]>
Commit | Line | Data |
---|---|---|
a14e9ff7 | 1 | /* |
48e5119a | 2 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. |
a14e9ff7 | 3 | * |
ab3fa1c0 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
440e5d80 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
a14e9ff7 MC |
8 | */ |
9 | ||
f1f5ee17 AP |
10 | #if defined(_WIN32) |
11 | # include <windows.h> | |
12 | #endif | |
13 | ||
a14e9ff7 MC |
14 | #include <stdio.h> |
15 | #include <string.h> | |
16 | ||
17 | #include <openssl/engine.h> | |
18 | #include <openssl/sha.h> | |
2f2c9caa | 19 | #include <openssl/aes.h> |
a14e9ff7 MC |
20 | #include <openssl/rsa.h> |
21 | #include <openssl/evp.h> | |
22 | #include <openssl/async.h> | |
23 | #include <openssl/bn.h> | |
7b9f8f7f | 24 | #include <openssl/crypto.h> |
98ee7543 MC |
25 | #include <openssl/ssl.h> |
26 | #include <openssl/modes.h> | |
a14e9ff7 | 27 | |
6ce66ce0 | 28 | #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS) |
ff75a257 MC |
29 | # undef ASYNC_POSIX |
30 | # define ASYNC_POSIX | |
31 | # include <unistd.h> | |
32 | #elif defined(_WIN32) | |
33 | # undef ASYNC_WIN | |
34 | # define ASYNC_WIN | |
ff75a257 MC |
35 | #endif |
36 | ||
a14e9ff7 MC |
37 | #include "e_dasync_err.c" |
38 | ||
39 | /* Engine Id and Name */ | |
40 | static const char *engine_dasync_id = "dasync"; | |
41 | static const char *engine_dasync_name = "Dummy Async engine support"; | |
42 | ||
43 | ||
44 | /* Engine Lifetime functions */ | |
45 | static int dasync_destroy(ENGINE *e); | |
46 | static int dasync_init(ENGINE *e); | |
47 | static int dasync_finish(ENGINE *e); | |
b3599dbb | 48 | void engine_load_dasync_int(void); |
a14e9ff7 MC |
49 | |
50 | ||
51 | /* Set up digests. Just SHA1 for now */ | |
52 | static int dasync_digests(ENGINE *e, const EVP_MD **digest, | |
53 | const int **nids, int nid); | |
54 | ||
f4da39d2 | 55 | static void dummy_pause_job(void); |
a14e9ff7 MC |
56 | |
57 | /* SHA1 */ | |
46a283c0 MC |
58 | static int dasync_sha1_init(EVP_MD_CTX *ctx); |
59 | static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, | |
652d4a8c | 60 | size_t count); |
46a283c0 | 61 | static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); |
a14e9ff7 | 62 | |
11780ac3 MC |
63 | /* |
64 | * Holds the EVP_MD object for sha1 in this engine. Set up once only during | |
65 | * engine bind and can then be reused many times. | |
66 | */ | |
cddcea8c RL |
67 | static EVP_MD *_hidden_sha1_md = NULL; |
68 | static const EVP_MD *dasync_sha1(void) | |
69 | { | |
cddcea8c RL |
70 | return _hidden_sha1_md; |
71 | } | |
72 | static void destroy_digests(void) | |
73 | { | |
74 | EVP_MD_meth_free(_hidden_sha1_md); | |
75 | _hidden_sha1_md = NULL; | |
76 | } | |
11780ac3 | 77 | |
cddcea8c RL |
78 | static int dasync_digest_nids(const int **nids) |
79 | { | |
80 | static int digest_nids[2] = { 0, 0 }; | |
81 | static int pos = 0; | |
82 | static int init = 0; | |
83 | ||
84 | if (!init) { | |
85 | const EVP_MD *md; | |
86 | if ((md = dasync_sha1()) != NULL) | |
87 | digest_nids[pos++] = EVP_MD_type(md); | |
88 | digest_nids[pos] = 0; | |
89 | init = 1; | |
90 | } | |
91 | *nids = digest_nids; | |
92 | return pos; | |
93 | } | |
a14e9ff7 MC |
94 | |
95 | /* RSA */ | |
96 | ||
97 | static int dasync_pub_enc(int flen, const unsigned char *from, | |
98 | unsigned char *to, RSA *rsa, int padding); | |
99 | static int dasync_pub_dec(int flen, const unsigned char *from, | |
100 | unsigned char *to, RSA *rsa, int padding); | |
101 | static int dasync_rsa_priv_enc(int flen, const unsigned char *from, | |
102 | unsigned char *to, RSA *rsa, int padding); | |
103 | static int dasync_rsa_priv_dec(int flen, const unsigned char *from, | |
