summaryrefslogtreecommitdiffstats
path: root/crypto/engine
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2001-04-26 17:45:12 +0200
committerRichard Levitte <levitte@openssl.org>2001-04-26 17:45:12 +0200
commit9e78e6c3f842f9a7808c22bda177e99dd66fed12 (patch)
treebae73c6e3fd544eaeb86d473acd3fc7ba49c2740 /crypto/engine
parentengine.h includes all the needed header files, so don't do it again (diff)
downloadopenssl-9e78e6c3f842f9a7808c22bda177e99dd66fed12.tar.xz
openssl-9e78e6c3f842f9a7808c22bda177e99dd66fed12.zip
Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable
appropriate code if any of them is defined.
Diffstat (limited to 'crypto/engine')
-rw-r--r--crypto/engine/engine.h22
-rw-r--r--crypto/engine/engine_err.c5
-rw-r--r--crypto/engine/engine_lib.c42
-rw-r--r--crypto/engine/engine_list.c18
-rw-r--r--crypto/engine/engine_openssl.c11
-rw-r--r--crypto/engine/hw_atalla.c38
-rw-r--r--crypto/engine/hw_cswift.c32
-rw-r--r--crypto/engine/hw_ncipher.c94
-rw-r--r--crypto/engine/hw_nuron.c30
-rw-r--r--crypto/engine/hw_ubsec.c94
10 files changed, 363 insertions, 23 deletions
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 48300fe769..a85cfff87b 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -60,9 +60,15 @@
#define HEADER_ENGINE_H
#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
+#endif
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/symhacks.h>
@@ -71,6 +77,17 @@
extern "C" {
#endif
+/* Fixups for missing algorithms */
+#ifdef OPENSSL_NO_RSA
+typedef void RSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DSA
+typedef void DSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DH
+typedef void DH_METHOD;
+#endif
+
/* These flags are used to control combinations of algorithm (methods)
* by bitwise "OR"ing. */
#define ENGINE_METHOD_RSA (unsigned int)0x0001
@@ -442,6 +459,7 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
#define ENGINE_F_ENGINE_FINISH 107
#define ENGINE_F_ENGINE_FREE 108
+#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
#define ENGINE_F_ENGINE_GET_NEXT 115
#define ENGINE_F_ENGINE_GET_PREV 116
#define ENGINE_F_ENGINE_INIT 119
@@ -492,6 +510,8 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
#define ENGINE_R_CONFLICTING_ENGINE_ID 103
#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
+#define ENGINE_R_DH_NOT_IMPLEMENTED 139
+#define ENGINE_R_DSA_NOT_IMPLEMENTED 140
#define ENGINE_R_DSO_FAILURE 104
#define ENGINE_R_DSO_FUNCTION_NOT_FOUND 131
#define ENGINE_R_DSO_NOT_FOUND 132
@@ -515,9 +535,11 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_R_NO_REFERENCE 130
#define ENGINE_R_NO_SUCH_ENGINE 116
#define ENGINE_R_NO_UNLOAD_FUNCTION 126
+#define ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED 142
#define ENGINE_R_PROVIDE_PARAMETERS 113
#define ENGINE_R_REQUEST_FAILED 114
#define ENGINE_R_REQUEST_FALLBACK 118
+#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122
#define ENGINE_R_UNIT_FAILURE 115
diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c
index 24202a1bee..33e1ede2db 100644
--- a/crypto/engine/engine_err.c
+++ b/crypto/engine/engine_err.c
@@ -86,6 +86,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"},
{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
@@ -139,6 +140,8 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"},
{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
+{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"},
+{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"},
{ENGINE_R_DSO_FAILURE ,"DSO failure"},
{ENGINE_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"},
{ENGINE_R_DSO_NOT_FOUND ,"dso not found"},
@@ -162,9 +165,11 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
{ENGINE_R_NO_REFERENCE ,"no reference"},
{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
+{ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
{ENGINE_R_REQUEST_FAILED ,"request failed"},
{ENGINE_R_REQUEST_FALLBACK ,"request fallback"},
+{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"},
{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
{ENGINE_R_UNIT_FAILURE ,"unit failure"},
{0,NULL}
diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c
index eb9f2c4daa..ef94227e04 100644
--- a/crypto/engine/engine_lib.c
+++ b/crypto/engine/engine_lib.c
@@ -67,9 +67,15 @@
* reference and the caller is responsible for freeing that when they
