1 /* 2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #if defined(_WIN32) 11 # include <windows.h> 12 #endif 13 14 #include <stdio.h> 15 #include <string.h> 16 17 #include <openssl/engine.h> 18 #include <openssl/sha.h> 19 #include <openssl/aes.h> 20 #include <openssl/rsa.h> 21 #include <openssl/evp.h> 22 #include <openssl/async.h> 23 #include <openssl/bn.h> 24 #include <openssl/crypto.h> 25 #include <openssl/ssl.h> 26 #include <openssl/modes.h> 27 28 #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS) 29 # undef ASYNC_POSIX 30 # define ASYNC_POSIX 31 # include <unistd.h> 32 #elif defined(_WIN32) 33 # undef ASYNC_WIN 34 # define ASYNC_WIN 35 #endif 36 37 #include "e_dasync_err.c" 38 39 /* Engine Id and Name */ 40 static const char *engine_dasync_id = "dasync"; 41 static const char *engine_dasync_name = "Dummy Async engine support"; 42 43 44 /* Engine Lifetime functions */ 45 static int dasync_destroy(ENGINE *e); 46 static int dasync_init(ENGINE *e); 47 static int dasync_finish(ENGINE *e); 48 void engine_load_dasync_int(void); 49 50 51 /* Set up digests. Just SHA1 for now */ 52 static int dasync_digests(ENGINE *e, const EVP_MD **digest, 53 const int **nids, int nid); 54 55 static void dummy_pause_job(void); 56 57 /* SHA1 */ 58 static int dasync_sha1_init(EVP_MD_CTX *ctx); 59 static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 60 size_t count); 61 static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); 62 63 /* 64 * Holds the EVP_MD object for sha1 in this engine. Set up once only during 65 * engine bind and can then be reused many times. 66 */ 67 static EVP_MD *_hidden_sha1_md = NULL; 68 static const EVP_MD *dasync_sha1(void) 69 { 70 return _hidden_sha1_md; 71 } 72 static void destroy_digests(void) 73 { 74 EVP_MD_meth_free(_hidden_sha1_md); 75 _hidden_sha1_md = NULL; 76 } 77 78 static int dasync_digest_nids(const int **nids) 79 { 80 static int digest_nids[2] = { 0, 0 }; 81 static int pos = 0; 82 static int init = 0; 83 84 if (!init) { 85 const EVP_MD *md; 86 if ((md = dasync_sha1()) != NULL) 87 digest_nids[pos++] = EVP_MD_type(md); 88 digest_nids[pos] = 0; 89 init = 1; 90 } 91 *nids = digest_nids; 92 return pos; 93 } 94 95 /* RSA */ 96 97 static int dasync_pub_enc(int flen, const unsigned char *from, 98 unsigned char *to, RSA *rsa, int padding); 99 static int dasync_pub_dec(int flen, const unsigned char *from, 100 unsigned char *to, RSA *rsa, int padding); 101 static int dasync_rsa_priv_enc(int flen, const unsigned char *from, 102 unsigned char *to, RSA *rsa, int padding); 103 static int dasync_rsa_priv_dec(int flen, const unsigned char *from, 104 unsigned char *to, RSA *rsa, int padding); 105 static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, 106 BN_CTX *ctx); 107 108 static int dasync_rsa_init(RSA *rsa); 109 static int dasync_rsa_finish(RSA *rsa); 110 111 static RSA_METHOD *dasync_rsa_method = NULL; 112 113 /* AES */ 114 115 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 116 void *ptr); 117 static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 118 const unsigned char *iv, int enc); 119 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 120 const unsigned char *in, size_t inl); 121 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx); 122 123 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 124 int arg, void *ptr); 125 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 126 const unsigned char *key, 127 const unsigned char *iv, 128 int enc); 129 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 130 unsigned char *out, 131 const unsigned char *in, 132 size_t inl); 133 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx); 134 135 struct dasync_pipeline_ctx { 136 void *inner_cipher_data; 137 unsigned int numpipes; 138 unsigned char **inbufs; 139 unsigned char **outbufs; 140 size_t *lens; 141 int enc; 142 unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; 143 unsigned int aadctr; 144 }; 145 146 /* 147 * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only 148 * during engine bind and can then be reused many times. 149 */ 150 static EVP_CIPHER *_hidden_aes_128_cbc = NULL; 151 static const EVP_CIPHER *dasync_aes_128_cbc(void) 152 { 153 return _hidden_aes_128_cbc; 154 } 155 156 /* 157 * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up 158 * once only during engine bind and can then be reused many times. 