2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
14 * SHA-1 low level APIs are deprecated for public use, but still ok for
15 * internal use. Note, that due to symbols not being exported, only the
16 * #defines and structures can be accessed, in this case SHA_CBLOCK and
19 #include "internal/deprecated.h"
21 #include <openssl/opensslconf.h>
29 #include <openssl/engine.h>
30 #include <openssl/sha.h>
31 #include <openssl/aes.h>
32 #include <openssl/rsa.h>
33 #include <openssl/evp.h>
34 #include <openssl/async.h>
35 #include <openssl/bn.h>
36 #include <openssl/crypto.h>
37 #include <openssl/ssl.h>
38 #include <openssl/modes.h>
40 #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
49 #include "e_dasync_err.c"
51 /* Engine Id and Name */
52 static const char *engine_dasync_id
= "dasync";
53 static const char *engine_dasync_name
= "Dummy Async engine support";
56 /* Engine Lifetime functions */
57 static int dasync_destroy(ENGINE
*e
);
58 static int dasync_init(ENGINE
*e
);
59 static int dasync_finish(ENGINE
*e
);
60 void engine_load_dasync_int(void);
63 /* Set up digests. Just SHA1 for now */
64 static int dasync_digests(ENGINE
*e
, const EVP_MD
**digest
,
65 const int **nids
, int nid
);
67 static void dummy_pause_job(void);
70 static int dasync_sha1_init(EVP_MD_CTX
*ctx
);
71 static int dasync_sha1_update(EVP_MD_CTX
*ctx
, const void *data
,
73 static int dasync_sha1_final(EVP_MD_CTX
*ctx
, unsigned char *md
);
76 * Holds the EVP_MD object for sha1 in this engine. Set up once only during
77 * engine bind and can then be reused many times.
79 static EVP_MD
*_hidden_sha1_md
= NULL
;
80 static const EVP_MD
*dasync_sha1(void)
82 return _hidden_sha1_md
;
84 static void destroy_digests(void)
86 EVP_MD_meth_free(_hidden_sha1_md
);
87 _hidden_sha1_md
= NULL
;
90 static int dasync_digest_nids(const int **nids
)
92 static int digest_nids
[2] = { 0, 0 };
98 if ((md
= dasync_sha1()) != NULL
)
99 digest_nids
[pos
++] = EVP_MD_get_type(md
);
100 digest_nids
[pos
] = 0;
108 static int dasync_pkey(ENGINE
*e
, EVP_PKEY_METHOD
**pmeth
,
109 const int **pnids
, int nid
);
111 static int dasync_rsa_init(EVP_PKEY_CTX
*ctx
);
112 static void dasync_rsa_cleanup(EVP_PKEY_CTX
*ctx
);
113 static int dasync_rsa_paramgen_init(EVP_PKEY_CTX
*ctx
);
114 static int dasync_rsa_paramgen(EVP_PKEY_CTX
*ctx
, EVP_PKEY
*pkey
);
115 static int dasync_rsa_keygen_init(EVP_PKEY_CTX
*ctx
);
116 static int dasync_rsa_keygen(EVP_PKEY_CTX
*ctx
, EVP_PKEY
*pkey
);
117 static int dasync_rsa_encrypt_init(EVP_PKEY_CTX
*ctx
);
118 static int dasync_rsa_encrypt(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
119 size_t *outlen
, const unsigned char *in
,
121 static int dasync_rsa_decrypt_init(EVP_PKEY_CTX
*ctx
);
122 static int dasync_rsa_decrypt(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
123 size_t *outlen
, const unsigned char *in
,
125 static int dasync_rsa_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
126 static int dasync_rsa_ctrl_str(EVP_PKEY_CTX
*ctx
, const char *type
,
129 static EVP_PKEY_METHOD
*dasync_rsa
;
130 static const EVP_PKEY_METHOD
*dasync_rsa_orig
;
134 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX
*ctx
, int type
, int arg
,
136 static int dasync_aes128_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
137 const unsigned char *iv
, int enc
);
138 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
139 const unsigned char *in
, size_t inl
);
140 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX
*ctx
);
142 static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX
*ctx
, int type
, int arg
,
144 static int dasync_aes256_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
145 const unsigned char *iv
, int enc
);
146 static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
147 const unsigned char *in
, size_t inl
);
148 static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX
*ctx
);
150 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX
*ctx
, int type
,
152 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX
*ctx
,
153 const unsigned char *key
,
154 const unsigned char *iv
,
156 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX
*ctx
,
158 const unsigned char *in
,
160 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX
*ctx
);
162 struct dasync_pipeline_ctx
{
163 void *inner_cipher_data
;
164 unsigned int numpipes
;
165 unsigned char **inbufs
;
166 unsigned char **outbufs
;
168 unsigned char tlsaad
[SSL_MAX_PIPELINES
][EVP_AEAD_TLS1_AAD_LEN
];
173 * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
174 * during engine bind and can then be reused many times.
