e_dasync.c revision 1.1.1.6
1 1.1 christos /* 2 1.1.1.5 christos * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1.1.6 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1.1.6 christos /* We need to use some engine deprecated APIs */ 11 1.1.1.6 christos #define OPENSSL_SUPPRESS_DEPRECATED 12 1.1.1.6 christos 13 1.1.1.6 christos /* 14 1.1.1.6 christos * SHA-1 low level APIs are deprecated for public use, but still ok for 15 1.1.1.6 christos * internal use. Note, that due to symbols not being exported, only the 16 1.1.1.6 christos * #defines and strucures can be accessed, in this case SHA_CBLOCK and 17 1.1.1.6 christos * sizeof(SHA_CTX). 18 1.1.1.6 christos */ 19 1.1.1.6 christos #include "internal/deprecated.h" 20 1.1.1.6 christos 21 1.1.1.6 christos #include <openssl/opensslconf.h> 22 1.1 christos #if defined(_WIN32) 23 1.1 christos # include <windows.h> 24 1.1 christos #endif 25 1.1 christos 26 1.1 christos #include <stdio.h> 27 1.1 christos #include <string.h> 28 1.1 christos 29 1.1 christos #include <openssl/engine.h> 30 1.1 christos #include <openssl/sha.h> 31 1.1 christos #include <openssl/aes.h> 32 1.1 christos #include <openssl/rsa.h> 33 1.1 christos #include <openssl/evp.h> 34 1.1 christos #include <openssl/async.h> 35 1.1 christos #include <openssl/bn.h> 36 1.1 christos #include <openssl/crypto.h> 37 1.1 christos #include <openssl/ssl.h> 38 1.1 christos #include <openssl/modes.h> 39 1.1 christos 40 1.1.1.2 christos #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS) 41 1.1 christos # undef ASYNC_POSIX 42 1.1 christos # define ASYNC_POSIX 43 1.1 christos # include <unistd.h> 44 1.1 christos #elif defined(_WIN32) 45 1.1 christos # undef ASYNC_WIN 46 1.1 christos # define ASYNC_WIN 47 1.1 christos #endif 48 1.1 christos 49 1.1 christos #include "e_dasync_err.c" 50 1.1 christos 51 1.1 christos /* Engine Id and Name */ 52 1.1 christos static const char *engine_dasync_id = "dasync"; 53 1.1 christos static const char *engine_dasync_name = "Dummy Async engine support"; 54 1.1 christos 55 1.1 christos 56 1.1 christos /* Engine Lifetime functions */ 57 1.1 christos static int dasync_destroy(ENGINE *e); 58 1.1 christos static int dasync_init(ENGINE *e); 59 1.1 christos static int dasync_finish(ENGINE *e); 60 1.1 christos void engine_load_dasync_int(void); 61 1.1 christos 62 1.1 christos 63 1.1 christos /* Set up digests. Just SHA1 for now */ 64 1.1 christos static int dasync_digests(ENGINE *e, const EVP_MD **digest, 65 1.1 christos const int **nids, int nid); 66 1.1 christos 67 1.1 christos static void dummy_pause_job(void); 68 1.1 christos 69 1.1 christos /* SHA1 */ 70 1.1 christos static int dasync_sha1_init(EVP_MD_CTX *ctx); 71 1.1 christos static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 72 1.1 christos size_t count); 73 1.1 christos static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); 74 1.1 christos 75 1.1 christos /* 76 1.1 christos * Holds the EVP_MD object for sha1 in this engine. Set up once only during 77 1.1 christos * engine bind and can then be reused many times. 78 1.1 christos */ 79 1.1 christos static EVP_MD *_hidden_sha1_md = NULL; 80 1.1 christos static const EVP_MD *dasync_sha1(void) 81 1.1 christos { 82 1.1 christos return _hidden_sha1_md; 83 1.1 christos } 84 1.1 christos static void destroy_digests(void) 85 1.1 christos { 86 1.1 christos EVP_MD_meth_free(_hidden_sha1_md); 87 1.1 christos _hidden_sha1_md = NULL; 88 1.1 christos } 89 1.1 christos 90 1.1 christos static int dasync_digest_nids(const int **nids) 91 1.1 christos { 92 1.1 christos static int digest_nids[2] = { 0, 0 }; 93 1.1 christos static int pos = 0; 94 1.1 christos static int init = 0; 95 1.1 christos 96 1.1 christos if (!init) { 97 1.1 christos const EVP_MD *md; 98 1.1 christos if ((md = dasync_sha1()) != NULL) 99 1.1.1.6 christos digest_nids[pos++] = EVP_MD_get_type(md); 100 1.1 christos digest_nids[pos] = 0; 101 1.1 christos init = 1; 102 1.1 christos } 103 1.1 christos *nids = digest_nids; 104 1.1 christos return pos; 105 1.1 christos } 106 1.1 christos 107 1.1 christos /* RSA */ 108 1.1.1.6 christos static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, 109 1.1.1.6 christos const int **pnids, int nid); 110 1.1 christos 111 1.1.1.6 christos static int dasync_rsa_init(EVP_PKEY_CTX *ctx); 112 1.1.1.6 christos static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx); 113 1.1.1.6 christos static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx); 114 1.1.1.6 christos static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 115 1.1.1.6 christos static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx); 116 1.1.1.6 christos static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 117 1.1.1.6 christos static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx); 118 1.1.1.6 christos static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 119 1.1.1.6 christos size_t *outlen, const unsigned char *in, 120 1.1.1.6 christos size_t inlen); 121 1.1.1.6 christos static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx); 122 1.1.1.6 christos static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 123 1.1.1.6 christos size_t *outlen, const unsigned char *in, 124 1.1.1.6 christos size_t inlen); 125 1.1.1.6 christos static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 126 1.1.1.6 christos static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, 127 1.1.1.6 christos const char *value); 128 1.1 christos 129 1.1.1.6 christos static EVP_PKEY_METHOD *dasync_rsa; 130 1.1.1.6 christos static const EVP_PKEY_METHOD *dasync_rsa_orig; 131 1.1 christos 132 1.1 christos /* AES */ 133 1.1 christos 134 1.1 christos static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 135 1.1 christos void *ptr); 136 1.1 christos static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 137 1.1 christos const unsigned char *iv, int enc); 138 1.1 christos static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 139 1.1 christos const unsigned char *in, size_t inl); 140 1.1 christos static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx); 141 1.1 christos 142 1.1.1.6 christos static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 143 1.1.1.6 christos void *ptr); 144 1.1.1.6 christos static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 145 1.1.1.6 christos const unsigned char *iv, int enc); 146 1.1.1.6 christos static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 147 1.1.1.6 christos const unsigned char *in, size_t inl); 148 1.1.1.6 christos static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx); 149 1.1.1.6 christos 150 1.1 christos static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 151 1.1 christos int arg, void *ptr); 152 1.1 christos static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 153 1.1 christos const unsigned char *key, 154 1.1 christos const unsigned char *iv, 155 1.1 christos int enc); 156 1.1 christos static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 157 1.1 christos unsigned char *out, 158 1.1 christos const unsigned char *in, 159 1.1 christos size_t inl); 160 1.1 christos static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx); 161 1.1 christos 162 1.1 christos struct dasync_pipeline_ctx { 163 1.1 christos void *inner_cipher_data; 164 1.1 christos unsigned int numpipes; 165 1.1 christos unsigned char **inbufs; 166 1.1 christos unsigned char **outbufs; 167 1.1 christos size_t *lens; 168 1.1 christos unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; 169 1.1 christos unsigned int aadctr; 170 1.1 christos }; 171 1.1 christos 172 1.1 christos /* 173 1.1 christos * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only 174 1.1 christos * during engine bind and can then be reused many times. 175 1.1 christos */ 176 1.1 christos static EVP_CIPHER *_hidden_aes_128_cbc = NULL; 177 1.1 christos static const EVP_CIPHER *dasync_aes_128_cbc(void) 178 1.1 christos { 179 1.1 christos return _hidden_aes_128_cbc; 180 1.1 christos } 181 1.1 christos 182 1.1.1.6 christos static EVP_CIPHER *_hidden_aes_256_ctr = NULL; 183 1.1.1.6 christos static const EVP_CIPHER *dasync_aes_256_ctr(void) 184 1.1.1.6 christos { 185 1.1.1.6 christos return _hidden_aes_256_ctr; 186 1.1.1.6 christos } 187 1.1.1.6 christos 188 1.1 christos /* 189 1.1 christos * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up 190 1.1 christos * once only during engine bind and can then be reused many times. 191 1.1.1.4 christos * 192 1.1.1.4 christos * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher, 193 1.1.1.4 christos * which is implemented only if the AES-NI instruction set extension is available 194 1.1.1.4 christos * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not 195 1.1.1.4 christos * be available either. 196 1.1.1.4 christos * 197 1.1.1.4 christos * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which 198 1.1.1.4 christos * negotiate the encrypt-then-mac extension) won't negotiate it anyway. 199 1.1 christos */ 200 1.1 christos static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; 201 1.1 christos static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void) 202 1.1 christos { 203 1.1 christos return _hidden_aes_128_cbc_hmac_sha1; 204 1.1 christos } 205 1.1 christos 206 1.1 christos static void destroy_ciphers(void) 207 1.1 christos { 208 1.1 christos EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 209 1.1.1.6 christos EVP_CIPHER_meth_free(_hidden_aes_256_ctr); 210 1.1 christos EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 211 1.1 christos _hidden_aes_128_cbc = NULL; 212 1.1.1.6 christos _hidden_aes_256_ctr = NULL; 213 1.1 christos _hidden_aes_128_cbc_hmac_sha1 = NULL; 214 1.1 christos } 215 1.1 christos 216 1.1 christos static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 217 1.1 christos const int **nids, int nid); 218 1.1 christos 219 1.1 christos static int dasync_cipher_nids[] = { 220 1.1.1.5 christos NID_aes_128_cbc, 221 1.1.1.6 christos NID_aes_256_ctr, 222 1.1.1.6 christos NID_aes_128_cbc_hmac_sha1, 223 1.1 christos 0 224 1.1 christos }; 225 1.1 christos 226 1.1 christos static int bind_dasync(ENGINE *e) 227 1.1 christos { 228 1.1.1.6 christos /* Setup RSA */ 229 1.1.1.6 christos ; 230 1.1.1.6 christos if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL 231 1.1.1.6 christos || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 232 1.1.1.6 christos EVP_PKEY_FLAG_AUTOARGLEN)) == NULL) 233 1.1 christos return 0; 234 1.1.1.6 christos EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init); 235 1.1.1.6 christos EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup); 236 1.1.1.6 christos EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init, 237 1.1.1.6 christos dasync_rsa_paramgen); 238 1.1.1.6 christos EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init, 239 1.1.1.6 christos dasync_rsa_keygen); 240 1.1.1.6 christos EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init, 241 1.1.1.6 christos dasync_rsa_encrypt); 242 1.1.1.6 christos EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init, 243 1.1.1.6 christos dasync_rsa_decrypt); 244 1.1.1.6 christos EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl, 245 1.1.1.6 christos dasync_rsa_ctrl_str); 246 1.1 christos 247 1.1 christos /* Ensure the dasync error handling is set up */ 248 1.1 christos ERR_load_DASYNC_strings(); 249 1.1 christos 250 1.1 christos if (!ENGINE_set_id(e, engine_dasync_id) 251 1.1 christos || !ENGINE_set_name(e, engine_dasync_name) 252 1.1.1.6 christos || !ENGINE_set_pkey_meths(e, dasync_pkey) 253 1.1 christos || !ENGINE_set_digests(e, dasync_digests) 254 1.1 christos || !ENGINE_set_ciphers(e, dasync_ciphers) 255 1.1 christos || !ENGINE_set_destroy_function(e, dasync_destroy) 256 1.1 christos || !ENGINE_set_init_function(e, dasync_init) 257 1.1 christos || !ENGINE_set_finish_function(e, dasync_finish)) { 258 1.1 christos DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); 259 1.1 christos return 0; 260 1.1 christos } 261 1.1 christos 262 1.1 christos /* 263 1.1 christos * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests 264 1.1 christos * supplied by this engine 265 1.1 christos */ 266 1.1 christos _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption); 267 1.1 christos if (_hidden_sha1_md == NULL 268 1.1 christos || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH) 269 1.1 christos || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK) 270 1.1 christos || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, 271 1.1 christos sizeof(EVP_MD *) + sizeof(SHA_CTX)) 272 1.1 christos || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT) 273 1.1 christos || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init) 274 1.1 christos || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update) 275 1.1 christos || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) { 276 1.1 christos EVP_MD_meth_free(_hidden_sha1_md); 277 1.1 christos _hidden_sha1_md = NULL; 278 1.1 christos } 279 1.1 christos 280 1.1 christos _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, 281 1.1 christos 16 /* block size */, 282 1.1 christos 16 /* key len */); 283 1.1 christos if (_hidden_aes_128_cbc == NULL 284 1.1 christos || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) 285 1.1 christos || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, 286 1.1 christos EVP_CIPH_FLAG_DEFAULT_ASN1 287 1.1 christos | EVP_CIPH_CBC_MODE 288 1.1.1.5 christos | EVP_CIPH_FLAG_PIPELINE 289 1.1.1.5 christos | EVP_CIPH_CUSTOM_COPY) 290 1.1 christos || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, 291 1.1 christos dasync_aes128_init_key) 292 1.1 christos || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, 293 1.1 christos dasync_aes128_cbc_cipher) 294 1.1 christos || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, 295 1.1 christos dasync_aes128_cbc_cleanup) 296 1.1 christos || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, 297 1.1 christos dasync_aes128_cbc_ctrl) 298 1.1 christos || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, 299 1.1 christos sizeof(struct dasync_pipeline_ctx))) { 300 1.1 christos EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 301 1.1 christos _hidden_aes_128_cbc = NULL; 302 1.1 christos } 303 1.1 christos 304 1.1.1.6 christos _hidden_aes_256_ctr = EVP_CIPHER_meth_new(NID_aes_256_ctr, 305 1.1.1.6 christos 1 /* block size */, 306 1.1.1.6 christos 32 /* key len */); 307 1.1.1.6 christos if (_hidden_aes_256_ctr == NULL 308 1.1.1.6 christos || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr,16) 309 1.1.1.6 christos || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr, 310 1.1.1.6 christos EVP_CIPH_FLAG_DEFAULT_ASN1 311 1.1.1.6 christos | EVP_CIPH_CTR_MODE 312 1.1.1.6 christos | EVP_CIPH_FLAG_PIPELINE 313 1.1.1.6 christos | EVP_CIPH_CUSTOM_COPY) 314 1.1.1.6 christos || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr, 315 1.1.1.6 christos dasync_aes256_init_key) 316 1.1.1.6 christos || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr, 317 1.1.1.6 christos dasync_aes256_ctr_cipher) 318 1.1.1.6 christos || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr, 319 1.1.1.6 christos dasync_aes256_ctr_cleanup) 320 1.1.1.6 christos || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr, 321 1.1.1.6 christos dasync_aes256_ctr_ctrl) 322 1.1.1.6 christos || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr, 323 1.1.1.6 christos sizeof(struct dasync_pipeline_ctx))) { 324 1.1.1.6 christos EVP_CIPHER_meth_free(_hidden_aes_256_ctr); 325 1.1.1.6 christos _hidden_aes_256_ctr = NULL; 326 1.1.1.6 christos } 327 1.1.1.6 christos 328 1.1 christos _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( 329 1.1 christos NID_aes_128_cbc_hmac_sha1, 330 1.1 christos 16 /* block size */, 331 1.1 christos 16 /* key len */); 332 1.1 christos if (_hidden_aes_128_cbc_hmac_sha1 == NULL 333 1.1 christos || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) 334 1.1 christos || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, 335 1.1 christos EVP_CIPH_CBC_MODE 336 1.1 christos | EVP_CIPH_FLAG_DEFAULT_ASN1 337 1.1 christos | EVP_CIPH_FLAG_AEAD_CIPHER 338 1.1.1.5 christos | EVP_CIPH_FLAG_PIPELINE 339 1.1.1.5 christos | EVP_CIPH_CUSTOM_COPY) 340 1.1 christos || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, 341 1.1 christos dasync_aes128_cbc_hmac_sha1_init_key) 342 1.1 christos || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, 343 1.1 christos dasync_aes128_cbc_hmac_sha1_cipher) 344 1.1 christos || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, 345 1.1 christos dasync_aes128_cbc_hmac_sha1_cleanup) 346 1.1 christos || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, 347 1.1 christos dasync_aes128_cbc_hmac_sha1_ctrl) 348 1.1 christos || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, 349 1.1 christos sizeof(struct dasync_pipeline_ctx))) { 350 1.1 christos EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 351 1.1 christos _hidden_aes_128_cbc_hmac_sha1 = NULL; 352 1.1 christos } 353 1.1 christos 354 1.1 christos return 1; 355 1.1 christos } 356 1.1 christos 357 1.1.1.6 christos static void destroy_pkey(void) 358 1.1.1.6 christos { 359 1.1.1.6 christos /* 360 1.1.1.6 christos * We don't actually need to free the dasync_rsa method since this is 361 1.1.1.6 christos * automatically freed for us by libcrypto. 362 1.1.1.6 christos */ 363 1.1.1.6 christos dasync_rsa_orig = NULL; 364 1.1.1.6 christos dasync_rsa = NULL; 365 1.1.1.6 christos } 366 1.1.1.6 christos 367 1.1 christos # ifndef OPENSSL_NO_DYNAMIC_ENGINE 368 1.1 christos static int bind_helper(ENGINE *e, const char *id) 369 1.1 christos { 370 1.1 christos if (id && (strcmp(id, engine_dasync_id) != 0)) 371 1.1 christos return 0; 372 1.1 christos if (!bind_dasync(e)) 373 1.1 christos return 0; 374 1.1 christos return 1; 375 1.1 christos } 376 1.1 christos 377 1.1 christos IMPLEMENT_DYNAMIC_CHECK_FN() 378 1.1 christos IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) 379 1.1 christos # endif 380 1.1 christos 381 1.1 christos static ENGINE *engine_dasync(void) 382 1.1 christos { 383 1.1 christos ENGINE *ret = ENGINE_new(); 384 1.1 christos if (!ret) 385 1.1 christos return NULL; 386 1.1 christos if (!bind_dasync(ret)) { 387 1.1 christos ENGINE_free(ret); 388 1.1 christos return NULL; 389 1.1 christos } 390 1.1 christos return ret; 391 1.1 christos } 392 1.1 christos 393 1.1 christos void engine_load_dasync_int(void) 394 1.1 christos { 395 1.1 christos ENGINE *toadd = engine_dasync(); 396 1.1 christos if (!toadd) 397 1.1 christos return; 398 1.1.1.6 christos ERR_set_mark(); 399 1.1 christos ENGINE_add(toadd); 400 1.1.1.6 christos /* 401 1.1.1.6 christos * If the "add" worked, it gets a structural reference. So either way, we 402 1.1.1.6 christos * release our just-created reference. 403 1.1.1.6 christos */ 404 1.1 christos ENGINE_free(toadd); 405 1.1.1.6 christos /* 406 1.1.1.6 christos * If the "add" didn't work, it was probably a conflict because it was 407 1.1.1.6 christos * already added (eg. someone calling ENGINE_load_blah then calling 408 1.1.1.6 christos * ENGINE_load_builtin_engines() perhaps). 409 1.1.1.6 christos */ 410 1.1.1.6 christos ERR_pop_to_mark(); 411 1.1 christos } 412 1.1 christos 413 1.1 christos static int dasync_init(ENGINE *e) 414 1.1 christos { 415 1.1 christos return 1; 416 1.1 christos } 417 1.1 christos 418 1.1 christos 419 1.1 christos static int dasync_finish(ENGINE *e) 420 1.1 christos { 421 1.1 christos return 1; 422 1.1 christos } 423 1.1 christos 424 1.1 christos 425 1.1 christos static int dasync_destroy(ENGINE *e) 426 1.1 christos { 427 1.1 christos destroy_digests(); 428 1.1 christos destroy_ciphers(); 429 1.1.1.6 christos destroy_pkey(); 430 1.1 christos ERR_unload_DASYNC_strings(); 431 1.1 christos return 1; 432 1.1 christos } 433 1.1 christos 434 1.1.1.6 christos static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, 435 1.1.1.6 christos const int **pnids, int nid) 436 1.1.1.6 christos { 437 1.1.1.6 christos static const int rnid = EVP_PKEY_RSA; 438 1.1.1.6 christos 439 1.1.1.6 christos if (pmeth == NULL) { 440 1.1.1.6 christos *pnids = &rnid; 441 1.1.1.6 christos return 1; 442 1.1.1.6 christos } 443 1.1.1.6 christos 444 1.1.1.6 christos if (nid == EVP_PKEY_RSA) { 445 1.1.1.6 christos *pmeth = dasync_rsa; 446 1.1.1.6 christos return 1; 447 1.1.1.6 christos } 448 1.1.1.6 christos 449 1.1.1.6 christos *pmeth = NULL; 450 1.1.1.6 christos return 0; 451 1.1.1.6 christos } 452 1.1.1.6 christos 453 1.1 christos static int dasync_digests(ENGINE *e, const EVP_MD **digest, 454 1.1 christos const int **nids, int nid) 455 1.1 christos { 456 1.1 christos int ok = 1; 457 1.1 christos if (!digest) { 458 1.1 christos /* We are returning a list of supported nids */ 459 1.1 christos return dasync_digest_nids(nids); 460 1.1 christos } 461 1.1 christos /* We are being asked for a specific digest */ 462 1.1 christos switch (nid) { 463 1.1 christos case NID_sha1: 464 1.1 christos *digest = dasync_sha1(); 465 1.1 christos break; 466 1.1 christos default: 467 1.1 christos ok = 0; 468 1.1 christos *digest = NULL; 469 1.1 christos break; 470 1.1 christos } 471 1.1 christos return ok; 472 1.1 christos } 473 1.1 christos 474 1.1 christos static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 475 1.1 christos const int **nids, int nid) 476 1.1 christos { 477 1.1 christos int ok = 1; 478 1.1 christos if (cipher == NULL) { 479 1.1 christos /* We are returning a list of supported nids */ 480 1.1 christos *nids = dasync_cipher_nids; 481 1.1 christos return (sizeof(dasync_cipher_nids) - 482 1.1 christos 1) / sizeof(dasync_cipher_nids[0]); 483 1.1 christos } 484 1.1 christos /* We are being asked for a specific cipher */ 485 1.1 christos switch (nid) { 486 1.1 christos case NID_aes_128_cbc: 487 1.1 christos *cipher = dasync_aes_128_cbc(); 488 1.1 christos break; 489 1.1.1.6 christos case NID_aes_256_ctr: 490 1.1.1.6 christos *cipher = dasync_aes_256_ctr(); 491 1.1.1.6 christos break; 492 1.1 christos