1 /*
2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 /* crypto/engine/hw_pk11.c */
7 /*
8 * This product includes software developed by the OpenSSL Project for
9 * use in the OpenSSL Toolkit (http://www.openssl.org/).
10 *
11 * This project also referenced hw_pkcs11-0.9.7b.patch written by
12 * Afchine Madjlessi.
13 */
14 /*
15 * ====================================================================
16 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 *
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 *
25 * 2. Redistributions in binary form must reproduce the above copyright
26 * notice, this list of conditions and the following disclaimer in
27 * the documentation and/or other materials provided with the
28 * distribution.
29 *
30 * 3. All advertising materials mentioning features or use of this
31 * software must display the following acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
34 *
35 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
36 * endorse or promote products derived from this software without
37 * prior written permission. For written permission, please contact
38 * licensing@OpenSSL.org.
39 *
40 * 5. Products derived from this software may not be called "OpenSSL"
41 * nor may "OpenSSL" appear in their names without prior written
42 * permission of the OpenSSL Project.
43 *
44 * 6. Redistributions of any form whatsoever must retain the following
45 * acknowledgment:
46 * "This product includes software developed by the OpenSSL Project
47 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
50 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
53 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
54 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
56 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
58 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
59 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
60 * OF THE POSSIBILITY OF SUCH DAMAGE.
61 * ====================================================================
62 *
63 * This product includes cryptographic software written by Eric Young
64 * (eay@cryptsoft.com). This product includes software written by Tim
65 * Hudson (tjh@cryptsoft.com).
66 *
67 */
68
69 #include <stdio.h>
70 #include <stdlib.h>
71 #include <string.h>
72 #include <sys/types.h>
73 #include <unistd.h>
74
75 #include <openssl/opensslconf.h>
76 #include <openssl/e_os2.h>
77 #include <openssl/crypto.h>
78 #include <openssl/engine.h>
79 #include <openssl/dso.h>
80 #include <openssl/err.h>
81 #include <openssl/bn.h>
82 #include <openssl/md5.h>
83 #include <openssl/pem.h>
84 #ifndef OPENSSL_NO_RSA
85 #include <openssl/rsa.h>
86 #endif
87 #ifndef OPENSSL_NO_DSA
88 #include <openssl/dsa.h>
89 #endif
90 #ifndef OPENSSL_NO_DH
91 #include <openssl/dh.h>
92 #endif
93 #include <openssl/rand.h>
94 #include <openssl/objects.h>
95 #include <openssl/x509.h>
96 #include <openssl/aes.h>
97 #include <cryptlib.h>
98 #include <dlfcn.h>
99 #include <pthread.h>
100
101 #ifndef OPENSSL_NO_HW
102 #ifndef OPENSSL_NO_HW_PK11
103
104 /* label for debug messages printed on stderr */
105 #define PK11_DBG "PKCS#11 ENGINE DEBUG"
106 /* prints a lot of debug messages on stderr about slot selection process */
107 #undef DEBUG_SLOT_SELECTION
108 /*
109 * Solaris specific code. See comment at check_hw_mechanisms() for more
110 * information.
111 */
112 #if defined (__SVR4) && defined (__sun)
113 #define SOLARIS_HW_SLOT_SELECTION
114 #endif
115
116 /*
117 * AES counter mode is not supported in the OpenSSL EVP API yet and neither
118 * there are official OIDs for mechanisms based on this mode. With our changes,
119 * an application can define its own EVP calls for AES counter mode and then
120 * it can make use of hardware acceleration through this engine. However, it's
121 * better if we keep AES CTR support code under ifdef's.
122 */
123 #define SOLARIS_AES_CTR
124
125 #include "cryptoki.h"
126 #include "pkcs11.h"
127 #include "hw_pk11_err.c"
128
129 #ifdef SOLARIS_HW_SLOT_SELECTION
130 /*
131 * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel
132 * library. See comment at check_hw_mechanisms() for more information.
133 */
134 int *hw_cnids;
135 int *hw_dnids;
136 #endif /* SOLARIS_HW_SLOT_SELECTION */
137
138 /* PKCS#11 session caches and their locks for all operation types */
139 static PK11_CACHE session_cache[OP_MAX];
140
141 /*
142 * As stated in v2.20, 11.7 Object Management Function, in section for
143 * C_FindObjectsInit(), at most one search operation may be active at a given
144 * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be
145 * grouped together to form one atomic search operation. This is already
146 * ensured by the property of unique PKCS#11 session handle used for each
147 * PK11_SESSION object.
148 *
149 * This is however not the biggest concern - maintaining consistency of the
150 * underlying object store is more important. The same section of the spec also
151 * says that one thread can be in the middle of a search operation while another
152 * thread destroys the object matching the search template which would result in
153 * invalid handle returned from the search operation.
154 *
155 * Hence, the following locks are used for both protection of the object stores.
156 * They are also used for active list protection.
157 */
158 pthread_mutex_t *find_lock[OP_MAX] = { NULL };
159
160 /*
161 * lists of asymmetric key handles which are active (referenced by at least one
162 * PK11_SESSION structure, either held by a thread or present in free_session
163 * list) for given algorithm type
164 */
165 PK11_active *active_list[OP_MAX] = { NULL };
166
167 /*
168 * Create all secret key objects in a global session so that they are available
169 * to use for other sessions. These other sessions may be opened or closed
170 * without losing the secret key objects.
171 */
172 static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
173
174 /* ENGINE level stuff */
175 static int pk11_init(ENGINE *e);
176 static int pk11_library_init(ENGINE *e);
177 static int pk11_finish(ENGINE *e);
178 static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
179 static int pk11_destroy(ENGINE *e);
180
181 /* RAND stuff */
182 static void pk11_rand_seed(const void *buf, int num);
183 static void pk11_rand_add(const void *buf, int num, double add_entropy);
184 static void pk11_rand_cleanup(void);
185 static int pk11_rand_bytes(unsigned char *buf, int num);
186 static int pk11_rand_status(void);
187
188 /* These functions are also used in other files */
189 PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
190 void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
191
192 /* active list manipulation functions used in this file */
193 extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
194 extern void pk11_free_active_list(PK11_OPTYPE type);
195
196 #ifndef OPENSSL_NO_RSA
197 int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
198 int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
199 int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
200 #endif
201 #ifndef OPENSSL_NO_DSA
202 int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
203 int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
204 int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
205 #endif
206 #ifndef OPENSSL_NO_DH
207 int pk11_destroy_dh_key_objects(PK11_SESSION *session);
208 int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock);
209 #endif
210
211 /* Local helper functions */
212 static int pk11_free_all_sessions(void);
213 static int pk11_free_session_list(PK11_OPTYPE optype);
214 static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype);
215 static int pk11_destroy_cipher_key_objects(PK11_SESSION *session);
216 static int pk11_destroy_object(CK_SESSION_HANDLE session,
217 CK_OBJECT_HANDLE oh);
218 static const char *get_PK11_LIBNAME(void);
219 static void free_PK11_LIBNAME(void);
220 static long set_PK11_LIBNAME(const char *name);
221
222 /* Symmetric cipher and digest support functions */
223 static int cipher_nid_to_pk11(int nid);
224 #ifdef SOLARIS_AES_CTR
225 static int pk11_add_aes_ctr_NIDs(void);
226 #endif /* SOLARIS_AES_CTR */
227 static int pk11_usable_ciphers(const int **nids);
228 static int pk11_usable_digests(const int **nids);
229 static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
230 const unsigned char *iv, int enc);
231 static int pk11_cipher_final(PK11_SESSION *sp);
232 static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
233 const unsigned char *in, size_t inl);
234 static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx);
235 static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
236 const int **nids, int nid);
237 static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
238 const int **nids, int nid);
239 static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
240 const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
241 static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
242 int key_len);
243 static int md_nid_to_pk11(int nid);
244 static int pk11_digest_init(EVP_MD_CTX *ctx);
245 static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data,
246 size_t count);
247 static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
248 static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
249 static int pk11_digest_cleanup(EVP_MD_CTX *ctx);
250
251 static int pk11_choose_slots(int *any_slot_found);
252 static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
253 CK_SLOT_ID current_slot, int *current_slot_n_cipher,
254 int *local_cipher_nids);
255 static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
256 CK_SLOT_ID current_slot, int *current_slot_n_digest,
257 int *local_digest_nids);
258 static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id,
259 CK_MECHANISM_TYPE mech, int *current_slot_n_cipher, int *local_cipher_nids,
260 int id);
261 static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
262 CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
263 int id);
264
265 static int pk11_init_all_locks(void);
266 static void pk11_free_all_locks(void);
267
268 #ifdef SOLARIS_HW_SLOT_SELECTION
269 static int check_hw_mechanisms(void);
270 static int nid_in_table(int nid, int *nid_table);
271 #endif /* SOLARIS_HW_SLOT_SELECTION */
272
273 /* Index for the supported ciphers */
274 enum pk11_cipher_id {
275 PK11_DES_CBC,
276 PK11_DES3_CBC,
277 PK11_DES_ECB,
278 PK11_DES3_ECB,
279 PK11_RC4,
280 PK11_AES_128_CBC,
281 PK11_AES_192_CBC,
282 PK11_AES_256_CBC,
283 PK11_AES_128_ECB,
284 PK11_AES_192_ECB,
285 PK11_AES_256_ECB,
286 PK11_BLOWFISH_CBC,
287 #ifdef SOLARIS_AES_CTR
288 PK11_AES_128_CTR,
289 PK11_AES_192_CTR,
290 PK11_AES_256_CTR,
291 #endif /* SOLARIS_AES_CTR */
292 PK11_CIPHER_MAX
293 };
294
295 /* Index for the supported digests */
296 enum pk11_digest_id {
297 PK11_MD5,
298 PK11_SHA1,
299 PK11_SHA224,
300 PK11_SHA256,
301 PK11_SHA384,
302 PK11_SHA512,
303 PK11_DIGEST_MAX
304 };
305
306 #define TRY_OBJ_DESTROY(sess_hdl, obj_hdl, retval, uselock, alg_type) \
307 { \
308 if (uselock) \
309 LOCK_OBJSTORE(alg_type); \
310 if (pk11_active_delete(obj_hdl, alg_type) == 1) \
311 { \
312 retval = pk11_destroy_object(sess_hdl, obj_hdl); \
313 } \
314 if (uselock) \
315 UNLOCK_OBJSTORE(alg_type); \
316 }
317
318 static int cipher_nids[PK11_CIPHER_MAX];
319 static int digest_nids[PK11_DIGEST_MAX];
320 static int cipher_count = 0;
321 static int digest_count = 0;
322 static CK_BBOOL pk11_have_rsa = CK_FALSE;
323 static CK_BBOOL pk11_have_dsa = CK_FALSE;
324 static CK_BBOOL pk11_have_dh = CK_FALSE;
325 static CK_BBOOL pk11_have_random = CK_FALSE;
326
327 typedef struct PK11_CIPHER_st
328 {
329 enum pk11_cipher_id id;
330 int nid;
331 int iv_len;
332 int min_key_len;
333 int max_key_len;
334 CK_KEY_TYPE key_type;
335 CK_MECHANISM_TYPE mech_type;
336 } PK11_CIPHER;
337
338 static PK11_CIPHER ciphers[] =
339 {
340 { PK11_DES_CBC, NID_des_cbc, 8, 8, 8,
341 CKK_DES, CKM_DES_CBC, },
342 { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24,
343 CKK_DES3, CKM_DES3_CBC, },
344 { PK11_DES_ECB, NID_des_ecb, 0, 8, 8,
345 CKK_DES, CKM_DES_ECB, },
346 { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24,
347 CKK_DES3, CKM_DES3_ECB, },
348 { PK11_RC4, NID_rc4, 0, 16, 256,
349 CKK_RC4, CKM_RC4, },
350 { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16,
351 CKK_AES, CKM_AES_CBC, },
352 { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24,
353 CKK_AES, CKM_AES_CBC, },
354 { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32,
355 CKK_AES, CKM_AES_CBC, },
356 { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16,
357 CKK_AES, CKM_AES_ECB, },
358 { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24,
359 CKK_AES, CKM_AES_ECB, },
360 { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
361 CKK_AES, CKM_AES_ECB, },
362 { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
363 CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
364 #ifdef SOLARIS_AES_CTR
365 /* we don't know the correct NIDs until the engine is initialized */
366 { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
367 CKK_AES, CKM_AES_CTR, },
368 { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
369 CKK_AES, CKM_AES_CTR, },
370 { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
371 CKK_AES, CKM_AES_CTR, },
372 #endif /* SOLARIS_AES_CTR */
373 };
374
375 typedef struct PK11_DIGEST_st
376 {
377 enum pk11_digest_id id;
378 int nid;
379 CK_MECHANISM_TYPE mech_type;
380 } PK11_DIGEST;
381
382 static PK11_DIGEST digests[] =
383 {
384 {PK11_MD5, NID_md5, CKM_MD5, },
385 {PK11_SHA1, NID_sha1, CKM_SHA_1, },
386 {PK11_SHA224, NID_sha224, CKM_SHA224, },
387 {PK11_SHA256, NID_sha256, CKM_SHA256, },
388 {PK11_SHA384, NID_sha384, CKM_SHA384, },
389 {PK11_SHA512, NID_sha512, CKM_SHA512, },
390 {0, NID_undef, 0xFFFF, },
391 };
392
393 /*
394 * Structure to be used for the cipher_data/md_data in
395 * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
396 * session in multiple cipher_update calls
397 */
398 typedef struct PK11_CIPHER_STATE_st
399 {
400 PK11_SESSION *sp;
401 } PK11_CIPHER_STATE;
402
403
404 /*
405 * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
406 * called when libcrypto requests a cipher NID.
407 *
408 * Note how the PK11_CIPHER_STATE is used here.
409 */
410
411 /* DES CBC EVP */
412 static const EVP_CIPHER pk11_des_cbc =
413 {
414 NID_des_cbc,
415 8, 8, 8,
416 EVP_CIPH_CBC_MODE,
417 pk11_cipher_init,
418 pk11_cipher_do_cipher,
419 pk11_cipher_cleanup,
420 sizeof (PK11_CIPHER_STATE),
421 EVP_CIPHER_set_asn1_iv,
422 EVP_CIPHER_get_asn1_iv,
423 NULL
424 };
425
426 /* 3DES CBC EVP */
427 static const EVP_CIPHER pk11_3des_cbc =
428 {
429 NID_des_ede3_cbc,
430 8, 24, 8,
431 EVP_CIPH_CBC_MODE,
432 pk11_cipher_init,
433 pk11_cipher_do_cipher,
434 pk11_cipher_cleanup,
435 sizeof (PK11_CIPHER_STATE),
436 EVP_CIPHER_set_asn1_iv,
437 EVP_CIPHER_get_asn1_iv,
438 NULL
439 };
440
441 /*
442 * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and
443 * get_asn1_parameters fields are set to NULL.
