[331] | 1 | /*
|
---|
| 2 | * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | /* ====================================================================
|
---|
| 11 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
---|
| 12 | * ECDH support in OpenSSL originally developed by
|
---|
| 13 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
---|
| 14 | */
|
---|
| 15 |
|
---|
| 16 | #include <stdio.h>
|
---|
| 17 | #include <openssl/crypto.h>
|
---|
| 18 | #include "internal/cryptlib.h"
|
---|
| 19 | #include <internal/engine.h>
|
---|
| 20 | #include <openssl/pem.h>
|
---|
| 21 | #include <openssl/evp.h>
|
---|
| 22 | #include <openssl/rand.h>
|
---|
| 23 | #include <openssl/rsa.h>
|
---|
| 24 | #include <openssl/dsa.h>
|
---|
| 25 | #include <openssl/dh.h>
|
---|
| 26 |
|
---|
| 27 | #include <openssl/hmac.h>
|
---|
| 28 | #include <openssl/x509v3.h>
|
---|
| 29 |
|
---|
| 30 | /*
|
---|
| 31 | * This testing gunk is implemented (and explained) lower down. It also
|
---|
| 32 | * assumes the application explicitly calls "ENGINE_load_openssl()" because
|
---|
| 33 | * this is no longer automatic in ENGINE_load_builtin_engines().
|
---|
| 34 | */
|
---|
| 35 | #define TEST_ENG_OPENSSL_RC4
|
---|
| 36 | #ifndef OPENSSL_NO_STDIO
|
---|
| 37 | #define TEST_ENG_OPENSSL_PKEY
|
---|
| 38 | #endif
|
---|
| 39 | /* #define TEST_ENG_OPENSSL_HMAC */
|
---|
| 40 | /* #define TEST_ENG_OPENSSL_HMAC_INIT */
|
---|
| 41 | /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
|
---|
| 42 | #define TEST_ENG_OPENSSL_RC4_P_INIT
|
---|
| 43 | /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
|
---|
| 44 | #define TEST_ENG_OPENSSL_SHA
|
---|
| 45 | /* #define TEST_ENG_OPENSSL_SHA_OTHERS */
|
---|
| 46 | /* #define TEST_ENG_OPENSSL_SHA_P_INIT */
|
---|
| 47 | /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
|
---|
| 48 | /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
|
---|
| 49 |
|
---|
| 50 | /* Now check what of those algorithms are actually enabled */
|
---|
| 51 | #ifdef OPENSSL_NO_RC4
|
---|
| 52 | # undef TEST_ENG_OPENSSL_RC4
|
---|
| 53 | # undef TEST_ENG_OPENSSL_RC4_OTHERS
|
---|
| 54 | # undef TEST_ENG_OPENSSL_RC4_P_INIT
|
---|
| 55 | # undef TEST_ENG_OPENSSL_RC4_P_CIPHER
|
---|
| 56 | #endif
|
---|
| 57 |
|
---|
| 58 | static int openssl_destroy(ENGINE *e);
|
---|
| 59 |
|
---|
| 60 | #ifdef TEST_ENG_OPENSSL_RC4
|
---|
| 61 | static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
---|
| 62 | const int **nids, int nid);
|
---|
| 63 | #endif
|
---|
| 64 | #ifdef TEST_ENG_OPENSSL_SHA
|
---|
| 65 | static int openssl_digests(ENGINE *e, const EVP_MD **digest,
|
---|
| 66 | const int **nids, int nid);
|
---|
| 67 | #endif
|
---|
| 68 |
|
---|
| 69 | #ifdef TEST_ENG_OPENSSL_PKEY
|
---|
| 70 | static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
|
---|
| 71 | UI_METHOD *ui_method,
|
---|
| 72 | void *callback_data);
|
---|
| 73 | #endif
|
---|
| 74 |
|
---|
| 75 | #ifdef TEST_ENG_OPENSSL_HMAC
|
---|
| 76 | static int ossl_register_hmac_meth(void);
