engines/e_sureware.c

   1 /*-
   2 *  Written by Corinne Dive-Reclus(cdive@baltimore.com)
   3 *
   4 *
   5 * Redistribution and use in source and binary forms, with or without
   6 * modification, are permitted provided that the following conditions
   7 * are met:
   8 *
   9 * 1. Redistributions of source code must retain the above copyright
  10 *    notice, this list of conditions and the following disclaimer.
  11 *
  12 * 2. Redistributions in binary form must reproduce the above copyright
  13 *    notice, this list of conditions and the following disclaimer in
  14 *    the documentation and/or other materials provided with the
  15 *    distribution.
  16 *
  17 * 3. All advertising materials mentioning features or use of this
  18 *    software must display the following acknowledgment:
  19 *    "This product includes software developed by the OpenSSL Project
  20 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  21 *
  22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  23 *    endorse or promote products derived from this software without
  24 *    prior written permission. For written permission, please contact
  25 *    licensing@OpenSSL.org.
  26 *
  27 * 5. Products derived from this software may not be called "OpenSSL"
  28 *    nor may "OpenSSL" appear in their names without prior written
  29 *    permission of the OpenSSL Project.
  30 *
  31 * 6. Redistributions of any form whatsoever must retain the following
  32 *    acknowledgment:
  33 *    "This product includes software developed by the OpenSSL Project
  34 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  35 *
  36 * Written by Corinne Dive-Reclus(cdive@baltimore.com)
  37 *
  38 * Copyright@2001 Baltimore Technologies Ltd.
  39 * All right Reserved.
  40 *                                                                                      *
  41 *        THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND                 *
  42 *        ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE         *
  43 *        IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE    *
  44 *        ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE           *
  45 *        FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL    *
  46 *        DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS       *
  47 *        OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)         *
  48 *        HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT    *
  49 *        LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY     *
  50 *        OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF        *
  51 *        SUCH DAMAGE.                                                                  *
  52 ====================================================================*/
  53
  54 #include <stdio.h>
  55 #include <string.h>
  56 #include <openssl/crypto.h>
  57 #include <openssl/pem.h>
  58 #include <openssl/dso.h>
  59 #include <openssl/engine.h>
  60 #include <openssl/rand.h>
  61 #ifndef OPENSSL_NO_RSA
  62 #include <openssl/rsa.h>
  63 #endif
  64 #ifndef OPENSSL_NO_DSA
  65 #include <openssl/dsa.h>
  66 #endif
  67 #ifndef OPENSSL_NO_DH
  68 #include <openssl/dh.h>
  69 #endif
  70 #include <openssl/bn.h>
  71
  72 #ifndef OPENSSL_NO_HW
  73 #ifndef OPENSSL_NO_HW_SUREWARE
  74
  75 #ifdef FLAT_INC
  76 #include "sureware.h"
  77 #else
  78 #include "vendor_defns/sureware.h"
  79 #endif
  80
  81 #define SUREWARE_LIB_NAME "sureware engine"
  82 #include "e_sureware_err.c"
  83
  84 static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
  85 static int surewarehk_destroy(ENGINE *e);
  86 static int surewarehk_init(ENGINE *e);
  87 static int surewarehk_finish(ENGINE *e);
  88 static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  89         const BIGNUM *m, BN_CTX *ctx);
  90
  91 /* RSA stuff */
  92 #ifndef OPENSSL_NO_RSA
  93 static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
  94                         RSA *rsa,int padding);
  95 static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
  96                             RSA *rsa,int padding);
  97 #endif
  98
  99 /* RAND stuff */
 100 static int surewarehk_rand_bytes(unsigned char *buf, int num);
 101 static int surewarehk_rand_seed(const void *buf, int num);
 102 static int surewarehk_rand_add(const void *buf, int num, double entropy);
 103
 104 /* KM stuff */
 105 static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
 106         UI_METHOD *ui_method, void *callback_data);
 107 static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
 108         UI_METHOD *ui_method, void *callback_data);
 109 static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 110         int idx,long argl, void *argp);
 111 #if 0
 112 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 113         int idx,long argl, void *argp);
 114 #endif
 115
 116 #ifndef OPENSSL_NO_RSA
 117 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 118 static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 119                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 120 {
