1 /* |
|
2 * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. |
|
3 */ |
|
4 |
|
5 /* crypto/engine/hw_pk11.c */ |
|
6 /* |
|
7 * This product includes software developed by the OpenSSL Project for |
|
8 * use in the OpenSSL Toolkit (http://www.openssl.org/). |
|
9 * |
|
10 * This project also referenced hw_pkcs11-0.9.7b.patch written by |
|
11 * Afchine Madjlessi. |
|
12 */ |
|
13 /* |
|
14 * ==================================================================== |
|
15 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. |
|
16 * |
|
17 * Redistribution and use in source and binary forms, with or without |
|
18 * modification, are permitted provided that the following conditions |
|
19 * are met: |
|
20 * |
|
21 * 1. Redistributions of source code must retain the above copyright |
|
22 * notice, this list of conditions and the following disclaimer. |
|
23 * |
|
24 * 2. Redistributions in binary form must reproduce the above copyright |
|
25 * notice, this list of conditions and the following disclaimer in |
|
26 * the documentation and/or other materials provided with the |
|
27 * distribution. |
|
28 * |
|
29 * 3. All advertising materials mentioning features or use of this |
|
30 * software must display the following acknowledgment: |
|
31 * "This product includes software developed by the OpenSSL Project |
|
32 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
33 * |
|
34 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
35 * endorse or promote products derived from this software without |
|
36 * prior written permission. For written permission, please contact |
|
37 * [email protected]. |
|
38 * |
|
39 * 5. Products derived from this software may not be called "OpenSSL" |
|
40 * nor may "OpenSSL" appear in their names without prior written |
|
41 * permission of the OpenSSL Project. |
|
42 * |
|
43 * 6. Redistributions of any form whatsoever must retain the following |
|
44 * acknowledgment: |
|
45 * "This product includes software developed by the OpenSSL Project |
|
46 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
47 * |
|
48 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
49 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
51 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
52 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
54 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
55 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
57 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
59 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
60 * ==================================================================== |
|
61 * |
|
62 * This product includes cryptographic software written by Eric Young |
|
63 * ([email protected]). This product includes software written by Tim |
|
64 * Hudson ([email protected]). |
|
65 * |
|
66 */ |
|
67 |
|
68 #include <stdio.h> |
|
69 #include <stdlib.h> |
|
70 #include <string.h> |
|
71 #include <sys/types.h> |
|
72 #include <unistd.h> |
|
73 #include <strings.h> |
|
74 |
|
75 #include <openssl/e_os2.h> |
|
76 #include <openssl/crypto.h> |
|
77 #include <openssl/engine.h> |
|
78 #include <openssl/dso.h> |
|
79 #include <openssl/err.h> |
|
80 #include <openssl/bn.h> |
|
81 #include <openssl/md5.h> |
|
82 #include <openssl/pem.h> |
|
83 #ifndef OPENSSL_NO_RSA |
|
84 #include <openssl/rsa.h> |
|
85 #endif |
|
86 #ifndef OPENSSL_NO_DSA |
|
87 #include <openssl/dsa.h> |
|
88 #endif |
|
89 #ifndef OPENSSL_NO_DH |
|
90 #include <openssl/dh.h> |
|
91 #endif |
|
92 #include <openssl/rand.h> |
|
93 #include <openssl/objects.h> |
|
94 #include <openssl/x509.h> |
|
95 #include <openssl/aes.h> |
|
96 #include <cryptlib.h> |
|
97 #include <dlfcn.h> |
|
98 #include <pthread.h> |
|
99 |
|
100 #ifndef OPENSSL_NO_HW |
|
101 #ifndef OPENSSL_NO_HW_PK11 |
|
102 |
|
103 /* label for debug messages printed on stderr */ |
|
104 #define PK11_DBG "PKCS#11 ENGINE DEBUG" |
|
105 /* prints a lot of debug messages on stderr about slot selection process */ |
|
106 #undef DEBUG_SLOT_SELECTION |
|
107 /* |
|
108 * Solaris specific code. See comment at check_hw_mechanisms() for more |
|
109 * information. |
|
110 */ |
|
111 #if defined(__SVR4) && defined(__sun) |
|
112 #define SOLARIS_HW_SLOT_SELECTION |
|
113 #endif |
|
114 |
|
115 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
116 #include <sys/auxv.h> |
|
117 #endif |
|
118 |
|
119 #ifdef DEBUG_SLOT_SELECTION |
|
120 #define DEBUG_SLOT_SEL(...) fprintf(stderr, __VA_ARGS__) |
|
121 #else |
|
122 #define DEBUG_SLOT_SEL(...) |
|
123 #endif |
|
124 |
|
125 #include <security/cryptoki.h> |
|
126 #include <security/pkcs11.h> |
|
127 #include "hw_pk11.h" |
|
128 #include "hw_pk11_uri.h" |
|
129 |
|
130 #define PK11_ENGINE_LIB_NAME "PKCS#11 engine" |
|
131 #include "hw_pk11_err.c" |
|
132 |
|
133 /* |
|
134 * We use this lock to prevent multiple C_Login()s, guard getpassphrase(), |
|
135 * uri_struct manipulation, and static token info. All of that is used by the |
|
136 * RSA keys by reference feature. |
|
137 */ |
|
138 pthread_mutex_t *uri_lock = NULL; |
|
139 |
|
140 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
141 /* |
|
142 * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel |
|
143 * library. See comment at check_hw_mechanisms() for more information. |
|
144 */ |
|
145 int *hw_cnids; |
|
146 int *hw_dnids; |
|
147 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
148 |
|
149 /* PKCS#11 session caches and their locks for all operation types */ |
|
150 static PK11_CACHE session_cache[OP_MAX]; |
|
151 |
|
152 /* |
|
153 * We cache the flags so that we do not have to run C_GetTokenInfo() again when |
|
154 * logging into the token. |
|
155 */ |
|
156 CK_FLAGS pubkey_token_flags; |
|
157 |
|
158 /* |
|
159 * As stated in v2.20, 11.7 Object Management Function, in section for |
|
160 * C_FindObjectsInit(), at most one search operation may be active at a given |
|
161 * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be |
|
162 * grouped together to form one atomic search operation. This is already |
|
163 * ensured by the property of unique PKCS#11 session handle used for each |
|
164 * PK11_SESSION object. |
|
165 * |
|
166 * This is however not the biggest concern - maintaining consistency of the |
|
167 * underlying object store is more important. The same section of the spec also |
|
168 * says that one thread can be in the middle of a search operation while another |
|
169 * thread destroys the object matching the search template which would result in |
|
170 * invalid handle returned from the search operation. |
|
171 * |
|
172 * Hence, the following locks are used for both protection of the object stores. |
|
173 * They are also used for active list protection. |
|
174 */ |
|
175 pthread_mutex_t *find_lock[OP_MAX] = { NULL }; |
|
176 |
|
177 /* |
|
178 * lists of asymmetric key handles which are active (referenced by at least one |
|
179 * PK11_SESSION structure, either held by a thread or present in free_session |
|
180 * list) for given algorithm type |
|
181 */ |
|
182 PK11_active *active_list[OP_MAX] = { NULL }; |
|
183 |
|
184 /* |
|
185 * Create all secret key objects in a global session so that they are available |
|
186 * to use for other sessions. These other sessions may be opened or closed |
|
187 * without losing the secret key objects. |
|
188 */ |
|
189 static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE; |
|
190 |
|
191 /* Index for the supported ciphers */ |
|
192 enum pk11_cipher_id { |
|
193 PK11_DES_CBC, |
|
194 PK11_DES3_CBC, |
|
195 PK11_DES_ECB, |
|
196 PK11_DES3_ECB, |
|
197 PK11_RC4, |
|
198 PK11_AES_128_CBC, |
|
199 PK11_AES_192_CBC, |
|
200 PK11_AES_256_CBC, |
|
201 PK11_AES_128_ECB, |
|
202 PK11_AES_192_ECB, |
|
203 PK11_AES_256_ECB, |
|
204 PK11_BLOWFISH_CBC, |
|
205 PK11_AES_128_CTR, |
|
206 PK11_AES_192_CTR, |
|
207 PK11_AES_256_CTR, |
|
208 PK11_CIPHER_MAX |
|
209 }; |
|
210 |
|
211 /* Index for the supported digests */ |
|
212 enum pk11_digest_id { |
|
213 PK11_MD5, |
|
214 PK11_SHA1, |
|
215 PK11_SHA224, |
|
216 PK11_SHA256, |
|
217 PK11_SHA384, |
|
218 PK11_SHA512, |
|
219 PK11_DIGEST_MAX |
|
220 }; |
|
221 |
|
222 typedef struct PK11_CIPHER_st |
|
223 { |
|
224 enum pk11_cipher_id id; |
|
225 int nid; |
|
226 int iv_len; |
|
227 int min_key_len; |
|
228 int max_key_len; |
|
229 CK_KEY_TYPE key_type; |
|
230 CK_MECHANISM_TYPE mech_type; |
|
231 } PK11_CIPHER; |
|
232 |
|
233 typedef struct PK11_DIGEST_st |
|
234 { |
|
235 enum pk11_digest_id id; |
|
236 int nid; |
|
237 CK_MECHANISM_TYPE mech_type; |
|
238 } PK11_DIGEST; |
|
239 |
|
240 /* ENGINE level stuff */ |
|
241 static int pk11_init(ENGINE *e); |
|
242 static int pk11_library_init(ENGINE *e); |
|
243 static int pk11_finish(ENGINE *e); |
|
244 static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); |
|
245 static int pk11_destroy(ENGINE *e); |
|
246 |
|
247 /* RAND stuff */ |
|
248 static void pk11_rand_seed(const void *buf, int num); |
|
249 static void pk11_rand_add(const void *buf, int num, double add_entropy); |
|
250 static void pk11_rand_cleanup(void); |
|
251 static int pk11_rand_bytes(unsigned char *buf, int num); |
|
252 static int pk11_rand_status(void); |
|
253 |
|
254 /* These functions are also used in other files */ |
|
255 PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); |
|
256 void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); |
|
257 |
|
258 /* active list manipulation functions used in this file */ |
|
259 extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type); |
|
260 extern void pk11_free_active_list(PK11_OPTYPE type); |
|
261 |
|
262 #ifndef OPENSSL_NO_RSA |
|
263 int pk11_destroy_rsa_key_objects(PK11_SESSION *session); |
|
264 int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); |
|
265 int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); |
|
266 #endif |
|
267 #ifndef OPENSSL_NO_DSA |
|
268 int pk11_destroy_dsa_key_objects(PK11_SESSION *session); |
|
269 int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); |
|
270 int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); |
|
271 #endif |
|
272 #ifndef OPENSSL_NO_DH |
|
273 int pk11_destroy_dh_key_objects(PK11_SESSION *session); |
|
274 int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock); |
|
275 #endif |
|
276 |
|
277 /* Local helper functions */ |
|
278 static int pk11_free_all_sessions(void); |
|
279 static int pk11_free_session_list(PK11_OPTYPE optype); |
|
280 static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype); |
|
281 static int pk11_destroy_cipher_key_objects(PK11_SESSION *session); |
|
282 static int pk11_destroy_object(CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE oh, |
|
283 CK_BBOOL persistent); |
|
284 static const char *get_PK11_LIBNAME(void); |
|
285 static void free_PK11_LIBNAME(void); |
|
286 static long set_PK11_LIBNAME(const char *name); |
|
287 |
|
288 /* Symmetric cipher and digest support functions */ |
|
289 static int cipher_nid_to_pk11(int nid); |
|
290 static int pk11_usable_ciphers(const int **nids); |
|
291 static int pk11_usable_digests(const int **nids); |
|
292 static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
|
293 const unsigned char *iv, int enc); |
|
294 static int pk11_cipher_final(PK11_SESSION *sp); |
|
295 static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
296 const unsigned char *in, size_t inl); |
|
297 static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx); |
|
298 static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
|
299 const int **nids, int nid); |
|
300 static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest, |
|
301 const int **nids, int nid); |
|
302 static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, |
|
303 const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp); |
|
304 static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, |
|
305 int key_len); |
|
306 static int md_nid_to_pk11(int nid); |
|
307 static int pk11_digest_init(EVP_MD_CTX *ctx); |
|
308 static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data, |
|
309 size_t count); |
|
310 static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md); |
|
311 static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); |
|
312 static int pk11_digest_cleanup(EVP_MD_CTX *ctx); |
|
313 |
|
314 static int pk11_choose_slots(int *any_slot_found); |
|
315 static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, |
|
316 CK_SLOT_ID current_slot, int *current_slot_n_cipher, |
|
317 int *local_cipher_nids); |
|
318 static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, |
|
319 CK_SLOT_ID current_slot, int *current_slot_n_digest, |
|
320 int *local_digest_nids); |
|
321 static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id, |
|
322 int *current_slot_n_cipher, int *local_cipher_nids, |
|
323 PK11_CIPHER *cipher); |
|
324 static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, |
|
325 int *current_slot_n_digest, int *local_digest_nids, |
|
326 PK11_DIGEST *digest); |
|
327 |
|
328 static int pk11_init_all_locks(void); |
|
329 static void pk11_free_all_locks(void); |
|
330 |
|
331 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
332 static int check_hw_mechanisms(void); |
|
333 static int nid_in_table(int nid, int *nid_table); |
|
334 |
|
335 #if defined(__amd64) || defined(__i386) |
|
336 static int hw_x86_aes_instruction_set_present(void); |
|
337 #endif |
|
338 #if defined(__sparc) |
|
339 static int hw_yf_aes_instruction_set_present(void); |
|
340 static int hw_fj_aes_instruction_set_present(void); |
|
341 static int hw_yf_des_instruction_set_present(void); |
|
342 static int hw_yf_digest_instruction_present(void); |
|
343 #endif |
|
344 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
345 |
|
346 #define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type) \ |
|
347 { \ |
|
348 if (uselock) \ |
|
349 LOCK_OBJSTORE(alg_type); \ |
|
350 if (pk11_active_delete(obj_hdl, alg_type) == 1) \ |
|
351 { \ |
|
352 retval = pk11_destroy_object(sp->session, obj_hdl, \ |
|
353 sp->persistent); \ |
|
354 } \ |
|
355 if (uselock) \ |
|
356 UNLOCK_OBJSTORE(alg_type); \ |
|
357 } |
|
358 |
|
359 static int cipher_nids[PK11_CIPHER_MAX]; |
|
360 static int digest_nids[PK11_DIGEST_MAX]; |
|
361 static int cipher_count = 0; |
|
362 static int digest_count = 0; |
|
363 static CK_BBOOL pk11_have_rsa = CK_FALSE; |
|
364 static CK_BBOOL pk11_have_dsa = CK_FALSE; |
|
365 static CK_BBOOL pk11_have_dh = CK_FALSE; |
|
366 static CK_BBOOL pk11_have_random = CK_FALSE; |
|
367 |
|
368 /* |
|
369 * Static list of ciphers. |
|
370 * Note, that ciphers array is indexed by member PK11_CIPHER.id, |
|
371 * thus ciphers[i].id == i |
|
372 * Rows must be kept in sync with enum pk11_cipher_id. |
|
373 */ |
|
374 static PK11_CIPHER ciphers[] = |
|
375 { |
|
376 { PK11_DES_CBC, NID_des_cbc, 8, 8, 8, |
|
377 CKK_DES, CKM_DES_CBC, }, |
|
378 { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, |
|
379 CKK_DES3, CKM_DES3_CBC, }, |
|
380 { PK11_DES_ECB, NID_des_ecb, 0, 8, 8, |
|
381 CKK_DES, CKM_DES_ECB, }, |
|
382 { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, |
|
383 CKK_DES3, CKM_DES3_ECB, }, |
|
384 { PK11_RC4, NID_rc4, 0, 16, 256, |
|
385 CKK_RC4, CKM_RC4, }, |
|
386 { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, |
|
387 CKK_AES, CKM_AES_CBC, }, |
|
388 { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, |
|
389 CKK_AES, CKM_AES_CBC, }, |
|
390 { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, |
|
391 CKK_AES, CKM_AES_CBC, }, |
|
392 { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, |
|
393 CKK_AES, CKM_AES_ECB, }, |
|
394 { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, |
|
395 CKK_AES, CKM_AES_ECB, }, |
|
396 { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, |
|
397 CKK_AES, CKM_AES_ECB, }, |
|
398 { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, |
|
399 CKK_BLOWFISH, CKM_BLOWFISH_CBC, }, |
|
