e_dasync.c 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924
  1. /*
  2. * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. /*
  12. * SHA-1 low level APIs are deprecated for public use, but still ok for
  13. * internal use. Note, that due to symbols not being exported, only the
  14. * #defines and strucures can be accessed, in this case SHA_CBLOCK and
  15. * sizeof(SHA_CTX).
  16. */
  17. #include "internal/deprecated.h"
  18. #include <openssl/opensslconf.h>
  19. #if defined(_WIN32)
  20. # include <windows.h>
  21. #endif
  22. #include <stdio.h>
  23. #include <string.h>
  24. #include <openssl/engine.h>
  25. #include <openssl/sha.h>
  26. #include <openssl/aes.h>
  27. #include <openssl/rsa.h>
  28. #include <openssl/evp.h>
  29. #include <openssl/async.h>
  30. #include <openssl/bn.h>
  31. #include <openssl/crypto.h>
  32. #include <openssl/ssl.h>
  33. #include <openssl/modes.h>
  34. #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
  35. # undef ASYNC_POSIX
  36. # define ASYNC_POSIX
  37. # include <unistd.h>
  38. #elif defined(_WIN32)
  39. # undef ASYNC_WIN
  40. # define ASYNC_WIN
  41. #endif
  42. #include "e_dasync_err.c"
  43. /* Engine Id and Name */
  44. static const char *engine_dasync_id = "dasync";
  45. static const char *engine_dasync_name = "Dummy Async engine support";
  46. /* Engine Lifetime functions */
  47. static int dasync_destroy(ENGINE *e);
  48. static int dasync_init(ENGINE *e);
  49. static int dasync_finish(ENGINE *e);
  50. void engine_load_dasync_int(void);
  51. /* Set up digests. Just SHA1 for now */
  52. static int dasync_digests(ENGINE *e, const EVP_MD **digest,
  53. const int **nids, int nid);
  54. static void dummy_pause_job(void);
  55. /* SHA1 */
  56. static int dasync_sha1_init(EVP_MD_CTX *ctx);
  57. static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
  58. size_t count);
  59. static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
  60. /*
  61. * Holds the EVP_MD object for sha1 in this engine. Set up once only during
  62. * engine bind and can then be reused many times.
  63. */
  64. static EVP_MD *_hidden_sha1_md = NULL;
  65. static const EVP_MD *dasync_sha1(void)
  66. {
  67. return _hidden_sha1_md;
  68. }
  69. static void destroy_digests(void)
  70. {
  71. EVP_MD_meth_free(_hidden_sha1_md);
  72. _hidden_sha1_md = NULL;
  73. }
  74. static int dasync_digest_nids(const int **nids)
  75. {
  76. static int digest_nids[2] = { 0, 0 };
  77. static int pos = 0;
  78. static int init = 0;
  79. if (!init) {
  80. const EVP_MD *md;
  81. if ((md = dasync_sha1()) != NULL)
  82. digest_nids[pos++] = EVP_MD_type(md);
  83. digest_nids[pos] = 0;
  84. init = 1;
  85. }
  86. *nids = digest_nids;
  87. return pos;
  88. }
  89. /* RSA */
  90. static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  91. const int **pnids, int nid);
  92. static int dasync_rsa_init(EVP_PKEY_CTX *ctx);
  93. static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx);
  94. static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx);
  95. static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
  96. static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx);
  97. static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
  98. static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx);
  99. static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  100. size_t *outlen, const unsigned char *in,
  101. size_t inlen);
  102. static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx);
  103. static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  104. size_t *outlen, const unsigned char *in,
  105. size_t inlen);
  106. static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
  107. static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
  108. const char *value);
  109. static EVP_PKEY_METHOD *dasync_rsa;
  110. static const EVP_PKEY_METHOD *dasync_rsa_orig;
  111. /* AES */
  112. static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  113. void *ptr);
  114. static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  115. const unsigned char *iv, int enc);
  116. static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  117. const unsigned char *in, size_t inl);
  118. static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
  119. static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
  120. int arg, void *ptr);
  121. static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
  122. const unsigned char *key,
  123. const unsigned char *iv,
  124. int enc);
  125. static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
  126. unsigned char *out,
  127. const unsigned char *in,
  128. size_t inl);
  129. static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
  130. struct dasync_pipeline_ctx {
  131. void *inner_cipher_data;
  132. unsigned int numpipes;
  133. unsigned char **inbufs;
  134. unsigned char **outbufs;
  135. size_t *lens;
  136. unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
  137. unsigned int aadctr;
  138. };
  139. /*
  140. * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
  141. * during engine bind and can then be reused many times.
