1 /* 2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #if defined(_WIN32) 11 # include <windows.h> 12 #endif 13 14 #include <stdio.h> 15 #include <string.h> 16 17 #include <openssl/engine.h> 18 #include <openssl/sha.h> 19 #include <openssl/aes.h> 20 #include <openssl/rsa.h> 21 #include <openssl/evp.h> 22 #include <openssl/async.h> 23 #include <openssl/bn.h> 24 #include <openssl/crypto.h> 25 #include <openssl/ssl.h> 26 #include <openssl/modes.h> 27 28 #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS) 29 # undef ASYNC_POSIX 30 # define ASYNC_POSIX 31 # include <unistd.h> 32 #elif defined(_WIN32) 33 # undef ASYNC_WIN 34 # define ASYNC_WIN 35 #endif 36 37 #define DASYNC_LIB_NAME "DASYNC" 38 #include "e_dasync_err.c" 39 40 /* Engine Id and Name */ 41 static const char *engine_dasync_id = "dasync"; 42 static const char *engine_dasync_name = "Dummy Async engine support"; 43 44 45 /* Engine Lifetime functions */ 46 static int dasync_destroy(ENGINE *e); 47 static int dasync_init(ENGINE *e); 48 static int dasync_finish(ENGINE *e); 49 void engine_load_dasync_int(void); 50 51 52 /* Set up digests. Just SHA1 for now */ 53 static int dasync_digests(ENGINE *e, const EVP_MD **digest, 54 const int **nids, int nid); 55 56 static void dummy_pause_job(void); 57 58 /* SHA1 */ 59 static int dasync_sha1_init(EVP_MD_CTX *ctx); 60 static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 61 size_t count); 62 static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); 63 64 /* 65 * Holds the EVP_MD object for sha1 in this engine. Set up once only during 66 * engine bind and can then be reused many times. 67 */ 68 static EVP_MD *_hidden_sha1_md = NULL; 69 static const EVP_MD *dasync_sha1(void) 70 { 71 return _hidden_sha1_md; 72 } 73 static void destroy_digests(void) 74 { 75 EVP_MD_meth_free(_hidden_sha1_md); 76 _hidden_sha1_md = NULL; 77 } 78 79 static int dasync_digest_nids(const int **nids) 80 { 81 static int digest_nids[2] = { 0, 0 }; 82 static int pos = 0; 83 static int init = 0; 84 85 if (!init) { 86 const EVP_MD *md; 87 if ((md = dasync_sha1()) != NULL) 88 digest_nids[pos++] = EVP_MD_type(md); 89 digest_nids[pos] = 0; 90 init = 1; 91 } 92 *nids = digest_nids; 93 return pos; 94 } 95 96 /* RSA */ 97 98 static int dasync_pub_enc(int flen, const unsigned char *from, 99 unsigned char *to, RSA *rsa, int padding); 100 static int dasync_pub_dec(int flen, const unsigned char *from, 101 unsigned char *to, RSA *rsa, int padding); 102 static int dasync_rsa_priv_enc(int flen, const unsigned char *from, 103 unsigned char *to, RSA *rsa, int padding); 104 static int dasync_rsa_priv_dec(int flen, const unsigned char *from, 105 unsigned char *to, RSA *rsa, int padding); 106 static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, 107 BN_CTX *ctx); 108 109 static int dasync_rsa_init(RSA *rsa); 110 static int dasync_rsa_finish(RSA *rsa); 111 112 static RSA_METHOD *dasync_rsa_method = NULL; 113 114 /* AES */ 115 116 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 117 void *ptr); 118 static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 119 const unsigned char *iv, int enc); 120 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 121 const unsigned char *in, size_t inl); 122 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx); 123 124 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 125 int arg, void *ptr); 126 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 127 const unsigned char *key, 128 const unsigned char *iv, 129 int enc); 130 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 131 unsigned char *out, 132 const unsigned char *in, 133 size_t inl); 134 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx); 135 136 struct dasync_pipeline_ctx { 137 void *inner_cipher_data; 138 unsigned int numpipes; 139 unsigned char **inbufs; 140 unsigned char **outbufs; 141 size_t *lens; 142 int enc; 143 unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; 144 unsigned int aadctr; 145 }; 146 147 /* 148 * Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only 149 * during engine bind and can then be reused many times. 150 */ 151 static EVP_CIPHER *_hidden_aes_128_cbc = NULL; 152 static const EVP_CIPHER *dasync_aes_128_cbc(void) 153 { 154 return _hidden_aes_128_cbc; 155 } 156 157 /* 158 * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up 159 * once only during engine bind and can then be reused many times. 