Browse Source

IBM dynamic PKCS#11 engine for OpenSSL - initial drop

This is the initial drop for openssl-ibmpkcs11, an OpenSSL dynamic
engine that can be used to access crypto on PKCS#11 providers.

Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
master
Klaus Heinrich Kiwi 11 years ago
commit
a4894db787
26 changed files with 14604 additions and 0 deletions
  1. +0
    -0
      AUTHORS
  2. +0
    -0
      COPYING
  3. +19
    -0
      ChangeLog
  4. +182
    -0
      INSTALL
  5. +49
    -0
      LICENSE
  6. +1
    -0
      Makefile.am
  7. +0
    -0
      NEWS
  8. +20
    -0
      README
  9. +5
    -0
      bootstrap.sh
  10. +51
    -0
      configure.in
  11. +6911
    -0
      ltmain.sh
  12. +24
    -0
      openssl.cnf.sample.in
  13. +53
    -0
      rpm/ibmpkcs11.spec
  14. +15
    -0
      src/Makefile.am
  15. +3091
    -0
      src/e_pkcs11.c
  16. +144
    -0
      src/e_pkcs11_err.c
  17. +112
    -0
      src/include/cryptlib.h
  18. +94
    -0
      src/include/cryptoki.h
  19. +665
    -0
      src/include/e_os.h
  20. +33
    -0
      src/include/e_pkcs11.h
  21. +104
    -0
      src/include/e_pkcs11_err.h
  22. +124
    -0
      src/include/pkcs-11v2-20a3.h
  23. +299
    -0
      src/include/pkcs11.h
  24. +11
    -0
      src/include/pkcs11ext.h
  25. +912
    -0
      src/include/pkcs11f.h
  26. +1685
    -0
      src/include/pkcs11t.h

+ 0
- 0
AUTHORS View File


+ 0
- 0
COPYING View File


+ 19
- 0
ChangeLog View File

@ -0,0 +1,19 @@
* Fri Jul 9 2010 - yoder1@us.ibm.com
o converted patch to stand-alone packaging.
o added #ifdef OPENCRYPTOKI around the #pragma(pack) instructions in
cryptoki.h. openCryptoki doesn't pack its structures, so this was causing an
alignment issue.
o added #ifdef's based on openssl version in order to support the 2 different
prototypes for RSA_verify between openssl 0.9.8 and 1.0.0.
o Fixed an issue with passing a reference to an unsigned int through the
pkcs11 library interface. This broke RSA_sign on 64bit platforms.
o changed SSL_SIG_LENGTH from 64 to 36. 36 is the size of the concatenation of
an MD5 hash and a SHA1 hash, which is the length of the NID_md5_sha1 data to
be signed or verified. See e_pkcs11.c lines 2226 and 2093.
o in pkcs11_FindOrCreateKey, check that rsa->n exists before creating a pkcs11
object based on the RSA struct.
o in pkcs11_init_key, fix a condition where the iv is passed in through the
CIPHER_CTX pointer instead of the API itself, which led to a segfault.
o Fixed reference counting issue, probably compiler-induced
o drafted an rpm specfile

+ 182
- 0
INSTALL View File

@ -0,0 +1,182 @@
Basic Installation
==================
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, a file
`config.cache' that saves the results of its tests to speed up
reconfiguring, and a file `config.log' containing compiler output
(useful mainly for debugging `configure').
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If at some point `config.cache'
contains results you don't want to keep, you may remove or edit it.
The file `configure.in' is used to create `configure' by a program
called `autoconf'. You only need `configure.in' if you want to change
it or regenerate `configure' using a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. You can give `configure'
initial values for variables by setting them in the environment. Using
a Bourne-compatible shell, you can do that on the command line like
this:
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
Or on systems that have the `env' program, you can do it like this:
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not supports the `VPATH'
variable, you have to compile the package for one architecture at a time
in the source code directory. After you have installed the package for
one architecture, use `make distclean' before reconfiguring for another
architecture.
Installation Names
==================
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=PATH' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' can not figure out
automatically, but needs to determine by the type of host the package
will run on. Usually `configure' can figure that out, but if it prints
a message saying it can not guess the host type, give it the
`--host=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name with three fields:
CPU-COMPANY-SYSTEM
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the host type.
If you are building compiler tools for cross-compiling, you can also
use the `--target=TYPE' option to select the type of system they will
produce code for and the `--build=TYPE' option to select the type of
system on which you are compiling the package.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Operation Controls
==================
`configure' recognizes the following options to control how it
operates.
`--cache-file=FILE'
Use and save the results of the tests in FILE instead of
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
debugging `configure'.
`--help'
Print a summary of the options to `configure', and exit.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--version'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`configure' also accepts some other, not widely useful, options.

+ 49
- 0
LICENSE View File

@ -0,0 +1,49 @@
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/

+ 1
- 0
Makefile.am View File

@ -0,0 +1 @@
SUBDIRS=src

+ 0
- 0
NEWS View File


+ 20
- 0
README View File

@ -0,0 +1,20 @@
README for the IBM OpenSSL PKCS#11 engine
Report bugs: opencryptoki-users@lists.sf.net
ABOUT
This package contains the dynamic PKCS#11 engine, originally written by IBM,
with additions from Bull.
BUILDING
Requirements: OpenSSL 0.9.8 or newer
$ configure [--libdir=/usr/lib/openssl/engines]
[--enable-debug]
[--with-openssl=/path/to/custom/openssl]
$ make
# make install

+ 5
- 0
bootstrap.sh View File

@ -0,0 +1,5 @@
set -x
aclocal || exit 1
libtoolize --force -c || exit 1
automake --add-missing -c --foreign || exit 1
autoconf || exit 1

