generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add the possibility to load prvate and public keys from an engine and

Browse Source 
implement it for nCipher hardware.  The interface in itself should be
clear enough, but the nCipher implementation is currently not the
best when it comes to getting a passphrase from the user.  However,
getting it better is a little hard until a better user interaction
method is create.

Also, use the possibility in req, so we can start to create CSR's with
keys from the nForce box.

WARNING: I've made *no* tests yet, mostly because I didn't implement
this on the machine where I have an nForce box to play with.  All I
know is that it compiles cleanly on Linux...
This commit is contained in:
Richard Levitte 2000-07-06 18:40:10 +00:00
parent f3052a9eee
commit 64c4f5732d
17 changed files with 576 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/apps.c
View File

@ -168,6 +168,8 @@ int str2fmt(char *s)
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return(FORMAT_ENGINE);
else
return(FORMAT_UNDEF);
}

1
apps/apps.h
View File

@ -158,6 +158,7 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_PEM 3
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_ENGINE 6
#define NETSCAPE_CERT_HDR "certificate"

60
apps/req.c
View File

@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define SECTION "req"
@ -140,6 +141,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
#ifndef NO_DSA
DSA *dsa_params=NULL;
#endif
@ -152,6 +154,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
char *engine=NULL;
char *extensions = NULL;
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
@ -195,6 +198,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@ -375,6 +383,7 @@ bad:
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
BIO_printf(bio_err," -keyout arg file to send the key to\n");
@ -522,24 +531,55 @@ bad:
if ((in == NULL) || (out == NULL))
goto end;
if (keyfile != NULL)
if (engine != NULL)
{
if (BIO_read_filename(in,keyfile) <= 0)
if((e = ENGINE_by_id(engine)) == NULL)
{
perror(keyfile);
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (keyfile != NULL)
{
if (keyform == FORMAT_ENGINE)
{
if (!e)
{
BIO_printf(bio_err,"no engine specified\n");
goto end;
}
pkey = ENGINE_load_private_key(e, keyfile, NULL);
}
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
if (BIO_read_filename(in,keyfile) <= 0)
{
perror(keyfile);
goto end;
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
passin);
}
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
}
}
if (pkey == NULL)

32
crypto/dh/Makefile.ssl
View File

@ -97,21 +97,37 @@ dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../cryptlib.h
dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dh_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dh_key.o: ../../include/openssl/stack.h ../cryptlib.h
dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_key.o: ../cryptlib.h
dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dh_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dh_lib.o: ../../include/openssl/stack.h ../cryptlib.h
dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_lib.o: ../cryptlib.h

88
crypto/dsa/Makefile.ssl
View File

@ -114,42 +114,70 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_key.o: ../cryptlib.h
dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_lib.o: ../cryptlib.h
dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_ossl.o: ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_ossl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_ossl.o: ../../include/openssl/stack.h ../cryptlib.h
dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_ossl.o: ../cryptlib.h
dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_sign.o: ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_sign.o: ../../include/openssl/stack.h ../cryptlib.h
dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_sign.o: ../cryptlib.h
dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
dsa_vrf.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
dsa_vrf.o: ../../include/openssl/stack.h ../cryptlib.h

