Small fixes of cryptodev engine
[openssl.git] / crypto / engine / eng_cryptodev.c
1 /*
2  * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 /*
11  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
12  * Copyright (c) 2002 Theo de Raadt
13  * Copyright (c) 2002 Markus Friedl
14  * Copyright (c) 2012 Nikos Mavrogiannopoulos
15  * All rights reserved.
16  *
17  * Redistribution and use in source and binary forms, with or without
18  * modification, are permitted provided that the following conditions
19  * are met:
20  * 1. Redistributions of source code must retain the above copyright
21  *    notice, this list of conditions and the following disclaimer.
22  * 2. Redistributions in binary form must reproduce the above copyright
23  *    notice, this list of conditions and the following disclaimer in the
24  *    documentation and/or other materials provided with the distribution.
25  *
26  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
27  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
28  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
29  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
30  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
31  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
32  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
33  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  *
37  */
38
39 #include <openssl/objects.h>
40 #include <internal/engine.h>
41 #include <openssl/evp.h>
42 #include <openssl/bn.h>
43 #include <openssl/crypto.h>
44
45 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
46         (defined(OpenBSD) || defined(__FreeBSD__) || defined(__DragonFly__))
47 # include <sys/param.h>
48 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__DragonFly__)
49 #  define HAVE_CRYPTODEV
50 # endif
51 # if (OpenBSD >= 200110)
52 #  define HAVE_SYSLOG_R
53 # endif
54 #endif
55
56 #include <sys/types.h>
57 #ifdef HAVE_CRYPTODEV
58 # include <crypto/cryptodev.h>
59 # include <sys/ioctl.h>
60 # include <errno.h>
61 # include <stdio.h>
62 # include <unistd.h>
63 # include <fcntl.h>
64 # include <stdarg.h>
65 # include <syslog.h>
66 # include <errno.h>
67 # include <string.h>
68 #endif
69 #include <openssl/dh.h>
70 #include <openssl/dsa.h>
71 #include <openssl/err.h>
72 #include <openssl/rsa.h>
73
74 #ifndef HAVE_CRYPTODEV
75
76 void engine_load_cryptodev_int(void)
77 {
78     /* This is a NOP on platforms without /dev/crypto */
79     return;
80 }
81
82 #else
83
84 /* Available on cryptodev-linux but not on FreeBSD 8.4 */
85 # ifndef CRYPTO_HMAC_MAX_KEY_LEN
86 #  define CRYPTO_HMAC_MAX_KEY_LEN 512
87 # endif
88 # ifndef CRYPTO_CIPHER_MAX_KEY_LEN
89 #  define CRYPTO_CIPHER_MAX_KEY_LEN 64
90 # endif
91
92 struct dev_crypto_state {
93     struct session_op d_sess;
94     int d_fd;
95 # ifdef USE_CRYPTODEV_DIGESTS
96     unsigned char digest_res[HASH_MAX_LEN];
97     char *mac_data;
98     int mac_len;
99 # endif
100 };
101
102 static u_int32_t cryptodev_asymfeat = 0;
103
104 static RSA_METHOD *cryptodev_rsa;
105 # ifndef OPENSSL_NO_DSA
106 static DSA_METHOD *cryptodev_dsa = NULL;
107 # endif
108 # ifndef OPENSSL_NO_DH
109 static DH_METHOD *cryptodev_dh;
110 # endif
111
112 static int get_asym_dev_crypto(void);
113 static int open_dev_crypto(void);
114 static int get_dev_crypto(void);
115 static int get_cryptodev_ciphers(const int **cnids);
116 # ifdef USE_CRYPTODEV_DIGESTS
117 static int get_cryptodev_digests(const int **cnids);
118 # endif
119 static int cryptodev_usable_ciphers(const int **nids);
120 static int cryptodev_usable_digests(const int **nids);
121 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
122                             const unsigned char *in, size_t inl);
123 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
124                               const unsigned char *iv, int enc);
125 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
126 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
127                                     const int **nids, int nid);
128 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
129                                     const int **nids, int nid);
130 static int bn2crparam(const BIGNUM *a, struct crparam *crp);
131 static int crparam2bn(struct crparam *crp, BIGNUM *a);
132 static void zapparams(struct crypt_kop *kop);
133 static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
134                           int slen, BIGNUM *s);
135
136 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
137                                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
138                                 BN_MONT_CTX *m_ctx);
139 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
140                                        BN_CTX *ctx);
141 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
142                                  BN_CTX *ctx);
143 # ifndef OPENSSL_NO_DSA
144 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a,
145                                     const BIGNUM *p, const BIGNUM *m,
146                                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
147 static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
148                                      const BIGNUM *u1, const BIGNUM *pub_key,
149                                      const BIGNUM *u2, const BIGNUM *p,
150                                      BN_CTX *ctx, BN_MONT_CTX *mont);
151 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
152                                       DSA *dsa);
153 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
154                                 DSA_SIG *sig, DSA *dsa);
155 # endif
156 # ifndef OPENSSL_NO_DH
157 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
158                                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
159                                 BN_MONT_CTX *m_ctx);
160 static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
161                                     DH *dh);
162 # endif
163 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
164                           void (*f) (void));
165 void engine_load_cryptodev_int(void);
166
167 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
168     {0, NULL, NULL, 0}
169 };
170
171 static struct {
172     int id;
173     int nid;
174     int ivmax;
175     int keylen;
176 } ciphers[] = {
177     {CRYPTO_ARC4, NID_rc4, 0, 16},
178     {CRYPTO_DES_CBC, NID_des_cbc, 8, 8},
179 # if !defined(CRYPTO_ALGORITHM_MIN) || defined(CRYPTO_3DES_CBC)
180     {CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24},
181 # endif
182 # if !defined(CRYPTO_ALGORITHM_MIN) || defined(CRYPTO_3DES_ECB)
183     {CRYPTO_3DES_ECB, NID_des_ede3_ecb, 0, 24},
184 # endif
185     {CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16},
186     {CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24},
187     {CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32},
188 # if !defined(CRYPTO_ALGORITHM_MIN) || defined(CRYPTO_AES_CTR)
189     {CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16},
190     {CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24},
191     {CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32},
192 # endif
193 # if !defined(CRYPTO_ALGORITHM_MIN) || defined(CRYPTO_AES_ECB)
194     {CRYPTO_AES_ECB, NID_aes_128_ecb, 0, 16},
195     {CRYPTO_AES_ECB, NID_aes_192_ecb, 0, 24},
196     {CRYPTO_AES_ECB, NID_aes_256_ecb, 0, 32},
197 # endif
198     {CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16},
199     {CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16},
200     {CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0},
201     {0, NID_undef, 0, 0},
202 };
203
204 # ifdef USE_CRYPTODEV_DIGESTS
205 static struct {
206     int id;
207     int nid;
208     int digestlen;
209 } digests[] = {
210     {CRYPTO_MD5, NID_md5, 16},
211     {CRYPTO_SHA1, NID_sha1, 20},
212     {CRYPTO_SHA2_256, NID_sha256, 32},
213     {CRYPTO_SHA2_384, NID_sha384, 48},
214     {CRYPTO_SHA2_512, NID_sha512, 64},
215     {0, NID_undef, 0},
216 };
217 # endif
218
219 /*
220  * Return a fd if /dev/crypto seems usable, 0 otherwise.