|
---|
| 77 | static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
|
---|
| 78 | const int **nids, int nid);
|
---|
| 79 | #endif
|
---|
| 80 |
|
---|
| 81 | /* The constants used when creating the ENGINE */
|
---|
| 82 | static const char *engine_openssl_id = "openssl";
|
---|
| 83 | static const char *engine_openssl_name = "Software engine support";
|
---|
| 84 |
|
---|
| 85 | /*
|
---|
| 86 | * This internal function is used by ENGINE_openssl() and possibly by the
|
---|
| 87 | * "dynamic" ENGINE support too
|
---|
| 88 | */
|
---|
| 89 | static int bind_helper(ENGINE *e)
|
---|
| 90 | {
|
---|
| 91 | if (!ENGINE_set_id(e, engine_openssl_id)
|
---|
| 92 | || !ENGINE_set_name(e, engine_openssl_name)
|
---|
| 93 | || !ENGINE_set_destroy_function(e, openssl_destroy)
|
---|
| 94 | #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
|
---|
| 95 | # ifndef OPENSSL_NO_RSA
|
---|
| 96 | || !ENGINE_set_RSA(e, RSA_get_default_method())
|
---|
| 97 | # endif
|
---|
| 98 | # ifndef OPENSSL_NO_DSA
|
---|
| 99 | || !ENGINE_set_DSA(e, DSA_get_default_method())
|
---|
| 100 | # endif
|
---|
| 101 | # ifndef OPENSSL_NO_EC
|
---|
| 102 | || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
|
---|
| 103 | # endif
|
---|
| 104 | # ifndef OPENSSL_NO_DH
|
---|
| 105 | || !ENGINE_set_DH(e, DH_get_default_method())
|
---|
| 106 | # endif
|
---|
| 107 | || !ENGINE_set_RAND(e, RAND_OpenSSL())
|
---|
| 108 | # ifdef TEST_ENG_OPENSSL_RC4
|
---|
| 109 | || !ENGINE_set_ciphers(e, openssl_ciphers)
|
---|
| 110 | # endif
|
---|
| 111 | # ifdef TEST_ENG_OPENSSL_SHA
|
---|
| 112 | || !ENGINE_set_digests(e, openssl_digests)
|
---|
| 113 | # endif
|
---|
| 114 | #endif
|
---|
| 115 | #ifdef TEST_ENG_OPENSSL_PKEY
|
---|
| 116 | || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
|
---|
| 117 | #endif
|
---|
| 118 | #ifdef TEST_ENG_OPENSSL_HMAC
|
---|
| 119 | || !ossl_register_hmac_meth()
|
---|
| 120 | || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
|
---|
| 121 | #endif
|
---|
| 122 | )
|
---|
| 123 | return 0;
|
---|
| 124 | /*
|
---|
| 125 | * If we add errors to this ENGINE, ensure the error handling is setup
|
---|
| 126 | * here
|
---|
| 127 | */
|
---|
| 128 | /* openssl_load_error_strings(); */
|
---|
| 129 | return 1;
|
---|
| 130 | }
|
---|
| 131 |
|
---|
| 132 | static ENGINE *engine_openssl(void)
|
---|
| 133 | {
|
---|
| 134 | ENGINE *ret = ENGINE_new();
|
---|
| 135 | if (ret == NULL)
|
---|
| 136 | return NULL;
|
---|
| 137 | if (!bind_helper(ret)) {
|
---|
| 138 | ENGINE_free(ret);
|
---|
| 139 | return NULL;
|
---|
| 140 | }
|
---|
| 141 | return ret;
|
---|
| 142 | }
|
---|
| 143 |
|
---|
| 144 | void engine_load_openssl_int(void)
|
---|
| 145 | {
|
---|
| 146 | ENGINE *toadd = engine_openssl();
|
---|
| 147 | if (!toadd)
|
---|
| 148 | return;
|
---|
| 149 | ENGINE_add(toadd);
|
---|
| 150 | /*
|
---|
| 151 | * If the "add" worked, it gets a structural reference. So either way, we
|
---|
| 152 | * release our just-created reference.
