/*
*/
/*
* This product includes software developed by the OpenSSL Project for
* use in the OpenSSL Toolkit (http://www.openssl.org/).
*
* This project also referenced hw_pkcs11-0.9.7b.patch written by
* Afchine Madjlessi.
*/
/*
* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <strings.h>
#ifndef OPENSSL_NO_RSA
#endif
#ifndef OPENSSL_NO_DSA
#endif
#ifndef OPENSSL_NO_DH
#endif
#include <dlfcn.h>
#include <pthread.h>
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_PK11
/* label for debug messages printed on stderr */
/* prints a lot of debug messages on stderr about slot selection process */
#ifdef DEBUG_SLOT_SELECTION
#else
#define DEBUG_SLOT_SEL(...)
#endif
#include <security/cryptoki.h>
#include "e_pk11.h"
#include "e_pk11_uri.h"
#include "e_pk11_err.c"
#include "e_pk11_uri.c"
#include "e_pk11_pub.c"
/*
* We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
* uri_struct manipulation, and static token info. All of that is used by the
* RSA keys by reference feature.
*/
/* PKCS#11 session caches and their locks for all operation types */
/*
* We cache the flags so that we do not have to run C_GetTokenInfo() again when
* logging into the token.
*/
/*
* As stated in v2.20, 11.7 Object Management Function, in section for
* C_FindObjectsInit(), at most one search operation may be active at a given
* time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
* grouped together to form one atomic search operation. This is already
* ensured by the property of unique PKCS#11 session handle used for each
* PK11_SESSION object.
*
* This is however not the biggest concern - maintaining consistency of the
* underlying object store is more important. The same section of the spec also
* says that one thread can be in the middle of a search operation while another
* thread destroys the object matching the search template which would result in
* invalid handle returned from the search operation.
*
* Hence, the following locks are used for both protection of the object stores.
* They are also used for active list protection.
*/
/*
* lists of asymmetric key handles which are active (referenced by at least one
* PK11_SESSION structure, either held by a thread or present in free_session
* list) for given algorithm type
*/
/*
* Create all secret key objects in a global session so that they are available
* to use for other sessions. These other sessions may be opened or closed
* without losing the secret key objects.
*/
/* Index for the supported ciphers */
enum pk11_cipher_id
{
};
/* Index for the supported digests */
enum pk11_digest_id
{
};
typedef struct PK11_CIPHER_st
{
int nid;
int iv_len;
int min_key_len;
int max_key_len;
} PK11_CIPHER;
typedef struct PK11_DIGEST_st
{
int nid;
} PK11_DIGEST;
/* ENGINE level stuff */
static int pk11_library_init(ENGINE *e);
static int pk11_finish(ENGINE *e);
static int pk11_destroy(ENGINE *e);
/* RAND stuff */
static void pk11_rand_cleanup(void);
static int pk11_rand_status(void);
/* These functions are also used in other files */
/* active list manipulation functions used in this file */
#ifndef OPENSSL_NO_RSA
#endif
#ifndef OPENSSL_NO_DSA
#endif
#ifndef OPENSSL_NO_DH
#endif
/* Local helper functions */
static int pk11_free_all_sessions(void);
static const char *get_PK11_LIBNAME(void);
static void free_PK11_LIBNAME(void);
static long set_PK11_LIBNAME(const char *name);
/* Symmetric cipher and digest support functions */
static int cipher_nid_to_pk11(int nid);
static int pk11_usable_ciphers(const int **nids);
static int pk11_usable_digests(const int **nids);
int key_len);
static int md_nid_to_pk11(int nid);
static int pk11_choose_slots(int *any_slot_found);
static void pk11_choose_cipher_digest(int *local_cipher_nids,
int *local_cipher_nids);
int *local_digest_nids);
int *current_slot_n_cipher, int *local_cipher_nids,
int *current_slot_n_digest, int *local_digest_nids,
static int pk11_init_all_locks(void);
static void pk11_free_all_locks(void);
if (uselock) { \
} \
(sp)->persistent); \
} \
if (uselock) { \
}
static int cipher_count = 0;
static int digest_count = 0;
/*
* Static list of ciphers.
* Note, that ciphers array is indexed by member PK11_CIPHER.id,
* thus ciphers[i].id == i
* Rows must be kept in sync with enum pk11_cipher_id.
*/
CKK_DES, CKM_DES_CBC, },
CKK_DES3, CKM_DES3_CBC, },
CKK_DES, CKM_DES_ECB, },
CKK_DES3, CKM_DES3_ECB, },
CKK_AES, CKM_AES_CBC, },
CKK_AES, CKM_AES_CBC, },
CKK_AES, CKM_AES_CBC, },
CKK_AES, CKM_AES_ECB, },
CKK_AES, CKM_AES_ECB, },
CKK_AES, CKM_AES_ECB, },
CKK_AES, CKM_AES_CTR, },
CKK_AES, CKM_AES_CTR, },
CKK_AES, CKM_AES_CTR, },
};
/*
* Static list of digests.