160 */ 161 static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; 162 static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void) 163 { 164 return _hidden_aes_128_cbc_hmac_sha1; 165 } 166 167 static void destroy_ciphers(void) 168 { 169 EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 170 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 171 _hidden_aes_128_cbc = NULL; 172 _hidden_aes_128_cbc_hmac_sha1 = NULL; 173 } 174 175 static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 176 const int **nids, int nid); 177 178 static int dasync_cipher_nids[] = { 179 NID_aes_128_cbc, 180 NID_aes_128_cbc_hmac_sha1, 181 0 182 }; 183 184 static int bind_dasync(ENGINE *e) 185 { 186 /* Setup RSA_METHOD */ 187 if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL 188 || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 189 || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 190 || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0 191 || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0 192 || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0 193 || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0 194 || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0 195 || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) { 196 DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); 197 return 0; 198 } 199 200 /* Ensure the dasync error handling is set up */ 201 ERR_load_DASYNC_strings(); 202 203 if (!ENGINE_set_id(e, engine_dasync_id) 204 || !ENGINE_set_name(e, engine_dasync_name) 205 || !ENGINE_set_RSA(e, dasync_rsa_method) 206 || !ENGINE_set_digests(e, dasync_digests) 207 || !ENGINE_set_ciphers(e, dasync_ciphers) 208 || !ENGINE_set_destroy_function(e, dasync_destroy) 209 || !ENGINE_set_init_function(e, dasync_init) 210 || !ENGINE_set_finish_function(e, dasync_finish)) { 211 DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); 212 return 0; 213 } 214 215 /* 216 * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests 217 * supplied by this engine 218 */ 219 _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption); 220 if (_hidden_sha1_md == NULL 221 || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH) 222 || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK) 223 || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, 224 sizeof(EVP_MD *) + sizeof(SHA_CTX)) 225 || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT) 226 || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init) 227 || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update) 228 || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) { 229 EVP_MD_meth_free(_hidden_sha1_md); 230 _hidden_sha1_md = NULL; 231 } 232 233 _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, 234 16 /* block size */, 235 16 /* key len */); 236 if (_hidden_aes_128_cbc == NULL 237 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) 238 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, 239 EVP_CIPH_FLAG_DEFAULT_ASN1 240 | EVP_CIPH_CBC_MODE 241 | EVP_CIPH_FLAG_PIPELINE) 242 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, 243 dasync_aes128_init_key) 244 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, 245 dasync_aes128_cbc_cipher) 246 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, 247 dasync_aes128_cbc_cleanup) 248 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, 249 dasync_aes128_cbc_ctrl) 250 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, 251 sizeof(struct dasync_pipeline_ctx))) { 252 EVP_CIPHER_meth_free(_hidden_aes_128_cbc); 253 _hidden_aes_128_cbc = NULL; 254 } 255 256 _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( 257 NID_aes_128_cbc_hmac_sha1, 258 16 /* block size */, 259 16 /* key len */); 260 if (_hidden_aes_128_cbc_hmac_sha1 == NULL 261 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) 262 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, 263 EVP_CIPH_CBC_MODE 264 | EVP_CIPH_FLAG_DEFAULT_ASN1 265 | EVP_CIPH_FLAG_AEAD_CIPHER 266 | EVP_CIPH_FLAG_PIPELINE) 267 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, 268 dasync_aes128_cbc_hmac_sha1_init_key) 269 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, 270 dasync_aes128_cbc_hmac_sha1_cipher) 271 || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, 272 