104 | unsigned char *to, RSA *rsa, int padding); | |
105 | static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | |
106 | BN_CTX *ctx); | |
107 | ||
108 | static int dasync_rsa_init(RSA *rsa); | |
109 | static int dasync_rsa_finish(RSA *rsa); | |
110 | ||
b72c9121 | 111 | static RSA_METHOD *dasync_rsa_method = NULL; |
a14e9ff7 | 112 | |
98ee7543 MC |
113 | /* AES */ |
114 | ||
115 | static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | |
116 | void *ptr); | |
98ee7543 MC |
117 | static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
118 | const unsigned char *iv, int enc); | |
98ee7543 MC |
119 | static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
120 | const unsigned char *in, size_t inl); | |
98ee7543 MC |
121 | static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx); |
122 | ||
2f2c9caa MC |
123 | static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, |
124 | int arg, void *ptr); | |
125 | static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, | |
126 | const unsigned char *key, | |
127 | const unsigned char *iv, | |
128 | int enc); | |
129 | static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, | |
130 | unsigned char *out, | |
131 | const unsigned char *in, | |
132 | size_t inl); | |
133 | static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx); | |
134 | ||
e38c2e85 | 135 | struct dasync_pipeline_ctx { |
98ee7543 | 136 | void *inner_cipher_data; |
98ee7543 MC |
137 | unsigned int numpipes; |
138 | unsigned char **inbufs; | |
139 | unsigned char **outbufs; | |
140 | size_t *lens; | |
2f2c9caa MC |
141 | unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; |
142 | unsigned int aadctr; | |
98ee7543 MC |
143 | }; |
144 | ||
11780ac3 MC |
145 | /* |
146 | * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only | |
147 | * during engine bind and can then be reused many times. | |
148 | */ | |
98ee7543 MC |
149 | static EVP_CIPHER *_hidden_aes_128_cbc = NULL; |
150 | static const EVP_CIPHER *dasync_aes_128_cbc(void) | |
151 | { | |
11780ac3 MC |
152 | return _hidden_aes_128_cbc; |
153 | } | |
154 | ||
155 | /* | |
156 | * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up | |
157 | * once only during engine bind and can then be reused many times. | |
a4a0a1eb DMSP |
158 | * |
159 | * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher, | |
160 | * which is implemented only if the AES-NI instruction set extension is available | |
161 | * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not | |
162 | * be available either. | |
163 | * | |
164 | * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which | |
165 | * negotiate the encrypt-then-mac extension) won't negotiate it anyway. | |
11780ac3 MC |
166 | */ |
167 | static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; | |
168 | static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void) | |
169 | { | |
170 | return _hidden_aes_128_cbc_hmac_sha1; | |
171 | } | |
172 | ||
173 | static void destroy_ciphers(void) | |
174 | { | |
175 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc); | |
176 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); | |
177 | _hidden_aes_128_cbc = NULL; | |
178 | _hidden_aes_128_cbc_hmac_sha1 = NULL; | |
179 | } | |
180 | ||
181 | static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
182 | const int **nids, int nid); | |
183 | ||
184 | static int dasync_cipher_nids[] = { | |
185 | NID_aes_128_cbc, | |
186 | NID_aes_128_cbc_hmac_sha1, | |
187 | 0 | |
188 | }; | |
189 | ||
190 | static int bind_dasync(ENGINE *e) | |
191 | { | |
b72c9121 RL |
192 | /* Setup RSA_METHOD */ |
193 | if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL | |
194 | || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 | |
