RSA_METHOD *qat_get_RSA_methods(void)
{
#ifndef OPENSSL_DISABLE_QAT_RSA
int res = 1;
#endif
if (qat_rsa_method != NULL)
return qat_rsa_method;
#ifndef OPENSSL_DISABLE_QAT_RSA
if ((qat_rsa_method = RSA_meth_new("QAT RSA method", 0)) == NULL) {
WARN("Failed to allocate QAT RSA methods\n");
QATerr(QAT_F_QAT_GET_RSA_METHODS, QAT_R_ALLOC_QAT_RSA_METH_FAILURE);
return NULL;
}
res &= RSA_meth_set_pub_enc(qat_rsa_method, qat_rsa_pub_enc);
res &= RSA_meth_set_pub_dec(qat_rsa_method, qat_rsa_pub_dec);
res &= RSA_meth_set_priv_enc(qat_rsa_method, qat_rsa_priv_enc);
res &= RSA_meth_set_priv_dec(qat_rsa_method, qat_rsa_priv_dec);
res &= RSA_meth_set_mod_exp(qat_rsa_method, qat_rsa_mod_exp);
res &= RSA_meth_set_bn_mod_exp(qat_rsa_method, qat_bn_mod_exp);
if (res == 0) {
WARN("Failed to set QAT RSA methods\n");
QATerr(QAT_F_QAT_GET_RSA_METHODS, QAT_R_SET_QAT_RSA_METH_FAILURE);
return NULL;
}
#else
qat_rsa_method = (RSA_METHOD *)RSA_get_default_method();
#endif
return qat_rsa_method;
}
const RSA_METHOD * HSM_PKCS11_get_rsa_method ( void ) {
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
static RSA_METHOD ret;
ret = *RSA_get_default_method();
// Sets the name
ret.name = "LibPKI PKCS#11 RSA";
// Implemented Methods
ret.rsa_sign = HSM_PKCS11_rsa_sign;
// Not Implemented Methods
ret.rsa_priv_enc = NULL;
ret.rsa_priv_dec = NULL;
return &ret;
#else
static RSA_METHOD * r_pnt = NULL;
// Static Pointer to the new PKCS11 RSA Method
// If the pointer is empty, let's get a new method
if (!r_pnt) {
// Duplicate the default method
if ((r_pnt = RSA_meth_dup(RSA_get_default_method())) != NULL) {
// Sets the name
RSA_meth_set1_name(r_pnt, "LibPKI PKCS#11 RSA");
// Sets the sign to use the PKCS#11 version
RSA_meth_set_sign(r_pnt, HSM_PKCS11_rsa_sign);
// Sets not implemented calls
RSA_meth_set_priv_enc(r_pnt, NULL);
RSA_meth_set_priv_dec(r_pnt, NULL);
}
}
// All Done
return r_pnt;
#endif
}
/*
* Overload the default OpenSSL methods for RSA
*/
RSA_METHOD *PKCS11_get_rsa_method(void)
{
static RSA_METHOD *ops = NULL;
if (ops == NULL) {
alloc_rsa_ex_index();
ops = RSA_meth_new("libp11 RSA method", 0);
if (ops == NULL)
return NULL;
RSA_meth_set_priv_enc(ops, pkcs11_rsa_priv_enc_method);
RSA_meth_set_priv_dec(ops, pkcs11_rsa_priv_dec_method);
RSA_meth_set_finish(ops, pkcs11_rsa_free_method);
}
return ops;
}
static RSA_METHOD *get_pkcs11_rsa_method(void) {
static RSA_METHOD *pkcs11_rsa_method = NULL;
if(pkcs11_rsa_key_idx == -1) {
pkcs11_rsa_key_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
}
if(pkcs11_rsa_method == NULL) {
#if OPENSSL_VERSION_NUMBER < 0x10100005L
const RSA_METHOD *def = RSA_get_default_method();
pkcs11_rsa_method = calloc(1, sizeof(*pkcs11_rsa_method));
memcpy(pkcs11_rsa_method, def, sizeof(*pkcs11_rsa_method));
pkcs11_rsa_method->name = "pkcs11";
pkcs11_rsa_method->rsa_priv_enc = pkcs11_rsa_private_encrypt;
pkcs11_rsa_method->rsa_priv_dec = pkcs11_rsa_private_decrypt;
#else
pkcs11_rsa_method = RSA_meth_dup(RSA_get_default_method());
RSA_meth_set1_name(pkcs11_rsa_method, "pkcs11");
RSA_meth_set_priv_enc(pkcs11_rsa_method, pkcs11_rsa_private_encrypt);
RSA_meth_set_priv_dec(pkcs11_rsa_method, pkcs11_rsa_private_decrypt);
#endif
}
return pkcs11_rsa_method;
}
static int bind_dasync(ENGINE *e)
{
/* Setup RSA_METHOD */
if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
|| RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
|| RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
|| RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
|| RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
|| RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
|| RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
|| RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
|| RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/* Ensure the dasync error handling is set up */
ERR_load_DASYNC_strings();
if (!ENGINE_set_id(e, engine_dasync_id)
|| !ENGINE_set_name(e, engine_dasync_name)
|| !ENGINE_set_RSA(e, dasync_rsa_method)
|| !ENGINE_set_digests(e, dasync_digests)
|| !ENGINE_set_ciphers(e, dasync_ciphers)
|| !ENGINE_set_destroy_function(e, dasync_destroy)
|| !ENGINE_set_init_function(e, dasync_init)
|| !ENGINE_set_finish_function(e, dasync_finish)) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/*
* Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
* supplied by this engine
*/
_hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
if (_hidden_sha1_md == NULL
|| !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
sizeof(EVP_MD *) + sizeof(SHA_CTX))
|| !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
|| !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
|| !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
}
_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
dasync_aes128_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
dasync_aes128_cbc_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
dasync_aes128_cbc_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
dasync_aes128_cbc_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
_hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
NID_aes_128_cbc_hmac_sha1,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc_hmac_sha1 == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_FLAG_AEAD_CIPHER
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
_hidden_aes_128_cbc_hmac_sha1 = NULL;
}
return 1;
}
PKCS11H_BOOL
_pkcs11h_openssl_initialize (void) {
PKCS11H_BOOL ret = FALSE;
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - entered"
);
#ifndef OPENSSL_NO_RSA
if (__openssl_methods.rsa != NULL) {
RSA_meth_free (__openssl_methods.rsa);
}
if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) {
goto cleanup;
}
RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h");
RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec);
RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc);
RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY);
__openssl_methods.rsa_index = RSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifndef OPENSSL_NO_DSA
if (__openssl_methods.dsa != NULL) {
DSA_meth_free (__openssl_methods.dsa);
}
__openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ());
DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h");
DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign);
__openssl_methods.dsa_index = DSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifdef __ENABLE_EC
if (__openssl_methods.ecdsa != NULL) {
ECDSA_METHOD_free(__openssl_methods.ecdsa);
}
__openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ());
ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h");
ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign);
__openssl_methods.ecdsa_index = ECDSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
ret = TRUE;
cleanup:
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - return %d",
ret
);
return ret;
}