+ 51
- 0
configure.in View File

@ -0,0 +1,51 @@
#
# configure.in for the OpenSSL IBM PKCS#11 engine project
#
AC_INIT(openssl-ibmpkcs11, 0.1, opencryptoki-users@lists.sf.net)
AM_INIT_AUTOMAKE(1.6.3)
# Debugging support
AC_ARG_ENABLE(debug,
AC_HELP_STRING([--enable-debug], [turn on all debugging flags [default is off]]),
[enable_debug="yes"
AC_MSG_RESULT([*** Enabling debugging at user request ***])],)
# custom openssl location
AC_ARG_WITH(openssl,
[ --with-openssl[[=DIR]] build with OpenSSL support [[/usr/local/ssl]]],
[openssl_prefix=$withval],
[openssl_prefix=]
)
if test "x$openssl_prefix" != x; then
AC_MSG_RESULT([*** Using OpenSSL directory $openssl_prefix ***])
LDFLAGS="-L$openssl_prefix/lib $LDFLAGS"
CFLAGS="-I$openssl_prefix/include $CFLAGS"
fi
# If the user has not set CFLAGS, do something appropriate
test_CFLAGS=${CFLAGS+set}
if test "$test_CFLAGS" != set; then
if test "x$enable_debug" == "xyes"; then
CFLAGS="-O0 -g -DDEBUG -DPKCS11_DEBUG"
else
CFLAGS="-O2"
fi
fi
# OpenSSL location
AC_MSG_CHECKING([OpenSSL])
AC_CHECK_LIB(crypto, RAND_add, [], \
AC_MSG_ERROR([*** libcrypto not found]))
AC_DISABLE_STATIC
AC_PROG_CC
AC_PROG_LIBTOOL
CFLAGS="$CFLAGS -Wall -DLINUX -DOPENCRYPTOKI"
AC_SUBST(CFLAGS)
AC_SUBST(LIBDIR, $libdir)
AC_OUTPUT(Makefile src/Makefile openssl.cnf.sample)
echo "CFLAGS=$CFLAGS"

+ 6911
- 0
ltmain.sh
File diff suppressed because it is too large
View File


+ 24
- 0
openssl.cnf.sample.in View File

@ -0,0 +1,24 @@
#
# OpenSSL example configuration file. This file will load the engine
# for all operations that the engine implements for all apps that
# have OpenSSL config support compiled into them.
#
# Adding OpenSSL config support is as simple as adding the following line to
# the app:
#
# #define OPENSSL_LOAD_CONF 1
#
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
ibmpkcs11 = ibmpkcs11_section
[ibmpkcs11_section]
dynamic_path = @LIBDIR@/libibmpkcs11.so
engine_id = ibmpkcs11
#default_algorithms = ALL
default_algorithms = RAND,RSA,DSA,DH,CIPHERS,DIGESTS
init = 1

+ 53
- 0
rpm/ibmpkcs11.spec View File

@ -0,0 +1,53 @@
#
# spec file for the IBM PKCS#11 openssl engine package
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Copyright (c) 2010 IBM Corp.
#
Name: openssl-ibmpkcs11
Summary: An IBM PKCS#11 OpenSSL dynamic engine
Version: 0.1
Release: 1
License: Other License(s), see package, IBM Public License
Group: Hardware/Other
Source: %{name}-%{version}.tar.bz2
URL: http://sourceforge.net/projects/opencryptoki
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
%description
This package contains a shared object OpenSSL dynamic engine for the use
with a PKCS#11 implementation such as openCryptoki.
%prep
%setup -n %{name}-%{version}
%build
autoreconf --force --install
export CFLAGS="$RPM_OPT_FLAGS"
export CPPFLAGS="$RPM_OPT_FLAGS"
%configure --libdir=%{_libdir}/openssl/engines
make %{?_smp_mflags}
%install
make DESTDIR=%{buildroot} install
%clean
rm -rf %{buildroot}
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-, root, root)
%doc README ChangeLog openssl.cnf.sample
%{_libdir}/openssl/engines/libibmpkcs11.*
%changelog
* Fri Jul 9 2010 - yoder1@us.ibm.com
- initial version

+ 15
- 0
src/Makefile.am View File

@ -0,0 +1,15 @@
lib_LTLIBRARIES=libibmpkcs11.la
libibmpkcs11_la_CFLAGS=-I./include
libibmpkcs11_la_LDFLAGS=@LIBS@ -lc -lpthread
libibmpkcs11_la_SOURCES=e_pkcs11.c \
e_pkcs11_err.c \
e_pkcs11.h \
pkcs11f.h \
pkcs11t.h \
cryptoki.h \
e_pkcs11_err.h \
pkcs11ext.h \
pkcs11.h \
pkcs-11v2-20a3.h

