1 /* 2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some engine deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 /* 14 * SHA-1 low level APIs are deprecated for public use, but still ok for 15 * internal use. Note, that due to symbols not being exported, only the 16 * #defines and structures can be accessed, in this case SHA_CBLOCK and 17 * sizeof(SHA_CTX). 18 */ 19 #include "internal/deprecated.h" 20 21 #include <openssl/opensslconf.h> 22 #if defined(_WIN32) 23 # include <windows.h> 24 #endif 25 26 #include <stdio.h> 27 #include <string.h> 28 29 #include <openssl/engine.h> 30 #include <openssl/sha.h> 31 #include <openssl/aes.h> 32 #include <openssl/rsa.h> 33 #include <openssl/evp.h> 34 #include <openssl/async.h> 35 #include <openssl/bn.h> 36 #include <openssl/crypto.h> 37 #include <openssl/ssl.h> 38 #include <openssl/modes.h> 39 40 #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS) 41 # undef ASYNC_POSIX 42 # define ASYNC_POSIX 43 # include <unistd.h> 44 #elif defined(_WIN32) 45 # undef ASYNC_WIN 46 # define ASYNC_WIN 47 #endif 48 49 #include "e_dasync_err.c" 50 51 /* Engine Id and Name */ 52 static const char *engine_dasync_id = "dasync"; 53 static const char *engine_dasync_name = "Dummy Async engine support"; 54 55 56 /* Engine Lifetime functions */ 57 static int dasync_destroy(ENGINE *e); 58 static int dasync_init(ENGINE *e); 59 static int dasync_finish(ENGINE *e); 60 void engine_load_dasync_int(void); 61 62 63 /* Set up digests. Just SHA1 for now */ 64 static int dasync_digests(ENGINE *e, const EVP_MD **digest, 65 const int **nids, int nid); 66 67 static void dummy_pause_job(void); 68 69 /* SHA1 */ 70 static int dasync_sha1_init(EVP_MD_CTX *ctx); 71 static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 72 size_t count); 73 static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); 74 75 /* 76 * Holds the EVP_MD object for sha1 in this engine. Set up once only during 77 * engine bind and can then be reused many times. 78 */ 79 static EVP_MD *_hidden_sha1_md = NULL; 80 static const EVP_MD *dasync_sha1(void) 81 { 82 return _hidden_sha1_md; 83 } 84 static void destroy_digests(void) 85 { 86 EVP_MD_meth_free(_hidden_sha1_md); 87 _hidden_sha1_md = NULL; 88 } 89 90 static int dasync_digest_nids(const int **nids) 91 { 92 static int digest_nids[2] = { 0, 0 }; 93 static int pos = 0; 94 static int init = 0; 95 96 if (!init) { 97 const EVP_MD *md; 98 if ((md = dasync_sha1()) != NULL) 99 digest_nids[pos++] = EVP_MD_get_type(md); 100 digest_nids[pos] = 0; 101 init = 1; 102 } 103 *nids = digest_nids; 104 return pos; 105 } 106 107 /* RSA */ 108 static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, 109 const int **pnids, int nid); 110 111 static int dasync_rsa_init(EVP_PKEY_CTX *ctx); 112 static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx); 113 static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx); 114 static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 115 static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx); 116 static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 117 static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx); 118 static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 119 size_t *outlen, const unsigned char *in, 120 size_t inlen); 121 static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx); 122 static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 123 size_t *outlen, const unsigned char *in, 124 size_t inlen); 125 static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 126 static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, 127 const char *value); 128 129 static EVP_PKEY_METHOD *dasync_rsa; 130 static const EVP_PKEY_METHOD *dasync_rsa_orig; 131 132 /* AES */ 133 134 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 135 void *ptr); 136 static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 137 const unsigned char *iv, int enc); 138 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 139 const unsigned char *in, size_t inl); 140 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx); 141 142 static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 143 void *ptr); 