400 { PK11_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16, |
|
401 CKK_AES, CKM_AES_CTR, }, |
|
402 { PK11_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24, |
|
403 CKK_AES, CKM_AES_CTR, }, |
|
404 { PK11_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32, |
|
405 CKK_AES, CKM_AES_CTR, }, |
|
406 }; |
|
407 |
|
408 /* |
|
409 * Static list of digests. |
|
410 * Note, that digests array is indexed by member PK11_DIGEST.id, |
|
411 * thus digests[i].id == i |
|
412 * Rows must be kept in sync with enum pk11_digest_id. |
|
413 */ |
|
414 static PK11_DIGEST digests[] = |
|
415 { |
|
416 {PK11_MD5, NID_md5, CKM_MD5, }, |
|
417 {PK11_SHA1, NID_sha1, CKM_SHA_1, }, |
|
418 {PK11_SHA224, NID_sha224, CKM_SHA224, }, |
|
419 {PK11_SHA256, NID_sha256, CKM_SHA256, }, |
|
420 {PK11_SHA384, NID_sha384, CKM_SHA384, }, |
|
421 {PK11_SHA512, NID_sha512, CKM_SHA512, }, |
|
422 {0, NID_undef, 0xFFFF, }, |
|
423 }; |
|
424 |
|
425 /* |
|
426 * Structure to be used for the cipher_data/md_data in |
|
427 * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11 |
|
428 * session in multiple cipher_update calls |
|
429 */ |
|
430 typedef struct PK11_CIPHER_STATE_st |
|
431 { |
|
432 PK11_SESSION *sp; |
|
433 } PK11_CIPHER_STATE; |
|
434 |
|
435 |
|
436 /* |
|
437 * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets |
|
438 * called when libcrypto requests a cipher NID. |
|
439 * |
|
440 * Note how the PK11_CIPHER_STATE is used here. |
|
441 */ |
|
442 |
|
443 /* DES CBC EVP */ |
|
444 static const EVP_CIPHER pk11_des_cbc = |
|
445 { |
|
446 NID_des_cbc, |
|
447 8, 8, 8, |
|
448 EVP_CIPH_CBC_MODE, |
|
449 pk11_cipher_init, |
|
450 pk11_cipher_do_cipher, |
|
451 pk11_cipher_cleanup, |
|
452 sizeof (PK11_CIPHER_STATE), |
|
453 EVP_CIPHER_set_asn1_iv, |
|
454 EVP_CIPHER_get_asn1_iv, |
|
455 NULL |
|
456 }; |
|
457 |
|
458 /* 3DES CBC EVP */ |
|
459 static const EVP_CIPHER pk11_3des_cbc = |
|
460 { |
|
461 NID_des_ede3_cbc, |
|
462 8, 24, 8, |
|
463 EVP_CIPH_CBC_MODE, |
|
464 pk11_cipher_init, |
|
465 pk11_cipher_do_cipher, |
|
466 pk11_cipher_cleanup, |
|
467 sizeof (PK11_CIPHER_STATE), |
|
468 EVP_CIPHER_set_asn1_iv, |
|
469 EVP_CIPHER_get_asn1_iv, |
|
470 NULL |
|
471 }; |
|
472 |
|
473 /* |
|
474 * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and |
|
475 * get_asn1_parameters fields are set to NULL. |
|
476 */ |
|
477 static const EVP_CIPHER pk11_des_ecb = |
|
478 { |
|
479 NID_des_ecb, |
|
480 8, 8, 8, |
|
481 EVP_CIPH_ECB_MODE, |
|
482 pk11_cipher_init, |
|
483 pk11_cipher_do_cipher, |
|
484 pk11_cipher_cleanup, |
|
485 sizeof (PK11_CIPHER_STATE), |
|
486 NULL, |
|
487 NULL, |
|
488 NULL |
|
489 }; |
|
490 |
|
491 static const EVP_CIPHER pk11_3des_ecb = |
|
492 { |
|
493 NID_des_ede3_ecb, |
|
494 8, 24, 8, |
|
495 EVP_CIPH_ECB_MODE, |
|
496 pk11_cipher_init, |
|
497 pk11_cipher_do_cipher, |
|
498 pk11_cipher_cleanup, |
|
499 sizeof (PK11_CIPHER_STATE), |
|
500 NULL, |
|
501 NULL, |
|
502 NULL |
|
503 }; |
|
504 |
|
505 |
|
506 static const EVP_CIPHER pk11_aes_128_cbc = |
|
507 { |
|
508 NID_aes_128_cbc, |
|
509 16, 16, 16, |
|
510 EVP_CIPH_CBC_MODE, |
|
511 pk11_cipher_init, |
|
512 pk11_cipher_do_cipher, |
|
513 pk11_cipher_cleanup, |
|
514 sizeof (PK11_CIPHER_STATE), |
|
515 EVP_CIPHER_set_asn1_iv, |
|
516 EVP_CIPHER_get_asn1_iv, |
|
517 NULL |
|
518 }; |
|
519 |
|
520 static const EVP_CIPHER pk11_aes_192_cbc = |
|
521 { |
|
522 NID_aes_192_cbc, |
|
523 16, 24, 16, |
|
524 EVP_CIPH_CBC_MODE, |
|
525 pk11_cipher_init, |
|
526 pk11_cipher_do_cipher, |
|
527 pk11_cipher_cleanup, |
|
528 sizeof (PK11_CIPHER_STATE), |
|
529 EVP_CIPHER_set_asn1_iv, |
|
530 EVP_CIPHER_get_asn1_iv, |
|
531 NULL |
|
532 }; |
|
533 |
|
534 static const EVP_CIPHER pk11_aes_256_cbc = |
|
535 { |
|
536 NID_aes_256_cbc, |
|
537 16, 32, 16, |
|
538 EVP_CIPH_CBC_MODE, |
|
539 pk11_cipher_init, |
|
540 pk11_cipher_do_cipher, |
|
541 pk11_cipher_cleanup, |
|
542 sizeof (PK11_CIPHER_STATE), |
|
543 EVP_CIPHER_set_asn1_iv, |
|
544 EVP_CIPHER_get_asn1_iv, |
|
545 NULL |
|
546 }; |
|
547 |
|
548 /* |
|
549 * ECB modes don't use IV so that's why set_asn1_parameters and |
|
550 * get_asn1_parameters are set to NULL. |
|
551 */ |
|
552 static const EVP_CIPHER pk11_aes_128_ecb = |
|
553 { |
|
554 NID_aes_128_ecb, |
|
555 16, 16, 0, |
|
556 EVP_CIPH_ECB_MODE, |
|
557 pk11_cipher_init, |
|
558 pk11_cipher_do_cipher, |
|
559 pk11_cipher_cleanup, |
|
560 sizeof (PK11_CIPHER_STATE), |
|
561 NULL, |
|
562 NULL, |
|
563 NULL |
|
564 }; |
|
565 |
|
566 static const EVP_CIPHER pk11_aes_192_ecb = |
|
567 { |
|
568 NID_aes_192_ecb, |
|
569 16, 24, 0, |
|
570 EVP_CIPH_ECB_MODE, |
|
571 pk11_cipher_init, |
|
572 pk11_cipher_do_cipher, |
|
573 pk11_cipher_cleanup, |
|
574 sizeof (PK11_CIPHER_STATE), |
|
575 NULL, |
|
576 NULL, |
|
577 NULL |
|
578 }; |
|
579 |
|
580 static const EVP_CIPHER pk11_aes_256_ecb = |
|
581 { |
|
582 NID_aes_256_ecb, |
|
583 16, 32, 0, |
|
584 EVP_CIPH_ECB_MODE, |
|
585 pk11_cipher_init, |
|
586 pk11_cipher_do_cipher, |
|
587 pk11_cipher_cleanup, |
|
588 sizeof (PK11_CIPHER_STATE), |
|
589 NULL, |
|
590 NULL, |
|
591 NULL |
|
592 }; |
|
593 |
|
594 static EVP_CIPHER pk11_aes_128_ctr = |
|
595 { |
|
596 NID_aes_128_ctr, |
|
597 16, 16, 16, |
|
598 EVP_CIPH_CTR_MODE, |
|
599 pk11_cipher_init, |
|
600 pk11_cipher_do_cipher, |
|
601 pk11_cipher_cleanup, |
|
602 sizeof (PK11_CIPHER_STATE), |
|
603 EVP_CIPHER_set_asn1_iv, |
|
604 EVP_CIPHER_get_asn1_iv, |
|
605 NULL |
|
606 }; |
|
607 |
|
608 static EVP_CIPHER pk11_aes_192_ctr = |
|
609 { |
|
610 NID_aes_192_ctr, |
|
611 16, 24, 16, |
|
612 EVP_CIPH_CTR_MODE, |
|
613 pk11_cipher_init, |
|
614 pk11_cipher_do_cipher, |
|
615 pk11_cipher_cleanup, |
|
616 sizeof (PK11_CIPHER_STATE), |
|
617 EVP_CIPHER_set_asn1_iv, |
|
618 EVP_CIPHER_get_asn1_iv, |
|
619 NULL |
|
620 }; |
|
621 |
|
622 static EVP_CIPHER pk11_aes_256_ctr = |
|
623 { |
|
624 NID_aes_256_ctr, |
|
625 16, 32, 16, |
|
626 EVP_CIPH_CTR_MODE, |
|
627 pk11_cipher_init, |
|
628 pk11_cipher_do_cipher, |
|
629 pk11_cipher_cleanup, |
|
630 sizeof (PK11_CIPHER_STATE), |
|
631 EVP_CIPHER_set_asn1_iv, |
|
632 EVP_CIPHER_get_asn1_iv, |
|
633 NULL |
|
634 }; |
|
635 |
|
636 static const EVP_CIPHER pk11_bf_cbc = |
|
637 { |
|
638 NID_bf_cbc, |
|
639 8, 16, 8, |
|
640 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE, |
|
641 pk11_cipher_init, |
|
642 pk11_cipher_do_cipher, |
|
643 pk11_cipher_cleanup, |
|
644 sizeof (PK11_CIPHER_STATE), |
|
645 EVP_CIPHER_set_asn1_iv, |
|
646 EVP_CIPHER_get_asn1_iv, |
|
647 NULL |
|
648 }; |
|
649 |
|
650 static const EVP_CIPHER pk11_rc4 = |
|
651 { |
|
652 NID_rc4, |
|
653 1, 16, 0, |
|
654 EVP_CIPH_VARIABLE_LENGTH, |
|
655 pk11_cipher_init, |
|
656 pk11_cipher_do_cipher, |
|
657 pk11_cipher_cleanup, |
|
658 sizeof (PK11_CIPHER_STATE), |
|
659 NULL, |
|
660 NULL, |
|
661 NULL |
|
662 }; |
|
663 |
|
664 static const EVP_MD pk11_md5 = |
|
665 { |
|
666 NID_md5, |
|
667 NID_md5WithRSAEncryption, |
|
668 MD5_DIGEST_LENGTH, |
|
669 0, |
|
670 pk11_digest_init, |
|
671 pk11_digest_update, |
|
672 pk11_digest_final, |
|
673 pk11_digest_copy, |
|
674 pk11_digest_cleanup, |
|
675 EVP_PKEY_RSA_method, |
|
676 MD5_CBLOCK, |
|
677 sizeof (PK11_CIPHER_STATE), |
|
678 }; |
|
679 |
|
680 static const EVP_MD pk11_sha1 = |
|
681 { |
|
682 NID_sha1, |
|
683 NID_sha1WithRSAEncryption, |
|
684 SHA_DIGEST_LENGTH, |
|
685 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, |
|
686 pk11_digest_init, |
|
687 pk11_digest_update, |
|
688 pk11_digest_final, |
|
689 pk11_digest_copy, |
|
690 pk11_digest_cleanup, |
|
691 EVP_PKEY_RSA_method, |
|
692 SHA_CBLOCK, |
|
693 sizeof (PK11_CIPHER_STATE), |
|
694 }; |
|
695 |
|
696 static const EVP_MD pk11_sha224 = |
|
697 { |
|
698 NID_sha224, |
|
699 NID_sha224WithRSAEncryption, |
|
700 SHA224_DIGEST_LENGTH, |
|
701 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, |
|
702 pk11_digest_init, |
|
703 pk11_digest_update, |
|
704 pk11_digest_final, |
|
705 pk11_digest_copy, |
|
706 pk11_digest_cleanup, |
|
707 EVP_PKEY_RSA_method, |
|
708 /* SHA-224 uses the same cblock size as SHA-256 */ |
|
709 SHA256_CBLOCK, |
|
710 sizeof (PK11_CIPHER_STATE), |
|
711 }; |
|
712 |
|
713 static const EVP_MD pk11_sha256 = |
|
714 { |
|
715 NID_sha256, |
|
716 NID_sha256WithRSAEncryption, |
|
717 SHA256_DIGEST_LENGTH, |
|
718 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, |
|
719 pk11_digest_init, |
|
720 pk11_digest_update, |
|
721 pk11_digest_final, |
|
722 pk11_digest_copy, |
|
723 pk11_digest_cleanup, |
|
724 EVP_PKEY_RSA_method, |
|
725 SHA256_CBLOCK, |
|
726 sizeof (PK11_CIPHER_STATE), |
|
727 }; |
|
728 |
|
729 static const EVP_MD pk11_sha384 = |
|
730 { |
|
731 NID_sha384, |
|
732 NID_sha384WithRSAEncryption, |
|
733 SHA384_DIGEST_LENGTH, |
|
734 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, |
|
735 pk11_digest_init, |
|
736 pk11_digest_update, |
|
737 pk11_digest_final, |
|
738 pk11_digest_copy, |
|
739 pk11_digest_cleanup, |
|
740 EVP_PKEY_RSA_method, |
|
741 /* SHA-384 uses the same cblock size as SHA-512 */ |
|
742 SHA512_CBLOCK, |
|
743 sizeof (PK11_CIPHER_STATE), |
|
744 }; |
|
745 |
|
746 static const EVP_MD pk11_sha512 = |
|
747 { |
|
748 NID_sha512, |
|
749 NID_sha512WithRSAEncryption, |
|
750 SHA512_DIGEST_LENGTH, |
|
751 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, |
|
752 pk11_digest_init, |
|
753 pk11_digest_update, |
|
754 pk11_digest_final, |
|
755 pk11_digest_copy, |
|
756 pk11_digest_cleanup, |
|
757 EVP_PKEY_RSA_method, |
|
758 SHA512_CBLOCK, |
|
759 sizeof (PK11_CIPHER_STATE), |
|
760 }; |
|
761 |
|
762 /* |
|
763 * Initialization function. Sets up various PKCS#11 library components. |
|
764 * The definitions for control commands specific to this engine |
|
765 */ |
|
766 #define PK11_CMD_SO_PATH ENGINE_CMD_BASE |
|
767 static const ENGINE_CMD_DEFN pk11_cmd_defns[] = |
|
768 { |
|
769 { |
|
770 PK11_CMD_SO_PATH, |
|
771 "SO_PATH", |
|
772 "Specifies the path to the 'pkcs#11' shared library", |
|
773 ENGINE_CMD_FLAG_STRING |
|
774 }, |
|
775 {0, NULL, NULL, 0} |
|
776 }; |
|
777 |
|
778 |
|
779 static RAND_METHOD pk11_random = |
|
780 { |
|
781 pk11_rand_seed, |
|
782 pk11_rand_bytes, |
|
783 pk11_rand_cleanup, |
|
784 pk11_rand_add, |
|
785 pk11_rand_bytes, |
|
786 pk11_rand_status |
|
787 }; |
|
788 |
|
789 |
|
790 /* Constants used when creating the ENGINE */ |
|
791 static const char *engine_pk11_id = "pkcs11"; |
|
792 static const char *engine_pk11_name = "PKCS #11 engine support"; |
|
793 |
|
794 CK_FUNCTION_LIST_PTR pFuncList = NULL; |
|
795 static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList"; |
|
796 |
|
797 /* |
|
798 * This is a static string constant for the DSO file name and the function |
|
799 * symbol names to bind to. We set it in the Configure script based on whether |
|
800 * this is 32 or 64 bit build. |
|
801 */ |
|
802 static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION; |
|
803 |
|
804 static CK_BBOOL pk11_true = CK_TRUE; |
|
805 static CK_BBOOL pk11_false = CK_FALSE; |
|
806 /* Needed in hw_pk11_pub.c as well so that's why it is not static. */ |
|
807 CK_SLOT_ID pubkey_SLOTID = 0; |
|
808 static CK_SLOT_ID rand_SLOTID = 0; |
|
809 static CK_SLOT_ID SLOTID = 0; |
|
810 static CK_BBOOL pk11_library_initialized = CK_FALSE; |
|
811 static CK_BBOOL pk11_atfork_initialized = CK_FALSE; |
|
812 static int pk11_pid = 0; |
|
813 static ENGINE* pk11_engine = NULL; |
|
814 |
|
815 static DSO *pk11_dso = NULL; |
|
816 |
|
817 /* allocate and initialize all locks used by the engine itself */ |
|
818 static int pk11_init_all_locks(void) |
|
819 { |
|
820 int type; |
|
821 |
|
822 #ifndef OPENSSL_NO_RSA |
|
823 find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); |
|
824 if (find_lock[OP_RSA] == NULL) |
|
825 goto malloc_err; |
|
826 (void) pthread_mutex_init(find_lock[OP_RSA], NULL); |
|
827 #endif /* OPENSSL_NO_RSA */ |
|
828 |
|
829 if ((uri_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL) |
|
830 goto malloc_err; |
|
831 (void) pthread_mutex_init(uri_lock, NULL); |
|
832 |
|
833 #ifndef OPENSSL_NO_DSA |
|
834 find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); |
|
835 if (find_lock[OP_DSA] == NULL) |
|
836 goto malloc_err; |
|
837 (void) pthread_mutex_init(find_lock[OP_DSA], NULL); |
|
838 #endif /* OPENSSL_NO_DSA */ |
|
839 |
|
840 #ifndef OPENSSL_NO_DH |
|
841 find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t)); |
|
842 if (find_lock[OP_DH] == NULL) |
|
843 goto malloc_err; |
|
844 (void) pthread_mutex_init(find_lock[OP_DH], NULL); |
|
845 #endif /* OPENSSL_NO_DH */ |
|
846 |
|
847 for (type = 0; type < OP_MAX; type++) |
|
848 { |
|
849 session_cache[type].lock = |
|
850 OPENSSL_malloc(sizeof (pthread_mutex_t)); |
|
851 if (session_cache[type].lock == NULL) |
|
852 goto malloc_err; |
|
853 (void) pthread_mutex_init(session_cache[type].lock, NULL); |
|
854 } |
|
855 |
|
856 return (1); |
|
857 |
|
858 malloc_err: |
|
859 pk11_free_all_locks(); |
|
860 PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE); |
|
861 return (0); |
|
862 } |
|
863 |
|
864 static void pk11_free_all_locks(void) |
|
865 { |
|
866 int type; |
|
867 |
|
868 #ifndef OPENSSL_NO_RSA |
|
869 if (find_lock[OP_RSA] != NULL) |
|
870 { |
|
871 (void) pthread_mutex_destroy(find_lock[OP_RSA]); |
|
872 OPENSSL_free(find_lock[OP_RSA]); |
|
873 find_lock[OP_RSA] = NULL; |
|
874 } |
|
875 #endif /* OPENSSL_NO_RSA */ |
|
876 #ifndef OPENSSL_NO_DSA |
|
877 if (find_lock[OP_DSA] != NULL) |
|
878 { |
|
879 (void) pthread_mutex_destroy(find_lock[OP_DSA]); |
|
880 OPENSSL_free(find_lock[OP_DSA]); |
|
881 find_lock[OP_DSA] = NULL; |
|
882 } |
|
883 #endif /* OPENSSL_NO_DSA */ |
|
884 #ifndef OPENSSL_NO_DH |
|
885 if (find_lock[OP_DH] != NULL) |
|
886 { |
|
887 (void) pthread_mutex_destroy(find_lock[OP_DH]); |
|
888 OPENSSL_free(find_lock[OP_DH]); |
|
889 find_lock[OP_DH] = NULL; |
|
890 } |
|
891 #endif /* OPENSSL_NO_DH */ |
|
892 |
|
893 for (type = 0; type < OP_MAX; type++) |
|
894 { |
|
895 if (session_cache[type].lock != NULL) |
|
896 { |
|
897 (void) pthread_mutex_destroy(session_cache[type].lock); |
|
898 OPENSSL_free(session_cache[type].lock); |
|
899 session_cache[type].lock = NULL; |
|
900 } |
|
901 } |
|
902 /* Free uri_lock */ |
|
903 (void) pthread_mutex_destroy(uri_lock); |
|
904 OPENSSL_free(uri_lock); |
|
905 uri_lock = NULL; |
|
906 } |
|
907 |
|
908 /* |
|
909 * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support. |
|
910 */ |
|
911 static int bind_pk11(ENGINE *e) |
|
912 { |
|
913 #ifndef OPENSSL_NO_RSA |
|
914 const RSA_METHOD *rsa = NULL; |
|
915 RSA_METHOD *pk11_rsa = PK11_RSA(); |
|
916 #endif /* OPENSSL_NO_RSA */ |
|
917 if (!pk11_library_initialized) |
|
918 if (!pk11_library_init(e)) |
|
919 return (0); |
|
920 |
|
921 if (!ENGINE_set_id(e, engine_pk11_id) || |
|
922 !ENGINE_set_name(e, engine_pk11_name) || |
|
923 !ENGINE_set_ciphers(e, pk11_engine_ciphers)) |
|
924 return (0); |
|
925 |
|
926 if (!ENGINE_set_pkey_meths(e, pk11_engine_pkey_methods)) |
|
927 return (0); |
|
928 |
|
929 #if defined(__sparc) |
|
930 /* |
|
931 * Enable hash mechanisms for pkcs11 engine only if T4 digest |
|
932 * instruction is not present. |
|
933 */ |
|
934 if (!hw_yf_digest_instruction_present()) |
|
935 #endif /* defined(__sparc) */ |
|
936 if (!ENGINE_set_digests(e, pk11_engine_digests)) { |
|
937 return (0); |
|
938 } |
|
939 |
|
940 #ifndef OPENSSL_NO_RSA |
|
941 if (pk11_have_rsa == CK_TRUE) |
|
942 { |
|
943 if (!ENGINE_set_RSA(e, PK11_RSA()) || |
|
944 !ENGINE_set_load_privkey_function(e, pk11_load_privkey) || |
|
945 !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey)) |
|
946 return (0); |
|
947 DEBUG_SLOT_SEL("%s: registered RSA\n", PK11_DBG); |
|
948 } |
|
949 #endif /* OPENSSL_NO_RSA */ |
|
950 #ifndef OPENSSL_NO_DSA |
|
951 if (pk11_have_dsa == CK_TRUE) |
|
952 { |
|
953 if (!ENGINE_set_DSA(e, PK11_DSA())) |
|
954 return (0); |
|
955 DEBUG_SLOT_SEL("%s: registered DSA\n", PK11_DBG); |
|
956 } |
|
957 #endif /* OPENSSL_NO_DSA */ |
|