* are finished with it (with a call to ENGINE_finish() *NOT* just
* ENGINE_free()!!!!!!). */
+#ifndef OPENSSL_NO_RSA
static ENGINE *engine_def_rsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
static ENGINE *engine_def_dsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DH
static ENGINE *engine_def_dh = NULL;
+#endif
static ENGINE *engine_def_rand = NULL;
static ENGINE *engine_def_bn_mod_exp = NULL;
static ENGINE *engine_def_bn_mod_exp_crt = NULL;
@@ -125,9 +131,15 @@ static void engine_def_check(void)
goto skip_set_defaults;
/* OK, we got a functional reference, so we get one each
* for the defaults too. */
+#ifndef OPENSSL_NO_RSA
engine_def_check_util(&engine_def_rsa, e);
+#endif
+#ifndef OPENSSL_NO_RSA
engine_def_check_util(&engine_def_dsa, e);
+#endif
+#ifndef OPENSSL_NO_DH
engine_def_check_util(&engine_def_dh, e);
+#endif
engine_def_check_util(&engine_def_rand, e);
engine_def_check_util(&engine_def_bn_mod_exp, e);
engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
@@ -590,12 +602,18 @@ static ENGINE *engine_get_default_type(ENGINE_TYPE t)
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
+#ifndef OPENSSL_NO_RSA
case ENGINE_TYPE_RSA:
ret = engine_def_rsa; break;
+#endif
+#ifndef OPENSSL_NO_DSA
case ENGINE_TYPE_DSA:
ret = engine_def_dsa; break;
+#endif
+#ifndef OPENSSL_NO_DH
case ENGINE_TYPE_DH:
ret = engine_def_dh; break;
+#endif
case ENGINE_TYPE_RAND:
ret = engine_def_rand; break;
case ENGINE_TYPE_BN_MOD_EXP:
@@ -615,20 +633,26 @@ static ENGINE *engine_get_default_type(ENGINE_TYPE t)
return ret;
}
+#ifndef OPENSSL_NO_RSA
ENGINE *ENGINE_get_default_RSA(void)
{
return engine_get_default_type(ENGINE_TYPE_RSA);
}
+#endif
+#ifndef OPENSSL_NO_DSA
ENGINE *ENGINE_get_default_DSA(void)
{
return engine_get_default_type(ENGINE_TYPE_DSA);
}
+#endif
+#ifndef OPENSSL_NO_DH
ENGINE *ENGINE_get_default_DH(void)
{
return engine_get_default_type(ENGINE_TYPE_DH);
}
+#endif
ENGINE *ENGINE_get_default_RAND(void)
{
@@ -671,15 +695,21 @@ static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
+#ifndef OPENSSL_NO_RSA
case ENGINE_TYPE_RSA:
old = engine_def_rsa;
engine_def_rsa = e; break;
+#endif
+#ifndef OPENSSL_NO_DSA
case ENGINE_TYPE_DSA:
old = engine_def_dsa;
engine_def_dsa = e; break;
+#endif
+#ifndef OPENSSL_NO_DH
case ENGINE_TYPE_DH:
old = engine_def_dh;
engine_def_dh = e; break;
+#endif
case ENGINE_TYPE_RAND:
old = engine_def_rand;
engine_def_rand = e; break;
@@ -702,20 +732,26 @@ static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
return 1;
}
+#ifndef OPENSSL_NO_RSA
int ENGINE_set_default_RSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_RSA, e);
}
+#endif
+#ifndef OPENSSL_NO_DSA
int ENGINE_set_default_DSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DSA, e);
}
+#endif
+#ifndef OPENSSL_NO_DH
int ENGINE_set_default_DH(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DH, e);
}
+#endif
int ENGINE_set_default_RAND(ENGINE *e)
{
@@ -734,15 +770,21 @@ int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
int ENGINE_set_default(ENGINE *e, unsigned int flags)
{
+#ifndef OPENSSL_NO_RSA
if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
!ENGINE_set_default_RSA(e))
return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
!ENGINE_set_default_DSA(e))
return 0;
+#endif
+#ifndef OPENSSL_NO_DH
if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
!ENGINE_set_default_DH(e))
return 0;
+#endif
if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
!ENGINE_set_default_RAND(e))
return 0;
diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c
index 530207e8a6..cc57e658ab 100644
--- a/crypto/engine/engine_list.c
+++ b/crypto/engine/engine_list.c
@@ -402,20 +402,32 @@ int ENGINE_set_name(ENGINE *e, const char *name)
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
{
+#ifndef OPENSSL_NO_RSA
e->rsa_meth = rsa_meth;
return 1;
+#else
+ return 0;
+#endif
}
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
{
+#ifndef OPENSSL_NO_DSA
e->dsa_meth = dsa_meth;
return 1;
+#else
+ return 0;
+#endif
}
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
{
+#ifndef OPENSSL_NO_DH
e->dh_meth = dh_meth;
return 1;
+#else
+ return 0;
+#endif
}
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
@@ -482,9 +494,15 @@ int ENGINE_cpy(ENGINE *dest, const ENGINE *src)
{
if(ENGINE_set_id(dest, ENGINE_get_id(src)) &&
ENGINE_set_name(dest, ENGINE_get_name(src)) &&
+#ifndef OPENSSL_NO_RSA
