Implementation
*/
int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
}
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
unsigned char *tmpbuf;
int ret;
tmpbuf = OPENSSL_malloc(inl);
if (tmpbuf == NULL)
return -1;
/* Remember what we were asked to encrypt */
memcpy(tmpbuf, in, inl);
/* Go through the motions of encrypting it */
ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
/* Throw it all away and just use the plaintext as the output */
memcpy(out, tmpbuf, inl);
OPENSSL_free(tmpbuf);
return ret;
}

1
engines/e_ossltest.ec Normal file
View File

@@ -0,0 +1 @@
L OSSLTEST e_ossltest_err.h e_ossltest_err.c

89
engines/e_ossltest_err.c Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_ossltest_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA OSSLTEST_str_functs[] = {
{ERR_FUNC(OSSLTEST_F_BIND_OSSLTEST), "BIND_OSSLTEST"},
{ERR_FUNC(OSSLTEST_F_OSSLTEST_AES128_INIT_KEY),
"OSSLTEST_AES128_INIT_KEY"},
{0, NULL}
};
static ERR_STRING_DATA OSSLTEST_str_reasons[] = {
{ERR_REASON(OSSLTEST_R_INIT_FAILED), "init failed"},
{0, NULL}
};
#endif
#ifdef OSSLTEST_LIB_NAME
static ERR_STRING_DATA OSSLTEST_lib_name[] = {
{0, OSSLTEST_LIB_NAME},
{0, NULL}
};
#endif
static int OSSLTEST_lib_error_code = 0;
static int OSSLTEST_error_init = 1;
static void ERR_load_OSSLTEST_strings(void)
{
if (OSSLTEST_lib_error_code == 0)
OSSLTEST_lib_error_code = ERR_get_next_error_library();
if (OSSLTEST_error_init) {
OSSLTEST_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs);
ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons);
#endif
#ifdef OSSLTEST_LIB_NAME
OSSLTEST_lib_name->error = ERR_PACK(OSSLTEST_lib_error_code, 0, 0);
ERR_load_strings(0, OSSLTEST_lib_name);
#endif
}
}
static void ERR_unload_OSSLTEST_strings(void)
{
if (OSSLTEST_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs);
ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons);
#endif
#ifdef OSSLTEST_LIB_NAME
ERR_unload_strings(0, OSSLTEST_lib_name);
#endif
OSSLTEST_error_init = 1;
}
}
static void ERR_OSSLTEST_error(int function, int reason, char *file, int line)
{
if (OSSLTEST_lib_error_code == 0)
OSSLTEST_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(OSSLTEST_lib_error_code, function, reason, file, line);
}

41
engines/e_ossltest_err.h Normal file
View File

@@ -0,0 +1,41 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#ifndef HEADER_OSSLTEST_ERR_H
# define HEADER_OSSLTEST_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
static void ERR_load_OSSLTEST_strings(void);
static void ERR_unload_OSSLTEST_strings(void);
static void ERR_OSSLTEST_error(int function, int reason, char *file, int line);
# define OSSLTESTerr(f,r) ERR_OSSLTEST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
/* Error codes for the OSSLTEST functions. */
/* Function codes. */
# define OSSLTEST_F_BIND_OSSLTEST 100
# define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY 101
/* Reason codes. */
# define OSSLTEST_R_INIT_FAILED 100
#ifdef __cplusplus
}
#endif
#endif