  142. */
  143. static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
  144. static const EVP_CIPHER *dasync_aes_128_cbc(void)
  145. {
  146. return _hidden_aes_128_cbc;
  147. }
  148. /*
  149. * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
  150. * once only during engine bind and can then be reused many times.
  151. *
  152. * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
  153. * which is implemented only if the AES-NI instruction set extension is available
  154. * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
  155. * be available either.
  156. *
  157. * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
  158. * negotiate the encrypt-then-mac extension) won't negotiate it anyway.
  159. */
  160. static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
  161. static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
  162. {
  163. return _hidden_aes_128_cbc_hmac_sha1;
  164. }
  165. static void destroy_ciphers(void)
  166. {
  167. EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
  168. EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
  169. _hidden_aes_128_cbc = NULL;
  170. _hidden_aes_128_cbc_hmac_sha1 = NULL;
  171. }
  172. static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  173. const int **nids, int nid);
  174. static int dasync_cipher_nids[] = {
  175. NID_aes_128_cbc,
  176. NID_aes_128_cbc_hmac_sha1,
  177. 0
  178. };
  179. static int bind_dasync(ENGINE *e)
  180. {
  181. /* Setup RSA */
  182. ;
  183. if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL
  184. || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)) == NULL)
  185. return 0;
  186. EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init);
  187. EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup);
  188. EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init,
  189. dasync_rsa_paramgen);
  190. EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init,
  191. dasync_rsa_keygen);
  192. EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init,
  193. dasync_rsa_encrypt);
  194. EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init,
  195. dasync_rsa_decrypt);
  196. EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl,
  197. dasync_rsa_ctrl_str);
  198. /* Ensure the dasync error handling is set up */
  199. ERR_load_DASYNC_strings();
  200. if (!ENGINE_set_id(e, engine_dasync_id)
  201. || !ENGINE_set_name(e, engine_dasync_name)
  202. || !ENGINE_set_pkey_meths(e, dasync_pkey)
  203. || !ENGINE_set_digests(e, dasync_digests)
  204. || !ENGINE_set_ciphers(e, dasync_ciphers)
  205. || !ENGINE_set_destroy_function(e, dasync_destroy)
  206. || !ENGINE_set_init_function(e, dasync_init)
  207. || !ENGINE_set_finish_function(e, dasync_finish)) {
  208. DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
  209. return 0;
  210. }
  211. /*
  212. * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
  213. * supplied by this engine
  214. */
  215. _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
  216. if (_hidden_sha1_md == NULL
  217. || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
  218. || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
  219. || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
  220. sizeof(EVP_MD *) + sizeof(SHA_CTX))
  221. || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
  222. || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
  223. || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
  224. || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
  225. EVP_MD_meth_free(_hidden_sha1_md);
  226. _hidden_sha1_md = NULL;
  227. }
  228. _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
  229. 16 /* block size */,
  230. 16 /* key len */);
  231. if (_hidden_aes_128_cbc == NULL
  232. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
  233. || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
  234. EVP_CIPH_FLAG_DEFAULT_ASN1
  235. | EVP_CIPH_CBC_MODE
  236. | EVP_CIPH_FLAG_PIPELINE)
  237. || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
  238. dasync_aes128_init_key)
  239. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
  240. dasync_aes128_cbc_cipher)
  241. || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
  242. dasync_aes128_cbc_cleanup)
  243. || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
  244. dasync_aes128_cbc_ctrl)
  245. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
  246. sizeof(struct dasync_pipeline_ctx))) {
  247. EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
  248. _hidden_aes_128_cbc = NULL;