ENGINE_set_RSA(dest, ENGINE_get_RSA(src)) &&
+#endif
+#ifndef OPENSSL_NO_RSA
ENGINE_set_DSA(dest, ENGINE_get_DSA(src)) &&
+#endif
+#ifndef OPENSSL_NO_RSA
ENGINE_set_DH(dest, ENGINE_get_DH(src)) &&
+#endif
ENGINE_set_RAND(dest, ENGINE_get_RAND(src)) &&
ENGINE_set_BN_mod_exp(dest,
ENGINE_get_BN_mod_exp(src)) &&
diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c
index 35cfd2354a..cd885c0409 100644
--- a/crypto/engine/engine_openssl.c
+++ b/crypto/engine/engine_openssl.c
@@ -62,11 +62,6 @@
#include "cryptlib.h"
#include <openssl/engine.h>
#include <openssl/dso.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
/* This is the only function we need to implement as OpenSSL
* doesn't have a native CRT mod_exp. Perhaps this should be
@@ -88,9 +83,15 @@ ENGINE *ENGINE_openssl()
return NULL;
if(!ENGINE_set_id(ret, engine_openssl_id) ||
!ENGINE_set_name(ret, engine_openssl_name) ||
+#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) ||
+#endif
+#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) ||
+#endif
+#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, DH_get_default_openssl_method()) ||
+#endif
!ENGINE_set_RAND(ret, RAND_SSLeay()) ||
!ENGINE_set_BN_mod_exp(ret, BN_mod_exp) ||
!ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt))
diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c
index 8bf702aac0..5deb2c4382 100644
--- a/crypto/engine/hw_atalla.c
+++ b/crypto/engine/hw_atalla.c
@@ -79,12 +79,15 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
/* DSA stuff */
static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
@@ -92,12 +95,15 @@ static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
+#endif
+#ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
/* The definitions for control commands specific to this engine */
#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
@@ -109,6 +115,7 @@ static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
{0, NULL, NULL, 0}
};
+#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD atalla_rsa =
{
@@ -126,7 +133,9 @@ static RSA_METHOD atalla_rsa =
NULL,
NULL
};
+#endif
+#ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD atalla_dsa =
{
@@ -141,7 +150,9 @@ static DSA_METHOD atalla_dsa =
0, /* flags */
NULL /* app_data */
};
+#endif
+#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD atalla_dh =
{
@@ -154,6 +165,7 @@ static DH_METHOD atalla_dh =
0,
NULL
};
+#endif
/* Constants used when creating the ENGINE */
static const char *engine_atalla_id = "atalla";
@@ -163,17 +175,29 @@ static const char *engine_atalla_name = "Atalla hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_atalla()
{
+#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
+#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_atalla_id) ||
!ENGINE_set_name(ret, engine_atalla_name) ||
+#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &atalla_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &atalla_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &atalla_dh) ||
+#endif
!ENGINE_set_BN_mod_exp(ret, atalla_mod_exp) ||
!ENGINE_set_init_function(ret, atalla_init) ||
!ENGINE_set_finish_function(ret, atalla_finish) ||
@@ -184,6 +208,7 @@ ENGINE *ENGINE_atalla()
return NULL;
}
+#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the atalla-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@@ -196,18 +221,23 @@ ENGINE *ENGINE_atalla()
atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+#endif
+#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
atalla_dh.generate_key = meth3->generate_key;
atalla_dh.compute_key = meth3->compute_key;
+#endif
return ret;
}
@@ -405,6 +435,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
goto err;
}
+
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, numbytes, r);
to_return = 1;
@@ -413,6 +444,7 @@ err:
return to_return;
}
+#ifndef OPENSSL_NO_RSA
static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx = NULL;
@@ -436,7 +468,9 @@ err:
BN_CTX_free(ctx);
return to_return;
}
+#endif
+#ifndef OPENSSL_NO_DSA
/* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
* (it doesn't have a CRT form for RSA), this function means that an
@@ -464,13 +498,13 @@ end:
return to_return;
}
-
static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return atalla_mod_exp(r, a, p, m, ctx);
}