221  */
222 static int open_dev_crypto(void)
223 {
224     static int fd = -1;
225
226     if (fd == -1) {
227         if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
228             return (-1);
229         /* close on exec */
230         if (fcntl(fd, F_SETFD, 1) == -1) {
231             close(fd);
232             fd = -1;
233             return (-1);
234         }
235     }
236     return (fd);
237 }
238
239 static int get_dev_crypto(void)
240 {
241     int fd, retfd;
242
243     if ((fd = open_dev_crypto()) == -1)
244         return (-1);
245 # ifndef CRIOGET_NOT_NEEDED
246     if (ioctl(fd, CRIOGET, &retfd) == -1)
247         return (-1);
248
249     /* close on exec */
250     if (fcntl(retfd, F_SETFD, 1) == -1) {
251         close(retfd);
252         return (-1);
253     }
254 # else
255     retfd = fd;
256 # endif
257     return (retfd);
258 }
259
260 static void put_dev_crypto(int fd)
261 {
262 # ifndef CRIOGET_NOT_NEEDED
263     close(fd);
264 # endif
265 }
266
267 /* Caching version for asym operations */
268 static int get_asym_dev_crypto(void)
269 {
270     static int fd = -1;
271
272     if (fd == -1)
273         fd = get_dev_crypto();
274     return fd;
275 }
276
277 /*
278  * Find out what ciphers /dev/crypto will let us have a session for.
279  * XXX note, that some of these openssl doesn't deal with yet!
280  * returning them here is harmless, as long as we return NULL
281  * when asked for a handler in the cryptodev_engine_ciphers routine
282  */
283 static int get_cryptodev_ciphers(const int **cnids)
284 {
285     static int nids[CRYPTO_ALGORITHM_MAX];
286     struct session_op sess;
287     int fd, i, count = 0;
288     unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
289
290     if ((fd = get_dev_crypto()) < 0) {
291         *cnids = NULL;
292         return (0);
293     }
294     memset(&sess, 0, sizeof(sess));
295     sess.key = (void *)fake_key;
296
297     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
298         if (ciphers[i].nid == NID_undef)
299             continue;
300         sess.cipher = ciphers[i].id;
301         sess.keylen = ciphers[i].keylen;
302         sess.mac = 0;
303         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
304             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
305             nids[count++] = ciphers[i].nid;
306     }
307     put_dev_crypto(fd);
308
309     if (count > 0)
310         *cnids = nids;
311     else
312         *cnids = NULL;
313     return (count);
314 }
315
316 # ifdef USE_CRYPTODEV_DIGESTS
317 /*
318  * Find out what digests /dev/crypto will let us have a session for.
319  * XXX note, that some of these openssl doesn't deal with yet!
320  * returning them here is harmless, as long as we return NULL
321  * when asked for a handler in the cryptodev_engine_digests routine
322  */
323 static int get_cryptodev_digests(const int **cnids)
324 {
325     static int nids[CRYPTO_ALGORITHM_MAX];
326     unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
327     struct session_op sess;
328     int fd, i, count = 0;
329
330     if ((fd = get_dev_crypto()) < 0) {
331         *cnids = NULL;
332         return (0);
333     }
334     memset(&sess, 0, sizeof(sess));
335     sess.mackey = fake_key;
336     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
337         if (digests[i].nid == NID_undef)
338             continue;
339         sess.mac = digests[i].id;
340         sess.mackeylen = 8;
341         sess.cipher = 0;
342         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
343             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
344             nids[count++] = digests[i].nid;
345     }
346     put_dev_crypto(fd);
347
348     if (count > 0)
349         *cnids = nids;
350     else
351         *cnids = NULL;
352     return (count);
353 }
354 # endif                         /* 0 */
355
356 /*
357  * Find the useable ciphers|digests from dev/crypto - this is the first
358  * thing called by the engine init crud which determines what it
359  * can use for ciphers from this engine. We want to return
360  * only what we can do, anything else is handled by software.
361  *
362  * If we can't initialize the device to do anything useful for
363  * any reason, we want to return a NULL array, and 0 length,
364  * which forces everything to be done is software. By putting
365  * the initialization of the device in here, we ensure we can
366  * use this engine as the default, and if for whatever reason
367  * /dev/crypto won't do what we want it will just be done in
368  * software
369  *
370  * This can (should) be greatly expanded to perhaps take into
371  * account speed of the device, and what we want to do.
372  * (although the disabling of particular alg's could be controlled
373  * by the device driver with sysctl's.) - this is where we
374  * want most of the decisions made about what we actually want
375  * to use from /dev/crypto.
376  */
377 static int cryptodev_usable_ciphers(const int **nids)
378 {
379     return (get_cryptodev_ciphers(nids));
380 }
381
382 static int cryptodev_usable_digests(const int **nids)
383 {
384 # ifdef USE_CRYPTODEV_DIGESTS
385     return (get_cryptodev_digests(nids));
386 # else
387     /*
388      * XXXX just disable all digests for now, because it sucks.
389      * we need a better way to decide this - i.e. I may not
390      * want digests on slow cards like hifn on fast machines,
391      * but might want them on slow or loaded machines, etc.
392      * will also want them when using crypto cards that don't
393      * suck moose gonads - would be nice to be able to decide something
394      * as reasonable default without having hackery that's card dependent.
395      * of course, the default should probably be just do everything,
396      * with perhaps a sysctl to turn algorithms off (or have them off
397      * by default) on cards that generally suck like the hifn.
398      */
399     *nids = NULL;
400     return (0);
401 # endif
402 }
403
404 static int
405 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
406                  const unsigned char *in, size_t inl)
407 {
408     struct crypt_op cryp;
409     struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
410     struct session_op *sess = &state->d_sess;
411     const void *iiv;
412     unsigned char save_iv[EVP_MAX_IV_LENGTH];
413
414     if (state->d_fd < 0)
415         return (0);
416     if (!inl)
417         return (1);
418     if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0)
419         return (0);
420
421     memset(&cryp, 0, sizeof(cryp));
422
423     cryp.ses = sess->ses;
424     cryp.flags = 0;
425     cryp.len = inl;
426     cryp.src = (void *)in;
427     cryp.dst = (void *)out;
428     cryp.mac = 0;
429
430     cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
431
432     if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
433         cryp.iv = (void *)EVP_CIPHER_CTX_iv(ctx);
434         if (!EVP_CIPHER_CTX_encrypting(ctx)) {
435             iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
436             memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
437         }
438     } else
439         cryp.iv = NULL;
440
441     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
442         /*
443          * XXX need better error handling this can fail for a number of
444          * different reasons.
445          */
446         return (0);
447     }
448
449     if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
450         if (EVP_CIPHER_CTX_encrypting(ctx))
451             iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
452         else
453             iiv = save_iv;
454         memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv,
455                EVP_CIPHER_CTX_iv_length(ctx));
456     }
457     return (1);
458 }
459
460 static int
461 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
462                    const unsigned char *iv, int enc)
463 {
464     struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
465     struct session_op *sess = &state->d_sess;
466     int cipher = -1, i;
467
468     for (i = 0; ciphers[i].id; i++)
469         if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid &&
470             EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax &&
471             EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) {
472             cipher = ciphers[i].id;
473             break;
474         }
475
476     if (!ciphers[i].id) {
477         state->d_fd = -1;
478         return (0);
479     }
480
481     memset(sess, 0, sizeof(*sess));
482
483     if ((state->d_fd = get_dev_crypto()) < 0)
484         return (0);
485
486     sess->key = (void *)key;
487     sess->keylen = EVP_CIPHER_CTX_key_length(ctx);
488     sess->cipher = cipher;
489
490     if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
491         put_dev_crypto(state->d_fd);
492         state->d_fd = -1;
493         return (0);
494     }
495     return (1);
496 }
497
498 /*
499  * free anything we allocated earlier when initing a
500  * session, and close the session.
501  */
502 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
503 {
504     int ret = 0;
505     struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
506     struct session_op *sess = &state->d_sess;
507
508     if (state->d_fd < 0)
509         return (0);
510
511     /*
512      * XXX if this ioctl fails, something's wrong. the invoker may have called
513      * us with a bogus ctx, or we could have a device that for whatever
514      * reason just doesn't want to play ball - it's not clear what's right
515      * here - should this be an error? should it just increase a counter,
516      * hmm. For right now, we return 0 - I don't believe that to be "right".