  249. }
  250. _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
  251. NID_aes_128_cbc_hmac_sha1,
  252. 16 /* block size */,
  253. 16 /* key len */);
  254. if (_hidden_aes_128_cbc_hmac_sha1 == NULL
  255. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
  256. || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
  257. EVP_CIPH_CBC_MODE
  258. | EVP_CIPH_FLAG_DEFAULT_ASN1
  259. | EVP_CIPH_FLAG_AEAD_CIPHER
  260. | EVP_CIPH_FLAG_PIPELINE)
  261. || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
  262. dasync_aes128_cbc_hmac_sha1_init_key)
  263. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
  264. dasync_aes128_cbc_hmac_sha1_cipher)
  265. || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
  266. dasync_aes128_cbc_hmac_sha1_cleanup)
  267. || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
  268. dasync_aes128_cbc_hmac_sha1_ctrl)
  269. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
  270. sizeof(struct dasync_pipeline_ctx))) {
  271. EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
  272. _hidden_aes_128_cbc_hmac_sha1 = NULL;
  273. }
  274. return 1;
  275. }
  276. static void destroy_pkey(void)
  277. {
  278. EVP_PKEY_meth_free(dasync_rsa);
  279. dasync_rsa_orig = NULL;
  280. dasync_rsa = NULL;
  281. }
  282. # ifndef OPENSSL_NO_DYNAMIC_ENGINE
  283. static int bind_helper(ENGINE *e, const char *id)
  284. {
  285. if (id && (strcmp(id, engine_dasync_id) != 0))
  286. return 0;
  287. if (!bind_dasync(e))
  288. return 0;
  289. return 1;
  290. }
  291. IMPLEMENT_DYNAMIC_CHECK_FN()
  292. IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
  293. # endif
  294. static ENGINE *engine_dasync(void)
  295. {
  296. ENGINE *ret = ENGINE_new();
  297. if (!ret)
  298. return NULL;
  299. if (!bind_dasync(ret)) {
  300. ENGINE_free(ret);
  301. return NULL;
  302. }
  303. return ret;
  304. }
  305. void engine_load_dasync_int(void)
  306. {
  307. ENGINE *toadd = engine_dasync();
  308. if (!toadd)
  309. return;
  310. ERR_set_mark();
  311. ENGINE_add(toadd);
  312. /*
  313. * If the "add" worked, it gets a structural reference. So either way, we
  314. * release our just-created reference.
  315. */
  316. ENGINE_free(toadd);
  317. /*
  318. * If the "add" didn't work, it was probably a conflict because it was
  319. * already added (eg. someone calling ENGINE_load_blah then calling
  320. * ENGINE_load_builtin_engines() perhaps).
  321. */
  322. ERR_pop_to_mark();
  323. }
  324. static int dasync_init(ENGINE *e)
  325. {
  326. return 1;
  327. }
  328. static int dasync_finish(ENGINE *e)
  329. {
  330. return 1;
  331. }
  332. static int dasync_destroy(ENGINE *e)
  333. {
  334. destroy_digests();
  335. destroy_ciphers();
  336. destroy_pkey();
  337. ERR_unload_DASYNC_strings();
  338. return 1;
  339. }
  340. static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
  341. const int **pnids, int nid)
  342. {
  343. static const int rnid = EVP_PKEY_RSA;
  344. if (pmeth == NULL) {
  345. *pnids = &rnid;
  346. return 1;
  347. }
  348. if (nid == EVP_PKEY_RSA) {
  349. *pmeth = dasync_rsa;
  350. return 1;
  351. }
  352. *pmeth = NULL;
  353. return 0;
  354. }
  355. static int dasync_digests(ENGINE *e, const EVP_MD **digest,
  356. const int **nids, int nid)
  357. {
  358. int ok = 1;
  359. if (!digest) {
  360. /* We are returning a list of supported nids */
  361. return dasync_digest_nids(nids);
  362. }
  363. /* We are being asked for a specific digest */
  364. switch (nid) {
  365. case NID_sha1:
  366. *digest = dasync_sha1();
  367. break;
  368. default:
  369. ok = 0;
  370. *digest = NULL;
  371. break;
  372. }
  373. return ok;
  374. }
  375. static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  376. const int **nids, int nid)
  377. {
  378. int ok = 1;
  379. if (cipher == NULL) {
  380. /* We are returning a list of supported nids */
  381. *nids = dasync_cipher_nids;
  382. return (sizeof(dasync_cipher_nids) -
  383. 1) / sizeof(dasync_cipher_nids[0]);
  384. }
  385. /* We are being asked for a specific cipher */
  386. switch (nid) {
  387. case NID_aes_128_cbc:
  388. *cipher = dasync_aes_128_cbc();
  389. break;
  390. case NID_aes_128_cbc_hmac_sha1:
  391. *cipher = dasync_aes_128_cbc_hmac_sha1();
  392. break;
  393. default:
  394. ok = 0;
  395. *cipher = NULL;
  396. break;
  397. }
  398. return ok;
  399. }
  400. static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
  401. OSSL_ASYNC_FD readfd, void *pvwritefd)
  402. {
