e_dasync.c 33 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006
  1. /*
  2. * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. /*
  12. * SHA-1 low level APIs are deprecated for public use, but still ok for
  13. * internal use. Note, that due to symbols not being exported, only the
  14. * #defines and structures can be accessed, in this case SHA_CBLOCK and
  15. * sizeof(SHA_CTX).
  16. */
  17. #include "internal/deprecated.h"
  18. #include <openssl/opensslconf.h>
  19. #if defined(_WIN32)
  20. # include <windows.h>
  21. #endif
  22. #include <stdio.h>
  23. #include <string.h>
  24. #include <openssl/engine.h>
  25. #include <openssl/sha.h>
  26. #include <openssl/aes.h>
  27. #include <openssl/rsa.h>
  28. #include <openssl/evp.h>
  29. #include <openssl/async.h>
  30. #include <openssl/bn.h>
  31. #include <openssl/crypto.h>
  32. #include <openssl/ssl.h>
  33. #include <openssl/modes.h>
  34. #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
  35. # undef ASYNC_POSIX
  36. # define ASYNC_POSIX
  37. # include <unistd.h>
  38. #elif defined(_WIN32)
  39. # undef ASYNC_WIN
  40. # define ASYNC_WIN
  41. #endif
  42. #include "e_dasync_err.c"
  43. /* Engine Id and Name */
  44. static const char *engine_dasync_id = "dasync";
  45. static const char *engine_dasync_name = "Dummy Async engine support";
  46. /* Engine Lifetime functions */
  47. static int dasync_destroy(ENGINE *e);
  48. static int dasync_init(ENGINE *e);
  49. static int dasync_finish(ENGINE *e);
  50. void engine_load_dasync_int(void);
  51. /* Set up digests. Just SHA1 for now */
  52. static int dasync_digests(ENGINE *e, const EVP_MD **digest,
  53. const int **nids, int nid);
  54. static void dummy_pause_job(void);
  55. /* SHA1 */
  56. static int dasync_sha1_init(EVP_MD_CTX *ctx);
  57. static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
  58. size_t count);
  59. static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
  60. /*
  61. * Holds the EVP_MD object for sha1 in this engine. Set up once only during
  62. * engine bind and can then be reused many times.
  63. */
  64. static EVP_MD *_hidden_sha1_md = NULL;
  65. static const EVP_MD *dasync_sha1(void)
  66. {
  67. return _hidden_sha1_md;
  68. }
  69. static void destroy_digests(void)
  70. {
  71. EVP_MD_meth_free(_hidden_sha1_md);
  72. _hidden_sha1_md = NULL;
  73. }
  74. static int dasync_digest_nids(const int **nids)
  75. {
  76. static int digest_nids[2] = { 0, 0 };
  77. static int pos = 0;
  78. static int init = 0;
  79. if (!init) {
  80. const EVP_MD *md;
  81. if ((md = dasync_sha1()) != NULL)
  82. digest_nids[pos++] = EVP_MD_get_type(md);
  83. digest_nids[pos] = 0;
  84. init = 1;
  85. }
  86. *nids = digest_nids;
  87. return pos;
  88. }
  89. /* RSA */
  90. static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  91. const int **pnids, int nid);
  92. static int dasync_rsa_init(EVP_PKEY_CTX *ctx);
  93. static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx);
  94. static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx);
  95. static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
  96. static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx);
  97. static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
  98. static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx);
  99. static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  100. size_t *outlen, const unsigned char *in,
  101. size_t inlen);
  102. static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx);
  103. static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  104. size_t *outlen, const unsigned char *in,
  105. size_t inlen);
  106. static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
  107. static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
  108. const char *value);
  109. static EVP_PKEY_METHOD *dasync_rsa;
  110. static const EVP_PKEY_METHOD *dasync_rsa_orig;
  111. /* AES */
  112. static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  113. void *ptr);
  114. static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  115. const unsigned char *iv, int enc);
  116. static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  117. const unsigned char *in, size_t inl);
  118. static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
  119. static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  120. void *ptr);
  121. static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  122. const unsigned char *iv, int enc);
  123. static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  124. const unsigned char *in, size_t inl);
  125. static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx);
  126. static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
  127. int arg, void *ptr);
  128. static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
  129. const unsigned char *key,
  130. const unsigned char *iv,
  131. int enc);
  132. static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
  133. unsigned char *out,
  134. const unsigned char *in,
  135. size_t inl);
  136. static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
  137. struct dasync_pipeline_ctx {
  138. void *inner_cipher_data;
  139. unsigned int numpipes;
  140. unsigned char **inbufs;
  141. unsigned char **outbufs;
  142. size_t *lens;
  143. unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
  144. unsigned int aadctr;
  145. };
  146. /*
  147. * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
  148. * during engine bind and can then be reused many times.