 121         return surewarehk_modexp(r, a, p, m, ctx);
 122 }
 123
 124 /* Our internal RSA_METHOD that we provide pointers to */
 125 static RSA_METHOD surewarehk_rsa =
 126         {
 127         "SureWare RSA method",
 128         NULL, /* pub_enc*/
 129         NULL, /* pub_dec*/
 130         surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
 131         surewarehk_rsa_priv_dec, /* priv_dec*/
 132         NULL, /*mod_exp*/
 133         surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
 134         NULL, /* init*/
 135         NULL, /* finish*/
 136         0,      /* RSA flag*/
 137         NULL,
 138         NULL, /* OpenSSL sign*/
 139         NULL, /* OpenSSL verify*/
 140         NULL  /* keygen */
 141         };
 142 #endif
 143
 144 #ifndef OPENSSL_NO_DH
 145 /* Our internal DH_METHOD that we provide pointers to */
 146 /* This function is aliased to mod_exp (with the dh and mont dropped). */
 147 static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
 148         const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 149 {
 150         return surewarehk_modexp(r, a, p, m, ctx);
 151 }
 152
 153 static DH_METHOD surewarehk_dh =
 154         {
 155         "SureWare DH method",
 156         NULL,/*gen_key*/
 157         NULL,/*agree,*/
 158         surewarehk_modexp_dh, /*dh mod exp*/
 159         NULL, /* init*/
 160         NULL, /* finish*/
 161         0,    /* flags*/
 162         NULL,
 163         NULL
 164         };
 165 #endif
 166
 167 static RAND_METHOD surewarehk_rand =
 168         {
 169         /* "SureWare RAND method", */
 170         surewarehk_rand_seed,
 171         surewarehk_rand_bytes,
 172         NULL,/*cleanup*/
 173         surewarehk_rand_add,
 174         surewarehk_rand_bytes,
 175         NULL,/*rand_status*/
 176         };
 177
 178 #ifndef OPENSSL_NO_DSA
 179 /* DSA stuff */
 180 static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 181 static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 182                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
 183                 BN_CTX *ctx, BN_MONT_CTX *in_mont)
 184 {
 185         BIGNUM t;
 186         int to_return = 0;
 187         BN_init(&t);
 188         /* let rr = a1 ^ p1 mod m */
 189         if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
 190         /* let t = a2 ^ p2 mod m */
 191         if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
 192         /* let rr = rr * t mod m */
 193         if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
 194         to_return = 1;
 195 end:
 196         BN_free(&t);
 197         return to_return;
 198 }
 199
 200 static DSA_METHOD surewarehk_dsa =
 201         {
 202          "SureWare DSA method",
 203         surewarehk_dsa_do_sign,
 204         NULL,/*sign setup*/
 205         NULL,/*verify,*/
 206         surewarehk_dsa_mod_exp,/*mod exp*/
 207         NULL,/*bn mod exp*/
 208         NULL, /*init*/
 209         NULL,/*finish*/
 210         0,
 211         NULL,
 212         NULL,
 213         NULL
 214         };
 215 #endif
 216
 217 static const char *engine_sureware_id = "sureware";
 218 static const char *engine_sureware_name = "SureWare hardware engine support";
 219
 220 /* Now, to our own code */
 221
 222 /* As this is only ever called once, there's no need for locking
 223  * (indeed - the lock will already be held by our caller!!!) */
 224 static int bind_sureware(ENGINE *e)
 225 {
 226 #ifndef OPENSSL_NO_RSA
 227         const RSA_METHOD *meth1;
 228 #endif
 229 #ifndef OPENSSL_NO_DSA
 230         const DSA_METHOD *meth2;
 231 #endif
 232 #ifndef OPENSSL_NO_DH
 233         const DH_METHOD *meth3;
 234 #endif
 235
 236         if(!ENGINE_set_id(e, engine_sureware_id) ||
 237            !ENGINE_set_name(e, engine_sureware_name) ||
 238 #ifndef OPENSSL_NO_RSA
 239            !ENGINE_set_RSA(e, &surewarehk_rsa) ||
 240 #endif
 241 #ifndef OPENSSL_NO_DSA
 242            !ENGINE_set_DSA(e, &surewarehk_dsa) ||
 243 #endif
 244 #ifndef OPENSSL_NO_DH
 245            !ENGINE_set_DH(e, &surewarehk_dh) ||
 246 #endif
 247            !ENGINE_set_RAND(e, &surewarehk_rand) ||
 248            !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
 249            !ENGINE_set_init_function(e, surewarehk_init) ||
 250            !ENGINE_set_finish_function(e, surewarehk_finish) ||
 251            !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
 252            !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
 253            !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
 254           return 0;
 255
 256 #ifndef OPENSSL_NO_RSA
 257         /* We know that the "PKCS1_SSLeay()" functions hook properly
 258          * to the cswift-specific mod_exp and mod_exp_crt so we use
 259          * those functions. NB: We don't use ENGINE_openssl() or
 260          * anything "more generic" because something like the RSAref
 261          * code may not hook properly, and if you own one of these
