engines/e_sureware.c

   1 /*-
   2 *  Written by Corinne Dive-Reclus(cdive@baltimore.com)
   3 *
   4 *
   5 * Redistribution and use in source and binary forms, with or without
   6 * modification, are permitted provided that the following conditions
   7 * are met:
   8 *
   9 * 1. Redistributions of source code must retain the above copyright
  10 *    notice, this list of conditions and the following disclaimer.
  11 *
  12 * 2. Redistributions in binary form must reproduce the above copyright
  13 *    notice, this list of conditions and the following disclaimer in
  14 *    the documentation and/or other materials provided with the
  15 *    distribution.
  16 *
  17 * 3. All advertising materials mentioning features or use of this
  18 *    software must display the following acknowledgment:
  19 *    "This product includes software developed by the OpenSSL Project
  20 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  21 *
  22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  23 *    endorse or promote products derived from this software without
  24 *    prior written permission. For written permission, please contact
  25 *    licensing@OpenSSL.org.
  26 *
  27 * 5. Products derived from this software may not be called "OpenSSL"
  28 *    nor may "OpenSSL" appear in their names without prior written
  29 *    permission of the OpenSSL Project.
  30 *
  31 * 6. Redistributions of any form whatsoever must retain the following
  32 *    acknowledgment:
  33 *    "This product includes software developed by the OpenSSL Project
  34 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  35 *
  36 * Written by Corinne Dive-Reclus(cdive@baltimore.com)
  37 *
  38 * Copyright@2001 Baltimore Technologies Ltd.
  39 * All right Reserved.
  40 *                                                                                      *
  41 *        THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND                 *
  42 *        ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
  43 *        IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE    *
  44 *        ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE           *
  45 *        FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL    *
  46 *        DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS       *
  47 *        OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)         *
  48 *        HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT    *
  49 *        LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY     *
  50 *        OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF        *
  51 *        SUCH DAMAGE.                                                                  *
  52 ====================================================================*/
  53
  54 #include <stdio.h>
  55 #include <string.h>
  56 #include <openssl/crypto.h>
  57 #include <openssl/pem.h>
  58 #include <openssl/dso.h>
  59 #include <openssl/engine.h>
  60 #include <openssl/rand.h>
  61 #ifndef OPENSSL_NO_RSA
  62 #include <openssl/rsa.h>
  63 #endif
  64 #ifndef OPENSSL_NO_DSA
  65 #include <openssl/dsa.h>
  66 #endif
  67 #ifndef OPENSSL_NO_DH
  68 #include <openssl/dh.h>
  69 #endif
  70 #include <openssl/bn.h>
  71
  72 #ifndef OPENSSL_NO_HW
  73 #ifndef OPENSSL_NO_HW_SUREWARE
  74
  75 #ifdef FLAT_INC
  76 #include "sureware.h"
  77 #else
  78 #include "vendor_defns/sureware.h"
  79 #endif
  80
  81 #define SUREWARE_LIB_NAME "sureware engine"
  82 #include "e_sureware_err.c"
  83
  84 static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
  85 static int surewarehk_destroy(ENGINE *e);
  86 static int surewarehk_init(ENGINE *e);
  87 static int surewarehk_finish(ENGINE *e);
  88 static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  89         const BIGNUM *m, BN_CTX *ctx);
  90
  91 /* RSA stuff */
  92 #ifndef OPENSSL_NO_RSA
  93 static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
  94                         RSA *rsa,int padding);
  95 static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
  96                             RSA *rsa,int padding);
  97 #endif
  98
  99 /* RAND stuff */
 100 static int surewarehk_rand_bytes(unsigned char *buf, int num);
 101 static void surewarehk_rand_seed(const void *buf, int num);
 102 static void surewarehk_rand_add(const void *buf, int num, double entropy);
 103
 104 /* KM stuff */
 105 static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
 106         UI_METHOD *ui_method, void *callback_data);
 107 static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
 108         UI_METHOD *ui_method, void *callback_data);
 109 static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 110         int idx,long argl, void *argp);
 111 #if 0
 112 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 113         int idx,long argl, void *argp);
 114 #endif
 115
 116 #ifndef OPENSSL_NO_RSA
 117 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 118 static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 119                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 120 {
