VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/engines/e_dasync.c@ 106165

最後變更 在這個檔案從106165是 104078,由 vboxsync 提交於 8 月 前

openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 33.1 KB
 
1/*
2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some engine deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13/*
14 * SHA-1 low level APIs are deprecated for public use, but still ok for
15 * internal use. Note, that due to symbols not being exported, only the
16 * #defines and strucures can be accessed, in this case SHA_CBLOCK and
17 * sizeof(SHA_CTX).
18 */
19#include "internal/deprecated.h"
20
21#include <openssl/opensslconf.h>
22#if defined(_WIN32)
23# include <windows.h>
24#endif
25
26#include <stdio.h>
27#include <string.h>
28
29#include <openssl/engine.h>
30#include <openssl/sha.h>
31#include <openssl/aes.h>
32#include <openssl/rsa.h>
33#include <openssl/evp.h>
34#include <openssl/async.h>
35#include <openssl/bn.h>
36#include <openssl/crypto.h>
37#include <openssl/ssl.h>
38#include <openssl/modes.h>
39
40#if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
41# undef ASYNC_POSIX
42# define ASYNC_POSIX
43# include <unistd.h>
44#elif defined(_WIN32)
45# undef ASYNC_WIN
46# define ASYNC_WIN
47#endif
48
49#include "e_dasync_err.c"
50
51/* Engine Id and Name */
52static const char *engine_dasync_id = "dasync";
53static const char *engine_dasync_name = "Dummy Async engine support";
54
55
56/* Engine Lifetime functions */
57static int dasync_destroy(ENGINE *e);
58static int dasync_init(ENGINE *e);
59static int dasync_finish(ENGINE *e);
60void engine_load_dasync_int(void);
61
62
63/* Set up digests. Just SHA1 for now */
64static int dasync_digests(ENGINE *e, const EVP_MD **digest,
65 const int **nids, int nid);
66
67static void dummy_pause_job(void);
68
69/* SHA1 */
70static int dasync_sha1_init(EVP_MD_CTX *ctx);
71static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
72 size_t count);
73static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
74
75/*
76 * Holds the EVP_MD object for sha1 in this engine. Set up once only during
77 * engine bind and can then be reused many times.
78 */
79static EVP_MD *_hidden_sha1_md = NULL;
80static const EVP_MD *dasync_sha1(void)
81{
82 return _hidden_sha1_md;
83}
84static void destroy_digests(void)
85{
86 EVP_MD_meth_free(_hidden_sha1_md);
87 _hidden_sha1_md = NULL;
88}
89
90static int dasync_digest_nids(const int **nids)
91{
92 static int digest_nids[2] = { 0, 0 };
93 static int pos = 0;
94 static int init = 0;
95
96 if (!init) {
97 const EVP_MD *md;
98 if ((md = dasync_sha1()) != NULL)
99 digest_nids[pos++] = EVP_MD_get_type(md);
100 digest_nids[pos] = 0;
101 init = 1;
102 }
103 *nids = digest_nids;
104 return pos;
105}
106
107/* RSA */
108static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
109 const int **pnids, int nid);
110
111static int dasync_rsa_init(EVP_PKEY_CTX *ctx);
112static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx);
113static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx);
114static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
115static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx);
116static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
117static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx);
118static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
119 size_t *outlen, const unsigned char *in,
120 size_t inlen);
121static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx);
122static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
123 size_t *outlen, const unsigned char *in,
124 size_t inlen);
125static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
126static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
127 const char *value);
128
129static EVP_PKEY_METHOD *dasync_rsa;
130static const EVP_PKEY_METHOD *dasync_rsa_orig;
131
132/* AES */
133
134static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
135 void *ptr);
136static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
137 const unsigned char *iv, int enc);
138static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
139 const unsigned char *in, size_t inl);
140static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
141
142static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
143 void *ptr);
144static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
145 const unsigned char *iv, int enc);
146static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
147 const unsigned char *in, size_t inl);
148static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx);
149
150static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
151 int arg, void *ptr);
152static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
153 const unsigned char *key,
154 const unsigned char *iv,
155 int enc);
156static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
157 unsigned char *out,
158 const unsigned char *in,
159 size_t inl);
160static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
161
162struct dasync_pipeline_ctx {
163 void *inner_cipher_data;
164 unsigned int numpipes;
165 unsigned char **inbufs;
166 unsigned char **outbufs;
167 size_t *lens;
168 unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
169 unsigned int aadctr;
170};
171
172/*
173 * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
174 * during engine bind and can then be reused many times.