* Note, that digests array is indexed by member PK11_DIGEST.id,
* thus digests[i].id == i
* Rows must be kept in sync with enum pk11_digest_id.
*/
{0, NID_undef, 0xFFFF, },
};
/*
* Structure to be used for the cipher_data/md_data in
* EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
* session in multiple cipher_update calls
*/
typedef struct PK11_CIPHER_STATE_st {
/*
* libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
* called when libcrypto requests a cipher NID.
*
* Note how the PK11_CIPHER_STATE is used here.
*/
/* DES CBC EVP */
8, 8, 8,
sizeof (PK11_CIPHER_STATE),
};
/* 3DES CBC EVP */
8, 24, 8,
sizeof (PK11_CIPHER_STATE),
};
/*
* ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
* get_asn1_parameters fields are set to NULL.
*/
8, 8, 8,
sizeof (PK11_CIPHER_STATE),
NULL,
NULL,
};
8, 24, 8,
sizeof (PK11_CIPHER_STATE),
NULL,
NULL,
};
16, 16, 16,
sizeof (PK11_CIPHER_STATE),
};
16, 24, 16,
sizeof (PK11_CIPHER_STATE),
};
16, 32, 16,
sizeof (PK11_CIPHER_STATE),
};
/*
* ECB modes don't use IV so that's why set_asn1_parameters and
* get_asn1_parameters are set to NULL.
*/
16, 16, 0,
sizeof (PK11_CIPHER_STATE),
NULL,
NULL,
};
16, 24, 0,
sizeof (PK11_CIPHER_STATE),
NULL,
NULL,
};
16, 32, 0,
sizeof (PK11_CIPHER_STATE),
NULL,
NULL,
};
1, 16, 16,
sizeof (PK11_CIPHER_STATE),
};
1, 24, 16,
sizeof (PK11_CIPHER_STATE),
};
1, 32, 16,
sizeof (PK11_CIPHER_STATE),
};
8, 16, 8,
sizeof (PK11_CIPHER_STATE),
};
1, 16, 0,
sizeof (PK11_CIPHER_STATE),
NULL,
NULL,
};
0,
sizeof (PK11_CIPHER_STATE),
};
#ifdef OPENSSL_FIPS
#else
#endif
sizeof (PK11_CIPHER_STATE),
};
#ifdef OPENSSL_FIPS
#else
#endif
/* SHA-224 uses the same cblock size as SHA-256 */
sizeof (PK11_CIPHER_STATE),
};
#ifdef OPENSSL_FIPS
#else
#endif
sizeof (PK11_CIPHER_STATE),
};
#ifdef OPENSSL_FIPS
#else
#endif
/* SHA-384 uses the same cblock size as SHA-512 */
sizeof (PK11_CIPHER_STATE),
};
#ifdef OPENSSL_FIPS
#else
#endif
sizeof (PK11_CIPHER_STATE),
};
/*
* Initialization function. Sets up various PKCS#11 library components.
* The definitions for control commands specific to this engine
*/
{
"SO_PATH",
"Specifies the path to the 'pkcs#11' shared library",
},
};
};
/* Constants used when creating the ENGINE */
/*
* This is a static string constant for the DSO file name and the function
* symbol names to bind to. We set it in the Configure script based on whether
* this is 32 or 64 bit build.
*/
/* Needed in e_pk11_pub.c as well so that's why it is not static. */
static int pk11_pid = 0;
/* allocate and initialize all locks used by the engine itself */
static int
pk11_init_all_locks(void)
{
int type;
#ifndef OPENSSL_NO_RSA
goto malloc_err;
}
#endif /* OPENSSL_NO_RSA */
goto malloc_err;
}
#ifndef OPENSSL_NO_DSA
goto malloc_err;
}
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
goto malloc_err;
}
#endif /* OPENSSL_NO_DH */
OPENSSL_malloc(sizeof (pthread_mutex_t));
goto malloc_err;
}
}
return (1);
return (0);
}
static void
pk11_free_all_locks(void)
{
int type;
#ifndef OPENSSL_NO_RSA
}
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
}
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
}
#endif /* OPENSSL_NO_DH */
}
}
/* Free uri_lock */
(void) pthread_mutex_destroy(uri_lock);
}
/*
* This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
*/
{
#ifndef OPENSSL_NO_RSA
#endif /* OPENSSL_NO_RSA */
if (!pk11_library_initialized) {
if (!pk11_library_init(e)) {
return (0);
}
}
if (!ENGINE_set_id(e, engine_pk11_id) ||
!ENGINE_set_name(e, engine_pk11_name) ||
return (0);
}
if (!ENGINE_set_pkey_meths(e, pk11_engine_pkey_methods)) {
return (0);
}
#ifndef OPENSSL_NO_RSA
if (pk11_have_rsa == CK_TRUE) {
if (!ENGINE_set_RSA(e, PK11_RSA()) ||
return (0);
}
}
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
if (pk11_have_dsa == CK_TRUE) {
if (!ENGINE_set_DSA(e, PK11_DSA())) {
return (0);
}
}
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
if (pk11_have_dh == CK_TRUE) {
if (!ENGINE_set_DH(e, PK11_DH())) {
return (0);
}
}
#endif /* OPENSSL_NO_DH */
if (pk11_have_random) {
if (!ENGINE_set_RAND(e, &pk11_random)) {
return (0);
}
}
if (!ENGINE_set_init_function(e, pk11_init) ||
!ENGINE_set_ctrl_function(e, pk11_ctrl) ||
!ENGINE_set_cmd_defns(e, pk11_cmd_defns)) {
return (0);
}
/*
* Apache calls OpenSSL function RSA_blinding_on() once during startup
* which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
* here, we wire it back to the OpenSSL software implementation.