 262          * cards then you have the right to do RSA operations on it
 263          * anyway! */
 264         meth1 = RSA_PKCS1_SSLeay();
 265         if (meth1)
 266         {
 267                 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
 268                 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
 269         }
 270 #endif
 271
 272 #ifndef OPENSSL_NO_DSA
 273         /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
 274          * bits. */
 275         meth2 = DSA_OpenSSL();
 276         if (meth2)
 277         {
 278                 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
 279         }
 280 #endif
 281
 282 #ifndef OPENSSL_NO_DH
 283         /* Much the same for Diffie-Hellman */
 284         meth3 = DH_OpenSSL();
 285         if (meth3)
 286         {
 287                 surewarehk_dh.generate_key = meth3->generate_key;
 288                 surewarehk_dh.compute_key = meth3->compute_key;
 289         }
 290 #endif
 291
 292         /* Ensure the sureware error handling is set up */
 293         ERR_load_SUREWARE_strings();
 294         return 1;
 295 }
 296
 297 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 298 static int bind_helper(ENGINE *e, const char *id)
 299         {
 300         if(id && (strcmp(id, engine_sureware_id) != 0))
 301                 return 0;
 302         if(!bind_sureware(e))
 303                 return 0;
 304         return 1;
 305         }
 306 IMPLEMENT_DYNAMIC_CHECK_FN()
 307 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
 308 #else
 309 static ENGINE *engine_sureware(void)
 310         {
 311         ENGINE *ret = ENGINE_new();
 312         if(!ret)
 313                 return NULL;
 314         if(!bind_sureware(ret))
 315                 {
 316                 ENGINE_free(ret);
 317                 return NULL;
 318                 }
 319         return ret;
 320         }
 321
 322 void ENGINE_load_sureware(void)
 323         {
 324         /* Copied from eng_[openssl|dyn].c */
 325         ENGINE *toadd = engine_sureware();
 326         if(!toadd) return;
 327         ENGINE_add(toadd);
 328         ENGINE_free(toadd);
 329         ERR_clear_error();
 330         }
 331 #endif
 332
 333 /* This is a process-global DSO handle used for loading and unloading
 334  * the SureWareHook library. NB: This is only set (or unset) during an
 335  * init() or finish() call (reference counts permitting) and they're
 336  * operating with global locks, so this should be thread-safe
 337  * implicitly. */
 338 static DSO *surewarehk_dso = NULL;
 339 #ifndef OPENSSL_NO_RSA
 340 /* Index for KM handle.  Not really used yet. */
 341 static int rsaHndidx = -1;
 342 #endif
 343 #ifndef OPENSSL_NO_DSA
 344 /* Index for KM handle.  Not really used yet. */
 345 static int dsaHndidx = -1;
 346 #endif
 347
 348 /* These are the function pointers that are (un)set when the library has
 349  * successfully (un)loaded. */
 350 static SureWareHook_Init_t *p_surewarehk_Init = NULL;
 351 static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
 352 static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
 353 static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
 354 static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
 355 static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
 356 static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
 357 static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
 358 static SureWareHook_Free_t *p_surewarehk_Free=NULL;
 359 static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
 360 static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
 361 static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
 362 static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
 363
 364 /* Used in the DSO operations. */
 365 static const char *surewarehk_LIBNAME = "SureWareHook";
 366 static const char *n_surewarehk_Init = "SureWareHook_Init";
 367 static const char *n_surewarehk_Finish = "SureWareHook_Finish";
 368 static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
 369 static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
 370 static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
 371 static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
 372 static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
 373 static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
 374 static const char *n_surewarehk_Free="SureWareHook_Free";
 375 static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
 376 static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
 377 static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
 378 static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
 379 static BIO *logstream = NULL;
 380
 381 /* SureWareHook library functions and mechanics - these are used by the
 382  * higher-level functions further down. NB: As and where there's no
 383  * error checking, take a look lower down where these functions are
 384  * called, the checking and error handling is probably down there.
