]>
Commit | Line | Data |
---|---|---|
6d1f929a AF |
1 | diff -Naur openssl-0.9.8u.org/crypto/engine/eng_all.c openssl-0.9.8u/crypto/engine/eng_all.c |
2 | --- openssl-0.9.8u.org/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100 | |
3 | +++ openssl-0.9.8u/crypto/engine/eng_all.c 2012-03-27 14:07:11.000000000 +0200 | |
4 | @@ -113,7 +113,6 @@ | |
5 | #endif | |
6 | } | |
7 | ||
8 | -#if defined(__OpenBSD__) || defined(__FreeBSD__) | |
9 | void ENGINE_setup_bsd_cryptodev(void) { | |
10 | static int bsd_cryptodev_default_loaded = 0; | |
11 | if (!bsd_cryptodev_default_loaded) { | |
12 | @@ -122,4 +121,3 @@ | |
13 | } | |
14 | bsd_cryptodev_default_loaded=1; | |
15 | } | |
16 | -#endif | |
17 | diff -Naur openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c openssl-0.9.8u/crypto/engine/eng_cryptodev.c | |
18 | --- openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c 2012-03-06 14:22:32.000000000 +0100 | |
19 | +++ openssl-0.9.8u/crypto/engine/eng_cryptodev.c 2012-03-27 14:02:59.000000000 +0200 | |
20 | @@ -2,6 +2,7 @@ | |
21 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | |
22 | * Copyright (c) 2002 Theo de Raadt | |
23 | * Copyright (c) 2002 Markus Friedl | |
24 | + * Copyright (c) 2012 Nikos Mavrogiannopoulos | |
25 | * All rights reserved. | |
26 | * | |
27 | * Redistribution and use in source and binary forms, with or without | |
28 | @@ -30,10 +31,6 @@ | |
29 | #include <openssl/engine.h> | |
30 | #include <openssl/evp.h> | |
31 | #include <openssl/bn.h> | |
32 | -#include <openssl/dsa.h> | |
33 | -#include <openssl/rsa.h> | |
34 | -#include <openssl/dh.h> | |
35 | -#include <openssl/err.h> | |
36 | ||
37 | #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ | |
38 | (defined(OpenBSD) || defined(__FreeBSD__)) | |
39 | @@ -59,6 +56,10 @@ | |
40 | ||
41 | #include <sys/types.h> | |
42 | #include <crypto/cryptodev.h> | |
43 | +#include <crypto/dh/dh.h> | |
44 | +#include <crypto/dsa/dsa.h> | |
45 | +#include <crypto/err/err.h> | |
46 | +#include <crypto/rsa/rsa.h> | |
47 | #include <sys/ioctl.h> | |
48 | #include <errno.h> | |
49 | #include <stdio.h> | |
50 | @@ -72,6 +73,12 @@ | |
51 | struct dev_crypto_state { | |
52 | struct session_op d_sess; | |
53 | int d_fd; | |
54 | + | |
55 | +#ifdef USE_CRYPTODEV_DIGESTS | |
56 | + unsigned char digest_res[HASH_MAX_LEN]; | |
57 | + char *mac_data; | |
58 | + int mac_len; | |
59 | +#endif | |
60 | }; | |
61 | ||
62 | static u_int32_t cryptodev_asymfeat = 0; | |
63 | @@ -79,15 +86,14 @@ | |
64 | static int get_asym_dev_crypto(void); | |
65 | static int open_dev_crypto(void); | |
66 | static int get_dev_crypto(void); | |
67 | -static int cryptodev_max_iv(int cipher); | |
68 | -static int cryptodev_key_length_valid(int cipher, int len); | |
69 | -static int cipher_nid_to_cryptodev(int nid); | |
70 | static int get_cryptodev_ciphers(const int **cnids); | |
71 | -/*static int get_cryptodev_digests(const int **cnids);*/ | |
72 | +#ifdef USE_CRYPTODEV_DIGESTS | |
73 | +static int get_cryptodev_digests(const int **cnids); | |
74 | +#endif | |
75 | static int cryptodev_usable_ciphers(const int **nids); | |
76 | static int cryptodev_usable_digests(const int **nids); | |
77 | static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
78 | - const unsigned char *in, unsigned int inl); | |
79 | + const unsigned char *in, size_t inl); | |
80 | static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
81 | const unsigned char *iv, int enc); | |
82 | static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); | |
83 | @@ -121,7 +127,7 @@ | |
84 | static int cryptodev_dh_compute_key(unsigned char *key, | |
85 | const BIGNUM *pub_key, DH *dh); | |
86 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | |
87 | - void (*f)()); | |