144 static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 145 const unsigned char *iv, int enc); 146 static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 147 const unsigned char *in, size_t inl); 148 static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx); 149 150 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 151 int arg, void *ptr); 152 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 153 const unsigned char *key, 154 const unsigned char *iv, 155 int enc); 156 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 157 unsigned char *out, 158 const unsigned char *in, 159 size_t inl); 160 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx); 161 162 struct dasync_pipeline_ctx { 163 void *inner_cipher_data; 164 unsigned int numpipes; 165 unsigned char **inbufs; 166 unsigned char **outbufs; 167 size_t *lens; 168 unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; 169 unsigned int aadctr; 170 }; 171 172 /* 173 * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only 174 * during engine bind and can then be reused many times. 175 */ 176 static EVP_CIPHER *_hidden_aes_128_cbc = NULL; 177 static const EVP_CIPHER *dasync_aes_128_cbc(void) 178 { 179 return _hidden_aes_128_cbc; 180 } 181 182 static EVP_CIPHER *_hidden_aes_256_ctr = NULL; 183 static const EVP_CIPHER *dasync_aes_256_ctr(void) 184 { 185 return _hidden_aes_256_ctr; 186 } 187 188 /* 189 * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up 190 * once only during engine bind and can then be reused many times. 191 * 192 * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher, 193 * which is implemented only if the AES-NI instruction set extension is available 194 * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not 195 * be available either. 196 * 197 * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which 198 * negotiate the encrypt-then-mac extension) won't negotiate it anyway. 199 */ 200 static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; 201 static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void) 202 { 203 return _hidden_aes_128_cbc_hmac_sha1; 204 } 205 206 static void destroy_ciphers(void) 207 { 208 EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 209 EVP_CIPHER_meth_free(_hidden_aes_256_ctr); 210 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 211 _hidden_aes_128_cbc = NULL; 212 _hidden_aes_256_ctr = NULL; 213 _hidden_aes_128_cbc_hmac_sha1 = NULL; 214 } 215 216 static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 217 const int **nids, int nid); 218 219 static int dasync_cipher_nids[] = { 220 NID_aes_128_cbc, 221 NID_aes_256_ctr, 222 NID_aes_128_cbc_hmac_sha1, 223 0 224 }; 225 226 static int bind_dasync(ENGINE *e) 227 { 228 /* Setup RSA */ 229 if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL 230 || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 231 EVP_PKEY_FLAG_AUTOARGLEN)) == NULL) 232 return 0; 233 EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init); 234 EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup); 235 EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init, 236 dasync_rsa_paramgen); 237 EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init, 238 dasync_rsa_keygen); 239 EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init, 240 dasync_rsa_encrypt); 241 EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init, 242 dasync_rsa_decrypt); 243 EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl, 244 dasync_rsa_ctrl_str); 245 246 /* Ensure the dasync error handling is set up */ 247 ERR_load_DASYNC_strings(); 248 249 if (!ENGINE_set_id(e, engine_dasync_id) 250 || !ENGINE_set_name(e, engine_dasync_name) 251 || !ENGINE_set_pkey_meths(e, dasync_pkey) 252 || !ENGINE_set_digests(e, dasync_digests) 253 || !ENGINE_set_ciphers(e, dasync_ciphers) 254 || !ENGINE_set_destroy_function(e, dasync_destroy) 255 || !ENGINE_set_init_function(e, dasync_init) 256 || !ENGINE_set_finish_function(e, dasync_finish)) { 257 DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); 258 return 0; 259 } 260 261 /* 262 * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests 263 * supplied by this engine 264 */ 265 _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption); 266 if (_hidden_sha1_md == NULL 267 || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH) 268 || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK) 269 || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, 270 sizeof(EVP_MD *) + sizeof(SHA_CTX)) 271 || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT) 272 || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init) 273 || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update) 274 || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) { 275 EVP_MD_meth_free(_hidden_sha1_md); 276 _hidden_sha1_md = NULL; 277 } 278 279 _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, 280 16 /* block size */, 281 16 /* key len */); 282 if (_hidden_aes_128_cbc == NULL 283 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) 284 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, 285 EVP_CIPH_FLAG_DEFAULT_ASN1 286 | EVP_CIPH_CBC_MODE 287 | EVP_CIPH_FLAG_PIPELINE 288 | EVP_CIPH_CUSTOM_COPY) 289 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, 290 dasync_aes128_init_key) 291 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, 292 dasync_aes128_cbc_cipher) 293 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, 294 dasync_aes128_cbc_cleanup) 295 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, 296 dasync_aes128_cbc_ctrl) 297 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, 298 sizeof(struct dasync_pipeline_ctx))) { 299 EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 300 _hidden_aes_128_cbc = NULL; 301 } 302 303 _hidden_aes_256_ctr = EVP_CIPHER_meth_new(NID_aes_256_ctr, 304 1 /* block size */, 305 32 /* key len */); 306 if (_hidden_aes_256_ctr == NULL 307 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr,16) 308 || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr, 309 EVP_CIPH_FLAG_DEFAULT_ASN1 310 | EVP_CIPH_CTR_MODE 311 | EVP_CIPH_FLAG_PIPELINE 312 | EVP_CIPH_CUSTOM_COPY) 313 || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr, 314 dasync_aes256_init_key) 315 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr, 316 dasync_aes256_ctr_cipher) 317 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr, 318 dasync_aes256_ctr_cleanup) 319 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr, 320 dasync_aes256_ctr_ctrl) 321 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr, 322 sizeof(struct dasync_pipeline_ctx))) { 323 EVP_CIPHER_meth_free(_hidden_aes_256_ctr); 324 _hidden_aes_256_ctr = NULL; 325 } 326 327 _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( 328 NID_aes_128_cbc_hmac_sha1, 329 16 /* block size */, 330 16 /* key len */); 331 if (_hidden_aes_128_cbc_hmac_sha1 == NULL 332 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) 333 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, 334 EVP_CIPH_CBC_MODE 335 | EVP_CIPH_FLAG_DEFAULT_ASN1 336 | EVP_CIPH_FLAG_AEAD_CIPHER 337 | EVP_CIPH_FLAG_PIPELINE 338 | EVP_CIPH_CUSTOM_COPY) 339 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, 340 dasync_aes128_cbc_hmac_sha1_init_key) 341 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, 342 dasync_aes128_cbc_hmac_sha1_cipher) 343 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, 344 dasync_aes128_cbc_hmac_sha1_cleanup) 345 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, 346 dasync_aes128_cbc_hmac_sha1_ctrl) 347 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, 348 sizeof(struct dasync_pipeline_ctx))) { 349 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 350 _hidden_aes_128_cbc_hmac_sha1 = NULL; 351 } 352 353 return 1; 354 } 355 356 static void destroy_pkey(void) 357 { 358 /* 359 * We don't actually need to free the dasync_rsa method since this is 360 * automatically freed for us by libcrypto. 