176 static EVP_CIPHER
*_hidden_aes_128_cbc
= NULL
;
177 static const EVP_CIPHER
*dasync_aes_128_cbc(void)
179 return _hidden_aes_128_cbc
;
182 static EVP_CIPHER
*_hidden_aes_256_ctr
= NULL
;
183 static const EVP_CIPHER
*dasync_aes_256_ctr(void)
185 return _hidden_aes_256_ctr
;
189 * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
190 * once only during engine bind and can then be reused many times.
192 * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
193 * which is implemented only if the AES-NI instruction set extension is available
194 * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
195 * be available either.
197 * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
198 * negotiate the encrypt-then-mac extension) won't negotiate it anyway.
200 static EVP_CIPHER
*_hidden_aes_128_cbc_hmac_sha1
= NULL
;
201 static const EVP_CIPHER
*dasync_aes_128_cbc_hmac_sha1(void)
203 return _hidden_aes_128_cbc_hmac_sha1
;
206 static void destroy_ciphers(void)
208 EVP_CIPHER_meth_free(_hidden_aes_128_cbc
);
209 EVP_CIPHER_meth_free(_hidden_aes_256_ctr
);
210 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1
);
211 _hidden_aes_128_cbc
= NULL
;
212 _hidden_aes_256_ctr
= NULL
;
213 _hidden_aes_128_cbc_hmac_sha1
= NULL
;
216 static int dasync_ciphers(ENGINE
*e
, const EVP_CIPHER
**cipher
,
217 const int **nids
, int nid
);
219 static int dasync_cipher_nids
[] = {
222 NID_aes_128_cbc_hmac_sha1
,
226 static int bind_dasync(ENGINE
*e
)
229 if ((dasync_rsa_orig
= EVP_PKEY_meth_find(EVP_PKEY_RSA
)) == NULL
230 || (dasync_rsa
= EVP_PKEY_meth_new(EVP_PKEY_RSA
,
231 EVP_PKEY_FLAG_AUTOARGLEN
)) == NULL
)
233 EVP_PKEY_meth_set_init(dasync_rsa
, dasync_rsa_init
);
234 EVP_PKEY_meth_set_cleanup(dasync_rsa
, dasync_rsa_cleanup
);
235 EVP_PKEY_meth_set_paramgen(dasync_rsa
, dasync_rsa_paramgen_init
,
236 dasync_rsa_paramgen
);
237 EVP_PKEY_meth_set_keygen(dasync_rsa
, dasync_rsa_keygen_init
,
239 EVP_PKEY_meth_set_encrypt(dasync_rsa
, dasync_rsa_encrypt_init
,
241 EVP_PKEY_meth_set_decrypt(dasync_rsa
, dasync_rsa_decrypt_init
,
243 EVP_PKEY_meth_set_ctrl(dasync_rsa
, dasync_rsa_ctrl
,
244 dasync_rsa_ctrl_str
);
246 /* Ensure the dasync error handling is set up */
247 ERR_load_DASYNC_strings();
249 if (!ENGINE_set_id(e
, engine_dasync_id
)
250 || !ENGINE_set_name(e
, engine_dasync_name
)
251 || !ENGINE_set_pkey_meths(e
, dasync_pkey
)
252 || !ENGINE_set_digests(e
, dasync_digests
)
253 || !ENGINE_set_ciphers(e
, dasync_ciphers
)
254 || !ENGINE_set_destroy_function(e
, dasync_destroy
)
255 || !ENGINE_set_init_function(e
, dasync_init
)
256 || !ENGINE_set_finish_function(e
, dasync_finish
)) {
257 DASYNCerr(DASYNC_F_BIND_DASYNC
, DASYNC_R_INIT_FAILED
);
262 * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
263 * supplied by this engine
265 _hidden_sha1_md
= EVP_MD_meth_new(NID_sha1
, NID_sha1WithRSAEncryption
);
266 if (_hidden_sha1_md
== NULL
267 || !EVP_MD_meth_set_result_size(_hidden_sha1_md
, SHA_DIGEST_LENGTH
)
268 || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md
, SHA_CBLOCK
)
269 || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md
,
270 sizeof(EVP_MD
*) + sizeof(SHA_CTX
))
271 || !EVP_MD_meth_set_flags(_hidden_sha1_md