  149. */
  150. static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
  151. static const EVP_CIPHER *dasync_aes_128_cbc(void)
  152. {
  153. return _hidden_aes_128_cbc;
  154. }
  155. static EVP_CIPHER *_hidden_aes_256_ctr = NULL;
  156. static const EVP_CIPHER *dasync_aes_256_ctr(void)
  157. {
  158. return _hidden_aes_256_ctr;
  159. }
  160. /*
  161. * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
  162. * once only during engine bind and can then be reused many times.
  163. *
  164. * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
  165. * which is implemented only if the AES-NI instruction set extension is available
  166. * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
  167. * be available either.
  168. *
  169. * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
  170. * negotiate the encrypt-then-mac extension) won't negotiate it anyway.
  171. */
  172. static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
  173. static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
  174. {
  175. return _hidden_aes_128_cbc_hmac_sha1;
  176. }
  177. static void destroy_ciphers(void)
  178. {
  179. EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
  180. EVP_CIPHER_meth_free(_hidden_aes_256_ctr);
  181. EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
  182. _hidden_aes_128_cbc = NULL;
  183. _hidden_aes_256_ctr = NULL;
  184. _hidden_aes_128_cbc_hmac_sha1 = NULL;
  185. }
  186. static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  187. const int **nids, int nid);
  188. static int dasync_cipher_nids[] = {
  189. NID_aes_128_cbc,
  190. NID_aes_256_ctr,
  191. NID_aes_128_cbc_hmac_sha1,
  192. 0
  193. };
  194. static int bind_dasync(ENGINE *e)
  195. {
  196. /* Setup RSA */
  197. if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL
  198. || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA,
  199. EVP_PKEY_FLAG_AUTOARGLEN)) == NULL)
  200. return 0;
  201. EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init);
  202. EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup);
  203. EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init,
  204. dasync_rsa_paramgen);
  205. EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init,
  206. dasync_rsa_keygen);
  207. EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init,
  208. dasync_rsa_encrypt);
  209. EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init,
  210. dasync_rsa_decrypt);
  211. EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl,
  212. dasync_rsa_ctrl_str);
  213. /* Ensure the dasync error handling is set up */
  214. ERR_load_DASYNC_strings();
  215. if (!ENGINE_set_id(e, engine_dasync_id)
  216. || !ENGINE_set_name(e, engine_dasync_name)
  217. || !ENGINE_set_pkey_meths(e, dasync_pkey)
  218. || !ENGINE_set_digests(e, dasync_digests)
  219. || !ENGINE_set_ciphers(e, dasync_ciphers)
  220. || !ENGINE_set_destroy_function(e, dasync_destroy)
  221. || !ENGINE_set_init_function(e, dasync_init)
  222. || !ENGINE_set_finish_function(e, dasync_finish)) {
  223. DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
  224. return 0;
  225. }
  226. /*
  227. * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
  228. * supplied by this engine
  229. */
  230. _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
  231. if (_hidden_sha1_md == NULL
  232. || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
  233. || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
  234. || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
  235. sizeof(EVP_MD *) + sizeof(SHA_CTX))
  236. || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
  237. || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
  238. || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
  239. || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
  240. EVP_MD_meth_free(_hidden_sha1_md);
  241. _hidden_sha1_md = NULL;
  242. }
  243. _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
  244. 16 /* block size */,
  245. 16 /* key len */);
  246. if (_hidden_aes_128_cbc == NULL
  247. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