361 */ 362 dasync_rsa_orig = NULL; 363 dasync_rsa = NULL; 364 } 365 366 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 367 static int bind_helper(ENGINE *e, const char *id) 368 { 369 if (id && (strcmp(id, engine_dasync_id) != 0)) 370 return 0; 371 if (!bind_dasync(e)) 372 return 0; 373 return 1; 374 } 375 376 IMPLEMENT_DYNAMIC_CHECK_FN() 377 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) 378 # endif 379 380 static ENGINE *engine_dasync(void) 381 { 382 ENGINE *ret = ENGINE_new(); 383 if (!ret) 384 return NULL; 385 if (!bind_dasync(ret)) { 386 ENGINE_free(ret); 387 return NULL; 388 } 389 return ret; 390 } 391 392 void engine_load_dasync_int(void) 393 { 394 ENGINE *toadd = engine_dasync(); 395 if (!toadd) 396 return; 397 ERR_set_mark(); 398 ENGINE_add(toadd); 399 /* 400 * If the "add" worked, it gets a structural reference. So either way, we 401 * release our just-created reference. 402 */ 403 ENGINE_free(toadd); 404 /* 405 * If the "add" didn't work, it was probably a conflict because it was 406 * already added (eg. someone calling ENGINE_load_blah then calling 407 * ENGINE_load_builtin_engines() perhaps). 408 */ 409 ERR_pop_to_mark(); 410 } 411 412 static int dasync_init(ENGINE *e) 413 { 414 return 1; 415 } 416 417 418 static int dasync_finish(ENGINE *e) 419 { 420 return 1; 421 } 422 423 424 static int dasync_destroy(ENGINE *e) 425 { 426 destroy_digests(); 427 destroy_ciphers(); 428 destroy_pkey(); 429 ERR_unload_DASYNC_strings(); 430 return 1; 431 } 432 433 static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, 434 const int **pnids, int nid) 435 { 436 static const int rnid = EVP_PKEY_RSA; 437 438 if (pmeth == NULL) { 439 *pnids = &rnid; 440 return 1; 441 } 442 443 if (nid == EVP_PKEY_RSA) { 444 *pmeth = dasync_rsa; 445 return 1; 446 } 447 448 *pmeth = NULL; 449 return 0; 450 } 451 452 static int dasync_digests(ENGINE *e, const EVP_MD **digest, 453 const int **nids, int nid) 454 { 455 int ok = 1; 456 if (!digest) { 457 /* We are returning a list of supported nids */ 458 return dasync_digest_nids(nids); 459 } 460 /* We are being asked for a specific digest */ 461 switch (nid) { 462 case NID_sha1: 463 *digest = dasync_sha1(); 464 break; 465 default: 466 ok = 0; 467 *digest = NULL; 468 break; 469 } 470 return ok; 471 } 472 473 static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 474 const int **nids, int nid) 475 { 476 int ok = 1; 477 if (cipher == NULL) { 478 /* We are returning a list of supported nids */ 479 *nids = dasync_cipher_nids; 480 return (sizeof(dasync_cipher_nids) - 481 1) / sizeof(dasync_cipher_nids[0]); 482 } 483 /* We are being asked for a specific cipher */ 484 switch (nid) { 485 case NID_aes_128_cbc: 486 *cipher = dasync_aes_128_cbc(); 487 break; 488 case NID_aes_256_ctr: 489 *cipher = dasync_aes_256_ctr(); 490 break; 491 case NID_aes_128_cbc_hmac_sha1: 492 *cipher = dasync_aes_128_cbc_hmac_sha1(); 493 break; 494 default: 495 ok = 0; 496 *cipher = NULL; 497 break; 498 } 499 return ok; 500 } 501 502 static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, 503 OSSL_ASYNC_FD readfd, void *pvwritefd) 504 { 505 OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd; 506 #if defined(ASYNC_WIN) 507 CloseHandle(readfd); 508 CloseHandle(*pwritefd); 509 #elif defined(ASYNC_POSIX) 510 close(readfd); 511 close(*pwritefd); 512 #endif 513 OPENSSL_free(pwritefd); 514 } 515 516 #define DUMMY_CHAR 'X' 517 518 static void dummy_pause_job(void) { 519 ASYNC_JOB *job; 520 ASYNC_WAIT_CTX *waitctx; 521 ASYNC_callback_fn callback; 522 void *callback_arg; 523 OSSL_ASYNC_FD pipefds[2] = {0, 0}; 524 OSSL_ASYNC_FD *writefd; 525 #if defined(ASYNC_WIN) 526 DWORD numwritten, numread; 527 char buf = DUMMY_CHAR; 528 #elif defined(ASYNC_POSIX) 529 char buf = DUMMY_CHAR; 530 #endif 531 532 if ((job = ASYNC_get_current_job()) == NULL) 533 return; 534 535 waitctx = ASYNC_get_wait_ctx(job); 536 537 if (ASYNC_WAIT_CTX_get_callback(waitctx, &callback, &callback_arg) && callback != NULL) { 538 /* 539 * In the Dummy async engine we are cheating. We call the callback that the job 540 * is complete before the call to ASYNC_pause_job(). A real 541 * async engine would only call the callback when the job was actually complete 542 */ 543 (*callback)(callback_arg); 544 ASYNC_pause_job(); 545 return; 546 } 547 548 549 if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0], 550 (void **)&writefd)) { 551 pipefds[1] = *writefd; 552 } else { 553 writefd = OPENSSL_malloc(sizeof(*writefd)); 554 if (writefd == NULL) 555 return; 556 #if defined(ASYNC_WIN) 557 if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) { 