958 #ifndef OPENSSL_NO_DH |
|
959 if (pk11_have_dh == CK_TRUE) |
|
960 { |
|
961 if (!ENGINE_set_DH(e, PK11_DH())) |
|
962 return (0); |
|
963 DEBUG_SLOT_SEL("%s: registered DH\n", PK11_DBG); |
|
964 } |
|
965 #endif /* OPENSSL_NO_DH */ |
|
966 if (pk11_have_random) |
|
967 { |
|
968 if (!ENGINE_set_RAND(e, &pk11_random)) |
|
969 return (0); |
|
970 DEBUG_SLOT_SEL("%s: registered random\n", PK11_DBG); |
|
971 } |
|
972 if (!ENGINE_set_init_function(e, pk11_init) || |
|
973 !ENGINE_set_destroy_function(e, pk11_destroy) || |
|
974 !ENGINE_set_finish_function(e, pk11_finish) || |
|
975 !ENGINE_set_ctrl_function(e, pk11_ctrl) || |
|
976 !ENGINE_set_cmd_defns(e, pk11_cmd_defns)) |
|
977 return (0); |
|
978 |
|
979 /* |
|
980 * Apache calls OpenSSL function RSA_blinding_on() once during startup |
|
981 * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp |
|
982 * here, we wire it back to the OpenSSL software implementation. |
|
983 * Since it is used only once, performance is not a concern. |
|
984 */ |
|
985 #ifndef OPENSSL_NO_RSA |
|
986 rsa = RSA_PKCS1_SSLeay(); |
|
987 pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp; |
|
988 pk11_rsa->bn_mod_exp = rsa->bn_mod_exp; |
|
989 #endif /* OPENSSL_NO_RSA */ |
|
990 |
|
991 /* Ensure the pk11 error handling is set up */ |
|
992 ERR_load_pk11_strings(); |
|
993 |
|
994 return (1); |
|
995 } |
|
996 |
|
997 /* Dynamic engine support is disabled at a higher level for Solaris */ |
|
998 #ifdef ENGINE_DYNAMIC_SUPPORT |
|
999 static int bind_helper(ENGINE *e, const char *id) |
|
1000 { |
|
1001 if (id && (strcmp(id, engine_pk11_id) != 0)) |
|
1002 return (0); |
|
1003 |
|
1004 if (!bind_pk11(e)) |
|
1005 return (0); |
|
1006 |
|
1007 return (1); |
|
1008 } |
|
1009 |
|
1010 IMPLEMENT_DYNAMIC_CHECK_FN() |
|
1011 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) |
|
1012 |
|
1013 #else |
|
1014 static ENGINE *engine_pk11(void) |
|
1015 { |
|
1016 ENGINE *ret = ENGINE_new(); |
|
1017 |
|
1018 if (!ret) |
|
1019 return (NULL); |
|
1020 |
|
1021 if (!bind_pk11(ret)) |
|
1022 { |
|
1023 ENGINE_free(ret); |
|
1024 return (NULL); |
|
1025 } |
|
1026 |
|
1027 return (ret); |
|
1028 } |
|
1029 |
|
1030 int |
|
1031 pk11_engine_loaded() |
|
1032 { |
|
1033 ENGINE *e; |
|
1034 int rtrn = 0; |
|
1035 |
|
1036 if ((e = ENGINE_by_id(engine_pk11_id)) != NULL) |
|
1037 { |
|
1038 rtrn = 1; |
|
1039 ENGINE_free(e); |
|
1040 } |
|
1041 return (rtrn); |
|
1042 } |
|
1043 |
|
1044 void |
|
1045 ENGINE_load_pk11(void) |
|
1046 { |
|
1047 ENGINE *e_pk11 = NULL; |
|
1048 |
|
1049 /* |
|
1050 * Do not attempt to load the engine twice! |
|
1051 * Multiple instances would share static variables from this file. |
|
1052 */ |
|
1053 if (pk11_engine_loaded()) |
|
1054 return; |
|
1055 |
|
1056 /* |
|
1057 * Do not use dynamic PKCS#11 library on Solaris due to |
|
1058 * security reasons. We will link it in statically. |
|
1059 */ |
|
1060 /* Attempt to load PKCS#11 library */ |
|
1061 if (!pk11_dso) |
|
1062 pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0); |
|
1063 |
|
1064 if (pk11_dso == NULL) |
|
1065 { |
|
1066 PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE); |
|
1067 return; |
|
1068 } |
|
1069 |
|
1070 e_pk11 = engine_pk11(); |
|
1071 if (!e_pk11) |
|
1072 { |
|
1073 DSO_free(pk11_dso); |
|
1074 pk11_dso = NULL; |
|
1075 return; |
|
1076 } |
|
1077 |
|
1078 /* |
|
1079 * At this point, the pk11 shared library is either dynamically |
|
1080 * loaded or statically linked in. So, initialize the pk11 |
|
1081 * library before calling ENGINE_set_default since the latter |
|
1082 * needs cipher and digest algorithm information |
|
1083 */ |
|
1084 if (!pk11_library_init(e_pk11)) |
|
1085 { |
|
1086 DSO_free(pk11_dso); |
|
1087 pk11_dso = NULL; |
|
1088 ENGINE_free(e_pk11); |
|
1089 return; |
|
1090 } |
|
1091 |
|
1092 ENGINE_add(e_pk11); |
|
1093 |
|
1094 ENGINE_free(e_pk11); |
|
1095 ERR_clear_error(); |
|
1096 } |
|
1097 #endif /* ENGINE_DYNAMIC_SUPPORT */ |
|
1098 |
|
1099 /* |
|
1100 * These are the static string constants for the DSO file name and |
|
1101 * the function symbol names to bind to. |
|
1102 */ |
|
1103 static const char *PK11_LIBNAME = NULL; |
|
1104 |
|
1105 static const char *get_PK11_LIBNAME(void) |
|
1106 { |
|
1107 if (PK11_LIBNAME) |
|
1108 return (PK11_LIBNAME); |
|
1109 |
|
1110 return (def_PK11_LIBNAME); |
|
1111 } |
|
1112 |
|
1113 static void free_PK11_LIBNAME(void) |
|
1114 { |
|
1115 if (PK11_LIBNAME) |
|
1116 OPENSSL_free((void*)PK11_LIBNAME); |
|
1117 |
|
1118 PK11_LIBNAME = NULL; |
|
1119 } |
|
1120 |
|
1121 static long set_PK11_LIBNAME(const char *name) |
|
1122 { |
|
1123 free_PK11_LIBNAME(); |
|
1124 |
|
1125 return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0); |
|
1126 } |
|
1127 |
|
1128 /* acquire all engine specific mutexes before fork */ |
|
1129 static void pk11_fork_prepare(void) |
|
1130 { |
|
1131 int i; |
|
1132 |
|
1133 if (!pk11_library_initialized) |
|
1134 return; |
|
1135 |
|
1136 LOCK_OBJSTORE(OP_RSA); |
|
1137 LOCK_OBJSTORE(OP_DSA); |
|
1138 LOCK_OBJSTORE(OP_DH); |
|
1139 (void) pthread_mutex_lock(uri_lock); |
|
1140 for (i = 0; i < OP_MAX; i++) |
|
1141 { |
|
1142 (void) pthread_mutex_lock(session_cache[i].lock); |
|
1143 } |
|
1144 } |
|
1145 |
|
1146 /* release all engine specific mutexes */ |
|
1147 static void pk11_fork_parent(void) |
|
1148 { |
|
1149 int i; |
|
1150 |
|
1151 if (!pk11_library_initialized) |
|
1152 return; |
|
1153 |
|
1154 for (i = OP_MAX - 1; i >= 0; i--) |
|
1155 { |
|
1156 (void) pthread_mutex_unlock(session_cache[i].lock); |
|
1157 } |
|
1158 UNLOCK_OBJSTORE(OP_DH); |
|
1159 UNLOCK_OBJSTORE(OP_DSA); |
|
1160 UNLOCK_OBJSTORE(OP_RSA); |
|
1161 (void) pthread_mutex_unlock(uri_lock); |
|
1162 } |
|
1163 |
|
1164 /* |
|
1165 * same situation as in parent - we need to unlock all locks to make them |
|
1166 * accessible to all threads. |
|
1167 */ |
|
1168 static void pk11_fork_child(void) |
|
1169 { |
|
1170 int i; |
|
1171 |
|
1172 if (!pk11_library_initialized) |
|
1173 return; |
|
1174 |
|
1175 for (i = OP_MAX - 1; i >= 0; i--) |
|
1176 { |
|
1177 (void) pthread_mutex_unlock(session_cache[i].lock); |
|
1178 } |
|
1179 UNLOCK_OBJSTORE(OP_DH); |
|
1180 UNLOCK_OBJSTORE(OP_DSA); |
|
1181 UNLOCK_OBJSTORE(OP_RSA); |
|
1182 (void) pthread_mutex_unlock(uri_lock); |
|
1183 } |
|
1184 |
|
1185 /* Initialization function for the pk11 engine */ |
|
1186 static int pk11_init(ENGINE *e) |
|
1187 { |
|
1188 return (pk11_library_init(e)); |
|
1189 } |
|
1190 |
|
1191 /* |
|
1192 * Helper function that unsets reference to current engine (pk11_engine = NULL). |
|
1193 * |
|
1194 * Use of local variable only seems clumsy, it needs to be this way! |
|
1195 * This is to prevent double free in the unlucky scenario: |
|
1196 * ENGINE_free calls pk11_destroy calls pk11_finish calls ENGINE_free |
|
1197 * Setting pk11_engine to NULL prior to ENGINE_free() avoids this. |
|
1198 */ |
|
1199 static void pk11_engine_free() |
|
1200 { |
|
1201 ENGINE* old_engine = pk11_engine; |
|
1202 |
|
1203 if (old_engine) { |
|
1204 pk11_engine = NULL; |
|
1205 } |
|
1206 } |
|
1207 |
|
1208 /* |
|
1209 * Initialization function. Sets up various PKCS#11 library components. |
|
1210 * It selects a slot based on predefined critiera. In the process, it also |
|
1211 * count how many ciphers and digests to support. Since the cipher and |
|
1212 * digest information is needed when setting default engine, this function |
|
1213 * needs to be called before calling ENGINE_set_default. |
|
1214 */ |
|
1215 /* ARGSUSED */ |
|
1216 static int pk11_library_init(ENGINE *e) |
|
1217 { |
|
1218 CK_C_GetFunctionList p; |
|
1219 CK_RV rv = CKR_OK; |
|
1220 CK_INFO info; |
|
1221 CK_ULONG ul_state_len; |
|
1222 int any_slot_found; |
|
1223 int i; |
|
1224 |
|
1225 if (e != pk11_engine) |
|
1226 { |
|
1227 pk11_engine_free(); |
|
1228 pk11_engine = e; |
|
1229 } |
|
1230 |
|
1231 /* |
|
1232 * pk11_library_initialized is set to 0 in pk11_finish() which is called |
|
1233 * from ENGINE_finish(). However, if there is still at least one |
|
1234 * existing functional reference to the engine (see engine(3) for more |
|
1235 * information), pk11_finish() is skipped. For example, this can happen |
|
1236 * if an application forgets to clear one cipher context. In case of a |
|
1237 * fork() when the application is finishing the engine so that it can be |
|
1238 * reinitialized in the child, forgotten functional reference causes |
|
1239 * pk11_library_initialized to stay 1. In that case we need the PID |
|
1240 * check so that we properly initialize the engine again. |
|
1241 */ |
|
1242 if (pk11_library_initialized) |
|
1243 { |
|
1244 if (pk11_pid == getpid()) |
|
1245 { |
|
1246 return (1); |
|
1247 } |
|
1248 else |
|
1249 { |
|
1250 global_session = CK_INVALID_HANDLE; |
|
1251 /* |
|
1252 * free the locks first to prevent memory leak in case |
|
1253 * the application calls fork() without finishing the |
|
1254 * engine first. |
|
1255 */ |
|
1256 pk11_free_all_locks(); |
|
1257 } |
|
1258 } |
|
1259 |
|
1260 |
|
1261 /* Attempt to load PKCS#11 library */ |
|
1262 if (!pk11_dso) |
|
1263 { |
|
1264 pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0); |
|
1265 if (pk11_dso == NULL) |
|
1266 { |
|
1267 PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE); |
|
1268 goto err; |
|
1269 } |
|
1270 } |
|
1271 |
|
1272 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
1273 if (check_hw_mechanisms() == 0) |
|
1274 goto err; |
|
1275 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
1276 |
|
1277 /* get the C_GetFunctionList function from the loaded library */ |
|
1278 p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso, |
|
1279 PK11_GET_FUNCTION_LIST); |
|
1280 if (!p) |
|
1281 { |
|
1282 PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE); |
|
1283 goto err; |
|
1284 } |
|
1285 |
|
1286 /* get the full function list from the loaded library */ |
|
1287 rv = p(&pFuncList); |
|
1288 if (rv != CKR_OK) |
|
1289 { |
|
1290 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv); |
|
1291 goto err; |
|
1292 } |
|
1293 |
|
1294 rv = pFuncList->C_Initialize(NULL_PTR); |
|
1295 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) |
|
1296 { |
|
1297 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv); |
|
1298 goto err; |
|
1299 } |
|
1300 |
|
1301 rv = pFuncList->C_GetInfo(&info); |
|
1302 if (rv != CKR_OK) |
|
1303 { |
|
1304 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv); |
|
1305 goto err; |
|
1306 } |
|
1307 |
|
1308 if (pk11_choose_slots(&any_slot_found) == 0) |
|
1309 goto err; |
|
1310 |
|
1311 /* |
|
1312 * The library we use, set in def_PK11_LIBNAME, may not offer any |
|
1313 * slot(s). In that case, we must not proceed but we must not return an |
|
1314 * error. The reason is that applications that try to set up the PKCS#11 |
|
1315 * engine don't exit on error during the engine initialization just |
|
1316 * because no slot was present. |
|
1317 */ |
|
1318 if (any_slot_found == 0) |
|
1319 return (1); |
|
1320 |
|
1321 if (global_session == CK_INVALID_HANDLE) |
|
1322 { |
|
1323 /* Open the global_session for the new process */ |
|
1324 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, |
|
1325 NULL_PTR, NULL_PTR, &global_session); |
|
1326 if (rv != CKR_OK) |
|
1327 { |
|
1328 PK11err_add_data(PK11_F_LIBRARY_INIT, |
|
1329 PK11_R_OPENSESSION, rv); |
|
1330 goto err; |
|
1331 } |
|
1332 } |
|
1333 |
|
1334 /* |
|
1335 * Disable digest if C_GetOperationState is not supported since |
|
1336 * this function is required by OpenSSL digest copy function |
|
1337 */ |
|
1338 if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len) |
|
1339 == CKR_FUNCTION_NOT_SUPPORTED) { |
|
1340 DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, " |
|
1341 "setting digest_count to 0\n", PK11_DBG); |
|
1342 digest_count = 0; |
|
1343 } |
|
1344 |
|
1345 pk11_library_initialized = CK_TRUE; |
|
1346 pk11_pid = getpid(); |
|
1347 /* |
|
1348 * if initialization of the locks fails pk11_init_all_locks() |
|
1349 * will do the cleanup. |
|
1350 */ |
|
1351 if (!pk11_init_all_locks()) |
|
1352 goto err; |
|
1353 for (i = 0; i < OP_MAX; i++) |
|
1354 session_cache[i].head = NULL; |
|
1355 /* |
|
1356 * initialize active lists. We only use active lists |
|
1357 * for asymmetric ciphers. |
|
1358 */ |
|
1359 for (i = 0; i < OP_MAX; i++) |
|
1360 active_list[i] = NULL; |
|
1361 |
|
1362 if (!pk11_atfork_initialized) |
|
1363 { |
|
1364 if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent, |
|
1365 pk11_fork_child) != 0) |
|
1366 { |
|
1367 PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED); |
|
1368 goto err; |
|
1369 } |
|
1370 pk11_atfork_initialized = CK_TRUE; |
|
1371 } |
|
1372 |
|
1373 return (1); |
|
1374 |
|
1375 err: |
|
1376 return (0); |
|
1377 } |
|
1378 |
|
1379 /* Destructor (complements the "ENGINE_pk11()" constructor) */ |
|
1380 /* ARGSUSED */ |
|
1381 static int pk11_destroy(ENGINE *e) |
|
1382 { |
|
1383 int rtn = 1; |
|
1384 |
|
1385 free_PK11_LIBNAME(); |
|
1386 ERR_unload_pk11_strings(); |
|
1387 if (pk11_library_initialized == CK_TRUE) |
|
1388 rtn = pk11_finish(e); |
|
1389 |
|
1390 return (rtn); |
|
1391 } |
|
1392 |
|
1393 /* |
|
1394 * Termination function to clean up the session, the token, and the pk11 |
|
1395 * library. |
|
1396 */ |
|
1397 /* ARGSUSED */ |
|
1398 static int pk11_finish(ENGINE *e) |
|
1399 { |
|
1400 int i; |
|
1401 |
|
1402 /* |
|
1403 * Make sure, right engine instance is being destroyed. |
|
1404 * Engine e may be the wrong instance if |
|
1405 * 1) either someone calls ENGINE_load_pk11 twice |
|
1406 * 2) or last ref. to an already finished engine is being destroyed |
|
1407 */ |
|
1408 if (e != pk11_engine) |
|
1409 goto err; |
|
1410 |
|
1411 if (pk11_dso == NULL) |
|
1412 { |
|
1413 PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED); |
|
1414 goto err; |
|
1415 } |
|
1416 |
|
1417 OPENSSL_assert(pFuncList != NULL); |
|
1418 |
|
1419 if (pk11_free_all_sessions() == 0) |
|
1420 goto err; |
|
1421 |
|
1422 /* free all active lists */ |
|
1423 for (i = 0; i < OP_MAX; i++) |
|
1424 pk11_free_active_list(i); |
|
1425 |
|
1426 pFuncList->C_CloseSession(global_session); |
|
1427 global_session = CK_INVALID_HANDLE; |
|
1428 |
|
1429 /* |
|
1430 * Since we are part of a library (libcrypto.so), calling this function |
|
1431 * may have side-effects. |
|
1432 */ |
|
1433 #if 0 |
|
1434 pFuncList->C_Finalize(NULL); |
|
1435 #endif |
|
1436 if (!DSO_free(pk11_dso)) |
|
1437 { |
|
1438 PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE); |
|
1439 goto err; |
|
1440 } |
|
1441 pk11_dso = NULL; |
|
1442 pFuncList = NULL; |
|
1443 pk11_library_initialized = CK_FALSE; |
|
1444 pk11_pid = 0; |
|
1445 pk11_engine_free(); |
|
1446 /* |
|
1447 * There is no way how to unregister atfork handlers (other than |
|
1448 * unloading the library) so we just free the locks. For this reason |
|
1449 * the atfork handlers check if the engine is initialized and bail out |
|
1450 * immediately if not. This is necessary in case a process finishes |
|
1451 * the engine before calling fork(). |
|
1452 */ |
|
1453 pk11_free_all_locks(); |
|
1454 |
|
1455 return (1); |
|
1456 |
|
1457 err: |
|
1458 return (0); |
|
1459 } |
|
1460 |
|
1461 /* Standard engine interface function to set the dynamic library path */ |
|
1462 /* ARGSUSED */ |
|
1463 static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) |
|
1464 { |
|
1465 int initialized = ((pk11_dso == NULL) ? 0 : 1); |
|
1466 |
|
1467 switch (cmd) |
|
1468 { |
|
1469 case PK11_CMD_SO_PATH: |
|
1470 if (p == NULL) |
|
1471 { |
|
1472 PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER); |
|
1473 return (0); |
|
1474 } |
|
1475 |
|
1476 if (initialized) |
|
1477 { |
|
1478 PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED); |
|
1479 return (0); |
|
1480 } |
|
1481 |
|
1482 return (set_PK11_LIBNAME((const char *)p)); |
|
1483 default: |
|