1205
engines/e_padlock.c
View File

File diff suppressed because it is too large Load Diff

798
engines/e_skf.c
View File

@@ -1,798 +0,0 @@
/* engines/e_skf.c */
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/rsa.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/obj_mac.h>
#include <openssl/objects.h>
#include <openssl/ssf33.h>
#include <openssl/sm1.h>
#include <openssl/sm2.h>
#include <openssl/sm3.h>
#include <openssl/sms4.h>
#include <openssl/sm9.h>
#include <openssl/ossl_typ.h>
#include <openssl/skf.h>
#include <openssl/skf_ex.h>
#include "e_skf_err.c"
#include "../crypto/ecdsa/ecs_locl.h"
static DEVHANDLE hDev = NULL;
static HAPPLICATION hApp = NULL;
static HCONTAINER hContainer = NULL;
static int isDevAuthenticated = 0;
static int isPinVerified = 0;
#define SKF_CMD_SO_PATH ENGINE_CMD_BASE
#define SKF_CMD_OPEN_DEV (ENGINE_CMD_BASE + 1)
#define SKF_CMD_DEV_AUTH (ENGINE_CMD_BASE + 2)
#define SKF_CMD_OPEN_APP (ENGINE_CMD_BASE + 3)
#define SKF_CMD_VERIFY_PIN (ENGINE_CMD_BASE + 4)
#define SKF_CMD_OPEN_CONTAINER (ENGINE_CMD_BASE + 5)
static const ENGINE_CMD_DEFN skf_cmd_defns[] = {
{SKF_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the vendor's SKF shared library",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_OPEN_DEV,
"OPEN_DEVICE",
"Connect SKF device with device name",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_DEV_AUTH,
"DEV_AUTH",
"Authenticate to device with authentication key",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_OPEN_APP,
"OPEN_APP",
"Open application with specified application name",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_VERIFY_PIN,
"VERIFY_PIN",
"Authenticate to application with USER PIN",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_OPEN_CONTAINER,
"OPEN_CONTAINER",
"Open container with specified container name",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0},
};
static int open_dev(const char *devname)
{
ULONG rv;
DEVINFO devInfo;
if (hDev) {
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_DEV_ALREADY_CONNECTED);
return 0;
}
if ((rv = SKF_ConnectDev((LPSTR)devname, &hDev)) != SAR_OK) {
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_CONNECT_DEV_FAILED);
return 0;
}
if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) {
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_GET_DEV_INFO_FAILED);
return 0;
}
return 1;
}
static int dev_auth(const char *hexauthkey)
{
int ret = 0;
ULONG rv;
const EVP_CIPHER *cipher = EVP_sms4_ecb();
EVP_CIPHER_CTX *ctx = NULL;
unsigned char authkey[EVP_MAX_KEY_LENGTH];
unsigned char authrand[SMS4_BLOCK_SIZE];
unsigned char authdata[SMS4_BLOCK_SIZE];
unsigned int len;
if (!hDev) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_DEV_IS_NOT_CONNECTED);
return 0;
}
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_DEV_ALREADY_AUTHENTICATED);
return 0;
}
len = 16; //FIXME: or 8?
memset(authrand, 0, sizeof(authrand));
if ((rv = SKF_GenRandom(hDev, authrand, len)) != SAR_OK) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_SKF_GEN_RANDOM_FAILED);
goto end;
}
if (!(ctx = EVP_CIPHER_CTX_new())) {
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_EncryptInit(ctx, cipher, authkey, NULL)) {
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_Cipher(ctx, authdata, authrand, sizeof(authrand))) {
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
goto end;
}
if ((rv = SKF_DevAuth(hDev, authdata, sizeof(authdata))) != SAR_OK) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_SKF_DEV_AUTH_FAILED);
goto end;
}
isDevAuthenticated = 1;
ret = 1;
end:
EVP_CIPHER_CTX_free(ctx);
return ret;
}
static int open_app(const char *appname)
{
ULONG rv;
if (!hDev) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_DEV_NOT_CONNECTED);
return 0;
}
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_DEV_NOT_AUTHENTICATED);
return 0;
}
if (hApp) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_APP_ALREADY_OPENED);
return 0;
}
if ((rv = SKF_OpenApplication(hDev, (LPSTR)appname, &hApp)) != SAR_OK) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_SKF_OPEN_APPLICATION_FAILED);
return 0;
}
return 1;
}
static int verify_pin(const char *userpin)
{
ULONG rv;
ULONG retryCount;
if (!hDev) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_DEV_NOT_CONNECTED);
return 0;
}
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_DEV_NOT_AUTHENCATED);
return 0;
}
if (!hApp) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_APP_NOT_OPENED);
return 0;
}
if ((rv = SKF_VerifyPIN(hApp, USER_TYPE, (LPSTR)userpin, &retryCount)) != SAR_OK) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_SKF_VERIFY_PIN_FAILED);
return 0;
}
isPinVerified = 1;
return 1;
}
static int open_container(const char *containername)
{
ULONG rv;
if (!hDev) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_DEV_NOT_CONNECTED);
return 0;
}
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_DEV_NOT_AUTHENTICATED);
return 0;
}
if (!hApp) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_APP_NOT_OPENED);
return 0;
}
if (!isPinVerified) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_PIN_NOT_VERIFIED);
return 0;
}
if (hContainer) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_CONTAINER_ALREADY_OPENED);
return 0;
}
if ((rv = SKF_OpenContainer(hApp, (LPSTR)containername, &hContainer)) != SAR_OK) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_SKF_OPEN_CONTAINER_FAILED);
return 0;
}
/*
*/
return 1;
}
static int skf_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
{
switch (cmd) {
case SKF_CMD_OPEN_DEV:
return open_dev(p);
case SKF_CMD_DEV_AUTH:
return dev_auth(p);
case SKF_CMD_OPEN_APP:
return open_app(p);
case SKF_CMD_VERIFY_PIN:
return verify_pin(p);
case SKF_CMD_OPEN_CONTAINER:
return open_container(p);
}
ESKFerr(ESKF_F_SKF_ENGINE_CTRL, ESKF_R_INVALID_CTRL_CMD);
return 0;
}
static EVP_PKEY *skf_load_pubkey(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data)
{
ULONG rv, len;
EVP_PKEY *ret = NULL;
EC_KEY *ec_key = NULL;
RSA *rsa = NULL;
ECCPUBLICKEYBLOB eccblob;
RSAPUBLICKEYBLOB rsablob;
ULONG containerType;
if (!hContainer) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_CONTAINER_NOT_OPENED);
return 0;
}
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED);
return 0;
}
if (containerType == CONTAINER_TYPE_ECC) {
len = sizeof(eccblob);
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, (BYTE *)&eccblob, &len)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED);
return 0;
}
if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(&eccblob))) {
return 0;
}
EVP_PKEY_set1_EC_KEY(ret, ec_key);
ec_key = NULL;
} else if (containerType == CONTAINER_TYPE_RSA) {
len = sizeof(rsablob);
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, (BYTE *)&rsablob, &len)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED);
return 0;
}
if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(&rsablob))) {
return 0;
}
EVP_PKEY_set1_RSA(ret, rsa);
rsa = NULL;
} else {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_INVALID_CONTAINER_TYPE);
return 0;
}
return ret;
}
static int skf_init(ENGINE *e)
{
return 1;
}
static int skf_finish(ENGINE *e)
{
ULONG rv;
if (hDev) {
if ((rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_FINISH, ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED);
return 0;
}
}
return 1;
}
static int skf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
ULONG rv;
ULONG ulAlgID;
if (!SKF_nid_to_encparam(EVP_CIPHER_CTX_nid(ctx), &ulAlgID, NULL)) {
return 0;
}
if ((rv = SKF_SetSymmKey(hDev, (BYTE *)key, ulAlgID, &(ctx->cipher_data))) != SAR_OK) {
ESKFerr(ESKF_F_SKF_INIT_KEY, ESKF_R_SKF_SET_SYMMKEY_FAILED);
return 0;
}
return 1;
}
static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