444 */
445 static const EVP_CIPHER pk11_des_ecb =
446 {
447 NID_des_ecb,
448 8, 8, 8,
449 EVP_CIPH_ECB_MODE,
450 pk11_cipher_init,
451 pk11_cipher_do_cipher,
452 pk11_cipher_cleanup,
453 sizeof (PK11_CIPHER_STATE),
454 NULL,
455 NULL,
456 NULL
457 };
458
459 static const EVP_CIPHER pk11_3des_ecb =
460 {
461 NID_des_ede3_ecb,
462 8, 24, 8,
463 EVP_CIPH_ECB_MODE,
464 pk11_cipher_init,
465 pk11_cipher_do_cipher,
466 pk11_cipher_cleanup,
467 sizeof (PK11_CIPHER_STATE),
468 NULL,
469 NULL,
470 NULL
471 };
472
473
474 static const EVP_CIPHER pk11_aes_128_cbc =
475 {
476 NID_aes_128_cbc,
477 16, 16, 16,
478 EVP_CIPH_CBC_MODE,
479 pk11_cipher_init,
480 pk11_cipher_do_cipher,
481 pk11_cipher_cleanup,
482 sizeof (PK11_CIPHER_STATE),
483 EVP_CIPHER_set_asn1_iv,
484 EVP_CIPHER_get_asn1_iv,
485 NULL
486 };
487
488 static const EVP_CIPHER pk11_aes_192_cbc =
489 {
490 NID_aes_192_cbc,
491 16, 24, 16,
492 EVP_CIPH_CBC_MODE,
493 pk11_cipher_init,
494 pk11_cipher_do_cipher,
495 pk11_cipher_cleanup,
496 sizeof (PK11_CIPHER_STATE),
497 EVP_CIPHER_set_asn1_iv,
498 EVP_CIPHER_get_asn1_iv,
499 NULL
500 };
501
502 static const EVP_CIPHER pk11_aes_256_cbc =
503 {
504 NID_aes_256_cbc,
505 16, 32, 16,
506 EVP_CIPH_CBC_MODE,
507 pk11_cipher_init,
508 pk11_cipher_do_cipher,
509 pk11_cipher_cleanup,
510 sizeof (PK11_CIPHER_STATE),
511 EVP_CIPHER_set_asn1_iv,
512 EVP_CIPHER_get_asn1_iv,
513 NULL
514 };
515
516 /*
517 * ECB modes don't use IV so that's why set_asn1_parameters and
518 * get_asn1_parameters are set to NULL.
519 */
520 static const EVP_CIPHER pk11_aes_128_ecb =
521 {
522 NID_aes_128_ecb,
523 16, 16, 0,
524 EVP_CIPH_ECB_MODE,
525 pk11_cipher_init,
526 pk11_cipher_do_cipher,
527 pk11_cipher_cleanup,
528 sizeof (PK11_CIPHER_STATE),
529 NULL,
530 NULL,
531 NULL
532 };
533
534 static const EVP_CIPHER pk11_aes_192_ecb =
535 {
536 NID_aes_192_ecb,
537 16, 24, 0,
538 EVP_CIPH_ECB_MODE,
539 pk11_cipher_init,
540 pk11_cipher_do_cipher,
541 pk11_cipher_cleanup,
542 sizeof (PK11_CIPHER_STATE),
543 NULL,
544 NULL,
545 NULL
546 };
547
548 static const EVP_CIPHER pk11_aes_256_ecb =
549 {
550 NID_aes_256_ecb,
551 16, 32, 0,
552 EVP_CIPH_ECB_MODE,
553 pk11_cipher_init,
554 pk11_cipher_do_cipher,
555 pk11_cipher_cleanup,
556 sizeof (PK11_CIPHER_STATE),
557 NULL,
558 NULL,
559 NULL
560 };
561
562 #ifdef SOLARIS_AES_CTR
563 /*
564 * NID_undef's will be changed to the AES counter mode NIDs as soon they are
565 * created in pk11_library_init(). Note that the need to change these structures
566 * is the reason why we don't define them with the const keyword.
567 */
568 static EVP_CIPHER pk11_aes_128_ctr =
569 {
570 NID_undef,
571 16, 16, 16,
572 EVP_CIPH_CBC_MODE,
573 pk11_cipher_init,
574 pk11_cipher_do_cipher,
575 pk11_cipher_cleanup,
576 sizeof (PK11_CIPHER_STATE),
577 EVP_CIPHER_set_asn1_iv,
578 EVP_CIPHER_get_asn1_iv,
579 NULL
580 };
581
582 static EVP_CIPHER pk11_aes_192_ctr =
583 {
584 NID_undef,
585 16, 24, 16,
586 EVP_CIPH_CBC_MODE,
587 pk11_cipher_init,
588 pk11_cipher_do_cipher,
589 pk11_cipher_cleanup,
590 sizeof (PK11_CIPHER_STATE),
591 EVP_CIPHER_set_asn1_iv,
592 EVP_CIPHER_get_asn1_iv,
593 NULL
594 };
595
596 static EVP_CIPHER pk11_aes_256_ctr =
597 {
598 NID_undef,
599 16, 32, 16,
600 EVP_CIPH_CBC_MODE,
601 pk11_cipher_init,
602 pk11_cipher_do_cipher,
603 pk11_cipher_cleanup,
604 sizeof (PK11_CIPHER_STATE),
605 EVP_CIPHER_set_asn1_iv,
606 EVP_CIPHER_get_asn1_iv,
607 NULL
608 };
609 #endif /* SOLARIS_AES_CTR */
610
611 static const EVP_CIPHER pk11_bf_cbc =
612 {
613 NID_bf_cbc,
614 8, 16, 8,
615 EVP_CIPH_VARIABLE_LENGTH,
616 pk11_cipher_init,
617 pk11_cipher_do_cipher,
618 pk11_cipher_cleanup,
619 sizeof (PK11_CIPHER_STATE),
620 EVP_CIPHER_set_asn1_iv,
621 EVP_CIPHER_get_asn1_iv,
622 NULL
623 };
624
625 static const EVP_CIPHER pk11_rc4 =
626 {
627 NID_rc4,
628 1, 16, 0,
629 EVP_CIPH_VARIABLE_LENGTH,
630 pk11_cipher_init,
631 pk11_cipher_do_cipher,
632 pk11_cipher_cleanup,
633 sizeof (PK11_CIPHER_STATE),
634 NULL,
635 NULL,
636 NULL
637 };
638
639 static const EVP_MD pk11_md5 =
640 {
641 NID_md5,
642 NID_md5WithRSAEncryption,
643 MD5_DIGEST_LENGTH,
644 0,
645 pk11_digest_init,
646 pk11_digest_update,
647 pk11_digest_final,
648 pk11_digest_copy,
649 pk11_digest_cleanup,
650 EVP_PKEY_RSA_method,
651 MD5_CBLOCK,
652 sizeof (PK11_CIPHER_STATE),
653 };
654
655 static const EVP_MD pk11_sha1 =
656 {
657 NID_sha1,
658 NID_sha1WithRSAEncryption,
659 SHA_DIGEST_LENGTH,
660 0,
661 pk11_digest_init,
662 pk11_digest_update,
663 pk11_digest_final,
664 pk11_digest_copy,
665 pk11_digest_cleanup,
666 EVP_PKEY_RSA_method,
667 SHA_CBLOCK,
668 sizeof (PK11_CIPHER_STATE),
669 };
670
671 static const EVP_MD pk11_sha224 =
672 {
673 NID_sha224,
674 NID_sha224WithRSAEncryption,
675 SHA224_DIGEST_LENGTH,
676 0,
677 pk11_digest_init,
678 pk11_digest_update,
679 pk11_digest_final,
680 pk11_digest_copy,
681 pk11_digest_cleanup,
682 EVP_PKEY_RSA_method,
683 /* SHA-224 uses the same cblock size as SHA-256 */
684 SHA256_CBLOCK,
685 sizeof (PK11_CIPHER_STATE),
686 };
687
688 static const EVP_MD pk11_sha256 =
689 {
690 NID_sha256,
691 NID_sha256WithRSAEncryption,
692 SHA256_DIGEST_LENGTH,
693 0,
694 pk11_digest_init,
695 pk11_digest_update,
696 pk11_digest_final,
697 pk11_digest_copy,
698 pk11_digest_cleanup,
699 EVP_PKEY_RSA_method,
700 SHA256_CBLOCK,
701 sizeof (PK11_CIPHER_STATE),
702 };
703
704 static const EVP_MD pk11_sha384 =
705 {
706 NID_sha384,
707 NID_sha384WithRSAEncryption,
708 SHA384_DIGEST_LENGTH,
709 0,
710 pk11_digest_init,
711 pk11_digest_update,
712 pk11_digest_final,
713 pk11_digest_copy,
714 pk11_digest_cleanup,
715 EVP_PKEY_RSA_method,
716 /* SHA-384 uses the same cblock size as SHA-512 */
717 SHA512_CBLOCK,
718 sizeof (PK11_CIPHER_STATE),
719 };
720
721 static const EVP_MD pk11_sha512 =
722 {
723 NID_sha512,
724 NID_sha512WithRSAEncryption,
725 SHA512_DIGEST_LENGTH,
726 0,
727 pk11_digest_init,
728 pk11_digest_update,
729 pk11_digest_final,
730 pk11_digest_copy,
731 pk11_digest_cleanup,
732 EVP_PKEY_RSA_method,
733 SHA512_CBLOCK,
734 sizeof (PK11_CIPHER_STATE),
735 };
736
737 /*
738 * Initialization function. Sets up various PKCS#11 library components.
739 * The definitions for control commands specific to this engine
740 */
741 #define PK11_CMD_SO_PATH ENGINE_CMD_BASE
742 static const ENGINE_CMD_DEFN pk11_cmd_defns[] =
743 {
744 {
745 PK11_CMD_SO_PATH,
746 "SO_PATH",
747 "Specifies the path to the 'pkcs#11' shared library",
748 ENGINE_CMD_FLAG_STRING
749 },
750 {0, NULL, NULL, 0}
751 };
752
753
754 static RAND_METHOD pk11_random =
755 {
756 pk11_rand_seed,
757 pk11_rand_bytes,
758 pk11_rand_cleanup,
759 pk11_rand_add,
760 pk11_rand_bytes,
761 pk11_rand_status
762 };
763
764
765 /* Constants used when creating the ENGINE */
766 static const char *engine_pk11_id = "pkcs11";
767 static const char *engine_pk11_name = "PKCS #11 engine support";
768
769 CK_FUNCTION_LIST_PTR pFuncList = NULL;
770 static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList";
771
772 /*
773 * These is the static string constant for the DSO file name and the function
774 * symbol names to bind to.
775 */
776 static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
777
778 static CK_BBOOL true = TRUE;
779 static CK_BBOOL false = FALSE;
780 static CK_SLOT_ID pubkey_SLOTID = 0;
781 static CK_SLOT_ID rand_SLOTID = 0;
782 static CK_SLOT_ID SLOTID = 0;
783 static CK_BBOOL pk11_library_initialized = FALSE;
784 static CK_BBOOL pk11_atfork_initialized = FALSE;
785 static int pk11_pid = 0;
786
787 static DSO *pk11_dso = NULL;
788
789 /* allocate and initialize all locks used by the engine itself */
790 static int pk11_init_all_locks(void)
791 {
792 int type;
793
794 #ifndef OPENSSL_NO_RSA
795 find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
796 if (find_lock[OP_RSA] == NULL)
797 goto malloc_err;
798 (void) pthread_mutex_init(find_lock[OP_RSA], NULL);
799 #endif /* OPENSSL_NO_RSA */
800
801 #ifndef OPENSSL_NO_DSA
802 find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t));
803 if (find_lock[OP_DSA] == NULL)
804 goto malloc_err;
805 (void) pthread_mutex_init(find_lock[OP_DSA], NULL);
806 #endif /* OPENSSL_NO_DSA */
807
808 #ifndef OPENSSL_NO_DH
809 find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t));
810 if (find_lock[OP_DH] == NULL)
811 goto malloc_err;
812 (void) pthread_mutex_init(find_lock[OP_DH], NULL);
813 #endif /* OPENSSL_NO_DH */
814
815 for (type = 0; type < OP_MAX; type++)
816 {
817 session_cache[type].lock =
818 OPENSSL_malloc(sizeof (pthread_mutex_t));
819 if (session_cache[type].lock == NULL)
820 goto malloc_err;
821 (void) pthread_mutex_init(session_cache[type].lock, NULL);
822 }
823
824 return (1);
825
826 malloc_err:
827 pk11_free_all_locks();
828 PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE);
829 return (0);
830 }
831
832 static void pk11_free_all_locks(void)
833 {
834 int type;
835
836 #ifndef OPENSSL_NO_RSA
837 if (find_lock[OP_RSA] != NULL)
838 {
839 (void) pthread_mutex_destroy(find_lock[OP_RSA]);
840 OPENSSL_free(find_lock[OP_RSA]);
841 find_lock[OP_RSA] = NULL;
842 }
843 #endif /* OPENSSL_NO_RSA */
844 #ifndef OPENSSL_NO_DSA
845 if (find_lock[OP_DSA] != NULL)
846 {
847 (void) pthread_mutex_destroy(find_lock[OP_DSA]);
848 OPENSSL_free(find_lock[OP_DSA]);
849 find_lock[OP_DSA] = NULL;
850 }
851 #endif /* OPENSSL_NO_DSA */
852 #ifndef OPENSSL_NO_DH
853 if (find_lock[OP_DH] != NULL)
854 {
855 (void) pthread_mutex_destroy(find_lock[OP_DH]);
856 OPENSSL_free(find_lock[OP_DH]);
857 find_lock[OP_DH] = NULL;
858 }
859 #endif /* OPENSSL_NO_DH */
860
861 for (type = 0; type < OP_MAX; type++)
862 {
863 if (session_cache[type].lock != NULL)
864 {
865 (void) pthread_mutex_destroy(session_cache[type].lock);
866 OPENSSL_free(session_cache[type].lock);
867 session_cache[type].lock = NULL;
868 }
869 }
870 }
871
872 /*
873 * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support.