, EVP_MD_FLAG_DIGALGID_ABSENT
)
272 || !EVP_MD_meth_set_init(_hidden_sha1_md
, dasync_sha1_init
)
273 || !EVP_MD_meth_set_update(_hidden_sha1_md
, dasync_sha1_update
)
274 || !EVP_MD_meth_set_final(_hidden_sha1_md
, dasync_sha1_final
)) {
275 EVP_MD_meth_free(_hidden_sha1_md
);
276 _hidden_sha1_md
= NULL
;
279 _hidden_aes_128_cbc
= EVP_CIPHER_meth_new(NID_aes_128_cbc
,
282 if (_hidden_aes_128_cbc
== NULL
283 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc
,16)
284 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc
,
285 EVP_CIPH_FLAG_DEFAULT_ASN1
287 | EVP_CIPH_FLAG_PIPELINE
288 | EVP_CIPH_CUSTOM_COPY
)
289 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc
,
290 dasync_aes128_init_key
)
291 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc
,
292 dasync_aes128_cbc_cipher
)
293 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc
,
294 dasync_aes128_cbc_cleanup
)
295 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc
,
296 dasync_aes128_cbc_ctrl
)
297 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc
,
298 sizeof(struct dasync_pipeline_ctx
))) {
299 EVP_CIPHER_meth_free(_hidden_aes_128_cbc
);
300 _hidden_aes_128_cbc
= NULL
;
303 _hidden_aes_256_ctr
= EVP_CIPHER_meth_new(NID_aes_256_ctr
,
306 if (_hidden_aes_256_ctr
== NULL
307 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr
,16)
308 || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr
,
309 EVP_CIPH_FLAG_DEFAULT_ASN1
311 | EVP_CIPH_FLAG_PIPELINE
312 | EVP_CIPH_CUSTOM_COPY
)
313 || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr
,
314 dasync_aes256_init_key
)
315 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr
,
316 dasync_aes256_ctr_cipher
)
317 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr
,
318 dasync_aes256_ctr_cleanup
)
319 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr
,
320 dasync_aes256_ctr_ctrl
)
321 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr
,
322 sizeof(struct dasync_pipeline_ctx
))) {
323 EVP_CIPHER_meth_free(_hidden_aes_256_ctr
);
324 _hidden_aes_256_ctr
= NULL
;
327 _hidden_aes_128_cbc_hmac_sha1
= EVP_CIPHER_meth_new(
328 NID_aes_128_cbc_hmac_sha1
,
331 if (_hidden_aes_128_cbc_hmac_sha1
== NULL
332 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1
,16)
333 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1
,
335 | EVP_CIPH_FLAG_DEFAULT_ASN1
336 | EVP_CIPH_FLAG_AEAD_CIPHER
337 | EVP_CIPH_FLAG_PIPELINE
338 | EVP_CIPH_CUSTOM_COPY
)
339 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1
,
340 dasync_aes128_cbc_hmac_sha1_init_key
)
341 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1
,
342 dasync_aes128_cbc_hmac_sha1_cipher
)
343 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1
,
344 dasync_aes128_cbc_hmac_sha1_cleanup
)
345 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1
,
346 dasync_aes128_cbc_hmac_sha1_ctrl
)
347 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1
,
348 sizeof(struct dasync_pipeline_ctx
))) {
349 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1
);
350 _hidden_aes_128_cbc_hmac_sha1
= NULL
;
356 static void destroy_pkey(void)
359 * We don't actually need to free the dasync_rsa method since this is
360 * automatically freed for us by libcrypto.