|
---|
| 153 | */
|
---|
| 154 | ENGINE_free(toadd);
|
---|
| 155 | ERR_clear_error();
|
---|
| 156 | }
|
---|
| 157 |
|
---|
| 158 | /*
|
---|
| 159 | * This stuff is needed if this ENGINE is being compiled into a
|
---|
| 160 | * self-contained shared-library.
|
---|
| 161 | */
|
---|
| 162 | #ifdef ENGINE_DYNAMIC_SUPPORT
|
---|
| 163 | static int bind_fn(ENGINE *e, const char *id)
|
---|
| 164 | {
|
---|
| 165 | if (id && (strcmp(id, engine_openssl_id) != 0))
|
---|
| 166 | return 0;
|
---|
| 167 | if (!bind_helper(e))
|
---|
| 168 | return 0;
|
---|
| 169 | return 1;
|
---|
| 170 | }
|
---|
| 171 |
|
---|
| 172 | IMPLEMENT_DYNAMIC_CHECK_FN()
|
---|
| 173 | IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
|
---|
| 174 | #endif /* ENGINE_DYNAMIC_SUPPORT */
|
---|
| 175 | #ifdef TEST_ENG_OPENSSL_RC4
|
---|
| 176 | /*-
|
---|
| 177 | * This section of code compiles an "alternative implementation" of two modes of
|
---|
| 178 | * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
|
---|
| 179 | * should under normal circumstances go via this support rather than the default
|
---|
| 180 | * EVP support. There are other symbols to tweak the testing;
|
---|
| 181 | * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
|
---|
| 182 | * we're asked for a cipher we don't support (should not happen).
|
---|
| 183 | * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
|
---|
| 184 | * the "init_key" handler is called.
|
---|
| 185 | * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
|
---|
| 186 | */
|
---|
| 187 | # include <openssl/rc4.h>
|
---|
| 188 | # define TEST_RC4_KEY_SIZE 16
|
---|
| 189 | typedef struct {
|
---|
| 190 | unsigned char key[TEST_RC4_KEY_SIZE];
|
---|
| 191 | RC4_KEY ks;
|
---|
| 192 | } TEST_RC4_KEY;
|
---|
| 193 | # define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
|
---|
| 194 | static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
---|
| 195 | const unsigned char *iv, int enc)
|
---|
| 196 | {
|
---|
| 197 | # ifdef TEST_ENG_OPENSSL_RC4_P_INIT
|
---|
| 198 | fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
|
---|
| 199 | # endif
|
---|
| 200 | memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
|
---|
| 201 | RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
|
---|
| 202 | test(ctx)->key);
|
---|
| 203 | return 1;
|
---|
| 204 | }
|
---|
| 205 |
|
---|
| 206 | static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
---|
| 207 | const unsigned char *in, size_t inl)
|
---|
| 208 | {
|
---|
| 209 | # ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
|
---|
| 210 | fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
|
---|
| 211 | # endif
|
---|
| 212 | RC4(&test(ctx)->ks, inl, in, out);
|
---|
| 213 | return 1;
|
---|
| 214 | }
|
---|
| 215 |
|
---|
| 216 | static EVP_CIPHER *r4_cipher = NULL;
|
---|
| 217 | static const EVP_CIPHER *test_r4_cipher(void)
|
---|
| 218 | {
|
---|
| 219 | if (r4_cipher == NULL) {
|
---|
| 220 | EVP_CIPHER *cipher;
|
---|
| 221 |
|
---|
| 222 | if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
|
---|
| 223 | || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
|
---|
