diff options
Diffstat (limited to 'deps/openssl/openssl/engines')
35 files changed, 771 insertions, 2572 deletions
diff --git a/deps/openssl/openssl/engines/afalg/build.info b/deps/openssl/openssl/engines/afalg/build.info deleted file mode 100644 index 8601b1afca..0000000000 --- a/deps/openssl/openssl/engines/afalg/build.info +++ /dev/null @@ -1,13 +0,0 @@ -IF[{- !$disabled{"engine"} -}] - IF[{- !$disabled{afalg} -}] - IF[{- $disabled{"dynamic-engine"} -}] - LIBS=../../libcrypto - SOURCE[../../libcrypto]=e_afalg.c e_afalg_err.c - ELSE - ENGINES=afalg - SOURCE[afalg]=e_afalg.c e_afalg_err.c - DEPEND[afalg]=../../libcrypto - INCLUDE[afalg]= ../../include - ENDIF - ENDIF -ENDIF diff --git a/deps/openssl/openssl/engines/afalg/e_afalg.ec b/deps/openssl/openssl/engines/afalg/e_afalg.ec deleted file mode 100644 index 2d14d6597d..0000000000 --- a/deps/openssl/openssl/engines/afalg/e_afalg.ec +++ /dev/null @@ -1 +0,0 @@ -L AFALG e_afalg_err.h e_afalg_err.c diff --git a/deps/openssl/openssl/engines/afalg/e_afalg_err.c b/deps/openssl/openssl/engines/afalg/e_afalg_err.c deleted file mode 100644 index ca394edb7b..0000000000 --- a/deps/openssl/openssl/engines/afalg/e_afalg_err.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_afalg_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA AFALG_str_functs[] = { - {ERR_FUNC(AFALG_F_AFALG_CHK_PLATFORM), "afalg_chk_platform"}, - {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SK), "afalg_create_bind_sk"}, - {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SOCKET), "afalg_create_bind_sk"}, - {ERR_FUNC(AFALG_F_AFALG_CREATE_SK), "afalg_create_sk"}, - {ERR_FUNC(AFALG_F_AFALG_INIT_AIO), "afalg_init_aio"}, - {ERR_FUNC(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION), - "afalg_setup_async_event_notification"}, - {ERR_FUNC(AFALG_F_AFALG_SET_KEY), "afalg_set_key"}, - {ERR_FUNC(AFALG_F_AFALG_SOCKET), "afalg_socket"}, - {ERR_FUNC(AFALG_F_AFALG_START_CIPHER_SK), "afalg_start_cipher_sk"}, - {ERR_FUNC(AFALG_F_BIND_AFALG), "bind_afalg"}, - {0, NULL} -}; - -static ERR_STRING_DATA AFALG_str_reasons[] = { - {ERR_REASON(AFALG_R_EVENTFD_FAILED), "eventfd failed"}, - {ERR_REASON(AFALG_R_FAILED_TO_GET_PLATFORM_INFO), - "failed to get platform info"}, - {ERR_REASON(AFALG_R_INIT_FAILED), "init failed"}, - {ERR_REASON(AFALG_R_IO_SETUP_FAILED), "io setup failed"}, - {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG), - "kernel does not support afalg"}, - {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG), - "kernel does not support async afalg"}, - {ERR_REASON(AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"}, - {ERR_REASON(AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"}, - {ERR_REASON(AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"}, - {ERR_REASON(AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"}, - {ERR_REASON(AFALG_R_SOCKET_OPERATION_FAILED), "socket operation failed"}, - {ERR_REASON(AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"}, - {0, NULL} -}; - -#endif - -#ifdef AFALG_LIB_NAME -static ERR_STRING_DATA AFALG_lib_name[] = { - {0, AFALG_LIB_NAME}, - {0, NULL} -}; -#endif - -static int AFALG_lib_error_code = 0; -static int AFALG_error_init = 1; - -void ERR_load_AFALG_strings(void) -{ - if (AFALG_lib_error_code == 0) - AFALG_lib_error_code = ERR_get_next_error_library(); - - if (AFALG_error_init) { - AFALG_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(AFALG_lib_error_code, AFALG_str_functs); - ERR_load_strings(AFALG_lib_error_code, AFALG_str_reasons); -#endif - -#ifdef AFALG_LIB_NAME - AFALG_lib_name->error = ERR_PACK(AFALG_lib_error_code, 0, 0); - ERR_load_strings(0, AFALG_lib_name); -#endif - } -} - -void ERR_unload_AFALG_strings(void) -{ - if (AFALG_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(AFALG_lib_error_code, AFALG_str_functs); - ERR_unload_strings(AFALG_lib_error_code, AFALG_str_reasons); -#endif - -#ifdef AFALG_LIB_NAME - ERR_unload_strings(0, AFALG_lib_name); -#endif - AFALG_error_init = 1; - } -} - -void ERR_AFALG_error(int function, int reason, char *file, int line) -{ - if (AFALG_lib_error_code == 0) - AFALG_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(AFALG_lib_error_code, function, reason, file, line); -} diff --git a/deps/openssl/openssl/engines/afalg/e_afalg_err.h b/deps/openssl/openssl/engines/afalg/e_afalg_err.h deleted file mode 100644 index 21abc979c6..0000000000 --- a/deps/openssl/openssl/engines/afalg/e_afalg_err.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_AFALG_ERR_H -# define HEADER_AFALG_ERR_H - -# ifdef __cplusplus -extern "C" { -# endif - -/* BEGIN ERROR CODES */ -void ERR_load_AFALG_strings(void); -void ERR_unload_AFALG_strings(void); -void ERR_AFALG_error(int function, int reason, char *file, int line); -# define AFALGerr(f,r) ERR_AFALG_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the AFALG functions. */ - -/* Function codes. */ -# define AFALG_F_AFALG_CHK_PLATFORM 100 -# define AFALG_F_AFALG_CREATE_BIND_SK 106 -# define AFALG_F_AFALG_CREATE_BIND_SOCKET 105 -# define AFALG_F_AFALG_CREATE_SK 108 -# define AFALG_F_AFALG_INIT_AIO 101 -# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 107 -# define AFALG_F_AFALG_SET_KEY 109 -# define AFALG_F_AFALG_SOCKET 102 -# define AFALG_F_AFALG_START_CIPHER_SK 103 -# define AFALG_F_BIND_AFALG 104 - -/* Reason codes. */ -# define AFALG_R_EVENTFD_FAILED 108 -# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111 -# define AFALG_R_INIT_FAILED 100 -# define AFALG_R_IO_SETUP_FAILED 105 -# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101 -# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107 -# define AFALG_R_MEM_ALLOC_FAILED 102 -# define AFALG_R_SOCKET_ACCEPT_FAILED 110 -# define AFALG_R_SOCKET_BIND_FAILED 103 -# define AFALG_R_SOCKET_CREATE_FAILED 109 -# define AFALG_R_SOCKET_OPERATION_FAILED 104 -# define AFALG_R_SOCKET_SET_KEY_FAILED 106 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/openssl/openssl/engines/asm/e_padlock-x86.pl b/deps/openssl/openssl/engines/asm/e_padlock-x86.pl index bf6b312cd1..5b097ce3ef 100644 --- a/deps/openssl/openssl/engines/asm/e_padlock-x86.pl +++ b/deps/openssl/openssl/engines/asm/e_padlock-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ require "x86asm.pl"; $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); %PADLOCK_PREFETCH=(ecb=>128, cbc=>64); # prefetch errata $PADLOCK_CHUNK=512; # Must be a power of 2 larger than 16 @@ -73,11 +73,20 @@ $chunk="ebx"; &cpuid (); &xor ("eax","eax"); &cmp ("ebx","0x".unpack("H*",'tneC')); - &jne (&label("noluck")); + &jne (&label("zhaoxin")); &cmp ("edx","0x".unpack("H*",'Hrua')); &jne (&label("noluck")); &cmp ("ecx","0x".unpack("H*",'slua')); &jne (&label("noluck")); + &jmp (&label("zhaoxinEnd")); +&set_label("zhaoxin"); + &cmp ("ebx","0x".unpack("H*",'hS ')); + &jne (&label("noluck")); + &cmp ("edx","0x".unpack("H*",'hgna')); + &jne (&label("noluck")); + &cmp ("ecx","0x".unpack("H*",' ia')); + &jne (&label("noluck")); +&set_label("zhaoxinEnd"); &mov ("eax",0xC0000000); &cpuid (); &mov ("edx","eax"); diff --git a/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl b/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl index da285abc61..09b0aaa48d 100644 --- a/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl +++ b/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -57,11 +57,20 @@ padlock_capability: cpuid xor %eax,%eax cmp \$`"0x".unpack("H*",'tneC')`,%ebx - jne .Lnoluck + jne .Lzhaoxin cmp \$`"0x".unpack("H*",'Hrua')`,%edx jne .Lnoluck cmp \$`"0x".unpack("H*",'slua')`,%ecx jne .Lnoluck + jmp .LzhaoxinEnd +.Lzhaoxin: + cmp \$`"0x".unpack("H*",'hS ')`,%ebx + jne .Lnoluck + cmp \$`"0x".unpack("H*",'hgna')`,%edx + jne .Lnoluck + cmp \$`"0x".unpack("H*",' ia')`,%ecx + jne .Lnoluck +.LzhaoxinEnd: mov \$0xC0000000,%eax cpuid mov %eax,%edx @@ -535,7 +544,7 @@ $code.=<<___ if ($PADLOCK_PREFETCH{$mode}); sub $len,%rsp shr \$3,$len lea (%rsp),$out - .byte 0xf3,0x48,0xa5 # rep movsq + .byte 0xf3,0x48,0xa5 # rep movsq lea (%r8),$out lea (%rsp),$inp mov $chunk,$len diff --git a/deps/openssl/openssl/engines/build.info b/deps/openssl/openssl/engines/build.info index 1c47e77099..df173ea69d 100644 --- a/deps/openssl/openssl/engines/build.info +++ b/deps/openssl/openssl/engines/build.info @@ -1,4 +1,5 @@ IF[{- !$disabled{"engine"} -}] + IF[{- $disabled{"dynamic-engine"} -}] LIBS=../libcrypto SOURCE[../libcrypto]=\ @@ -6,6 +7,9 @@ IF[{- !$disabled{"engine"} -}] IF[{- !$disabled{capieng} -}] SOURCE[../libcrypto]=e_capi.c ENDIF + IF[{- !$disabled{afalgeng} -}] + SOURCE[../libcrypto]=e_afalg.c + ENDIF ELSE ENGINES=padlock SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -} @@ -17,6 +21,12 @@ IF[{- !$disabled{"engine"} -}] DEPEND[capi]=../libcrypto INCLUDE[capi]=../include ENDIF + IF[{- !$disabled{afalgeng} -}] + ENGINES=afalg + SOURCE[afalg]=e_afalg.c + DEPEND[afalg]=../libcrypto + INCLUDE[afalg]= ../include + ENDIF ENGINES_NO_INST=ossltest dasync SOURCE[dasync]=e_dasync.c @@ -27,6 +37,7 @@ IF[{- !$disabled{"engine"} -}] INCLUDE[ossltest]=../include ENDIF - GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) + GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME) ENDIF diff --git a/deps/openssl/openssl/engines/afalg/e_afalg.c b/deps/openssl/openssl/engines/e_afalg.c index 6d6e877857..f09c396ed9 100644 --- a/deps/openssl/openssl/engines/afalg/e_afalg.c +++ b/deps/openssl/openssl/engines/e_afalg.c @@ -18,6 +18,7 @@ #include <openssl/engine.h> #include <openssl/async.h> #include <openssl/err.h> +#include "internal/nelem.h" #include <sys/socket.h> #include <linux/version.h> @@ -45,9 +46,7 @@ void engine_load_afalg_int(void) # include <errno.h> # include "e_afalg.h" - -# define AFALG_LIB_NAME "AFALG" -# include "e_afalg_err.h" +# include "e_afalg_err.c" # ifndef SOL_ALG # define SOL_ALG 279 @@ -80,7 +79,8 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, static int afalg_destroy(ENGINE *e); static int afalg_init(ENGINE *e); static int afalg_finish(ENGINE *e); -static const EVP_CIPHER *afalg_aes_128_cbc(void); +static const EVP_CIPHER *afalg_aes_cbc(int nid); +static cbc_handles *get_cipher_handle(int nid); static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -95,10 +95,14 @@ static const char *engine_afalg_id = "afalg"; static const char *engine_afalg_name = "AFALG engine support"; static int afalg_cipher_nids[] = { - NID_aes_128_cbc + NID_aes_128_cbc, + NID_aes_192_cbc, + NID_aes_256_cbc, }; -static EVP_CIPHER *_hidden_aes_128_cbc = NULL; +static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL}, + {AES_KEY_SIZE_192, NULL}, + {AES_KEY_SIZE_256, NULL}}; static ossl_inline int io_setup(unsigned n, aio_context_t *ctx) { @@ -144,10 +148,10 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) /* Async mode */ waitctx = ASYNC_get_wait_ctx(job); if (waitctx == NULL) { - ALG_WARN("%s: ASYNC_get_wait_ctx error", __func__); + ALG_WARN("%s(%d): ASYNC_get_wait_ctx error", __FILE__, __LINE__); return 0; } - /* Get waitfd from ASYNC_WAIT_CTX if it is alreday set */ + /* Get waitfd from ASYNC_WAIT_CTX if it is already set */ ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id, &aio->efd, &custom); if (ret == 0) { @@ -157,7 +161,8 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) */ aio->efd = eventfd(0); if (aio->efd == -1) { - ALG_PERR("%s: Failed to get eventfd : ", __func__); + ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, + __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, AFALG_R_EVENTFD_FAILED); return 0; @@ -166,14 +171,14 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) aio->efd, custom, afalg_waitfd_cleanup); if (ret == 0) { - ALG_WARN("%s: Failed to set wait fd", __func__); + ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__); close(aio->efd); return 0; } /* make fd non-blocking in async mode */ if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) { - ALG_WARN("%s: Failed to set event fd as NONBLOCKING", - __func__); + ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING", + __FILE__, __LINE__); } } aio->mode = MODE_ASYNC; @@ -181,7 +186,7 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) /* Sync mode */ aio->efd = eventfd(0); if (aio->efd == -1) { - ALG_PERR("%s: Failed to get eventfd : ", __func__); + ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, AFALG_R_EVENTFD_FAILED); return 0; @@ -199,7 +204,7 @@ static int afalg_init_aio(afalg_aio *aio) aio->aio_ctx = 0; r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx); if (r < 0) { - ALG_PERR("%s: io_setup error : ", __func__); + ALG_PERR("%s(%d): io_setup error : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED); return 0; } @@ -253,7 +258,7 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, */ r = io_read(aio->aio_ctx, 1, &cb); if (r < 0) { - ALG_PWARN("%s: io_read failed : ", __func__); + ALG_PWARN("%s(%d): io_read failed : ", __FILE__, __LINE__); return 0; } @@ -266,11 +271,11 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, if (r < 0) { if (errno == EAGAIN || errno == EWOULDBLOCK) continue; - ALG_PERR("%s: read failed for event fd : ", __func__); + ALG_PERR("%s(%d): read failed for event fd : ", __FILE__, __LINE__); return 0; } else if (r == 0 || eval <= 0) { - ALG_WARN("%s: eventfd read %d bytes, eval = %lu\n", __func__, r, - eval); + ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__, + __LINE__, r, eval); } if (eval > 0) { @@ -290,8 +295,8 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, if (events[0].res == -EBUSY && retry++ < 3) { r = io_read(aio->aio_ctx, 1, &cb); if (r < 0) { - ALG_PERR("%s: retry %d for io_read failed : ", - __func__, retry); + ALG_PERR("%s(%d): retry %d for io_read failed : ", + __FILE__, __LINE__, retry); return 0; } continue; @@ -301,18 +306,19 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, * condition for this instance of operation. */ ALG_WARN - ("%s: Crypto Operation failed with code %lld\n", - __func__, events[0].res); + ("%s(%d): Crypto Operation failed with code %lld\n", + __FILE__, __LINE__, events[0].res); return 0; } } /* Operation successful. */ done = 1; } else if (r < 0) { - ALG_PERR("%s: io_getevents failed : ", __func__); + ALG_PERR("%s(%d): io_getevents failed : ", __FILE__, __LINE__); return 0; } else { - ALG_WARN("%s: io_geteventd read 0 bytes\n", __func__); + ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__, + __LINE__); } } } while (!done); @@ -348,11 +354,10 @@ static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key, int ret; ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen); if (ret < 0) { - ALG_PERR("%s: Failed to set socket option : ", __func__); + ALG_PERR("%s(%d): Failed to set socket option : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED); return 0; } - return 1; } @@ -373,21 +378,21 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (actx->bfd == -1) { - ALG_PERR("%s: Failed to open socket : ", __func__); + ALG_PERR("%s(%d): Failed to open socket : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED); goto err; } r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa)); if (r < 0) { - ALG_PERR("%s: Failed to bind socket : ", __func__); + ALG_PERR("%s(%d): Failed to bind socket : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED); goto err; } actx->sfd = accept(actx->bfd, NULL, 0); if (actx->sfd < 0) { - ALG_PERR("%s: Socket Accept Failed : ", __func__); + ALG_PERR("%s(%d): Socket Accept Failed : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED); goto err; } @@ -449,8 +454,8 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* Sendmsg() sends iv and cipher direction to the kernel */ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { - ALG_PERR("%s: sendmsg failed for zero copy cipher operation : ", - __func__); + ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ", + __FILE__, __LINE__); return 0; } @@ -460,13 +465,13 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, */ ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT); if (ret < 0) { - ALG_PERR("%s: vmsplice failed : ", __func__); + ALG_PERR("%s(%d): vmsplice failed : ", __FILE__, __LINE__); return 0; } ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0); if (ret < 0) { - ALG_PERR("%s: splice failed : ", __func__); + ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__); return 0; } # else @@ -476,7 +481,8 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* Sendmsg() sends iv, cipher direction and input data to the kernel */ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { - ALG_PERR("%s: sendmsg failed for cipher operation : ", __func__); + ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__, + __LINE__); return 0; } @@ -499,35 +505,38 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, char ciphername[ALG_MAX_SALG_NAME]; if (ctx == NULL || key == NULL) { - ALG_WARN("%s: Null Parameter\n", __func__); + ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__); return 0; } if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { - ALG_WARN("%s: Cipher object NULL\n", __func__); + ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__); return 0; } actx = EVP_CIPHER_CTX_get_cipher_data(ctx); if (actx == NULL) { - ALG_WARN("%s: Cipher data NULL\n", __func__); + ALG_WARN("%s(%d): Cipher data NULL\n", __FILE__, __LINE__); return 0; } ciphertype = EVP_CIPHER_CTX_nid(ctx); switch (ciphertype) { case NID_aes_128_cbc: + case NID_aes_192_cbc: + case NID_aes_256_cbc: strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME); break; default: - ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype); + ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__, + ciphertype); return 0; } ciphername[ALG_MAX_SALG_NAME-1]='\0'; if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { - ALG_WARN("%s: Unsupported IV length :%d\n", __func__, - EVP_CIPHER_CTX_iv_length(ctx)); + ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, + EVP_CIPHER_CTX_iv_length(ctx)); return 0; } @@ -567,7 +576,8 @@ static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, char nxtiv[ALG_AES_IV_LEN] = { 0 }; if (ctx == NULL || out == NULL || in == NULL) { - ALG_WARN("NULL parameter passed to function %s\n", __func__); + ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, + __LINE__); return 0; } @@ -614,7 +624,8 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) afalg_ctx *actx; if (ctx == NULL) { - ALG_WARN("NULL parameter passed to function %s\n", __func__); + ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, + __LINE__); return 0; } @@ -639,29 +650,45 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) return 1; } -static const EVP_CIPHER *afalg_aes_128_cbc(void) +static cbc_handles *get_cipher_handle(int nid) +{ + switch (nid) { + case NID_aes_128_cbc: + return &cbc_handle[AES_CBC_128]; + case NID_aes_192_cbc: + return &cbc_handle[AES_CBC_192]; + case NID_aes_256_cbc: + return &cbc_handle[AES_CBC_256]; + default: + return NULL; + } +} + +static const EVP_CIPHER *afalg_aes_cbc(int nid) { - if (_hidden_aes_128_cbc == NULL - && ((_hidden_aes_128_cbc = - EVP_CIPHER_meth_new(NID_aes_128_cbc, - AES_BLOCK_SIZE, - AES_KEY_SIZE_128)) == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN) - || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, - EVP_CIPH_CBC_MODE | - EVP_CIPH_FLAG_DEFAULT_ASN1) - || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, - afalg_cipher_init) - || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, - afalg_do_cipher) - || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, - afalg_cipher_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, - sizeof(afalg_ctx)))) { - EVP_CIPHER_meth_free(_hidden_aes_128_cbc); - _hidden_aes_128_cbc = NULL; - } - return _hidden_aes_128_cbc; + cbc_handles *cipher_handle = get_cipher_handle(nid); + if (cipher_handle->_hidden == NULL + && ((cipher_handle->_hidden = + EVP_CIPHER_meth_new(nid, + AES_BLOCK_SIZE, + cipher_handle->key_size)) == NULL + || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden, + AES_IV_LEN) + || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden, + EVP_CIPH_CBC_MODE | + EVP_CIPH_FLAG_DEFAULT_ASN1) + || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden, + afalg_cipher_init) + || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden, + afalg_do_cipher) + || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden, + afalg_cipher_cleanup) + || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden, + sizeof(afalg_ctx)))) { + EVP_CIPHER_meth_free(cipher_handle->_hidden); + cipher_handle->_hidden= NULL; + } + return cipher_handle->_hidden; } static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, @@ -676,19 +703,21 @@ static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, switch (nid) { case NID_aes_128_cbc: - *cipher = afalg_aes_128_cbc(); + case NID_aes_192_cbc: + case NID_aes_256_cbc: + *cipher = afalg_aes_cbc(nid); break; default: *cipher = NULL; r = 0; } - return r; } static int bind_afalg(ENGINE *e) { /* Ensure the afalg error handling is set up */ + unsigned short i; ERR_load_AFALG_strings(); if (!ENGINE_set_id(e, engine_afalg_id) @@ -701,13 +730,15 @@ static int bind_afalg(ENGINE *e) } /* - * Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc + * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc * now, as bind_aflag can only be called by one thread at a * time. */ - if (afalg_aes_128_cbc() == NULL) { - AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED); - return 0; + for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { + if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) { + AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED); + return 0; + } } if (!ENGINE_set_ciphers(e, afalg_ciphers)) { @@ -819,11 +850,20 @@ static int afalg_finish(ENGINE *e) return 1; } +static int free_cbc(void) +{ + short unsigned int i; + for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { + EVP_CIPHER_meth_free(cbc_handle[i]._hidden); + cbc_handle[i]._hidden = NULL; + } + return 1; +} + static int afalg_destroy(ENGINE *e) { ERR_unload_AFALG_strings(); - EVP_CIPHER_meth_free(_hidden_aes_128_cbc); - _hidden_aes_128_cbc = NULL; + free_cbc(); return 1; } diff --git a/deps/openssl/openssl/engines/e_afalg.ec b/deps/openssl/openssl/engines/e_afalg.ec new file mode 100644 index 0000000000..6d7420fe5c --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg.ec @@ -0,0 +1,3 @@ +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L AFALG e_afalg_err.h e_afalg_err.c diff --git a/deps/openssl/openssl/engines/afalg/e_afalg.h b/deps/openssl/openssl/engines/e_afalg.h index 948d67e584..2c03c448d6 100644 --- a/deps/openssl/openssl/engines/afalg/e_afalg.h +++ b/deps/openssl/openssl/engines/e_afalg.h @@ -41,6 +41,8 @@ # define AES_BLOCK_SIZE 16 # endif # define AES_KEY_SIZE_128 16 +# define AES_KEY_SIZE_192 24 +# define AES_KEY_SIZE_256 32 # define AES_IV_LEN 16 # define MAX_INFLIGHTS 1 @@ -51,6 +53,19 @@ typedef enum { MODE_ASYNC } op_mode; +enum { + AES_CBC_128 = 0, + AES_CBC_192, + AES_CBC_256 +}; + +struct cbc_cipher_handles { + int key_size; + EVP_CIPHER *_hidden; +}; + +typedef struct cbc_cipher_handles cbc_handles; + struct afalg_aio_st { int efd; op_mode mode; diff --git a/deps/openssl/openssl/engines/e_afalg.txt b/deps/openssl/openssl/engines/e_afalg.txt new file mode 100644 index 0000000000..3b79305acf --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg.txt @@ -0,0 +1,30 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +AFALG_F_AFALG_CHK_PLATFORM:100:afalg_chk_platform +AFALG_F_AFALG_CREATE_SK:101:afalg_create_sk +AFALG_F_AFALG_INIT_AIO:102:afalg_init_aio +AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION:103:\ + afalg_setup_async_event_notification +AFALG_F_AFALG_SET_KEY:104:afalg_set_key +AFALG_F_BIND_AFALG:105:bind_afalg + +#Reason codes +AFALG_R_EVENTFD_FAILED:108:eventfd failed +AFALG_R_FAILED_TO_GET_PLATFORM_INFO:111:failed to get platform info +AFALG_R_INIT_FAILED:100:init failed +AFALG_R_IO_SETUP_FAILED:105:io setup failed +AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG:101:kernel does not support afalg +AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG:107:\ + kernel does not support async afalg +AFALG_R_MEM_ALLOC_FAILED:102:mem alloc failed +AFALG_R_SOCKET_ACCEPT_FAILED:110:socket accept failed +AFALG_R_SOCKET_BIND_FAILED:103:socket bind failed +AFALG_R_SOCKET_CREATE_FAILED:109:socket create failed +AFALG_R_SOCKET_OPERATION_FAILED:104:socket operation failed +AFALG_R_SOCKET_SET_KEY_FAILED:106:socket set key failed diff --git a/deps/openssl/openssl/engines/e_afalg_err.c b/deps/openssl/openssl/engines/e_afalg_err.c new file mode 100644 index 0000000000..18fe9c34e0 --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg_err.c @@ -0,0 +1,83 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/err.h> +#include "e_afalg_err.h" + +#ifndef OPENSSL_NO_ERR + +static ERR_STRING_DATA AFALG_str_functs[] = { + {ERR_PACK(0, AFALG_F_AFALG_CHK_PLATFORM, 0), "afalg_chk_platform"}, + {ERR_PACK(0, AFALG_F_AFALG_CREATE_SK, 0), "afalg_create_sk"}, + {ERR_PACK(0, AFALG_F_AFALG_INIT_AIO, 0), "afalg_init_aio"}, + {ERR_PACK(0, AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, 0), + "afalg_setup_async_event_notification"}, + {ERR_PACK(0, AFALG_F_AFALG_SET_KEY, 0), "afalg_set_key"}, + {ERR_PACK(0, AFALG_F_BIND_AFALG, 0), "bind_afalg"}, + {0, NULL} +}; + +static ERR_STRING_DATA AFALG_str_reasons[] = { + {ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"}, + {ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO), + "failed to get platform info"}, + {ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed"}, + {ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed"}, + {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG), + "kernel does not support afalg"}, + {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG), + "kernel does not support async afalg"}, + {ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED), + "socket operation failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"}, + {0, NULL} +}; + +#endif + +static int lib_code = 0; +static int error_loaded = 0; + +static int ERR_load_AFALG_strings(void) +{ + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + + if (!error_loaded) { +#ifndef OPENSSL_NO_ERR + ERR_load_strings(lib_code, AFALG_str_functs); + ERR_load_strings(lib_code, AFALG_str_reasons); +#endif + error_loaded = 1; + } + return 1; +} + +static void ERR_unload_AFALG_strings(void) +{ + if (error_loaded) { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(lib_code, AFALG_str_functs); + ERR_unload_strings(lib_code, AFALG_str_reasons); +#endif + error_loaded = 0; + } +} + +static void ERR_AFALG_error(int function, int reason, char *file, int line) +{ + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); +} diff --git a/deps/openssl/openssl/engines/e_afalg_err.h b/deps/openssl/openssl/engines/e_afalg_err.h new file mode 100644 index 0000000000..3eb1332bbf --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg_err.h @@ -0,0 +1,43 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_AFALGERR_H +# define HEADER_AFALGERR_H + +# define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) + + +/* + * AFALG function codes. + */ +# define AFALG_F_AFALG_CHK_PLATFORM 100 +# define AFALG_F_AFALG_CREATE_SK 101 +# define AFALG_F_AFALG_INIT_AIO 102 +# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 103 +# define AFALG_F_AFALG_SET_KEY 104 +# define AFALG_F_BIND_AFALG 105 + +/* + * AFALG reason codes. + */ +# define AFALG_R_EVENTFD_FAILED 108 +# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111 +# define AFALG_R_INIT_FAILED 100 +# define AFALG_R_IO_SETUP_FAILED 105 +# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101 +# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107 +# define AFALG_R_MEM_ALLOC_FAILED 102 +# define AFALG_R_SOCKET_ACCEPT_FAILED 110 +# define AFALG_R_SOCKET_BIND_FAILED 103 +# define AFALG_R_SOCKET_CREATE_FAILED 109 +# define AFALG_R_SOCKET_OPERATION_FAILED 104 +# define AFALG_R_SOCKET_SET_KEY_FAILED 106 + +#endif diff --git a/deps/openssl/openssl/engines/e_capi.c b/deps/openssl/openssl/engines/e_capi.c index a1de0b4b3c..37202b81f3 100644 --- a/deps/openssl/openssl/engines/e_capi.c +++ b/deps/openssl/openssl/engines/e_capi.c @@ -577,7 +577,7 @@ static int bind_helper(ENGINE *e, const char *id) } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) # else static ENGINE *engine_capi(void) { @@ -835,7 +835,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY); return -1; } -/* Convert the signature type to a CryptoAPI algorithm ID */ + /* Convert the signature type to a CryptoAPI algorithm ID */ switch (dtype) { case NID_sha256: alg = CALG_SHA_256; @@ -870,13 +870,13 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, } } -/* Create the hash object */ + /* Create the hash object */ if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); capi_addlasterror(); return -1; } -/* Set the hash value to the value passed */ + /* Set the hash value to the value passed */ if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE); @@ -884,7 +884,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, goto err; } -/* Finally sign it */ + /* Finally sign it */ slen = RSA_size(rsa); if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH); @@ -1491,8 +1491,10 @@ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const WCHAR *contname, ptype = PROV_RSA_AES; } if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { - /* above 'if' is [complementary] copy from CAPI_trace and serves - * as optimization to minimize [below] malloc-ations */ + /* + * above 'if' is [complementary] copy from CAPI_trace and serves + * as optimization to minimize [below] malloc-ations + */ char *_contname = wide_to_asc(contname); char *_provname = wide_to_asc(provname); diff --git a/deps/openssl/openssl/engines/e_capi.ec b/deps/openssl/openssl/engines/e_capi.ec index d2ad668a98..d9c7aa510f 100644 --- a/deps/openssl/openssl/engines/e_capi.ec +++ b/deps/openssl/openssl/engines/e_capi.ec @@ -1 +1,3 @@ -L CAPI e_capi_err.h e_capi_err.c +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L CAPI e_capi_err.h e_capi_err.c diff --git a/deps/openssl/openssl/engines/e_capi.txt b/deps/openssl/openssl/engines/e_capi.txt new file mode 100644 index 0000000000..3f34cdf6b7 --- /dev/null +++ b/deps/openssl/openssl/engines/e_capi.txt @@ -0,0 +1,62 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +CAPI_F_CAPI_CERT_GET_FNAME:99:capi_cert_get_fname +CAPI_F_CAPI_CTRL:100:capi_ctrl +CAPI_F_CAPI_CTX_NEW:101:capi_ctx_new +CAPI_F_CAPI_CTX_SET_PROVNAME:102:capi_ctx_set_provname +CAPI_F_CAPI_DSA_DO_SIGN:114:capi_dsa_do_sign +CAPI_F_CAPI_GET_KEY:103:capi_get_key +CAPI_F_CAPI_GET_PKEY:115:capi_get_pkey +CAPI_F_CAPI_GET_PROVNAME:104:capi_get_provname +CAPI_F_CAPI_GET_PROV_INFO:105:capi_get_prov_info +CAPI_F_CAPI_INIT:106:capi_init +CAPI_F_CAPI_LIST_CONTAINERS:107:capi_list_containers +CAPI_F_CAPI_LOAD_PRIVKEY:108:capi_load_privkey +CAPI_F_CAPI_OPEN_STORE:109:capi_open_store +CAPI_F_CAPI_RSA_PRIV_DEC:110:capi_rsa_priv_dec +CAPI_F_CAPI_RSA_PRIV_ENC:111:capi_rsa_priv_enc +CAPI_F_CAPI_RSA_SIGN:112:capi_rsa_sign +CAPI_F_CAPI_VTRACE:118:capi_vtrace +CAPI_F_CERT_SELECT_DIALOG:117:cert_select_dialog +CAPI_F_CLIENT_CERT_SELECT:116:* +CAPI_F_WIDE_TO_ASC:113:wide_to_asc + +#Reason codes +CAPI_R_CANT_CREATE_HASH_OBJECT:100:cant create hash object +CAPI_R_CANT_FIND_CAPI_CONTEXT:101:cant find capi context +CAPI_R_CANT_GET_KEY:102:cant get key +CAPI_R_CANT_SET_HASH_VALUE:103:cant set hash value +CAPI_R_CRYPTACQUIRECONTEXT_ERROR:104:cryptacquirecontext error +CAPI_R_CRYPTENUMPROVIDERS_ERROR:105:cryptenumproviders error +CAPI_R_DECRYPT_ERROR:106:decrypt error +CAPI_R_ENGINE_NOT_INITIALIZED:107:engine not initialized +CAPI_R_ENUMCONTAINERS_ERROR:108:enumcontainers error +CAPI_R_ERROR_ADDING_CERT:109:error adding cert +CAPI_R_ERROR_CREATING_STORE:110:error creating store +CAPI_R_ERROR_GETTING_FRIENDLY_NAME:111:error getting friendly name +CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO:112:error getting key provider info +CAPI_R_ERROR_OPENING_STORE:113:error opening store +CAPI_R_ERROR_SIGNING_HASH:114:error signing hash +CAPI_R_FILE_OPEN_ERROR:115:file open error +CAPI_R_FUNCTION_NOT_SUPPORTED:116:function not supported +CAPI_R_GETUSERKEY_ERROR:117:getuserkey error +CAPI_R_INVALID_DIGEST_LENGTH:118:invalid digest length +CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:119:\ + invalid dsa public key blob magic number +CAPI_R_INVALID_LOOKUP_METHOD:120:invalid lookup method +CAPI_R_INVALID_PUBLIC_KEY_BLOB:121:invalid public key blob +CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:122:\ + invalid rsa public key blob magic number +CAPI_R_PUBKEY_EXPORT_ERROR:123:pubkey export error +CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR:124:pubkey export length error +CAPI_R_UNKNOWN_COMMAND:125:unknown command +CAPI_R_UNSUPPORTED_ALGORITHM_NID:126:unsupported algorithm nid +CAPI_R_UNSUPPORTED_PADDING:127:unsupported padding +CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM:128:unsupported public key algorithm +CAPI_R_WIN32_ERROR:129:win32 error diff --git a/deps/openssl/openssl/engines/e_capi_err.c b/deps/openssl/openssl/engines/e_capi_err.c index 64e963a5eb..b72bc51a87 100644 --- a/deps/openssl/openssl/engines/e_capi_err.c +++ b/deps/openssl/openssl/engines/e_capi_err.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,137 +8,112 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> #include <openssl/err.h> #include "e_capi_err.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - static ERR_STRING_DATA CAPI_str_functs[] = { - {ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"}, - {ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"}, - {ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"}, - {ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"}, - {ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"}, - {ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"}, - {ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"}, - {ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"}, - {ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"}, - {ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"}, - {ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"}, - {ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"}, - {ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"}, - {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"}, - {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"}, - {ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"}, - {ERR_FUNC(CAPI_F_CAPI_VTRACE), "CAPI_VTRACE"}, - {ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"}, - {ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"}, - {ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"}, + {ERR_PACK(0, CAPI_F_CAPI_CERT_GET_FNAME, 0), "capi_cert_get_fname"}, + {ERR_PACK(0, CAPI_F_CAPI_CTRL, 0), "capi_ctrl"}, + {ERR_PACK(0, CAPI_F_CAPI_CTX_NEW, 0), "capi_ctx_new"}, + {ERR_PACK(0, CAPI_F_CAPI_CTX_SET_PROVNAME, 0), "capi_ctx_set_provname"}, + {ERR_PACK(0, CAPI_F_CAPI_DSA_DO_SIGN, 0), "capi_dsa_do_sign"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_KEY, 0), "capi_get_key"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_PKEY, 0), "capi_get_pkey"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_PROVNAME, 0), "capi_get_provname"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_PROV_INFO, 0), "capi_get_prov_info"}, + {ERR_PACK(0, CAPI_F_CAPI_INIT, 0), "capi_init"}, + {ERR_PACK(0, CAPI_F_CAPI_LIST_CONTAINERS, 0), "capi_list_containers"}, + {ERR_PACK(0, CAPI_F_CAPI_LOAD_PRIVKEY, 0), "capi_load_privkey"}, + {ERR_PACK(0, CAPI_F_CAPI_OPEN_STORE, 0), "capi_open_store"}, + {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_DEC, 0), "capi_rsa_priv_dec"}, + {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_ENC, 0), "capi_rsa_priv_enc"}, + {ERR_PACK(0, CAPI_F_CAPI_RSA_SIGN, 0), "capi_rsa_sign"}, + {ERR_PACK(0, CAPI_F_CAPI_VTRACE, 0), "capi_vtrace"}, + {ERR_PACK(0, CAPI_F_CERT_SELECT_DIALOG, 0), "cert_select_dialog"}, + {ERR_PACK(0, CAPI_F_CLIENT_CERT_SELECT, 0), ""}, + {ERR_PACK(0, CAPI_F_WIDE_TO_ASC, 0), "wide_to_asc"}, {0, NULL} }; static ERR_STRING_DATA CAPI_str_reasons[] = { - {ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"}, - {ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"}, - {ERR_REASON(CAPI_R_CANT_GET_KEY), "cant get key"}, - {ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"}, - {ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR), - "cryptacquirecontext error"}, - {ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR), "cryptenumproviders error"}, - {ERR_REASON(CAPI_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"}, - {ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"}, - {ERR_REASON(CAPI_R_ERROR_ADDING_CERT), "error adding cert"}, - {ERR_REASON(CAPI_R_ERROR_CREATING_STORE), "error creating store"}, - {ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME), - "error getting friendly name"}, - {ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO), - "error getting key provider info"}, - {ERR_REASON(CAPI_R_ERROR_OPENING_STORE), "error opening store"}, - {ERR_REASON(CAPI_R_ERROR_SIGNING_HASH), "error signing hash"}, - {ERR_REASON(CAPI_R_FILE_OPEN_ERROR), "file open error"}, - {ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"}, - {ERR_REASON(CAPI_R_GETUSERKEY_ERROR), "getuserkey error"}, - {ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, - {ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), - "invalid dsa public key blob magic number"}, - {ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"}, - {ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"}, - {ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), - "invalid rsa public key blob magic number"}, - {ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"}, - {ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR), - "pubkey export length error"}, - {ERR_REASON(CAPI_R_UNKNOWN_COMMAND), "unknown command"}, - {ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID), - "unsupported algorithm nid"}, - {ERR_REASON(CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"}, - {ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM), - "unsupported public key algorithm"}, - {ERR_REASON(CAPI_R_WIN32_ERROR), "win32 error"}, + {ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"}, + {ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"}, + {ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key"}, + {ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"}, + {ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR), + "cryptacquirecontext error"}, + {ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR), + "cryptenumproviders error"}, + {ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error"}, + {ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"}, + {ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME), + "error getting friendly name"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO), + "error getting key provider info"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash"}, + {ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error"}, + {ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"}, + {ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), + "invalid dsa public key blob magic number"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), + "invalid rsa public key blob magic number"}, + {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"}, + {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR), + "pubkey export length error"}, + {ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command"}, + {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID), + "unsupported algorithm nid"}, + {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"}, + {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM), + "unsupported public key algorithm"}, + {ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error"}, {0, NULL} }; #endif -#ifdef CAPI_LIB_NAME -static ERR_STRING_DATA CAPI_lib_name[] = { - {0, CAPI_LIB_NAME}, - {0, NULL} -}; -#endif - -static int CAPI_lib_error_code = 0; -static int CAPI_error_init = 1; +static int lib_code = 0; +static int error_loaded = 0; -static void ERR_load_CAPI_strings(void) +static int ERR_load_CAPI_strings(void) { - if (CAPI_lib_error_code == 0) - CAPI_lib_error_code = ERR_get_next_error_library(); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); - if (CAPI_error_init) { - CAPI_error_init = 0; + if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(CAPI_lib_error_code, CAPI_str_functs); - ERR_load_strings(CAPI_lib_error_code, CAPI_str_reasons); -#endif - -#ifdef CAPI_LIB_NAME - CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code, 0, 0); - ERR_load_strings(0, CAPI_lib_name); + ERR_load_strings(lib_code, CAPI_str_functs); + ERR_load_strings(lib_code, CAPI_str_reasons); #endif + error_loaded = 1; } + return 1; } static void ERR_unload_CAPI_strings(void) { - if (CAPI_error_init == 0) { + if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(CAPI_lib_error_code, CAPI_str_functs); - ERR_unload_strings(CAPI_lib_error_code, CAPI_str_reasons); -#endif - -#ifdef CAPI_LIB_NAME - ERR_unload_strings(0, CAPI_lib_name); + ERR_unload_strings(lib_code, CAPI_str_functs); + ERR_unload_strings(lib_code, CAPI_str_reasons); #endif - CAPI_error_init = 1; + error_loaded = 0; } } static void ERR_CAPI_error(int function, int reason, char *file, int line) { - if (CAPI_lib_error_code == 0) - CAPI_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(CAPI_lib_error_code, function, reason, file, line); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); } diff --git a/deps/openssl/openssl/engines/e_capi_err.h b/deps/openssl/openssl/engines/e_capi_err.h index bbaffada3d..e034c98cae 100644 --- a/deps/openssl/openssl/engines/e_capi_err.h +++ b/deps/openssl/openssl/engines/e_capi_err.h @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,28 +8,15 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_CAPI_ERR_H -# define HEADER_CAPI_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif +#ifndef HEADER_CAPIERR_H +# define HEADER_CAPIERR_H -/* BEGIN ERROR CODES */ -static void ERR_load_CAPI_strings(void); -static void ERR_unload_CAPI_strings(void); -static void ERR_CAPI_error(int function, int reason, char *file, int line); -# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) -/* Error codes for the CAPI functions. */ -/* Function codes. */ +/* + * CAPI function codes. + */ # define CAPI_F_CAPI_CERT_GET_FNAME 99 # define CAPI_F_CAPI_CTRL 100 # define CAPI_F_CAPI_CTX_NEW 101 @@ -50,39 +38,38 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line); # define CAPI_F_CLIENT_CERT_SELECT 116 # define CAPI_F_WIDE_TO_ASC 113 -/* Reason codes. */ -# define CAPI_R_CANT_CREATE_HASH_OBJECT 99 -# define CAPI_R_CANT_FIND_CAPI_CONTEXT 100 -# define CAPI_R_CANT_GET_KEY 101 -# define CAPI_R_CANT_SET_HASH_VALUE 102 -# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103 -# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104 -# define CAPI_R_DECRYPT_ERROR 105 -# define CAPI_R_ENGINE_NOT_INITIALIZED 106 -# define CAPI_R_ENUMCONTAINERS_ERROR 107 -# define CAPI_R_ERROR_ADDING_CERT 125 -# define CAPI_R_ERROR_CREATING_STORE 126 -# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108 -# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109 -# define CAPI_R_ERROR_OPENING_STORE 110 -# define CAPI_R_ERROR_SIGNING_HASH 111 -# define CAPI_R_FILE_OPEN_ERROR 128 -# define CAPI_R_FUNCTION_NOT_SUPPORTED 112 -# define CAPI_R_GETUSERKEY_ERROR 113 -# define CAPI_R_INVALID_DIGEST_LENGTH 124 -# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 -# define CAPI_R_INVALID_LOOKUP_METHOD 114 -# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115 -# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123 -# define CAPI_R_PUBKEY_EXPORT_ERROR 116 -# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117 -# define CAPI_R_UNKNOWN_COMMAND 118 -# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119 -# define CAPI_R_UNSUPPORTED_PADDING 120 -# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121 -# define CAPI_R_WIN32_ERROR 127 +/* + * CAPI reason codes. + */ +# define CAPI_R_CANT_CREATE_HASH_OBJECT 100 +# define CAPI_R_CANT_FIND_CAPI_CONTEXT 101 +# define CAPI_R_CANT_GET_KEY 102 +# define CAPI_R_CANT_SET_HASH_VALUE 103 +# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 104 +# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 105 +# define CAPI_R_DECRYPT_ERROR 106 +# define CAPI_R_ENGINE_NOT_INITIALIZED 107 +# define CAPI_R_ENUMCONTAINERS_ERROR 108 +# define CAPI_R_ERROR_ADDING_CERT 109 +# define CAPI_R_ERROR_CREATING_STORE 110 +# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 111 +# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 112 +# define CAPI_R_ERROR_OPENING_STORE 113 +# define CAPI_R_ERROR_SIGNING_HASH 114 +# define CAPI_R_FILE_OPEN_ERROR 115 +# define CAPI_R_FUNCTION_NOT_SUPPORTED 116 +# define CAPI_R_GETUSERKEY_ERROR 117 +# define CAPI_R_INVALID_DIGEST_LENGTH 118 +# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 119 +# define CAPI_R_INVALID_LOOKUP_METHOD 120 +# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 121 +# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 +# define CAPI_R_PUBKEY_EXPORT_ERROR 123 +# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 124 +# define CAPI_R_UNKNOWN_COMMAND 125 +# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 126 +# define CAPI_R_UNSUPPORTED_PADDING 127 +# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 128 +# define CAPI_R_WIN32_ERROR 129 -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/engines/e_chil.c b/deps/openssl/openssl/engines/e_chil.c deleted file mode 100644 index 8d81b46fec..0000000000 --- a/deps/openssl/openssl/engines/e_chil.c +++ /dev/null @@ -1,1285 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/pem.h> -#include "internal/dso.h" -#include <openssl/engine.h> -#include <openssl/ui.h> -#include <openssl/rand.h> -#ifndef OPENSSL_NO_RSA -# include <openssl/rsa.h> -#endif -#ifndef OPENSSL_NO_DH -# include <openssl/dh.h> -#endif -#include <openssl/bn.h> - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_CHIL - -/*- - * Attribution notice: nCipher have said several times that it's OK for - * us to implement a general interface to their boxes, and recently declared - * their HWCryptoHook to be public, and therefore available for us to use. - * Thanks, nCipher. - * - * The hwcryptohook.h included here is from May 2000. - * [Richard Levitte] - */ -# ifdef FLAT_INC -# include "hwcryptohook.h" -# else -# include "vendor_defns/hwcryptohook.h" -# endif - -# define HWCRHK_LIB_NAME "CHIL engine" -# include "e_chil_err.c" - -static CRYPTO_RWLOCK *chil_lock; - -static int hwcrhk_destroy(ENGINE *e); -static int hwcrhk_init(ENGINE *e); -static int hwcrhk_finish(ENGINE *e); -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); - -/* Functions to handle mutexes */ -static int hwcrhk_mutex_init(HWCryptoHook_Mutex *, - HWCryptoHook_CallerContext *); -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *); -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *); -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *); - -/* BIGNUM stuff */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -# ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int hwcrhk_rsa_finish(RSA *rsa); -# endif - -# ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -/* RAND stuff */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num); -static int hwcrhk_rand_status(void); - -/* KM stuff */ -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); - -/* Interaction stuff */ -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); -static void hwcrhk_log_message(void *logstr, const char *message); - -/* The definitions for control commands specific to this engine */ -# define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE -# define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1) -# define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2) -# define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3) -# define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4) -static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = { - {HWCRHK_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'hwcrhk' shared library", - ENGINE_CMD_FLAG_STRING}, - {HWCRHK_CMD_FORK_CHECK, - "FORK_CHECK", - "Turns fork() checking on (non-zero) or off (zero)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_THREAD_LOCKING, - "THREAD_LOCKING", - "Turns thread-safe locking on (zero) or off (non-zero)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_SET_USER_INTERFACE, - "SET_USER_INTERFACE", - "Set the global user interface (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {HWCRHK_CMD_SET_CALLBACK_DATA, - "SET_CALLBACK_DATA", - "Set the global user interface extra data (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD hwcrhk_rsa = { - "CHIL RSA method", - NULL, - NULL, - NULL, - NULL, - hwcrhk_rsa_mod_exp, - hwcrhk_mod_exp_mont, - NULL, - hwcrhk_rsa_finish, - 0, - NULL, - NULL, - NULL, - NULL -}; -# endif - -# ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD hwcrhk_dh = { - "CHIL DH method", - NULL, - NULL, - hwcrhk_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL -}; -# endif - -static RAND_METHOD hwcrhk_rand = { - /* "CHIL RAND method", */ - NULL, - hwcrhk_rand_bytes, - NULL, - NULL, - hwcrhk_rand_bytes, - hwcrhk_rand_status, -}; - -/* Constants used when creating the ENGINE */ -static const char *engine_hwcrhk_id = "chil"; -static const char *engine_hwcrhk_name = "CHIL hardware engine support"; -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -/* Compatibility hack, the dynamic library uses this form in the path */ -static const char *engine_hwcrhk_id_alt = "ncipher"; -# endif - -/* Internal stuff for HWCryptoHook */ - -/* Some structures needed for proper use of thread locks */ -/* - * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue - * into HWCryptoHook_Mutex - */ -struct HWCryptoHook_MutexValue { - CRYPTO_RWLOCK *lock; -}; - -/* - * hwcryptohook.h has some typedefs that turn struct - * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext - */ -struct HWCryptoHook_PassphraseContextValue { - UI_METHOD *ui_method; - void *callback_data; -}; - -/* - * hwcryptohook.h has some typedefs that turn struct - * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext - */ -struct HWCryptoHook_CallerContextValue { - pem_password_cb *password_callback; /* Deprecated! Only present for - * backward compatibility! */ - UI_METHOD *ui_method; - void *callback_data; -}; - -/* - * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL - * BIGNUM's, so lets define a couple of conversion macros - */ -# define BN2MPI(mp, bn) \ - {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} -# define MPI2BN(bn, mp) \ - {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} - -static BIO *logstream = NULL; -static int disable_mutex_callbacks = 0; - -/* - * One might wonder why these are needed, since one can pass down at least a - * UI_METHOD and a pointer to callback data to the key-loading functions. The - * thing is that the ModExp and RSAImmed functions can load keys as well, if - * the data they get is in a special, nCipher-defined format (hint: if you - * look at the private exponent of the RSA data as a string, you'll see this - * string: "nCipher KM tool key id", followed by some bytes, followed a key - * identity string, followed by more bytes. This happens when you use - * "embed" keys instead of "hwcrhk" keys). Unfortunately, those functions do - * not take any passphrase or caller context, and our functions can't really - * take any callback data either. Still, the "insert_card" and - * "get_passphrase" callbacks may be called down the line, and will need to - * know what user interface callbacks to call, and having callback data from - * the application may be a nice thing as well, so we need to keep track of - * that globally. - */ -static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL }; - -/* Stuff to pass to the HWCryptoHook library */ -static HWCryptoHook_InitInfo hwcrhk_globals = { - HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */ - &logstream, /* logstream */ - sizeof(BN_ULONG), /* limbsize */ - 0, /* mslimb first: false for BNs */ - -1, /* msbyte first: use native */ - 0, /* Max mutexes, 0 = no small limit */ - 0, /* Max simultaneous, 0 = default */ - - /* - * The next few are mutex stuff: we write wrapper functions around the OS - * mutex functions. We initialise them to 0 here, and change that to - * actual function pointers in hwcrhk_init() if dynamic locks are - * supported (that is, if the application programmer has made sure of - * setting up callbacks bafore starting this engine) *and* if - * disable_mutex_callbacks hasn't been set by a call to - * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). - */ - sizeof(HWCryptoHook_Mutex), - 0, - 0, - 0, - 0, - - /* - * The next few are condvar stuff: we write wrapper functions round the - * OS functions. Currently not implemented and not and absolute - * necessity even in threaded programs, therefore 0'ed. Will hopefully - * be implemented some day, since it enhances the efficiency of - * HWCryptoHook. - */ - 0, /* sizeof(HWCryptoHook_CondVar), */ - 0, /* hwcrhk_cv_init, */ - 0, /* hwcrhk_cv_wait, */ - 0, /* hwcrhk_cv_signal, */ - 0, /* hwcrhk_cv_broadcast, */ - 0, /* hwcrhk_cv_destroy, */ - - hwcrhk_get_pass, /* pass phrase */ - hwcrhk_insert_card, /* insert a card */ - hwcrhk_log_message /* Log message */ -}; - -/* Now, to our own code */ - -/* - * This internal function is used by ENGINE_chil() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif -# ifndef OPENSSL_NO_DH - const DH_METHOD *meth2; -# endif - - chil_lock = CRYPTO_THREAD_lock_new(); - if (chil_lock == NULL) { - HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!ENGINE_set_id(e, engine_hwcrhk_id) || - !ENGINE_set_name(e, engine_hwcrhk_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &hwcrhk_rsa) || -# endif -# ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &hwcrhk_dh) || -# endif - !ENGINE_set_RAND(e, &hwcrhk_rand) || - !ENGINE_set_destroy_function(e, hwcrhk_destroy) || - !ENGINE_set_init_function(e, hwcrhk_init) || - !ENGINE_set_finish_function(e, hwcrhk_finish) || - !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || - !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || - !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || - !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - /* - * We know that the "PKCS1_OpenSSL()" functions hook properly to the - * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: - * We don't use ENGINE_openssl() or anything "more generic" because - * something like the RSAref code may not hook properly, and if you own - * one of these cards then you have the right to do RSA operations on it - * anyway! - */ - meth1 = RSA_PKCS1_OpenSSL(); - hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -# endif - -# ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth2 = DH_OpenSSL(); - hwcrhk_dh.generate_key = meth2->generate_key; - hwcrhk_dh.compute_key = meth2->compute_key; -# endif - - /* Ensure the hwcrhk error handling is set up */ - ERR_load_HWCRHK_strings(); - - return 1; -} - -# ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_chil(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_chil(void) -{ - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_chil(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -} -# endif - -/* - * This is a process-global DSO handle used for loading and unloading the - * HWCryptoHook library. NB: This is only set (or unset) during an init() or - * finish() call (reference counts permitting) and they're operating with - * global locks, so this should be thread-safe implicitly. - */ -static DSO *hwcrhk_dso = NULL; -static HWCryptoHook_ContextHandle hwcrhk_context = 0; -# ifndef OPENSSL_NO_RSA -/* Index for KM handle. Not really used yet. */ -static int hndidx_rsa = -1; -# endif - -/* - * These are the function pointers that are (un)set when the library has - * successfully (un)loaded. - */ -static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL; -static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL; -static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL; -# ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL; -# endif -static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL; -# ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL; -static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL; -static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; -# endif -static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; - -/* Used in the DSO operations. */ -static const char *HWCRHK_LIBNAME = NULL; -static void free_HWCRHK_LIBNAME(void) -{ - OPENSSL_free(HWCRHK_LIBNAME); - HWCRHK_LIBNAME = NULL; -} - -static const char *get_HWCRHK_LIBNAME(void) -{ - if (HWCRHK_LIBNAME) - return HWCRHK_LIBNAME; - return "nfhwcrhk"; -} - -static long set_HWCRHK_LIBNAME(const char *name) -{ - free_HWCRHK_LIBNAME(); - return (((HWCRHK_LIBNAME = OPENSSL_strdup(name)) != NULL) ? 1 : 0); -} - -static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; -static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; -static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; -# ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA"; -# endif -static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes"; -# ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey"; -static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey"; -static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey"; -# endif -static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT"; - -/* - * HWCryptoHook library functions and mechanics - these are used by the - * higher-level functions further down. NB: As and where there's no error - * checking, take a look lower down where these functions are called, the - * checking and error handling is probably down there. - */ - -/* utility function to obtain a context */ -static int get_context(HWCryptoHook_ContextHandle * hac, - HWCryptoHook_CallerContext * cac) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac); - if (!