From 2dc5383a20b4bfa9bc85470c52d90b9058b833c8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 3 Sep 2001 21:33:00 +0000 Subject: This changes the existing hardware ENGINE implementations to dynamically declare their own error strings so that they can be more easily compiled as external shared-libraries if desired. Also, each implementation has been given canonical "dynamic" support at the base of each file and is only built if the ENGINE_DYNAMIC_SUPPORT symbol is defined. Also, use "void" prototypes rather than empty prototypes in engine_int.h. This does not yet; (i) remove error strings when unloading, (ii) remove the redundant ENGINE_R_*** codes (though ENGINE_F_*** codes have gone), or (iii) provide any instructions on how to build shared-library ENGINEs or use them. All are on their way. --- crypto/engine/engine.h | 39 ------ crypto/engine/engine_dyn.c | 2 +- crypto/engine/engine_err.c | 36 ------ crypto/engine/engine_int.h | 14 +- crypto/engine/engine_openssl.c | 2 +- crypto/engine/hw_atalla.c | 171 +++++++++++++++++------- crypto/engine/hw_cswift.c | 205 ++++++++++++++++++++--------- crypto/engine/hw_ncipher.c | 286 ++++++++++++++++++++++++++++------------- crypto/engine/hw_nuron.c | 135 ++++++++++++++----- crypto/engine/hw_ubsec.c | 186 ++++++++++++++++++++------- 10 files changed, 719 insertions(+), 357 deletions(-) (limited to 'crypto') diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 4c03be3ac2..149ae9a979 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -561,9 +561,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, if(!fn(e,id)) return 0; \ return 1; } -/* Obligatory error function. */ -void ERR_load_ENGINE_strings(void); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -573,19 +570,6 @@ void ERR_load_ENGINE_strings(void); /* Error codes for the ENGINE functions. */ /* Function codes. */ -#define ENGINE_F_ATALLA_CTRL 173 -#define ENGINE_F_ATALLA_FINISH 159 -#define ENGINE_F_ATALLA_INIT 160 -#define ENGINE_F_ATALLA_MOD_EXP 161 -#define ENGINE_F_ATALLA_RSA_MOD_EXP 162 -#define ENGINE_F_CSWIFT_CTRL 174 -#define ENGINE_F_CSWIFT_DSA_SIGN 133 -#define ENGINE_F_CSWIFT_DSA_VERIFY 134 -#define ENGINE_F_CSWIFT_FINISH 100 -#define ENGINE_F_CSWIFT_INIT 101 -#define ENGINE_F_CSWIFT_MOD_EXP 102 -#define ENGINE_F_CSWIFT_MOD_EXP_CRT 103 -#define ENGINE_F_CSWIFT_RSA_MOD_EXP 104 #define ENGINE_F_DYNAMIC_CTRL 180 #define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 #define ENGINE_F_DYNAMIC_LOAD 182 @@ -611,32 +595,9 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_ID 129 #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 -#define ENGINE_F_HWCRHK_CTRL 143 -#define ENGINE_F_HWCRHK_FINISH 135 -#define ENGINE_F_HWCRHK_GET_PASS 155 -#define ENGINE_F_HWCRHK_INIT 136 -#define ENGINE_F_HWCRHK_INSERT_CARD 179 -#define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153 -#define ENGINE_F_HWCRHK_LOAD_PUBKEY 154 -#define ENGINE_F_HWCRHK_MOD_EXP 137 -#define ENGINE_F_HWCRHK_MOD_EXP_CRT 138 -#define ENGINE_F_HWCRHK_RAND_BYTES 139 -#define ENGINE_F_HWCRHK_RSA_MOD_EXP 140 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_LOG_MESSAGE 141 -#define ENGINE_F_NURON_CTRL 175 -#define ENGINE_F_NURON_FINISH 157 -#define ENGINE_F_NURON_INIT 156 -#define ENGINE_F_NURON_MOD_EXP 158 #define ENGINE_F_SET_DATA_CTX 183 -#define ENGINE_F_UBSEC_CTRL 176 -#define ENGINE_F_UBSEC_DSA_SIGN 163 -#define ENGINE_F_UBSEC_DSA_VERIFY 164 -#define ENGINE_F_UBSEC_FINISH 165 -#define ENGINE_F_UBSEC_INIT 166 -#define ENGINE_F_UBSEC_MOD_EXP 167 -#define ENGINE_F_UBSEC_RSA_MOD_EXP 168 -#define ENGINE_F_UBSEC_RSA_MOD_EXP_CRT 169 /* Reason codes. */ #define ENGINE_R_ALREADY_LOADED 100 diff --git a/crypto/engine/engine_dyn.c b/crypto/engine/engine_dyn.c index 556e9f3a6a..d4f00f7b6a 100644 --- a/crypto/engine/engine_dyn.c +++ b/crypto/engine/engine_dyn.c @@ -238,7 +238,7 @@ static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) /* As this is only ever called once, there's no need for locking * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_dynamic() +ENGINE *ENGINE_dynamic(void) { ENGINE *ret = ENGINE_new(); if(!ret) diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c index 301415d980..e76a4e3d4d 100644 --- a/crypto/engine/engine_err.c +++ b/crypto/engine/engine_err.c @@ -66,19 +66,6 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA ENGINE_str_functs[]= { -{ERR_PACK(0,ENGINE_F_ATALLA_CTRL,0), "ATALLA_CTRL"}, -{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0), "ATALLA_FINISH"}, -{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0), "ATALLA_INIT"}, -{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"}, -{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0), "ATALLA_RSA_MOD_EXP"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_CTRL,0), "CSWIFT_CTRL"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "CSWIFT_INIT"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"}, {ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"}, {ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"}, {ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"}, @@ -104,32 +91,9 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0), "HWCRHK_INIT"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_INSERT_CARD,0), "HWCRHK_INSERT_CARD"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0), "HWCRHK_MOD_EXP_CRT"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"}, -{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0), "HWCRHK_RSA_MOD_EXP"}, {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, -{ERR_PACK(0,ENGINE_F_NURON_CTRL,0), "NURON_CTRL"}, -{ERR_PACK(0,ENGINE_F_NURON_FINISH,0), "NURON_FINISH"}, -{ERR_PACK(0,ENGINE_F_NURON_INIT,0), "NURON_INIT"}, -{ERR_PACK(0,ENGINE_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"}, {ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"}, -{ERR_PACK(0,ENGINE_F_UBSEC_CTRL,0), "UBSEC_CTRL"}, -{ERR_PACK(0,ENGINE_F_UBSEC_DSA_SIGN,0), "UBSEC_DSA_SIGN"}, -{ERR_PACK(0,ENGINE_F_UBSEC_DSA_VERIFY,0), "UBSEC_DSA_VERIFY"}, -{ERR_PACK(0,ENGINE_F_UBSEC_FINISH,0), "UBSEC_FINISH"}, -{ERR_PACK(0,ENGINE_F_UBSEC_INIT,0), "UBSEC_INIT"}, -{ERR_PACK(0,ENGINE_F_UBSEC_MOD_EXP,0), "UBSEC_MOD_EXP"}, -{ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP,0), "UBSEC_RSA_MOD_EXP"}, -{ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP_CRT,0), "UBSEC_RSA_MOD_EXP_CRT"}, {0,NULL} }; diff --git a/crypto/engine/engine_int.h b/crypto/engine/engine_int.h index b51d1914c0..90a47a7325 100644 --- a/crypto/engine/engine_int.h +++ b/crypto/engine/engine_int.h @@ -141,11 +141,11 @@ struct engine_st * do not return references - they are purely for bootstrapping). */ /* Returns a structure of software only methods (the default). */ -ENGINE *ENGINE_openssl(); +ENGINE *ENGINE_openssl(void); /* Returns the "dynamic" ENGINE for loading entire ENGINE implementations from * shared libraries. */ -ENGINE *ENGINE_dynamic(); +ENGINE *ENGINE_dynamic(void); #ifndef OPENSSL_NO_HW @@ -153,24 +153,24 @@ ENGINE *ENGINE_dynamic(); /* Returns a structure of cswift methods ... NB: This can exist and be * "used" even on non-cswift systems because the "init" will fail if the * card/library are not found. */ -ENGINE *ENGINE_cswift(); +ENGINE *ENGINE_cswift(void); #endif /* !OPENSSL_NO_HW_CSWIFT */ #ifndef OPENSSL_NO_HW_NCIPHER -ENGINE *ENGINE_ncipher(); +ENGINE *ENGINE_ncipher(void); #endif /* !OPENSSL_NO_HW_NCIPHER */ #ifndef OPENSSL_NO_HW_ATALLA /* Returns a structure of atalla methods. */ -ENGINE *ENGINE_atalla(); +ENGINE *ENGINE_atalla(void); #endif /* !OPENSSL_NO_HW_ATALLA */ #ifndef OPENSSL_NO_HW_NURON -ENGINE *ENGINE_nuron(); +ENGINE *ENGINE_nuron(void); #endif /* !OPENSSL_NO_HW_NURON */ #ifndef OPENSSL_NO_HW_UBSEC -ENGINE *ENGINE_ubsec(); +ENGINE *ENGINE_ubsec(void); #endif /* !OPENSSL_NO_HW_UBSEC */ #ifdef OPENSSL_OPENBSD_DEV_CRYPTO diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c index cd885c0409..c353df97d6 100644 --- a/crypto/engine/engine_openssl.c +++ b/crypto/engine/engine_openssl.c @@ -76,7 +76,7 @@ static const char *engine_openssl_name = "Software default engine support"; /* As this is only ever called once, there's no need for locking * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_openssl() +ENGINE *ENGINE_openssl(void) { ENGINE *ret = ENGINE_new(); if(!ret) diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c index 5deb2c4382..5716c2f0b9 100644 --- a/crypto/engine/hw_atalla.c +++ b/crypto/engine/hw_atalla.c @@ -167,13 +167,66 @@ static DH_METHOD atalla_dh = }; #endif +#ifndef OPENSSL_NO_ERR +/* Error function codes for use in atalla operation */ +#define ATALLA_F_ATALLA_INIT 100 +#define ATALLA_F_ATALLA_FINISH 101 +#define ATALLA_F_ATALLA_CTRL 102 +#define ATALLA_F_ATALLA_MOD_EXP 103 +#define ATALLA_F_ATALLA_RSA_MOD_EXP 104 +/* Error reason codes */ +#define ATALLA_R_ALREADY_LOADED 105 +#define ATALLA_R_NOT_LOADED 106 +#define ATALLA_R_UNIT_FAILURE 107 +#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 108 +#define ATALLA_R_BN_CTX_FULL 109 +#define ATALLA_R_BN_EXPAND_FAIL 110 +#define ATALLA_R_REQUEST_FAILED 111 +#define ATALLA_R_MISSING_KEY_COMPONENTS 112 +static ERR_STRING_DATA atalla_str_functs[] = + { + /* This first element is changed to match the dynamic 'lib' number */ +{ERR_PACK(0,0,0), "atalla engine code"}, +{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0), "atalla_init"}, +{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0), "atalla_finish"}, +{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0), "atalla_ctrl"}, +{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0), "atalla_mod_exp"}, +{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0),"atalla_rsa_mod_exp"}, +{ATALLA_R_ALREADY_LOADED ,"already loaded"}, +{ATALLA_R_UNIT_FAILURE ,"unit failure"}, +{ATALLA_R_NOT_LOADED, "not loaded"}, +{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"control command not implemented"}, +{ATALLA_R_BN_CTX_FULL ,"BN_CTX full"}, +{ATALLA_R_BN_EXPAND_FAIL ,"BN_expand failed"}, +{ATALLA_R_REQUEST_FAILED ,"request failed"}, +{ATALLA_R_MISSING_KEY_COMPONENTS ,"missing key components"}, +{0,NULL} + }; +/* The library number we obtain dynamically from the ERR code */ +static int atalla_err_lib = -1; +#define ATALLAerr(f,r) ERR_PUT_error(atalla_err_lib,(f),(r),__FILE__,__LINE__) +static void atalla_load_error_strings(void) + { + if (atalla_err_lib < 0) + { + if((atalla_err_lib = ERR_get_next_error_library()) <= 0) + return; + atalla_str_functs[0].error = ERR_PACK(atalla_err_lib, 0, 0); + ERR_load_strings(atalla_err_lib,atalla_str_functs); + } + } +#else +#define ATALLAerr(f,r) /* NOP */ +static void atalla_load_error_strings(void) { } /* NOP */ +#endif + /* Constants used when creating the ENGINE */ static const char *engine_atalla_id = "atalla"; static const char *engine_atalla_name = "Atalla hardware engine support"; -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_atalla() +/* This internal function is used by ENGINE_atalla() and possibly by the + * "dynamic" ENGINE support too */ +static int bind_helper(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; @@ -184,29 +237,23 @@ ENGINE *ENGINE_atalla() #ifndef OPENSSL_NO_DH const DH_METHOD *meth3; #endif - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_atalla_id) || - !ENGINE_set_name(ret, engine_atalla_name) || + if(!ENGINE_set_id(e, engine_atalla_id) || + !ENGINE_set_name(e, engine_atalla_name) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, &atalla_rsa) || + !ENGINE_set_RSA(e, &atalla_rsa) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(ret, &atalla_dsa) || + !ENGINE_set_DSA(e, &atalla_dsa) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, &atalla_dh) || + !ENGINE_set_DH(e, &atalla_dh) || #endif - !ENGINE_set_BN_mod_exp(ret, atalla_mod_exp) || - !ENGINE_set_init_function(ret, atalla_init) || - !ENGINE_set_finish_function(ret, atalla_finish) || - !ENGINE_set_ctrl_function(ret, atalla_ctrl) || - !ENGINE_set_cmd_defns(ret, atalla_cmd_defns)) - { - ENGINE_free(ret); - return NULL; - } + !ENGINE_set_BN_mod_exp(e, atalla_mod_exp) || + !ENGINE_set_init_function(e, atalla_init) || + !ENGINE_set_finish_function(e, atalla_finish) || + !ENGINE_set_ctrl_function(e, atalla_ctrl) || + !ENGINE_set_cmd_defns(e, atalla_cmd_defns)) + return 0; #ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly @@ -238,6 +285,24 @@ ENGINE *ENGINE_atalla() atalla_dh.generate_key = meth3->generate_key; atalla_dh.compute_key = meth3->compute_key; #endif + + /* Ensure the atalla error handling is set up */ + atalla_load_error_strings(); + return 1; + } + +/* As this is only ever called once, there's no need for locking + * (indeed - the lock will already be held by our caller!!!) */ +ENGINE *ENGINE_atalla(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_helper(ret)) + { + ENGINE_free(ret); + return NULL; + } return ret; } @@ -280,7 +345,7 @@ static int atalla_init(ENGINE *e) if(atalla_dso != NULL) { - ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED); + ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED); goto err; } /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be @@ -293,7 +358,7 @@ static int atalla_init(ENGINE *e) atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0); if(atalla_dso == NULL) { - ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE); + ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); goto err; } if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func( @@ -303,7 +368,7 @@ static int atalla_init(ENGINE *e) !