159 */ 160 static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; 161 static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void) 162 { 163 return _hidden_aes_128_cbc_hmac_sha1; 164 } 165 166 static void destroy_ciphers(void) 167 { 168 EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 169 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 170 _hidden_aes_128_cbc = NULL; 171 _hidden_aes_128_cbc_hmac_sha1 = NULL; 172 } 173 174 static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 175 const int **nids, int nid); 176 177 static int dasync_cipher_nids[] = { 178 NID_aes_128_cbc, 179 NID_aes_128_cbc_hmac_sha1, 180 0 181 }; 182 183 static int bind_dasync(ENGINE *e) 184 { 185 /* Setup RSA_METHOD */ 186 if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL 187 || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 188 || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 189 || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0 190 || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0 191 || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0 192 || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0 193 || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0 194 || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) { 195 DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); 196 return 0; 197 } 198 199 /* Ensure the dasync error handling is set up */ 200 ERR_load_DASYNC_strings(); 201 202 if (!ENGINE_set_id(e, engine_dasync_id) 203 || !ENGINE_set_name(e, engine_dasync_name) 204 || !ENGINE_set_RSA(e, dasync_rsa_method) 205 || !ENGINE_set_digests(e, dasync_digests) 206 || !ENGINE_set_ciphers(e, dasync_ciphers) 207 || !ENGINE_set_destroy_function(e, dasync_destroy) 208 || !ENGINE_set_init_function(e, dasync_init) 209 || !ENGINE_set_finish_function(e, dasync_finish)) { 210 DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); 211 return 0; 212 } 213 214 /* 215 * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests 216 * supplied by this engine 217 */ 218 _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption); 219 if (_hidden_sha1_md == NULL 220 || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH) 221 || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK) 222 || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, 223 sizeof(EVP_MD *) + sizeof(SHA_CTX)) 224 || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT) 225 || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init) 226 || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update) 227 || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) { 228 EVP_MD_meth_free(_hidden_sha1_md); 229 _hidden_sha1_md = NULL; 230 } 231 232 _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, 233 16 /* block size */, 234 16 /* key len */); 235 if (_hidden_aes_128_cbc == NULL 236 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) 237 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, 238 EVP_CIPH_FLAG_DEFAULT_ASN1 239 | EVP_CIPH_CBC_MODE 240 | EVP_CIPH_FLAG_PIPELINE) 241 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, 242 dasync_aes128_init_key) 243 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, 244 dasync_aes128_cbc_cipher) 245 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, 246 dasync_aes128_cbc_cleanup) 247 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, 248 dasync_aes128_cbc_ctrl) 249 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, 250 sizeof(struct dasync_pipeline_ctx))) { 251 EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 252 _hidden_aes_128_cbc = NULL; 253 } 254 255 _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( 256 NID_aes_128_cbc_hmac_sha1, 257 16 /* block size */, 258 16 /* key len */); 259 if (_hidden_aes_128_cbc_hmac_sha1 == NULL 260 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) 261 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, 262 EVP_CIPH_CBC_MODE 263 | EVP_CIPH_FLAG_DEFAULT_ASN1 264 | EVP_CIPH_FLAG_AEAD_CIPHER 265 | EVP_CIPH_FLAG_PIPELINE) 266 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, 267 dasync_aes128_cbc_hmac_sha1_init_key) 268 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, 269 dasync_aes128_cbc_hmac_sha1_cipher) 270 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, 