diff --git a/apps/apps.c b/apps/apps.c index b3a396905..40a56b37d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -168,6 +168,8 @@ int str2fmt(char *s) || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0) || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0)) return(FORMAT_PKCS12); + else if ((*s == 'E') || (*s == 'e')) + return(FORMAT_ENGINE); else return(FORMAT_UNDEF); } diff --git a/apps/apps.h b/apps/apps.h index 6b89b7975..38fe2d37f 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -158,6 +158,7 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format); #define FORMAT_PEM 3 #define FORMAT_NETSCAPE 4 #define FORMAT_PKCS12 5 +#define FORMAT_ENGINE 6 #define NETSCAPE_CERT_HDR "certificate" diff --git a/apps/req.c b/apps/req.c index fd26ed834..248e94fe7 100644 --- a/apps/req.c +++ b/apps/req.c @@ -73,6 +73,7 @@ #include #include #include +#include #define SECTION "req" @@ -140,6 +141,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; #ifndef NO_DSA DSA *dsa_params=NULL; #endif @@ -152,6 +154,7 @@ int MAIN(int argc, char **argv) int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; + char *engine=NULL; char *extensions = NULL; char *req_exts = NULL; EVP_CIPHER *cipher=NULL; @@ -195,6 +198,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -375,6 +383,7 @@ bad: BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -nodes don't encrypt the output key\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -key file use the private key contained in file\n"); BIO_printf(bio_err," -keyform arg key file format\n"); BIO_printf(bio_err," -keyout arg file to send the key to\n"); @@ -522,24 +531,55 @@ bad: if ((in == NULL) || (out == NULL)) goto end; - if (keyfile != NULL) + if (engine != NULL) { - if (BIO_read_filename(in,keyfile) <= 0) + if((e = ENGINE_by_id(engine)) == NULL) { - perror(keyfile); + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); goto end; } - - if (keyform == FORMAT_ASN1) - pkey=d2i_PrivateKey_bio(in,NULL); - else if (keyform == FORMAT_PEM) + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin); + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", *argv); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + + if (keyfile != NULL) + { + if (keyform == FORMAT_ENGINE) + { + if (!e) + { + BIO_printf(bio_err,"no engine specified\n"); + goto end; + } + pkey = ENGINE_load_private_key(e, keyfile, NULL); } else { - BIO_printf(bio_err,"bad input format specified for X509 request\n"); - goto end; + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + goto end; + } + + if (keyform == FORMAT_ASN1) + pkey=d2i_PrivateKey_bio(in,NULL); + else if (keyform == FORMAT_PEM) + { + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL, + passin); + } + else + { + BIO_printf(bio_err,"bad input format specified for X509 request\n"); + goto end; + } } if (pkey == NULL) diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index c2e70fa2b..4fe81af93 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -97,21 +97,37 @@ dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../cryptlib.h -dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +dh_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_key.o: ../../include/openssl/stack.h ../cryptlib.h -dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_key.o: ../cryptlib.h +dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +dh_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_lib.o: ../../include/openssl/stack.h ../cryptlib.h +dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_lib.o: ../cryptlib.h diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 4b75ec6a0..4a6b43590 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -114,42 +114,70 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h dsa_key.o: ../cryptlib.h dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +dsa_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h dsa_lib.o: ../cryptlib.h dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_ossl.o: ../../include/openssl/opensslconf.h +dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +dsa_ossl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dsa_ossl.o: ../../include/openssl/stack.h ../cryptlib.h +dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_ossl.o: ../cryptlib.h dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_sign.o: ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +dsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dsa_sign.o: ../../include/openssl/stack.h ../cryptlib.h +dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_sign.o: ../cryptlib.h dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h -dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h +dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +dsa_vrf.