88 | + void (*f)(void)); | |
89 | void ENGINE_load_cryptodev(void); | |
90 | ||
91 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | |
92 | @@ -134,27 +140,38 @@ | |
93 | int ivmax; | |
94 | int keylen; | |
95 | } ciphers[] = { | |
96 | + { CRYPTO_ARC4, NID_rc4, 0, 16, }, | |
97 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | |
98 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | |
99 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | |
100 | + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | |
101 | + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | |
102 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | |
103 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | |
104 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | |
105 | { 0, NID_undef, 0, 0, }, | |
106 | }; | |
107 | ||
108 | -#if 0 | |
109 | +#ifdef USE_CRYPTODEV_DIGESTS | |
110 | static struct { | |
111 | int id; | |
112 | int nid; | |
113 | + int digestlen; | |
114 | } digests[] = { | |
115 | - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, | |
116 | - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, | |
117 | - { CRYPTO_MD5_KPDK, NID_undef, }, | |
118 | - { CRYPTO_SHA1_KPDK, NID_undef, }, | |
119 | - { CRYPTO_MD5, NID_md5, }, | |
120 | - { CRYPTO_SHA1, NID_undef, }, | |
121 | - { 0, NID_undef, }, | |
122 | +#if 0 | |
123 | + /* HMAC is not supported */ | |
124 | + { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, | |
125 | + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, | |
126 | + { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, | |
127 | + { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, | |
128 | + { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, | |
129 | +#endif | |
130 | + { CRYPTO_MD5, NID_md5, 16}, | |
131 | + { CRYPTO_SHA1, NID_sha1, 20}, | |
132 | + { CRYPTO_SHA2_256, NID_sha256, 32}, | |
133 | + { CRYPTO_SHA2_384, NID_sha384, 48}, | |
134 | + { CRYPTO_SHA2_512, NID_sha512, 64}, | |
135 | + { 0, NID_undef, 0}, | |
136 | }; | |
137 | #endif | |
138 | ||
139 | @@ -186,6 +203,7 @@ | |
140 | ||
141 | if ((fd = open_dev_crypto()) == -1) | |
142 | return (-1); | |
143 | +#ifndef CRIOGET_NOT_NEEDED | |
144 | if (ioctl(fd, CRIOGET, &retfd) == -1) | |
145 | return (-1); | |
146 | ||
147 | @@ -194,9 +212,19 @@ | |
148 | close(retfd); | |
149 | return (-1); | |
150 | } | |
151 | +#else | |
152 | + retfd = fd; | |
153 | +#endif | |
154 | return (retfd); | |
155 | } | |
156 | ||
157 | +static void put_dev_crypto(int fd) | |
158 | +{ | |
159 | +#ifndef CRIOGET_NOT_NEEDED | |
160 | + close(fd); | |
161 | +#endif | |
162 | +} | |
163 | + | |
164 | /* Caching version for asym operations */ | |
165 | static int | |
166 | get_asym_dev_crypto(void) | |
167 | @@ -209,50 +237,6 @@ | |
168 | } | |
169 | ||
170 | /* | |
171 | - * XXXX this needs to be set for each alg - and determined from | |
172 | - * a running card. | |
173 | - */ | |
174 | -static int | |
175 | -cryptodev_max_iv(int cipher) | |
176 | -{ | |
177 | - int i; | |
178 | - | |
179 | - for (i = 0; ciphers[i].id; i++) | |
180 | - if (ciphers[i].id == cipher) | |
181 | - return (ciphers[i].ivmax); | |
182 | - return (0); | |
183 | -} | |
184 | - | |
185 | -/* | |
186 | - * XXXX this needs to be set for each alg - and determined from | |
187 | - * a running card. For now, fake it out - but most of these | |
188 | - * for real devices should return 1 for the supported key | |
189 | - * sizes the device can handle. | |
190 | - */ | |
191 | -static int | |
192 | -cryptodev_key_length_valid(int cipher, int len) | |
193 | -{ | |
194 | - int i; | |
195 | - | |
196 | - for (i = 0; ciphers[i].id; i++) | |
197 | - if (ciphers[i].id == cipher) | |
198 | - return (ciphers[i].keylen == len); | |
199 | - return (0); | |
200 | -} | |