+ 3091
- 0
src/e_pkcs11.c
File diff suppressed because it is too large
View File


+ 144
- 0
src/e_pkcs11_err.c View File

@ -0,0 +1,144 @@
/* hw_pkcs11_err.c */
/*
* PKCS#11 engine for the OpenSSL project 2002
* Developped by Bull Trustway R&D Networking & Security
* Introduced and tested with Bull TrustWay CC2000 crypto hardware
* Afchine.Madjlessi@bull.net Bull S.A. France
* http://www.servers.bull.com/trustway
*/
#include <stdio.h>
#include <openssl/err.h>
#include "e_pkcs11_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA pkcs11_str_functs[]=
{
{ERR_PACK(0,PKCS11_F_INIT,0), "PKCS11_INIT"},
{ERR_PACK(0,PKCS11_F_FINISH,0), "PKCS11_FINISH"},
{ERR_PACK(0,PKCS11_F_DESTROY,0), "PKCS11_DESTROY"},
{ERR_PACK(0,PKCS11_F_CTRL,0), "PKCS11_CTRL"},
{ERR_PACK(0,PKCS11_F_RSA_INIT,0), "PKCS11_RSA_INIT"},
{ERR_PACK(0,PKCS11_F_RSA_FINISH,0), "PKCS11_RSA_FINISH"},
{ERR_PACK(0,PKCS11_F_FINDORCREATEKEY,0),"PKCS11_FINDORCREATEKEY"},
{ERR_PACK(0,PKCS11_F_RSA_GEN_KEY,0), "PKCS11_RSA_GEN_KEY"},
{ERR_PACK(0,PKCS11_F_RSA_PUB_ENC,0), "PKCS11_RSA_PUB_ENC"},
{ERR_PACK(0,PKCS11_F_RSA_PRIV_ENC,0), "PKCS11_RSA_PRIV_ENC"},
{ERR_PACK(0,PKCS11_F_RSA_PUB_DEC,0), "PKCS11_RSA_PUB_DEC"},
{ERR_PACK(0,PKCS11_F_RSA_PRIV_DEC,0), "PKCS11_RSA_PRIV_DEC"},
{ERR_PACK(0,PKCS11_F_RSA_SIGN,0), "PKCS11_RSA_SIGN"},
{ERR_PACK(0,PKCS11_F_RSA_VERIFY,0), "PKCS11_RSA_VERIFY"},
{ERR_PACK(0,PKCS11_F_RAND_ADD,0), "PKCS11_RAND_ADD"},
{ERR_PACK(0,PKCS11_F_RAND_BYTES,0), "PKCS11_RAND_BYTES"},
{ERR_PACK(0,PKCS11_F_GETSESSION,0), "PKCS11_GETSESSION"},
{ERR_PACK(0,PKCS11_F_FREESESSION,0), "PKCS11_FREESESSION"},
{ERR_PACK(0,PKCS11_F_INITKEY,0), "PKCS11_INITKEY"},
{ERR_PACK(0,PKCS11_F_DIGESTINIT,0), "PKCS11_DIGESTINIT"},
{ERR_PACK(0,PKCS11_F_DIGESTUPDATE,0), "PKCS11_DIGESTUPDATE"},
{ERR_PACK(0,PKCS11_F_DIGESTFINISH,0), "PKCS11_DIGESTFINISH"},
{ERR_PACK(0,PKCS11_F_CIPHER_UPDATE,0), "PKCS11_CIPHER_UPDATE"},
{ERR_PACK(0,PKCS11_F_PREINIT,0), "PKCS11_PREINIT"},
{ERR_PACK(0,PKCS11_F_ADDTOKEN,0), "PKCS11_ADDTOKEN"},
{ERR_PACK(0,PKCS11_F_LOAD_PRIVKEY,0), "PKCS11_LOAD_PRIVKEY"},
{ERR_PACK(0,PKCS11_F_LOAD_PUBKEY,0), "PKCS11_LOAD_PUBKEY"},
{ERR_PACK(0,PKCS11_F_DIGESTCOPY,0), "PKCS11_DIGESTCOPY"},
{0,NULL}
};
static ERR_STRING_DATA pkcs11_str_reasons[]=
{
{PKCS11_R_ALREADY_LOADED ,"PKCS#11 DSO already loaded"},
{PKCS11_R_DSO_FAILURE ,"unable to load PKCS#11 DSO"},
{PKCS11_R_NOT_LOADED ,"PKCS#11 DSO not loaded"},
{PKCS11_R_PASSED_NULL_PARAMETER ,"null parameter passed"},
{PKCS11_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
{PKCS11_R_INITIALIZE ,"C_Initialize failed"},
{PKCS11_R_FINALIZE ,"C_Finalize failed"},
{PKCS11_R_GETINFO ,"C_GetInfo faile"},
{PKCS11_R_GETSLOTLIST ,"C_GetSlotList failed"},
{PKCS11_R_NO_MODULUS_OR_NO_EXPONENT ,"no modulus or no exponent"},
{PKCS11_R_ATTRIBUT_SENSITIVE_OR_INVALID ,"attrribute sensitive or invalid "},
{PKCS11_R_GETATTRIBUTVALUE ,"C_GetAttributeValue failed"},
{PKCS11_R_NO_MODULUS ,"no modulus"},
{PKCS11_R_NO_EXPONENT ,"no exponent"},
{PKCS11_R_FINDOBJECTSINIT ,"C_FindObjectsInit failed"},
{PKCS11_R_FINDOBJECTS ,"C_FindObjects failed"},
{PKCS11_R_FINDOBJECTSFINAL ,"C_FindObjectsFinal failed"},
{PKCS11_R_OBJECT_NOT_FOUND ,"object not found"},
{PKCS11_R_CREATEOBJECT ,"C_CreateObject failed"},
{PKCS11_R_DESTROYOBJECT ,"C_DestroyObject failed"},
{PKCS11_R_OPENSESSION ,"C_OpenSession failed"},
{PKCS11_R_CLOSESESSION ,"C_CloseSession failed"},
{PKCS11_R_ENCRYPTINIT ,"C_EncryptInit failed"},
{PKCS11_R_ENCRYPT ,"C_Encrypt failed"},
{PKCS11_R_SIGNINIT ,"C_SignInit failed"},
{PKCS11_R_SIGN ,"C_Sign failed"},
{PKCS11_R_DECRYPTINIT ,"C_DecryptInit failed"},
{PKCS11_R_DECRYPT ,"C_Decrypt failed"},
{PKCS11_R_VERIFYINIT ,"C_VerifyRecover failed"},
{PKCS11_R_VERIFY ,"C_Verify failed "},
{PKCS11_R_VERIFYRECOVERINIT ,"C_VerifyRecoverInit failed"},
{PKCS11_R_VERIFYRECOVER ,"C_VerifyRecover failed"},
{PKCS11_R_GEN_KEY ,"C_GenerateKeyPair failed"},
{PKCS11_R_SEEDRANDOM ,"C_SeedRandom failed"},
{PKCS11_R_GENERATERANDOM ,"C_GenerateRandom failed"},
{PKCS11_R_INVALID_MESSAGE_LENGTH ,"invalid message length"},
{PKCS11_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
{PKCS11_R_UNKNOWN_ASN1_OBJECT_ID ,"unknown asn1 onject id"},
{PKCS11_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"},
{PKCS11_R_DIGEST_TOO_BIG ,"digest too big"},
{PKCS11_R_MALLOC_FAILURE ,"malloc failure"},
{PKCS11_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"control command not implemented"},
{PKCS11_R_GETSLOTINFO ,"C_GetSlotInfo failed"},
{PKCS11_R_GETMECHANISMLIST ,"C_GetMechanismList failed"},
{PKCS11_R_GETMECHANISMINFO ,"C_GetMechanismInfo failed"},
{PKCS11_R_BADMECHANISM ,"bad mechanism"},
{PKCS11_R_DIGESTINIT ,"C_DigestInit failed"},
{PKCS11_R_DIGESTUPDATE ,"C_DigestUpdate failed"},
{PKCS11_R_DIGESTFINAL ,"C_DigestFinal failed"},
{PKCS11_R_NOTOKENS ,"no hardware tokens found"},
{PKCS11_R_NOTOKENFORALGORITHM ,"no tokens available to accelerate algorithm"},
{PKCS11_R_DIGEST ,"C_Digest failed"},
{0,NULL}
};
#endif
static int pkcs11_lib_error_code=0;
static int pkcs11_error_init=1;
void ERR_load_pkcs11_strings(void)
{
if (pkcs11_lib_error_code == 0)
pkcs11_lib_error_code = ERR_get_next_error_library();
if (pkcs11_error_init)
{
pkcs11_error_init=0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(pkcs11_lib_error_code,pkcs11_str_functs);
ERR_load_strings(pkcs11_lib_error_code,pkcs11_str_reasons);
#endif
}
}
void ERR_unload_pkcs11_strings(void)
{
if (pkcs11_error_init == 0)
{
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(pkcs11_lib_error_code,pkcs11_str_functs);
ERR_unload_strings(pkcs11_lib_error_code,pkcs11_str_reasons);
#endif
pkcs11_error_init = 1;
}
}
void ERR_pkcs11_error(int function, int reason, char *file, int line)
{
if (pkcs11_lib_error_code == 0)
pkcs11_lib_error_code=ERR_get_next_error_library();
ERR_PUT_error(pkcs11_lib_error_code,function,reason,file,line);
//ERR_print_errors_fp(stderr);
}