195 | || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 | |
196 | || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0 | |
8aac5d2e | 197 | || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0 |
b72c9121 RL |
198 | || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0 |
199 | || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0 | |
200 | || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0 | |
201 | || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) { | |
202 | DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); | |
203 | return 0; | |
204 | } | |
205 | ||
11780ac3 MC |
206 | /* Ensure the dasync error handling is set up */ |
207 | ERR_load_DASYNC_strings(); | |
208 | ||
209 | if (!ENGINE_set_id(e, engine_dasync_id) | |
210 | || !ENGINE_set_name(e, engine_dasync_name) | |
b72c9121 | 211 | || !ENGINE_set_RSA(e, dasync_rsa_method) |
11780ac3 MC |
212 | || !ENGINE_set_digests(e, dasync_digests) |
213 | || !ENGINE_set_ciphers(e, dasync_ciphers) | |
214 | || !ENGINE_set_destroy_function(e, dasync_destroy) | |
215 | || !ENGINE_set_init_function(e, dasync_init) | |
216 | || !ENGINE_set_finish_function(e, dasync_finish)) { | |
217 | DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); | |
218 | return 0; | |
219 | } | |
220 | ||
221 | /* | |
222 | * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests | |
223 | * supplied by this engine | |
224 | */ | |
225 | _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption); | |
226 | if (_hidden_sha1_md == NULL | |
227 | || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH) | |
228 | || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK) | |
229 | || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, | |
230 | sizeof(EVP_MD *) + sizeof(SHA_CTX)) | |
231 | || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
232 | || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init) | |
233 | || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update) | |
234 | || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) { | |
235 | EVP_MD_meth_free(_hidden_sha1_md); | |
236 | _hidden_sha1_md = NULL; | |
237 | } | |
238 | ||
239 | _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, | |
240 | 16 /* block size */, | |
241 | 16 /* key len */); | |
98ee7543 MC |
242 | if (_hidden_aes_128_cbc == NULL |
243 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) | |
244 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, | |
245 | EVP_CIPH_FLAG_DEFAULT_ASN1 | |
246 | | EVP_CIPH_CBC_MODE | |
247 | | EVP_CIPH_FLAG_PIPELINE) | |
248 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, | |
249 | dasync_aes128_init_key) | |
250 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, | |
251 | dasync_aes128_cbc_cipher) | |
252 | || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, | |
253 | dasync_aes128_cbc_cleanup) | |
254 | || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, | |
255 | dasync_aes128_cbc_ctrl) | |
256 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, | |
e38c2e85 | 257 | sizeof(struct dasync_pipeline_ctx))) { |
98ee7543 MC |
258 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc); |
259 | _hidden_aes_128_cbc = NULL; | |
260 | } | |
98ee7543 | 261 | |
11780ac3 MC |
262 | _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( |
263 | NID_aes_128_cbc_hmac_sha1, | |
264 | 16 /* block size */, | |
265 | 16 /* key len */); | |
2f2c9caa MC |
266 | if (_hidden_aes_128_cbc_hmac_sha1 == NULL |
267 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) | |
268 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, | |
269 | EVP_CIPH_CBC_MODE | |
270 | | EVP_CIPH_FLAG_DEFAULT_ASN1 | |