  403. OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
  404. #if defined(ASYNC_WIN)
  405. CloseHandle(readfd);
  406. CloseHandle(*pwritefd);
  407. #elif defined(ASYNC_POSIX)
  408. close(readfd);
  409. close(*pwritefd);
  410. #endif
  411. OPENSSL_free(pwritefd);
  412. }
  413. #define DUMMY_CHAR 'X'
  414. static void dummy_pause_job(void) {
  415. ASYNC_JOB *job;
  416. ASYNC_WAIT_CTX *waitctx;
  417. ASYNC_callback_fn callback;
  418. void * callback_arg;
  419. OSSL_ASYNC_FD pipefds[2] = {0, 0};
  420. OSSL_ASYNC_FD *writefd;
  421. #if defined(ASYNC_WIN)
  422. DWORD numwritten, numread;
  423. char buf = DUMMY_CHAR;
  424. #elif defined(ASYNC_POSIX)
  425. char buf = DUMMY_CHAR;
  426. #endif
  427. if ((job = ASYNC_get_current_job()) == NULL)
  428. return;
  429. waitctx = ASYNC_get_wait_ctx(job);
  430. if (ASYNC_WAIT_CTX_get_callback(waitctx, &callback, &callback_arg) && callback != NULL) {
  431. /*
  432. * In the Dummy async engine we are cheating. We call the callback that the job
  433. * is complete before the call to ASYNC_pause_job(). A real
  434. * async engine would only call the callback when the job was actually complete
  435. */
  436. (*callback)(callback_arg);
  437. ASYNC_pause_job();
  438. return;
  439. }
  440. if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
  441. (void **)&writefd)) {
  442. pipefds[1] = *writefd;
  443. } else {
  444. writefd = OPENSSL_malloc(sizeof(*writefd));
  445. if (writefd == NULL)
  446. return;
  447. #if defined(ASYNC_WIN)
  448. if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
  449. OPENSSL_free(writefd);
  450. return;
  451. }
  452. #elif defined(ASYNC_POSIX)
  453. if (pipe(pipefds) != 0) {
  454. OPENSSL_free(writefd);
  455. return;
  456. }
  457. #endif
  458. *writefd = pipefds[1];
  459. if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
  460. writefd, wait_cleanup)) {
  461. wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
  462. return;
  463. }
  464. }
  465. /*
  466. * In the Dummy async engine we are cheating. We signal that the job
  467. * is complete by waking it before the call to ASYNC_pause_job(). A real
  468. * async engine would only wake when the job was actually complete
  469. */
  470. #if defined(ASYNC_WIN)
  471. WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
  472. #elif defined(ASYNC_POSIX)
  473. if (write(pipefds[1], &buf, 1) < 0)
  474. return;
  475. #endif
  476. /* Ignore errors - we carry on anyway */
  477. ASYNC_pause_job();
  478. /* Clear the wake signal */
  479. #if defined(ASYNC_WIN)
  480. ReadFile(pipefds[0], &buf, 1, &numread, NULL);
  481. #elif defined(ASYNC_POSIX)
  482. if (read(pipefds[0], &buf, 1) < 0)
  483. return;
  484. #endif
  485. }
  486. /*
  487. * SHA1 implementation. At the moment we just defer to the standard
  488. * implementation
  489. */
  490. static int dasync_sha1_init(EVP_MD_CTX *ctx)
  491. {
  492. dummy_pause_job();
  493. return EVP_MD_meth_get_init(EVP_sha1())(ctx);
  494. }
  495. static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
  496. size_t count)
  497. {
  498. dummy_pause_job();
  499. return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
  500. }
  501. static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
  502. {
  503. dummy_pause_job();
  504. return EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
  505. }
  506. /* Cipher helper functions */
  507. static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
  508. void *ptr, int aeadcapable)
  509. {
  510. int ret;
  511. struct dasync_pipeline_ctx *pipe_ctx =
  512. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  513. if (pipe_ctx == NULL)
  514. return 0;
  515. switch (type) {
  516. case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
  517. pipe_ctx->numpipes = arg;
  518. pipe_ctx->outbufs = (unsigned char **)ptr;
  519. break;
  520. case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
  521. pipe_ctx->numpipes = arg;
  522. pipe_ctx->inbufs = (unsigned char **)ptr;
  523. break;
  524. case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
  525. pipe_ctx->numpipes = arg;
  526. pipe_ctx->lens = (size_t *)ptr;
  527. break;
  528. case EVP_CTRL_AEAD_SET_MAC_KEY:
  529. if (!aeadcapable)
  530. return -1;
  531. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
  532. ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
  533. (ctx, type, arg, ptr);
  534. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
  535. return ret;
  536. case EVP_CTRL_AEAD_TLS1_AAD:
  537. {
  538. unsigned char *p = ptr;