  248. || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
  249. EVP_CIPH_FLAG_DEFAULT_ASN1
  250. | EVP_CIPH_CBC_MODE
  251. | EVP_CIPH_FLAG_PIPELINE
  252. | EVP_CIPH_CUSTOM_COPY)
  253. || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
  254. dasync_aes128_init_key)
  255. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
  256. dasync_aes128_cbc_cipher)
  257. || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
  258. dasync_aes128_cbc_cleanup)
  259. || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
  260. dasync_aes128_cbc_ctrl)
  261. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
  262. sizeof(struct dasync_pipeline_ctx))) {
  263. EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
  264. _hidden_aes_128_cbc = NULL;
  265. }
  266. _hidden_aes_256_ctr = EVP_CIPHER_meth_new(NID_aes_256_ctr,
  267. 1 /* block size */,
  268. 32 /* key len */);
  269. if (_hidden_aes_256_ctr == NULL
  270. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr,16)
  271. || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr,
  272. EVP_CIPH_FLAG_DEFAULT_ASN1
  273. | EVP_CIPH_CTR_MODE
  274. | EVP_CIPH_FLAG_PIPELINE
  275. | EVP_CIPH_CUSTOM_COPY)
  276. || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr,
  277. dasync_aes256_init_key)
  278. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr,
  279. dasync_aes256_ctr_cipher)
  280. || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr,
  281. dasync_aes256_ctr_cleanup)
  282. || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr,
  283. dasync_aes256_ctr_ctrl)
  284. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr,
  285. sizeof(struct dasync_pipeline_ctx))) {
  286. EVP_CIPHER_meth_free(_hidden_aes_256_ctr);
  287. _hidden_aes_256_ctr = NULL;
  288. }
  289. _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
  290. NID_aes_128_cbc_hmac_sha1,
  291. 16 /* block size */,
  292. 16 /* key len */);
  293. if (_hidden_aes_128_cbc_hmac_sha1 == NULL
  294. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
  295. || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
  296. EVP_CIPH_CBC_MODE
  297. | EVP_CIPH_FLAG_DEFAULT_ASN1
  298. | EVP_CIPH_FLAG_AEAD_CIPHER
  299. | EVP_CIPH_FLAG_PIPELINE
  300. | EVP_CIPH_CUSTOM_COPY)
  301. || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
  302. dasync_aes128_cbc_hmac_sha1_init_key)
  303. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
  304. dasync_aes128_cbc_hmac_sha1_cipher)
  305. || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
  306. dasync_aes128_cbc_hmac_sha1_cleanup)
  307. || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
  308. dasync_aes128_cbc_hmac_sha1_ctrl)
  309. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
  310. sizeof(struct dasync_pipeline_ctx))) {
  311. EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
  312. _hidden_aes_128_cbc_hmac_sha1 = NULL;
  313. }
  314. return 1;
  315. }
  316. static void destroy_pkey(void)
  317. {
  318. /*
  319. * We don't actually need to free the dasync_rsa method since this is
  320. * automatically freed for us by libcrypto.
  321. */
  322. dasync_rsa_orig = NULL;
  323. dasync_rsa = NULL;
  324. }
  325. # ifndef OPENSSL_NO_DYNAMIC_ENGINE
  326. static int bind_helper(ENGINE *e, const char *id)
  327. {
  328. if (id && (strcmp(id, engine_dasync_id) != 0))
  329. return 0;
  330. if (!bind_dasync(e))
  331. return 0;
  332. return 1;
  333. }
  334. IMPLEMENT_DYNAMIC_CHECK_FN()
  335. IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
  336. # endif
  337. static ENGINE *engine_dasync(void)
  338. {
  339. ENGINE *ret = ENGINE_new();
  340. if (!ret)
  341. return NULL;
  342. if (!bind_dasync(ret)) {
  343. ENGINE_free(ret);
  344. return NULL;
  345. }
  346. return ret;
  347. }
  348. void engine_load_dasync_int(void)
  349. {
  350. ENGINE *toadd = engine_dasync();
  351. if (!toadd)
  352. return;
  353. ERR_set_mark();
  354. ENGINE_add(toadd);
  355. /*
  356. * If the "add" worked, it gets a structural reference. So either way, we
  357. * release our just-created reference.