+ 112
- 0
src/include/cryptlib.h View File

@ -0,0 +1,112 @@
/* crypto/cryptlib.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_CRYPTLIB_H
#define HEADER_CRYPTLIB_H
#include <stdlib.h>
#include <string.h>
#include "e_os.h"
#ifdef OPENSSL_USE_APPLINK
#define BIO_FLAGS_UPLINK 0x8000
#include "ms/uplink.h"
#endif
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/opensslconf.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifndef OPENSSL_SYS_VMS
#define X509_CERT_AREA OPENSSLDIR
#define X509_CERT_DIR OPENSSLDIR "/certs"
#define X509_CERT_FILE OPENSSLDIR "/cert.pem"
#define X509_PRIVATE_DIR OPENSSLDIR "/private"
#else
#define X509_CERT_AREA "SSLROOT:[000000]"
#define X509_CERT_DIR "SSLCERTS:"
#define X509_CERT_FILE "SSLCERTS:cert.pem"
#define X509_PRIVATE_DIR "SSLPRIVATE:"
#endif
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
/* size of string representations */
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) (sizeof(type)*2)
void OPENSSL_cpuid_setup(void);
extern unsigned long OPENSSL_ia32cap_P;
void OPENSSL_showfatal(const char *,...);
void *OPENSSL_stderr(void);
extern int OPENSSL_NONPIC_relocated;
int OPENSSL_isservice(void);
#ifdef __cplusplus
}
#endif
#endif

+ 94
- 0
src/include/cryptoki.h View File

@ -0,0 +1,94 @@
/* cryptoki.h include file for PKCS #11. */
/* $Revision$ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/*
Modified IBM 2008. Multiplatform support
*/
#ifndef ___CRYPTOKI_H_INC___
#define ___CRYPTOKI_H_INC___
/* We don't pack our structures in openCryptoki, which will lead to alignment issues if the
* engine expects them to be */
#ifndef OPENCRYPTOKI
#pragma pack(push, cryptoki, 1)
#endif
#if defined(AIX) || defined(HPUX) || defined(SOLARIS) || defined(LINUX) || defined(LINUX64) || defined(_IA64) | defined(AIX64) || defined(__LP64__)
# define CK_ENTRY
# define CK_CALLBACK_ENTRY
# define CK_IMPORT_SPEC
# define CK_CALL_SPEC
#elif defined(OS2)
# define CK_ENTRY
# define CK_CALLBACK_ENTRY _Optlink
# define CK_IMPORT_SPEC
# define CK_CALL_SPEC
#elif defined(WIN32)
# define CK_ENTRY __declspec( dllexport )
# define CK_CALLBACK_ENTRY
# define CK_IMPORT_SPEC __declspec(dllimport)
# define CK_CALL_SPEC __cdecl
#else
# error "Includes not defined for this platform."
#endif
/* Define CRYPTOKI_EXPORTS during the build of cryptoki libraries. Do
* not define it in applications.
*/
#ifdef CRYPTOKI_EXPORTS
/* Specified that the function is an exported DLL entry point. */
#define CK_EXPORT_SPEC __declspec(dllexport)
#else
#define CK_EXPORT_SPEC CK_IMPORT_SPEC
#endif
#define CK_PTR *
#define CK_DEFINE_FUNCTION(returnType, name) \
returnType CK_EXPORT_SPEC CK_CALL_SPEC name
#define CK_DECLARE_FUNCTION(returnType, name) \
returnType CK_EXPORT_SPEC CK_CALL_SPEC name
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
returnType CK_IMPORT_SPEC (CK_CALL_SPEC CK_PTR name)
#define CK_CALLBACK_FUNCTION(returnType, name) \
returnType (CK_CALL_SPEC CK_PTR name)
#ifndef NULL_PTR
#define NULL_PTR 0
#endif
#include "pkcs11.h"
#ifndef OPENCRYPTOKI
#pragma pack(pop, cryptoki)
#endif
#endif /* ___CRYPTOKI_H_INC___ */