123
crypto/engine/Makefile.ssl
View File

@ -80,73 +80,130 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
engine_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
engine_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/engine.h
engine_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
engine_err.o: ../../include/openssl/objects.h
engine_err.o: ../../include/openssl/opensslconf.h
engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_err.o: ../../include/openssl/stack.h
engine_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
engine_lib.o: ../../include/openssl/objects.h
engine_lib.o: ../../include/openssl/opensslconf.h
engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_lib.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h
engine_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_lib.o: ../cryptlib.h engine_int.h
engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_list.o: ../../include/openssl/lhash.h
engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_list.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
engine_list.o: ../../include/openssl/objects.h
engine_list.o: ../../include/openssl/opensslconf.h
engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_list.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_list.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h
engine_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_list.o: ../cryptlib.h engine_int.h
engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
engine_openssl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
engine_openssl.o: ../../include/openssl/opensslconf.h
engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_openssl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
engine_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_openssl.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h
hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
engine_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_openssl.o: ../cryptlib.h engine_int.h
hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
hw_atalla.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
hw_atalla.o: ../../include/openssl/opensslconf.h
hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hw_atalla.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_atalla.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h
hw_atalla.o: vendor_defns/atalla.h
hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_atalla.o: ../cryptlib.h engine_int.h vendor_defns/atalla.h
hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
hw_cswift.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
hw_cswift.o: ../../include/openssl/opensslconf.h
hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hw_cswift.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_cswift.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h
hw_cswift.o: vendor_defns/cswift.h
hw_ncipher.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_cswift.o: ../cryptlib.h engine_int.h vendor_defns/cswift.h
hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
hw_ncipher.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
hw_ncipher.o: ../../include/openssl/opensslconf.h
hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_ncipher.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h
hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
hw_ncipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
hw_ncipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
hw_ncipher.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h engine_int.h
hw_ncipher.o: vendor_defns/hwcryptohook.h

23
crypto/engine/engine.h
View File

@ -64,6 +64,7 @@
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#ifdef __cplusplus
extern "C" {
@ -85,7 +86,8 @@ extern "C" {
* All command numbers are shared between all engines, even if some don't
* make sense to some engines. In such a case, they do nothing but return
* the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
#define ENGINE_CTRL_SET_LOGSTREAM 1
#define ENGINE_CTRL_SET_LOGSTREAM 1
#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
/* As we're missing a BIGNUM_METHOD, we need a couple of locally
@ -229,6 +231,14 @@ int ENGINE_finish(ENGINE *e);
/* WARNING: This is currently experimental and may change radically! */
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
/* The following functions handle keys that are stored in some secondary
* location, handled by the engine. The storage may be on a card or
* whatever. */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
const char *passphrase);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
const char *passphrase);
/* This returns a pointer for the current ENGINE structure that
* is (by default) performing any RSA operations. The value returned
* is an incremented reference, so it should be free'd (ENGINE_finish)
@ -310,6 +320,8 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_F_ENGINE_INIT 119
#define ENGINE_F_ENGINE_LIST_ADD 120
#define ENGINE_F_ENGINE_LIST_REMOVE 121
#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
#define ENGINE_F_ENGINE_NEW 122
#define ENGINE_F_ENGINE_REMOVE 123
#define ENGINE_F_ENGINE_SET_BN_MOD_EXP 124
@ -324,9 +336,13 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_F_ENGINE_SET_NAME 130
#define ENGINE_F_ENGINE_SET_RAND 131
#define ENGINE_F_ENGINE_SET_RSA 132
#define ENGINE_F_ENGINE_UNLOAD_KEY 152
#define ENGINE_F_HWCRHK_CTRL 143
#define ENGINE_F_HWCRHK_FINISH 135
#define ENGINE_F_HWCRHK_GET_PASS 155
#define ENGINE_F_HWCRHK_INIT 136
#define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153
#define ENGINE_F_HWCRHK_LOAD_PUBKEY 154
#define ENGINE_F_HWCRHK_MOD_EXP 137
#define ENGINE_F_HWCRHK_MOD_EXP_CRT 138
#define ENGINE_F_HWCRHK_RAND_BYTES 139
@ -338,6 +354,7 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_BIO_WAS_FREED 121
#define ENGINE_R_BN_CTX_FULL 101
#define ENGINE_R_BN_EXPAND_FAIL 102
#define ENGINE_R_CHIL_ERROR 123
#define ENGINE_R_CONFLICTING_ENGINE_ID 103
#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
#define ENGINE_R_DSO_FAILURE 104
@ -350,8 +367,12 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_MISSING_KEY_COMPONENTS 111
#define ENGINE_R_NOT_INITIALISED 117
#define ENGINE_R_NOT_LOADED 112
#define ENGINE_R_NO_CALLBACK 127
#define ENGINE_R_NO_CONTROL_FUNCTION 120
#define ENGINE_R_NO_KEY 124
#define ENGINE_R_NO_LOAD_FUNCTION 125
#define ENGINE_R_NO_SUCH_ENGINE 116
#define ENGINE_R_NO_UNLOAD_FUNCTION 126
#define ENGINE_R_PROVIDE_PARAMETERS 113
#define ENGINE_R_REQUEST_FAILED 114
#define ENGINE_R_REQUEST_FALLBACK 118

