/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
- * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org)
* for the OpenSSL project 2000.
*/
/* ====================================================================
#include <openssl/engine.h>
#include <openssl/ui.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_CHIL
-/* Attribution notice: nCipher have said several times that it's OK for
+/*-
+ * Attribution notice: nCipher have said several times that it's OK for
* us to implement a general interface to their boxes, and recently declared
* their HWCryptoHook to be public, and therefore available for us to use.
* Thanks, nCipher.
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
+#endif
#ifndef OPENSSL_NO_DH
/* DH stuff */
UI_METHOD *ui_method, void *callback_data);
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp);
/* Interaction stuff */
static int hwcrhk_insert_card(const char *prompt_info,
ENGINE_CMD_FLAG_STRING},
{HWCRHK_CMD_FORK_CHECK,
"FORK_CHECK",
- "Turns fork() checking on or off (boolean)",
+ "Turns fork() checking on (non-zero) or off (zero)",
ENGINE_CMD_FLAG_NUMERIC},
{HWCRHK_CMD_THREAD_LOCKING,
"THREAD_LOCKING",
- "Turns thread-safe locking on or off (boolean)",
+ "Turns thread-safe locking on (zero) or off (non-zero)",
ENGINE_CMD_FLAG_NUMERIC},
{HWCRHK_CMD_SET_USER_INTERFACE,
"SET_USER_INTERFACE",
hwcrhk_rsa_mod_exp,
hwcrhk_mod_exp_mont,
NULL,
- NULL,
+ hwcrhk_rsa_finish,
0,
NULL,
NULL,
/* Constants used when creating the ENGINE */
static const char *engine_hwcrhk_id = "chil";
static const char *engine_hwcrhk_name = "CHIL hardware engine support";
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Compatibility hack, the dynamic library uses this form in the path */
static const char *engine_hwcrhk_id_alt = "ncipher";
+#endif
/* Internal stuff for HWCryptoHook */
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
}
- else if (CRYPTO_get_locking_callback() != NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
- ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
- goto err;
- }
}
/* Try and get a context - if not, we may have a DSO but no
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
- NULL, NULL, hwcrhk_ex_free);
+ NULL, NULL, NULL);
#endif
return 1;
err:
#if !defined(OPENSSL_NO_RSA)
char tempbuf[1024];
HWCryptoHook_ErrMsgBuf rmsg;
-#endif
HWCryptoHook_PassphraseContext ppctx;
+#endif
#if !defined(OPENSSL_NO_RSA)
rmsg.buf = tempbuf;
return res;
err:
- if (res)
- EVP_PKEY_free(res);
#ifndef OPENSSL_NO_RSA
if (rtmp)
RSA_free(rtmp);
}
#endif
+#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
return hwcrhk_mod_exp(r, a, p, m, ctx);
}
+static int hwcrhk_rsa_finish(RSA *rsa)
+ {
+ HWCryptoHook_RSAKeyHandle *hptr;
+
+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (hptr)
+ {
+ p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+ }
+ return 1;
+ }
+
+#endif
+
#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
return 1;
}
-/* This cleans up an RSA KM key, called when ex_data is freed */
-
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp)
-{
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
- int ret;
-#endif
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
-#ifndef OPENSSL_NO_RSA
- hptr = (HWCryptoHook_RSAKeyHandle *) item;
- if(hptr)
- {
- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
- OPENSSL_free(hptr);
- }
-#endif
-}
-
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
* these just wrap the POSIX functions and add some logging.
*/
pem_password_cb *callback = NULL;
void *callback_data = NULL;
UI_METHOD *ui_method = NULL;
+ /* Despite what the documentation says prompt_info can be
+ * an empty string.
+ */
+ if (prompt_info && !*prompt_info)
+ prompt_info = NULL;
if (cactx)
{
{
char answer;
char buf[BUFSIZ];
-
- if (wrong_info)
+ /* Despite what the documentation says wrong_info can be
+ * an empty string.
+ */
+ if (wrong_info && *wrong_info)
BIO_snprintf(buf, sizeof(buf)-1,
"Current card: \"%s\"\n", wrong_info);
+ else
+ buf[0] = 0;
ok = UI_dup_info_string(ui, buf);
if (ok >= 0 && prompt_info)
{
projects / openssl.git / blobdiff