558 OPENSSL_free(writefd); 559 return; 560 } 561 #elif defined(ASYNC_POSIX) 562 if (pipe(pipefds) != 0) { 563 OPENSSL_free(writefd); 564 return; 565 } 566 #endif 567 *writefd = pipefds[1]; 568 569 if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], 570 writefd, wait_cleanup)) { 571 wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); 572 return; 573 } 574 } 575 /* 576 * In the Dummy async engine we are cheating. We signal that the job 577 * is complete by waking it before the call to ASYNC_pause_job(). A real 578 * async engine would only wake when the job was actually complete 579 */ 580 #if defined(ASYNC_WIN) 581 WriteFile(pipefds[1], &buf, 1, &numwritten, NULL); 582 #elif defined(ASYNC_POSIX) 583 if (write(pipefds[1], &buf, 1) < 0) 584 return; 585 #endif 586 587 /* Ignore errors - we carry on anyway */ 588 ASYNC_pause_job(); 589 590 /* Clear the wake signal */ 591 #if defined(ASYNC_WIN) 592 ReadFile(pipefds[0], &buf, 1, &numread, NULL); 593 #elif defined(ASYNC_POSIX) 594 if (read(pipefds[0], &buf, 1) < 0) 595 return; 596 #endif 597 } 598 599 /* 600 * SHA1 implementation. At the moment we just defer to the standard 601 * implementation 602 */ 603 static int dasync_sha1_init(EVP_MD_CTX *ctx) 604 { 605 dummy_pause_job(); 606 607 return EVP_MD_meth_get_init(EVP_sha1())(ctx); 608 } 609 610 static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 611 size_t count) 612 { 613 dummy_pause_job(); 614 615 return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count); 616 } 617 618 static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) 619 { 620 dummy_pause_job(); 621 622 return EVP_MD_meth_get_final(EVP_sha1())(ctx, md); 623 } 624 625 /* Cipher helper functions */ 626 627 static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, 628 void *ptr, int aeadcapable, 629 const EVP_CIPHER *ciph) 630 { 631 int ret; 632 struct dasync_pipeline_ctx *pipe_ctx = 633 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 634 635 if (pipe_ctx == NULL) 636 return 0; 637 638 switch (type) { 639 case EVP_CTRL_COPY: 640 { 641 size_t sz = EVP_CIPHER_impl_ctx_size(ciph); 642 void *inner_cipher_data = OPENSSL_malloc(sz); 643 644 if (inner_cipher_data == NULL) 645 return -1; 646 memcpy(inner_cipher_data, pipe_ctx->inner_cipher_data, sz); 647 pipe_ctx->inner_cipher_data = inner_cipher_data; 648 } 649 break; 650 651 case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: 652 pipe_ctx->numpipes = arg; 653 pipe_ctx->outbufs = (unsigned char **)ptr; 654 break; 655 656 case EVP_CTRL_SET_PIPELINE_INPUT_BUFS: 657 pipe_ctx->numpipes = arg; 658 pipe_ctx->inbufs = (unsigned char **)ptr; 659 break; 660 661 case EVP_CTRL_SET_PIPELINE_INPUT_LENS: 662 pipe_ctx->numpipes = arg; 663 pipe_ctx->lens = (size_t *)ptr; 664 break; 665 666 case EVP_CTRL_AEAD_SET_MAC_KEY: 667 if (!aeadcapable) 668 return -1; 669 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 670 ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1()) 671 (ctx, type, arg, ptr); 672 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 673 return ret; 674 675 case EVP_CTRL_AEAD_TLS1_AAD: 676 { 677 unsigned char *p = ptr; 678 unsigned int len; 679 680 if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN) 681 return -1; 682 683 if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES) 684 return -1; 685 686 memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr, 687 EVP_AEAD_TLS1_AAD_LEN); 688 pipe_ctx->aadctr++; 689 690 len = p[arg - 2] << 8 | p[arg - 1]; 691 692 if (EVP_CIPHER_CTX_is_encrypting(ctx)) { 693 if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { 694 if (len < AES_BLOCK_SIZE) 695 return 0; 696 len -= AES_BLOCK_SIZE; 697 } 698 699 return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) 700 & -AES_BLOCK_SIZE) - len; 701 } else { 702 return SHA_DIGEST_LENGTH; 703 } 704 } 705 706 default: 707 return 0; 708 } 709 710 return 1; 711 } 712 713 static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx, 714 const unsigned char *key, 715 const unsigned char *iv, int enc, 716 const EVP_CIPHER *cipher) 717 { 718 int ret; 719 struct dasync_pipeline_ctx *pipe_ctx = 720 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 