+ 665
- 0
src/include/e_os.h View File

@ -0,0 +1,665 @@
/* e_os.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_E_OS_H
#define HEADER_E_OS_H
#include <openssl/opensslconf.h>
#include <openssl/e_os2.h>
/* <openssl/e_os2.h> contains what we can justify to make visible
* to the outside; this file e_os.h is not part of the exported
* interface. */
#ifdef __cplusplus
extern "C" {
#endif
/* Used to checking reference counts, most while doing perl5 stuff :-) */
#ifdef REF_PRINT
#undef REF_PRINT
#define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
#endif
#ifndef DEVRANDOM
/* set this to a comma-separated list of 'random' device files to try out.
* My default, we will try to read at least one of these files */
#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
#endif
#ifndef DEVRANDOM_EGD
/* set this to a comma-seperated list of 'egd' sockets to try out. These
* sockets will be tried in the order listed in case accessing the device files
* listed in DEVRANDOM did not return enough entropy. */
#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
#endif
#if defined(OPENSSL_SYS_VXWORKS)
# define NO_SYS_PARAM_H
# define NO_CHMOD
# define NO_SYSLOG
#endif
#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
# if macintosh==1
# ifndef MAC_OS_GUSI_SOURCE
# define MAC_OS_pre_X
# define NO_SYS_TYPES_H
typedef long ssize_t;
# endif
# define NO_SYS_PARAM_H
# define NO_CHMOD
# define NO_SYSLOG
# undef DEVRANDOM
# define GETPID_IS_MEANINGLESS
# endif
#endif
/********************************************************************
The Microsoft section
********************************************************************/
/* The following is used becaue of the small stack in some
* Microsoft operating systems */
#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
# define MS_STATIC static
#else
# define MS_STATIC
#endif
#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
# define WIN32
#endif
#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
# define WIN16
#endif
#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
# define WINDOWS
#endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
# define MSDOS
#endif
#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
# define GETPID_IS_MEANINGLESS
#endif
#ifdef WIN32
#define get_last_sys_error() GetLastError()
#define clear_sys_error() SetLastError(0)
#if !defined(WINNT)
#define WIN_CONSOLE_BUG
#endif
#else
#define get_last_sys_error() errno
#define clear_sys_error() errno=0
#endif
#if defined(WINDOWS)
#define get_last_socket_error() WSAGetLastError()
#define clear_socket_error() WSASetLastError(0)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
#define EADDRINUSE WSAEADDRINUSE
#elif defined(__DJGPP__)
#define WATT32
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define closesocket(s) close_s(s)
#define readsocket(s,b,n) read_s(s,b,n)
#define writesocket(s,b,n) send(s,b,n,0)
#elif defined(MAC_OS_pre_X)
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define closesocket(s) MacSocket_close(s)
#define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true)
#define writesocket(s,b,n) MacSocket_send((s),(b),(n))
#elif defined(OPENSSL_SYS_VMS)
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define ioctlsocket(a,b,c) ioctl(a,b,c)
#define closesocket(s) close(s)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
#elif defined(OPENSSL_SYS_VXWORKS)
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c))
#define closesocket(s) close(s)
#define readsocket(s,b,n) read((s),(b),(n))
#define writesocket(s,b,n) write((s),(char *)(b),(n))
#elif defined(OPENSSL_SYS_NETWARE)
#if defined(NETWARE_BSDSOCK)
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define closesocket(s) close(s)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
#else
#define get_last_socket_error() WSAGetLastError()
#define clear_socket_error() WSASetLastError(0)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
#endif
#else
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define ioctlsocket(a,b,c) ioctl(a,b,c)
#define closesocket(s) close(s)
#define readsocket(s,b,n) read((s),(b),(n))
#define writesocket(s,b,n) write((s),(b),(n))
#endif
#ifdef WIN16
# define MS_CALLBACK _far _loadds
# define MS_FAR _far
#else
# define MS_CALLBACK
# define MS_FAR
#endif
#ifdef OPENSSL_NO_STDIO
# undef OPENSSL_NO_FP_API
# define OPENSSL_NO_FP_API
#endif
#if (defined(WINDOWS) || defined(MSDOS))
# ifdef __DJGPP__
# include <unistd.h>
# include <sys/stat.h>
# include <sys/socket.h>
# include <tcp.h>
# include <netdb.h>
# define _setmode setmode
# define _O_TEXT O_TEXT
# define _O_BINARY O_BINARY
# undef DEVRANDOM
# define DEVRANDOM "/dev/urandom\x24"
# endif /* __DJGPP__ */
# ifndef S_IFDIR
# define S_IFDIR _S_IFDIR
# endif
# ifndef S_IFMT
# define S_IFMT _S_IFMT
# endif
# if !defined(WINNT) && !defined(__DJGPP__)
# define NO_SYSLOG
# endif
# define NO_DIRENT
# ifdef WINDOWS
# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
/*
* Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
* Most notably we ought to check for availability of each specific
* routine with GetProcAddress() and/or quard NT-specific calls with
* GetVersion() < 0x80000000. One can argue that in latter "or" case
* we ought to /DELAYLOAD some .DLLs in order to protect ourselves
* against run-time link errors. This doesn't seem to be necessary,
* because it turned out that already Windows 95, first non-NT Win32
* implementation, is equipped with at least NT 3.51 stubs, dummy
* routines with same name, but which do nothing. Meaning that it's
* apparently appropriate to guard generic NT calls with GetVersion
* alone, while NT 4.0 and above calls ought to be additionally
* checked upon with GetProcAddress.
*/
# define _WIN32_WINNT 0x0400
# endif
# include <windows.h>
# include <stddef.h>
# include <errno.h>
# include <string.h>
# ifdef _WIN64
# define strlen(s) _strlen31(s)
/* cut strings to 2GB */
static unsigned int _strlen31(const char *str)
{
unsigned int len=0;
while (*str && len<0x80000000U) str++, len++;
return len&0x7FFFFFFF;
}
# endif
# include <malloc.h>
# endif
# include <io.h>
# include <fcntl.h>
# ifdef OPENSSL_SYS_WINCE
# include <winsock_extras.h>
# endif
# define ssize_t long
# if defined (__BORLANDC__)
# define _setmode setmode
# define _O_TEXT O_TEXT
# define _O_BINARY O_BINARY
# define _int64 __int64
# define _kbhit kbhit
# endif
# if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
# define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
# else
# define EXIT(n) exit(n)
# endif
# define LIST_SEPARATOR_CHAR ';'
# ifndef X_OK
# define X_OK 0
# endif
# ifndef W_OK
# define W_OK 2
# endif
# ifndef R_OK
# define R_OK 4
# endif
# define OPENSSL_CONF "openssl.cnf"
# define SSLEAY_CONF OPENSSL_CONF
# define NUL_DEV "nul"
# define RFILE ".rnd"
# ifdef OPENSSL_SYS_WINCE
# define DEFAULT_HOME ""
# else
# define DEFAULT_HOME "C:"
# endif
#else /* The non-microsoft world world */
# ifdef OPENSSL_SYS_VMS
# define VMS 1
/* some programs don't include stdlib, so exit() and others give implicit
function warnings */
# include <stdlib.h>
# if defined(__DECC)
# include <unistd.h>
# else
# include <unixlib.h>
# endif
# define OPENSSL_CONF "openssl.cnf"
# define SSLEAY_CONF OPENSSL_CONF
# define RFILE ".rnd"
# define LIST_SEPARATOR_CHAR ','
# define NUL_DEV "NLA0:"
/* We don't have any well-defined random devices on VMS, yet... */
# undef DEVRANDOM
/* We need to do this since VMS has the following coding on status codes:
Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
The important thing to know is that odd numbers are considered
