|
|
|
@ -138,7 +138,7 @@ static inline int pkcs11_sha256_init(EVP_MD_CTX *ctx);
|
|
|
|
|
static inline int pkcs11_sha384_init(EVP_MD_CTX *ctx);
|
|
|
|
|
static inline int pkcs11_sha512_init(EVP_MD_CTX *ctx);
|
|
|
|
|
static inline int pkcs11_md5_init(EVP_MD_CTX *ctx);
|
|
|
|
|
static inline int pkcs11_ripemd_init(EVP_MD_CTX *ctx);
|
|
|
|
|
static inline int pkcs11_ripemd160_init(EVP_MD_CTX *ctx);
|
|
|
|
|
/* End digest function prototypes */
|
|
|
|
|
|
|
|
|
|
static int pre_init_pkcs11(ENGINE *e);
|
|
|
|
@ -276,6 +276,7 @@ const EVP_CIPHER pkcs11_des_cbc = {
|
|
|
|
|
NULL /* app data (ctx->cipher_data) */
|
|
|
|
|
};
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
#define DECLARE_DES_EVP(lmode, umode) \
|
|
|
|
|
static EVP_CIPHER *des_##lmode = NULL; \
|
|
|
|
|
static const EVP_CIPHER *pkcs11_des_##lmode(void) \
|
|
|
|
@ -346,6 +347,7 @@ const EVP_CIPHER pkcs11_tdes_cbc = {
|
|
|
|
|
NULL /* app data (ctx->cipher_data) */
|
|
|
|
|
};
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
#define DECLARE_TDES_EVP(lmode, umode) \
|
|
|
|
|
static EVP_CIPHER *tdes_##lmode = NULL; \
|
|
|
|
|
static const EVP_CIPHER *pkcs11_tdes_##lmode(void) \
|
|
|
|
@ -482,6 +484,7 @@ const EVP_CIPHER pkcs11_aes_256_cbc = {
|
|
|
|
|
NULL /* app data (ctx->cipher_data) */
|
|
|
|
|
};
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
#define EVP_CIPHER_keylen_AES_128 16
|
|
|
|
|
#define EVP_CIPHER_keylen_AES_192 24
|
|
|
|
|
#define EVP_CIPHER_keylen_AES_256 32
|
|
|
|
@ -528,6 +531,7 @@ DECLARE_AES_EVP(192, ecb, ECB)
|
|
|
|
|
DECLARE_AES_EVP(256, ecb, ECB)
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
/* Message Digests */
|
|
|
|
|
const EVP_MD pkcs11_sha1 = {
|
|
|
|
|
NID_sha1,
|
|
|
|
@ -543,6 +547,7 @@ const EVP_MD pkcs11_sha1 = {
|
|
|
|
|
SHA_CBLOCK,
|
|
|
|
|
sizeof(struct pkcs11_digest_ctx)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const EVP_MD pkcs11_sha224 = {
|
|
|
|
|
NID_sha224,
|
|
|
|
|
NID_sha224WithRSAEncryption,
|
|
|
|
@ -557,6 +562,7 @@ const EVP_MD pkcs11_sha224 = {
|
|
|
|
|
SHA256_CBLOCK,
|
|
|
|
|
sizeof(struct pkcs11_digest_ctx)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const EVP_MD pkcs11_sha256 = {
|
|
|
|
|
NID_sha256,
|
|
|
|
|
NID_sha256WithRSAEncryption,
|
|
|
|
@ -571,6 +577,7 @@ const EVP_MD pkcs11_sha256 = {
|
|
|
|
|
SHA256_CBLOCK,
|
|
|
|
|
sizeof(struct pkcs11_digest_ctx)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const EVP_MD pkcs11_sha384 = {
|
|
|
|
|
NID_sha384,
|
|
|
|
|
NID_sha384WithRSAEncryption,
|
|
|
|
@ -585,6 +592,7 @@ const EVP_MD pkcs11_sha384 = {
|
|
|
|
|
SHA512_CBLOCK,
|
|
|
|
|
sizeof(struct pkcs11_digest_ctx)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const EVP_MD pkcs11_sha512 = {
|
|
|
|
|
NID_sha512,
|
|
|
|
|
NID_sha512WithRSAEncryption,
|
|
|
|
@ -615,12 +623,12 @@ const EVP_MD pkcs11_md5 = {
|
|
|
|
|
sizeof(struct pkcs11_digest_ctx)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const EVP_MD pkcs11_ripemd = {
|
|
|
|
|
const EVP_MD pkcs11_ripemd160 = {
|
|
|
|
|
NID_ripemd160,
|
|
|
|
|
NID_ripemd160WithRSA,
|
|
|
|
|
RIPEMD160_DIGEST_LENGTH,
|
|
|
|
|
0, /* flags */
|
|
|
|
|
pkcs11_ripemd_init,
|
|
|
|
|
pkcs11_ripemd160_init,
|
|
|
|
|
pkcs11_digest_update,
|
|
|
|
|
pkcs11_digest_finish, /* final */
|
|
|
|
|
pkcs11_digest_copy,
|
|
|
|
@ -629,10 +637,50 @@ const EVP_MD pkcs11_ripemd = {
|
|
|
|
|
RIPEMD160_CBLOCK,
|
|
|
|
|
sizeof(struct pkcs11_digest_ctx)
|
|
|
|
|
};
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
/********/
|
|
|
|
|
#define DECLARE_DIGEST_EVP(dig, len, enc) \
|
|
|
|
|
static EVP_MD *dig##_md = NULL; \
|
|
|
|
|
static const EVP_MD *pkcs11_##dig(void) \
|
|
|
|
|
{ \
|
|
|
|
|
if (dig##_md == NULL) { \
|
|
|
|
|
EVP_MD *md; \
|
|
|
|
|
if (( md = EVP_MD_meth_new(NID_##dig, \
|
|
|
|
|
NID_##dig##WithRSA##enc)) == NULL \
|
|
|
|
|
|| !EVP_MD_meth_set_result_size(md, len##_DIGEST_LENGTH) \