201 | - | |
202 | -/* convert libcrypto nids to cryptodev */ | |
203 | -static int | |
204 | -cipher_nid_to_cryptodev(int nid) | |
205 | -{ | |
206 | - int i; | |
207 | - | |
208 | - for (i = 0; ciphers[i].id; i++) | |
209 | - if (ciphers[i].nid == nid) | |
210 | - return (ciphers[i].id); | |
211 | - return (0); | |
212 | -} | |
213 | - | |
214 | -/* | |
215 | * Find out what ciphers /dev/crypto will let us have a session for. | |
216 | * XXX note, that some of these openssl doesn't deal with yet! | |
217 | * returning them here is harmless, as long as we return NULL | |
218 | @@ -264,13 +248,14 @@ | |
219 | static int nids[CRYPTO_ALGORITHM_MAX]; | |
220 | struct session_op sess; | |
221 | int fd, i, count = 0; | |
222 | + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; | |
223 | ||
224 | if ((fd = get_dev_crypto()) < 0) { | |
225 | *cnids = NULL; | |
226 | return (0); | |
227 | } | |
228 | memset(&sess, 0, sizeof(sess)); | |
229 | - sess.key = (caddr_t)"123456781234567812345678"; | |
230 | + sess.key = (void*)fake_key; | |
231 | ||
232 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | |
233 | if (ciphers[i].nid == NID_undef) | |
234 | @@ -282,7 +267,7 @@ | |
235 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
236 | nids[count++] = ciphers[i].nid; | |
237 | } | |
238 | - close(fd); | |
239 | + put_dev_crypto(fd); | |
240 | ||
241 | if (count > 0) | |
242 | *cnids = nids; | |
243 | @@ -291,7 +276,7 @@ | |
244 | return (count); | |
245 | } | |
246 | ||
247 | -#if 0 /* unused */ | |
248 | +#ifdef USE_CRYPTODEV_DIGESTS | |
249 | /* | |
250 | * Find out what digests /dev/crypto will let us have a session for. | |
251 | * XXX note, that some of these openssl doesn't deal with yet! | |
252 | @@ -302,6 +287,7 @@ | |
253 | get_cryptodev_digests(const int **cnids) | |
254 | { | |
255 | static int nids[CRYPTO_ALGORITHM_MAX]; | |
256 | + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; | |
257 | struct session_op sess; | |
258 | int fd, i, count = 0; | |
259 | ||
260 | @@ -310,16 +296,18 @@ | |
261 | return (0); | |
262 | } | |
263 | memset(&sess, 0, sizeof(sess)); | |
264 | + sess.mackey = fake_key; | |
265 | for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | |
266 | if (digests[i].nid == NID_undef) | |
267 | continue; | |
268 | sess.mac = digests[i].id; | |
269 | + sess.mackeylen = 8; | |
270 | sess.cipher = 0; | |
271 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | |
272 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
273 | nids[count++] = digests[i].nid; | |
274 | } | |
275 | - close(fd); | |
276 | + put_dev_crypto(fd); | |
277 | ||
278 | if (count > 0) | |
279 | *cnids = nids; | |
280 | @@ -327,8 +315,7 @@ | |
281 | *cnids = NULL; | |
282 | return (count); | |
283 | } | |
284 | - | |
285 | -#endif | |
286 | +#endif /* 0 */ | |
287 | ||
288 | /* | |
289 | * Find the useable ciphers|digests from dev/crypto - this is the first | |
290 | @@ -360,6 +347,9 @@ | |
291 | static int | |
292 | cryptodev_usable_digests(const int **nids) | |
293 | { | |
294 | +#ifdef USE_CRYPTODEV_DIGESTS | |
295 | + return (get_cryptodev_digests(nids)); | |
296 | +#else | |
297 | /* | |
298 | * XXXX just disable all digests for now, because it sucks. | |
299 | * we need a better way to decide this - i.e. I may not | |
300 | @@ -374,11 +364,12 @@ | |
301 | */ | |
302 | *nids = NULL; | |
303 | return (0); | |
304 | +#endif | |
305 | } | |
306 | ||
307 | static int | |
308 | cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
309 | - const unsigned char *in, unsigned int inl) | |
310 | + const unsigned char *in, size_t inl) | |
311 | { | |
312 | struct crypt_op cryp; | |
313 | struct dev_crypto_state *state = ctx->cipher_data; | |
314 | @@ -398,14 +389,14 @@ | |
315 | cryp.ses = sess->ses; | |
