Loading crypto/engine/eng_cryptodev.c +65 −69 Original line number Diff line number Diff line Loading @@ -1308,12 +1308,12 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF asym process failed, Running in software\n"); ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont); } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF hardware operation cancelled. Running in Software\n"); ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont); } /* else cryptodev operation worked ok ==> ret = 1 */ Loading @@ -1327,8 +1327,12 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; BIGNUM *n = NULL; BIGNUM *d = NULL; ctx = BN_CTX_new(); r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); RSA_get0_key(rsa, &n, NULL, &d); r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL); BN_CTX_free(ctx); return (r); } Loading @@ -1338,8 +1342,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { struct crypt_kop kop; int ret = 1; if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { BIGNUM *p = NULL; BIGNUM *q = NULL; BIGNUM *dmp1 = NULL; BIGNUM *dmq1 = NULL; BIGNUM *iqmp = NULL; BIGNUM *n = NULL; RSA_get0_factors(rsa, &p, &q); RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); RSA_get0_key(rsa, &n, NULL, NULL); if (!p || !q || !dmp1 || !dmq1 || !iqmp) { /* XXX 0 means failure?? */ return (0); } Loading @@ -1347,29 +1361,29 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP_CRT; /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ if (bn2crparam(rsa->p, &kop.crk_param[0])) if (bn2crparam(p, &kop.crk_param[0])) goto err; if (bn2crparam(rsa->q, &kop.crk_param[1])) if (bn2crparam(q, &kop.crk_param[1])) goto err; if (bn2crparam(I, &kop.crk_param[2])) goto err; if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) if (bn2crparam(dmp1, &kop.crk_param[3])) goto err; if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) if (bn2crparam(dmq1, &kop.crk_param[4])) goto err; if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) if (bn2crparam(iqmp, &kop.crk_param[5])) goto err; kop.crk_iparams = 6; if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF asym process failed, running in Software\n"); ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx); } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF hardware operation cancelled. Running in Software\n"); ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx); } /* else cryptodev operation worked ok ==> ret = 1 */ Loading @@ -1378,21 +1392,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) return (ret); } static RSA_METHOD cryptodev_rsa = { "cryptodev RSA method", NULL, /* rsa_pub_enc */ NULL, /* rsa_pub_dec */ NULL, /* rsa_priv_enc */ NULL, /* rsa_priv_dec */ NULL, NULL, NULL, /* init */ NULL, /* finish */ 0, /* flags */ NULL, /* app_data */ NULL, /* rsa_sign */ NULL /* rsa_verify */ }; static RSA_METHOD *cryptodev_rsa; #ifndef OPENSSL_NO_DSA static int Loading Loading @@ -1556,24 +1556,29 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) struct crypt_kop kop; int dhret = 1; int fd, keylen; BIGNUM *p = NULL; BIGNUM *priv_key = NULL; if ((fd = get_asym_dev_crypto()) < 0) { const DH_METHOD *meth = DH_OpenSSL(); return ((meth->compute_key) (key, pub_key, dh)); return DH_meth_get_compute_key(meth)(key, pub_key, dh); } keylen = BN_num_bits(dh->p); DH_get0_pqg(dh, &p, NULL, NULL); DH_get0_key(dh, NULL, &priv_key); keylen = BN_num_bits(p); memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DH_COMPUTE_KEY; /* inputs: dh->priv_key pub_key dh->p key */ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) if (bn2crparam(priv_key, &kop.crk_param[0])) goto err; if (bn2crparam(pub_key, &kop.crk_param[1])) goto err; if (bn2crparam(dh->p, &kop.crk_param[2])) if (bn2crparam(p, &kop.crk_param[2])) goto err; kop.crk_iparams = 3; Loading @@ -1584,7 +1589,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (ioctl(fd, CIOCKEY, &kop) == -1) { const DH_METHOD *meth = DH_OpenSSL(); dhret = (meth->compute_key) (key, pub_key, dh); dhret = DH_meth_get_compute_key(meth)(key, pub_key, dh); } err: kop.crk_param[3].crp_p = NULL; Loading @@ -1592,16 +1597,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) return (dhret); } static DH_METHOD