dasync_aes128_cbc_hmac_sha1_cleanup) 273 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, 274 dasync_aes128_cbc_hmac_sha1_ctrl) 275 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, 276 sizeof(struct dasync_pipeline_ctx))) { 277 EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); 278 _hidden_aes_128_cbc_hmac_sha1 = NULL; 279 } 280 281 return 1; 282 } 283 284 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 285 static int bind_helper(ENGINE *e, const char *id) 286 { 287 if (id && (strcmp(id, engine_dasync_id) != 0)) 288 return 0; 289 if (!bind_dasync(e)) 290 return 0; 291 return 1; 292 } 293 294 IMPLEMENT_DYNAMIC_CHECK_FN() 295 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) 296 # endif 297 298 static ENGINE *engine_dasync(void) 299 { 300 ENGINE *ret = ENGINE_new(); 301 if (!ret) 302 return NULL; 303 if (!bind_dasync(ret)) { 304 ENGINE_free(ret); 305 return NULL; 306 } 307 return ret; 308 } 309 310 void engine_load_dasync_int(void) 311 { 312 ENGINE *toadd = engine_dasync(); 313 if (!toadd) 314 return; 315 ENGINE_add(toadd); 316 ENGINE_free(toadd); 317 ERR_clear_error(); 318 } 319 320 static int dasync_init(ENGINE *e) 321 { 322 return 1; 323 } 324 325 326 static int dasync_finish(ENGINE *e) 327 { 328 return 1; 329 } 330 331 332 static int dasync_destroy(ENGINE *e) 333 { 334 destroy_digests(); 335 destroy_ciphers(); 336 RSA_meth_free(dasync_rsa_method); 337 ERR_unload_DASYNC_strings(); 338 return 1; 339 } 340 341 static int dasync_digests(ENGINE *e, const EVP_MD **digest, 342 const int **nids, int nid) 343 { 344 int ok = 1; 345 if (!digest) { 346 /* We are returning a list of supported nids */ 347 return dasync_digest_nids(nids); 348 } 349 /* We are being asked for a specific digest */ 350 switch (nid) { 351 case NID_sha1: 352 *digest = dasync_sha1(); 353 break; 354 default: 355 ok = 0; 356 *digest = NULL; 357 break; 358 } 359 return ok; 360 } 361 362 static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 363 const int **nids, int nid) 364 { 365 int ok = 1; 366 if (cipher == NULL) { 367 /* We are returning a list of supported nids */ 368 *nids = dasync_cipher_nids; 369 return (sizeof(dasync_cipher_nids) - 370 1) / sizeof(dasync_cipher_nids[0]); 371 } 372 /* We are being asked for a specific cipher */ 373 switch (nid) { 374 case NID_aes_128_cbc: 375 *cipher = dasync_aes_128_cbc(); 376 break; 377 case NID_aes_128_cbc_hmac_sha1: 378 *cipher = dasync_aes_128_cbc_hmac_sha1(); 379 break; 380 default: 381 ok = 0; 382 *cipher = NULL; 383 break; 384 } 385 return ok; 386 } 387 388 static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, 389 OSSL_ASYNC_FD readfd, void *pvwritefd) 390 { 391 OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd; 392 #if defined(ASYNC_WIN) 393 CloseHandle(readfd); 394 CloseHandle(*pwritefd); 395 #elif defined(ASYNC_POSIX) 396 close(readfd); 397 close(*pwritefd); 398 #endif 399 OPENSSL_free(pwritefd); 400 } 401 402 #define DUMMY_CHAR 'X' 403 404 static void dummy_pause_job(void) { 405 ASYNC_JOB *job; 406 ASYNC_WAIT_CTX *waitctx; 407 OSSL_ASYNC_FD pipefds[2] = {0, 0}; 408 OSSL_ASYNC_FD *writefd; 409 #if defined(ASYNC_WIN) 410 DWORD numwritten, numread; 411 char buf = DUMMY_CHAR; 412 #elif defined(ASYNC_POSIX) 413 char buf = DUMMY_CHAR; 414 #endif 415 416 if ((job = ASYNC_get_current_job()) == NULL) 417 return; 418 419 waitctx = ASYNC_get_wait_ctx(job); 420 421 if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0], 422 (void **)&writefd)) { 423 pipefds[1] = *writefd; 424 } else { 425 writefd = OPENSSL_malloc(sizeof(*writefd)); 426 if (writefd == NULL) 427 return; 428 #if defined(ASYNC_WIN) 429 if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) { 430 OPENSSL_free(writefd); 431 return; 432 } 433 #elif defined(ASYNC_POSIX) 434 if (pipe(pipefds) != 0) { 435 OPENSSL_free(writefd); 436 return; 437 } 438 #endif 439 *writefd = pipefds[1]; 440 441 if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], 442 writefd, wait_cleanup)) { 443 wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); 444 return; 445 } 446 } 447 /* 448 * In the Dummy async engine we are cheating. We signal that the job 449 * is complete by waking it before the call to ASYNC_pause_job(). A real 450 * async engine would only wake when the job was actually complete 451 */ 452 #if defined(ASYNC_WIN) 453 WriteFile(pipefds[1], &buf, 