good, while even ones are considered errors.
Bits 3-15: actual status number
Bits 16-27: facility number. 0 is considered "unknown"
Bits 28-31: control bits. If bit 28 is set, the shell won't try to
output the message (which, for random codes, just looks ugly)
So, what we do here is to change 0 to 1 to get the default success status,
and everything else is shifted up to fit into the status number field, and
the status is tagged as an error, which I believe is what is wanted here.
-- Richard Levitte
*/
# define EXIT(n) do { int __VMS_EXIT = n; \
if (__VMS_EXIT == 0) \
__VMS_EXIT = 1; \
else \
__VMS_EXIT = (n << 3) | 2; \
__VMS_EXIT |= 0x10000000; \
exit(__VMS_EXIT); } while(0)
# define NO_SYS_PARAM_H
# elif defined(OPENSSL_SYS_NETWARE)
# include <fcntl.h>
# include <unistd.h>
# define NO_SYS_TYPES_H
# undef DEVRANDOM
# ifdef NETWARE_CLIB
# define getpid GetThreadID
# endif
# define NO_SYSLOG
# define _setmode setmode
# define _kbhit kbhit
# define _O_TEXT O_TEXT
# define _O_BINARY O_BINARY
# define OPENSSL_CONF "openssl.cnf"
# define SSLEAY_CONF OPENSSL_CONF
# define RFILE ".rnd"
# define LIST_SEPARATOR_CHAR ';'
# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); }
# else
/* !defined VMS */
# ifdef OPENSSL_SYS_MPE
# define NO_SYS_PARAM_H
# endif
# ifdef OPENSSL_UNISTD
# include OPENSSL_UNISTD
# else
# include <unistd.h>
# endif
# ifndef NO_SYS_TYPES_H
# include <sys/types.h>
# endif
# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
* (unless when compiling with -D_POSIX_SOURCE,
* which doesn't work for us) */
# endif
# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
# define ssize_t int /* ditto */
# endif
# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
# define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
typedef unsigned long clock_t;
# endif
# define OPENSSL_CONF "openssl.cnf"
# define SSLEAY_CONF OPENSSL_CONF
# define RFILE ".rnd"
# define LIST_SEPARATOR_CHAR ':'
# define NUL_DEV "/dev/null"
# define EXIT(n) exit(n)
# endif
# define SSLeay_getpid() getpid()
#endif
/*************/
#ifdef USE_SOCKETS
# if defined(WINDOWS) || defined(MSDOS)
/* windows world */
# ifdef OPENSSL_NO_SOCK
# define SSLeay_Write(a,b,c) (-1)
# define SSLeay_Read(a,b,c) (-1)
# define SHUTDOWN(fd) close(fd)
# define SHUTDOWN2(fd) close(fd)
# elif !defined(__DJGPP__)
# include <winsock.h>
extern HINSTANCE _hInstance;
# ifdef _WIN64
/*
* Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
* the value constitutes an index in per-process table of limited size
* and not a real pointer.
*/
# define socket(d,t,p) ((int)socket(d,t,p))
# define accept(s,f,l) ((int)accept(s,f,l))
# endif
# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
# else
# define SSLeay_Write(a,b,c) write_s(a,b,c,0)
# define SSLeay_Read(a,b,c) read_s(a,b,c)
# define SHUTDOWN(fd) close_s(fd)
# define SHUTDOWN2(fd) close_s(fd)
# endif
# elif defined(MAC_OS_pre_X)
# include "MacSocket.h"
# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c))
# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true)
# define SHUTDOWN(fd) MacSocket_close(fd)
# define SHUTDOWN2(fd) MacSocket_close(fd)
# elif defined(OPENSSL_SYS_NETWARE)
/* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD
*/
# if defined(NETWARE_BSDSOCK)
# include <sys/socket.h>
# include <netinet/in.h>
# include <sys/time.h>
# include <sys/select.h>
# define INVALID_SOCKET (int)(~0)
# else
# include <novsock2.h>
# endif
# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
# else
# ifndef NO_SYS_PARAM_H
# include <sys/param.h>
# endif
# ifdef OPENSSL_SYS_VXWORKS
# include <time.h>
# elif !defined(OPENSSL_SYS_MPE)
# include <sys/time.h> /* Needed under linux for FD_XXX */
# endif
# include <netdb.h>
# if defined(OPENSSL_SYS_VMS_NODECC)
# include <socket.h>
# include <in.h>
# include <inet.h>
# else
# include <sys/socket.h>
# ifdef FILIO_H
# include <sys/filio.h> /* Added for FIONBIO under unixware */
# endif
# include <netinet/in.h>
# include <arpa/inet.h>
# endif
# if defined(NeXT) || defined(_NEXT_SOURCE)
# include <sys/fcntl.h>
# include <sys/types.h>
# endif
# ifdef OPENSSL_SYS_AIX
# include <sys/select.h>
# endif
# ifdef __QNX__
# include <sys/select.h>
# endif
# if defined(sun)
# include <sys/filio.h>
# else
# ifndef VMS
# include <sys/ioctl.h>
# else
/* ioctl is only in VMS > 7.0 and when socketshr is not used */
# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
# include <sys/ioctl.h>
# endif
# endif
# endif
# ifdef VMS
# include <unixio.h>
# if defined(TCPIP_TYPE_SOCKETSHR)
# include <socketshr.h>
# endif
# endif
# define SSLeay_Read(a,b,c) read((a),(b),(c))
# define SSLeay_Write(a,b,c) write((a),(b),(c))
# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); }
# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); }
# ifndef INVALID_SOCKET
# define INVALID_SOCKET (-1)
# endif /* INVALID_SOCKET */
# endif
#endif
#if defined(__ultrix)
# ifndef ssize_t
# define ssize_t int
# endif
#endif
#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
/* include headers first, so our defines don't break it */
#include <stdlib.h>
#include <string.h>
/* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
extern char *sys_errlist[]; extern int sys_nerr;
# define strerror(errnum) \
(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
/* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
#include "crypto/o_str.h"
# define memcmp OPENSSL_memcmp
#endif
#ifndef OPENSSL_EXIT
# if defined(MONOLITH) && !defined(OPENSSL_C)
# define OPENSSL_EXIT(n) return(n)
# else
# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
# endif
#endif
/***********************************************/
/* do we need to do this for getenv.
* Just define getenv for use under windows */
#ifdef WIN16
/* How to do this needs to be thought out a bit more.... */
/*char *GETENV(char *);
#define Getenv GETENV*/
#define Getenv getenv
#else
#define Getenv getenv
#endif
#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */
#ifdef sgi
#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */
#endif
#ifdef OPENSSL_SYS_SNI
#define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/
#endif
#if defined(OPENSSL_SYS_WINDOWS)
# define strcasecmp _stricmp
# define strncasecmp _strnicmp
#elif defined(OPENSSL_SYS_VMS)
/* VMS below version 7.0 doesn't have strcasecmp() */
# include "o_str.h"
# define strcasecmp OPENSSL_strcasecmp
# define strncasecmp OPENSSL_strncasecmp
# define OPENSSL_IMPLEMENTS_strncasecmp
#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
# define strcasecmp stricmp
# define strncasecmp strnicmp
#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
# define strcasecmp stricmp
# define strncasecmp strnicmp
#else
# ifdef NO_STRINGS_H
int strcasecmp();
int strncasecmp();
# else
# include <strings.h>
# endif /* NO_STRINGS_H */
#endif
#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
# include <io.h>
# include <fcntl.h>
# define NO_SYSLOG
#endif
/* vxworks */
#if defined(OPENSSL_SYS_VXWORKS)
#include <ioLib.h>
#include <tickLib.h>
#include <sysLib.h>
#define TTY_STRUCT int
#define sleep(a) taskDelay((a) * sysClkRateGet())
#include <vxWorks.h>
#include <sockLib.h>
#include <taskLib.h>
#define getpid taskIdSelf
/* NOTE: these are implemented by helpers in database app!
* if the database is not linked, we need to implement them
* elswhere */
struct hostent *gethostbyname(const char *name);
struct hostent *gethostbyaddr(const char *addr, int length, int type);
struct servent *getservbyname(const char *name, const char *proto);
#endif
/* end vxworks */
#ifdef __cplusplus
}
#endif
#endif

