# endif
#endif
-#ifndef HAVE_CRYPTODEV
-
-void ENGINE_load_cryptodev(void)
-{
- /* This is a NOP on platforms without /dev/crypto */
- return;
-}
-
-#else
-
-# include <sys/types.h>
+#include <sys/types.h>
+#ifdef HAVE_CRYPTODEV
# include <crypto/cryptodev.h>
-# include <openssl/dh.h>
-# include <openssl/dsa.h>
-# include <openssl/err.h>
-# include <openssl/rsa.h>
# include <sys/ioctl.h>
# include <errno.h>
# include <stdio.h>
# include <syslog.h>
# include <errno.h>
# include <string.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+#ifndef HAVE_CRYPTODEV
+
+void ENGINE_load_cryptodev(void)
+{
+ /* This is a NOP on platforms without /dev/crypto */
+ return;
+}
+
+#else
struct dev_crypto_state {
struct session_op d_sess;
DSA *dsa);
static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
+#ifndef OPENSSL_NO_DH
static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh);
+#endif
static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void));
void ENGINE_load_cryptodev(void);
*/
/* RC4 */
-const EVP_CIPHER cryptodev_rc4 = {
+static const EVP_CIPHER cryptodev_rc4 = {
NID_rc4,
1, 16, 0,
EVP_CIPH_VARIABLE_LENGTH,
};
/* DES CBC EVP */
-const EVP_CIPHER cryptodev_des_cbc = {
+static const EVP_CIPHER cryptodev_des_cbc = {
NID_des_cbc,
8, 8, 8,
EVP_CIPH_CBC_MODE,
};
/* 3DES CBC EVP */
-const EVP_CIPHER cryptodev_3des_cbc = {
+static const EVP_CIPHER cryptodev_3des_cbc = {
NID_des_ede3_cbc,
8, 24, 8,
EVP_CIPH_CBC_MODE,
NULL
};
-const EVP_CIPHER cryptodev_bf_cbc = {
+static const EVP_CIPHER cryptodev_bf_cbc = {
NID_bf_cbc,
8, 16, 8,
EVP_CIPH_CBC_MODE,
NULL
};
-const EVP_CIPHER cryptodev_cast_cbc = {
+static const EVP_CIPHER cryptodev_cast_cbc = {
NID_cast5_cbc,
8, 16, 8,
EVP_CIPH_CBC_MODE,
NULL
};
-const EVP_CIPHER cryptodev_aes_cbc = {
+static const EVP_CIPHER cryptodev_aes_cbc = {
NID_aes_128_cbc,
16, 16, 16,
EVP_CIPH_CBC_MODE,
NULL
};
-const EVP_CIPHER cryptodev_aes_192_cbc = {
+static const EVP_CIPHER cryptodev_aes_192_cbc = {
NID_aes_192_cbc,
16, 24, 16,
EVP_CIPH_CBC_MODE,
NULL
};
-const EVP_CIPHER cryptodev_aes_256_cbc = {
+static const EVP_CIPHER cryptodev_aes_256_cbc = {
NID_aes_256_cbc,
16, 32, 16,
EVP_CIPH_CBC_MODE,
bits = BN_num_bits(a);
bytes = BN_num_bytes(a);
- b = OPENSSL_malloc(bytes);
+ b = OPENSSL_zalloc(bytes);
if (b == NULL)
return (1);
- memset(b, 0, bytes);
crp->crp_p = (caddr_t) b;
crp->crp_nbits = bits;
kop.crk_iparams = 3;
if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF asym process failed, Running in software\n");
ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
} else if (ECANCELED == kop.crk_status) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF hardware operation cancelled. Running in Software\n");
ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
}
kop.crk_iparams = 6;
if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF asym process failed, running in Software\n");
ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
} else if (ECANCELED == kop.crk_status) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF hardware operation cancelled. Running in Software\n");
ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
}
int ret = 0;
t2 = BN_new();
+ if (t2 == NULL)
+ goto err;
/* v = ( g^u1 * y^u2 mod p ) mod q */
/* let t1 = g ^ u1 mod p */
if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
BN_num_bytes(dsa->q), s) == 0) {
dsaret = DSA_SIG_new();
+ if (dsaret == NULL)
+ goto err;
dsaret->r = r;
dsaret->s = s;
} else {
NULL /* app_data */
};
+#ifndef OPENSSL_NO_DH
static int
cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
NULL /* app_data */
};
+#endif /* ndef OPENSSL_NO_DH */
+
/*
* ctrl right now is just a wrapper that doesn't do much
* but I expect we'll want some options soon.
}
if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+ const RSA_METHOD *rsa_meth = RSA_PKCS1_OpenSSL();
cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
}
+#ifndef OPENSSL_NO_DH
if (ENGINE_set_DH(engine, &cryptodev_dh)) {
const DH_METHOD *dh_meth = DH_OpenSSL();
cryptodev_dh.compute_key = cryptodev_dh_compute_key;
}
}
+#endif
ENGINE_add(engine);
ENGINE_free(engine);