1484 break; |
|
1485 } |
|
1486 |
|
1487 PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED); |
|
1488 |
|
1489 return (0); |
|
1490 } |
|
1491 |
|
1492 |
|
1493 /* Required function by the engine random interface. It does nothing here */ |
|
1494 static void pk11_rand_cleanup(void) |
|
1495 { |
|
1496 return; |
|
1497 } |
|
1498 |
|
1499 /* ARGSUSED */ |
|
1500 static void pk11_rand_add(const void *buf, int num, double add) |
|
1501 { |
|
1502 PK11_SESSION *sp; |
|
1503 |
|
1504 if ((sp = pk11_get_session(OP_RAND)) == NULL) |
|
1505 return; |
|
1506 |
|
1507 /* |
|
1508 * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since |
|
1509 * the calling functions do not care anyway |
|
1510 */ |
|
1511 pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num); |
|
1512 pk11_return_session(sp, OP_RAND); |
|
1513 |
|
1514 return; |
|
1515 } |
|
1516 |
|
1517 static void pk11_rand_seed(const void *buf, int num) |
|
1518 { |
|
1519 pk11_rand_add(buf, num, 0); |
|
1520 } |
|
1521 |
|
1522 static int pk11_rand_bytes(unsigned char *buf, int num) |
|
1523 { |
|
1524 CK_RV rv; |
|
1525 PK11_SESSION *sp; |
|
1526 |
|
1527 if ((sp = pk11_get_session(OP_RAND)) == NULL) |
|
1528 return (0); |
|
1529 |
|
1530 rv = pFuncList->C_GenerateRandom(sp->session, buf, num); |
|
1531 if (rv != CKR_OK) |
|
1532 { |
|
1533 PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv); |
|
1534 pk11_return_session(sp, OP_RAND); |
|
1535 return (0); |
|
1536 } |
|
1537 |
|
1538 pk11_return_session(sp, OP_RAND); |
|
1539 return (1); |
|
1540 } |
|
1541 |
|
1542 /* Required function by the engine random interface. It does nothing here */ |
|
1543 static int pk11_rand_status(void) |
|
1544 { |
|
1545 return (1); |
|
1546 } |
|
1547 |
|
1548 /* Free all BIGNUM structures from PK11_SESSION. */ |
|
1549 static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype) |
|
1550 { |
|
1551 switch (optype) |
|
1552 { |
|
1553 #ifndef OPENSSL_NO_RSA |
|
1554 case OP_RSA: |
|
1555 if (sp->opdata_rsa_n_num != NULL) |
|
1556 { |
|
1557 BN_free(sp->opdata_rsa_n_num); |
|
1558 sp->opdata_rsa_n_num = NULL; |
|
1559 } |
|
1560 if (sp->opdata_rsa_e_num != NULL) |
|
1561 { |
|
1562 BN_free(sp->opdata_rsa_e_num); |
|
1563 sp->opdata_rsa_e_num = NULL; |
|
1564 } |
|
1565 if (sp->opdata_rsa_d_num != NULL) |
|
1566 { |
|
1567 BN_free(sp->opdata_rsa_d_num); |
|
1568 sp->opdata_rsa_d_num = NULL; |
|
1569 } |
|
1570 break; |
|
1571 #endif |
|
1572 #ifndef OPENSSL_NO_DSA |
|
1573 case OP_DSA: |
|
1574 if (sp->opdata_dsa_pub_num != NULL) |
|
1575 { |
|
1576 BN_free(sp->opdata_dsa_pub_num); |
|
1577 sp->opdata_dsa_pub_num = NULL; |
|
1578 } |
|
1579 if (sp->opdata_dsa_priv_num != NULL) |
|
1580 { |
|
1581 BN_free(sp->opdata_dsa_priv_num); |
|
1582 sp->opdata_dsa_priv_num = NULL; |
|
1583 } |
|
1584 break; |
|
1585 #endif |
|
1586 #ifndef OPENSSL_NO_DH |
|
1587 case OP_DH: |
|
1588 if (sp->opdata_dh_priv_num != NULL) |
|
1589 { |
|
1590 BN_free(sp->opdata_dh_priv_num); |
|
1591 sp->opdata_dh_priv_num = NULL; |
|
1592 } |
|
1593 break; |
|
1594 #endif |
|
1595 default: |
|
1596 break; |
|
1597 } |
|
1598 } |
|
1599 |
|
1600 /* |
|
1601 * Get new PK11_SESSION structure ready for use. Every process must have |
|
1602 * its own freelist of PK11_SESSION structures so handle fork() here |
|
1603 * by destroying the old and creating new freelist. |
|
1604 * The returned PK11_SESSION structure is disconnected from the freelist. |
|
1605 */ |
|
1606 PK11_SESSION * |
|
1607 pk11_get_session(PK11_OPTYPE optype) |
|
1608 { |
|
1609 PK11_SESSION *sp = NULL, *sp1, *freelist; |
|
1610 pthread_mutex_t *freelist_lock; |
|
1611 static pid_t pid = 0; |
|
1612 pid_t new_pid; |
|
1613 CK_RV rv; |
|
1614 |
|
1615 switch (optype) |
|
1616 { |
|
1617 case OP_RSA: |
|
1618 case OP_DSA: |
|
1619 case OP_DH: |
|
1620 case OP_RAND: |
|
1621 case OP_DIGEST: |
|
1622 case OP_CIPHER: |
|
1623 freelist_lock = session_cache[optype].lock; |
|
1624 break; |
|
1625 default: |
|
1626 PK11err(PK11_F_GET_SESSION, |
|
1627 PK11_R_INVALID_OPERATION_TYPE); |
|
1628 return (NULL); |
|
1629 } |
|
1630 (void) pthread_mutex_lock(freelist_lock); |
|
1631 |
|
1632 /* |
|
1633 * Will use it to find out if we forked. We cannot use the PID field in |
|
1634 * the session structure because we could get a newly allocated session |
|
1635 * here, with no PID information. |
|
1636 */ |
|
1637 if (pid == 0) |
|
1638 pid = getpid(); |
|
1639 |
|
1640 freelist = session_cache[optype].head; |
|
1641 sp = freelist; |
|
1642 |
|
1643 /* |
|
1644 * If the free list is empty, allocate new uninitialized (filled |
|
1645 * with zeroes) PK11_SESSION structure otherwise return first |
|
1646 * structure from the freelist. |
|
1647 */ |
|
1648 if (sp == NULL) |
|
1649 { |
|
1650 if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL) |
|
1651 { |
|
1652 PK11err(PK11_F_GET_SESSION, |
|
1653 PK11_R_MALLOC_FAILURE); |
|
1654 goto err; |
|
1655 } |
|
1656 (void) memset(sp, 0, sizeof (PK11_SESSION)); |
|
1657 |
|
1658 /* |
|
1659 * It is a new session so it will look like a cache miss to the |
|
1660 * code below. So, we must not try to to destroy its members so |
|
1661 * mark them as unused. |
|
1662 */ |
|
1663 sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; |
|
1664 sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; |
|
1665 } |
|
1666 else |
|
1667 freelist = sp->next; |
|
1668 |
|
1669 /* |
|
1670 * Check whether we have forked. In that case, we must get rid of all |
|
1671 * inherited sessions and start allocating new ones. |
|
1672 */ |
|
1673 if (pid != (new_pid = getpid())) |
|
1674 { |
|
1675 pid = new_pid; |
|
1676 |
|
1677 /* |
|
1678 * We are a new process and thus need to free any inherited |
|
1679 * PK11_SESSION objects aside from the first session (sp) which |
|
1680 * is the only PK11_SESSION structure we will reuse (for the |
|
1681 * head of the list). |
|
1682 */ |
|
1683 while ((sp1 = freelist) != NULL) |
|
1684 { |
|
1685 freelist = sp1->next; |
|
1686 /* |
|
1687 * NOTE: we do not want to call pk11_free_all_sessions() |
|
1688 * here because it would close underlying PKCS#11 |
|
1689 * sessions and destroy all objects. |
|
1690 */ |
|
1691 pk11_free_nums(sp1, optype); |
|
1692 OPENSSL_free(sp1); |
|
1693 } |
|
1694 |
|
1695 /* we have to free the active list as well. */ |
|
1696 pk11_free_active_list(optype); |
|
1697 |
|
1698 /* Initialize the process */ |
|
1699 rv = pFuncList->C_Initialize(NULL_PTR); |
|
1700 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) |
|
1701 { |
|
1702 PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE, |
|
1703 rv); |
|
1704 OPENSSL_free(sp); |
|
1705 sp = NULL; |
|
1706 goto err; |
|
1707 } |
|
1708 |
|
1709 /* |
|
1710 * Choose slot here since the slot table is different on this |
|
1711 * process. If we are here then we must have found at least one |
|
1712 * usable slot before so we don't need to check any_slot_found. |
|
1713 * See pk11_library_init()'s usage of this function for more |
|
1714 * information. |
|
1715 */ |
|
1716 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
1717 if (check_hw_mechanisms() == 0) |
|
1718 goto err; |
|
1719 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
1720 if (pk11_choose_slots(NULL) == 0) |
|
1721 goto err; |
|
1722 |
|
1723 /* Open the global_session for the new process */ |
|
1724 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, |
|
1725 NULL_PTR, NULL_PTR, &global_session); |
|
1726 if (rv != CKR_OK) |
|
1727 { |
|
1728 PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION, |
|
1729 rv); |
|
1730 OPENSSL_free(sp); |
|
1731 sp = NULL; |
|
1732 goto err; |
|
1733 } |
|
1734 |
|
1735 /* |
|
1736 * It is an inherited session from our parent so it needs |
|
1737 * re-initialization. |
|
1738 */ |
|
1739 if (pk11_setup_session(sp, optype) == 0) |
|
1740 { |
|
1741 OPENSSL_free(sp); |
|
1742 sp = NULL; |
|
1743 goto err; |
|
1744 } |
|
1745 if (pk11_token_relogin(sp->session) == 0) |
|
1746 { |
|
1747 /* |
|
1748 * We will keep the session in the cache list and let |
|
1749 * the caller cope with the situation. |
|
1750 */ |
|
1751 freelist = sp; |
|
1752 sp = NULL; |
|
1753 goto err; |
|
1754 } |
|
1755 } |
|
1756 |
|
1757 if (sp->pid == 0) |
|
1758 { |
|
1759 /* It is a new session and needs initialization. */ |
|
1760 if (pk11_setup_session(sp, optype) == 0) |
|
1761 { |
|
1762 OPENSSL_free(sp); |
|
1763 sp = NULL; |
|
1764 } |
|
1765 } |
|
1766 |
|
1767 /* set new head for the list of PK11_SESSION objects */ |
|
1768 session_cache[optype].head = freelist; |
|
1769 |
|
1770 err: |
|
1771 if (sp != NULL) |
|
1772 sp->next = NULL; |
|
1773 |
|
1774 (void) pthread_mutex_unlock(freelist_lock); |
|
1775 |
|
1776 return (sp); |
|
1777 } |
|
1778 |
|
1779 |
|
1780 void |
|
1781 pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype) |
|
1782 { |
|
1783 pthread_mutex_t *freelist_lock; |
|
1784 PK11_SESSION *freelist; |
|
1785 |
|
1786 /* |
|
1787 * If this is a session from the parent it will be taken care of and |
|
1788 * freed in pk11_get_session() as part of the post-fork clean up the |
|
1789 * next time we will ask for a new session. |
|
1790 */ |
|
1791 if (sp == NULL || sp->pid != getpid()) |
|
1792 return; |
|
1793 |
|
1794 switch (optype) |
|
1795 { |
|
1796 case OP_RSA: |
|
1797 case OP_DSA: |
|
1798 case OP_DH: |
|
1799 case OP_RAND: |
|
1800 case OP_DIGEST: |
|
1801 case OP_CIPHER: |
|
1802 freelist_lock = session_cache[optype].lock; |
|
1803 break; |
|
1804 default: |
|
1805 PK11err(PK11_F_RETURN_SESSION, |
|
1806 PK11_R_INVALID_OPERATION_TYPE); |
|
1807 return; |
|
1808 } |
|
1809 |
|
1810 (void) pthread_mutex_lock(freelist_lock); |
|
1811 freelist = session_cache[optype].head; |
|
1812 sp->next = freelist; |
|
1813 session_cache[optype].head = sp; |
|
1814 (void) pthread_mutex_unlock(freelist_lock); |
|
1815 } |
|
1816 |
|
1817 |
|
1818 /* Destroy all objects. This function is called when the engine is finished */ |
|
1819 static int pk11_free_all_sessions() |
|
1820 { |
|
1821 int ret = 1; |
|
1822 int type; |
|
1823 |
|
1824 #ifndef OPENSSL_NO_RSA |
|
1825 (void) pk11_destroy_rsa_key_objects(NULL); |
|
1826 #endif /* OPENSSL_NO_RSA */ |
|
1827 #ifndef OPENSSL_NO_DSA |
|
1828 (void) pk11_destroy_dsa_key_objects(NULL); |
|
1829 #endif /* OPENSSL_NO_DSA */ |
|
1830 #ifndef OPENSSL_NO_DH |
|
1831 (void) pk11_destroy_dh_key_objects(NULL); |
|
1832 #endif /* OPENSSL_NO_DH */ |
|
1833 (void) pk11_destroy_cipher_key_objects(NULL); |
|
1834 |
|
1835 /* |
|
1836 * We try to release as much as we can but any error means that we will |
|
1837 * return 0 on exit. |
|
1838 */ |
|
1839 for (type = 0; type < OP_MAX; type++) |
|
1840 { |
|
1841 if (pk11_free_session_list(type) == 0) |
|
1842 ret = 0; |
|
1843 } |
|
1844 |
|
1845 return (ret); |
|
1846 } |
|
1847 |
|
1848 /* |
|
1849 * Destroy session structures from the linked list specified. Free as many |
|
1850 * sessions as possible but any failure in C_CloseSession() means that we |
|
1851 * return an error on return. |
|
1852 */ |
|
1853 static int pk11_free_session_list(PK11_OPTYPE optype) |
|
1854 { |
|
1855 CK_RV rv; |
|
1856 PK11_SESSION *sp = NULL; |
|
1857 PK11_SESSION *freelist = NULL; |
|
1858 pid_t mypid = getpid(); |
|
1859 pthread_mutex_t *freelist_lock; |
|
1860 int ret = 1; |
|
1861 |
|
1862 switch (optype) |
|
1863 { |
|
1864 case OP_RSA: |
|
1865 case OP_DSA: |
|
1866 case OP_DH: |
|
1867 case OP_RAND: |
|
1868 case OP_DIGEST: |
|
1869 case OP_CIPHER: |
|
1870 freelist_lock = session_cache[optype].lock; |
|
1871 break; |
|
1872 default: |
|
1873 PK11err(PK11_F_FREE_ALL_SESSIONS, |
|
1874 PK11_R_INVALID_OPERATION_TYPE); |
|
1875 return (0); |
|
1876 } |
|
1877 |
|
1878 (void) pthread_mutex_lock(freelist_lock); |
|
1879 freelist = session_cache[optype].head; |
|
1880 while ((sp = freelist) != NULL) |
|
1881 { |
|
1882 if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid) |
|
1883 { |
|
1884 rv = pFuncList->C_CloseSession(sp->session); |
|
1885 if (rv != CKR_OK) |
|
1886 { |
|
1887 PK11err_add_data(PK11_F_FREE_ALL_SESSIONS, |
|
1888 PK11_R_CLOSESESSION, rv); |
|
1889 ret = 0; |
|
1890 } |
|
1891 } |
|
1892 freelist = sp->next; |
|
1893 pk11_free_nums(sp, optype); |
|
1894 OPENSSL_free(sp); |
|
1895 } |
|
1896 |
|
1897 (void) pthread_mutex_unlock(freelist_lock); |
|
1898 return (ret); |
|
1899 } |
|
1900 |
|
1901 |
|
1902 static int |
|
1903 pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype) |
|
1904 { |
|
1905 CK_RV rv; |
|
1906 CK_SLOT_ID myslot; |
|
1907 |
|
1908 switch (optype) |
|
1909 { |
|
1910 case OP_RSA: |
|
1911 case OP_DSA: |
|
1912 case OP_DH: |
|
1913 myslot = pubkey_SLOTID; |
|
1914 break; |
|
1915 case OP_RAND: |
|
1916 myslot = rand_SLOTID; |
|
1917 break; |
|
1918 case OP_DIGEST: |
|
1919 case OP_CIPHER: |
|
1920 myslot = SLOTID; |
|
1921 break; |
|
1922 default: |
|
1923 PK11err(PK11_F_SETUP_SESSION, |
|
1924 PK11_R_INVALID_OPERATION_TYPE); |
|
1925 return (0); |
|
1926 } |
|
1927 |
|
1928 sp->session = CK_INVALID_HANDLE; |
|
1929 DEBUG_SLOT_SEL("%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype); |
|
1930 rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, |
|
1931 NULL_PTR, NULL_PTR, &sp->session); |
|
1932 if (rv == CKR_CRYPTOKI_NOT_INITIALIZED) |
|
1933 { |
|
1934 /* |
|
1935 * We are probably a child process so force the |
|
1936 * reinitialize of the session |
|
1937 */ |
|
1938 pk11_library_initialized = CK_FALSE; |
|
1939 if (!pk11_library_init(NULL)) |
|
1940 return (0); |
|
1941 rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, |
|
1942 NULL_PTR, NULL_PTR, &sp->session); |
|
1943 } |
|
1944 if (rv != CKR_OK) |
|
1945 { |
|
1946 PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv); |
|
1947 return (0); |
|
1948 } |
|
1949 |
|
1950 sp->pid = getpid(); |
|
1951 |
|
1952 switch (optype) |
|
1953 { |
|
1954 #ifndef OPENSSL_NO_RSA |
|
1955 case OP_RSA: |
|
1956 sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; |
|
1957 sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; |
|
1958 sp->opdata_rsa_pub = NULL; |
|
1959 sp->opdata_rsa_n_num = NULL; |
|
1960 sp->opdata_rsa_e_num = NULL; |
|
1961 sp->opdata_rsa_priv = NULL; |
|
1962 sp->opdata_rsa_d_num = NULL; |
|
1963 break; |
|
1964 #endif /* OPENSSL_NO_RSA */ |
|
1965 #ifndef OPENSSL_NO_DSA |
|
1966 case OP_DSA: |
|
1967 sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; |
|
1968 sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; |
|
1969 sp->opdata_dsa_pub = NULL; |
|
1970 sp->opdata_dsa_pub_num = NULL; |
|
1971 sp->opdata_dsa_priv = NULL; |
|
1972 sp->opdata_dsa_priv_num = NULL; |
|
1973 break; |
|
1974 #endif /* OPENSSL_NO_DSA */ |
|
1975 #ifndef OPENSSL_NO_DH |
|
1976 case OP_DH: |
|
1977 sp->opdata_dh_key = CK_INVALID_HANDLE; |
|
1978 sp->opdata_dh = NULL; |
|
1979 sp->opdata_dh_priv_num = NULL; |
|
1980 break; |
|
1981 #endif /* OPENSSL_NO_DH */ |
|
1982 case OP_CIPHER: |
|
1983 sp->opdata_cipher_key = CK_INVALID_HANDLE; |
|
1984 sp->opdata_encrypt = -1; |
|
1985 break; |
|
1986 } |
|
1987 |
|
1988 /* |
|
1989 * We always initialize the session as containing a non-persistent |
|
1990 * object. The key load functions set it to persistent if that is so. |
|
1991 */ |
|
1992 sp->persistent = CK_FALSE; |
|
1993 return (1); |
|
1994 } |
|
1995 |
|
1996 #ifndef OPENSSL_NO_RSA |
|
1997 /* |
|
1998 * Destroy all non-NULL RSA parameters. For the RSA keys by reference code, |
|
1999 * public components 'n'/'e' are the key components we use to check for the |
|
2000 * cache hit even for the private keys. So, no matter whether we are destroying |
|
2001 * a public or a private key, we always free what we can. |
|
2002 */ |
|
2003 static void |
|
2004 destroy_all_rsa_params(PK11_SESSION *sp) |
|
2005 { |
|
2006 if (sp->opdata_rsa_n_num != NULL) |
|
2007 { |
|
2008 BN_free(sp->opdata_rsa_n_num); |
|
2009 sp->opdata_rsa_n_num = NULL; |
|
2010 } |
|
2011 if (sp->opdata_rsa_e_num != NULL) |
|
2012 { |
|
2013 BN_free(sp->opdata_rsa_e_num); |