175 */
176static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
177static const EVP_CIPHER *dasync_aes_128_cbc(void)
178{
179 return _hidden_aes_128_cbc;
180}
181
182static EVP_CIPHER *_hidden_aes_256_ctr = NULL;
183static const EVP_CIPHER *dasync_aes_256_ctr(void)
184{
185 return _hidden_aes_256_ctr;
186}
187
188/*
189 * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
190 * once only during engine bind and can then be reused many times.
191 *
192 * This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
193 * which is implemented only if the AES-NI instruction set extension is available
194 * (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
195 * be available either.
196 *
197 * Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
198 * negotiate the encrypt-then-mac extension) won't negotiate it anyway.
199 */
200static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
201static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
202{
203 return _hidden_aes_128_cbc_hmac_sha1;
204}
205
206static void destroy_ciphers(void)
207{
208 EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
209 EVP_CIPHER_meth_free(_hidden_aes_256_ctr);
210 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
211 _hidden_aes_128_cbc = NULL;
212 _hidden_aes_256_ctr = NULL;
213 _hidden_aes_128_cbc_hmac_sha1 = NULL;
214}
215
216static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
217 const int **nids, int nid);
218
219static int dasync_cipher_nids[] = {
220 NID_aes_128_cbc,
221 NID_aes_256_ctr,
222 NID_aes_128_cbc_hmac_sha1,
223 0
224};
225
226static int bind_dasync(ENGINE *e)
227{
228 /* Setup RSA */
229 ;
230 if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL
231 || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA,
232 EVP_PKEY_FLAG_AUTOARGLEN)) == NULL)
233 return 0;
234 EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init);
235 EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup);
236 EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init,
237 dasync_rsa_paramgen);
238 EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init,
239 dasync_rsa_keygen);
240 EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init,
241 dasync_rsa_encrypt);
242 EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init,
243 dasync_rsa_decrypt);
244 EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl,
245 dasync_rsa_ctrl_str);
246
247 /* Ensure the dasync error handling is set up */
248 ERR_load_DASYNC_strings();
249
250 if (!ENGINE_set_id(e, engine_dasync_id)
251 || !ENGINE_set_name(e, engine_dasync_name)
252 || !ENGINE_set_pkey_meths(e, dasync_pkey)
253 || !ENGINE_set_digests(e, dasync_digests)
254 || !ENGINE_set_ciphers(e, dasync_ciphers)
255 || !ENGINE_set_destroy_function(e, dasync_destroy)
256 || !ENGINE_set_init_function(e, dasync_init)
257 || !ENGINE_set_finish_function(e, dasync_finish)) {
258 DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
259 return 0;
260 }
261
262 /*
263 * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
264 * supplied by this engine
265 */
266 _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
267 if (_hidden_sha1_md == NULL
268 || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
269 || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
270 || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
271 sizeof(EVP_MD *) + sizeof(SHA_CTX))
272 || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
273 || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
274 || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
275 || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
276 EVP_MD_meth_free(_hidden_sha1_md);
277 _hidden_sha1_md = NULL;
278 }
279
280 _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
281 16 /* block size */,
282 16 /* key len */);
283 if (_hidden_aes_128_cbc == NULL
284 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
285 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
286 EVP_CIPH_FLAG_DEFAULT_ASN1
287 | EVP_CIPH_CBC_MODE
288 | EVP_CIPH_FLAG_PIPELINE
289 | EVP_CIPH_CUSTOM_COPY)
290 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
291 dasync_aes128_init_key)
292 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
293 dasync_aes128_cbc_cipher)
294 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
295 dasync_aes128_cbc_cleanup)
296 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
297 dasync_aes128_cbc_ctrl)
298 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
299 sizeof(struct dasync_pipeline_ctx))) {
300 EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
301 _hidden_aes_128_cbc = NULL;
302 }
303
304 _hidden_aes_256_ctr = EVP_CIPHER_meth_new(NID_aes_256_ctr,
305 1 /* block size */,
306 32 /* key len */);
307 if (_hidden_aes_256_ctr == NULL
