static void xsyslog (BIO * bp, int priority, const char *string)
{
LPCSTR lpszStrings[2];
WORD evtype = EVENTLOG_ERROR_TYPE;
char pidbuf[DECIMAL_SIZE (DWORD) + 4];
if (bp->ptr == NULL)
return;
switch (priority)
{
case LOG_EMERG:
case LOG_ALERT:
case LOG_CRIT:
case LOG_ERR:
evtype = EVENTLOG_ERROR_TYPE;
break;
case LOG_WARNING:
evtype = EVENTLOG_WARNING_TYPE;
break;
case LOG_NOTICE:
case LOG_INFO:
case LOG_DEBUG:
evtype = EVENTLOG_INFORMATION_TYPE;
break;
default: /* Should never happen, but set it
as error anyway. */
evtype = EVENTLOG_ERROR_TYPE;
break;
}
sprintf (pidbuf, "[%u] ", GetCurrentProcessId ());
lpszStrings[0] = pidbuf;
lpszStrings[1] = string;
ReportEventA (bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
}
static void xsyslog(BIO *bp, int priority, const char *string)
{
LPCSTR lpszStrings[2];
WORD evtype= EVENTLOG_ERROR_TYPE;
int pid = _getpid();
char pidbuf[DECIMAL_SIZE(pid)+4];
switch (priority)
{
case LOG_EMERG:
case LOG_ALERT:
case LOG_CRIT:
case LOG_ERR:
evtype = EVENTLOG_ERROR_TYPE;
break;
case LOG_WARNING:
evtype = EVENTLOG_WARNING_TYPE;
break;
case LOG_NOTICE:
case LOG_INFO:
case LOG_DEBUG:
evtype = EVENTLOG_INFORMATION_TYPE;
break;
default: /* Should never happen, but set it
as error anyway. */
evtype = EVENTLOG_ERROR_TYPE;
break;
}
sprintf(pidbuf, "[%d] ", pid);
lpszStrings[0] = pidbuf;
lpszStrings[1] = string;
if(report_event && bp->ptr)
report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
lpszStrings, NULL);
}
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
/* The macro BUFSIZE conflicts with a system macro in VxWorks */
#define CONFBUFSIZE 512
int bufnum = 0, i, ii;
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
CONF_VALUE *sv = NULL;
char *section = NULL, *buf;
char *start, *psection, *pname;
void *h = (void *)(conf->data);
STACK_OF(BIO) *biosk = NULL;
#ifndef OPENSSL_NO_POSIX_IO
char *dirpath = NULL;
OPENSSL_DIR_CTX *dirctx = NULL;
#endif
if ((buff = BUF_MEM_new()) == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
goto err;
}
section = OPENSSL_strdup("default");
if (section == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (_CONF_new_data(conf) == 0) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
sv = _CONF_new_section(conf, section);
if (sv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
bufnum = 0;
again = 0;
for (;;) {
if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
goto err;
}
p = &(buff->data[bufnum]);
*p = '\0';
read_retry:
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
if (i == 0 && !again) {
/* the currently processed BIO is at EOF */
BIO *parent;
#ifndef OPENSSL_NO_POSIX_IO
/* continue processing with the next file from directory */
if (dirctx != NULL) {
BIO *next;
if ((next = get_next_file(dirpath, &dirctx)) != NULL) {
BIO_vfree(in);
in = next;
goto read_retry;
} else {
OPENSSL_free(dirpath);
dirpath = NULL;
}
}
#endif
/* no more files in directory, continue with processing parent */
if ((parent = sk_BIO_pop(biosk)) == NULL) {
/* everything processed get out of the loop */
break;
} else {
BIO_vfree(in);
in = parent;
goto read_retry;
}
}
again = 0;
while (i > 0) {
if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
break;
else
i--;
}
/*
* we removed some trailing stuff so there is a new line on the end.
