[openssl-commits] [openssl] master update
Ben Laurie
ben at openssl.org
Mon Apr 18 09:29:03 UTC 2016
The branch master has been updated
via a97d19d9e534fe69d6eb6c6413d1217d39032604 (commit)
via 913954768f4b25b93a89299d03b45611bbdd85b8 (commit)
via 04630522c2d9977896f57b7a5f3c876a61462232 (commit)
via 402ec2f52c485b6e804f2a1b43cd27bb77501a8f (commit)
from d32f5d8733df9938727710d4194e92813c421ef1 (commit)
- Log -----------------------------------------------------------------
commit a97d19d9e534fe69d6eb6c6413d1217d39032604
Author: Ben Laurie <ben at links.org>
Date: Sat Apr 16 05:37:04 2016 +0100
Free methods on destroy.
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 913954768f4b25b93a89299d03b45611bbdd85b8
Author: Ben Laurie <ben at links.org>
Date: Sat Apr 16 05:33:24 2016 +0100
Free engine on error.
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 04630522c2d9977896f57b7a5f3c876a61462232
Author: Ben Laurie <ben at links.org>
Date: Fri Apr 15 09:45:47 2016 +0100
Opacity.
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 402ec2f52c485b6e804f2a1b43cd27bb77501a8f
Author: Ben Laurie <ben at links.org>
Date: Fri Apr 15 09:45:25 2016 +0100
Signed/unsigned compare.
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 2 +-
crypto/engine/eng_cryptodev.c | 150 ++++++++++++++++++++++--------------------
2 files changed, 80 insertions(+), 72 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 345e539..ee6a4b2 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1160,7 +1160,7 @@ static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_
max_fd = job_fd;
}
- if (max_fd >= FD_SETSIZE) {
+ if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
BIO_printf(bio_err,
"Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
"Decrease the value of async_jobs\n",
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 151529c..1959123 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -84,9 +84,13 @@ struct dev_crypto_state {
static u_int32_t cryptodev_asymfeat = 0;
+static RSA_METHOD *cryptodev_rsa;
#ifndef OPENSSL_NO_DSA
static DSA_METHOD *cryptodev_dsa = NULL;
#endif
+#ifndef OPENSSL_NO_DH
+static DH_METHOD *cryptodev_dh;
+#endif
static int get_asym_dev_crypto(void);
static int open_dev_crypto(void);
@@ -1176,10 +1180,16 @@ static int cryptodev_engine_destroy(ENGINE *e)
EVP_MD_meth_free(md5_md);
md5_md = NULL;
# endif
+ RSA_meth_free(cryptodev_rsa);
+ cryptodev_rsa = NULL;
#ifndef OPENSSL_NO_DSA
DSA_meth_free(cryptodev_dsa);
cryptodev_dsa = NULL;
#endif
+#ifndef OPENSSL_NO_DH
+ DH_meth_free(cryptodev_dh);
+ cryptodev_dh = NULL;
+#endif
return 1;
}
@@ -1308,12 +1318,12 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF asym process failed, Running in software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+ ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
} else if (ECANCELED == kop.crk_status) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF hardware operation cancelled. Running in Software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+ ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont);
}
/* else cryptodev operation worked ok ==> ret = 1 */
@@ -1327,8 +1337,12 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
int r;
+ BIGNUM *n = NULL;
+ BIGNUM *d = NULL;
+
ctx = BN_CTX_new();
- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+ RSA_get0_key(rsa, &n, NULL, &d);
+ r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL);
BN_CTX_free(ctx);
return (r);
}
@@ -1338,8 +1352,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
struct crypt_kop kop;
int ret = 1;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ BIGNUM *p = NULL;
+ BIGNUM *q = NULL;
+ BIGNUM *dmp1 = NULL;
+ BIGNUM *dmq1 = NULL;
+ BIGNUM *iqmp = NULL;
+ BIGNUM *n = NULL;
+
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+ RSA_get0_key(rsa, &n, NULL, NULL);
+
+ if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
/* XXX 0 means failure?? */
return (0);
}
@@ -1347,29 +1371,29 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_MOD_EXP_CRT;
/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- if (bn2crparam(rsa->p, &kop.crk_param[0]))
+ if (bn2crparam(p, &kop.crk_param[0]))
goto err;
- if (bn2crparam(rsa->q, &kop.crk_param[1]))
+ if (bn2crparam(q, &kop.crk_param[1]))
goto err;
if (bn2crparam(I, &kop.crk_param[2]))
goto err;
- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+ if (bn2crparam(dmp1, &kop.crk_param[3]))
goto err;
- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+ if (bn2crparam(dmq1, &kop.crk_param[4]))
goto err;
- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+ if (bn2crparam(iqmp, &kop.crk_param[5]))
goto err;
kop.crk_iparams = 6;
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+ if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF asym process failed, running in Software\n");
- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
} else if (ECANCELED == kop.crk_status) {
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
printf("OCF hardware operation cancelled. Running in Software\n");
- ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx);
}
/* else cryptodev operation worked ok ==> ret = 1 */
@@ -1378,22 +1402,6 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
return (ret);
}
-static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
- NULL, /* rsa_pub_dec */
- NULL, /* rsa_priv_enc */
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* rsa_sign */
- NULL /* rsa_verify */
-};
-
#ifndef OPENSSL_NO_DSA
static int
cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
@@ -1556,24 +1564,29 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
struct crypt_kop kop;
int dhret = 1;
int fd, keylen;
+ BIGNUM *p = NULL;
+ BIGNUM *priv_key = NULL;
if ((fd = get_asym_dev_crypto()) < 0) {
const DH_METHOD *meth = DH_OpenSSL();
- return ((meth->compute_key) (key, pub_key, dh));
+ return DH_meth_get_compute_key(meth)(key, pub_key, dh);
}
- keylen = BN_num_bits(dh->p);
+ DH_get0_pqg(dh, &p, NULL, NULL);
+ DH_get0_key(dh, NULL, &priv_key);
+
+ keylen = BN_num_bits(p);
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DH_COMPUTE_KEY;
/* inputs: dh->priv_key pub_key dh->p key */
- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+ if (bn2crparam(priv_key, &kop.crk_param[0]))
goto err;
if (bn2crparam(pub_key, &kop.crk_param[1]))
goto err;
- if (bn2crparam(dh->p, &kop.crk_param[2]))
+ if (bn2crparam(p, &kop.crk_param[2]))
goto err;
kop.crk_iparams = 3;
@@ -1584,7 +1597,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
if (ioctl(fd, CIOCKEY, &kop) == -1) {
const DH_METHOD *meth = DH_OpenSSL();
- dhret = (meth->compute_key) (key, pub_key, dh);
+ dhret = DH_meth_get_compute_key(meth)(key, pub_key, dh);
}
err:
kop.crk_param[3].crp_p = NULL;
@@ -1592,17 +1605,6 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
return (dhret);
}
-static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
- NULL,
- NULL,
- NULL,
- NULL,
- 0, /* flags */
- NULL /* app_data */
-};
-
#endif /* ndef OPENSSL_NO_DH */
/*
@@ -1661,22 +1663,23 @@ void engine_load_cryptodev_int(void)
return;
}
- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
- const RSA_METHOD *rsa_meth = RSA_PKCS1_OpenSSL();
-
- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
- else
- cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+ cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL());
+ if (cryptodev_rsa != NULL) {
+ RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method");
+ RSA_meth_set_flags(cryptodev_rsa, 0);
+ if (ENGINE_set_RSA(engine, cryptodev_rsa)) {
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp);
+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+ RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp);
+ else
+ RSA_meth_set_mod_exp(cryptodev_rsa,
+ cryptodev_rsa_nocrt_mod_exp);
+ }
}
+ } else {
+ ENGINE_free(engine);
+ return;
}
#ifndef OPENSSL_NO_DSA
@@ -1688,7 +1691,8 @@ void engine_load_cryptodev_int(void)
if (cryptodev_asymfeat & CRF_DSA_SIGN)
DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
if (cryptodev_asymfeat & CRF_MOD_EXP) {
- DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp);
+ DSA_meth_set_bn_mod_exp(cryptodev_dsa,
+ cryptodev_dsa_bn_mod_exp);
DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
}
if (cryptodev_asymfeat & CRF_DSA_VERIFY)
@@ -1701,17 +1705,21 @@ void engine_load_cryptodev_int(void)
#endif
#ifndef OPENSSL_NO_DH
- if (ENGINE_set_DH(engine, &cryptodev_dh)) {
- const DH_METHOD *dh_meth = DH_OpenSSL();
-
- cryptodev_dh.generate_key = dh_meth->generate_key;
- cryptodev_dh.compute_key = dh_meth->compute_key;
- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+ cryptodev_dh = DH_meth_dup(DH_OpenSSL());
+ if (cryptodev_dh != NULL) {
+ DH_meth_set1_name(cryptodev_dh, "cryptodev DH method");
+ DH_meth_set_flags(cryptodev_dh, 0);
+ if (ENGINE_set_DH(engine, cryptodev_dh)) {
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh);
+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+ DH_meth_set_compute_key(cryptodev_dh,
+ cryptodev_dh_compute_key);
+ }
}
+ } else {
+ ENGINE_free(engine);
+ return;
}
#endif
More information about the openssl-commits
mailing list