308 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr,16)
309 || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr,
310 EVP_CIPH_FLAG_DEFAULT_ASN1
311 | EVP_CIPH_CTR_MODE
312 | EVP_CIPH_FLAG_PIPELINE
313 | EVP_CIPH_CUSTOM_COPY)
314 || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr,
315 dasync_aes256_init_key)
316 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr,
317 dasync_aes256_ctr_cipher)
318 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr,
319 dasync_aes256_ctr_cleanup)
320 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr,
321 dasync_aes256_ctr_ctrl)
322 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr,
323 sizeof(struct dasync_pipeline_ctx))) {
324 EVP_CIPHER_meth_free(_hidden_aes_256_ctr);
325 _hidden_aes_256_ctr = NULL;
326 }
327
328 _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
329 NID_aes_128_cbc_hmac_sha1,
330 16 /* block size */,
331 16 /* key len */);
332 if (_hidden_aes_128_cbc_hmac_sha1 == NULL
333 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
334 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
335 EVP_CIPH_CBC_MODE
336 | EVP_CIPH_FLAG_DEFAULT_ASN1
337 | EVP_CIPH_FLAG_AEAD_CIPHER
338 | EVP_CIPH_FLAG_PIPELINE
339 | EVP_CIPH_CUSTOM_COPY)
340 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
341 dasync_aes128_cbc_hmac_sha1_init_key)
342 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
343 dasync_aes128_cbc_hmac_sha1_cipher)
344 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
345 dasync_aes128_cbc_hmac_sha1_cleanup)
346 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
347 dasync_aes128_cbc_hmac_sha1_ctrl)
348 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
349 sizeof(struct dasync_pipeline_ctx))) {
350 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
351 _hidden_aes_128_cbc_hmac_sha1 = NULL;
352 }
353
354 return 1;
355}
356
357static void destroy_pkey(void)
358{
359 /*
360 * We don't actually need to free the dasync_rsa method since this is
361 * automatically freed for us by libcrypto.
362 */
363 dasync_rsa_orig = NULL;
364 dasync_rsa = NULL;
365}
366
367# ifndef OPENSSL_NO_DYNAMIC_ENGINE
368static int bind_helper(ENGINE *e, const char *id)
369{
370 if (id && (strcmp(id, engine_dasync_id) != 0))
371 return 0;
372 if (!bind_dasync(e))
373 return 0;
374 return 1;
375}
376
377IMPLEMENT_DYNAMIC_CHECK_FN()
378 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
379# endif
380
381static ENGINE *engine_dasync(void)
382{
383 ENGINE *ret = ENGINE_new();
384 if (!ret)
385 return NULL;
386 if (!bind_dasync(ret)) {
387 ENGINE_free(ret);
388 return NULL;
389 }
390 return ret;
391}
392
393void engine_load_dasync_int(void)
394{
395 ENGINE *toadd = engine_dasync();
396 if (!toadd)
397 return;
398 ERR_set_mark();
399 ENGINE_add(toadd);
400 /*
401 * If the "add" worked, it gets a structural reference. So either way, we
402 * release our just-created reference.
403 */
404 ENGINE_free(toadd);
405 /*
406 * If the "add" didn't work, it was probably a conflict because it was
407 * already added (eg. someone calling ENGINE_load_blah then calling
408 * ENGINE_load_builtin_engines() perhaps).
409 */
410 ERR_pop_to_mark();
411}
412
413static int dasync_init(ENGINE *e)
414{
415 return 1;
416}
417
418
419static int dasync_finish(ENGINE *e)
420{
421 return 1;
422}
423
424
425static int dasync_destroy(ENGINE *e)
426{
427 destroy_digests();
428 destroy_ciphers();
429 destroy_pkey();
430 ERR_unload_DASYNC_strings();
431 return 1;
432}
433
434static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
435 const int **pnids, int nid)
436{
437 static const int rnid = EVP_PKEY_RSA;
438
439 if (pmeth == NULL) {
440 *pnids = &rnid;
441 return 1;
442 }
443
444 if (nid == EVP_PKEY_RSA) {
445 *pmeth = dasync_rsa;
446 return 1;
447 }
448
449 *pmeth = NULL;
450 return 0;
451}
452
453static int dasync_digests(ENGINE *e, const EVP_MD **digest,
454 const int **nids, int nid)
455{
456 int ok = 1;
457 if (!digest) {
458 /* We are returning a list of supported nids */
459 return dasync_digest_nids(nids);
460 }
461 /* We are being asked for a specific digest */
462 switch (nid) {
463 case NID_sha1:
464 *digest = dasync_sha1();
465 break;
466 default:
467 ok = 0;
468 *digest = NULL;
469 break;
470 }
471 return ok;
472}
473
474static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
475 const int **nids, int nid)
476{
477 int ok = 1;
478 if (cipher == NULL) {
479 /* We are returning a list of supported nids */
480 *nids = dasync_cipher_nids;
481 return (sizeof(dasync_cipher_nids) -
482 1) / sizeof(dasync_cipher_nids[0]);
483 }
484 /* We are being asked for a specific cipher */
485 switch (nid) {
486 case NID_aes_128_cbc:
487 *cipher = dasync_aes_128_cbc();
488 break;
489 case NID_aes_256_ctr:
490 *cipher = dasync_aes_256_ctr();
491 break;