cryptodev_dh = { "cryptodev DH method", NULL, /* cryptodev_dh_generate_key */ NULL, NULL, NULL, NULL, 0, /* flags */ NULL /* app_data */ }; static DH_METHOD *cryptodev_dh; #endif /* ndef OPENSSL_NO_DH */ Loading Loading @@ -1661,21 +1657,19 @@ void engine_load_cryptodev_int(void) return; } if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { const RSA_METHOD *rsa_meth = RSA_PKCS1_OpenSSL(); cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL()); if (cryptodev_rsa != NULL) { RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method"); RSA_meth_set_flags(cryptodev_rsa, 0); if (ENGINE_set_RSA(engine, cryptodev_rsa)) { if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp); if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp); else cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_nocrt_mod_exp); } } } Loading @@ -1688,7 +1682,8 @@ void engine_load_cryptodev_int(void) if (cryptodev_asymfeat & CRF_DSA_SIGN) DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign); if (cryptodev_asymfeat & CRF_MOD_EXP) { DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp); DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp); DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp); } if (cryptodev_asymfeat & CRF_DSA_VERIFY) Loading @@ -1701,16 +1696,17 @@ void engine_load_cryptodev_int(void) #endif #ifndef OPENSSL_NO_DH if (ENGINE_set_DH(engine, &cryptodev_dh)) { const DH_METHOD *dh_meth = DH_OpenSSL(); cryptodev_dh.generate_key = dh_meth->generate_key; cryptodev_dh.compute_key = dh_meth->compute_key; cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; cryptodev_dh = DH_meth_dup(DH_OpenSSL()); if (cryptodev_dh != NULL) { DH_meth_set1_name(cryptodev_dh, "cryptodev DH method"); DH_meth_set_flags(cryptodev_dh, 0); if (ENGINE_set_DH(engine, cryptodev_dh)) { if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh); if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) cryptodev_dh.compute_key = cryptodev_dh_compute_key; DH_meth_set_compute_key(cryptodev_dh, cryptodev_dh_compute_key); } } } #endif Loading Loading
crypto/engine/eng_cryptodev.c +65 −69 Original line number Diff line number Diff line Loading @@ -1308,12 +1308,12 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF asym process failed, Running in software\n"); ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont); } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF hardware operation cancelled. Running in Software\n"); ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont); } /* else cryptodev operation worked ok ==> ret = 1 */ Loading @@ -1327,8 +1327,12 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; BIGNUM *n = NULL; BIGNUM *d = NULL; ctx = BN_CTX_new(); r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); RSA_get0_key(rsa, &n, NULL, &d); r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL); BN_CTX_free(ctx); return (r); } Loading @@ -1338,8 +1342,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { struct crypt_kop kop; int ret = 1; if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { BIGNUM *p = NULL; BIGNUM *q = NULL; BIGNUM *dmp1 = NULL; BIGNUM *dmq1 = NULL; BIGNUM *iqmp = NULL; BIGNUM *n = NULL; RSA_get0_factors(rsa, &p, &q); RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); RSA_get0_key(rsa, &n, NULL, NULL); if (!p || !q || !dmp1 || !dmq1 || !iqmp) { /* XXX 0 means failure?? */ return (0); } Loading @@ -1347,29 +1361,29 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP_CRT; /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ if (bn2crparam(rsa->p, &kop.crk_param[0])) if (bn2crparam(p, &kop.crk_param[0])) goto err; if (bn2crparam(rsa->q, &kop.crk_param[1])) if (bn2crparam(q, &kop.crk_param[1])) goto err; if (bn2crparam(I, &kop.crk_param[2])) goto err; if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) if (bn2crparam(dmp1, &kop.crk_param[3])) goto err; if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) if (bn2crparam(dmq1, &kop.crk_param[4])) goto err; if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) if (bn2crparam(iqmp, &kop.crk_param[5])) goto err; kop.crk_iparams = 6; if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF asym process failed, running