721 722 if (pipe_ctx->inner_cipher_data == NULL 723 && EVP_CIPHER_impl_ctx_size(cipher) != 0) { 724 pipe_ctx->inner_cipher_data = OPENSSL_zalloc( 725 EVP_CIPHER_impl_ctx_size(cipher)); 726 if (pipe_ctx->inner_cipher_data == NULL) 727 return 0; 728 } 729 730 pipe_ctx->numpipes = 0; 731 pipe_ctx->aadctr = 0; 732 733 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 734 ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc); 735 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 736 737 return ret; 738 } 739 740 static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out, 741 const unsigned char *in, size_t inl, 742 const EVP_CIPHER *cipher) 743 { 744 int ret = 1; 745 unsigned int i, pipes; 746 struct dasync_pipeline_ctx *pipe_ctx = 747 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 748 749 pipes = pipe_ctx->numpipes; 750 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 751 if (pipes == 0) { 752 if (pipe_ctx->aadctr != 0) { 753 if (pipe_ctx->aadctr != 1) 754 return -1; 755 EVP_CIPHER_meth_get_ctrl(cipher) 756 (ctx, EVP_CTRL_AEAD_TLS1_AAD, 757 EVP_AEAD_TLS1_AAD_LEN, 758 pipe_ctx->tlsaad[0]); 759 } 760 ret = EVP_CIPHER_meth_get_do_cipher(cipher) 761 (ctx, out, in, inl); 762 } else { 763 if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes) 764 return -1; 765 for (i = 0; i < pipes; i++) { 766 if (pipe_ctx->aadctr > 0) { 767 EVP_CIPHER_meth_get_ctrl(cipher) 768 (ctx, EVP_CTRL_AEAD_TLS1_AAD, 769 EVP_AEAD_TLS1_AAD_LEN, 770 pipe_ctx->tlsaad[i]); 771 } 772 ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher) 773 (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i], 774 pipe_ctx->lens[i]); 775 } 776 pipe_ctx->numpipes = 0; 777 } 778 pipe_ctx->aadctr = 0; 779 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 780 return ret; 781 } 782 783 static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx, 784 const EVP_CIPHER *cipher) 785 { 786 struct dasync_pipeline_ctx *pipe_ctx = 787 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 788 789 OPENSSL_clear_free(pipe_ctx->inner_cipher_data, 790 EVP_CIPHER_impl_ctx_size(cipher)); 791 792 return 1; 793 } 794 795 /* 796 * AES128 CBC Implementation 797 */ 798 799 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 800 void *ptr) 801 { 802 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_128_cbc()); 803 } 804 805 static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 806 const unsigned char *iv, int enc) 807 { 808 return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc()); 809 } 810 811 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 812 const unsigned char *in, size_t inl) 813 { 814 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc()); 815 } 816 817 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx) 818 { 819 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc()); 820 } 821 822 static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 823 void *ptr) 824 { 825 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_256_ctr()); 826 } 827 828 static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 829 const unsigned char *iv, int enc) 830 { 831 return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_256_ctr()); 832 } 833 834 static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 835 const unsigned char *in, size_t inl) 836 { 837 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_256_ctr()); 838 } 839 840 static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx) 841 { 842 return dasync_cipher_cleanup_helper(ctx, EVP_aes_256_ctr()); 843 } 844 845 846 /* 847 * AES128 CBC HMAC SHA1 Implementation 848 */ 849 850 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 851 int arg, void *ptr) 852 { 853 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1, EVP_aes_128_cbc_hmac_sha1()); 854 } 855 856 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 857 const unsigned char *key, 858 const unsigned char *iv, 859 int enc) 860 { 861 /* 862 * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, 863 * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). 