 121         return surewarehk_modexp(r, a, p, m, ctx);
 122 }
 123
 124 /* Our internal RSA_METHOD that we provide pointers to */
 125 static RSA_METHOD surewarehk_rsa =
 126         {
 127         "SureWare RSA method",
 128         NULL, /* pub_enc*/
 129         NULL, /* pub_dec*/
 130         surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
 131         surewarehk_rsa_priv_dec, /* priv_dec*/
 132         NULL, /*mod_exp*/
 133         surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
 134         NULL, /* init*/
 135         NULL, /* finish*/
 136         0,      /* RSA flag*/
 137         NULL,
 138         NULL, /* OpenSSL sign*/
 139         NULL, /* OpenSSL verify*/
 140         NULL  /* keygen */
 141         };
 142 #endif
 143
 144 #ifndef OPENSSL_NO_DH
 145 /* Our internal DH_METHOD that we provide pointers to */
 146 /* This function is aliased to mod_exp (with the dh and mont dropped). */
 147 static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
 148         const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 149 {
 150         return surewarehk_modexp(r, a, p, m, ctx);
 151 }
 152
 153 static DH_METHOD surewarehk_dh =
 154         {
 155         "SureWare DH method",
 156         NULL,/*gen_key*/
 157         NULL,/*agree,*/
 158         surewarehk_modexp_dh, /*dh mod exp*/
 159         NULL, /* init*/
 160         NULL, /* finish*/
 161         0,    /* flags*/
 162         NULL,
 163         NULL
 164         };
 165 #endif
 166
 167 static RAND_METHOD surewarehk_rand =
 168         {
 169         /* "SureWare RAND method", */
 170         surewarehk_rand_seed,
 171         surewarehk_rand_bytes,
 172         NULL,/*cleanup*/
 173         surewarehk_rand_add,
 174         surewarehk_rand_bytes,
 175         NULL,/*rand_status*/
 176         };
 177
 178 #ifndef OPENSSL_NO_DSA
 179 /* DSA stuff */
 180 static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 181 static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 182                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
 183                 BN_CTX *ctx, BN_MONT_CTX *in_mont)
 184 {
 185         BIGNUM t;
 186         int to_return = 0;
 187         BN_init(&t);
 188         /* let rr = a1 ^ p1 mod m */
 189         if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
 190         /* let t = a2 ^ p2 mod m */
 191         if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
 192         /* let rr = rr * t mod m */
 193         if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
 194         to_return = 1;
 195 end:
 196         BN_free(&t);
 197         return to_return;
 198 }
 199
 200 static DSA_METHOD surewarehk_dsa =
 201         {
 202          "SureWare DSA method",
 203         surewarehk_dsa_do_sign,
 204         NULL,/*sign setup*/
 205         NULL,/*verify,*/
 206         surewarehk_dsa_mod_exp,/*mod exp*/
 207         NULL,/*bn mod exp*/
 208         NULL, /*init*/
 209         NULL,/*finish*/
 210         0,
 211         NULL,
 212         NULL,
 213         NULL
 214         };
 215 #endif
 216
 217 static const char *engine_sureware_id = "sureware";
 218 static const char *engine_sureware_name = "SureWare hardware engine support";
 219
 220 /* Now, to our own code */
 221
 222 /* As this is only ever called once, there's no need for locking
 223  * (indeed - the lock will already be held by our caller!!!) */
 224 static int bind_sureware(ENGINE *e)
 225 {
 226 #ifndef OPENSSL_NO_RSA
 227         const RSA_METHOD *meth1;
 228 #endif
 229 #ifndef OPENSSL_NO_DSA
 230         const DSA_METHOD *meth2;
 231 #endif
 232 #ifndef OPENSSL_NO_DH
 233         const DH_METHOD *meth3;
 234 #endif
 235
 236         if(!ENGINE_set_id(e, engine_sureware_id) ||
 237            !ENGINE_set_name(e, engine_sureware_name) ||
 238 #ifndef OPENSSL_NO_RSA
 239            !ENGINE_set_RSA(e, &surewarehk_rsa) ||
 240 #endif
 241 #ifndef OPENSSL_NO_DSA
 242            !ENGINE_set_DSA(e, &surewarehk_dsa) ||
 243 #endif
 244 #ifndef OPENSSL_NO_DH
 245            !ENGINE_set_DH(e, &surewarehk_dh) ||
 246 #endif
 247            !ENGINE_set_RAND(e, &surewarehk_rand) ||
 248            !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
 249            !ENGINE_set_init_function(e, surewarehk_init) ||
 250            !ENGINE_set_finish_function(e, surewarehk_finish) ||
 251            !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
 252            !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
 253            !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
 254           return 0;
 255
 256 #ifndef OPENSSL_NO_RSA
 257         /* We know that the "PKCS1_SSLeay()" functions hook properly
 258          * to the cswift-specific mod_exp and mod_exp_crt so we use
 259          * those functions. NB: We don't use ENGINE_openssl() or
 260          * anything "more generic" because something like the RSAref
 261          * code may not hook properly, and if you own one of these