case NID_aes_128_cbc_hmac_sha1: 493 1.1 christos *cipher = dasync_aes_128_cbc_hmac_sha1(); 494 1.1 christos break; 495 1.1 christos default: 496 1.1 christos ok = 0; 497 1.1 christos *cipher = NULL; 498 1.1 christos break; 499 1.1 christos } 500 1.1 christos return ok; 501 1.1 christos } 502 1.1 christos 503 1.1 christos static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, 504 1.1 christos OSSL_ASYNC_FD readfd, void *pvwritefd) 505 1.1 christos { 506 1.1 christos OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd; 507 1.1 christos #if defined(ASYNC_WIN) 508 1.1 christos CloseHandle(readfd); 509 1.1 christos CloseHandle(*pwritefd); 510 1.1 christos #elif defined(ASYNC_POSIX) 511 1.1 christos close(readfd); 512 1.1 christos close(*pwritefd); 513 1.1 christos #endif 514 1.1 christos OPENSSL_free(pwritefd); 515 1.1 christos } 516 1.1 christos 517 1.1 christos #define DUMMY_CHAR 'X' 518 1.1 christos 519 1.1 christos static void dummy_pause_job(void) { 520 1.1 christos ASYNC_JOB *job; 521 1.1 christos ASYNC_WAIT_CTX *waitctx; 522 1.1.1.6 christos ASYNC_callback_fn callback; 523 1.1.1.6 christos void * callback_arg; 524 1.1 christos OSSL_ASYNC_FD pipefds[2] = {0, 0}; 525 1.1 christos OSSL_ASYNC_FD *writefd; 526 1.1 christos #if defined(ASYNC_WIN) 527 1.1 christos DWORD numwritten, numread; 528 1.1 christos char buf = DUMMY_CHAR; 529 1.1 christos #elif defined(ASYNC_POSIX) 530 1.1 christos char buf = DUMMY_CHAR; 531 1.1 christos #endif 532 1.1 christos 533 1.1 christos if ((job = ASYNC_get_current_job()) == NULL) 534 1.1 christos return; 535 1.1 christos 536 1.1 christos waitctx = ASYNC_get_wait_ctx(job); 537 1.1 christos 538 1.1.1.6 christos if (ASYNC_WAIT_CTX_get_callback(waitctx, &callback, &callback_arg) && callback != NULL) { 539 1.1.1.6 christos /* 540 1.1.1.6 christos * In the Dummy async engine we are cheating. We call the callback that the job 541 1.1.1.6 christos * is complete before the call to ASYNC_pause_job(). A real 542 1.1.1.6 christos * async engine would only call the callback when the job was actually complete 543 1.1.1.6 christos */ 544 1.1.1.6 christos (*callback)(callback_arg); 545 1.1.1.6 christos ASYNC_pause_job(); 546 1.1.1.6 christos return; 547 1.1.1.6 christos } 548 1.1.1.6 christos 549 1.1.1.6 christos 550 1.1 christos if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0], 551 1.1 christos (void **)&writefd)) { 552 1.1 christos pipefds[1] = *writefd; 553 1.1 christos } else { 554 1.1 christos writefd = OPENSSL_malloc(sizeof(*writefd)); 555 1.1 christos if (writefd == NULL) 556 1.1 christos return; 557 1.1 christos #if defined(ASYNC_WIN) 558 1.1 christos if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) { 559 1.1 christos OPENSSL_free(writefd); 560 1.1 christos return; 561 1.1 christos } 562 1.1 christos #elif defined(ASYNC_POSIX) 563 1.1 christos if (pipe(pipefds) != 0) { 564 1.1 christos OPENSSL_free(writefd); 565 1.1 christos return; 566 1.1 christos } 567 1.1 christos #endif 568 1.1 christos *writefd = pipefds[1]; 569 1.1 christos 570 1.1.1.3 christos if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], 571 1.1.1.3 christos writefd, wait_cleanup)) { 572 1.1 christos wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); 573 1.1 christos return; 574 1.1 christos } 575 1.1 christos } 576 1.1 christos /* 577 1.1 christos * In the Dummy async engine we are cheating. We signal that the job 578 1.1 christos * is complete by waking it before the call to ASYNC_pause_job(). A real 579 1.1 christos * async engine would only wake when the job was actually complete 580 1.1 christos */ 581 1.1 christos #if defined(ASYNC_WIN) 582 1.1 christos WriteFile(pipefds[1], &buf, 1, &numwritten, NULL); 583 1.1 christos #elif defined(ASYNC_POSIX) 584 1.1 christos if (write(pipefds[1], &buf, 1) < 0) 585 1.1 christos return; 586 1.1 christos #endif 587 1.1 christos 588 1.1 christos /* Ignore errors - we carry on anyway */ 589 1.1 christos ASYNC_pause_job(); 590 1.1 christos 591 1.1 christos /* Clear the wake signal */ 592 1.1 christos #if defined(ASYNC_WIN) 593 1.1 christos ReadFile(pipefds[0], &buf, 1, &numread, NULL); 594 1.1 christos #elif defined(ASYNC_POSIX) 595 1.1 christos if (read(pipefds[0], &buf, 1) < 0) 596 1.1 christos return; 597 1.1 christos #endif 598 1.1 christos } 599 1.1 christos 600 1.1 christos /* 601 1.1 christos * SHA1 implementation. At the moment we just defer to the standard 602 1.1 christos * implementation 603 1.1 christos */ 604 1.1 christos static int dasync_sha1_init(EVP_MD_CTX *ctx) 605 1.1 christos { 606 1.1 christos dummy_pause_job(); 607 1.1 christos 608 1.1.1.6 christos return EVP_MD_meth_get_init(EVP_sha1())(ctx); 609 1.1 christos } 610 1.1 christos 611 1.1 christos static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 612 1.1 christos size_t count) 613 1.1 christos { 614 1.1 christos dummy_pause_job(); 615 1.1 christos 616 1.1.1.6 christos return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count); 617 1.1 christos } 618 1.1 christos 619 1.1 christos static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) 620 1.1 christos { 621 1.1 christos dummy_pause_job(); 622 1.1 christos 623 1.1.1.6 christos return EVP_MD_meth_get_final(EVP_sha1())(ctx, md); 624 1.1 christos } 625 1.1 christos 626 1.1 christos /* Cipher helper functions */ 627 1.1 christos 628 1.1 christos static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, 629 1.1.1.6 christos void *ptr, int aeadcapable, 630 1.1.1.6 christos const EVP_CIPHER *ciph) 