* Since it is used only once, performance is not a concern.
*/
#ifndef OPENSSL_NO_RSA
rsa = RSA_PKCS1_SSLeay();
#endif /* OPENSSL_NO_RSA */
/* Ensure the pk11 error handling is set up */
return (1);
}
static int
{
return (0);
}
if (!bind_pk11(e)) {
return (0);
}
return (1);
}
/*
* These are the static string constants for the DSO file name and
* the function symbol names to bind to.
*/
static const char *
get_PK11_LIBNAME(void)
{
if (PK11_LIBNAME) {
return (PK11_LIBNAME);
}
return (def_PK11_LIBNAME);
}
static void
free_PK11_LIBNAME(void)
{
if (PK11_LIBNAME) {
OPENSSL_free((void*)PK11_LIBNAME);
}
PK11_LIBNAME = NULL;
}
static long
{
}
/* acquire all engine specific mutexes before fork */
static void
pk11_fork_prepare(void)
{
int i;
if (!pk11_library_initialized) {
return;
}
(void) pthread_mutex_lock(uri_lock);
for (i = 0; i < OP_MAX; i++) {
}
}
/* release all engine specific mutexes */
static void
pk11_fork_parent(void)
{
int i;
if (!pk11_library_initialized) {
return;
}
for (i = OP_MAX - 1; i >= 0; i--) {
}
(void) pthread_mutex_unlock(uri_lock);
}
/*
* same situation as in parent - we need to unlock all locks to make them
* accessible to all threads.
*/
static void
pk11_fork_child(void)
{
int i;
if (!pk11_library_initialized) {
return;
}
/* invalidate the global session */
for (i = OP_MAX - 1; i >= 0; i--) {
}
(void) pthread_mutex_unlock(uri_lock);
}
/* Initialization function for the pk11 engine */
static int
{
return (pk11_library_init(e));
}
/*
* Helper function that unsets reference to current engine (pk11_engine = NULL).
*
* Use of local variable only seems clumsy, it needs to be this way!
* This is to prevent double free in the unlucky scenario:
* ENGINE_free calls pk11_destroy calls pk11_finish calls ENGINE_free
* Setting pk11_engine to NULL prior to ENGINE_free() avoids this.
*/
static void
{
if (old_engine) {
pk11_engine = NULL;
}
}
/*
* Initialization function. Sets up various PKCS#11 library components.
* It selects a slot based on predefined critiera. In the process, it also
* count how many ciphers and digests to support. Since the cipher and
* digest information is needed when setting default engine, this function
* needs to be called before calling ENGINE_set_default.
*/
/* ARGSUSED */
static int
{
int any_slot_found;
int i;
if (e != pk11_engine) {
pk11_engine = e;
}
/*
* pk11_library_initialized is set to 0 in pk11_finish() which is called
* from ENGINE_finish(). However, if there is still at least one
* existing functional reference to the engine (see engine(3) for more
* information), pk11_finish() is skipped. For example, this can happen
* if an application forgets to clear one cipher context. In case of a
* fork() when the application is finishing the engine so that it can be
* reinitialized in the child, forgotten functional reference causes
* pk11_library_initialized to stay 1. In that case we need the PID
* check so that we properly initialize the engine again.
*/
if (pk11_library_initialized) {
return (1);
} else {
/*
* free the locks first to prevent memory leak in case
* the application calls fork() without finishing the
* engine first.
*/
}
}
/*
* If initialization of the locks fails pk11_init_all_locks()
* will do the cleanup.
*/
if (!pk11_init_all_locks()) {
goto err;
}
for (i = 0; i < OP_MAX; i++) {
}
/*
* Initialize active lists. We only use active lists
* for asymmetric ciphers.
