#include <openssl/pem.h>
#include "cryptlib.h"
#include <openssl/dso.h>
-#include "engine_int.h"
#include <openssl/engine.h>
#ifndef OPENSSL_NO_HW
#include "vendor_defns/hwcryptohook.h"
#endif
-static int hwcrhk_init(void);
-static int hwcrhk_finish(void);
-static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)());
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
/* Functions to handle mutexes */
static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
static int hwcrhk_rand_status(void);
/* KM stuff */
-static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
const char *passphrase);
-static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id,
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
const char *passphrase);
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int ind,long argl, void *argp);
HWCryptoHook_CallerContext *cactx);
static void hwcrhk_log_message(void *logstr, const char *message);
+/* The definitions for control commands specific to this engine */
+#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
+#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
+#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+ {HWCRHK_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'hwcrhk' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {HWCRHK_CMD_FORK_CHECK,
+ "FORK_CHECK",
+ "Turns fork() checking on or off (boolean)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {HWCRHK_CMD_THREAD_LOCKING,
+ "THREAD_LOCKING",
+ "Turns thread-safe locking on or off (boolean)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {0, NULL, NULL, 0}
+ };
+
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD hwcrhk_rsa =
{
hwcrhk_rand_status,
};
-/* Our ENGINE structure. */
-static ENGINE engine_hwcrhk =
- {
- "chil",
- "nCipher hardware engine support",
- &hwcrhk_rsa,
- NULL,
- &hwcrhk_dh,
- &hwcrhk_rand,
- hwcrhk_mod_exp,
- NULL,
- hwcrhk_init,
- hwcrhk_finish,
- hwcrhk_ctrl,
- hwcrhk_load_privkey,
- hwcrhk_load_pubkey,
- 0, /* no flags */
- 0, 0, /* no references */
- NULL, NULL /* unlinked */
- };
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "nCipher hardware engine support";
/* Internal stuff for HWCryptoHook */
{
const RSA_METHOD *meth1;
const DH_METHOD *meth2;
+ ENGINE *ret = ENGINE_new();
+ if(!ret)
+ return NULL;
+ if(!ENGINE_set_id(ret, engine_hwcrhk_id) ||
+ !ENGINE_set_name(ret, engine_hwcrhk_name) ||
+ !ENGINE_set_RSA(ret, &hwcrhk_rsa) ||
+ !ENGINE_set_DH(ret, &hwcrhk_dh) ||
+ !ENGINE_set_RAND(ret, &hwcrhk_rand) ||
+ !ENGINE_set_BN_mod_exp(ret, hwcrhk_mod_exp) ||
+ !ENGINE_set_init_function(ret, hwcrhk_init) ||
+ !ENGINE_set_finish_function(ret, hwcrhk_finish) ||
+ !ENGINE_set_ctrl_function(ret, hwcrhk_ctrl) ||
+ !ENGINE_set_load_privkey_function(ret, hwcrhk_load_privkey) ||
+ !ENGINE_set_load_pubkey_function(ret, hwcrhk_load_pubkey) ||
+ !ENGINE_set_cmd_defns(ret, hwcrhk_cmd_defns))
+ {
+ ENGINE_free(ret);
+ return NULL;
+ }
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
meth2 = DH_OpenSSL();
hwcrhk_dh.generate_key = meth2->generate_key;
hwcrhk_dh.compute_key = meth2->compute_key;
- return &engine_hwcrhk;
+ return ret;
}
/* This is a process-global DSO handle used for loading and unloading
static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
/* Used in the DSO operations. */
-static const char *HWCRHK_LIBNAME = "nfhwcrhk";
+static const char def_HWCRHK_LIBNAME[] = "nfhwcrhk";
+static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME;
static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
}
/* (de)initialisation functions. */
-static int hwcrhk_init(void)
+static int hwcrhk_init(ENGINE *e)
{
HWCryptoHook_Init_t *p1;
HWCryptoHook_Finish_t *p2;
return 0;
}
-static int hwcrhk_finish(void)
+static int hwcrhk_finish(ENGINE *e)
{
int to_return = 1;
if(hwcrhk_dso == NULL)
return to_return;
}
-static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
{
int to_return = 1;
switch(cmd)
{
+ case HWCRHK_CMD_SO_PATH:
+ if(hwcrhk_dso)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_ALREADY_LOADED);
+ return 0;
+ }
+ if(p == NULL)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ HWCRHK_LIBNAME = (const char *)p;
+ return 1;
case ENGINE_CTRL_SET_LOGSTREAM:
{
BIO *bio = (BIO *)p;
/* this enables or disables the "SimpleForkCheck" flag used in the
* initialisation structure. */
case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+ case HWCRHK_CMD_FORK_CHECK:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(i)
hwcrhk_globals.flags |=
disable_mutex_callbacks = 1;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
break;
+ case HWCRHK_CMD_THREAD_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
/* The command isn't understood by this engine */
default:
return to_return;
}
-static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
const char *passphrase)
{
RSA *rtmp = NULL;
ENGINE_R_NO_KEY);
goto err;
}
- rtmp = RSA_new_method(&engine_hwcrhk);
+ rtmp = RSA_new_method(eng);
RSA_set_ex_data(rtmp, hndidx, (char *)hptr);
rtmp->e = BN_new();
rtmp->n = BN_new();
return NULL;
}
-static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+ const char *passphrase)
{
- EVP_PKEY *res = hwcrhk_load_privkey(key_id, passphrase);
+ EVP_PKEY *res = hwcrhk_load_privkey(eng, key_id, passphrase);
if (res)
switch(res->type)