631 1.1 christos { 632 1.1 christos int ret; 633 1.1 christos struct dasync_pipeline_ctx *pipe_ctx = 634 1.1 christos (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 635 1.1 christos 636 1.1 christos if (pipe_ctx == NULL) 637 1.1 christos return 0; 638 1.1 christos 639 1.1 christos switch (type) { 640 1.1.1.6 christos case EVP_CTRL_COPY: 641 1.1.1.6 christos { 642 1.1.1.6 christos size_t sz = EVP_CIPHER_impl_ctx_size(ciph); 643 1.1.1.6 christos void *inner_cipher_data = OPENSSL_malloc(sz); 644 1.1.1.6 christos 645 1.1.1.6 christos if (inner_cipher_data == NULL) 646 1.1.1.6 christos return -1; 647 1.1.1.6 christos memcpy(inner_cipher_data, pipe_ctx->inner_cipher_data, sz); 648 1.1.1.6 christos pipe_ctx->inner_cipher_data = inner_cipher_data; 649 1.1.1.6 christos } 650 1.1.1.6 christos break; 651 1.1.1.6 christos 652 1.1 christos case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: 653 1.1 christos pipe_ctx->numpipes = arg; 654 1.1 christos pipe_ctx->outbufs = (unsigned char **)ptr; 655 1.1 christos break; 656 1.1 christos 657 1.1 christos case EVP_CTRL_SET_PIPELINE_INPUT_BUFS: 658 1.1 christos pipe_ctx->numpipes = arg; 659 1.1 christos pipe_ctx->inbufs = (unsigned char **)ptr; 660 1.1 christos break; 661 1.1 christos 662 1.1 christos case EVP_CTRL_SET_PIPELINE_INPUT_LENS: 663 1.1 christos pipe_ctx->numpipes = arg; 664 1.1 christos pipe_ctx->lens = (size_t *)ptr; 665 1.1 christos break; 666 1.1 christos 667 1.1 christos case EVP_CTRL_AEAD_SET_MAC_KEY: 668 1.1 christos if (!aeadcapable) 669 1.1 christos return -1; 670 1.1 christos EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 671 1.1 christos ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1()) 672 1.1 christos (ctx, type, arg, ptr); 673 1.1 christos EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 674 1.1 christos return ret; 675 1.1 christos 676 1.1 christos case EVP_CTRL_AEAD_TLS1_AAD: 677 1.1 christos { 678 1.1 christos unsigned char *p = ptr; 679 1.1 christos unsigned int len; 680 1.1 christos 681 1.1 christos if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN) 682 1.1 christos return -1; 683 1.1 christos 684 1.1 christos if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES) 685 1.1 christos return -1; 686 1.1 christos 687 1.1 christos memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr, 688 1.1 christos EVP_AEAD_TLS1_AAD_LEN); 689 1.1 christos pipe_ctx->aadctr++; 690 1.1 christos 691 1.1 christos len = p[arg - 2] << 8 | p[arg - 1]; 692 1.1 christos 693 1.1.1.6 christos if (EVP_CIPHER_CTX_is_encrypting(ctx)) { 694 1.1 christos if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { 695 1.1 christos if (len < AES_BLOCK_SIZE) 696 1.1 christos return 0; 697 1.1 christos len -= AES_BLOCK_SIZE; 698 1.1 christos } 699 1.1 christos 700 1.1 christos return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) 701 1.1 christos & -AES_BLOCK_SIZE) - len; 702 1.1 christos } else { 703 1.1 christos return SHA_DIGEST_LENGTH; 704 1.1 christos } 705 1.1 christos } 706 1.1 christos 707 1.1 christos default: 708 1.1 christos return 0; 709 1.1 christos } 710 1.1 christos 711 1.1 christos return 1; 712 1.1 christos } 713 1.1 christos 714 1.1 christos static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx, 715 1.1 christos const unsigned char *key, 716 1.1 christos const unsigned char *iv, int enc, 717 1.1 christos const EVP_CIPHER *cipher) 718 1.1 christos { 719 1.1 christos int ret; 720 1.1 christos struct dasync_pipeline_ctx *pipe_ctx = 721 1.1 christos (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 722 1.1 christos 723 1.1 christos if (pipe_ctx->inner_cipher_data == NULL 724 1.1 christos && EVP_CIPHER_impl_ctx_size(cipher) != 0) { 725 1.1 christos pipe_ctx->inner_cipher_data = OPENSSL_zalloc( 726 1.1 christos EVP_CIPHER_impl_ctx_size(cipher)); 727 1.1 christos if (pipe_ctx->inner_cipher_data == NULL) { 728 1.1 christos DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 729 1.1 christos ERR_R_MALLOC_FAILURE); 730 1.1 christos return 0; 731 1.1 christos } 732 1.1 christos } 733 1.1 christos 734 1.1 christos pipe_ctx->numpipes = 0; 735 1.1 christos pipe_ctx->aadctr = 0; 736 1.1 christos 737 1.1 christos EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 738 1.1 christos ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc); 739 1.1 christos EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 740 1.1 christos 741 1.1 christos return ret; 742 1.1 christos } 743 1.1 christos 744 1.1 christos static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out, 745 1.1 christos const unsigned char *in, size_t inl, 746 1.1 christos const EVP_CIPHER *cipher) 747 1.1 christos { 748 1.1 christos int ret = 1; 749 1.1 christos unsigned int i, pipes; 750 1.1 christos struct dasync_pipeline_ctx *pipe_ctx = 751 1.1 christos (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 752 1.1 christos 753 1.1 christos pipes = pipe_ctx->numpipes; 754 1.1 christos EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 755 1.1 christos if (pipes == 0) { 756 1.1 christos if (pipe_ctx->aadctr != 0) { 757 1.1 christos if (pipe_ctx->aadctr != 1) 758 1.1 christos return -1; 759 1.1 christos EVP_CIPHER_meth_get_ctrl(cipher) 760 1.1 christos (ctx, EVP_CTRL_AEAD_TLS1_AAD, 761 1.1 christos EVP_AEAD_TLS1_AAD_LEN, 762 1.1 christos pipe_ctx->tlsaad[0]); 763 1.1 christos } 764 1.1 christos ret = EVP_CIPHER_meth_get_do_cipher(cipher) 765 1.1 christos (ctx, out, in, inl); 766 1.1 christos } else { 767 1.1 christos