*/
for (i = 0; i < OP_MAX; i++) {
active_list[i] = NULL;
}
/* Attempt to load PKCS#11 library. */
if (!pk11_dso) {
goto err;
}
}
/* get the C_GetFunctionList function from the loaded library */
if (!p) {
goto err;
}
/* get the full function list from the loaded library */
goto err;
}
goto err;
}
goto err;
}
if (pk11_choose_slots(&any_slot_found) == 0) {
goto err;
}
/*
* The library we use, set in def_PK11_LIBNAME, may not offer any
* slot(s). In that case, we must not proceed but we must not return an
* error. The reason is that applications that try to set up the PKCS#11
* engine don't exit on error during the engine initialization just
* because no slot was present.
*/
if (any_slot_found == 0) {
return (1);
}
if (global_session == CK_INVALID_HANDLE) {
/* Open the global_session for the new process */
goto err;
}
}
/*
* Disable digest if C_GetOperationState is not supported since
* this function is required by OpenSSL digest copy function
*/
DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, "
"setting digest_count to 0\n", PK11_DBG);
digest_count = 0;
}
if (!pk11_atfork_initialized) {
pk11_fork_child) != 0) {
goto err;
}
}
return (1);
err:
return (0);
}
/* Destructor (complements the "ENGINE_pk11()" constructor) */
/* ARGSUSED */
static int
{
if (pk11_library_initialized == CK_TRUE) {
rtn = pk11_finish(e);
}
return (rtn);
}
/*
* Termination function to clean up the session, the token, and the pk11
* library.
*/
/* ARGSUSED */
static int
{
int i;
/*
* Make sure, right engine instance is being destroyed.
* Engine e may be the wrong instance if
* 1) either someone calls ENGINE_load_pk11 twice
* 2) or last ref. to an already finished engine is being destroyed
*/
if (e != pk11_engine) {
goto err;
}
goto err;
}
if (pk11_free_all_sessions() == 0) {
goto err;
}
/* free all active lists */
for (i = 0; i < OP_MAX; i++) {
}
/* Global session is not present when there are no slots. */
if (global_session != CK_INVALID_HANDLE) {
}
/*
* Since we are part of a library (libcrypto.so), calling this function
* may have side-effects.
*/
#if 0
#endif
goto err;
}
pk11_pid = 0;
/*
* There is no way how to unregister atfork handlers (other than
* unloading the library) so we just free the locks. For this reason
* the atfork handlers check if the engine is initialized and bail out
* immediately if not. This is necessary in case a process finishes
* the engine before calling fork().
*/
return (1);
err:
return (0);
}
/* Standard engine interface function to set the dynamic library path */
/* ARGSUSED */
static int
{
switch (cmd) {
case PK11_CMD_SO_PATH:
if (p == NULL) {
return (0);
}
if (initialized) {
return (0);
}
return (set_PK11_LIBNAME((const char *)p));
default:
break;
}
return (0);
}
/* Required function by the engine random interface. It does nothing here */
static void
pk11_rand_cleanup(void)
{
}
/* ARGSUSED */
static void
{
return;
}
/*
* Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
* the calling functions do not care anyway
*/
}
static void
{
}
static int
{
return (0);
}
return (0);
}
return (1);
}
/* Required function by the engine random interface. It does nothing here */
static int
pk11_rand_status(void)
{
return (1);
}
/* Free all BIGNUM structures from PK11_SESSION. */
static void
{
switch (optype) {
#ifndef OPENSSL_NO_RSA
case OP_RSA:
}
}
}
break;
#endif
#ifndef OPENSSL_NO_DSA
case OP_DSA:
}
}
break;
#endif
#ifndef OPENSSL_NO_DH
case OP_DH:
}
break;
#endif
default:
break;
}
}
/*
* Get new PK11_SESSION structure ready for use. Every process must have
* its own freelist of PK11_SESSION structures so handle fork() here
* by destroying the old and creating new freelist.
* The returned PK11_SESSION structure is disconnected from the freelist.
*/
{
switch (optype) {
case OP_RSA:
case OP_DSA:
case OP_DH:
case OP_RAND:
case OP_DIGEST:
case OP_CIPHER:
break;
default:
return (NULL);
}
(void) pthread_mutex_lock(freelist_lock);
/*
* Will use it to find out if we forked. We cannot use the PID field in
* the session structure because we could get a newly allocated session
* here, with no PID information.
*/
if (pid == 0) {
}
/*
* If the free list is empty, allocate new uninitialized (filled
* with zeroes) PK11_SESSION structure otherwise return first
* structure from the freelist.
*/
goto err;
}
/*
* It is a new session so it will look like a cache miss to the
* code below. So, we must not try to to destroy its members so
* mark them as unused.
*/
} else {
}
/*
* Check whether we have forked. In that case, we must get rid of all
* inherited sessions and start allocating new ones.