  358. */
  359. ENGINE_free(toadd);
  360. /*
  361. * If the "add" didn't work, it was probably a conflict because it was
  362. * already added (eg. someone calling ENGINE_load_blah then calling
  363. * ENGINE_load_builtin_engines() perhaps).
  364. */
  365. ERR_pop_to_mark();
  366. }
  367. static int dasync_init(ENGINE *e)
  368. {
  369. return 1;
  370. }
  371. static int dasync_finish(ENGINE *e)
  372. {
  373. return 1;
  374. }
  375. static int dasync_destroy(ENGINE *e)
  376. {
  377. destroy_digests();
  378. destroy_ciphers();
  379. destroy_pkey();
  380. ERR_unload_DASYNC_strings();
  381. return 1;
  382. }
  383. static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  384. const int **pnids, int nid)
  385. {
  386. static const int rnid = EVP_PKEY_RSA;
  387. if (pmeth == NULL) {
  388. *pnids = &rnid;
  389. return 1;
  390. }
  391. if (nid == EVP_PKEY_RSA) {
  392. *pmeth = dasync_rsa;
  393. return 1;
  394. }
  395. *pmeth = NULL;
  396. return 0;
  397. }
  398. static int dasync_digests(ENGINE *e, const EVP_MD **digest,
  399. const int **nids, int nid)
  400. {
  401. int ok = 1;
  402. if (!digest) {
  403. /* We are returning a list of supported nids */
  404. return dasync_digest_nids(nids);
  405. }
  406. /* We are being asked for a specific digest */
  407. switch (nid) {
  408. case NID_sha1:
  409. *digest = dasync_sha1();
  410. break;
  411. default:
  412. ok = 0;
  413. *digest = NULL;
  414. break;
  415. }
  416. return ok;
  417. }
  418. static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  419. const int **nids, int nid)
  420. {
  421. int ok = 1;
  422. if (cipher == NULL) {
  423. /* We are returning a list of supported nids */
  424. *nids = dasync_cipher_nids;
  425. return (sizeof(dasync_cipher_nids) -
  426. 1) / sizeof(dasync_cipher_nids[0]);
  427. }
  428. /* We are being asked for a specific cipher */
  429. switch (nid) {
  430. case NID_aes_128_cbc:
  431. *cipher = dasync_aes_128_cbc();
  432. break;
  433. case NID_aes_256_ctr:
  434. *cipher = dasync_aes_256_ctr();
  435. break;
  436. case NID_aes_128_cbc_hmac_sha1:
  437. *cipher = dasync_aes_128_cbc_hmac_sha1();
  438. break;
  439. default:
  440. ok = 0;
  441. *cipher = NULL;
  442. break;
  443. }
  444. return ok;
  445. }
  446. static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
  447. OSSL_ASYNC_FD readfd, void *pvwritefd)
  448. {
  449. OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
  450. #if defined(ASYNC_WIN)
  451. CloseHandle(readfd);
  452. CloseHandle(*pwritefd);
  453. #elif defined(ASYNC_POSIX)
  454. close(readfd);
  455. close(*pwritefd);
  456. #endif
  457. OPENSSL_free(pwritefd);
  458. }
  459. #define DUMMY_CHAR 'X'
  460. static void dummy_pause_job(void) {
  461. ASYNC_JOB *job;
  462. ASYNC_WAIT_CTX *waitctx;
  463. ASYNC_callback_fn callback;
  464. void *callback_arg;
  465. OSSL_ASYNC_FD pipefds[2] = {0, 0};
  466. OSSL_ASYNC_FD *writefd;
  467. #if defined(ASYNC_WIN)
  468. DWORD numwritten, numread;
  469. char buf = DUMMY_CHAR;
  470. #elif defined(ASYNC_POSIX)
  471. char buf = DUMMY_CHAR;
  472. #endif
  473. if ((job = ASYNC_get_current_job()) == NULL)
  474. return;
  475. waitctx = ASYNC_get_wait_ctx(job);
  476. if (ASYNC_WAIT_CTX_get_callback(waitctx, &callback, &callback_arg) && callback != NULL) {
  477. /*
  478. * In the Dummy async engine we are cheating. We call the callback that the job
  479. * is complete before the call to ASYNC_pause_job(). A real
  480. * async engine would only call the callback when the job was actually complete
  481. */
  482. (*callback)(callback_arg);
  483. ASYNC_pause_job();
  484. return;
  485. }
  486. if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
  487. (void **)&writefd)) {
  488. pipefds[1] = *writefd;
  489. } else {
  490. writefd = OPENSSL_malloc(sizeof(*writefd));
  491. if (writefd == NULL)
  492. return;
  493. #if defined(ASYNC_WIN)
  494. if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
  495. OPENSSL_free(writefd);
  496. return;
  497. }
  498. #elif defined(ASYNC_POSIX)
  499. if (pipe(pipefds) != 0) {
  500. OPENSSL_free(writefd);
  501. return;
  502. }
  503. #endif
  504. *writefd = pipefds[1];
  505. if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
  506. writefd, wait_cleanup)) {
