aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/engine
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/engine')
-rw-r--r--crypto/engine/Makefile16
-rw-r--r--crypto/engine/eng_cnf.c17
-rw-r--r--crypto/engine/eng_cryptodev.c34
-rw-r--r--crypto/engine/eng_ctrl.c8
-rw-r--r--crypto/engine/eng_err.c3
-rw-r--r--crypto/engine/eng_table.c3
-rw-r--r--crypto/engine/engine.h3
7 files changed, 54 insertions, 30 deletions
diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
index 0cc37220896a..b52fa48065b6 100644
--- a/crypto/engine/Makefile
+++ b/crypto/engine/Makefile
@@ -112,19 +112,21 @@ eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h
eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_cryptodev.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_cryptodev.o: ../../include/openssl/obj_mac.h
eng_cryptodev.o: ../../include/openssl/objects.h
eng_cryptodev.o: ../../include/openssl/opensslconf.h
eng_cryptodev.o: ../../include/openssl/opensslv.h
eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_cryptodev.o: eng_cryptodev.c
+eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_cryptodev.o: ../../include/openssl/x509_vfy.h eng_cryptodev.c
eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
index 08066cea592c..95c407001574 100644
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
int ret = 0;
long do_init = -1;
STACK_OF(CONF_VALUE) *ecmds;
- CONF_VALUE *ecmd;
+ CONF_VALUE *ecmd = NULL;
char *ctrlname, *ctrlvalue;
ENGINE *e = NULL;
int soft = 0;
@@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
return 1;
}
if (!e)
- return 0;
+ goto err;
}
/* Allow "EMPTY" to mean no value: this allows a valid
* "value" to be passed to ctrls of type NO_INPUT
@@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
}
else if (!ENGINE_ctrl_cmd_string(e,
ctrlname, ctrlvalue, 0))
- return 0;
+ goto err;
}
}
if (e && (do_init == -1) && !int_engine_init(e))
+ {
+ ecmd = NULL;
goto err;
+ }
ret = 1;
err:
+ if (ret != 1)
+ {
+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+ if (ecmd)
+ ERR_add_error_data(6, "section=", ecmd->section,
+ ", name=", ecmd->name,
+ ", value=", ecmd->value);
+ }
if (e)
ENGINE_free(e);
return ret;
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index ab38cd52f097..1a1e1c2655ac 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -30,9 +30,13 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
- (defined(OpenBSD) || defined(__FreeBSD_version))
+ (defined(OpenBSD) || defined(__FreeBSD__))
#include <sys/param.h>
# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
# define HAVE_CRYPTODEV
@@ -79,7 +83,7 @@ static int cryptodev_max_iv(int cipher);
static int cryptodev_key_length_valid(int cipher, int len);
static int cipher_nid_to_cryptodev(int nid);
static int get_cryptodev_ciphers(const int **cnids);
-static int get_cryptodev_digests(const int **cnids);
+/*static int get_cryptodev_digests(const int **cnids);*/
static int cryptodev_usable_ciphers(const int **nids);
static int cryptodev_usable_digests(const int **nids);
static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -100,7 +104,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
- RSA *rsa);
+ RSA *rsa, BN_CTX *ctx);
static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
@@ -139,6 +143,7 @@ static struct {
{ 0, NID_undef, 0, 0, },
};
+#if 0
static struct {
int id;
int nid;
@@ -151,6 +156,7 @@ static struct {
{ CRYPTO_SHA1, NID_undef, },
{ 0, NID_undef, },
};
+#endif
/*
* Return a fd if /dev/crypto seems usable, 0 otherwise.
@@ -285,6 +291,7 @@ get_cryptodev_ciphers(const int **cnids)
return (count);
}
+#if 0 /* unused */
/*
* Find out what digests /dev/crypto will let us have a session for.
* XXX note, that some of these openssl doesn't deal with yet!