 262          * cards then you have the right to do RSA operations on it
 263          * anyway! */
 264         meth1 = RSA_PKCS1_SSLeay();
 265         if (meth1)
 266         {
 267                 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
 268                 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
 269         }
 270 #endif
 271
 272 #ifndef OPENSSL_NO_DSA
 273         /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
 274          * bits. */
 275         meth2 = DSA_OpenSSL();
 276         if (meth2)
 277         {
 278                 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
 279         }
 280 #endif
 281
 282 #ifndef OPENSSL_NO_DH
 283         /* Much the same for Diffie-Hellman */
 284         meth3 = DH_OpenSSL();
 285         if (meth3)
 286         {
 287                 surewarehk_dh.generate_key = meth3->generate_key;
 288                 surewarehk_dh.compute_key = meth3->compute_key;
 289         }
 290 #endif
 291
 292         /* Ensure the sureware error handling is set up */
 293         ERR_load_SUREWARE_strings();
 294         return 1;
 295 }
 296
 297 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 298 static int bind_helper(ENGINE *e, const char *id)
 299         {
 300         if(id && (strcmp(id, engine_sureware_id) != 0))
 301                 return 0;
 302         if(!bind_sureware(e))
 303                 return 0;
 304         return 1;
 305         }
 306 IMPLEMENT_DYNAMIC_CHECK_FN()
 307 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
 308 #else
 309 static ENGINE *engine_sureware(void)
 310         {
 311         ENGINE *ret = ENGINE_new();
 312         if(!ret)
 313                 return NULL;
 314         if(!bind_sureware(ret))
 315                 {
 316                 ENGINE_free(ret);
 317                 return NULL;
 318                 }
 319         return ret;
 320         }
 321
 322 void ENGINE_load_sureware(void)
 323         {
 324         /* Copied from eng_[openssl|dyn].c */
 325         ENGINE *toadd = engine_sureware();
 326         if(!toadd) return;
 327         ENGINE_add(toadd);
 328         ENGINE_free(toadd);
 329         ERR_clear_error();
 330         }
 331 #endif
 332
 333 /* This is a process-global DSO handle used for loading and unloading
 334  * the SureWareHook library. NB: This is only set (or unset) during an
 335  * init() or finish() call (reference counts permitting) and they're
 336  * operating with global locks, so this should be thread-safe
 337  * implicitly. */
 338 static DSO *surewarehk_dso = NULL;
 339 #ifndef OPENSSL_NO_RSA
 340 /* Index for KM handle.  Not really used yet. */
 341 static int rsaHndidx = -1;
 342 #endif
 343 #ifndef OPENSSL_NO_DSA
 344 /* Index for KM handle.  Not really used yet. */
 345 static int dsaHndidx = -1;
 346 #endif
 347
 348 /* These are the function pointers that are (un)set when the library has
 349  * successfully (un)loaded. */
 350 static SureWareHook_Init_t *p_surewarehk_Init = NULL;
 351 static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
 352 static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
 353 static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
 354 static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
 355 static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
 356 static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
 357 static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
 358 static SureWareHook_Free_t *p_surewarehk_Free=NULL;
 359 static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
 360 static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
 361 static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
 362 static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
 363
 364 /* Used in the DSO operations. */
 365 static const char *surewarehk_LIBNAME = "SureWareHook";
 366 static const char *n_surewarehk_Init = "SureWareHook_Init";
 367 static const char *n_surewarehk_Finish = "SureWareHook_Finish";
 368 static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
 369 static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
 370 static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
 371 static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
 372 static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
 373 static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
 374 static const char *n_surewarehk_Free="SureWareHook_Free";
 375 static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
 376 static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
 377 static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
 378 static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
 379 static BIO *logstream = NULL;
 380
 381 /* SureWareHook library functions and mechanics - these are used by the
 382  * higher-level functions further down. NB: As and where there's no
 383  * error checking, take a look lower down where these functions are
 384  * called, the checking and error handling is probably down there.