1, &numwritten, NULL); 454 #elif defined(ASYNC_POSIX) 455 if (write(pipefds[1], &buf, 1) < 0) 456 return; 457 #endif 458 459 /* Ignore errors - we carry on anyway */ 460 ASYNC_pause_job(); 461 462 /* Clear the wake signal */ 463 #if defined(ASYNC_WIN) 464 ReadFile(pipefds[0], &buf, 1, &numread, NULL); 465 #elif defined(ASYNC_POSIX) 466 if (read(pipefds[0], &buf, 1) < 0) 467 return; 468 #endif 469 } 470 471 /* 472 * SHA1 implementation. At the moment we just defer to the standard 473 * implementation 474 */ 475 #undef data 476 #define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) 477 static int dasync_sha1_init(EVP_MD_CTX *ctx) 478 { 479 dummy_pause_job(); 480 481 return SHA1_Init(data(ctx)); 482 } 483 484 static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, 485 size_t count) 486 { 487 dummy_pause_job(); 488 489 return SHA1_Update(data(ctx), data, (size_t)count); 490 } 491 492 static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) 493 { 494 dummy_pause_job(); 495 496 return SHA1_Final(md, data(ctx)); 497 } 498 499 /* 500 * RSA implementation 501 */ 502 503 static int dasync_pub_enc(int flen, const unsigned char *from, 504 unsigned char *to, RSA *rsa, int padding) { 505 /* Ignore errors - we carry on anyway */ 506 dummy_pause_job(); 507 return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL()) 508 (flen, from, to, rsa, padding); 509 } 510 511 static int dasync_pub_dec(int flen, const unsigned char *from, 512 unsigned char *to, RSA *rsa, int padding) { 513 /* Ignore errors - we carry on anyway */ 514 dummy_pause_job(); 515 return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL()) 516 (flen, from, to, rsa, padding); 517 } 518 519 static int dasync_rsa_priv_enc(int flen, const unsigned char *from, 520 unsigned char *to, RSA *rsa, int padding) 521 { 522 /* Ignore errors - we carry on anyway */ 523 dummy_pause_job(); 524 return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL()) 525 (flen, from, to, rsa, padding); 526 } 527 528 static int dasync_rsa_priv_dec(int flen, const unsigned char *from, 529 unsigned char *to, RSA *rsa, int padding) 530 { 531 /* Ignore errors - we carry on anyway */ 532 dummy_pause_job(); 533 return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL()) 534 (flen, from, to, rsa, padding); 535 } 536 537 static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 538 { 539 /* Ignore errors - we carry on anyway */ 540 dummy_pause_job(); 541 return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx); 542 } 543 544 static int dasync_rsa_init(RSA *rsa) 545 { 546 return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa); 547 } 548 static int dasync_rsa_finish(RSA *rsa) 549 { 550 return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa); 551 } 552 553 /* Cipher helper functions */ 554 555 static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, 556 void *ptr, int aeadcapable) 557 { 558 int ret; 559 struct dasync_pipeline_ctx *pipe_ctx = 560 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 561 562 if (pipe_ctx == NULL) 563 return 0; 564 565 switch (type) { 566 case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: 567 pipe_ctx->numpipes = arg; 568 pipe_ctx->outbufs = (unsigned char **)ptr; 569 break; 570 571 case EVP_CTRL_SET_PIPELINE_INPUT_BUFS: 572 pipe_ctx->numpipes = arg; 573 pipe_ctx->inbufs = (unsigned char **)ptr; 574 break; 575 576 case EVP_CTRL_SET_PIPELINE_INPUT_LENS: 577 pipe_ctx->numpipes = arg; 578 pipe_ctx->lens = (size_t *)ptr; 579 break; 580 581 case EVP_CTRL_AEAD_SET_MAC_KEY: 582 if (!aeadcapable) 583 return -1; 584 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 585 ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1()) 586 (ctx, type, arg, ptr); 587 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 588 return ret; 589 590 case EVP_CTRL_AEAD_TLS1_AAD: 591 { 592 unsigned char *p = ptr; 593 unsigned int len; 594 595 if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN) 596 return -1; 597 598 if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES) 599 return -1; 600 601 memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr, 602 EVP_AEAD_TLS1_AAD_LEN); 603 pipe_ctx->aadctr++; 604 605 len = p[arg - 2] << 8 | p[arg - 1]; 606 607 if (pipe_ctx->enc) { 608 if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { 609 if (len < AES_BLOCK_SIZE) 610 