ULONG rv;
BLOCKCIPHERPARAM param;
ULONG ulDataLen, ulEncryptedLen;
BYTE block[MAX_IV_LEN] = {0};
memcpy(&(param.IV), ctx->iv, ctx->cipher->block_size);
param.IVLen = ctx->cipher->block_size;
param.PaddingType = SKF_NO_PADDING;
param.FeedBitLen = 0;
if (ctx->encrypt) {
if ((rv = SKF_EncryptInit(ctx->cipher_data, param)) != SAR_OK) {
return 0;
}
} else {
if ((rv = SKF_DecryptInit(ctx->cipher_data, param)) != SAR_OK) {
return 0;
}
}
ulDataLen = len - len % ctx->cipher->block_size;
if (ctx->encrypt) {
if ((rv = SKF_EncryptUpdate(ctx->cipher_data, (BYTE *)in, ulDataLen,
(BYTE *)out, &ulEncryptedLen)) != SAR_OK) {
return 0;
}
} else {
if ((rv = SKF_DecryptUpdate(ctx->cipher_data, (BYTE *)in, ulDataLen,
(BYTE *)out, &ulEncryptedLen)) != SAR_OK) {
return 0;
}
}
in += ulDataLen;
out += ulEncryptedLen;
memcpy(block, in, len - ulDataLen);
if (ctx->encrypt) {
if ((rv = SKF_EncryptUpdate(ctx->cipher_data, block, ctx->cipher->block_size,
out, &ulEncryptedLen)) != SAR_OK) {
return 0;
}
} else {
return 0;
}
return 1;
}
#define BLOCK_CIPHER_generic(cipher,mode,MODE) \
static const EVP_CIPHER skf_##cipher##_##mode = { \
NID_##cipher##_##mode, \
16,16,16, \
EVP_CIPH_##MODE##_MODE, \
skf_init_key, \
skf_cipher, \
NULL, \
sizeof(HANDLE), \
NULL,NULL,NULL,NULL };
BLOCK_CIPHER_generic(ssf33,ecb,ECB)
BLOCK_CIPHER_generic(ssf33,cbc,CBC)
BLOCK_CIPHER_generic(ssf33,cfb1,CFB)
BLOCK_CIPHER_generic(ssf33,cfb8,CFB)
BLOCK_CIPHER_generic(ssf33,cfb128,CFB)
BLOCK_CIPHER_generic(ssf33,ofb128,OFB)
BLOCK_CIPHER_generic(sm1,ecb,ECB)
BLOCK_CIPHER_generic(sm1,cbc,CBC)
BLOCK_CIPHER_generic(sm1,cfb1,CFB)
BLOCK_CIPHER_generic(sm1,cfb8,CFB)
BLOCK_CIPHER_generic(sm1,cfb128,CFB)
BLOCK_CIPHER_generic(sm1,ofb128,OFB)
BLOCK_CIPHER_generic(sms4,ecb,ECB)
BLOCK_CIPHER_generic(sms4,cbc,CBC)
BLOCK_CIPHER_generic(sms4,cfb1,CFB)
BLOCK_CIPHER_generic(sms4,cfb8,CFB)
BLOCK_CIPHER_generic(sms4,cfb128,CFB)
BLOCK_CIPHER_generic(sms4,ofb128,OFB)
static int skf_cipher_nids[] = {
NID_ssf33_ecb,
NID_ssf33_cbc,
NID_ssf33_cfb1,
NID_ssf33_cfb8,
NID_ssf33_cfb128,
NID_ssf33_ofb128,
NID_sm1_ecb,
NID_sm1_cbc,
NID_sm1_cfb1,
NID_sm1_cfb8,
NID_sm1_cfb128,
NID_sm1_ofb128,
NID_sms4_ecb,
NID_sms4_cbc,
NID_sms4_cfb1,
NID_sms4_cfb8,
NID_sms4_cfb128,
NID_sms4_ofb128,
};
static int skf_num_ciphers = sizeof(skf_cipher_nids)/sizeof(skf_cipher_nids[0]);
static int skf_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
{
if (!cipher) {
*nids = skf_cipher_nids;
return skf_num_ciphers;
}
switch (nid) {
case NID_ssf33_ecb:
*cipher = &skf_ssf33_ecb;
break;
case NID_ssf33_cbc:
*cipher = &skf_ssf33_cbc;
break;
case NID_ssf33_cfb128:
*cipher = &skf_ssf33_cfb128;
break;
case NID_ssf33_ofb128:
*cipher = &skf_ssf33_ofb128;
break;
case NID_sm1_ecb:
*cipher = &skf_sm1_ecb;
break;
case NID_sm1_cbc:
*cipher = &skf_sm1_cbc;
break;
case NID_sm1_cfb128:
*cipher = &skf_sm1_cfb128;
break;
case NID_sm1_ofb128:
*cipher = &skf_sm1_ofb128;
break;
case NID_sms4_ecb:
*cipher = &skf_sms4_ecb;
break;
case NID_sms4_cbc:
*cipher = &skf_sms4_cbc;
break;
case NID_sms4_cfb128:
*cipher = &skf_sms4_cfb128;
break;
case NID_sms4_ofb128:
*cipher = &skf_sms4_ofb128;
break;
default:
*cipher = NULL;
return 0;
}
return 1;
}
int skf_rand_bytes(unsigned char *buf, int num)
{
ULONG rv;
if ((rv = SKF_GenRandom(hDev, buf, (ULONG)num)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_RAND_BYTES, ESKF_R_GEN_RANDOM_FAILED);
return 0;
}
return 1;
}
static RAND_METHOD skf_rand = {
NULL,
skf_rand_bytes,
NULL,
NULL,
skf_rand_bytes,
NULL,
};
static int skf_sm3_init(EVP_MD_CTX *ctx)
{
ULONG rv;
if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0, &(ctx->md_data))) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_INIT, ESKF_R_SKF_DIGEST_INIT_FAILED);
return 0;
}
return 1;
}
static int skf_sm3_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
ULONG rv;
BYTE *pbData = (BYTE *)data;
ULONG ulDataLen = (ULONG)count;
if ((rv = SKF_DigestUpdate(ctx->md_data, pbData, ulDataLen)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_UPDATE, ESKF_R_SKF_DIGEST_UPDATE_FAILED);
return 0;
}
return 1;
}
static int skf_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
{
ULONG rv;
BYTE *pHashData = (BYTE *)md;
ULONG ulHashLen = SM3_DIGEST_LENGTH;
if ((rv = SKF_DigestFinal(ctx->md_data, pHashData, &ulHashLen)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_DIGEST_FINAL_FAILED);
return 0;
}
if ((rv = SKF_CloseHandle(ctx->md_data)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_CLOSE_HANDLE_FAILED);
return 0;
}
ctx->md_data = NULL;
return 1;
}
static const EVP_MD skf_sm3 = {
NID_sm3,
0,
SM3_DIGEST_LENGTH,
0,
skf_sm3_init,
skf_sm3_update,
skf_sm3_final,
NULL,
NULL,
EVP_PKEY_NULL_method,
SM3_BLOCK_SIZE,
sizeof(EVP_MD *) + sizeof(HANDLE),
NULL,
};
static int skf_digest_nids[] = { NID_sm3, };
static int skf_num_digests = sizeof(skf_digest_nids)/sizeof(skf_digest_nids[0]);
static int skf_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
{
if (!digest) {
*nids = skf_digest_nids;
return skf_num_digests;
}
switch (nid) {
case NID_sm3:
*digest = &skf_sm3;
break;
default:
*digest = NULL;
return 0;
}
return 1;
}
static int skf_rsa_sign(int type, const unsigned char *m, unsigned int mlen,
unsigned char *sig, unsigned int *siglen, const RSA *rsa)
{
ULONG rv;
BYTE *data = (BYTE *)m;
ULONG dataLen = (ULONG)mlen;
BYTE signature[1024];
ULONG sigLen;
/* we need to check if container type is RSA */
sigLen = (ULONG)sizeof(signature);
if ((rv = SKF_RSASignData(hContainer, data, dataLen, signature, &sigLen)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_RSA_SIGN, ESKF_R_SIGN_FAILED);
return 0;
}
/* do we need to convert signature format? */
memcpy(sig, signature, sigLen);
*siglen = (unsigned int)sigLen;
return 1;
}
static RSA_METHOD skf_rsa = {
"SKF RSA method",
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
RSA_FLAG_SIGN_VER,
NULL,
skf_rsa_sign,
NULL,
NULL,
};
static ECDSA_METHOD skf_sm2sign = {
"SKF ECDSA method (SM2 signature)",
NULL,
NULL,
NULL,
0,
NULL,
};
static ECDSA_SIG *skf_sm2_do_sign(const unsigned char *dgst, int dgstlen,
const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key)
{
ECDSA_SIG *ret = NULL;
BYTE *pbDigest = (BYTE *)dgst;
ULONG ulDigestLen = (ULONG)dgstlen;
ECCSIGNATUREBLOB sigBlob;
ULONG rv;
int ok = 0;
if (a || b) {
}
if ((rv = SKF_ECCSignData(hContainer, pbDigest, ulDigestLen, &sigBlob)) != SAR_OK) {
goto end;
}
if (!(ret = ECDSA_SIG_new())) {
goto end;
}
if (!ECDSA_SIG_set_ECCSIGNATUREBLOB(ret, &sigBlob)) {
goto end;
}
ok = 1;
end:
if (!ok && ret) {
ECDSA_SIG_free(ret);
ret = NULL;
}
return ret;
}
#ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_skf(void)
{
ENGINE *ret = ENGINE_new();
if (!ret) {
return NULL;
}
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_skf(void)
{
ENGINE *e_skf = engine_skf();
if (!e_skf) {
return;
}
ENGINE_add(e_skf);
ENGINE_free(e_skf);
ERR_clear_error();
}
#endif
static const char *engine_skf_id = "SKF";
static const char *engine_skf_name = "SKF API Hardware Engine";
static int bind(ENGINE *e, const char *id)
{
if (id && strcmp(id, engine_skf_id)) {
return 0;
}
if (!ENGINE_set_id(e, engine_skf_id) ||
!ENGINE_set_name(e, engine_skf_name) ||
!ENGINE_set_init_function(e, skf_init) ||
!ENGINE_set_finish_function(e, skf_finish) ||
!ENGINE_set_ctrl_function(e, skf_engine_ctrl) ||
!ENGINE_set_destroy_function(e, NULL) || //FIXME
!ENGINE_set_digests(e, skf_digests) ||
!ENGINE_set_ciphers(e, skf_ciphers) ||
!ENGINE_set_load_pubkey_function(e, skf_load_pubkey) ||
!ENGINE_set_ECDSA(e, NULL) || //FIXME
!ENGINE_set_RSA(e, &skf_rsa) ||
!ENGINE_set_RAND(e, &skf_rand)) {
return 0;
}
return 1;
}
IMPLEMENT_DYNAMIC_BIND_FN(bind);
IMPLEMENT_DYNAMIC_CHECK_FN();