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func( atalla_dso, ATALLA_F3))) { - ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE); + ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); goto err; } /* Copy the pointers */ @@ -314,7 +379,7 @@ static int atalla_init(ENGINE *e) * running. */ if(p1(0L, config_buf) != 0) { - ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE); + ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE); goto err; } /* Everything's fine. */ @@ -332,12 +397,12 @@ static int atalla_finish(ENGINE *e) { if(atalla_dso == NULL) { - ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED); + ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED); return 0; } if(!DSO_free(atalla_dso)) { - ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE); + ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE); return 0; } atalla_dso = NULL; @@ -355,12 +420,12 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) case ATALLA_CMD_SO_PATH: if(p == NULL) { - ENGINEerr(ENGINE_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER); + ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER); return 0; } if(initialised) { - ENGINEerr(ENGINE_F_ATALLA_CTRL,ENGINE_R_ALREADY_LOADED); + ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED); return 0; } ATALLA_LIBNAME = (const char *)p; @@ -368,7 +433,7 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) default: break; } - ENGINEerr(ENGINE_F_ATALLA_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED); return 0; } @@ -391,10 +456,10 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, to_return = 0; /* expect failure */ if(!atalla_dso) - { - ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED); + { + ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED); goto err; - } + } /* Prepare the params */ BN_CTX_start(ctx); modulus = BN_CTX_get(ctx); @@ -402,16 +467,16 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, argument = BN_CTX_get(ctx); result = BN_CTX_get(ctx); if (!result) - { - ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL); + { + ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL); goto err; - } + } if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) || !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) - { - ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL); + { + ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL); goto err; - } + } /* Prepare the key-data */ memset(&keydata, 0,sizeof keydata); numbytes = BN_num_bytes(m); @@ -431,11 +496,10 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d, (unsigned char *)argument->d, keydata.modulus.len) != 0) - { - ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED); + { + ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED); goto err; - } - + } /* Convert the response */ BN_bin2bn((unsigned char *)result->d, numbytes, r); to_return = 1; @@ -451,15 +515,15 @@ static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) int to_return = 0; if(!atalla_dso) - { - ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED); + { + ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED); goto err; - } + } if((ctx = BN_CTX_new()) == NULL) goto err; if(!rsa->d || !rsa->n) { - ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS); + ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS); goto err; } to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx); @@ -523,5 +587,20 @@ static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, } #endif +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_fn(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_atalla_id) != 0)) + return 0; + if(!bind_helper(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ + #endif /* !OPENSSL_NO_HW_ATALLA */ #endif /* !OPENSSL_NO_HW */ diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 5471dbe501..4eab0fb769 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -179,13 +179,75 @@ static DH_METHOD cswift_dh = }; #endif +#ifndef OPENSSL_NO_ERR +/* Error function codes for use in cswift operation */ +#define CSWIFT_F_CSWIFT_INIT 100 +#define CSWIFT_F_CSWIFT_FINISH 101 +#define CSWIFT_F_CSWIFT_CTRL 102 +#define CSWIFT_F_CSWIFT_MOD_EXP 103 +#define CSWIFT_F_CSWIFT_MOD_EXP_CRT 104 +#define CSWIFT_F_CSWIFT_RSA_MOD_EXP 105 +#define CSWIFT_F_CSWIFT_DSA_SIGN 106 +#define CSWIFT_F_CSWIFT_DSA_VERIFY 107 +/* Error reason codes */ +#define CSWIFT_R_ALREADY_LOADED 108 +#define CSWIFT_R_NOT_LOADED 109 +#define CSWIFT_R_UNIT_FAILURE 110 +#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 113 +#define CSWIFT_R_BN_CTX_FULL 115 +#define CSWIFT_R_BN_EXPAND_FAIL 116 +#define CSWIFT_R_BAD_KEY_SIZE 117 +#define CSWIFT_R_REQUEST_FAILED 118 +#define CSWIFT_R_MISSING_KEY_COMPONENTS 120 +static ERR_STRING_DATA cswift_str_functs[] = + { + /* This first element is changed to match the dynamic 'lib' number */ +{ERR_PACK(0,0,0), "cswift engine code"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0), "cswift_init"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0), "cswift_finish"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0), "cswift_ctrl"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0), "cswift_mod_exp"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0), "cswift_mod_exp_crt"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0), "cswift_rsa_mod_exp"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0), "cswift_dsa_sign"}, +{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0), "cswift_dsa_verify"}, +/* Error reason codes */ +{CSWIFT_R_ALREADY_LOADED ,"already loaded"}, +{CSWIFT_R_NOT_LOADED ,"not loaded"}, +{CSWIFT_R_UNIT_FAILURE ,"unit failure"}, +{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{CSWIFT_R_BN_CTX_FULL ,"BN_CTX full"}, +{CSWIFT_R_BN_EXPAND_FAIL ,"bn_expand fail"}, +{CSWIFT_R_BAD_KEY_SIZE ,"bad key size"}, +{CSWIFT_R_REQUEST_FAILED ,"request failed"}, +{CSWIFT_R_MISSING_KEY_COMPONENTS ,"missing key components"}, +{0,NULL} + }; +/* The library number we obtain dynamically from the ERR code */ +static int cswift_err_lib = -1; +#define CSWIFTerr(f,r) ERR_PUT_error(cswift_err_lib,(f),(r),__FILE__,__LINE__) +static void cswift_load_error_strings(void) + { + if(cswift_err_lib < 0) + { + if((cswift_err_lib = ERR_get_next_error_library()) <= 0) + return; + cswift_str_functs[0].error = ERR_PACK(cswift_err_lib,0,0); + ERR_load_strings(cswift_err_lib, cswift_str_functs); + } + } +#else +#define CSWIFTerr(f,r) /* NOP */ +static void cswift_load_error_strings(void) { } /* NOP */ +#endif + /* Constants used when creating the ENGINE */ static const char *engine_cswift_id = "cswift"; static const char *engine_cswift_name = "CryptoSwift hardware engine support"; -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_cswift() +/* This internal function is used by ENGINE_cswift() and possibly by the + * "dynamic" ENGINE support too */ +static int bind_helper(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; @@ -193,30 +255,24 @@ ENGINE *ENGINE_cswift() #ifndef OPENSSL_NO_DH const DH_METHOD *meth2; #endif - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_cswift_id) || - !ENGINE_set_name(ret, engine_cswift_name) || + if(!ENGINE_set_id(e, engine_cswift_id) || + !ENGINE_set_name(e, engine_cswift_name) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, &cswift_rsa) || + !ENGINE_set_RSA(e, &cswift_rsa) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(ret, &cswift_dsa) || + !ENGINE_set_DSA(e, &cswift_dsa) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, &cswift_dh) || + !ENGINE_set_DH(e, &cswift_dh) || #endif - !ENGINE_set_BN_mod_exp(ret, &cswift_mod_exp) || - !ENGINE_set_BN_mod_exp_crt(ret, &cswift_mod_exp_crt) || - !ENGINE_set_init_function(ret, cswift_init) || - !ENGINE_set_finish_function(ret, cswift_finish) || - !ENGINE_set_ctrl_function(ret, cswift_ctrl) || - !ENGINE_set_cmd_defns(ret, cswift_cmd_defns)) - { - ENGINE_free(ret); - return NULL; - } + !ENGINE_set_BN_mod_exp(e, &cswift_mod_exp) || + !ENGINE_set_BN_mod_exp_crt(e, &cswift_mod_exp_crt) || + !ENGINE_set_init_function(e, cswift_init) || + !ENGINE_set_finish_function(e, cswift_finish) || + !ENGINE_set_ctrl_function(e, cswift_ctrl) || + !ENGINE_set_cmd_defns(e, cswift_cmd_defns)) + return 0; #ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly @@ -239,6 +295,24 @@ ENGINE *ENGINE_cswift() cswift_dh.generate_key = meth2->generate_key; cswift_dh.compute_key = meth2->compute_key; #endif + + /* Ensure the cswift error handling is set up */ + cswift_load_error_strings(); + return 1; + } + +/* As this is only ever called once, there's no need for locking + * (indeed - the lock will already be held by our caller!!!) */ +ENGINE *ENGINE_cswift(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_helper(ret)) + { + ENGINE_free(ret); + return NULL; + } return ret; } @@ -298,14 +372,14 @@ static int cswift_init(ENGINE *e) if(cswift_dso != NULL) { - ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED); + CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED); goto err; } /* Attempt to load libswift.so/swift.dll/whatever. */ cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0); if(cswift_dso == NULL) { - ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE); + CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED); goto err; } if(!(p1 = (t_swAcquireAccContext *) @@ -317,7 +391,7 @@ static int cswift_init(ENGINE *e) !(p4 = (t_swReleaseAccContext *) DSO_bind_func(cswift_dso, CSWIFT_F4))) { - ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE); + CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED); goto err; } /* Copy the pointers */ @@ -329,7 +403,7 @@ static int cswift_init(ENGINE *e) * accelerator! */ if(!get_context(&hac)) { - ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE); + CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE); goto err; } release_context(hac); @@ -349,12 +423,12 @@ static int cswift_finish(ENGINE *e) { if(cswift_dso == NULL) { - ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED); + CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED); return 0; } if(!DSO_free(cswift_dso)) { - ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE); + CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE); return 0; } cswift_dso = NULL; @@ -373,14 +447,12 @@ static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) case CSWIFT_CMD_SO_PATH: if(p == NULL) { - ENGINEerr(ENGINE_F_CSWIFT_CTRL, - ERR_R_PASSED_NULL_PARAMETER); + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER); return 0; } if(initialised) { - ENGINEerr(ENGINE_F_CSWIFT_CTRL, - ENGINE_R_ALREADY_LOADED); + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED); return 0; } CSWIFT_LIBNAME = (const char *)p; @@ -388,7 +460,7 @@ static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) default: break; } - ENGINEerr(ENGINE_F_CSWIFT_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED); return 0; } @@ -417,7 +489,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if(!get_context(&hac)) { - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE); goto err; } acquired = 1; @@ -429,13 +501,13 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, result = BN_CTX_get(ctx); if(!result) { - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL); goto err; } if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) || !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) { - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL); goto err; } sw_param.type = SW_ALG_EXP; @@ -452,13 +524,12 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, case SW_OK: break; case SW_ERR_INPUT_SIZE: - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP, - ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE); goto err; default: { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); } @@ -475,7 +546,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, &res, 1)) != SW_OK) { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); goto err; @@ -511,7 +582,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if(!get_context(&hac)) { - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE); goto err; } acquired = 1; @@ -526,7 +597,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, result = BN_CTX_get(ctx); if(!result) { - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL); goto err; } if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) || @@ -536,7 +607,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, !bn_wexpand(argument, a->top) || !bn_wexpand(result, p->top + q->top)) { - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL); goto err; } sw_param.type = SW_ALG_CRT; @@ -560,13 +631,12 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, case SW_OK: break; case SW_ERR_INPUT_SIZE: - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT, - ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE); goto err; default: { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); } @@ -583,7 +653,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, &res, 1)) != SW_OK) { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); goto err; @@ -608,7 +678,7 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) goto err; if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS); + CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS); goto err; } to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, @@ -648,7 +718,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; if(!get_context(&hac)) { - ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE); goto err; } acquired = 1; @@ -661,7 +731,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) result = BN_CTX_get(ctx); if(!result) { - ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL); goto err; } if(!bn_wexpand(dsa_p, dsa->p->top) || @@ -670,7 +740,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) !bn_wexpand(dsa_key, dsa->priv_key->top) || !bn_wexpand(result, dsa->p->top)) { - ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL); goto err; } sw_param.type = SW_ALG_DSA; @@ -693,13 +763,12 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) case SW_OK: break; case SW_ERR_INPUT_SIZE: - ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN, - ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE); goto err; default: { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); } @@ -717,7 +786,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) if(sw_status != SW_OK) { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); goto err; @@ -761,7 +830,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, goto err; if(!get_context(&hac)) { - ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE); goto err; } acquired = 1; @@ -774,7 +843,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, argument = BN_CTX_get(ctx); if(!argument) { - ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL); goto err; } if(!bn_wexpand(dsa_p, dsa->p->top) || @@ -783,7 +852,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, !bn_wexpand(dsa_key, dsa->pub_key->top) || !bn_wexpand(argument, 40)) { - ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL); goto err; } sw_param.type = SW_ALG_DSA; @@ -806,13 +875,12 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, case SW_OK: break; case SW_ERR_INPUT_SIZE: - ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY, - ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE); goto err; default: { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); } @@ -834,7 +902,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, if(sw_status != SW_OK) { char tmpbuf[20]; - ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED); + CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); goto err; @@ -864,5 +932,20 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, } #endif +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_fn(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_cswift_id) != 0)) + return 0; + if(!bind_helper(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ + #endif /* !OPENSSL_NO_HW_CSWIFT */ #endif /* !OPENSSL_NO_HW */ diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c index 8ae08de5b0..03990c558c 100644 --- a/crypto/engine/hw_ncipher.c +++ b/crypto/engine/hw_ncipher.c @@ -210,6 +210,82 @@ static RAND_METHOD hwcrhk_rand = hwcrhk_rand_status, }; +#ifndef OPENSSL_NO_ERR +/* Error function codes for use in hwcrhk operation */ +#define HWCRHK_F_HWCRHK_INIT 100 +#define HWCRHK_F_HWCRHK_FINISH 101 +#define HWCRHK_F_HWCRHK_CTRL 102 +#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 103 +#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 104 +#define HWCRHK_F_HWCRHK_MOD_EXP 105 +#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 106 +#define HWCRHK_F_HWCRHK_RAND_BYTES 107 +#define HWCRHK_F_HWCRHK_GET_PASS 108 +#define HWCRHK_F_HWCRHK_INSERT_CARD 109 +/* Error reason codes */ +#define HWCRHK_R_ALREADY_LOADED 110 +#define HWCRHK_R_DSO_FAILURE 111 +#define HWCRHK_R_UNIT_FAILURE 112 +#define HWCRHK_R_NOT_LOADED 113 +#define HWCRHK_R_BIO_WAS_FREED 114 +#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 115 +#define HWCRHK_R_NOT_INITIALISED 116 +#define HWCRHK_R_CHIL_ERROR 117 +#define HWCRHK_R_NO_KEY 118 +#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 119 +#define HWCRHK_R_REQUEST_FALLBACK 120 +#define HWCRHK_R_REQUEST_FAILED 121 +#define HWCRHK_R_MISSING_KEY_COMPONENTS 122 +#define HWCRHK_R_NO_CALLBACK 123 +static ERR_STRING_DATA hwcrhk_str_functs[] = + { + /* This first element is changed to match the dynamic 'lib' number */ +{ERR_PACK(0,0,0), "hwcrhk engine code"}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0), "hwcrhk_init"}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0), ""}, +{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0), ""}, +/* Error reason codes */ +{HWCRHK_R_ALREADY_LOADED ,"already loaded"}, +{HWCRHK_R_DSO_FAILURE ,"DSO failure"}, +{HWCRHK_R_UNIT_FAILURE ,"unit failure"}, +{HWCRHK_R_NOT_LOADED ,"not loaded"}, +{HWCRHK_R_BIO_WAS_FREED ,"BIO was freed"}, +{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{HWCRHK_R_NOT_INITIALISED ,"not initialised"}, +{HWCRHK_R_CHIL_ERROR ,"'chil' error"}, +{HWCRHK_R_NO_KEY ,"no key"}, +{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"}, +{HWCRHK_R_REQUEST_FALLBACK ,"request fallback"}, +{HWCRHK_R_REQUEST_FAILED ,"request failed"}, +{HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"}, +{HWCRHK_R_NO_CALLBACK ,"no callback"}, +{0,NULL} + }; +/* The library number we obtain dynamically from the ERR code */ +static int hwcrhk_err_lib = -1; +#define HWCRHKerr(f,r) ERR_PUT_error(hwcrhk_err_lib,(f),(r),__FILE__,__LINE__) +static void hwcrhk_load_error_strings(void) + { + if(hwcrhk_err_lib < 0) + { + if((hwcrhk_err_lib = ERR_get_next_error_library()) <= 0) + return; + hwcrhk_str_functs[0].error = ERR_PACK(hwcrhk_err_lib,0,0); + ERR_load_strings(hwcrhk_err_lib, hwcrhk_str_functs); + } + } +#else +#define HWCRHKerr(f,r) /* NOP */ +static void hwcrhk_load_error_strings(void) { } /* NOP */ +#endif + /* Constants used when creating the ENGINE */ static const char *engine_hwcrhk_id = "chil"; static const char *engine_hwcrhk_name = "nCipher hardware engine support"; @@ -312,9 +388,9 @@ static HWCryptoHook_InitInfo hwcrhk_globals = { /* Now, to our own code */ -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_ncipher() +/* This internal function is used by ENGINE_ncipher() and possibly by the + * "dynamic" ENGINE support too */ +static int bind_helper(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; @@ -322,29 +398,23 @@ ENGINE *ENGINE_ncipher() #ifndef OPENSSL_NO_DH const DH_METHOD *meth2; #endif - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_hwcrhk_id) || - !ENGINE_set_name(ret, engine_hwcrhk_name) || + if(!ENGINE_set_id(e, engine_hwcrhk_id) || + !ENGINE_set_name(e, engine_hwcrhk_name) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, &hwcrhk_rsa) || + !ENGINE_set_RSA(e, &hwcrhk_rsa) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, &hwcrhk_dh) || + !ENGINE_set_DH(e, &hwcrhk_dh) || #endif - !ENGINE_set_RAND(ret, &hwcrhk_rand) || - !ENGINE_set_BN_mod_exp(ret, hwcrhk_mod_exp) || - !ENGINE_set_init_function(ret, hwcrhk_init) || - !ENGINE_set_finish_function(ret, hwcrhk_finish) || - !ENGINE_set_ctrl_function(ret, hwcrhk_ctrl) || - !ENGINE_set_load_privkey_function(ret, hwcrhk_load_privkey) || - !ENGINE_set_load_pubkey_function(ret, hwcrhk_load_pubkey) || - !ENGINE_set_cmd_defns(ret, hwcrhk_cmd_defns)) - { - ENGINE_free(ret); - return NULL; - } + !ENGINE_set_RAND(e, &hwcrhk_rand) || + !ENGINE_set_BN_mod_exp(e, hwcrhk_mod_exp) || + !ENGINE_set_init_function(e, hwcrhk_init) || + !ENGINE_set_finish_function(e, hwcrhk_finish) || + !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || + !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || + !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || + !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) + return 0; #ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly @@ -367,6 +437,24 @@ ENGINE *ENGINE_ncipher() hwcrhk_dh.generate_key = meth2->generate_key; hwcrhk_dh.compute_key = meth2->compute_key; #endif + + /* Ensure the hwcrhk error handling is set up */ + hwcrhk_load_error_strings(); + return 1; + } + +/* As this is only ever called once, there's no need for locking + * (indeed - the lock will already be held by our caller!!!) */ +ENGINE *ENGINE_ncipher(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_helper(ret)) + { + ENGINE_free(ret); + return NULL; + } return ret; } @@ -459,14 +547,14 @@ static int hwcrhk_init(ENGINE *e) if(hwcrhk_dso != NULL) { - ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_ALREADY_LOADED); + HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED); goto err; } /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0); if(hwcrhk_dso == NULL) { - ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE); + HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); goto err; } if(!(p1 = (HWCryptoHook_Init_t *) @@ -490,7 +578,7 @@ static int hwcrhk_init(ENGINE *e) !(p9 = (HWCryptoHook_ModExpCRT_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) { - ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE); + HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); goto err; } /* Copy the pointers */ @@ -523,7 +611,7 @@ static int hwcrhk_init(ENGINE *e) * accelerator! */ if(!get_context(&hwcrhk_context, &password_context)) { - ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_UNIT_FAILURE); + HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE); goto err; } /* Everything's fine. */ @@ -557,14 +645,14 @@ static int hwcrhk_finish(ENGINE *e) int to_return = 1; if(hwcrhk_dso == NULL) { - ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_NOT_LOADED); + HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED); to_return = 0; goto err; } release_context(hwcrhk_context); if(!DSO_free(hwcrhk_dso)) { - ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_DSO_FAILURE); + HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE); to_return = 0; goto err; } @@ -595,12 +683,12 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) case HWCRHK_CMD_SO_PATH: if(hwcrhk_dso) { - ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_ALREADY_LOADED); + HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED); return 0; } if(p == NULL) { - ENGINEerr(ENGINE_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER); + HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER); return 0; } HWCRHK_LIBNAME = (const char *)p; @@ -618,7 +706,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1) logstream = bio; else - ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED); + HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED); } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); break; @@ -668,8 +756,8 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) /* The command isn't understood by this engine */ default: - ENGINEerr(ENGINE_F_HWCRHK_CTRL, - ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, + HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); to_return = 0; break; } @@ -695,15 +783,15 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, if(!hwcrhk_context) { - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, - ENGINE_R_NOT_INITIALISED); + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, + HWCRHK_R_NOT_INITIALISED); goto err; } #ifndef OPENSSL_NO_RSA hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); if (!hptr) { - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); goto err; } @@ -712,15 +800,15 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) { - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, - ENGINE_R_CHIL_ERROR); + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, + HWCRHK_R_CHIL_ERROR); ERR_add_error_data(1,rmsg.buf); goto err; } if (!*hptr) { - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, - ENGINE_R_NO_KEY); + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, + HWCRHK_R_NO_KEY); goto err; } #endif @@ -735,7 +823,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg) != HWCRYPTOHOOK_ERROR_MPISIZE) { - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,ENGINE_R_CHIL_ERROR); + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR); ERR_add_error_data(1,rmsg.buf); goto err; } @@ -747,8 +835,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) { - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, - ENGINE_R_CHIL_ERROR); + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, + HWCRHK_R_CHIL_ERROR); ERR_add_error_data(1,rmsg.buf); goto err; } @@ -762,8 +850,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, #endif if (!res) - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, - ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED); + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, + HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); return res; err: @@ -804,8 +892,8 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, } #endif default: - ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, - ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, + HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); goto err; } @@ -834,7 +922,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if(!hwcrhk_context) { - ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED); + HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED); goto err; } /* Prepare the params */ @@ -858,11 +946,11 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FALLBACK); + HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK); } else { - ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FAILED); + HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; @@ -883,7 +971,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) if(!hwcrhk_context) { - ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED); + HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED); goto err; } @@ -897,8 +985,8 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) if(!rsa->n) { - ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP, - ENGINE_R_MISSING_KEY_COMPONENTS); + HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, + HWCRHK_R_MISSING_KEY_COMPONENTS); goto err; } @@ -924,11 +1012,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK); + HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, + HWCRHK_R_REQUEST_FALLBACK); } else { - ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED); + HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, + HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; @@ -940,8 +1030,8 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP, - ENGINE_R_MISSING_KEY_COMPONENTS); + HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, + HWCRHK_R_MISSING_KEY_COMPONENTS); goto err; } @@ -973,11 +1063,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK); + HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, + HWCRHK_R_REQUEST_FALLBACK); } else { - ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED); + HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, + HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; @@ -1018,7 +1110,7 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num) if(!hwcrhk_context) { - ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED); + HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED); goto err; } @@ -1030,11 +1122,13 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num) might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FALLBACK); + HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, + HWCRHK_R_REQUEST_FALLBACK); } else { - ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FAILED); + HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, + HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; @@ -1135,7 +1229,7 @@ static int hwcrhk_get_pass(const char *prompt_info, } if (callback == NULL && ui_method == NULL) { - ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK); + HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK); return -1; } @@ -1203,44 +1297,45 @@ static int hwcrhk_insert_card(const char *prompt_info, } if (ui_method == NULL) { - ENGINEerr(ENGINE_F_HWCRHK_INSERT_CARD,ENGINE_R_NO_CALLBACK); + HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, + HWCRHK_R_NO_CALLBACK); return -1; } - ui = UI_new_method(ui_method); + ui = UI_new_method(ui_method); - if (ui) - { - char answer; - char buf[BUFSIZ]; - - if (wrong_info) - BIO_snprintf(buf, sizeof(buf)-1, - "Current card: \"%s\"\n", wrong_info); - ok = UI_dup_info_string(ui, buf); - if (ok >= 0 && prompt_info) - { - BIO_snprintf(buf, sizeof(buf)-1, - "Insert card \"%s\"", prompt_info); + if (ui) + { + char answer; + char buf[BUFSIZ]; + + if (wrong_info) + BIO_snprintf(buf, sizeof(buf)-1, + "Current card: \"%s\"\n", wrong_info); + ok = UI_dup_info_string(ui, buf); + if (ok >= 0 && prompt_info) + { + BIO_snprintf(buf, sizeof(buf)-1, + "Insert card \"%s\"", prompt_info); ok = UI_dup_input_boolean(ui, buf, "\n then hit or C to cancel\n", "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer); - } - UI_add_user_data(ui, callback_data); + } + UI_add_user_data(ui, callback_data); - if (ok >= 0) - ok = UI_process(ui); - UI_free(ui); + if (ok >= 0) + ok = UI_process(ui); + UI_free(ui); - if (ok == -2 || (ok >= 0 && answer == 'C')) - ok = 1; + if (ok == -2 || (ok >= 0 && answer == 'C')) + ok = 1; else if (ok < 0) ok = -1; else ok = 0; - } - return ok; - } + } + return ok; + } static void hwcrhk_log_message(void *logstr, const char *message) { @@ -1256,5 +1351,20 @@ static void hwcrhk_log_message(void *logstr, const char *message) CRYPTO_w_unlock(CRYPTO_LOCK_BIO); } +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_fn(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_hwcrhk_id) != 0)) + return 0; + if(!bind_helper(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ + #endif /* !OPENSSL_NO_HW_NCIPHER */ #endif /* !OPENSSL_NO_HW */ diff --git a/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c index 06eafa7176..1a8570c47e 100644 --- a/crypto/engine/hw_nuron.c +++ b/crypto/engine/hw_nuron.c @@ -80,6 +80,56 @@ static const ENGINE_CMD_DEFN nuron_cmd_defns[] = { {0, NULL, NULL, 0} }; +#ifndef OPENSSL_NO_ERR +/* Error function codes for use in nuron operation */ +#define NURON_F_NURON_INIT 100 +#define NURON_F_NURON_FINISH 101 +#define NURON_F_NURON_CTRL 102 +#define NURON_F_NURON_MOD_EXP 103 +/* Error reason codes */ +#define NURON_R_ALREADY_LOADED 104 +#define NURON_R_DSO_NOT_FOUND 105 +#define NURON_R_DSO_FUNCTION_NOT_FOUND 106 +#define NURON_R_NOT_LOADED 107 +#define NURON_R_DSO_FAILURE 108 +#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 109 +#define NURON_R_NOT_LOADED 110 +static ERR_STRING_DATA nuron_str_functs[] = + { + /* This first element is changed to match the dynamic 'lib' number */ +{ERR_PACK(0,0,0), "nuron engine code"}, +{ERR_PACK(0,NURON_F_NURON_INIT,0), "nuron_init"}, +{ERR_PACK(0,NURON_F_NURON_FINISH,0), "nuron_finish"}, +{ERR_PACK(0,NURON_F_NURON_CTRL,0), "nuron_ctrl"}, +{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0), "nuron_mod_exp"}, +/* Error reason codes */ +{NURON_R_ALREADY_LOADED ,"already loaded"}, +{NURON_R_DSO_NOT_FOUND ,"DSO not found"}, +{NURON_R_DSO_FUNCTION_NOT_FOUND ,"DSO function not found"}, +{NURON_R_NOT_LOADED ,"not loaded"}, +{NURON_R_DSO_FAILURE ,"DSO failure"}, +{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{NURON_R_NOT_LOADED ,"not loaded"}, +{0,NULL} + }; +/* The library number we obtain dynamically from the ERR code */ +static int nuron_err_lib = -1; +#define NURONerr(f,r) ERR_PUT_error(nuron_err_lib,(f),(r),__FILE__,__LINE__) +static void nuron_load_error_strings(void) + { + if(nuron_err_lib < 0) + { + if((nuron_err_lib = ERR_get_next_error_library()) <= 0) + return; + nuron_str_functs[0].error = ERR_PACK(nuron_err_lib,0,0); + ERR_load_strings(nuron_err_lib, nuron_str_functs); + } + } +#else +#define NURONerr(f,r) /* NOP */ +static void nuron_load_error_strings(void) { } /* NOP */ +#endif + typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m); static tfnModExp *pfnModExp = NULL; @@ -89,7 +139,7 @@ static int nuron_init(ENGINE *e) { if(pvDSOHandle != NULL) { - ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_ALREADY_LOADED); + NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED); return 0; } @@ -97,14 +147,14 @@ static int nuron_init(ENGINE *e) DSO_FLAG_NAME_TRANSLATION_EXT_ONLY); if(!pvDSOHandle) { - ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_NOT_FOUND); + NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND); return 0; } pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1); if(!pfnModExp) { - ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_FUNCTION_NOT_FOUND); + NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND); return 0; } @@ -115,12 +165,12 @@ static int nuron_finish(ENGINE *e) { if(pvDSOHandle == NULL) { - ENGINEerr(ENGINE_F_NURON_FINISH,ENGINE_R_NOT_LOADED); + NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED); return 0; } if(!DSO_free(pvDSOHandle)) { - ENGINEerr(ENGINE_F_NURON_FINISH,ENGINE_R_DSO_FAILURE); + NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE); return 0; } pvDSOHandle=NULL; @@ -136,12 +186,12 @@ static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) case NURON_CMD_SO_PATH: if(p == NULL) { - ENGINEerr(ENGINE_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER); + NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER); return 0; } if(initialised) { - ENGINEerr(ENGINE_F_NURON_CTRL,ENGINE_R_ALREADY_LOADED); + NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED); return 0; } NURON_LIBNAME = (const char *)p; @@ -149,7 +199,7 @@ static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) default: break; } - ENGINEerr(ENGINE_F_NURON_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED); return 0; } @@ -158,7 +208,7 @@ static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p, { if(!pvDSOHandle) { - ENGINEerr(ENGINE_F_NURON_MOD_EXP,ENGINE_R_NOT_LOADED); + NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED); return 0; } return pfnModExp(r,a,p,m); @@ -281,9 +331,9 @@ static DH_METHOD nuron_dh = static const char *engine_nuron_id = "nuron"; static const char *engine_nuron_name = "Nuron hardware engine support"; -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_nuron() +/* This internal function is used by ENGINE_nuron() and possibly by the + * "dynamic" ENGINE support too */ +static int bind_helper(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; @@ -294,29 +344,23 @@ ENGINE *ENGINE_nuron() #ifndef OPENSSL_NO_DH const DH_METHOD *meth3; #endif - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_nuron_id) || - !ENGINE_set_name(ret, engine_nuron_name) || + if(!ENGINE_set_id(e, engine_nuron_id) || + !ENGINE_set_name(e, engine_nuron_name) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, &nuron_rsa) || + !ENGINE_set_RSA(e, &nuron_rsa) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(ret, &nuron_dsa) || + !ENGINE_set_DSA(e, &nuron_dsa) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, &nuron_dh) || + !ENGINE_set_DH(e, &nuron_dh) || #endif - !ENGINE_set_BN_mod_exp(ret, nuron_mod_exp) || - !ENGINE_set_init_function(ret, nuron_init) || - !ENGINE_set_finish_function(ret, nuron_finish) || - !ENGINE_set_ctrl_function(ret, nuron_ctrl) || - !ENGINE_set_cmd_defns(ret, nuron_cmd_defns)) - { - ENGINE_free(ret); - return NULL; - } + !ENGINE_set_BN_mod_exp(e, nuron_mod_exp) || + !ENGINE_set_init_function(e, nuron_init) || + !ENGINE_set_finish_function(e, nuron_finish) || + !ENGINE_set_ctrl_function(e, nuron_ctrl) || + !ENGINE_set_cmd_defns(e, nuron_cmd_defns)) + return 0; #ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly @@ -348,8 +392,41 @@ ENGINE *ENGINE_nuron() nuron_dh.generate_key=meth3->generate_key; nuron_dh.compute_key=meth3->compute_key; #endif + + /* Ensure the nuron error handling is set up */ + nuron_load_error_strings(); + return 1; + } + +/* As this is only ever called once, there's no need for locking + * (indeed - the lock will already be held by our caller!!!) */ +ENGINE *ENGINE_nuron(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_helper(ret)) + { + ENGINE_free(ret); + return NULL; + } return ret; } +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_fn(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_nuron_id) != 0)) + return 0; + if(!bind_helper(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ + #endif /* !OPENSSL_NO_HW_NURON */ #endif /* !OPENSSL_NO_HW */ diff --git a/crypto/engine/hw_ubsec.c b/crypto/engine/hw_ubsec.c index f8f1d4127c..f2d5a34a78 100644 --- a/crypto/engine/hw_ubsec.c +++ b/crypto/engine/hw_ubsec.c @@ -173,13 +173,75 @@ static DH_METHOD ubsec_dh = }; #endif +#ifndef OPENSSL_NO_ERR +/* Error function codes for use in ubsec operation */ +#define UBSEC_F_UBSEC_INIT 100 +#define UBSEC_F_UBSEC_FINISH 101 +#define UBSEC_F_UBSEC_CTRL 102 +#define UBSEC_F_UBSEC_MOD_EXP 103 +#define UBSEC_F_UBSEC_RSA_MOD_EXP 104 +#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 105 +#define UBSEC_F_UBSEC_DSA_SIGN 106 +#define UBSEC_F_UBSEC_DSA_VERIFY 107 +/* Error reason codes */ +#define UBSEC_R_ALREADY_LOADED 108 +#define UBSEC_R_DSO_FAILURE 109 +#define UBSEC_R_UNIT_FAILURE 110 +#define UBSEC_R_NOT_LOADED 111 +#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 112 +#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 113 +#define UBSEC_R_BN_EXPAND_FAIL 114 +#define UBSEC_R_REQUEST_FAILED 115 +#define UBSEC_R_MISSING_KEY_COMPONENTS 116 +static ERR_STRING_DATA ubsec_str_functs[] = + { + /* This first element is changed to match the dynamic 'lib' number */ +{ERR_PACK(0,0,0), "ubsec engine code"}, +{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0), "ubsec_init"}, +{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0), "ubsec_finish"}, +{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0), "ubsec_ctrl"}, +{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0), "ubsec_mod_exp"}, +{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0), "ubsec_rsa_mod_exp"}, +{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0), "ubsec_rsa_mod_exp_crt"}, +{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0), "ubsec_dsa_sign"}, +{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0), "ubsec_dsa_verify"}, +/* Error reason codes */ +{UBSEC_R_ALREADY_LOADED ,"already loaded"}, +{UBSEC_R_DSO_FAILURE ,"DSO failure"}, +{UBSEC_R_UNIT_FAILURE ,"unit failure"}, +{UBSEC_R_NOT_LOADED ,"not loaded"}, +{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, +{UBSEC_R_BN_EXPAND_FAIL ,"bn_expand fail"}, +{UBSEC_R_REQUEST_FAILED ,"request failed"}, +{UBSEC_R_MISSING_KEY_COMPONENTS ,"missing key components"}, +{0,NULL} + }; +/* The library number we obtain dynamically from the ERR code */ +static int ubsec_err_lib = -1; +#define UBSECerr(f,r) ERR_PUT_error(ubsec_err_lib,(f),(r),__FILE__,__LINE__) +static void ubsec_load_error_strings(void) + { + if(ubsec_err_lib < 0) + { + if((ubsec_err_lib = ERR_get_next_error_library()) <= 0) + return; + ubsec_str_functs[0].error = ERR_PACK(ubsec_err_lib,0,0); + ERR_load_strings(ubsec_err_lib, ubsec_str_functs); + } + } +#else +#define UBSECerr(f,r) /* NOP */ +static void ubsec_load_error_strings(void) { } /* NOP */ +#endif + /* Constants used when creating the ENGINE */ static const char *engine_ubsec_id = "ubsec"; static const char *engine_ubsec_name = "UBSEC hardware engine support"; -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_ubsec() +/* This internal function is used by ENGINE_ubsec() and possibly by the + * "dynamic" ENGINE support too */ +static int bind_helper(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; @@ -189,30 +251,24 @@ ENGINE *ENGINE_ubsec() const DH_METHOD *meth3; #endif /* HAVE_UBSEC_DH */ #endif - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_ubsec_id) || - !ENGINE_set_name(ret, engine_ubsec_name) || + if(!ENGINE_set_id(e, engine_ubsec_id) || + !ENGINE_set_name(e, engine_ubsec_name) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, &ubsec_rsa) || + !ENGINE_set_RSA(e, &ubsec_rsa) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(ret, &ubsec_dsa) || + !ENGINE_set_DSA(e, &ubsec_dsa) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, &ubsec_dh) || -#endif - !ENGINE_set_BN_mod_exp(ret, ubsec_mod_exp) || - !ENGINE_set_BN_mod_exp_crt(ret, ubsec_mod_exp_crt) || - !ENGINE_set_init_function(ret, ubsec_init) || - !ENGINE_set_finish_function(ret, ubsec_finish) || - !ENGINE_set_ctrl_function(ret, ubsec_ctrl) || - !ENGINE_set_cmd_defns(ret, ubsec_cmd_defns)) - { - ENGINE_free(ret); - return NULL; - } + !ENGINE_set_DH(e, &ubsec_dh) || +#endif + !ENGINE_set_BN_mod_exp(e, ubsec_mod_exp) || + !ENGINE_set_BN_mod_exp_crt(e, ubsec_mod_exp_crt) || +