+ 33
- 0
src/include/e_pkcs11.h View File

@ -0,0 +1,33 @@
#ifndef _HW_PKCS11_H_
#define _HW_PKCS11_H_
struct _token {
struct _token *token_next; /* next token in list of all tokens */
CK_SLOT_ID slot; /* slot ID of this token */
};
/* Future:
* Lists for free (non-busy) rsa,des... tokens.
*/
struct _token *pkcs11_token_list = NULL;
struct _token *pkcs11_rsa_head = NULL;
struct _token *pkcs11_des_head = NULL;
struct _token *pkcs11_tdes_head = NULL;
struct _token *pkcs11_sha_head = NULL;
struct _token *pkcs11_dh_head = NULL;
struct _token *pkcs11_aes_head = NULL;
struct _token *pkcs11_ripemd_head = NULL;
struct _token *pkcs11_ssl3_head = NULL;
struct _token *pkcs11_md5_head = NULL;
enum alg_type { alg_rsa=1, alg_des, alg_tdes, alg_sha, alg_dh, alg_aes,
alg_ripemd, alg_ssl3, alg_md5, alg_rand,
alg_sha224,alg_sha256,alg_sha384,alg_sha512 };
#endif

+ 104
- 0
src/include/e_pkcs11_err.h View File

@ -0,0 +1,104 @@
/* hw_pkcs11_err.h (replace hw_trustway.c) */
/*
* PKCS#11 engine for the OpenSSL project 2002
* Developped by Bull Trustway R&D Networking & Security
* Introduced and tested with Bull TrustWay CC2000 crypto hardware
* Afchine.Madjlessi@bull.net Bull S.A. France
* http://www.servers.bull.com/trustway
*/
#ifndef HEADER_PKCS11_ERR_H
#define HEADER_PKCS11_ERR_H
void ERR_load_pkcs11_strings(void);
void ERR_unload_pkcs11_strings(void);
void ERR_pkcs11_error(int function, int reason, char *file, int line);
#define PKCS11err(f,r) ERR_pkcs11_error((f),(r),__FILE__,__LINE__)
/* Error codes for the PKCS11 functions. */
/* Function codes. */
#define PKCS11_F_INIT 100
#define PKCS11_F_FINISH 101
#define PKCS11_F_DESTROY 102
#define PKCS11_F_CTRL 103
#define PKCS11_F_RSA_INIT 104
#define PKCS11_F_RSA_FINISH 105
#define PKCS11_F_FINDORCREATEKEY 106
#define PKCS11_F_RSA_GEN_KEY 107
#define PKCS11_F_RSA_PUB_ENC 108
#define PKCS11_F_RSA_PRIV_ENC 109
#define PKCS11_F_RSA_PUB_DEC 110
#define PKCS11_F_RSA_PRIV_DEC 111
#define PKCS11_F_RSA_SIGN 112
#define PKCS11_F_RSA_VERIFY 113
#define PKCS11_F_RAND_ADD 114
#define PKCS11_F_RAND_BYTES 115
#define PKCS11_F_GETSESSION 116
#define PKCS11_F_FREESESSION 117
#define PKCS11_F_LOAD_PUBKEY 118
#define PKCS11_F_LOAD_PRIVKEY 119
#define PKCS11_F_ADDTOKEN 120
#define PKCS11_F_INITKEY 121
#define PKCS11_F_DIGESTINIT 122
#define PKCS11_F_DIGESTUPDATE 123
#define PKCS11_F_DIGESTFINISH 124
#define PKCS11_F_CIPHER_UPDATE 125
#define PKCS11_F_PREINIT 126
#define PKCS11_F_DIGESTCOPY 127
/* Reason codes. */
#define PKCS11_R_ALREADY_LOADED 100
#define PKCS11_R_DSO_FAILURE 101
#define PKCS11_R_NOT_LOADED 102
#define PKCS11_R_PASSED_NULL_PARAMETER 103
#define PKCS11_R_COMMAND_NOT_IMPLEMENTED 104
#define PKCS11_R_INITIALIZE 105
#define PKCS11_R_FINALIZE 106
#define PKCS11_R_GETINFO 107
#define PKCS11_R_GETSLOTLIST 108
#define PKCS11_R_NO_MODULUS_OR_NO_EXPONENT 109
#define PKCS11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
#define PKCS11_R_GETATTRIBUTVALUE 111
#define PKCS11_R_NO_MODULUS 112
#define PKCS11_R_NO_EXPONENT 113
#define PKCS11_R_FINDOBJECTSINIT 114
#define PKCS11_R_FINDOBJECTS 115
#define PKCS11_R_FINDOBJECTSFINAL 116
#define PKCS11_R_OBJECT_NOT_FOUND 117
#define PKCS11_R_CREATEOBJECT 118
#define PKCS11_R_DESTROYOBJECT 119
#define PKCS11_R_OPENSESSION 120
#define PKCS11_R_CLOSESESSION 121
#define PKCS11_R_ENCRYPTINIT 122
#define PKCS11_R_ENCRYPT 123
#define PKCS11_R_SIGNINIT 124
#define PKCS11_R_SIGN 125
#define PKCS11_R_DECRYPTINIT 126
#define PKCS11_R_DECRYPT 127
#define PKCS11_R_VERIFYINIT 128
#define PKCS11_R_VERIFY 129
#define PKCS11_R_VERIFYRECOVERINIT 130
#define PKCS11_R_VERIFYRECOVER 131
#define PKCS11_R_GEN_KEY 132
#define PKCS11_R_SEEDRANDOM 133
#define PKCS11_R_GENERATERANDOM 134
#define PKCS11_R_INVALID_MESSAGE_LENGTH 135
#define PKCS11_R_UNKNOWN_ALGORITHM_TYPE 136
#define PKCS11_R_UNKNOWN_ASN1_OBJECT_ID 137
#define PKCS11_R_UNKNOWN_PADDING_TYPE 138
#define PKCS11_R_DIGEST_TOO_BIG 139
#define PKCS11_R_MALLOC_FAILURE 140
#define PKCS11_R_CTRL_COMMAND_NOT_IMPLEMENTED 141
#define PKCS11_R_GETSLOTINFO 142
#define PKCS11_R_GETMECHANISMLIST 143
#define PKCS11_R_GETMECHANISMINFO 144
#define PKCS11_R_BADMECHANISM 145
#define PKCS11_R_DIGESTINIT 146
#define PKCS11_R_DIGESTUPDATE 147
#define PKCS11_R_DIGESTFINAL 148
#define PKCS11_R_NOTOKENS 149
#define PKCS11_R_NOTOKENFORALGORITHM 150
#define PKCS11_R_DIGEST 151
#endif