874 */
875 static int bind_pk11(ENGINE *e)
876 {
877 #ifndef OPENSSL_NO_RSA
878 const RSA_METHOD *rsa = NULL;
879 RSA_METHOD *pk11_rsa = PK11_RSA();
880 #endif /* OPENSSL_NO_RSA */
881 if (!pk11_library_initialized)
882 if (!pk11_library_init(e))
883 return (0);
884
885 if (!ENGINE_set_id(e, engine_pk11_id) ||
886 !ENGINE_set_name(e, engine_pk11_name) ||
887 !ENGINE_set_ciphers(e, pk11_engine_ciphers) ||
888 !ENGINE_set_digests(e, pk11_engine_digests))
889 return (0);
890 #ifndef OPENSSL_NO_RSA
891 if (pk11_have_rsa == CK_TRUE)
892 {
893 if (!ENGINE_set_RSA(e, PK11_RSA()) ||
894 !ENGINE_set_load_privkey_function(e, pk11_load_privkey) ||
895 !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey))
896 return (0);
897 #ifdef DEBUG_SLOT_SELECTION
898 fprintf(stderr, "%s: registered RSA\n", PK11_DBG);
899 #endif /* DEBUG_SLOT_SELECTION */
900 }
901 #endif /* OPENSSL_NO_RSA */
902 #ifndef OPENSSL_NO_DSA
903 if (pk11_have_dsa == CK_TRUE)
904 {
905 if (!ENGINE_set_DSA(e, PK11_DSA()))
906 return (0);
907 #ifdef DEBUG_SLOT_SELECTION
908 fprintf(stderr, "%s: registered DSA\n", PK11_DBG);
909 #endif /* DEBUG_SLOT_SELECTION */
910 }
911 #endif /* OPENSSL_NO_DSA */
912 #ifndef OPENSSL_NO_DH
913 if (pk11_have_dh == CK_TRUE)
914 {
915 if (!ENGINE_set_DH(e, PK11_DH()))
916 return (0);
917 #ifdef DEBUG_SLOT_SELECTION
918 fprintf(stderr, "%s: registered DH\n", PK11_DBG);
919 #endif /* DEBUG_SLOT_SELECTION */
920 }
921 #endif /* OPENSSL_NO_DH */
922 if (pk11_have_random)
923 {
924 if (!ENGINE_set_RAND(e, &pk11_random))
925 return (0);
926 #ifdef DEBUG_SLOT_SELECTION
927 fprintf(stderr, "%s: registered random\n", PK11_DBG);
928 #endif /* DEBUG_SLOT_SELECTION */
929 }
930 if (!ENGINE_set_init_function(e, pk11_init) ||
931 !ENGINE_set_destroy_function(e, pk11_destroy) ||
932 !ENGINE_set_finish_function(e, pk11_finish) ||
933 !ENGINE_set_ctrl_function(e, pk11_ctrl) ||
934 !ENGINE_set_cmd_defns(e, pk11_cmd_defns))
935 return (0);
936
937 /*
938 * Apache calls OpenSSL function RSA_blinding_on() once during startup
939 * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp
940 * here, we wire it back to the OpenSSL software implementation.
941 * Since it is used only once, performance is not a concern.
942 */
943 #ifndef OPENSSL_NO_RSA
944 rsa = RSA_PKCS1_SSLeay();
945 pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp;
946 pk11_rsa->bn_mod_exp = rsa->bn_mod_exp;
947 #endif /* OPENSSL_NO_RSA */
948
949 /* Ensure the pk11 error handling is set up */
950 ERR_load_pk11_strings();
951
952 return (1);
953 }
954
955 /* Dynamic engine support is disabled at a higher level for Solaris */
956 #ifdef ENGINE_DYNAMIC_SUPPORT
957 static int bind_helper(ENGINE *e, const char *id)
958 {
959 if (id && (strcmp(id, engine_pk11_id) != 0))
960 return (0);
961
962 if (!bind_pk11(e))
963 return (0);
964
965 return (1);
966 }
967
968 IMPLEMENT_DYNAMIC_CHECK_FN()
969 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
970
971 #else
972 static ENGINE *engine_pk11(void)
973 {
974 ENGINE *ret = ENGINE_new();
975
976 if (!ret)
977 return (NULL);
978
979 if (!bind_pk11(ret))
980 {
981 ENGINE_free(ret);
982 return (NULL);
983 }
984
985 return (ret);
986 }
987
988 void
989 ENGINE_load_pk11(void)
990 {
991 ENGINE *e_pk11 = NULL;
992
993 /*
994 * Do not use dynamic PKCS#11 library on Solaris due to
995 * security reasons. We will link it in statically.
996 */
997 /* Attempt to load PKCS#11 library */
998 if (!pk11_dso)
999 pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
1000
1001 if (pk11_dso == NULL)
1002 {
1003 PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE);
1004 return;
1005 }
1006
1007 e_pk11 = engine_pk11();
1008 if (!e_pk11)
1009 {
1010 DSO_free(pk11_dso);
1011 pk11_dso = NULL;
1012 return;
1013 }
1014
1015 /*
1016 * At this point, the pk11 shared library is either dynamically
1017 * loaded or statically linked in. So, initialize the pk11
1018 * library before calling ENGINE_set_default since the latter
1019 * needs cipher and digest algorithm information
1020 */
1021 if (!pk11_library_init(e_pk11))
1022 {
1023 DSO_free(pk11_dso);
1024 pk11_dso = NULL;
1025 ENGINE_free(e_pk11);
1026 return;
1027 }
1028
1029 ENGINE_add(e_pk11);
1030
1031 ENGINE_free(e_pk11);
1032 ERR_clear_error();
1033 }
1034 #endif /* ENGINE_DYNAMIC_SUPPORT */
1035
1036 /*
1037 * These are the static string constants for the DSO file name and
1038 * the function symbol names to bind to.
1039 */
1040 static const char *PK11_LIBNAME = NULL;
1041
1042 static const char *get_PK11_LIBNAME(void)
1043 {
1044 if (PK11_LIBNAME)
1045 return (PK11_LIBNAME);
1046
1047 return (def_PK11_LIBNAME);
1048 }
1049
1050 static void free_PK11_LIBNAME(void)
1051 {
1052 if (PK11_LIBNAME)
1053 OPENSSL_free((void*)PK11_LIBNAME);
1054
1055 PK11_LIBNAME = NULL;
1056 }
1057
1058 static long set_PK11_LIBNAME(const char *name)
1059 {
1060 free_PK11_LIBNAME();
1061
1062 return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
1063 }
1064
1065 /* acquire all engine specific mutexes before fork */
1066 static void pk11_fork_prepare(void)
1067 {
1068 int i;
1069
1070 if (!pk11_library_initialized)
1071 return;
1072
1073 LOCK_OBJSTORE(OP_RSA);
1074 LOCK_OBJSTORE(OP_DSA);
1075 LOCK_OBJSTORE(OP_DH);
1076 for (i = 0; i < OP_MAX; i++)
1077 {
1078 (void) pthread_mutex_lock(session_cache[i].lock);
1079 }
1080 }
1081
1082 /* release all engine specific mutexes */
1083 static void pk11_fork_parent(void)
1084 {
1085 int i;
1086
1087 if (!pk11_library_initialized)
1088 return;
1089
1090 for (i = OP_MAX - 1; i >= 0; i--)
1091 {
1092 (void) pthread_mutex_unlock(session_cache[i].lock);
1093 }
1094 UNLOCK_OBJSTORE(OP_DH);
1095 UNLOCK_OBJSTORE(OP_DSA);
1096 UNLOCK_OBJSTORE(OP_RSA);
1097 }
1098
1099 /*
1100 * same situation as in parent - we need to unlock all locks to make them
1101 * accessible to all threads.
1102 */
1103 static void pk11_fork_child(void)
1104 {
1105 int i;
1106
1107 if (!pk11_library_initialized)
1108 return;
1109
1110 for (i = OP_MAX - 1; i >= 0; i--)
1111 {
1112 (void) pthread_mutex_unlock(session_cache[i].lock);
1113 }
1114 UNLOCK_OBJSTORE(OP_DH);
1115 UNLOCK_OBJSTORE(OP_DSA);
1116 UNLOCK_OBJSTORE(OP_RSA);
1117 }
1118
1119 /* Initialization function for the pk11 engine */
1120 static int pk11_init(ENGINE *e)
1121 {
1122 return (pk11_library_init(e));
1123 }
1124
1125 /*
1126 * Initialization function. Sets up various PKCS#11 library components.
1127 * It selects a slot based on predefined critiera. In the process, it also
1128 * count how many ciphers and digests to support. Since the cipher and
1129 * digest information is needed when setting default engine, this function
1130 * needs to be called before calling ENGINE_set_default.
1131 */
1132 /* ARGSUSED */
1133 static int pk11_library_init(ENGINE *e)
1134 {
1135 CK_C_GetFunctionList p;
1136 CK_RV rv = CKR_OK;
1137 CK_INFO info;
1138 CK_ULONG ul_state_len;
1139 int any_slot_found;
1140 int i;
1141
1142 /*
1143 * pk11_library_initialized is set to 0 in pk11_finish() which is called
1144 * from ENGINE_finish(). However, if there is still at least one
1145 * existing functional reference to the engine (see engine(3) for more
1146 * information), pk11_finish() is skipped. For example, this can happen
1147 * if an application forgets to clear one cipher context. In case of a
1148 * fork() when the application is finishing the engine so that it can be
1149 * reinitialized in the child, forgotten functional reference causes
1150 * pk11_library_initialized to stay 1. In that case we need the PID
1151 * check so that we properly initialize the engine again.
1152 */
1153 if (pk11_library_initialized)
1154 {
1155 if (pk11_pid == getpid())
1156 {
1157 return (1);
1158 }
1159 else
1160 {
1161 global_session = CK_INVALID_HANDLE;
1162 /*
1163 * free the locks first to prevent memory leak in case
1164 * the application calls fork() without finishing the
1165 * engine first.
1166 */
1167 pk11_free_all_locks();
1168 }
1169 }
1170
1171 if (pk11_dso == NULL)
1172 {
1173 PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
1174 goto err;
1175 }
1176
1177 #ifdef SOLARIS_AES_CTR
1178 /*
1179 * We must do this before we start working with slots since we need all
1180 * NIDs there.
1181 */
1182 if (pk11_add_aes_ctr_NIDs() == 0)
1183 goto err;
1184 #endif /* SOLARIS_AES_CTR */
1185
1186 #ifdef SOLARIS_HW_SLOT_SELECTION
1187 if (check_hw_mechanisms() == 0)
1188 goto err;
1189 #endif /* SOLARIS_HW_SLOT_SELECTION */
1190
1191 /* get the C_GetFunctionList function from the loaded library */
1192 p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso,
1193 PK11_GET_FUNCTION_LIST);
1194 if (!p)
1195 {
1196 PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE);
1197 goto err;
1198 }
1199
1200 /* get the full function list from the loaded library */
1201 rv = p(&pFuncList);
1202 if (rv != CKR_OK)
1203 {
1204 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv);
1205 goto err;
1206 }
1207
1208 rv = pFuncList->C_Initialize(NULL_PTR);
1209 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
1210 {
1211 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv);
1212 goto err;
1213 }
1214
1215 rv = pFuncList->C_GetInfo(&info);
1216 if (rv != CKR_OK)
1217 {
1218 PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv);
1219 goto err;
1220 }
1221
1222 if (pk11_choose_slots(&any_slot_found) == 0)
1223 goto err;
1224
1225 /*
1226 * The library we use, set in def_PK11_LIBNAME, may not offer any
1227 * slot(s). In that case, we must not proceed but we must not return an
1228 * error. The reason is that applications that try to set up the PKCS#11
1229 * engine don't exit on error during the engine initialization just
1230 * because no slot was present.
1231 */
1232 if (any_slot_found == 0)
1233 return (1);
1234
1235 if (global_session == CK_INVALID_HANDLE)
1236 {
1237 /* Open the global_session for the new process */
1238 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
1239 NULL_PTR, NULL_PTR, &global_session);
1240 if (rv != CKR_OK)
1241 {
1242 PK11err_add_data(PK11_F_LIBRARY_INIT,
1243 PK11_R_OPENSESSION, rv);
1244 goto err;
1245 }
1246 }
1247
1248 /*
1249 * Disable digest if C_GetOperationState is not supported since
1250 * this function is required by OpenSSL digest copy function
1251 */
1252 if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
1253 == CKR_FUNCTION_NOT_SUPPORTED) {
1254 #ifdef DEBUG_SLOT_SELECTION
1255 fprintf(stderr, "%s: C_GetOperationState() not supported, "
1256 "setting digest_count to 0\n", PK11_DBG);
1257 #endif /* DEBUG_SLOT_SELECTION */
1258 digest_count = 0;
1259 }
1260
1261 pk11_library_initialized = TRUE;
1262 pk11_pid = getpid();
1263 /*
1264 * if initialization of the locks fails pk11_init_all_locks()
1265 * will do the cleanup.
1266 */
1267 if (!pk11_init_all_locks())
1268 goto err;
1269 for (i = 0; i < OP_MAX; i++)
1270 session_cache[i].head = NULL;
1271 /*
1272 * initialize active lists. We only use active lists
1273 * for asymmetric ciphers.
1274 */
1275 for (i = 0; i < OP_MAX; i++)
1276 active_list[i] = NULL;
1277
1278 if (!pk11_atfork_initialized)
1279 {
1280 if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent,
1281 pk11_fork_child) != 0)
1282 {
1283 PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
1284 goto err;
1285 }
1286 pk11_atfork_initialized = TRUE;
1287 }
1288
1289 return (1);
1290
1291 err:
1292 return (0);
1293 }
1294
1295 /* Destructor (complements the "ENGINE_pk11()" constructor) */
1296 /* ARGSUSED */
1297 static int pk11_destroy(ENGINE *e)
1298 {
1299 free_PK11_LIBNAME();
1300 ERR_unload_pk11_strings();
1301 return (1);
1302 }
1303
1304 /*
1305 * Termination function to clean up the session, the token, and the pk11
1306 * library.
1307 */
1308 /* ARGSUSED */
1309 static int pk11_finish(ENGINE *e)
1310 {
1311 int i;
1312
1313 if (pk11_dso == NULL)
1314 {
1315 PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED);
1316 goto err;
1317 }
1318
1319 OPENSSL_assert(pFuncList != NULL);
1320
1321 if (pk11_free_all_sessions() == 0)
1322 goto err;
1323
1324 /* free all active lists */
1325 for (i = 0; i < OP_MAX; i++)
1326 pk11_free_active_list(i);
1327
1328 pFuncList->C_CloseSession(global_session);
1329 global_session = CK_INVALID_HANDLE;
1330
1331 /*
1332 * Since we are part of a library (libcrypto.so), calling this function
1333 * may have side-effects.
1334 */
1335 #if 0
1336 pFuncList->C_Finalize(NULL);
1337 #endif
1338
1339 if (!DSO_free(pk11_dso))
1340 {
1341 PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE);
1342 goto err;
1343 }
1344 pk11_dso = NULL;
1345 pFuncList = NULL;
1346 pk11_library_initialized = FALSE;
1347 pk11_pid = 0;
1348 /*
1349 * There is no way how to unregister atfork handlers (other than
1350 * unloading the library) so we just free the locks. For this reason
1351 * the atfork handlers check if the engine is initialized and bail out
1352 * immediately if not. This is necessary in case a process finishes
1353 * the engine before calling fork().