 385 */
 386 static int threadsafe=1;
 387 static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 388 {
 389         int to_return = 1;
 390
 391         switch(cmd)
 392         {
 393                 case ENGINE_CTRL_SET_LOGSTREAM:
 394                 {
 395                         BIO *bio = (BIO *)p;
 396                         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 397                         if (logstream)
 398                         {
 399                                 BIO_free(logstream);
 400                                 logstream = NULL;
 401                         }
 402                         if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
 403                                 logstream = bio;
 404                         else
 405                                 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
 406                 }
 407                 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 408                 break;
 409         /* This will prevent the initialisation function from "installing"
 410          * the mutex-handling callbacks, even if they are available from
 411          * within the library (or were provided to the library from the
 412          * calling application). This is to remove any baggage for
 413          * applications not using multithreading. */
 414         case ENGINE_CTRL_CHIL_NO_LOCKING:
 415                 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 416                 threadsafe = 0;
 417                 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 418                 break;
 419
 420         /* The command isn't understood by this engine */
 421         default:
 422                 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
 423                         ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
 424                 to_return = 0;
 425                 break;
 426                 }
 427
 428         return to_return;
 429 }
 430
 431 /* Destructor (complements the "ENGINE_surewarehk()" constructor) */
 432 static int surewarehk_destroy(ENGINE *e)
 433 {
 434         ERR_unload_SUREWARE_strings();
 435         return 1;
 436 }
 437
 438 /* (de)initialisation functions. */
 439 static int surewarehk_init(ENGINE *e)
 440 {
 441         char msg[64]="ENGINE_init";
 442         SureWareHook_Init_t *p1=NULL;
 443         SureWareHook_Finish_t *p2=NULL;
 444         SureWareHook_Rand_Bytes_t *p3=NULL;
 445         SureWareHook_Rand_Seed_t *p4=NULL;
 446         SureWareHook_Load_Privkey_t *p5=NULL;
 447         SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
 448         SureWareHook_Free_t *p7=NULL;
 449         SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
 450         SureWareHook_Rsa_Sign_t *p9=NULL;
 451         SureWareHook_Dsa_Sign_t *p12=NULL;
 452         SureWareHook_Info_Pubkey_t *p13=NULL;
 453         SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
 454         SureWareHook_Mod_Exp_t *p15=NULL;
 455
 456         if(surewarehk_dso != NULL)
 457         {
 458                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
 459                 goto err;
 460         }
 461         /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
 462         surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
 463         if(surewarehk_dso == NULL)
 464         {
 465                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
 466                 goto err;
 467         }
 468         if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
 469            !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
 470            !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
 471            !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
 472            !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
 473            !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
 474            !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
 475            !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
 476            !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
 477            !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
 478            !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
 479            !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
 480            !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
 481         {
 482                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
 483                 goto err;
 484         }
 485         /* Copy the pointers */
 486         p_surewarehk_Init = p1;
 487         p_surewarehk_Finish = p2;
 488         p_surewarehk_Rand_Bytes = p3;
 489         p_surewarehk_Rand_Seed = p4;
 490         p_surewarehk_Load_Privkey = p5;
 491         p_surewarehk_Load_Rsa_Pubkey = p6;
 492         p_surewarehk_Free = p7;
 493         p_surewarehk_Rsa_Priv_Dec = p8;
 494         p_surewarehk_Rsa_Sign = p9;
 495         p_surewarehk_Dsa_Sign = p12;
 496         p_surewarehk_Info_Pubkey = p13;
 497         p_surewarehk_Load_Dsa_Pubkey = p14;
 498         p_surewarehk_Mod_Exp = p15;
 499         /* Contact the hardware and initialises it. */
 500         if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
 501         {
 502                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
 503                 goto err;
 504         }
 505         if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
 506         {
 507                 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
 508                 goto err;
 509         }
 510         /* try to load the default private key, if failed does not return a failure but