316 | cryp.flags = 0; | |
317 | cryp.len = inl; | |
318 | - cryp.src = (caddr_t) in; | |
319 | - cryp.dst = (caddr_t) out; | |
320 | + cryp.src = (void*) in; | |
321 | + cryp.dst = (void*) out; | |
322 | cryp.mac = 0; | |
323 | ||
324 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | |
325 | ||
326 | if (ctx->cipher->iv_len) { | |
327 | - cryp.iv = (caddr_t) ctx->iv; | |
328 | + cryp.iv = (void*) ctx->iv; | |
329 | if (!ctx->encrypt) { | |
330 | iiv = in + inl - ctx->cipher->iv_len; | |
331 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | |
332 | @@ -436,28 +427,32 @@ | |
333 | { | |
334 | struct dev_crypto_state *state = ctx->cipher_data; | |
335 | struct session_op *sess = &state->d_sess; | |
336 | - int cipher; | |
337 | + int cipher = -1, i; | |
338 | ||
339 | - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) | |
340 | - return (0); | |
341 | - | |
342 | - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) | |
343 | - return (0); | |
344 | + for (i = 0; ciphers[i].id; i++) | |
345 | + if (ctx->cipher->nid == ciphers[i].nid && | |
346 | + ctx->cipher->iv_len <= ciphers[i].ivmax && | |
347 | + ctx->key_len == ciphers[i].keylen) { | |
348 | + cipher = ciphers[i].id; | |
349 | + break; | |
350 | + } | |
351 | ||
352 | - if (!cryptodev_key_length_valid(cipher, ctx->key_len)) | |
353 | + if (!ciphers[i].id) { | |
354 | + state->d_fd = -1; | |
355 | return (0); | |
356 | + } | |
357 | ||
358 | memset(sess, 0, sizeof(struct session_op)); | |
359 | ||
360 | if ((state->d_fd = get_dev_crypto()) < 0) | |
361 | return (0); | |
362 | ||
363 | - sess->key = (char *)key; | |
364 | + sess->key = (void*)key; | |
365 | sess->keylen = ctx->key_len; | |
366 | sess->cipher = cipher; | |
367 | ||
368 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | |
369 | - close(state->d_fd); | |
370 | + put_dev_crypto(state->d_fd); | |
371 | state->d_fd = -1; | |
372 | return (0); | |
373 | } | |
374 | @@ -494,7 +489,7 @@ | |
375 | } else { | |
376 | ret = 1; | |
377 | } | |
378 | - close(state->d_fd); | |
379 | + put_dev_crypto(state->d_fd); | |
380 | state->d_fd = -1; | |
381 | ||
382 | return (ret); | |
383 | @@ -505,6 +500,20 @@ | |
384 | * gets called when libcrypto requests a cipher NID. | |
385 | */ | |
386 | ||
387 | +/* RC4 */ | |
388 | +const EVP_CIPHER cryptodev_rc4 = { | |
389 | + NID_rc4, | |
390 | + 1, 16, 0, | |
391 | + EVP_CIPH_VARIABLE_LENGTH, | |
392 | + cryptodev_init_key, | |
393 | + cryptodev_cipher, | |
394 | + cryptodev_cleanup, | |
395 | + sizeof(struct dev_crypto_state), | |
396 | + NULL, | |
397 | + NULL, | |
398 | + NULL | |
399 | +}; | |
400 | + | |
401 | /* DES CBC EVP */ | |
402 | const EVP_CIPHER cryptodev_des_cbc = { | |
403 | NID_des_cbc, | |
404 | @@ -572,6 +581,32 @@ | |
405 | NULL | |
406 | }; | |
407 | ||
408 | +const EVP_CIPHER cryptodev_aes_192_cbc = { | |
409 | + NID_aes_192_cbc, | |
410 | + 16, 24, 16, | |
411 | + EVP_CIPH_CBC_MODE, | |
412 | + cryptodev_init_key, | |
413 | + cryptodev_cipher, | |
414 | + cryptodev_cleanup, | |
415 | + sizeof(struct dev_crypto_state), | |
416 | + EVP_CIPHER_set_asn1_iv, | |
417 | + EVP_CIPHER_get_asn1_iv, | |
418 | + NULL | |
419 | +}; | |
420 | + | |
421 | +const EVP_CIPHER cryptodev_aes_256_cbc = { | |
422 | + NID_aes_256_cbc, | |
423 | + 16, 32, 16, | |
424 | + EVP_CIPH_CBC_MODE, | |
425 | + cryptodev_init_key, | |
426 | + cryptodev_cipher, | |
427 | + cryptodev_cleanup, | |
428 | + sizeof(struct dev_crypto_state), | |
429 | + EVP_CIPHER_set_asn1_iv, | |
430 | + EVP_CIPHER_get_asn1_iv, | |
431 | + NULL | |
432 | +}; | |
433 | + | |
434 | /* | |
435 | * Registered by the ENGINE when used to find out how to deal with | |
436 | * a particular NID in the ENGINE. this says what we'll do at the | |
437 | @@ -585,6 +620,9 @@ | |