1354 */
1355 pk11_free_all_locks();
1356
1357 return (1);
1358
1359 err:
1360 return (0);
1361 }
1362
1363 /* Standard engine interface function to set the dynamic library path */
1364 /* ARGSUSED */
1365 static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
1366 {
1367 int initialized = ((pk11_dso == NULL) ? 0 : 1);
1368
1369 switch (cmd)
1370 {
1371 case PK11_CMD_SO_PATH:
1372 if (p == NULL)
1373 {
1374 PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1375 return (0);
1376 }
1377
1378 if (initialized)
1379 {
1380 PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED);
1381 return (0);
1382 }
1383
1384 return (set_PK11_LIBNAME((const char *)p));
1385 default:
1386 break;
1387 }
1388
1389 PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED);
1390
1391 return (0);
1392 }
1393
1394
1395 /* Required function by the engine random interface. It does nothing here */
1396 static void pk11_rand_cleanup(void)
1397 {
1398 return;
1399 }
1400
1401 /* ARGSUSED */
1402 static void pk11_rand_add(const void *buf, int num, double add)
1403 {
1404 PK11_SESSION *sp;
1405
1406 if ((sp = pk11_get_session(OP_RAND)) == NULL)
1407 return;
1408
1409 /*
1410 * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since
1411 * the calling functions do not care anyway
1412 */
1413 pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num);
1414 pk11_return_session(sp, OP_RAND);
1415
1416 return;
1417 }
1418
1419 static void pk11_rand_seed(const void *buf, int num)
1420 {
1421 pk11_rand_add(buf, num, 0);
1422 }
1423
1424 static int pk11_rand_bytes(unsigned char *buf, int num)
1425 {
1426 CK_RV rv;
1427 PK11_SESSION *sp;
1428
1429 if ((sp = pk11_get_session(OP_RAND)) == NULL)
1430 return (0);
1431
1432 rv = pFuncList->C_GenerateRandom(sp->session, buf, num);
1433 if (rv != CKR_OK)
1434 {
1435 PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv);
1436 pk11_return_session(sp, OP_RAND);
1437 return (0);
1438 }
1439
1440 pk11_return_session(sp, OP_RAND);
1441 return (1);
1442 }
1443
1444 /* Required function by the engine random interface. It does nothing here */
1445 static int pk11_rand_status(void)
1446 {
1447 return (1);
1448 }
1449
1450 /* Free all BIGNUM structures from PK11_SESSION. */
1451 static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype)
1452 {
1453 switch (optype)
1454 {
1455 #ifndef OPENSSL_NO_RSA
1456 case OP_RSA:
1457 if (sp->opdata_rsa_n_num != NULL)
1458 {
1459 BN_free(sp->opdata_rsa_n_num);
1460 sp->opdata_rsa_n_num = NULL;
1461 }
1462 if (sp->opdata_rsa_e_num != NULL)
1463 {
1464 BN_free(sp->opdata_rsa_e_num);
1465 sp->opdata_rsa_e_num = NULL;
1466 }
1467 if (sp->opdata_rsa_d_num != NULL)
1468 {
1469 BN_free(sp->opdata_rsa_d_num);
1470 sp->opdata_rsa_d_num = NULL;
1471 }
1472 break;
1473 #endif
1474 #ifndef OPENSSL_NO_DSA
1475 case OP_DSA:
1476 if (sp->opdata_dsa_pub_num != NULL)
1477 {
1478 BN_free(sp->opdata_dsa_pub_num);
1479 sp->opdata_dsa_pub_num = NULL;
1480 }
1481 if (sp->opdata_dsa_priv_num != NULL)
1482 {
1483 BN_free(sp->opdata_dsa_priv_num);
1484 sp->opdata_dsa_priv_num = NULL;
1485 }
1486 break;
1487 #endif
1488 #ifndef OPENSSL_NO_DH
1489 case OP_DH:
1490 if (sp->opdata_dh_priv_num != NULL)
1491 {
1492 BN_free(sp->opdata_dh_priv_num);
1493 sp->opdata_dh_priv_num = NULL;
1494 }
1495 break;
1496 #endif
1497 default:
1498 break;
1499 }
1500 }
1501
1502 /*
1503 * Get new PK11_SESSION structure ready for use. Every process must have
1504 * its own freelist of PK11_SESSION structures so handle fork() here
1505 * by destroying the old and creating new freelist.
1506 * The returned PK11_SESSION structure is disconnected from the freelist.
1507 */
1508 PK11_SESSION *
1509 pk11_get_session(PK11_OPTYPE optype)
1510 {
1511 PK11_SESSION *sp = NULL, *sp1, *freelist;
1512 pthread_mutex_t *freelist_lock;
1513 CK_RV rv;
1514
1515 switch (optype)
1516 {
1517 case OP_RSA:
1518 case OP_DSA:
1519 case OP_DH:
1520 case OP_RAND:
1521 case OP_DIGEST:
1522 case OP_CIPHER:
1523 freelist_lock = session_cache[optype].lock;
1524 break;
1525 default:
1526 PK11err(PK11_F_GET_SESSION,
1527 PK11_R_INVALID_OPERATION_TYPE);
1528 return (NULL);
1529 }
1530 (void) pthread_mutex_lock(freelist_lock);
1531 freelist = session_cache[optype].head;
1532 sp = freelist;
1533
1534 /*
1535 * If the free list is empty, allocate new unitialized (filled
1536 * with zeroes) PK11_SESSION structure otherwise return first
1537 * structure from the freelist.
1538 */
1539 if (sp == NULL)
1540 {
1541 if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL)
1542 {
1543 PK11err(PK11_F_GET_SESSION,
1544 PK11_R_MALLOC_FAILURE);
1545 goto err;
1546 }
1547 (void) memset(sp, 0, sizeof (PK11_SESSION));
1548 }
1549 else
1550 {
1551 freelist = sp->next;
1552 }
1553
1554 if (sp->pid != 0 && sp->pid != getpid())
1555 {
1556 /*
1557 * We are a new process and thus need to free any inherited
1558 * PK11_SESSION objects.
1559 */
1560 while ((sp1 = freelist) != NULL)
1561 {
1562 freelist = sp1->next;
1563 /*
1564 * NOTE: we do not want to call pk11_free_all_sessions()
1565 * here because it would close underlying PKCS#11
1566 * sessions and destroy all objects.
1567 */
1568 pk11_free_nums(sp1, optype);
1569 OPENSSL_free(sp1);
1570 }
1571
1572 /* we have to free the active list as well. */
1573 pk11_free_active_list(optype);
1574
1575 /* Initialize the process */
1576 rv = pFuncList->C_Initialize(NULL_PTR);
1577 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
1578 {
1579 PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE,
1580 rv);
1581 OPENSSL_free(sp);
1582 sp = NULL;
1583 goto err;
1584 }
1585
1586 /*
1587 * Choose slot here since the slot table is different on this
1588 * process. If we are here then we must have found at least one
1589 * usable slot before so we don't need to check any_slot_found.
1590 * See pk11_library_init()'s usage of this function for more
1591 * information.
1592 */
1593 #ifdef SOLARIS_HW_SLOT_SELECTION
1594 if (check_hw_mechanisms() == 0)
1595 goto err;
1596 #endif /* SOLARIS_HW_SLOT_SELECTION */
1597 if (pk11_choose_slots(NULL) == 0)
1598 goto err;
1599
1600 /* Open the global_session for the new process */
1601 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
1602 NULL_PTR, NULL_PTR, &global_session);
1603 if (rv != CKR_OK)
1604 {
1605 PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION,
1606 rv);
1607 OPENSSL_free(sp);
1608 sp = NULL;
1609 goto err;
1610 }
1611
1612 /* It is an inherited session and needs re-initialization. */
1613 if (pk11_setup_session(sp, optype) == 0)
1614 {
1615 OPENSSL_free(sp);
1616 sp = NULL;
1617 }
1618 }
1619 if (sp->pid == 0)
1620 {
1621 /* It is a new session and needs initialization. */
1622 if (pk11_setup_session(sp, optype) == 0)
1623 {
1624 OPENSSL_free(sp);
1625 sp = NULL;
1626 }
1627 }
1628
1629 /* set new head for the list of PK11_SESSION objects */
1630 session_cache[optype].head = freelist;
1631
1632 err:
1633 if (sp != NULL)
1634 sp->next = NULL;
1635
1636 (void) pthread_mutex_unlock(freelist_lock);
1637
1638 return (sp);
1639 }
1640
1641
1642 void
1643 pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype)
1644 {
1645 pthread_mutex_t *freelist_lock;
1646 PK11_SESSION *freelist;
1647
1648 if (sp == NULL || sp->pid != getpid())
1649 return;
1650
1651 switch (optype)
1652 {
1653 case OP_RSA:
1654 case OP_DSA:
1655 case OP_DH:
1656 case OP_RAND:
1657 case OP_DIGEST:
1658 case OP_CIPHER:
1659 freelist_lock = session_cache[optype].lock;
1660 break;
1661 default:
1662 PK11err(PK11_F_RETURN_SESSION,
1663 PK11_R_INVALID_OPERATION_TYPE);
1664 return;
1665 }
1666
1667 (void) pthread_mutex_lock(freelist_lock);
1668 freelist = session_cache[optype].head;
1669 sp->next = freelist;
1670 session_cache[optype].head = sp;
1671 (void) pthread_mutex_unlock(freelist_lock);
1672 }
1673
1674
1675 /* Destroy all objects. This function is called when the engine is finished */
1676 static int pk11_free_all_sessions()
1677 {
1678 int ret = 1;
1679 int type;
1680
1681 #ifndef OPENSSL_NO_RSA
1682 (void) pk11_destroy_rsa_key_objects(NULL);
1683 #endif /* OPENSSL_NO_RSA */
1684 #ifndef OPENSSL_NO_DSA
1685 (void) pk11_destroy_dsa_key_objects(NULL);
1686 #endif /* OPENSSL_NO_DSA */
1687 #ifndef OPENSSL_NO_DH
1688 (void) pk11_destroy_dh_key_objects(NULL);
1689 #endif /* OPENSSL_NO_DH */
1690 (void) pk11_destroy_cipher_key_objects(NULL);
1691
1692 /*
1693 * We try to release as much as we can but any error means that we will
1694 * return 0 on exit.
1695 */
1696 for (type = 0; type < OP_MAX; type++)
1697 {
1698 if (pk11_free_session_list(type) == 0)
1699 ret = 0;
1700 }
1701
1702 return (ret);
1703 }
1704
1705 /*
1706 * Destroy session structures from the linked list specified. Free as many
1707 * sessions as possible but any failure in C_CloseSession() means that we
1708 * return an error on return.
1709 */
1710 static int pk11_free_session_list(PK11_OPTYPE optype)
1711 {
1712 CK_RV rv;
1713 PK11_SESSION *sp = NULL;
1714 PK11_SESSION *freelist = NULL;
1715 pid_t mypid = getpid();
1716 pthread_mutex_t *freelist_lock;
1717 int ret = 1;
1718
1719 switch (optype)
1720 {
1721 case OP_RSA:
1722 case OP_DSA:
1723 case OP_DH:
1724 case OP_RAND:
1725 case OP_DIGEST:
1726 case OP_CIPHER:
1727 freelist_lock = session_cache[optype].lock;
1728 break;
1729 default:
1730 PK11err(PK11_F_FREE_ALL_SESSIONS,
1731 PK11_R_INVALID_OPERATION_TYPE);
1732 return (0);
1733 }
1734
1735 (void) pthread_mutex_lock(freelist_lock);
1736 freelist = session_cache[optype].head;
1737 while ((sp = freelist) != NULL)
1738 {
1739 if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid)
1740 {
1741 rv = pFuncList->C_CloseSession(sp->session);
1742 if (rv != CKR_OK)
1743 {
1744 PK11err_add_data(PK11_F_FREE_ALL_SESSIONS,
1745 PK11_R_CLOSESESSION, rv);
1746 ret = 0;
1747 }
1748 }
1749 freelist = sp->next;
1750 pk11_free_nums(sp, optype);
1751 OPENSSL_free(sp);
1752 }
1753
1754 (void) pthread_mutex_unlock(freelist_lock);
1755 return (ret);
1756 }
1757
1758
1759 static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype)
1760 {
1761 CK_RV rv;
1762 CK_SLOT_ID myslot;
1763
1764 switch (optype)
1765 {
1766 case OP_RSA:
1767 case OP_DSA:
1768 case OP_DH:
1769 myslot = pubkey_SLOTID;
1770 break;
1771 case OP_RAND:
1772 myslot = rand_SLOTID;
1773 break;
1774 case OP_DIGEST:
1775 case OP_CIPHER:
1776 myslot = SLOTID;
1777 break;
1778 default:
1779 PK11err(PK11_F_SETUP_SESSION,
1780 PK11_R_INVALID_OPERATION_TYPE);
1781 return (0);
1782 }
1783
1784 sp->session = CK_INVALID_HANDLE;
1785 #ifdef DEBUG_SLOT_SELECTION
1786 fprintf(stderr, "%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype);
1787 #endif /* DEBUG_SLOT_SELECTION */
1788 rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
1789 NULL_PTR, NULL_PTR, &sp->session);
1790 if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
1791 {
1792 /*
1793 * We are probably a child process so force the
1794 * reinitialize of the session
1795 */
1796 pk11_library_initialized = FALSE;
1797 if (!pk11_library_init(NULL))
1798 return (0);
1799 rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
1800 NULL_PTR, NULL_PTR, &sp->session);
1801 }
1802 if (rv != CKR_OK)
1803 {
1804 PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv);
1805 return (0);
1806 }
1807
1808 sp->pid = getpid();
1809
1810 switch (optype)
1811 {
1812 #ifndef OPENSSL_NO_RSA
1813 case OP_RSA:
1814 sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
1815 sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
1816 sp->opdata_rsa_pub = NULL;
1817 sp->opdata_rsa_n_num = NULL;
1818 sp->opdata_rsa_e_num = NULL;
1819 sp->opdata_rsa_priv = NULL;
1820 sp->opdata_rsa_d_num = NULL;
1821 break;
1822 #endif /* OPENSSL_NO_RSA */
1823 #ifndef OPENSSL_NO_DSA
1824 case OP_DSA:
1825 sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
1826 sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
1827 sp->opdata_dsa_pub = NULL;
1828 sp->opdata_dsa_pub_num = NULL;
1829 sp->opdata_dsa_priv = NULL;
1830 sp->opdata_dsa_priv_num = NULL;
1831 break;
1832 #endif /* OPENSSL_NO_DSA */
1833 #ifndef OPENSSL_NO_DH
1834 case OP_DH:
1835 sp->opdata_dh_key = CK_INVALID_HANDLE;
1836 sp->opdata_dh = NULL;
1837 sp->opdata_dh_priv_num = NULL;
1838 break;
1839 #endif /* OPENSSL_NO_DH */
1840 case OP_CIPHER:
1841 sp->opdata_cipher_key = CK_INVALID_HANDLE;
1842 sp->opdata_encrypt = -1;
1843 break;
1844 }
1845
1846 return (1);
1847 }
1848
1849 #ifndef OPENSSL_NO_RSA
1850 /* Destroy RSA public key from single session. */
1851 int
1852 pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
1853 {
1854 int ret = 0;
1855
1856 if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE)
1857 {
1858 TRY_OBJ_DESTROY(sp->session, sp->opdata_rsa_pub_key,
1859 ret, uselock, OP_RSA);
1860 sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
1861 sp->opdata_rsa_pub = NULL;
1862 if (sp->opdata_rsa_n_num != NULL)
1863 {
1864 BN_free(sp->opdata_rsa_n_num);
1865 sp->opdata_rsa_n_num = NULL;
1866 }
1867 if (sp->opdata_rsa_e_num != NULL)
1868 {
1869 BN_free(sp->opdata_rsa_e_num);
1870 sp->opdata_rsa_e_num = NULL;
1871 }
1872 }
1873
1874 return (ret);
1875 }
1876
1877 /* Destroy RSA private key from single session. */
1878 int
1879 pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
1880 {
1881 int ret = 0;
1882
1883 if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE)
1884 {
1885 TRY_OBJ_DESTROY(sp->session, sp->opdata_rsa_priv_key,
1886 ret, uselock, OP_RSA);
1887 sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
1888 sp->opdata_rsa_priv = NULL;
1889 if (sp->opdata_rsa_d_num != NULL)
1890 {
1891 BN_free(sp->opdata_rsa_d_num);
1892 sp->opdata_rsa_d_num = NULL;
1893 }
1894 }
1895
1896 return (ret);
1897 }
1898
1899 /*
1900 * Destroy RSA key object wrapper. If session is NULL, try to destroy all
1901 * objects in the free list.
