From: Jason Cooper <cyanogen at lakedaemon.net> Change-Id: I0b7f3873b6fac211846f08b84f68be36ddcee7e8 Signed-off-by: Jason Cooper <cyanogen at lakedaemon.net> --- android-config.mk | 8 +- apps/Android.mk | 2 +- crypto/Android.mk | 52 +++++----- crypto/engine/tb_asnmth.c | 246 +++++++++++++++++++++++++++++++++++++++++++++ crypto/engine/tb_pkmeth.c | 167 ++++++++++++++++++++++++++++++ openssl.config | 3 - patches/apps_Android.mk | 2 +- ssl/Android.mk | 7 ++ 8 files changed, 451 insertions(+), 36 deletions(-) create mode 100644 crypto/engine/tb_asnmth.c create mode 100644 crypto/engine/tb_pkmeth.c diff --git a/android-config.mk b/android-config.mk index 110c810..6e69b6a 100644 --- a/android-config.mk +++ b/android-config.mk @@ -8,14 +8,10 @@ LOCAL_CFLAGS += -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN #-DTERMIO # From DEPFLAG= -LOCAL_CFLAGS += -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CAST -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_STORE -DOPENSSL_NO_WHIRLPOOL +LOCAL_CFLAGS += -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAST -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_STORE -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_GOST # Extra -LOCAL_CFLAGS += -DOPENSSL_NO_HW -DOPENSSL_NO_ENGINE -DZLIB - -ifneq ($(BOARD_USE_OPENSSL_ENGINE),true) -LOCAL_CFLAGS += -DOPENSSL_NO_ENGINE -endif +LOCAL_CFLAGS += -DOPENSSL_NO_HW -DZLIB # Debug # LOCAL_CFLAGS += -DCIPHER_DEBUG diff --git a/apps/Android.mk b/apps/Android.mk index 06e07a2..181177d 100644 --- a/apps/Android.mk +++ b/apps/Android.mk @@ -69,7 +69,7 @@ include $(LOCAL_PATH)/../android-config.mk # These flags omit whole features from the commandline "openssl". # However, portions of these features are actually turned on. -LOCAL_CFLAGS += -DOPENSSL_NO_DTLS1 +#LOCAL_CFLAGS += -DOPENSSL_NO_DTLS1 LOCAL_MODULE:= openssl diff --git a/crypto/Android.mk b/crypto/Android.mk index 9028efd..8515e53 100644 --- a/crypto/Android.mk +++ b/crypto/Android.mk @@ -250,6 +250,31 @@ local_src_files := \ ecdsa/ecs_ossl.c \ ecdsa/ecs_sign.c \ ecdsa/ecs_vrf.c \ + engine/eng_all.c \ + engine/eng_cnf.c \ + engine/eng_cryptodev.c \ + engine/eng_ctrl.c \ + engine/eng_dyn.c \ + engine/eng_err.c \ + engine/eng_fat.c \ + engine/enginetest.c \ + engine/eng_init.c \ + engine/eng_lib.c \ + engine/eng_list.c \ + engine/eng_openssl.c \ + engine/eng_pkey.c \ + engine/eng_table.c \ + engine/tb_asnmth.c \ + engine/tb_cipher.c \ + engine/tb_dh.c \ + engine/tb_digest.c \ + engine/tb_dsa.c \ + engine/tb_ecdh.c \ + engine/tb_ecdsa.c \ + engine/tb_pkmeth.c \ + engine/tb_rand.c \ + engine/tb_rsa.c \ + engine/tb_store.c \ err/err.c \ err/err_all.c \ err/err_prn.c \ @@ -365,6 +390,7 @@ local_src_files := \ pkcs7/pk7_mime.c \ pkcs7/pk7_smime.c \ pkcs7/pkcs7err.c \ + pqueue/pqueue.c \ rand/md_rand.c \ rand/rand_egd.c \ rand/rand_err.c \ @@ -470,34 +496,10 @@ local_src_files := \ x509v3/v3_utl.c \ x509v3/v3err.c -ifeq ($(BOARD_USE_OPENSSL_ENGINE),true) -LOCAL_SRC_FILES += \ - engine/eng_err.c \ - engine/eng_lib.c \ - engine/eng_list.c \ - engine/eng_init.c \ - engine/eng_ctrl.c \ - engine/eng_table.c \ - engine/eng_padlock.c \ - engine/eng_pkey.c \ - engine/eng_fat.c \ - engine/eng_all.c \ - engine/tb_cipher.c \ - engine/tb_dh.c \ - engine/tb_digest.c \ - engine/tb_dsa.c \ - engine/tb_ecdsa.c \ - engine/tb_rand.c \ - engine/tb_rsa.c \ - engine/tb_store.c \ - engine/eng_openssl.c \ - engine/eng_dyn.c \ - engine/eng_cnf.c -endif - local_c_includes := \ external/openssl \ external/openssl/crypto/asn1 \ + external/openssl/crypto/engine \ external/openssl/crypto/evp \ external/openssl/include \ external/openssl/include/openssl \ diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c new file mode 100644 index 0000000..7509033 --- /dev/null +++ b/crypto/engine/tb_asnmth.c @@ -0,0 +1,246 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include "eng_int.h" +#include "asn1_locl.h" +#include <openssl/evp.h> + +/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the + * function that is used by EVP to hook in pkey_asn1_meth code and cache + * defaults (etc), will display brief debugging summaries to stderr with the + * 'nid'. */ +/* #define ENGINE_PKEY_ASN1_METH_DEBUG */ + +static ENGINE_TABLE *pkey_asn1_meth_table = NULL; + +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e) + { + engine_table_unregister(&pkey_asn1_meth_table, e); + } + +static void engine_unregister_all_pkey_asn1_meths(void) + { + engine_table_cleanup(&pkey_asn1_meth_table); + } + +int ENGINE_register_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_asn1_meths(void) + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_asn1_meths(e); + } + +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_asn1_meth 'nid' */ +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid) + { + return engine_table_select(&pkey_asn1_meth_table, nid); + } + +/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid) + { + EVP_PKEY_ASN1_METHOD *ret; + ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_asn1_meth callback from an