*hac) - return 0; - return 1; -} - -/* similarly to release one. */ -static void release_context(HWCryptoHook_ContextHandle hac) -{ - p_hwcrhk_Finish(hac); -} - -/* Destructor (complements the "ENGINE_chil()" constructor) */ -static int hwcrhk_destroy(ENGINE *e) -{ - free_HWCRHK_LIBNAME(); - ERR_unload_HWCRHK_strings(); - CRYPTO_THREAD_lock_free(chil_lock); - return 1; -} - -/* (de)initialisation functions. */ -static int hwcrhk_init(ENGINE *e) -{ - HWCryptoHook_Init_t *p1; - HWCryptoHook_Finish_t *p2; - HWCryptoHook_ModExp_t *p3; -# ifndef OPENSSL_NO_RSA - HWCryptoHook_RSA_t *p4; - HWCryptoHook_RSALoadKey_t *p5; - HWCryptoHook_RSAGetPublicKey_t *p6; - HWCryptoHook_RSAUnloadKey_t *p7; -# endif - HWCryptoHook_RandomBytes_t *p8; - HWCryptoHook_ModExpCRT_t *p9; - - if (hwcrhk_dso != NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ - hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0); - if (hwcrhk_dso == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); - goto err; - } - -#define BINDIT(t, name) (t *)DSO_bind_func(hwcrhk_dso, name) - if ((p1 = BINDIT(HWCryptoHook_Init_t, n_hwcrhk_Init)) == NULL - || (p2 = BINDIT(HWCryptoHook_Finish_t, n_hwcrhk_Finish)) == NULL - || (p3 = BINDIT(HWCryptoHook_ModExp_t, n_hwcrhk_ModExp)) == NULL -# ifndef OPENSSL_NO_RSA - || (p4 = BINDIT(HWCryptoHook_RSA_t, n_hwcrhk_RSA)) == NULL - || (p5 = BINDIT(HWCryptoHook_RSALoadKey_t, n_hwcrhk_RSALoadKey)) == NULL - || (p6 = BINDIT(HWCryptoHook_RSAGetPublicKey_t, n_hwcrhk_RSAGetPublicKey)) == NULL - || (p7 = BINDIT(HWCryptoHook_RSAUnloadKey_t, n_hwcrhk_RSAUnloadKey)) == NULL -# endif - || (p8 = BINDIT(HWCryptoHook_RandomBytes_t, n_hwcrhk_RandomBytes)) == NULL - || (p9 = BINDIT(HWCryptoHook_ModExpCRT_t, n_hwcrhk_ModExpCRT)) == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); - goto err; - } - /* Copy the pointers */ - p_hwcrhk_Init = p1; - p_hwcrhk_Finish = p2; - p_hwcrhk_ModExp = p3; -# ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = p4; - p_hwcrhk_RSALoadKey = p5; - p_hwcrhk_RSAGetPublicKey = p6; - p_hwcrhk_RSAUnloadKey = p7; -# endif - p_hwcrhk_RandomBytes = p8; - p_hwcrhk_ModExpCRT = p9; - - /* - * Check if the application decided to support dynamic locks, and if it - * does, use them. - */ - if (disable_mutex_callbacks == 0) { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; - } - - /* - * Try and get a context - if not, we may have a DSO but no accelerator! - */ - if (!get_context(&hwcrhk_context, &password_context)) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE); - goto err; - } - /* Everything's fine. */ -# ifndef OPENSSL_NO_RSA - if (hndidx_rsa == -1) - hndidx_rsa = RSA_get_ex_new_index(0, - "nFast HWCryptoHook RSA key handle", - NULL, NULL, NULL); -# endif - return 1; - err: - DSO_free(hwcrhk_dso); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -# ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -# endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return 0; -} - -static int hwcrhk_finish(ENGINE *e) -{ - int to_return = 1; - free_HWCRHK_LIBNAME(); - if (hwcrhk_dso == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED); - to_return = 0; - goto err; - } - release_context(hwcrhk_context); - if (!DSO_free(hwcrhk_dso)) { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE); - to_return = 0; - goto err; - } - err: - BIO_free(logstream); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -# ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -# endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return to_return; -} - -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int to_return = 1; - - switch (cmd) { - case HWCRHK_CMD_SO_PATH: - if (hwcrhk_dso) { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED); - return 0; - } - if (p == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return set_HWCRHK_LIBNAME((const char *)p); - case ENGINE_CTRL_SET_LOGSTREAM: - { - BIO *bio = (BIO *)p; - - CRYPTO_THREAD_write_lock(chil_lock); - BIO_free(logstream); - logstream = NULL; - if (BIO_up_ref(bio)) - logstream = bio; - else - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED); - } - CRYPTO_THREAD_unlock(chil_lock); - break; - case ENGINE_CTRL_SET_PASSWORD_CALLBACK: - CRYPTO_THREAD_write_lock(chil_lock); - password_context.password_callback = (pem_password_cb *)f; - CRYPTO_THREAD_unlock(chil_lock); - break; - case ENGINE_CTRL_SET_USER_INTERFACE: - case HWCRHK_CMD_SET_USER_INTERFACE: - CRYPTO_THREAD_write_lock(chil_lock); - password_context.ui_method = (UI_METHOD *)p; - CRYPTO_THREAD_unlock(chil_lock); - break; - case ENGINE_CTRL_SET_CALLBACK_DATA: - case HWCRHK_CMD_SET_CALLBACK_DATA: - CRYPTO_THREAD_write_lock(chil_lock); - password_context.callback_data = p; - CRYPTO_THREAD_unlock(chil_lock); - break; - /* - * this enables or disables the "SimpleForkCheck" flag used in the - * initialisation structure. - */ - case ENGINE_CTRL_CHIL_SET_FORKCHECK: - case HWCRHK_CMD_FORK_CHECK: - CRYPTO_THREAD_write_lock(chil_lock); - if (i) - hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck; - else - hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck; - CRYPTO_THREAD_unlock(chil_lock); - break; - /* - * This will prevent the initialisation function from "installing" - * the mutex-handling callbacks, even if they are available from - * within the library (or were provided to the library from the - * calling application). This is to remove any baggage for - * applications not using multithreading. - */ - case ENGINE_CTRL_CHIL_NO_LOCKING: - CRYPTO_THREAD_write_lock(chil_lock); - disable_mutex_callbacks = 1; - CRYPTO_THREAD_unlock(chil_lock); - break; - case HWCRHK_CMD_THREAD_LOCKING: - CRYPTO_THREAD_write_lock(chil_lock); - disable_mutex_callbacks = ((i == 0) ? 0 : 1); - CRYPTO_THREAD_unlock(chil_lock); - break; - - /* The command isn't understood by this engine */ - default: - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - to_return = 0; - break; - } - - return to_return; -} - -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ -# ifndef OPENSSL_NO_RSA - RSA *rtmp = NULL; -# endif - EVP_PKEY *res = NULL; -# ifndef OPENSSL_NO_RSA - HWCryptoHook_MPI e, n; - HWCryptoHook_RSAKeyHandle *hptr; -# endif -# if !defined(OPENSSL_NO_RSA) - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - HWCryptoHook_PassphraseContext ppctx; -# endif - -# if !defined(OPENSSL_NO_RSA) - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); -# endif - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED); - goto err; - } -# ifndef OPENSSL_NO_RSA - hptr = OPENSSL_malloc(sizeof(*hptr)); - if (hptr == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); - goto err; - } - ppctx.ui_method = ui_method; - ppctx.callback_data = callback_data; - if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1, rmsg.buf); - goto err; - } - if (!*hptr) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY); - goto err; - } -# endif -# ifndef OPENSSL_NO_RSA - rtmp = RSA_new_method(eng); - RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr); - rtmp->e = BN_new(); - rtmp->n = BN_new(); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg) - != HWCRYPTOHOOK_ERROR_MPISIZE) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1, rmsg.buf); - goto err; - } - - bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)); - bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)); - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1, rmsg.buf); - goto err; - } - rtmp->e->top = e.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->e); - rtmp->n->top = n.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->n); - - res = EVP_PKEY_new(); - if (res == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - goto err; - } - EVP_PKEY_assign_RSA(res, rtmp); -# endif - - if (res == NULL) - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); - - return res; - err: -# ifndef OPENSSL_NO_RSA - RSA_free(rtmp); -# endif - return NULL; -} - -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) -{ - EVP_PKEY *res = NULL; - -# ifndef OPENSSL_NO_RSA - res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data); -# endif - - if (res) - switch (res->type) { -# ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - { - RSA *rsa = NULL; - - CRYPTO_THREAD_write_lock(chil_lock); - rsa = res->pkey.rsa; - res->pkey.rsa = RSA_new(); - res->pkey.rsa->n = rsa->n; - res->pkey.rsa->e = rsa->e; - rsa->n = NULL; - rsa->e = NULL; - CRYPTO_THREAD_unlock(chil_lock); - RSA_free(rsa); - } - break; -# endif - default: - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - goto err; - } - - return res; - err: - EVP_PKEY_free(res); - return NULL; -} - -/* A little mod_exp */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - /* - * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them - * directly, plus a little macro magic. We only thing we need to make - * sure of is that enough space is allocated. - */ - HWCryptoHook_MPI m_a, m_p, m_n, m_r; - int to_return, ret; - - to_return = 0; /* expect failure */ - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED); - goto err; - } - /* Prepare the params */ - bn_expand2(r, m->top); /* Check for error !! */ - BN2MPI(m_a, a); - BN2MPI(m_p, p); - BN2MPI(m_n, m); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - - to_return = 1; - err: - return to_return; -} - -# ifndef OPENSSL_NO_RSA -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - HWCryptoHook_RSAKeyHandle *hptr; - int to_return = 0, ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED); - goto err; - } - - /* - * This provides support for nForce keys. Since that's opaque data all - * we do is provide a handle to the proper key and let HWCryptoHook take - * care of the rest. - */ - if ((hptr = - (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa)) - != NULL) { - HWCryptoHook_MPI m_a, m_r; - - if (!rsa->n) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good - * thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - } else { - HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - BN2MPI(m_p, rsa->p); - BN2MPI(m_q, rsa->q); - BN2MPI(m_dmp1, rsa->dmp1); - BN2MPI(m_dmq1, rsa->dmq1); - BN2MPI(m_iqmp, rsa->iqmp); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, - m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good - * thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - } - /* - * If we're here, we must be here with some semblance of success :-) - */ - to_return = 1; - err: - return to_return; -} -# endif - -# ifndef OPENSSL_NO_RSA -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return hwcrhk_mod_exp(r, a, p, m, ctx); -} - -static int hwcrhk_rsa_finish(RSA *rsa) -{ - HWCryptoHook_RSAKeyHandle *hptr; - - hptr = RSA_get_ex_data(rsa, hndidx_rsa); - if (hptr) { - p_hwcrhk_RSAUnloadKey(*hptr, NULL); - OPENSSL_free(hptr); - RSA_set_ex_data(rsa, hndidx_rsa, NULL); - } - return 1; -} - -# endif - -# ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return hwcrhk_mod_exp(r, a, p, m, ctx); -} -# endif - -/* Random bytes are good */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - int to_return = 0; /* assume failure */ - int ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED); - goto err; - } - - ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg); - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - to_return = 1; - err: - return to_return; -} - -static int hwcrhk_rand_status(void) -{ - return 1; -} - -/* - * Mutex calls: since the HWCryptoHook model closely follows the POSIX model - * these just wrap the POSIX functions and add some logging. - */ - -static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt, - HWCryptoHook_CallerContext * cactx) -{ - mt->lock = CRYPTO_THREAD_lock_new(); - if (mt->lock == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE); - return 1; /* failure */ - } - return 0; /* success */ -} - -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt) -{ - CRYPTO_THREAD_write_lock(mt->lock); - return 0; -} - -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt) -{ - CRYPTO_THREAD_unlock(mt->lock); -} - -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt) -{ - CRYPTO_THREAD_lock_free(mt->lock); -} - -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx) -{ - pem_password_cb *callback = NULL; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - /* - * Despite what the documentation says prompt_info can be an empty - * string. - */ - if (prompt_info && !*prompt_info) - prompt_info = NULL; - - if (cactx) { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->password_callback) - callback = cactx->password_callback; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) { - if (ppctx->ui_method) { - ui_method = ppctx->ui_method; - callback = NULL; - } - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (callback == NULL && ui_method == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK); - return -1; - } - - if (ui_method) { - UI *ui = UI_new_method(ui_method); - if (ui) { - int ok; - char *prompt = UI_construct_prompt(ui, - "pass phrase", prompt_info); - - ok = UI_add_input_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - buf, 0, (*len_io) - 1); - UI_add_user_data(ui, callback_data); - UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); - - if (ok >= 0) - do { - ok = UI_process(ui); - } - while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - - if (ok >= 0) - *len_io = strlen(buf); - - UI_free(ui); - OPENSSL_free(prompt); - } - } else { - *len_io = callback(buf, *len_io, 0, callback_data); - } - if (!