*/
if (ii && i == ii)
again = 1; /* long line */
else {
p[i] = '\0';
eline++; /* another input line */
}
/* we now have a line with trailing \r\n removed */
/* i is the number of bytes */
bufnum += i;
v = NULL;
/* check for line continuation */
if (bufnum >= 1) {
/*
* If we have bytes and the last char '\\' and second last char
* is not '\\'
*/
p = &(buff->data[bufnum - 1]);
if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
bufnum--;
again = 1;
}
}
if (again)
continue;
bufnum = 0;
buf = buff->data;
clear_comments(conf, buf);
s = eat_ws(conf, buf);
if (IS_EOF(conf, *s))
continue; /* blank line */
if (*s == '[') {
char *ss;
s++;
start = eat_ws(conf, s);
ss = start;
again:
end = eat_alpha_numeric(conf, ss);
p = eat_ws(conf, end);
if (*p != ']') {
if (*p != '\0' && ss != p) {
ss = p;
goto again;
}
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
goto err;
}
*end = '\0';
if (!str_copy(conf, NULL, §ion, start))
goto err;
if ((sv = _CONF_get_section(conf, section)) == NULL)
sv = _CONF_new_section(conf, section);
if (sv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
continue;
} else {
pname = s;
end = eat_alpha_numeric(conf, s);
if ((end[0] == ':') && (end[1] == ':')) {
*end = '\0';
end += 2;
psection = pname;
pname = end;
end = eat_alpha_numeric(conf, end);
} else {
psection = section;
}
p = eat_ws(conf, end);
if (strncmp(pname, ".include", 8) == 0
&& (p != pname + 8 || *p == '=')) {
char *include = NULL;
BIO *next;
if (*p == '=') {
p++;
p = eat_ws(conf, p);
}
trim_ws(conf, p);
if (!str_copy(conf, psection, &include, p))
goto err;
/* get the BIO of the included file */
#ifndef OPENSSL_NO_POSIX_IO
next = process_include(include, &dirctx, &dirpath);
if (include != dirpath) {
/* dirpath will contain include in case of a directory */
OPENSSL_free(include);
}
#else
next = BIO_new_file(include, "r");
OPENSSL_free(include);
#endif
if (next != NULL) {
/* push the currently processing BIO onto stack */
if (biosk == NULL) {
if ((biosk = sk_BIO_new_null()) == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
}
if (!sk_BIO_push(biosk, in)) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
/* continue with reading from the included BIO */
in = next;
}
continue;
} else if (*p != '=') {
CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
goto err;
}
*end = '\0';
p++;
start = eat_ws(conf, p);
trim_ws(conf, start);
if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
v->name = OPENSSL_strdup(pname);
v->value = NULL;
if (v->name == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!str_copy(conf, psection, &(v->value), start))
goto err;
if (strcmp(psection, section) != 0) {
if ((tv = _CONF_get_section(conf, psection))
== NULL)
tv = _CONF_new_section(conf, psection);
if (tv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
} else
tv = sv;
if (_CONF_add_string(conf, tv, v) == 0) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
v = NULL;
}
}
BUF_MEM_free(buff);
OPENSSL_free(section);
/*
* No need to pop, since we only get here if the stack is empty.
* If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE!
*/
sk_BIO_free(biosk);
return 1;
err:
BUF_MEM_free(buff);
OPENSSL_free(section);
/*
* Since |in| is the first element of the stack and should NOT be freed
* here, we cannot use sk_BIO_pop_free(). Instead, we pop and free one
* BIO at a time, making sure that the last one popped isn't.