11
crypto/engine/engine_err.c
View File

@ -98,6 +98,8 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"},
{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"},
{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"},
{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"},
{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"},
@ -112,9 +114,13 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0), "ENGINE_set_RAND"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0), "ENGINE_set_RSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"},
{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"},
{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0), "HWCRHK_INIT"},
{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0), "HWCRHK_MOD_EXP_CRT"},
{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"},
@ -129,6 +135,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ENGINE_R_BIO_WAS_FREED ,"bio was freed"},
{ENGINE_R_BN_CTX_FULL ,"BN_CTX full"},
{ENGINE_R_BN_EXPAND_FAIL ,"bn_expand fail"},
{ENGINE_R_CHIL_ERROR ,"chil error"},
{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
{ENGINE_R_DSO_FAILURE ,"DSO failure"},
@ -141,8 +148,12 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ENGINE_R_MISSING_KEY_COMPONENTS ,"missing key components"},
{ENGINE_R_NOT_INITIALISED ,"not initialised"},
{ENGINE_R_NOT_LOADED ,"not loaded"},
{ENGINE_R_NO_CALLBACK ,"no callback"},
{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"},
{ENGINE_R_NO_KEY ,"no key"},
{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"},
{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
{ENGINE_R_REQUEST_FAILED ,"request failed"},
{ENGINE_R_REQUEST_FALLBACK ,"request fallback"},

3
crypto/engine/engine_int.h
View File

@ -64,6 +64,7 @@
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#ifdef __cplusplus
extern "C" {
@ -110,6 +111,8 @@ typedef struct engine_st
int (*init)(void);
int (*finish)(void);
int (*ctrl)(int cmd, long i, void *p, void (*f)());
EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
int flags;
/* reference count on the structure itself */
int struct_ref;

52
crypto/engine/engine_lib.c
View File

@ -216,6 +216,58 @@ int ENGINE_finish(ENGINE *e)
return to_return;
}
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
const char *passphrase)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->funct_ref == 0)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_NOT_INITIALISED);
return 0;
}
if (!e->load_privkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_NO_LOAD_FUNCTION);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return e->load_privkey(key_id, passphrase);
}
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
const char *passphrase)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->funct_ref == 0)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_NOT_INITIALISED);
return 0;
}
if (!e->load_pubkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_NO_LOAD_FUNCTION);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return e->load_pubkey(key_id, passphrase);
}
/* Initialise a engine type for use (or up its functional reference count
* if it's already in use). */
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())

8
crypto/engine/engine_openssl.c
View File

@ -87,9 +87,11 @@ static ENGINE engine_openssl =
NULL,
NULL,
openssl_mod_exp_crt,
NULL, /* no "init()" */
NULL, /* no "finish()" */
NULL, /* no "ctrl()" */
NULL, /* no init() */
NULL, /* no finish() */
NULL, /* no ctrl() */
NULL, /* no load_privkey() */
NULL, /* no load_pubkey() */
0, /* no flags */
0, 0, /* no references. */
NULL, NULL /* unlinked */

2
crypto/engine/hw_atalla.c
View File

@ -155,6 +155,8 @@ static ENGINE engine_atalla =
atalla_init,
atalla_finish,
NULL, /* no ctrl() */
NULL, /* no load_privkey() */
NULL, /* no load_pubkey() */
0, /* no flags */
0, 0, /* no references */
NULL, NULL /* unlinked */