|
|
|
|
|
|| !EVP_MD_meth_set_input_blocksize(md, len##_CBLOCK) \
|
|
|
|
|
|| !EVP_MD_meth_set_app_datasize(md, \
|
|
|
|
|
sizeof(struct pkcs11_digest_ctx)) \
|
|
|
|
|
|| !EVP_MD_meth_set_flags(md, 0) \
|
|
|
|
|
|| !EVP_MD_meth_set_init(md, pkcs11_##dig##_init) \
|
|
|
|
|
|| !EVP_MD_meth_set_update(md, pkcs11_digest_update) \
|
|
|
|
|
|| !EVP_MD_meth_set_final(md, pkcs11_digest_finish) \
|
|
|
|
|
|| !EVP_MD_meth_set_copy(md, pkcs11_digest_copy) \
|
|
|
|
|
|| !EVP_MD_meth_set_cleanup(md, pkcs11_digest_cleanup)) { \
|
|
|
|
|
EVP_MD_meth_free(md); \
|
|
|
|
|
md = NULL; \
|
|
|
|
|
} \
|
|
|
|
|
dig##_md = md; \
|
|
|
|
|
} \
|
|
|
|
|
return dig##_md; \
|
|
|
|
|
} \
|
|
|
|
|
\
|
|
|
|
|
static void pkcs11_##dig##_destroy(void) \
|
|
|
|
|
{ \
|
|
|
|
|
EVP_MD_meth_free(dig##_md); \
|
|
|
|
|
dig##_md = NULL; \
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DECLARE_DIGEST_EVP(sha1, SHA, Encryption)
|
|
|
|
|
DECLARE_DIGEST_EVP(sha224, SHA256, Encryption)
|
|
|
|
|
DECLARE_DIGEST_EVP(sha256, SHA256, Encryption)
|
|
|
|
|
DECLARE_DIGEST_EVP(sha384, SHA512, Encryption)
|
|
|
|
|
DECLARE_DIGEST_EVP(sha512, SHA512, Encryption)
|
|
|
|
|
DECLARE_DIGEST_EVP(md5, MD5, Encryption)
|
|
|
|
|
DECLARE_DIGEST_EVP(ripemd160, RIPEMD160,)
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/********/
|
|
|
|
|
#ifndef OPENSSL_NO_RSA
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
static RSA_METHOD pkcs11_rsa =
|
|
|
|
@ -1047,25 +1095,53 @@ static int pkcs11_engine_digests(ENGINE * e, const EVP_MD ** digest,
|
|
|
|
|
if (pkcs11_token->pkcs11_implemented_digests[nid]) {
|
|
|
|
|
switch (nid) {
|
|
|
|
|
case NID_ripemd160:
|
|
|
|
|
*digest = &pkcs11_ripemd;
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
*digest = &pkcs11_ripemd160;
|
|
|
|
|
#else
|
|
|
|
|
*digest = pkcs11_ripemd160();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case NID_md5:
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
*digest = &pkcs11_md5;
|
|
|
|
|
#else
|
|
|
|
|
*digest = pkcs11_md5();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case NID_sha1:
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
*digest = &pkcs11_sha1;
|
|
|
|
|
#else
|
|
|
|
|
*digest = pkcs11_sha1();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case NID_sha224:
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
*digest = &pkcs11_sha224;
|
|
|
|
|
#else
|
|
|
|
|
*digest = pkcs11_sha224();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case NID_sha256:
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
*digest = &pkcs11_sha256;
|
|
|
|
|
#else
|
|
|
|
|
*digest = pkcs11_sha256();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case NID_sha384:
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
*digest = &pkcs11_sha384;
|
|
|
|
|
#else
|
|
|
|
|
*digest = pkcs11_sha384();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case NID_sha512:
|
|
|
|
|
#ifdef OLDER_OPENSSL
|
|
|
|
|
*digest = &pkcs11_sha512;
|
|
|
|
|
#else
|
|
|
|
|
*digest = pkcs11_sha512();
|
|
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
*digest = NULL;
|
|
|
|
@ -1632,6 +1708,13 @@ static int pkcs11_destroy(ENGINE *e)
|
|
|
|
|
pkcs11_aes_128_ecb_destroy();
|
|
|
|
|
pkcs11_aes_192_ecb_destroy();
|
|
|
|
|
pkcs11_aes_256_ecb_destroy();
|
|
|
|
|
pkcs11_sha1_destroy();
|
|
|
|
|
pkcs11_sha224_destroy();
|
|
|
|
|
pkcs11_sha256_destroy();
|
|
|
|
|
pkcs11_sha384_destroy();
|
|
|
|
|
pkcs11_sha512_destroy();
|
|
|
|
|
pkcs11_md5_destroy();
|
|
|
|
|
pkcs11_ripemd160_destroy();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
free_PKCS11_LIBNAME();
|
|
|
|
@ -3287,7 +3370,7 @@ pkcs11_md5_init(EVP_MD_CTX *ctx)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline int
|
|
|
|
|
pkcs11_ripemd_init(EVP_MD_CTX *ctx)
|
|
|
|
|
pkcs11_ripemd160_init(EVP_MD_CTX *ctx)
|
|
|
|
|
{
|
|
|
|
|
return pkcs11_digest_init(ctx, alg_ripemd);
|
|
|
|
|
}
|
|
|
|
|