if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes) 768 1.1 christos return -1; 769 1.1 christos for (i = 0; i < pipes; i++) { 770 1.1 christos if (pipe_ctx->aadctr > 0) { 771 1.1 christos EVP_CIPHER_meth_get_ctrl(cipher) 772 1.1 christos (ctx, EVP_CTRL_AEAD_TLS1_AAD, 773 1.1 christos EVP_AEAD_TLS1_AAD_LEN, 774 1.1 christos pipe_ctx->tlsaad[i]); 775 1.1 christos } 776 1.1 christos ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher) 777 1.1 christos (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i], 778 1.1 christos pipe_ctx->lens[i]); 779 1.1 christos } 780 1.1 christos pipe_ctx->numpipes = 0; 781 1.1 christos } 782 1.1 christos pipe_ctx->aadctr = 0; 783 1.1 christos EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 784 1.1 christos return ret; 785 1.1 christos } 786 1.1 christos 787 1.1 christos static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx, 788 1.1 christos const EVP_CIPHER *cipher) 789 1.1 christos { 790 1.1 christos struct dasync_pipeline_ctx *pipe_ctx = 791 1.1 christos (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 792 1.1 christos 793 1.1 christos OPENSSL_clear_free(pipe_ctx->inner_cipher_data, 794 1.1 christos EVP_CIPHER_impl_ctx_size(cipher)); 795 1.1 christos 796 1.1 christos return 1; 797 1.1 christos } 798 1.1 christos 799 1.1 christos /* 800 1.1 christos * AES128 CBC Implementation 801 1.1 christos */ 802 1.1 christos 803 1.1 christos static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 804 1.1 christos void *ptr) 805 1.1 christos { 806 1.1.1.6 christos return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_128_cbc()); 807 1.1 christos } 808 1.1 christos 809 1.1 christos static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 810 1.1 christos const unsigned char *iv, int enc) 811 1.1 christos { 812 1.1 christos return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc()); 813 1.1 christos } 814 1.1 christos 815 1.1 christos static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 816 1.1 christos const unsigned char *in, size_t inl) 817 1.1 christos { 818 1.1 christos return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc()); 819 1.1 christos } 820 1.1 christos 821 1.1 christos static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx) 822 1.1 christos { 823 1.1 christos return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc()); 824 1.1 christos } 825 1.1 christos 826 1.1.1.6 christos static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 827 1.1.1.6 christos void *ptr) 828 1.1.1.6 christos { 829 1.1.1.6 christos return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_256_ctr()); 830 1.1.1.6 christos } 831 1.1.1.6 christos 832 1.1.1.6 christos static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 833 1.1.1.6 christos const unsigned char *iv, int enc) 834 1.1.1.6 christos { 835 1.1.1.6 christos return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_256_ctr()); 836 1.1.1.6 christos } 837 1.1.1.6 christos 838 1.1.1.6 christos static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 839 1.1.1.6 christos const unsigned char *in, size_t inl) 840 1.1.1.6 christos { 841 1.1.1.6 christos return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_256_ctr()); 842 1.1.1.6 christos } 843 1.1.1.6 christos 844 1.1.1.6 christos static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx) 845 1.1.1.6 christos { 846 1.1.1.6 christos return dasync_cipher_cleanup_helper(ctx, EVP_aes_256_ctr()); 847 1.1.1.6 christos } 848 1.1.1.6 christos 849 1.1 christos 850 1.1 christos /* 851 1.1 christos * AES128 CBC HMAC SHA1 Implementation 852 1.1 christos */ 853 1.1 christos 854 1.1 christos static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 855 1.1 christos int arg, void *ptr) 856 1.1 christos { 857 1.1.1.6 christos return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1, EVP_aes_128_cbc_hmac_sha1()); 858 1.1 christos } 859 1.1 christos 860 1.1 christos static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 861 1.1 christos const unsigned char *key, 862 1.1 christos const unsigned char *iv, 863 1.1 christos int enc) 864 1.1 christos { 865 1.1.1.4 christos /* 866 1.1.1.4 christos * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, 867 1.1.1.4 christos * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). 868 1.1.1.4 christos */ 869 1.1 christos return dasync_cipher_init_key_helper(ctx, key, iv, enc, 870 1.1 christos EVP_aes_128_cbc_hmac_sha1()); 871 1.1 christos } 872 1.1 christos 873 1.1 christos static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 874 1.1 christos unsigned char *out, 875 1.1 christos const unsigned char *in, 876 1.1 christos size_t inl) 877 1.1 christos { 878 1.1 christos return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1()); 879 1.1 christos } 880 1.1 christos 881 1.1 christos static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) 882 1.1 christos { 883 1.1.1.4 christos /* 884 1.1.1.4 christos * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, 885 1.1.1.4 christos * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). 