2
crypto/engine/hw_cswift.c
View File

@ -167,6 +167,8 @@ static ENGINE engine_cswift =
cswift_init,
cswift_finish,
NULL, /* no ctrl() */
NULL, /* no load_privkey() */
NULL, /* no load_pubkey() */
0, /* no flags */
0, 0, /* no references */
NULL, NULL /* unlinked */

232
crypto/engine/hw_ncipher.c
View File

@ -59,6 +59,7 @@
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include "cryptlib.h"
#include <openssl/dso.h>
#include "engine_int.h"
@ -69,7 +70,7 @@
/* Attribution notice: nCipher har said several times that it's OK for
* us to implement a general interface to their boxes, and recently declared
* their HWCryptoHook to be public, adn therefore available for us to use.
* their HWCryptoHook to be public, and therefore available for us to use.
* Thanks, nCipher.
*
* The hwcryptohook.h included here is from May 2000.
@ -106,9 +107,19 @@ static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
static int hwcrhk_rand_bytes(unsigned char *buf, int num);
/* KM stuff */
static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
const char *passphrase);
static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id,
const char *passphrase);
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int index,long argl, void *argp);
/* Interaction stuff */
static int hwcrhk_get_pass(const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx);
static void hwcrhk_log_message(void *logstream, const char *message);
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD hwcrhk_rsa =
@ -166,6 +177,8 @@ static ENGINE engine_hwcrhk =
hwcrhk_init,
hwcrhk_finish,
hwcrhk_ctrl,
hwcrhk_load_privkey,
hwcrhk_load_pubkey,
0, /* no flags */
0, 0, /* no references */
NULL, NULL /* unlinked */
@ -220,7 +233,10 @@ static int get_pass(const char *prompt_info,
#endif
static BIO *logstream = NULL;
static void log_message(void *logstream, const char *message);
static pem_password_cb *password_callback = NULL;
#if 0
static void *password_callback_userdata = NULL;
#endif
/* Stuff to pass to the HWCryptoHook library */
static HWCryptoHook_InitInfo hwcrhk_globals = {
@ -256,9 +272,9 @@ static HWCryptoHook_InitInfo hwcrhk_globals = {
0, /* hwcrhk_cv_broadcast, */
0, /* hwcrhk_cv_destroy, */
0, /* get_pass, */ /* pass phrase */
hwcrhk_get_pass, /* pass phrase */
0, /* insert_card, */ /* insert a card */
log_message /* Log message */
hwcrhk_log_message /* Log message */
};
@ -307,6 +323,8 @@ static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
@ -317,6 +335,8 @@ static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
@ -354,9 +374,11 @@ static int hwcrhk_init()
HWCryptoHook_Finish_t *p2;
HWCryptoHook_ModExp_t *p3;
HWCryptoHook_RSA_t *p4;
HWCryptoHook_RSAUnloadKey_t *p5;
HWCryptoHook_RandomBytes_t *p6;
HWCryptoHook_ModExpCRT_t *p7;
HWCryptoHook_RSALoadKey_t *p5;
HWCryptoHook_RSAGetPublicKey_t *p6;
HWCryptoHook_RSAUnloadKey_t *p7;
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
if(hwcrhk_dso != NULL)
{
@ -379,11 +401,15 @@ static int hwcrhk_init()
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
!(p4 = (HWCryptoHook_RSA_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
!(p5 = (HWCryptoHook_RSAUnloadKey_t *)
!(p5 = (HWCryptoHook_RSALoadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
!(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
!(p6 = (HWCryptoHook_RandomBytes_t *)
!(p8 = (HWCryptoHook_RandomBytes_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
!(p7 = (HWCryptoHook_ModExpCRT_t *)
!(p9 = (HWCryptoHook_ModExpCRT_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
{
ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE);
@ -394,9 +420,11 @@ static int hwcrhk_init()
p_hwcrhk_Finish = p2;
p_hwcrhk_ModExp = p3;
p_hwcrhk_RSA = p4;
p_hwcrhk_RSAUnloadKey = p5;
p_hwcrhk_RandomBytes = p6;
p_hwcrhk_ModExpCRT = p7;
p_hwcrhk_RSALoadKey = p5;
p_hwcrhk_RSAGetPublicKey = p6;
p_hwcrhk_RSAUnloadKey = p7;
p_hwcrhk_RandomBytes = p8;
p_hwcrhk_ModExpCRT = p9;
/* Check if the application decided to support dynamic locks,
and if it does, use them. */
@ -431,6 +459,8 @@ err:
p_hwcrhk_Finish = NULL;
p_hwcrhk_ModExp = NULL;
p_hwcrhk_RSA = NULL;
p_hwcrhk_RSALoadKey = NULL;
p_hwcrhk_RSAGetPublicKey = NULL;
p_hwcrhk_RSAUnloadKey = NULL;
p_hwcrhk_ModExpCRT = NULL;
p_hwcrhk_RandomBytes = NULL;
@ -461,6 +491,8 @@ static int hwcrhk_finish()
p_hwcrhk_Finish = NULL;
p_hwcrhk_ModExp = NULL;
p_hwcrhk_RSA = NULL;
p_hwcrhk_RSALoadKey = NULL;
p_hwcrhk_RSAGetPublicKey = NULL;
p_hwcrhk_RSAUnloadKey = NULL;
p_hwcrhk_ModExpCRT = NULL;
p_hwcrhk_RandomBytes = NULL;
@ -477,6 +509,7 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
{