*len_io) - return -1; - return 0; -} - -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx) -{ - int ok = -1; - UI *ui; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - - if (cactx) { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) { - if (ppctx->ui_method) - ui_method = ppctx->ui_method; - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (ui_method == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK); - return -1; - } - - ui = UI_new_method(ui_method); - - if (ui) { - char answer = '\0'; - char buf[BUFSIZ]; - /* - * Despite what the documentation says wrong_info can be an empty - * string. - */ - if (wrong_info && *wrong_info) - BIO_snprintf(buf, sizeof(buf) - 1, - "Current card: \"%s\"\n", wrong_info); - else - buf[0] = 0; - ok = UI_dup_info_string(ui, buf); - if (ok >= 0 && prompt_info) { - BIO_snprintf(buf, sizeof(buf) - 1, - "Insert card \"%s\"", prompt_info); - ok = UI_dup_input_boolean(ui, buf, - "\n then hit <enter> or C<enter> to cancel\n", - "\r\n", "Cc", UI_INPUT_FLAG_ECHO, - &answer); - } - UI_add_user_data(ui, callback_data); - - if (ok >= 0) - ok = UI_process(ui); - UI_free(ui); - - if (ok == -2 || (ok >= 0 && answer == 'C')) - ok = 1; - else if (ok < 0) - ok = -1; - else - ok = 0; - } - return ok; -} - -static void hwcrhk_log_message(void *logstr, const char *message) -{ - BIO *lstream = NULL; - - if (logstr) - lstream = *(BIO **)logstr; - if (lstream) { - BIO_printf(lstream, "%s\n", message); - } -} - -/* - * This stuff is needed if this ENGINE is being compiled into a - * self-contained shared-library. - */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_hwcrhk_id) != 0) && - (strcmp(id, engine_hwcrhk_id_alt) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -# endif /* !OPENSSL_NO_HW_CHIL */ -#endif /* !OPENSSL_NO_HW */ diff --git a/deps/openssl/openssl/engines/e_chil.ec b/deps/openssl/openssl/engines/e_chil.ec deleted file mode 100644 index b5a76e17df..0000000000 --- a/deps/openssl/openssl/engines/e_chil.ec +++ /dev/null @@ -1 +0,0 @@ -L HWCRHK e_chil_err.h e_chil_err.c diff --git a/deps/openssl/openssl/engines/e_chil_err.c b/deps/openssl/openssl/engines/e_chil_err.c deleted file mode 100644 index 0058684f79..0000000000 --- a/deps/openssl/openssl/engines/e_chil_err.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_chil_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA HWCRHK_str_functs[] = { - {ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"}, - {0, NULL} -}; - -static ERR_STRING_DATA HWCRHK_str_reasons[] = { - {ERR_REASON(HWCRHK_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(HWCRHK_R_BIO_WAS_FREED), "bio was freed"}, - {ERR_REASON(HWCRHK_R_CHIL_ERROR), "chil error"}, - {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_REASON(HWCRHK_R_DSO_FAILURE), "dso failure"}, - {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS), "missing key components"}, - {ERR_REASON(HWCRHK_R_NOT_INITIALISED), "not initialised"}, - {ERR_REASON(HWCRHK_R_NOT_LOADED), "not loaded"}, - {ERR_REASON(HWCRHK_R_NO_CALLBACK), "no callback"}, - {ERR_REASON(HWCRHK_R_NO_KEY), "no key"}, - {ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED), - "private key algorithms disabled"}, - {ERR_REASON(HWCRHK_R_REQUEST_FAILED), "request failed"}, - {ERR_REASON(HWCRHK_R_REQUEST_FALLBACK), "request fallback"}, - {ERR_REASON(HWCRHK_R_UNIT_FAILURE), "unit failure"}, - {0, NULL} -}; - -#endif - -#ifdef HWCRHK_LIB_NAME -static ERR_STRING_DATA HWCRHK_lib_name[] = { - {0, HWCRHK_LIB_NAME}, - {0, NULL} -}; -#endif - -static int HWCRHK_lib_error_code = 0; -static int HWCRHK_error_init = 1; - -static void ERR_load_HWCRHK_strings(void) -{ - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code = ERR_get_next_error_library(); - - if (HWCRHK_error_init) { - HWCRHK_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_functs); - ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code, 0, 0); - ERR_load_strings(0, HWCRHK_lib_name); -#endif - } -} - -static void ERR_unload_HWCRHK_strings(void) -{ - if (HWCRHK_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_functs); - ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - ERR_unload_strings(0, HWCRHK_lib_name); -#endif - HWCRHK_error_init = 1; - } -} - -static void ERR_HWCRHK_error(int function, int reason, char *file, int line) -{ - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(HWCRHK_lib_error_code, function, reason, file, line); -} diff --git a/deps/openssl/openssl/engines/e_chil_err.h b/deps/openssl/openssl/engines/e_chil_err.h deleted file mode 100644 index b0f0dd98d3..0000000000 --- a/deps/openssl/openssl/engines/e_chil_err.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_HWCRHK_ERR_H -# define HEADER_HWCRHK_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -static void ERR_load_HWCRHK_strings(void); -static void ERR_unload_HWCRHK_strings(void); -static void ERR_HWCRHK_error(int function, int reason, char *file, int line); -# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) - -/* Error codes for the HWCRHK functions. */ - -/* Function codes. */ -# define HWCRHK_F_HWCRHK_CTRL 100 -# define HWCRHK_F_HWCRHK_FINISH 101 -# define HWCRHK_F_HWCRHK_GET_PASS 102 -# define HWCRHK_F_HWCRHK_INIT 103 -# define HWCRHK_F_HWCRHK_INSERT_CARD 104 -# define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105 -# define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106 -# define HWCRHK_F_HWCRHK_MOD_EXP 107 -# define HWCRHK_F_HWCRHK_RAND_BYTES 108 -# define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109 -# define HWCRHK_F_BIND_HELPER 110 -# define HWCRHK_F_HWCRHK_MUTEX_INIT 111 - -/* Reason codes. */ -# define HWCRHK_R_ALREADY_LOADED 100 -# define HWCRHK_R_BIO_WAS_FREED 101 -# define HWCRHK_R_CHIL_ERROR 102 -# define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -# define HWCRHK_R_DSO_FAILURE 104 -# define HWCRHK_R_MISSING_KEY_COMPONENTS 105 -# define HWCRHK_R_NOT_INITIALISED 106 -# define HWCRHK_R_NOT_LOADED 107 -# define HWCRHK_R_NO_CALLBACK 108 -# define HWCRHK_R_NO_KEY 109 -# define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110 -# define HWCRHK_R_REQUEST_FAILED 111 -# define HWCRHK_R_REQUEST_FALLBACK 112 -# define HWCRHK_R_UNIT_FAILURE 113 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/openssl/openssl/engines/e_dasync.c b/deps/openssl/openssl/engines/e_dasync.c index b672a3a6fa..b005f421a6 100644 --- a/deps/openssl/openssl/engines/e_dasync.c +++ b/deps/openssl/openssl/engines/e_dasync.c @@ -34,7 +34,6 @@ # define ASYNC_WIN #endif -#define DASYNC_LIB_NAME "DASYNC" #include "e_dasync_err.c" /* Engine Id and Name */ @@ -438,8 +437,8 @@ static void dummy_pause_job(void) { #endif *writefd = pipefds[1]; - if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], - writefd, wait_cleanup)) { + if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], + writefd, wait_cleanup)) { wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); return; } diff --git a/deps/openssl/openssl/engines/e_dasync.ec b/deps/openssl/openssl/engines/e_dasync.ec index 385faa0b62..3d56ebcc5f 100644 --- a/deps/openssl/openssl/engines/e_dasync.ec +++ b/deps/openssl/openssl/engines/e_dasync.ec @@ -1 +1,3 @@ -L DASYNC e_dasync_err.h e_dasync_err.c +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L DASYNC e_dasync_err.h e_dasync_err.c diff --git a/deps/openssl/openssl/engines/e_dasync.txt b/deps/openssl/openssl/engines/e_dasync.txt new file mode 100644 index 0000000000..bff64bcf2f --- /dev/null +++ b/deps/openssl/openssl/engines/e_dasync.txt @@ -0,0 +1,22 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +DASYNC_F_BIND_DASYNC:107:bind_dasync +DASYNC_F_CIPHER_AES_128_CBC_CODE:100:* +DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY:109:* +DASYNC_F_DASYNC_AES128_INIT_KEY:108:* +DASYNC_F_DASYNC_BN_MOD_EXP:101:* +DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER:110:dasync_cipher_init_key_helper +DASYNC_F_DASYNC_MOD_EXP:102:* +DASYNC_F_DASYNC_PRIVATE_DECRYPT:103:* +DASYNC_F_DASYNC_PRIVATE_ENCRYPT:104:* +DASYNC_F_DASYNC_PUBLIC_DECRYPT:105:* +DASYNC_F_DASYNC_PUBLIC_ENCRYPT:106:* + +#Reason codes +DASYNC_R_INIT_FAILED:100:init failed diff --git a/deps/openssl/openssl/engines/e_dasync_err.c b/deps/openssl/openssl/engines/e_dasync_err.c index a9e7765314..794fb710cf 100644 --- a/deps/openssl/openssl/engines/e_dasync_err.c +++ b/deps/openssl/openssl/engines/e_dasync_err.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,96 +8,66 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> #include <openssl/err.h> #include "e_dasync_err.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - static ERR_STRING_DATA DASYNC_str_functs[] = { - {ERR_FUNC(DASYNC_F_BIND_DASYNC), "bind_dasync"}, - {ERR_FUNC(DASYNC_F_CIPHER_AES_128_CBC_CODE), "CIPHER_AES_128_CBC_CODE"}, - {ERR_FUNC(DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY), - "dasync_aes128_cbc_hmac_sha1_init_key"}, - {ERR_FUNC(DASYNC_F_DASYNC_AES128_INIT_KEY), "dasync_aes128_init_key"}, - {ERR_FUNC(DASYNC_F_DASYNC_BN_MOD_EXP), "DASYNC_BN_MOD_EXP"}, - {ERR_FUNC(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER), + {ERR_PACK(0, DASYNC_F_BIND_DASYNC, 0), "bind_dasync"}, + {ERR_PACK(0, DASYNC_F_CIPHER_AES_128_CBC_CODE, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_AES128_INIT_KEY, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_BN_MOD_EXP, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 0), "dasync_cipher_init_key_helper"}, - {ERR_FUNC(DASYNC_F_DASYNC_MOD_EXP), "DASYNC_MOD_EXP"}, - {ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_DECRYPT), "DASYNC_PRIVATE_DECRYPT"}, - {ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_ENCRYPT), "DASYNC_PRIVATE_ENCRYPT"}, - {ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_DECRYPT), "DASYNC_PUBLIC_DECRYPT"}, - {ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_ENCRYPT), "DASYNC_PUBLIC_ENCRYPT"}, + {ERR_PACK(0, DASYNC_F_DASYNC_MOD_EXP, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_DECRYPT, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_ENCRYPT, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_DECRYPT, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_ENCRYPT, 0), ""}, {0, NULL} }; static ERR_STRING_DATA DASYNC_str_reasons[] = { - {ERR_REASON(DASYNC_R_INIT_FAILED), "init failed"}, - {ERR_REASON(DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED), - "length not block aligned"}, - {ERR_REASON(DASYNC_R_UNKNOWN_FAULT), "unknown fault"}, + {ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed"}, {0, NULL} }; #endif -#ifdef DASYNC_LIB_NAME -static ERR_STRING_DATA DASYNC_lib_name[] = { - {0, DASYNC_LIB_NAME}, - {0, NULL} -}; -#endif - -static int DASYNC_lib_error_code = 0; -static int DASYNC_error_init = 1; +static int lib_code = 0; +static int error_loaded = 0; -static void ERR_load_DASYNC_strings(void) +static int ERR_load_DASYNC_strings(void) { - if (DASYNC_lib_error_code == 0) - DASYNC_lib_error_code = ERR_get_next_error_library(); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); - if (DASYNC_error_init) { - DASYNC_error_init = 0; + if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_functs); - ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_reasons); -#endif - -#ifdef DASYNC_LIB_NAME - DASYNC_lib_name->error = ERR_PACK(DASYNC_lib_error_code, 0, 0); - ERR_load_strings(0, DASYNC_lib_name); + ERR_load_strings(lib_code, DASYNC_str_functs); + ERR_load_strings(lib_code, DASYNC_str_reasons); #endif + error_loaded = 1; } + return 1; } static void ERR_unload_DASYNC_strings(void) { - if (DASYNC_error_init == 0) { + if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_functs); - ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_reasons); -#endif - -#ifdef DASYNC_LIB_NAME - ERR_unload_strings(0, DASYNC_lib_name); + ERR_unload_strings(lib_code, DASYNC_str_functs); + ERR_unload_strings(lib_code, DASYNC_str_reasons); #endif - DASYNC_error_init = 1; + error_loaded = 0; } } static void ERR_DASYNC_error(int function, int reason, char *file, int line) { - if (DASYNC_lib_error_code == 0) - DASYNC_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(DASYNC_lib_error_code, function, reason, file, line); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); } diff --git a/deps/openssl/openssl/engines/e_dasync_err.h b/deps/openssl/openssl/engines/e_dasync_err.h index b01fead2ac..7c2c027879 100644 --- a/deps/openssl/openssl/engines/e_dasync_err.h +++ b/deps/openssl/openssl/engines/e_dasync_err.h @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,28 +8,15 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_DASYNC_ERR_H -# define HEADER_DASYNC_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif +#ifndef HEADER_DASYNCERR_H +# define HEADER_DASYNCERR_H -/* BEGIN ERROR CODES */ -static void ERR_load_DASYNC_strings(void); -static void ERR_unload_DASYNC_strings(void); -static void ERR_DASYNC_error(int function, int reason, char *file, int line); -# define DASYNCerr(f,r) ERR_DASYNC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) -/* Error codes for the DASYNC functions. */ -/* Function codes. */ +/* + * DASYNC function codes. + */ # define DASYNC_F_BIND_DASYNC 107 # define DASYNC_F_CIPHER_AES_128_CBC_CODE 100 # define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY 109 @@ -41,12 +29,9 @@ static void ERR_DASYNC_error(int function, int reason, char *file, int line); # define DASYNC_F_DASYNC_PUBLIC_DECRYPT 105 # define DASYNC_F_DASYNC_PUBLIC_ENCRYPT 106 -/* Reason codes. */ -# define DASYNC_R_INIT_FAILED 102 -# define DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED 100 -# define DASYNC_R_UNKNOWN_FAULT 101 +/* + * DASYNC reason codes. + */ +# define DASYNC_R_INIT_FAILED 100 -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/engines/e_ossltest.c b/deps/openssl/openssl/engines/e_ossltest.c index b4c83cb7c3..64376247c3 100644 --- a/deps/openssl/openssl/engines/e_ossltest.c +++ b/deps/openssl/openssl/engines/e_ossltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,9 +23,9 @@ #include <openssl/evp.h> #include <openssl/modes.h> #include <openssl/aes.h> +#include <openssl/rand.h> #include <openssl/crypto.h> -#define OSSLTEST_LIB_NAME "OSSLTEST" #include "e_ossltest_err.c" /* Engine Id and Name */ @@ -43,6 +43,7 @@ void ENGINE_load_ossltest(void); /* Set up digests */ static int ossltest_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); +static const RAND_METHOD *ossltest_rand_method(void); /* MD5 */ static int digest_md5_init(EVP_MD_CTX *ctx); @@ -226,7 +227,7 @@ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, const int **, int); static int ossltest_cipher_nids[] = { - NID_aes_128_cbc, 0 + NID_aes_128_cbc, NID_aes_128_gcm, 0 }; /* AES128 */ @@ -235,6 +236,12 @@ int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); +int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr); static EVP_CIPHER *_hidden_aes_128_cbc = NULL; static const EVP_CIPHER *ossltest_aes_128_cbc(void) @@ -258,9 +265,40 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void) } return _hidden_aes_128_cbc; } +static EVP_CIPHER *_hidden_aes_128_gcm = NULL; + +#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \ + | EVP_CIPH_GCM_MODE) + +static const EVP_CIPHER *ossltest_aes_128_gcm(void) +{ + if (_hidden_aes_128_gcm == NULL + && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm, + 1 /* block size */, + 16 /* key len */)) == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS) + || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm, + ossltest_aes128_gcm_init_key) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm, + ossltest_aes128_gcm_cipher) + || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm, + ossltest_aes128_gcm_ctrl) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm, + EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { + EVP_CIPHER_meth_free(_hidden_aes_128_gcm); + _hidden_aes_128_gcm = NULL; + } + return _hidden_aes_128_gcm; +} + static void destroy_ciphers(void) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); + EVP_CIPHER_meth_free(_hidden_aes_128_gcm); _hidden_aes_128_cbc = NULL; } @@ -273,6 +311,7 @@ static int bind_ossltest(ENGINE *e) || !ENGINE_set_name(e, engine_ossltest_name) || !ENGINE_set_digests(e, ossltest_digests) || !ENGINE_set_ciphers(e, ossltest_ciphers) + || !ENGINE_set_RAND(e, ossltest_rand_method()) || !ENGINE_set_destroy_function(e, ossltest_destroy) || !ENGINE_set_init_function(e, ossltest_init) || !ENGINE_set_finish_function(e, ossltest_finish)) { @@ -389,6 +428,9 @@ static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher, case NID_aes_128_cbc: *cipher = ossltest_aes_128_cbc(); break; + case NID_aes_128_gcm: + *cipher = ossltest_aes_128_gcm(); + break; default: ok = 0; *cipher = NULL; @@ -551,18 +593,104 @@ int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int ret; tmpbuf = OPENSSL_malloc(inl); - if (tmpbuf == NULL) + + /* OPENSSL_malloc will return NULL if inl == 0 */ + if (tmpbuf == NULL && inl > 0) return -1; /* Remember what we were asked to encrypt */ - memcpy(tmpbuf, in, inl); + if (tmpbuf != NULL) + memcpy(tmpbuf, in, inl); /* Go through the motions of encrypting it */ ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl); /* Throw it all away and just use the plaintext as the output */ - memcpy(out, tmpbuf, inl); + if (tmpbuf != NULL) + memcpy(out, tmpbuf, inl); OPENSSL_free(tmpbuf); return ret; } + +int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc); +} + + +int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + unsigned char *tmpbuf = OPENSSL_malloc(inl); + + /* OPENSSL_malloc will return NULL if inl == 0 */ + if (tmpbuf == NULL && inl > 0) + return -1; + + /* Remember what we were asked to encrypt */ + if (tmpbuf != NULL) + memcpy(tmpbuf, in, inl); + + /* Go through the motions of encrypting it */ + EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl); + + /* Throw it all away and just use the plaintext as the output */ + if (tmpbuf != NULL && out != NULL) + memcpy(out, tmpbuf, inl); + OPENSSL_free(tmpbuf); + + return inl; +} + +static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr) +{ + /* Pass the ctrl down */ + int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr); + + if (ret <= 0) + return ret; + + switch(type) { + case EVP_CTRL_AEAD_GET_TAG: + /* Always give the same tag */ + memset(ptr, 0, EVP_GCM_TLS_TAG_LEN); + break; + + default: + break; + } + + return 1; +} + +static int ossltest_rand_bytes(unsigned char *buf, int num) +{ + unsigned char val = 1; + + while (--num >= 0) + *buf++ = val++; + return 1; +} + +static int ossltest_rand_status(void) +{ + return 1; +} + +static const RAND_METHOD *ossltest_rand_method(void) +{ + + static RAND_METHOD osslt_rand_meth = { + NULL, + ossltest_rand_bytes, + NULL, + NULL, + ossltest_rand_bytes, + ossltest_rand_status + }; + + return &osslt_rand_meth; +} diff --git a/deps/openssl/openssl/engines/e_ossltest.ec b/deps/openssl/openssl/engines/e_ossltest.ec index d8a1befa20..a4a55ecb3f 100644 --- a/deps/openssl/openssl/engines/e_ossltest.ec +++ b/deps/openssl/openssl/engines/e_ossltest.ec @@ -1 +1,3 @@ -L OSSLTEST e_ossltest_err.h e_ossltest_err.c +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L OSSLTEST e_ossltest_err.h e_ossltest_err.c diff --git a/deps/openssl/openssl/engines/e_ossltest.txt b/deps/openssl/openssl/engines/e_ossltest.txt new file mode 100644 index 0000000000..2b2e31a075 --- /dev/null +++ b/deps/openssl/openssl/engines/e_ossltest.txt @@ -0,0 +1,13 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +OSSLTEST_F_BIND_OSSLTEST:100:bind_ossltest +OSSLTEST_F_OSSLTEST_AES128_INIT_KEY:101:* + +#Reason codes +OSSLTEST_R_INIT_FAILED:100:init failed diff --git a/deps/openssl/openssl/engines/e_ossltest_err.c b/deps/openssl/openssl/engines/e_ossltest_err.c index 71d05788d1..920a13a692 100644 --- a/deps/openssl/openssl/engines/e_ossltest_err.c +++ b/deps/openssl/openssl/engines/e_ossltest_err.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,83 +8,56 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> #include <openssl/err.h> #include "e_ossltest_err.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - static ERR_STRING_DATA OSSLTEST_str_functs[] = { - {ERR_FUNC(OSSLTEST_F_BIND_OSSLTEST), "BIND_OSSLTEST"}, - {ERR_FUNC(OSSLTEST_F_OSSLTEST_AES128_INIT_KEY), - "OSSLTEST_AES128_INIT_KEY"}, + {ERR_PACK(0, OSSLTEST_F_BIND_OSSLTEST, 0), "bind_ossltest"}, + {ERR_PACK(0, OSSLTEST_F_OSSLTEST_AES128_INIT_KEY, 0), ""}, {0, NULL} }; static ERR_STRING_DATA OSSLTEST_str_reasons[] = { - {ERR_REASON(OSSLTEST_R_INIT_FAILED), "init failed"}, + {ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed"}, {0, NULL} }; #endif -#ifdef OSSLTEST_LIB_NAME -static ERR_STRING_DATA OSSLTEST_lib_name[] = { - {0, OSSLTEST_LIB_NAME}, - {0, NULL} -}; -#endif - -static int OSSLTEST_lib_error_code = 0; -static int OSSLTEST_error_init = 1; +static int lib_code = 0; +static int error_loaded = 0; -static void ERR_load_OSSLTEST_strings(void) +static int ERR_load_OSSLTEST_strings(void) { - if (OSSLTEST_lib_error_code == 0) - OSSLTEST_lib_error_code = ERR_get_next_error_library(); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); - if (OSSLTEST_error_init) { - OSSLTEST_error_init = 0; + if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs); - ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons); -#endif - -#ifdef OSSLTEST_LIB_NAME - OSSLTEST_lib_name->error = ERR_PACK(OSSLTEST_lib_error_code, 0, 0); - ERR_load_strings(0, OSSLTEST_lib_name); + ERR_load_strings(lib_code, OSSLTEST_str_functs); + ERR_load_strings(lib_code, OSSLTEST_str_reasons); #endif + error_loaded = 1; } + return 1; } static void ERR_unload_OSSLTEST_strings(void) { - if (OSSLTEST_error_init == 0) { + if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs); - ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons); -#endif - -#ifdef OSSLTEST_LIB_NAME - ERR_unload_strings(0, OSSLTEST_lib_name); + ERR_unload_strings(lib_code, OSSLTEST_str_functs); + ERR_unload_strings(lib_code, OSSLTEST_str_reasons); #endif - OSSLTEST_error_init = 1; + error_loaded = 0; } } static void ERR_OSSLTEST_error(int function, int reason, char *file, int line) { - if (OSSLTEST_lib_error_code == 0) - OSSLTEST_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(OSSLTEST_lib_error_code, function, reason, file, line); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); } diff --git a/deps/openssl/openssl/engines/e_ossltest_err.h b/deps/openssl/openssl/engines/e_ossltest_err.h index a323c398f6..e745c1a236 100644 --- a/deps/openssl/openssl/engines/e_ossltest_err.h +++ b/deps/openssl/openssl/engines/e_ossltest_err.h @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,35 +8,21 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_OSSLTEST_ERR_H -# define HEADER_OSSLTEST_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif +#ifndef HEADER_OSSLTESTERR_H +# define HEADER_OSSLTESTERR_H -/* BEGIN ERROR CODES */ -static void ERR_load_OSSLTEST_strings(void); -static void ERR_unload_OSSLTEST_strings(void); -static void ERR_OSSLTEST_error(int function, int reason, char *file, int line); -# define OSSLTESTerr(f,r) ERR_OSSLTEST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) -/* Error codes for the OSSLTEST functions. */ -/* Function codes. */ +/* + * OSSLTEST function codes. + */ # define OSSLTEST_F_BIND_OSSLTEST 100 # define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY 101 -/* Reason codes. */ +/* + * OSSLTEST reason codes. + */ # define OSSLTEST_R_INIT_FAILED 100 -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/engines/e_padlock.c b/deps/openssl/openssl/engines/e_padlock.c index b86f165504..f6b1f16981 100644 --- a/deps/openssl/openssl/engines/e_padlock.c +++ b/deps/openssl/openssl/engines/e_padlock.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,10 +199,10 @@ struct padlock_cipher_data { }; /* Interface to assembler module */ -unsigned int padlock_capability(); +unsigned int padlock_capability(void); void padlock_key_bswap(AES_KEY *key); void padlock_verify_context(struct padlock_cipher_data *ctx); -void padlock_reload_key(); +void padlock_reload_key(void); void padlock_aes_block(void *out, const void *inp, struct padlock_cipher_data *ctx); int padlock_ecb_encrypt(void *out, const void *inp, diff --git a/deps/openssl/openssl/engines/e_padlock.ec b/deps/openssl/openssl/engines/e_padlock.ec deleted file mode 100644 index 5c8a1d26a5..0000000000 --- a/deps/openssl/openssl/engines/e_padlock.ec +++ /dev/null @@ -1 +0,0 @@ -L PADLOCK e_padlock_err.h e_padlock_err.c diff --git a/deps/openssl/openssl/engines/vendor_defns/hwcryptohook.h b/deps/openssl/openssl/engines/vendor_defns/hwcryptohook.h deleted file mode 100644 index c3dcd56f4f..0000000000 --- a/deps/openssl/openssl/engines/vendor_defns/hwcryptohook.h +++ /dev/null @@ -1,509 +0,0 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * ModExp / RSA (with/without KM) plugin API - * - * The application will load a dynamic library which - * exports entrypoint(s) defined in this file. - * - * This set of entrypoints provides only a multithreaded, - * synchronous-within-each-thread, facility. - * - * - * This file is Copyright 1998-2000 nCipher Corporation Limited. - * - * Redistribution and use in source and binary forms, with opr without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the copyright notice, - * this list of conditions, and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions, and the following - * disclaimer, in the documentation and/or other materials provided - * with the distribution - * - * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR - * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any - * damages arising directly or indirectly from this file, its use or - * this licence. Without prejudice to the generality of the - * foregoing: all liability shall be excluded for direct, indirect, - * special, incidental, consequential or other damages or any loss of - * profits, business, revenue goodwill or anticipated savings; - * liability shall be excluded even if nCipher or anyone else has been - * advised of the possibility of damage. In any event, if the - * exclusion of liability is not effective, the liability of nCipher - * or any author or distributor shall be limited to the lesser of the - * price paid and 1,000 pounds sterling. This licence only fails to - * exclude or limit liability for death or personal injury arising out - * of negligence, and only to the extent that such an exclusion or - * limitation is not effective. - * - * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL - * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not - * limited to, any implied warranties of merchantability, fitness for - * a particular purpose, satisfactory quality, and/or non-infringement - * of any third party rights. - * - * US Government use: This software and documentation is Commercial - * Computer Software and Computer Software Documentation, as defined in - * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in - * Noncommercial Computer Software and Noncommercial Computer Software - * Documentation." Use, duplication or disclosure by the Government is - * subject to the terms and conditions specified here. - * - * By using or distributing this file you will be accepting these - * terms and conditions, including the limitation of liability and - * lack of warranty. If you do not wish to accept these terms and - * conditions, DO NOT USE THE FILE. - * - * - * The actual dynamically loadable plugin, and the library files for - * static linking, which are also provided in some distributions, are - * not covered by the licence described above. You should have - * received a separate licence with terms and conditions for these - * library files; if you received the library files without a licence, - * please contact nCipher. - * - */ - -#ifndef HWCRYPTOHOOK_H -# define HWCRYPTOHOOK_H - -# include <sys/types.h> -# include <stdio.h> - -# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES -# define HWCRYPTOHOOK_DECLARE_APPTYPES 1 -# endif - -# define HWCRYPTOHOOK_ERROR_FAILED -1 -# define HWCRYPTOHOOK_ERROR_FALLBACK -2 -# define HWCRYPTOHOOK_ERROR_MPISIZE -3 - -# if HWCRYPTOHOOK_DECLARE_APPTYPES - -/*- - * These structs are defined by the application and opaque to the - * crypto plugin. The application may define these as it sees fit. - * Default declarations are provided here, but the application may - * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0 - * to prevent these declarations, and instead provide its own - * declarations of these types. (Pointers to them must still be - * ordinary pointers to structs or unions, or the resulting combined - * program will have a type inconsistency.) - */ -typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex; -typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar; -typedef struct HWCryptoHook_PassphraseContextValue - HWCryptoHook_PassphraseContext; -typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext; - -# endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */ - -/*- - * These next two structs are opaque to the application. The crypto - * plugin will return pointers to them; the caller simply manipulates - * the pointers. - */ -typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle; -typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle; - -typedef struct { - char *buf; - size_t size; -} HWCryptoHook_ErrMsgBuf; -/*- - * Used for error reporting. When a HWCryptoHook function fails it - * will return a sentinel value (0 for pointer-valued functions, or a - * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for - * integer-valued ones). It will, if an ErrMsgBuf is passed, also put - * an error message there. - * - * size is the size of the buffer, and will not be modified. If you - * pass 0 for size you must pass 0 for buf, and nothing will be - * recorded (just as if you passed 0 for the struct pointer). - * Messages written to the buffer will always be null-terminated, even - * when truncated to fit within size bytes. - * - * The contents of the buffer are not defined if there is no error. - */ - -typedef struct HWCryptoHook_MPIStruct { - unsigned char *buf; - size_t size; -} HWCryptoHook_MPI; -/*- - * When one of these is returned, a pointer is