517      * we could call the gorpy openssl lib error handlers that print messages
518      * to users of the library. hmm..
519      */
520
521     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
522         ret = 0;
523     } else {
524         ret = 1;
525     }
526     put_dev_crypto(state->d_fd);
527     state->d_fd = -1;
528
529     return (ret);
530 }
531
532 /*
533  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
534  * gets called when libcrypto requests a cipher NID.
535  */
536
537 static int cryptodev_cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void *p2)
538 {
539     struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
540     struct session_op *sess = &state->d_sess;
541
542     if (type == EVP_CTRL_COPY) {
543         EVP_CIPHER_CTX *out = p2;
544         return cryptodev_init_key(out, (unsigned char *)sess->key,
545                                  EVP_CIPHER_CTX_iv(ctx), 0);
546     }
547
548     return 0;
549 }
550
551 /* RC4 */
552 static EVP_CIPHER *rc4_cipher = NULL;
553 static const EVP_CIPHER *cryptodev_rc4(void)
554 {
555     if (rc4_cipher == NULL) {
556         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16);
557
558         if (cipher == NULL
559             || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
560             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH
561                                           | EVP_CIPH_CUSTOM_COPY)
562             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
563             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
564             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
565             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
566             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
567                                                   sizeof(struct
568                                                          dev_crypto_state))) {
569             EVP_CIPHER_meth_free(cipher);
570             cipher = NULL;
571         }
572         rc4_cipher = cipher;
573     }
574     return rc4_cipher;
575 }
576
577 /* DES CBC EVP */
578 static EVP_CIPHER *des_cbc_cipher = NULL;
579 static const EVP_CIPHER *cryptodev_des_cbc(void)
580 {
581     if (des_cbc_cipher == NULL) {
582         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8);
583
584         if (cipher == NULL
585             || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
586             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
587                                           | EVP_CIPH_CUSTOM_COPY)
588             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
589             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
590             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
591             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
592             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
593                                                   sizeof(struct
594                                                          dev_crypto_state))
595             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
596                                                     EVP_CIPHER_set_asn1_iv)
597             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
598                                                     EVP_CIPHER_get_asn1_iv)) {
599             EVP_CIPHER_meth_free(cipher);
600             cipher = NULL;
601         }
602         des_cbc_cipher = cipher;
603     }
604     return des_cbc_cipher;
605 }
606
607 /* 3DES CBC EVP */
608 static EVP_CIPHER *des3_cbc_cipher = NULL;
609 static const EVP_CIPHER *cryptodev_3des_cbc(void)
610 {
611     if (des3_cbc_cipher == NULL) {
612         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24);
613
614         if (cipher == NULL
615             || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
616             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
617                                           | EVP_CIPH_CUSTOM_COPY)
618             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
619             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
620             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
621             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
622             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
623                                                   sizeof(struct
624                                                          dev_crypto_state))
625             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
626                                                     EVP_CIPHER_set_asn1_iv)
627             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
628                                                     EVP_CIPHER_get_asn1_iv)) {
629             EVP_CIPHER_meth_free(cipher);
630             cipher = NULL;
631         }
632         des3_cbc_cipher = cipher;
633     }
634     return des3_cbc_cipher;
635 }
636
637 /* 3DES ECB EVP */
638 static EVP_CIPHER *des3_ecb_cipher = NULL;
639 static const EVP_CIPHER *cryptodev_3des_ecb(void)
640 {
641     if (des3_ecb_cipher == NULL) {
642         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_ede3_ecb, 8, 24);
643
644         if (cipher == NULL
645             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
646             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
647             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
648             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
649             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
650             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
651                                                   sizeof(struct
652                                                          dev_crypto_state))) {
653             EVP_CIPHER_meth_free(cipher);
654             cipher = NULL;
655         }
656         des3_ecb_cipher = cipher;
657     }
658     return des3_ecb_cipher;
659 }
660
661 static EVP_CIPHER *bf_cbc_cipher = NULL;
662 static const EVP_CIPHER *cryptodev_bf_cbc(void)
663 {
664     if (bf_cbc_cipher == NULL) {
665         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16);
666
667         if (cipher == NULL
668             || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
669             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
670                                           | EVP_CIPH_CUSTOM_COPY)
671             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
672             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
673             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
674             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
675             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
676                                                   sizeof(struct
677                                                          dev_crypto_state))
678             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
679                                                     EVP_CIPHER_set_asn1_iv)
680             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
681                                                     EVP_CIPHER_get_asn1_iv)) {
682             EVP_CIPHER_meth_free(cipher);
683             cipher = NULL;
684         }
685         bf_cbc_cipher = cipher;
686     }
687     return bf_cbc_cipher;
688 }
689
690 static EVP_CIPHER *cast_cbc_cipher = NULL;
691 static const EVP_CIPHER *cryptodev_cast_cbc(void)
692 {
693     if (cast_cbc_cipher == NULL) {
694         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16);
695
696         if (cipher == NULL
697             || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
698             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
699                                           | EVP_CIPH_CUSTOM_COPY)
700             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
701             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
702             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
703             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
704             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
705                                                   sizeof(struct
706                                                          dev_crypto_state))
707             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
708                                                     EVP_CIPHER_set_asn1_iv)
709             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
710                                                     EVP_CIPHER_get_asn1_iv)) {
711             EVP_CIPHER_meth_free(cipher);
712             cipher = NULL;
713         }
714         cast_cbc_cipher = cipher;
715     }
716     return cast_cbc_cipher;
717 }
718
719 static EVP_CIPHER *aes_cbc_cipher = NULL;
720 static const EVP_CIPHER *cryptodev_aes_cbc(void)
721 {
722     if (aes_cbc_cipher == NULL) {
723         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16);
724
725         if (cipher == NULL
726             || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
727             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
728                                           | EVP_CIPH_CUSTOM_COPY)
729             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
730             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
731             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
732             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
733             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
734                                                   sizeof(struct
735                                                          dev_crypto_state))
736             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
737                                                     EVP_CIPHER_set_asn1_iv)
738             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
739                                                     EVP_CIPHER_get_asn1_iv)) {
740             EVP_CIPHER_meth_free(cipher);
741             cipher = NULL;
742         }
743         aes_cbc_cipher = cipher;
744     }
745     return aes_cbc_cipher;
746 }
747
748 static EVP_CIPHER *aes_192_cbc_cipher = NULL;
749 static const EVP_CIPHER *cryptodev_aes_192_cbc(void)
750 {
751     if (aes_192_cbc_cipher == NULL) {
752         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24);
753
754         if (cipher == NULL