| 224 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
|
---|
| 225 | || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
|
---|
| 226 | || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
|
---|
| 227 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
|
---|
| 228 | EVP_CIPHER_meth_free(cipher);
|
---|
| 229 | cipher = NULL;
|
---|
| 230 | }
|
---|
| 231 | r4_cipher = cipher;
|
---|
| 232 | }
|
---|
| 233 | return r4_cipher;
|
---|
| 234 | }
|
---|
| 235 | static void test_r4_cipher_destroy(void)
|
---|
| 236 | {
|
---|
| 237 | EVP_CIPHER_meth_free(r4_cipher);
|
---|
| 238 | r4_cipher = NULL;
|
---|
| 239 | }
|
---|
| 240 |
|
---|
| 241 | static EVP_CIPHER *r4_40_cipher = NULL;
|
---|
| 242 | static const EVP_CIPHER *test_r4_40_cipher(void)
|
---|
| 243 | {
|
---|
| 244 | if (r4_40_cipher == NULL) {
|
---|
| 245 | EVP_CIPHER *cipher;
|
---|
| 246 |
|
---|
| 247 | if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
|
---|
| 248 | || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
|
---|
| 249 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
|
---|
| 250 | || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
|
---|
| 251 | || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
|
---|
| 252 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
|
---|
| 253 | EVP_CIPHER_meth_free(cipher);
|
---|
| 254 | cipher = NULL;
|
---|
| 255 | }
|
---|
| 256 | r4_40_cipher = cipher;
|
---|
| 257 | }
|
---|
| 258 | return r4_40_cipher;
|
---|
| 259 | }
|
---|
| 260 | static void test_r4_40_cipher_destroy(void)
|
---|
| 261 | {
|
---|
| 262 | EVP_CIPHER_meth_free(r4_40_cipher);
|
---|
| 263 | r4_40_cipher = NULL;
|
---|
| 264 | }
|
---|
| 265 | static int test_cipher_nids(const int **nids)
|
---|
| 266 | {
|
---|
| 267 | static int cipher_nids[4] = { 0, 0, 0, 0 };
|
---|
| 268 | static int pos = 0;
|
---|
| 269 | static int init = 0;
|
---|
| 270 |
|
---|
| 271 | if (!init) {
|
---|
| 272 | const EVP_CIPHER *cipher;
|
---|
| 273 | if ((cipher = test_r4_cipher()) != NULL)
|
---|
| 274 | cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
|
---|
| 275 | if ((cipher = test_r4_40_cipher()) != NULL)
|
---|
| 276 | cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
|
---|
| 277 | cipher_nids[pos] = 0;
|
---|
| 278 | init = 1;
|
---|
| 279 | }
|
---|
| 280 | *nids = cipher_nids;
|
---|
| 281 | return pos;
|
---|
| 282 | }
|
---|
| 283 |
|
---|
| 284 | static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
---|
| 285 | const int **nids, int nid)
|
---|
| 286 | {
|
---|
| 287 | if (!cipher) {
|
---|
| 288 | /* We are returning a list of supported nids */
|
---|
| 289 | return test_cipher_nids(nids);
|
---|
| 290 | }
|
---|
| 291 | /* We are being asked for a specific cipher */
|
---|
| 292 | if (nid == NID_rc4)
|
---|
| 293 | *cipher = test_r4_cipher();
|
---|
| 294 | else if (nid == NID_rc4_40)
|
---|
| 295 | *cipher = test_r4_40_cipher();
|
---|
| 296 | else {
|
---|
| 297 | # ifdef TEST_ENG_OPENSSL_RC4_OTHERS
|
---|
| 298 | fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
|
---|
| 299 | "nid %d\n", nid);
|
---|
| 300 | # endif
|
---|
| 301 | *cipher = NULL;
|
---|
| 302 | return 0;