1902 */
1903 int
1904 pk11_destroy_rsa_key_objects(PK11_SESSION *session)
1905 {
1906 int ret = 1;
1907 PK11_SESSION *sp = NULL;
1908 PK11_SESSION *local_free_session;
1909 CK_BBOOL uselock = TRUE;
1910
1911 if (session != NULL)
1912 local_free_session = session;
1913 else
1914 {
1915 (void) pthread_mutex_lock(session_cache[OP_RSA].lock);
1916 local_free_session = session_cache[OP_RSA].head;
1917 uselock = FALSE;
1918 }
1919
1920 /*
1921 * go through the list of sessions and delete key objects
1922 */
1923 while ((sp = local_free_session) != NULL)
1924 {
1925 local_free_session = sp->next;
1926
1927 /*
1928 * Do not terminate list traversal if one of the
1929 * destroy operations fails.
1930 */
1931 if (pk11_destroy_rsa_object_pub(sp, uselock) == 0)
1932 {
1933 ret = 0;
1934 continue;
1935 }
1936 if (pk11_destroy_rsa_object_priv(sp, uselock) == 0)
1937 {
1938 ret = 0;
1939 continue;
1940 }
1941 }
1942
1943 if (session == NULL)
1944 (void) pthread_mutex_unlock(session_cache[OP_RSA].lock);
1945
1946 return (ret);
1947 }
1948 #endif /* OPENSSL_NO_RSA */
1949
1950 #ifndef OPENSSL_NO_DSA
1951 /* Destroy DSA public key from single session. */
1952 int
1953 pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
1954 {
1955 int ret = 0;
1956
1957 if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE)
1958 {
1959 TRY_OBJ_DESTROY(sp->session, sp->opdata_dsa_pub_key,
1960 ret, uselock, OP_DSA);
1961 sp->opdata_dsa_pub_key = CK_INVALID_HANDLE;
1962 sp->opdata_dsa_pub = NULL;
1963 if (sp->opdata_dsa_pub_num != NULL)
1964 {
1965 BN_free(sp->opdata_dsa_pub_num);
1966 sp->opdata_dsa_pub_num = NULL;
1967 }
1968 }
1969
1970 return (ret);
1971 }
1972
1973 /* Destroy DSA private key from single session. */
1974 int
1975 pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock)
1976 {
1977 int ret = 0;
1978
1979 if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE)
1980 {
1981 TRY_OBJ_DESTROY(sp->session, sp->opdata_dsa_priv_key,
1982 ret, uselock, OP_DSA);
1983 sp->opdata_dsa_priv_key = CK_INVALID_HANDLE;
1984 sp->opdata_dsa_priv = NULL;
1985 if (sp->opdata_dsa_priv_num != NULL)
1986 {
1987 BN_free(sp->opdata_dsa_priv_num);
1988 sp->opdata_dsa_priv_num = NULL;
1989 }
1990 }
1991
1992 return (ret);
1993 }
1994
1995 /*
1996 * Destroy DSA key object wrapper. If session is NULL, try to destroy all
1997 * objects in the free list.
1998 */
1999 int
2000 pk11_destroy_dsa_key_objects(PK11_SESSION *session)
2001 {
2002 int ret = 1;
2003 PK11_SESSION *sp = NULL;
2004 PK11_SESSION *local_free_session;
2005 CK_BBOOL uselock = TRUE;
2006
2007 if (session != NULL)
2008 local_free_session = session;
2009 else
2010 {
2011 (void) pthread_mutex_lock(session_cache[OP_DSA].lock);
2012 local_free_session = session_cache[OP_DSA].head;
2013 uselock = FALSE;
2014 }
2015
2016 /*
2017 * go through the list of sessions and delete key objects
2018 */
2019 while ((sp = local_free_session) != NULL)
2020 {
2021 local_free_session = sp->next;
2022
2023 /*
2024 * Do not terminate list traversal if one of the
2025 * destroy operations fails.
2026 */
2027 if (pk11_destroy_dsa_object_pub(sp, uselock) == 0)
2028 {
2029 ret = 0;
2030 continue;
2031 }
2032 if (pk11_destroy_dsa_object_priv(sp, uselock) == 0)
2033 {
2034 ret = 0;
2035 continue;
2036 }
2037 }
2038
2039 if (session == NULL)
2040 (void) pthread_mutex_unlock(session_cache[OP_DSA].lock);
2041
2042 return (ret);
2043 }
2044 #endif /* OPENSSL_NO_DSA */
2045
2046 #ifndef OPENSSL_NO_DH
2047 /* Destroy DH key from single session. */
2048 int
2049 pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock)
2050 {
2051 int ret = 0;
2052
2053 if (sp->opdata_dh_key != CK_INVALID_HANDLE)
2054 {
2055 TRY_OBJ_DESTROY(sp->session, sp->opdata_dh_key,
2056 ret, uselock, OP_DH);
2057 sp->opdata_dh_key = CK_INVALID_HANDLE;
2058 sp->opdata_dh = NULL;
2059 if (sp->opdata_dh_priv_num != NULL)
2060 {
2061 BN_free(sp->opdata_dh_priv_num);
2062 sp->opdata_dh_priv_num = NULL;
2063 }
2064 }
2065
2066 return (ret);
2067 }
2068
2069 /*
2070 * Destroy DH key object wrapper.
2071 *
2072 * arg0: pointer to PKCS#11 engine session structure
2073 * if session is NULL, try to destroy all objects in the free list
2074 */
2075 int
2076 pk11_destroy_dh_key_objects(PK11_SESSION *session)
2077 {
2078 int ret = 1;
2079 PK11_SESSION *sp = NULL;
2080 PK11_SESSION *local_free_session;
2081 CK_BBOOL uselock = TRUE;
2082
2083 if (session != NULL)
2084 local_free_session = session;
2085 else
2086 {
2087 (void) pthread_mutex_lock(session_cache[OP_DH].lock);
2088 local_free_session = session_cache[OP_DH].head;
2089 uselock = FALSE;
2090 }
2091
2092 while ((sp = local_free_session) != NULL)
2093 {
2094 local_free_session = sp->next;
2095
2096 /*
2097 * Do not terminate list traversal if one of the
2098 * destroy operations fails.
2099 */
2100 if (pk11_destroy_dh_object(sp, uselock) == 0)
2101 {
2102 ret = 0;
2103 continue;
2104 }
2105 }
2106 if (session == NULL)
2107 (void) pthread_mutex_unlock(session_cache[OP_DH].lock);
2108
2109 return (ret);
2110 }
2111 #endif /* OPENSSL_NO_DH */
2112
2113 static int pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh)
2114 {
2115 CK_RV rv;
2116 rv = pFuncList->C_DestroyObject(session, oh);
2117 if (rv != CKR_OK)
2118 {
2119 PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT,
2120 rv);
2121 return (0);
2122 }
2123
2124 return (1);
2125 }
2126
2127
2128 /* Symmetric ciphers and digests support functions */
2129
2130 static int
2131 cipher_nid_to_pk11(int nid)
2132 {
2133 int i;
2134
2135 for (i = 0; i < PK11_CIPHER_MAX; i++)
2136 if (ciphers[i].nid == nid)
2137 return (ciphers[i].id);
2138 return (-1);
2139 }
2140
2141 static int
2142 pk11_usable_ciphers(const int **nids)
2143 {
2144 if (cipher_count > 0)
2145 *nids = cipher_nids;
2146 else
2147 *nids = NULL;
2148 return (cipher_count);
2149 }
2150
2151 static int
2152 pk11_usable_digests(const int **nids)
2153 {
2154 if (digest_count > 0)
2155 *nids = digest_nids;
2156 else
2157 *nids = NULL;
2158 return (digest_count);
2159 }
2160
2161 /*
2162 * Init context for encryption or decryption using a symmetric key.
2163 */
2164 static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher,
2165 PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
2166 {
2167 CK_RV rv;
2168 #ifdef SOLARIS_AES_CTR
2169 CK_AES_CTR_PARAMS ctr_params;
2170 #endif /* SOLARIS_AES_CTR */
2171
2172 /*
2173 * We expect pmech->mechanism to be already set and
2174 * pParameter/ulParameterLen initialized to NULL/0 before
2175 * pk11_init_symetric() is called.
2176 */
2177 OPENSSL_assert(pmech->mechanism != NULL);
2178 OPENSSL_assert(pmech->pParameter == NULL);
2179 OPENSSL_assert(pmech->ulParameterLen == 0);
2180
2181 #ifdef SOLARIS_AES_CTR
2182 if (ctx->cipher->nid == NID_aes_128_ctr ||
2183 ctx->cipher->nid == NID_aes_192_ctr ||
2184 ctx->cipher->nid == NID_aes_256_ctr)
2185 {
2186 pmech->pParameter = (void *)(&ctr_params);
2187 pmech->ulParameterLen = sizeof (ctr_params);
2188 /*
2189 * For now, we are limited to the fixed length of the counter,
2190 * it covers the whole counter block. That's what RFC 4344
2191 * needs. For more information on internal structure of the
2192 * counter block, see RFC 3686. If needed in the future, we can
2193 * add code so that the counter length can be set via
2194 * ENGINE_ctrl() function.
2195 */
2196 ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8;
2197 OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE);
2198 (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
2199 }
2200 else
2201 #endif /* SOLARIS_AES_CTR */
2202 {
2203 if (pcipher->iv_len > 0)
2204 {
2205 pmech->pParameter = (void *)ctx->iv;
2206 pmech->ulParameterLen = pcipher->iv_len;
2207 }
2208 }
2209
2210 /* if we get here, the encryption needs to be reinitialized */
2211 if (ctx->encrypt)
2212 rv = pFuncList->C_EncryptInit(sp->session, pmech,
2213 sp->opdata_cipher_key);
2214 else
2215 rv = pFuncList->C_DecryptInit(sp->session, pmech,
2216 sp->opdata_cipher_key);
2217
2218 if (rv != CKR_OK)
2219 {
2220 PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ?
2221 PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv);
2222 pk11_return_session(sp, OP_CIPHER);
2223 return (0);
2224 }
2225
2226 return (1);
2227 }
2228
2229 /* ARGSUSED */
2230 static int
2231 pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2232 const unsigned char *iv, int enc)
2233 {
2234 CK_MECHANISM mech;
2235 int index;
2236 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
2237 PK11_SESSION *sp;
2238 PK11_CIPHER *p_ciph_table_row;
2239
2240 state->sp = NULL;
2241
2242 index = cipher_nid_to_pk11(ctx->cipher->nid);
2243 if (index < 0 || index >= PK11_CIPHER_MAX)
2244 return (0);
2245
2246 p_ciph_table_row = &ciphers[index];
2247 /*
2248 * iv_len in the ctx->cipher structure is the maximum IV length for the
2249 * current cipher and it must be less or equal to the IV length in our
2250 * ciphers table. The key length must be in the allowed interval. From
2251 * all cipher modes that the PKCS#11 engine supports only RC4 allows a
2252 * key length to be in some range, all other NIDs have a precise key
2253 * length. Every application can define its own EVP functions so this
2254 * code serves as a sanity check.
2255 *
2256 * Note that the reason why the IV length in ctx->cipher might be
2257 * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs
2258 * macro to define functions that return EVP structures for all DES
2259 * modes. So, even ECB modes get 8 byte IV.
2260 */
2261 if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
2262 ctx->key_len < p_ciph_table_row->min_key_len ||
2263 ctx->key_len > p_ciph_table_row->max_key_len) {
2264 PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
2265 return (0);
2266 }
2267
2268 if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
2269 return (0);
2270
2271 /* if applicable, the mechanism parameter is used for IV */
2272 mech.mechanism = p_ciph_table_row->mech_type;
2273 mech.pParameter = NULL;
2274 mech.ulParameterLen = 0;
2275
2276 /* The key object is destroyed here if it is not the current key. */
2277 (void) check_new_cipher_key(sp, key, ctx->key_len);
2278
2279 /*
2280 * If the key is the same and the encryption is also the same, then
2281 * just reuse it. However, we must not forget to reinitialize the
2282 * context that was finalized in pk11_cipher_cleanup().
2283 */
2284 if (sp->opdata_cipher_key != CK_INVALID_HANDLE &&
2285 sp->opdata_encrypt == ctx->encrypt)
2286 {
2287 state->sp = sp;
2288 if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
2289 return (0);
2290
2291 return (1);
2292 }
2293
2294 /*
2295 * Check if the key has been invalidated. If so, a new key object
2296 * needs to be created.
2297 */
2298 if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
2299 {
2300 sp->opdata_cipher_key = pk11_get_cipher_key(
2301 ctx, key, p_ciph_table_row->key_type, sp);
2302 }
2303
2304 if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1)
2305 {
2306 /*
2307 * The previous encryption/decryption is different. Need to
2308 * terminate the previous * active encryption/decryption here.
2309 */
2310 if (!pk11_cipher_final(sp))
2311 {
2312 pk11_return_session(sp, OP_CIPHER);
2313 return (0);
2314 }
2315 }
2316
2317 if (sp->opdata_cipher_key == CK_INVALID_HANDLE)
2318 {
2319 pk11_return_session(sp, OP_CIPHER);
2320 return (0);
2321 }
2322
2323 /* now initialize the context with a new key */
2324 if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0)
2325 return (0);
2326
2327 sp->opdata_encrypt = ctx->encrypt;
2328 state->sp = sp;
2329
2330 return (1);
2331 }
2332
2333 /*
2334 * When reusing the same key in an encryption/decryption session for a
2335 * decryption/encryption session, we need to close the active session
2336 * and recreate a new one. Note that the key is in the global session so
2337 * that it needs not be recreated.
