1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* crypto/engine/hw_pk11.c */ 7 /* 8 * This product includes software developed by the OpenSSL Project for 9 * use in the OpenSSL Toolkit (http://www.openssl.org/). 10 * 11 * This project also referenced hw_pkcs11-0.9.7b.patch written by 12 * Afchine Madjlessi. 13 */ 14 /* 15 * ==================================================================== 16 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. 17 * 18 * Redistribution and use in source and binary forms, with or without 19 * modification, are permitted provided that the following conditions 20 * are met: 21 * 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 25 * 2. Redistributions in binary form must reproduce the above copyright 26 * notice, this list of conditions and the following disclaimer in 27 * the documentation and/or other materials provided with the 28 * distribution. 29 * 30 * 3. All advertising materials mentioning features or use of this 31 * software must display the following acknowledgment: 32 * "This product includes software developed by the OpenSSL Project 33 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 34 * 35 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 36 * endorse or promote products derived from this software without 37 * prior written permission. For written permission, please contact 38 * licensing (at) OpenSSL.org. 39 * 40 * 5. Products derived from this software may not be called "OpenSSL" 41 * nor may "OpenSSL" appear in their names without prior written 42 * permission of the OpenSSL Project. 43 * 44 * 6. Redistributions of any form whatsoever must retain the following 45 * acknowledgment: 46 * "This product includes software developed by the OpenSSL Project 47 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 50 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 53 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 54 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 56 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 58 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 59 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 60 * OF THE POSSIBILITY OF SUCH DAMAGE. 61 * ==================================================================== 62 * 63 * This product includes cryptographic software written by Eric Young 64 * (eay (at) cryptsoft.com). This product includes software written by Tim 65 * Hudson (tjh (at) cryptsoft.com). 66 * 67 */ 68 69 #include <stdio.h> 70 #include <stdlib.h> 71 #include <string.h> 72 #include <sys/types.h> 73 #include <unistd.h> 74 75 #include <openssl/e_os2.h> 76 #include <openssl/crypto.h> 77 #include <openssl/engine.h> 78 #include <openssl/dso.h> 79 #include <openssl/err.h> 80 #include <openssl/bn.h> 81 #include <openssl/md5.h> 82 #include <openssl/pem.h> 83 #ifndef OPENSSL_NO_RSA 84 #include <openssl/rsa.h> 85 #endif 86 #ifndef OPENSSL_NO_DSA 87 #include <openssl/dsa.h> 88 #endif 89 #ifndef OPENSSL_NO_DH 90 #include <openssl/dh.h> 91 #endif 92 #include <openssl/rand.h> 93 #include <openssl/objects.h> 94 #include <openssl/x509.h> 95 #include <openssl/aes.h> 96 #include <cryptlib.h> 97 #include <dlfcn.h> 98 #include <pthread.h> 99 100 #ifndef OPENSSL_NO_HW 101 #ifndef OPENSSL_NO_HW_PK11 102 103 /* label for debug messages printed on stderr */ 104 #define PK11_DBG "PKCS#11 ENGINE DEBUG" 105 /* prints a lot of debug messages on stderr about slot selection process */ 106 #undef DEBUG_SLOT_SELECTION 107 /* 108 * Solaris specific code. See comment at check_hw_mechanisms() for more 109 * information. 110 */ 111 #define SOLARIS_HW_SLOT_SELECTION 112 113 /* 114 * AES counter mode is not supported in the OpenSSL EVP API yet and neither 115 * there are official OIDs for mechanisms based on this mode. With our changes, 116 * an application can define its own EVP calls for AES counter mode and then 117 * it can make use of hardware acceleration through this engine. However, it's 118 * better if we keep AES CTR support code under ifdef's. 119 */ 120 #define SOLARIS_AES_CTR 121 122 #include "security/cryptoki.h" 123 #include "security/pkcs11.h" 124 #include "hw_pk11_err.c" 125 126 #ifdef SOLARIS_AES_CTR 127 /* 128 * NIDs for AES counter mode that will be defined during the engine 129 * initialization. 130 */ 131 int NID_aes_128_ctr = NID_undef; 132 int NID_aes_192_ctr = NID_undef; 133 int NID_aes_256_ctr = NID_undef; 134 #endif /* SOLARIS_AES_CTR */ 135 136 #ifdef SOLARIS_HW_SLOT_SELECTION 137 /* 138 * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel 139 * library. See comment at check_hw_mechanisms() for more information. 140 */ 141 int *hw_cnids; 142 int *hw_dnids; 143 #endif /* SOLARIS_HW_SLOT_SELECTION */ 144 145 /* PKCS#11 session caches and their locks for all operation types */ 146 static PK11_CACHE session_cache[OP_MAX]; 147 148 /* 149 * As stated in v2.20, 11.7 Object Management Function, in section for 150 * C_FindObjectsInit(), at most one search operation may be active at a given 151 * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be 152 * grouped together to form one atomic search operation. This is already 153 * ensured by the property of unique PKCS#11 session handle used for each 154 * PK11_SESSION object. 155 * 156 * This is however not the biggest concern - maintaining consistency of the 157 * underlying object store is more important. The same section of the spec also 158 * says that one thread can be in the middle of a search operation while another 159 * thread destroys the object matching the search template which would result in 160 * invalid handle returned from the search operation. 161 * 162 * Hence, the following locks are used for both protection of the object stores. 163 * They are also used for active list protection. 164 */ 165 pthread_mutex_t *find_lock[OP_MAX] = { NULL }; 166 167 /* 168 * lists of asymmetric key handles which are active (referenced by at least one 169 * PK11_SESSION structure, either held by a thread or present in free_session 170 * list) for given algorithm type 171 */ 172 PK11_active *active_list[OP_MAX] = { NULL }; 173 174 /* 175 * Create all secret key objects in a global session so that they are available 176 * to use for other sessions. These other sessions may be opened or closed 177 * without losing the secret key objects. 178 */ 179 static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE; 180 181 /* ENGINE level stuff */ 182 static int pk11_init(ENGINE *e); 183 static int pk11_library_init(ENGINE *e); 184 static int pk11_finish(ENGINE *e); 185 static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 186 static int pk11_destroy(ENGINE *e); 187 188 /* RAND stuff */ 189 static void pk11_rand_seed(const void *buf, int num); 190 static void pk11_rand_add(const void *buf, int num, double add_entropy); 191 static void pk11_rand_cleanup(void); 192 static int pk11_rand_bytes(unsigned char *buf, int num); 193 static int pk11_rand_status(void); 194 195 /* These functions are also used in other files */ 196 PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); 197 void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); 198 199 /* active list manipulation functions used in this file */ 200 extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type); 201 extern void pk11_free_active_list(PK11_OPTYPE type); 202 203 #ifndef OPENSSL_NO_RSA 204 int pk11_destroy_rsa_key_objects(PK11_SESSION *session); 205 int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); 206 int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); 207 #endif 208 #ifndef OPENSSL_NO_DSA 209 int pk11_destroy_dsa_key_objects(PK11_SESSION *session); 210 int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); 211 int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); 212 #endif 213 #ifndef OPENSSL_NO_DH 214 int pk11_destroy_dh_key_objects(PK11_SESSION *session); 215 int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock); 216 #endif 217 218 /* Local helper functions */ 219 static int pk11_free_all_sessions(void); 220 static int pk11_free_session_list(PK11_OPTYPE optype); 221 static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype); 222 static int pk11_destroy_cipher_key_objects(PK11_SESSION *session); 223 static int pk11_destroy_object(CK_SESSION_HANDLE session, 224 CK_OBJECT_HANDLE oh); 225 static const char *get_PK11_LIBNAME(void); 226 static void free_PK11_LIBNAME(void); 227 static long set_PK11_LIBNAME(const char *name); 228 229 /* Symmetric cipher and digest support functions */ 230 static int cipher_nid_to_pk11(int nid); 231 #ifdef SOLARIS_AES_CTR 232 static int pk11_add_NID(char *sn, char *ln); 233 static int pk11_add_aes_ctr_NIDs(void); 234 #endif /* SOLARIS_AES_CTR */ 235 static int pk11_usable_ciphers(const int **nids); 236 static int pk11_usable_digests(const int **nids); 237 static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 238 const unsigned char *iv, int enc); 239 static int pk11_cipher_final(PK11_SESSION *sp); 240 static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 241 const unsigned char *in, unsigned int inl); 242 static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx); 243 static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 244 const int **nids, int nid); 245 static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest, 246 const int **nids, int nid); 247 static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, 248 const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp); 249 static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, 250 int key_len); 251 static int md_nid_to_pk11(int nid); 252 static int pk11_digest_init(EVP_MD_CTX *ctx); 253 static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data, 254 size_t count); 255 static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md); 256 static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); 257 static int pk11_digest_cleanup(EVP_MD_CTX *ctx); 258 259 static int pk11_choose_slots(int *any_slot_found); 260 static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, 261 CK_SLOT_ID current_slot, int *current_slot_n_cipher, 262 int *local_cipher_nids); 263 static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, 264 CK_SLOT_ID current_slot, int *current_slot_n_digest, 265 int *local_digest_nids); 266 static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id, 267 CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids, 268 int id); 269 static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, 270 CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids, 271 int id); 272 273 static int pk11_init_all_locks(void); 274 static void pk11_free_all_locks(void); 275 276 #ifdef SOLARIS_HW_SLOT_SELECTION 277 static int check_hw_mechanisms(void); 278 static int nid_in_table(int nid, int *nid_table); 279 #endif /* SOLARIS_HW_SLOT_SELECTION */ 280 281 /* Index for the supported ciphers */ 282 enum pk11_cipher_id { 283 PK11_DES_CBC, 284 PK11_DES3_CBC, 285 PK11_DES_ECB, 286 PK11_DES3_ECB, 287 PK11_RC4, 288 PK11_AES_128_CBC, 289 PK11_AES_192_CBC, 290 PK11_AES_256_CBC, 291 PK11_AES_128_ECB, 292 PK11_AES_192_ECB, 293 PK11_AES_256_ECB, 294 PK11_BLOWFISH_CBC, 295 #ifdef SOLARIS_AES_CTR 296 PK11_AES_128_CTR, 297 PK11_AES_192_CTR, 298 PK11_AES_256_CTR, 299 #endif /* SOLARIS_AES_CTR */ 300 PK11_CIPHER_MAX 301 }; 302 303 /* Index for the supported digests */ 304 enum pk11_digest_id { 305 PK11_MD5, 306 PK11_SHA1, 307 PK11_SHA224, 308 PK11_SHA256, 309 PK11_SHA384, 310 PK11_SHA512, 311 PK11_DIGEST_MAX 312 }; 313 314 #define TRY_OBJ_DESTROY(sess_hdl, obj_hdl, retval, uselock, alg_type) \ 315 { \ 316 if (uselock) \ 317 LOCK_OBJSTORE(alg_type); \ 318 if (pk11_active_delete(obj_hdl, alg_type) == 1) \ 319 { \ 320 retval = pk11_destroy_object(sess_hdl, obj_hdl); \ 321 } \ 322 if (uselock) \ 323 UNLOCK_OBJSTORE(alg_type); \ 324 } 325 326 static int cipher_nids[PK11_CIPHER_MAX]; 327 static int digest_nids[PK11_DIGEST_MAX]; 328 static int cipher_count = 0; 329 static int digest_count = 0; 330 static CK_BBOOL pk11_have_rsa = CK_FALSE; 331 static CK_BBOOL pk11_have_dsa = CK_FALSE; 332 static CK_BBOOL pk11_have_dh = CK_FALSE; 333 static CK_BBOOL pk11_have_random = CK_FALSE; 334 335 typedef struct PK11_CIPHER_st 336 { 337 enum pk11_cipher_id id; 338 int nid; 339 int iv_len; 340 int min_key_len; 341 int max_key_len; 342 CK_KEY_TYPE key_type; 343 CK_MECHANISM_TYPE mech_type; 344 } PK11_CIPHER; 345 346 static PK11_CIPHER ciphers[] = 347 { 348 { PK11_DES_CBC, NID_des_cbc, 8, 8, 8, 349 CKK_DES, CKM_DES_CBC, }, 350 { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, 351 CKK_DES3, CKM_DES3_CBC, }, 352 { PK11_DES_ECB, NID_des_ecb, 0, 8, 8, 353 CKK_DES, CKM_DES_ECB, }, 354 { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, 355 CKK_DES3, CKM_DES3_ECB, }, 356 { PK11_RC4, NID_rc4, 0, 16, 256, 357 CKK_RC4, CKM_RC4, }, 358 { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, 359 CKK_AES, CKM_AES_CBC, }, 360 { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, 361 CKK_AES, CKM_AES_CBC, }, 362 { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, 