755             || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
756             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
757                                           | EVP_CIPH_CUSTOM_COPY)
758             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
759             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
760             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
761             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
762             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
763                                                   sizeof(struct
764                                                          dev_crypto_state))
765             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
766                                                     EVP_CIPHER_set_asn1_iv)
767             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
768                                                     EVP_CIPHER_get_asn1_iv)) {
769             EVP_CIPHER_meth_free(cipher);
770             cipher = NULL;
771         }
772         aes_192_cbc_cipher = cipher;
773     }
774     return aes_192_cbc_cipher;
775 }
776
777 static EVP_CIPHER *aes_256_cbc_cipher = NULL;
778 static const EVP_CIPHER *cryptodev_aes_256_cbc(void)
779 {
780     if (aes_256_cbc_cipher == NULL) {
781         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32);
782
783         if (cipher == NULL
784             || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
785             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
786                                           | EVP_CIPH_CUSTOM_COPY)
787             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
788             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
789             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
790             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
791             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
792                                                   sizeof(struct
793                                                          dev_crypto_state))
794             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
795                                                     EVP_CIPHER_set_asn1_iv)
796             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
797                                                     EVP_CIPHER_get_asn1_iv)) {
798             EVP_CIPHER_meth_free(cipher);
799             cipher = NULL;
800         }
801         aes_256_cbc_cipher = cipher;
802     }
803     return aes_256_cbc_cipher;
804 }
805
806 static EVP_CIPHER *aes_ctr_cipher = NULL;
807 static const EVP_CIPHER *cryptodev_aes_ctr(void)
808 {
809     if (aes_ctr_cipher == NULL) {
810         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16);
811
812         if (cipher == NULL
813             || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
814             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE
815                                           | EVP_CIPH_CUSTOM_COPY)
816             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
817             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
818             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
819             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
820             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
821                                                   sizeof(struct
822                                                          dev_crypto_state))
823             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
824                                                     EVP_CIPHER_set_asn1_iv)
825             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
826                                                     EVP_CIPHER_get_asn1_iv)) {
827             EVP_CIPHER_meth_free(cipher);
828             cipher = NULL;
829         }
830         aes_ctr_cipher = cipher;
831     }
832     return aes_ctr_cipher;
833 }
834
835 static EVP_CIPHER *aes_192_ctr_cipher = NULL;
836 static const EVP_CIPHER *cryptodev_aes_192_ctr(void)
837 {
838     if (aes_192_ctr_cipher == NULL) {
839         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24);
840
841         if (cipher == NULL
842             || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
843             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE
844                                           | EVP_CIPH_CUSTOM_COPY)
845             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
846             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
847             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
848             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
849             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
850                                                   sizeof(struct
851                                                          dev_crypto_state))
852             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
853                                                     EVP_CIPHER_set_asn1_iv)
854             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
855                                                     EVP_CIPHER_get_asn1_iv)) {
856             EVP_CIPHER_meth_free(cipher);
857             cipher = NULL;
858         }
859         aes_192_ctr_cipher = cipher;
860     }
861     return aes_192_ctr_cipher;
862 }
863
864 static EVP_CIPHER *aes_256_ctr_cipher = NULL;
865 static const EVP_CIPHER *cryptodev_aes_256_ctr(void)
866 {
867     if (aes_256_ctr_cipher == NULL) {
868         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32);
869
870         if (cipher == NULL
871             || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
872             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE
873                                           | EVP_CIPH_CUSTOM_COPY)
874             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
875             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
876             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
877             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
878             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
879                                                   sizeof(struct
880                                                          dev_crypto_state))
881             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
882                                                     EVP_CIPHER_set_asn1_iv)
883             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
884                                                     EVP_CIPHER_get_asn1_iv)) {
885             EVP_CIPHER_meth_free(cipher);
886             cipher = NULL;
887         }
888         aes_256_ctr_cipher = cipher;
889     }
890     return aes_256_ctr_cipher;
891 }
892
893 static EVP_CIPHER *aes_ecb_cipher = NULL;
894 static const EVP_CIPHER *cryptodev_aes_ecb(void)
895 {
896     if (aes_ecb_cipher == NULL) {
897         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_ecb, 16, 16);
898
899         if (cipher == NULL
900             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
901             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
902             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
903             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
904             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
905             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
906                                                   sizeof(struct
907                                                          dev_crypto_state))
908             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
909                                                     EVP_CIPHER_set_asn1_iv)
910             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
911                                                     EVP_CIPHER_get_asn1_iv)) {
912             EVP_CIPHER_meth_free(cipher);
913             cipher = NULL;
914         }
915         aes_ecb_cipher = cipher;
916     }
917     return aes_ecb_cipher;
918 }
919
920 static EVP_CIPHER *aes_192_ecb_cipher = NULL;
921 static const EVP_CIPHER *cryptodev_aes_192_ecb(void)
922 {
923     if (aes_192_ecb_cipher == NULL) {
924         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_ecb, 16, 24);
925
926         if (cipher == NULL
927             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
928             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
929             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
930             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
931             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
932             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
933                                                   sizeof(struct
934                                                          dev_crypto_state))
935             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
936                                                     EVP_CIPHER_set_asn1_iv)
937             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
938                                                     EVP_CIPHER_get_asn1_iv)) {
939             EVP_CIPHER_meth_free(cipher);
940             cipher = NULL;
941         }
942         aes_192_ecb_cipher = cipher;
943     }
944     return aes_192_ecb_cipher;
945 }
946
947 static EVP_CIPHER *aes_256_ecb_cipher = NULL;
948 static const EVP_CIPHER *cryptodev_aes_256_ecb(void)
949 {
950     if (aes_256_ecb_cipher == NULL) {
951         EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_ecb, 16, 32);
952
953         if (cipher == NULL
954             || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
955             || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
956             || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
957             || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
958             || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
959             || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
960                                                   sizeof(struct
961                                                          dev_crypto_state))
962             || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
963                                                     EVP_CIPHER_set_asn1_iv)