271 dasync_aes128_cbc_hmac_sha1_cleanup) 272 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, 273 dasync_aes128_cbc_hmac_sha1_ctrl) 274 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, 275 sizeof(struct dasync_pipeline_ctx))) { 276 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 277 _hidden_aes_128_cbc_hmac_sha1 = NULL; 278 } 279 280 return 1; 281 } 282 283 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 284 static int bind_helper(ENGINE *e, const char *id) 285 { 286 if (id && (strcmp(id, engine_dasync_id) != 0)) 287 return 0; 288 if (!bind_dasync(e)) 289 return 0; 290 return 1; 291 } 292 293 IMPLEMENT_DYNAMIC_CHECK_FN() 294 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) 295 # endif 296 297 static ENGINE *engine_dasync(void) 298 { 299 ENGINE *ret = ENGINE_new(); 300 if (!ret) 301 return NULL; 302 if (!bind_dasync(ret)) { 303 ENGINE_free(ret); 304 return NULL; 305 } 306 return ret; 307 } 308 309 void engine_load_dasync_int(void) 310 { 311 ENGINE *toadd = engine_dasync(); 312 if (!toadd) 313 return; 314 ENGINE_add(toadd); 315 ENGINE_free(toadd); 316 ERR_clear_error(); 317 } 318 319 static int dasync_init(ENGINE *e) 320 { 321 return 1; 322 } 323 324 325 static int dasync_finish(ENGINE *e) 326 { 327 return 1; 328 } 329 330 331 static int dasync_destroy(ENGINE *e) 332 { 333 destroy_digests(); 334 destroy_ciphers(); 335 RSA_meth_free(dasync_rsa_method); 336 ERR_unload_DASYNC_strings(); 337 return 1; 338 } 339 340 static int dasync_digests(ENGINE *e, const EVP_MD **digest, 341 const int **nids, int nid) 342 { 343 int ok = 1; 344 if (!digest) { 345 /* We are returning a list of supported nids */ 346 return dasync_digest_nids(nids); 347 } 348 /* We are being asked for a specific digest */ 349 switch (nid) { 350 case NID_sha1: 351 *digest = dasync_sha1(); 352 break; 353 default: 354 ok = 0; 355 *digest = NULL; 356 break; 357 } 358 return ok; 359 } 360 361 static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 362 const int **nids, int nid) 363 { 364 int ok = 1; 365 if (cipher == NULL) { 366 /* We are returning a list of supported nids */ 367 *nids = dasync_cipher_nids; 368 return (sizeof(dasync_cipher_nids) - 369 1) / sizeof(dasync_cipher_nids[0]); 370 } 371 /* We are being asked for a specific cipher */ 372 switch (nid) { 373 case NID_aes_128_cbc: 374 *cipher = dasync_aes_128_cbc(); 375 break; 376 case NID_aes_128_cbc_hmac_sha1: 377 *cipher = dasync_aes_128_cbc_hmac_sha1(); 378 break; 379 default: 380 ok = 0; 381 *cipher = NULL; 382 break; 383 } 384 return ok; 385 } 386 387 static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, 388 OSSL_ASYNC_FD readfd, void *pvwritefd) 389 { 390 OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd; 391 #if defined(ASYNC_WIN) 392 CloseHandle(readfd); 393 CloseHandle(*pwritefd); 394 #elif defined(ASYNC_POSIX) 395 close(readfd); 396 close(*pwritefd); 397 #endif 398 OPENSSL_free(pwritefd); 399 } 400 401 #define DUMMY_CHAR 'X' 402 403 static void dummy_pause_job(void) { 404 ASYNC_JOB *job; 405 ASYNC_WAIT_CTX *waitctx; 406 OSSL_ASYNC_FD pipefds[2] = {0, 0}; 407 OSSL_ASYNC_FD *writefd; 408 #if defined(ASYNC_WIN) 409 DWORD numwritten, numread; 410 char buf = DUMMY_CHAR; 411 #elif defined(ASYNC_POSIX) 412 char buf = DUMMY_CHAR; 413 #endif 414 415 if ((job = ASYNC_get_current_job()) == NULL) 416 return; 417 418 waitctx = ASYNC_get_wait_ctx(job); 419 420 if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0], 421 (void **)&writefd)) { 422 pipefds[1] = *writefd; 423 } else { 424 writefd = OPENSSL_malloc(sizeof(*writefd)); 425 if (writefd == NULL) 426 return; 427 #if defined(ASYNC_WIN) 428 if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) { 429 OPENSSL_free(writefd); 430 return; 431 } 432 #elif defined(ASYNC_POSIX) 433 if (pipe(pipefds) != 0) { 434 OPENSSL_free(writefd); 435 return; 436 } 437 #endif 438 *writefd = pipefds[1]; 439 440 if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], 441 writefd, wait_cleanup)) { 442 wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); 443 return; 444 } 445 } 446 /* 447 * In the Dummy async engine we are cheating. We signal that the job 448 * is complete by waking it before the call to ASYNC_pause_job(). A real 449 * async engine would only wake when the job was actually complete 450 */ 451 #if defined(ASYNC_WIN) 452 