363 CKK_AES, CKM_AES_CBC, }, 364 { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, 365 CKK_AES, CKM_AES_ECB, }, 366 { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, 367 CKK_AES, CKM_AES_ECB, }, 368 { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, 369 CKK_AES, CKM_AES_ECB, }, 370 { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, 371 CKK_BLOWFISH, CKM_BLOWFISH_CBC, }, 372 #ifdef SOLARIS_AES_CTR 373 /* we don't know the correct NIDs until the engine is initialized */ 374 { PK11_AES_128_CTR, NID_undef, 16, 16, 16, 375 CKK_AES, CKM_AES_CTR, }, 376 { PK11_AES_192_CTR, NID_undef, 16, 24, 24, 377 CKK_AES, CKM_AES_CTR, }, 378 { PK11_AES_256_CTR, NID_undef, 16, 32, 32, 379 CKK_AES, CKM_AES_CTR, }, 380 #endif /* SOLARIS_AES_CTR */ 381 }; 382 383 typedef struct PK11_DIGEST_st 384 { 385 enum pk11_digest_id id; 386 int nid; 387 CK_MECHANISM_TYPE mech_type; 388 } PK11_DIGEST; 389 390 static PK11_DIGEST digests[] = 391 { 392 {PK11_MD5, NID_md5, CKM_MD5, }, 393 {PK11_SHA1, NID_sha1, CKM_SHA_1, }, 394 {PK11_SHA224, NID_sha224, CKM_SHA224, }, 395 {PK11_SHA256, NID_sha256, CKM_SHA256, }, 396 {PK11_SHA384, NID_sha384, CKM_SHA384, }, 397 {PK11_SHA512, NID_sha512, CKM_SHA512, }, 398 {0, NID_undef, 0xFFFF, }, 399 }; 400 401 /* 402 * Structure to be used for the cipher_data/md_data in 403 * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11 404 * session in multiple cipher_update calls 405 */ 406 typedef struct PK11_CIPHER_STATE_st 407 { 408 PK11_SESSION *sp; 409 } PK11_CIPHER_STATE; 410 411 412 /* 413 * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets 414 * called when libcrypto requests a cipher NID. 415 * 416 * Note how the PK11_CIPHER_STATE is used here. 417 */ 418 419 /* DES CBC EVP */ 420 static const EVP_CIPHER pk11_des_cbc = 421 { 422 NID_des_cbc, 423 8, 8, 8, 424 EVP_CIPH_CBC_MODE, 425 pk11_cipher_init, 426 pk11_cipher_do_cipher, 427 pk11_cipher_cleanup, 428 sizeof (PK11_CIPHER_STATE), 429 EVP_CIPHER_set_asn1_iv, 430 EVP_CIPHER_get_asn1_iv, 431 NULL 432 }; 433 434 /* 3DES CBC EVP */ 435 static const EVP_CIPHER pk11_3des_cbc = 436 { 437 NID_des_ede3_cbc, 438 8, 24, 8, 439 EVP_CIPH_CBC_MODE, 440 pk11_cipher_init, 441 pk11_cipher_do_cipher, 442 pk11_cipher_cleanup, 443 sizeof (PK11_CIPHER_STATE), 444 EVP_CIPHER_set_asn1_iv, 445 EVP_CIPHER_get_asn1_iv, 446 NULL 447 }; 448 449 /* 450 * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and 451 * get_asn1_parameters fields are set to NULL. 452 */ 453 static const EVP_CIPHER pk11_des_ecb = 454 { 455 NID_des_ecb, 456 8, 8, 8, 457 EVP_CIPH_ECB_MODE, 458 pk11_cipher_init, 459 pk11_cipher_do_cipher, 460 pk11_cipher_cleanup, 461 sizeof (PK11_CIPHER_STATE), 462 NULL, 463 NULL, 464 NULL 465 }; 466 467 static const EVP_CIPHER pk11_3des_ecb = 468 { 469 NID_des_ede3_ecb, 470 8, 24, 8, 471 EVP_CIPH_ECB_MODE, 472 pk11_cipher_init, 473 pk11_cipher_do_cipher, 474 pk11_cipher_cleanup, 475 sizeof (PK11_CIPHER_STATE), 476 NULL, 477 NULL, 478 NULL 479 }; 480 481 482 static const EVP_CIPHER pk11_aes_128_cbc = 483 { 484 NID_aes_128_cbc, 485 16, 16, 16, 486 EVP_CIPH_CBC_MODE, 487 pk11_cipher_init, 488 pk11_cipher_do_cipher, 489 pk11_cipher_cleanup, 490 sizeof (PK11_CIPHER_STATE), 491 EVP_CIPHER_set_asn1_iv, 492 EVP_CIPHER_get_asn1_iv, 493 NULL 494 }; 495 496 static const EVP_CIPHER pk11_aes_192_cbc = 497 { 498 NID_aes_192_cbc, 499 16, 24, 16, 500 EVP_CIPH_CBC_MODE, 501 pk11_cipher_init, 502 pk11_cipher_do_cipher, 503 pk11_cipher_cleanup, 504 sizeof (PK11_CIPHER_STATE), 505 EVP_CIPHER_set_asn1_iv, 506 EVP_CIPHER_get_asn1_iv, 507 NULL 508 }; 509 510 static const EVP_CIPHER pk11_aes_256_cbc = 511 { 512 NID_aes_256_cbc, 513 16, 32, 16, 514 EVP_CIPH_CBC_MODE, 515 pk11_cipher_init, 516 pk11_cipher_do_cipher, 517 pk11_cipher_cleanup, 518 sizeof (PK11_CIPHER_STATE), 519 EVP_CIPHER_set_asn1_iv, 520 EVP_CIPHER_get_asn1_iv, 521 NULL 522 }; 523 524 /* 525 * ECB modes don't use IV so that's why set_asn1_parameters and 526 * get_asn1_parameters are set to NULL. 527 */ 528 static const EVP_CIPHER pk11_aes_128_ecb = 529 { 530 NID_aes_128_ecb, 531 16, 16, 0, 532 EVP_CIPH_ECB_MODE, 533 pk11_cipher_init, 534 pk11_cipher_do_cipher, 535 pk11_cipher_cleanup, 536 sizeof (PK11_CIPHER_STATE), 537 NULL, 538 NULL, 539 NULL 540 }; 541 542 static const EVP_CIPHER pk11_aes_192_ecb = 543 { 544 NID_aes_192_ecb, 545 16, 24, 0, 546 EVP_CIPH_ECB_MODE, 547 pk11_cipher_init, 548 pk11_cipher_do_cipher, 549 pk11_cipher_cleanup, 550 sizeof (PK11_CIPHER_STATE), 551 NULL, 552 NULL, 553 NULL 554 }; 555 556 static const EVP_CIPHER pk11_aes_256_ecb = 557 { 558 NID_aes_256_ecb, 559 16, 32, 0, 560 EVP_CIPH_ECB_MODE, 561 pk11_cipher_init, 562 pk11_cipher_do_cipher, 563 pk11_cipher_cleanup, 564 sizeof (PK11_CIPHER_STATE), 565 NULL, 566 NULL, 567 NULL 568 }; 569 570 #ifdef SOLARIS_AES_CTR 571 /* 572 * NID_undef's will be changed to the AES counter mode NIDs as soon they are 573 * created in pk11_library_init(). Note that the need to change these structures 574 * is the reason why we don't define them with the const keyword. 575 */ 576 static EVP_CIPHER pk11_aes_128_ctr = 577 { 578 NID_undef, 579 16, 16, 16, 580 EVP_CIPH_CBC_MODE, 581 pk11_cipher_init, 582 pk11_cipher_do_cipher, 583 pk11_cipher_cleanup, 584 sizeof (PK11_CIPHER_STATE), 585 EVP_CIPHER_set_asn1_iv, 586 EVP_CIPHER_get_asn1_iv, 587 NULL 588 }; 589 590 static EVP_CIPHER pk11_aes_192_ctr = 591 { 592 NID_undef, 593 16, 24, 16, 594 EVP_CIPH_CBC_MODE, 595 pk11_cipher_init, 596 pk11_cipher_do_cipher, 597 pk11_cipher_cleanup, 598 sizeof (PK11_CIPHER_STATE), 599 EVP_CIPHER_set_asn1_iv, 600 EVP_CIPHER_get_asn1_iv, 601 NULL 602 }; 603 604 static EVP_CIPHER pk11_aes_256_ctr = 605 { 606 NID_undef, 607 16, 32, 16, 608 EVP_CIPH_CBC_MODE, 609 pk11_cipher_init, 610 pk11_cipher_do_cipher, 611 pk11_cipher_cleanup, 612 sizeof (PK11_CIPHER_STATE), 613 EVP_CIPHER_set_asn1_iv, 614 EVP_CIPHER_get_asn1_iv, 615 NULL 616 }; 617 #endif /* SOLARIS_AES_CTR */ 618 619 static const EVP_CIPHER pk11_bf_cbc = 620 { 621 NID_bf_cbc, 622 8, 16, 8, 623 EVP_CIPH_VARIABLE_LENGTH, 624 pk11_cipher_init, 625 pk11_cipher_do_cipher, 626 pk11_cipher_cleanup, 627 sizeof (PK11_CIPHER_STATE), 628 EVP_CIPHER_set_asn1_iv, 629 EVP_CIPHER_get_asn1_iv, 630 NULL 631 }; 632 633 static const EVP_CIPHER pk11_rc4 = 634 { 635 NID_rc4, 636 1, 16, 0, 637 EVP_CIPH_VARIABLE_LENGTH, 638 pk11_cipher_init, 639 pk11_cipher_do_cipher, 640 pk11_cipher_cleanup, 641 sizeof (PK11_CIPHER_STATE), 642 NULL, 643 NULL, 644 NULL 645 }; 646 647 static const EVP_MD pk11_md5 = 648 { 649 NID_md5, 650 NID_md5WithRSAEncryption, 651 MD5_DIGEST_LENGTH, 652 0, 653 pk11_digest_init, 654 pk11_digest_update, 655 pk11_digest_final, 656 pk11_digest_copy, 657 pk11_digest_cleanup, 658 EVP_PKEY_RSA_method, 659 MD5_CBLOCK, 660 sizeof (PK11_CIPHER_STATE), 661 }; 662 663 static const EVP_MD pk11_sha1 = 664 { 665 NID_sha1, 666 NID_sha1WithRSAEncryption, 667 SHA_DIGEST_LENGTH, 668 0, 669 pk11_digest_init, 670 pk11_digest_update, 671 pk11_digest_final, 672 pk11_digest_copy, 673 pk11_digest_cleanup, 674 EVP_PKEY_RSA_method, 675 SHA_CBLOCK, 676 sizeof (PK11_CIPHER_STATE), 677 }; 678 679 static const EVP_MD pk11_sha224 = 680 { 681 NID_sha224, 682 NID_sha224WithRSAEncryption, 683 SHA224_DIGEST_LENGTH, 684 0, 685 pk11_digest_init, 686 pk11_digest_update, 687 pk11_digest_final, 688 pk11_digest_copy, 689 pk11_digest_cleanup, 690 EVP_PKEY_RSA_method, 691 /* SHA-224 uses the same cblock size as SHA-256 */ 692 SHA256_CBLOCK, 693 sizeof (PK11_CIPHER_STATE), 694 }; 695 696 static const EVP_MD pk11_sha256 = 697 { 698 NID_sha256, 699 NID_sha256WithRSAEncryption, 700 SHA256_DIGEST_LENGTH, 701 0, 702 pk11_digest_init, 703 pk11_digest_update, 704 pk11_digest_final, 705 pk11_digest_copy, 706 pk11_digest_cleanup, 707 EVP_PKEY_RSA_method, 708 SHA256_CBLOCK, 709 sizeof (PK11_CIPHER_STATE), 710 }; 711 712 static const EVP_MD pk11_sha384 = 713 { 714 NID_sha384, 715 NID_sha384WithRSAEncryption, 716 SHA384_DIGEST_LENGTH, 717 0, 718 pk11_digest_init, 719 pk11_digest_update, 720 pk11_digest_final, 721 pk11_digest_copy, 722 pk11_digest_cleanup, 723 EVP_PKEY_RSA_method, 724 /* SHA-384 uses the same cblock size as SHA-512 */ 725 SHA512_CBLOCK, 726 sizeof (PK11_CIPHER_STATE), 727 }; 728 729 static const EVP_MD pk11_sha512 = 730 { 731 NID_sha512, 732 NID_sha512WithRSAEncryption, 733 SHA512_DIGEST_LENGTH, 734 0, 735 pk11_digest_init, 736 pk11_digest_update, 737 pk11_digest_final, 738 pk11_digest_copy, 739 pk11_digest_cleanup, 740 EVP_PKEY_RSA_method, 741 SHA512_CBLOCK, 742 sizeof (PK11_CIPHER_STATE), 743 }; 744 745 /* 746 * Initialization function. Sets up various PKCS#11 library components. 747 * The definitions for control commands specific to this engine 748 */ 749 #define PK11_CMD_SO_PATH ENGINE_CMD_BASE 750 static const ENGINE_CMD_DEFN pk11_cmd_defns[] = 751 { 752 { 753 PK11_CMD_SO_PATH, 754 "SO_PATH", 755 "Specifies the path to the 'pkcs#11' shared library", 756 ENGINE_CMD_FLAG_STRING 757 }, 758 {0, NULL, NULL, 0} 759 }; 760 761 762 static RAND_METHOD pk11_random = 763 { 764 pk11_rand_seed, 765 pk11_rand_bytes, 766 pk11_rand_cleanup, 767 pk11_rand_add, 768 pk11_rand_bytes, 769 pk11_rand_status 770 }; 771 772 773 /* Constants used when creating the ENGINE */ 774 static const char *engine_pk11_id = "pkcs11"; 775 static const char *engine_pk11_name = "PKCS #11 engine support"; 776 777 CK_FUNCTION_LIST_PTR pFuncList = NULL; 778 static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList"; 779 780 /* 781 * These are the static string constants for the DSO file name and the function 782 * symbol names to bind to. 783 */ 784 #if defined(__sparcv9) || defined(__x86_64) || defined(__amd64) 785 static const char def_PK11_LIBNAME[] = "/usr/lib/64/libpkcs11.so.1"; 786 #else 787 static const char def_PK11_LIBNAME[] = "/usr/lib/libpkcs11.so.1"; 788 #endif 789 790 static CK_BBOOL true = TRUE; 791 static CK_BBOOL false = FALSE; 792 static CK_SLOT_ID pubkey_SLOTID = 0; 793 static CK_SLOT_ID rand_SLOTID = 0; 794 static CK_SLOT_ID SLOTID = 0; 795 static CK_BBOOL pk11_library_initialized = FALSE; 796 static CK_BBOOL pk11_atfork_initialized = FALSE; 797 static int pk11_pid = 0; 798 799 static DSO *pk11_dso = NULL; 800 801 /* allocate and initialize all locks used by the engine itself */ 802 static int pk11_init_all_locks(void) 803 { 804 int type; 805 806 #ifndef OPENSSL_NO_RSA 807 find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); 808 if (find_lock[OP_RSA] == NULL) 809 goto malloc_err; 810 (void) pthread_mutex_init(find_lock[OP_RSA], NULL); 811 #endif /* OPENSSL_NO_RSA */ 812 813 #ifndef OPENSSL_NO_DSA 814 find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); 815 if (find_lock[OP_DSA] == NULL) 816 goto malloc_err; 817 (void) pthread_mutex_init(find_lock[OP_DSA], NULL); 818 #endif /* OPENSSL_NO_DSA */ 819 820 #ifndef OPENSSL_NO_DH 821 find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t)); 822 if (find_lock[OP_DH] == NULL) 823 goto malloc_err; 824 (void) pthread_mutex_init(find_lock[OP_DH], NULL); 825 #endif /* OPENSSL_NO_DH */ 826 827 for (type = 0; type < OP_MAX; type++) 828 { 829 session_cache[type].lock = 830 OPENSSL_malloc(sizeof (pthread_mutex_t)); 831 if (session_cache[type].lock == NULL) 832 goto malloc_err; 833 (void) pthread_mutex_init(session_cache[type].lock, NULL); 834 } 835 836 return (1); 837 838 malloc_err: 839 pk11_free_all_locks(); 840 PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE); 841 return (0); 842 } 843 844 static void pk11_free_all_locks(void) 845 { 846 int type; 847 848 #ifndef OPENSSL_NO_RSA 849 if (find_lock[OP_RSA] != NULL) 850 { 851 (void) pthread_mutex_destroy(find_lock[OP_RSA]); 852 OPENSSL_free(find_lock[OP_RSA]); 853 find_lock[OP_RSA] = NULL; 854 } 855 #endif /* OPENSSL_NO_RSA */ 856 #ifndef OPENSSL_NO_DSA 857 if (find_lock[OP_DSA] != NULL) 858 { 859 (void) pthread_mutex_destroy(find_lock[OP_DSA]); 860 OPENSSL_free(find_lock[OP_DSA]); 861 find_lock[OP_DSA] = NULL; 862 } 863 #endif /* OPENSSL_NO_DSA */ 864 #ifndef OPENSSL_NO_DH 865 if (find_lock[OP_DH] != NULL) 866 { 867 (void) pthread_mutex_destroy(find_lock[OP_DH]); 868 OPENSSL_free(find_lock[OP_DH]); 869 find_lock[OP_DH] = NULL; 870 } 871 #endif /* OPENSSL_NO_DH */ 872 873 for (type = 0; type < OP_MAX; type++) 874 { 875 if (session_cache[type].lock != NULL) 876 { 877 (void) pthread_mutex_destroy(session_cache[type].lock); 878 OPENSSL_free(session_cache[type].lock); 879 session_cache[type].lock = NULL; 880 } 881 } 882 } 883 884 /* 885 * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support. 886 */ 887 static int bind_pk11(ENGINE *e) 888 { 889 #ifndef OPENSSL_NO_RSA 890 const RSA_METHOD *rsa = NULL; 891 RSA_METHOD *pk11_rsa = PK11_RSA(); 892 #endif /* OPENSSL_NO_RSA */ 893 if (!pk11_library_initialized) 894 if (!pk11_library_init(e)) 895 return (0); 896 897 if (!ENGINE_set_id(e, engine_pk11_id) || 898 !ENGINE_set_name(e, engine_pk11_name) || 899 !ENGINE_set_ciphers(e, pk11_engine_ciphers) || 900 !ENGINE_set_digests(e, pk11_engine_digests)) 901 return (0); 902 #ifndef OPENSSL_NO_RSA 903 if (pk11_have_rsa == CK_TRUE) 904 { 905 if (!ENGINE_set_RSA(e, PK11_RSA()) || 906 !ENGINE_set_load_privkey_function(e, pk11_load_privkey) || 907 !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey)) 908 return (0); 909 #ifdef DEBUG_SLOT_SELECTION 910 fprintf(stderr, "%s: registered RSA\n", PK11_DBG); 911 #endif /* DEBUG_SLOT_SELECTION */ 912 } 913 #endif /* OPENSSL_NO_RSA */ 914 #ifndef OPENSSL_NO_DSA 915 if (pk11_have_dsa == CK_TRUE) 916 { 917 if (!ENGINE_set_DSA(e, PK11_DSA())) 918 return (0); 919 #ifdef DEBUG_SLOT_SELECTION 920 fprintf(stderr, "%s: registered DSA\n", PK11_DBG); 921 #endif /* DEBUG_SLOT_SELECTION */ 922 } 923 #endif /* OPENSSL_NO_DSA */ 924 #ifndef OPENSSL_NO_DH 925 if (pk11_have_dh == CK_TRUE) 926 { 927 if (!ENGINE_set_DH(e, PK11_DH())) 928 return (0); 929 #ifdef DEBUG_SLOT_SELECTION 930 fprintf(stderr, "%s: registered DH\n", PK11_DBG); 931 #endif /* DEBUG_SLOT_SELECTION */ 932 } 933 #endif /* OPENSSL_NO_DH */ 934 if (pk11_have_random) 935 { 936 if (!ENGINE_set_RAND(e, &pk11_random)) 937 return (0); 938 #ifdef DEBUG_SLOT_SELECTION 939 fprintf(stderr, "%s: registered random\n", PK11_DBG); 940 #endif /* DEBUG_SLOT_SELECTION */ 941 } 942 if (!ENGINE_set_init_function(e, pk11_init) || 943 !ENGINE_set_destroy_function(e, pk11_destroy) || 944 !ENGINE_set_finish_function(e, pk11_finish) || 945 !ENGINE_set_ctrl_function(e, pk11_ctrl) || 946 !ENGINE_set_cmd_defns(e, pk11_cmd_defns)) 947 return (0); 948 949 /* 950 * Apache calls OpenSSL function RSA_blinding_on() once during startup 951 * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp 952 * here, we wire it back to the OpenSSL software implementation. 953 * Since it is used only once, performance is not a concern. 954 */ 955 #ifndef OPENSSL_NO_RSA 956 rsa = RSA_PKCS1_SSLeay(); 957 pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp; 958 pk11_rsa->bn_mod_exp = rsa->bn_mod_exp; 959 #endif /* OPENSSL_NO_RSA */ 960 961 /* Ensure the pk11 error handling is set up */ 962 ERR_load_pk11_strings(); 963 964 return (1); 965 } 966 967 /* Dynamic engine support is disabled at a higher level for Solaris */ 968 #ifdef ENGINE_DYNAMIC_SUPPORT 969 static int bind_helper(ENGINE *e, const char *id) 970 { 971 if (id && (strcmp(id, engine_pk11_id) != 0)) 972 return (0); 973 974 if (!bind_pk11(e)) 975 return (0); 976 977 return (1); 978 } 979 980 IMPLEMENT_DYNAMIC_CHECK_FN() 981 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) 982 983 #else 984 static ENGINE *engine_pk11(void) 985 { 986 ENGINE *ret = ENGINE_new(); 987 988 if (!ret) 989 return (NULL); 990 991 if (!bind_pk11(ret)) 992 { 993 (void) ENGINE_free(ret); 994 return (NULL); 995 } 996 997 return (ret); 998 } 999 1000 void 1001 ENGINE_load_pk11(void) 1002 { 1003 ENGINE *e_pk11 = NULL; 1004 1005 /* 1006 * Do not use dynamic PKCS#11 library on Solaris due to 1007 * security reasons. We will link it in statically. 1008 */ 1009 /* Attempt to load PKCS#11 library */ 1010 if (!pk11_dso) 1011 pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0); 1012 1013 if (pk11_dso == NULL) 1014 { 1015 PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE); 1016 return; 1017 } 1018 1019 e_pk11 = engine_pk11(); 1020 if (!e_pk11) 1021 { 1022 (void) DSO_free(pk11_dso); 1023 pk11_dso = NULL; 1024 return; 1025 } 1026 1027 /* 1028 * At this point, the pk11 shared library is either dynamically 1029 * loaded or statically linked in. So, initialize the pk11 1030 * library before calling ENGINE_set_default since the latter 1031 * needs cipher and digest algorithm information 1032 */ 1033 if (!pk11_library_init(e_pk11)) 1034 { 1035 (void) DSO_free(pk11_dso); 1036 pk11_dso = NULL; 1037 (void) ENGINE_free(e_pk11); 1038 return; 1039 } 1040 1041 (void) ENGINE_add(e_pk11); 1042 1043 (void) ENGINE_free(e_pk11); 1044 ERR_clear_error(); 1045 } 1046 #endif /* ENGINE_DYNAMIC_SUPPORT */ 1047 1048 /* 1049 * These are the static string constants for the DSO file name and 1050 * the function symbol names to bind to. 1051 */ 1052 static const char *PK11_LIBNAME = NULL; 1053 1054 static const char *get_PK11_LIBNAME(void) 1055 { 1056 if (PK11_LIBNAME) 1057 return (PK11_LIBNAME); 1058 1059 return (def_PK11_LIBNAME); 1060 } 1061 1062 static void free_PK11_LIBNAME(void) 1063 { 1064 if (PK11_LIBNAME) 1065 OPENSSL_free((void*)PK11_LIBNAME); 1066 1067 PK11_LIBNAME = NULL; 1068 } 1069 1070 static long set_PK11_LIBNAME(const char *name) 1071 { 1072 free_PK11_LIBNAME(); 1073 1074 return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0); 1075 } 1076 1077 /* acquire all engine specific mutexes before fork */ 1078 static void pk11_fork_prepare(void) 1079 { 1080 int i; 1081 1082 if (!pk11_library_initialized) 1083 return; 1084 1085 LOCK_OBJSTORE(OP_RSA); 1086 LOCK_OBJSTORE(OP_DSA); 1087 LOCK_OBJSTORE(OP_DH); 1088 for (i = 0; i < OP_MAX; i++) 1089 { 1090 (void) pthread_mutex_lock(session_cache[i].lock); 1091 } 1092 } 1093 1094 /* release all engine specific mutexes */ 1095 static void pk11_fork_parent(void) 1096 { 1097 int i; 1098 1099 if (!pk11_library_initialized) 1100 return; 1101 1102 for (i = OP_MAX - 1; i >= 0; i--) 1103 { 1104 (void) pthread_mutex_unlock(session_cache[i].lock); 1105 } 1106 UNLOCK_OBJSTORE(OP_DH); 1107 UNLOCK_OBJSTORE(OP_DSA); 1108 UNLOCK_OBJSTORE(OP_RSA); 1109 } 1110 1111 /* 1112 * same situation as in parent - we need to unlock all locks to make them 1113 * accessible to all threads. 1114 */ 1115 static void pk11_fork_child(void) 1116 { 1117 int i; 1118 1119 if (!pk11_library_initialized) 1120 return; 1121 1122 for (i = OP_MAX - 1; i >= 0; i--) 1123 { 1124 (void) pthread_mutex_unlock(session_cache[i].lock); 1125 } 1126 UNLOCK_OBJSTORE(OP_DH); 1127 UNLOCK_OBJSTORE(OP_DSA); 1128 UNLOCK_OBJSTORE(OP_RSA); 1129 } 1130 1131 /* Initialization function for the pk11 engine */ 1132 static int pk11_init(ENGINE *e) 1133 { 1134 return (pk11_library_init(e)); 1135 } 1136 1137 /* 1138 * Initialization function. Sets up various PKCS#11 library components. 1139 * It selects a slot based on predefined critiera. In the process, it also 1140 * count how many ciphers and digests to support. Since the cipher and 1141 * digest information is needed when setting default engine, this function 1142 * needs to be called before calling ENGINE_set_default. 1143 */ 1144 /* ARGSUSED */ 1145 static int pk11_library_init(ENGINE *e) 1146 { 1147 CK_C_GetFunctionList p; 1148 CK_RV rv = CKR_OK; 1149 CK_INFO info; 1150 CK_ULONG ul_state_len; 1151 int any_slot_found; 1152 int i; 1153 1154 /* 1155 * pk11_library_initialized is set to 0 in pk11_finish() which is called 1156 * from ENGINE_finish(). However, if there is still at least one 1157 * existing functional reference to the engine (see engine(3) for more 1158 * information), pk11_finish() is skipped. For example, this can happen 1159 * if an application forgets to clear one cipher context. In case of a 1160 * fork() when the application is finishing the engine so that it can be 1161 * reinitialized in the child, forgotten functional reference causes 1162 * pk11_library_initialized to stay 1. In that case we need the PID 1163 * check so that we properly initialize the engine again. 1164 */ 1165 if (pk11_library_initialized) 1166 { 1167 if (pk11_pid == getpid()) 1168 { 1169 return (1); 1170 } 1171 else 1172 { 1173 global_session = CK_INVALID_HANDLE; 1174 /* 1175 * free the locks first to prevent memory leak in case 1176 * the application calls fork() without finishing the 1177 * engine first. 1178 */ 1179 pk11_free_all_locks(); 1180 } 1181 } 1182 1183 if (pk11_dso == NULL) 1184 { 1185 PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE); 1186 goto err; 1187 } 1188 1189 #ifdef SOLARIS_AES_CTR 1190 /* 1191 * We must do this before we start working with slots since we need all 1192 * NIDs there. 1193 */ 1194 if (pk11_add_aes_ctr_NIDs() == 0) 1195 goto err; 1196 #endif /* SOLARIS_AES_CTR */ 1197 1198 #ifdef SOLARIS_HW_SLOT_SELECTION 1199 if (check_hw_mechanisms() == 0) 1200 goto err; 1201 #endif /* SOLARIS_HW_SLOT_SELECTION */ 1202 1203 /* get the C_GetFunctionList function from the loaded library */ 1204 p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso, 1205 PK11_GET_FUNCTION_LIST); 1206 if (!p) 1207 { 1208 PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE); 1209 goto err; 1210 } 1211 1212 /* get the full function list from the loaded library */ 1213 rv = p(&pFuncList); 1214 if (rv != CKR_OK) 1215 { 1216 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv); 1217 goto err; 1218 } 1219 1220 rv = pFuncList->C_Initialize(NULL_PTR); 1221 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) 1222 { 1223 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv); 1224 goto err; 1225 } 1226 1227 rv = pFuncList->C_GetInfo(&info); 1228 if (rv != CKR_OK) 1229 { 1230 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv); 1231 goto err; 1232 } 1233 1234 if (pk11_choose_slots(&any_slot_found) == 0) 1235 goto err; 1236 1237 /* 1238 * The library we use, set in def_PK11_LIBNAME, may not offer any 1239 * slot(s). In that case, we must not proceed but we must not return an 1240 * error. The reason is that applications that try to set up the PKCS#11 1241 * engine don't exit on error during the engine initialization just 1242 * because no slot was present. 1243 */ 1244 if (any_slot_found == 0) 1245 return (1); 1246 1247 if (global_session == CK_INVALID_HANDLE) 1248 { 1249 /* Open the global_session for the new process */ 1250 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, 1251 NULL_PTR, NULL_PTR, &global_session); 1252 if (rv != CKR_OK) 1253 { 1254 PK11err_add_data(PK11_F_LIBRARY_INIT, 1255 PK11_R_OPENSESSION, rv); 1256 goto err; 1257 } 1258 } 1259 1260 /* 1261 * Disable digest if C_GetOperationState is not supported since 1262 * this function is required by OpenSSL digest copy function 1263 */ 1264 if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len) 1265 == CKR_FUNCTION_NOT_SUPPORTED) { 1266 #ifdef DEBUG_SLOT_SELECTION 1267 fprintf(stderr, "%s: C_GetOperationState() not supported, " 1268 "setting digest_count to 0\n", PK11_DBG); 1269 #endif /* DEBUG_SLOT_SELECTION */ 1270 digest_count = 0; 1271 } 1272 1273 pk11_library_initialized = TRUE; 1274 pk11_pid = getpid(); 1275 /* 1276 * if initialization of the locks fails pk11_init_all_locks() 1277 * will do the cleanup. 1278 */ 1279 if (!pk11_init_all_locks()) 1280 goto err; 1281 for (i = 0; i < OP_MAX; i++) 1282 session_cache[i].head = NULL; 1283 /* 1284 * initialize active lists. We only use active lists 1285 * for asymmetric ciphers. 1286 */ 1287 for (i = 0; i < OP_MAX; i++) 1288 active_list[i] = NULL; 1289 1290 if (!pk11_atfork_initialized) 1291 { 1292 if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent, 1293 pk11_fork_child) != 0) 1294 { 1295 PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED); 1296 goto err; 1297 } 1298 pk11_atfork_initialized = TRUE; 1299 } 1300 1301 return (1); 1302 1303 err: 1304 return (0); 1305 } 1306 1307 /* Destructor (complements the "ENGINE_pk11()" constructor) */ 1308 /* ARGSUSED */ 1309 static int pk11_destroy(ENGINE *e) 1310 { 1311 free_PK11_LIBNAME(); 1312 ERR_unload_pk11_strings(); 1313 return (1); 1314 } 1315 1316 /* 1317 * Termination function to clean up the session, the token, and the pk11 1318 * library. 1319 */ 1320 /* ARGSUSED */ 1321 static int pk11_finish(ENGINE *e) 1322 { 1323 int i; 1324 1325 if (pk11_dso == NULL) 1326 { 1327 PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED); 1328 goto err; 1329 } 1330 1331 OPENSSL_assert(pFuncList != NULL); 1332 1333 if (pk11_free_all_sessions() == 0) 1334 goto err; 1335 1336 /* free all active lists */ 1337 for (i = 0; i < OP_MAX; i++) 1338 pk11_free_active_list(i); 1339 1340 pFuncList->C_CloseSession(global_session); 1341 global_session = CK_INVALID_HANDLE; 1342 1343 /* 1344 * Since we are part of a library (libcrypto.so), calling this function 1345 * may have side-effects. 1346 */ 1347 #if 0 1348 pFuncList->C_Finalize(NULL); 1349 #endif 1350 1351 if (!DSO_free(pk11_dso)) 1352 { 1353 PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE); 1354 goto err; 1355 } 1356 pk11_dso = NULL; 1357 pFuncList = NULL; 1358 pk11_library_initialized = FALSE; 1359 pk11_pid = 0; 1360 /* 1361 * There is no way how to unregister atfork handlers (other than 1362 * unloading the library) so we just free the locks. For this reason 1363 * the atfork handlers check if the engine is initialized and bail out 1364 * immediately if not. This is necessary in case a process finishes 1365 * the engine before calling fork(). 1366 */ 1367 pk11_free_all_locks(); 1368 1369 return (1); 1370 1371 err: 1372 return (0); 1373 } 1374 1375 /* Standard engine interface function to set the dynamic library path */ 1376 /* ARGSUSED */ 1377 static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) 1378 { 1379 int initialized = ((pk11_dso == NULL) ? 0 : 1); 1380 1381 switch (cmd) 1382 { 1383 case PK11_CMD_SO_PATH: 1384 if (p == NULL) 1385 { 1386 PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER); 1387 return (0); 1388 } 1389 1390 if (initialized) 1391 { 1392 PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED); 1393 return (0); 1394 } 1395 1396 return (set_PK11_LIBNAME((const char *)p)); 1397 default: 1398 break; 1399 } 1400 1401 PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED); 1402 1403 return (0); 1404 } 1405 1406 1407 /* Required function by the engine random interface. It does nothing here */ 1408 static void pk11_rand_cleanup(void) 1409 { 1410 return; 1411 } 1412 1413 /* ARGSUSED */ 1414 static void pk11_rand_add(const void *buf, int num, double add) 1415 { 1416 PK11_SESSION *sp; 1417 1418 if ((sp = pk11_get_session(OP_RAND)) == NULL) 1419 return; 1420 1421 /* 1422 * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since 1423 * the calling functions do not care anyway 1424 */ 1425 pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num); 1426 pk11_return_session(sp, OP_RAND); 1427 1428 return; 1429 } 1430 1431 static void pk11_rand_seed(const void *buf, int num) 1432 { 1433 pk11_rand_add(buf, num, 0); 1434 } 1435 1436 static int pk11_rand_bytes(unsigned char *buf, int num) 1437 { 1438 CK_RV rv; 1439 PK11_SESSION *sp; 1440 1441 if ((sp = pk11_get_session(OP_RAND)) == NULL) 1442 return (0); 1443 1444 rv = pFuncList->C_GenerateRandom(sp->session, buf, num); 1445 if (rv != CKR_OK) 1446 { 1447 PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv); 1448 pk11_return_session(sp, OP_RAND); 1449 return (0); 1450 } 1451 1452 pk11_return_session(sp, OP_RAND); 1453 return (1); 1454 } 1455 1456 /* Required function by the engine random interface. It does nothing here */ 1457 static int pk11_rand_status(void) 1458 { 1459 return (1); 1460 } 1461 1462 /* Free all BIGNUM structures from PK11_SESSION. */ 1463 static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype) 1464 { 1465 switch (optype) 1466 { 1467 #ifndef OPENSSL_NO_RSA 1468 case OP_RSA: 1469 if (sp->opdata_rsa_n_num != NULL) 1470 { 1471 BN_free(sp->opdata_rsa_n_num); 1472 sp->opdata_rsa_n_num = NULL; 1473 } 1474 if (sp->opdata_rsa_e_num != NULL) 1475 { 1476 BN_free(sp->opdata_rsa_e_num); 1477 sp->opdata_rsa_e_num = NULL; 1478 } 1479 if (sp->opdata_rsa_d_num != NULL) 1480 { 1481 BN_free(sp->opdata_rsa_d_num); 1482 sp->opdata_rsa_d_num = NULL; 1483 } 1484 break; 1485 #endif 1486 #ifndef OPENSSL_NO_DSA 1487 case OP_DSA: 1488 if (sp->opdata_dsa_pub_num != NULL) 1489 { 1490 BN_free(sp->opdata_dsa_pub_num); 1491 sp->opdata_dsa_pub_num = NULL; 1492 } 1493 if (sp->opdata_dsa_priv_num != NULL) 1494 { 1495 BN_free(sp->opdata_dsa_priv_num); 1496 sp->opdata_dsa_priv_num = NULL; 1497 } 1498 break; 1499 #endif 1500 #ifndef OPENSSL_NO_DH 1501 case OP_DH: 1502 if (sp->opdata_dh_priv_num != NULL) 1503 { 1504 BN_free(sp->opdata_dh_priv_num); 1505 sp->opdata_dh_priv_num = NULL; 1506 } 1507 break; 1508 #endif 1509 default: 1510 break; 1511 } 1512 } 1513 1514 /* 1515 * Get new PK11_SESSION structure ready for use. Every process must have 1516 * its own freelist of PK11_SESSION structures so handle fork() here 1517 * by destroying the old and creating new freelist. 1518 * The returned PK11_SESSION structure is disconnected from the freelist. 1519 */ 1520 PK11_SESSION * 1521 pk11_get_session(PK11_OPTYPE optype) 1522 { 1523 PK11_SESSION *sp = NULL, *sp1, *freelist; 1524 pthread_mutex_t *freelist_lock; 1525 CK_RV rv; 1526 1527 switch (optype) 1528 { 1529 case OP_RSA: 1530 case OP_DSA: 1531 case OP_DH: 1532 case OP_RAND: 1533 case OP_DIGEST: 1534 case OP_CIPHER: 1535 freelist_lock = session_cache[optype].lock; 1536 break; 1537 default: 1538 PK11err(PK11_F_GET_SESSION, 1539 PK11_R_INVALID_OPERATION_TYPE); 1540 return (NULL); 1541 } 1542 (void) pthread_mutex_lock(freelist_lock); 1543 freelist = session_cache[optype].head; 1544 sp = freelist; 1545 1546 /* 1547 * If the free list is empty, allocate new unitialized (filled 1548 * with zeroes) PK11_SESSION structure otherwise return first 1549 * structure from the freelist. 1550 */ 1551 if (sp == NULL) 1552 { 1553 if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL) 1554 { 1555 PK11err(PK11_F_GET_SESSION, 1556 PK11_R_MALLOC_FAILURE); 1557 goto err; 1558 } 1559 (void) memset(sp, 0, sizeof (PK11_SESSION)); 1560 } 1561 else 1562 { 1563 freelist = sp->next; 1564 } 1565 1566 if (sp->pid != 0 && sp->pid != getpid()) 1567 { 1568 /* 1569 * We are a new process and thus need to free any inherited 1570 * PK11_SESSION objects. 1571 */ 1572 while ((sp1 = freelist) != NULL) 1573 { 1574 freelist = sp1->next; 1575 /* 1576 * NOTE: we do not want to call pk11_free_all_sessions() 1577 * here because it would close underlying PKCS#11 1578 * sessions and destroy all objects. 1579 */ 1580 pk11_free_nums(sp1, optype); 1581 OPENSSL_free(sp1); 1582 } 1583 1584 /* we have to free the active list as well. */ 1585 pk11_free_active_list(optype); 1586 1587 /* Initialize the process */ 1588 rv = pFuncList->C_Initialize(NULL_PTR); 1589 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) 1590 { 1591 PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE, 1592 rv); 1593 OPENSSL_free(sp); 1594 sp = NULL; 1595 goto err; 1596 } 1597 1598 /* 1599 * Choose slot here since the slot table is different on this 1600 * process. If we are here then we must have found at least one 1601 * usable slot before so we don't need to check any_slot_found. 1602 * See pk11_library_init()'s usage of this function for more 1603 * information. 1604 */ 1605 #ifdef SOLARIS_HW_SLOT_SELECTION 1606 if (check_hw_mechanisms() == 0) 1607 goto err; 1608 #endif /* SOLARIS_HW_SLOT_SELECTION */ 1609 if (pk11_choose_slots(NULL) == 0) 1610 goto err; 1611 1612 /* Open the global_session for the new process */ 1613 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, 1614 NULL_PTR, NULL_PTR, &global_session); 1615 if (rv != CKR_OK) 1616 { 1617 PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION, 1618 rv); 1619 OPENSSL_free(sp); 1620 sp = NULL; 1621 goto err; 1622 } 1623 1624 /* It is an inherited session and needs re-initialization. */ 1625 if (pk11_setup_session(sp, optype) == 0) 1626 { 1627 OPENSSL_free(sp); 1628 sp = NULL; 1629 } 1630 } 1631 if (sp->pid == 0) 1632 { 1633 /* It is a new session and needs initialization. */ 1634 if (pk11_setup_session(sp, optype) == 0) 1635 { 1636 OPENSSL_free(sp); 1637 sp = NULL; 1638 } 1639 } 1640 1641 /* set new head for the list of PK11_SESSION objects */ 1642 session_cache[optype].head = freelist; 1643 1644 err: 1645 if (sp != NULL) 1646 sp->next = NULL; 1647 1648 (void) pthread_mutex_unlock(freelist_lock); 1649 1650 return (sp); 1651 } 1652 1653 1654 void 1655 pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype) 1656 { 1657 pthread_mutex_t *freelist_lock; 1658 PK11_SESSION *freelist; 1659 1660 if (sp == NULL || sp->pid != getpid()) 1661 return; 1662 1663 switch (optype) 1664 { 1665 case OP_RSA: 1666 case OP_DSA: 1667 case OP_DH: 1668 case OP_RAND: 1669 case OP_DIGEST: 1670 case OP_CIPHER: 1671 freelist_lock = session_cache[optype].lock; 1672 break; 1673 default: 1674 PK11err(PK11_F_RETURN_SESSION, 1675 PK11_R_INVALID_OPERATION_TYPE); 1676 return; 1677 } 1678 1679 (void) pthread_mutex_lock(freelist_lock); 1680 freelist = session_cache[optype].head; 1681 sp->next = freelist; 1682 session_cache[optype].head = sp; 1683 (void) pthread_mutex_unlock(freelist_lock); 1684 } 1685 1686 1687 /* Destroy all objects. This function is called when the engine is finished */ 1688 static int pk11_free_all_sessions() 1689 { 1690 int ret = 1; 1691 int type; 1692 1693 #ifndef OPENSSL_NO_RSA 1694 (void) pk11_destroy_rsa_key_objects(NULL); 1695 #endif /* OPENSSL_NO_RSA */ 1696 #ifndef OPENSSL_NO_DSA 1697 (void) pk11_destroy_dsa_key_objects(NULL); 1698 #endif /* OPENSSL_NO_DSA */ 1699 #ifndef OPENSSL_NO_DH 1700 (void) pk11_destroy_dh_key_objects(NULL); 1701 #endif /* OPENSSL_NO_DH */ 1702 (void) pk11_destroy_cipher_key_objects(NULL); 1703 1704 /* 1705 * We try to release as much as we can but any error means that we will 1706 * return 0 on exit. 1707 */ 1708 for (type = 0; type < OP_MAX; type++) 1709 { 1710 if (pk11_free_session_list(type) == 0) 1711 ret = 0; 1712 } 1713 1714 return (ret); 1715 } 1716 1717 /* 1718 * Destroy session structures from the linked list specified. Free as many 1719 * sessions as possible but any failure in C_CloseSession() means that we 1720 * return an error on return. 1721 */ 1722 static int pk11_free_session_list(PK11_OPTYPE optype) 1723 { 1724 CK_RV rv; 1725 PK11_SESSION *sp = NULL; 1726 PK11_SESSION *freelist = NULL; 1727 pid_t mypid = getpid(); 1728 pthread_mutex_t *freelist_lock; 1729 int ret = 1; 1730 1731 switch (optype) 1732 { 1733 case OP_RSA: 1734 case OP_DSA: 1735 case OP_DH: 1736 case OP_RAND: 1737 case OP_DIGEST: 1738 case OP_CIPHER: 1739 freelist_lock = session_cache[optype].lock; 1740 break; 1741 default: 1742 PK11err(PK11_F_FREE_ALL_SESSIONS, 1743 PK11_R_INVALID_OPERATION_TYPE); 1744 return (0); 1745 } 1746 1747 (void) pthread_mutex_lock(freelist_lock); 1748 freelist = session_cache[optype].head; 1749 while ((sp = freelist) != NULL) 1750 { 1751 if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid) 1752 { 1753 rv = pFuncList->C_CloseSession(sp->session); 1754 if (rv != CKR_OK) 1755 { 1756 PK11err_add_data(PK11_F_FREE_ALL_SESSIONS, 1757 PK11_R_CLOSESESSION, rv); 1758 ret = 0; 1759 } 1760 } 1761 freelist = sp->next; 1762 pk11_free_nums(sp, optype); 1763 OPENSSL_free(sp); 1764 } 1765 1766 (void) pthread_mutex_unlock(freelist_lock); 1767 return (ret); 1768 } 1769 1770 1771 static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype) 1772 { 1773 CK_RV rv; 1774 CK_SLOT_ID myslot; 1775 1776 switch (optype) 1777 { 1778 case OP_RSA: 1779 case OP_DSA: 1780 case OP_DH: 1781 myslot = pubkey_SLOTID; 1782 break; 1783 case OP_RAND: 1784 myslot = rand_SLOTID; 1785 break; 1786 case OP_DIGEST: 1787 case OP_CIPHER: 1788 myslot = SLOTID; 1789 break; 1790 default: 1791 PK11err(PK11_F_SETUP_SESSION, 1792 PK11_R_INVALID_OPERATION_TYPE); 1793 return (0); 1794 } 1795 1796 sp->session = CK_INVALID_HANDLE; 1797 #ifdef DEBUG_SLOT_SELECTION 1798 fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype); 1799 #endif /* DEBUG_SLOT_SELECTION */ 1800 rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, 1801 NULL_PTR, NULL_PTR, &sp->session); 1802 if (rv == CKR_CRYPTOKI_NOT_INITIALIZED) 1803 { 1804 /* 1805 * We are probably a child process so force the 1806 * reinitialize of the session 1807 */ 1808 pk11_library_initialized = FALSE; 1809 if (!pk11_library_init(NULL)) 1810 return (0); 1811 rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, 1812 NULL_PTR, NULL_PTR, &sp->session); 1813 } 1814 if (rv != CKR_OK) 1815 { 1816 PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv); 1817 return (0); 1818 } 1819 1820 sp->pid = getpid(); 1821 1822 switch (optype) 1823 { 1824 #ifndef OPENSSL_NO_RSA 1825 case OP_RSA: 1826 sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; 1827 sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; 1828 sp->opdata_rsa_pub = NULL; 1829 sp->opdata_rsa_n_num = NULL; 1830 sp->opdata_rsa_e_num = NULL; 1831 sp->opdata_rsa_priv = NULL; 1832 sp->opdata_rsa_d_num = NULL; 1833 break; 1834 #endif /* OPENSSL_NO_RSA */ 1835 #ifndef OPENSSL_NO_DSA 1836 case OP_DSA: 1837 sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; 1838 sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; 1839 sp->opdata_dsa_pub = NULL; 1840 sp->opdata_dsa_pub_num = NULL; 1841 sp->opdata_dsa_priv = NULL; 1842 sp->opdata_dsa_priv_num = NULL; 1843 break; 1844 #endif /* OPENSSL_NO_DSA */ 1845 #ifndef OPENSSL_NO_DH 1846 case OP_DH: 1847 sp->opdata_dh_key = CK_INVALID_HANDLE; 1848 sp->opdata_dh = NULL; 1849 sp->opdata_dh_priv_num = NULL; 1850 break; 1851 #endif /* OPENSSL_NO_DH */ 1852 case OP_CIPHER: 1853 sp->opdata_cipher_key = CK_INVALID_HANDLE; 1854 sp->opdata_encrypt = -1; 1855 break; 1856 } 1857 1858 return (1); 1859 } 1860 1861 #ifndef OPENSSL_NO_RSA 1862 /* Destroy RSA public key from single session. */ 1863 int 1864 pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) 1865 { 1866 int ret = 0; 1867 1868 if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE) 1869 { 1870 TRY_OBJ_DESTROY(sp->session, sp->opdata_rsa_pub_key, 1871 ret, uselock, OP_RSA); 1872 sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; 1873 sp->opdata_rsa_pub = NULL; 1874 if (sp->opdata_rsa_n_num != NULL) 1875 { 1876 BN_free(sp->opdata_rsa_n_num); 1877 sp->opdata_rsa_n_num = NULL; 1878 } 1879 if (sp->opdata_rsa_e_num != NULL) 1880 { 1881 BN_free(sp->opdata_rsa_e_num); 1882 sp->opdata_rsa_e_num = NULL; 1883 } 1884 } 1885 1886 return (ret); 1887 } 1888 1889 /* Destroy RSA private key from single session. */ 1890 int 1891 pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) 1892 { 1893 int ret = 0; 1894 1895 if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE) 1896 { 1897 TRY_OBJ_DESTROY(sp->session, sp->opdata_rsa_priv_key, 1898 ret, uselock, OP_RSA); 1899 sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; 1900 sp->opdata_rsa_priv = NULL; 1901 if (sp->opdata_rsa_d_num != NULL) 1902 { 1903 BN_free(sp->opdata_rsa_d_num); 1904 sp->opdata_rsa_d_num = NULL; 1905 } 1906 } 1907 1908 return (ret); 1909 } 1910 1911 /* 1912 * Destroy RSA key object wrapper. If session is NULL, try to destroy all 1913 * objects in the free list. 1914 */ 1915 int 1916 pk11_destroy_rsa_key_objects(PK11_SESSION *session) 1917 { 1918 int ret = 1; 1919 PK11_SESSION *sp = NULL; 1920 PK11_SESSION *local_free_session; 1921 CK_BBOOL uselock = TRUE; 1922 1923 if (session != NULL) 1924 local_free_session = session; 1925 else 1926 { 1927 (void) pthread_mutex_lock(session_cache[OP_RSA].lock); 1928 local_free_session = session_cache[OP_RSA].head; 1929 uselock = FALSE; 1930 } 1931 1932 /* 1933 * go through the list of sessions and delete key objects 1934 */ 1935 while ((sp = local_free_session) != NULL) 1936 { 1937 local_free_session = sp->next; 1938 1939 /* 1940 * Do not terminate list traversal if one of the 1941 * destroy operations fails. 1942 */ 1943 if (pk11_destroy_rsa_object_pub(sp, uselock) == 0) 1944 { 1945 ret = 0; 1946 continue; 1947 } 1948 if (pk11_destroy_rsa_object_priv(sp, uselock) == 0) 1949 { 1950 ret = 0; 1951 continue; 1952 } 1953 } 1954 1955 if (session == NULL) 1956 (void) pthread_mutex_unlock(session_cache[OP_RSA].lock); 1957 1958 return (ret); 1959 } 1960 #endif /* OPENSSL_NO_RSA */ 1961 1962 #ifndef OPENSSL_NO_DSA 1963 /* Destroy DSA public key from single session. */ 1964 int 1965 pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) 1966 { 1967 int ret = 0; 1968 1969 if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE) 1970 { 1971 TRY_OBJ_DESTROY(sp->session, sp->opdata_dsa_pub_key, 1972 ret, uselock, OP_DSA); 1973 sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; 1974 sp->opdata_dsa_pub = NULL; 1975 if (sp->opdata_dsa_pub_num != NULL) 1976 { 1977 BN_free(sp->opdata_dsa_pub_num); 1978 sp->opdata_dsa_pub_num = NULL; 1979 } 1980 } 1981 1982 return (ret); 1983 } 1984 1985 /* Destroy DSA private key from single session. */ 1986 int 1987 pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) 1988 { 1989 int ret = 0; 1990 1991 if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE) 1992 { 1993 TRY_OBJ_DESTROY(sp->session, sp->opdata_dsa_priv_key, 1994 ret, uselock, OP_DSA); 1995 sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; 1996 sp->opdata_dsa_priv = NULL; 1997 if (sp->opdata_dsa_priv_num != NULL) 1998 { 1999 BN_free(sp->opdata_dsa_priv_num); 2000 sp->opdata_dsa_priv_num = NULL; 2001 } 2002 } 2003 2004 return (ret); 2005 } 2006 2007 /* 2008 * Destroy DSA key object wrapper. If session is NULL, try to destroy all 2009 * objects in the free list. 2010 */ 2011 int 2012 pk11_destroy_dsa_key_objects(PK11_SESSION *session) 2013 { 2014 int ret = 1; 2015 PK11_SESSION *sp = NULL; 2016 PK11_SESSION *local_free_session; 2017 CK_BBOOL uselock = TRUE; 2018 2019 if (session != NULL) 2020 local_free_session = session; 2021 else 2022 { 2023 (void) pthread_mutex_lock(session_cache[OP_DSA].lock); 2024 local_free_session = session_cache[OP_DSA].head; 2025 uselock = FALSE; 2026 } 2027 2028 /* 2029 * go through the list of sessions and delete key objects 2030 */ 2031 while ((sp = local_free_session) != NULL) 2032 { 2033 local_free_session = sp->next; 2034 2035 /* 2036 * Do not terminate list traversal if one of the 2037 * destroy operations fails. 2038 */ 2039 if (pk11_destroy_dsa_object_pub(sp, uselock) == 0) 2040 { 2041 ret = 0; 2042 continue; 2043 } 2044 if (pk11_destroy_dsa_object_priv(sp, uselock) == 0) 2045 { 2046 ret = 0; 2047 continue; 2048 } 2049 } 2050 2051 if (session == NULL) 2052 (void) pthread_mutex_unlock(session_cache[OP_DSA].lock); 2053 2054 return (ret); 2055 } 2056 #endif /* OPENSSL_NO_DSA */ 2057 2058 #ifndef OPENSSL_NO_DH 2059 /* Destroy DH key from single session. */ 2060 int 2061 pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock) 2062 { 2063 int ret = 0; 2064 2065 if (sp->opdata_dh_key != CK_INVALID_HANDLE) 2066 { 2067 TRY_OBJ_DESTROY(sp->session, sp->opdata_dh_key, 2068 ret, uselock, OP_DH); 2069 sp->opdata_dh_key = CK_INVALID_HANDLE; 2070 sp->opdata_dh = NULL; 2071 if (sp->opdata_dh_priv_num != NULL) 2072 { 2073 BN_free(sp->opdata_dh_priv_num); 2074 sp->opdata_dh_priv_num = NULL; 2075 } 2076 } 2077 2078 return (ret); 2079 } 2080 2081 /* 2082 * Destroy DH key object wrapper. 2083 * 2084 * arg0: pointer to PKCS#11 engine session structure 2085 * if session is NULL, try to destroy all objects in the free list 2086 */ 2087 int 2088 pk11_destroy_dh_key_objects(PK11_SESSION *session) 2089 { 2090 int ret = 1; 2091 PK11_SESSION *sp = NULL; 2092 PK11_SESSION *local_free_session; 2093 CK_BBOOL uselock = TRUE; 2094 2095 if (session != NULL) 2096 local_free_session = session; 2097 else 2098 { 2099 (void) pthread_mutex_lock(session_cache[OP_DH].lock); 2100 local_free_session = session_cache[OP_DH].head; 2101 uselock = FALSE; 2102 } 2103 2104 while ((sp = local_free_session) != NULL) 2105 { 2106 local_free_session = sp->next; 2107 2108 /* 2109 * Do not terminate list traversal if one of the 2110 * destroy operations fails. 2111 */ 2112 if (pk11_destroy_dh_object(sp, uselock) == 0) 2113 { 2114 ret = 0; 2115 continue; 2116 } 2117 } 2118 err: 2119 if (session == NULL) 2120 (void) pthread_mutex_unlock(session_cache[OP_DH].lock); 2121 2122 return (ret); 2123 } 2124 #endif /* OPENSSL_NO_DH */ 2125 2126 static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh) 2127 { 2128 CK_RV rv; 2129 rv = pFuncList->C_DestroyObject(session, oh); 2130 if (rv != CKR_OK) 2131 { 2132 PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT, 2133 rv); 2134 return (0); 2135 } 2136 2137 return (1); 2138 } 2139 2140 2141 /* Symmetric ciphers and digests support functions */ 2142 2143 static int 2144 cipher_nid_to_pk11(int nid) 2145 { 2146 int i; 2147 2148 for (i = 0; i < PK11_CIPHER_MAX; i++) 2149 if (ciphers[i].nid == nid) 2150 return (ciphers[i].id); 2151 return (-1); 2152 } 2153 2154 static int 2155 pk11_usable_ciphers(const int **nids) 2156 { 2157 if (cipher_count > 0) 2158 *nids = cipher_nids; 2159 else 2160 *nids = NULL; 2161 return (cipher_count); 2162 } 2163 2164 static int 2165 pk11_usable_digests(const int **nids) 2166 { 2167 if (digest_count > 0) 2168 *nids = digest_nids; 2169 else 2170 *nids = NULL; 2171 return (digest_count); 2172 } 2173 2174 /* 2175 * Init context for encryption or decryption using a symmetric key. 2176 */ 2177 static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher, 2178 PK11_SESSION *sp, CK_MECHANISM_PTR pmech) 2179 { 2180 CK_RV rv; 2181 #ifdef SOLARIS_AES_CTR 2182 CK_AES_CTR_PARAMS ctr_params; 2183 #endif /* SOLARIS_AES_CTR */ 2184 2185 /* 2186 * We expect pmech->mechanism to be already set and 2187 * pParameter/ulParameterLen initialized to NULL/0 before 2188 * pk11_init_symetric() is called. 2189 */ 2190 OPENSSL_assert(pmech->mechanism != NULL); 2191 OPENSSL_assert(pmech->pParameter == NULL); 2192 OPENSSL_assert(pmech->ulParameterLen == 0); 2193 2194 #ifdef SOLARIS_AES_CTR 2195 if (ctx->cipher->nid == NID_aes_128_ctr || 2196 ctx->cipher->nid == NID_aes_192_ctr || 2197 ctx->cipher->nid == NID_aes_256_ctr) 2198 { 2199 pmech->pParameter = (void *)(&ctr_params); 2200 pmech->ulParameterLen = sizeof (ctr_params); 2201 /* 2202 * For now, we are limited to the fixed length of the counter, 2203 * it covers the whole counter block. That's what RFC 4344 2204 * needs. For more information on internal structure of the 2205 * counter block, see RFC 3686. If needed in the future, we can 2206 * add code so that the counter length can be set via 2207 * ENGINE_ctrl() function. 2208 */ 2209 ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; 2210 OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE); 2211 (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE); 2212 } 2213 else 2214 #endif /* SOLARIS_AES_CTR */ 2215 { 2216 if (pcipher->iv_len > 0) 2217 { 2218 pmech->pParameter = (void *)ctx->iv; 2219 pmech->ulParameterLen = pcipher->iv_len; 2220 } 2221 } 2222 2223 /* if we get here, the encryption needs to be reinitialized */ 2224 if (ctx->encrypt) 2225 rv = pFuncList->C_EncryptInit(sp->session, pmech, 2226 sp->opdata_cipher_key); 2227 else 2228 rv = pFuncList->C_DecryptInit(sp->session, pmech, 2229 sp->opdata_cipher_key); 2230 2231 if (rv != CKR_OK) 2232 { 2233 PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ? 2234 PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv); 2235 pk11_return_session(sp, OP_CIPHER); 2236 return (0); 2237 } 2238 2239 return (1); 2240 } 2241 2242 /* ARGSUSED */ 2243 static int 2244 pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 2245 const unsigned char *iv, int enc) 2246 { 2247 CK_MECHANISM mech; 2248 int index; 2249 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; 2250 PK11_SESSION *sp; 2251 PK11_CIPHER *p_ciph_table_row; 2252 2253 state->sp = NULL; 2254 2255 index = cipher_nid_to_pk11(ctx->cipher->nid); 2256 if (index < 0 || index >= PK11_CIPHER_MAX) 2257 return (0); 2258 2259 p_ciph_table_row = &ciphers[index]; 2260 /* 2261 * iv_len in the ctx->cipher structure is the maximum IV length for the 2262 * current cipher and it must be less or equal to the IV length in our 2263 * ciphers table. The key length must be in the allowed interval. From 2264 * all cipher modes that the PKCS#11 engine supports only RC4 allows a 2265 * key length to be in some range, all other NIDs have a precise key 2266 * length. Every application can define its own EVP functions so this 2267 * code serves as a sanity check. 2268 * 2269 * Note that the reason why the IV length in ctx->cipher might be 2270 * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs 2271 * macro to define functions that return EVP structures for all DES 2272 * modes. So, even ECB modes get 8 byte IV. 2273 */ 2274 if (ctx->cipher->iv_len < p_ciph_table_row->iv_len || 2275 ctx->key_len < p_ciph_table_row->min_key_len || 2276 ctx->key_len > p_ciph_table_row->max_key_len) { 2277 PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM); 2278 return (0); 2279 } 2280 2281 if ((sp = pk11_get_session(OP_CIPHER)) == NULL) 2282 return (0); 2283 2284 /* if applicable, the mechanism parameter is used for IV */ 2285 mech.mechanism = p_ciph_table_row->mech_type; 2286 mech.pParameter = NULL; 2287 mech.ulParameterLen = 0; 2288 2289 /* The key object is destroyed here if it is not the current key. */ 2290 (void) check_new_cipher_key(sp, key, ctx->key_len); 2291 2292 /* 2293 * If the key is the same and the encryption is also the same, then 2294 * just reuse it. However, we must not forget to reinitialize the 2295 * context that was finalized in pk11_cipher_cleanup(). 2296 */ 2297 if (sp->opdata_cipher_key != CK_INVALID_HANDLE && 2298 sp->opdata_encrypt == ctx->encrypt) 2299 { 2300 state->sp = sp; 2301 if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) 2302 return (0); 2303 2304 return (1); 2305 } 2306 2307 /* 2308 * Check if the key has been invalidated. If so, a new key object 2309 * needs to be created. 2310 */ 2311 if (sp->opdata_cipher_key == CK_INVALID_HANDLE) 2312 { 2313 sp->opdata_cipher_key = pk11_get_cipher_key( 2314 ctx, key, p_ciph_table_row->key_type, sp); 2315 } 2316 2317 if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1) 2318 { 2319 /* 2320 * The previous encryption/decryption is different. Need to 2321 * terminate the previous * active encryption/decryption here. 2322 */ 2323 if (!pk11_cipher_final(sp)) 2324 { 2325 pk11_return_session(sp, OP_CIPHER); 2326 return (0); 2327 } 2328 } 2329 2330 if (sp->opdata_cipher_key == CK_INVALID_HANDLE) 2331 { 2332 pk11_return_session(sp, OP_CIPHER); 2333 return (0); 2334 } 2335 2336 /* now initialize the context with a new key */ 2337 if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) 2338 return (0); 2339 2340 sp->opdata_encrypt = ctx->encrypt; 2341 state->sp = sp; 2342 2343 return (1); 2344 } 2345 2346 /* 2347 * When reusing the same key in an encryption/decryption session for a 2348 * decryption/encryption session, we need to close the active session 2349 * and recreate a new one. Note that the key is in the global session so 2350 * that it needs not be recreated. 2351 * 2352 * It is more appropriate to use C_En/DecryptFinish here. At the time of this 2353 * development, these two functions in the PKCS#11 libraries used return 2354 * unexpected errors when passing in 0 length output. It may be a good 2355 * idea to try them again if performance is a problem here and fix 2356 * C_En/DecryptFinial if there are bugs there causing the problem. 2357 */ 2358 static int 2359 pk11_cipher_final(PK11_SESSION *sp) 2360 { 2361 CK_RV rv; 2362 2363 rv = pFuncList->C_CloseSession(sp->session); 2364 if (rv != CKR_OK) 2365 { 2366 PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv); 2367 return (0); 2368 } 2369 2370 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, 2371 NULL_PTR, NULL_PTR, &sp->session); 2372 if (rv != CKR_OK) 2373 { 2374 PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv); 2375 return (0); 2376 } 2377 2378 return (1); 2379 } 2380 2381 /* 2382 * An engine interface function. The calling function allocates sufficient 2383 * memory for the output buffer "out" to hold the results. 2384 */ 2385 static int 2386 pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 2387 const unsigned char *in, unsigned int inl) 2388 { 2389 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; 2390 PK11_SESSION *sp; 2391 CK_RV rv; 2392 unsigned long outl = inl; 2393 2394 if (state == NULL || state->sp == NULL) 2395 return (0); 2396 2397 sp = (PK11_SESSION *) state->sp; 2398 2399 if (!inl) 2400 return (1); 2401 2402 /* RC4 is the only stream cipher we support */ 2403 if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0) 2404 return (0); 2405 2406 if (ctx->encrypt) 2407 { 2408 rv = pFuncList->C_EncryptUpdate(sp->session, 2409 (unsigned char *)in, inl, out, &outl); 2410 2411 if (rv != CKR_OK) 2412 { 2413 PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, 2414 PK11_R_ENCRYPTUPDATE, rv); 2415 return (0); 2416 } 2417 } 2418 else 2419 { 2420 rv = pFuncList->C_DecryptUpdate(sp->session, 2421 (unsigned char *)in, inl, out, &outl); 2422 2423 if (rv != CKR_OK) 2424 { 2425 PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, 2426 PK11_R_DECRYPTUPDATE, rv); 2427 return (0); 2428 } 2429 } 2430 2431 /* 2432 * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always 2433 * the same size of input. 2434 * The application has guaranteed to call the block ciphers with 2435 * correctly aligned buffers. 2436 */ 2437 if (inl != outl) 2438 return (0); 2439 2440 return (1); 2441 } 2442 2443 /* 2444 * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal() 2445 * here is the right thing because in EVP_DecryptFinal_ex(), engine's 2446 * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but 2447 * the engine can't find out that it's the finalizing call. We wouldn't 2448 * necessarily have to finalize the context here since reinitializing it with 2449 * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness, 2450 * let's do it. Some implementations might leak memory if the previously used 2451 * context is initialized without finalizing it first. 2452 */ 2453 static int 2454 pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx) 2455 { 2456 CK_RV rv; 2457 CK_ULONG len = EVP_MAX_BLOCK_LENGTH; 2458 CK_BYTE buf[EVP_MAX_BLOCK_LENGTH]; 2459 PK11_CIPHER_STATE *state = ctx->cipher_data; 2460 2461 if (state != NULL && state->sp != NULL) 2462 { 2463 /* 2464 * We are not interested in the data here, we just need to get 2465 * rid of the context. 2466 */ 2467 if (ctx->encrypt) 2468 rv = pFuncList->C_EncryptFinal( 2469 state->sp->session, buf, &len); 2470 else 2471 rv = pFuncList->C_DecryptFinal( 2472 state->sp->session, buf, &len); 2473 2474 if (rv != CKR_OK) 2475 { 2476 PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ? 2477 PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv); 2478 pk11_return_session(state->sp, OP_CIPHER); 2479 return (0); 2480 } 2481 2482 pk11_return_session(state->sp, OP_CIPHER); 2483 state->sp = NULL; 2484 } 2485 2486 return (1); 2487 } 2488 2489 /* 2490 * Registered by the ENGINE when used to find out how to deal with 2491 * a particular NID in the ENGINE. This says what we'll do at the 2492 * top level - note, that list is restricted by what we answer with 2493 */ 2494 /* ARGSUSED */ 2495 static int 2496 pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 2497 const int **nids, int nid) 2498 { 2499 if (!cipher) 2500 return (pk11_usable_ciphers(nids)); 2501 2502 switch (nid) 2503 { 2504 case NID_des_ede3_cbc: 2505 *cipher = &pk11_3des_cbc; 2506 break; 2507 case NID_des_cbc: 2508 *cipher = &pk11_des_cbc; 2509 break; 2510 case NID_des_ede3_ecb: 2511 *cipher = &pk11_3des_ecb; 2512 break; 2513 case NID_des_ecb: 2514 *cipher = &pk11_des_ecb; 2515 break; 2516 case NID_aes_128_cbc: 2517 *cipher = &pk11_aes_128_cbc; 2518 break; 2519 case NID_aes_192_cbc: 2520 *cipher = &pk11_aes_192_cbc; 2521 break; 2522 case NID_aes_256_cbc: 2523 *cipher = &pk11_aes_256_cbc; 2524 break; 2525 case NID_aes_128_ecb: 2526 *cipher = &pk11_aes_128_ecb; 2527 break; 2528 case NID_aes_192_ecb: 2529 *cipher = &pk11_aes_192_ecb; 2530 break; 2531 case NID_aes_256_ecb: 2532 *cipher = &pk11_aes_256_ecb; 2533 break; 2534 case NID_bf_cbc: 2535 *cipher = &pk11_bf_cbc; 2536 break; 2537 case NID_rc4: 2538 *cipher = &pk11_rc4; 2539 break; 2540 default: 2541 #ifdef SOLARIS_AES_CTR 2542 /* 2543 * These can't be in separated cases because the NIDs 2544 * here are not constants. 2545 */ 2546 if (nid == NID_aes_128_ctr) 2547 *cipher = &pk11_aes_128_ctr; 2548 else if (nid == NID_aes_192_ctr) 2549 *cipher = &pk11_aes_192_ctr; 2550 else if (nid == NID_aes_256_ctr) 2551 *cipher = &pk11_aes_256_ctr; 2552 else 2553 #endif /* SOLARIS_AES_CTR */ 2554 *cipher = NULL; 2555 break; 2556 } 2557 return (*cipher != NULL); 2558 } 2559 2560 /* ARGSUSED */ 2561 static int 2562 pk11_engine_digests(ENGINE *e, const EVP_MD **digest, 2563 const int **nids, int nid) 2564 { 2565 if (!digest) 2566 return (pk11_usable_digests(nids)); 2567 2568 switch (nid) 2569 { 2570 case NID_md5: 2571 *digest = &pk11_md5; 2572 break; 2573 case NID_sha1: 2574 *digest = &pk11_sha1; 2575 break; 2576 case NID_sha224: 2577 *digest = &pk11_sha224; 2578 break; 2579 case NID_sha256: 2580 *digest = &pk11_sha256; 2581 break; 2582 case NID_sha384: 2583 *digest = &pk11_sha384; 2584 break; 2585 case NID_sha512: 2586 *digest = &pk11_sha512; 2587 break; 2588 default: 2589 *digest = NULL; 2590 break; 2591 } 2592 return (*digest != NULL); 2593 } 2594 2595 2596 /* Create a secret key object in a PKCS#11 session */ 2597 static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, 2598 const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp) 2599 { 2600 CK_RV rv; 2601 CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; 2602 CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY; 2603 CK_ULONG ul_key_attr_count = 6; 2604 2605 CK_ATTRIBUTE a_key_template[] = 2606 { 2607 {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)}, 2608 {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)}, 2609 {CKA_TOKEN, &false, sizeof (false)}, 2610 {CKA_ENCRYPT, &true, sizeof (true)}, 2611 {CKA_DECRYPT, &true, sizeof (true)}, 2612 {CKA_VALUE, (void*) NULL, 0}, 2613 }; 2614 2615 /* 2616 * Create secret key object in global_session. All other sessions 2617 * can use the key handles. Here is why: 2618 * OpenSSL will call EncryptInit and EncryptUpdate using a secret key. 2619 * It may then call DecryptInit and DecryptUpdate using the same key. 2620 * To use the same key object, we need to call EncryptFinal with 2621 * a 0 length message. Currently, this does not work for 3DES 2622 * mechanism. To get around this problem, we close the session and 2623 * then create a new session to use the same key object. When a session 2624 * is closed, all the object handles will be invalid. Thus, create key 2625 * objects in a global session, an individual session may be closed to 2626 * terminate the active operation. 2627 */ 2628 CK_SESSION_HANDLE session = global_session; 2629 a_key_template[0].pValue = &obj_key; 2630 a_key_template[1].pValue = &key_type; 2631 a_key_template[5].pValue = (void *) key; 2632 a_key_template[5].ulValueLen = (unsigned long) ctx->key_len; 2633 2634 rv = pFuncList->C_CreateObject(session, 2635 a_key_template, ul_key_attr_count, &h_key); 2636 if (rv != CKR_OK) 2637 { 2638 PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT, 2639 rv); 2640 goto err; 2641 } 2642 2643 /* 2644 * Save the key information used in this session. 2645 * The max can be saved is PK11_KEY_LEN_MAX. 2646 */ 2647 sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ? 2648 PK11_KEY_LEN_MAX : ctx->key_len; 2649 (void) memcpy(sp->opdata_key, key, sp->opdata_key_len); 2650 err: 2651 2652 return (h_key); 2653 } 2654 2655 static int 2656 md_nid_to_pk11(int nid) 2657 { 2658 int i; 2659 2660 for (i = 0; i < PK11_DIGEST_MAX; i++) 2661 if (digests[i].nid == nid) 2662 return (digests[i].id); 2663 return (-1); 2664 } 2665 2666 static int 2667 pk11_digest_init(EVP_MD_CTX *ctx) 2668 { 2669 CK_RV rv; 2670 CK_MECHANISM mech; 2671 int index; 2672 PK11_SESSION *sp; 2673 PK11_DIGEST *pdp; 2674 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; 2675 2676 state->sp = NULL; 2677 2678 index = md_nid_to_pk11(ctx->digest->type); 2679 if (index < 0 || index >= PK11_DIGEST_MAX) 2680 return (0); 2681 2682 pdp = &digests[index]; 2683 if ((sp = pk11_get_session(OP_DIGEST)) == NULL) 2684 return (0); 2685 2686 /* at present, no parameter is needed for supported digests */ 2687 mech.mechanism = pdp->mech_type; 2688 mech.pParameter = NULL; 2689 mech.ulParameterLen = 0; 2690 2691 rv = pFuncList->C_DigestInit(sp->session, &mech); 2692 2693 if (rv != CKR_OK) 2694 { 2695 PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv); 2696 pk11_return_session(sp, OP_DIGEST); 2697 return (0); 2698 } 2699 2700 state->sp = sp; 2701 2702 return (1); 2703 } 2704 2705 static int 2706 pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) 2707 { 2708 CK_RV rv; 2709 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; 2710 2711 /* 0 length message will cause a failure in C_DigestFinal */ 2712 if (count == 0) 2713 return (1); 2714 2715 if (state == NULL || state->sp == NULL) 2716 return (0); 2717 2718 rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data, 2719 count); 2720 2721 if (rv != CKR_OK) 2722 { 2723 PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv); 2724 pk11_return_session(state->sp, OP_DIGEST); 2725 state->sp = NULL; 2726 return (0); 2727 } 2728 2729 return (1); 2730 } 2731 2732 static int 2733 pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md) 2734 { 2735 CK_RV rv; 2736 unsigned long len; 2737 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; 2738 len = ctx->digest->md_size; 2739 2740 if (state == NULL || state->sp == NULL) 2741 return (0); 2742 2743 rv = pFuncList->C_DigestFinal(state->sp->session, md, &len); 2744 2745 if (rv != CKR_OK) 2746 { 2747 PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv); 2748 pk11_return_session(state->sp, OP_DIGEST); 2749 state->sp = NULL; 2750 return (0); 2751 } 2752 2753 if (ctx->digest->md_size != len) 2754 return (0); 2755 2756 /* 2757 * Final is called and digest is returned, so return the session 2758 * to the pool 2759 */ 2760 pk11_return_session(state->sp, OP_DIGEST); 2761 state->sp = NULL; 2762 2763 return (1); 2764 } 2765 2766 static int 2767 pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) 2768 { 2769 CK_RV rv; 2770 int ret = 0; 2771 PK11_CIPHER_STATE *state, *state_to; 2772 CK_BYTE_PTR pstate = NULL; 2773 CK_ULONG ul_state_len; 2774 2775 /* The copy-from state */ 2776 state = (PK11_CIPHER_STATE *) from->md_data; 2777 if (state == NULL || state->sp == NULL) 2778 goto err; 2779 2780 /* Initialize the copy-to state */ 2781 if (!pk11_digest_init(to)) 2782 goto err; 2783 state_to = (PK11_CIPHER_STATE *) to->md_data; 2784 2785 /* Get the size of the operation state of the copy-from session */ 2786 rv = pFuncList->C_GetOperationState(state->sp->session, NULL, 2787 &ul_state_len); 2788 2789 if (rv != CKR_OK) 2790 { 2791 PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, 2792 rv); 2793 goto err; 2794 } 2795 if (ul_state_len == 0) 2796 { 2797 goto err; 2798 } 2799 2800 pstate = OPENSSL_malloc(ul_state_len); 2801 if (pstate == NULL) 2802 { 2803 PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE); 2804 goto err; 2805 } 2806 2807 /* Get the operation state of the copy-from session */ 2808 rv = pFuncList->C_GetOperationState(state->sp->session, pstate, 2809 &ul_state_len); 2810 2811 if (rv != CKR_OK) 2812 { 2813 PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, 2814 rv); 2815 goto err; 2816 } 2817 2818 /* Set the operation state of the copy-to session */ 2819 rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate, 2820 ul_state_len, 0, 0); 2821 2822 if (rv != CKR_OK) 2823 { 2824 PK11err_add_data(PK11_F_DIGEST_COPY, 2825 PK11_R_SET_OPERATION_STATE, rv); 2826 goto err; 2827 } 2828 2829 ret = 1; 2830 err: 2831 if (pstate != NULL) 2832 OPENSSL_free(pstate); 2833 2834 return (ret); 2835 } 2836 2837 /* Return any pending session state to the pool */ 2838 static int 2839 pk11_digest_cleanup(EVP_MD_CTX *ctx) 2840 { 2841 PK11_CIPHER_STATE *state = ctx->md_data; 2842 unsigned char buf[EVP_MAX_MD_SIZE]; 2843 2844 if (state != NULL && state->sp != NULL) 2845 { 2846 /* 2847 * If state->sp is not NULL then pk11_digest_final() has not 2848 * been called yet. We must call it now to free any memory 2849 * that might have been allocated in the token when 2850 * pk11_digest_init() was called. pk11_digest_final() 2851 * will return the session to the cache. 2852 */ 2853 if (!pk11_digest_final(ctx, buf)) 2854 return (0); 2855 } 2856 2857 return (1); 2858 } 2859 2860 /* 2861 * Check if the new key is the same as the key object in the session. If the key 2862 * is the same, no need to create a new key object. Otherwise, the old key 2863 * object needs to be destroyed and a new one will be created. Return 1 for 2864 * cache hit, 0 for cache miss. Note that we must check the key length first 2865 * otherwise we could end up reusing a different, longer key with the same 2866 * prefix. 2867 */ 2868 static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, 2869 int key_len) 2870 { 2871 if (sp->opdata_key_len != key_len || 2872 memcmp(sp->opdata_key, key, key_len) != 0) 2873 { 2874 (void) pk11_destroy_cipher_key_objects(sp); 2875 return (0); 2876 } 2877 return (1); 2878 } 2879 2880 /* Destroy one or more secret key objects. */ 2881 static int pk11_destroy_cipher_key_objects(PK11_SESSION *session) 2882 { 2883 int ret = 0; 2884 PK11_SESSION *sp = NULL; 2885 PK11_SESSION *local_free_session; 2886 2887 if (session != NULL) 2888 local_free_session = session; 2889 else 2890 { 2891 (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock); 2892 local_free_session = session_cache[OP_CIPHER].head; 2893 } 2894 2895 while ((sp = local_free_session) != NULL) 2896 { 2897 local_free_session = sp->next; 2898 2899 if (sp->opdata_cipher_key != CK_INVALID_HANDLE) 2900 { 2901 /* 2902 * The secret key object is created in the 2903 * global_session. See pk11_get_cipher_key 2904 */ 2905 if (pk11_destroy_object(global_session, 2906 sp->opdata_cipher_key) == 0) 2907 goto err; 2908 sp->opdata_cipher_key = CK_INVALID_HANDLE; 2909 } 2910 } 2911 ret = 1; 2912 err: 2913 2914 if (session == NULL) 2915 (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock); 2916 2917 return (ret); 2918 } 2919 2920 2921 /* 2922 * Public key mechanisms optionally supported 2923 * 2924 * CKM_RSA_X_509 2925 * CKM_RSA_PKCS 2926 * CKM_DSA 2927 * 2928 * The first slot that supports at least one of those mechanisms is chosen as a 2929 * public key slot. 2930 * 2931 * Symmetric ciphers optionally supported 2932 * 2933 * CKM_DES3_CBC 2934 * CKM_DES_CBC 2935 * CKM_AES_CBC 2936 * CKM_DES3_ECB 2937 * CKM_DES_ECB 2938 * CKM_AES_ECB 2939 * CKM_AES_CTR 2940 * CKM_RC4 2941 * CKM_BLOWFISH_CBC 2942 * 2943 * Digests optionally supported 2944 * 2945 * CKM_MD5 2946 * CKM_SHA_1 2947 * CKM_SHA224 2948 * CKM_SHA256 2949 * CKM_SHA384 2950 * CKM_SHA512 2951 * 2952 * The output of this function is a set of global variables indicating which 2953 * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of 2954 * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global 2955 * variables carry information about which slot was chosen for (a) public key 2956 * mechanisms, (b) random operations, and (c) symmetric ciphers and digests. 2957 */ 2958 static int 2959 pk11_choose_slots(int *any_slot_found) 2960 { 2961 CK_SLOT_ID_PTR pSlotList = NULL_PTR; 2962 CK_ULONG ulSlotCount = 0; 2963 CK_MECHANISM_INFO mech_info; 2964 CK_TOKEN_INFO token_info; 2965 int i; 2966 CK_RV rv; 2967 CK_SLOT_ID best_slot_sofar; 2968 CK_BBOOL found_candidate_slot = CK_FALSE; 2969 int slot_n_cipher = 0; 2970 int slot_n_digest = 0; 2971 CK_SLOT_ID current_slot = 0; 2972 int current_slot_n_cipher = 0; 2973 int current_slot_n_digest = 0; 2974 2975 int local_cipher_nids[PK11_CIPHER_MAX]; 2976 int local_digest_nids[PK11_DIGEST_MAX]; 2977 2978 /* let's initialize the output parameter */ 2979 if (any_slot_found != NULL) 2980 *any_slot_found = 0; 2981 2982 /* Get slot list for memory allocation */ 2983 rv = pFuncList->C_GetSlotList(0, NULL_PTR, &ulSlotCount); 2984 2985 if (rv != CKR_OK) 2986 { 2987 PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); 2988 return (0); 2989 } 2990 2991 /* it's not an error if we didn't find any providers */ 2992 if (ulSlotCount == 0) 2993 { 2994 #ifdef DEBUG_SLOT_SELECTION 2995 fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG); 2996 #endif /* DEBUG_SLOT_SELECTION */ 2997 return (1); 2998 } 2999 3000 pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); 3001 3002 if (pSlotList == NULL) 3003 { 3004 PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE); 3005 return (0); 3006 } 3007 3008 /* Get the slot list for processing */ 3009 rv = pFuncList->C_GetSlotList(0, pSlotList, &ulSlotCount); 3010 if (rv != CKR_OK) 3011 { 3012 PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); 3013 OPENSSL_free(pSlotList); 3014 return (0); 3015 } 3016 3017 #ifdef DEBUG_SLOT_SELECTION 3018 fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME); 3019 fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount); 3020 3021 fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG); 3022 #endif /* DEBUG_SLOT_SELECTION */ 3023 for (i = 0; i < ulSlotCount; i++) 3024 { 3025 current_slot = pSlotList[i]; 3026 3027 #ifdef DEBUG_SLOT_SELECTION 3028 fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i); 3029 #endif /* DEBUG_SLOT_SELECTION */ 3030 /* Check if slot has random support. */ 3031 rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); 3032 if (rv != CKR_OK) 3033 continue; 3034 3035 #ifdef DEBUG_SLOT_SELECTION 3036 fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label); 3037 #endif /* DEBUG_SLOT_SELECTION */ 3038 3039 if (token_info.flags & CKF_RNG) 3040 { 3041 #ifdef DEBUG_SLOT_SELECTION 3042 fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG); 3043 #endif /* DEBUG_SLOT_SELECTION */ 3044 pk11_have_random = CK_TRUE; 3045 rand_SLOTID = current_slot; 3046 break; 3047 } 3048 } 3049 3050 #ifdef DEBUG_SLOT_SELECTION 3051 fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG); 3052 #endif /* DEBUG_SLOT_SELECTION */ 3053 3054 pubkey_SLOTID = pSlotList[0]; 3055 for (i = 0; i < ulSlotCount; i++) 3056 { 3057 CK_BBOOL slot_has_rsa = CK_FALSE; 3058 CK_BBOOL slot_has_dsa = CK_FALSE; 3059 CK_BBOOL slot_has_dh = CK_FALSE; 3060 current_slot = pSlotList[i]; 3061 3062 #ifdef DEBUG_SLOT_SELECTION 3063 fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i); 3064 #endif /* DEBUG_SLOT_SELECTION */ 3065 rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); 3066 if (rv != CKR_OK) 3067 continue; 3068 3069 #ifdef DEBUG_SLOT_SELECTION 3070 fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label); 3071 #endif /* DEBUG_SLOT_SELECTION */ 3072 3073 #ifndef OPENSSL_NO_RSA 3074 /* 3075 * Check if this slot is capable of signing and 3076 * verifying with CKM_RSA_PKCS. 3077 */ 3078 rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS, 3079 &mech_info); 3080 3081 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && 3082 (mech_info.flags & CKF_VERIFY))) 3083 { 3084 /* 3085 * Check if this slot is capable of encryption, 3086 * decryption, sign, and verify with CKM_RSA_X_509. 3087 */ 3088 rv = pFuncList->C_GetMechanismInfo(current_slot, 3089 CKM_RSA_X_509, &mech_info); 3090 3091 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && 3092 (mech_info.flags & CKF_VERIFY) && 3093 (mech_info.flags & CKF_ENCRYPT) && 3094 (mech_info.flags & CKF_VERIFY_RECOVER) && 3095 (mech_info.flags & CKF_DECRYPT))) 3096 { 3097 slot_has_rsa = CK_TRUE; 3098 } 3099 } 3100 #endif /* OPENSSL_NO_RSA */ 3101 3102 #ifndef OPENSSL_NO_DSA 3103 /* 3104 * Check if this slot is capable of signing and 3105 * verifying with CKM_DSA. 3106 */ 3107 rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA, 3108 &mech_info); 3109 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && 3110 (mech_info.flags & CKF_VERIFY))) 3111 { 3112 slot_has_dsa = CK_TRUE; 3113 } 3114 3115 #endif /* OPENSSL_NO_DSA */ 3116 3117 #ifndef OPENSSL_NO_DH 3118 /* 3119 * Check if this slot is capable of DH key generataion and 3120 * derivation. 3121 */ 3122 rv = pFuncList->C_GetMechanismInfo(current_slot, 3123 CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info); 3124 3125 if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR)) 3126 { 3127 rv = pFuncList->C_GetMechanismInfo(current_slot, 3128 CKM_DH_PKCS_DERIVE, &mech_info); 3129 if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE)) 3130 { 3131 slot_has_dh = CK_TRUE; 3132 } 3133 } 3134 #endif /* OPENSSL_NO_DH */ 3135 3136 if (!found_candidate_slot && 3137 (slot_has_rsa || slot_has_dsa || slot_has_dh)) 3138 { 3139 #ifdef DEBUG_SLOT_SELECTION 3140 fprintf(stderr, 3141 "%s: potential slot: %d\n", PK11_DBG, current_slot); 3142 #endif /* DEBUG_SLOT_SELECTION */ 3143 best_slot_sofar = current_slot; 3144 pk11_have_rsa = slot_has_rsa; 3145 pk11_have_dsa = slot_has_dsa; 3146 pk11_have_dh = slot_has_dh; 3147 found_candidate_slot = CK_TRUE; 3148 #ifdef DEBUG_SLOT_SELECTION 3149 fprintf(stderr, 3150 "%s: setting found_candidate_slot to CK_TRUE\n", 3151 PK11_DBG); 3152 fprintf(stderr, 3153 "%s: best so far slot: %d\n", PK11_DBG, 3154 best_slot_sofar); 3155 } 3156 else 3157 { 3158 fprintf(stderr, 3159 "%s: no rsa/dsa/dh\n", PK11_DBG); 3160 } 3161 #else 3162 } /* if */ 3163 #endif /* DEBUG_SLOT_SELECTION */ 3164 } /* for */ 3165 3166 if (found_candidate_slot) 3167 { 3168 pubkey_SLOTID = best_slot_sofar; 3169 } 3170 3171 found_candidate_slot = CK_FALSE; 3172 best_slot_sofar = 0; 3173 3174 #ifdef DEBUG_SLOT_SELECTION 3175 fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG); 3176 #endif /* DEBUG_SLOT_SELECTION */ 3177 3178 SLOTID = pSlotList[0]; 3179 for (i = 0; i < ulSlotCount; i++) 3180 { 3181 #ifdef DEBUG_SLOT_SELECTION 3182 fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i); 3183 #endif /* DEBUG_SLOT_SELECTION */ 3184 3185 current_slot = pSlotList[i]; 3186 current_slot_n_cipher = 0; 3187 current_slot_n_digest = 0; 3188 (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids)); 3189 (void) memset(local_digest_nids, 0, sizeof (local_digest_nids)); 3190 3191 pk11_find_symmetric_ciphers(pFuncList, current_slot, 3192 ¤t_slot_n_cipher, local_cipher_nids); 3193 3194 pk11_find_digests(pFuncList, current_slot, 3195 ¤t_slot_n_digest, local_digest_nids); 3196 3197 #ifdef DEBUG_SLOT_SELECTION 3198 fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG, 3199 current_slot_n_cipher); 3200 fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG, 3201 current_slot_n_digest); 3202 fprintf(stderr, "%s: best so far cipher/digest slot: %d\n", 3203 PK11_DBG, best_slot_sofar); 3204 #endif /* DEBUG_SLOT_SELECTION */ 3205 3206 /* 3207 * If the current slot supports more ciphers/digests than 3208 * the previous best one we change the current best to this one, 3209 * otherwise leave it where it is. 3210 */ 3211 if ((current_slot_n_cipher + current_slot_n_digest) > 3212 (slot_n_cipher + slot_n_digest)) 3213 { 3214 #ifdef DEBUG_SLOT_SELECTION 3215 fprintf(stderr, 3216 "%s: changing best so far slot to %d\n", 3217 PK11_DBG, current_slot); 3218 #endif /* DEBUG_SLOT_SELECTION */ 3219 best_slot_sofar = SLOTID = current_slot; 3220 cipher_count = slot_n_cipher = current_slot_n_cipher; 3221 digest_count = slot_n_digest = current_slot_n_digest; 3222 (void) memcpy(cipher_nids, local_cipher_nids, 3223 sizeof (local_cipher_nids)); 3224 (void) memcpy(digest_nids, local_digest_nids, 3225 sizeof (local_digest_nids)); 3226 } 3227 } 3228 3229 #ifdef DEBUG_SLOT_SELECTION 3230 fprintf(stderr, 3231 "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID); 3232 fprintf(stderr, 3233 "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID); 3234 fprintf(stderr, 3235 "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID); 3236 fprintf(stderr, 3237 "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa); 3238 fprintf(stderr, 3239 "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa); 3240 fprintf(stderr, 3241 "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh); 3242 fprintf(stderr, 3243 "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random); 3244 fprintf(stderr, 3245 "%s: cipher_count %d\n", PK11_DBG, cipher_count); 3246 fprintf(stderr, 3247 "%s: digest_count %d\n", PK11_DBG, digest_count); 3248 #endif /* DEBUG_SLOT_SELECTION */ 3249 3250 if (pSlotList != NULL) 3251 OPENSSL_free(pSlotList); 3252 3253 #ifdef SOLARIS_HW_SLOT_SELECTION 3254 OPENSSL_free(hw_cnids); 3255 OPENSSL_free(hw_dnids); 3256 #endif /* SOLARIS_HW_SLOT_SELECTION */ 3257 3258 if (any_slot_found != NULL) 3259 *any_slot_found = 1; 3260 return (1); 3261 } 3262 3263 static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist, 3264 int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, 3265 int *local_cipher_nids, int id) 3266 { 3267 CK_MECHANISM_INFO mech_info; 3268 CK_RV rv; 3269 3270 #ifdef DEBUG_SLOT_SELECTION 3271 fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech); 3272 #endif /* DEBUG_SLOT_SELECTION */ 3273 rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info); 3274 3275 if (rv != CKR_OK) 3276 { 3277 #ifdef DEBUG_SLOT_SELECTION 3278 fprintf(stderr, " not found\n"); 3279 #endif /* DEBUG_SLOT_SELECTION */ 3280 return; 3281 } 3282 3283 if ((mech_info.flags & CKF_ENCRYPT) && 3284 (mech_info.flags & CKF_DECRYPT)) 3285 { 3286 #ifdef SOLARIS_HW_SLOT_SELECTION 3287 if (nid_in_table(ciphers[id].nid, hw_cnids)) 3288 #endif /* SOLARIS_HW_SLOT_SELECTION */ 3289 { 3290 #ifdef DEBUG_SLOT_SELECTION 3291 fprintf(stderr, " usable\n"); 3292 #endif /* DEBUG_SLOT_SELECTION */ 3293 local_cipher_nids[(*current_slot_n_cipher)++] = 3294 ciphers[id].nid; 3295 } 3296 #ifdef SOLARIS_HW_SLOT_SELECTION 3297 #ifdef DEBUG_SLOT_SELECTION 3298 else 3299 { 3300 fprintf(stderr, " rejected, software implementation only\n"); 3301 } 3302 #endif /* DEBUG_SLOT_SELECTION */ 3303 #endif /* SOLARIS_HW_SLOT_SELECTION */ 3304 } 3305 #ifdef DEBUG_SLOT_SELECTION 3306 else 3307 { 3308 fprintf(stderr, " unusable\n"); 3309 } 3310 #endif /* DEBUG_SLOT_SELECTION */ 3311 3312 return; 3313 } 3314 3315 static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, 3316 CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids, 3317 int id) 3318 { 3319 CK_MECHANISM_INFO mech_info; 3320 CK_RV rv; 3321 3322 #ifdef DEBUG_SLOT_SELECTION 3323 fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech); 3324 #endif /* DEBUG_SLOT_SELECTION */ 3325 rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info); 3326 3327 if (rv != CKR_OK) 3328 { 3329 #ifdef DEBUG_SLOT_SELECTION 3330 fprintf(stderr, " not found\n"); 3331 #endif /* DEBUG_SLOT_SELECTION */ 3332 return; 3333 } 3334 3335 if (mech_info.flags & CKF_DIGEST) 3336 { 3337 #ifdef SOLARIS_HW_SLOT_SELECTION 3338 if (nid_in_table(digests[id].nid, hw_dnids)) 3339 #endif /* SOLARIS_HW_SLOT_SELECTION */ 3340 { 3341 #ifdef DEBUG_SLOT_SELECTION 3342 fprintf(stderr, " usable\n"); 3343 #endif /* DEBUG_SLOT_SELECTION */ 3344 local_digest_nids[(*current_slot_n_digest)++] = 3345 digests[id].nid; 3346 } 3347 #ifdef SOLARIS_HW_SLOT_SELECTION 3348 #ifdef DEBUG_SLOT_SELECTION 3349 else 3350 { 3351 fprintf(stderr, " rejected, software implementation only\n"); 3352 } 3353 #endif /* DEBUG_SLOT_SELECTION */ 3354 #endif /* SOLARIS_HW_SLOT_SELECTION */ 3355 } 3356 #ifdef DEBUG_SLOT_SELECTION 3357 else 3358 { 3359 fprintf(stderr, " unusable\n"); 3360 } 3361 #endif /* DEBUG_SLOT_SELECTION */ 3362 3363 return; 3364 } 3365 3366 #ifdef SOLARIS_AES_CTR 3367 /* create a new NID when we have no OID for that mechanism */ 3368 static int pk11_add_NID(char *sn, char *ln) 3369 { 3370 ASN1_OBJECT *o; 3371 int nid; 3372 3373 if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"", 3374 1, sn, ln)) == NULL) 3375 { 3376 return (0); 3377 } 3378 3379 /* will return NID_undef on error */ 3380 nid = OBJ_add_object(o); 3381 ASN1_OBJECT_free(o); 3382 3383 return (nid); 3384 } 3385 3386 /* 3387 * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we 3388 * have to help ourselves here. 3389 */ 3390 static int pk11_add_aes_ctr_NIDs(void) 3391 { 3392 /* are we already set? */ 3393 if (NID_aes_256_ctr != NID_undef) 3394 return (1); 3395 3396 /* 3397 * There are no official names for AES counter modes yet so we just 3398 * follow the format of those that exist. 3399 */ 3400 if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) == 3401 NID_undef) 3402 goto err; 3403 ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr; 3404 if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) == 3405 NID_undef) 3406 goto err; 3407 ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr; 3408 if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) == 3409 NID_undef) 3410 goto err; 3411 ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr; 3412 return (1); 3413 3414 err: 3415 PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED); 3416 return (0); 3417 } 3418 #endif /* SOLARIS_AES_CTR */ 3419 3420 /* Find what symmetric ciphers this slot supports. */ 3421 static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, 3422 CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids) 3423 { 3424 int i; 3425 3426 for (i = 0; i < PK11_CIPHER_MAX; ++i) 3427 { 3428 pk11_get_symmetric_cipher(pflist, current_slot, 3429 ciphers[i].mech_type, current_slot_n_cipher, 3430 local_cipher_nids, ciphers[i].id); 3431 } 3432 } 3433 3434 /* Find what digest algorithms this slot supports. */ 3435 static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, 3436 CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids) 3437 { 3438 int i; 3439 3440 for (i = 0; i < PK11_DIGEST_MAX; ++i) 3441 { 3442 pk11_get_digest(pflist, current_slot, digests[i].mech_type, 3443 current_slot_n_digest, local_digest_nids, digests[i].id); 3444 } 3445 } 3446 3447 #ifdef SOLARIS_HW_SLOT_SELECTION 3448 /* 3449 * It would be great if we could use pkcs11_kernel directly since this library 3450 * offers hardware slots only. That's the easiest way to achieve the situation 3451 * where we use the hardware accelerators when present and OpenSSL native code 3452 * otherwise. That presumes the fact that OpenSSL native code is faster than the 3453 * code in the soft token. It's a logical assumption - Crypto Framework has some 3454 * inherent overhead so going there for the software implementation of a 3455 * mechanism should be logically slower in contrast to the OpenSSL native code, 3456 * presuming that both implementations are of similar speed. For example, the 3457 * soft token for AES is roughly three times slower than OpenSSL for 64 byte 3458 * blocks and still 20% slower for 8KB blocks. So, if we want to ship products 3459 * that use the PKCS#11 engine by default, we must somehow avoid that regression 3460 * on machines without hardware acceleration. That's why switching to the 3461 * pkcs11_kernel library seems like a very good idea. 3462 * 3463 * The problem is that OpenSSL built with SunStudio is roughly 2x slower for 3464 * asymmetric operations (RSA/DSA/DH) than the soft token built with the same 3465 * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11 3466 * library, we would have had a performance regression on machines without 3467 * hardware acceleration for asymmetric operations for all applications that use 3468 * the PKCS#11 engine. There is one such application - Apache web server since 3469 * it's shipped configured to use the PKCS#11 engine by default. Having said 3470 * that, we can't switch to the pkcs11_kernel library now and have to come with 3471 * a solution that, on non-accelerated machines, uses the OpenSSL native code 3472 * for all symmetric ciphers and digests while it uses the soft token for 3473 * asymmetric operations. 3474 * 3475 * This is the idea: dlopen() pkcs11_kernel directly and find out what 3476 * mechanisms are there. We don't care about duplications (more slots can 3477 * support the same mechanism), we just want to know what mechanisms can be 3478 * possibly supported in hardware on that particular machine. As said before, 3479 * pkcs11_kernel will show you hardware providers only. 3480 * 3481 * Then, we rely on the fact that since we use libpkcs11 library we will find 3482 * the metaslot. When we go through the metaslot's mechanisms for symmetric 3483 * ciphers and digests, we check that any found mechanism is in the table 3484 * created using the pkcs11_kernel library. So, as a result we have two arrays 3485 * of mechanisms that were advertised as supported in hardware which was the 3486 * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token 3487 * code for symmetric ciphers and digests. See pk11_choose_slots() for more 3488 * information. 3489 * 3490 * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined 3491 * the code won't be used. 3492 */ 3493 #if defined(__sparcv9) || defined(__x86_64) || defined(__amd64) 3494 static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1"; 3495 #else 3496 static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1"; 3497 #endif 3498 3499 /* 3500 * Check hardware capabilities of the machines. The output are two lists, 3501 * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware 3502 * providers together. They are not sorted and may contain duplicate mechanisms. 3503 */ 3504 static int check_hw_mechanisms(void) 3505 { 3506 int i; 3507 CK_RV rv; 3508 void *handle; 3509 CK_C_GetFunctionList p; 3510 CK_TOKEN_INFO token_info; 3511 CK_ULONG ulSlotCount = 0; 3512 int n_cipher = 0, n_digest = 0; 3513 CK_FUNCTION_LIST_PTR pflist = NULL; 3514 CK_SLOT_ID_PTR pSlotList = NULL_PTR; 3515 int *tmp_hw_cnids, *tmp_hw_dnids; 3516 int hw_ctable_size, hw_dtable_size; 3517 3518 #ifdef DEBUG_SLOT_SELECTION 3519 fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n", 3520 PK11_DBG); 3521 #endif 3522 if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL) 3523 { 3524 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); 3525 goto err; 3526 } 3527 3528 if ((p = (CK_C_GetFunctionList)dlsym(handle, 3529 PK11_GET_FUNCTION_LIST)) == NULL) 3530 { 3531 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); 3532 goto err; 3533 } 3534 3535 /* get the full function list from the loaded library */ 3536 if (p(&pflist) != CKR_OK) 3537 { 3538 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); 3539 goto err; 3540 } 3541 3542 rv = pflist->C_Initialize(NULL_PTR); 3543 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) 3544 { 3545 PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS, 3546 PK11_R_INITIALIZE, rv); 3547 goto err; 3548 } 3549 3550 if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK) 3551 { 3552 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); 3553 goto err; 3554 } 3555 3556 /* no slots, set the hw mechanism tables as empty */ 3557 if (ulSlotCount == 0) 3558 { 3559 #ifdef DEBUG_SLOT_SELECTION 3560 fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG); 3561 #endif 3562 hw_cnids = OPENSSL_malloc(sizeof (int)); 3563 hw_dnids = OPENSSL_malloc(sizeof (int)); 3564 if (hw_cnids == NULL || hw_dnids == NULL) 3565 { 3566 PK11err(PK11_F_CHECK_HW_MECHANISMS, 3567 PK11_R_MALLOC_FAILURE); 3568 return (0); 3569 } 3570 /* this means empty tables */ 3571 hw_cnids[0] = NID_undef; 3572 hw_dnids[0] = NID_undef; 3573 return (1); 3574 } 3575 3576 pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); 3577 if (pSlotList == NULL) 3578 { 3579 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); 3580 goto err; 3581 } 3582 3583 /* Get the slot list for processing */ 3584 if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK) 3585 { 3586 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); 3587 goto err; 3588 } 3589 3590 /* 3591 * We don't care about duplicit mechanisms in multiple slots and also 3592 * reserve one slot for the terminal NID_undef which we use to stop the 3593 * search. 3594 */ 3595 hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1; 3596 hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1; 3597 tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int)); 3598 tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int)); 3599 if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL) 3600 { 3601 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); 3602 goto err; 3603 } 3604 3605 /* 3606 * Do not use memset since we should not rely on the fact that NID_undef 3607 * is zero now. 3608 */ 3609 for (i = 0; i < hw_ctable_size; ++i) 3610 tmp_hw_cnids[i] = NID_undef; 3611 for (i = 0; i < hw_dtable_size; ++i) 3612 tmp_hw_dnids[i] = NID_undef; 3613 3614 #ifdef DEBUG_SLOT_SELECTION 3615 fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel); 3616 fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount); 3617 fprintf(stderr, "%s: now looking for mechs supported in hw\n", 3618 PK11_DBG); 3619 #endif /* DEBUG_SLOT_SELECTION */ 3620 3621 for (i = 0; i < ulSlotCount; i++) 3622 { 3623 if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK) 3624 continue; 3625 3626 #ifdef DEBUG_SLOT_SELECTION 3627 fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label); 3628 #endif /* DEBUG_SLOT_SELECTION */ 3629 3630 /* 3631 * We are filling the hw mech tables here. Global tables are 3632 * still NULL so all mechanisms are put into tmp tables. 3633 */ 3634 pk11_find_symmetric_ciphers(pflist, pSlotList[i], 3635 &n_cipher, tmp_hw_cnids); 3636 pk11_find_digests(pflist, pSlotList[i], 3637 &n_digest, tmp_hw_dnids); 3638 } 3639 3640 /* 3641 * Since we are part of a library (libcrypto.so), calling this function 3642 * may have side-effects. Also, C_Finalize() is triggered by 3643 * dlclose(3C). 3644 */ 3645 #if 0 3646 pflist->C_Finalize(NULL); 3647 #endif 3648 OPENSSL_free(pSlotList); 3649 (void) dlclose(handle); 3650 hw_cnids = tmp_hw_cnids; 3651 hw_dnids = tmp_hw_dnids; 3652 3653 #ifdef DEBUG_SLOT_SELECTION 3654 fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG); 3655 #endif /* DEBUG_SLOT_SELECTION */ 3656 return (1); 3657 3658 err: 3659 if (pSlotList != NULL) 3660 OPENSSL_free(pSlotList); 3661 if (tmp_hw_cnids != NULL) 3662 OPENSSL_free(tmp_hw_cnids); 3663 if (tmp_hw_dnids != NULL) 3664 OPENSSL_free(tmp_hw_dnids); 3665 3666 return (0); 3667 } 3668 3669 /* 3670 * Check presence of a NID in the table of NIDs. The table may be NULL (i.e., 3671 * non-existent). 3672 */ 3673 static int nid_in_table(int nid, int *nid_table) 3674 { 3675 int i = 0; 3676 3677 /* 3678 * a special case. NULL means that we are initializing a new 3679 * table. 3680 */ 3681 if (nid_table == NULL) 3682 return (1); 3683 3684 /* 3685 * the table is never full, there is always at least one 3686 * NID_undef. 3687 */ 3688 while (nid_table[i] != NID_undef) 3689 { 3690 if (nid_table[i++] == nid) 3691 { 3692 #ifdef DEBUG_SLOT_SELECTION 3693 fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i); 3694 #endif /* DEBUG_SLOT_SELECTION */ 3695 return (1); 3696 } 3697 } 3698 3699 return (0); 3700 } 3701 #endif /* SOLARIS_HW_SLOT_SELECTION */ 3702 3703 #endif /* OPENSSL_NO_HW_PK11 */ 3704 #endif /* OPENSSL_NO_HW */ 3705
Indexes created Wed Feb 10 09:32:22 UTC 2010
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Site Map |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2010, Oracle Corporation and/or its affiliates