 385 */
 386 static int threadsafe=1;
 387 static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 388 {
 389         int to_return = 1;
 390
 391         switch(cmd)
 392         {
 393                 case ENGINE_CTRL_SET_LOGSTREAM:
 394                 {
 395                         BIO *bio = (BIO *)p;
 396                         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 397                         if (logstream)
 398                         {
 399                                 BIO_free(logstream);
 400                                 logstream = NULL;
 401                         }
 402                         if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
 403                                 logstream = bio;
 404                         else
 405                                 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
 406                 }
 407                 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 408                 break;
 409         /* This will prevent the initialisation function from "installing"
 410          * the mutex-handling callbacks, even if they are available from
 411          * within the library (or were provided to the library from the
 412          * calling application). This is to remove any baggage for
 413          * applications not using multithreading. */
 414         case ENGINE_CTRL_CHIL_NO_LOCKING:
 415                 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 416                 threadsafe = 0;
 417                 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 418                 break;
 419
 420         /* The command isn't understood by this engine */
 421         default:
 422                 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
 423                         ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
 424                 to_return = 0;
 425                 break;
 426                 }
 427
 428         return to_return;
 429 }
 430
 431 /* Destructor (complements the "ENGINE_surewarehk()" constructor) */
 432 static int surewarehk_destroy(ENGINE *e)
 433 {
 434         ERR_unload_SUREWARE_strings();
 435         return 1;
 436 }
 437
 438 /* (de)initialisation functions. */
 439 static int surewarehk_init(ENGINE *e)
 440 {
 441         char msg[64]="ENGINE_init";
 442         SureWareHook_Init_t *p1=NULL;
 443         SureWareHook_Finish_t *p2=NULL;
 444         SureWareHook_Rand_Bytes_t *p3=NULL;
 445         SureWareHook_Rand_Seed_t *p4=NULL;
 446         SureWareHook_Load_Privkey_t *p5=NULL;
 447         SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
 448         SureWareHook_Free_t *p7=NULL;
 449         SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
 450         SureWareHook_Rsa_Sign_t *p9=NULL;
 451         SureWareHook_Dsa_Sign_t *p12=NULL;
 452         SureWareHook_Info_Pubkey_t *p13=NULL;
 453         SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
 454         SureWareHook_Mod_Exp_t *p15=NULL;
 455
 456         if(surewarehk_dso != NULL)
 457         {
 458                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
 459                 goto err;
 460         }
 461         /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
 462         surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
 463         if(surewarehk_dso == NULL)
 464         {
 465                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
 466                 goto err;
 467         }
 468         if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
 469            !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
 470            !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
 471            !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
 472            !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
 473            !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
 474            !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
 475            !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
 476            !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
 477            !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
 478            !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
 479            !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
 480            !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
 481         {
 482                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
 483                 goto err;
 484         }
 485         /* Copy the pointers */
 486         p_surewarehk_Init = p1;
 487         p_surewarehk_Finish = p2;
 488         p_surewarehk_Rand_Bytes = p3;
 489         p_surewarehk_Rand_Seed = p4;
 490         p_surewarehk_Load_Privkey = p5;
 491         p_surewarehk_Load_Rsa_Pubkey = p6;
 492         p_surewarehk_Free = p7;
 493         p_surewarehk_Rsa_Priv_Dec = p8;
 494         p_surewarehk_Rsa_Sign = p9;
 495         p_surewarehk_Dsa_Sign = p12;
 496         p_surewarehk_Info_Pubkey = p13;
 497         p_surewarehk_Load_Dsa_Pubkey = p14;
 498         p_surewarehk_Mod_Exp = p15;
 499         /* Contact the hardware and initialises it. */
 500         if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
 501         {
 502                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
 503                 goto err;
 504         }
 505         if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
 506         {
 507                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
 508                 goto err;
 509         }