271 | | EVP_CIPH_FLAG_AEAD_CIPHER | |
272 | | EVP_CIPH_FLAG_PIPELINE) | |
273 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, | |
274 | dasync_aes128_cbc_hmac_sha1_init_key) | |
275 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, | |
276 | dasync_aes128_cbc_hmac_sha1_cipher) | |
277 | || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, | |
278 | dasync_aes128_cbc_hmac_sha1_cleanup) | |
279 | || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, | |
280 | dasync_aes128_cbc_hmac_sha1_ctrl) | |
281 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, | |
e38c2e85 | 282 | sizeof(struct dasync_pipeline_ctx))) { |
2f2c9caa MC |
283 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); |
284 | _hidden_aes_128_cbc_hmac_sha1 = NULL; | |
285 | } | |
a14e9ff7 MC |
286 | |
287 | return 1; | |
288 | } | |
289 | ||
290 | # ifndef OPENSSL_NO_DYNAMIC_ENGINE | |
291 | static int bind_helper(ENGINE *e, const char *id) | |
292 | { | |
293 | if (id && (strcmp(id, engine_dasync_id) != 0)) | |
294 | return 0; | |
295 | if (!bind_dasync(e)) | |
296 | return 0; | |
297 | return 1; | |
298 | } | |
299 | ||
300 | IMPLEMENT_DYNAMIC_CHECK_FN() | |
301 | IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) | |
302 | # endif | |
303 | ||
304 | static ENGINE *engine_dasync(void) | |
305 | { | |
306 | ENGINE *ret = ENGINE_new(); | |
307 | if (!ret) | |
308 | return NULL; | |
309 | if (!bind_dasync(ret)) { | |
310 | ENGINE_free(ret); | |
311 | return NULL; | |
312 | } | |
313 | return ret; | |
314 | } | |
315 | ||
b3599dbb | 316 | void engine_load_dasync_int(void) |
a14e9ff7 MC |
317 | { |
318 | ENGINE *toadd = engine_dasync(); | |
319 | if (!toadd) | |
320 | return; | |
321 | ENGINE_add(toadd); | |
322 | ENGINE_free(toadd); | |
323 | ERR_clear_error(); | |
324 | } | |
325 | ||
326 | static int dasync_init(ENGINE *e) | |
327 | { | |
328 | return 1; | |
329 | } | |
330 | ||
331 | ||
332 | static int dasync_finish(ENGINE *e) | |
333 | { | |
334 | return 1; | |
335 | } | |
336 | ||
337 | ||
338 | static int dasync_destroy(ENGINE *e) | |
339 | { | |
cddcea8c | 340 | destroy_digests(); |
11780ac3 | 341 | destroy_ciphers(); |
b72c9121 | 342 | RSA_meth_free(dasync_rsa_method); |
a14e9ff7 MC |
343 | ERR_unload_DASYNC_strings(); |
344 | return 1; | |
345 | } | |
346 | ||
347 | static int dasync_digests(ENGINE *e, const EVP_MD **digest, | |
348 | const int **nids, int nid) | |
349 | { | |
350 | int ok = 1; | |
351 | if (!digest) { | |
352 | /* We are returning a list of supported nids */ | |
cddcea8c | 353 | return dasync_digest_nids(nids); |
a14e9ff7 MC |
354 | } |
355 | /* We are being asked for a specific digest */ | |
356 | switch (nid) { | |
357 | case NID_sha1: | |
cddcea8c | 358 | *digest = dasync_sha1(); |
a14e9ff7 MC |
359 | break; |
360 | default: | |
361 | ok = 0; | |
362 | *digest = NULL; | |
363 | break; | |
364 | } | |
365 | return ok; | |
366 | } | |
367 | ||
98ee7543 MC |
368 | static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
369 | const int **nids, int nid) | |
370 | { | |
371 | int ok = 1; | |
11780ac3 | 372 | if (cipher == NULL) { |
98ee7543 MC |
373 | /* We are returning a list of supported nids */ |
374 | *nids = dasync_cipher_nids; | |
375 | return (sizeof(dasync_cipher_nids) - | |
376 | 1) / sizeof(dasync_cipher_nids[0]); | |
377 | } | |
378 | /* We are being asked for a specific cipher */ | |
379 | switch (nid) { | |
380 | case NID_aes_128_cbc: | |
381 | *cipher = dasync_aes_128_cbc(); | |
382 | break; | |
2f2c9caa MC |
383 | case NID_aes_128_cbc_hmac_sha1: |
384 | *cipher = dasync_aes_128_cbc_hmac_sha1(); | |
385 | break; | |
98ee7543 MC |
386 | default: |
387 | ok = 0; | |
388 | *cipher = NULL; | |
389 | break; | |
390 | } | |