+#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -479,6 +513,7 @@ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return atalla_mod_exp(r, a, p, m, ctx);
}
+#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
@@ -486,6 +521,7 @@ static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
{
return atalla_mod_exp(r, a, p, m, ctx);
}
+#endif
#endif /* !OPENSSL_NO_HW_ATALLA */
#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c
index 15983525e1..5471dbe501 100644
--- a/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
@@ -94,22 +94,28 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
/* DSA stuff */
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
/* The definitions for control commands specific to this engine */
#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
@@ -121,6 +127,7 @@ static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
{0, NULL, NULL, 0}
};
+#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD cswift_rsa =
{
@@ -138,7 +145,9 @@ static RSA_METHOD cswift_rsa =
NULL,
NULL
};
+#endif
+#ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD cswift_dsa =
{
@@ -153,7 +162,9 @@ static DSA_METHOD cswift_dsa =
0, /* flags */
NULL /* app_data */
};
+#endif
+#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD cswift_dh =
{
@@ -166,6 +177,7 @@ static DH_METHOD cswift_dh =
0,
NULL
};
+#endif
/* Constants used when creating the ENGINE */
static const char *engine_cswift_id = "cswift";
@@ -175,16 +187,26 @@ static const char *engine_cswift_name = "CryptoSwift hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_cswift()
{
+#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
+#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_cswift_id) ||
!ENGINE_set_name(ret, engine_cswift_name) ||
+#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &cswift_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &cswift_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &cswift_dh) ||
+#endif
!ENGINE_set_BN_mod_exp(ret, &cswift_mod_exp) ||
!ENGINE_set_BN_mod_exp_crt(ret, &cswift_mod_exp_crt) ||
!ENGINE_set_init_function(ret, cswift_init) ||
@@ -196,6 +218,7 @@ ENGINE *ENGINE_cswift()
return NULL;
}
+#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@@ -208,11 +231,14 @@ ENGINE *ENGINE_cswift()
cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth2 = DH_OpenSSL();
cswift_dh.generate_key = meth2->generate_key;
cswift_dh.compute_key = meth2->compute_key;
+#endif
return ret;
}
@@ -572,6 +598,7 @@ err:
return to_return;
}
+#ifndef OPENSSL_NO_RSA
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
@@ -591,6 +618,7 @@ err:
BN_CTX_free(ctx);
return to_return;
}
+#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -599,6 +627,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return cswift_mod_exp(r, a, p, m, ctx);
}
+#ifndef OPENSSL_NO_DSA
static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
SW_CONTEXT_HANDLE hac;
@@ -823,7 +852,9 @@ err:
}
return to_return;
}
+#endif
+#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
@@ -831,6 +862,7 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
{
return cswift_mod_exp(r, a, p, m, ctx);
}
+#endif
#endif /* !OPENSSL_NO_HW_CSWIFT */
#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c
index dc645d554b..597471ff58 100644
--- a/crypto/engine/hw_ncipher.c
+++ b/crypto/engine/hw_ncipher.c
@@ -95,8 +95,10 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
+#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
@@ -146,6 +148,7 @@ static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
{0, NULL, NULL, 0}
};
+#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD hwcrhk_rsa =
{
@@ -163,7 +166,9 @@ static RSA_METHOD hwcrhk_rsa =
NULL,
NULL
};
+#endif
+#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD hwcrhk_dh =
{
@@ -176,6 +181,7 @@ static DH_METHOD hwcrhk_dh =
0,
NULL
};
+#endif
static RAND_METHOD hwcrhk_rand =
{
@@ -294,15 +300,23 @@ static HWCryptoHook_InitInfo hwcrhk_globals = {
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_ncipher()
{
+#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
+#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_hwcrhk_id) ||
!ENGINE_set_name(ret, engine_hwcrhk_name) ||
+#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &hwcrhk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &hwcrhk_dh) ||
+#endif
!ENGINE_set_RAND(ret, &hwcrhk_rand) ||
!ENGINE_set_BN_mod_exp(ret, hwcrhk_mod_exp) ||