|
2014 sp->opdata_rsa_e_num = NULL; |
|
2015 } |
|
2016 if (sp->opdata_rsa_d_num != NULL) |
|
2017 { |
|
2018 BN_free(sp->opdata_rsa_d_num); |
|
2019 sp->opdata_rsa_d_num = NULL; |
|
2020 } |
|
2021 } |
|
2022 |
|
2023 /* Destroy RSA public key from single session. */ |
|
2024 int |
|
2025 pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) |
|
2026 { |
|
2027 int ret = 0; |
|
2028 |
|
2029 if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE) |
|
2030 { |
|
2031 TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key, |
|
2032 ret, uselock, OP_RSA); |
|
2033 sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; |
|
2034 sp->opdata_rsa_pub = NULL; |
|
2035 destroy_all_rsa_params(sp); |
|
2036 } |
|
2037 |
|
2038 return (ret); |
|
2039 } |
|
2040 |
|
2041 /* Destroy RSA private key from single session. */ |
|
2042 int |
|
2043 pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) |
|
2044 { |
|
2045 int ret = 0; |
|
2046 |
|
2047 if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE) |
|
2048 { |
|
2049 TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key, |
|
2050 ret, uselock, OP_RSA); |
|
2051 sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; |
|
2052 sp->opdata_rsa_priv = NULL; |
|
2053 destroy_all_rsa_params(sp); |
|
2054 } |
|
2055 |
|
2056 return (ret); |
|
2057 } |
|
2058 |
|
2059 /* |
|
2060 * Destroy RSA key object wrapper. If session is NULL, try to destroy all |
|
2061 * objects in the free list. |
|
2062 */ |
|
2063 int |
|
2064 pk11_destroy_rsa_key_objects(PK11_SESSION *session) |
|
2065 { |
|
2066 int ret = 1; |
|
2067 PK11_SESSION *sp = NULL; |
|
2068 PK11_SESSION *local_free_session; |
|
2069 CK_BBOOL uselock = CK_TRUE; |
|
2070 |
|
2071 if (session != NULL) |
|
2072 local_free_session = session; |
|
2073 else |
|
2074 { |
|
2075 (void) pthread_mutex_lock(session_cache[OP_RSA].lock); |
|
2076 local_free_session = session_cache[OP_RSA].head; |
|
2077 uselock = CK_FALSE; |
|
2078 } |
|
2079 |
|
2080 /* |
|
2081 * go through the list of sessions and delete key objects |
|
2082 */ |
|
2083 while ((sp = local_free_session) != NULL) |
|
2084 { |
|
2085 local_free_session = sp->next; |
|
2086 |
|
2087 /* |
|
2088 * Do not terminate list traversal if one of the |
|
2089 * destroy operations fails. |
|
2090 */ |
|
2091 if (pk11_destroy_rsa_object_pub(sp, uselock) == 0) |
|
2092 { |
|
2093 ret = 0; |
|
2094 continue; |
|
2095 } |
|
2096 if (pk11_destroy_rsa_object_priv(sp, uselock) == 0) |
|
2097 { |
|
2098 ret = 0; |
|
2099 continue; |
|
2100 } |
|
2101 } |
|
2102 |
|
2103 if (session == NULL) |
|
2104 (void) pthread_mutex_unlock(session_cache[OP_RSA].lock); |
|
2105 |
|
2106 return (ret); |
|
2107 } |
|
2108 #endif /* OPENSSL_NO_RSA */ |
|
2109 |
|
2110 #ifndef OPENSSL_NO_DSA |
|
2111 /* Destroy DSA public key from single session. */ |
|
2112 int |
|
2113 pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) |
|
2114 { |
|
2115 int ret = 0; |
|
2116 |
|
2117 if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE) |
|
2118 { |
|
2119 TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key, |
|
2120 ret, uselock, OP_DSA); |
|
2121 sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; |
|
2122 sp->opdata_dsa_pub = NULL; |
|
2123 if (sp->opdata_dsa_pub_num != NULL) |
|
2124 { |
|
2125 BN_free(sp->opdata_dsa_pub_num); |
|
2126 sp->opdata_dsa_pub_num = NULL; |
|
2127 } |
|
2128 } |
|
2129 |
|
2130 return (ret); |
|
2131 } |
|
2132 |
|
2133 /* Destroy DSA private key from single session. */ |
|
2134 int |
|
2135 pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) |
|
2136 { |
|
2137 int ret = 0; |
|
2138 |
|
2139 if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE) |
|
2140 { |
|
2141 TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key, |
|
2142 ret, uselock, OP_DSA); |
|
2143 sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; |
|
2144 sp->opdata_dsa_priv = NULL; |
|
2145 if (sp->opdata_dsa_priv_num != NULL) |
|
2146 { |
|
2147 BN_free(sp->opdata_dsa_priv_num); |
|
2148 sp->opdata_dsa_priv_num = NULL; |
|
2149 } |
|
2150 } |
|
2151 |
|
2152 return (ret); |
|
2153 } |
|
2154 |
|
2155 /* |
|
2156 * Destroy DSA key object wrapper. If session is NULL, try to destroy all |
|
2157 * objects in the free list. |
|
2158 */ |
|
2159 int |
|
2160 pk11_destroy_dsa_key_objects(PK11_SESSION *session) |
|
2161 { |
|
2162 int ret = 1; |
|
2163 PK11_SESSION *sp = NULL; |
|
2164 PK11_SESSION *local_free_session; |
|
2165 CK_BBOOL uselock = CK_TRUE; |
|
2166 |
|
2167 if (session != NULL) |
|
2168 local_free_session = session; |
|
2169 else |
|
2170 { |
|
2171 (void) pthread_mutex_lock(session_cache[OP_DSA].lock); |
|
2172 local_free_session = session_cache[OP_DSA].head; |
|
2173 uselock = CK_FALSE; |
|
2174 } |
|
2175 |
|
2176 /* |
|
2177 * go through the list of sessions and delete key objects |
|
2178 */ |
|
2179 while ((sp = local_free_session) != NULL) |
|
2180 { |
|
2181 local_free_session = sp->next; |
|
2182 |
|
2183 /* |
|
2184 * Do not terminate list traversal if one of the |
|
2185 * destroy operations fails. |
|
2186 */ |
|
2187 if (pk11_destroy_dsa_object_pub(sp, uselock) == 0) |
|
2188 { |
|
2189 ret = 0; |
|
2190 continue; |
|
2191 } |
|
2192 if (pk11_destroy_dsa_object_priv(sp, uselock) == 0) |
|
2193 { |
|
2194 ret = 0; |
|
2195 continue; |
|
2196 } |
|
2197 } |
|
2198 |
|
2199 if (session == NULL) |
|
2200 (void) pthread_mutex_unlock(session_cache[OP_DSA].lock); |
|
2201 |
|
2202 return (ret); |
|
2203 } |
|
2204 #endif /* OPENSSL_NO_DSA */ |
|
2205 |
|
2206 #ifndef OPENSSL_NO_DH |
|
2207 /* Destroy DH key from single session. */ |
|
2208 int |
|
2209 pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock) |
|
2210 { |
|
2211 int ret = 0; |
|
2212 |
|
2213 if (sp->opdata_dh_key != CK_INVALID_HANDLE) |
|
2214 { |
|
2215 TRY_OBJ_DESTROY(sp, sp->opdata_dh_key, |
|
2216 ret, uselock, OP_DH); |
|
2217 sp->opdata_dh_key = CK_INVALID_HANDLE; |
|
2218 sp->opdata_dh = NULL; |
|
2219 if (sp->opdata_dh_priv_num != NULL) |
|
2220 { |
|
2221 BN_free(sp->opdata_dh_priv_num); |
|
2222 sp->opdata_dh_priv_num = NULL; |
|
2223 } |
|
2224 } |
|
2225 |
|
2226 return (ret); |
|
2227 } |
|
2228 |
|
2229 /* |
|
2230 * Destroy DH key object wrapper. |
|
2231 * |
|
2232 * arg0: pointer to PKCS#11 engine session structure |
|
2233 * if session is NULL, try to destroy all objects in the free list |
|
2234 */ |
|
2235 int |
|
2236 pk11_destroy_dh_key_objects(PK11_SESSION *session) |
|
2237 { |
|
2238 int ret = 1; |
|
2239 PK11_SESSION *sp = NULL; |
|
2240 PK11_SESSION *local_free_session; |
|
2241 CK_BBOOL uselock = CK_TRUE; |
|
2242 |
|
2243 if (session != NULL) |
|
2244 local_free_session = session; |
|
2245 else |
|
2246 { |
|
2247 (void) pthread_mutex_lock(session_cache[OP_DH].lock); |
|
2248 local_free_session = session_cache[OP_DH].head; |
|
2249 uselock = CK_FALSE; |
|
2250 } |
|
2251 |
|
2252 while ((sp = local_free_session) != NULL) |
|
2253 { |
|
2254 local_free_session = sp->next; |
|
2255 |
|
2256 /* |
|
2257 * Do not terminate list traversal if one of the |
|
2258 * destroy operations fails. |
|
2259 */ |
|
2260 if (pk11_destroy_dh_object(sp, uselock) == 0) |
|
2261 { |
|
2262 ret = 0; |
|
2263 continue; |
|
2264 } |
|
2265 } |
|
2266 err: |
|
2267 if (session == NULL) |
|
2268 (void) pthread_mutex_unlock(session_cache[OP_DH].lock); |
|
2269 |
|
2270 return (ret); |
|
2271 } |
|
2272 #endif /* OPENSSL_NO_DH */ |
|
2273 |
|
2274 static int |
|
2275 pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh, |
|
2276 CK_BBOOL persistent) |
|
2277 { |
|
2278 CK_RV rv; |
|
2279 |
|
2280 /* |
|
2281 * We never try to destroy persistent objects which are the objects |
|
2282 * stored in the keystore. Also, we always use read-only sessions so |
|
2283 * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here. |
|
2284 */ |
|
2285 if (persistent == CK_TRUE) |
|
2286 return (1); |
|
2287 |
|
2288 rv = pFuncList->C_DestroyObject(session, oh); |
|
2289 if (rv != CKR_OK) |
|
2290 { |
|
2291 PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT, |
|
2292 rv); |
|
2293 return (0); |
|
2294 } |
|
2295 |
|
2296 return (1); |
|
2297 } |
|
2298 |
|
2299 |
|
2300 /* Symmetric ciphers and digests support functions */ |
|
2301 |
|
2302 static int |
|
2303 cipher_nid_to_pk11(int nid) |
|
2304 { |
|
2305 int i; |
|
2306 |
|
2307 for (i = 0; i < PK11_CIPHER_MAX; i++) |
|
2308 if (ciphers[i].nid == nid) |
|
2309 return (ciphers[i].id); |
|
2310 return (-1); |
|
2311 } |
|
2312 |
|
2313 static int |
|
2314 pk11_usable_ciphers(const int **nids) |
|
2315 { |
|
2316 if (cipher_count > 0) |
|
2317 *nids = cipher_nids; |
|
2318 else |
|
2319 *nids = NULL; |
|
2320 return (cipher_count); |
|
2321 } |
|
2322 |
|
2323 static int |
|
2324 pk11_usable_digests(const int **nids) |
|
2325 { |
|
2326 if (digest_count > 0) |
|
2327 *nids = digest_nids; |
|
2328 else |
|
2329 *nids = NULL; |
|
2330 return (digest_count); |
|
2331 } |
|
2332 |
|
2333 /* |
|
2334 * Init context for encryption or decryption using a symmetric key. |
|
2335 */ |
|
2336 static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher, |
|
2337 PK11_SESSION *sp, CK_MECHANISM_PTR pmech) |
|
2338 { |
|
2339 CK_RV rv; |
|
2340 CK_AES_CTR_PARAMS ctr_params; |
|
2341 |
|
2342 /* |
|
2343 * We expect pmech->mechanism to be already set and |
|
2344 * pParameter/ulParameterLen initialized to NULL/0 before |
|
2345 * pk11_init_symmetric() is called. |
|
2346 */ |
|
2347 OPENSSL_assert(pmech->mechanism != NULL); |
|
2348 OPENSSL_assert(pmech->pParameter == NULL); |
|
2349 OPENSSL_assert(pmech->ulParameterLen == 0); |
|
2350 |
|
2351 if (ctx->cipher->nid == NID_aes_128_ctr || |
|
2352 ctx->cipher->nid == NID_aes_192_ctr || |
|
2353 ctx->cipher->nid == NID_aes_256_ctr) |
|
2354 { |
|
2355 pmech->pParameter = (void *)(&ctr_params); |
|
2356 pmech->ulParameterLen = sizeof (ctr_params); |
|
2357 /* |
|
2358 * For now, we are limited to the fixed length of the counter, |
|
2359 * it covers the whole counter block. That's what RFC 4344 |
|
2360 * needs. For more information on internal structure of the |
|
2361 * counter block, see RFC 3686. If needed in the future, we can |
|
2362 * add code so that the counter length can be set via |
|
2363 * ENGINE_ctrl() function. |
|
2364 */ |
|
2365 ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; |
|
2366 OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE); |
|
2367 (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE); |
|
2368 } |
|
2369 else |
|
2370 { |
|
2371 if (pcipher->iv_len > 0) |
|
2372 { |
|
2373 pmech->pParameter = (void *)ctx->iv; |
|
2374 pmech->ulParameterLen = pcipher->iv_len; |
|
2375 } |
|
2376 } |
|
2377 |
|
2378 /* if we get here, the encryption needs to be reinitialized */ |
|
2379 if (ctx->encrypt) |
|
2380 rv = pFuncList->C_EncryptInit(sp->session, pmech, |
|
2381 sp->opdata_cipher_key); |
|
2382 else |
|
2383 rv = pFuncList->C_DecryptInit(sp->session, pmech, |
|
2384 sp->opdata_cipher_key); |
|
2385 |
|
2386 if (rv != CKR_OK) |
|
2387 { |
|
2388 PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ? |
|
2389 PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv); |
|
2390 pk11_return_session(sp, OP_CIPHER); |
|
2391 return (0); |
|
2392 } |
|
2393 |
|
2394 return (1); |
|
2395 } |
|
2396 |
|
2397 /* ARGSUSED */ |
|
2398 static int |
|
2399 pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
|
2400 const unsigned char *iv, int enc) |
|
2401 { |
|
2402 CK_MECHANISM mech; |
|
2403 int index; |
|
2404 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; |
|
2405 PK11_SESSION *sp; |
|
2406 PK11_CIPHER *p_ciph_table_row; |
|
2407 |
|
2408 state->sp = NULL; |
|
2409 |
|
2410 index = cipher_nid_to_pk11(ctx->cipher->nid); |
|
2411 if (index < 0 || index >= PK11_CIPHER_MAX) |
|
2412 return (0); |
|
2413 |
|
2414 p_ciph_table_row = &ciphers[index]; |
|
2415 /* |
|
2416 * iv_len in the ctx->cipher structure is the maximum IV length for the |
|
2417 * current cipher and it must be less or equal to the IV length in our |
|
2418 * ciphers table. The key length must be in the allowed interval. From |
|
2419 * all cipher modes that the PKCS#11 engine supports only RC4 allows a |
|
2420 * key length to be in some range, all other NIDs have a precise key |
|
2421 * length. Every application can define its own EVP functions so this |
|
2422 * code serves as a sanity check. |
|
2423 * |
|
2424 * Note that the reason why the IV length in ctx->cipher might be |
|
2425 * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs |
|
2426 * macro to define functions that return EVP structures for all DES |
|
2427 * modes. So, even ECB modes get 8 byte IV. |
|
2428 */ |
|
2429 if (ctx->cipher->iv_len < p_ciph_table_row->iv_len || |
|
2430 ctx->key_len < p_ciph_table_row->min_key_len || |
|
2431 ctx->key_len > p_ciph_table_row->max_key_len) { |
|
2432 PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM); |
|
2433 return (0); |
|
2434 } |
|
2435 |
|
2436 if ((sp = pk11_get_session(OP_CIPHER)) == NULL) |
|
2437 return (0); |
|
2438 |
|
2439 /* if applicable, the mechanism parameter is used for IV */ |
|
2440 mech.mechanism = p_ciph_table_row->mech_type; |
|
2441 mech.pParameter = NULL; |
|
2442 mech.ulParameterLen = 0; |
|
2443 |
|
2444 /* The key object is destroyed here if it is not the current key. */ |
|
2445 (void) check_new_cipher_key(sp, key, ctx->key_len); |
|
2446 |
|
2447 /* |
|
2448 * If the key is the same and the encryption is also the same, then |
|
2449 * just reuse it. However, we must not forget to reinitialize the |
|
2450 * context that was finalized in pk11_cipher_cleanup(). |
|
2451 */ |
|
2452 if (sp->opdata_cipher_key != CK_INVALID_HANDLE && |
|
2453 sp->opdata_encrypt == ctx->encrypt) |
|
2454 { |
|
2455 state->sp = sp; |
|
2456 if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) |
|
2457 return (0); |
|
2458 |
|
2459 return (1); |
|
2460 } |
|
2461 |
|
2462 /* |
|
2463 * Check if the key has been invalidated. If so, a new key object |
|
2464 * needs to be created. |
|
2465 */ |
|
2466 if (sp->opdata_cipher_key == CK_INVALID_HANDLE) |
|
2467 { |
|
2468 sp->opdata_cipher_key = pk11_get_cipher_key( |
|
2469 ctx, key, p_ciph_table_row->key_type, sp); |
|
2470 } |
|
2471 |
|
2472 if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1) |
|
2473 { |
|
2474 /* |
|
2475 * The previous encryption/decryption is different. Need to |
|
2476 * terminate the previous * active encryption/decryption here. |
|
2477 */ |
|
2478 if (!pk11_cipher_final(sp)) |
|
2479 { |
|
2480 pk11_return_session(sp, OP_CIPHER); |
|
2481 return (0); |
|
2482 } |
|
2483 } |
|
2484 |
|
2485 if (sp->opdata_cipher_key == CK_INVALID_HANDLE) |
|
2486 { |
|
2487 pk11_return_session(sp, OP_CIPHER); |
|
2488 return (0); |
|
2489 } |
|
2490 |
|
2491 /* now initialize the context with a new key */ |
|
2492 if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) |
|
2493 return (0); |
|
2494 |
|
2495 sp->opdata_encrypt = ctx->encrypt; |
|
2496 state->sp = sp; |
|
2497 |
|
2498 return (1); |
|
2499 } |
|
2500 |
|
2501 /* |
|
2502 * When reusing the same key in an encryption/decryption session for a |
|
2503 * decryption/encryption session, we need to close the active session |
|
2504 * and recreate a new one. Note that the key is in the global session so |
|
2505 * that it needs not be recreated. |
|
2506 * |
|
2507 * It is more appropriate to use C_En/DecryptFinish here. At the time of this |
|
2508 * development, these two functions in the PKCS#11 libraries used return |
|
2509 * unexpected errors when passing in 0 length output. It may be a good |
|
2510 * idea to try them again if performance is a problem here and fix |
|
2511 * C_En/DecryptFinial if there are bugs there causing the problem. |
|
2512 */ |
|
2513 static int |
|
2514 pk11_cipher_final(PK11_SESSION *sp) |
|
2515 { |
|
2516 CK_RV rv; |
|
2517 |
|
2518 rv = pFuncList->C_CloseSession(sp->session); |
|
2519 if (rv != CKR_OK) |
|
2520 { |
|