1
engines/e_skf.ec
View File

@@ -1 +0,0 @@
L ESKF e_skf_err.h e_skf_err.c

189
engines/e_skf_err.c
View File

@@ -1,189 +0,0 @@
/* e_skf_err.c */
/* ====================================================================
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_skf_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA ESKF_str_functs[] = {
{ERR_FUNC(ESKF_F_DEV_AUTH), "DEV_AUTH"},
{ERR_FUNC(ESKF_F_OPEN_APP), "OPEN_APP"},
{ERR_FUNC(ESKF_F_OPEN_CONTAINER), "OPEN_CONTAINER"},
{ERR_FUNC(ESKF_F_OPEN_DEV), "OPEN_DEV"},
{ERR_FUNC(ESKF_F_SET_AUTHKEY), "SET_AUTHKEY"},
{ERR_FUNC(ESKF_F_SET_USERPIN), "SET_USERPIN"},
{ERR_FUNC(ESKF_F_SKF_CIPHER), "SKF_CIPHER"},
{ERR_FUNC(ESKF_F_SKF_CIPHERS), "SKF_CIPHERS"},
{ERR_FUNC(ESKF_F_SKF_DIGESTS), "SKF_DIGESTS"},
{ERR_FUNC(ESKF_F_SKF_ENGINE_CTRL), "SKF_ENGINE_CTRL"},
{ERR_FUNC(ESKF_F_SKF_FINISH), "SKF_FINISH"},
{ERR_FUNC(ESKF_F_SKF_INIT), "SKF_INIT"},
{ERR_FUNC(ESKF_F_SKF_INIT_KEY), "SKF_INIT_KEY"},
{ERR_FUNC(ESKF_F_SKF_LOAD_PUBKEY), "SKF_LOAD_PUBKEY"},
{ERR_FUNC(ESKF_F_SKF_RAND_BYTES), "SKF_RAND_BYTES"},
{ERR_FUNC(ESKF_F_SKF_RSA_SIGN), "SKF_RSA_SIGN"},
{ERR_FUNC(ESKF_F_SKF_SM2_DO_SIGN), "SKF_SM2_DO_SIGN"},
{ERR_FUNC(ESKF_F_SKF_SM3_FINAL), "SKF_SM3_FINAL"},
{ERR_FUNC(ESKF_F_SKF_SM3_INIT), "SKF_SM3_INIT"},
{ERR_FUNC(ESKF_F_SKF_SM3_UPDATE), "SKF_SM3_UPDATE"},
{ERR_FUNC(ESKF_F_VERIFY_PIN), "VERIFY_PIN"},
{0, NULL}
};
static ERR_STRING_DATA ESKF_str_reasons[] = {
{ERR_REASON(ESKF_R_APP_ALREADY_OPENED), "app already opened"},
{ERR_REASON(ESKF_R_APP_NOT_OPENED), "app not opened"},
{ERR_REASON(ESKF_R_CONTAINER_ALREADY_OPENED), "container already opened"},
{ERR_REASON(ESKF_R_CONTAINER_NOT_OPENED), "container not opened"},
{ERR_REASON(ESKF_R_DEV_ALREADY_AUTHENTICATED),
"dev already authenticated"},
{ERR_REASON(ESKF_R_DEV_ALREADY_CONNECTED), "dev already connected"},
{ERR_REASON(ESKF_R_DEV_IS_NOT_CONNECTED), "dev is not connected"},
{ERR_REASON(ESKF_R_DEV_NOT_AUTHENCATED), "dev not authencated"},
{ERR_REASON(ESKF_R_DEV_NOT_AUTHENTICATED), "dev not authenticated"},
{ERR_REASON(ESKF_R_DEV_NOT_CONNECTED), "dev not connected"},
{ERR_REASON(ESKF_R_GEN_RANDOM_FAILED), "gen random failed"},
{ERR_REASON(ESKF_R_INVALID_CONTAINER_TYPE), "invalid container type"},
{ERR_REASON(ESKF_R_INVALID_CTRL_CMD), "invalid ctrl cmd"},
{ERR_REASON(ESKF_R_NOT_IMPLEMENTED), "not implemented"},
{ERR_REASON(ESKF_R_PIN_NOT_VERIFIED), "pin not verified"},
{ERR_REASON(ESKF_R_SIGN_FAILED), "sign failed"},
{ERR_REASON(ESKF_R_SKF_CLOSE_HANDLE_FAILED), "skf close handle failed"},
{ERR_REASON(ESKF_R_SKF_CONNECT_DEV_FAILED), "skf connect dev failed"},
{ERR_REASON(ESKF_R_SKF_DEV_AUTH_FAILED), "skf dev auth failed"},
{ERR_REASON(ESKF_R_SKF_DIGEST_FINAL_FAILED), "skf digest final failed"},
{ERR_REASON(ESKF_R_SKF_DIGEST_INIT_FAILED), "skf digest init failed"},
{ERR_REASON(ESKF_R_SKF_DIGEST_UPDATE_FAILED), "skf digest update failed"},
{ERR_REASON(ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED),
"skf dis connnect dev failed"},
{ERR_REASON(ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED),
"skf export public key failed"},
{ERR_REASON(ESKF_R_SKF_GEN_RANDOM_FAILED), "skf gen random failed"},
{ERR_REASON(ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED),
"skf get container type failed"},
{ERR_REASON(ESKF_R_SKF_GET_DEV_INFO_FAILED), "skf get dev info failed"},
{ERR_REASON(ESKF_R_SKF_OPEN_APPLICATION_FAILED),
"skf open application failed"},
{ERR_REASON(ESKF_R_SKF_OPEN_CONTAINER_FAILED),
"skf open container failed"},
{ERR_REASON(ESKF_R_SKF_SET_SYMMKEY_FAILED), "skf set symmkey failed"},
{ERR_REASON(ESKF_R_SKF_VERIFY_PIN_FAILED), "skf verify pin failed"},
{0, NULL}
};
#endif
#ifdef ESKF_LIB_NAME
static ERR_STRING_DATA ESKF_lib_name[] = {
{0, ESKF_LIB_NAME},
{0, NULL}
};
#endif
static int ESKF_lib_error_code = 0;
static int ESKF_error_init = 1;
static void ERR_load_ESKF_strings(void)
{
if (ESKF_lib_error_code == 0)
ESKF_lib_error_code = ERR_get_next_error_library();
if (ESKF_error_init) {
ESKF_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ESKF_lib_error_code, ESKF_str_functs);
ERR_load_strings(ESKF_lib_error_code, ESKF_str_reasons);
#endif
#ifdef ESKF_LIB_NAME
ESKF_lib_name->error = ERR_PACK(ESKF_lib_error_code, 0, 0);
ERR_load_strings(0, ESKF_lib_name);
#endif
}
}
static void ERR_unload_ESKF_strings(void)
{
if (ESKF_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(ESKF_lib_error_code, ESKF_str_functs);
ERR_unload_strings(ESKF_lib_error_code, ESKF_str_reasons);
#endif
#ifdef ESKF_LIB_NAME
ERR_unload_strings(0, ESKF_lib_name);
#endif
ESKF_error_init = 1;
}
}
static void ERR_ESKF_error(int function, int reason, char *file, int line)
{
if (ESKF_lib_error_code == 0)
ESKF_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(ESKF_lib_error_code, function, reason, file, line);
}