|
---|
| 303 | }
|
---|
| 304 | return 1;
|
---|
| 305 | }
|
---|
| 306 | #endif
|
---|
| 307 |
|
---|
| 308 | #ifdef TEST_ENG_OPENSSL_SHA
|
---|
| 309 | /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
|
---|
| 310 | # include <openssl/sha.h>
|
---|
| 311 |
|
---|
| 312 | static int test_sha1_init(EVP_MD_CTX *ctx)
|
---|
| 313 | {
|
---|
| 314 | # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
|
---|
| 315 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
|
---|
| 316 | # endif
|
---|
| 317 | return SHA1_Init(EVP_MD_CTX_md_data(ctx));
|
---|
| 318 | }
|
---|
| 319 |
|
---|
| 320 | static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
|
---|
| 321 | {
|
---|
| 322 | # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
|
---|
| 323 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
|
---|
| 324 | # endif
|
---|
| 325 | return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
|
---|
| 326 | }
|
---|
| 327 |
|
---|
| 328 | static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
|
---|
| 329 | {
|
---|
| 330 | # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
|
---|
| 331 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
|
---|
| 332 | # endif
|
---|
| 333 | return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
|
---|
| 334 | }
|
---|
| 335 |
|
---|
| 336 | static EVP_MD *sha1_md = NULL;
|
---|
| 337 | static const EVP_MD *test_sha_md(void)
|
---|
| 338 | {
|
---|
| 339 | if (sha1_md == NULL) {
|
---|
| 340 | EVP_MD *md;
|
---|
| 341 |
|
---|
| 342 | if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
|
---|
| 343 | || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
|
---|
| 344 | || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
|
---|
| 345 | || !EVP_MD_meth_set_app_datasize(md,
|
---|
| 346 | sizeof(EVP_MD *) + sizeof(SHA_CTX))
|
---|
| 347 | || !EVP_MD_meth_set_flags(md, 0)
|
---|
| 348 | || !EVP_MD_meth_set_init(md, test_sha1_init)
|
---|
| 349 | || !EVP_MD_meth_set_update(md, test_sha1_update)
|
---|
| 350 | || !EVP_MD_meth_set_final(md, test_sha1_final)) {
|
---|
| 351 | EVP_MD_meth_free(md);
|
---|
| 352 | md = NULL;
|
---|
| 353 | }
|
---|
| 354 | sha1_md = md;
|
---|
| 355 | }
|
---|
| 356 | return sha1_md;
|
---|
| 357 | }
|
---|
| 358 | static void test_sha_md_destroy(void)
|
---|
| 359 | {
|
---|
| 360 | EVP_MD_meth_free(sha1_md);
|
---|
| 361 | sha1_md = NULL;
|
---|
| 362 | }
|
---|
| 363 | static int test_digest_nids(const int **nids)
|
---|
| 364 | {
|
---|
| 365 | static int digest_nids[2] = { 0, 0 };
|
---|
| 366 | static int pos = 0;
|
---|
| 367 | static int init = 0;
|
---|
| 368 |
|
---|
| 369 | if (!init) {
|
---|
| 370 | const EVP_MD *md;
|
---|
| 371 | if ((md = test_sha_md()) != NULL)
|
---|
| 372 | digest_nids[pos++] = EVP_MD_type(md);
|
---|
| 373 | digest_nids[pos] = 0;
|
---|
| 374 | init = 1;
|
---|
| 375 | }
|
---|
| 376 | *nids = digest_nids;
|
---|
| 377 | return pos;
|
---|
| 378 | }
|
---|
| 379 |
|
---|
| 380 | static int openssl_digests(ENGINE *e, const EVP_MD **digest,
|
---|
| 381 | const int **nids, int nid)
|
---|
| 382 | {
|
---|
| 383 | if (!digest) {
|
---|