!ENGINE_set_init_function(ret, hwcrhk_init) ||
@@ -316,6 +330,7 @@ ENGINE *ENGINE_ncipher()
return NULL;
}
+#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@@ -328,11 +343,14 @@ ENGINE *ENGINE_ncipher()
hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth2 = DH_OpenSSL();
hwcrhk_dh.generate_key = meth2->generate_key;
hwcrhk_dh.compute_key = meth2->compute_key;
+#endif
return ret;
}
@@ -343,18 +361,24 @@ ENGINE *ENGINE_ncipher()
* implicitly. */
static DSO *hwcrhk_dso = NULL;
static HWCryptoHook_ContextHandle hwcrhk_context = 0;
-static int hndidx = -1; /* Index for KM handle. Not really used yet. */
+#ifndef OPENSSL_NO_RSA
+static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
+#endif
/* These are the function pointers that are (un)set when the library has
* successfully (un)loaded. */
static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+#endif
static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+#ifndef OPENSSL_NO_RSA
static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+#endif
static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
/* Used in the DSO operations. */
@@ -363,11 +387,15 @@ static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME;
static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+#ifndef OPENSSL_NO_RSA
static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+#endif
static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+#ifndef OPENSSL_NO_RSA
static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+#endif
static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
/* HWCryptoHook library functions and mechanics - these are used by the
@@ -403,10 +431,12 @@ static int hwcrhk_init(ENGINE *e)
HWCryptoHook_Init_t *p1;
HWCryptoHook_Finish_t *p2;
HWCryptoHook_ModExp_t *p3;
+#ifndef OPENSSL_NO_RSA
HWCryptoHook_RSA_t *p4;
HWCryptoHook_RSALoadKey_t *p5;
HWCryptoHook_RSAGetPublicKey_t *p6;
HWCryptoHook_RSAUnloadKey_t *p7;
+#endif
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
@@ -428,6 +458,7 @@ static int hwcrhk_init(ENGINE *e)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
!(p3 = (HWCryptoHook_ModExp_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+#ifndef OPENSSL_NO_RSA
!(p4 = (HWCryptoHook_RSA_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
!(p5 = (HWCryptoHook_RSALoadKey_t *)
@@ -436,6 +467,7 @@ static int hwcrhk_init(ENGINE *e)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+#endif
!(p8 = (HWCryptoHook_RandomBytes_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
!(p9 = (HWCryptoHook_ModExpCRT_t *)
@@ -448,10 +480,12 @@ static int hwcrhk_init(ENGINE *e)
p_hwcrhk_Init = p1;
p_hwcrhk_Finish = p2;
p_hwcrhk_ModExp = p3;
+#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = p4;
p_hwcrhk_RSALoadKey = p5;
p_hwcrhk_RSAGetPublicKey = p6;
p_hwcrhk_RSAUnloadKey = p7;
+#endif
p_hwcrhk_RandomBytes = p8;
p_hwcrhk_ModExpCRT = p9;
@@ -476,10 +510,12 @@ static int hwcrhk_init(ENGINE *e)
goto err;
}
/* Everything's fine. */
- if (hndidx == -1)
- hndidx = RSA_get_ex_new_index(0,
+#ifndef OPENSSL_NO_RSA
+ if (hndidx_rsa == -1)
+ hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, hwcrhk_ex_free);
+#endif
return 1;
err:
if(hwcrhk_dso)
@@ -488,10 +524,12 @@ err:
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = NULL;
p_hwcrhk_RSALoadKey = NULL;
p_hwcrhk_RSAGetPublicKey = NULL;
p_hwcrhk_RSAUnloadKey = NULL;
+#endif
p_hwcrhk_ModExpCRT = NULL;
p_hwcrhk_RandomBytes = NULL;
return 0;
@@ -520,10 +558,12 @@ static int hwcrhk_finish(ENGINE *e)
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = NULL;
p_hwcrhk_RSALoadKey = NULL;
p_hwcrhk_RSAGetPublicKey = NULL;
p_hwcrhk_RSAUnloadKey = NULL;
+#endif
p_hwcrhk_ModExpCRT = NULL;
p_hwcrhk_RandomBytes = NULL;
return to_return;
@@ -613,11 +653,17 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
const char *passphrase)
{
+#ifndef OPENSSL_NO_RSA
RSA *rtmp = NULL;
+#endif
EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
HWCryptoHook_MPI e, n;
HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
HWCryptoHook_ErrMsgBuf rmsg;
+#endif
if(!hwcrhk_context)
{
@@ -625,6 +671,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
ENGINE_R_NOT_INITIALISED);
goto err;
}
+#ifndef OPENSSL_NO_RSA
hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
if (!hptr)
{
@@ -646,8 +693,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