+ 124
- 0
src/include/pkcs-11v2-20a3.h View File

@ -0,0 +1,124 @@
/* pkcs-11v2-20a3.h include file for the PKCS #11 Version 2.20 Amendment 3
document. */
/* $Revision$ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki) Version 2.20 Amendment 3" in all material mentioning or
* referencing this software.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/* This file is preferably included after inclusion of pkcs11.h */
#ifndef _PKCS_11V2_20A3_H_
#define _PKCS_11V2_20A3_H_ 1
/* Are the definitions of this file already included in pkcs11t.h ? */
#ifndef CKK_CAMELLIA
#ifdef __cplusplus
extern "C" {
#endif
/* Key types */
/* Camellia is new for PKCS #11 v2.20 amendment 3 */
#define CKK_CAMELLIA 0x00000025
/* ARIA is new for PKCS #11 v2.20 amendment 3 */
#define CKK_ARIA 0x00000026
/* Mask-generating functions */
/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
#define CKG_MGF1_SHA224 0x00000005
/* Mechanism Identifiers */
/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
#define CKM_SHA224 0x00000255
#define CKM_SHA224_HMAC 0x00000256
#define CKM_SHA224_HMAC_GENERAL 0x00000257
/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
#define CKM_SHA224_KEY_DERIVATION 0x00000396
/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
#define CKM_SHA224_RSA_PKCS 0x00000046
#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
#define CKM_AES_CTR 0x00001086
/* Camellia is new for PKCS #11 v2.20 amendment 3 */
#define CKM_CAMELLIA_KEY_GEN 0x00000550
#define CKM_CAMELLIA_ECB 0x00000551
#define CKM_CAMELLIA_CBC 0x00000552
#define CKM_CAMELLIA_MAC 0x00000553
#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
#define CKM_CAMELLIA_CBC_PAD 0x00000555
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
#define CKM_CAMELLIA_CTR 0x00000558
/* ARIA is new for PKCS #11 v2.20 amendment 3 */
#define CKM_ARIA_KEY_GEN 0x00000560
#define CKM_ARIA_ECB 0x00000561
#define CKM_ARIA_CBC 0x00000562
#define CKM_ARIA_MAC 0x00000563
#define CKM_ARIA_MAC_GENERAL 0x00000564
#define CKM_ARIA_CBC_PAD 0x00000565
#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
/* Mechanism parameters */
/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_AES_CTR_PARAMS {
CK_ULONG ulCounterBits;
CK_BYTE cb[16];
} CK_AES_CTR_PARAMS;
typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_CAMELLIA_CTR_PARAMS {
CK_ULONG ulCounterBits;
CK_BYTE cb[16];
} CK_CAMELLIA_CTR_PARAMS;
typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
CK_BYTE iv[16];
CK_BYTE_PTR pData;
CK_ULONG length;
} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
CK_BYTE iv[16];
CK_BYTE_PTR pData;
CK_ULONG length;
} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
#ifdef __cplusplus
}
#endif
#endif
#endif

+ 299
- 0
src/include/pkcs11.h View File

@ -0,0 +1,299 @@
/* pkcs11.h include file for PKCS #11. */
/* $Revision$ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
#ifndef _PKCS11_H_
#define _PKCS11_H_ 1
#ifdef __cplusplus
extern "C" {
#endif
/* Before including this file (pkcs11.h) (or pkcs11t.h by
* itself), 6 platform-specific macros must be defined. These
* macros are described below, and typical definitions for them
* are also given. Be advised that these definitions can depend
* on both the platform and the compiler used (and possibly also
* on whether a Cryptoki library is linked statically or