| 384 | /* We are returning a list of supported nids */
|
---|
| 385 | return test_digest_nids(nids);
|
---|
| 386 | }
|
---|
| 387 | /* We are being asked for a specific digest */
|
---|
| 388 | if (nid == NID_sha1)
|
---|
| 389 | *digest = test_sha_md();
|
---|
| 390 | else {
|
---|
| 391 | # ifdef TEST_ENG_OPENSSL_SHA_OTHERS
|
---|
| 392 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
|
---|
| 393 | "nid %d\n", nid);
|
---|
| 394 | # endif
|
---|
| 395 | *digest = NULL;
|
---|
| 396 | return 0;
|
---|
| 397 | }
|
---|
| 398 | return 1;
|
---|
| 399 | }
|
---|
| 400 | #endif
|
---|
| 401 |
|
---|
| 402 | #ifdef TEST_ENG_OPENSSL_PKEY
|
---|
| 403 | static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
|
---|
| 404 | UI_METHOD *ui_method,
|
---|
| 405 | void *callback_data)
|
---|
| 406 | {
|
---|
| 407 | BIO *in;
|
---|
| 408 | EVP_PKEY *key;
|
---|
| 409 | fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
|
---|
| 410 | key_id);
|
---|
| 411 | in = BIO_new_file(key_id, "r");
|
---|
| 412 | if (!in)
|
---|
| 413 | return NULL;
|
---|
| 414 | key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
|
---|
| 415 | BIO_free(in);
|
---|
| 416 | return key;
|
---|
| 417 | }
|
---|
| 418 | #endif
|
---|
| 419 |
|
---|
| 420 | #ifdef TEST_ENG_OPENSSL_HMAC
|
---|
| 421 |
|
---|
| 422 | /*
|
---|
| 423 | * Experimental HMAC redirection implementation: mainly copied from
|
---|
| 424 | * hm_pmeth.c
|
---|
| 425 | */
|
---|
| 426 |
|
---|
| 427 | /* HMAC pkey context structure */
|
---|
| 428 |
|
---|
| 429 | typedef struct {
|
---|
| 430 | const EVP_MD *md; /* MD for HMAC use */
|
---|
| 431 | ASN1_OCTET_STRING ktmp; /* Temp storage for key */
|
---|
| 432 | HMAC_CTX *ctx;
|
---|
| 433 | } OSSL_HMAC_PKEY_CTX;
|
---|
| 434 |
|
---|
| 435 | static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
|
---|
| 436 | {
|
---|
| 437 | OSSL_HMAC_PKEY_CTX *hctx;
|
---|
| 438 |
|
---|
| 439 | hctx = OPENSSL_zalloc(sizeof(*hctx));
|
---|
| 440 | if (hctx == NULL)
|
---|
| 441 | return 0;
|
---|
| 442 | hctx->ktmp.type = V_ASN1_OCTET_STRING;
|
---|
| 443 | hctx->ctx = HMAC_CTX_new();
|
---|
| 444 | if (hctx->ctx == NULL) {
|
---|
| 445 | OPENSSL_free(hctx);
|
---|
| 446 | return 0;
|
---|
| 447 | }
|
---|
| 448 | EVP_PKEY_CTX_set_data(ctx, hctx);
|
---|
| 449 | EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
|
---|
| 450 | # ifdef TEST_ENG_OPENSSL_HMAC_INIT
|
---|
| 451 | fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
|
---|
| 452 | # endif
|
---|
| 453 | return 1;
|
---|
| 454 | }
|
---|
| 455 |
|
---|
| 456 | static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
|
---|
| 457 |
|
---|
| 458 | static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
|
---|
| 459 | {
|
---|
| 460 | OSSL_HMAC_PKEY_CTX *sctx, *dctx;
|
---|
| 461 |
|
---|
| 462 | /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
|
---|
| 463 | if (!ossl_hmac_init(dst))
|
---|
| 464 | return 0;
|
---|
| 465 | sctx = EVP_PKEY_CTX_get_data(src);
|
---|
| 466 | dctx = EVP_PKEY_CTX_get_data(dst);
|
---|
| 467 | dctx->md = sctx->md;
|
---|
| 468 | if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
|
---|
| 469 | goto err;
|
---|