964             || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
965                                                     EVP_CIPHER_get_asn1_iv)) {
966             EVP_CIPHER_meth_free(cipher);
967             cipher = NULL;
968         }
969         aes_256_ecb_cipher = cipher;
970     }
971     return aes_256_ecb_cipher;
972 }
973
974 /*
975  * Registered by the ENGINE when used to find out how to deal with
976  * a particular NID in the ENGINE. this says what we'll do at the
977  * top level - note, that list is restricted by what we answer with
978  */
979 static int
980 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
981                          const int **nids, int nid)
982 {
983     if (!cipher)
984         return (cryptodev_usable_ciphers(nids));
985
986     switch (nid) {
987     case NID_rc4:
988         *cipher = cryptodev_rc4();
989         break;
990     case NID_des_ede3_cbc:
991         *cipher = cryptodev_3des_cbc();
992         break;
993     case NID_des_ede3_ecb:
994         *cipher = cryptodev_3des_ecb();
995         break;
996     case NID_des_cbc:
997         *cipher = cryptodev_des_cbc();
998         break;
999     case NID_bf_cbc:
1000         *cipher = cryptodev_bf_cbc();
1001         break;
1002     case NID_cast5_cbc:
1003         *cipher = cryptodev_cast_cbc();
1004         break;
1005     case NID_aes_128_cbc:
1006         *cipher = cryptodev_aes_cbc();
1007         break;
1008     case NID_aes_192_cbc:
1009         *cipher = cryptodev_aes_192_cbc();
1010         break;
1011     case NID_aes_256_cbc:
1012         *cipher = cryptodev_aes_256_cbc();
1013         break;
1014     case NID_aes_128_ctr:
1015         *cipher = cryptodev_aes_ctr();
1016         break;
1017     case NID_aes_192_ctr:
1018         *cipher = cryptodev_aes_192_ctr();
1019         break;
1020     case NID_aes_256_ctr:
1021         *cipher = cryptodev_aes_256_ctr();
1022         break;
1023     case NID_aes_128_ecb:
1024         *cipher = cryptodev_aes_ecb();
1025         break;
1026     case NID_aes_192_ecb:
1027         *cipher = cryptodev_aes_192_ecb();
1028         break;
1029     case NID_aes_256_ecb:
1030         *cipher = cryptodev_aes_256_ecb();
1031         break;
1032     default:
1033         *cipher = NULL;
1034         break;
1035     }
1036     return (*cipher != NULL);
1037 }
1038
1039 # ifdef USE_CRYPTODEV_DIGESTS
1040
1041 /* convert digest type to cryptodev */
1042 static int digest_nid_to_cryptodev(int nid)
1043 {
1044     int i;
1045
1046     for (i = 0; digests[i].id; i++)
1047         if (digests[i].nid == nid)
1048             return (digests[i].id);
1049     return (0);
1050 }
1051
1052 static int cryptodev_digest_init(EVP_MD_CTX *ctx)
1053 {
1054     struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1055     struct session_op *sess = &state->d_sess;
1056     int digest;
1057
1058     if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) {
1059         printf("cryptodev_digest_init: Can't get digest \n");
1060         return (0);
1061     }
1062
1063     memset(state, 0, sizeof(*state));
1064
1065     if ((state->d_fd = get_dev_crypto()) < 0) {
1066         printf("cryptodev_digest_init: Can't get Dev \n");
1067         return (0);
1068     }
1069
1070     sess->mackey = NULL;
1071     sess->mackeylen = 0;
1072     sess->mac = digest;
1073
1074     if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
1075         put_dev_crypto(state->d_fd);
1076         state->d_fd = -1;
1077         printf("cryptodev_digest_init: Open session failed\n");
1078         return (0);
1079     }
1080
1081     return (1);
1082 }
1083
1084 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
1085                                    size_t count)
1086 {
1087     struct crypt_op cryp;
1088     struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1089     struct session_op *sess = &state->d_sess;
1090     char *new_mac_data;
1091
1092     if (!data || state->d_fd < 0) {
1093         printf("cryptodev_digest_update: illegal inputs \n");
1094         return (0);
1095     }
1096
1097     if (!count) {
1098         return (0);
1099     }
1100
1101     if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
1102         /* if application doesn't support one buffer */
1103         new_mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
1104
1105         if (!new_mac_data) {
1106             printf("cryptodev_digest_update: realloc failed\n");
1107             return (0);
1108         }
1109         state->mac_data = new_mac_data;
1110
1111         memcpy(state->mac_data + state->mac_len, data, count);
1112         state->mac_len += count;
1113
1114         return (1);
1115     }
1116
1117     memset(&cryp, 0, sizeof(cryp));
1118
1119     cryp.ses = sess->ses;
1120     cryp.flags = 0;
1121     cryp.len = count;
1122     cryp.src = (void *)data;
1123     cryp.dst = NULL;
1124     cryp.mac = (void *)state->digest_res;
1125     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1126         printf("cryptodev_digest_update: digest failed\n");
1127         return (0);
1128     }
1129     return (1);
1130 }
1131
1132 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
1133 {
1134     struct crypt_op cryp;
1135     struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1136     struct session_op *sess = &state->d_sess;
1137
1138     if (!md || state->d_fd < 0) {
1139         printf("cryptodev_digest_final: illegal input\n");
1140         return (0);
1141     }
1142
1143     if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
1144         /* if application doesn't support one buffer */
1145         memset(&cryp, 0, sizeof(cryp));
1146         cryp.ses = sess->ses;
1147         cryp.flags = 0;
1148         cryp.len = state->mac_len;
1149         cryp.src = (void *)state->mac_data;
1150         cryp.dst = NULL;
1151         cryp.mac = (void *)md;
1152         if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1153             printf("cryptodev_digest_final: digest failed\n");
1154             return (0);
1155         }
1156
1157         return 1;
1158     }
1159
1160     memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx));
1161
1162     return 1;
1163 }
1164
1165 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
1166 {
1167     int ret = 1;
1168     struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1169     struct session_op *sess = &state->d_sess;
1170
1171     if (state == NULL)
1172         return 0;
1173
1174     if (state->d_fd < 0) {
1175         printf("cryptodev_digest_cleanup: illegal input\n");
1176         return (0);
1177     }
1178
1179     OPENSSL_free(state->mac_data);
1180     state->mac_data = NULL;
1181     state->mac_len = 0;
1182
1183     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
1184         printf("cryptodev_digest_cleanup: failed to close session\n");
1185         ret = 0;
1186     } else {
1187         ret = 1;
1188     }
1189     put_dev_crypto(state->d_fd);
1190     state->d_fd = -1;
1191
1192     return (ret);
1193 }
1194
1195 static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
1196 {
1197     struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from);
1198     struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to);
1199     struct session_op *sess;
1200     int digest;
1201
1202     if (dstate == NULL || fstate == NULL)
1203         return 1;
1204
1205     memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
1206
1207     sess = &dstate->d_sess;
1208
1209     digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to));
1210
1211     sess->mackey = NULL;
1212     sess->mackeylen = 0;
1213     sess->mac = digest;
1214
1215     dstate->d_fd = get_dev_crypto();
1216
1217     if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
1218         put_dev_crypto(dstate->d_fd);
1219         dstate->d_fd = -1;
1220         printf("cryptodev_digest_copy: Open session failed\n");
1221         return (0);
1222     }
1223
1224     if (fstate->mac_len != 0) {
1225         if (fstate->mac_data != NULL) {
1226             dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
1227             if (dstate->mac_data == NULL) {
1228                 printf("cryptodev_digest_copy: mac_data allocation failed\n");
1229                 return (0);
1230             }
1231             memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
1232             dstate->mac_len = fstate->mac_len;
1233         }
1234     }
1235
1236     return 1;
1237 }
1238
1239 static EVP_MD *sha1_md = NULL;
1240 static const EVP_MD *cryptodev_sha1(void)
1241 {
1242     if (sha1_md == NULL) {
1243         EVP_MD *md = EVP_MD_meth_new(NID_sha1, NID_undef);
1244
1245         if (md == NULL
1246             || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
1247             || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1248             || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
1249             || !EVP_MD_meth_set_app_datasize(md,
1250                                              sizeof(struct dev_crypto_state))
1251             || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1252             || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1253             || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1254             || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1255             || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1256             EVP_MD_meth_free(md);
1257             md = NULL;
1258         }
1259         sha1_md = md;
1260     }
1261     return sha1_md;
1262 }
1263
1264 static EVP_MD *sha256_md = NULL;
1265 static const EVP_MD *cryptodev_sha256(void)
1266 {
1267     if (sha256_md == NULL) {
1268         EVP_MD *md = EVP_MD_meth_new(NID_sha256, NID_undef);
1269
1270         if (md == NULL
1271             || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
1272             || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1273             || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
1274             || !EVP_MD_meth_set_app_datasize(md,
1275                                              sizeof(struct dev_crypto_state))
1276             || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1277             || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1278             || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1279             || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1280             || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1281             EVP_MD_meth_free(md);
1282             md = NULL;
1283         }
1284         sha256_md = md;
1285     }
1286     return sha256_md;
1287 }
1288