2521 PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv); |
|
2522 return (0); |
|
2523 } |
|
2524 |
|
2525 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, |
|
2526 NULL_PTR, NULL_PTR, &sp->session); |
|
2527 if (rv != CKR_OK) |
|
2528 { |
|
2529 PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv); |
|
2530 return (0); |
|
2531 } |
|
2532 |
|
2533 return (1); |
|
2534 } |
|
2535 |
|
2536 /* |
|
2537 * An engine interface function. The calling function allocates sufficient |
|
2538 * memory for the output buffer "out" to hold the results. |
|
2539 */ |
|
2540 static int |
|
2541 pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
|
2542 const unsigned char *in, size_t inl) |
|
2543 { |
|
2544 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; |
|
2545 PK11_SESSION *sp; |
|
2546 CK_RV rv; |
|
2547 unsigned long outl = inl; |
|
2548 |
|
2549 if (state == NULL || state->sp == NULL) |
|
2550 return (0); |
|
2551 |
|
2552 sp = (PK11_SESSION *) state->sp; |
|
2553 |
|
2554 if (!inl) |
|
2555 return (1); |
|
2556 |
|
2557 /* RC4 is the only stream cipher we support */ |
|
2558 if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0) |
|
2559 return (0); |
|
2560 |
|
2561 if (ctx->encrypt) |
|
2562 { |
|
2563 rv = pFuncList->C_EncryptUpdate(sp->session, |
|
2564 (unsigned char *)in, inl, out, &outl); |
|
2565 |
|
2566 if (rv != CKR_OK) |
|
2567 { |
|
2568 PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, |
|
2569 PK11_R_ENCRYPTUPDATE, rv); |
|
2570 return (0); |
|
2571 } |
|
2572 } |
|
2573 else |
|
2574 { |
|
2575 rv = pFuncList->C_DecryptUpdate(sp->session, |
|
2576 (unsigned char *)in, inl, out, &outl); |
|
2577 |
|
2578 if (rv != CKR_OK) |
|
2579 { |
|
2580 PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, |
|
2581 PK11_R_DECRYPTUPDATE, rv); |
|
2582 return (0); |
|
2583 } |
|
2584 } |
|
2585 |
|
2586 /* |
|
2587 * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always |
|
2588 * the same size of input. |
|
2589 * The application has guaranteed to call the block ciphers with |
|
2590 * correctly aligned buffers. |
|
2591 */ |
|
2592 if (inl != outl) |
|
2593 return (0); |
|
2594 |
|
2595 return (1); |
|
2596 } |
|
2597 |
|
2598 /* |
|
2599 * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal() |
|
2600 * here is the right thing because in EVP_DecryptFinal_ex(), engine's |
|
2601 * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but |
|
2602 * the engine can't find out that it's the finalizing call. We wouldn't |
|
2603 * necessarily have to finalize the context here since reinitializing it with |
|
2604 * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness, |
|
2605 * let's do it. Some implementations might leak memory if the previously used |
|
2606 * context is initialized without finalizing it first. |
|
2607 */ |
|
2608 static int |
|
2609 pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx) |
|
2610 { |
|
2611 CK_RV rv; |
|
2612 CK_ULONG len = EVP_MAX_BLOCK_LENGTH; |
|
2613 CK_BYTE buf[EVP_MAX_BLOCK_LENGTH]; |
|
2614 PK11_CIPHER_STATE *state = ctx->cipher_data; |
|
2615 |
|
2616 if (state != NULL && state->sp != NULL) |
|
2617 { |
|
2618 /* |
|
2619 * We are not interested in the data here, we just need to get |
|
2620 * rid of the context. |
|
2621 */ |
|
2622 if (ctx->encrypt) |
|
2623 rv = pFuncList->C_EncryptFinal( |
|
2624 state->sp->session, buf, &len); |
|
2625 else |
|
2626 rv = pFuncList->C_DecryptFinal( |
|
2627 state->sp->session, buf, &len); |
|
2628 |
|
2629 if (rv != CKR_OK) |
|
2630 { |
|
2631 PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ? |
|
2632 PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv); |
|
2633 pk11_return_session(state->sp, OP_CIPHER); |
|
2634 return (0); |
|
2635 } |
|
2636 |
|
2637 pk11_return_session(state->sp, OP_CIPHER); |
|
2638 state->sp = NULL; |
|
2639 } |
|
2640 |
|
2641 return (1); |
|
2642 } |
|
2643 |
|
2644 /* |
|
2645 * Registered by the ENGINE when used to find out how to deal with |
|
2646 * a particular NID in the ENGINE. This says what we'll do at the |
|
2647 * top level - note, that list is restricted by what we answer with |
|
2648 */ |
|
2649 /* ARGSUSED */ |
|
2650 static int |
|
2651 pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
|
2652 const int **nids, int nid) |
|
2653 { |
|
2654 if (!cipher) |
|
2655 return (pk11_usable_ciphers(nids)); |
|
2656 |
|
2657 #ifdef __sparc |
|
2658 /* |
|
2659 * If T4 DES/AESinstructions are present, don't advertise |
|
2660 * the DES_CBC/AES mechanisms for pkcs11 engine as DES_CBC/AES |
|
2661 * operations should be accelerated by the inline T4 instructions |
|
2662 * in the OpenSSL upstream code. |
|
2663 */ |
|
2664 if (hw_yf_des_instruction_set_present() == 1) { |
|
2665 switch (nid) { |
|
2666 case NID_des_ede3_cbc: |
|
2667 case NID_des_cbc: |
|
2668 *cipher = NULL; |
|
2669 return (0); |
|
2670 } |
|
2671 } |
|
2672 if (hw_yf_aes_instruction_set_present() == 1) { |
|
2673 switch (nid) { |
|
2674 case NID_aes_128_cbc: |
|
2675 case NID_aes_192_cbc: |
|
2676 case NID_aes_256_cbc: |
|
2677 case NID_aes_128_ecb: |
|
2678 case NID_aes_192_ecb: |
|
2679 case NID_aes_256_ecb: |
|
2680 case NID_aes_128_ctr: |
|
2681 case NID_aes_192_ctr: |
|
2682 case NID_aes_256_ctr: |
|
2683 *cipher = NULL; |
|
2684 return (0); |
|
2685 } |
|
2686 } |
|
2687 #endif |
|
2688 |
|
2689 switch (nid) |
|
2690 { |
|
2691 case NID_des_ede3_cbc: |
|
2692 *cipher = &pk11_3des_cbc; |
|
2693 break; |
|
2694 case NID_des_cbc: |
|
2695 *cipher = &pk11_des_cbc; |
|
2696 break; |
|
2697 case NID_des_ede3_ecb: |
|
2698 *cipher = &pk11_3des_ecb; |
|
2699 break; |
|
2700 case NID_des_ecb: |
|
2701 *cipher = &pk11_des_ecb; |
|
2702 break; |
|
2703 case NID_aes_128_cbc: |
|
2704 *cipher = &pk11_aes_128_cbc; |
|
2705 break; |
|
2706 case NID_aes_192_cbc: |
|
2707 *cipher = &pk11_aes_192_cbc; |
|
2708 break; |
|
2709 case NID_aes_256_cbc: |
|
2710 *cipher = &pk11_aes_256_cbc; |
|
2711 break; |
|
2712 case NID_aes_128_ecb: |
|
2713 *cipher = &pk11_aes_128_ecb; |
|
2714 break; |
|
2715 case NID_aes_192_ecb: |
|
2716 *cipher = &pk11_aes_192_ecb; |
|
2717 break; |
|
2718 case NID_aes_256_ecb: |
|
2719 *cipher = &pk11_aes_256_ecb; |
|
2720 break; |
|
2721 case NID_aes_128_ctr: |
|
2722 *cipher = &pk11_aes_128_ctr; |
|
2723 break; |
|
2724 case NID_aes_192_ctr: |
|
2725 *cipher = &pk11_aes_192_ctr; |
|
2726 break; |
|
2727 case NID_aes_256_ctr: |
|
2728 *cipher = &pk11_aes_256_ctr; |
|
2729 break; |
|
2730 case NID_bf_cbc: |
|
2731 *cipher = &pk11_bf_cbc; |
|
2732 break; |
|
2733 case NID_rc4: |
|
2734 *cipher = &pk11_rc4; |
|
2735 break; |
|
2736 default: |
|
2737 *cipher = NULL; |
|
2738 break; |
|
2739 } |
|
2740 return (*cipher != NULL); |
|
2741 } |
|
2742 |
|
2743 /* ARGSUSED */ |
|
2744 static int |
|
2745 pk11_engine_digests(ENGINE *e, const EVP_MD **digest, |
|
2746 const int **nids, int nid) |
|
2747 { |
|
2748 if (!digest) |
|
2749 return (pk11_usable_digests(nids)); |
|
2750 |
|
2751 switch (nid) |
|
2752 { |
|
2753 case NID_md5: |
|
2754 *digest = &pk11_md5; |
|
2755 break; |
|
2756 /* |
|
2757 * A special case. For "openssl dgst -dss1 -engine pkcs11 ...", |
|
2758 * OpenSSL calls EVP_get_digestbyname() on "dss1" which ends up |
|
2759 * calling pk11_engine_digests() for NID_dsa. Internally, if an |
|
2760 * engine is not used, OpenSSL uses SHA1_Init() as expected for |
|
2761 * DSA. So, we must return pk11_sha1() for NID_dsa as well. Note |
|
2762 * that this must have changed between 0.9.8 and 1.0.0 since we |
|
2763 * did not have the problem with the 0.9.8 version. |
|
2764 */ |
|
2765 case NID_sha1: |
|
2766 case NID_dsa: |
|
2767 *digest = &pk11_sha1; |
|
2768 break; |
|
2769 case NID_sha224: |
|
2770 *digest = &pk11_sha224; |
|
2771 break; |
|
2772 case NID_sha256: |
|
2773 *digest = &pk11_sha256; |
|
2774 break; |
|
2775 case NID_sha384: |
|
2776 *digest = &pk11_sha384; |
|
2777 break; |
|
2778 case NID_sha512: |
|
2779 *digest = &pk11_sha512; |
|
2780 break; |
|
2781 default: |
|
2782 *digest = NULL; |
|
2783 break; |
|
2784 } |
|
2785 return (*digest != NULL); |
|
2786 } |
|
2787 |
|
2788 |
|
2789 /* Create a secret key object in a PKCS#11 session */ |
|
2790 static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, |
|
2791 const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp) |
|
2792 { |
|
2793 CK_RV rv; |
|
2794 CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; |
|
2795 CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY; |
|
2796 CK_ULONG ul_key_attr_count = 6; |
|
2797 |
|
2798 CK_ATTRIBUTE a_key_template[] = |
|
2799 { |
|
2800 {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)}, |
|
2801 {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)}, |
|
2802 {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, |
|
2803 {CKA_ENCRYPT, &pk11_true, sizeof (pk11_true)}, |
|
2804 {CKA_DECRYPT, &pk11_true, sizeof (pk11_true)}, |
|
2805 {CKA_VALUE, (void*) NULL, 0}, |
|
2806 }; |
|
2807 |
|
2808 /* |
|
2809 * Create secret key object in global_session. All other sessions |
|
2810 * can use the key handles. Here is why: |
|
2811 * OpenSSL will call EncryptInit and EncryptUpdate using a secret key. |
|
2812 * It may then call DecryptInit and DecryptUpdate using the same key. |
|
2813 * To use the same key object, we need to call EncryptFinal with |
|
2814 * a 0 length message. Currently, this does not work for 3DES |
|
2815 * mechanism. To get around this problem, we close the session and |
|
2816 * then create a new session to use the same key object. When a session |
|
2817 * is closed, all the object handles will be invalid. Thus, create key |
|
2818 * objects in a global session, an individual session may be closed to |
|
2819 * terminate the active operation. |
|
2820 */ |
|
2821 CK_SESSION_HANDLE session = global_session; |
|
2822 a_key_template[0].pValue = &obj_key; |
|
2823 a_key_template[1].pValue = &key_type; |
|
2824 a_key_template[5].pValue = (void *) key; |
|
2825 a_key_template[5].ulValueLen = (unsigned long) ctx->key_len; |
|
2826 |
|
2827 rv = pFuncList->C_CreateObject(session, |
|
2828 a_key_template, ul_key_attr_count, &h_key); |
|
2829 if (rv != CKR_OK) |
|
2830 { |
|
2831 PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT, |
|
2832 rv); |
|
2833 goto err; |
|
2834 } |
|
2835 |
|
2836 /* |
|
2837 * Save the key information used in this session. |
|
2838 * The max can be saved is PK11_KEY_LEN_MAX. |
|
2839 */ |
|
2840 sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ? |
|
2841 PK11_KEY_LEN_MAX : ctx->key_len; |
|
2842 (void) memcpy(sp->opdata_key, key, sp->opdata_key_len); |
|
2843 err: |
|
2844 |
|
2845 return (h_key); |
|
2846 } |
|
2847 |
|
2848 static int |
|
2849 md_nid_to_pk11(int nid) |
|
2850 { |
|
2851 int i; |
|
2852 |
|
2853 for (i = 0; i < PK11_DIGEST_MAX; i++) |
|
2854 if (digests[i].nid == nid) |
|
2855 return (digests[i].id); |
|
2856 return (-1); |
|
2857 } |
|
2858 |
|
2859 static int |
|
2860 pk11_digest_init(EVP_MD_CTX *ctx) |
|
2861 { |
|
2862 CK_RV rv; |
|
2863 CK_MECHANISM mech; |
|
2864 int index; |
|
2865 PK11_SESSION *sp; |
|
2866 PK11_DIGEST *pdp; |
|
2867 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; |
|
2868 |
|
2869 state->sp = NULL; |
|
2870 |
|
2871 index = md_nid_to_pk11(ctx->digest->type); |
|
2872 if (index < 0 || index >= PK11_DIGEST_MAX) |
|
2873 return (0); |
|
2874 |
|
2875 pdp = &digests[index]; |
|
2876 if ((sp = pk11_get_session(OP_DIGEST)) == NULL) |
|
2877 return (0); |
|
2878 |
|
2879 /* at present, no parameter is needed for supported digests */ |
|
2880 mech.mechanism = pdp->mech_type; |
|
2881 mech.pParameter = NULL; |
|
2882 mech.ulParameterLen = 0; |
|
2883 |
|
2884 rv = pFuncList->C_DigestInit(sp->session, &mech); |
|
2885 |
|
2886 if (rv != CKR_OK) |
|
2887 { |
|
2888 PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv); |
|
2889 pk11_return_session(sp, OP_DIGEST); |
|
2890 return (0); |
|
2891 } |
|
2892 |
|
2893 state->sp = sp; |
|
2894 |
|
2895 return (1); |
|
2896 } |
|
2897 |
|
2898 static int |
|
2899 pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) |
|
2900 { |
|
2901 CK_RV rv; |
|
2902 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; |
|
2903 |
|
2904 /* 0 length message will cause a failure in C_DigestFinal */ |
|
2905 if (count == 0) |
|
2906 return (1); |
|
2907 |
|
2908 if (state == NULL || state->sp == NULL) |
|
2909 return (0); |
|
2910 |
|
2911 rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data, |
|
2912 count); |
|
2913 |
|
2914 if (rv != CKR_OK) |
|
2915 { |
|
2916 PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv); |
|
2917 pk11_return_session(state->sp, OP_DIGEST); |
|
2918 state->sp = NULL; |
|
2919 return (0); |
|
2920 } |
|
2921 |
|
2922 return (1); |
|
2923 } |
|
2924 |
|
2925 static int |
|
2926 pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md) |
|
2927 { |
|
2928 CK_RV rv; |
|
2929 unsigned long len; |
|
2930 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; |
|
2931 len = ctx->digest->md_size; |
|
2932 |
|
2933 if (state == NULL || state->sp == NULL) |
|
2934 return (0); |
|
2935 |
|
2936 rv = pFuncList->C_DigestFinal(state->sp->session, md, &len); |
|
2937 |
|
2938 if (rv != CKR_OK) |
|
2939 { |
|
2940 PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv); |
|
2941 pk11_return_session(state->sp, OP_DIGEST); |
|
2942 state->sp = NULL; |
|
2943 return (0); |
|
2944 } |
|
2945 |
|
2946 if (ctx->digest->md_size != len) |
|
2947 return (0); |
|
2948 |
|
2949 /* |
|
2950 * Final is called and digest is returned, so return the session |
|
2951 * to the pool |
|
2952 */ |
|
2953 pk11_return_session(state->sp, OP_DIGEST); |
|
2954 state->sp = NULL; |
|
2955 |
|
2956 return (1); |
|
2957 } |
|
2958 |
|
2959 static int |
|
2960 pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) |
|
2961 { |
|
2962 CK_RV rv; |
|
2963 int ret = 0; |
|
2964 PK11_CIPHER_STATE *state, *state_to; |
|
2965 CK_BYTE_PTR pstate = NULL; |
|
2966 CK_ULONG ul_state_len; |
|
2967 |
|
2968 if (from->md_data == NULL || to->digest->ctx_size == 0) |
|
2969 return (1); |
|
2970 |
|
2971 /* The copy-from state */ |
|
2972 state = (PK11_CIPHER_STATE *) from->md_data; |
|
2973 if (state->sp == NULL) |
|
2974 goto err; |
|
2975 |
|
2976 /* Initialize the copy-to state */ |
|
2977 if (!pk11_digest_init(to)) |
|
2978 goto err; |
|
2979 state_to = (PK11_CIPHER_STATE *) to->md_data; |
|
2980 |
|
2981 /* Get the size of the operation state of the copy-from session */ |
|
2982 rv = pFuncList->C_GetOperationState(state->sp->session, NULL, |
|
2983 &ul_state_len); |
|
2984 |
|
2985 if (rv != CKR_OK) |
|
2986 { |
|
2987 PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, |
|
2988 rv); |
|
2989 goto err; |
|
2990 } |
|
2991 if (ul_state_len == 0) |
|
2992 { |
|
2993 goto err; |
|
2994 } |
|
2995 |
|
2996 pstate = OPENSSL_malloc(ul_state_len); |
|
2997 if (pstate == NULL) |
|
2998 { |
|
2999 PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE); |
|
3000 goto err; |
|
3001 } |
|
3002 |
|
3003 /* Get the operation state of the copy-from session */ |
|
3004 rv = pFuncList->C_GetOperationState(state->sp->session, pstate, |
|
3005 &ul_state_len); |
|
3006 |
|
3007 if (rv != CKR_OK) |
|
3008 { |
|
3009 PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, |
|
3010 rv); |
|
3011 goto err; |
|
3012 } |
|
3013 |
|
3014 /* Set the operation state of the copy-to session */ |
|
3015 rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate, |
|
3016 ul_state_len, 0, 0); |
|
3017 |
|
3018 if (rv != CKR_OK) |
|
3019 { |
|
3020 PK11err_add_data(PK11_F_DIGEST_COPY, |
|
3021 PK11_R_SET_OPERATION_STATE, rv); |
|
3022 goto err; |
|
3023 } |
|
3024 |
|
3025 ret = 1; |
|
3026 err: |
|
3027 if (pstate != NULL) |
|
3028 OPENSSL_free(pstate); |
|
3029 |
|
3030 return (ret); |
|
3031 } |
|
3032 |
|
3033 /* Return any pending session state to the pool */ |
|
3034 static int |
|
3035 pk11_digest_cleanup(EVP_MD_CTX *ctx) |
|
3036 { |
|
3037 PK11_CIPHER_STATE *state = ctx->md_data; |