362 dasync_rsa_orig
= NULL
;
366 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
367 static int bind_helper(ENGINE
*e
, const char *id
)
369 if (id
&& (strcmp(id
, engine_dasync_id
) != 0))
376 IMPLEMENT_DYNAMIC_CHECK_FN()
377 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper
)
380 static ENGINE
*engine_dasync(void)
382 ENGINE
*ret
= ENGINE_new();
385 if (!bind_dasync(ret
)) {
392 void engine_load_dasync_int(void)
394 ENGINE
*toadd
= engine_dasync();
400 * If the "add" worked, it gets a structural reference. So either way, we
401 * release our just-created reference.
405 * If the "add" didn't work, it was probably a conflict because it was
406 * already added (eg. someone calling ENGINE_load_blah then calling
407 * ENGINE_load_builtin_engines() perhaps).
412 static int dasync_init(ENGINE
*e
)
418 static int dasync_finish(ENGINE
*e
)
424 static int dasync_destroy(ENGINE
*e
)
429 ERR_unload_DASYNC_strings();
433 static int dasync_pkey(ENGINE
*e
, EVP_PKEY_METHOD
**pmeth
,
434 const int **pnids
, int nid
)
436 static const int rnid
= EVP_PKEY_RSA
;
443 if (nid
== EVP_PKEY_RSA
) {
452 static int dasync_digests(ENGINE
*e
, const EVP_MD
**digest
,
453 const int **nids
, int nid
)
457 /* We are returning a list of supported nids */
458 return dasync_digest_nids(nids
);
460 /* We are being asked for a specific digest */
463 *digest
= dasync_sha1();
473 static int dasync_ciphers(ENGINE
*e
, const EVP_CIPHER
**cipher
,
474 const int **nids
, int nid
)
477 if (cipher
== NULL
) {
478 /* We are returning a list of supported nids */
479 *nids
= dasync_cipher_nids
;
480 return (sizeof(dasync_cipher_nids
) -
481 1) / sizeof(dasync_cipher_nids
[0]);
483 /* We are being asked for a specific cipher */
485 case NID_aes_128_cbc
:
486 *cipher
= dasync_aes_128_cbc();
488 case NID_aes_256_ctr
:
489 *cipher
= dasync_aes_256_ctr();
491 case NID_aes_128_cbc_hmac_sha1
:
492 *cipher
= dasync_aes_128_cbc_hmac_sha1();
502 static void wait_cleanup(ASYNC_WAIT_CTX
*ctx
, const void *key
,
503 OSSL_ASYNC_FD readfd
, void *pvwritefd
)
505 OSSL_ASYNC_FD
*pwritefd
= (OSSL_ASYNC_FD
*)pvwritefd
;
506 #if defined(ASYNC_WIN)
508 CloseHandle(*pwritefd
);
509 #elif defined(ASYNC_POSIX)
513 OPENSSL_free(pwritefd
);
516 #define DUMMY_CHAR 'X'
518 static void dummy_pause_job(void) {
520 ASYNC_WAIT_CTX
*waitctx
;
521 ASYNC_callback_fn callback
;
523 OSSL_ASYNC_FD pipefds
[2] = {0, 0};
524 OSSL_ASYNC_FD
*writefd
;
525 #if defined(ASYNC_WIN)
526 DWORD numwritten
, numread
;
527 char buf
= DUMMY_CHAR
;
528 #elif defined(ASYNC_POSIX)
529 char buf
= DUMMY_CHAR
;
532 if ((job
= ASYNC_get_current_job()) == NULL
)
535 waitctx
= ASYNC_get_wait_ctx(job
);
537 if (ASYNC_WAIT_CTX_get_callback(waitctx
, &callback
, &callback_arg
) && callback
!= NULL
) {
539 * In the Dummy async engine we are cheating. We call the callback that the job
540 * is complete before the call to ASYNC_pause_job(). A real
