#endif
#define AEP_LIB_NAME "aep engine"
+#define FAIL_TO_SW 0x10101010
+
#include "hw_aep_err.c"
static int aep_init(ENGINE *e);
static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
/* BIGNUM stuff */
#endif
/* Bignum conversion stuff */
-static AEP_RV GetBigNumSize(void* ArbBigNum, AEP_U32* BigNumSize);
-static AEP_RV MakeAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
unsigned char* AEP_BigNum);
static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
unsigned char* AEP_BigNum);
static const char *engine_aep_id = "aep";
static const char *engine_aep_name = "Aep hardware engine support";
+static int max_key_len = 2176;
+
/* This internal function is used by ENGINE_aep() and possibly by the
* "dynamic" ENGINE support too */
t_AEP_CloseConnection *p8;
int to_return = 0;
- AEP_RV rv;
if(aep_dso != NULL)
{
const BIGNUM *m, BN_CTX *ctx)
{
int to_return = 0;
+ int r_len = 0;
AEP_CONNECTION_HNDL hConnection;
AEP_RV rv;
+
+ r_len = BN_num_bits(m);
+
+ /* Perform in software if modulus is too large for hardware. */
+
+ if (r_len > max_key_len){
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
/*Grab a connection from the pool*/
rv = aep_get_connection(&hConnection);
if (rv != AEP_R_OK)
{
AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
- goto err;
+ return BN_mod_exp(r, a, p, m, ctx);
}
/*To the card with the mod exp*/
if (rv != AEP_R_OK)
{
AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
- rv = aep_return_connection(hConnection);
- goto err;
+ rv = aep_close_connection(hConnection);
+ return BN_mod_exp(r, a, p, m, ctx);
}
/*Return the connection to the pool*/
if (rv != AEP_R_OK)
{
AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
- goto err;
+ return FAIL_TO_SW;
}
/*To the card with the mod exp*/
if (rv != AEP_R_OK)
{
AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
- rv = aep_return_connection(hConnection);
- goto err;
+ rv = aep_close_connection(hConnection);
+ return FAIL_TO_SW;
}
/*Return the connection to the pool*/
AEP_RV rv = AEP_R_OK;
AEP_CONNECTION_HNDL hConnection;
- int to_return = 0;
-
-
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/*Can the request be serviced with what's already in the buffer?*/
if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
{
rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
- if (rv != AEP_R_OK)
+
+ if (rv == FAIL_TO_SW){
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+ goto err;
+ }
+ else if (rv != AEP_R_OK)
goto err;
}
else
return AEP_R_OK;
}
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
+ {
+ int count;
+ AEP_RV rv = AEP_R_OK;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+ /*Find the connection item that matches this connection handle*/
+ for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+ {
+ if (aep_app_conn_table[count].conn_hndl == hConnection)
+ {
+ rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+ if (rv != AEP_R_OK)
+ goto end;
+ aep_app_conn_table[count].conn_state = NotConnected;
+ aep_app_conn_table[count].conn_hndl = 0;
+ break;
+ }
+ }
+
+ end:
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return rv;
+ }
+
static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
{
int count;
- AEP_RV rv;
+ AEP_RV rv = AEP_R_OK;
*in_use = 0;
if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
case Connected:
rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
if (rv != AEP_R_OK)
- return rv;
+ goto end;
aep_app_conn_table[count].conn_state = NotConnected;
aep_app_conn_table[count].conn_hndl = 0;
break;
break;
}
}
+ end:
if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return AEP_R_OK;
+ return rv;
}
/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
Note only 32bit Openssl build support*/
-static AEP_RV GetBigNumSize(void* ArbBigNum, AEP_U32* BigNumSize)
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
{
BIGNUM* bn;
return AEP_R_OK;
}
-static AEP_RV MakeAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
unsigned char* AEP_BigNum)
{
BIGNUM* bn;
{
buf = (unsigned char*)&bn->d[i];
- *((AEP_U32*)AEP_BigNum) =
- (AEP_U32) ((unsigned) buf[1] << 8 | buf[0]) |
+ *((AEP_U32*)AEP_BigNum) = (AEP_U32)
+ ((unsigned) buf[1] << 8 | buf[0]) |
((unsigned) buf[3] << 8 | buf[2]) << 16;
AEP_BigNum += 4;