in Software\n"); ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx); } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); printf("OCF hardware operation cancelled. Running in Software\n"); ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx); } /* else cryptodev operation worked ok ==> ret = 1 */ Loading @@ -1378,21 +1392,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) return (ret); } static RSA_METHOD cryptodev_rsa = { "cryptodev RSA method", NULL, /* rsa_pub_enc */ NULL, /* rsa_pub_dec */ NULL, /* rsa_priv_enc */ NULL, /* rsa_priv_dec */ NULL, NULL, NULL, /* init */ NULL, /* finish */ 0, /* flags */ NULL, /* app_data */ NULL, /* rsa_sign */ NULL /* rsa_verify */ }; static RSA_METHOD *cryptodev_rsa; #ifndef OPENSSL_NO_DSA static int Loading Loading @@ -1556,24 +1556,29 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) struct crypt_kop kop; int dhret = 1; int fd, keylen; BIGNUM *p = NULL; BIGNUM *priv_key = NULL; if ((fd = get_asym_dev_crypto()) < 0) { const DH_METHOD *meth = DH_OpenSSL(); return ((meth->compute_key) (key, pub_key, dh)); return DH_meth_get_compute_key(meth)(key, pub_key, dh); } keylen = BN_num_bits(dh->p); DH_get0_pqg(dh, &p, NULL, NULL); DH_get0_key(dh, NULL, &priv_key); keylen = BN_num_bits(p); memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DH_COMPUTE_KEY; /* inputs: dh->priv_key pub_key dh->p key */ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) if (bn2crparam(priv_key, &kop.crk_param[0])) goto err; if (bn2crparam(pub_key, &kop.crk_param[1])) goto err; if (bn2crparam(dh->p, &kop.crk_param[2])) if (bn2crparam(p, &kop.crk_param[2])) goto err; kop.crk_iparams = 3; Loading @@ -1584,7 +1589,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (ioctl(fd, CIOCKEY, &kop) == -1) { const DH_METHOD *meth = DH_OpenSSL(); dhret = (meth->compute_key) (key, pub_key, dh); dhret = DH_meth_get_compute_key(meth)(key, pub_key, dh); } err: kop.crk_param[3].crp_p = NULL; Loading @@ -1592,16 +1597,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) return (dhret); } static DH_METHOD cryptodev_dh = { "cryptodev DH method", NULL, /* cryptodev_dh_generate_key */ NULL, NULL, NULL, NULL, 0, /* flags */ NULL /* app_data */ }; static DH_METHOD *cryptodev_dh; #endif /* ndef OPENSSL_NO_DH */ Loading Loading @@ -1661,21 +1657,19 @@ void engine_load_cryptodev_int(void) return; } if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { const RSA_METHOD *rsa_meth = RSA_PKCS1_OpenSSL(); cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL()); if (cryptodev_rsa != NULL) { RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method"); RSA_meth_set_flags(cryptodev_rsa, 0); if (ENGINE_set_RSA(engine, cryptodev_rsa)) { if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp); if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp); else cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_nocrt_mod_exp); } } } Loading @@ -1688,7 +1682,8 @@ void engine_load_cryptodev_int(void) if (cryptodev_asymfeat & CRF_DSA_SIGN) DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign); if (cryptodev_asymfeat & CRF_MOD_EXP) { DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp); DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp); DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp); } if (cryptodev_asymfeat & CRF_DSA_VERIFY) Loading @@ -1701,16 +1696,17 @@ void engine_load_cryptodev_int(void) #endif #ifndef OPENSSL_NO_DH if (ENGINE_set_DH(engine, &cryptodev_dh)) { const DH_METHOD *dh_meth = DH_OpenSSL(); cryptodev_dh.generate_key = dh_meth->generate_key; cryptodev_dh.compute_key = dh_meth->compute_key; cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; cryptodev_dh = DH_meth_dup(DH_OpenSSL()); if (cryptodev_dh != NULL) { DH_meth_set1_name(cryptodev_dh, "cryptodev DH method"); DH_meth_set_flags(cryptodev_dh, 0); if (ENGINE_set_DH(engine, cryptodev_dh)) { if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh); if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) cryptodev_dh.compute_key = cryptodev_dh_compute_key; DH_meth_set_compute_key(cryptodev_dh, cryptodev_dh_compute_key); } } } #endif Loading
Matt Caswell <matt@openssl.org>Matt Caswell <matt@openssl.org>