130
engines/e_skf_err.h
View File

@@ -1,130 +0,0 @@
/* engines/e_skf_err.h */
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#ifndef HEADER_E_SKF_ERR_H
#define HEADER_E_SKF_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_ESKF_strings(void);
static void ERR_unload_ESKF_strings(void);
static void ERR_ESKF_error(int function, int reason, char *file, int line);
# define ESKFerr(f,r) ERR_ESKF_error((f),(r),__FILE__,__LINE__)
/* Error codes for the ESKF functions. */
/* Function codes. */
# define ESKF_F_DEV_AUTH 119
# define ESKF_F_OPEN_APP 100
# define ESKF_F_OPEN_CONTAINER 101
# define ESKF_F_OPEN_DEV 102
# define ESKF_F_SET_AUTHKEY 103
# define ESKF_F_SET_USERPIN 104
# define ESKF_F_SKF_CIPHER 105
# define ESKF_F_SKF_CIPHERS 106
# define ESKF_F_SKF_DIGESTS 107
# define ESKF_F_SKF_ENGINE_CTRL 108
# define ESKF_F_SKF_FINISH 109
# define ESKF_F_SKF_INIT 110
# define ESKF_F_SKF_INIT_KEY 111
# define ESKF_F_SKF_LOAD_PUBKEY 112
# define ESKF_F_SKF_RAND_BYTES 113
# define ESKF_F_SKF_RSA_SIGN 114
# define ESKF_F_SKF_SM2_DO_SIGN 115
# define ESKF_F_SKF_SM3_FINAL 116
# define ESKF_F_SKF_SM3_INIT 117
# define ESKF_F_SKF_SM3_UPDATE 118
# define ESKF_F_VERIFY_PIN 120
/* Reason codes. */
# define ESKF_R_APP_ALREADY_OPENED 101
# define ESKF_R_APP_NOT_OPENED 102
# define ESKF_R_CONTAINER_ALREADY_OPENED 103
# define ESKF_R_CONTAINER_NOT_OPENED 104
# define ESKF_R_DEV_ALREADY_AUTHENTICATED 105
# define ESKF_R_DEV_ALREADY_CONNECTED 106
# define ESKF_R_DEV_IS_NOT_CONNECTED 107
# define ESKF_R_DEV_NOT_AUTHENCATED 108
# define ESKF_R_DEV_NOT_AUTHENTICATED 109
# define ESKF_R_DEV_NOT_CONNECTED 110
# define ESKF_R_GEN_RANDOM_FAILED 111
# define ESKF_R_INVALID_CONTAINER_TYPE 112
# define ESKF_R_INVALID_CTRL_CMD 113
# define ESKF_R_NOT_IMPLEMENTED 100
# define ESKF_R_PIN_NOT_VERIFIED 114
# define ESKF_R_SIGN_FAILED 130
# define ESKF_R_SKF_CLOSE_HANDLE_FAILED 124
# define ESKF_R_SKF_CONNECT_DEV_FAILED 115
# define ESKF_R_SKF_DEV_AUTH_FAILED 116
# define ESKF_R_SKF_DIGEST_FINAL_FAILED 125
# define ESKF_R_SKF_DIGEST_INIT_FAILED 126
# define ESKF_R_SKF_DIGEST_UPDATE_FAILED 127
# define ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED 128
# define ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED 117
# define ESKF_R_SKF_GEN_RANDOM_FAILED 118
# define ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED 119
# define ESKF_R_SKF_GET_DEV_INFO_FAILED 120
# define ESKF_R_SKF_OPEN_APPLICATION_FAILED 121
# define ESKF_R_SKF_OPEN_CONTAINER_FAILED 122
# define ESKF_R_SKF_SET_SYMMKEY_FAILED 129
# define ESKF_R_SKF_VERIFY_PIN_FAILED 123
#ifdef __cplusplus
}
#endif
#endif

1101
engines/e_sureware.c
View File

File diff suppressed because it is too large Load Diff

1
engines/e_sureware.ec
View File

@@ -1 +0,0 @@
L SUREWARE e_sureware_err.h e_sureware_err.c

154
engines/e_sureware_err.c
View File

@@ -1,154 +0,0 @@
/* e_sureware_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_sureware_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA SUREWARE_str_functs[] = {
{ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
{ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
{0, NULL}
};
static ERR_STRING_DATA SUREWARE_str_reasons[] = {
{ERR_REASON(SUREWARE_R_BIO_WAS_FREED), "bio was freed"},
{ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED), "padding check failed"},
{ERR_REASON(SUREWARE_R_REQUEST_FAILED), "request failed"},
{ERR_REASON(SUREWARE_R_REQUEST_FALLBACK), "request fallback"},
{ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
"size too large or too small"},
{ERR_REASON(SUREWARE_R_UNIT_FAILURE), "unit failure"},
{ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
{0, NULL}
};
#endif
#ifdef SUREWARE_LIB_NAME
static ERR_STRING_DATA SUREWARE_lib_name[] = {
{0, SUREWARE_LIB_NAME},
{0, NULL}
};
#endif
static int SUREWARE_lib_error_code = 0;
static int SUREWARE_error_init = 1;
static void ERR_load_SUREWARE_strings(void)
{
if (SUREWARE_lib_error_code == 0)
SUREWARE_lib_error_code = ERR_get_next_error_library();
if (SUREWARE_error_init) {
SUREWARE_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
#endif
#ifdef SUREWARE_LIB_NAME
SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code, 0, 0);
ERR_load_strings(0, SUREWARE_lib_name);
#endif
}
}
static void ERR_unload_SUREWARE_strings(void)
{
if (SUREWARE_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
#endif
#ifdef SUREWARE_LIB_NAME
ERR_unload_strings(0, SUREWARE_lib_name);
#endif
SUREWARE_error_init = 1;
}
}
static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
{
if (SUREWARE_lib_error_code == 0)
SUREWARE_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(SUREWARE_lib_error_code, function, reason, file, line);
}