  507. wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
  508. return;
  509. }
  510. }
  511. /*
  512. * In the Dummy async engine we are cheating. We signal that the job
  513. * is complete by waking it before the call to ASYNC_pause_job(). A real
  514. * async engine would only wake when the job was actually complete
  515. */
  516. #if defined(ASYNC_WIN)
  517. WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
  518. #elif defined(ASYNC_POSIX)
  519. if (write(pipefds[1], &buf, 1) < 0)
  520. return;
  521. #endif
  522. /* Ignore errors - we carry on anyway */
  523. ASYNC_pause_job();
  524. /* Clear the wake signal */
  525. #if defined(ASYNC_WIN)
  526. ReadFile(pipefds[0], &buf, 1, &numread, NULL);
  527. #elif defined(ASYNC_POSIX)
  528. if (read(pipefds[0], &buf, 1) < 0)
  529. return;
  530. #endif
  531. }
  532. /*
  533. * SHA1 implementation. At the moment we just defer to the standard
  534. * implementation
  535. */
  536. static int dasync_sha1_init(EVP_MD_CTX *ctx)
  537. {
  538. dummy_pause_job();
  539. return EVP_MD_meth_get_init(EVP_sha1())(ctx);
  540. }
  541. static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
  542. size_t count)
  543. {
  544. dummy_pause_job();
  545. return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
  546. }
  547. static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
  548. {
  549. dummy_pause_job();
  550. return EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
  551. }
  552. /* Cipher helper functions */
  553. static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
  554. void *ptr, int aeadcapable,
  555. const EVP_CIPHER *ciph)
  556. {
  557. int ret;
  558. struct dasync_pipeline_ctx *pipe_ctx =
  559. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  560. if (pipe_ctx == NULL)
  561. return 0;
  562. switch (type) {
  563. case EVP_CTRL_COPY:
  564. {
  565. size_t sz = EVP_CIPHER_impl_ctx_size(ciph);
  566. void *inner_cipher_data = OPENSSL_malloc(sz);
  567. if (inner_cipher_data == NULL)
  568. return -1;
  569. memcpy(inner_cipher_data, pipe_ctx->inner_cipher_data, sz);
  570. pipe_ctx->inner_cipher_data = inner_cipher_data;
  571. }
  572. break;
  573. case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
  574. pipe_ctx->numpipes = arg;
  575. pipe_ctx->outbufs = (unsigned char **)ptr;
  576. break;
  577. case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
  578. pipe_ctx->numpipes = arg;
  579. pipe_ctx->inbufs = (unsigned char **)ptr;
  580. break;
  581. case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
  582. pipe_ctx->numpipes = arg;
  583. pipe_ctx->lens = (size_t *)ptr;
  584. break;
  585. case EVP_CTRL_AEAD_SET_MAC_KEY:
  586. if (!aeadcapable)
  587. return -1;
  588. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
  589. ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
  590. (ctx, type, arg, ptr);
  591. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
  592. return ret;
  593. case EVP_CTRL_AEAD_TLS1_AAD:
  594. {
  595. unsigned char *p = ptr;
  596. unsigned int len;
  597. if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
  598. return -1;
  599. if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
  600. return -1;
  601. memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
  602. EVP_AEAD_TLS1_AAD_LEN);
  603. pipe_ctx->aadctr++;
  604. len = p[arg - 2] << 8 | p[arg - 1];
  605. if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
  606. if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
  607. if (len < AES_BLOCK_SIZE)
  608. return 0;
  609. len -= AES_BLOCK_SIZE;
  610. }
  611. return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
  612. & -AES_BLOCK_SIZE) - len;
  613. } else {
  614. return SHA_DIGEST_LENGTH;
  615. }
  616. }
  617. default:
  618. return 0;
  619. }
  620. return 1;
  621. }
  622. static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
  623. const unsigned char *key,
  624. const unsigned char *iv, int enc,
  625. const EVP_CIPHER *cipher)
  626. {
  627. int ret;
  628. struct dasync_pipeline_ctx *pipe_ctx =
  629. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  630. if (pipe_ctx->inner_cipher_data == NULL
  631. && EVP_CIPHER_impl_ctx_size(cipher) != 0) {
  632. pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
  633. EVP_CIPHER_impl_ctx_size(cipher));