ENGINE_R_NO_KEY);
goto err;
}
+#endif
+#ifndef OPENSSL_NO_RSA
rtmp = RSA_new_method(eng);
- RSA_set_ex_data(rtmp, hndidx, (char *)hptr);
+ RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
rtmp->e = BN_new();
rtmp->n = BN_new();
rtmp->flags |= RSA_FLAG_EXT_PKEY;
@@ -660,7 +709,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
ERR_add_error_data(1,rmsg.buf);
goto err;
}
-
+
bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
MPI2BN(rtmp->e, e);
@@ -680,24 +729,36 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rtmp);
+#endif
+
+ if (!res)
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
+ ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
return res;
err:
if (res)
EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
if (rtmp)
RSA_free(rtmp);
+#endif
return NULL;
}
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
const char *passphrase)
{
- EVP_PKEY *res = hwcrhk_load_privkey(eng, key_id, passphrase);
+ EVP_PKEY *res = NULL;
+
+#ifndef OPENSSL_NO_RSA
+ res = hwcrhk_load_privkey(eng, key_id, passphrase);
+#endif
if (res)
switch(res->type)
{
+#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
{
RSA *rsa = NULL;
@@ -710,6 +771,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
RSA_free(rsa);
}
+#endif
default:
ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
@@ -779,7 +841,8 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
err:
return to_return;
}
-
+
+#ifndef OPENSSL_NO_RSA
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
{
char tempbuf[1024];
@@ -796,7 +859,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
/* This provides support for nForce keys. Since that's opaque data
all we do is provide a handle to the proper key and let HWCryptoHook
take care of the rest. */
- if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx))
+ if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
!= NULL)
{
HWCryptoHook_MPI m_a, m_r;
@@ -894,6 +957,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
err:
return to_return;
}
+#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -961,16 +1025,24 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
{
char tempbuf[1024];
HWCryptoHook_ErrMsgBuf rmsg;
+#ifndef OPENSSL_NO_RSA
HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
int ret;
+#endif
rmsg.buf = tempbuf;
rmsg.size = 1024;
+#ifndef OPENSSL_NO_RSA
hptr = (HWCryptoHook_RSAKeyHandle *) item;
- if(!hptr) return;
- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
- OPENSSL_free(hptr);
+ if(hptr)
+ {
+ ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+ OPENSSL_free(hptr);
+ }
+#endif
}
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
diff --git a/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c
index d5697dade6..06eafa7176 100644
--- a/crypto/engine/hw_nuron.c
+++ b/crypto/engine/hw_nuron.c
@@ -164,11 +164,14 @@ static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
return pfnModExp(r,a,p,m);
}
+#ifndef OPENSSL_NO_RSA
static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
}
+#endif
+#ifndef OPENSSL_NO_DSA
/* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
* (it doesn't have a CRT form for RSA), this function means that an
@@ -206,6 +209,7 @@ static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
{
return nuron_mod_exp(r, a, p, m, ctx);
}
+#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -214,6 +218,7 @@ static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return nuron_mod_exp(r, a, p, m, ctx);
}
+#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
@@ -221,7 +226,9 @@ static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
{
return nuron_mod_exp(r, a, p, m, ctx);
}
+#endif
+#ifndef OPENSSL_NO_RSA
static RSA_METHOD nuron_rsa =
{
"Nuron RSA method",
@@ -238,7 +245,9 @@ static RSA_METHOD nuron_rsa =
NULL,
NULL
};
+#endif
+#ifndef OPENSSL_NO_DSA
static DSA_METHOD nuron_dsa =
{
"Nuron DSA method",
@@ -252,7 +261,9 @@ static DSA_METHOD nuron_dsa =
0, /* flags */
NULL /* app_data */
};
+#endif
+#ifndef OPENSSL_NO_DH
static DH_METHOD nuron_dh =
{
"Nuron DH method",
@@ -264,6 +275,7 @@ static DH_METHOD nuron_dh =
0,
NULL
};
+#endif
/* Constants used when creating the ENGINE */
static const char *engine_nuron_id = "nuron";
@@ -273,17 +285,29 @@ static const char *engine_nuron_name = "Nuron hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_nuron()
{
+#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