864 */ 865 return dasync_cipher_init_key_helper(ctx, key, iv, enc, 866 EVP_aes_128_cbc_hmac_sha1()); 867 } 868 869 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 870 unsigned char *out, 871 const unsigned char *in, 872 size_t inl) 873 { 874 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1()); 875 } 876 877 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) 878 { 879 /* 880 * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, 881 * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). 882 */ 883 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); 884 } 885 886 887 /* 888 * RSA implementation 889 */ 890 static int dasync_rsa_init(EVP_PKEY_CTX *ctx) 891 { 892 static int (*pinit)(EVP_PKEY_CTX *ctx); 893 894 if (pinit == NULL) 895 EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit); 896 return pinit(ctx); 897 } 898 899 static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx) 900 { 901 static void (*pcleanup)(EVP_PKEY_CTX *ctx); 902 903 if (pcleanup == NULL) 904 EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup); 905 pcleanup(ctx); 906 } 907 908 static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx) 909 { 910 static int (*pparamgen_init)(EVP_PKEY_CTX *ctx); 911 912 if (pparamgen_init == NULL) 913 EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL); 914 return pparamgen_init != NULL ? pparamgen_init(ctx) : 1; 915 } 916 917 static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 918 { 919 static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey); 920 921 if (pparamgen == NULL) 922 EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen); 923 return pparamgen != NULL ? pparamgen(ctx, pkey) : 1; 924 } 925 926 static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx) 927 { 928 static int (*pkeygen_init)(EVP_PKEY_CTX *ctx); 929 930 if (pkeygen_init == NULL) 931 EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL); 932 return pkeygen_init != NULL ? pkeygen_init(ctx) : 1; 933 } 934 935 static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 936 { 937 static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey); 938 939 if (pkeygen == NULL) 940 EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen); 941 return pkeygen(ctx, pkey); 942 } 943 944 static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx) 945 { 946 static int (*pencrypt_init)(EVP_PKEY_CTX *ctx); 947 948 if (pencrypt_init == NULL) 949 EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL); 950 return pencrypt_init != NULL ? pencrypt_init(ctx) : 1; 951 } 952 953 static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 954 size_t *outlen, const unsigned char *in, 955 size_t inlen) 956 { 957 static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, 958 size_t *outlen, const unsigned char *in, 959 size_t inlen); 960 961 if (pencryptfn == NULL) 962 EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn); 963 return pencryptfn(ctx, out, outlen, in, inlen); 964 } 965 966 static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx) 967 { 968 static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx); 969 970 if (pdecrypt_init == NULL) 971 EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL); 972 return pdecrypt_init != NULL ? pdecrypt_init(ctx) : 1; 973 } 974 975 static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, 976 size_t *outlen, const unsigned char *in, 977 size_t inlen) 978 { 979 static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, 980 size_t *outlen, const unsigned char *in, 981 size_t inlen); 982 983 if (pdecrypt == NULL) 984 EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, NULL, &pdecrypt); 985 return pdecrypt(ctx, out, outlen, in, inlen); 986 } 987 988 static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 989 { 990 static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 991 992 if (pctrl == NULL) 993 EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL); 994 return pctrl(ctx, type, p1, p2); 995 } 996 997 static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, 998 const char *value) 999 { 1000 static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type, 1001 const char *value); 1002 1003 if (pctrl_str == NULL) 1004 EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str); 1005 return pctrl_str(ctx, type, value); 1006 } 1007