886 1.1.1.4 christos */ 887 1.1 christos return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); 888 1.1 christos } 889 1.1.1.6 christos 890 1.1.1.6 christos 891 1.1.1.6 christos /* 892 1.1.1.6 christos * RSA implementation 893 1.1.1.6 christos */ 894 1.1.1.6 christos static int dasync_rsa_init(EVP_PKEY_CTX *ctx) 895 1.1.1.6 christos { 896 1.1.1.6 christos static int (*pinit)(EVP_PKEY_CTX *ctx); 897 1.1.1.6 christos 898 1.1.1.6 christos if (pinit == NULL) 899 1.1.1.6 christos EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit); 900 1.1.1.6 christos return pinit(ctx); 901 1.1.1.6 christos } 902 1.1.1.6 christos 903 1.1.1.6 christos static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx) 904 1.1.1.6 christos { 905 1.1.1.6 christos static void (*pcleanup)(EVP_PKEY_CTX *ctx); 906 1.1.1.6 christos 907 1.1.1.6 christos if (pcleanup == NULL) 908 1.1.1.6 christos EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup); 909 1.1.1.6 christos pcleanup(ctx); 910 1.1.1.6 christos } 911 1.1.1.6 christos 912 1.1.1.6 christos static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx) 913 1.1.1.6 christos { 914 1.1.1.6 christos static int (*pparamgen_init)(EVP_PKEY_CTX *ctx); 915 1.1.1.6 christos 916 1.1.1.6 christos if (pparamgen_init == NULL) 917 1.1.1.6 christos EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL); 918 1.1.1.6 christos return pparamgen_init != NULL ? pparamgen_init(ctx) : 1; 919 1.1.1.6 christos } 920 1.1.1.6 christos 921 1.1.1.6 christos static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 922 1.1.1.6 christos { 923 1.1.1.6 christos static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey); 924 1.1.1.6 christos 925 1.1.1.6 christos if (pparamgen == NULL) 926 1.1.1.6 christos EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen); 927 1.1.1.6 christos return pparamgen != NULL ? pparamgen(ctx, pkey) : 1; 928 1.1.1.6 christos } 929 1.1.1.6 christos 930 1.1.1.6 christos static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx) 931 1.1.1.6 christos { 932 1.1.1.6 christos static int (*pkeygen_init)(EVP_PKEY_CTX *ctx); 933 1.1.1.6 christos 934 1.1.1.6 christos if (pkeygen_init == NULL) 935 1.1.1.6 christos EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL); 936 1.1.1.6 christos return pkeygen_init != NULL ? pkeygen_init(ctx) : 1; 937 1.1.1.6 christos } 938 1.1.1.6 christos 939 1.1.1.6 christos static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 940 1.1.1.6 christos { 941 1.1.1.6 christos static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey); 942 1.1.1.6 christos 943 1.1.1.6 christos if (pkeygen == NULL) 944 1.1.1.6 christos EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen); 945 1.1.1.6 christos return pkeygen(ctx, pkey); 946 1.1.1.6 christos } 947 1.1.1.6 christos 948 1.1.1.6 christos static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx) 949 1.1.1.6 christos { 950 1.1.1.6 christos static int (*pencrypt_init)(EVP_PKEY_CTX *ctx); 951 1.1.1.6 christos 952 1.1.1.6 christos if (pencrypt_init == NULL) 953 1.1.1.6 christos EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL); 954 1.1.1.6 christos return pencrypt_init != NULL ? pencrypt_init(ctx) : 1; 955 1.1.1.6 christos } 956 1.1.1.6 christos 957 1.1.1.6 christos static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 958 1.1.1.6 christos size_t *outlen, const unsigned char *in, 959 1.1.1.6 christos size_t inlen) 960 1.1.1.6 christos { 961 1.1.1.6 christos static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, 962 1.1.1.6 christos size_t *outlen, const unsigned char *in, 963 1.1.1.6 christos size_t inlen); 964 1.1.1.6 christos 965 1.1.1.6 christos if (pencryptfn == NULL) 966 1.1.1.6 christos EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn); 967 1.1.1.6 christos return pencryptfn(ctx, out, outlen, in, inlen); 968 1.1.1.6 christos } 969 1.1.1.6 christos 970 1.1.1.6 christos static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx) 971 1.1.1.6 christos { 972 1.1.1.6 christos static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx); 973 1.1.1.6 christos 974 1.1.1.6 christos if (pdecrypt_init == NULL) 975 1.1.1.6 christos EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL); 976 1.1.1.6 christos return pdecrypt_init != NULL ? pdecrypt_init(ctx) : 1; 977 1.1.1.6 christos } 978 1.1.1.6 christos 979 1.1.1.6 christos static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 980 1.1.1.6 christos size_t *outlen, const unsigned char *in, 981 1.1.1.6 christos size_t inlen) 982 1.1.1.6 christos { 983 1.1.1.6 christos static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, 984 1.1.1.6 christos size_t *outlen, const unsigned char *in, 985 1.1.1.6 christos size_t inlen); 986 1.1.1.6 christos 987 1.1.1.6 christos if (pdecrypt == NULL) 988 1.1.1.6 christos EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt); 989 1.1.1.6 christos return pdecrypt(ctx, out, outlen, in, inlen); 990 1.1.1.6 christos } 991 1.1.1.6 christos 992 1.1.1.6 christos static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 993 1.1.1.6 christos { 994 1.1.1.6 christos static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 995 1.1.1.6 christos 996 1.1.1.6 christos if (pctrl == NULL) 997 1.1.1.6 christos EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL); 998 1.1.1.6 christos return pctrl(ctx, type, p1, p2); 999 1.1.1.6 christos } 1000 1.1.1.6 christos 1001 1.1.1.6 christos static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, 1002 1.1.1.6 christos const char *value) 1003 1.1.1.6 christos { 1004 1.1.1.6 christos static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type, 1005 1.1.1.6 christos const char *value); 1006 1.1.1.6 christos 1007 1.1.1.6 christos if (pctrl_str == NULL) 1008 1.1.1.6 christos EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str); 1009 1.1.1.6 christos return pctrl_str(ctx, type, value); 1010 1.1.1.6 christos } 1011
Indexes created Tue Mar 03 05:31:39 UTC 2026