diff options
Diffstat (limited to 'deps/openssl/openssl/engines/e_chil.c')
| -rw-r--r-- | deps/openssl/openssl/engines/e_chil.c | 233 |
1 files changed, 76 insertions, 157 deletions
diff --git a/deps/openssl/openssl/engines/e_chil.c b/deps/openssl/openssl/engines/e_chil.c index d5e4cb67c4..8d81b46fec 100644 --- a/deps/openssl/openssl/engines/e_chil.c +++ b/deps/openssl/openssl/engines/e_chil.c @@ -1,68 +1,17 @@ -/* crypto/engine/e_chil.c */ /* - * Written by Richard Levitte (richard@levitte.org), Geoff Thorpe - * (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org) for - * the OpenSSL project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> #include <string.h> #include <openssl/crypto.h> #include <openssl/pem.h> -#include <openssl/dso.h> +#include "internal/dso.h" #include <openssl/engine.h> #include <openssl/ui.h> #include <openssl/rand.h> @@ -95,6 +44,8 @@ # define HWCRHK_LIB_NAME "CHIL engine" # include "e_chil_err.c" +static CRYPTO_RWLOCK *chil_lock; + static int hwcrhk_destroy(ENGINE *e); static int hwcrhk_init(ENGINE *e); static int hwcrhk_finish(ENGINE *e); @@ -245,7 +196,7 @@ static const char *engine_hwcrhk_id_alt = "ncipher"; * into HWCryptoHook_Mutex */ struct HWCryptoHook_MutexValue { - int lockid; + CRYPTO_RWLOCK *lock; }; /* @@ -356,6 +307,13 @@ static int bind_helper(ENGINE *e) # ifndef OPENSSL_NO_DH const DH_METHOD *meth2; # endif + + chil_lock = CRYPTO_THREAD_lock_new(); + if (chil_lock == NULL) { + HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!ENGINE_set_id(e, engine_hwcrhk_id) || !ENGINE_set_name(e, engine_hwcrhk_name) || # ifndef OPENSSL_NO_RSA @@ -376,14 +334,14 @@ static int bind_helper(ENGINE *e) # ifndef OPENSSL_NO_RSA /* - * We know that the "PKCS1_SSLeay()" functions hook properly to the + * We know that the "PKCS1_OpenSSL()" functions hook properly to the * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: * We don't use ENGINE_openssl() or anything "more generic" because * something like the RSAref code may not hook properly, and if you own * one of these cards then you have the right to do RSA operations on it * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); + meth1 = RSA_PKCS1_OpenSSL(); hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; @@ -399,6 +357,7 @@ static int bind_helper(ENGINE *e) /* Ensure the hwcrhk error handling is set up */ ERR_load_HWCRHK_strings(); + return 1; } @@ -406,7 +365,7 @@ static int bind_helper(ENGINE *e) static ENGINE *engine_chil(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_helper(ret)) { ENGINE_free(ret); @@ -462,8 +421,7 @@ static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; static const char *HWCRHK_LIBNAME = NULL; static void free_HWCRHK_LIBNAME(void) { - if (HWCRHK_LIBNAME) - OPENSSL_free((void *)HWCRHK_LIBNAME); + OPENSSL_free(HWCRHK_LIBNAME); HWCRHK_LIBNAME = NULL; } @@ -477,7 +435,7 @@ static const char *get_HWCRHK_LIBNAME(void) static long set_HWCRHK_LIBNAME(const char *name) { free_HWCRHK_LIBNAME(); - return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + return (((HWCRHK_LIBNAME = OPENSSL_strdup(name)) != NULL) ? 1 : 0); } static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; @@ -528,6 +486,7 @@ static int hwcrhk_destroy(ENGINE *e) { free_HWCRHK_LIBNAME(); ERR_unload_HWCRHK_strings(); + CRYPTO_THREAD_lock_free(chil_lock); return 1; } @@ -556,26 +515,19 @@ static int hwcrhk_init(ENGINE *e) HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); goto err; } - if (!(p1 = (HWCryptoHook_Init_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) || - !(p2 = (HWCryptoHook_Finish_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || - !(p3 = (HWCryptoHook_ModExp_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || + +#define BINDIT(t, name) (t *)DSO_bind_func(hwcrhk_dso, name) + if ((p1 = BINDIT(HWCryptoHook_Init_t, n_hwcrhk_Init)) == NULL + || (p2 = BINDIT(HWCryptoHook_Finish_t, n_hwcrhk_Finish)) == NULL + || (p3 = BINDIT(HWCryptoHook_ModExp_t, n_hwcrhk_ModExp)) == NULL # ifndef OPENSSL_NO_RSA - !(p4 = (HWCryptoHook_RSA_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || - !(p5 = (HWCryptoHook_RSALoadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) || - !(p6 = (HWCryptoHook_RSAGetPublicKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || - !(p7 = (HWCryptoHook_RSAUnloadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || + || (p4 = BINDIT(HWCryptoHook_RSA_t, n_hwcrhk_RSA)) == NULL + || (p5 = BINDIT(HWCryptoHook_RSALoadKey_t, n_hwcrhk_RSALoadKey)) == NULL + || (p6 = BINDIT(HWCryptoHook_RSAGetPublicKey_t, n_hwcrhk_RSAGetPublicKey)) == NULL + || (p7 = BINDIT(HWCryptoHook_RSAUnloadKey_t, n_hwcrhk_RSAUnloadKey)) == NULL # endif - !(p8 = (HWCryptoHook_RandomBytes_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || - !(p9 = (HWCryptoHook_ModExpCRT_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) { + || (p8 = BINDIT(HWCryptoHook_RandomBytes_t, n_hwcrhk_RandomBytes)) == NULL + || (p9 = BINDIT(HWCryptoHook_ModExpCRT_t, n_hwcrhk_ModExpCRT)) == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); goto err; } @@ -597,14 +549,10 @@ static int hwcrhk_init(ENGINE *e) * does, use them. */ if (disable_mutex_callbacks == 0) { - if (CRYPTO_get_dynlock_create_callback() != NULL && - CRYPTO_get_dynlock_lock_callback() != NULL && - CRYPTO_get_dynlock_destroy_callback() != NULL) { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; - } + hwcrhk_globals.mutex_init = hwcrhk_mutex_init; + hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; + hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; + hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; } /* @@ -623,8 +571,7 @@ static int hwcrhk_init(ENGINE *e) # endif return 1; err: - if (hwcrhk_dso) - DSO_free(hwcrhk_dso); + DSO_free(hwcrhk_dso); hwcrhk_dso = NULL; p_hwcrhk_Init = NULL; p_hwcrhk_Finish = NULL; @@ -656,8 +603,7 @@ static int hwcrhk_finish(ENGINE *e) goto err; } err: - if (logstream) - BIO_free(logstream); + BIO_free(logstream); hwcrhk_dso = NULL; p_hwcrhk_Init = NULL; p_hwcrhk_Finish = NULL; @@ -692,34 +638,32 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) { BIO *bio = (BIO *)p; - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if (logstream) { - BIO_free(logstream); - logstream = NULL; - } - if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1) + CRYPTO_THREAD_write_lock(chil_lock); + BIO_free(logstream); + logstream = NULL; + if (BIO_up_ref(bio)) logstream = bio; else HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED); } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_unlock(chil_lock); break; case ENGINE_CTRL_SET_PASSWORD_CALLBACK: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_write_lock(chil_lock); password_context.password_callback = (pem_password_cb *)f; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_unlock(chil_lock); break; case ENGINE_CTRL_SET_USER_INTERFACE: case HWCRHK_CMD_SET_USER_INTERFACE: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_write_lock(chil_lock); password_context.ui_method = (UI_METHOD *)p; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_unlock(chil_lock); break; case ENGINE_CTRL_SET_CALLBACK_DATA: case HWCRHK_CMD_SET_CALLBACK_DATA: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_write_lock(chil_lock); password_context.callback_data = p; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_unlock(chil_lock); break; /* * this enables or disables the "SimpleForkCheck" flag used in the @@ -727,12 +671,12 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) */ case ENGINE_CTRL_CHIL_SET_FORKCHECK: case HWCRHK_CMD_FORK_CHECK: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_write_lock(chil_lock); if (i) hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck; else hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_unlock(chil_lock); break; /* * This will prevent the initialisation function from "installing" @@ -742,14 +686,14 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) * applications not using multithreading. */ case ENGINE_CTRL_CHIL_NO_LOCKING: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_write_lock(chil_lock); disable_mutex_callbacks = 1; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_unlock(chil_lock); break; case HWCRHK_CMD_THREAD_LOCKING: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_write_lock(chil_lock); disable_mutex_callbacks = ((i == 0) ? 0 : 1); - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_THREAD_unlock(chil_lock); break; /* The command isn't understood by this engine */ @@ -791,8 +735,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, goto err; } # ifndef OPENSSL_NO_RSA - hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); - if (!hptr) { + hptr = OPENSSL_malloc(sizeof(*hptr)); + if (hptr == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); goto err; } @@ -810,17 +754,9 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, # endif # ifndef OPENSSL_NO_RSA rtmp = RSA_new_method(eng); - if (rtmp == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); - goto err; - } RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr); rtmp->e = BN_new(); rtmp->n = BN_new(); - if (rtmp->e == NULL || rtmp->n == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); - goto err; - } rtmp->flags |= RSA_FLAG_EXT_PKEY; MPI2BN(rtmp->e, e); MPI2BN(rtmp->n, n); @@ -831,14 +767,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, goto err; } - if (bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)) == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); - goto err; - } - if (bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)) == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); - goto err; - } + bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)); + bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)); MPI2BN(rtmp->e, e); MPI2BN(rtmp->n, n); @@ -860,15 +790,14 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, EVP_PKEY_assign_RSA(res, rtmp); # endif - if (!res) + if (res == NULL) HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); return res; err: # ifndef OPENSSL_NO_RSA - if (rtmp) - RSA_free(rtmp); + RSA_free(rtmp); # endif return NULL; } @@ -889,14 +818,14 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, { RSA *rsa = NULL; - CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_THREAD_write_lock(chil_lock); rsa = res->pkey.rsa; res->pkey.rsa = RSA_new(); res->pkey.rsa->n = rsa->n; res->pkey.rsa->e = rsa->e; rsa->n = NULL; rsa->e = NULL; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_THREAD_unlock(chil_lock); RSA_free(rsa); } break; @@ -909,8 +838,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, return res; err: - if (res) - EVP_PKEY_free(res); + EVP_PKEY_free(res); return NULL; } @@ -937,10 +865,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; } /* Prepare the params */ - if (bn_expand2(r, m->top) == NULL) { /* Check for error !! */ - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, ERR_R_MALLOC_FAILURE); - goto err; - } + bn_expand2(r, m->top); /* Check for error !! */ BN2MPI(m_a, a); BN2MPI(m_p, p); BN2MPI(m_n, m); @@ -1006,10 +931,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, } /* Prepare the params */ - if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */ - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE); - goto err; - } + bn_expand2(r, rsa->n->top); /* Check for error !! */ BN2MPI(m_a, I); MPI2BN(r, m_r); @@ -1046,10 +968,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, } /* Prepare the params */ - if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */ - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE); - goto err; - } + bn_expand2(r, rsa->n->top); /* Check for error !! */ BN2MPI(m_a, I); BN2MPI(m_p, rsa->p); BN2MPI(m_q, rsa->q); @@ -1174,26 +1093,28 @@ static int hwcrhk_rand_status(void) static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt, HWCryptoHook_CallerContext * cactx) { - mt->lockid = CRYPTO_get_new_dynlockid(); - if (mt->lockid == 0) + mt->lock = CRYPTO_THREAD_lock_new(); + if (mt->lock == NULL) { + HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE); return 1; /* failure */ + } return 0; /* success */ } static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt) { - CRYPTO_w_lock(mt->lockid); + CRYPTO_THREAD_write_lock(mt->lock); return 0; } static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt) { - CRYPTO_w_unlock(mt->lockid); + CRYPTO_THREAD_unlock(mt->lock); } static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt) { - CRYPTO_destroy_dynlockid(mt->lockid); + CRYPTO_THREAD_lock_free(mt->lock); } static int hwcrhk_get_pass(const char *prompt_info, @@ -1335,13 +1256,11 @@ static void hwcrhk_log_message(void *logstr, const char *message) { BIO *lstream = NULL; - CRYPTO_w_lock(CRYPTO_LOCK_BIO); if (logstr) lstream = *(BIO **)logstr; if (lstream) { BIO_printf(lstream, "%s\n", message); } - CRYPTO_w_unlock(CRYPTO_LOCK_BIO); } /* |