  539. unsigned int len;
  540. if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
  541. return -1;
  542. if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
  543. return -1;
  544. memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
  545. EVP_AEAD_TLS1_AAD_LEN);
  546. pipe_ctx->aadctr++;
  547. len = p[arg - 2] << 8 | p[arg - 1];
  548. if (EVP_CIPHER_CTX_encrypting(ctx)) {
  549. if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
  550. if (len < AES_BLOCK_SIZE)
  551. return 0;
  552. len -= AES_BLOCK_SIZE;
  553. }
  554. return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
  555. & -AES_BLOCK_SIZE) - len;
  556. } else {
  557. return SHA_DIGEST_LENGTH;
  558. }
  559. }
  560. default:
  561. return 0;
  562. }
  563. return 1;
  564. }
  565. static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
  566. const unsigned char *key,
  567. const unsigned char *iv, int enc,
  568. const EVP_CIPHER *cipher)
  569. {
  570. int ret;
  571. struct dasync_pipeline_ctx *pipe_ctx =
  572. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  573. if (pipe_ctx->inner_cipher_data == NULL
  574. && EVP_CIPHER_impl_ctx_size(cipher) != 0) {
  575. pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
  576. EVP_CIPHER_impl_ctx_size(cipher));
  577. if (pipe_ctx->inner_cipher_data == NULL) {
  578. DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER,
  579. ERR_R_MALLOC_FAILURE);
  580. return 0;
  581. }
  582. }
  583. pipe_ctx->numpipes = 0;
  584. pipe_ctx->aadctr = 0;
  585. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
  586. ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
  587. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
  588. return ret;
  589. }
  590. static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
  591. const unsigned char *in, size_t inl,
  592. const EVP_CIPHER *cipher)
  593. {
  594. int ret = 1;
  595. unsigned int i, pipes;
  596. struct dasync_pipeline_ctx *pipe_ctx =
  597. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  598. pipes = pipe_ctx->numpipes;
  599. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
  600. if (pipes == 0) {
  601. if (pipe_ctx->aadctr != 0) {
  602. if (pipe_ctx->aadctr != 1)
  603. return -1;
  604. EVP_CIPHER_meth_get_ctrl(cipher)
  605. (ctx, EVP_CTRL_AEAD_TLS1_AAD,
  606. EVP_AEAD_TLS1_AAD_LEN,
  607. pipe_ctx->tlsaad[0]);
  608. }
  609. ret = EVP_CIPHER_meth_get_do_cipher(cipher)
  610. (ctx, out, in, inl);
  611. } else {
  612. if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
  613. return -1;
  614. for (i = 0; i < pipes; i++) {
  615. if (pipe_ctx->aadctr > 0) {
  616. EVP_CIPHER_meth_get_ctrl(cipher)
  617. (ctx, EVP_CTRL_AEAD_TLS1_AAD,
  618. EVP_AEAD_TLS1_AAD_LEN,
  619. pipe_ctx->tlsaad[i]);
  620. }
  621. ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
  622. (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
  623. pipe_ctx->lens[i]);
  624. }
  625. pipe_ctx->numpipes = 0;
  626. }
  627. pipe_ctx->aadctr = 0;
  628. EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
  629. return ret;
  630. }
  631. static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
  632. const EVP_CIPHER *cipher)
  633. {
  634. struct dasync_pipeline_ctx *pipe_ctx =
  635. (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  636. OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
  637. EVP_CIPHER_impl_ctx_size(cipher));
  638. return 1;
  639. }
  640. /*
  641. * AES128 CBC Implementation
  642. */
  643. static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  644. void *ptr)
  645. {
  646. return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0);
  647. }
  648. static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  649. const unsigned char *iv, int enc)
  650. {
  651. return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
  652. }
  653. static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  654. const unsigned char *in, size_t inl)
  655. {
  656. return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
  657. }
  658. static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
  659. {
  660. return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
  661. }
  662. /*
  663. * AES128 CBC HMAC SHA1 Implementation
  664. */
  665. static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
  666. int arg, void *ptr)
  667. {
  668. return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1);
  669. }
  670. static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
  671. const unsigned char *key,
