1 |
diff -up openssl-fips-0.9.8e/engines/e_chil.c.chil openssl-fips-0.9.8e/engines/e_chil.c |
2 |
--- openssl-fips-0.9.8e/engines/e_chil.c.chil 2005-07-16 13:13:08.000000000 +0200 |
3 |
+++ openssl-fips-0.9.8e/engines/e_chil.c 2011-04-04 16:35:45.000000000 +0200 |
4 |
@@ -116,6 +116,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, |
5 |
/* This function is aliased to mod_exp (with the mont stuff dropped). */ |
6 |
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
7 |
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
8 |
+static int hwcrhk_rsa_finish(RSA *rsa); |
9 |
#endif |
10 |
|
11 |
#ifndef OPENSSL_NO_DH |
12 |
@@ -135,10 +136,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG |
13 |
UI_METHOD *ui_method, void *callback_data); |
14 |
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, |
15 |
UI_METHOD *ui_method, void *callback_data); |
16 |
-#ifndef OPENSSL_NO_RSA |
17 |
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, |
18 |
- int ind,long argl, void *argp); |
19 |
-#endif |
20 |
|
21 |
/* Interaction stuff */ |
22 |
static int hwcrhk_insert_card(const char *prompt_info, |
23 |
@@ -193,7 +190,7 @@ static RSA_METHOD hwcrhk_rsa = |
24 |
hwcrhk_rsa_mod_exp, |
25 |
hwcrhk_mod_exp_mont, |
26 |
NULL, |
27 |
- NULL, |
28 |
+ hwcrhk_rsa_finish, |
29 |
0, |
30 |
NULL, |
31 |
NULL, |
32 |
@@ -589,12 +586,6 @@ static int hwcrhk_init(ENGINE *e) |
33 |
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; |
34 |
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; |
35 |
} |
36 |
- else if (CRYPTO_get_locking_callback() != NULL) |
37 |
- { |
38 |
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING); |
39 |
- ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()"); |
40 |
- goto err; |
41 |
- } |
42 |
} |
43 |
|
44 |
/* Try and get a context - if not, we may have a DSO but no |
45 |
@@ -609,7 +600,7 @@ static int hwcrhk_init(ENGINE *e) |
46 |
if (hndidx_rsa == -1) |
47 |
hndidx_rsa = RSA_get_ex_new_index(0, |
48 |
"nFast HWCryptoHook RSA key handle", |
49 |
- NULL, NULL, hwcrhk_ex_free); |
50 |
+ NULL, NULL, NULL); |
51 |
#endif |
52 |
return 1; |
53 |
err: |
54 |
@@ -853,8 +844,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG |
55 |
|
56 |
return res; |
57 |
err: |
58 |
- if (res) |
59 |
- EVP_PKEY_free(res); |
60 |
#ifndef OPENSSL_NO_RSA |
61 |
if (rtmp) |
62 |
RSA_free(rtmp); |
63 |
@@ -1087,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r |
64 |
{ |
65 |
return hwcrhk_mod_exp(r, a, p, m, ctx); |
66 |
} |
67 |
+ |
68 |
+static int hwcrhk_rsa_finish(RSA *rsa) |
69 |
+ { |
70 |
+ HWCryptoHook_RSAKeyHandle *hptr; |
71 |
+ |
72 |
+ hptr = RSA_get_ex_data(rsa, hndidx_rsa); |
73 |
+ if (hptr) |
74 |
+ { |
75 |
+ p_hwcrhk_RSAUnloadKey(*hptr, NULL); |
76 |
+ OPENSSL_free(hptr); |
77 |
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL); |
78 |
+ } |
79 |
+ return 1; |
80 |
+ } |
81 |
+ |
82 |
#endif |
83 |
|
84 |
#ifndef OPENSSL_NO_DH |
85 |
@@ -1145,34 +1149,6 @@ static int hwcrhk_rand_status(void) |
86 |
return 1; |
87 |
} |
88 |
|
89 |
-/* This cleans up an RSA KM key, called when ex_data is freed */ |
90 |
-#ifndef OPENSSL_NO_RSA |
91 |
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, |
92 |
- int ind,long argl, void *argp) |
93 |
-{ |
94 |
- char tempbuf[1024]; |
95 |
- HWCryptoHook_ErrMsgBuf rmsg; |
96 |
-#ifndef OPENSSL_NO_RSA |
97 |
- HWCryptoHook_RSAKeyHandle *hptr; |
98 |
-#endif |
99 |
-#if !defined(OPENSSL_NO_RSA) |
100 |
- int ret; |
101 |
-#endif |
102 |
- |
103 |
- rmsg.buf = tempbuf; |
104 |
- rmsg.size = sizeof(tempbuf); |
105 |
- |
106 |
-#ifndef OPENSSL_NO_RSA |
107 |
- hptr = (HWCryptoHook_RSAKeyHandle *) item; |
108 |
- if(hptr) |
109 |
- { |
110 |
- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); |
111 |
- OPENSSL_free(hptr); |
112 |
- } |
113 |
-#endif |
114 |
-} |
115 |
-#endif |
116 |
- |
117 |
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model |
118 |
* these just wrap the POSIX functions and add some logging. |
119 |
*/ |
120 |
@@ -1210,6 +1186,11 @@ static int hwcrhk_get_pass(const char *p |
121 |
pem_password_cb *callback = NULL; |
122 |
void *callback_data = NULL; |
123 |
UI_METHOD *ui_method = NULL; |
124 |
+ /* Despite what the documentation says prompt_info can be |
125 |
+ * an empty string. |
126 |
+ */ |
127 |
+ if (prompt_info && !*prompt_info) |
128 |
+ prompt_info = NULL; |
129 |
|
130 |
if (cactx) |
131 |
{ |
132 |
@@ -1311,10 +1292,14 @@ static int hwcrhk_insert_card(const char |
133 |
{ |
134 |
char answer; |
135 |
char buf[BUFSIZ]; |
136 |
- |
137 |
- if (wrong_info) |
138 |
+ /* Despite what the documentation says wrong_info can be |
139 |
+ * an empty string. |
140 |
+ */ |
141 |
+ if (wrong_info && *wrong_info) |
142 |
BIO_snprintf(buf, sizeof(buf)-1, |
143 |
"Current card: \"%s\"\n", wrong_info); |
144 |
+ else |
145 |
+ buf[0] = 0; |
146 |
ok = UI_dup_info_string(ui, buf); |
147 |
if (ok >= 0 && prompt_info) |
148 |
{ |