| 470 | if (sctx->ktmp.data) {
|
---|
| 471 | if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
|
---|
| 472 | sctx->ktmp.data, sctx->ktmp.length))
|
---|
| 473 | goto err;
|
---|
| 474 | }
|
---|
| 475 | return 1;
|
---|
| 476 | err:
|
---|
| 477 | /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
|
---|
| 478 | ossl_hmac_cleanup(dst);
|
---|
| 479 | return 0;
|
---|
| 480 | }
|
---|
| 481 |
|
---|
| 482 | static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
|
---|
| 483 | {
|
---|
| 484 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
| 485 |
|
---|
| 486 | if (hctx) {
|
---|
| 487 | HMAC_CTX_free(hctx->ctx);
|
---|
| 488 | OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
|
---|
| 489 | OPENSSL_free(hctx);
|
---|
| 490 | EVP_PKEY_CTX_set_data(ctx, NULL);
|
---|
| 491 | }
|
---|
| 492 | }
|
---|
| 493 |
|
---|
| 494 | static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
|
---|
| 495 | {
|
---|
| 496 | ASN1_OCTET_STRING *hkey = NULL;
|
---|
| 497 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
| 498 | if (!hctx->ktmp.data)
|
---|
| 499 | return 0;
|
---|
| 500 | hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
|
---|
| 501 | if (!hkey)
|
---|
| 502 | return 0;
|
---|
| 503 | EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
|
---|
| 504 |
|
---|
| 505 | return 1;
|
---|
| 506 | }
|
---|
| 507 |
|
---|
| 508 | static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
|
---|
| 509 | {
|
---|
| 510 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
|
---|
| 511 | if (!HMAC_Update(hctx->ctx, data, count))
|
---|
| 512 | return 0;
|
---|
| 513 | return 1;
|
---|
| 514 | }
|
---|
| 515 |
|
---|
| 516 | static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
|
---|
| 517 | {
|
---|
| 518 | EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
|
---|
| 519 | EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
|
---|
| 520 | return 1;
|
---|
| 521 | }
|
---|
| 522 |
|
---|
| 523 | static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
|
---|
| 524 | size_t *siglen, EVP_MD_CTX *mctx)
|
---|
| 525 | {
|
---|
| 526 | unsigned int hlen;
|
---|
| 527 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
| 528 | int l = EVP_MD_CTX_size(mctx);
|
---|
| 529 |
|
---|
| 530 | if (l < 0)
|
---|
| 531 | return 0;
|
---|
| 532 | *siglen = l;
|
---|
| 533 | if (!sig)
|
---|
| 534 | return 1;
|
---|
| 535 |
|
---|
| 536 | if (!HMAC_Final(hctx->ctx, sig, &hlen))
|
---|
| 537 | return 0;
|
---|
| 538 | *siglen = (size_t)hlen;
|
---|
| 539 | return 1;
|
---|
| 540 | }
|
---|
| 541 |
|
---|
| 542 | static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
---|
| 543 | {
|
---|
| 544 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
| 545 | EVP_PKEY *pk;
|
---|
| 546 | ASN1_OCTET_STRING *key;
|
---|
| 547 | switch (type) {
|
---|
| 548 |
|
---|
| 549 | case EVP_PKEY_CTRL_SET_MAC_KEY:
|
---|
| 550 | if ((!p2 && p1 > 0) || (p1 < -1))
|
---|
| 551 | return 0;
|
---|
| 552 | if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
|
---|
| 553 | return 0;
|
---|
| 554 | break;
|
---|
| 555 |
|
---|
| 556 | case EVP_PKEY_CTRL_MD:
|
---|
| 557 | hctx->md = p2;