*/
/*
* We are a new process and thus need to free any inherited
* PK11_SESSION objects aside from the first session (sp) which
* is the only PK11_SESSION structure we will reuse (for the
* head of the list).
*/
/*
* NOTE: we do not want to call pk11_free_all_sessions()
* here because it would close underlying PKCS#11
* sessions and destroy all objects.
*/
}
/* we have to free the active list as well. */
/* Initialize the process */
(rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) {
rv);
goto err;
}
/*
* Choose slot here since the slot table is different on this
* process. If we are here then we must have found at least one
* usable slot before so we don't need to check any_slot_found.
* See pk11_library_init()'s usage of this function for more
* information.
*/
if (pk11_choose_slots(NULL) == 0) {
goto err;
}
/* Open the global_session for the new process */
rv);
goto err;
}
/*
* It is an inherited session from our parent so it needs
* re-initialization.
*/
goto err;
}
/*
* We will keep the session in the cache list and let
* the caller cope with the situation.
*/
goto err;
}
}
/* It is a new session and needs initialization. */
}
}
/* set new head for the list of PK11_SESSION objects */
err:
}
(void) pthread_mutex_unlock(freelist_lock);
return (sp);
}
void
{
/*
* If this is a session from the parent it will be taken care of and
* freed in pk11_get_session() as part of the post-fork clean up the
* next time we will ask for a new session.
*/
return;
}
switch (optype) {
case OP_RSA:
case OP_DSA:
case OP_DH:
case OP_RAND:
case OP_DIGEST:
case OP_CIPHER:
break;
default:
return;
}
(void) pthread_mutex_lock(freelist_lock);
(void) pthread_mutex_unlock(freelist_lock);
}
/* Destroy all objects. This function is called when the engine is finished */
static int
{
int type;
#ifndef OPENSSL_NO_RSA
(void) pk11_destroy_rsa_key_objects(NULL);
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
(void) pk11_destroy_dsa_key_objects(NULL);
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
(void) pk11_destroy_dh_key_objects(NULL);
#endif /* OPENSSL_NO_DH */
(void) pk11_destroy_cipher_key_objects(NULL);
/*
* We try to release as much as we can but any error means that we will
* return 0 on exit.
*/
if (pk11_free_session_list(type) == 0) {
ret = 0;
}
}
return (ret);
}
/*
* Destroy session structures from the linked list specified. Free as many
* sessions as possible but any failure in C_CloseSession() means that we
* return an error on return.
*/
static int
{
switch (optype) {
case OP_RSA:
case OP_DSA:
case OP_DH:
case OP_RAND:
case OP_DIGEST:
case OP_CIPHER:
break;
default:
return (0);
}
(void) pthread_mutex_lock(freelist_lock);
ret = 0;
}
}
}
(void) pthread_mutex_unlock(freelist_lock);
return (ret);
}
static int
{
switch (optype) {
case OP_RSA:
case OP_DSA:
case OP_DH:
break;
case OP_RAND:
break;
case OP_DIGEST:
case OP_CIPHER:
break;
default:
return (0);
}
if (rv == CKR_CRYPTOKI_NOT_INITIALIZED) {
/*
* We are probably a child process so force the
* reinitialize of the session
*/
if (!pk11_library_init(NULL)) {
return (0);
}
}
return (0);
}
switch (optype) {
#ifndef OPENSSL_NO_RSA
case OP_RSA:
break;
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
case OP_DSA:
break;
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
case OP_DH:
break;
#endif /* OPENSSL_NO_DH */
case OP_CIPHER:
break;
}
/*
* We always initialize the session as containing a non-persistent
* object. The key load functions set it to persistent if that is so.
*/
return (1);
}
#ifndef OPENSSL_NO_RSA
/*
* Destroy all non-NULL RSA parameters. For the RSA keys by reference code,
* public components 'n'/'e' are the key components we use to check for the
* cache hit even for the private keys. So, no matter whether we are destroying
* a public or a private key, we always free what we can.
*/
static void
{
}
}
}
}
/* Destroy RSA public key from single session. */
int
{
int ret = 0;
}
return (ret);
}
/* Destroy RSA private key from single session. */
int
{
int ret = 0;
}
return (ret);
}
/*
* Destroy RSA key object wrapper. If session is NULL, try to destroy all
* objects in the free list.
*/
int
{
} else {
}
/*
* go through the list of sessions and delete key objects
*/
/*
* Do not terminate list traversal if one of the
* destroy operations fails.
*/
ret = 0;
continue;
}
ret = 0;
continue;
}
}
}
return (ret);
}
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
/* Destroy DSA public key from single session. */
int
{
int ret = 0;
}
}
return (ret);
}
/* Destroy DSA private key from single session. */
int
{
int ret = 0;
}
}
return (ret);
}
/*
* Destroy DSA key object wrapper. If session is NULL, try to destroy all
* objects in the free list.