391 | return ok; | |
392 | } | |
393 | ||
ff75a257 MC |
394 | static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, |
395 | OSSL_ASYNC_FD readfd, void *pvwritefd) | |
396 | { | |
397 | OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd; | |
398 | #if defined(ASYNC_WIN) | |
399 | CloseHandle(readfd); | |
400 | CloseHandle(*pwritefd); | |
401 | #elif defined(ASYNC_POSIX) | |
402 | close(readfd); | |
403 | close(*pwritefd); | |
404 | #endif | |
405 | OPENSSL_free(pwritefd); | |
406 | } | |
407 | ||
408 | #define DUMMY_CHAR 'X' | |
409 | ||
f4da39d2 MC |
410 | static void dummy_pause_job(void) { |
411 | ASYNC_JOB *job; | |
ff75a257 | 412 | ASYNC_WAIT_CTX *waitctx; |
9f5a87fd PY |
413 | ASYNC_callback_fn callback; |
414 | void * callback_arg; | |
ff75a257 MC |
415 | OSSL_ASYNC_FD pipefds[2] = {0, 0}; |
416 | OSSL_ASYNC_FD *writefd; | |
417 | #if defined(ASYNC_WIN) | |
418 | DWORD numwritten, numread; | |
419 | char buf = DUMMY_CHAR; | |
420 | #elif defined(ASYNC_POSIX) | |
421 | char buf = DUMMY_CHAR; | |
422 | #endif | |
f4da39d2 MC |
423 | |
424 | if ((job = ASYNC_get_current_job()) == NULL) | |
425 | return; | |
426 | ||
ff75a257 MC |
427 | waitctx = ASYNC_get_wait_ctx(job); |
428 | ||
9f5a87fd PY |
429 | if (ASYNC_WAIT_CTX_get_callback(waitctx, &callback, &callback_arg) && callback != NULL) { |
430 | /* | |
431 | * In the Dummy async engine we are cheating. We call the callback that the job | |
432 | * is complete before the call to ASYNC_pause_job(). A real | |
433 | * async engine would only call the callback when the job was actually complete | |
434 | */ | |
435 | (*callback)(callback_arg); | |
436 | ASYNC_pause_job(); | |
437 | return; | |
438 | } | |
439 | ||
440 | ||
ff75a257 MC |
441 | if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0], |
442 | (void **)&writefd)) { | |
443 | pipefds[1] = *writefd; | |
444 | } else { | |
445 | writefd = OPENSSL_malloc(sizeof(*writefd)); | |
446 | if (writefd == NULL) | |
447 | return; | |
448 | #if defined(ASYNC_WIN) | |
449 | if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) { | |
450 | OPENSSL_free(writefd); | |
451 | return; | |
452 | } | |
453 | #elif defined(ASYNC_POSIX) | |
454 | if (pipe(pipefds) != 0) { | |
455 | OPENSSL_free(writefd); | |
456 | return; | |
457 | } | |
458 | #endif | |
459 | *writefd = pipefds[1]; | |
460 | ||
f479eab2 F |
461 | if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], |
462 | writefd, wait_cleanup)) { | |
ff75a257 MC |
463 | wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); |
464 | return; | |
465 | } | |
466 | } | |
f4da39d2 MC |
467 | /* |
468 | * In the Dummy async engine we are cheating. We signal that the job | |
469 | * is complete by waking it before the call to ASYNC_pause_job(). A real | |
470 | * async engine would only wake when the job was actually complete | |
471 | */ | |
ff75a257 MC |
472 | #if defined(ASYNC_WIN) |
473 | WriteFile(pipefds[1], &buf, 1, &numwritten, NULL); | |
474 | #elif defined(ASYNC_POSIX) | |
b8972eda AG |
475 | if (write(pipefds[1], &buf, 1) < 0) |
476 | return; | |
ff75a257 | 477 | #endif |
f4da39d2 MC |
478 | |
479 | /* Ignore errors - we carry on anyway */ | |
480 | ASYNC_pause_job(); | |
481 | ||
ff75a257 MC |
482 | /* Clear the wake signal */ |
483 | #if defined(ASYNC_WIN) | |
484 | ReadFile(pipefds[0], &buf, 1, &numread, NULL); | |
485 | #elif defined(ASYNC_POSIX) | |
b8972eda AG |
486 | if (read(pipefds[0], &buf, 1) < 0) |
487 | return; | |
ff75a257 | 488 | #endif |
f4da39d2 MC |
489 | } |
490 | ||
a14e9ff7 MC |
491 | /* |
492 | * SHA1 implementation. At the moment we just defer to the standard | |
493 | * implementation | |
494 | */ | |
495 | #undef data | |