541 * async engine would only call the callback when the job was actually complete
543 (*callback
)(callback_arg
);
549 if (ASYNC_WAIT_CTX_get_fd(waitctx
, engine_dasync_id
, &pipefds
[0],
550 (void **)&writefd
)) {
551 pipefds
[1] = *writefd
;
553 writefd
= OPENSSL_malloc(sizeof(*writefd
));
556 #if defined(ASYNC_WIN)
557 if (CreatePipe(&pipefds
[0], &pipefds
[1], NULL
, 256) == 0) {
558 OPENSSL_free(writefd
);
561 #elif defined(ASYNC_POSIX)
562 if (pipe(pipefds
) != 0) {
563 OPENSSL_free(writefd
);
567 *writefd
= pipefds
[1];
569 if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx
, engine_dasync_id
, pipefds
[0],
570 writefd
, wait_cleanup
)) {
571 wait_cleanup(waitctx
, engine_dasync_id
, pipefds
[0], writefd
);
576 * In the Dummy async engine we are cheating. We signal that the job
577 * is complete by waking it before the call to ASYNC_pause_job(). A real
578 * async engine would only wake when the job was actually complete
580 #if defined(ASYNC_WIN)
581 WriteFile(pipefds
[1], &buf
, 1, &numwritten
, NULL
);
582 #elif defined(ASYNC_POSIX)
583 if (write(pipefds
[1], &buf
, 1) < 0)
587 /* Ignore errors - we carry on anyway */
590 /* Clear the wake signal */
591 #if defined(ASYNC_WIN)
592 ReadFile(pipefds
[0], &buf
, 1, &numread
, NULL
);
593 #elif defined(ASYNC_POSIX)
594 if (read(pipefds
[0], &buf
, 1) < 0)
600 * SHA1 implementation. At the moment we just defer to the standard
603 static int dasync_sha1_init(EVP_MD_CTX
*ctx
)
607 return EVP_MD_meth_get_init(EVP_sha1())(ctx
);
610 static int dasync_sha1_update(EVP_MD_CTX
*ctx
, const void *data
,
615 return EVP_MD_meth_get_update(EVP_sha1())(ctx
, data
, count
);
618 static int dasync_sha1_final(EVP_MD_CTX
*ctx
, unsigned char *md
)
622 return EVP_MD_meth_get_final(EVP_sha1())(ctx
, md
);
625 /* Cipher helper functions */
627 static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX
*ctx
, int type
, int arg
,
628 void *ptr
, int aeadcapable
,
629 const EVP_CIPHER
*ciph
)
632 struct dasync_pipeline_ctx
*pipe_ctx
=
633 (struct dasync_pipeline_ctx
*)EVP_CIPHER_CTX_get_cipher_data(ctx
);
635 if (pipe_ctx
== NULL
)
641 size_t sz
= EVP_CIPHER_impl_ctx_size(ciph
);
642 void *inner_cipher_data
= OPENSSL_malloc(sz
);
644 if (inner_cipher_data
== NULL
)
646 memcpy(inner_cipher_data
, pipe_ctx
->inner_cipher_data
, sz
);
647 pipe_ctx
->inner_cipher_data
= inner_cipher_data
;
651 case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS
:
652 pipe_ctx
->numpipes
= arg
;
653 pipe_ctx
->outbufs
= (unsigned char **)ptr
;
656 case EVP_CTRL_SET_PIPELINE_INPUT_BUFS
:
657 pipe_ctx
->numpipes
= arg
;
658 pipe_ctx
->inbufs
= (unsigned char **)ptr
;
661 case EVP_CTRL_SET_PIPELINE_INPUT_LENS
:
662 pipe_ctx
->numpipes
= arg
;
663 pipe_ctx
->lens
= (size_t *)ptr
;
666 case EVP_CTRL_AEAD_SET_MAC_KEY
:
669 EVP_CIPHER_CTX_set_cipher_data(ctx
, pipe_ctx
->inner_cipher_data
);
670 ret
= EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