2338 *
2339 * It is more appropriate to use C_En/DecryptFinish here. At the time of this
2340 * development, these two functions in the PKCS#11 libraries used return
2341 * unexpected errors when passing in 0 length output. It may be a good
2342 * idea to try them again if performance is a problem here and fix
2343 * C_En/DecryptFinial if there are bugs there causing the problem.
2344 */
2345 static int
2346 pk11_cipher_final(PK11_SESSION *sp)
2347 {
2348 CK_RV rv;
2349
2350 rv = pFuncList->C_CloseSession(sp->session);
2351 if (rv != CKR_OK)
2352 {
2353 PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv);
2354 return (0);
2355 }
2356
2357 rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION,
2358 NULL_PTR, NULL_PTR, &sp->session);
2359 if (rv != CKR_OK)
2360 {
2361 PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv);
2362 return (0);
2363 }
2364
2365 return (1);
2366 }
2367
2368 /*
2369 * An engine interface function. The calling function allocates sufficient
2370 * memory for the output buffer "out" to hold the results.
2371 */
2372 static int
2373 pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2374 const unsigned char *in, size_t inl)
2375 {
2376 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data;
2377 PK11_SESSION *sp;
2378 CK_RV rv;
2379 unsigned long outl = inl;
2380
2381 if (state == NULL || state->sp == NULL)
2382 return (0);
2383
2384 sp = (PK11_SESSION *) state->sp;
2385
2386 if (!inl)
2387 return (1);
2388
2389 /* RC4 is the only stream cipher we support */
2390 if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0)
2391 return (0);
2392
2393 if (ctx->encrypt)
2394 {
2395 rv = pFuncList->C_EncryptUpdate(sp->session,
2396 (unsigned char *)in, inl, out, &outl);
2397
2398 if (rv != CKR_OK)
2399 {
2400 PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
2401 PK11_R_ENCRYPTUPDATE, rv);
2402 return (0);
2403 }
2404 }
2405 else
2406 {
2407 rv = pFuncList->C_DecryptUpdate(sp->session,
2408 (unsigned char *)in, inl, out, &outl);
2409
2410 if (rv != CKR_OK)
2411 {
2412 PK11err_add_data(PK11_F_CIPHER_DO_CIPHER,
2413 PK11_R_DECRYPTUPDATE, rv);
2414 return (0);
2415 }
2416 }
2417
2418 /*
2419 * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always
2420 * the same size of input.
2421 * The application has guaranteed to call the block ciphers with
2422 * correctly aligned buffers.
2423 */
2424 if (inl != outl)
2425 return (0);
2426
2427 return (1);
2428 }
2429
2430 /*
2431 * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
2432 * here is the right thing because in EVP_DecryptFinal_ex(), engine's
2433 * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but
2434 * the engine can't find out that it's the finalizing call. We wouldn't
2435 * necessarily have to finalize the context here since reinitializing it with
2436 * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness,
2437 * let's do it. Some implementations might leak memory if the previously used
2438 * context is initialized without finalizing it first.
2439 */
2440 static int
2441 pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx)
2442 {
2443 CK_RV rv;
2444 CK_ULONG len = EVP_MAX_BLOCK_LENGTH;
2445 CK_BYTE buf[EVP_MAX_BLOCK_LENGTH];
2446 PK11_CIPHER_STATE *state = ctx->cipher_data;
2447
2448 if (state != NULL && state->sp != NULL)
2449 {
2450 /*
2451 * We are not interested in the data here, we just need to get
2452 * rid of the context.
2453 */
2454 if (ctx->encrypt)
2455 rv = pFuncList->C_EncryptFinal(
2456 state->sp->session, buf, &len);
2457 else
2458 rv = pFuncList->C_DecryptFinal(
2459 state->sp->session, buf, &len);
2460
2461 if (rv != CKR_OK)
2462 {
2463 PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ?
2464 PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv);
2465 pk11_return_session(state->sp, OP_CIPHER);
2466 return (0);
2467 }
2468
2469 pk11_return_session(state->sp, OP_CIPHER);
2470 state->sp = NULL;
2471 }
2472
2473 return (1);
2474 }
2475
2476 /*
2477 * Registered by the ENGINE when used to find out how to deal with
2478 * a particular NID in the ENGINE. This says what we'll do at the
2479 * top level - note, that list is restricted by what we answer with
2480 */
2481 /* ARGSUSED */
2482 static int
2483 pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
2484 const int **nids, int nid)
2485 {
2486 if (!cipher)
2487 return (pk11_usable_ciphers(nids));
2488
2489 switch (nid)
2490 {
2491 case NID_des_ede3_cbc:
2492 *cipher = &pk11_3des_cbc;
2493 break;
2494 case NID_des_cbc:
2495 *cipher = &pk11_des_cbc;
2496 break;
2497 case NID_des_ede3_ecb:
2498 *cipher = &pk11_3des_ecb;
2499 break;
2500 case NID_des_ecb:
2501 *cipher = &pk11_des_ecb;
2502 break;
2503 case NID_aes_128_cbc:
2504 *cipher = &pk11_aes_128_cbc;
2505 break;
2506 case NID_aes_192_cbc:
2507 *cipher = &pk11_aes_192_cbc;
2508 break;
2509 case NID_aes_256_cbc:
2510 *cipher = &pk11_aes_256_cbc;
2511 break;
2512 case NID_aes_128_ecb:
2513 *cipher = &pk11_aes_128_ecb;
2514 break;
2515 case NID_aes_192_ecb:
2516 *cipher = &pk11_aes_192_ecb;
2517 break;
2518 case NID_aes_256_ecb:
2519 *cipher = &pk11_aes_256_ecb;
2520 break;
2521 case NID_bf_cbc:
2522 *cipher = &pk11_bf_cbc;
2523 break;
2524 case NID_rc4:
2525 *cipher = &pk11_rc4;
2526 break;
2527 default:
2528 #ifdef SOLARIS_AES_CTR
2529 /*
2530 * These can't be in separated cases because the NIDs
2531 * here are not constants.
2532 */
2533 if (nid == NID_aes_128_ctr)
2534 *cipher = &pk11_aes_128_ctr;
2535 else if (nid == NID_aes_192_ctr)
2536 *cipher = &pk11_aes_192_ctr;
2537 else if (nid == NID_aes_256_ctr)
2538 *cipher = &pk11_aes_256_ctr;
2539 else
2540 #endif /* SOLARIS_AES_CTR */
2541 *cipher = NULL;
2542 break;
2543 }
2544 return (*cipher != NULL);
2545 }
2546
2547 /* ARGSUSED */
2548 static int
2549 pk11_engine_digests(ENGINE *e, const EVP_MD **digest,
2550 const int **nids, int nid)
2551 {
2552 if (!digest)
2553 return (pk11_usable_digests(nids));
2554
2555 switch (nid)
2556 {
2557 case NID_md5:
2558 *digest = &pk11_md5;
2559 break;
2560 case NID_sha1:
2561 *digest = &pk11_sha1;
2562 break;
2563 case NID_sha224:
2564 *digest = &pk11_sha224;
2565 break;
2566 case NID_sha256:
2567 *digest = &pk11_sha256;
2568 break;
2569 case NID_sha384:
2570 *digest = &pk11_sha384;
2571 break;
2572 case NID_sha512:
2573 *digest = &pk11_sha512;
2574 break;
2575 default:
2576 *digest = NULL;
2577 break;
2578 }
2579 return (*digest != NULL);
2580 }
2581
2582
2583 /* Create a secret key object in a PKCS#11 session */
2584 static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx,
2585 const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
2586 {
2587 CK_RV rv;
2588 CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
2589 CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY;
2590 CK_ULONG ul_key_attr_count = 6;
2591
2592 CK_ATTRIBUTE a_key_template[] =
2593 {
2594 {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
2595 {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
2596 {CKA_TOKEN, &false, sizeof (false)},
2597 {CKA_ENCRYPT, &true, sizeof (true)},
2598 {CKA_DECRYPT, &true, sizeof (true)},
2599 {CKA_VALUE, (void*) NULL, 0},
2600 };
2601
2602 /*
2603 * Create secret key object in global_session. All other sessions
2604 * can use the key handles. Here is why:
2605 * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
2606 * It may then call DecryptInit and DecryptUpdate using the same key.
2607 * To use the same key object, we need to call EncryptFinal with
2608 * a 0 length message. Currently, this does not work for 3DES
2609 * mechanism. To get around this problem, we close the session and
2610 * then create a new session to use the same key object. When a session
2611 * is closed, all the object handles will be invalid. Thus, create key
2612 * objects in a global session, an individual session may be closed to
2613 * terminate the active operation.
2614 */
2615 CK_SESSION_HANDLE session = global_session;
2616 a_key_template[0].pValue = &obj_key;
2617 a_key_template[1].pValue = &key_type;
2618 a_key_template[5].pValue = (void *) key;
2619 a_key_template[5].ulValueLen = (unsigned long) ctx->key_len;
2620
2621 rv = pFuncList->C_CreateObject(session,
2622 a_key_template, ul_key_attr_count, &h_key);
2623 if (rv != CKR_OK)
2624 {
2625 PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT,
2626 rv);
2627 goto err;
2628 }
2629
2630 /*
2631 * Save the key information used in this session.
2632 * The max can be saved is PK11_KEY_LEN_MAX.
2633 */
2634 sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ?
2635 PK11_KEY_LEN_MAX : ctx->key_len;
2636 (void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
2637 err:
2638
2639 return (h_key);
2640 }
2641
2642 static int
2643 md_nid_to_pk11(int nid)
2644 {
2645 int i;
2646
2647 for (i = 0; i < PK11_DIGEST_MAX; i++)
2648 if (digests[i].nid == nid)
2649 return (digests[i].id);
2650 return (-1);
2651 }
2652
2653 static int
2654 pk11_digest_init(EVP_MD_CTX *ctx)
2655 {
2656 CK_RV rv;
2657 CK_MECHANISM mech;
2658 int index;
2659 PK11_SESSION *sp;
2660 PK11_DIGEST *pdp;
2661 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
2662
2663 state->sp = NULL;
2664
2665 index = md_nid_to_pk11(ctx->digest->type);
2666 if (index < 0 || index >= PK11_DIGEST_MAX)
2667 return (0);
2668
2669 pdp = &digests[index];
2670 if ((sp = pk11_get_session(OP_DIGEST)) == NULL)
2671 return (0);
2672
2673 /* at present, no parameter is needed for supported digests */
2674 mech.mechanism = pdp->mech_type;
2675 mech.pParameter = NULL;
2676 mech.ulParameterLen = 0;
2677
2678 rv = pFuncList->C_DigestInit(sp->session, &mech);
2679
2680 if (rv != CKR_OK)
2681 {
2682 PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv);
2683 pk11_return_session(sp, OP_DIGEST);
2684 return (0);
2685 }
2686
2687 state->sp = sp;
2688
2689 return (1);
2690 }
2691
2692 static int
2693 pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
2694 {
2695 CK_RV rv;
2696 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
2697
2698 /* 0 length message will cause a failure in C_DigestFinal */
2699 if (count == 0)
2700 return (1);
2701
2702 if (state == NULL || state->sp == NULL)
2703 return (0);
2704
2705 rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data,
2706 count);
2707
2708 if (rv != CKR_OK)
2709 {
2710 PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv);
2711 pk11_return_session(state->sp, OP_DIGEST);
2712 state->sp = NULL;
2713 return (0);
2714 }
2715
2716 return (1);
2717 }
2718
2719 static int
2720 pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
2721 {
2722 CK_RV rv;
2723 unsigned long len;
2724 PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data;
2725 len = ctx->digest->md_size;
2726
2727 if (state == NULL || state->sp == NULL)
2728 return (0);
2729
2730 rv = pFuncList->C_DigestFinal(state->sp->session, md, &len);
2731
2732 if (rv != CKR_OK)
2733 {
2734 PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv);
2735 pk11_return_session(state->sp, OP_DIGEST);
2736 state->sp = NULL;
2737 return (0);
2738 }
2739
2740 if (ctx->digest->md_size != len)
2741 return (0);
2742
2743 /*
2744 * Final is called and digest is returned, so return the session
2745 * to the pool
2746 */
2747 pk11_return_session(state->sp, OP_DIGEST);
2748 state->sp = NULL;
2749
2750 return (1);
2751 }
2752
2753 static int
2754 pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
2755 {
2756 CK_RV rv;
2757 int ret = 0;
2758 PK11_CIPHER_STATE *state, *state_to;
2759 CK_BYTE_PTR pstate = NULL;
2760 CK_ULONG ul_state_len;
2761
2762 /* The copy-from state */
2763 state = (PK11_CIPHER_STATE *) from->md_data;
2764 if (state == NULL || state->sp == NULL)
2765 goto err;
2766
2767 /* Initialize the copy-to state */
2768 if (!pk11_digest_init(to))
2769 goto err;
2770 state_to = (PK11_CIPHER_STATE *) to->md_data;
2771
2772 /* Get the size of the operation state of the copy-from session */
2773 rv = pFuncList->C_GetOperationState(state->sp->session, NULL,
2774 &ul_state_len);
2775
2776 if (rv != CKR_OK)
2777 {
2778 PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
2779 rv);
2780 goto err;
2781 }
2782 if (ul_state_len == 0)
2783 {
2784 goto err;
2785 }
2786
2787 pstate = OPENSSL_malloc(ul_state_len);
2788 if (pstate == NULL)
2789 {
2790 PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE);
2791 goto err;
2792 }
2793
2794 /* Get the operation state of the copy-from session */
2795 rv = pFuncList->C_GetOperationState(state->sp->session, pstate,
2796 &ul_state_len);
2797
2798 if (rv != CKR_OK)
2799 {
2800 PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE,
2801 rv);
2802 goto err;
2803 }
2804
2805 /* Set the operation state of the copy-to session */
2806 rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate,
2807 ul_state_len, 0, 0);
2808
2809 if (rv != CKR_OK)
2810 {
2811 PK11err_add_data(PK11_F_DIGEST_COPY,
2812 PK11_R_SET_OPERATION_STATE, rv);
2813 goto err;
2814 }
2815
2816 ret = 1;
2817 err:
2818 if (pstate != NULL)
2819 OPENSSL_free(pstate);
2820
2821 return (ret);
2822 }
2823
2824 /* Return any pending session state to the pool */
2825 static int
2826 pk11_digest_cleanup(EVP_MD_CTX *ctx)
2827 {
2828 PK11_CIPHER_STATE *state = ctx->md_data;
2829 unsigned char buf[EVP_MAX_MD_SIZE];
2830
2831 if (state != NULL && state->sp != NULL)
2832 {
2833 /*
2834 * If state->sp is not NULL then pk11_digest_final() has not
2835 * been called yet. We must call it now to free any memory
2836 * that might have been allocated in the token when
2837 * pk11_digest_init() was called. pk11_digest_final()
2838 * will return the session to the cache.