  672. const unsigned char *iv,
  673. int enc)
  674. {
  675. /*
  676. * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
  677. * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
  678. */
  679. return dasync_cipher_init_key_helper(ctx, key, iv, enc,
  680. EVP_aes_128_cbc_hmac_sha1());
  681. }
  682. static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
  683. unsigned char *out,
  684. const unsigned char *in,
  685. size_t inl)
  686. {
  687. return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
  688. }
  689. static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
  690. {
  691. /*
  692. * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
  693. * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
  694. */
  695. return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
  696. }
  697. /*
  698. * RSA implementation
  699. */
  700. static int dasync_rsa_init(EVP_PKEY_CTX *ctx)
  701. {
  702. static int (*pinit)(EVP_PKEY_CTX *ctx);
  703. if (pinit == NULL)
  704. EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit);
  705. return pinit(ctx);
  706. }
  707. static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx)
  708. {
  709. static void (*pcleanup)(EVP_PKEY_CTX *ctx);
  710. if (pcleanup == NULL)
  711. EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup);
  712. pcleanup(ctx);
  713. }
  714. static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx)
  715. {
  716. static int (*pparamgen_init)(EVP_PKEY_CTX *ctx);
  717. if (pparamgen_init == NULL)
  718. EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL);
  719. return pparamgen_init(ctx);
  720. }
  721. static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
  722. {
  723. static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
  724. if (pparamgen == NULL)
  725. EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen);
  726. return pparamgen(ctx, pkey);
  727. }
  728. static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx)
  729. {
  730. static int (*pkeygen_init)(EVP_PKEY_CTX *ctx);
  731. if (pkeygen_init == NULL)
  732. EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL);
  733. return pkeygen_init(ctx);
  734. }
  735. static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
  736. {
  737. static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
  738. if (pkeygen == NULL)
  739. EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen);
  740. return pkeygen(ctx, pkey);
  741. }
  742. static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx)
  743. {
  744. static int (*pencrypt_init)(EVP_PKEY_CTX *ctx);
  745. if (pencrypt_init == NULL)
  746. EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL);
  747. return pencrypt_init(ctx);
  748. }
  749. static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  750. size_t *outlen, const unsigned char *in,
  751. size_t inlen)
  752. {
  753. static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out,
  754. size_t *outlen, const unsigned char *in,
  755. size_t inlen);
  756. if (pencryptfn == NULL)
  757. EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn);
  758. return pencryptfn(ctx, out, outlen, in, inlen);
  759. }
  760. static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx)
  761. {
  762. static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx);
  763. if (pdecrypt_init == NULL)
  764. EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL);
  765. return pdecrypt_init(ctx);
  766. }
  767. static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
  768. size_t *outlen, const unsigned char *in,
  769. size_t inlen)
  770. {
  771. static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out,
  772. size_t *outlen, const unsigned char *in,
  773. size_t inlen);
  774. if (pdecrypt == NULL)
  775. EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt);
  776. return pdecrypt(ctx, out, outlen, in, inlen);
  777. }
  778. static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
  779. {
  780. static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
  781. if (pctrl == NULL)
  782. EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL);
  783. return pctrl(ctx, type, p1, p2);
  784. }
  785. static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
  786. const char *value)
  787. {
  788. static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type,
  789. const char *value);
  790. if (pctrl_str == NULL)
  791. EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str);
  792. return pctrl_str(ctx, type, value);
  793. }