438 | return (cryptodev_usable_ciphers(nids)); | |
439 | ||
440 | switch (nid) { | |
441 | + case NID_rc4: | |
442 | + *cipher = &cryptodev_rc4; | |
443 | + break; | |
444 | case NID_des_ede3_cbc: | |
445 | *cipher = &cryptodev_3des_cbc; | |
446 | break; | |
447 | @@ -600,6 +638,12 @@ | |
448 | case NID_aes_128_cbc: | |
449 | *cipher = &cryptodev_aes_cbc; | |
450 | break; | |
451 | + case NID_aes_192_cbc: | |
452 | + *cipher = &cryptodev_aes_192_cbc; | |
453 | + break; | |
454 | + case NID_aes_256_cbc: | |
455 | + *cipher = &cryptodev_aes_256_cbc; | |
456 | + break; | |
457 | default: | |
458 | *cipher = NULL; | |
459 | break; | |
460 | @@ -607,6 +651,286 @@ | |
461 | return (*cipher != NULL); | |
462 | } | |
463 | ||
464 | + | |
465 | +#ifdef USE_CRYPTODEV_DIGESTS | |
466 | + | |
467 | +/* convert digest type to cryptodev */ | |
468 | +static int | |
469 | +digest_nid_to_cryptodev(int nid) | |
470 | +{ | |
471 | + int i; | |
472 | + | |
473 | + for (i = 0; digests[i].id; i++) | |
474 | + if (digests[i].nid == nid) | |
475 | + return (digests[i].id); | |
476 | + return (0); | |
477 | +} | |
478 | + | |
479 | + | |
480 | +static int cryptodev_digest_init(EVP_MD_CTX *ctx) | |
481 | +{ | |
482 | + struct dev_crypto_state *state = ctx->md_data; | |
483 | + struct session_op *sess = &state->d_sess; | |
484 | + int digest; | |
485 | + | |
486 | + if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ | |
487 | + printf("cryptodev_digest_init: Can't get digest \n"); | |
488 | + return (0); | |
489 | + } | |
490 | + memset(state, 0, sizeof(struct dev_crypto_state)); | |
491 | + | |
492 | + if ((state->d_fd = get_dev_crypto()) < 0) { | |
493 | + printf("cryptodev_digest_init: Can't get Dev \n"); | |
494 | + return (0); | |
495 | + } | |
496 | + | |
497 | + sess->mackey = NULL; | |
498 | + sess->mackeylen = 0; | |
499 | + sess->mac = digest; | |
500 | + | |
501 | + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | |
502 | + put_dev_crypto(state->d_fd); | |
503 | + state->d_fd = -1; | |
504 | + printf("cryptodev_digest_init: Open session failed\n"); | |
505 | + return (0); | |
506 | + } | |
507 | + | |
508 | + return (1); | |
509 | +} | |
510 | + | |
511 | +static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | |
512 | + size_t count) | |
513 | +{ | |
514 | + struct dev_crypto_state *state = ctx->md_data; | |
515 | + struct crypt_op cryp; | |
516 | + struct session_op *sess = &state->d_sess; | |
517 | + | |
518 | + if (!data || state->d_fd < 0) { | |
519 | + printf("cryptodev_digest_update: illegal inputs \n"); | |
520 | + return (0); | |
521 | + } | |
522 | + | |
523 | + if (!count) { | |
524 | + return (1); | |
525 | + } | |
526 | + | |
527 | + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { | |
528 | + /* if application doesn't support one buffer */ | |
529 | + state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); | |
530 | + | |
531 | + if (!state->mac_data) { | |
532 | + printf("cryptodev_digest_update: realloc failed\n"); | |
533 | + return (0); | |
534 | + } | |
535 | + | |
536 | + memcpy(state->mac_data + state->mac_len, data, count); | |
537 | + state->mac_len += count; | |
538 | + | |
539 | + return (1); | |
540 | + } | |
541 | + | |
542 | + memset(&cryp, 0, sizeof(cryp)); | |
543 | + | |
544 | + cryp.ses = sess->ses; | |
545 | + cryp.flags = 0; | |
546 | + cryp.len = count; | |
547 | + cryp.src = (void*) data; | |
548 | + cryp.dst = NULL; | |
549 | + cryp.mac = (void*) state->digest_res; | |
550 | + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | |
551 | + printf("cryptodev_digest_update: digest failed\n"); | |
552 | + return (0); | |
553 | + } | |
554 | + return (1); | |
555 | +} | |
556 | + | |
557 | + | |
558 | +static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | |
559 | +{ | |
560 | + struct crypt_op cryp; | |
561 | + struct dev_crypto_state *state = ctx->md_data; | |
562 | + struct session_op *sess = &state->d_sess; | |
563 | + | |
564 | + if (!md || state->d_fd < 0) { | |
565 | + printf("cryptodev_digest_final: illegal input\n"); | |
566 | + return(0); | |
567 | + } | |
568 | + | |
569 | + if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { | |
570 | + /* if application doesn't support one buffer */ | |
571 | + memset(&cryp, 0, sizeof(cryp)); | |
572 | + cryp.ses = sess->ses; | |
573 | + cryp.flags = 0; | |
574 | + cryp.len = state->mac_len; | |
575 | + cryp.src = state->mac_data; | |
576 | + cryp.dst = NULL; | |
577 | + cryp.mac = (void*)md; | |
578 | + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | |
579 | + printf("cryptodev_digest_final: digest failed\n"); | |
580 | + return (0); | |
581 | + } | |
582 | + | |
583 | + return 1; | |
584 | + } | |
585 | + | |
586 | + memcpy(md, state->digest_res, ctx->digest->md_size); | |
587 | + | |
588 | + return 1; | |
589 | +} | |
590 | + | |
591 | + | |
592 | +static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) | |
593 | +{ | |
594 | + int ret = 1; | |
595 | + struct dev_crypto_state *state = ctx->md_data; | |
596 | + struct session_op *sess = &state->d_sess; | |
597 | + | |
598 | + if (state == NULL) | |
599 | + return 0; | |
600 | + | |
601 | + if (state->d_fd < 0) { | |
602 | + printf("cryptodev_digest_cleanup: illegal input\n"); | |
603 | + return (0); | |
604 | + } | |
605 | + | |
606 | + if (state->mac_data) { | |
607 | + OPENSSL_free(state->mac_data); | |
608 | + state->mac_data = NULL; | |
609 | + state->mac_len = 0; | |
610 | + } | |
611 | + | |
612 | + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | |
613 | + printf("cryptodev_digest_cleanup: failed to close session\n"); | |
614 | + ret = 0; | |
615 | + } else { | |
616 | + ret = 1; | |
617 | + } | |
618 | + put_dev_crypto(state->d_fd); | |
619 | + state->d_fd = -1; | |
620 | + | |
621 | + return (ret); | |
622 | +} | |
623 | + | |
624 | +static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) | |
625 | +{ | |
626 | + struct dev_crypto_state *fstate = from->md_data; | |
627 | + struct dev_crypto_state *dstate = to->md_data; | |
628 | + struct session_op *sess; | |
629 | + int digest; | |
630 | + | |
631 | + if (dstate == NULL || fstate == NULL) | |
632 | + return 1; | |
633 | + | |
634 | + memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); | |
635 | + | |
636 | + sess = &dstate->d_sess; | |
637 | + | |
638 | + digest = digest_nid_to_cryptodev(to->digest->type); | |
639 | + | |
640 | + sess->mackey = NULL; | |
641 | + sess->mackeylen = 0; | |
642 | + sess->mac = digest; | |
643 | + | |
644 | + dstate->d_fd = get_dev_crypto(); | |
645 | + | |
646 | + if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { | |
647 | + put_dev_crypto(dstate->d_fd); | |
648 | + dstate->d_fd = -1; | |
649 | + printf("cryptodev_digest_init: Open session failed\n"); | |
650 | + return (0); | |
651 | + } | |
652 | + | |
653 | + if (fstate->mac_len != 0) { | |
654 | + if (fstate->mac_data != NULL) | |
655 | + { | |
656 | + dstate->mac_data = OPENSSL_malloc(fstate->mac_len); | |
657 | + memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); | |
658 | + dstate->mac_len = fstate->mac_len; | |
659 | + } | |
660 | + } | |
661 | + | |
662 | + return 1; | |
663 | +} | |
664 | + | |
665 | + | |
666 | +static const EVP_MD cryptodev_sha1 = { | |
667 | + NID_sha1, | |
668 | + NID_sha1WithRSAEncryption, | |
669 | + SHA_DIGEST_LENGTH, | |
670 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, | |
671 | + cryptodev_digest_init, | |
672 | + cryptodev_digest_update, | |
673 | + cryptodev_digest_final, | |
674 | + cryptodev_digest_copy, | |