671 (ctx
, type
, arg
, ptr
);
672 EVP_CIPHER_CTX_set_cipher_data(ctx
, pipe_ctx
);
675 case EVP_CTRL_AEAD_TLS1_AAD
:
677 unsigned char *p
= ptr
;
680 if (!aeadcapable
|| arg
!= EVP_AEAD_TLS1_AAD_LEN
)
683 if (pipe_ctx
->aadctr
>= SSL_MAX_PIPELINES
)
686 memcpy(pipe_ctx
->tlsaad
[pipe_ctx
->aadctr
], ptr
,
687 EVP_AEAD_TLS1_AAD_LEN
);
690 len
= p
[arg
- 2] << 8 | p
[arg
- 1];
692 if (EVP_CIPHER_CTX_is_encrypting(ctx
)) {
693 if ((p
[arg
- 4] << 8 | p
[arg
- 3]) >= TLS1_1_VERSION
) {
694 if (len
< AES_BLOCK_SIZE
)
696 len
-= AES_BLOCK_SIZE
;
699 return ((len
+ SHA_DIGEST_LENGTH
+ AES_BLOCK_SIZE
)
700 & -AES_BLOCK_SIZE
) - len
;
702 return SHA_DIGEST_LENGTH
;
713 static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX
*ctx
,
714 const unsigned char *key
,
715 const unsigned char *iv
, int enc
,
716 const EVP_CIPHER
*cipher
)
719 struct dasync_pipeline_ctx
*pipe_ctx
=
720 (struct dasync_pipeline_ctx
*)EVP_CIPHER_CTX_get_cipher_data(ctx
);
722 if (pipe_ctx
->inner_cipher_data
== NULL
723 && EVP_CIPHER_impl_ctx_size(cipher
) != 0) {
724 pipe_ctx
->inner_cipher_data
= OPENSSL_zalloc(
725 EVP_CIPHER_impl_ctx_size(cipher
));
726 if (pipe_ctx
->inner_cipher_data
== NULL
)
730 pipe_ctx
->numpipes
= 0;
731 pipe_ctx
->aadctr
= 0;
733 EVP_CIPHER_CTX_set_cipher_data(ctx
, pipe_ctx
->inner_cipher_data
);
734 ret
= EVP_CIPHER_meth_get_init(cipher
)(ctx
, key
, iv
, enc
);
735 EVP_CIPHER_CTX_set_cipher_data(ctx
, pipe_ctx
);
740 static int dasync_cipher_helper(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
741 const unsigned char *in
, size_t inl
,
742 const EVP_CIPHER
*cipher
)
745 unsigned int i
, pipes
;
746 struct dasync_pipeline_ctx
*pipe_ctx
=
747 (struct dasync_pipeline_ctx
*)EVP_CIPHER_CTX_get_cipher_data(ctx
);
749 pipes
= pipe_ctx
->numpipes
;
750 EVP_CIPHER_CTX_set_cipher_data(ctx
, pipe_ctx
->inner_cipher_data
);
752 if (pipe_ctx
->aadctr
!= 0) {
753 if (pipe_ctx
->aadctr
!= 1)
755 EVP_CIPHER_meth_get_ctrl(cipher
)
756 (ctx
, EVP_CTRL_AEAD_TLS1_AAD
,
757 EVP_AEAD_TLS1_AAD_LEN
,
758 pipe_ctx
->tlsaad
[0]);
760 ret
= EVP_CIPHER_meth_get_do_cipher(cipher
)
763 if (pipe_ctx
->aadctr
> 0 && pipe_ctx
->aadctr
!= pipes
)
765 for (i
= 0; i
< pipes
; i
++) {
766 if (pipe_ctx
->aadctr
> 0) {
767 EVP_CIPHER_meth_get_ctrl(cipher
)
768 (ctx
, EVP_CTRL_AEAD_TLS1_AAD
,
769 EVP_AEAD_TLS1_AAD_LEN
,
770 pipe_ctx
->tlsaad
[i
]);
772 ret
= ret
&& EVP_CIPHER_meth_get_do_cipher(cipher
)
773 (ctx
, pipe_ctx
->outbufs
[i
], pipe_ctx
->inbufs
[i
],
776 pipe_ctx
->numpipes
= 0;
778 pipe_ctx
->aadctr
= 0;
779 EVP_CIPHER_CTX_set_cipher_data(ctx
, pipe_ctx
);
783 static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX
*ctx
,
784 const EVP_CIPHER
*cipher
)
786 struct dasync_pipeline_ctx
*pipe_ctx
=
787 (struct dasync_pipeline_ctx
*)EVP_CIPHER_CTX_get_cipher_data(ctx
);
789 OPENSSL_clear_free(pipe_ctx
->inner_cipher_data
,
790 EVP_CIPHER_impl_ctx_size(cipher