*/
while (sk_BIO_num(biosk) > 0) {
BIO *popped = sk_BIO_pop(biosk);
BIO_vfree(in);
in = popped;
}
sk_BIO_free(biosk);
#ifndef OPENSSL_NO_POSIX_IO
OPENSSL_free(dirpath);
if (dirctx != NULL)
OPENSSL_DIR_end(&dirctx);
#endif
if (line != NULL)
*line = eline;
BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
ERR_add_error_data(2, "line ", btmp);
if (h != conf->data) {
CONF_free(conf->data);
conf->data = NULL;
}
if (v != NULL) {
OPENSSL_free(v->name);
OPENSSL_free(v->value);
OPENSSL_free(v);
}
return 0;
}
int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len)
{
ui->flags &= ~UI_FLAG_REDOABLE;
switch (uis->type) {
case UIT_PROMPT:
case UIT_VERIFY:
{
char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
BIO_snprintf(number1, sizeof(number1), "%d",
uis->_.string_data.result_minsize);
BIO_snprintf(number2, sizeof(number2), "%d",
uis->_.string_data.result_maxsize);
if (len < uis->_.string_data.result_minsize) {
ui->flags |= UI_FLAG_REDOABLE;
UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_SMALL);
ERR_add_error_data(5, "You must type in ",
number1, " to ", number2, " characters");
return -1;
}
if (len > uis->_.string_data.result_maxsize) {
ui->flags |= UI_FLAG_REDOABLE;
UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_LARGE);
ERR_add_error_data(5, "You must type in ",
number1, " to ", number2, " characters");
return -1;
}
}
if (uis->result_buf == NULL) {
UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
return -1;
}
memcpy(uis->result_buf, result, len);
if (len <= uis->_.string_data.result_maxsize)
uis->result_buf[len] = '\0';
uis->result_len = len;
break;
case UIT_BOOLEAN:
{
const char *p;
if (uis->result_buf == NULL) {
UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
return -1;
}
uis->result_buf[0] = '\0';
for (p = result; *p; p++) {
if (strchr(uis->_.boolean_data.ok_chars, *p)) {
uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
break;
}
if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
break;
}
}
}
case UIT_NONE:
case UIT_INFO:
case UIT_ERROR:
break;
}
return 0;
}
int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
{
int i,idx=0,n=0,len,nid;
unsigned long l;
unsigned char *p;
const char *s;
char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
if ((a == NULL) || (a->data == NULL)) {
buf[0]='\0';
return(0);
}
if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
len=a->length;
p=a->data;
idx=0;
l=0;
while (idx < a->length) {
l|=(p[idx]&0x7f);
if (!(p[idx] & 0x80)) break;
l<<=7L;
idx++;
}
idx++;
i=(int)(l/40);
if (i > 2) i=2;
l-=(long)(i*40);
BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
i=strlen(tbuf);
BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
buf+=i;
n+=i;
l=0;
for (; idx<len; idx++) {
l|=p[idx]&0x7f;
if (!(p[idx] & 0x80)) {
BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
i=strlen(tbuf);
if (buf_len > 0)
BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
buf+=i;
n+=i;
l=0;
}
l<<=7L;
}
} else {
s=OBJ_nid2ln(nid);
if (s == NULL)
s=OBJ_nid2sn(nid);
BUF_strlcpy(buf,s,buf_len);
n=strlen(s);
}
return(n);
}
int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
{
int l = strlen(result);
ui->flags &= ~UI_FLAG_REDOABLE;
if (!uis)
return -1;
switch (uis->type) {
case UIT_PROMPT:
case UIT_VERIFY:
{
char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
BIO_snprintf(number1, sizeof(number1), "%d",
uis->_.string_data.result_minsize);
BIO_snprintf(number2, sizeof(number2), "%d",
uis->_.string_data.result_maxsize);
if (l < uis->_.string_data.result_minsize) {
ui->flags |= UI_FLAG_REDOABLE;
UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
ERR_add_error_data(5, "You must type in ",
number1, " to ", number2, " characters");
return -1;
}
if (l > uis->_.string_data.result_maxsize) {
ui->flags |= UI_FLAG_REDOABLE;
UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
ERR_add_error_data(5, "You must type in ",
number1, " to ", number2, " characters");
return -1;
}
}
if (!uis->result_buf) {
UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
return -1;
}
BUF_strlcpy(uis->result_buf, result,
uis->_.string_data.result_maxsize + 1);
break;
case UIT_BOOLEAN:
{
const char *p;
if (!uis->result_buf) {
UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
return -1;
}
uis->result_buf[0] = '\0';
for (p = result; *p; p++) {
if (strchr(uis->_.boolean_data.ok_chars, *p)) {
uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
break;
}
if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
break;
}
}
}
default:
break;
}
return 0;
}
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
/* The macro BUFSIZE conflicts with a system macro in VxWorks */
#define CONFBUFSIZE 512
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again;
long eline=0;
char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
STACK_OF(CONF_VALUE) *section_sk=NULL,*ts __UNUSED;
char *start,*psection,*pname;
void *h = (void *)(conf->data);
if ((buff=BUF_MEM_new()) == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
goto err;
}
section=(char *)OPENSSL_malloc(10);
if (section == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(section,"default",10);