 510         /* try to load the default private key, if failed does not return a failure but
 511            wait for an explicit ENGINE_load_privakey */
 512         surewarehk_load_privkey(e,NULL,NULL,NULL);
 513
 514         /* Everything's fine. */
 515 #ifndef OPENSSL_NO_RSA
 516         if (rsaHndidx == -1)
 517                 rsaHndidx = RSA_get_ex_new_index(0,
 518                                                 "SureWareHook RSA key handle",
 519                                                 NULL, NULL, surewarehk_ex_free);
 520 #endif
 521 #ifndef OPENSSL_NO_DSA
 522         if (dsaHndidx == -1)
 523                 dsaHndidx = DSA_get_ex_new_index(0,
 524                                                 "SureWareHook DSA key handle",
 525                                                 NULL, NULL, surewarehk_ex_free);
 526 #endif
 527
 528         return 1;
 529 err:
 530         if(surewarehk_dso)
 531                 DSO_free(surewarehk_dso);
 532         surewarehk_dso = NULL;
 533         p_surewarehk_Init = NULL;
 534         p_surewarehk_Finish = NULL;
 535         p_surewarehk_Rand_Bytes = NULL;
 536         p_surewarehk_Rand_Seed = NULL;
 537         p_surewarehk_Load_Privkey = NULL;
 538         p_surewarehk_Load_Rsa_Pubkey = NULL;
 539         p_surewarehk_Free = NULL;
 540         p_surewarehk_Rsa_Priv_Dec = NULL;
 541         p_surewarehk_Rsa_Sign = NULL;
 542         p_surewarehk_Dsa_Sign = NULL;
 543         p_surewarehk_Info_Pubkey = NULL;
 544         p_surewarehk_Load_Dsa_Pubkey = NULL;
 545         p_surewarehk_Mod_Exp = NULL;
 546         return 0;
 547 }
 548
 549 static int surewarehk_finish(ENGINE *e)
 550 {
 551         int to_return = 1;
 552         if(surewarehk_dso == NULL)
 553                 {
 554                 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
 555                 to_return = 0;
 556                 goto err;
 557                 }
 558         p_surewarehk_Finish();
 559         if(!DSO_free(surewarehk_dso))
 560                 {
 561                 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
 562                 to_return = 0;
 563                 goto err;
 564                 }
 565  err:
 566         if (logstream)
 567                 BIO_free(logstream);
 568         surewarehk_dso = NULL;
 569         p_surewarehk_Init = NULL;
 570         p_surewarehk_Finish = NULL;
 571         p_surewarehk_Rand_Bytes = NULL;
 572         p_surewarehk_Rand_Seed = NULL;
 573         p_surewarehk_Load_Privkey = NULL;
 574         p_surewarehk_Load_Rsa_Pubkey = NULL;
 575         p_surewarehk_Free = NULL;
 576         p_surewarehk_Rsa_Priv_Dec = NULL;
 577         p_surewarehk_Rsa_Sign = NULL;
 578         p_surewarehk_Dsa_Sign = NULL;
 579         p_surewarehk_Info_Pubkey = NULL;
 580         p_surewarehk_Load_Dsa_Pubkey = NULL;
 581         p_surewarehk_Mod_Exp = NULL;
 582         return to_return;
 583 }
 584
 585 static void surewarehk_error_handling(char *const msg,int func,int ret)
 586 {
 587         switch (ret)
 588         {
 589                 case SUREWAREHOOK_ERROR_UNIT_FAILURE:
 590                         ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
 591                         break;
 592                 case SUREWAREHOOK_ERROR_FALLBACK:
 593                         ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
 594                         break;
 595                 case SUREWAREHOOK_ERROR_DATA_SIZE:
 596                         ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
 597                         break;
 598                 case SUREWAREHOOK_ERROR_INVALID_PAD:
 599                         ENGINEerr(func,SUREWARE_R_PADDING_CHECK_FAILED);
 600                         break;
 601                 default:
 602                         ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
 603                         break;
 604                 case 1:/*nothing*/
 605                         msg[0]='\0';
 606         }
 607         if (*msg)
 608         {
 609                 ERR_add_error_data(1,msg);
 610                 if (logstream)
 611                 {
 612                         CRYPTO_w_lock(CRYPTO_LOCK_BIO);
 613                         BIO_write(logstream, msg, strlen(msg));
 614                         CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
 615                 }
 616         }
 617 }
 618
 619 static int surewarehk_rand_bytes(unsigned char *buf, int num)
 620 {
 621         int ret=0;
 622         char msg[64]="ENGINE_rand_bytes";
 623         if(!p_surewarehk_Rand_Bytes)
 624         {
 625                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
 626         }
 627         else
 628         {
 629                 ret = p_surewarehk_Rand_Bytes(msg,buf, num);
 630                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
 631         }
 632         return ret==1 ? 1 : 0;
 633 }
 634
 635 static void surewarehk_rand_seed(const void *buf, int num)
 636 {
 637         int ret=0;
 638         char msg[64]="ENGINE_rand_seed";
 639         if(!p_surewarehk_Rand_Seed)
 640         {
 641                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
 642         }
 643         else
 644         {
 645                 ret = p_surewarehk_Rand_Seed(msg,buf, num);
 646                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
 647         }
 648 }
 649
 650 static void surewarehk_rand_add(const void *buf, int num, double entropy)
 651 {
 652         surewarehk_rand_seed(buf,num);
 653 }
 654
 655 static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
 656 {
 657         EVP_PKEY *res = NULL;
 658 #ifndef OPENSSL_NO_RSA