*/
int
{
} else {
}
/*
* go through the list of sessions and delete key objects
*/
/*
* Do not terminate list traversal if one of the
* destroy operations fails.
*/
ret = 0;
continue;
}
ret = 0;
continue;
}
}
}
return (ret);
}
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
/* Destroy DH key from single session. */
int
{
int ret = 0;
}
}
return (ret);
}
/*
* Destroy DH key object wrapper.
*
* arg0: pointer to PKCS#11 engine session structure
* if session is NULL, try to destroy all objects in the free list
*/
int
{
} else {
}
/*
* Do not terminate list traversal if one of the
* destroy operations fails.
*/
ret = 0;
continue;
}
}
}
return (ret);
}
#endif /* OPENSSL_NO_DH */
static int
{
/*
* We never try to destroy persistent objects which are the objects
* stored in the keystore. Also, we always use read-only sessions so
* C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here.
*/
if (persistent == CK_TRUE) {
return (1);
}
rv);
return (0);
}
return (1);
}
/* Symmetric ciphers and digests support functions */
static int
{
int i;
for (i = 0; i < PK11_CIPHER_MAX; i++) {
}
}
return (-1);
}
static int
{
if (cipher_count > 0) {
*nids = cipher_nids;
} else {
}
return (cipher_count);
}
static int
{
if (digest_count > 0) {
*nids = digest_nids;
} else {
}
return (digest_count);
}
/*
* Init context for encryption or decryption using a symmetric key.
*/
{
/*
* We expect pmech->mechanism to be already set and
* pParameter/ulParameterLen initialized to NULL/0 before
* pk11_init_symmetric() is called.
*/
/*
* For now, we are limited to the fixed length of the counter,
* it covers the whole counter block. That's what RFC 4344
* needs. For more information on internal structure of the
* counter block, see RFC 3686. If needed in the future, we can
* add code so that the counter length can be set via
* ENGINE_ctrl() function.
*/
} else {
}
}
/* if we get here, the encryption needs to be reinitialized */
} else {
}
return (0);
}
return (1);
}
/* ARGSUSED */
static int
{
int index;
return (0);
}
/*
* iv_len in the ctx->cipher structure is the maximum IV length for the
* current cipher and it must be less or equal to the IV length in our
* ciphers table. The key length must be in the allowed interval. From
* all cipher modes that the PKCS#11 engine supports only RC4 allows a
* key length to be in some range, all other NIDs have a precise key
* length. Every application can define its own EVP functions so this
* code serves as a sanity check.
*
* Note that the reason why the IV length in ctx->cipher might be
* greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
* macro to define functions that return EVP structures for all DES
* modes. So, even ECB modes get 8 byte IV.
*/
return (0);
}
return (0);
}
/* if applicable, the mechanism parameter is used for IV */
mech.ulParameterLen = 0;
/* The key object is destroyed here if it is not the current key. */
/*
* If the key is the same and the encryption is also the same, then
* just reuse it. However, we must not forget to reinitialize the
* context that was finalized in pk11_cipher_cleanup().
*/
&mech) == 0) {
return (0);
}
return (1);
}
/*
* Check if the key has been invalidated. If so, a new key object
* needs to be created.
*/
}
/*
* The previous encryption/decryption is different. Need to
* terminate the previous * active encryption/decryption here.
*/
if (!pk11_cipher_final(sp)) {
return (0);
}
}
return (0);
}
/* now initialize the context with a new key */
return (0);
}
return (1);
}
/*
* When reusing the same key in an encryption/decryption session for a
* decryption/encryption session, we need to close the active session
* and recreate a new one. Note that the key is in the global session so
* that it needs not be recreated.
*
* It is more appropriate to use C_En/DecryptFinish here. At the time of this
* development, these two functions in the PKCS#11 libraries used return
* unexpected errors when passing in 0 length output. It may be a good
* idea to try them again if performance is a problem here and fix
* C_En/DecryptFinial if there are bugs there causing the problem.
*/
static int
{
return (0);
}
return (0);
}
return (1);
}
/*
* An engine interface function. The calling function allocates sufficient
* memory for the output buffer "out" to hold the results.
*/
static int
{
return (0);
}
if (!inl) {
return (1);
}
/* RC4 is the only stream cipher we support */
return (0);
}
return (0);
}
} else {
return (0);
}
}
/*
* For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
* the same size of input.
* The application has guaranteed to call the block ciphers with
* correctly aligned buffers.
*/
return (0);
}
return (1);
}
/*
* Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
* here is the right thing because in EVP_DecryptFinal_ex(), engine's
* do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
* the engine can't find out that it's the finalizing call. We wouldn't
* necessarily have to finalize the context here since reinitializing it with
* C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
* let's do it. Some implementations might leak memory if the previously used
* context is initialized without finalizing it first.