|
3038 unsigned char buf[EVP_MAX_MD_SIZE]; |
|
3039 |
|
3040 if (state != NULL && state->sp != NULL) |
|
3041 { |
|
3042 /* |
|
3043 * If state->sp is not NULL then pk11_digest_final() has not |
|
3044 * been called yet. We must call it now to free any memory |
|
3045 * that might have been allocated in the token when |
|
3046 * pk11_digest_init() was called. pk11_digest_final() |
|
3047 * will return the session to the cache. |
|
3048 */ |
|
3049 if (!pk11_digest_final(ctx, buf)) |
|
3050 return (0); |
|
3051 } |
|
3052 |
|
3053 return (1); |
|
3054 } |
|
3055 |
|
3056 /* |
|
3057 * Check if the new key is the same as the key object in the session. If the key |
|
3058 * is the same, no need to create a new key object. Otherwise, the old key |
|
3059 * object needs to be destroyed and a new one will be created. Return 1 for |
|
3060 * cache hit, 0 for cache miss. Note that we must check the key length first |
|
3061 * otherwise we could end up reusing a different, longer key with the same |
|
3062 * prefix. |
|
3063 */ |
|
3064 static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, |
|
3065 int key_len) |
|
3066 { |
|
3067 if (sp->opdata_key_len != key_len || |
|
3068 memcmp(sp->opdata_key, key, key_len) != 0) |
|
3069 { |
|
3070 (void) pk11_destroy_cipher_key_objects(sp); |
|
3071 return (0); |
|
3072 } |
|
3073 return (1); |
|
3074 } |
|
3075 |
|
3076 /* Destroy one or more secret key objects. */ |
|
3077 static int pk11_destroy_cipher_key_objects(PK11_SESSION *session) |
|
3078 { |
|
3079 int ret = 0; |
|
3080 PK11_SESSION *sp = NULL; |
|
3081 PK11_SESSION *local_free_session; |
|
3082 |
|
3083 if (session != NULL) |
|
3084 local_free_session = session; |
|
3085 else |
|
3086 { |
|
3087 (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock); |
|
3088 local_free_session = session_cache[OP_CIPHER].head; |
|
3089 } |
|
3090 |
|
3091 while ((sp = local_free_session) != NULL) |
|
3092 { |
|
3093 local_free_session = sp->next; |
|
3094 |
|
3095 if (sp->opdata_cipher_key != CK_INVALID_HANDLE) |
|
3096 { |
|
3097 /* |
|
3098 * The secret key object is created in the |
|
3099 * global_session. See pk11_get_cipher_key(). |
|
3100 */ |
|
3101 if (pk11_destroy_object(global_session, |
|
3102 sp->opdata_cipher_key, CK_FALSE) == 0) |
|
3103 goto err; |
|
3104 sp->opdata_cipher_key = CK_INVALID_HANDLE; |
|
3105 } |
|
3106 } |
|
3107 ret = 1; |
|
3108 err: |
|
3109 |
|
3110 if (session == NULL) |
|
3111 (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock); |
|
3112 |
|
3113 return (ret); |
|
3114 } |
|
3115 |
|
3116 |
|
3117 /* |
|
3118 * Public key mechanisms optionally supported |
|
3119 * |
|
3120 * CKM_RSA_X_509 |
|
3121 * CKM_RSA_PKCS |
|
3122 * CKM_DSA |
|
3123 * |
|
3124 * The first slot that supports at least one of those mechanisms is chosen as a |
|
3125 * public key slot. |
|
3126 * |
|
3127 * Symmetric ciphers optionally supported |
|
3128 * |
|
3129 * CKM_DES3_CBC |
|
3130 * CKM_DES_CBC |
|
3131 * CKM_AES_CBC |
|
3132 * CKM_DES3_ECB |
|
3133 * CKM_DES_ECB |
|
3134 * CKM_AES_ECB |
|
3135 * CKM_AES_CTR |
|
3136 * CKM_RC4 |
|
3137 * CKM_BLOWFISH_CBC |
|
3138 * |
|
3139 * Digests optionally supported |
|
3140 * |
|
3141 * CKM_MD5 |
|
3142 * CKM_SHA_1 |
|
3143 * CKM_SHA224 |
|
3144 * CKM_SHA256 |
|
3145 * CKM_SHA384 |
|
3146 * CKM_SHA512 |
|
3147 * |
|
3148 * The output of this function is a set of global variables indicating which |
|
3149 * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of |
|
3150 * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global |
|
3151 * variables carry information about which slot was chosen for (a) public key |
|
3152 * mechanisms, (b) random operations, and (c) symmetric ciphers and digests. |
|
3153 */ |
|
3154 static int |
|
3155 pk11_choose_slots(int *any_slot_found) |
|
3156 { |
|
3157 CK_SLOT_ID_PTR pSlotList = NULL_PTR; |
|
3158 CK_ULONG ulSlotCount = 0; |
|
3159 CK_MECHANISM_INFO mech_info; |
|
3160 CK_TOKEN_INFO token_info; |
|
3161 int i; |
|
3162 CK_RV rv; |
|
3163 CK_SLOT_ID best_slot_sofar; |
|
3164 CK_BBOOL found_candidate_slot = CK_FALSE; |
|
3165 int slot_n_cipher = 0; |
|
3166 int slot_n_digest = 0; |
|
3167 CK_SLOT_ID current_slot = 0; |
|
3168 int current_slot_n_cipher = 0; |
|
3169 int current_slot_n_digest = 0; |
|
3170 |
|
3171 int local_cipher_nids[PK11_CIPHER_MAX]; |
|
3172 int local_digest_nids[PK11_DIGEST_MAX]; |
|
3173 |
|
3174 /* let's initialize the output parameter */ |
|
3175 if (any_slot_found != NULL) |
|
3176 *any_slot_found = 0; |
|
3177 |
|
3178 /* Get slot list for memory allocation */ |
|
3179 rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount); |
|
3180 |
|
3181 if (rv != CKR_OK) |
|
3182 { |
|
3183 PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); |
|
3184 return (0); |
|
3185 } |
|
3186 |
|
3187 /* it's not an error if we didn't find any providers */ |
|
3188 if (ulSlotCount == 0) |
|
3189 { |
|
3190 DEBUG_SLOT_SEL("%s: no crypto providers found\n", PK11_DBG); |
|
3191 return (1); |
|
3192 } |
|
3193 |
|
3194 pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); |
|
3195 |
|
3196 if (pSlotList == NULL) |
|
3197 { |
|
3198 PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE); |
|
3199 return (0); |
|
3200 } |
|
3201 |
|
3202 /* Get the slot list for processing */ |
|
3203 rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount); |
|
3204 if (rv != CKR_OK) |
|
3205 { |
|
3206 PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); |
|
3207 OPENSSL_free(pSlotList); |
|
3208 return (0); |
|
3209 } |
|
3210 |
|
3211 DEBUG_SLOT_SEL("%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME); |
|
3212 DEBUG_SLOT_SEL("%s: number of slots: %d\n", PK11_DBG, ulSlotCount); |
|
3213 |
|
3214 DEBUG_SLOT_SEL("%s: == checking rand slots ==\n", PK11_DBG); |
|
3215 for (i = 0; i < ulSlotCount; i++) |
|
3216 { |
|
3217 current_slot = pSlotList[i]; |
|
3218 |
|
3219 DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); |
|
3220 /* Check if slot has random support. */ |
|
3221 rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); |
|
3222 if (rv != CKR_OK) |
|
3223 continue; |
|
3224 |
|
3225 DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, |
|
3226 token_info.label); |
|
3227 |
|
3228 if (token_info.flags & CKF_RNG) |
|
3229 { |
|
3230 DEBUG_SLOT_SEL( |
|
3231 "%s: this token has CKF_RNG flag\n", PK11_DBG); |
|
3232 pk11_have_random = CK_TRUE; |
|
3233 rand_SLOTID = current_slot; |
|
3234 break; |
|
3235 } |
|
3236 } |
|
3237 |
|
3238 DEBUG_SLOT_SEL("%s: == checking pubkey slots ==\n", PK11_DBG); |
|
3239 |
|
3240 pubkey_SLOTID = pSlotList[0]; |
|
3241 for (i = 0; i < ulSlotCount; i++) |
|
3242 { |
|
3243 CK_BBOOL slot_has_rsa = CK_FALSE; |
|
3244 CK_BBOOL slot_has_dsa = CK_FALSE; |
|
3245 CK_BBOOL slot_has_dh = CK_FALSE; |
|
3246 current_slot = pSlotList[i]; |
|
3247 |
|
3248 DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); |
|
3249 rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); |
|
3250 if (rv != CKR_OK) |
|
3251 continue; |
|
3252 |
|
3253 DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, |
|
3254 token_info.label); |
|
3255 |
|
3256 #ifndef OPENSSL_NO_RSA |
|
3257 /* |
|
3258 * Check if this slot is capable of signing and |
|
3259 * verifying with CKM_RSA_PKCS. |
|
3260 */ |
|
3261 rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS, |
|
3262 &mech_info); |
|
3263 |
|
3264 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && |
|
3265 (mech_info.flags & CKF_VERIFY))) |
|
3266 { |
|
3267 /* |
|
3268 * Check if this slot is capable of encryption, |
|
3269 * decryption, sign, and verify with CKM_RSA_X_509. |
|
3270 */ |
|
3271 rv = pFuncList->C_GetMechanismInfo(current_slot, |
|
3272 CKM_RSA_X_509, &mech_info); |
|
3273 |
|
3274 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && |
|
3275 (mech_info.flags & CKF_VERIFY) && |
|
3276 (mech_info.flags & CKF_ENCRYPT) && |
|
3277 (mech_info.flags & CKF_VERIFY_RECOVER) && |
|
3278 (mech_info.flags & CKF_DECRYPT))) |
|
3279 { |
|
3280 slot_has_rsa = CK_TRUE; |
|
3281 } |
|
3282 } |
|
3283 #endif /* OPENSSL_NO_RSA */ |
|
3284 |
|
3285 #ifndef OPENSSL_NO_DSA |
|
3286 /* |
|
3287 * Check if this slot is capable of signing and |
|
3288 * verifying with CKM_DSA. |
|
3289 */ |
|
3290 rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA, |
|
3291 &mech_info); |
|
3292 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && |
|
3293 (mech_info.flags & CKF_VERIFY))) |
|
3294 { |
|
3295 slot_has_dsa = CK_TRUE; |
|
3296 } |
|
3297 |
|
3298 #endif /* OPENSSL_NO_DSA */ |
|
3299 |
|
3300 #ifndef OPENSSL_NO_DH |
|
3301 /* |
|
3302 * Check if this slot is capable of DH key generataion and |
|
3303 * derivation. |
|
3304 */ |
|
3305 rv = pFuncList->C_GetMechanismInfo(current_slot, |
|
3306 CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info); |
|
3307 |
|
3308 if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR)) |
|
3309 { |
|
3310 rv = pFuncList->C_GetMechanismInfo(current_slot, |
|
3311 CKM_DH_PKCS_DERIVE, &mech_info); |
|
3312 if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE)) |
|
3313 { |
|
3314 slot_has_dh = CK_TRUE; |
|
3315 } |
|
3316 } |
|
3317 #endif /* OPENSSL_NO_DH */ |
|
3318 |
|
3319 if (!found_candidate_slot && |
|
3320 (slot_has_rsa || slot_has_dsa || slot_has_dh)) |
|
3321 { |
|
3322 DEBUG_SLOT_SEL( |
|
3323 "%s: potential slot: %d\n", PK11_DBG, current_slot); |
|
3324 best_slot_sofar = current_slot; |
|
3325 pk11_have_rsa = slot_has_rsa; |
|
3326 pk11_have_dsa = slot_has_dsa; |
|
3327 pk11_have_dh = slot_has_dh; |
|
3328 found_candidate_slot = CK_TRUE; |
|
3329 /* |
|
3330 * Cache the flags for later use. We might need those if |
|
3331 * RSA keys by reference feature is used. |
|
3332 */ |
|
3333 pubkey_token_flags = token_info.flags; |
|
3334 DEBUG_SLOT_SEL( |
|
3335 "%s: setting found_candidate_slot to CK_TRUE\n", |
|
3336 PK11_DBG); |
|
3337 DEBUG_SLOT_SEL("%s: best slot so far: %d\n", PK11_DBG, |
|
3338 best_slot_sofar); |
|
3339 DEBUG_SLOT_SEL("%s: pubkey flags changed to " |
|
3340 "%lu.\n", PK11_DBG, pubkey_token_flags); |
|
3341 } |
|
3342 else |
|
3343 { |
|
3344 DEBUG_SLOT_SEL("%s: no rsa/dsa/dh\n", PK11_DBG); |
|
3345 } |
|
3346 } /* for */ |
|
3347 |
|
3348 if (found_candidate_slot == CK_TRUE) |
|
3349 { |
|
3350 pubkey_SLOTID = best_slot_sofar; |
|
3351 } |
|
3352 |
|
3353 found_candidate_slot = CK_FALSE; |
|
3354 best_slot_sofar = 0; |
|
3355 |
|
3356 DEBUG_SLOT_SEL("%s: == checking cipher/digest ==\n", PK11_DBG); |
|
3357 |
|
3358 SLOTID = pSlotList[0]; |
|
3359 for (i = 0; i < ulSlotCount; i++) |
|
3360 { |
|
3361 DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); |
|
3362 |
|
3363 current_slot = pSlotList[i]; |
|
3364 current_slot_n_cipher = 0; |
|
3365 current_slot_n_digest = 0; |
|
3366 (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids)); |
|
3367 (void) memset(local_digest_nids, 0, sizeof (local_digest_nids)); |
|
3368 |
|
3369 pk11_find_symmetric_ciphers(pFuncList, current_slot, |
|
3370 ¤t_slot_n_cipher, local_cipher_nids); |
|
3371 |
|
3372 pk11_find_digests(pFuncList, current_slot, |
|
3373 ¤t_slot_n_digest, local_digest_nids); |
|
3374 |
|
3375 DEBUG_SLOT_SEL("%s: current_slot_n_cipher %d\n", PK11_DBG, |
|
3376 current_slot_n_cipher); |
|
3377 DEBUG_SLOT_SEL("%s: current_slot_n_digest %d\n", PK11_DBG, |
|
3378 current_slot_n_digest); |
|
3379 DEBUG_SLOT_SEL("%s: best cipher/digest slot so far: %d\n", |
|
3380 PK11_DBG, best_slot_sofar); |
|
3381 |
|
3382 /* |
|
3383 * If the current slot supports more ciphers/digests than |
|
3384 * the previous best one we change the current best to this one, |
|
3385 * otherwise leave it where it is. |
|
3386 */ |
|
3387 if ((current_slot_n_cipher + current_slot_n_digest) > |
|
3388 (slot_n_cipher + slot_n_digest)) |
|
3389 { |
|
3390 DEBUG_SLOT_SEL("%s: changing best slot to %d\n", |
|
3391 PK11_DBG, current_slot); |
|
3392 best_slot_sofar = SLOTID = current_slot; |
|
3393 cipher_count = slot_n_cipher = current_slot_n_cipher; |
|
3394 digest_count = slot_n_digest = current_slot_n_digest; |
|
3395 (void) memcpy(cipher_nids, local_cipher_nids, |
|
3396 sizeof (local_cipher_nids)); |
|
3397 (void) memcpy(digest_nids, local_digest_nids, |
|
3398 sizeof (local_digest_nids)); |
|
3399 } |
|
3400 } |
|
3401 |
|
3402 DEBUG_SLOT_SEL("%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID); |
|
3403 DEBUG_SLOT_SEL("%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID); |
|
3404 DEBUG_SLOT_SEL("%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID); |
|
3405 DEBUG_SLOT_SEL("%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa); |
|
3406 DEBUG_SLOT_SEL("%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa); |
|
3407 DEBUG_SLOT_SEL("%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh); |
|
3408 DEBUG_SLOT_SEL("%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random); |
|
3409 DEBUG_SLOT_SEL("%s: cipher_count %d\n", PK11_DBG, cipher_count); |
|
3410 DEBUG_SLOT_SEL("%s: digest_count %d\n", PK11_DBG, digest_count); |
|
3411 |
|
3412 if (pSlotList != NULL) |
|
3413 OPENSSL_free(pSlotList); |
|
3414 |
|
3415 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
3416 OPENSSL_free(hw_cnids); |
|
3417 OPENSSL_free(hw_dnids); |
|
3418 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
3419 |
|
3420 if (any_slot_found != NULL) |
|
3421 *any_slot_found = 1; |
|
3422 return (1); |
|
3423 } |
|
3424 |
|
3425 static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist, |
|
3426 int slot_id, int *current_slot_n_cipher, int *local_cipher_nids, |
|
3427 PK11_CIPHER *cipher) |
|
3428 { |
|
3429 CK_MECHANISM_INFO mech_info; |
|
3430 CK_RV rv; |
|
3431 |
|
3432 DEBUG_SLOT_SEL("%s: checking mech: %x", PK11_DBG, cipher->mech_type); |
|
3433 rv = pflist->C_GetMechanismInfo(slot_id, cipher->mech_type, &mech_info); |
|
3434 |
|
3435 if (rv != CKR_OK) |
|
3436 { |
|
3437 DEBUG_SLOT_SEL(" not found\n"); |
|
3438 return; |
|
3439 } |
|
3440 |
|
3441 if ((mech_info.flags & CKF_ENCRYPT) && |
|
3442 (mech_info.flags & CKF_DECRYPT)) |
|
3443 { |
|
3444 if (mech_info.ulMinKeySize > cipher->min_key_len || |
|
3445 mech_info.ulMaxKeySize < cipher->max_key_len) |
|
3446 { |
|
3447 DEBUG_SLOT_SEL(" engine key size range <%i-%i> does not" |
|
3448 " match mech range <%lu-%lu>\n", |
|
3449 cipher->min_key_len, cipher->max_key_len, |
|
3450 mech_info.ulMinKeySize, mech_info.ulMaxKeySize); |
|
3451 return; |
|
3452 } |
|
3453 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
3454 if (nid_in_table(cipher->nid, hw_cnids)) |
|
3455 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
3456 { |
|
3457 DEBUG_SLOT_SEL(" usable\n"); |
|
3458 local_cipher_nids[(*current_slot_n_cipher)++] = |
|
3459 cipher->nid; |
|
3460 } |
|
3461 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
3462 else |
|
3463 { |
|
3464 DEBUG_SLOT_SEL( |
|
3465 " rejected, software implementation only\n"); |
|
3466 } |
|
3467 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
3468 } |
|
3469 else |
|
3470 { |
|
3471 DEBUG_SLOT_SEL(" unusable\n"); |
|
3472 } |
|
3473 |
|
3474 return; |
|
3475 } |
|
3476 |
|
3477 static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, |
|
3478 int *current_slot_n_digest, int *local_digest_nids, PK11_DIGEST *digest) |
|
3479 { |
|
3480 CK_MECHANISM_INFO mech_info; |
|
3481 CK_RV rv; |
|
3482 |
|
3483 DEBUG_SLOT_SEL("%s: checking mech: %x", PK11_DBG, digest->mech_type); |
|
3484 rv = pflist->C_GetMechanismInfo(slot_id, digest->mech_type, &mech_info); |
|
3485 |
|
3486 if (rv != CKR_OK) |
|
3487 { |
|
3488 DEBUG_SLOT_SEL(" not found\n"); |
|
3489 return; |
|
3490 } |
|
3491 |
|
3492 if (mech_info.flags & CKF_DIGEST) |
|
3493 { |
|
3494 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
3495 if (nid_in_table(digest->nid, hw_dnids)) |
|
3496 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
3497 { |
|
3498 DEBUG_SLOT_SEL(" usable\n"); |
|
3499 local_digest_nids[(*current_slot_n_digest)++] = |
|
3500 digest->nid; |
|
3501 } |
|