6e59a892 | 496 | #define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) |
46a283c0 | 497 | static int dasync_sha1_init(EVP_MD_CTX *ctx) |
a14e9ff7 | 498 | { |
f4da39d2 | 499 | dummy_pause_job(); |
a14e9ff7 MC |
500 | |
501 | return SHA1_Init(data(ctx)); | |
502 | } | |
503 | ||
46a283c0 | 504 | static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, |
652d4a8c | 505 | size_t count) |
a14e9ff7 | 506 | { |
f4da39d2 | 507 | dummy_pause_job(); |
a14e9ff7 MC |
508 | |
509 | return SHA1_Update(data(ctx), data, (size_t)count); | |
510 | } | |
511 | ||
46a283c0 | 512 | static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) |
a14e9ff7 | 513 | { |
f4da39d2 | 514 | dummy_pause_job(); |
a14e9ff7 MC |
515 | |
516 | return SHA1_Final(md, data(ctx)); | |
517 | } | |
518 | ||
519 | /* | |
520 | * RSA implementation | |
521 | */ | |
522 | ||
523 | static int dasync_pub_enc(int flen, const unsigned char *from, | |
524 | unsigned char *to, RSA *rsa, int padding) { | |
525 | /* Ignore errors - we carry on anyway */ | |
f4da39d2 | 526 | dummy_pause_job(); |
b72c9121 RL |
527 | return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL()) |
528 | (flen, from, to, rsa, padding); | |
a14e9ff7 MC |
529 | } |
530 | ||
531 | static int dasync_pub_dec(int flen, const unsigned char *from, | |
532 | unsigned char *to, RSA *rsa, int padding) { | |
533 | /* Ignore errors - we carry on anyway */ | |
f4da39d2 | 534 | dummy_pause_job(); |
b72c9121 RL |
535 | return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL()) |
536 | (flen, from, to, rsa, padding); | |
a14e9ff7 MC |
537 | } |
538 | ||
539 | static int dasync_rsa_priv_enc(int flen, const unsigned char *from, | |
540 | unsigned char *to, RSA *rsa, int padding) | |
541 | { | |
542 | /* Ignore errors - we carry on anyway */ | |
f4da39d2 | 543 | dummy_pause_job(); |
b72c9121 RL |
544 | return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL()) |
545 | (flen, from, to, rsa, padding); | |
a14e9ff7 MC |
546 | } |
547 | ||
548 | static int dasync_rsa_priv_dec(int flen, const unsigned char *from, | |
549 | unsigned char *to, RSA *rsa, int padding) | |
550 | { | |
551 | /* Ignore errors - we carry on anyway */ | |
f4da39d2 | 552 | dummy_pause_job(); |
b72c9121 RL |
553 | return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL()) |
554 | (flen, from, to, rsa, padding); | |
a14e9ff7 MC |
555 | } |
556 | ||
557 | static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |
558 | { | |
559 | /* Ignore errors - we carry on anyway */ | |
f4da39d2 | 560 | dummy_pause_job(); |
b72c9121 | 561 | return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx); |
a14e9ff7 MC |
562 | } |
563 | ||
564 | static int dasync_rsa_init(RSA *rsa) | |
565 | { | |
b72c9121 | 566 | return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa); |
a14e9ff7 MC |
567 | } |
568 | static int dasync_rsa_finish(RSA *rsa) | |
569 | { | |
b72c9121 | 570 | return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa); |
a14e9ff7 | 571 | } |
98ee7543 | 572 | |
e38c2e85 | 573 | /* Cipher helper functions */ |
98ee7543 | 574 | |
e38c2e85 MC |
575 | static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, |
576 | void *ptr, int aeadcapable) | |
98ee7543 MC |
577 | { |
578 | int ret; | |
e38c2e85 MC |
579 | struct dasync_pipeline_ctx *pipe_ctx = |
580 | (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
2f2c9caa MC |
581 | |
582 | if (pipe_ctx == NULL) | |
583 | return 0; | |
584 | ||
585 | switch (type) { | |
586 | case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: | |
587 | pipe_ctx->numpipes = arg; | |
588 | pipe_ctx->outbufs = (unsigned char **)ptr; | |
589 | break; | |
590 | ||
591 | case EVP_CTRL_SET_PIPELINE_INPUT_BUFS: | |