104
engines/e_sureware_err.h
View File

@@ -1,104 +0,0 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_SUREWARE_ERR_H
# define HEADER_SUREWARE_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_SUREWARE_strings(void);
static void ERR_unload_SUREWARE_strings(void);
static void ERR_SUREWARE_error(int function, int reason, char *file,
int line);
# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
/* Error codes for the SUREWARE functions. */
/* Function codes. */
# define SUREWARE_F_SUREWAREHK_CTRL 100
# define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112
# define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
# define SUREWARE_F_SUREWAREHK_EX_FREE 102
# define SUREWARE_F_SUREWAREHK_FINISH 103
# define SUREWARE_F_SUREWAREHK_INIT 104
# define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105
# define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113
# define SUREWARE_F_SUREWAREHK_MODEXP 107
# define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
# define SUREWARE_F_SUREWAREHK_RAND_SEED 109
# define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
# define SUREWARE_F_SUREWAREHK_RSA_SIGN 111
# define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106
/* Reason codes. */
# define SUREWARE_R_BIO_WAS_FREED 100
# define SUREWARE_R_MISSING_KEY_COMPONENTS 105
# define SUREWARE_R_PADDING_CHECK_FAILED 106
# define SUREWARE_R_REQUEST_FAILED 101
# define SUREWARE_R_REQUEST_FALLBACK 102
# define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
# define SUREWARE_R_UNIT_FAILURE 104
# define SUREWARE_R_UNKNOWN_PADDING_TYPE 107
#ifdef __cplusplus
}
#endif
#endif

1085
engines/e_ubsec.c
View File

File diff suppressed because it is too large Load Diff

1
engines/e_ubsec.ec
View File

@@ -1 +0,0 @@
L UBSEC e_ubsec_err.h e_ubsec_err.c

154
engines/e_ubsec_err.c
View File

@@ -1,154 +0,0 @@
/* e_ubsec_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_ubsec_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA UBSEC_str_functs[] = {
{ERR_FUNC(UBSEC_F_UBSEC_CTRL), "UBSEC_CTRL"},
{ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY), "UBSEC_DH_COMPUTE_KEY"},
{ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY), "UBSEC_DH_GENERATE_KEY"},
{ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN), "UBSEC_DSA_DO_SIGN"},
{ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY), "UBSEC_DSA_VERIFY"},
{ERR_FUNC(UBSEC_F_UBSEC_FINISH), "UBSEC_FINISH"},
{ERR_FUNC(UBSEC_F_UBSEC_INIT), "UBSEC_INIT"},
{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP), "UBSEC_MOD_EXP"},
{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT), "UBSEC_MOD_EXP_CRT"},
{ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES), "UBSEC_RAND_BYTES"},
{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP), "UBSEC_RSA_MOD_EXP"},
{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT), "UBSEC_RSA_MOD_EXP_CRT"},
{0, NULL}
};
static ERR_STRING_DATA UBSEC_str_reasons[] = {
{ERR_REASON(UBSEC_R_ALREADY_LOADED), "already loaded"},
{ERR_REASON(UBSEC_R_BN_EXPAND_FAIL), "bn expand fail"},
{ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),
"ctrl command not implemented"},
{ERR_REASON(UBSEC_R_DSO_FAILURE), "dso failure"},
{ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS), "missing key components"},
{ERR_REASON(UBSEC_R_NOT_LOADED), "not loaded"},
{ERR_REASON(UBSEC_R_REQUEST_FAILED), "request failed"},
{ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
"size too large or too small"},
{ERR_REASON(UBSEC_R_UNIT_FAILURE), "unit failure"},
{0, NULL}
};
#endif
#ifdef UBSEC_LIB_NAME
static ERR_STRING_DATA UBSEC_lib_name[] = {
{0, UBSEC_LIB_NAME},
{0, NULL}
};
#endif
static int UBSEC_lib_error_code = 0;
static int UBSEC_error_init = 1;
static void ERR_load_UBSEC_strings(void)
{
if (UBSEC_lib_error_code == 0)
UBSEC_lib_error_code = ERR_get_next_error_library();
if (UBSEC_error_init) {
UBSEC_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_functs);
ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
#endif
#ifdef UBSEC_LIB_NAME
UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code, 0, 0);
ERR_load_strings(0, UBSEC_lib_name);
#endif
}
}
static void ERR_unload_UBSEC_strings(void)
{
if (UBSEC_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_functs);
ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
#endif
#ifdef UBSEC_LIB_NAME
ERR_unload_strings(0, UBSEC_lib_name);
#endif
UBSEC_error_init = 1;
}
}
static void ERR_UBSEC_error(int function, int reason, char *file, int line)
{
if (UBSEC_lib_error_code == 0)
UBSEC_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(UBSEC_lib_error_code, function, reason, file, line);
}

102
engines/e_ubsec_err.h
View File

@@ -1,102 +0,0 @@
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_UBSEC_ERR_H
# define HEADER_UBSEC_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_UBSEC_strings(void);
static void ERR_unload_UBSEC_strings(void);
static void ERR_UBSEC_error(int function, int reason, char *file, int line);
# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
/* Error codes for the UBSEC functions. */
/* Function codes. */
# define UBSEC_F_UBSEC_CTRL 100
# define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
# define UBSEC_F_UBSEC_DH_GENERATE_KEY 111
# define UBSEC_F_UBSEC_DSA_DO_SIGN 102
# define UBSEC_F_UBSEC_DSA_VERIFY 103
# define UBSEC_F_UBSEC_FINISH 104
# define UBSEC_F_UBSEC_INIT 105
# define UBSEC_F_UBSEC_MOD_EXP 106
# define UBSEC_F_UBSEC_MOD_EXP_CRT 110
# define UBSEC_F_UBSEC_RAND_BYTES 107
# define UBSEC_F_UBSEC_RSA_MOD_EXP 108
# define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
/* Reason codes. */
# define UBSEC_R_ALREADY_LOADED 100
# define UBSEC_R_BN_EXPAND_FAIL 101
# define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
# define UBSEC_R_DSO_FAILURE 103
# define UBSEC_R_MISSING_KEY_COMPONENTS 104
# define UBSEC_R_NOT_LOADED 105
# define UBSEC_R_REQUEST_FAILED 106
# define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
# define UBSEC_R_UNIT_FAILURE 108
#ifdef __cplusplus
}
#endif
#endif

1
engines/ia64.opt
View File

@@ -1 +0,0 @@
SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)

1140
engines/makeengines.com
View File

File diff suppressed because it is too large Load Diff

6
engines/skf/Makefile
View File

@@ -1,6 +0,0 @@
all:
gcc -c -Wall -Werror -fpic skf_dummy.c
gcc -shared -o libskf_dummy.so skf_dummy.o
clean:
rm -fr *.o *.so *.dylib *.lib

13
engines/skf/README.md
View File

@@ -1,13 +0,0 @@
# Vendor's SKF Implementation
This folder can be used to hold vendors' SKF libraries (.so) and header files.
For testing the GmSSL SKF ENGINE, a dummy SKF implementation is also provided.
This dummy implementation will always success with `SAR_OK` returned.
If there is a `HANDLE` need to be initialized, it will be pointed to a new
alloced memory. The application need to call `SKF_CloseHandle` to free this
small piece memory. If a `ULONG` length need to be returned such as the
ciphertext size in the `SKF_Encrypt`, this value will be assigned a non-zero
integer value. Some of these values might be correct, but dont check them :)
Normally dummy will do nothing to the output buffer, so the result will be
incorrect, and will not check NULL pointers.

854
engines/skf/skf_dummy.c
View File

@@ -1,854 +0,0 @@
/* engines/skf/skf_dummy.c */
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/skf.h>
#define DEV_NAME "skf-soft-token"
#define DEV_NAME_LIST DEV_NAME"\0"
#define APP_NAME "default-app"
#define APP_NAME_LIST APP_NAME"\0"
#define CONTAINER_NAME "container0"
#define CONTAINER_NAME_LIST CONTAINER_NAME"\0"
#define PRINT_LOG() \
printf("skf_dummy engine: %s() called\n", __FUNCTION__)
ULONG DEVAPI SKF_WaitForDevEvent(LPSTR szDevName,
ULONG *pulDevNameLen, ULONG *pulEvent)
{
PRINT_LOG();
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_CancelWaitForDevEvent()
{
PRINT_LOG();
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_EnumDev(BOOL bPresent,
LPSTR szNameList,
ULONG *pulSize)
{
PRINT_LOG();
*pulSize = sizeof(DEV_NAME_LIST);
if (szNameList) {
memcpy(szNameList, DEV_NAME_LIST, sizeof(DEV_NAME_LIST));
}
return SAR_OK;
}
ULONG DEVAPI SKF_ConnectDev(LPSTR szName,
DEVHANDLE *phDev)
{
PRINT_LOG();
*phDev = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_DisConnectDev(DEVHANDLE hDev)
{
PRINT_LOG();
if (hDev) {
free(hDev);
}
return SAR_OK;
}
ULONG DEVAPI SKF_GetDevState(LPSTR szDevName,
ULONG *pulDevState)
{
PRINT_LOG();
if (!pulDevState) {
return SAR_INVALIDPARAMERR;
}
*pulDevState = DEV_PRESENT_STATE;
return SAR_OK;
}
ULONG DEVAPI SKF_SetLabel(DEVHANDLE hDev,
LPSTR szLabel)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev,
DEVINFO *pDevInfo)
{
DEVINFO devInfo;
PRINT_LOG();
bzero(&devInfo, sizeof(DEVINFO));
devInfo.Version.major = 1;
devInfo.Version.minor = 0;
strcpy((char *)&devInfo.Manufacturer, "GmSSL Project (http://gmssl.org)");
strcpy((char *)&devInfo.Issuer, "GmSSL Project (http://gmssl.org)");
strcpy((char *)&devInfo.Label, "SKF Softotken");
strcpy((char *)&devInfo.SerialNumber, "000001");
devInfo.HWVersion.major = 1;
devInfo.HWVersion.minor = 0;
devInfo.FirmwareVersion.major = 1;
devInfo.FirmwareVersion.minor = 0;
devInfo.AlgSymCap = 0x0000041F;
devInfo.AlgAsymCap = 0x00030700;
devInfo.AlgHashCap = 0x00000007;
devInfo.DevAuthAlgId = SGD_SM4_CBC;
devInfo.TotalSpace = 0;
devInfo.FreeSpace = 0;
devInfo.MaxECCBufferSize = 0; /* FIXME: max inlen of ECC encrypt */
devInfo.MaxBufferSize = 0; /* FIXME: max inlen of SM4 encrypt */
memcpy(pDevInfo, &devInfo, sizeof(DEVINFO));
return SAR_OK;
}
ULONG DEVAPI SKF_LockDev(DEVHANDLE hDev,
ULONG ulTimeOut)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_UnlockDev(DEVHANDLE hDev)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_Transmit(DEVHANDLE hDev,
BYTE *pbCommand,
ULONG ulCommandLen,
BYTE *pbData,
ULONG *pulDataLen)
{
PRINT_LOG();
*pulDataLen = ulCommandLen;
return SAR_OK;
}
ULONG DEVAPI SKF_ChangeDevAuthKey(DEVHANDLE hDev,
BYTE *pbKeyValue,
ULONG ulKeyLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_DevAuth(DEVHANDLE hDev,
BYTE *pbAuthData,
ULONG ulLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ChangePIN(HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szOldPin,
LPSTR szNewPin,
ULONG *pulRetryCount)
{
PRINT_LOG();
*pulRetryCount = 10;
return SAR_OK;
}
LONG DEVAPI SKF_GetPINInfo(HAPPLICATION hApplication,
ULONG ulPINType,
ULONG *pulMaxRetryCount,
ULONG *pulRemainRetryCount,
BOOL *pbDefaultPin)
{
PRINT_LOG();
*pulMaxRetryCount = 10;
*pulRemainRetryCount = 10;
*pbDefaultPin = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_VerifyPIN(HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szPIN,
ULONG *pulRetryCount)
{
PRINT_LOG();
*pulRetryCount = 10;
return SAR_OK;
}
ULONG DEVAPI SKF_UnblockPIN(HAPPLICATION hApplication,
LPSTR szAdminPIN,
LPSTR szNewUserPIN,
ULONG *pulRetryCount)
{
PRINT_LOG();
*pulRetryCount = 10;
return SAR_OK;
}
ULONG DEVAPI SKF_ClearSecureState(HAPPLICATION hApplication)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_CreateApplication(DEVHANDLE hDev,
LPSTR szAppName,
LPSTR szAdminPin,
DWORD dwAdminPinRetryCount,
LPSTR szUserPin,
DWORD dwUserPinRetryCount,
DWORD dwCreateFileRights,
HAPPLICATION *phApplication)
{
PRINT_LOG();
*phApplication = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev,
LPSTR szAppName,
ULONG *pulSize)
{
PRINT_LOG();
if (!szAppName) {
*pulSize = sizeof(APP_NAME_LIST);
return SAR_OK;
}
if (*pulSize < sizeof(APP_NAME_LIST)) {
return SAR_BUFFER_TOO_SMALL;
}
memcpy(szAppName, APP_NAME_LIST, sizeof(APP_NAME_LIST));
return SAR_OK;
}
ULONG DEVAPI SKF_DeleteApplication(DEVHANDLE hDev,
LPSTR szAppName)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_OpenApplication(DEVHANDLE hDev,
LPSTR szAppName,
HAPPLICATION *phApplication)
{
PRINT_LOG();
*phApplication = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_CloseApplication(HAPPLICATION hApplication)
{
PRINT_LOG();
if (hApplication) {
free(hApplication);
}
return SAR_OK;
}
ULONG DEVAPI SKF_CreateFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulFileSize,
ULONG ulReadRights,
ULONG ulWriteRights)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_DeleteFile(HAPPLICATION hApplication,
LPSTR szFileName)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_EnumFiles(HAPPLICATION hApplication,
LPSTR szFileList,
ULONG *pulSize)
{
PRINT_LOG();
*pulSize = sizeof("File1\0");
if (szFileList) {
memcpy(szFileList, "File1\0", sizeof("File1\0"));
}
return SAR_OK;
}
ULONG DEVAPI SKF_GetFileInfo(HAPPLICATION hApplication,
LPSTR szFileName,
FILEATTRIBUTE *pFileInfo)
{
PRINT_LOG();
bzero(pFileInfo, sizeof(*pFileInfo));
return SAR_OK;
}
ULONG DEVAPI SKF_ReadFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulSize,
BYTE * pbOutData,
ULONG *pulOutLen)
{
PRINT_LOG();
*pulOutLen = ulSize;
return SAR_OK;
}
ULONG DEVAPI SKF_WriteFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
BYTE *pbData,
ULONG ulSize)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_CreateContainer(HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer)
{
PRINT_LOG();
*phContainer = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_DeleteContainer(HAPPLICATION hApplication,
LPSTR szContainerName)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_EnumContainer(HAPPLICATION hApplication,
LPSTR szContainerName,
ULONG *pulSize)
{
PRINT_LOG();
if (!pulSize) {
return SAR_INVALIDPARAMERR;
}
if (!szContainerName) {
*pulSize = sizeof(CONTAINER_NAME_LIST);
return SAR_OK;
}
if (*pulSize < sizeof(CONTAINER_NAME_LIST)) {
return SAR_BUFFER_TOO_SMALL;
}
memcpy(szContainerName, CONTAINER_NAME_LIST, sizeof(CONTAINER_NAME_LIST));
return SAR_OK;
}
ULONG DEVAPI SKF_OpenContainer(HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer)
{
PRINT_LOG();
*phContainer = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_CloseContainer(HCONTAINER hContainer)