3502 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
3503 else |
|
3504 { |
|
3505 DEBUG_SLOT_SEL( |
|
3506 " rejected, software implementation only\n"); |
|
3507 } |
|
3508 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
3509 } |
|
3510 else |
|
3511 { |
|
3512 DEBUG_SLOT_SEL(" unusable\n"); |
|
3513 } |
|
3514 |
|
3515 return; |
|
3516 } |
|
3517 |
|
3518 /* Find what symmetric ciphers this slot supports. */ |
|
3519 static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, |
|
3520 CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids) |
|
3521 { |
|
3522 int i; |
|
3523 |
|
3524 for (i = 0; i < PK11_CIPHER_MAX; ++i) |
|
3525 { |
|
3526 #ifdef __sparc |
|
3527 /* |
|
3528 * if T4 DES/AES instruction is present, don't include |
|
3529 * DES_CBC/AES mechanism in the supported symmetric |
|
3530 * cipher list. |
|
3531 */ |
|
3532 if (hw_yf_des_instruction_set_present() == 1) { |
|
3533 switch (ciphers[i].mech_type) { |
|
3534 case CKM_DES_CBC: |
|
3535 case CKM_DES3_CBC: |
|
3536 continue; |
|
3537 } |
|
3538 } |
|
3539 if (hw_yf_aes_instruction_set_present() == 1) { |
|
3540 switch (ciphers[i].mech_type) { |
|
3541 case CKM_AES_CBC: |
|
3542 case CKM_AES_ECB: |
|
3543 case CKM_AES_CTR: |
|
3544 continue; |
|
3545 } |
|
3546 } |
|
3547 #endif |
|
3548 |
|
3549 pk11_get_symmetric_cipher(pflist, current_slot, |
|
3550 current_slot_n_cipher, local_cipher_nids, &ciphers[i]); |
|
3551 } |
|
3552 } |
|
3553 |
|
3554 /* Find what digest algorithms this slot supports. */ |
|
3555 static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, |
|
3556 CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids) |
|
3557 { |
|
3558 int i; |
|
3559 |
|
3560 for (i = 0; i < PK11_DIGEST_MAX; ++i) |
|
3561 { |
|
3562 pk11_get_digest(pflist, current_slot, current_slot_n_digest, |
|
3563 local_digest_nids, &digests[i]); |
|
3564 } |
|
3565 } |
|
3566 |
|
3567 #ifdef SOLARIS_HW_SLOT_SELECTION |
|
3568 /* |
|
3569 * It would be great if we could use pkcs11_kernel directly since this library |
|
3570 * offers hardware slots only. That's the easiest way to achieve the situation |
|
3571 * where we use the hardware accelerators when present and OpenSSL native code |
|
3572 * otherwise. That presumes the fact that OpenSSL native code is faster than the |
|
3573 * code in the soft token. It's a logical assumption - Crypto Framework has some |
|
3574 * inherent overhead so going there for the software implementation of a |
|
3575 * mechanism should be logically slower in contrast to the OpenSSL native code, |
|
3576 * presuming that both implementations are of similar speed. For example, the |
|
3577 * soft token for AES is roughly three times slower than OpenSSL for 64 byte |
|
3578 * blocks and still 20% slower for 8KB blocks. So, if we want to ship products |
|
3579 * that use the PKCS#11 engine by default, we must somehow avoid that regression |
|
3580 * on machines without hardware acceleration. That's why switching to the |
|
3581 * pkcs11_kernel library seems like a very good idea. |
|
3582 * |
|
3583 * The problem is that OpenSSL built with SunStudio is roughly 2x slower for |
|
3584 * asymmetric operations (RSA/DSA/DH) than the soft token built with the same |
|
3585 * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11 |
|
3586 * library, we would have had a performance regression on machines without |
|
3587 * hardware acceleration for asymmetric operations for all applications that use |
|
3588 * the PKCS#11 engine. There is one such application - Apache web server since |
|
3589 * it's shipped configured to use the PKCS#11 engine by default. Having said |
|
3590 * that, we can't switch to the pkcs11_kernel library now and have to come with |
|
3591 * a solution that, on non-accelerated machines, uses the OpenSSL native code |
|
3592 * for all symmetric ciphers and digests while it uses the soft token for |
|
3593 * asymmetric operations. |
|
3594 * |
|
3595 * This is the idea: dlopen() pkcs11_kernel directly and find out what |
|
3596 * mechanisms are there. We don't care about duplications (more slots can |
|
3597 * support the same mechanism), we just want to know what mechanisms can be |
|
3598 * possibly supported in hardware on that particular machine. As said before, |
|
3599 * pkcs11_kernel will show you hardware providers only. |
|
3600 * |
|
3601 * Then, we rely on the fact that since we use libpkcs11 library we will find |
|
3602 * the metaslot. When we go through the metaslot's mechanisms for symmetric |
|
3603 * ciphers and digests, we check that any found mechanism is in the table |
|
3604 * created using the pkcs11_kernel library. So, as a result we have two arrays |
|
3605 * of mechanisms that were advertised as supported in hardware which was the |
|
3606 * goal of that whole exercise. Thus, we can use libpkcs11 but avoid soft token |
|
3607 * code for symmetric ciphers and digests. See pk11_choose_slots() for more |
|
3608 * information. |
|
3609 * |
|
3610 * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined |
|
3611 * the code won't be used. |
|
3612 */ |
|
3613 #if defined(__sparcv9) || defined(__x86_64) || defined(__amd64) |
|
3614 static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1"; |
|
3615 #else |
|
3616 static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1"; |
|
3617 #endif |
|
3618 |
|
3619 /* |
|
3620 * Check hardware capabilities of the machines. The output are two lists, |
|
3621 * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware |
|
3622 * providers together. They are not sorted and may contain duplicate mechanisms. |
|
3623 */ |
|
3624 static int check_hw_mechanisms(void) |
|
3625 { |
|
3626 int i; |
|
3627 CK_RV rv; |
|
3628 void *handle; |
|
3629 CK_C_GetFunctionList p; |
|
3630 CK_TOKEN_INFO token_info; |
|
3631 CK_ULONG ulSlotCount = 0; |
|
3632 int n_cipher = 0, n_digest = 0; |
|
3633 CK_FUNCTION_LIST_PTR pflist = NULL; |
|
3634 CK_SLOT_ID_PTR pSlotList = NULL_PTR; |
|
3635 int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL; |
|
3636 int hw_ctable_size, hw_dtable_size; |
|
3637 |
|
3638 DEBUG_SLOT_SEL("%s: SOLARIS_HW_SLOT_SELECTION code running\n", |
|
3639 PK11_DBG); |
|
3640 /* |
|
3641 * Use RTLD_GROUP to limit the pkcs11_kernel provider to its own |
|
3642 * symbols, which prevents it from mistakenly accessing C_* functions |
|
3643 * from the top-level PKCS#11 library. |
|
3644 */ |
|
3645 if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY | RTLD_GROUP)) == NULL) |
|
3646 { |
|
3647 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); |
|
3648 goto err; |
|
3649 } |
|
3650 |
|
3651 if ((p = (CK_C_GetFunctionList)dlsym(handle, |
|
3652 PK11_GET_FUNCTION_LIST)) == NULL) |
|
3653 { |
|
3654 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); |
|
3655 goto err; |
|
3656 } |
|
3657 |
|
3658 /* get the full function list from the loaded library */ |
|
3659 if (p(&pflist) != CKR_OK) |
|
3660 { |
|
3661 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); |
|
3662 goto err; |
|
3663 } |
|
3664 |
|
3665 rv = pflist->C_Initialize(NULL_PTR); |
|
3666 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) |
|
3667 { |
|
3668 PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS, |
|
3669 PK11_R_INITIALIZE, rv); |
|
3670 goto err; |
|
3671 } |
|
3672 |
|
3673 if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK) |
|
3674 { |
|
3675 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); |
|
3676 goto err; |
|
3677 } |
|
3678 |
|
3679 /* no slots, set the hw mechanism tables as empty */ |
|
3680 if (ulSlotCount == 0) |
|
3681 { |
|
3682 DEBUG_SLOT_SEL("%s: no hardware mechanisms found\n", PK11_DBG); |
|
3683 hw_cnids = OPENSSL_malloc(sizeof (int)); |
|
3684 hw_dnids = OPENSSL_malloc(sizeof (int)); |
|
3685 if (hw_cnids == NULL || hw_dnids == NULL) |
|
3686 { |
|
3687 PK11err(PK11_F_CHECK_HW_MECHANISMS, |
|
3688 PK11_R_MALLOC_FAILURE); |
|
3689 return (0); |
|
3690 } |
|
3691 /* this means empty tables */ |
|
3692 hw_cnids[0] = NID_undef; |
|
3693 hw_dnids[0] = NID_undef; |
|
3694 return (1); |
|
3695 } |
|
3696 |
|
3697 pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); |
|
3698 if (pSlotList == NULL) |
|
3699 { |
|
3700 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); |
|
3701 goto err; |
|
3702 } |
|
3703 |
|
3704 /* Get the slot list for processing */ |
|
3705 if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK) |
|
3706 { |
|
3707 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); |
|
3708 goto err; |
|
3709 } |
|
3710 |
|
3711 /* |
|
3712 * We don't care about duplicate mechanisms in multiple slots and also |
|
3713 * reserve one slot for the terminal NID_undef which we use to stop the |
|
3714 * search. |
|
3715 */ |
|
3716 hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1; |
|
3717 hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1; |
|
3718 tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int)); |
|
3719 tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int)); |
|
3720 if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL) |
|
3721 { |
|
3722 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); |
|
3723 goto err; |
|
3724 } |
|
3725 |
|
3726 /* |
|
3727 * Do not use memset since we should not rely on the fact that NID_undef |
|
3728 * is zero now. |
|
3729 */ |
|
3730 for (i = 0; i < hw_ctable_size; ++i) |
|
3731 tmp_hw_cnids[i] = NID_undef; |
|
3732 for (i = 0; i < hw_dtable_size; ++i) |
|
3733 tmp_hw_dnids[i] = NID_undef; |
|
3734 |
|
3735 DEBUG_SLOT_SEL("%s: provider: %s\n", PK11_DBG, pkcs11_kernel); |
|
3736 DEBUG_SLOT_SEL("%s: found %d hardware slots\n", PK11_DBG, ulSlotCount); |
|
3737 DEBUG_SLOT_SEL("%s: now looking for mechs supported in hw\n", |
|
3738 PK11_DBG); |
|
3739 |
|
3740 for (i = 0; i < ulSlotCount; i++) |
|
3741 { |
|
3742 if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK) |
|
3743 continue; |
|
3744 |
|
3745 DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, |
|
3746 token_info.label); |
|
3747 |
|
3748 /* |
|
3749 * We are filling the hw mech tables here. Global tables are |
|
3750 * still NULL so all mechanisms are put into tmp tables. |
|
3751 */ |
|
3752 pk11_find_symmetric_ciphers(pflist, pSlotList[i], |
|
3753 &n_cipher, tmp_hw_cnids); |
|
3754 pk11_find_digests(pflist, pSlotList[i], |
|
3755 &n_digest, tmp_hw_dnids); |
|
3756 } |
|
3757 |
|
3758 /* |
|
3759 * Since we are part of a library (libcrypto.so), calling this function |
|
3760 * may have side-effects. Also, C_Finalize() is triggered by |
|
3761 * dlclose(3C). |
|
3762 */ |
|
3763 #if 0 |
|
3764 pflist->C_Finalize(NULL); |
|
3765 #endif |
|
3766 OPENSSL_free(pSlotList); |
|
3767 (void) dlclose(handle); |
|
3768 hw_cnids = tmp_hw_cnids; |
|
3769 hw_dnids = tmp_hw_dnids; |
|
3770 |
|
3771 DEBUG_SLOT_SEL("%s: hw mechs check complete\n", PK11_DBG); |
|
3772 return (1); |
|
3773 |
|
3774 err: |
|
3775 if (pSlotList != NULL) |
|
3776 OPENSSL_free(pSlotList); |
|
3777 if (tmp_hw_cnids != NULL) |
|
3778 OPENSSL_free(tmp_hw_cnids); |
|
3779 if (tmp_hw_dnids != NULL) |
|
3780 OPENSSL_free(tmp_hw_dnids); |
|
3781 |
|
3782 return (0); |
|
3783 } |
|
3784 |
|
3785 /* |
|
3786 * Check presence of a NID in the table of NIDs unless the mechanism is |
|
3787 * supported directly in a CPU instruction set. The table may be NULL (i.e., |
|
3788 * non-existent). |
|
3789 */ |
|
3790 static int nid_in_table(int nid, int *nid_table) |
|
3791 { |
|
3792 int i = 0; |
|
3793 |
|
3794 /* |
|
3795 * Special case first. NULL means that we are initializing a new table. |
|
3796 */ |
|
3797 if (nid_table == NULL) |
|
3798 return (1); |
|
3799 |
|
3800 #if defined(__x86) |
|
3801 /* |
|
3802 * On Intel, if we have AES-NI instruction set we route AES to the |
|
3803 * Crypto Framework. Intel CPUs do not have other instruction sets for |
|
3804 * HW crypto acceleration so we check the HW NID table for any other |
|
3805 * mechanism. |
|
3806 */ |
|
3807 if (hw_x86_aes_instruction_set_present() == 1) |
|
3808 { |
|
3809 switch (nid) |
|
3810 { |
|
3811 case NID_aes_128_ecb: |
|
3812 case NID_aes_192_ecb: |
|
3813 case NID_aes_256_ecb: |
|
3814 case NID_aes_128_cbc: |
|
3815 case NID_aes_192_cbc: |
|
3816 case NID_aes_256_cbc: |
|
3817 case NID_aes_128_ctr: |
|
3818 case NID_aes_192_ctr: |
|
3819 case NID_aes_256_ctr: |
|
3820 return (1); |
|
3821 } |
|
3822 } |
|
3823 #elif defined(__sparc) |
|
3824 /* |
|
3825 * If we have a T4 DES/AES instruction set on SPARC, we won't process |
|
3826 * DES_CBC/AES in the Crypto Framework so that the job can be processed |
|
3827 * directly using the inlined DES/AES instructions. |
|
3828 * If we have Fujitsu AES instruction set, we route AES to the |
|
3829 * Crypto Framework. |
|
3830 */ |
|
3831 switch (nid) { |
|
3832 case NID_aes_128_ecb: |
|
3833 case NID_aes_192_ecb: |
|
3834 case NID_aes_256_ecb: |
|
3835 case NID_aes_128_cbc: |
|
3836 case NID_aes_192_cbc: |
|
3837 case NID_aes_256_cbc: |
|
3838 case NID_aes_128_ctr: |
|
3839 case NID_aes_192_ctr: |
|
3840 case NID_aes_256_ctr: |
|
3841 if (hw_yf_aes_instruction_set_present() == 1) { |
|
3842 return (0); |
|
3843 } else if (hw_fj_aes_instruction_set_present() == 1) { |
|
3844 return (1); |
|
3845 } |
|
3846 break; |
|
3847 case NID_des_ede3_cbc: |
|
3848 case NID_des_cbc: |
|
3849 if (hw_yf_des_instruction_set_present() == 1) { |
|
3850 return (0); |
|
3851 } |
|
3852 break; |
|
3853 } |
|
3854 #endif |
|
3855 |
|
3856 /* The table is never full, there is always at least one NID_undef. */ |
|
3857 while (nid_table[i] != NID_undef) |
|
3858 { |
|
3859 if (nid_table[i++] == nid) |
|
3860 { |
|
3861 DEBUG_SLOT_SEL(" (NID %d in hw table, idx %d)", nid, i); |
|
3862 return (1); |
|
3863 } |
|
3864 } |
|
3865 |
|
3866 return (0); |
|
3867 } |
|
3868 |
|
3869 |
|
3870 #if defined(__amd64) || defined(__i386) |
|
3871 /* Do we have an AES instruction set? */ |
|
3872 static int |
|
3873 hw_x86_aes_instruction_set_present(void) |
|
3874 { |
|
3875 static int present = -1; |
|
3876 |
|
3877 if (present == -1) |
|
3878 { |
|
3879 uint_t ui = 0; |
|
3880 (void) getisax(&ui, 1); |
|
3881 present = (ui & AV_386_AES) > 0; |
|
3882 } |
|
3883 |
|
3884 return (present); |
|
3885 } |
|
3886 #endif |
|
3887 |
|
3888 #if defined(__sparc) |
|
3889 |
|
3890 /* Do we have a T4 AES instruction set? */ |
|
3891 static int |
|
3892 hw_yf_aes_instruction_set_present(void) |
|
3893 { |
|
3894 static int present = -1; |
|
3895 if (present == -1) |
|
3896 { |
|
3897 uint_t ui = 0; |
|
3898 (void) getisax(&ui, 1); |
|
3899 present = (ui & (AV_SPARC_AES)) > 0; |
|
3900 } |
|
3901 |
|
3902 return (present); |
|
3903 } |
|
3904 |
|
3905 /* Do we have a Fujitsu AES instruction set? */ |
|
3906 static int |
|
3907 hw_fj_aes_instruction_set_present(void) |
|
3908 { |
|
3909 static int present = -1; |
|
3910 if (present == -1) |
|
3911 { |
|
3912 uint_t ui = 0; |
|
3913 (void) getisax(&ui, 1); |
|
3914 present = (ui & (AV_SPARC_FJAES)) > 0; |
|
3915 } |
|
3916 |
|
3917 return (present); |
|
3918 } |
|
3919 |
|
3920 static int |
|
3921 hw_yf_des_instruction_set_present(void) |
|
3922 { |
|
3923 static int present = -1; |
|
3924 if (present == -1) |
|
3925 { |
|
3926 uint_t ui = 0; |
|
3927 (void) getisax(&ui, 1); |
|
3928 present = (ui & (AV_SPARC_DES)) > 0; |
|
3929 } |
|
3930 |
|
3931 return (present); |
|
3932 } |
|
3933 |
|
3934 static int |
|
3935 hw_yf_digest_instruction_present(void) |
|
3936 { |
|
3937 static int cached_result = -1; |
|
3938 uint_t ui = 0; |
|
3939 |
|
3940 if (cached_result == -1) { |
|
3941 (void) getisax(&ui, 1); |
|
3942 cached_result = ((ui & AV_SPARC_MD5) != 0) && |
|
3943 ((ui & AV_SPARC_SHA1) != 0) && |
|
3944 ((ui & AV_SPARC_SHA256) != 0) && |
|
3945 ((ui & AV_SPARC_SHA512) != 0); |
|
3946 } |
|
3947 return (cached_result != 0); |
|
3948 } |
|
3949 #endif /* defined(__sparc) */ |
|
3950 |
|
3951 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
|
3952 |
|
3953 #endif /* OPENSSL_NO_HW_PK11 */ |
|
3954 #endif /* OPENSSL_NO_HW */ |
|