if (_CONF_new_data(conf) == 0)
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
sv=_CONF_new_section(conf,section);
if (sv == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
bufnum=0;
again=0;
for (;;)
{
if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
{
CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
goto err;
}
p= &(buff->data[bufnum]);
*p='\0';
BIO_gets(in, p, CONFBUFSIZE-1);
p[CONFBUFSIZE-1]='\0';
ii=i=strlen(p);
if (i == 0 && !again) break;
again=0;
while (i > 0)
{
if ((p[i-1] != '\r') && (p[i-1] != '\n'))
break;
else
i--;
}
/* we removed some trailing stuff so there is a new
* line on the end. */
if (ii && i == ii)
again=1; /* long line */
else
{
p[i]='\0';
eline++; /* another input line */
}
/* we now have a line with trailing \r\n removed */
/* i is the number of bytes */
bufnum+=i;
v=NULL;
/* check for line continuation */
if (bufnum >= 1)
{
/* If we have bytes and the last char '\\' and
* second last char is not '\\' */
p= &(buff->data[bufnum-1]);
if (IS_ESC(conf,p[0]) &&
((bufnum <= 1) || !IS_ESC(conf,p[-1])))
{
bufnum--;
again=1;
}
}
if (again) continue;
bufnum=0;
buf=buff->data;
clear_comments(conf, buf);
s=eat_ws(conf, buf);
if (IS_EOF(conf,*s)) continue; /* blank line */
if (*s == '[')
{
char *ss;
s++;
start=eat_ws(conf, s);
ss=start;
again:
end=eat_alpha_numeric(conf, ss);
p=eat_ws(conf, end);
if (*p != ']')
{
if (*p != '\0')
{
ss=p;
goto again;
}
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
goto err;
}
*end='\0';
if (!str_copy(conf,NULL,§ion,start)) goto err;
if ((sv=_CONF_get_section(conf,section)) == NULL)
sv=_CONF_new_section(conf,section);
if (sv == NULL)
{
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
continue;
}
else
{
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
SW_PARAM sw_param;
SW_STATUS sw_status;
SW_LARGENUMBER arg[2], res;
unsigned long sig_result;
BN_CTX *ctx;
BIGNUM *dsa_p = NULL;
BIGNUM *dsa_q = NULL;
BIGNUM *dsa_g = NULL;
BIGNUM *dsa_key = NULL;
BIGNUM *argument = NULL;
int to_return = -1;
int acquired = 0;
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!get_context(&hac))
{
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
BN_CTX_start(ctx);
dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
if(!argument)
{
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(dsa_p, dsa->p->top) ||
!bn_wexpand(dsa_q, dsa->q->top) ||
!bn_wexpand(dsa_g, dsa->g->top) ||
!bn_wexpand(dsa_key, dsa->pub_key->top) ||
!bn_wexpand(argument, 40))
{
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_DSA;
sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
(unsigned char *)dsa_p->d);
sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
(unsigned char *)dsa_q->d);
sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
(unsigned char *)dsa_g->d);
sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
(unsigned char *)dsa_key->d);
sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg[0].nbytes = dgst_len;
arg[0].value = (unsigned char *)dgst;
arg[1].nbytes = 40;
arg[1].value = (unsigned char *)argument->d;
memset(arg[1].value, 0, 40);
BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
res.nbytes = 4; /* unsigned long */
res.value = (unsigned char *)(&sig_result);
/* Perform the operation */
sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
&res, 1);
if(sw_status != SW_OK)
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
to_return = ((sig_result == 0) ? 0 : 1);
err:
if(acquired)
release_context(hac);
if(ctx)
{
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return to_return;
}
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
SW_PARAM sw_param;
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
unsigned char *ptr;
BN_CTX *ctx;
BIGNUM *dsa_p = NULL;
BIGNUM *dsa_q = NULL;
BIGNUM *dsa_g = NULL;
BIGNUM *dsa_key = NULL;
BIGNUM *result = NULL;
DSA_SIG *to_return = NULL;
int acquired = 0;
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!get_context(&hac))
{
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
BN_CTX_start(ctx);
dsa_p = BN_CTX_get(ctx);
dsa_q = BN_CTX_get(ctx);
dsa_g = BN_CTX_get(ctx);
dsa_key = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if(!result)
{
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(dsa_p, dsa->p->top) ||
!bn_wexpand(dsa_q, dsa->q->top) ||
!bn_wexpand(dsa_g, dsa->g->top) ||
!bn_wexpand(dsa_key, dsa->priv_key->top) ||
!bn_wexpand(result, dsa->p->top))
{
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_DSA;
sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
(unsigned char *)dsa_p->d);
sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
(unsigned char *)dsa_q->d);
sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
(unsigned char *)dsa_g->d);
sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
(unsigned char *)dsa_key->d);
sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = dlen;
arg.value = (unsigned char *)dgst;
res.nbytes = BN_num_bytes(dsa->p);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
&res, 1);
if(sw_status != SW_OK)
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