2839 */
2840 if (!pk11_digest_final(ctx, buf))
2841 return (0);
2842 }
2843
2844 return (1);
2845 }
2846
2847 /*
2848 * Check if the new key is the same as the key object in the session. If the key
2849 * is the same, no need to create a new key object. Otherwise, the old key
2850 * object needs to be destroyed and a new one will be created. Return 1 for
2851 * cache hit, 0 for cache miss. Note that we must check the key length first
2852 * otherwise we could end up reusing a different, longer key with the same
2853 * prefix.
2854 */
2855 static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
2856 int key_len)
2857 {
2858 if (sp->opdata_key_len != key_len ||
2859 memcmp(sp->opdata_key, key, key_len) != 0)
2860 {
2861 (void) pk11_destroy_cipher_key_objects(sp);
2862 return (0);
2863 }
2864 return (1);
2865 }
2866
2867 /* Destroy one or more secret key objects. */
2868 static int pk11_destroy_cipher_key_objects(PK11_SESSION *session)
2869 {
2870 int ret = 0;
2871 PK11_SESSION *sp = NULL;
2872 PK11_SESSION *local_free_session;
2873
2874 if (session != NULL)
2875 local_free_session = session;
2876 else
2877 {
2878 (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock);
2879 local_free_session = session_cache[OP_CIPHER].head;
2880 }
2881
2882 while ((sp = local_free_session) != NULL)
2883 {
2884 local_free_session = sp->next;
2885
2886 if (sp->opdata_cipher_key != CK_INVALID_HANDLE)
2887 {
2888 /*
2889 * The secret key object is created in the
2890 * global_session. See pk11_get_cipher_key
2891 */
2892 if (pk11_destroy_object(global_session,
2893 sp->opdata_cipher_key) == 0)
2894 goto err;
2895 sp->opdata_cipher_key = CK_INVALID_HANDLE;
2896 }
2897 }
2898 ret = 1;
2899 err:
2900
2901 if (session == NULL)
2902 (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock);
2903
2904 return (ret);
2905 }
2906
2907
2908 /*
2909 * Public key mechanisms optionally supported
2910 *
2911 * CKM_RSA_X_509
2912 * CKM_RSA_PKCS
2913 * CKM_DSA
2914 *
2915 * The first slot that supports at least one of those mechanisms is chosen as a
2916 * public key slot.
2917 *
2918 * Symmetric ciphers optionally supported
2919 *
2920 * CKM_DES3_CBC
2921 * CKM_DES_CBC
2922 * CKM_AES_CBC
2923 * CKM_DES3_ECB
2924 * CKM_DES_ECB
2925 * CKM_AES_ECB
2926 * CKM_AES_CTR
2927 * CKM_RC4
2928 * CKM_BLOWFISH_CBC
2929 *
2930 * Digests optionally supported
2931 *
2932 * CKM_MD5
2933 * CKM_SHA_1
2934 * CKM_SHA224
2935 * CKM_SHA256
2936 * CKM_SHA384
2937 * CKM_SHA512
2938 *
2939 * The output of this function is a set of global variables indicating which
2940 * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of
2941 * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global
2942 * variables carry information about which slot was chosen for (a) public key
2943 * mechanisms, (b) random operations, and (c) symmetric ciphers and digests.
2944 */
2945 static int
2946 pk11_choose_slots(int *any_slot_found)
2947 {
2948 CK_SLOT_ID_PTR pSlotList = NULL_PTR;
2949 CK_ULONG ulSlotCount = 0;
2950 CK_MECHANISM_INFO mech_info;
2951 CK_TOKEN_INFO token_info;
2952 int i;
2953 CK_RV rv;
2954 CK_SLOT_ID best_slot_sofar = 0;
2955 CK_BBOOL found_candidate_slot = CK_FALSE;
2956 int slot_n_cipher = 0;
2957 int slot_n_digest = 0;
2958 CK_SLOT_ID current_slot = 0;
2959 int current_slot_n_cipher = 0;
2960 int current_slot_n_digest = 0;
2961
2962 int local_cipher_nids[PK11_CIPHER_MAX];
2963 int local_digest_nids[PK11_DIGEST_MAX];
2964
2965 /* let's initialize the output parameter */
2966 if (any_slot_found != NULL)
2967 *any_slot_found = 0;
2968
2969 /* Get slot list for memory allocation */
2970 rv = pFuncList->C_GetSlotList(0, NULL_PTR, &ulSlotCount);
2971
2972 if (rv != CKR_OK)
2973 {
2974 PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
2975 return (0);
2976 }
2977
2978 /* it's not an error if we didn't find any providers */
2979 if (ulSlotCount == 0)
2980 {
2981 #ifdef DEBUG_SLOT_SELECTION
2982 fprintf(stderr, "%s: no crypto providers found\n", PK11_DBG);
2983 #endif /* DEBUG_SLOT_SELECTION */
2984 return (1);
2985 }
2986
2987 pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
2988
2989 if (pSlotList == NULL)
2990 {
2991 PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE);
2992 return (0);
2993 }
2994
2995 /* Get the slot list for processing */
2996 rv = pFuncList->C_GetSlotList(0, pSlotList, &ulSlotCount);
2997 if (rv != CKR_OK)
2998 {
2999 PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv);
3000 OPENSSL_free(pSlotList);
3001 return (0);
3002 }
3003
3004 #ifdef DEBUG_SLOT_SELECTION
3005 fprintf(stderr, "%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME);
3006 fprintf(stderr, "%s: number of slots: %d\n", PK11_DBG, ulSlotCount);
3007
3008 fprintf(stderr, "%s: == checking rand slots ==\n", PK11_DBG);
3009 #endif /* DEBUG_SLOT_SELECTION */
3010 for (i = 0; i < ulSlotCount; i++)
3011 {
3012 current_slot = pSlotList[i];
3013
3014 #ifdef DEBUG_SLOT_SELECTION
3015 fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
3016 #endif /* DEBUG_SLOT_SELECTION */
3017 /* Check if slot has random support. */
3018 rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
3019 if (rv != CKR_OK)
3020 continue;
3021
3022 #ifdef DEBUG_SLOT_SELECTION
3023 fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
3024 #endif /* DEBUG_SLOT_SELECTION */
3025
3026 if (token_info.flags & CKF_RNG)
3027 {
3028 #ifdef DEBUG_SLOT_SELECTION
3029 fprintf(stderr, "%s: this token has CKF_RNG flag\n", PK11_DBG);
3030 #endif /* DEBUG_SLOT_SELECTION */
3031 pk11_have_random = CK_TRUE;
3032 rand_SLOTID = current_slot;
3033 break;
3034 }
3035 }
3036
3037 #ifdef DEBUG_SLOT_SELECTION
3038 fprintf(stderr, "%s: == checking pubkey slots ==\n", PK11_DBG);
3039 #endif /* DEBUG_SLOT_SELECTION */
3040
3041 pubkey_SLOTID = pSlotList[0];
3042 for (i = 0; i < ulSlotCount; i++)
3043 {
3044 CK_BBOOL slot_has_rsa = CK_FALSE;
3045 CK_BBOOL slot_has_dsa = CK_FALSE;
3046 CK_BBOOL slot_has_dh = CK_FALSE;
3047 current_slot = pSlotList[i];
3048
3049 #ifdef DEBUG_SLOT_SELECTION
3050 fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
3051 #endif /* DEBUG_SLOT_SELECTION */
3052 rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
3053 if (rv != CKR_OK)
3054 continue;
3055
3056 #ifdef DEBUG_SLOT_SELECTION
3057 fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
3058 #endif /* DEBUG_SLOT_SELECTION */
3059
3060 #ifndef OPENSSL_NO_RSA
3061 /*
3062 * Check if this slot is capable of signing and
3063 * verifying with CKM_RSA_PKCS.
3064 */
3065 rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS,
3066 &mech_info);
3067
3068 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
3069 (mech_info.flags & CKF_VERIFY)))
3070 {
3071 /*
3072 * Check if this slot is capable of encryption,
3073 * decryption, sign, and verify with CKM_RSA_X_509.
3074 */
3075 rv = pFuncList->C_GetMechanismInfo(current_slot,
3076 CKM_RSA_X_509, &mech_info);
3077
3078 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
3079 (mech_info.flags & CKF_VERIFY) &&
3080 (mech_info.flags & CKF_ENCRYPT) &&
3081 (mech_info.flags & CKF_VERIFY_RECOVER) &&
3082 (mech_info.flags & CKF_DECRYPT)))
3083 {
3084 slot_has_rsa = CK_TRUE;
3085 }
3086 }
3087 #endif /* OPENSSL_NO_RSA */
3088
3089 #ifndef OPENSSL_NO_DSA
3090 /*
3091 * Check if this slot is capable of signing and
3092 * verifying with CKM_DSA.
3093 */
3094 rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA,
3095 &mech_info);
3096 if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) &&
3097 (mech_info.flags & CKF_VERIFY)))
3098 {
3099 slot_has_dsa = CK_TRUE;
3100 }
3101
3102 #endif /* OPENSSL_NO_DSA */
3103
3104 #ifndef OPENSSL_NO_DH
3105 /*
3106 * Check if this slot is capable of DH key generataion and
3107 * derivation.
3108 */
3109 rv = pFuncList->C_GetMechanismInfo(current_slot,
3110 CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info);
3111
3112 if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR))
3113 {
3114 rv = pFuncList->C_GetMechanismInfo(current_slot,
3115 CKM_DH_PKCS_DERIVE, &mech_info);
3116 if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE))
3117 {
3118 slot_has_dh = CK_TRUE;
3119 }
3120 }
3121 #endif /* OPENSSL_NO_DH */
3122
3123 if (!found_candidate_slot &&
3124 (slot_has_rsa || slot_has_dsa || slot_has_dh))
3125 {
3126 #ifdef DEBUG_SLOT_SELECTION
3127 fprintf(stderr,
3128 "%s: potential slot: %d\n", PK11_DBG, current_slot);
3129 #endif /* DEBUG_SLOT_SELECTION */
3130 best_slot_sofar = current_slot;
3131 pk11_have_rsa = slot_has_rsa;
3132 pk11_have_dsa = slot_has_dsa;
3133 pk11_have_dh = slot_has_dh;
3134 found_candidate_slot = CK_TRUE;
3135 #ifdef DEBUG_SLOT_SELECTION
3136 fprintf(stderr,
3137 "%s: setting found_candidate_slot to CK_TRUE\n",
3138 PK11_DBG);
3139 fprintf(stderr,
3140 "%s: best so far slot: %d\n", PK11_DBG,
3141 best_slot_sofar);
3142 }
3143 else
3144 {
3145 fprintf(stderr,
3146 "%s: no rsa/dsa/dh\n", PK11_DBG);
3147 }
3148 #else
3149 } /* if */
3150 #endif /* DEBUG_SLOT_SELECTION */
3151 } /* for */
3152
3153 if (found_candidate_slot)
3154 {
3155 pubkey_SLOTID = best_slot_sofar;
3156 }
3157
3158 found_candidate_slot = CK_FALSE;
3159 best_slot_sofar = 0;
3160
3161 #ifdef DEBUG_SLOT_SELECTION
3162 fprintf(stderr, "%s: == checking cipher/digest ==\n", PK11_DBG);
3163 #endif /* DEBUG_SLOT_SELECTION */
3164
3165 SLOTID = pSlotList[0];
3166 for (i = 0; i < ulSlotCount; i++)
3167 {
3168 #ifdef DEBUG_SLOT_SELECTION
3169 fprintf(stderr, "%s: checking slot: %d\n", PK11_DBG, i);
3170 #endif /* DEBUG_SLOT_SELECTION */
3171
3172 current_slot = pSlotList[i];
3173 current_slot_n_cipher = 0;
3174 current_slot_n_digest = 0;
3175 (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
3176 (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
3177
3178 pk11_find_symmetric_ciphers(pFuncList, current_slot,
3179 ¤t_slot_n_cipher, local_cipher_nids);
3180
3181 pk11_find_digests(pFuncList, current_slot,
3182 ¤t_slot_n_digest, local_digest_nids);
3183
3184 #ifdef DEBUG_SLOT_SELECTION
3185 fprintf(stderr, "%s: current_slot_n_cipher %d\n", PK11_DBG,
3186 current_slot_n_cipher);
3187 fprintf(stderr, "%s: current_slot_n_digest %d\n", PK11_DBG,
3188 current_slot_n_digest);
3189 fprintf(stderr, "%s: best so far cipher/digest slot: %d\n",
3190 PK11_DBG, best_slot_sofar);
3191 #endif /* DEBUG_SLOT_SELECTION */
3192
3193 /*
3194 * If the current slot supports more ciphers/digests than
3195 * the previous best one we change the current best to this one,
3196 * otherwise leave it where it is.