492 case NID_aes_128_cbc_hmac_sha1:
493 *cipher = dasync_aes_128_cbc_hmac_sha1();
494 break;
495 default:
496 ok = 0;
497 *cipher = NULL;
498 break;
499 }
500 return ok;
501}
502
503static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
504 OSSL_ASYNC_FD readfd, void *pvwritefd)
505{
506 OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
507#if defined(ASYNC_WIN)
508 CloseHandle(readfd);
509 CloseHandle(*pwritefd);
510#elif defined(ASYNC_POSIX)
511 close(readfd);
512 close(*pwritefd);
513#endif
514 OPENSSL_free(pwritefd);
515}
516
517#define DUMMY_CHAR 'X'
518
519static void dummy_pause_job(void) {
520 ASYNC_JOB *job;
521 ASYNC_WAIT_CTX *waitctx;
522 ASYNC_callback_fn callback;
523 void * callback_arg;
524 OSSL_ASYNC_FD pipefds[2] = {0, 0};
525 OSSL_ASYNC_FD *writefd;
526#if defined(ASYNC_WIN)
527 DWORD numwritten, numread;
528 char buf = DUMMY_CHAR;
529#elif defined(ASYNC_POSIX)
530 char buf = DUMMY_CHAR;
531#endif
532
533 if ((job = ASYNC_get_current_job()) == NULL)
534 return;
535
536 waitctx = ASYNC_get_wait_ctx(job);
537
538 if (ASYNC_WAIT_CTX_get_callback(waitctx, &callback, &callback_arg) && callback != NULL) {
539 /*
540 * In the Dummy async engine we are cheating. We call the callback that the job
541 * is complete before the call to ASYNC_pause_job(). A real
542 * async engine would only call the callback when the job was actually complete
543 */
544 (*callback)(callback_arg);
545 ASYNC_pause_job();
546 return;
547 }
548
549
550 if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
551 (void **)&writefd)) {
552 pipefds[1] = *writefd;
553 } else {
554 writefd = OPENSSL_malloc(sizeof(*writefd));
555 if (writefd == NULL)
556 return;
557#if defined(ASYNC_WIN)
558 if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
559 OPENSSL_free(writefd);
560 return;
561 }
562#elif defined(ASYNC_POSIX)
563 if (pipe(pipefds) != 0) {
564 OPENSSL_free(writefd);
565 return;
566 }
567#endif
568 *writefd = pipefds[1];
569
570 if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
571 writefd, wait_cleanup)) {
572 wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
573 return;
574 }
575 }
576 /*
577 * In the Dummy async engine we are cheating. We signal that the job
578 * is complete by waking it before the call to ASYNC_pause_job(). A real
579 * async engine would only wake when the job was actually complete
580 */
581#if defined(ASYNC_WIN)
582 WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
583#elif defined(ASYNC_POSIX)
584 if (write(pipefds[1], &buf, 1) < 0)
585 return;
586#endif
587
588 /* Ignore errors - we carry on anyway */
589 ASYNC_pause_job();
590
591 /* Clear the wake signal */
592#if defined(ASYNC_WIN)
593 ReadFile(pipefds[0], &buf, 1, &numread, NULL);
594#elif defined(ASYNC_POSIX)
595 if (read(pipefds[0], &buf, 1) < 0)
596 return;
597#endif
598}
599
600/*
601 * SHA1 implementation. At the moment we just defer to the standard
602 * implementation
603 */
604static int dasync_sha1_init(EVP_MD_CTX *ctx)
605{
606 dummy_pause_job();
607
608 return EVP_MD_meth_get_init(EVP_sha1())(ctx);
609}
610
611static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
612 size_t count)
613{
614 dummy_pause_job();
615
616 return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
617}
618
619static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
620{
621 dummy_pause_job();
622
623 return EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
624}
625
626/* Cipher helper functions */
627
628static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
629 void *ptr, int aeadcapable,
630 const EVP_CIPHER *ciph)
631{
632 int ret;
633 struct dasync_pipeline_ctx *pipe_ctx =
634 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
635
636 if (pipe_ctx == NULL)
637 return 0;
638
639 switch (type) {
640 case EVP_CTRL_COPY:
641 {
642 size_t sz = EVP_CIPHER_impl_ctx_size(ciph);
643 void *inner_cipher_data = OPENSSL_malloc(sz);
644
645 if (inner_cipher_data == NULL)
646 return -1;
647 memcpy(inner_cipher_data, pipe_ctx->inner_cipher_data, sz);
648 pipe_ctx->inner_cipher_data = inner_cipher_data;
649 }
650 break;
651
652 case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
653 pipe_ctx->numpipes = arg;
654 pipe_ctx->outbufs = (unsigned char **)ptr;
655 break;
656
657 case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
658 pipe_ctx->numpipes = arg;
659 pipe_ctx->inbufs = (unsigned char **)ptr;
660 break;
661
662 case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
663 pipe_ctx->numpipes = arg;
664 pipe_ctx->lens = (size_t *)ptr;
665 break;
666
667 case EVP_CTRL_AEAD_SET_MAC_KEY:
668 if (!aeadcapable)
669 return -1;
670 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
671 ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
672 (ctx, type, arg, ptr);
673 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