  634. if (pipe_ctx->inner_cipher_data == NULL)
  635. return 0;
  636. }
  637. pipe_ctx->numpipes = 0;
  638. pipe_ctx->aadctr = 0;
  639. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
  640. ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
  641. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
  642. return ret;
  643. }
  644. static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
  645. const unsigned char *in, size_t inl,
  646. const EVP_CIPHER *cipher)
  647. {
  648. int ret = 1;
  649. unsigned int i, pipes;
  650. struct dasync_pipeline_ctx *pipe_ctx =
  651. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  652. pipes = pipe_ctx->numpipes;
  653. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
  654. if (pipes == 0) {
  655. if (pipe_ctx->aadctr != 0) {
  656. if (pipe_ctx->aadctr != 1)
  657. return -1;
  658. EVP_CIPHER_meth_get_ctrl(cipher)
  659. (ctx, EVP_CTRL_AEAD_TLS1_AAD,
  660. EVP_AEAD_TLS1_AAD_LEN,
  661. pipe_ctx->tlsaad[0]);
  662. }
  663. ret = EVP_CIPHER_meth_get_do_cipher(cipher)
  664. (ctx, out, in, inl);
  665. } else {
  666. if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
  667. return -1;
  668. for (i = 0; i < pipes; i++) {
  669. if (pipe_ctx->aadctr > 0) {
  670. EVP_CIPHER_meth_get_ctrl(cipher)
  671. (ctx, EVP_CTRL_AEAD_TLS1_AAD,
  672. EVP_AEAD_TLS1_AAD_LEN,
  673. pipe_ctx->tlsaad[i]);
  674. }
  675. ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
  676. (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
  677. pipe_ctx->lens[i]);
  678. }
  679. pipe_ctx->numpipes = 0;
  680. }
  681. pipe_ctx->aadctr = 0;
  682. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
  683. return ret;
  684. }
  685. static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
  686. const EVP_CIPHER *cipher)
  687. {
  688. struct dasync_pipeline_ctx *pipe_ctx =
  689. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  690. OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
  691. EVP_CIPHER_impl_ctx_size(cipher));
  692. return 1;
  693. }
  694. /*
  695. * AES128 CBC Implementation
  696. */
  697. static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  698. void *ptr)
  699. {
  700. return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_128_cbc());
  701. }
  702. static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  703. const unsigned char *iv, int enc)
  704. {
  705. return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
  706. }
  707. static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  708. const unsigned char *in, size_t inl)
  709. {
  710. return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
  711. }
  712. static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
  713. {
  714. return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
  715. }
  716. static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  717. void *ptr)
  718. {
  719. return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_256_ctr());
  720. }
  721. static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  722. const unsigned char *iv, int enc)
  723. {
  724. return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_256_ctr());
  725. }
  726. static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  727. const unsigned char *in, size_t inl)
  728. {
  729. return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_256_ctr());
  730. }
  731. static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx)
  732. {
  733. return dasync_cipher_cleanup_helper(ctx, EVP_aes_256_ctr());
  734. }
  735. /*
  736. * AES128 CBC HMAC SHA1 Implementation
  737. */
  738. static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
  739. int arg, void *ptr)
  740. {
  741. return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1, EVP_aes_128_cbc_hmac_sha1());
  742. }
  743. static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
  744. const unsigned char *key,
  745. const unsigned char *iv,
  746. int enc)
  747. {
  748. /*
  749. * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
  750. * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
  751. */
  752. return dasync_cipher_init_key_helper(ctx, key, iv, enc,
  753. EVP_aes_128_cbc_hmac_sha1());
  754. }
  755. static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
  756. unsigned char *out,
  757. const unsigned char *in,
  758. size_t inl)
  759. {
  760. return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
  761. }
  762. static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
  763. {
  764. /*
  765. * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
  766. * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
  767. */
  768. return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
  769. }
  770. /*
  771. * RSA implementation
  772. */
  773. static int dasync_rsa_init(EVP_PKEY_CTX *ctx)
  774. {
  775. static int (*pinit)(EVP_PKEY_CTX *ctx);
  776. if (pinit == NULL)
  777. EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit);
  778. return pinit(ctx);
  779. }
  780. static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx)
  781. {
  782. static void (*pcleanup)(EVP_PKEY_CTX *ctx);
  783. if (pcleanup == NULL)
  784. EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup);
  785. pcleanup(ctx);
  786. }
  787. static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx)
  788. {
  789. static int (*pparamgen_init)(EVP_PKEY_CTX *ctx);
  790. if (pparamgen_init == NULL)
  791. EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL);
  792. return pparamgen_init != NULL ? pparamgen_init(ctx) : 1;
  793. }
  794. static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
  795. {
  796. static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
  797. if (pparamgen == NULL)
  798. EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen);
  799. return pparamgen != NULL ? pparamgen(ctx, pkey) : 1;
  800. }
  801. static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx)
  802. {
  803. static int (*pkeygen_init)(EVP_PKEY_CTX *ctx);
  804. if (pkeygen_init == NULL)
  805. EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL);
  806. return pkeygen_init != NULL ? pkeygen_init(ctx) : 1;
  807. }
  808. static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
  809. {
  810. static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
  811. if (pkeygen == NULL)
  812. EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen);
  813. return pkeygen(ctx, pkey);
  814. }
  815. static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx)
  816. {
  817. static int (*pencrypt_init)(EVP_PKEY_CTX *ctx);
  818. if (pencrypt_init == NULL)
  819. EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL);
  820. return pencrypt_init != NULL ? pencrypt_init(ctx) : 1;
  821. }
  822. static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  823. size_t *outlen, const unsigned char *in,
  824. size_t inlen)
  825. {
  826. static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out,
  827. size_t *outlen, const unsigned char *in,
  828. size_t inlen);
  829. if (pencryptfn == NULL)
  830. EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn);
  831. return pencryptfn(ctx, out, outlen, in, inlen);
  832. }
  833. static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx)
  834. {
  835. static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx);
  836. if (pdecrypt_init == NULL)
  837. EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL);
  838. return pdecrypt_init != NULL ? pdecrypt_init(ctx) : 1;
  839. }
  840. static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  841. size_t *outlen, const unsigned char *in,
  842. size_t inlen)
  843. {
  844. static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out,
  845. size_t *outlen, const unsigned char *in,
  846. size_t inlen);
  847. if (pdecrypt == NULL)
  848. EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt);
  849. return pdecrypt(ctx, out, outlen, in, inlen);
  850. }
  851. static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
  852. {
  853. static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
  854. if (pctrl == NULL)
  855. EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL);
  856. return pctrl(ctx, type, p1, p2);
  857. }
  858. static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
  859. const char *value)
  860. {
  861. static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type,
  862. const char *value);
  863. if (pctrl_str == NULL)
  864. EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str);
  865. return pctrl_str(ctx, type, value);
  866. }