3197 */
3198 if ((current_slot_n_cipher + current_slot_n_digest) >
3199 (slot_n_cipher + slot_n_digest))
3200 {
3201 #ifdef DEBUG_SLOT_SELECTION
3202 fprintf(stderr,
3203 "%s: changing best so far slot to %d\n",
3204 PK11_DBG, current_slot);
3205 #endif /* DEBUG_SLOT_SELECTION */
3206 best_slot_sofar = SLOTID = current_slot;
3207 cipher_count = slot_n_cipher = current_slot_n_cipher;
3208 digest_count = slot_n_digest = current_slot_n_digest;
3209 (void) memcpy(cipher_nids, local_cipher_nids,
3210 sizeof (local_cipher_nids));
3211 (void) memcpy(digest_nids, local_digest_nids,
3212 sizeof (local_digest_nids));
3213 }
3214 }
3215
3216 #ifdef DEBUG_SLOT_SELECTION
3217 fprintf(stderr,
3218 "%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID);
3219 fprintf(stderr,
3220 "%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID);
3221 fprintf(stderr,
3222 "%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID);
3223 fprintf(stderr,
3224 "%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa);
3225 fprintf(stderr,
3226 "%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa);
3227 fprintf(stderr,
3228 "%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh);
3229 fprintf(stderr,
3230 "%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random);
3231 fprintf(stderr,
3232 "%s: cipher_count %d\n", PK11_DBG, cipher_count);
3233 fprintf(stderr,
3234 "%s: digest_count %d\n", PK11_DBG, digest_count);
3235 #endif /* DEBUG_SLOT_SELECTION */
3236
3237 if (pSlotList != NULL)
3238 OPENSSL_free(pSlotList);
3239
3240 #ifdef SOLARIS_HW_SLOT_SELECTION
3241 OPENSSL_free(hw_cnids);
3242 OPENSSL_free(hw_dnids);
3243 #endif /* SOLARIS_HW_SLOT_SELECTION */
3244
3245 if (any_slot_found != NULL)
3246 *any_slot_found = 1;
3247 return (1);
3248 }
3249
3250 static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist,
3251 int slot_id, CK_MECHANISM_TYPE mech, int *current_slot_n_cipher,
3252 int *local_cipher_nids, int id)
3253 {
3254 CK_MECHANISM_INFO mech_info;
3255 CK_RV rv;
3256
3257 #ifdef DEBUG_SLOT_SELECTION
3258 fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
3259 #endif /* DEBUG_SLOT_SELECTION */
3260 rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
3261
3262 if (rv != CKR_OK)
3263 {
3264 #ifdef DEBUG_SLOT_SELECTION
3265 fprintf(stderr, " not found\n");
3266 #endif /* DEBUG_SLOT_SELECTION */
3267 return;
3268 }
3269
3270 if ((mech_info.flags & CKF_ENCRYPT) &&
3271 (mech_info.flags & CKF_DECRYPT))
3272 {
3273 #ifdef SOLARIS_HW_SLOT_SELECTION
3274 if (nid_in_table(ciphers[id].nid, hw_cnids))
3275 #endif /* SOLARIS_HW_SLOT_SELECTION */
3276 {
3277 #ifdef DEBUG_SLOT_SELECTION
3278 fprintf(stderr, " usable\n");
3279 #endif /* DEBUG_SLOT_SELECTION */
3280 local_cipher_nids[(*current_slot_n_cipher)++] =
3281 ciphers[id].nid;
3282 }
3283 #ifdef SOLARIS_HW_SLOT_SELECTION
3284 #ifdef DEBUG_SLOT_SELECTION
3285 else
3286 {
3287 fprintf(stderr, " rejected, software implementation only\n");
3288 }
3289 #endif /* DEBUG_SLOT_SELECTION */
3290 #endif /* SOLARIS_HW_SLOT_SELECTION */
3291 }
3292 #ifdef DEBUG_SLOT_SELECTION
3293 else
3294 {
3295 fprintf(stderr, " unusable\n");
3296 }
3297 #endif /* DEBUG_SLOT_SELECTION */
3298
3299 return;
3300 }
3301
3302 static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id,
3303 CK_MECHANISM_TYPE mech, int *current_slot_n_digest, int *local_digest_nids,
3304 int id)
3305 {
3306 CK_MECHANISM_INFO mech_info;
3307 CK_RV rv;
3308
3309 #ifdef DEBUG_SLOT_SELECTION
3310 fprintf(stderr, "%s: checking mech: %x", PK11_DBG, mech);
3311 #endif /* DEBUG_SLOT_SELECTION */
3312 rv = pflist->C_GetMechanismInfo(slot_id, mech, &mech_info);
3313
3314 if (rv != CKR_OK)
3315 {
3316 #ifdef DEBUG_SLOT_SELECTION
3317 fprintf(stderr, " not found\n");
3318 #endif /* DEBUG_SLOT_SELECTION */
3319 return;
3320 }
3321
3322 if (mech_info.flags & CKF_DIGEST)
3323 {
3324 #ifdef SOLARIS_HW_SLOT_SELECTION
3325 if (nid_in_table(digests[id].nid, hw_dnids))
3326 #endif /* SOLARIS_HW_SLOT_SELECTION */
3327 {
3328 #ifdef DEBUG_SLOT_SELECTION
3329 fprintf(stderr, " usable\n");
3330 #endif /* DEBUG_SLOT_SELECTION */
3331 local_digest_nids[(*current_slot_n_digest)++] =
3332 digests[id].nid;
3333 }
3334 #ifdef SOLARIS_HW_SLOT_SELECTION
3335 #ifdef DEBUG_SLOT_SELECTION
3336 else
3337 {
3338 fprintf(stderr, " rejected, software implementation only\n");
3339 }
3340 #endif /* DEBUG_SLOT_SELECTION */
3341 #endif /* SOLARIS_HW_SLOT_SELECTION */
3342 }
3343 #ifdef DEBUG_SLOT_SELECTION
3344 else
3345 {
3346 fprintf(stderr, " unusable\n");
3347 }
3348 #endif /* DEBUG_SLOT_SELECTION */
3349
3350 return;
3351 }
3352
3353 #ifdef SOLARIS_AES_CTR
3354 /*
3355 * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
3356 * have to help ourselves here.
3357 */
3358 static int pk11_add_aes_ctr_NIDs(void)
3359 {
3360 /* are we already set? */
3361 if (NID_aes_256_ctr != NID_undef)
3362 return (1);
3363
3364 /*
3365 * There are no official names for AES counter modes yet so we just
3366 * follow the format of those that exist.
3367 */
3368 ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
3369 ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
3370 ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
3371 return (1);
3372
3373 }
3374 #endif /* SOLARIS_AES_CTR */
3375
3376 /* Find what symmetric ciphers this slot supports. */
3377 static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
3378 CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
3379 {
3380 int i;
3381
3382 for (i = 0; i < PK11_CIPHER_MAX; ++i)
3383 {
3384 pk11_get_symmetric_cipher(pflist, current_slot,
3385 ciphers[i].mech_type, current_slot_n_cipher,
3386 local_cipher_nids, ciphers[i].id);
3387 }
3388 }
3389
3390 /* Find what digest algorithms this slot supports. */
3391 static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist,
3392 CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids)
3393 {
3394 int i;
3395
3396 for (i = 0; i < PK11_DIGEST_MAX; ++i)
3397 {
3398 pk11_get_digest(pflist, current_slot, digests[i].mech_type,
3399 current_slot_n_digest, local_digest_nids, digests[i].id);
3400 }
3401 }
3402
3403 #ifdef SOLARIS_HW_SLOT_SELECTION
3404 /*
3405 * It would be great if we could use pkcs11_kernel directly since this library
3406 * offers hardware slots only. That's the easiest way to achieve the situation
3407 * where we use the hardware accelerators when present and OpenSSL native code
3408 * otherwise. That presumes the fact that OpenSSL native code is faster than the
3409 * code in the soft token. It's a logical assumption - Crypto Framework has some
3410 * inherent overhead so going there for the software implementation of a
3411 * mechanism should be logically slower in contrast to the OpenSSL native code,
3412 * presuming that both implementations are of similar speed. For example, the
3413 * soft token for AES is roughly three times slower than OpenSSL for 64 byte
3414 * blocks and still 20% slower for 8KB blocks. So, if we want to ship products
3415 * that use the PKCS#11 engine by default, we must somehow avoid that regression
3416 * on machines without hardware acceleration. That's why switching to the
3417 * pkcs11_kernel library seems like a very good idea.
3418 *
3419 * The problem is that OpenSSL built with SunStudio is roughly 2x slower for
3420 * asymmetric operations (RSA/DSA/DH) than the soft token built with the same
3421 * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11
3422 * library, we would have had a performance regression on machines without
3423 * hardware acceleration for asymmetric operations for all applications that use
3424 * the PKCS#11 engine. There is one such application - Apache web server since
3425 * it's shipped configured to use the PKCS#11 engine by default. Having said
3426 * that, we can't switch to the pkcs11_kernel library now and have to come with
3427 * a solution that, on non-accelerated machines, uses the OpenSSL native code
3428 * for all symmetric ciphers and digests while it uses the soft token for
3429 * asymmetric operations.
3430 *
3431 * This is the idea: dlopen() pkcs11_kernel directly and find out what
3432 * mechanisms are there. We don't care about duplications (more slots can
3433 * support the same mechanism), we just want to know what mechanisms can be
3434 * possibly supported in hardware on that particular machine. As said before,
3435 * pkcs11_kernel will show you hardware providers only.
3436 *
3437 * Then, we rely on the fact that since we use libpkcs11 library we will find
3438 * the metaslot. When we go through the metaslot's mechanisms for symmetric
3439 * ciphers and digests, we check that any found mechanism is in the table
3440 * created using the pkcs11_kernel library. So, as a result we have two arrays
3441 * of mechanisms that were advertised as supported in hardware which was the
3442 * goal of that whole excercise. Thus, we can use libpkcs11 but avoid soft token
3443 * code for symmetric ciphers and digests. See pk11_choose_slots() for more
3444 * information.
3445 *
3446 * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined
3447 * the code won't be used.
3448 */
3449 #if defined(__sparcv9) || defined(__x86_64) || defined(__amd64)
3450 static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1";
3451 #else
3452 static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1";
3453 #endif
3454
3455 /*
3456 * Check hardware capabilities of the machines. The output are two lists,
3457 * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware
3458 * providers together. They are not sorted and may contain duplicate mechanisms.
3459 */
3460 static int check_hw_mechanisms(void)
3461 {
3462 int i;
3463 CK_RV rv;
3464 void *handle;
3465 CK_C_GetFunctionList p;
3466 CK_TOKEN_INFO token_info;
3467 CK_ULONG ulSlotCount = 0;
3468 int n_cipher = 0, n_digest = 0;
3469 CK_FUNCTION_LIST_PTR pflist = NULL;
3470 CK_SLOT_ID_PTR pSlotList = NULL_PTR;
3471 int *tmp_hw_cnids=NULL, *tmp_hw_dnids=NULL;
3472 int hw_ctable_size, hw_dtable_size;
3473
3474 #ifdef DEBUG_SLOT_SELECTION
3475 fprintf(stderr, "%s: SOLARIS_HW_SLOT_SELECTION code running\n",
3476 PK11_DBG);
3477 #endif
3478 if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY)) == NULL)
3479 {
3480 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
3481 goto err;
3482 }
3483
3484 if ((p = (CK_C_GetFunctionList)dlsym(handle,
3485 PK11_GET_FUNCTION_LIST)) == NULL)
3486 {
3487 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
3488 goto err;
3489 }
3490
3491 /* get the full function list from the loaded library */
3492 if (p(&pflist) != CKR_OK)
3493 {
3494 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE);
3495 goto err;
3496 }
3497
3498 rv = pflist->C_Initialize(NULL_PTR);
3499 if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED))
3500 {
3501 PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS,
3502 PK11_R_INITIALIZE, rv);
3503 goto err;
3504 }
3505
3506 if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK)
3507 {
3508 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
3509 goto err;
3510 }
3511
3512 /* no slots, set the hw mechanism tables as empty */
3513 if (ulSlotCount == 0)
3514 {
3515 #ifdef DEBUG_SLOT_SELECTION
3516 fprintf(stderr, "%s: no hardware mechanisms found\n", PK11_DBG);
3517 #endif
3518 hw_cnids = OPENSSL_malloc(sizeof (int));
3519 hw_dnids = OPENSSL_malloc(sizeof (int));
3520 if (hw_cnids == NULL || hw_dnids == NULL)
3521 {
3522 PK11err(PK11_F_CHECK_HW_MECHANISMS,
3523 PK11_R_MALLOC_FAILURE);
3524 return (0);
3525 }
3526 /* this means empty tables */
3527 hw_cnids[0] = NID_undef;
3528 hw_dnids[0] = NID_undef;
3529 return (1);
3530 }
3531
3532 pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID));
3533 if (pSlotList == NULL)
3534 {
3535 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
3536 goto err;
3537 }
3538
3539 /* Get the slot list for processing */
3540 if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK)
3541 {
3542 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST);
3543 goto err;
3544 }
3545
3546 /*
3547 * We don't care about duplicit mechanisms in multiple slots and also
3548 * reserve one slot for the terminal NID_undef which we use to stop the
3549 * search.
3550 */
3551 hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1;
3552 hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1;
3553 tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int));
3554 tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int));
3555 if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL)
3556 {
3557 PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE);
3558 goto err;
3559 }
3560
3561 /*
3562 * Do not use memset since we should not rely on the fact that NID_undef
3563 * is zero now.
3564 */
3565 for (i = 0; i < hw_ctable_size; ++i)
3566 tmp_hw_cnids[i] = NID_undef;
3567 for (i = 0; i < hw_dtable_size; ++i)
3568 tmp_hw_dnids[i] = NID_undef;
3569
3570 #ifdef DEBUG_SLOT_SELECTION
3571 fprintf(stderr, "%s: provider: %s\n", PK11_DBG, pkcs11_kernel);
3572 fprintf(stderr, "%s: found %d hardware slots\n", PK11_DBG, ulSlotCount);
3573 fprintf(stderr, "%s: now looking for mechs supported in hw\n",
3574 PK11_DBG);
3575 #endif /* DEBUG_SLOT_SELECTION */
3576
3577 for (i = 0; i < ulSlotCount; i++)
3578 {
3579 if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK)
3580 continue;
3581
3582 #ifdef DEBUG_SLOT_SELECTION
3583 fprintf(stderr, "%s: token label: %.32s\n", PK11_DBG, token_info.label);
3584 #endif /* DEBUG_SLOT_SELECTION */
3585
3586 /*
3587 * We are filling the hw mech tables here. Global tables are
3588 * still NULL so all mechanisms are put into tmp tables.
3589 */
3590 pk11_find_symmetric_ciphers(pflist, pSlotList[i],
3591 &n_cipher, tmp_hw_cnids);
3592 pk11_find_digests(pflist, pSlotList[i],
3593 &n_digest, tmp_hw_dnids);
3594 }
3595
3596 /*
3597 * Since we are part of a library (libcrypto.so), calling this function
3598 * may have side-effects. Also, C_Finalize() is triggered by
3599 * dlclose(3C).
3600 */
3601 #if 0
3602 pflist->C_Finalize(NULL);
3603 #endif
3604 OPENSSL_free(pSlotList);
3605 (void) dlclose(handle);
3606 hw_cnids = tmp_hw_cnids;
3607 hw_dnids = tmp_hw_dnids;
3608
3609 #ifdef DEBUG_SLOT_SELECTION
3610 fprintf(stderr, "%s: hw mechs check complete\n", PK11_DBG);
3611 #endif /* DEBUG_SLOT_SELECTION */
3612 return (1);
3613
3614 err:
3615 if (pSlotList != NULL)
3616 OPENSSL_free(pSlotList);
3617 if (tmp_hw_cnids != NULL)
3618 OPENSSL_free(tmp_hw_cnids);
3619 if (tmp_hw_dnids != NULL)
3620 OPENSSL_free(tmp_hw_dnids);
3621
3622 return (0);
3623 }
3624
3625 /*
3626 * Check presence of a NID in the table of NIDs. The table may be NULL (i.e.,
3627 * non-existent).
3628 */
3629 static int nid_in_table(int nid, int *nid_table)
3630 {
3631 int i = 0;
3632
3633 /*
3634 * a special case. NULL means that we are initializing a new
3635 * table.
3636 */
3637 if (nid_table == NULL)
3638 return (1);
3639
3640 /*
3641 * the table is never full, there is always at least one
3642 * NID_undef.
3643 */
3644 while (nid_table[i] != NID_undef)
3645 {
3646 if (nid_table[i++] == nid)
3647 {
3648 #ifdef DEBUG_SLOT_SELECTION
3649 fprintf(stderr, " (NID %d in hw table, idx %d)", nid, i);
3650 #endif /* DEBUG_SLOT_SELECTION */
3651 return (1);
3652 }
3653 }
3654
3655 return (0);
3656 }
3657 #endif /* SOLARIS_HW_SLOT_SELECTION */
3658
3659 #endif /* OPENSSL_NO_HW_PK11 */
3660 #endif /* OPENSSL_NO_HW */