 511            wait for an explicit ENGINE_load_privakey */
 512         surewarehk_load_privkey(e,NULL,NULL,NULL);
 513
 514         /* Everything's fine. */
 515 #ifndef OPENSSL_NO_RSA
 516         if (rsaHndidx == -1)
 517                 rsaHndidx = RSA_get_ex_new_index(0,
 518                                                 "SureWareHook RSA key handle",
 519                                                 NULL, NULL, surewarehk_ex_free);
 520 #endif
 521 #ifndef OPENSSL_NO_DSA
 522         if (dsaHndidx == -1)
 523                 dsaHndidx = DSA_get_ex_new_index(0,
 524                                                 "SureWareHook DSA key handle",
 525                                                 NULL, NULL, surewarehk_ex_free);
 526 #endif
 527
 528         return 1;
 529 err:
 530         if(surewarehk_dso)
 531                 DSO_free(surewarehk_dso);
 532         surewarehk_dso = NULL;
 533         p_surewarehk_Init = NULL;
 534         p_surewarehk_Finish = NULL;
 535         p_surewarehk_Rand_Bytes = NULL;
 536         p_surewarehk_Rand_Seed = NULL;
 537         p_surewarehk_Load_Privkey = NULL;
 538         p_surewarehk_Load_Rsa_Pubkey = NULL;
 539         p_surewarehk_Free = NULL;
 540         p_surewarehk_Rsa_Priv_Dec = NULL;
 541         p_surewarehk_Rsa_Sign = NULL;
 542         p_surewarehk_Dsa_Sign = NULL;
 543         p_surewarehk_Info_Pubkey = NULL;
 544         p_surewarehk_Load_Dsa_Pubkey = NULL;
 545         p_surewarehk_Mod_Exp = NULL;
 546         return 0;
 547 }
 548
 549 static int surewarehk_finish(ENGINE *e)
 550 {
 551         int to_return = 1;
 552         if(surewarehk_dso == NULL)
 553                 {
 554                 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
 555                 to_return = 0;
 556                 goto err;
 557                 }
 558         p_surewarehk_Finish();
 559         if(!DSO_free(surewarehk_dso))
 560                 {
 561                 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
 562                 to_return = 0;
 563                 goto err;
 564                 }
 565  err:
 566         if (logstream)
 567                 BIO_free(logstream);
 568         surewarehk_dso = NULL;
 569         p_surewarehk_Init = NULL;
 570         p_surewarehk_Finish = NULL;
 571         p_surewarehk_Rand_Bytes = NULL;
 572         p_surewarehk_Rand_Seed = NULL;
 573         p_surewarehk_Load_Privkey = NULL;
 574         p_surewarehk_Load_Rsa_Pubkey = NULL;
 575         p_surewarehk_Free = NULL;
 576         p_surewarehk_Rsa_Priv_Dec = NULL;
 577         p_surewarehk_Rsa_Sign = NULL;
 578         p_surewarehk_Dsa_Sign = NULL;
 579         p_surewarehk_Info_Pubkey = NULL;
 580         p_surewarehk_Load_Dsa_Pubkey = NULL;
 581         p_surewarehk_Mod_Exp = NULL;
 582         return to_return;
 583 }
 584
 585 static void surewarehk_error_handling(char *const msg,int func,int ret)
 586 {
 587         switch (ret)
 588         {
 589                 case SUREWAREHOOK_ERROR_UNIT_FAILURE:
 590                         ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
 591                         break;
 592                 case SUREWAREHOOK_ERROR_FALLBACK:
 593                         ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
 594                         break;
 595                 case SUREWAREHOOK_ERROR_DATA_SIZE:
 596                         ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
 597                         break;
 598                 case SUREWAREHOOK_ERROR_INVALID_PAD:
 599                         ENGINEerr(func,SUREWARE_R_PADDING_CHECK_FAILED);
 600                         break;
 601                 default:
 602                         ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
 603                         break;
 604                 case 1:/*nothing*/
 605                         msg[0]='\0';
 606         }
 607         if (*msg)
 608         {
 609                 ERR_add_error_data(1,msg);
 610                 if (logstream)
 611                 {
 612                         CRYPTO_w_lock(CRYPTO_LOCK_BIO);
 613                         BIO_write(logstream, msg, strlen(msg));
 614                         CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
 615                 }
 616         }
 617 }
 618
 619 static int surewarehk_rand_bytes(unsigned char *buf, int num)
 620 {
 621         int ret=0;
 622         char msg[64]="ENGINE_rand_bytes";
 623         if(!p_surewarehk_Rand_Bytes)
 624         {
 625                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
 626         }
 627         else
 628         {
 629                 ret = p_surewarehk_Rand_Bytes(msg,buf, num);
 630                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
 631         }
 632         return ret==1 ? 1 : 0;
 633 }
 634
 635 static int surewarehk_rand_seed(const void *buf, int num)
 636 {
 637         int ret=0;
 638         char msg[64]="ENGINE_rand_seed";
 639         if(!p_surewarehk_Rand_Seed)
 640         {
 641                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
 642                 return 0;
 643         }
 644         else
 645         {
 646                 ret = p_surewarehk_Rand_Seed(msg,buf, num);
 647                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
 648                 if (ret == 1)
 649                         return 1;
 650                 else
 651                         return 0;
 652         }
 653 }
 654
 655 static int surewarehk_rand_add(const void *buf, int num, double entropy)
 656 {
 657         return surewarehk_rand_seed(buf,num);
 658 }
 659
 660 static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