592 | pipe_ctx->numpipes = arg; | |
593 | pipe_ctx->inbufs = (unsigned char **)ptr; | |
594 | break; | |
595 | ||
596 | case EVP_CTRL_SET_PIPELINE_INPUT_LENS: | |
597 | pipe_ctx->numpipes = arg; | |
598 | pipe_ctx->lens = (size_t *)ptr; | |
599 | break; | |
600 | ||
601 | case EVP_CTRL_AEAD_SET_MAC_KEY: | |
e38c2e85 MC |
602 | if (!aeadcapable) |
603 | return -1; | |
2f2c9caa MC |
604 | EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); |
605 | ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1()) | |
606 | (ctx, type, arg, ptr); | |
607 | EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); | |
608 | return ret; | |
609 | ||
610 | case EVP_CTRL_AEAD_TLS1_AAD: | |
611 | { | |
612 | unsigned char *p = ptr; | |
613 | unsigned int len; | |
614 | ||
e38c2e85 | 615 | if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN) |
2f2c9caa MC |
616 | return -1; |
617 | ||
618 | if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES) | |
619 | return -1; | |
620 | ||
621 | memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr, | |
622 | EVP_AEAD_TLS1_AAD_LEN); | |
623 | pipe_ctx->aadctr++; | |
624 | ||
625 | len = p[arg - 2] << 8 | p[arg - 1]; | |
626 | ||
695dd3a3 | 627 | if (EVP_CIPHER_CTX_encrypting(ctx)) { |
2f2c9caa | 628 | if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { |
a68d3505 RS |
629 | if (len < AES_BLOCK_SIZE) |
630 | return 0; | |
2f2c9caa MC |
631 | len -= AES_BLOCK_SIZE; |
632 | } | |
633 | ||
634 | return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) | |
635 | & -AES_BLOCK_SIZE) - len; | |
636 | } else { | |
637 | return SHA_DIGEST_LENGTH; | |
638 | } | |
639 | } | |
640 | ||
2f2c9caa MC |
641 | default: |
642 | return 0; | |
643 | } | |
644 | ||
645 | return 1; | |
646 | } | |
647 | ||
e38c2e85 MC |
648 | static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx, |
649 | const unsigned char *key, | |
650 | const unsigned char *iv, int enc, | |
651 | const EVP_CIPHER *cipher) | |
2f2c9caa MC |
652 | { |
653 | int ret; | |
e38c2e85 MC |
654 | struct dasync_pipeline_ctx *pipe_ctx = |
655 | (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
2f2c9caa MC |
656 | |
657 | if (pipe_ctx->inner_cipher_data == NULL | |
e38c2e85 MC |
658 | && EVP_CIPHER_impl_ctx_size(cipher) != 0) { |
659 | pipe_ctx->inner_cipher_data = OPENSSL_zalloc( | |
660 | EVP_CIPHER_impl_ctx_size(cipher)); | |
2f2c9caa | 661 | if (pipe_ctx->inner_cipher_data == NULL) { |
2f781956 | 662 | DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, |
2f2c9caa MC |
663 | ERR_R_MALLOC_FAILURE); |
664 | return 0; | |
665 | } | |
666 | } | |
667 | ||
668 | pipe_ctx->numpipes = 0; | |
e38c2e85 | 669 | pipe_ctx->aadctr = 0; |
2f2c9caa MC |
670 | |
671 | EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); | |
e38c2e85 | 672 | ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc); |
2f2c9caa MC |
673 | EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); |
674 | ||
675 | return ret; | |
676 | } | |
677 | ||
e38c2e85 MC |
678 | static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out, |
679 | const unsigned char *in, size_t inl, | |
680 | const EVP_CIPHER *cipher) | |
2f2c9caa MC |
681 | { |
682 | int ret = 1; | |
683 | unsigned int i, pipes; | |
e38c2e85 MC |
684 | struct dasync_pipeline_ctx *pipe_ctx = |
685 | (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
2f2c9caa MC |
686 | |
687 | pipes = pipe_ctx->numpipes; | |
688 | EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); | |
689 | if (pipes == 0) { | |
690 | if (pipe_ctx->aadctr != 0) { | |
691 | if (pipe_ctx->aadctr != 1) | |
692 | return -1; | |
e38c2e85 | 693 | EVP_CIPHER_meth_get_ctrl(cipher) |
2f2c9caa MC |
694 | (ctx, EVP_CTRL_AEAD_TLS1_AAD, |