ptr = (unsigned char *)result->d;
if((to_return = DSA_SIG_new()) == NULL)
goto err;
to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
err:
if(acquired)
release_context(hac);
if(ctx)
{
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return to_return;
}
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
{
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
BIGNUM *result = NULL;
BIGNUM *argument = NULL;
int to_return = 0; /* expect failure */
int acquired = 0;
sw_param.up.crt.p.value = NULL;
sw_param.up.crt.q.value = NULL;
sw_param.up.crt.dmp1.value = NULL;
sw_param.up.crt.dmq1.value = NULL;
sw_param.up.crt.iqmp.value = NULL;
if(!get_context(&hac))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
argument = BN_new();
result = BN_new();
if(!result || !argument)
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
goto err;
}
sw_param.type = SW_ALG_CRT;
/************************************************************************/
/* 04/02/2003 */
/* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
/* limitation of cswift with values not a multiple of 32 */
/************************************************************************/
if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
if( !bn_wexpand(argument, a->top) ||
!bn_wexpand(result, p->top + q->top))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
arg.value = (unsigned char *)argument->d;
res.nbytes = 2 * BN_num_bytes(p);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
&res, 1)) != SW_OK)
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
if(sw_param.up.crt.p.value)
OPENSSL_free(sw_param.up.crt.p.value);
if(sw_param.up.crt.q.value)
OPENSSL_free(sw_param.up.crt.q.value);
if(sw_param.up.crt.dmp1.value)
OPENSSL_free(sw_param.up.crt.dmp1.value);
if(sw_param.up.crt.dmq1.value)
OPENSSL_free(sw_param.up.crt.dmq1.value);
if(sw_param.up.crt.iqmp.value)
OPENSSL_free(sw_param.up.crt.iqmp.value);
if(result)
BN_free(result);
if(argument)
BN_free(argument);
if(acquired)
release_context(hac);
return to_return;
}
/* Un petit mod_exp */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/* I need somewhere to store temporary serialised values for
* use with the CryptoSwift API calls. A neat cheat - I'll use
* BIGNUMs from the BN_CTX but access their arrays directly as
* byte arrays <grin>. This way I don't have to clean anything
* up. */
BIGNUM *modulus;
BIGNUM *exponent;
BIGNUM *argument;
BIGNUM *result;
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
int to_return, acquired;
modulus = exponent = argument = result = NULL;
to_return = 0; /* expect failure */
acquired = 0;
if(!get_context(&hac))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
goto err;
}
acquired = 1;
/* Prepare the params */
BN_CTX_start(ctx);
modulus = BN_CTX_get(ctx);
exponent = BN_CTX_get(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if(!result)
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
goto err;
}
if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
sw_param.type = SW_ALG_EXP;
sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
(unsigned char *)modulus->d);
sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
(unsigned char *)exponent->d);
sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
{
case SW_OK:
break;
case SW_ERR_INPUT_SIZE:
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
goto err;
default:
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
}
goto err;
}
/* Prepare the argument and response */
arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
arg.value = (unsigned char *)argument->d;
res.nbytes = BN_num_bytes(m);
memset(result->d, 0, res.nbytes);
res.value = (unsigned char *)result->d;
/* Perform the operation */
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
&res, 1)) != SW_OK)
{
char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
if(acquired)
release_context(hac);
BN_CTX_end(ctx);
return to_return;
}
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
/* The macro BUFSIZE conflicts with a system macro in VxWorks */
#define CONFBUFSIZE 512
int bufnum = 0, i, ii;
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
CONF_VALUE *sv = NULL;
char *section = NULL, *buf;
char *start, *psection, *pname;
void *h = (void *)(conf->data);
if ((buff = BUF_MEM_new()) == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
goto err;
}
section = (char *)OPENSSL_malloc(10);
if (section == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(section, "default", 10);
if (_CONF_new_data(conf) == 0) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
sv = _CONF_new_section(conf, section);
if (sv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
bufnum = 0;
again = 0;
for (;;) {
if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
goto err;
}
p = &(buff->data[bufnum]);
*p = '\0';
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = sgx_strlen(p);
if (i == 0 && !again)
break;
again = 0;
while (i > 0) {
if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
break;
else
i--;
}
/*
* we removed some trailing stuff so there is a new line on the end.