1289 static EVP_MD *sha224_md = NULL;
1290 static const EVP_MD *cryptodev_sha224(void)
1291 {
1292     if (sha224_md == NULL) {
1293         EVP_MD *md = EVP_MD_meth_new(NID_sha224, NID_undef);
1294
1295         if (md == NULL
1296             || !EVP_MD_meth_set_result_size(md, SHA224_DIGEST_LENGTH)
1297             || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1298             || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
1299             || !EVP_MD_meth_set_app_datasize(md,
1300                                              sizeof(struct dev_crypto_state))
1301             || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1302             || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1303             || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1304             || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1305             || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1306             EVP_MD_meth_free(md);
1307             md = NULL;
1308         }
1309         sha224_md = md;
1310     }
1311     return sha224_md;
1312 }
1313
1314 static EVP_MD *sha384_md = NULL;
1315 static const EVP_MD *cryptodev_sha384(void)
1316 {
1317     if (sha384_md == NULL) {
1318         EVP_MD *md = EVP_MD_meth_new(NID_sha384, NID_undef);
1319
1320         if (md == NULL
1321             || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
1322             || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1323             || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
1324             || !EVP_MD_meth_set_app_datasize(md,
1325                                              sizeof(struct dev_crypto_state))
1326             || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1327             || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1328             || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1329             || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1330             || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1331             EVP_MD_meth_free(md);
1332             md = NULL;
1333         }
1334         sha384_md = md;
1335     }
1336     return sha384_md;
1337 }
1338
1339 static EVP_MD *sha512_md = NULL;
1340 static const EVP_MD *cryptodev_sha512(void)
1341 {
1342     if (sha512_md == NULL) {
1343         EVP_MD *md = EVP_MD_meth_new(NID_sha512, NID_undef);
1344
1345         if (md == NULL
1346             || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
1347             || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1348             || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
1349             || !EVP_MD_meth_set_app_datasize(md,
1350                                              sizeof(struct dev_crypto_state))
1351             || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1352             || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1353             || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1354             || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1355             || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1356             EVP_MD_meth_free(md);
1357             md = NULL;
1358         }
1359         sha512_md = md;
1360     }
1361     return sha512_md;
1362 }
1363
1364 static EVP_MD *md5_md = NULL;
1365 static const EVP_MD *cryptodev_md5(void)
1366 {
1367     if (md5_md == NULL) {
1368         EVP_MD *md = EVP_MD_meth_new(NID_md5, NID_undef);
1369
1370         if (md == NULL
1371             || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */ )
1372             || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1373             || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */ )
1374             || !EVP_MD_meth_set_app_datasize(md,
1375                                              sizeof(struct dev_crypto_state))
1376             || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1377             || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1378             || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1379             || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1380             || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1381             EVP_MD_meth_free(md);
1382             md = NULL;
1383         }
1384         md5_md = md;
1385     }
1386     return md5_md;
1387 }
1388
1389 # endif                         /* USE_CRYPTODEV_DIGESTS */
1390
1391 static int
1392 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
1393                          const int **nids, int nid)
1394 {
1395     if (!digest)
1396         return (cryptodev_usable_digests(nids));
1397
1398     switch (nid) {
1399 # ifdef USE_CRYPTODEV_DIGESTS
1400     case NID_md5:
1401         *digest = cryptodev_md5();
1402         break;
1403     case NID_sha1:
1404         *digest = cryptodev_sha1();
1405         break;
1406     case NID_sha256:
1407         *digest = cryptodev_sha256();
1408         break;
1409     case NID_sha224:
1410         *digest = cryptodev_sha224();
1411         break;
1412     case NID_sha384:
1413         *digest = cryptodev_sha384();
1414         break;
1415     case NID_sha512:
1416         *digest = cryptodev_sha512();
1417         break;
1418     default:
1419 # endif                         /* USE_CRYPTODEV_DIGESTS */
1420         *digest = NULL;
1421         break;
1422     }
1423     return (*digest != NULL);
1424 }
1425
1426 static int cryptodev_engine_destroy(ENGINE *e)
1427 {
1428     EVP_CIPHER_meth_free(rc4_cipher);
1429     rc4_cipher = NULL;
1430     EVP_CIPHER_meth_free(des_cbc_cipher);
1431     des_cbc_cipher = NULL;
1432     EVP_CIPHER_meth_free(des3_cbc_cipher);
1433     des3_cbc_cipher = NULL;
1434     EVP_CIPHER_meth_free(des3_ecb_cipher);
1435     des3_ecb_cipher = NULL;
1436     EVP_CIPHER_meth_free(bf_cbc_cipher);
1437     bf_cbc_cipher = NULL;
1438     EVP_CIPHER_meth_free(cast_cbc_cipher);
1439     cast_cbc_cipher = NULL;
1440     EVP_CIPHER_meth_free(aes_cbc_cipher);
1441     aes_cbc_cipher = NULL;
1442     EVP_CIPHER_meth_free(aes_192_cbc_cipher);
1443     aes_192_cbc_cipher = NULL;
1444     EVP_CIPHER_meth_free(aes_256_cbc_cipher);
1445     aes_256_cbc_cipher = NULL;
1446     EVP_CIPHER_meth_free(aes_ctr_cipher);
1447     aes_ctr_cipher = NULL;
1448     EVP_CIPHER_meth_free(aes_192_ctr_cipher);
1449     aes_192_ctr_cipher = NULL;
1450     EVP_CIPHER_meth_free(aes_256_ctr_cipher);
1451     aes_256_ctr_cipher = NULL;
1452     EVP_CIPHER_meth_free(aes_ecb_cipher);
1453     aes_ecb_cipher = NULL;
1454     EVP_CIPHER_meth_free(aes_192_ecb_cipher);
1455     aes_192_ecb_cipher = NULL;
1456     EVP_CIPHER_meth_free(aes_256_ecb_cipher);
1457     aes_256_ecb_cipher = NULL;
1458 # ifdef USE_CRYPTODEV_DIGESTS
1459     EVP_MD_meth_free(sha1_md);
1460     sha1_md = NULL;
1461     EVP_MD_meth_free(sha256_md);
1462     sha256_md = NULL;
1463     EVP_MD_meth_free(sha224_md);
1464     sha224_md = NULL;
1465     EVP_MD_meth_free(sha384_md);
1466     sha384_md = NULL;
1467     EVP_MD_meth_free(sha512_md);
1468     sha512_md = NULL;
1469     EVP_MD_meth_free(md5_md);
1470     md5_md = NULL;
1471 # endif
1472     RSA_meth_free(cryptodev_rsa);
1473     cryptodev_rsa = NULL;
1474 # ifndef OPENSSL_NO_DSA
1475     DSA_meth_free(cryptodev_dsa);
1476     cryptodev_dsa = NULL;
1477 # endif
1478 # ifndef OPENSSL_NO_DH
1479     DH_meth_free(cryptodev_dh);
1480     cryptodev_dh = NULL;
1481 # endif
1482     return 1;
1483 }
1484
1485 /*
1486  * Convert a BIGNUM to the representation that /dev/crypto needs.
1487  * Upon completion of use, the caller is responsible for freeing
1488  * crp->crp_p.
1489  */
1490 static int bn2crparam(const BIGNUM *a, struct crparam *crp)
1491 {
1492     ssize_t bytes, bits;
1493     u_char *b;
1494
1495     crp->crp_p = NULL;
1496     crp->crp_nbits = 0;
1497
1498     bits = BN_num_bits(a);
1499     bytes = BN_num_bytes(a);
1500
1501     b = OPENSSL_zalloc(bytes);
1502     if (b == NULL)
1503         return (1);
1504
1505     crp->crp_p = (void *)b;
1506     crp->crp_nbits = bits;
1507
1508     BN_bn2bin(a, b);
1509     return (0);
1510 }
1511
1512 /* Convert a /dev/crypto parameter to a BIGNUM */
1513 static int crparam2bn(struct crparam *crp, BIGNUM *a)
1514 {
1515     u_int8_t *pd;
1516     int i, bytes;
1517
1518     bytes = (crp->crp_nbits + 7) / 8;
1519
1520     if (bytes == 0)
1521         return (-1);
1522
1523     if ((pd = OPENSSL_malloc(bytes)) == NULL)
1524         return (-1);
1525
1526     for (i = 0; i < bytes; i++)
1527         pd[i] = crp->crp_p[bytes - i - 1];
1528
1529     BN_bin2bn(pd, bytes, a);
1530     free(pd);
1531
1532     return (0);
1533 }
1534
1535 static void zapparams(struct crypt_kop *kop)
1536 {
1537     int i;
1538
1539     for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
1540         OPENSSL_free(kop->crk_param[i].crp_p);
1541         kop->crk_param[i].crp_p = NULL;
1542         kop->crk_param[i].crp_nbits = 0;
1543     }
1544 }
1545
1546 static int
1547 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
1548 {
1549     int fd, ret = -1;
1550
1551     if ((fd = get_asym_dev_crypto()) < 0)
1552         return ret;
1553
1554     if (r) {
1555         kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen);
1556         if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
1557             return ret;
1558         kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
1559         kop->crk_oparams++;
1560     }
1561     if (s) {
1562         kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_zalloc(slen);
1563         /* No need to free the kop->crk_iparams parameter if it was allocated,
1564          * callers of this routine have to free allocated parameters through
1565          * zapparams both in case of success and failure
1566          */
1567         if (kop->crk_param[kop->crk_iparams + 1].crp_p == NULL)
1568             return ret;
1569         kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
1570         kop->crk_oparams++;
1571     }
1572
1573     if (ioctl(fd, CIOCKEY, kop) == 0) {
1574         if (r)
1575             crparam2bn(&kop->crk_param[kop->crk_iparams], r);
1576         if (s)
1577             crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
1578         ret = 0;
1579     }
1580
1581     return ret;
1582 }
1583
1584 static int
1585 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1586                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
1587 {
1588     struct crypt_kop kop;
1589     int ret = 1;
1590
1591     /*
1592      * Currently, we know we can do mod exp iff we can do any asymmetric
1593      * operations at all.