674 return ret;
675
676 case EVP_CTRL_AEAD_TLS1_AAD:
677 {
678 unsigned char *p = ptr;
679 unsigned int len;
680
681 if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
682 return -1;
683
684 if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
685 return -1;
686
687 memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
688 EVP_AEAD_TLS1_AAD_LEN);
689 pipe_ctx->aadctr++;
690
691 len = p[arg - 2] << 8 | p[arg - 1];
692
693 if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
694 if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
695 if (len < AES_BLOCK_SIZE)
696 return 0;
697 len -= AES_BLOCK_SIZE;
698 }
699
700 return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
701 & -AES_BLOCK_SIZE) - len;
702 } else {
703 return SHA_DIGEST_LENGTH;
704 }
705 }
706
707 default:
708 return 0;
709 }
710
711 return 1;
712}
713
714static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
715 const unsigned char *key,
716 const unsigned char *iv, int enc,
717 const EVP_CIPHER *cipher)
718{
719 int ret;
720 struct dasync_pipeline_ctx *pipe_ctx =
721 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
722
723 if (pipe_ctx->inner_cipher_data == NULL
724 && EVP_CIPHER_impl_ctx_size(cipher) != 0) {
725 pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
726 EVP_CIPHER_impl_ctx_size(cipher));
727 if (pipe_ctx->inner_cipher_data == NULL) {
728 DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER,
729 ERR_R_MALLOC_FAILURE);
730 return 0;
731 }
732 }
733
734 pipe_ctx->numpipes = 0;
735 pipe_ctx->aadctr = 0;
736
737 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
738 ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
739 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
740
741 return ret;
742}
743
744static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
745 const unsigned char *in, size_t inl,
746 const EVP_CIPHER *cipher)
747{
748 int ret = 1;
749 unsigned int i, pipes;
750 struct dasync_pipeline_ctx *pipe_ctx =
751 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
752
753 pipes = pipe_ctx->numpipes;
754 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
755 if (pipes == 0) {
756 if (pipe_ctx->aadctr != 0) {
757 if (pipe_ctx->aadctr != 1)
758 return -1;
759 EVP_CIPHER_meth_get_ctrl(cipher)
760 (ctx, EVP_CTRL_AEAD_TLS1_AAD,
761 EVP_AEAD_TLS1_AAD_LEN,
762 pipe_ctx->tlsaad[0]);
763 }
764 ret = EVP_CIPHER_meth_get_do_cipher(cipher)
765 (ctx, out, in, inl);
766 } else {
767 if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
768 return -1;
769 for (i = 0; i < pipes; i++) {
770 if (pipe_ctx->aadctr > 0) {
771 EVP_CIPHER_meth_get_ctrl(cipher)
772 (ctx, EVP_CTRL_AEAD_TLS1_AAD,
773 EVP_AEAD_TLS1_AAD_LEN,
774 pipe_ctx->tlsaad[i]);
775 }
776 ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
777 (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
778 pipe_ctx->lens[i]);
779 }
780 pipe_ctx->numpipes = 0;
781 }
782 pipe_ctx->aadctr = 0;
783 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
784 return ret;
785}
786
787static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
788 const EVP_CIPHER *cipher)
789{
790 struct dasync_pipeline_ctx *pipe_ctx =
791 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
792
793 OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
794 EVP_CIPHER_impl_ctx_size(cipher));
795
796 return 1;
797}
798
799/*
800 * AES128 CBC Implementation
801 */
802
803static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
804 void *ptr)
805{
806 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_128_cbc());
807}
808
809static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
810 const unsigned char *iv, int enc)
811{
812 return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
813}
814
815static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
816 const unsigned char *in, size_t inl)
817{
818 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
819}
820
821static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
822{
823 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
824}
825
826static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
827 void *ptr)
828{
829 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_256_ctr());
830}
831
832static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
833 const unsigned char *iv, int enc)
834{
835 return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_256_ctr());
836}
837
838static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
839 const unsigned char *in, size_t inl)
840{
841 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_256_ctr());
842}
843
844static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx)
845{
846 return dasync_cipher_cleanup_helper(ctx, EVP_aes_256_ctr());
847}
848
849
850/*
851 * AES128 CBC HMAC SHA1 Implementation
