]> git.ipfire.org Git - thirdparty/openssl.git/blame - engines/e_sureware.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
free NULL cleanup
[thirdparty/openssl.git] / engines / e_sureware.c
CommitLineData
3a83462d
MC		 1/*-
2* Written by Corinne Dive-Reclus(cdive@baltimore.com)
0f113f3e 3*
5572f482
RL		 4*
5* Redistribution and use in source and binary forms, with or without
6* modification, are permitted provided that the following conditions
7* are met:
8*
9* 1. Redistributions of source code must retain the above copyright
0f113f3e 10* notice, this list of conditions and the following disclaimer.
5572f482
RL		 11*
12* 2. Redistributions in binary form must reproduce the above copyright
13* notice, this list of conditions and the following disclaimer in
14* the documentation and/or other materials provided with the
15* distribution.
16*
17* 3. All advertising materials mentioning features or use of this
18* software must display the following acknowledgment:
19* "This product includes software developed by the OpenSSL Project
20* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21*
22* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23* endorse or promote products derived from this software without
24* prior written permission. For written permission, please contact
25* licensing@OpenSSL.org.
26*
27* 5. Products derived from this software may not be called "OpenSSL"
28* nor may "OpenSSL" appear in their names without prior written
29* permission of the OpenSSL Project.
30*
31* 6. Redistributions of any form whatsoever must retain the following
32* acknowledgment:
33* "This product includes software developed by the OpenSSL Project
34* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35*
36* Written by Corinne Dive-Reclus(cdive@baltimore.com)
37*
38* Copyright@2001 Baltimore Technologies Ltd.
39* All right Reserved.
b853717f
MC		 40* *
41* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
42* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
43* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
44* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
45* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
46* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
47* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
48* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
49* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
50* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
51* SUCH DAMAGE. *
5572f482
RL		 52====================================================================*/
53
54#include <stdio.h>
5be1264b 55#include <string.h>
5572f482
RL		 56#include <openssl/crypto.h>
57#include <openssl/pem.h>
58#include <openssl/dso.h>
5572f482 59#include <openssl/engine.h>
3a87a9b9 60#include <openssl/rand.h>
3eeaab4b 61#ifndef OPENSSL_NO_RSA
0f113f3e 62# include <openssl/rsa.h>
3eeaab4b
NL		 63#endif
64#ifndef OPENSSL_NO_DSA
0f113f3e 65# include <openssl/dsa.h>
3eeaab4b
NL		 66#endif
67#ifndef OPENSSL_NO_DH
0f113f3e 68# include <openssl/dh.h>
3eeaab4b 69#endif
f15390bd 70#include <openssl/bn.h>
5572f482
RL		 71
72#ifndef OPENSSL_NO_HW
0f113f3e 73# ifndef OPENSSL_NO_HW_SUREWARE
5572f482 74
0f113f3e
MC		 75# ifdef FLAT_INC
76# include "sureware.h"
77# else
78# include "vendor_defns/sureware.h"
79# endif
5572f482 80
0f113f3e
MC		 81# define SUREWARE_LIB_NAME "sureware engine"
82# include "e_sureware_err.c"
5572f482 83
0f113f3e
MC		 84static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
85 void (*f) (void));
5572f482
RL		 86static int surewarehk_destroy(ENGINE *e);
87static int surewarehk_init(ENGINE *e);
88static int surewarehk_finish(ENGINE *e);
89static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
0f113f3e 90 const BIGNUM *m, BN_CTX *ctx);
5572f482
RL		 91
92/* RSA stuff */
0f113f3e
MC		 93# ifndef OPENSSL_NO_RSA
94static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
95 unsigned char *to, RSA *rsa, int padding);
96static int surewarehk_rsa_sign(int flen, const unsigned char *from,
97 unsigned char *to, RSA *rsa, int padding);
98# endif
5572f482
RL		 99
100/* RAND stuff */
6343829a 101static int surewarehk_rand_bytes(unsigned char *buf, int num);
a0b3e0de
DSH		 102static int surewarehk_rand_seed(const void *buf, int num);
103static int surewarehk_rand_add(const void *buf, int num, double entropy);
5572f482
RL		 104
105/* KM stuff */
106static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
0f113f3e
MC		 107 UI_METHOD *ui_method,
108 void *callback_data);
5572f482 109static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
0f113f3e
MC		 110 UI_METHOD *ui_method,
111 void *callback_data);
5572f482 112static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
0f113f3e 113 int idx, long argl, void *argp);
5572f482 114
0f113f3e 115# ifndef OPENSSL_NO_RSA
5572f482 116/* This function is aliased to mod_exp (with the mont stuff dropped). */
0f113f3e
MC		 117static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
118 const BIGNUM *p, const BIGNUM *m,
119 BN_CTX *ctx, BN_MONT_CTX *m_ctx)
5572f482 120{
0f113f3e 121 return surewarehk_modexp(r, a, p, m, ctx);
5572f482
RL		 122}
123
124/* Our internal RSA_METHOD that we provide pointers to */
0f113f3e
MC		 125static RSA_METHOD surewarehk_rsa = {
126 "SureWare RSA method",
127 NULL, /* pub_enc */
128 NULL, /* pub_dec */
129 surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc */
130 surewarehk_rsa_priv_dec, /* priv_dec */
131 NULL, /* mod_exp */
132 surewarehk_mod_exp_mont, /* mod_exp_mongomery */
133 NULL, /* init */
134 NULL, /* finish */
135 0, /* RSA flag */
136 NULL,
137 NULL, /* OpenSSL sign */
138 NULL, /* OpenSSL verify */
139 NULL /* keygen */
140};
141# endif
5572f482 142
0f113f3e 143# ifndef OPENSSL_NO_DH
5572f482
RL		 144/* Our internal DH_METHOD that we provide pointers to */
145/* This function is aliased to mod_exp (with the dh and mont dropped). */
146static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
0f113f3e
MC		 147 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
148 BN_MONT_CTX *m_ctx)
5572f482 149{
0f113f3e 150 return surewarehk_modexp(r, a, p, m, ctx);
5572f482
RL		 151}
152
0f113f3e
MC		 153static DH_METHOD surewarehk_dh = {
154 "SureWare DH method",
155 NULL, /* gen_key */
156 NULL, /* agree, */
157 surewarehk_modexp_dh, /* dh mod exp */
158 NULL, /* init */
159 NULL, /* finish */
160 0, /* flags */
161 NULL,
162 NULL
163};
164# endif
5572f482 165
0f113f3e
MC		 166static RAND_METHOD surewarehk_rand = {
167 /* "SureWare RAND method", */
168 surewarehk_rand_seed,
169 surewarehk_rand_bytes,
170 NULL, /* cleanup */
171 surewarehk_rand_add,
172 surewarehk_rand_bytes,
173 NULL, /* rand_status */
174};
5572f482 175
0f113f3e 176# ifndef OPENSSL_NO_DSA
5572f482 177/* DSA stuff */
0f113f3e
MC		 178static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen,
179 DSA *dsa);
5572f482 180static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
0f113f3e
MC		 181 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
182 BIGNUM *m, BN_CTX *ctx,
183 BN_MONT_CTX *in_mont)
5572f482 184{
0f113f3e
MC		 185 BIGNUM t;
186 int to_return = 0;
187 BN_init(&t);
188 /* let rr = a1 ^ p1 mod m */
189 if (!surewarehk_modexp(rr, a1, p1, m, ctx))
190 goto end;
191 /* let t = a2 ^ p2 mod m */
192 if (!surewarehk_modexp(&t, a2, p2, m, ctx))
193 goto end;
194 /* let rr = rr * t mod m */
195 if (!BN_mod_mul(rr, rr, &t, m, ctx))
196 goto end;
197 to_return = 1;
198 end:
199 BN_free(&t);
200 return to_return;
5572f482
RL		 201}
202
0f113f3e
MC		 203static DSA_METHOD surewarehk_dsa = {
204 "SureWare DSA method",
205 surewarehk_dsa_do_sign,
206 NULL, /* sign setup */
207 NULL, /* verify, */
208 surewarehk_dsa_mod_exp, /* mod exp */
209 NULL, /* bn mod exp */
210 NULL, /* init */
211 NULL, /* finish */
212 0,
213 NULL,
214 NULL,
215 NULL
216};
217# endif
5572f482
RL		 218
219static const char *engine_sureware_id = "sureware";
220static const char *engine_sureware_name = "SureWare hardware engine support";
221
222/* Now, to our own code */
223
0f113f3e
MC		 224/*
225 * As this is only ever called once, there's no need for locking (indeed -
226 * the lock will already be held by our caller!!!)
227 */
5572f482
RL		 228static int bind_sureware(ENGINE *e)
229{
0f113f3e
MC		 230# ifndef OPENSSL_NO_RSA
231 const RSA_METHOD *meth1;
232# endif
233# ifndef OPENSSL_NO_DSA
234 const DSA_METHOD *meth2;
235# endif
236# ifndef OPENSSL_NO_DH
237 const DH_METHOD *meth3;
238# endif
5572f482 239
0f113f3e
MC		 240 if (!ENGINE_set_id(e, engine_sureware_id) ||
241 !ENGINE_set_name(e, engine_sureware_name) ||
242# ifndef OPENSSL_NO_RSA
243 !ENGINE_set_RSA(e, &surewarehk_rsa) ||
244# endif
245# ifndef OPENSSL_NO_DSA
246 !ENGINE_set_DSA(e, &surewarehk_dsa) ||
247# endif
248# ifndef OPENSSL_NO_DH
249 !ENGINE_set_DH(e, &surewarehk_dh) ||
250# endif
251 !ENGINE_set_RAND(e, &surewarehk_rand) ||
252 !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
253 !ENGINE_set_init_function(e, surewarehk_init) ||
254 !ENGINE_set_finish_function(e, surewarehk_finish) ||
255 !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
256 !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
257 !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
258 return 0;
5572f482 259
0f113f3e
MC		 260# ifndef OPENSSL_NO_RSA
261 /*
262 * We know that the "PKCS1_SSLeay()" functions hook properly to the
263 * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
264 * We don't use ENGINE_openssl() or anything "more generic" because
265 * something like the RSAref code may not hook properly, and if you own
266 * one of these cards then you have the right to do RSA operations on it
267 * anyway!
268 */
269 meth1 = RSA_PKCS1_SSLeay();
270 if (meth1) {
271 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
272 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
273 }
274# endif
5572f482 275
0f113f3e
MC		 276# ifndef OPENSSL_NO_DSA
277 /*
278 * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
279 */
280 meth2 = DSA_OpenSSL();
281 if (meth2) {
282 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
283 }
284# endif
5572f482 285
0f113f3e
MC		 286# ifndef OPENSSL_NO_DH
287 /* Much the same for Diffie-Hellman */
288 meth3 = DH_OpenSSL();
289 if (meth3) {
290 surewarehk_dh.generate_key = meth3->generate_key;
291 surewarehk_dh.compute_key = meth3->compute_key;
292 }
293# endif
5572f482 294
0f113f3e
MC		 295 /* Ensure the sureware error handling is set up */
296 ERR_load_SUREWARE_strings();
297 return 1;
5572f482
RL		 298}
299
0f113f3e 300# ifndef OPENSSL_NO_DYNAMIC_ENGINE
5572f482 301static int bind_helper(ENGINE *e, const char *id)
0f113f3e
MC		 302{
303 if (id && (strcmp(id, engine_sureware_id) != 0))
304 return 0;
305 if (!bind_sureware(e))
306 return 0;
307 return 1;
308}
309
5572f482 310IMPLEMENT_DYNAMIC_CHECK_FN()
0f113f3e
MC		 311 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
312# else
5572f482 313static ENGINE *engine_sureware(void)
0f113f3e
MC		 314{
315 ENGINE *ret = ENGINE_new();
316 if (!ret)
317 return NULL;
318 if (!bind_sureware(ret)) {
319 ENGINE_free(ret);
320 return NULL;
321 }
322 return ret;
323}
5572f482
RL		 324
325void ENGINE_load_sureware(void)
0f113f3e
MC		 326{
327 /* Copied from eng_[openssl|dyn].c */
328 ENGINE *toadd = engine_sureware();
329 if (!toadd)
330 return;
331 ENGINE_add(toadd);
332 ENGINE_free(toadd);
333 ERR_clear_error();
334}
335# endif
5572f482 336
0f113f3e
MC		 337/*
338 * This is a process-global DSO handle used for loading and unloading the
339 * SureWareHook library. NB: This is only set (or unset) during an init() or
340 * finish() call (reference counts permitting) and they're operating with
341 * global locks, so this should be thread-safe implicitly.
342 */
5572f482 343static DSO *surewarehk_dso = NULL;
0f113f3e 344# ifndef OPENSSL_NO_RSA
68d39f3c
MC		 345/* Index for KM handle. Not really used yet. */
346static int rsaHndidx = -1;
0f113f3e
MC		 347# endif
348# ifndef OPENSSL_NO_DSA
68d39f3c
MC		 349/* Index for KM handle. Not really used yet. */
350static int dsaHndidx = -1;
0f113f3e 351# endif
5572f482 352
0f113f3e
MC		 353/*
354 * These are the function pointers that are (un)set when the library has
355 * successfully (un)loaded.
356 */
5572f482
RL		 357static SureWareHook_Init_t *p_surewarehk_Init = NULL;
358static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
359static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
360static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
361static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
362static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
363static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
364static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
0f113f3e
MC		 365static SureWareHook_Free_t *p_surewarehk_Free = NULL;
366static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL;
367static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL;
368static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL;
369static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL;
5572f482
RL		 370
371/* Used in the DSO operations. */
372static const char *surewarehk_LIBNAME = "SureWareHook";
373static const char *n_surewarehk_Init = "SureWareHook_Init";
374static const char *n_surewarehk_Finish = "SureWareHook_Finish";
0f113f3e
MC		 375static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes";
376static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed";
377static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey";
378static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey";
379static const char *n_surewarehk_Load_Rsa_Pubkey =
380 "SureWareHook_Load_Rsa_Pubkey";
381static const char *n_surewarehk_Load_Dsa_Pubkey =
382 "SureWareHook_Load_Dsa_Pubkey";
383static const char *n_surewarehk_Free = "SureWareHook_Free";
384static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec";
385static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign";
386static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign";
387static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp";
5572f482
RL		 388static BIO *logstream = NULL;
389
0f113f3e
MC		 390/*
391 * SureWareHook library functions and mechanics - these are used by the
392 * higher-level functions further down. NB: As and where there's no error
393 * checking, take a look lower down where these functions are called, the
394 * checking and error handling is probably down there.
395 */
396static int threadsafe = 1;
397static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
398 void (*f) (void))
5572f482 399{
0f113f3e 400 int to_return = 1;
5572f482 401
0f113f3e
MC		 402 switch (cmd) {
403 case ENGINE_CTRL_SET_LOGSTREAM:
404 {
405 BIO *bio = (BIO *)p;
406 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
407 if (logstream) {
408 BIO_free(logstream);
409 logstream = NULL;
410 }
411 if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
412 logstream = bio;
413 else
414 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
415 SUREWARE_R_BIO_WAS_FREED);
416 }
417 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
418 break;
419 /*
420 * This will prevent the initialisation function from "installing"
421 * the mutex-handling callbacks, even if they are available from
422 * within the library (or were provided to the library from the
423 * calling application). This is to remove any baggage for
424 * applications not using multithreading.
425 */
426 case ENGINE_CTRL_CHIL_NO_LOCKING:
427 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
428 threadsafe = 0;
429 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
430 break;
5572f482 431
0f113f3e
MC		 432 /* The command isn't understood by this engine */
433 default:
434 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
435 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
436 to_return = 0;
437 break;
438 }
5572f482 439
0f113f3e 440 return to_return;
5572f482
RL		 441}
442
443/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
444static int surewarehk_destroy(ENGINE *e)
445{
0f113f3e
MC		 446 ERR_unload_SUREWARE_strings();
447 return 1;
5572f482
RL		 448}
449
450/* (de)initialisation functions. */
451static int surewarehk_init(ENGINE *e)
452{
0f113f3e
MC		 453 char msg[64] = "ENGINE_init";
454 SureWareHook_Init_t *p1 = NULL;
455 SureWareHook_Finish_t *p2 = NULL;
456 SureWareHook_Rand_Bytes_t *p3 = NULL;
457 SureWareHook_Rand_Seed_t *p4 = NULL;
458 SureWareHook_Load_Privkey_t *p5 = NULL;
459 SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL;
460 SureWareHook_Free_t *p7 = NULL;
461 SureWareHook_Rsa_Priv_Dec_t *p8 = NULL;
462 SureWareHook_Rsa_Sign_t *p9 = NULL;
463 SureWareHook_Dsa_Sign_t *p12 = NULL;
464 SureWareHook_Info_Pubkey_t *p13 = NULL;
465 SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL;
466 SureWareHook_Mod_Exp_t *p15 = NULL;
5572f482 467
0f113f3e
MC		 468 if (surewarehk_dso != NULL) {
469 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED);
470 goto err;
471 }
472 /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
473 surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
474 if (surewarehk_dso == NULL) {
475 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
476 goto err;
477 }
478 if (!
479 (p1 =
480 (SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso,
481 n_surewarehk_Init))
482|| !(p2 =
483 (SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso,
484 n_surewarehk_Finish))
485|| !(p3 =
486 (SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso,
487 n_surewarehk_Rand_Bytes))
488|| !(p4 =
489 (SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso,
490 n_surewarehk_Rand_Seed))
491|| !(p5 =
492 (SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso,
493 n_surewarehk_Load_Privkey))
494|| !(p6 =
495 (SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
496 n_surewarehk_Load_Rsa_Pubkey))
497|| !(p7 =
498 (SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free))
499|| !(p8 =
500 (SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso,
501 n_surewarehk_Rsa_Priv_Dec))
502|| !(p9 =
503 (SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso,
504 n_surewarehk_Rsa_Sign))
505|| !(p12 =
506 (SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso,
507 n_surewarehk_Dsa_Sign))
508|| !(p13 =
509 (SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso,
510 n_surewarehk_Info_Pubkey))
511|| !(p14 =
512 (SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
513 n_surewarehk_Load_Dsa_Pubkey))
514|| !(p15 =
515 (SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso,
516 n_surewarehk_Mod_Exp))) {
517 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
518 goto err;
519 }
520 /* Copy the pointers */
521 p_surewarehk_Init = p1;
522 p_surewarehk_Finish = p2;
523 p_surewarehk_Rand_Bytes = p3;
524 p_surewarehk_Rand_Seed = p4;
525 p_surewarehk_Load_Privkey = p5;
526 p_surewarehk_Load_Rsa_Pubkey = p6;
527 p_surewarehk_Free = p7;
528 p_surewarehk_Rsa_Priv_Dec = p8;
529 p_surewarehk_Rsa_Sign = p9;
530 p_surewarehk_Dsa_Sign = p12;
531 p_surewarehk_Info_Pubkey = p13;
532 p_surewarehk_Load_Dsa_Pubkey = p14;
533 p_surewarehk_Mod_Exp = p15;
534 /* Contact the hardware and initialises it. */
535 if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
536 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
537 goto err;
538 }
539 if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
540 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
541 goto err;
542 }
543 /*
544 * try to load the default private key, if failed does not return a
545 * failure but wait for an explicit ENGINE_load_privakey
546 */
547 surewarehk_load_privkey(e, NULL, NULL, NULL);
5572f482 548
0f113f3e
MC		 549 /* Everything's fine. */
550# ifndef OPENSSL_NO_RSA
551 if (rsaHndidx == -1)
552 rsaHndidx = RSA_get_ex_new_index(0,
553 "SureWareHook RSA key handle",
554 NULL, NULL, surewarehk_ex_free);
555# endif
556# ifndef OPENSSL_NO_DSA
557 if (dsaHndidx == -1)
558 dsaHndidx = DSA_get_ex_new_index(0,
559 "SureWareHook DSA key handle",
560 NULL, NULL, surewarehk_ex_free);
561# endif
5572f482 562
0f113f3e
MC		 563 return 1;
564 err:
565 if (surewarehk_dso)
566 DSO_free(surewarehk_dso);
567 surewarehk_dso = NULL;
568 p_surewarehk_Init = NULL;
569 p_surewarehk_Finish = NULL;
570 p_surewarehk_Rand_Bytes = NULL;
571 p_surewarehk_Rand_Seed = NULL;
572 p_surewarehk_Load_Privkey = NULL;
573 p_surewarehk_Load_Rsa_Pubkey = NULL;
574 p_surewarehk_Free = NULL;
575 p_surewarehk_Rsa_Priv_Dec = NULL;
576 p_surewarehk_Rsa_Sign = NULL;
577 p_surewarehk_Dsa_Sign = NULL;
578 p_surewarehk_Info_Pubkey = NULL;
579 p_surewarehk_Load_Dsa_Pubkey = NULL;
580 p_surewarehk_Mod_Exp = NULL;
581 return 0;
5572f482
RL		 582}
583
584static int surewarehk_finish(ENGINE *e)
585{
0f113f3e
MC		 586 int to_return = 1;
587 if (surewarehk_dso == NULL) {
588 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED);
589 to_return = 0;
590 goto err;
591 }
592 p_surewarehk_Finish();
593 if (!DSO_free(surewarehk_dso)) {
594 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE);
595 to_return = 0;
596 goto err;
597 }
5572f482 598 err:
0f113f3e
MC		 599 if (logstream)
600 BIO_free(logstream);
601 surewarehk_dso = NULL;
602 p_surewarehk_Init = NULL;
603 p_surewarehk_Finish = NULL;
604 p_surewarehk_Rand_Bytes = NULL;
605 p_surewarehk_Rand_Seed = NULL;
606 p_surewarehk_Load_Privkey = NULL;
607 p_surewarehk_Load_Rsa_Pubkey = NULL;
608 p_surewarehk_Free = NULL;
609 p_surewarehk_Rsa_Priv_Dec = NULL;
610 p_surewarehk_Rsa_Sign = NULL;
611 p_surewarehk_Dsa_Sign = NULL;
612 p_surewarehk_Info_Pubkey = NULL;
613 p_surewarehk_Load_Dsa_Pubkey = NULL;
614 p_surewarehk_Mod_Exp = NULL;
615 return to_return;
5572f482
RL		 616}
617
0f113f3e 618static void surewarehk_error_handling(char *const msg, int func, int ret)
5572f482 619{
0f113f3e
MC		 620 switch (ret) {
621 case SUREWAREHOOK_ERROR_UNIT_FAILURE:
622 ENGINEerr(func, SUREWARE_R_UNIT_FAILURE);
623 break;
624 case SUREWAREHOOK_ERROR_FALLBACK:
625 ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK);
626 break;
627 case SUREWAREHOOK_ERROR_DATA_SIZE:
628 ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
629 break;
630 case SUREWAREHOOK_ERROR_INVALID_PAD:
631 ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED);
632 break;
633 default:
634 ENGINEerr(func, SUREWARE_R_REQUEST_FAILED);
635 break;
636 case 1: /* nothing */
637 msg[0] = '\0';
638 }
639 if (*msg) {
640 ERR_add_error_data(1, msg);
641 if (logstream) {
642 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
643 BIO_write(logstream, msg, strlen(msg));
644 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
645 }
646 }
5572f482
RL		 647}
648
6343829a 649static int surewarehk_rand_bytes(unsigned char *buf, int num)
5572f482 650{
0f113f3e
MC		 651 int ret = 0;
652 char msg[64] = "ENGINE_rand_bytes";
653 if (!p_surewarehk_Rand_Bytes) {
654 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,
655 ENGINE_R_NOT_INITIALISED);
656 } else {
657 ret = p_surewarehk_Rand_Bytes(msg, buf, num);
658 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret);
659 }
660 return ret == 1 ? 1 : 0;
5572f482
RL		 661}
662
a0b3e0de 663static int surewarehk_rand_seed(const void *buf, int num)
5572f482 664{
0f113f3e
MC		 665 int ret = 0;
666 char msg[64] = "ENGINE_rand_seed";
667 if (!p_surewarehk_Rand_Seed) {
668 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,
669 ENGINE_R_NOT_INITIALISED);
670 return 0;
671 } else {
672 ret = p_surewarehk_Rand_Seed(msg, buf, num);
673 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret);
674 if (ret == 1)
675 return 1;
676 else
677 return 0;
678 }
5572f482
RL		 679}
680
a0b3e0de 681static int surewarehk_rand_add(const void *buf, int num, double entropy)
5572f482 682{
0f113f3e 683 return surewarehk_rand_seed(buf, num);
5572f482
RL		 684}
685
0f113f3e
MC		 686static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
687 char *hptr, unsigned long el,
688 char keytype)
5572f482 689{
0f113f3e
MC		 690 EVP_PKEY *res = NULL;
691# ifndef OPENSSL_NO_RSA
692 RSA *rsatmp = NULL;
693# endif
694# ifndef OPENSSL_NO_DSA
695 DSA *dsatmp = NULL;
696# endif
697 char msg[64] = "sureware_load_public";
698 int ret = 0;
699 if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) {
700 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
701 ENGINE_R_NOT_INITIALISED);
702 goto err;
703 }
704 switch (keytype) {
705# ifndef OPENSSL_NO_RSA
706 case 1:
707 /*RSA*/
708 /* set private external reference */
709 rsatmp = RSA_new_method(e);
710 RSA_set_ex_data(rsatmp, rsaHndidx, hptr);
711 rsatmp->flags |= RSA_FLAG_EXT_PKEY;
5572f482 712
0f113f3e
MC		 713 /* set public big nums */
714 rsatmp->e = BN_new();
715 rsatmp->n = BN_new();
716 bn_expand2(rsatmp->e, el / sizeof(BN_ULONG));
717 bn_expand2(rsatmp->n, el / sizeof(BN_ULONG));
718 if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
719 !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
720 goto err;
721 ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el,
722 (unsigned long *)rsatmp->n->d,
723 (unsigned long *)rsatmp->e->d);
724 surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
725 if (ret != 1) {
726 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
727 ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
728 goto err;
729 }
730 /* normalise pub e and pub n */
731 rsatmp->e->top = el / sizeof(BN_ULONG);
732 bn_fix_top(rsatmp->e);
733 rsatmp->n->top = el / sizeof(BN_ULONG);
734 bn_fix_top(rsatmp->n);
735 /* create an EVP object: engine + rsa key */
736 res = EVP_PKEY_new();
737 EVP_PKEY_assign_RSA(res, rsatmp);
738 break;
739# endif
5572f482 740
0f113f3e
MC		 741# ifndef OPENSSL_NO_DSA
742 case 2:
743 /*DSA*/
744 /* set private/public external reference */
745 dsatmp = DSA_new_method(e);
746 DSA_set_ex_data(dsatmp, dsaHndidx, hptr);
747 /*
748 * dsatmp->flags |= DSA_FLAG_EXT_PKEY;
749 */
5572f482 750
0f113f3e
MC		 751 /* set public key */
752 dsatmp->pub_key = BN_new();
753 dsatmp->p = BN_new();
754 dsatmp->q = BN_new();
755 dsatmp->g = BN_new();
756 bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG));
757 bn_expand2(dsatmp->p, el / sizeof(BN_ULONG));
758 bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG));
759 bn_expand2(dsatmp->g, el / sizeof(BN_ULONG));
760 if (!dsatmp->pub_key
761 || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
762 || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
763 || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
764 || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
765 goto err;
5572f482 766
0f113f3e
MC		 767 ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el,
768 (unsigned long *)dsatmp->
769 pub_key->d,
770 (unsigned long *)dsatmp->p->d,
771 (unsigned long *)dsatmp->q->d,
772 (unsigned long *)dsatmp->g->d);
773 surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
774 if (ret != 1) {
775 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
776 ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
777 goto err;
778 }
779 /* set parameters */
780 /* normalise pubkey and parameters in case of */
781 dsatmp->pub_key->top = el / sizeof(BN_ULONG);
782 bn_fix_top(dsatmp->pub_key);
783 dsatmp->p->top = el / sizeof(BN_ULONG);
784 bn_fix_top(dsatmp->p);
785 dsatmp->q->top = 20 / sizeof(BN_ULONG);
786 bn_fix_top(dsatmp->q);
787 dsatmp->g->top = el / sizeof(BN_ULONG);
788 bn_fix_top(dsatmp->g);
5572f482 789
0f113f3e
MC		 790 /* create an EVP object: engine + rsa key */
791 res = EVP_PKEY_new();
792 EVP_PKEY_assign_DSA(res, dsatmp);
793 break;
794# endif
5572f482 795
0f113f3e
MC		 796 default:
797 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
798 ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
799 goto err;
800 }
801 return res;
5572f482 802 err:
0f113f3e 803# ifndef OPENSSL_NO_RSA
d6407083 804 RSA_free(rsatmp);
0f113f3e
MC		 805# endif
806# ifndef OPENSSL_NO_DSA
d6407083 807 DSA_free(dsatmp);
0f113f3e
MC		 808# endif
809 return NULL;
5572f482
RL		 810}
811
812static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
0f113f3e
MC		 813 UI_METHOD *ui_method,
814 void *callback_data)
5572f482 815{
0f113f3e
MC		 816 EVP_PKEY *res = NULL;
817 int ret = 0;
818 unsigned long el = 0;
819 char *hptr = NULL;
820 char keytype = 0;
821 char msg[64] = "ENGINE_load_privkey";
5572f482 822
0f113f3e
MC		 823 if (!p_surewarehk_Load_Privkey) {
824 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
825 ENGINE_R_NOT_INITIALISED);
826 } else {
827 ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype);
828 if (ret != 1) {
829 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
830 ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
831 ERR_add_error_data(1, msg);
832 } else
833 res = sureware_load_public(e, key_id, hptr, el, keytype);
834 }
835 return res;
5572f482
RL		 836}
837
838static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
0f113f3e
MC		 839 UI_METHOD *ui_method,
840 void *callback_data)
5572f482 841{
0f113f3e
MC		 842 EVP_PKEY *res = NULL;
843 int ret = 0;
844 unsigned long el = 0;
845 char *hptr = NULL;
846 char keytype = 0;
847 char msg[64] = "ENGINE_load_pubkey";
5572f482 848
0f113f3e
MC		 849 if (!p_surewarehk_Info_Pubkey) {
850 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
851 ENGINE_R_NOT_INITIALISED);
852 } else {
853 /* call once to identify if DSA or RSA */
854 ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype);
855 if (ret != 1) {
856 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
857 ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
858 ERR_add_error_data(1, msg);
859 } else
860 res = sureware_load_public(e, key_id, hptr, el, keytype);
861 }
862 return res;
5572f482
RL		 863}
864
0f113f3e
MC		 865/*
866 * This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
867 * , called when ex_data is freed
868 */
5572f482 869static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
0f113f3e 870 int idx, long argl, void *argp)
5572f482 871{
0f113f3e
MC		 872 if (!p_surewarehk_Free) {
873 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED);
874 } else
875 p_surewarehk_Free((char *)item, 0);
5572f482
RL		 876}
877
5572f482 878/*
0f113f3e
MC		 879 * return number of decrypted bytes
880 */
881# ifndef OPENSSL_NO_RSA
882static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
883 unsigned char *to, RSA *rsa, int padding)
5572f482 884{
0f113f3e
MC		 885 int ret = 0, tlen;
886 char *buf = NULL, *hptr = NULL;
887 char msg[64] = "ENGINE_rsa_priv_dec";
888 if (!p_surewarehk_Rsa_Priv_Dec) {
889 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
890 ENGINE_R_NOT_INITIALISED);
891 }
892 /* extract ref to private key */
893 else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
894 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
895 SUREWARE_R_MISSING_KEY_COMPONENTS);
896 goto err;
897 }
898 /* analyse what padding we can do into the hardware */
899 if (padding == RSA_PKCS1_PADDING) {
900 /* do it one shot */
901 ret =
902 p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
903 to, hptr, SUREWARE_PKCS1_PAD);
904 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
905 ret);
906 if (ret != 1)
907 goto err;
908 ret = tlen;
909 } else { /* do with no padding into hardware */
910
911 ret =
912 p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
913 to, hptr, SUREWARE_NO_PAD);
914 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
915 ret);
916 if (ret != 1)
917 goto err;
918 /* intermediate buffer for padding */
919 if ((buf = OPENSSL_malloc(tlen)) == NULL) {
920 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
921 ERR_R_MALLOC_FAILURE);
922 goto err;
923 }
924 memcpy(buf, to, tlen); /* transfert to into buf */
925 switch (padding) { /* check padding in software */
0f113f3e
MC		 926 case RSA_PKCS1_OAEP_PADDING:
927 ret =
928 RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf,
929 tlen, tlen, NULL, 0);
930 break;
0f113f3e
MC		 931 case RSA_SSLV23_PADDING:
932 ret =
933 RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen,
934 tlen);
935 break;
936 case RSA_NO_PADDING:
937 ret =
938 RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen,
939 tlen);
940 break;
941 default:
942 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
943 SUREWARE_R_UNKNOWN_PADDING_TYPE);
944 goto err;
945 }
946 if (ret < 0)
947 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
948 SUREWARE_R_PADDING_CHECK_FAILED);
949 }
950 err:
951 if (buf) {
952 OPENSSL_cleanse(buf, tlen);
953 OPENSSL_free(buf);
954 }
955 return ret;
5572f482
RL		 956}
957
958/*
0f113f3e
MC		 959 * Does what OpenSSL rsa_priv_enc does.
960 */
961static int surewarehk_rsa_sign(int flen, const unsigned char *from,
962 unsigned char *to, RSA *rsa, int padding)
5572f482 963{
0f113f3e
MC		 964 int ret = 0, tlen;
965 char *hptr = NULL;
966 char msg[64] = "ENGINE_rsa_sign";
967 if (!p_surewarehk_Rsa_Sign) {
968 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED);
969 }
970 /* extract ref to private key */
971 else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
972 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
973 SUREWARE_R_MISSING_KEY_COMPONENTS);
974 } else {
975 switch (padding) {
976 case RSA_PKCS1_PADDING: /* do it in one shot */
977 ret =
978 p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen,
979 to, hptr, SUREWARE_PKCS1_PAD);
980 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN,
981 ret);
982 break;
983 case RSA_NO_PADDING:
984 default:
985 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
986 SUREWARE_R_UNKNOWN_PADDING_TYPE);
987 }
988 }
989 return ret == 1 ? tlen : ret;
5572f482
RL		 990}
991
0f113f3e 992# endif
5572f482 993
0f113f3e 994# ifndef OPENSSL_NO_DSA
5572f482 995/* DSA sign and verify */
0f113f3e
MC		 996static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen,
997 DSA *dsa)
5572f482 998{
0f113f3e
MC		 999 int ret = 0;
1000 char *hptr = NULL;
1001 DSA_SIG *psign = NULL;
1002 char msg[64] = "ENGINE_dsa_do_sign";
1003 if (!p_surewarehk_Dsa_Sign) {
1004 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
1005 ENGINE_R_NOT_INITIALISED);
1006 goto err;
1007 }
1008 /* extract ref to private key */
1009 else if (!(hptr = DSA_get_ex_data(dsa, dsaHndidx))) {
1010 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
1011 SUREWARE_R_MISSING_KEY_COMPONENTS);
1012 goto err;
1013 } else {
1014 if ((psign = DSA_SIG_new()) == NULL) {
1015 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
1016 ERR_R_MALLOC_FAILURE);
1017 goto err;
1018 }
1019 psign->r = BN_new();
1020 psign->s = BN_new();
1021 bn_expand2(psign->r, 20 / sizeof(BN_ULONG));
1022 bn_expand2(psign->s, 20 / sizeof(BN_ULONG));
1023 if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) ||
1024 !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG))
1025 goto err;
1026 ret = p_surewarehk_Dsa_Sign(msg, flen, from,
1027 (unsigned long *)psign->r->d,
1028 (unsigned long *)psign->s->d, hptr);
1029 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
1030 ret);
1031 }
1032 psign->r->top = 20 / sizeof(BN_ULONG);
1033 bn_fix_top(psign->r);
1034 psign->s->top = 20 / sizeof(BN_ULONG);
1035 bn_fix_top(psign->s);
5572f482 1036
0f113f3e
MC		 1037 err:
1038 if (psign) {
1039 DSA_SIG_free(psign);
1040 psign = NULL;
1041 }
1042 return psign;
5572f482 1043}
0f113f3e 1044# endif
5572f482
RL		 1045
1046static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
0f113f3e 1047 const BIGNUM *m, BN_CTX *ctx)
5572f482 1048{
0f113f3e
MC		 1049 int ret = 0;
1050 char msg[64] = "ENGINE_modexp";
1051 if (!p_surewarehk_Mod_Exp) {
1052 SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED);
1053 } else {
1054 bn_expand2(r, m->top);
1055 if (r && r->dmax == m->top) {
1056 /* do it */
1057 ret = p_surewarehk_Mod_Exp(msg,
1058 m->top * sizeof(BN_ULONG),
1059 (unsigned long *)m->d,
1060 p->top * sizeof(BN_ULONG),
1061 (unsigned long *)p->d,
1062 a->top * sizeof(BN_ULONG),
1063 (unsigned long *)a->d,
1064 (unsigned long *)r->d);
1065 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret);
1066 if (ret == 1) {
1067 /* normalise result */
1068 r->top = m->top;
1069 bn_fix_top(r);
1070 }
1071 }
1072 }
1073 return ret;
5572f482 1074}
0f113f3e
MC		 1075# endif /* !OPENSSL_NO_HW_SUREWARE */
1076#endif /* !OPENSSL_NO_HW */
A mirror of the official openssl repository