*/
static int
{
/*
* We are not interested in the data here, we just need to get
* rid of the context.
*/
} else {
}
return (0);
}
}
return (1);
}
/*
* Registered by the ENGINE when used to find out how to deal with
* a particular NID in the ENGINE. This says what we'll do at the
* top level - note, that list is restricted by what we answer with
*/
/* ARGSUSED */
static int
{
if (!cipher) {
return (pk11_usable_ciphers(nids));
}
switch (nid) {
case NID_des_ede3_cbc:
*cipher = &pk11_3des_cbc;
break;
case NID_des_cbc:
*cipher = &pk11_des_cbc;
break;
case NID_des_ede3_ecb:
*cipher = &pk11_3des_ecb;
break;
case NID_des_ecb:
*cipher = &pk11_des_ecb;
break;
case NID_aes_128_cbc:
*cipher = &pk11_aes_128_cbc;
break;
case NID_aes_192_cbc:
*cipher = &pk11_aes_192_cbc;
break;
case NID_aes_256_cbc:
*cipher = &pk11_aes_256_cbc;
break;
case NID_aes_128_ecb:
*cipher = &pk11_aes_128_ecb;
break;
case NID_aes_192_ecb:
*cipher = &pk11_aes_192_ecb;
break;
case NID_aes_256_ecb:
*cipher = &pk11_aes_256_ecb;
break;
case NID_aes_128_ctr:
*cipher = &pk11_aes_128_ctr;
break;
case NID_aes_192_ctr:
*cipher = &pk11_aes_192_ctr;
break;
case NID_aes_256_ctr:
*cipher = &pk11_aes_256_ctr;
break;
case NID_bf_cbc:
*cipher = &pk11_bf_cbc;
break;
case NID_rc4:
break;
default:
break;
}
}
/* ARGSUSED */
static int
{
if (!digest) {
return (pk11_usable_digests(nids));
}
switch (nid) {
case NID_md5:
break;
/*
* A special case. For "openssl dgst -dss1 -engine pkcs11 ...",
* OpenSSL calls EVP_get_digestbyname() on "dss1" which ends up
* calling pk11_engine_digests() for NID_dsa. Internally, if an
* engine is not used, OpenSSL uses SHA1_Init() as expected for
* DSA. So, we must return pk11_sha1() for NID_dsa as well. Note
* that this must have changed between 0.9.8 and 1.0.0 since we
* did not have the problem with the 0.9.8 version.
*/
case NID_sha1:
case NID_dsa:
break;
case NID_sha224:
*digest = &pk11_sha224;
break;
case NID_sha256:
*digest = &pk11_sha256;
break;
case NID_sha384:
*digest = &pk11_sha384;
break;
case NID_sha512:
*digest = &pk11_sha512;
break;
default:
break;
}
}
/* Create a secret key object in a PKCS#11 session */
{
};
/*
* Create secret key object in global_session. All other sessions
* can use the key handles. Here is why:
* OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
* It may then call DecryptInit and DecryptUpdate using the same key.
* To use the same key object, we need to call EncryptFinal with
* a 0 length message. Currently, this does not work for 3DES
* mechanism. To get around this problem, we close the session and
* then create a new session to use the same key object. When a session
* is closed, all the object handles will be invalid. Thus, create key
* objects in a global session, an individual session may be closed to
* terminate the active operation.
*/
rv);
goto err;
}
/*
* Save the key information used in this session.
* The max can be saved is PK11_KEY_LEN_MAX.
*/
err:
return (h_key);
}
static int
{
int i;
for (i = 0; i < PK11_DIGEST_MAX; i++) {
}
}
return (-1);
}
static int
{
int index;
return (0);
}
return (0);
}
/* at present, no parameter is needed for supported digests */
mech.ulParameterLen = 0;
return (0);
}
return (1);
}
static int
{
/* 0 length message will cause a failure in C_DigestFinal */
if (count == 0) {
return (1);
}
return (0);
}
count);
return (0);
}
return (1);
}
static int
{
unsigned long len;
return (0);
}
return (0);
}
return (0);
}
/*
* Final is called and digest is returned, so return the session
* to the pool
*/
return (1);
}
static int
{
int ret = 0;
return (1);
}
/* The copy-from state */
goto err;
}
/* Initialize the copy-to state */
if (!pk11_digest_init(to)) {
goto err;
}
/* Get the size of the operation state of the copy-from session */
&ul_state_len);
rv);
goto err;
}
if (ul_state_len == 0) {
goto err;
}
goto err;
}
/* Get the operation state of the copy-from session */
&ul_state_len);
rv);
goto err;
}
/* Set the operation state of the copy-to session */
ul_state_len, 0, 0);
goto err;
}
ret = 1;
err:
}
return (ret);
}
/* Return any pending session state to the pool */
static int
{
/*
* If state->sp is not NULL then pk11_digest_final() has not
* been called yet. We must call it now to free any memory
* that might have been allocated in the token when
* pk11_digest_init() was called. pk11_digest_final()
* will return the session to the cache.