1594      */
1595     if (cryptodev_asymfeat == 0) {
1596         ret = BN_mod_exp(r, a, p, m, ctx);
1597         return (ret);
1598     }
1599
1600     memset(&kop, 0, sizeof(kop));
1601     kop.crk_op = CRK_MOD_EXP;
1602
1603     /* inputs: a^p % m */
1604     if (bn2crparam(a, &kop.crk_param[0]))
1605         goto err;
1606     if (bn2crparam(p, &kop.crk_param[1]))
1607         goto err;
1608     if (bn2crparam(m, &kop.crk_param[2]))
1609         goto err;
1610     kop.crk_iparams = 3;
1611
1612     if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
1613         const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1614         printf("OCF asym process failed, Running in software\n");
1615         ret = RSA_meth_get_bn_mod_exp(meth) (r, a, p, m, ctx, in_mont);
1616
1617     } else if (ECANCELED == kop.crk_status) {
1618         const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1619         printf("OCF hardware operation cancelled. Running in Software\n");
1620         ret = RSA_meth_get_bn_mod_exp(meth) (r, a, p, m, ctx, in_mont);
1621     }
1622     /* else cryptodev operation worked ok ==> ret = 1 */
1623
1624  err:
1625     zapparams(&kop);
1626     return (ret);
1627 }
1628
1629 static int
1630 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1631 {
1632     int r;
1633     const BIGNUM *n = NULL;
1634     const BIGNUM *d = NULL;
1635
1636     ctx = BN_CTX_new();
1637     RSA_get0_key(rsa, &n, NULL, &d);
1638     r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL);
1639     BN_CTX_free(ctx);
1640     return (r);
1641 }
1642
1643 static int
1644 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1645 {
1646     struct crypt_kop kop;
1647     int ret = 1;
1648     const BIGNUM *p = NULL;
1649     const BIGNUM *q = NULL;
1650     const BIGNUM *dmp1 = NULL;
1651     const BIGNUM *dmq1 = NULL;
1652     const BIGNUM *iqmp = NULL;
1653     const BIGNUM *n = NULL;
1654
1655     RSA_get0_factors(rsa, &p, &q);
1656     RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
1657     RSA_get0_key(rsa, &n, NULL, NULL);
1658
1659     if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
1660         /* XXX 0 means failure?? */
1661         return (0);
1662     }
1663
1664     memset(&kop, 0, sizeof(kop));
1665     kop.crk_op = CRK_MOD_EXP_CRT;
1666     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
1667     if (bn2crparam(p, &kop.crk_param[0]))
1668         goto err;
1669     if (bn2crparam(q, &kop.crk_param[1]))
1670         goto err;
1671     if (bn2crparam(I, &kop.crk_param[2]))
1672         goto err;
1673     if (bn2crparam(dmp1, &kop.crk_param[3]))
1674         goto err;
1675     if (bn2crparam(dmq1, &kop.crk_param[4]))
1676         goto err;
1677     if (bn2crparam(iqmp, &kop.crk_param[5]))
1678         goto err;
1679     kop.crk_iparams = 6;
1680
1681     if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) {
1682         const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1683         printf("OCF asym process failed, running in Software\n");
1684         ret = RSA_meth_get_mod_exp(meth) (r0, I, rsa, ctx);
1685
1686     } else if (ECANCELED == kop.crk_status) {
1687         const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1688         printf("OCF hardware operation cancelled. Running in Software\n");
1689         ret = RSA_meth_get_mod_exp(meth) (r0, I, rsa, ctx);
1690     }
1691     /* else cryptodev operation worked ok ==> ret = 1 */
1692
1693  err:
1694     zapparams(&kop);
1695     return (ret);
1696 }
1697
1698 # ifndef OPENSSL_NO_DSA
1699 static int
1700 cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1701                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1702 {
1703     return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx);
1704 }
1705
1706 static int
1707 cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
1708                           const BIGNUM *u1, const BIGNUM *pub_key,
1709                           const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx,
1710                           BN_MONT_CTX *mont)
1711 {
1712     const BIGNUM *dsag, *dsap, *dsapub_key;
1713     BIGNUM *t2;
1714     int ret = 0;
1715     const DSA_METHOD *meth;
1716     int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
1717                        const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
1718
1719     t2 = BN_new();
1720     if (t2 == NULL)
1721         goto err;
1722
1723     /* v = ( g^u1 * y^u2 mod p ) mod q */
1724     /* let t1 = g ^ u1 mod p */
1725     ret = 0;
1726
1727     DSA_get0_pqg(dsa, &dsap, NULL, &dsag);
1728     DSA_get0_key(dsa, &dsapub_key, NULL);
1729
1730     meth = DSA_get_method(dsa);
1731     if (meth == NULL)
1732         goto err;
1733     bn_mod_exp = DSA_meth_get_bn_mod_exp(meth);
1734     if (bn_mod_exp == NULL)
1735         goto err;
1736
1737     if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont))
1738         goto err;
1739
1740     /* let t2 = y ^ u2 mod p */
1741     if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
1742         goto err;
1743     /* let t1 = t1 * t2 mod p */
1744     if (!BN_mod_mul(t1, t1, t2, dsap, ctx))
1745         goto err;
1746
1747     ret = 1;
1748  err:
1749     BN_free(t2);
1750     return (ret);
1751 }
1752
1753 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
1754                                       DSA *dsa)
1755 {
1756     struct crypt_kop kop;
1757     BIGNUM *r, *s;
1758     const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL;
1759     const BIGNUM *priv_key = NULL;
1760     DSA_SIG *dsasig, *dsaret = NULL;
1761
1762     dsasig = DSA_SIG_new();
1763     if (dsasig == NULL)
1764         goto err;
1765
1766     memset(&kop, 0, sizeof(kop));
1767     kop.crk_op = CRK_DSA_SIGN;
1768
1769     /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1770     kop.crk_param[0].crp_p = (void *)dgst;
1771     kop.crk_param[0].crp_nbits = dlen * 8;
1772     DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag);
1773     DSA_get0_key(dsa, NULL, &priv_key);
1774     if (bn2crparam(dsap, &kop.crk_param[1]))
1775         goto err;
1776     if (bn2crparam(dsaq, &kop.crk_param[2]))
1777         goto err;
1778     if (bn2crparam(dsag, &kop.crk_param[3]))
1779         goto err;
1780     if (bn2crparam(priv_key, &kop.crk_param[4]))
1781         goto err;
1782     kop.crk_iparams = 5;
1783
1784     r = BN_new();
1785     if (r == NULL)
1786         goto err;
1787     s = BN_new();
1788     if (s == NULL)
1789         goto err;
1790     if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r, BN_num_bytes(dsaq), s) == 0) {
1791         DSA_SIG_set0(dsasig, r, s);
1792         dsaret = dsasig;
1793     } else {
1794         dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
1795     }
1796  err:
1797     if (dsaret != dsasig)
1798         DSA_SIG_free(dsasig);
1799     kop.crk_param[0].crp_p = NULL;
1800     zapparams(&kop);
1801     return dsaret;
1802 }
1803
1804 static int
1805 cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
1806                      DSA_SIG *sig, DSA *dsa)
1807 {
1808     struct crypt_kop kop;
1809     int dsaret = 1;
1810     const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
1811
1812     memset(&kop, 0, sizeof(kop));
1813     kop.crk_op = CRK_DSA_VERIFY;
1814
1815     /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