));
796 * AES128 CBC Implementation
799 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX
*ctx
, int type
, int arg
,
802 return dasync_cipher_ctrl_helper(ctx
, type
, arg
, ptr
, 0, EVP_aes_128_cbc());
805 static int dasync_aes128_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
806 const unsigned char *iv
, int enc
)
808 return dasync_cipher_init_key_helper(ctx
, key
, iv
, enc
, EVP_aes_128_cbc());
811 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
812 const unsigned char *in
, size_t inl
)
814 return dasync_cipher_helper(ctx
, out
, in
, inl
, EVP_aes_128_cbc());
817 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX
*ctx
)
819 return dasync_cipher_cleanup_helper(ctx
, EVP_aes_128_cbc());
822 static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX
*ctx
, int type
, int arg
,
825 return dasync_cipher_ctrl_helper(ctx
, type
, arg
, ptr
, 0, EVP_aes_256_ctr());
828 static int dasync_aes256_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
829 const unsigned char *iv
, int enc
)
831 return dasync_cipher_init_key_helper(ctx
, key
, iv
, enc
, EVP_aes_256_ctr());
834 static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
835 const unsigned char *in
, size_t inl
)
837 return dasync_cipher_helper(ctx
, out
, in
, inl
, EVP_aes_256_ctr());
840 static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX
*ctx
)
842 return dasync_cipher_cleanup_helper(ctx
, EVP_aes_256_ctr());
847 * AES128 CBC HMAC SHA1 Implementation
850 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX
*ctx
, int type
,
853 return dasync_cipher_ctrl_helper(ctx
, type
, arg
, ptr
, 1, EVP_aes_128_cbc_hmac_sha1());
856 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX
*ctx
,
857 const unsigned char *key
,
858 const unsigned char *iv
,
862 * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
863 * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
865 return dasync_cipher_init_key_helper(ctx
, key
, iv
, enc
,
866 EVP_aes_128_cbc_hmac_sha1());
869 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX
*ctx
,
871 const unsigned char *in
,
874 return dasync_cipher_helper(ctx
, out
, in
, inl
, EVP_aes_128_cbc_hmac_sha1());
877 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX
*ctx
)
880 * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
881 * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
883 return dasync_cipher_cleanup_helper(ctx
, EVP_aes_128_cbc_hmac_sha1());
890 static int dasync_rsa_init(EVP_PKEY_CTX
*ctx
)
892 static int (*pinit
)(EVP_PKEY_CTX
*ctx
);
895 EVP_PKEY_meth_get_init(dasync_rsa_orig
, &pinit
);
899 static void dasync_rsa_cleanup(EVP_PKEY_CTX
*ctx
)
901 static void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
903 if (pcleanup
== NULL
)
904 EVP_PKEY_meth_get_cleanup(dasync_rsa_orig
, &pcleanup
);
908 static int dasync_rsa_paramgen_init(EVP_PKEY_CTX
*ctx
)
910 static int (*pparamgen_init
)(EVP_PKEY_CTX