695 | EVP_AEAD_TLS1_AAD_LEN, | |
696 | pipe_ctx->tlsaad[0]); | |
697 | } | |
e38c2e85 | 698 | ret = EVP_CIPHER_meth_get_do_cipher(cipher) |
2f2c9caa MC |
699 | (ctx, out, in, inl); |
700 | } else { | |
701 | if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes) | |
702 | return -1; | |
703 | for (i = 0; i < pipes; i++) { | |
704 | if (pipe_ctx->aadctr > 0) { | |
e38c2e85 | 705 | EVP_CIPHER_meth_get_ctrl(cipher) |
2f2c9caa MC |
706 | (ctx, EVP_CTRL_AEAD_TLS1_AAD, |
707 | EVP_AEAD_TLS1_AAD_LEN, | |
708 | pipe_ctx->tlsaad[i]); | |
709 | } | |
e38c2e85 | 710 | ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher) |
2f2c9caa MC |
711 | (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i], |
712 | pipe_ctx->lens[i]); | |
713 | } | |
714 | pipe_ctx->numpipes = 0; | |
715 | } | |
716 | pipe_ctx->aadctr = 0; | |
717 | EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); | |
718 | return ret; | |
719 | } | |
720 | ||
e38c2e85 MC |
721 | static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx, |
722 | const EVP_CIPHER *cipher) | |
2f2c9caa | 723 | { |
e38c2e85 MC |
724 | struct dasync_pipeline_ctx *pipe_ctx = |
725 | (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
2f2c9caa MC |
726 | |
727 | OPENSSL_clear_free(pipe_ctx->inner_cipher_data, | |
e38c2e85 | 728 | EVP_CIPHER_impl_ctx_size(cipher)); |
2f2c9caa MC |
729 | |
730 | return 1; | |
731 | } | |
e38c2e85 MC |
732 | |
733 | /* | |
734 | * AES128 CBC Implementation | |
735 | */ | |
736 | ||
737 | static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | |
738 | void *ptr) | |
739 | { | |
740 | return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0); | |
741 | } | |
742 | ||
743 | static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
744 | const unsigned char *iv, int enc) | |
745 | { | |
746 | return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc()); | |
747 | } | |
748 | ||
749 | static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
750 | const unsigned char *in, size_t inl) | |
751 | { | |
752 | return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc()); | |
753 | } | |
754 | ||
755 | static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx) | |
756 | { | |
757 | return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc()); | |
758 | } | |
759 | ||
760 | ||
761 | /* | |
762 | * AES128 CBC HMAC SHA1 Implementation | |
763 | */ | |
764 | ||
765 | static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | |
766 | int arg, void *ptr) | |
767 | { | |
768 | return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1); | |
769 | } | |
770 | ||
771 | static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, | |
772 | const unsigned char *key, | |
773 | const unsigned char *iv, | |
774 | int enc) | |
775 | { | |
a4a0a1eb DMSP |
776 | /* |
777 | * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, | |
778 | * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). | |
779 | */ | |
e38c2e85 MC |
780 | return dasync_cipher_init_key_helper(ctx, key, iv, enc, |
781 | EVP_aes_128_cbc_hmac_sha1()); | |
782 | } | |
783 | ||
784 | static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, | |
785 | unsigned char *out, | |
786 | const unsigned char *in, | |
787 | size_t inl) | |
788 | { | |
789 | return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1()); | |
790 | } | |
791 | ||
792 | static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) | |
793 | { | |
a4a0a1eb DMSP |
794 | /* |
795 | * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, | |
796 | * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). | |
797 | */ | |
e38c2e85 MC |
798 | return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); |
799 | } |