return 0; 611 len -= AES_BLOCK_SIZE; 612 } 613 614 return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) 615 & -AES_BLOCK_SIZE) - len; 616 } else { 617 return SHA_DIGEST_LENGTH; 618 } 619 } 620 621 default: 622 return 0; 623 } 624 625 return 1; 626 } 627 628 static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx, 629 const unsigned char *key, 630 const unsigned char *iv, int enc, 631 const EVP_CIPHER *cipher) 632 { 633 int ret; 634 struct dasync_pipeline_ctx *pipe_ctx = 635 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 636 637 if (pipe_ctx->inner_cipher_data == NULL 638 && EVP_CIPHER_impl_ctx_size(cipher) != 0) { 639 pipe_ctx->inner_cipher_data = OPENSSL_zalloc( 640 EVP_CIPHER_impl_ctx_size(cipher)); 641 if (pipe_ctx->inner_cipher_data == NULL) { 642 DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 643 ERR_R_MALLOC_FAILURE); 644 return 0; 645 } 646 } 647 648 pipe_ctx->numpipes = 0; 649 pipe_ctx->aadctr = 0; 650 651 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 652 ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc); 653 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 654 655 return ret; 656 } 657 658 static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out, 659 const unsigned char *in, size_t inl, 660 const EVP_CIPHER *cipher) 661 { 662 int ret = 1; 663 unsigned int i, pipes; 664 struct dasync_pipeline_ctx *pipe_ctx = 665 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 666 667 pipes = pipe_ctx->numpipes; 668 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); 669 if (pipes == 0) { 670 if (pipe_ctx->aadctr != 0) { 671 if (pipe_ctx->aadctr != 1) 672 return -1; 673 EVP_CIPHER_meth_get_ctrl(cipher) 674 (ctx, EVP_CTRL_AEAD_TLS1_AAD, 675 EVP_AEAD_TLS1_AAD_LEN, 676 pipe_ctx->tlsaad[0]); 677 } 678 ret = EVP_CIPHER_meth_get_do_cipher(cipher) 679 (ctx, out, in, inl); 680 } else { 681 if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes) 682 return -1; 683 for (i = 0; i < pipes; i++) { 684 if (pipe_ctx->aadctr > 0) { 685 EVP_CIPHER_meth_get_ctrl(cipher) 686 (ctx, EVP_CTRL_AEAD_TLS1_AAD, 687 EVP_AEAD_TLS1_AAD_LEN, 688 pipe_ctx->tlsaad[i]); 689 } 690 ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher) 691 (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i], 692 pipe_ctx->lens[i]); 693 } 694 pipe_ctx->numpipes = 0; 695 } 696 pipe_ctx->aadctr = 0; 697 EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); 698 return ret; 699 } 700 701 static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx, 702 const EVP_CIPHER *cipher) 703 { 704 struct dasync_pipeline_ctx *pipe_ctx = 705 (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); 706 707 OPENSSL_clear_free(pipe_ctx->inner_cipher_data, 708 EVP_CIPHER_impl_ctx_size(cipher)); 709 710 return 1; 711 } 712 713 /* 714 * AES128 CBC Implementation 715 */ 716 717 static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 718 void *ptr) 719 { 720 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0); 721 } 722 723 static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 724 const unsigned char *iv, int enc) 725 { 726 return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc()); 727 } 728 729 static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 730 const unsigned char *in, size_t inl) 731 { 732 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc()); 733 } 734 735 static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx) 736 { 737 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc()); 738 } 739 740 741 /* 742 * AES128 CBC HMAC SHA1 Implementation 743 */ 744 745 static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, 746 int arg, void *ptr) 747 { 748 return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1); 749 } 750 751 static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 752 const unsigned char *key, 753 const unsigned char *iv, 754 int enc) 755 { 756 return dasync_cipher_init_key_helper(ctx, key, iv, enc, 757 EVP_aes_128_cbc_hmac_sha1()); 758 } 759 760 static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 761 unsigned char *out, 762 const unsigned char *in, 763 size_t inl) 764 { 765 return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1()); 766 } 767 768 static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) 769 { 770 return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); 771 } 772