*ctx
);
912 if (pparamgen_init
== NULL
)
913 EVP_PKEY_meth_get_paramgen(dasync_rsa_orig
, &pparamgen_init
, NULL
);
914 return pparamgen_init
!= NULL
? pparamgen_init(ctx
) : 1;
917 static int dasync_rsa_paramgen(EVP_PKEY_CTX
*ctx
, EVP_PKEY
*pkey
)
919 static int (*pparamgen
)(EVP_PKEY_CTX
*c
, EVP_PKEY
*pkey
);
921 if (pparamgen
== NULL
)
922 EVP_PKEY_meth_get_paramgen(dasync_rsa_orig
, NULL
, &pparamgen
);
923 return pparamgen
!= NULL
? pparamgen(ctx
, pkey
) : 1;
926 static int dasync_rsa_keygen_init(EVP_PKEY_CTX
*ctx
)
928 static int (*pkeygen_init
)(EVP_PKEY_CTX
*ctx
);
930 if (pkeygen_init
== NULL
)
931 EVP_PKEY_meth_get_keygen(dasync_rsa_orig
, &pkeygen_init
, NULL
);
932 return pkeygen_init
!= NULL
? pkeygen_init(ctx
) : 1;
935 static int dasync_rsa_keygen(EVP_PKEY_CTX
*ctx
, EVP_PKEY
*pkey
)
937 static int (*pkeygen
)(EVP_PKEY_CTX
*c
, EVP_PKEY
*pkey
);
940 EVP_PKEY_meth_get_keygen(dasync_rsa_orig
, NULL
, &pkeygen
);
941 return pkeygen(ctx
, pkey
);
944 static int dasync_rsa_encrypt_init(EVP_PKEY_CTX
*ctx
)
946 static int (*pencrypt_init
)(EVP_PKEY_CTX
*ctx
);
948 if (pencrypt_init
== NULL
)
949 EVP_PKEY_meth_get_encrypt(dasync_rsa_orig
, &pencrypt_init
, NULL
);
950 return pencrypt_init
!= NULL
? pencrypt_init(ctx
) : 1;
953 static int dasync_rsa_encrypt(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
954 size_t *outlen
, const unsigned char *in
,
957 static int (*pencryptfn
)(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
958 size_t *outlen
, const unsigned char *in
,
961 if (pencryptfn
== NULL
)
962 EVP_PKEY_meth_get_encrypt(dasync_rsa_orig
, NULL
, &pencryptfn
);
963 return pencryptfn(ctx
, out
, outlen
, in
, inlen
);
966 static int dasync_rsa_decrypt_init(EVP_PKEY_CTX
*ctx
)
968 static int (*pdecrypt_init
)(EVP_PKEY_CTX
*ctx
);
970 if (pdecrypt_init
== NULL
)
971 EVP_PKEY_meth_get_decrypt(dasync_rsa_orig
, &pdecrypt_init
, NULL
);
972 return pdecrypt_init
!= NULL
? pdecrypt_init(ctx
) : 1;
975 static int dasync_rsa_decrypt(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
976 size_t *outlen
, const unsigned char *in
,
979 static int (*pdecrypt
)(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
980 size_t *outlen
, const unsigned char *in
,
983 if (pdecrypt
== NULL
)
984 EVP_PKEY_meth_get_decrypt(dasync_rsa_orig
, NULL
, &pdecrypt
);
985 return pdecrypt(ctx
, out
, outlen
, in
, inlen
);
988 static int dasync_rsa_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
990 static int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
993 EVP_PKEY_meth_get_ctrl(dasync_rsa_orig
, &pctrl
, NULL
);
994 return pctrl(ctx
, type
, p1
, p2
);
997 static int dasync_rsa_ctrl_str(EVP_PKEY_CTX
*ctx
, const char *type
,
1000 static int (*pctrl_str
)(EVP_PKEY_CTX
*ctx
, const char *type
,
1003 if (pctrl_str
== NULL
)
1004 EVP_PKEY_meth_get_ctrl(dasync_rsa_orig
, NULL
, &pctrl_str
);
1005 return pctrl_str(ctx
, type
, value
);