 659         RSA *rsatmp = NULL;
 660 #endif
 661 #ifndef OPENSSL_NO_DSA
 662         DSA *dsatmp=NULL;
 663 #endif
 664         char msg[64]="sureware_load_public";
 665         int ret=0;
 666         if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
 667         {
 668                 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
 669                 goto err;
 670         }
 671         switch (keytype)
 672         {
 673 #ifndef OPENSSL_NO_RSA
 674         case 1: /*RSA*/
 675                 /* set private external reference */
 676                 rsatmp = RSA_new_method(e);
 677                 RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
 678                 rsatmp->flags |= RSA_FLAG_EXT_PKEY;
 679
 680                 /* set public big nums*/
 681                 rsatmp->e = BN_new();
 682                 rsatmp->n = BN_new();
 683                 bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
 684                 bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
 685                 if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
 686                         !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
 687                         goto err;
 688                 ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
 689                                                  (unsigned long *)rsatmp->n->d,
 690                                                  (unsigned long *)rsatmp->e->d);
 691                 surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
 692                 if (ret!=1)
 693                 {
 694                         SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 695                         goto err;
 696                 }
 697                 /* normalise pub e and pub n */
 698                 rsatmp->e->top=el/sizeof(BN_ULONG);
 699                 bn_fix_top(rsatmp->e);
 700                 rsatmp->n->top=el/sizeof(BN_ULONG);
 701                 bn_fix_top(rsatmp->n);
 702                 /* create an EVP object: engine + rsa key */
 703                 res = EVP_PKEY_new();
 704                 EVP_PKEY_assign_RSA(res, rsatmp);
 705                 break;
 706 #endif
 707
 708 #ifndef OPENSSL_NO_DSA
 709         case 2:/*DSA*/
 710                 /* set private/public external reference */
 711                 dsatmp = DSA_new_method(e);
 712                 DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
 713                 /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
 714
 715                 /* set public key*/
 716                 dsatmp->pub_key = BN_new();
 717                 dsatmp->p = BN_new();
 718                 dsatmp->q = BN_new();
 719                 dsatmp->g = BN_new();
 720                 bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
 721                 bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
 722                 bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
 723                 bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
 724                 if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
 725                         !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
 726                         !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
 727                         !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
 728                         goto err;
 729
 730                 ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
 731                                                  (unsigned long *)dsatmp->pub_key->d,
 732                                                  (unsigned long *)dsatmp->p->d,
 733                                                  (unsigned long *)dsatmp->q->d,
 734                                                  (unsigned long *)dsatmp->g->d);
 735                 surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
 736                 if (ret!=1)
 737                 {
 738                         SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 739                         goto err;
 740                 }
 741                 /* set parameters */
 742                 /* normalise pubkey and parameters in case of */
 743                 dsatmp->pub_key->top=el/sizeof(BN_ULONG);
 744                 bn_fix_top(dsatmp->pub_key);
 745                 dsatmp->p->top=el/sizeof(BN_ULONG);
 746                 bn_fix_top(dsatmp->p);
 747                 dsatmp->q->top=20/sizeof(BN_ULONG);
 748                 bn_fix_top(dsatmp->q);
 749                 dsatmp->g->top=el/sizeof(BN_ULONG);
 750                 bn_fix_top(dsatmp->g);
 751
 752                 /* create an EVP object: engine + rsa key */
 753                 res = EVP_PKEY_new();
 754                 EVP_PKEY_assign_DSA(res, dsatmp);
 755                 break;
 756 #endif
 757
 758         default:
 759                 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
 760                 goto err;
 761         }
 762         return res;
 763  err:
 764 #ifndef OPENSSL_NO_RSA
 765         if (rsatmp)
 766                 RSA_free(rsatmp);
 767 #endif
 768 #ifndef OPENSSL_NO_DSA
 769         if (dsatmp)
 770                 DSA_free(dsatmp);
 771 #endif
 772         return NULL;
 773 }
 774
 775 static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
 776                                          UI_METHOD *ui_method, void *callback_data)
 777 {
 778         EVP_PKEY *res = NULL;
 779         int ret=0;
 780         unsigned long el=0;
 781         char *hptr=NULL;
 782         char keytype=0;
 783         char msg[64]="ENGINE_load_privkey";
 784