{
PRINT_LOG();
free(hContainer);
return SAR_OK;
}
ULONG DEVAPI SKF_GetContainerType(HCONTAINER hContainer,
ULONG *pulContainerType)
{
PRINT_LOG();
*pulContainerType = CONTAINER_TYPE_ECC;
return SAR_OK;
}
ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbCert,
ULONG ulCertLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ExportCertificate(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE* pbCert,
ULONG *pulCertLen)
{
PRINT_LOG();
*pulCertLen = 2048;
return SAR_OK;
}
ULONG DEVAPI SKF_GenRandom(DEVHANDLE hDev,
BYTE *pbRandom,
ULONG ulRandomLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_GenExtRSAKey(DEVHANDLE hDev,
ULONG ulBitsLen,
RSAPRIVATEKEYBLOB *pBlob)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_GenRSAKeyPair(HCONTAINER hContainer,
ULONG ulBitsLen,
RSAPUBLICKEYBLOB *pBlob)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ImportRSAKeyPair(HCONTAINER hContainer,
ULONG ulSymAlgId,
BYTE *pbWrappedKey,
ULONG ulWrappedKeyLen,
BYTE *pbEncryptedData,
ULONG ulEncryptedDataLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_RSASignData(HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG *pulSignLen)
{
PRINT_LOG();
*pulSignLen = 256;
return SAR_OK;
}
ULONG DEVAPI SKF_RSAVerify(DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulSignLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_RSAExportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
RSAPUBLICKEYBLOB *pPubKey,
BYTE *pbData,
ULONG *pulDataLen,
HANDLE *phSessionKey)
{
PRINT_LOG();
*pulDataLen = 100;
*phSessionKey = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_ExtRSAPubKeyOperation(DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen)
{
PRINT_LOG();
*pulOutputLen = ulInputLen;
return SAR_OK;
}
ULONG DEVAPI SKF_ExtRSAPriKeyOperation(DEVHANDLE hDev,
RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen)
{
PRINT_LOG();
*pulOutputLen = ulInputLen;
return SAR_OK;
}
ULONG DEVAPI SKF_GenECCKeyPair(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pBlob)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ImportECCKeyPair(HCONTAINER hContainer,
ENVELOPEDKEYBLOB *pEnvelopedKeyBlob)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ECCSignData(HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ECCVerify(DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ECCExportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pPubKey,
PECCCIPHERBLOB pData,
HANDLE *phSessionKey)
{
PRINT_LOG();
*phSessionKey = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCEncrypt(DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbPlainText,
ULONG ulPlainTextLen,
ECCCIPHERBLOB *pCipherText)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCDecrypt(DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
ECCCIPHERBLOB *pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen)
{
PRINT_LOG();
*pulPlainTextLen = sizeof(ECCCIPHERBLOB) + pCipherText->CipherLen - 1;
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCVerify(DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
PECCSIGNATUREBLOB pSignature)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_GenerateAgreementDataWithECC(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phAgreementHandle)
{
PRINT_LOG();
*phAgreementHandle = malloc(256);
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(HANDLE hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ULONG ulSponsorIDLen,
HANDLE *phKeyHandle)
{
PRINT_LOG();
*phKeyHandle = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_GenerateKeyWithECC(HANDLE hAgreementHandle,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phKeyHandle)
{
PRINT_LOG();
*phKeyHandle = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_ExportPublicKey(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbBlob,
ULONG *pulBlobLen)
{
PRINT_LOG();
*pulBlobLen = 1024;
return SAR_OK;
}
ULONG DEVAPI SKF_ImportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
BYTE *pbWrapedData,
ULONG ulWrapedLen,
HANDLE *phKey)
{
PRINT_LOG();
*phKey = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev,
BYTE *pbKey,
ULONG ulAlgID,
HANDLE *phKey)
{
PRINT_LOG();
*phKey = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_EncryptInit(HANDLE hKey,
BLOCKCIPHERPARAM EncryptParam)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_Encrypt(HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen)
{
PRINT_LOG();
*pulEncryptedLen = ulDataLen;
return SAR_OK;
}
ULONG DEVAPI SKF_EncryptUpdate(HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen)
{
PRINT_LOG();
*pulEncryptedLen = ulDataLen;
return SAR_OK;
}
ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey,
BYTE *pbEncryptedData,
ULONG *pulEncryptedDataLen)
{
PRINT_LOG();
*pulEncryptedDataLen = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptInit(HANDLE hKey,
BLOCKCIPHERPARAM DecryptParam)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_Decrypt(HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen)
{
PRINT_LOG();
*pulDataLen = ulEncryptedLen;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen)
{
PRINT_LOG();
*pulDataLen = ulEncryptedLen;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey,
BYTE *pbDecryptedData,
ULONG *pulDecryptedDataLen)
{
PRINT_LOG();
*pulDecryptedDataLen = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev,
ULONG ulAlgID,
ECCPUBLICKEYBLOB *pPubKey,
BYTE *pucID,
ULONG ulIDLen,
HANDLE *phHash)
{
PRINT_LOG();
*phHash = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_Digest(HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbHashData,
ULONG *pulHashLen)
{
PRINT_LOG();
*pulHashLen = 32;
return SAR_OK;
}
ULONG DEVAPI SKF_DigestUpdate(HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_DigestFinal(HANDLE hHash,
BYTE *pHashData,
ULONG *pulHashLen)
{
PRINT_LOG();
*pulHashLen = 32;
return SAR_OK;
}
ULONG DEVAPI SKF_MacInit(HANDLE hKey,
BLOCKCIPHERPARAM *pMacParam,
HANDLE *phMac)
{
PRINT_LOG();
*phMac = malloc(256);
return SAR_OK;
}
ULONG DEVAPI SKF_Mac(HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbMac,
ULONG *pulMacLen)
{
PRINT_LOG();
*pulMacLen = 16;
return SAR_OK;
}
ULONG DEVAPI SKF_MacUpdate(HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen)
{
PRINT_LOG();
return SAR_OK;
}
ULONG DEVAPI SKF_MacFinal(HANDLE hMac,
BYTE *pbMac,
ULONG *pulMacLen)
{
PRINT_LOG();
*pulMacLen = 16;
return SAR_OK;
}
ULONG DEVAPI SKF_CloseHandle(HANDLE handle)
{
PRINT_LOG();
if (handle) {
free(handle);
}
return SAR_OK;
}

Some files were not shown because too many files have changed in this diff Show More