WriteFile(pipefds[1], &buf, 1, &numwritten, NULL); 453 #elif defined(ASYNC_POSIX) 454 if (write(pipefds[1], &buf, 1) < 0) 455 return; 456 #endif 457 458 /* Ignore errors - we carry on anyway */ 459 ASYNC_pause_job(); 460 461 /* Clear the wake signal */ 462 #if defined(ASYNC_WIN) 463 ReadFile(pipefds[0], &buf, 1, &numread, NULL); 464 #elif defined(ASYNC_POSIX) 465 if (read(pipefds[0], &buf, 1) < 0) 466 return; 467 #endif 468 } 469 470 /* 471 * SHA1 implementation. At the moment we just defer to the standard 472 * implementation 473 */ 474 #undef data 475 #define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) 476 static int dasync_sha1_init(EVP_MD_CTX *ctx) 477 { 478 dummy_pause_job(); 479 480 return SHA1_Init(data(ctx)); 481 } 482 483 static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 484 size_t count) 485 { 486 dummy_pause_job(); 487 488 return SHA1_Update(data(ctx), data, (size_t)count); 489 } 490 491 static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) 492 { 493 dummy_pause_job(); 494 495 return SHA1_Final(md, data(ctx)); 496 } 497 498 /* 499 * RSA implementation 500 */ 501 502 static int dasync_pub_enc(int flen, const unsigned char *from, 503 unsigned char *to, RSA *rsa, int padding) { 504 /* Ignore errors - we carry on anyway */ 505 dummy_pause_job(); 506 return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL()) 507 (flen, from, to, rsa, padding); 508 } 509 510 static int dasync_pub_dec(int flen, const unsigned char *from, 511 unsigned char *to, RSA *rsa, int padding) { 512 /* Ignore errors - we carry on anyway */ 513 dummy_pause_job(); 514 return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL()) 515 (flen, from, to, rsa, padding); 516 } 517 518 static int dasync_rsa_priv_enc(int flen, const unsigned char *from, 519 unsigned char *to, RSA *rsa, int padding) 520 { 521 /* Ignore errors - we carry on anyway */ 522 dummy_pause_job(); 523 return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL()) 524 (flen, from, to, rsa, padding); 525 } 526 527 static int dasync_rsa_priv_dec(int flen, const unsigned char *from, 528 unsigned char *to, RSA *rsa, int padding) 529 { 530 /* Ignore errors - we carry on anyway */ 531 dummy_pause_job(); 532 return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL()) 533 (flen, from, to, rsa, padding); 534 } 535 536 static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 537 { 538 /* Ignore errors - we carry on anyway */ 539 dummy_pause_job(); 540 return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx); 541 } 542 543 static int dasync_rsa_init(RSA *rsa) 544 { 545 return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa); 546 } 547 static int dasync_rsa_finish(RSA *rsa) 548 { 549 return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa); 550 } 551 552 /* Cipher helper functions */ 553 554 static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, 555 void *ptr, int aeadcapable) 556 { 557 int ret; 558 struct dasync_pipeline_ctx *pipe_ctx = 559 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 560 561 if (pipe_ctx == NULL) 562 return 0; 563 564 switch (type) { 565 case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: 566 pipe_ctx->numpipes = arg; 567 pipe_ctx->outbufs = (unsigned char **)ptr; 568 break; 569 570 case EVP_CTRL_SET_PIPELINE_INPUT_BUFS: 571 pipe_ctx->numpipes = arg; 572 pipe_ctx->inbufs = (unsigned char **)ptr; 573 break; 574 575 case EVP_CTRL_SET_PIPELINE_INPUT_LENS: 576 pipe_ctx->numpipes = arg; 577 pipe_ctx->lens = (size_t *)ptr; 578 break; 579 580 case EVP_CTRL_AEAD_SET_MAC_KEY: 581 if (!aeadcapable) 582 return -1; 583 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 584 ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1()) 585 (ctx, type, arg, ptr); 586 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 587 return ret; 588 589 case EVP_CTRL_AEAD_TLS1_AAD: 590 { 591 unsigned char *p = ptr; 592 unsigned int len; 593 594 if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN) 595 return -1; 596 597 if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES) 598 return -1; 599 600 memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr, 601 EVP_AEAD_TLS1_AAD_LEN); 602 pipe_ctx->aadctr++; 603 604 len = p[arg - 2] << 8 | p[arg - 1]; 605 606 if (pipe_ctx->enc) { 607 if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { 608 if (len < AES_BLOCK_SIZE) 609 return 0; 610 len -= AES_BLOCK_SIZE; 611 } 612 613 return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) 614 & -AES_BLOCK_SIZE) - len; 615 } else { 616 return SHA_DIGEST_LENGTH; 617 } 618 } 619 620 default: 621 return 0; 622 } 623 624 return 1; 625 } 626 627 static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx, 628 const unsigned char *key, 629 const unsigned char *iv, int enc, 630 const EVP_CIPHER *cipher) 631 { 632 int ret; 633 struct dasync_pipeline_ctx *pipe_ctx = 634 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 635 636 if (pipe_ctx->inner_cipher_data == NULL 637 && EVP_CIPHER_impl_ctx_size(cipher) != 0) { 638 pipe_ctx->inner_cipher_data = OPENSSL_zalloc( 639 EVP_CIPHER_impl_ctx_size(cipher)); 640 if (pipe_ctx->inner_cipher_data == NULL) { 641 DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 642 ERR_R_MALLOC_FAILURE); 643 return 0; 644 } 645 } 646 647 pipe_ctx->numpipes = 0; 648 pipe_ctx->aadctr = 0; 649 650 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 651 ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc); 652 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 653 654 return ret; 655 } 656 657 static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out, 658 const unsigned char *in, size_t inl, 659 const EVP_CIPHER *cipher) 660 { 661 int ret = 1; 662 unsigned int i, pipes; 663 struct dasync_pipeline_ctx *pipe_ctx = 664 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 665 666 pipes = pipe_ctx->numpipes; 667 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 668 if (pipes == 0) { 669 if (pipe_ctx->aadctr != 0) { 670 if (pipe_ctx->aadctr != 1) 671 return -1; 672 EVP_CIPHER_meth_get_ctrl(cipher) 673 (ctx, EVP_CTRL_AEAD_TLS1_AAD, 674 EVP_AEAD_TLS1_AAD_LEN, 675 pipe_ctx->tlsaad[0]); 676 } 677 ret = EVP_CIPHER_meth_get_do_cipher(cipher) 678 (ctx, out, in, inl); 679 } else { 680 if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes) 681 return -1; 682 for (i = 0; i < pipes; i++) { 683 if (pipe_ctx->aadctr > 0) { 684 EVP_CIPHER_meth_get_ctrl(cipher) 685 (ctx, EVP_CTRL_AEAD_TLS1_AAD, 686 EVP_AEAD_TLS1_AAD_LEN, 687 pipe_ctx->tlsaad[i]); 688 } 689 ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher) 690 (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i], 691 pipe_ctx->lens[i]); 692 } 693 pipe_ctx->numpipes = 0; 694 } 695 pipe_ctx->aadctr = 0; 696 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 697 return ret; 698 } 699 700 static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx, 701 const EVP_CIPHER *cipher) 702 { 703 struct dasync_pipeline_ctx *pipe_ctx = 704 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 705 706 OPENSSL_clear_free(pipe_ctx->inner_cipher_data, 707 EVP_CIPHER_impl_ctx_size(cipher)); 708 709 return 1; 710 } 711 712 /* 713 * AES128 CBC Implementation 714 */ 715 716 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 717 void *ptr) 718 { 719 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0); 720 } 721 722 static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 723 const unsigned char *iv, int enc) 724 { 725 return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc()); 726 } 727 728 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 729 const unsigned char *in, size_t inl) 730 { 731 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc()); 732 } 733 734 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx) 735 { 736 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc()); 737 } 738 739 740 /* 741 * AES128 CBC HMAC SHA1 Implementation 742 */ 743 744 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 745 int arg, void *ptr) 746 { 747 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1); 748 } 749 750 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 751 const unsigned char *key, 752 const unsigned char *iv, 753 int enc) 754 { 755 return dasync_cipher_init_key_helper(ctx, key, iv, enc, 756 EVP_aes_128_cbc_hmac_sha1()); 757 } 758 759 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 760 unsigned char *out, 761 const unsigned char *in, 762 size_t inl) 763 { 764 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1()); 765 } 766 767 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) 768 { 769 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); 770 } 771