675 | + cryptodev_digest_cleanup, | |
676 | + EVP_PKEY_RSA_method, | |
677 | + SHA_CBLOCK, | |
678 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
679 | +}; | |
680 | + | |
681 | +static const EVP_MD cryptodev_sha256 = { | |
682 | + NID_sha256, | |
683 | + NID_sha256WithRSAEncryption, | |
684 | + SHA256_DIGEST_LENGTH, | |
685 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, | |
686 | + cryptodev_digest_init, | |
687 | + cryptodev_digest_update, | |
688 | + cryptodev_digest_final, | |
689 | + cryptodev_digest_copy, | |
690 | + cryptodev_digest_cleanup, | |
691 | + EVP_PKEY_RSA_method, | |
692 | + SHA256_CBLOCK, | |
693 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
694 | +}; | |
695 | + | |
696 | +static const EVP_MD cryptodev_sha384 = { | |
697 | + NID_sha384, | |
698 | + NID_sha384WithRSAEncryption, | |
699 | + SHA384_DIGEST_LENGTH, | |
700 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, | |
701 | + cryptodev_digest_init, | |
702 | + cryptodev_digest_update, | |
703 | + cryptodev_digest_final, | |
704 | + cryptodev_digest_copy, | |
705 | + cryptodev_digest_cleanup, | |
706 | + EVP_PKEY_RSA_method, | |
707 | + SHA512_CBLOCK, | |
708 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
709 | +}; | |
710 | + | |
711 | +static const EVP_MD cryptodev_sha512 = { | |
712 | + NID_sha512, | |
713 | + NID_sha512WithRSAEncryption, | |
714 | + SHA512_DIGEST_LENGTH, | |
715 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, | |
716 | + cryptodev_digest_init, | |
717 | + cryptodev_digest_update, | |
718 | + cryptodev_digest_final, | |
719 | + cryptodev_digest_copy, | |
720 | + cryptodev_digest_cleanup, | |
721 | + EVP_PKEY_RSA_method, | |
722 | + SHA512_CBLOCK, | |
723 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
724 | +}; | |
725 | + | |
726 | +static const EVP_MD cryptodev_md5 = { | |
727 | + NID_md5, | |
728 | + NID_md5WithRSAEncryption, | |
729 | + 16 /* MD5_DIGEST_LENGTH */, | |
730 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, | |
731 | + cryptodev_digest_init, | |
732 | + cryptodev_digest_update, | |
733 | + cryptodev_digest_final, | |
734 | + cryptodev_digest_copy, | |
735 | + cryptodev_digest_cleanup, | |
736 | + EVP_PKEY_RSA_method, | |
737 | + 64 /* MD5_CBLOCK */, | |
738 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
739 | +}; | |
740 | + | |
741 | +#endif /* USE_CRYPTODEV_DIGESTS */ | |
742 | + | |
743 | + | |
744 | static int | |
745 | cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | |
746 | const int **nids, int nid) | |
747 | @@ -615,10 +939,24 @@ | |
748 | return (cryptodev_usable_digests(nids)); | |
749 | ||
750 | switch (nid) { | |
751 | +#ifdef USE_CRYPTODEV_DIGESTS | |
752 | case NID_md5: | |
753 | - *digest = NULL; /* need to make a clean md5 critter */ | |
754 | + *digest = &cryptodev_md5; | |
755 | break; | |
756 | + case NID_sha1: | |
757 | + *digest = &cryptodev_sha1; | |
758 | + break; | |
759 | + case NID_sha256: | |
760 | + *digest = &cryptodev_sha256; | |
761 | + break; | |
762 | + case NID_sha384: | |
763 | + *digest = &cryptodev_sha384; | |
764 | + break; | |
765 | + case NID_sha512: | |
766 | + *digest = &cryptodev_sha512; | |
767 | + break; | |
768 | default: | |
769 | +#endif /* USE_CRYPTODEV_DIGESTS */ | |
770 | *digest = NULL; | |
771 | break; | |
772 | } | |
773 | @@ -646,8 +984,9 @@ | |
774 | b = malloc(bytes); | |
775 | if (b == NULL) | |
776 | return (1); | |
777 | + memset(b, 0, bytes); | |
778 | ||
779 | - crp->crp_p = (char *)b; | |
780 | + crp->crp_p = (void*) b; | |
781 | crp->crp_nbits = bits; | |
782 | ||
783 | for (i = 0, j = 0; i < a->top; i++) { | |
784 | @@ -690,7 +1029,7 @@ | |
785 | { | |
786 | int i; | |
787 | ||
788 | - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { | |
789 | + for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { | |
790 | if (kop->crk_param[i].crp_p) | |
791 | free(kop->crk_param[i].crp_p); | |
792 | kop->crk_param[i].crp_p = NULL; | |
793 | @@ -776,8 +1115,9 @@ | |
794 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |
795 | { | |
796 | int r; | |
797 | - | |
798 | + ctx = BN_CTX_new(); | |
799 | r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); | |
800 | + BN_CTX_free(ctx); | |
801 | return (r); | |
802 | } | |
803 | ||
804 | @@ -899,7 +1239,7 @@ | |
805 | kop.crk_op = CRK_DSA_SIGN; | |
806 | ||
807 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | |
808 | - kop.crk_param[0].crp_p = (caddr_t)dgst; | |
809 | + kop.crk_param[0].crp_p = (void*)dgst; | |
810 | kop.crk_param[0].crp_nbits = dlen * 8; | |
811 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | |
812 | goto err; | |
813 | @@ -939,7 +1279,7 @@ | |
814 | kop.crk_op = CRK_DSA_VERIFY; | |
815 | ||
816 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | |
817 | - kop.crk_param[0].crp_p = (caddr_t)dgst; | |
818 | + kop.crk_param[0].crp_p = (void*)dgst; | |
819 | kop.crk_param[0].crp_nbits = dlen * 8; | |
820 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | |
821 | goto err; | |
822 | @@ -1017,7 +1357,7 @@ | |
823 | goto err; | |
824 | kop.crk_iparams = 3; | |
825 | ||
826 | - kop.crk_param[3].crp_p = (char *)key; | |
827 | + kop.crk_param[3].crp_p = (void*) key; | |
828 | kop.crk_param[3].crp_nbits = keylen * 8; | |
829 | kop.crk_oparams = 1; | |
830 | ||
831 | @@ -1048,7 +1388,7 @@ | |
832 | * but I expect we'll want some options soon. | |
833 | */ | |
834 | static int | |
835 | -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | |
836 | +cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) | |
837 | { | |
838 | #ifdef HAVE_SYSLOG_R | |
839 | struct syslog_data sd = SYSLOG_DATA_INIT; | |
840 | @@ -1084,14 +1424,14 @@ | |
841 | * find out what asymmetric crypto algorithms we support | |
842 | */ | |
843 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { | |
844 | - close(fd); | |
845 | + put_dev_crypto(fd); | |
846 | ENGINE_free(engine); | |
847 | return; | |
848 | } | |
849 | - close(fd); | |
850 | + put_dev_crypto(fd); | |
851 | ||
852 | if (!ENGINE_set_id(engine, "cryptodev") || | |
853 | - !ENGINE_set_name(engine, "BSD cryptodev engine") || | |
854 | + !ENGINE_set_name(engine, "cryptodev engine") || | |
855 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | |
856 | !ENGINE_set_digests(engine, cryptodev_engine_digests) || | |
857 | !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || | |
858 | diff -Naur openssl-0.9.8u.org/crypto/engine/engine.h openssl-0.9.8u/crypto/engine/engine.h | |
859 | --- openssl-0.9.8u.org/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100 | |
860 | +++ openssl-0.9.8u/crypto/engine/engine.h 2012-03-27 14:05:15.000000000 +0200 | |
861 | @@ -705,9 +705,7 @@ | |
862 | * values. */ | |
863 | void *ENGINE_get_static_state(void); | |
864 | ||
865 | -#if defined(__OpenBSD__) || defined(__FreeBSD__) | |
866 | void ENGINE_setup_bsd_cryptodev(void); | |
867 | -#endif | |
868 | ||
869 | /* BEGIN ERROR CODES */ | |
870 | /* The following lines are auto generated by the script mkerr.pl. Any changes | |
871 | diff -Naur openssl-0.9.8u.org/crypto/evp/c_all.c openssl-0.9.8u/crypto/evp/c_all.c | |
872 | --- openssl-0.9.8u.org/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200 | |
873 | +++ openssl-0.9.8u/crypto/evp/c_all.c 2012-03-27 14:05:15.000000000 +0200 | |
874 | @@ -83,8 +83,6 @@ | |
875 | OpenSSL_add_all_ciphers(); | |
876 | OpenSSL_add_all_digests(); | |
877 | #ifndef OPENSSL_NO_ENGINE | |
878 | -# if defined(__OpenBSD__) || defined(__FreeBSD__) | |
879 | ENGINE_setup_bsd_cryptodev(); | |
880 | -# endif | |
881 | #endif | |
882 | } |