 785         if(!p_surewarehk_Load_Privkey)
 786         {
 787                 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_NOT_INITIALISED);
 788         }
 789         else
 790         {
 791                 ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
 792                 if (ret!=1)
 793                 {
 794                         SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
 795                         ERR_add_error_data(1,msg);
 796                 }
 797                 else
 798                         res=sureware_load_public(e,key_id,hptr,el,keytype);
 799         }
 800         return res;
 801 }
 802
 803 static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
 804                                          UI_METHOD *ui_method, void *callback_data)
 805 {
 806         EVP_PKEY *res = NULL;
 807         int ret=0;
 808         unsigned long el=0;
 809         char *hptr=NULL;
 810         char keytype=0;
 811         char msg[64]="ENGINE_load_pubkey";
 812
 813         if(!p_surewarehk_Info_Pubkey)
 814         {
 815                 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_NOT_INITIALISED);
 816         }
 817         else
 818         {
 819                 /* call once to identify if DSA or RSA */
 820                 ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
 821                 if (ret!=1)
 822                 {
 823                         SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 824                         ERR_add_error_data(1,msg);
 825                 }
 826                 else
 827                         res=sureware_load_public(e,key_id,hptr,el,keytype);
 828         }
 829         return res;
 830 }
 831
 832 /* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
 833 , called when ex_data is freed */
 834 static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 835         int idx,long argl, void *argp)
 836 {
 837         if(!p_surewarehk_Free)
 838         {
 839                 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
 840         }
 841         else
 842                 p_surewarehk_Free((char *)item,0);
 843 }
 844
 845 #if 0
 846 /* not currently used (bug?) */
 847 /* This cleans up an DH KM key (destroys the key into hardware),
 848 called when ex_data is freed */
 849 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 850         int idx,long argl, void *argp)
 851 {
 852         if(!p_surewarehk_Free)
 853         {
 854                 SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,ENGINE_R_NOT_INITIALISED);
 855         }
 856         else
 857                 p_surewarehk_Free((char *)item,1);
 858 }
 859 #endif
 860
 861 /*
 862 * return number of decrypted bytes
 863 */
 864 #ifndef OPENSSL_NO_RSA
 865 static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
 866                         RSA *rsa,int padding)
 867 {
 868         int ret=0,tlen;
 869         char *buf=NULL,*hptr=NULL;
 870         char msg[64]="ENGINE_rsa_priv_dec";
 871         if (!p_surewarehk_Rsa_Priv_Dec)
 872         {
 873                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
 874         }
 875         /* extract ref to private key */
 876         else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
 877         {
 878                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
 879                 goto err;
 880         }
 881         /* analyse what padding we can do into the hardware */
 882         if (padding==RSA_PKCS1_PADDING)
 883         {
 884                 /* do it one shot */
 885                 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
 886                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
 887                 if (ret!=1)
 888                         goto err;
 889                 ret=tlen;
 890         }
 891         else /* do with no padding into hardware */
 892         {
 893                 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
 894                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
 895                 if (ret!=1)
 896                         goto err;
 897                 /* intermediate buffer for padding */
 898                 if ((buf=OPENSSL_malloc(tlen)) == NULL)
 899                 {
 900                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
 901                         goto err;
 902                 }
 903                 memcpy(buf,to,tlen);/* transfert to into buf */
 904                 switch (padding) /* check padding in software */
 905                 {
 906 #ifndef OPENSSL_NO_SHA
 907                 case RSA_PKCS1_OAEP_PADDING:
 908                         ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
 909                         break;
 910 #endif
 911                 case RSA_SSLV23_PADDING:
 912                         ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
 913                         break;
 914                 case RSA_NO_PADDING:
 915                         ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
 916                         break;
 917                 default:
 918                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE);
 919                         goto err;
 920                 }
 921                 if (ret < 0)
 922                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED);
 923         }
 924 err:
 925         if (buf)
 926         {
 927                 OPENSSL_cleanse(buf,tlen);
 928                 OPENSSL_free(buf);
 929         }
 930         return ret;
 931 }
 932
 933 /*
 934 * Does what OpenSSL rsa_priv_enc does.