*/
if (ii && i == ii)
again = 1; /* long line */
else {
p[i] = '\0';
eline++; /* another input line */
}
/* we now have a line with trailing \r\n removed */
/* i is the number of bytes */
bufnum += i;
v = NULL;
/* check for line continuation */
if (bufnum >= 1) {
/*
* If we have bytes and the last char '\\' and second last char
* is not '\\'
*/
p = &(buff->data[bufnum - 1]);
if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
bufnum--;
again = 1;
}
}
if (again)
continue;
bufnum = 0;
buf = buff->data;
clear_comments(conf, buf);
s = eat_ws(conf, buf);
if (IS_EOF(conf, *s))
continue; /* blank line */
if (*s == '[') {
char *ss;
s++;
start = eat_ws(conf, s);
ss = start;
again:
end = eat_alpha_numeric(conf, ss);
p = eat_ws(conf, end);
if (*p != ']') {
if (*p != '\0' && ss != p) {
ss = p;
goto again;
}
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
goto err;
}
*end = '\0';
if (!str_copy(conf, NULL, §ion, start))
goto err;
if ((sv = _CONF_get_section(conf, section)) == NULL)
sv = _CONF_new_section(conf, section);
if (sv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
continue;
} else {
pname = s;
psection = NULL;
end = eat_alpha_numeric(conf, s);
if ((end[0] == ':') && (end[1] == ':')) {
*end = '\0';
end += 2;
psection = pname;
pname = end;
end = eat_alpha_numeric(conf, end);
}
p = eat_ws(conf, end);
if (*p != '=') {
CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
goto err;
}
*end = '\0';
p++;
start = eat_ws(conf, p);
while (!IS_EOF(conf, *p))
p++;
p--;
while ((p != start) && (IS_WS(conf, *p)))
p--;
p++;
*p = '\0';
if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (psection == NULL)
psection = section;
v->name = (char *)OPENSSL_malloc(strlen(pname) + 1);
v->value = NULL;
if (v->name == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(v->name, pname, sgx_strlen(pname) + 1);
if (!str_copy(conf, psection, &(v->value), start))
goto err;
if (sgx_strcmp(psection, section) != 0) {
if ((tv = _CONF_get_section(conf, psection))
== NULL)
tv = _CONF_new_section(conf, psection);
if (tv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
} else
tv = sv;
#if 1
if (_CONF_add_string(conf, tv, v) == 0) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
#else
v->section = tv->section;
if (!sk_CONF_VALUE_push(ts, v)) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
vv = (CONF_VALUE *)lh_insert(conf->data, v);
if (vv != NULL) {
sk_CONF_VALUE_delete_ptr(ts, vv);
OPENSSL_free(vv->name);
OPENSSL_free(vv->value);
OPENSSL_free(vv);
}
#endif
v = NULL;
}
}
if (buff != NULL)
BUF_MEM_free(buff);
if (section != NULL)
OPENSSL_free(section);
return (1);
err:
if (buff != NULL)
BUF_MEM_free(buff);
if (section != NULL)
OPENSSL_free(section);
if (line != NULL)
*line = eline;
BIO_snprintf(btmp, sizeof btmp, "%ld", eline);
ERR_add_error_data(2, "line ", btmp);
if ((h != conf->data) && (conf->data != NULL)) {
CONF_free(conf->data);
conf->data = NULL;
}
if (v != NULL) {
if (v->name != NULL)
OPENSSL_free(v->name);
if (v->value != NULL)
OPENSSL_free(v->value);
if (v != NULL)
OPENSSL_free(v);
}
return (0);
}