 661 {
 662         EVP_PKEY *res = NULL;
 663 #ifndef OPENSSL_NO_RSA
 664         RSA *rsatmp = NULL;
 665 #endif
 666 #ifndef OPENSSL_NO_DSA
 667         DSA *dsatmp=NULL;
 668 #endif
 669         char msg[64]="sureware_load_public";
 670         int ret=0;
 671         if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
 672         {
 673                 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
 674                 goto err;
 675         }
 676         switch (keytype)
 677         {
 678 #ifndef OPENSSL_NO_RSA
 679         case 1: /*RSA*/
 680                 /* set private external reference */
 681                 rsatmp = RSA_new_method(e);
 682                 RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
 683                 rsatmp->flags |= RSA_FLAG_EXT_PKEY;
 684
 685                 /* set public big nums*/
 686                 rsatmp->e = BN_new();
 687                 rsatmp->n = BN_new();
 688                 bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
 689                 bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
 690                 if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
 691                         !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
 692                         goto err;
 693                 ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
 694                                                  (unsigned long *)rsatmp->n->d,
 695                                                  (unsigned long *)rsatmp->e->d);
 696                 surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
 697                 if (ret!=1)
 698                 {
 699                         SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 700                         goto err;
 701                 }
 702                 /* normalise pub e and pub n */
 703                 rsatmp->e->top=el/sizeof(BN_ULONG);
 704                 bn_fix_top(rsatmp->e);
 705                 rsatmp->n->top=el/sizeof(BN_ULONG);
 706                 bn_fix_top(rsatmp->n);
 707                 /* create an EVP object: engine + rsa key */
 708                 res = EVP_PKEY_new();
 709                 EVP_PKEY_assign_RSA(res, rsatmp);
 710                 break;
 711 #endif
 712
 713 #ifndef OPENSSL_NO_DSA
 714         case 2:/*DSA*/
 715                 /* set private/public external reference */
 716                 dsatmp = DSA_new_method(e);
 717                 DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
 718                 /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
 719
 720                 /* set public key*/
 721                 dsatmp->pub_key = BN_new();
 722                 dsatmp->p = BN_new();
 723                 dsatmp->q = BN_new();
 724                 dsatmp->g = BN_new();
 725                 bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
 726                 bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
 727                 bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
 728                 bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
 729                 if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
 730                         !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
 731                         !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
 732                         !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
 733                         goto err;
 734
 735                 ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
 736                                                  (unsigned long *)dsatmp->pub_key->d,
 737                                                  (unsigned long *)dsatmp->p->d,
 738                                                  (unsigned long *)dsatmp->q->d,
 739                                                  (unsigned long *)dsatmp->g->d);
 740                 surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
 741                 if (ret!=1)
 742                 {
 743                         SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 744                         goto err;
 745                 }
 746                 /* set parameters */
 747                 /* normalise pubkey and parameters in case of */
 748                 dsatmp->pub_key->top=el/sizeof(BN_ULONG);
 749                 bn_fix_top(dsatmp->pub_key);
 750                 dsatmp->p->top=el/sizeof(BN_ULONG);
 751                 bn_fix_top(dsatmp->p);
 752                 dsatmp->q->top=20/sizeof(BN_ULONG);
 753                 bn_fix_top(dsatmp->q);
 754                 dsatmp->g->top=el/sizeof(BN_ULONG);
 755                 bn_fix_top(dsatmp->g);
 756
 757                 /* create an EVP object: engine + rsa key */
 758                 res = EVP_PKEY_new();
 759                 EVP_PKEY_assign_DSA(res, dsatmp);
 760                 break;
 761 #endif
 762
 763         default:
 764                 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
 765                 goto err;
 766         }
 767         return res;
 768  err:
 769 #ifndef OPENSSL_NO_RSA
 770         if (rsatmp)
 771                 RSA_free(rsatmp);
 772 #endif
 773 #ifndef OPENSSL_NO_DSA
 774         if (dsatmp)
 775                 DSA_free(dsatmp);
 776 #endif
 777         return NULL;
 778 }
 779
 780 static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
 781                                          UI_METHOD *ui_method, void *callback_data)
 782 {
 783         EVP_PKEY *res = NULL;
 784         int ret=0;
 785         unsigned long el=0;
 786         char *hptr=NULL;
 787         char keytype=0;
