Add -no_resumption_on_reneg to SSL_CONF.

[openssl.git] / engines / e_ubsec.c

diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c
index 5aa29f1c5361a0ef69508658f55308cb36a86a84..aa5709bd8cf5912cf0fa4856d4a45497e5bbd73a 100644 (file)
--- a/engines/e_ubsec.c
+++ b/engines/e_ubsec.c
@@ -64,6 +64,16 @@
 #include <openssl/buffer.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_UBSEC
@@ -85,14 +95,14 @@ static int ubsec_finish(ENGINE *e);
 static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
 static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
 static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                        const BIGNUM *q, const BIGNUM *dp,
                        const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
 static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
 #ifndef OPENSSL_NO_DSA
 #ifdef NOT_USED
 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
@@ -292,10 +302,10 @@ static t_UBSEC_diffie_hellman_generate_ioctl
        *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
 static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
 #endif
-/* #ifndef OPENSSL_NO_RSA */
+#ifndef OPENSSL_NO_RSA
 static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
 static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-/* #endif */
+#endif
 #ifndef OPENSSL_NO_DSA
 static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
 static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
@@ -459,6 +469,7 @@ static int ubsec_init(ENGINE *e)
 err:
        if(ubsec_dso)
                DSO_free(ubsec_dso);
+       ubsec_dso = NULL;
        p_UBSEC_ubsec_bytes_to_bits = NULL;
        p_UBSEC_ubsec_bits_to_bytes = NULL;
        p_UBSEC_ubsec_open = NULL;
@@ -569,7 +580,7 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                fd = 0;
-               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
                 return BN_mod_exp(r, a, p, m, ctx);
        }
 
@@ -613,33 +624,30 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 err:
        return to_return;
        }
-#endif
 
 static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                        const BIGNUM *q, const BIGNUM *dp,
                        const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
        {
        int     y_len,
-               m_len,
                fd;
 
-       m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
        y_len = BN_num_bits(p) + BN_num_bits(q);
 
        /* Check if hardware can't handle this argument. */
        if (y_len > max_key_len) {
-               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
                return FAIL_TO_SOFTWARE;
        } 
 
        if (!bn_wexpand(r, p->top + q->top + 1)) {
-               UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
                return 0;
        }
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                fd = 0;
-               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
                return FAIL_TO_SOFTWARE;
        }
 
@@ -651,7 +659,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                (unsigned char *)dq->d, BN_num_bits(dq),
                (unsigned char *)q->d, BN_num_bits(q),
                (unsigned char *)r->d,  &y_len) != 0) {
-               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
                 p_UBSEC_ubsec_close(fd);
                return FAIL_TO_SOFTWARE;
        }
@@ -661,6 +669,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
        return 1;
 }
+#endif
 
 #ifndef OPENSSL_NO_DSA
 #ifdef NOT_USED
@@ -693,6 +702,8 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
 #endif
 #endif
 
+#ifndef OPENSSL_NO_RSA
+
 /*
  * This function is aliased to mod_exp (with the mont stuff dropped).
  */
@@ -701,7 +712,6 @@ static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
         {
        int ret = 0;
 
-#ifndef OPENSSL_NO_RSA
        /* Do in software if the key is too large for the hardware. */
        if (BN_num_bits(m) > max_key_len)
                 {
@@ -709,13 +719,13 @@ static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
                 }
         else
-#endif
                 {
                ret = ubsec_mod_exp(r, a, p, m, ctx);
                 }
        
        return ret;
         }
+#endif
 
 #ifndef OPENSSL_NO_DH
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
@@ -745,19 +755,19 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
         if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
                   (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
-               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        }
 
        if (BN_bin2bn(dgst,dlen,&m) == NULL) {
-               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        } 
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                 const DSA_METHOD *meth;
                fd = 0;
-               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
                 meth = DSA_OpenSSL();
                 to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
                goto err;
@@ -774,7 +784,7 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                (unsigned char *)s->d, &s_len ) != 0) {
                 const DSA_METHOD *meth;
 
-               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
+               UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
                 p_UBSEC_ubsec_close(fd);
                 meth = DSA_OpenSSL();
                 to_return = meth->dsa_do_sign(dgst, dlen, dsa);
@@ -789,7 +799,7 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
        to_return = DSA_SIG_new();
        if(to_return == NULL) {
-               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        }
 
@@ -811,12 +821,12 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
        int v_len, d_len;
        int to_return = 0;
        int fd;
-       BIGNUM v;
+       BIGNUM v, *pv = &v;
 
        BN_init(&v);
 
-       if(!bn_wexpand(&v, dsa->p->top)) {
-               UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
+       if(!bn_wexpand(pv, dsa->p->top)) {
+               UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        }
 
@@ -827,7 +837,7 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                 const DSA_METHOD *meth;
                fd = 0;
-               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
                 meth = DSA_OpenSSL();
                 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
                goto err;
@@ -843,7 +853,7 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
                (unsigned char *)sig->s->d, BN_num_bits(sig->s),
                (unsigned char *)v.d, &v_len) != 0) {
                 const DSA_METHOD *meth;
-               UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
+               UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
                 p_UBSEC_ubsec_close(fd);
 
                 meth = DSA_OpenSSL();
@@ -862,7 +872,7 @@ err:
 #endif
 
 #ifndef OPENSSL_NO_DH
-static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
+static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
         {
         int      ret      = -1,
                  k_len,
@@ -873,7 +883,7 @@ static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh
         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
                 {
                 const DH_METHOD *meth;
-                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
                 meth = DH_OpenSSL();
                 ret = meth->compute_key(key, pub_key, dh);
                 goto err;
@@ -887,7 +897,7 @@ static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh
                 {
                 /* Hardware's a no go, failover to software */
                 const DH_METHOD *meth;
-                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
                 p_UBSEC_ubsec_close(fd);
 
                 meth = DH_OpenSSL();
@@ -903,7 +913,7 @@ err:
         return ret;
         }
 
-static int ubsec_dh_generate_key (DH *dh)
+static int ubsec_dh_generate_key(DH *dh)
         {
         int      ret               = 0,
                  random_bits       = 0,
@@ -923,7 +933,7 @@ static int ubsec_dh_generate_key (DH *dh)
                 priv_key = BN_new();
                 if (priv_key == NULL) goto err;
                 priv_key_len = BN_num_bits(dh->p);
-                bn_wexpand(priv_key, dh->p->top);
+                if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err;
                 do
                         if (!BN_rand_range(priv_key, dh->p)) goto err;
                 while (BN_is_zero(priv_key));
@@ -938,7 +948,7 @@ static int ubsec_dh_generate_key (DH *dh)
                 {
                 pub_key = BN_new();
                 pub_key_len = BN_num_bits(dh->p);
-                bn_wexpand(pub_key, dh->p->top);
+                if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err;
                 if(pub_key == NULL) goto err;
                 }
         else
@@ -949,7 +959,7 @@ static int ubsec_dh_generate_key (DH *dh)
         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
                 {
                 const DH_METHOD *meth;
-                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
                 meth = DH_OpenSSL();
                 ret = meth->generate_key(dh);
                 goto err;
@@ -965,7 +975,7 @@ static int ubsec_dh_generate_key (DH *dh)
                 /* Hardware's a no go, failover to software */
                 const DH_METHOD *meth;
 
-                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
                 p_UBSEC_ubsec_close(fd);
 
                 meth = DH_OpenSSL();
@@ -997,7 +1007,7 @@ static int ubsec_rand_bytes(unsigned char * buf,
         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
                 {
                 const RAND_METHOD *meth;
-                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
                 num = p_UBSEC_ubsec_bits_to_bytes(num);
                 meth = RAND_SSLeay();
                 meth->seed(buf, num);
@@ -1015,7 +1025,7 @@ static int ubsec_rand_bytes(unsigned char * buf,
                 /* Hardware's a no go, failover to software */
                 const RAND_METHOD *meth;
 
-                ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
+                UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
                 p_UBSEC_ubsec_close(fd);
 
                 num = p_UBSEC_ubsec_bits_to_bytes(num);