 935 */
 936 static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
 937                             RSA *rsa,int padding)
 938 {
 939         int ret=0,tlen;
 940         char *hptr=NULL;
 941         char msg[64]="ENGINE_rsa_sign";
 942         if (!p_surewarehk_Rsa_Sign)
 943         {
 944                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED);
 945         }
 946         /* extract ref to private key */
 947         else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
 948         {
 949                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
 950         }
 951         else
 952         {
 953                 switch (padding)
 954                 {
 955                 case RSA_PKCS1_PADDING: /* do it in one shot */
 956                         ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
 957                         surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret);
 958                         break;
 959                 case RSA_NO_PADDING:
 960                 default:
 961                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE);
 962                 }
 963         }
 964         return ret==1 ? tlen : ret;
 965 }
 966
 967 #endif
 968
 969 #ifndef OPENSSL_NO_DSA
 970 /* DSA sign and verify */
 971 static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
 972 {
 973         int ret=0;
 974         char *hptr=NULL;
 975         DSA_SIG *psign=NULL;
 976         char msg[64]="ENGINE_dsa_do_sign";
 977         if (!p_surewarehk_Dsa_Sign)
 978         {
 979                 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
 980                 goto err;
 981         }
 982         /* extract ref to private key */
 983         else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
 984         {
 985                 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
 986                 goto err;
 987         }
 988         else
 989         {
 990                 if((psign = DSA_SIG_new()) == NULL)
 991                 {
 992                         SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
 993                         goto err;
 994                 }
 995                 psign->r=BN_new();
 996                 psign->s=BN_new();
 997                 bn_expand2(psign->r, 20/sizeof(BN_ULONG));
 998                 bn_expand2(psign->s, 20/sizeof(BN_ULONG));
 999                 if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
1000                         !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
1001                         goto err;
1002                 ret=p_surewarehk_Dsa_Sign(msg,flen,from,
1003                                           (unsigned long *)psign->r->d,
1004                                           (unsigned long *)psign->s->d,
1005                                           hptr);
1006                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
1007         }
1008         psign->r->top=20/sizeof(BN_ULONG);
1009         bn_fix_top(psign->r);
1010         psign->s->top=20/sizeof(BN_ULONG);
1011         bn_fix_top(psign->s);
1012
1013 err:
1014         if (psign)
1015         {
1016                 DSA_SIG_free(psign);
1017                 psign=NULL;
1018         }
1019         return psign;
1020 }
1021 #endif
1022
1023 static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1024                              const BIGNUM *m, BN_CTX *ctx)
1025 {
1026         int ret=0;
1027         char msg[64]="ENGINE_modexp";
1028         if (!p_surewarehk_Mod_Exp)
1029         {
1030                 SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP,ENGINE_R_NOT_INITIALISED);
1031         }
1032         else
1033         {
1034                 bn_expand2(r,m->top);
1035                 if (r && r->dmax==m->top)
1036                 {
1037                         /* do it*/
1038                         ret=p_surewarehk_Mod_Exp(msg,
1039                                                  m->top*sizeof(BN_ULONG),
1040                                                  (unsigned long *)m->d,
1041                                                  p->top*sizeof(BN_ULONG),
1042                                                  (unsigned long *)p->d,
1043                                                  a->top*sizeof(BN_ULONG),
1044                                                  (unsigned long *)a->d,
1045                                                  (unsigned long *)r->d);
1046                         surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MODEXP,ret);
1047                         if (ret==1)
1048                         {
1049                                 /* normalise result */
1050                                 r->top=m->top;
1051                                 bn_fix_top(r);
1052                         }
1053                 }
1054         }
1055         return ret;
1056 }
1057 #endif /* !OPENSSL_NO_HW_SureWare */
1058 #endif /* !OPENSSL_NO_HW */