 788         char msg[64]="ENGINE_load_privkey";
 789
 790         if(!p_surewarehk_Load_Privkey)
 791         {
 792                 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_NOT_INITIALISED);
 793         }
 794         else
 795         {
 796                 ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
 797                 if (ret!=1)
 798                 {
 799                         SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
 800                         ERR_add_error_data(1,msg);
 801                 }
 802                 else
 803                         res=sureware_load_public(e,key_id,hptr,el,keytype);
 804         }
 805         return res;
 806 }
 807
 808 static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
 809                                          UI_METHOD *ui_method, void *callback_data)
 810 {
 811         EVP_PKEY *res = NULL;
 812         int ret=0;
 813         unsigned long el=0;
 814         char *hptr=NULL;
 815         char keytype=0;
 816         char msg[64]="ENGINE_load_pubkey";
 817
 818         if(!p_surewarehk_Info_Pubkey)
 819         {
 820                 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_NOT_INITIALISED);
 821         }
 822         else
 823         {
 824                 /* call once to identify if DSA or RSA */
 825                 ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
 826                 if (ret!=1)
 827                 {
 828                         SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 829                         ERR_add_error_data(1,msg);
 830                 }
 831                 else
 832                         res=sureware_load_public(e,key_id,hptr,el,keytype);
 833         }
 834         return res;
 835 }
 836
 837 /* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
 838 , called when ex_data is freed */
 839 static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 840         int idx,long argl, void *argp)
 841 {
 842         if(!p_surewarehk_Free)
 843         {
 844                 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
 845         }
 846         else
 847                 p_surewarehk_Free((char *)item,0);
 848 }
 849
 850 #if 0
 851 /* not currently used (bug?) */
 852 /* This cleans up an DH KM key (destroys the key into hardware),
 853 called when ex_data is freed */
 854 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 855         int idx,long argl, void *argp)
 856 {
 857         if(!p_surewarehk_Free)
 858         {
 859                 SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,ENGINE_R_NOT_INITIALISED);
 860         }
 861         else
 862                 p_surewarehk_Free((char *)item,1);
 863 }
 864 #endif
 865
 866 /*
 867 * return number of decrypted bytes
 868 */
 869 #ifndef OPENSSL_NO_RSA
 870 static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
 871                         RSA *rsa,int padding)
 872 {
 873         int ret=0,tlen;
 874         char *buf=NULL,*hptr=NULL;
 875         char msg[64]="ENGINE_rsa_priv_dec";
 876         if (!p_surewarehk_Rsa_Priv_Dec)
 877         {
 878                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
 879         }
 880         /* extract ref to private key */
 881         else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
 882         {
 883                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
 884                 goto err;
 885         }
 886         /* analyse what padding we can do into the hardware */
 887         if (padding==RSA_PKCS1_PADDING)
 888         {
 889                 /* do it one shot */
 890                 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
 891                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
 892                 if (ret!=1)
 893                         goto err;
 894                 ret=tlen;
 895         }
 896         else /* do with no padding into hardware */
 897         {
 898                 ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
 899                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
 900                 if (ret!=1)
 901                         goto err;
 902                 /* intermediate buffer for padding */
 903                 if ((buf=OPENSSL_malloc(tlen)) == NULL)
 904                 {
 905                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
 906                         goto err;
 907                 }
 908                 memcpy(buf,to,tlen);/* transfert to into buf */
 909                 switch (padding) /* check padding in software */
 910                 {
 911 #ifndef OPENSSL_NO_SHA
 912                 case RSA_PKCS1_OAEP_PADDING:
 913                         ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
 914                         break;
 915 #endif
 916                 case RSA_SSLV23_PADDING:
 917                         ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
 918                         break;
 919                 case RSA_NO_PADDING:
 920                         ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
 921                         break;
 922                 default:
 923                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE);
 924                         goto err;
 925                 }
 926                 if (ret < 0)
 927                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED);
 928         }
 929 err:
 930         if (buf)
 931         {
 932                 OPENSSL_cleanse(buf,tlen);
 933                 OPENSSL_free(buf);
 934         }
 935         return ret;
 936 }
 937
 938 /*
 939 * Does what OpenSSL rsa_priv_enc does.