BIO *bio = (BIO *)p;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if (logstream)
{
BIO_free(logstream);
@ -487,6 +520,12 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
else
ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED);
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
break;
case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
password_callback = (pem_password_cb *)f;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
break;
default:
ENGINEerr(ENGINE_F_HWCRHK_CTRL,
@ -497,6 +536,110 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
return to_return;
}
static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
const char *passphrase)
{
RSA *rtmp = NULL;
EVP_PKEY *res = NULL;
HWCryptoHook_MPI e, n;
HWCryptoHook_RSAKeyHandle hptr;
HWCryptoHook_ErrMsgBuf rmsg;
if(!hwcrhk_context)
{
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
ENGINE_R_NOT_INITIALISED);
goto err;
}
if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, &hptr,
&rmsg, NULL))
{
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
ENGINE_R_CHIL_ERROR);
ERR_add_error_data(1,rmsg.buf);
goto err;
}
if (!hptr)
{
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
ENGINE_R_NO_KEY);
goto err;
}
rtmp = RSA_new_method(&engine_hwcrhk);
RSA_set_ex_data(rtmp, hndidx, (char *)hptr);
rtmp->e = BN_new();
rtmp->n = BN_new();
rtmp->flags |= RSA_FLAG_EXT_PKEY;
MPI2BN(rtmp->e, e);
MPI2BN(rtmp->n, n);
if (p_hwcrhk_RSAGetPublicKey(hptr, &n, &e, &rmsg)
!= HWCRYPTOHOOK_ERROR_MPISIZE)
{
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,ENGINE_R_CHIL_ERROR);
ERR_add_error_data(1,rmsg.buf);
goto err;
}
bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
MPI2BN(rtmp->e, e);
MPI2BN(rtmp->n, n);
if (p_hwcrhk_RSAGetPublicKey(hptr, &n, &e, &rmsg))
{
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
ENGINE_R_CHIL_ERROR);
ERR_add_error_data(1,rmsg.buf);
goto err;
}
rtmp->e->top = e.size / sizeof(BN_ULONG);
bn_fix_top(rtmp->e);
rtmp->n->top = n.size / sizeof(BN_ULONG);
bn_fix_top(rtmp->n);
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rtmp);
return res;
err:
if (res)
EVP_PKEY_free(res);
return NULL;
}
static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
{
EVP_PKEY *res = hwcrhk_load_privkey(key_id, passphrase);
if (res)
switch(res->type)
{
case EVP_PKEY_RSA:
{
RSA *rsa = NULL;
CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
rsa = res->pkey.rsa;
res->pkey.rsa = RSA_new();
res->pkey.rsa->n = rsa->n;
res->pkey.rsa->e = rsa->e;
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
RSA_free(rsa);
}
default:
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
goto err;
}
return res;
err:
if (res)
EVP_PKEY_free(res);
return NULL;
}
/* A little mod_exp */
static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
@ -561,11 +704,6 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
HWCryptoHook_RSAKeyHandle *hptr;
int to_return = 0, ret;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
goto err;
}
if(!hwcrhk_context)
{
ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
@ -580,6 +718,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
{
HWCryptoHook_MPI m_a, m_r;
if(!rsa->n)
{
ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
ENGINE_R_MISSING_KEY_COMPONENTS);
goto err;
}
rmsg.buf = tempbuf;
rmsg.size = 1024;
@ -616,6 +761,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
{
HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
ENGINE_R_MISSING_KEY_COMPONENTS);
goto err;
}
rmsg.buf = tempbuf;
rmsg.size = 1024;
@ -761,7 +913,49 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
CRYPTO_destroy_dynlockid(mt->lockid);
}
static void log_message(void *logstream, const char *message)
static int hwcrhk_get_pass(const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx)
{
int l = 0;
char prompt[1024];
if (password_callback == NULL)
{
ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);
return -1;
}
if (prompt_info)
{
strncpy(prompt, "Card: \"", sizeof(prompt));
l += 5;
strncpy(prompt + l, prompt_info, sizeof(prompt) - l);
l += strlen(prompt_info);
if (l + 2 < sizeof(prompt))
{
strncpy(prompt + l, "\"\n", sizeof(prompt) - l);
l += 2;
}
}
if (l < sizeof(prompt) - 1)
{
strncpy(prompt, "Enter Passphrase <enter to cancel>:",
sizeof(prompt) - l);
l += 35;
}
prompt[l] = '\0';
/* I know, passing on the prompt instead of the user data *is*
a bad thing. However, that's all we have right now.
-- Richard Levitte */
*len_io = password_callback(buf, *len_io, 0, prompt);
if(!*len_io)
return -1;
return 0;
}
static void hwcrhk_log_message(void *logstream, const char *message)
{
BIO *lstream = NULL;