ENGINE structure */ +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e) + { + return e->pkey_asn1_meths; + } + +/* Sets the pkey_asn1_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) + { + e->pkey_asn1_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_asn1_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_ASN1_METHOD *pkm; + if (e->pkey_asn1_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_asn1_free(pkm); + } + } + } + } + +/* Find a method based on a string. This does a linear search through + * all implemented algorithms. This is OK in practice because only + * a small number of algorithms are likely to be implemented in an engine + * and it is not used for speed critical operations. + */ + +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len) + { + int i, nidcount; + const int *nids; + EVP_PKEY_ASN1_METHOD *ameth; + if (!e->pkey_asn1_meths) + return NULL; + if (len == -1) + len = strlen(str); + nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); + for (i = 0; i < nidcount; i++) + { + e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); + if (((int)strlen(ameth->pem_str) == len) && + !strncasecmp(ameth->pem_str, str, len)) + return ameth; + } + return NULL; + } + +typedef struct + { + ENGINE *e; + const EVP_PKEY_ASN1_METHOD *ameth; + const char *str; + int len; + } ENGINE_FIND_STR; + +static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) + { + ENGINE_FIND_STR *lk = arg; + int i; + if (lk->ameth) + return; + for (i = 0; i < sk_ENGINE_num(sk); i++) + { + ENGINE *e = sk_ENGINE_value(sk, i); + EVP_PKEY_ASN1_METHOD *ameth; + e->pkey_asn1_meths(e, &ameth, NULL, nid); + if (((int)strlen(ameth->pem_str) == lk->len) && + !strncasecmp(ameth->pem_str, lk->str, lk->len)) + { + lk->e = e; + lk->ameth = ameth; + return; + } + } + } + +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len) + { + ENGINE_FIND_STR fstr; + fstr.e = NULL; + fstr.ameth = NULL; + fstr.str = str; + fstr.len = len; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); + /* If found obtain a structural reference to engine */ + if (fstr.e) + { + fstr.e->struct_ref++; + engine_ref_debug(fstr.e, 0, 1) + } + *pe = fstr.e; + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return fstr.ameth; + } diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c new file mode 100644 index 0000000..1cdb967 --- /dev/null +++ b/crypto/engine/tb_pkmeth.c @@ -0,0 +1,167 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include "eng_int.h" +#include <openssl/evp.h> + +/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function + * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_PKEY_METH_DEBUG */ + +static ENGINE_TABLE *pkey_meth_table = NULL; + +void ENGINE_unregister_pkey_meths(ENGINE *e) + { + engine_table_unregister(&pkey_meth_table, e); + } + +static void engine_unregister_all_pkey_meths(void) + { + engine_table_cleanup(&pkey_meth_table); + } + +int ENGINE_register_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_meths() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_meths(e); + } + +int ENGINE_set_default_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_meth 'nid' */ +ENGINE *ENGINE_get_pkey_meth_engine(int nid) + { + return engine_table_select(&pkey_meth_table, nid); + } + +/* Obtains a pkey_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid) + { + EVP_PKEY_METHOD *ret; + ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_meth callback from an ENGINE structure */ +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e) + { + return e->pkey_meths; + } + +/* Sets the pkey_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f) + { + e->pkey_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_METHOD *pkm; + if (e->pkey_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_meth_free(pkm); + } + } + } + } diff --git a/openssl.config b/openssl.config index 1eb1d40..09347a1 100644 --- a/openssl.config +++ b/openssl.config @@ -23,7 +23,6 @@ crypto/seed \ crypto/whrlpool \ demos \ doc \ -engines \ ms \ os2 \ perl \ @@ -90,8 +89,6 @@ crypto/ec/Makefile \ crypto/ecdh/Makefile \ crypto/ecdsa/Makefile \ crypto/engine/Makefile \ -crypto/engine/tb_asnmth.c \ -crypto/engine/tb_pkmeth.c \ crypto/err/Makefile \ crypto/evp/Makefile \ crypto/evp/m_md2.c \ diff --git a/patches/apps_Android.mk b/patches/apps_Android.mk index 06e07a2..181177d 100644 --- a/patches/apps_Android.mk +++ b/patches/apps_Android.mk @@ -69,7 +69,7 @@ include $(LOCAL_PATH)/../android-config.mk # These flags omit whole features from the commandline "openssl". # However, portions of these features are actually turned on. -LOCAL_CFLAGS += -DOPENSSL_NO_DTLS1 +#LOCAL_CFLAGS += -DOPENSSL_NO_DTLS1 LOCAL_MODULE:= openssl diff --git a/ssl/Android.mk b/ssl/Android.mk index fb9d34c..b4b0392 100644 --- a/ssl/Android.mk +++ b/ssl/Android.mk @@ -6,6 +6,13 @@ local_c_includes := \ external/openssl/crypto local_src_files:= \ + d1_both.c \ + d1_meth.c \ + d1_enc.c \ + d1_lib.c \ + d1_clnt.c \ + d1_srvr.c \ + d1_pkt.c \ s2_meth.c \ s2_srvr.c \ s2_clnt.c \ -- 1.7.0.4