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h +dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h dsa_vrf.o: ../../include/openssl/stack.h ../cryptlib.h diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index fde4ee85a..ef8236a57 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -80,73 +80,130 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -engine_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/engine.h -engine_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h +engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h +engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +engine_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +engine_err.o: ../../include/openssl/objects.h engine_err.o: ../../include/openssl/opensslconf.h engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +engine_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_err.o: ../../include/openssl/stack.h -engine_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +engine_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +engine_lib.o: ../../include/openssl/objects.h +engine_lib.o: ../../include/openssl/opensslconf.h engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +engine_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_lib.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h -engine_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +engine_lib.o: ../cryptlib.h engine_int.h +engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h -engine_list.o: ../../include/openssl/lhash.h +engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +engine_list.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +engine_list.o: ../../include/openssl/objects.h engine_list.o: ../../include/openssl/opensslconf.h engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +engine_list.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_list.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h -engine_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +engine_list.o: ../cryptlib.h engine_int.h +engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h +engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +engine_openssl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h engine_openssl.o: ../../include/openssl/opensslconf.h engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +engine_openssl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h engine_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_openssl.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h -hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +engine_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +engine_openssl.o: ../cryptlib.h engine_int.h +hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +hw_atalla.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h hw_atalla.o: ../../include/openssl/opensslconf.h hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +hw_atalla.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_atalla.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h -hw_atalla.o: vendor_defns/atalla.h -hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hw_atalla.o: ../cryptlib.h engine_int.h vendor_defns/atalla.h +hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +hw_cswift.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h hw_cswift.o: ../../include/openssl/opensslconf.h hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +hw_cswift.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_cswift.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h -hw_cswift.o: vendor_defns/cswift.h -hw_ncipher.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hw_cswift.o: ../cryptlib.h engine_int.h vendor_defns/cswift.h +hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +hw_ncipher.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h hw_ncipher.o: ../../include/openssl/opensslconf.h -hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_ncipher.o: ../../include/openssl/stack.h ../cryptlib.h engine_int.h +hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h +hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h +hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +hw_ncipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +hw_ncipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hw_ncipher.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h engine_int.h hw_ncipher.o: vendor_defns/hwcryptohook.h diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 18e5fd1e1..acb480b57 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -64,6 +64,7 @@ #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -85,7 +86,8 @@ extern "C" { * All command numbers are shared between all engines, even if some don't * make sense to some engines. In such a case, they do nothing but return * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ -#define ENGINE_CTRL_SET_LOGSTREAM 1 +#define ENGINE_CTRL_SET_LOGSTREAM 1 +#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 /* As we're missing a BIGNUM_METHOD, we need a couple of locally @@ -229,6 +231,14 @@ int ENGINE_finish(ENGINE *e); /* WARNING: This is currently experimental and may change radically! */ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +/* The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + const char *passphrase); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + const char *passphrase); + /* This returns a pointer for the current ENGINE structure that * is (by default) performing any RSA operations. The value returned * is an incremented reference, so