32
crypto/rsa/Makefile.ssl
View File

@ -85,15 +85,23 @@ rsa_chk.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_eay.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
rsa_eay.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h
rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
rsa_eay.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
rsa_eay.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rsa_eay.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rsa_eay.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_eay.o: ../../include/openssl/stack.h ../cryptlib.h
rsa_eay.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rsa_eay.o: ../cryptlib.h
rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
@ -106,15 +114,23 @@ rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
rsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
rsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
rsa_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_lib.o: ../../include/openssl/stack.h ../cryptlib.h
rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rsa_lib.o: ../cryptlib.h
rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

22
test/Makefile.ssl
View File

@ -349,13 +349,21 @@ dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
enginetest.o: ../include/openssl/bio.h ../include/openssl/bn.h
enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
enginetest.o: ../include/openssl/dsa.h ../include/openssl/engine.h
enginetest.o: ../include/openssl/err.h ../include/openssl/lhash.h
enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
enginetest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
enginetest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
enginetest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
enginetest.o: ../include/openssl/des.h ../include/openssl/dh.h
enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
enginetest.o: ../include/openssl/evp.h ../include/openssl/idea.h
enginetest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
enginetest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
enginetest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
enginetest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
enginetest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h
exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h

2
util/libeay.num
View File

@ -1896,3 +1896,5 @@ ENGINE_set_init_function 2471
ENGINE_set_finish_function 2472
ENGINE_get_ctrl_function 2473
ENGINE_set_ctrl_function 2474
ENGINE_load_public_key 2475
ENGINE_load_private_key 2476