1816     kop.crk_param[0].crp_p = (void *)dgst;
1817     kop.crk_param[0].crp_nbits = dlen * 8;
1818     DSA_get0_pqg(dsa, &p, &q, &g);
1819     if (bn2crparam(p, &kop.crk_param[1]))
1820         goto err;
1821     if (bn2crparam(q, &kop.crk_param[2]))
1822         goto err;
1823     if (bn2crparam(g, &kop.crk_param[3]))
1824         goto err;
1825     DSA_get0_key(dsa, &pub_key, NULL);
1826     if (bn2crparam(pub_key, &kop.crk_param[4]))
1827         goto err;
1828     DSA_SIG_get0(sig, &pr, &ps);
1829     if (bn2crparam(pr, &kop.crk_param[5]))
1830         goto err;
1831     if (bn2crparam(ps, &kop.crk_param[6]))
1832         goto err;
1833     kop.crk_iparams = 7;
1834
1835     if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1836         /*
1837          * OCF success value is 0, if not zero, change dsaret to fail
1838          */
1839         if (0 != kop.crk_status)
1840             dsaret = 0;
1841     } else {
1842         dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa);
1843     }
1844  err:
1845     kop.crk_param[0].crp_p = NULL;
1846     zapparams(&kop);
1847     return (dsaret);
1848 }
1849 # endif
1850
1851 # ifndef OPENSSL_NO_DH
1852 static int
1853 cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
1854                      const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1855                      BN_MONT_CTX *m_ctx)
1856 {
1857     return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1858 }
1859
1860 static int
1861 cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1862 {
1863     struct crypt_kop kop;
1864     int dhret = 1;
1865     int fd, keylen;
1866     const BIGNUM *p = NULL;
1867     const BIGNUM *priv_key = NULL;
1868
1869     if ((fd = get_asym_dev_crypto()) < 0) {
1870         const DH_METHOD *meth = DH_OpenSSL();
1871
1872         return DH_meth_get_compute_key(meth) (key, pub_key, dh);
1873     }
1874
1875     DH_get0_pqg(dh, &p, NULL, NULL);
1876     DH_get0_key(dh, NULL, &priv_key);
1877
1878     keylen = BN_num_bits(p);
1879
1880     memset(&kop, 0, sizeof(kop));
1881     kop.crk_op = CRK_DH_COMPUTE_KEY;
1882
1883     /* inputs: dh->priv_key pub_key dh->p key */
1884     if (bn2crparam(priv_key, &kop.crk_param[0]))
1885         goto err;
1886     if (bn2crparam(pub_key, &kop.crk_param[1]))
1887         goto err;
1888     if (bn2crparam(p, &kop.crk_param[2]))
1889         goto err;
1890     kop.crk_iparams = 3;
1891
1892     kop.crk_param[3].crp_p = (void *)key;
1893     kop.crk_param[3].crp_nbits = keylen;
1894     kop.crk_oparams = 1;
1895
1896     if (ioctl(fd, CIOCKEY, &kop) == -1) {
1897         const DH_METHOD *meth = DH_OpenSSL();
1898
1899         dhret = DH_meth_get_compute_key(meth) (key, pub_key, dh);
1900     }
1901  err:
1902     kop.crk_param[3].crp_p = NULL;
1903     zapparams(&kop);
1904     return (dhret);
1905 }
1906
1907 # endif                         /* ndef OPENSSL_NO_DH */
1908
1909 /*
1910  * ctrl right now is just a wrapper that doesn't do much
1911  * but I expect we'll want some options soon.
1912  */
1913 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
1914 {
1915 # ifdef HAVE_SYSLOG_R
1916     struct syslog_data sd = SYSLOG_DATA_INIT;
1917 # endif
1918
1919     switch (cmd) {
1920     default:
1921 # ifdef HAVE_SYSLOG_R
1922         syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
1923 # else
1924         syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1925 # endif
1926         break;
1927     }
1928     return (1);
1929 }
1930
1931 void engine_load_cryptodev_int(void)
1932 {
1933     ENGINE *engine = ENGINE_new();
1934     int fd;
1935
1936     if (engine == NULL)
1937         return;
1938     if ((fd = get_dev_crypto()) < 0) {
1939         ENGINE_free(engine);
1940         return;
1941     }
1942
1943     /*
1944      * find out what asymmetric crypto algorithms we support
1945      */
1946     if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1947         put_dev_crypto(fd);
1948         ENGINE_free(engine);
1949         return;
1950     }
1951     put_dev_crypto(fd);
1952
1953     if (!ENGINE_set_id(engine, "cryptodev") ||
1954         !ENGINE_set_name(engine, "cryptodev engine") ||
1955         !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) ||
1956         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
1957         !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
1958         !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
1959         !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
1960         ENGINE_free(engine);
1961         return;
1962     }
1963
1964     cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL());
1965     if (cryptodev_rsa != NULL) {
1966         RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method");
1967         RSA_meth_set_flags(cryptodev_rsa, 0);
1968         if (ENGINE_set_RSA(engine, cryptodev_rsa)) {
1969             if (cryptodev_asymfeat & CRF_MOD_EXP) {
1970                 RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp);
1971                 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1972                     RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp);
1973                 else
1974                     RSA_meth_set_mod_exp(cryptodev_rsa,
1975                                          cryptodev_rsa_nocrt_mod_exp);
1976             }
1977         }
1978     } else {
1979         ENGINE_free(engine);
1980         return;
1981     }
1982
1983 # ifndef OPENSSL_NO_DSA
1984     cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL());
1985     if (cryptodev_dsa != NULL) {
1986         DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method");
1987         DSA_meth_set_flags(cryptodev_dsa, 0);
1988         if (ENGINE_set_DSA(engine, cryptodev_dsa)) {
1989             if (cryptodev_asymfeat & CRF_DSA_SIGN)
1990                 DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
1991             if (cryptodev_asymfeat & CRF_MOD_EXP) {
1992                 DSA_meth_set_bn_mod_exp(cryptodev_dsa,
1993                                         cryptodev_dsa_bn_mod_exp);
1994                 DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
1995             }
1996             if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1997                 DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify);
1998         }
1999     } else {
2000         ENGINE_free(engine);
2001         return;
2002     }
2003 # endif
2004
2005 # ifndef OPENSSL_NO_DH
2006     cryptodev_dh = DH_meth_dup(DH_OpenSSL());
2007     if (cryptodev_dh != NULL) {
2008         DH_meth_set1_name(cryptodev_dh, "cryptodev DH method");
2009         DH_meth_set_flags(cryptodev_dh, 0);
2010         if (ENGINE_set_DH(engine, cryptodev_dh)) {
2011             if (cryptodev_asymfeat & CRF_MOD_EXP) {
2012                 DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh);
2013                 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
2014                     DH_meth_set_compute_key(cryptodev_dh,
2015                                             cryptodev_dh_compute_key);
2016             }
2017         }
2018     } else {
2019         ENGINE_free(engine);
2020         return;
2021     }
2022 # endif
2023
2024     ENGINE_add(engine);
2025     ENGINE_free(engine);
2026     ERR_clear_error();
2027 }
2028
2029 #endif                          /* HAVE_CRYPTODEV */