*/
return (0);
}
}
return (1);
}
/*
* Check if the new key is the same as the key object in the session. If the key
* is the same, no need to create a new key object. Otherwise, the old key
* object needs to be destroyed and a new one will be created. Return 1 for
* cache hit, 0 for cache miss. Note that we must check the key length first
* otherwise we could end up reusing a different, longer key with the same
* prefix.
*/
static int
int key_len)
{
(void) pk11_destroy_cipher_key_objects(sp);
return (0);
}
return (1);
}
/* Destroy one or more secret key objects. */
static int
{
int ret = 0;
} else {
}
/*
* The secret key object is created in the
* global_session. See pk11_get_cipher_key().
*/
goto err;
}
}
}
ret = 1;
err:
}
return (ret);
}
/*
* Public key mechanisms optionally supported
*
* CKM_RSA_X_509
* CKM_RSA_PKCS
* CKM_DSA
*
* The first slot that supports at least one of those mechanisms is chosen as a
* public key slot.
*
* Symmetric ciphers optionally supported
*
* CKM_DES3_CBC
* CKM_DES_CBC
* CKM_AES_CBC
* CKM_DES3_ECB
* CKM_DES_ECB
* CKM_AES_ECB
* CKM_AES_CTR
* CKM_RC4
* CKM_BLOWFISH_CBC
*
* Digests optionally supported
*
* CKM_MD5
* CKM_SHA_1
* CKM_SHA224
* CKM_SHA256
* CKM_SHA384
* CKM_SHA512
*
* The output of this function is a set of global variables indicating which
* mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
* mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
* variables carry information about which slot was chosen for (a) public key
* mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
*/
static int
{
int i;
int best_number_of_mechs = 0;
/* let's initialize the output parameter */
if (any_slot_found != NULL) {
*any_slot_found = 0;
}
/* Get slot list for memory allocation */
return (0);
}
/* it's not an error if we didn't find any providers */
if (ulSlotCount == 0) {
return (1);
}
return (0);
}
/* Get the slot list for processing */
return (0);
}
pubkey_SLOTID = pSlotList[0];
for (i = 0; i < ulSlotCount; i++) {
current_slot = pSlotList[i];
continue;
}
}
if (best_number_of_mechs == 0) {
} else {
}
}
if (any_slot_found != NULL) {
*any_slot_found = 1;
}
return (1);
}
static void
{
}
}
static void
{
int current_number_of_mechs = 0;
#ifndef OPENSSL_NO_RSA
/*
* Check if this slot is capable of signing and
* verifying with CKM_RSA_PKCS.
*/
&mech_info);
/*
* Check if this slot is capable of encryption,
* decryption, sign, and verify with CKM_RSA_X_509.
*/
}
}
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
/*
* Check if this slot is capable of signing and
* verifying with CKM_DSA.
*/
}
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
/*
* Check if this slot is capable of DH key generataion and
* derivation.
*/
}
}
#endif /* OPENSSL_NO_DH */
/*
* Cache the flags for later use. We might need those if
* RSA keys by reference feature is used.
*/
DEBUG_SLOT_SEL("%s: pubkey flags changed to "
}
}
static void
{
int current_slot_n_cipher = 0;
int current_slot_n_digest = 0;
/*
* the previous best one we change the current best to this one,
* otherwise leave it where it is.
*/
if ((current_slot_n_cipher + current_slot_n_digest) >
(cipher_count + digest_count)) {
DEBUG_SLOT_SEL("%s: changing best slot to %d\n",
sizeof (int) * cipher_count);
sizeof (int) * digest_count);
}
}
static void
{
&mech_info);
}
DEBUG_SLOT_SEL(" not found\n");
return;
}
DEBUG_SLOT_SEL(" engine key size range <%i-%i> does not"
" match mech range <%lu-%lu>\n",
return;
}
DEBUG_SLOT_SEL(" usable\n");
} else {
DEBUG_SLOT_SEL(" unusable\n");
}
}
static void
{
DEBUG_SLOT_SEL(" not found\n");
return;
}
DEBUG_SLOT_SEL(" usable\n");
} else {
DEBUG_SLOT_SEL(" unusable\n");
}
}
/* Find what symmetric ciphers this slot supports. */
static void
{
int i;
for (i = 0; i < PK11_CIPHER_MAX; ++i) {
}
}
/* Find what digest algorithms this slot supports. */
static void
{
int i;
for (i = 0; i < PK11_DIGEST_MAX; ++i) {
local_digest_nids, &digests[i]);
}
}
#endif /* OPENSSL_NO_HW_PK11 */
#endif /* OPENSSL_NO_HW */