Backport of password based CMS support from HEAD.

[openssl.git] / crypto / engine / eng_cryptodev.c

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 76a169d17bb7aed1bb3e42838e4e4c8001c166f3..52f4ca39019851b33d58e6201f0438d559aeb223 100644 (file)
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -32,7 +32,7 @@
 #include <openssl/bn.h>
 
 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-       (defined(OpenBSD) || defined(__FreeBSD_version))
+       (defined(OpenBSD) || defined(__FreeBSD__))
 #include <sys/param.h>
 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
 #  define HAVE_CRYPTODEV
@@ -55,6 +55,10 @@ ENGINE_load_cryptodev(void)
  
 #include <sys/types.h>
 #include <crypto/cryptodev.h>
+#include <crypto/dh/dh.h>
+#include <crypto/dsa/dsa.h>
+#include <crypto/err/err.h>
+#include <crypto/rsa/rsa.h>
 #include <sys/ioctl.h>
 #include <errno.h>
 #include <stdio.h>
@@ -86,7 +90,9 @@ static int get_asym_dev_crypto(void);
 static int open_dev_crypto(void);
 static int get_dev_crypto(void);
 static int get_cryptodev_ciphers(const int **cnids);
+#ifdef USE_CRYPTODEV_DIGESTS
 static int get_cryptodev_digests(const int **cnids);
+#endif
 static int cryptodev_usable_ciphers(const int **nids);
 static int cryptodev_usable_digests(const int **nids);
 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -124,7 +130,7 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
 static int cryptodev_dh_compute_key(unsigned char *key,
     const BIGNUM *pub_key, DH *dh);
 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-    void (*f)());
+    void (*f)(void));
 void ENGINE_load_cryptodev(void);
 
 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
@@ -149,6 +155,7 @@ static struct {
        { 0,                            NID_undef,              0,       0, },
 };
 
+#ifdef USE_CRYPTODEV_DIGESTS
 static struct {
        int     id;
        int     nid;
@@ -163,6 +170,7 @@ static struct {
        { CRYPTO_SHA1,                  NID_sha1,               20},
        { 0,                            NID_undef,              0},
 };
+#endif
 
 /*
  * Return a fd if /dev/crypto seems usable, 0 otherwise.
@@ -253,6 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
        return (count);
 }
 
+#ifdef USE_CRYPTODEV_DIGESTS
 /*
  * Find out what digests /dev/crypto will let us have a session for.
  * XXX note, that some of these openssl doesn't deal with yet!
@@ -290,6 +299,7 @@ get_cryptodev_digests(const int **cnids)
                *cnids = NULL;
        return (count);
 }
+#endif  /* 0 */
 
 /*
  * Find the useable ciphers|digests from dev/crypto - this is the first
@@ -348,7 +358,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        struct crypt_op cryp;
        struct dev_crypto_state *state = ctx->cipher_data;
        struct session_op *sess = &state->d_sess;
-       void *iiv;
+       const void *iiv;
        unsigned char save_iv[EVP_MAX_IV_LENGTH];
 
        if (state->d_fd < 0)
@@ -372,7 +382,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        if (ctx->cipher->iv_len) {
                cryp.iv = (caddr_t) ctx->iv;
                if (!ctx->encrypt) {
-                       iiv = (void *) in + inl - ctx->cipher->iv_len;
+                       iiv = in + inl - ctx->cipher->iv_len;
                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
                }
        } else
@@ -387,7 +397,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
        if (ctx->cipher->iv_len) {
                if (ctx->encrypt)
-                       iiv = (void *) out + inl - ctx->cipher->iv_len;
+                       iiv = out + inl - ctx->cipher->iv_len;
                else
                        iiv = save_iv;
                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
@@ -401,7 +411,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
        struct dev_crypto_state *state = ctx->cipher_data;
        struct session_op *sess = &state->d_sess;
-       int cipher, i;
+       int cipher = -1, i;
 
        for (i = 0; ciphers[i].id; i++)
                if (ctx->cipher->nid == ciphers[i].nid &&
@@ -1007,10 +1017,18 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
        kop.crk_iparams = 3;
 
-       if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+       if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+               printf("OCF asym process failed, Running in software\n");
+               ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+
+       } else if (ECANCELED == kop.crk_status) {
+               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+               printf("OCF hardware operation cancelled. Running in Software\n");
                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
        }
+       /* else cryptodev operation worked ok ==> ret = 1*/
+
 err:
        zapparams(&kop);
        return (ret);
@@ -1054,10 +1072,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                goto err;
        kop.crk_iparams = 6;
 
-       if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+       if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+               printf("OCF asym process failed, running in Software\n");
+               ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+
+       } else if (ECANCELED == kop.crk_status) {
                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+               printf("OCF hardware operation cancelled. Running in Software\n");
                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
        }
+       /* else cryptodev operation worked ok ==> ret = 1*/
+
 err:
        zapparams(&kop);
        return (ret);
@@ -1193,7 +1219,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
        kop.crk_iparams = 7;
 
        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-               dsaret = kop.crk_status;
+/*OCF success value is 0, if not zero, change dsaret to fail*/
+               if(0 != kop.crk_status) dsaret  = 0;
        } else {
                const DSA_METHOD *meth = DSA_OpenSSL();
 
@@ -1284,7 +1311,7 @@ static DH_METHOD cryptodev_dh = {
  * but I expect we'll want some options soon.
  */
 static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 {
 #ifdef HAVE_SYSLOG_R
        struct syslog_data sd = SYSLOG_DATA_INIT;