852 */
853
854static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
855 int arg, void *ptr)
856{
857 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1, EVP_aes_128_cbc_hmac_sha1());
858}
859
860static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
861 const unsigned char *key,
862 const unsigned char *iv,
863 int enc)
864{
865 /*
866 * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
867 * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
868 */
869 return dasync_cipher_init_key_helper(ctx, key, iv, enc,
870 EVP_aes_128_cbc_hmac_sha1());
871}
872
873static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
874 unsigned char *out,
875 const unsigned char *in,
876 size_t inl)
877{
878 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
879}
880
881static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
882{
883 /*
884 * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
885 * see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
886 */
887 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
888}
889
890
891/*
892 * RSA implementation
893 */
894static int dasync_rsa_init(EVP_PKEY_CTX *ctx)
895{
896 static int (*pinit)(EVP_PKEY_CTX *ctx);
897
898 if (pinit == NULL)
899 EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit);
900 return pinit(ctx);
901}
902
903static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx)
904{
905 static void (*pcleanup)(EVP_PKEY_CTX *ctx);
906
907 if (pcleanup == NULL)
908 EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup);
909 pcleanup(ctx);
910}
911
912static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx)
913{
914 static int (*pparamgen_init)(EVP_PKEY_CTX *ctx);
915
916 if (pparamgen_init == NULL)
917 EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL);
918 return pparamgen_init != NULL ? pparamgen_init(ctx) : 1;
919}
920
921static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
922{
923 static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
924
925 if (pparamgen == NULL)
926 EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen);
927 return pparamgen != NULL ? pparamgen(ctx, pkey) : 1;
928}
929
930static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx)
931{
932 static int (*pkeygen_init)(EVP_PKEY_CTX *ctx);
933
934 if (pkeygen_init == NULL)
935 EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL);
936 return pkeygen_init != NULL ? pkeygen_init(ctx) : 1;
937}
938
939static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
940{
941 static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
942
943 if (pkeygen == NULL)
944 EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen);
945 return pkeygen(ctx, pkey);
946}
947
948static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx)
949{
950 static int (*pencrypt_init)(EVP_PKEY_CTX *ctx);
951
952 if (pencrypt_init == NULL)
953 EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL);
954 return pencrypt_init != NULL ? pencrypt_init(ctx) : 1;
955}
956
957static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
958 size_t *outlen, const unsigned char *in,
959 size_t inlen)
960{
961 static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out,
962 size_t *outlen, const unsigned char *in,
963 size_t inlen);
964
965 if (pencryptfn == NULL)
966 EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn);
967 return pencryptfn(ctx, out, outlen, in, inlen);
968}
969
970static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx)
971{
972 static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx);
973
974 if (pdecrypt_init == NULL)
975 EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL);
976 return pdecrypt_init != NULL ? pdecrypt_init(ctx) : 1;
977}
978
979static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
980 size_t *outlen, const unsigned char *in,
981 size_t inlen)
982{
983 static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out,
984 size_t *outlen, const unsigned char *in,
985 size_t inlen);
986
987 if (pdecrypt == NULL)
988 EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt);
989 return pdecrypt(ctx, out, outlen, in, inlen);
990}
991
992static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
993{
994 static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
995
996 if (pctrl == NULL)
997 EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL);
998 return pctrl(ctx, type, p1, p2);
999}
1000
1001static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
1002 const char *value)
1003{
1004 static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type,
1005 const char *value);
1006
1007 if (pctrl_str == NULL)
1008 EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str);
1009 return pctrl_str(ctx, type, value);
1010}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette