|
 |
c4366c |
diff -up openssl-fips-0.9.8e/engines/e_chil.c.chil openssl-fips-0.9.8e/engines/e_chil.c
|
|
|
c4366c |
--- openssl-fips-0.9.8e/engines/e_chil.c.chil 2005-07-16 13:13:08.000000000 +0200
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/engines/e_chil.c 2011-04-04 16:35:45.000000000 +0200
|
|
|
c4366c |
@@ -116,6 +116,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r,
|
|
|
c4366c |
/* This function is aliased to mod_exp (with the mont stuff dropped). */
|
|
|
c4366c |
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
|
c4366c |
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
|
|
c4366c |
+static int hwcrhk_rsa_finish(RSA *rsa);
|
|
|
c4366c |
#endif
|
|
|
c4366c |
|
|
|
c4366c |
#ifndef OPENSSL_NO_DH
|
|
|
c4366c |
@@ -135,10 +136,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
|
|
|
c4366c |
UI_METHOD *ui_method, void *callback_data);
|
|
|
c4366c |
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
|
|
|
c4366c |
UI_METHOD *ui_method, void *callback_data);
|
|
|
c4366c |
-#ifndef OPENSSL_NO_RSA
|
|
|
c4366c |
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
|
|
|
c4366c |
- int ind,long argl, void *argp);
|
|
|
c4366c |
-#endif
|
|
|
c4366c |
|
|
|
c4366c |
/* Interaction stuff */
|
|
|
c4366c |
static int hwcrhk_insert_card(const char *prompt_info,
|
|
|
c4366c |
@@ -193,7 +190,7 @@ static RSA_METHOD hwcrhk_rsa =
|
|
|
c4366c |
hwcrhk_rsa_mod_exp,
|
|
|
c4366c |
hwcrhk_mod_exp_mont,
|
|
|
c4366c |
NULL,
|
|
|
c4366c |
- NULL,
|
|
|
c4366c |
+ hwcrhk_rsa_finish,
|
|
|
c4366c |
0,
|
|
|
c4366c |
NULL,
|
|
|
c4366c |
NULL,
|
|
|
c4366c |
@@ -589,12 +586,6 @@ static int hwcrhk_init(ENGINE *e)
|
|
|
c4366c |
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
|
|
|
c4366c |
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
|
|
|
c4366c |
}
|
|
|
c4366c |
- else if (CRYPTO_get_locking_callback() != NULL)
|
|
|
c4366c |
- {
|
|
|
c4366c |
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
|
|
|
c4366c |
- ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
|
|
|
c4366c |
- goto err;
|
|
|
c4366c |
- }
|
|
|
c4366c |
}
|
|
|
c4366c |
|
|
|
c4366c |
/* Try and get a context - if not, we may have a DSO but no
|
|
|
c4366c |
@@ -609,7 +600,7 @@ static int hwcrhk_init(ENGINE *e)
|
|
|
c4366c |
if (hndidx_rsa == -1)
|
|
|
c4366c |
hndidx_rsa = RSA_get_ex_new_index(0,
|
|
|
c4366c |
"nFast HWCryptoHook RSA key handle",
|
|
|
c4366c |
- NULL, NULL, hwcrhk_ex_free);
|
|
|
c4366c |
+ NULL, NULL, NULL);
|
|
|
c4366c |
#endif
|
|
|
c4366c |
return 1;
|
|
|
c4366c |
err:
|
|
|
c4366c |
@@ -853,8 +844,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
|
|
|
c4366c |
|
|
|
c4366c |
return res;
|
|
|
c4366c |
err:
|
|
|
c4366c |
- if (res)
|
|
|
c4366c |
- EVP_PKEY_free(res);
|
|
|
c4366c |
#ifndef OPENSSL_NO_RSA
|
|
|
c4366c |
if (rtmp)
|
|
|
c4366c |
RSA_free(rtmp);
|
|
|
c4366c |
@@ -1087,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r
|
|
|
c4366c |
{
|
|
|
c4366c |
return hwcrhk_mod_exp(r, a, p, m, ctx);
|
|
|
c4366c |
}
|
|
|
c4366c |
+
|
|
|
c4366c |
+static int hwcrhk_rsa_finish(RSA *rsa)
|
|
|
c4366c |
+ {
|
|
|
c4366c |
+ HWCryptoHook_RSAKeyHandle *hptr;
|
|
|
c4366c |
+
|
|
|
c4366c |
+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
|
|
|
c4366c |
+ if (hptr)
|
|
|
c4366c |
+ {
|
|
|
c4366c |
+ p_hwcrhk_RSAUnloadKey(*hptr, NULL);
|
|
|
c4366c |
+ OPENSSL_free(hptr);
|
|
|
c4366c |
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
|
|
|
c4366c |
+ }
|
|
|
c4366c |
+ return 1;
|
|
|
c4366c |
+ }
|
|
|
c4366c |
+
|
|
|
c4366c |
#endif
|
|
|
c4366c |
|
|
|
c4366c |
#ifndef OPENSSL_NO_DH
|
|
|
c4366c |
@@ -1145,34 +1149,6 @@ static int hwcrhk_rand_status(void)
|
|
|
c4366c |
return 1;
|
|
|
c4366c |
}
|
|
|
c4366c |
|
|
|
c4366c |
-/* This cleans up an RSA KM key, called when ex_data is freed */
|
|
|
c4366c |
-#ifndef OPENSSL_NO_RSA
|
|
|
c4366c |
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
|
|
|
c4366c |
- int ind,long argl, void *argp)
|
|
|
c4366c |
-{
|
|
|
c4366c |
- char tempbuf[1024];
|
|
|
c4366c |
- HWCryptoHook_ErrMsgBuf rmsg;
|
|
|
c4366c |
-#ifndef OPENSSL_NO_RSA
|
|
|
c4366c |
- HWCryptoHook_RSAKeyHandle *hptr;
|
|
|
c4366c |
-#endif
|
|
|
c4366c |
-#if !defined(OPENSSL_NO_RSA)
|
|
|
c4366c |
- int ret;
|
|
|
c4366c |
-#endif
|
|
|
c4366c |
-
|
|
|
c4366c |
- rmsg.buf = tempbuf;
|
|
|
c4366c |
- rmsg.size = sizeof(tempbuf);
|
|
|
c4366c |
-
|
|
|
c4366c |
-#ifndef OPENSSL_NO_RSA
|
|
|
c4366c |
- hptr = (HWCryptoHook_RSAKeyHandle *) item;
|
|
|
c4366c |
- if(hptr)
|
|
|
c4366c |
- {
|
|
|
c4366c |
- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
|
|
|
c4366c |
- OPENSSL_free(hptr);
|
|
|
c4366c |
- }
|
|
|
c4366c |
-#endif
|
|
|
c4366c |
-}
|
|
|
c4366c |
-#endif
|
|
|
c4366c |
-
|
|
|
c4366c |
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
|
|
|
c4366c |
* these just wrap the POSIX functions and add some logging.
|
|
|
c4366c |
*/
|
|
|
c4366c |
@@ -1210,6 +1186,11 @@ static int hwcrhk_get_pass(const char *p
|
|
|
c4366c |
pem_password_cb *callback = NULL;
|
|
|
c4366c |
void *callback_data = NULL;
|
|
|
c4366c |
UI_METHOD *ui_method = NULL;
|
|
|
c4366c |
+ /* Despite what the documentation says prompt_info can be
|
|
|
c4366c |
+ * an empty string.
|
|
|
c4366c |
+ */
|
|
|
c4366c |
+ if (prompt_info && !*prompt_info)
|
|
|
c4366c |
+ prompt_info = NULL;
|
|
|
c4366c |
|
|
|
c4366c |
if (cactx)
|
|
|
c4366c |
{
|
|
|
c4366c |
@@ -1311,10 +1292,14 @@ static int hwcrhk_insert_card(const char
|
|
|
c4366c |
{
|
|
|
c4366c |
char answer;
|
|
|
c4366c |
char buf[BUFSIZ];
|
|
|
c4366c |
-
|
|
|
c4366c |
- if (wrong_info)
|
|
|
c4366c |
+ /* Despite what the documentation says wrong_info can be
|
|
|
c4366c |
+ * an empty string.
|
|
|
c4366c |
+ */
|
|
|
c4366c |
+ if (wrong_info && *wrong_info)
|
|
|
c4366c |
BIO_snprintf(buf, sizeof(buf)-1,
|
|
|
c4366c |
"Current card: \"%s\"\n", wrong_info);
|
|
|
c4366c |
+ else
|
|
|
c4366c |
+ buf[0] = 0;
|
|
|
c4366c |
ok = UI_dup_info_string(ui, buf);
|
|
|
c4366c |
if (ok >= 0 && prompt_info)
|
|
|
c4366c |
{
|