passed to the function. - * At call, size is the space available. Afterwards it is updated to - * be set to the actual length (which may be more than the space available, - * if there was not enough room and the result was truncated). - * buf (the pointer) is not updated. - * - * size is in bytes and may be zero at call or return, but must be a - * multiple of the limb size. Zero limbs at the MS end are not - * permitted. - */ - -# define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL -# define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL -/*- - * Enable requesting fallback to software in case of problems with the - * hardware support. This indicates to the crypto provider that the - * application is prepared to fall back to software operation if the - * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK. - * Without this flag those calls will never return - * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto - * provider to avoid repeatedly attempting to contact dead hardware - * within a short interval, if appropriate. - */ - -# define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL -/*- - * Without _SimpleForkCheck the library is allowed to assume that the - * application will not fork and call the library in the child(ren). - * - * When it is specified, this is allowed. However, after a fork - * neither parent nor child may unload any loaded keys or call - * _Finish. Instead, they should call exit (or die with a signal) - * without calling _Finish. After all the children have died the - * parent may unload keys or call _Finish. - * - * This flag only has any effect on UN*X platforms. - */ - -typedef struct { - unsigned long flags; - void *logstream; /* usually a FILE*. See below. */ - size_t limbsize; /* bignum format - size of radix type, must - * be power of 2 */ - int mslimbfirst; /* 0 or 1 */ - int msbytefirst; /* 0 or 1; -1 = native */ - /*- - * All the callback functions should return 0 on success, or a - * nonzero integer (whose value will be visible in the error message - * put in the buffer passed to the call). - * - * If a callback is not available pass a null function pointer. - * - * The callbacks may not call down again into the crypto plugin. - */ - /*- - * For thread-safety. Set everything to 0 if you promise only to be - * singlethreaded. maxsimultaneous is the number of calls to - * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to - * put there then say 0 and the hook library will use a default. - * - * maxmutexes is a small limit on the number of simultaneous mutexes - * which will be requested by the library. If there is no small - * limit, set it to 0. If the crypto plugin cannot create the - * advertised number of mutexes the calls to its functions may fail. - * If a low number of mutexes is advertised the plugin will try to - * do the best it can. Making larger numbers of mutexes available - * may improve performance and parallelism by reducing contention - * over critical sections. Unavailability of any mutexes, implying - * single-threaded operation, should be indicated by the setting - * mutex_init et al to 0. - */ - int maxmutexes; - int maxsimultaneous; - size_t mutexsize; - int (*mutex_init) (HWCryptoHook_Mutex *, - HWCryptoHook_CallerContext * cactx); - int (*mutex_acquire) (HWCryptoHook_Mutex *); - void (*mutex_release) (HWCryptoHook_Mutex *); - void (*mutex_destroy) (HWCryptoHook_Mutex *); - /*- - * For greater efficiency, can use condition vars internally for - * synchronisation. In this case maxsimultaneous is ignored, but - * the other mutex stuff must be available. In singlethreaded - * programs, set everything to 0. - */ - size_t condvarsize; - int (*condvar_init) (HWCryptoHook_CondVar *, - HWCryptoHook_CallerContext * cactx); - int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *); - void (*condvar_signal) (HWCryptoHook_CondVar *); - void (*condvar_broadcast) (HWCryptoHook_CondVar *); - void (*condvar_destroy) (HWCryptoHook_CondVar *); - /*- - * The semantics of acquiring and releasing mutexes and broadcasting - * and waiting on condition variables are expected to be those from - * POSIX threads (pthreads). The mutexes may be (in pthread-speak) - * fast mutexes, recursive mutexes, or nonrecursive ones. - * - * The _release/_signal/_broadcast and _destroy functions must - * always succeed when given a valid argument; if they are given an - * invalid argument then the program (crypto plugin + application) - * has an internal error, and they should abort the program. - */ - int (*getpassphrase) (const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); - /*- - * Passphrases and the prompt_info, if they contain high-bit-set - * characters, are UTF-8. The prompt_info may be a null pointer if - * no prompt information is available (it should not be an empty - * string). It will not contain text like `enter passphrase'; - * instead it might say something like `Operator Card for John - * Smith' or `SmartCard in nFast Module #1, Slot #1'. - * - * buf points to a buffer in which to return the passphrase; on - * entry *len_io is the length of the buffer. It should be updated - * by the callback. The returned passphrase should not be - * null-terminated by the callback. - */ - int (*getphystoken) (const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); - /*- - * Requests that the human user physically insert a different - * smartcard, DataKey, etc. The plugin should check whether the - * currently inserted token(s) are appropriate, and if they are it - * should not make this call. - * - * prompt_info is as before. wrong_info is a description of the - * currently inserted token(s) so that the user is told what - * something is. wrong_info, like prompt_info, may be null, but - * should not be an empty string. Its contents should be - * syntactically similar to that of prompt_info. - */ - /*- - * Note that a single LoadKey operation might cause several calls to - * getpassphrase and/or requestphystoken. If requestphystoken is - * not provided (ie, a null pointer is passed) then the plugin may - * not support loading keys for which authorisation by several cards - * is required. If getpassphrase is not provided then cards with - * passphrases may not be supported. - * - * getpassphrase and getphystoken do not need to check that the - * passphrase has been entered correctly or the correct token - * inserted; the crypto plugin will do that. If this is not the - * case then the crypto plugin is responsible for calling these - * routines again as appropriate until the correct token(s) and - * passphrase(s) are supplied as required, or until any retry limits - * implemented by the crypto plugin are reached. - * - * In either case, the application must allow the user to say `no' - * or `cancel' to indicate that they do not know the passphrase or - * have the appropriate token; this should cause the callback to - * return nonzero indicating error. - */ - void (*logmessage) (void *logstream, const char *message); - /*- - * A log message will be generated at least every time something goes - * wrong and an ErrMsgBuf is filled in (or would be if one was - * provided). Other diagnostic information may be written there too, - * including more detailed reasons for errors which are reported in an - * ErrMsgBuf. - * - * When a log message is generated, this callback is called. It - * should write a message to the relevant logging arrangements. - * - * The message string passed will be null-terminated and may be of arbitrary - * length. It will not be prefixed by the time and date, nor by the - * name of the library that is generating it - if this is required, - * the logmessage callback must do it. The message will not have a - * trailing newline (though it may contain internal newlines). - * - * If a null pointer is passed for logmessage a default function is - * used. The default function treats logstream as a FILE* which has - * been converted to a void*. If logstream is 0 it does nothing. - * Otherwise it prepends the date and time and library name and - * writes the message to logstream. Each line will be prefixed by a - * descriptive string containing the date, time and identity of the - * crypto plugin. Errors on the logstream are not reported - * anywhere, and the default function doesn't flush the stream, so - * the application must set the buffering how it wants it. - * - * The crypto plugin may also provide a facility to have copies of - * log messages sent elsewhere, and or for adjusting the verbosity - * of the log messages; any such facilities will be configured by - * external means. - */ -} HWCryptoHook_InitInfo; - -typedef -HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo * - initinfo, size_t initinfosize, - const HWCryptoHook_ErrMsgBuf * - errors, - HWCryptoHook_CallerContext * - cactx); -extern HWCryptoHook_Init_t HWCryptoHook_Init; - -/*- - * Caller should set initinfosize to the size of the HWCryptoHook struct, - * so it can be extended later. - * - * On success, a message for display or logging by the server, - * including the name and version number of the plugin, will be filled - * in into *errors; on failure *errors is used for error handling, as - * usual. - */ - -/*- - * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED - * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of - * the output MPI buffer(s) was too small; the sizes of all have been - * set to the desired size (and for those where the buffer was large - * enough, the value may have been copied in), and no error message - * has been recorded. - * - * You may pass 0 for the errors struct. In any case, unless you set - * _NoStderr at init time then messages may be reported to stderr. - */ - -/*- - * The RSAImmed* functions (and key managed RSA) only work with - * modules which have an RSA patent licence - currently that means KM - * units; the ModExp* ones work with all modules, so you need a patent - * licence in the software in the US. They are otherwise identical. - */ - -typedef -void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx); -extern HWCryptoHook_Finish_t HWCryptoHook_Finish; -/* You must not have any calls going or keys loaded when you call this. */ - -typedef -int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx, - unsigned char *buf, size_t len, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes; - -typedef -int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI a, - HWCryptoHook_MPI p, - HWCryptoHook_MPI n, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp; - -typedef -int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI m, - HWCryptoHook_MPI e, - HWCryptoHook_MPI n, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub; - -typedef -int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI a, - HWCryptoHook_MPI p, - HWCryptoHook_MPI q, - HWCryptoHook_MPI dmp1, - HWCryptoHook_MPI dmq1, - HWCryptoHook_MPI iqmp, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT; - -typedef -int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI m, - HWCryptoHook_MPI p, - HWCryptoHook_MPI q, - HWCryptoHook_MPI dmp1, - HWCryptoHook_MPI dmq1, - HWCryptoHook_MPI iqmp, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv; - -/*- - * The RSAImmed* and ModExp* functions may return E_FAILED or - * E_FALLBACK for failure. - * - * E_FAILED means the failure is permanent and definite and there - * should be no attempt to fall back to software. (Eg, for some - * applications, which support only the acceleration-only - * functions, the `key material' may actually be an encoded key - * identifier, and doing the operation in software would give wrong - * answers.) - * - * E_FALLBACK means that doing the computation in software would seem - * reasonable. If an application pays attention to this and is - * able to fall back, it should also set the Fallback init flags. - */ - -typedef -int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx, - const char *key_ident, - HWCryptoHook_RSAKeyHandle * keyhandle_r, - const HWCryptoHook_ErrMsgBuf * errors, - HWCryptoHook_PassphraseContext * ppctx); -extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey; -/*- - * The key_ident is a null-terminated string configured by the - * user via the application's usual configuration mechanisms. - * It is provided to the user by the crypto provider's key management - * system. The user must be able to enter at least any string of between - * 1 and 1023 characters inclusive, consisting of printable 7-bit - * ASCII characters. The provider should avoid using - * any characters except alphanumerics and the punctuation - * characters _ - + . / @ ~ (the user is expected to be able - * to enter these without quoting). The string may be case-sensitive. - * The application may allow the user to enter other NULL-terminated strings, - * and the provider must cope (returning an error if the string is not - * valid). - * - * If the key does not exist, no error is recorded and 0 is returned; - * keyhandle_r will be set to 0 instead of to a key handle. - */ - -typedef -int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k, - HWCryptoHook_MPI * n, - HWCryptoHook_MPI * e, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey; -/*- - * The crypto plugin will not store certificates. - * - * Although this function for acquiring the public key value is - * provided, it is not the purpose of this API to deal fully with the - * handling of the public key. - * - * It is expected that the crypto supplier's key generation program - * will provide general facilities for producing X.509 - * self-certificates and certificate requests in PEM format. These - * will be given to the user so that they can configure them in the - * application, send them to CAs, or whatever. - * - * In case this kind of certificate handling is not appropriate, the - * crypto supplier's key generation program should be able to be - * configured not to generate such a self-certificate or certificate - * request. Then the application will need to do all of this, and - * will need to store and handle the public key and certificates - * itself. - */ - -typedef -int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey; -/* Might fail due to locking problems, or other serious internal problems. */ - -typedef -int HWCryptoHook_RSA_t(HWCryptoHook_MPI m, - HWCryptoHook_RSAKeyHandle k, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSA_t HWCryptoHook_RSA; -/* RSA private key operation (sign or decrypt) - raw, unpadded. */ - -#endif /* HWCRYPTOHOOK_H */ |