 940 */
 941 static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
 942                             RSA *rsa,int padding)
 943 {
 944         int ret=0,tlen;
 945         char *hptr=NULL;
 946         char msg[64]="ENGINE_rsa_sign";
 947         if (!p_surewarehk_Rsa_Sign)
 948         {
 949                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED);
 950         }
 951         /* extract ref to private key */
 952         else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
 953         {
 954                 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
 955         }
 956         else
 957         {
 958                 switch (padding)
 959                 {
 960                 case RSA_PKCS1_PADDING: /* do it in one shot */
 961                         ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
 962                         surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret);
 963                         break;
 964                 case RSA_NO_PADDING:
 965                 default:
 966                         SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE);
 967                 }
 968         }
 969         return ret==1 ? tlen : ret;
 970 }
 971
 972 #endif
 973
 974 #ifndef OPENSSL_NO_DSA
 975 /* DSA sign and verify */
 976 static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
 977 {
 978         int ret=0;
 979         char *hptr=NULL;
 980         DSA_SIG *psign=NULL;
 981         char msg[64]="ENGINE_dsa_do_sign";
 982         if (!p_surewarehk_Dsa_Sign)
 983         {
 984                 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
 985                 goto err;
 986         }
 987         /* extract ref to private key */
 988         else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
 989         {
 990                 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
 991                 goto err;
 992         }
 993         else
 994         {
 995                 if((psign = DSA_SIG_new()) == NULL)
 996                 {
 997                         SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
 998                         goto err;
 999                 }
1000                 psign->r=BN_new();
1001                 psign->s=BN_new();
1002                 bn_expand2(psign->r, 20/sizeof(BN_ULONG));
1003                 bn_expand2(psign->s, 20/sizeof(BN_ULONG));
1004                 if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
1005                         !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
1006                         goto err;
1007                 ret=p_surewarehk_Dsa_Sign(msg,flen,from,
1008                                           (unsigned long *)psign->r->d,
1009                                           (unsigned long *)psign->s->d,
1010                                           hptr);
1011                 surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
1012         }
1013         psign->r->top=20/sizeof(BN_ULONG);
1014         bn_fix_top(psign->r);
1015         psign->s->top=20/sizeof(BN_ULONG);
1016         bn_fix_top(psign->s);
1017
1018 err:
1019         if (psign)
1020         {
1021                 DSA_SIG_free(psign);
1022                 psign=NULL;
1023         }
1024         return psign;
1025 }
1026 #endif
1027
1028 static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1029                              const BIGNUM *m, BN_CTX *ctx)
1030 {
1031         int ret=0;
1032         char msg[64]="ENGINE_modexp";
1033         if (!p_surewarehk_Mod_Exp)
1034         {
1035                 SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP,ENGINE_R_NOT_INITIALISED);
1036         }
1037         else
1038         {
1039                 bn_expand2(r,m->top);
1040                 if (r && r->dmax==m->top)
1041                 {
1042                         /* do it*/
1043                         ret=p_surewarehk_Mod_Exp(msg,
1044                                                  m->top*sizeof(BN_ULONG),
1045                                                  (unsigned long *)m->d,
1046                                                  p->top*sizeof(BN_ULONG),
1047                                                  (unsigned long *)p->d,
1048                                                  a->top*sizeof(BN_ULONG),
1049                                                  (unsigned long *)a->d,
1050                                                  (unsigned long *)r->d);
1051                         surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MODEXP,ret);
1052                         if (ret==1)
1053                         {
1054                                 /* normalise result */
1055                                 r->top=m->top;
1056                                 bn_fix_top(r);
1057                         }
1058                 }
1059         }
1060         return ret;
1061 }
1062 #endif /* !OPENSSL_NO_HW_SUREWARE */
1063 #endif /* !OPENSSL_NO_HW */