|
---|
| 558 | break;
|
---|
| 559 |
|
---|
| 560 | case EVP_PKEY_CTRL_DIGESTINIT:
|
---|
| 561 | pk = EVP_PKEY_CTX_get0_pkey(ctx);
|
---|
| 562 | key = EVP_PKEY_get0(pk);
|
---|
| 563 | if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
|
---|
| 564 | return 0;
|
---|
| 565 | break;
|
---|
| 566 |
|
---|
| 567 | default:
|
---|
| 568 | return -2;
|
---|
| 569 |
|
---|
| 570 | }
|
---|
| 571 | return 1;
|
---|
| 572 | }
|
---|
| 573 |
|
---|
| 574 | static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
|
---|
| 575 | const char *type, const char *value)
|
---|
| 576 | {
|
---|
| 577 | if (!value) {
|
---|
| 578 | return 0;
|
---|
| 579 | }
|
---|
| 580 | if (strcmp(type, "key") == 0) {
|
---|
| 581 | void *p = (void *)value;
|
---|
| 582 | return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
|
---|
| 583 | }
|
---|
| 584 | if (strcmp(type, "hexkey") == 0) {
|
---|
| 585 | unsigned char *key;
|
---|
| 586 | int r;
|
---|
| 587 | long keylen;
|
---|
| 588 | key = OPENSSL_hexstr2buf(value, &keylen);
|
---|
| 589 | if (!key)
|
---|
| 590 | return 0;
|
---|
| 591 | r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
|
---|
| 592 | OPENSSL_free(key);
|
---|
| 593 | return r;
|
---|
| 594 | }
|
---|
| 595 | return -2;
|
---|
| 596 | }
|
---|
| 597 |
|
---|
| 598 | static EVP_PKEY_METHOD *ossl_hmac_meth;
|
---|
| 599 |
|
---|
| 600 | static int ossl_register_hmac_meth(void)
|
---|
| 601 | {
|
---|
| 602 | EVP_PKEY_METHOD *meth;
|
---|
| 603 | meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
|
---|
| 604 | if (meth == NULL)
|
---|
| 605 | return 0;
|
---|
| 606 | EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
|
---|
| 607 | EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
|
---|
| 608 | EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
|
---|
| 609 |
|
---|
| 610 | EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
|
---|
| 611 |
|
---|
| 612 | EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
|
---|
| 613 | ossl_hmac_signctx);
|
---|
| 614 |
|
---|
| 615 | EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
|
---|
| 616 | ossl_hmac_meth = meth;
|
---|
| 617 | return 1;
|
---|
| 618 | }
|
---|
| 619 |
|
---|
| 620 | static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
|
---|
| 621 | const int **nids, int nid)
|
---|
| 622 | {
|
---|
| 623 | static int ossl_pkey_nids[] = {
|
---|
| 624 | EVP_PKEY_HMAC,
|
---|
| 625 | 0
|
---|
| 626 | };
|
---|
| 627 | if (!pmeth) {
|
---|
| 628 | *nids = ossl_pkey_nids;
|
---|
| 629 | return 1;
|
---|
| 630 | }
|
---|
| 631 |
|
---|
| 632 | if (nid == EVP_PKEY_HMAC) {
|
---|
| 633 | *pmeth = ossl_hmac_meth;
|
---|
| 634 | return 1;
|
---|
| 635 | }
|
---|
| 636 |
|
---|
| 637 | *pmeth = NULL;
|
---|
| 638 | return 0;
|
---|
| 639 | }
|
---|
| 640 |
|
---|
| 641 | #endif
|
---|
| 642 |
|
---|
| 643 | int openssl_destroy(ENGINE *e)
|
---|
| 644 | {
|
---|
| 645 | test_sha_md_destroy();
|
---|
| 646 | #ifdef TEST_ENG_OPENSSL_RC4
|
---|
| 647 | test_r4_cipher_destroy();
|
---|
| 648 | test_r4_40_cipher_destroy();
|
---|
| 649 | #endif
|
---|
| 650 | return 1;
|
---|
| 651 | }
|
---|
| 652 |
|
---|