+#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_nuron_id) ||
!ENGINE_set_name(ret, engine_nuron_name) ||
+#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &nuron_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &nuron_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &nuron_dh) ||
+#endif
!ENGINE_set_BN_mod_exp(ret, nuron_mod_exp) ||
!ENGINE_set_init_function(ret, nuron_init) ||
!ENGINE_set_finish_function(ret, nuron_finish) ||
@@ -294,6 +318,7 @@ ENGINE *ENGINE_nuron()
return NULL;
}
+#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the nuron-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@@ -306,18 +331,23 @@ ENGINE *ENGINE_nuron()
nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2=DSA_OpenSSL();
nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
+#endif
+#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3=DH_OpenSSL();
nuron_dh.generate_key=meth3->generate_key;
nuron_dh.compute_key=meth3->compute_key;
+#endif
return ret;
}
diff --git a/crypto/engine/hw_ubsec.c b/crypto/engine/hw_ubsec.c
index d948135568..ca14d36c76 100644
--- a/crypto/engine/hw_ubsec.c
+++ b/crypto/engine/hw_ubsec.c
@@ -81,9 +81,12 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dp,
const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
#if NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
@@ -95,11 +98,14 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
static int ubsec_dh_generate_key(DH *dh);
+#endif
#if NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num);
@@ -115,8 +121,8 @@ static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
{0, NULL, NULL, 0}
};
+#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-
static RSA_METHOD ubsec_rsa =
{
"UBSEC RSA method",
@@ -133,7 +139,9 @@ static RSA_METHOD ubsec_rsa =
NULL,
NULL
};
+#endif
+#ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD ubsec_dsa =
{
@@ -148,7 +156,9 @@ static DSA_METHOD ubsec_dsa =
0, /* flags */
NULL /* app_data */
};
+#endif
+#ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD ubsec_dh =
{
@@ -161,6 +171,7 @@ static DH_METHOD ubsec_dh =
0,
NULL
};
+#endif
/* Constants used when creating the ENGINE */
static const char *engine_ubsec_id = "ubsec";
@@ -170,18 +181,28 @@ static const char *engine_ubsec_name = "UBSEC hardware engine support";
* (indeed - the lock will already be held by our caller!!!) */
ENGINE *ENGINE_ubsec()
{
+#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
#ifndef HAVE_UBSEC_DH
const DH_METHOD *meth3;
#endif /* HAVE_UBSEC_DH */
+#endif
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!ENGINE_set_id(ret, engine_ubsec_id) ||
!ENGINE_set_name(ret, engine_ubsec_name) ||
+#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(ret, &ubsec_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(ret, &ubsec_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(ret, &ubsec_dh) ||
+#endif
!ENGINE_set_BN_mod_exp(ret, ubsec_mod_exp) ||
!ENGINE_set_BN_mod_exp_crt(ret, ubsec_mod_exp_crt) ||
!ENGINE_set_init_function(ret, ubsec_init) ||
@@ -193,6 +214,7 @@ ENGINE *ENGINE_ubsec()
return NULL;
}
+#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the Broadcom-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
@@ -205,13 +227,16 @@ ENGINE *ENGINE_ubsec()
ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DH
#ifndef HAVE_UBSEC_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
ubsec_dh.generate_key = meth3->generate_key;
ubsec_dh.compute_key = meth3->compute_key;
#endif /* HAVE_UBSEC_DH */
+#endif
return ret;
}
@@ -231,13 +256,19 @@ static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
static t_UBSEC_diffie_hellman_generate_ioctl
*p_UBSEC_diffie_hellman_generate_ioctl = NULL;
static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
@@ -251,12 +282,18 @@ static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
static const char *UBSEC_F3 = "ubsec_open";
static const char *UBSEC_F4 = "ubsec_close";
+#ifndef OPENSSL_NO_DH
static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
+#endif
+/* #ifndef OPENSSL_NO_RSA */
static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
+/* #endif */
+#ifndef OPENSSL_NO_DSA
static const char *UBSEC_F9 = "dsa_sign_ioctl";
static const char *UBSEC_F10 = "dsa_verify_ioctl";
+#endif
static const char *UBSEC_F11 = "math_accelerate_ioctl";
static const char *UBSEC_F12 = "rng_ioctl";