@@ -321,6 +328,8 @@ get_cryptodev_digests(const int **cnids)
return (count);
}
+#endif
+
/*
* Find the useable ciphers|digests from dev/crypto - this is the first
* thing called by the engine init crud which determines what it
@@ -374,7 +383,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
struct crypt_op cryp;
struct dev_crypto_state *state = ctx->cipher_data;
struct session_op *sess = &state->d_sess;
- void *iiv;
+ const void *iiv;
unsigned char save_iv[EVP_MAX_IV_LENGTH];
if (state->d_fd < 0)
@@ -398,7 +407,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (ctx->cipher->iv_len) {
cryp.iv = (caddr_t) ctx->iv;
if (!ctx->encrypt) {
- iiv = (void *) in + inl - ctx->cipher->iv_len;
+ iiv = in + inl - ctx->cipher->iv_len;
memcpy(save_iv, iiv, ctx->cipher->iv_len);
}
} else
@@ -413,7 +422,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (ctx->cipher->iv_len) {
if (ctx->encrypt)
- iiv = (void *) out + inl - ctx->cipher->iv_len;
+ iiv = out + inl - ctx->cipher->iv_len;
else
iiv = save_iv;
memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
@@ -443,7 +452,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if ((state->d_fd = get_dev_crypto()) < 0)
return (0);
- sess->key = (unsigned char *)key;
+ sess->key = (char *)key;
sess->keylen = ctx->key_len;
sess->cipher = cipher;
@@ -625,7 +634,7 @@ static int
bn2crparam(const BIGNUM *a, struct crparam *crp)
{
int i, j, k;
- ssize_t words, bytes, bits;
+ ssize_t bytes, bits;
u_char *b;
crp->crp_p = NULL;
@@ -638,7 +647,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
if (b == NULL)
return (1);
- crp->crp_p = b;
+ crp->crp_p = (char *)b;
crp->crp_nbits = bits;
for (i = 0, j = 0; i < a->top; i++) {
@@ -756,14 +765,11 @@ err:
}
static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
int r;
- BN_CTX *ctx;
- ctx = BN_CTX_new();
r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
- BN_CTX_free(ctx);
return (r);
}
@@ -994,7 +1000,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
kop.crk_iparams = 3;
- kop.crk_param[3].crp_p = key;
+ kop.crk_param[3].crp_p = (char *)key;
kop.crk_param[3].crp_nbits = keylen * 8;
kop.crk_oparams = 1;
diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
index 95b6b455aaf4..5ce25d92ec95 100644
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
@@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
}
/* Force the result of the control command to 0 or 1, for the reasons
* mentioned before. */
- if (ENGINE_ctrl(e, num, i, p, f))
+ if (ENGINE_ctrl(e, num, i, p, f) > 0)
return 1;
return 0;
}
@@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
* usage of these commands is consistent across applications and
* that certain applications don't understand it one way, and
* others another. */
- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+ if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
return 1;
return 0;
}
@@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
if(flags & ENGINE_CMD_FLAG_STRING)
{
/* Same explanation as above */
- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+ if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
return 1;
return 0;
}
@@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
}
/* Force the result of the control command to 0 or 1, for the reasons
* mentioned before. */
- if(ENGINE_ctrl(e, num, l, NULL, NULL))
+ if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
return 1;
return 0;
}
diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
index 574ffbb5c012..ac74dd127a19 100644
--- a/crypto/engine/eng_err.c
+++ b/crypto/engine/eng_err.c
@@ -1,6 +1,6 @@
/* crypto/engine/eng_err.c */
/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -124,6 +124,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
+{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
index 8879a267d143..8fc47b3399c8 100644
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@@ -237,6 +237,7 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in
#endif
return NULL;
}
+ ERR_set_mark();
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/* Check again inside the lock otherwise we could race against cleanup
* operations. But don't worry about a fprintf(stderr). */
@@ -310,6 +311,6 @@ end:
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* Whatever happened, any failed init()s are not failures in this
* context, so clear our error state. */
- ERR_clear_error();
+ ERR_pop_to_mark();
return ret;
}
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index f503595eceb7..d4bc1efc794c 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -339,9 +339,11 @@ void ENGINE_load_ubsec(void);
void ENGINE_load_cryptodev(void);
void ENGINE_load_padlock(void);
void ENGINE_load_builtin_engines(void);
+#ifdef OPENSSL_SYS_WIN32
#ifndef OPENSSL_NO_CAPIENG
void ENGINE_load_capi(void);
#endif
+#endif
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
@@ -767,6 +769,7 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_DSO_FAILURE 104
#define ENGINE_R_DSO_NOT_FOUND 132
#define ENGINE_R_ENGINES_SECTION_ERROR 148
+#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101
#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
#define ENGINE_R_ENGINE_SECTION_ERROR 149
#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128