it should be free'd (ENGINE_finish) @@ -310,6 +320,8 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_INIT 119 #define ENGINE_F_ENGINE_LIST_ADD 120 #define ENGINE_F_ENGINE_LIST_REMOVE 121 +#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 #define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_SET_BN_MOD_EXP 124 @@ -324,9 +336,13 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_SET_RAND 131 #define ENGINE_F_ENGINE_SET_RSA 132 +#define ENGINE_F_ENGINE_UNLOAD_KEY 152 #define ENGINE_F_HWCRHK_CTRL 143 #define ENGINE_F_HWCRHK_FINISH 135 +#define ENGINE_F_HWCRHK_GET_PASS 155 #define ENGINE_F_HWCRHK_INIT 136 +#define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153 +#define ENGINE_F_HWCRHK_LOAD_PUBKEY 154 #define ENGINE_F_HWCRHK_MOD_EXP 137 #define ENGINE_F_HWCRHK_MOD_EXP_CRT 138 #define ENGINE_F_HWCRHK_RAND_BYTES 139 @@ -338,6 +354,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_BIO_WAS_FREED 121 #define ENGINE_R_BN_CTX_FULL 101 #define ENGINE_R_BN_EXPAND_FAIL 102 +#define ENGINE_R_CHIL_ERROR 123 #define ENGINE_R_CONFLICTING_ENGINE_ID 103 #define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 #define ENGINE_R_DSO_FAILURE 104 @@ -350,8 +367,12 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_MISSING_KEY_COMPONENTS 111 #define ENGINE_R_NOT_INITIALISED 117 #define ENGINE_R_NOT_LOADED 112 +#define ENGINE_R_NO_CALLBACK 127 #define ENGINE_R_NO_CONTROL_FUNCTION 120 +#define ENGINE_R_NO_KEY 124 +#define ENGINE_R_NO_LOAD_FUNCTION 125 #define ENGINE_R_NO_SUCH_ENGINE 116 +#define ENGINE_R_NO_UNLOAD_FUNCTION 126 #define ENGINE_R_PROVIDE_PARAMETERS 113 #define ENGINE_R_REQUEST_FAILED 114 #define ENGINE_R_REQUEST_FALLBACK 118 diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c index 965f205e0..e738dcc79 100644 --- a/crypto/engine/engine_err.c +++ b/crypto/engine/engine_err.c @@ -98,6 +98,8 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, {ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, {ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"}, {ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, {ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"}, @@ -112,9 +114,13 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0), "ENGINE_set_RAND"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0), "ENGINE_set_RSA"}, +{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, {ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"}, {ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"}, +{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"}, {ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0), "HWCRHK_INIT"}, +{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"}, +{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"}, {ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"}, {ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0), "HWCRHK_MOD_EXP_CRT"}, {ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"}, @@ -129,6 +135,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ENGINE_R_BIO_WAS_FREED ,"bio was freed"}, {ENGINE_R_BN_CTX_FULL ,"BN_CTX full"}, {ENGINE_R_BN_EXPAND_FAIL ,"bn_expand fail"}, +{ENGINE_R_CHIL_ERROR ,"chil error"}, {ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, {ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, {ENGINE_R_DSO_FAILURE ,"DSO failure"}, @@ -141,8 +148,12 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ENGINE_R_MISSING_KEY_COMPONENTS ,"missing key components"}, {ENGINE_R_NOT_INITIALISED ,"not initialised"}, {ENGINE_R_NOT_LOADED ,"not loaded"}, +{ENGINE_R_NO_CALLBACK ,"no callback"}, {ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"}, +{ENGINE_R_NO_KEY ,"no key"}, +{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"}, {ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, +{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, {ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, {ENGINE_R_REQUEST_FAILED ,"request failed"}, {ENGINE_R_REQUEST_FALLBACK ,"request fallback"}, diff --git a/crypto/engine/engine_int.h b/crypto/engine/engine_int.h index 510810f2c..447fa2a32 100644 --- a/crypto/engine/engine_int.h +++ b/crypto/engine/engine_int.h @@ -64,6 +64,7 @@ #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -110,6 +111,8 @@ typedef struct engine_st int (*init)(void); int (*finish)(void); int (*ctrl)(int cmd, long i, void *p, void (*f)()); + EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase); + EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase); int flags; /* reference count on the structure itself */ int struct_ref; diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c index afd03b0f3..fa545cef3 100644 --- a/crypto/engine/engine_lib.c +++ b/crypto/engine/engine_lib.c @@ -216,6 +216,58 @@ int ENGINE_finish(ENGINE *e) return to_return; } +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + const char *passphrase) + { + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_NOT_INITIALISED); + return 0; + } + if (!e->load_privkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return e->load_privkey(key_id, passphrase); + } + +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + const char *passphrase) + { + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_NOT_INITIALISED); + return 0; + } + if (!e->load_pubkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return e->load_pubkey(key_id, passphrase); + } + /* Initialise a engine type for use (or up its functional reference count * if it's already in use). */ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c index 731834daf..9636f5116 100644 --- a/crypto/engine/engine_openssl.c +++ b/crypto/engine/engine_openssl.c @@ -87,9 +87,11 @@ static ENGINE engine_openssl = NULL, NULL, openssl_mod_exp_crt, - NULL, /* no "init()" */ - NULL, /* no "finish()" */ - NULL, /* no "ctrl()" */ + NULL, /* no init() */ + NULL, /* no finish() */ + NULL, /* no ctrl() */ + NULL, /* no load_privkey() */ + NULL, /* no load_pubkey() */ 0, /* no flags */ 0, 0, /* no references. */ NULL, NULL /* unlinked */ diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c index 7e6a351c3..28b8fac0e 100644 --- a/crypto/engine/hw_atalla.c +++ b/crypto/engine/hw_atalla.c @@ -155,6 +155,8 @@ static ENGINE engine_atalla = atalla_init, atalla_finish, NULL, /* no ctrl() */ + NULL, /* no load_privkey() */ + NULL, /* no load_pubkey() */ 0, /* no flags */ 0, 0, /* no references */ NULL, NULL /* unlinked */ diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 14dcae6ac..48ba26ed9 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -167,6 +167,8 @@ static ENGINE engine_cswift = cswift_init, cswift_finish, NULL, /* no ctrl() */ + NULL, /* no load_privkey() */ + NULL, /* no load_pubkey() */ 0, /* no flags */ 0, 0, /* no references */ NULL, NULL /* unlinked */ diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c index 05a75dfc1..b4d2502ce 100644 --- a/crypto/engine/hw_ncipher.c +++ b/crypto/engine/hw_ncipher.c @@ -59,6 +59,7 @@ #include #include +#include #include "cryptlib.h" #include #include "engine_int.h" @@ -69,7 +70,7 @@ /* Attribution notice: nCipher har said several times that it's OK for * us to implement a general interface to their boxes, and recently declared - * their HWCryptoHook to be public, adn therefore available for us to use. + * their HWCryptoHook to be public, and therefore available for us to use. * Thanks, nCipher. * * The hwcryptohook.h included here is from May 2000. @@ -106,9 +107,19 @@ static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, static int hwcrhk_rand_bytes(unsigned char *buf, int num); /* KM stuff */ +static EVP_PKEY *hwcrhk_load_privkey(const char *key_id, + const char *passphrase); +static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, + const char *passphrase); static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int index,long argl, void *argp); +/* Interaction stuff */ +static int hwcrhk_get_pass(const char *prompt_info, + int *len_io, char *buf, + HWCryptoHook_PassphraseContext *ppctx, + HWCryptoHook_CallerContext *cactx); +static void hwcrhk_log_message(void *logstream, const char *message); /* Our internal RSA_METHOD that we provide pointers to */ static RSA_METHOD hwcrhk_rsa = @@ -166,6 +177,8 @@ static ENGINE engine_hwcrhk = hwcrhk_init, hwcrhk_finish, hwcrhk_ctrl, + hwcrhk_load_privkey, + hwcrhk_load_pubkey, 0, /* no flags */ 0, 0, /* no references */ NULL, NULL /* unlinked */ @@ -220,7 +233,10 @@ static int get_pass(const char *prompt_info, #endif static BIO *logstream = NULL; -static void log_message(void *logstream, const char *message); +static pem_password_cb *password_callback = NULL; +#if 0 +static void *password_callback_userdata = NULL; +#endif /* Stuff to pass to the HWCryptoHook library */ static HWCryptoHook_InitInfo hwcrhk_globals = { @@ -256,9 +272,9 @@ static HWCryptoHook_InitInfo hwcrhk_globals = { 0, /* hwcrhk_cv_broadcast, */ 0, /* hwcrhk_cv_destroy, */ - 0, /* get_pass, */ /* pass phrase */ + hwcrhk_get_pass, /* pass phrase */ 0, /* insert_card, */ /* insert a card */ - log_message /* Log message */ + hwcrhk_log_message /* Log message */ }; @@ -307,6 +323,8 @@ static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL; static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL; static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL; static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL; +static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL; +static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL; static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; @@ -317,6 +335,8 @@ static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA"; static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes"; +static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey"; +static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey"; static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey"; static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT"; @@ -354,9 +374,11 @@ static int hwcrhk_init() HWCryptoHook_Finish_t *p2; HWCryptoHook_ModExp_t *p3; HWCryptoHook_RSA_t *p4; - HWCryptoHook_RSAUnloadKey_t *p5; - HWCryptoHook_RandomBytes_t *p6; - HWCryptoHook_ModExpCRT_t *p7; + HWCryptoHook_RSALoadKey_t *p5; + HWCryptoHook_RSAGetPublicKey_t *p6; + HWCryptoHook_RSAUnloadKey_t *p7; + HWCryptoHook_RandomBytes_t *p8; + HWCryptoHook_ModExpCRT_t *p9; if(hwcrhk_dso != NULL) { @@ -379,11 +401,15 @@ static int hwcrhk_init() DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || !(p4 = (HWCryptoHook_RSA_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || - !(p5 = (HWCryptoHook_RSAUnloadKey_t *) + !(p5 = (HWCryptoHook_RSALoadKey_t *) + DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) || + !(p6 = (HWCryptoHook_RSAGetPublicKey_t *) + DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || + !(p7 = (HWCryptoHook_RSAUnloadKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || - !(p6 = (HWCryptoHook_RandomBytes_t *) + !(p8 = (HWCryptoHook_RandomBytes_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || - !(p7 = (HWCryptoHook_ModExpCRT_t *) + !(p9 = (HWCryptoHook_ModExpCRT_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) { ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE); @@ -394,9 +420,11 @@ static int hwcrhk_init() p_hwcrhk_Finish = p2; p_hwcrhk_ModExp = p3; p_hwcrhk_RSA = p4; - p_hwcrhk_RSAUnloadKey = p5; - p_hwcrhk_RandomBytes = p6; - p_hwcrhk_ModExpCRT = p7; + p_hwcrhk_RSALoadKey = p5; + p_hwcrhk_RSAGetPublicKey = p6; + p_hwcrhk_RSAUnloadKey = p7; + p_hwcrhk_RandomBytes = p8; + p_hwcrhk_ModExpCRT = p9; /* Check if the application decided to support dynamic locks, and if it does, use them. */ @@ -431,6 +459,8 @@ err: p_hwcrhk_Finish = NULL; p_hwcrhk_ModExp = NULL; p_hwcrhk_RSA = NULL; + p_hwcrhk_RSALoadKey = NULL; + p_hwcrhk_RSAGetPublicKey = NULL; p_hwcrhk_RSAUnloadKey = NULL; p_hwcrhk_ModExpCRT = NULL; p_hwcrhk_RandomBytes = NULL; @@ -461,6 +491,8 @@ static int hwcrhk_finish() p_hwcrhk_Finish = NULL; p_hwcrhk_ModExp = NULL; p_hwcrhk_RSA = NULL; + p_hwcrhk_RSALoadKey = NULL; + p_hwcrhk_RSAGetPublicKey = NULL; p_hwcrhk_RSAUnloadKey = NULL; p_hwcrhk_ModExpCRT = NULL; p_hwcrhk_RandomBytes = NULL; @@ -477,6 +509,7 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)()) { BIO *bio = (BIO *)p; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if (logstream) { BIO_free(logstream); @@ -487,6 +520,12 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)()) else ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED); } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + break; + case ENGINE_CTRL_SET_PASSWORD_CALLBACK: + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + password_callback = (pem_password_cb *)f; + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); break; default: ENGINEerr(ENGINE_F_HWCRHK_CTRL, @@ -497,6 +536,110 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)()) return to_return; } + +static EVP_PKEY *hwcrhk_load_privkey(const char *key_id, + const char *passphrase) + { + RSA *rtmp = NULL; + EVP_PKEY *res = NULL; + HWCryptoHook_MPI e, n; + HWCryptoHook_RSAKeyHandle hptr; + HWCryptoHook_ErrMsgBuf rmsg; + + if(!hwcrhk_context) + { + ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, + ENGINE_R_NOT_INITIALISED); + goto err; + } + if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, &hptr, + &rmsg, NULL)) + { + ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, + ENGINE_R_CHIL_ERROR); + ERR_add_error_data(1,rmsg.buf); + goto err; + } + if (!hptr) + { + ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, + ENGINE_R_NO_KEY); + goto err; + } + rtmp = RSA_new_method(&engine_hwcrhk); + RSA_set_ex_data(rtmp, hndidx, (char *)hptr); + rtmp->e = BN_new(); + rtmp->n = BN_new(); + rtmp->flags |= RSA_FLAG_EXT_PKEY; + MPI2BN(rtmp->e, e); + MPI2BN(rtmp->n, n); + if (p_hwcrhk_RSAGetPublicKey(hptr, &n, &e, &rmsg) + != HWCRYPTOHOOK_ERROR_MPISIZE) + { + ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,ENGINE_R_CHIL_ERROR); + ERR_add_error_data(1,rmsg.buf); + goto err; + } + + bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG)); + bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG)); + MPI2BN(rtmp->e, e); + MPI2BN(rtmp->n, n); + + if (p_hwcrhk_RSAGetPublicKey(hptr, &n, &e, &rmsg)) + { + ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, + ENGINE_R_CHIL_ERROR); + ERR_add_error_data(1,rmsg.buf); + goto err; + } + rtmp->e->top = e.size / sizeof(BN_ULONG); + bn_fix_top(rtmp->e); + rtmp->n->top = n.size / sizeof(BN_ULONG); + bn_fix_top(rtmp->n); + + res = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(res, rtmp); + + return res; + err: + if (res) + EVP_PKEY_free(res); + return NULL; + } + +static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase) + { + EVP_PKEY *res = hwcrhk_load_privkey(key_id, passphrase); + + if (res) + switch(res->type) + { + case EVP_PKEY_RSA: + { + RSA *rsa = NULL; + + CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + rsa = res->pkey.rsa; + res->pkey.rsa = RSA_new(); + res->pkey.rsa->n = rsa->n; + res->pkey.rsa->e = rsa->e; + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + RSA_free(rsa); + } + default: + ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, + ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + goto err; + } + + return res; + err: + if (res) + EVP_PKEY_free(res); + return NULL; + } + /* A little mod_exp */ static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) @@ -561,11 +704,6 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa) HWCryptoHook_RSAKeyHandle *hptr; int to_return = 0, ret; - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) - { - ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS); - goto err; - } if(!hwcrhk_context) { ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED); @@ -580,6 +718,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa) { HWCryptoHook_MPI m_a, m_r; + if(!rsa->n) + { + ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP, + ENGINE_R_MISSING_KEY_COMPONENTS); + goto err; + } + rmsg.buf = tempbuf; rmsg.size = 1024; @@ -616,6 +761,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa) { HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r; + if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) + { + ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP, + ENGINE_R_MISSING_KEY_COMPONENTS); + goto err; + } + rmsg.buf = tempbuf; rmsg.size = 1024; @@ -761,7 +913,49 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt) CRYPTO_destroy_dynlockid(mt->lockid); } -static void log_message(void *logstream, const char *message) +static int hwcrhk_get_pass(const char *prompt_info, + int *len_io, char *buf, + HWCryptoHook_PassphraseContext *ppctx, + HWCryptoHook_CallerContext *cactx) + { + int l = 0; + char prompt[1024]; + + if (password_callback == NULL) + { + ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK); + return -1; + } + if (prompt_info) + { + strncpy(prompt, "Card: \"", sizeof(prompt)); + l += 5; + strncpy(prompt + l, prompt_info, sizeof(prompt) - l); + l += strlen(prompt_info); + if (l + 2 < sizeof(prompt)) + { + strncpy(prompt + l, "\"\n", sizeof(prompt) - l); + l += 2; + } + } + if (l < sizeof(prompt) - 1) + { + strncpy(prompt, "Enter Passphrase :", + sizeof(prompt) - l); + l += 35; + } + prompt[l] = '\0'; + + /* I know, passing on the prompt instead of the user data *is* + a bad thing. However, that's all we have right now. + -- Richard Levitte */ + *len_io = password_callback(buf, *len_io, 0, prompt); + if(!*len_io) + return -1; + return 0; + } + +static void hwcrhk_log_message(void *logstream, const char *message) { BIO *lstream = NULL; diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index fec03937f..7fbe7a3cd 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -85,15 +85,23 @@ rsa_chk.o: ../../include/openssl/crypto.h ../../include/openssl/err.h rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_eay.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +rsa_eay.o: ../../include/openssl/crypto.h ../../include/openssl/des.h rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rsa_eay.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +rsa_eay.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +rsa_eay.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rsa_eay.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +rsa_eay.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_eay.o: ../../include/openssl/stack.h ../cryptlib.h +rsa_eay.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_eay.o: ../cryptlib.h rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h @@ -106,15 +114,23 @@ rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h rsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h -rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +rsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +rsa_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +rsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_lib.o: ../../include/openssl/stack.h ../cryptlib.h +rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_lib.o: ../cryptlib.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h diff --git a/test/Makefile.ssl b/test/Makefile.ssl index c4e1e1b10..d0a039513 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -349,13 +349,21 @@ dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -enginetest.o: ../include/openssl/bio.h ../include/openssl/bn.h -enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h -enginetest.o: ../include/openssl/dsa.h ../include/openssl/engine.h -enginetest.o: ../include/openssl/err.h ../include/openssl/lhash.h -enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enginetest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +enginetest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +enginetest.o: ../include/openssl/cast.h ../include/openssl/crypto.h +enginetest.o: ../include/openssl/des.h ../include/openssl/dh.h +enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h +enginetest.o: ../include/openssl/evp.h ../include/openssl/idea.h +enginetest.o: ../include/openssl/lhash.h ../include/openssl/md2.h +enginetest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enginetest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h +enginetest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +enginetest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h diff --git a/util/libeay.num b/util/libeay.num index 33cb31145..0107bf20f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1896,3 +1896,5 @@ ENGINE_set_init_function 2471 ENGINE_set_finish_function 2472 ENGINE_get_ctrl_function 2473 ENGINE_set_ctrl_function 2474 +ENGINE_load_public_key 2475 +ENGINE_load_private_key 2476