@@ -267,12 +304,18 @@ static int ubsec_init(ENGINE *e)
t_UBSEC_ubsec_bits_to_bytes *p2;
t_UBSEC_ubsec_open *p3;
t_UBSEC_ubsec_close *p4;
+#ifndef OPENSSL_NO_DH
t_UBSEC_diffie_hellman_generate_ioctl *p5;
t_UBSEC_diffie_hellman_agree_ioctl *p6;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
t_UBSEC_rsa_mod_exp_ioctl *p7;
t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
t_UBSEC_dsa_sign_ioctl *p9;
t_UBSEC_dsa_verify_ioctl *p10;
+#endif
t_UBSEC_math_accelerate_ioctl *p11;
t_UBSEC_rng_ioctl *p12;
int fd = 0;
@@ -297,14 +340,20 @@ static int ubsec_init(ENGINE *e)
!(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
!(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
!(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
+#ifndef OPENSSL_NO_DH
!(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
!(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
+#endif
+/* #ifndef OPENSSL_NO_RSA */
!(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
!(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
+/* #endif */
+#ifndef OPENSSL_NO_DSA
!(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
!(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
+#endif
!(p11 = (t_UBSEC_math_accelerate_ioctl *)
DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
!(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)))
@@ -318,12 +367,18 @@ static int ubsec_init(ENGINE *e)
p_UBSEC_ubsec_bits_to_bytes = p2;
p_UBSEC_ubsec_open = p3;
p_UBSEC_ubsec_close = p4;
+#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = p5;
p_UBSEC_diffie_hellman_agree_ioctl = p6;
+#endif
+#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = p7;
p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
+#endif
+#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = p9;
p_UBSEC_dsa_verify_ioctl = p10;
+#endif
p_UBSEC_math_accelerate_ioctl = p11;
p_UBSEC_rng_ioctl = p12;
@@ -345,12 +400,18 @@ err:
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = NULL;
p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = NULL;
p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = NULL;
p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
p_UBSEC_math_accelerate_ioctl = NULL;
p_UBSEC_rng_ioctl = NULL;
@@ -374,12 +435,18 @@ static int ubsec_finish(ENGINE *e)
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
p_UBSEC_diffie_hellman_generate_ioctl = NULL;
p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
p_UBSEC_rsa_mod_exp_ioctl = NULL;
p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
p_UBSEC_dsa_sign_ioctl = NULL;
p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
p_UBSEC_math_accelerate_ioctl = NULL;
p_UBSEC_rng_ioctl = NULL;
return 1;
@@ -456,6 +523,7 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return 1;
}
+#ifndef OPENSSL_NO_RSA
static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
@@ -485,6 +553,7 @@ err:
BN_CTX_free(ctx);
return to_return;
}
+#endif
static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dp,
@@ -532,6 +601,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return 1;
}
+#ifndef OPENSSL_NO_DSA
#if NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
@@ -560,26 +630,33 @@ static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
return ubsec_mod_exp(r, a, p, m, ctx);
}
#endif
+#endif
/*
* This function is aliased to mod_exp (with the mont stuff dropped).
*/
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
+ {
int ret = 0;
+#ifndef OPENSSL_NO_RSA
/* Do in software if the key is too large for the hardware. */
- if (BN_num_bits(m) > 1024) {
+ if (BN_num_bits(m) > 1024)
+ {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
- } else {
+ }
+ else
+#endif
+ {
ret = ubsec_mod_exp(r, a, p, m, ctx);
- }
+ }
return ret;
-}
+ }
+#ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
@@ -587,7 +664,9 @@ static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
{
return ubsec_mod_exp(r, a, p, m, ctx);
}
+#endif
+#ifndef OPENSSL_NO_DSA
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
DSA_SIG *to_return = NULL;
@@ -701,7 +780,9 @@ err:
BN_clear_free(&v);
return to_return;
}
+#endif
+#ifndef OPENSSL_NO_DSA
static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
{
return 0;
@@ -711,6 +792,7 @@ static int ubsec_dh_generate_key (DH *dh)
{
return 0;
}
+#endif
#ifdef NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num)