1 | /*
|
---|
2 | * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | /* ====================================================================
|
---|
11 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
---|
12 | * ECDH support in OpenSSL originally developed by
|
---|
13 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
---|
14 | */
|
---|
15 |
|
---|
16 | #include <stdio.h>
|
---|
17 | #include <openssl/crypto.h>
|
---|
18 | #include "internal/cryptlib.h"
|
---|
19 | #include <internal/engine.h>
|
---|
20 | #include <openssl/pem.h>
|
---|
21 | #include <openssl/evp.h>
|
---|
22 | #include <openssl/rand.h>
|
---|
23 | #include <openssl/rsa.h>
|
---|
24 | #include <openssl/dsa.h>
|
---|
25 | #include <openssl/dh.h>
|
---|
26 |
|
---|
27 | #include <openssl/hmac.h>
|
---|
28 | #include <openssl/x509v3.h>
|
---|
29 |
|
---|
30 | /*
|
---|
31 | * This testing gunk is implemented (and explained) lower down. It also
|
---|
32 | * assumes the application explicitly calls "ENGINE_load_openssl()" because
|
---|
33 | * this is no longer automatic in ENGINE_load_builtin_engines().
|
---|
34 | */
|
---|
35 | #define TEST_ENG_OPENSSL_RC4
|
---|
36 | #ifndef OPENSSL_NO_STDIO
|
---|
37 | #define TEST_ENG_OPENSSL_PKEY
|
---|
38 | #endif
|
---|
39 | /* #define TEST_ENG_OPENSSL_HMAC */
|
---|
40 | /* #define TEST_ENG_OPENSSL_HMAC_INIT */
|
---|
41 | /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
|
---|
42 | #define TEST_ENG_OPENSSL_RC4_P_INIT
|
---|
43 | /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
|
---|
44 | #define TEST_ENG_OPENSSL_SHA
|
---|
45 | /* #define TEST_ENG_OPENSSL_SHA_OTHERS */
|
---|
46 | /* #define TEST_ENG_OPENSSL_SHA_P_INIT */
|
---|
47 | /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
|
---|
48 | /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
|
---|
49 |
|
---|
50 | /* Now check what of those algorithms are actually enabled */
|
---|
51 | #ifdef OPENSSL_NO_RC4
|
---|
52 | # undef TEST_ENG_OPENSSL_RC4
|
---|
53 | # undef TEST_ENG_OPENSSL_RC4_OTHERS
|
---|
54 | # undef TEST_ENG_OPENSSL_RC4_P_INIT
|
---|
55 | # undef TEST_ENG_OPENSSL_RC4_P_CIPHER
|
---|
56 | #endif
|
---|
57 |
|
---|
58 | static int openssl_destroy(ENGINE *e);
|
---|
59 |
|
---|
60 | #ifdef TEST_ENG_OPENSSL_RC4
|
---|
61 | static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
---|
62 | const int **nids, int nid);
|
---|
63 | #endif
|
---|
64 | #ifdef TEST_ENG_OPENSSL_SHA
|
---|
65 | static int openssl_digests(ENGINE *e, const EVP_MD **digest,
|
---|
66 | const int **nids, int nid);
|
---|
67 | #endif
|
---|
68 |
|
---|
69 | #ifdef TEST_ENG_OPENSSL_PKEY
|
---|
70 | static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
|
---|
71 | UI_METHOD *ui_method,
|
---|
72 | void *callback_data);
|
---|
73 | #endif
|
---|
74 |
|
---|
75 | #ifdef TEST_ENG_OPENSSL_HMAC
|
---|
76 | static int ossl_register_hmac_meth(void);
|
---|
77 | static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
|
---|
78 | const int **nids, int nid);
|
---|
79 | #endif
|
---|
80 |
|
---|
81 | /* The constants used when creating the ENGINE */
|
---|
82 | static const char *engine_openssl_id = "openssl";
|
---|
83 | static const char *engine_openssl_name = "Software engine support";
|
---|
84 |
|
---|
85 | /*
|
---|
86 | * This internal function is used by ENGINE_openssl() and possibly by the
|
---|
87 | * "dynamic" ENGINE support too
|
---|
88 | */
|
---|
89 | static int bind_helper(ENGINE *e)
|
---|
90 | {
|
---|
91 | if (!ENGINE_set_id(e, engine_openssl_id)
|
---|
92 | || !ENGINE_set_name(e, engine_openssl_name)
|
---|
93 | || !ENGINE_set_destroy_function(e, openssl_destroy)
|
---|
94 | #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
|
---|
95 | # ifndef OPENSSL_NO_RSA
|
---|
96 | || !ENGINE_set_RSA(e, RSA_get_default_method())
|
---|
97 | # endif
|
---|
98 | # ifndef OPENSSL_NO_DSA
|
---|
99 | || !ENGINE_set_DSA(e, DSA_get_default_method())
|
---|
100 | # endif
|
---|
101 | # ifndef OPENSSL_NO_EC
|
---|
102 | || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
|
---|
103 | # endif
|
---|
104 | # ifndef OPENSSL_NO_DH
|
---|
105 | || !ENGINE_set_DH(e, DH_get_default_method())
|
---|
106 | # endif
|
---|
107 | || !ENGINE_set_RAND(e, RAND_OpenSSL())
|
---|
108 | # ifdef TEST_ENG_OPENSSL_RC4
|
---|
109 | || !ENGINE_set_ciphers(e, openssl_ciphers)
|
---|
110 | # endif
|
---|
111 | # ifdef TEST_ENG_OPENSSL_SHA
|
---|
112 | || !ENGINE_set_digests(e, openssl_digests)
|
---|
113 | # endif
|
---|
114 | #endif
|
---|
115 | #ifdef TEST_ENG_OPENSSL_PKEY
|
---|
116 | || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
|
---|
117 | #endif
|
---|
118 | #ifdef TEST_ENG_OPENSSL_HMAC
|
---|
119 | || !ossl_register_hmac_meth()
|
---|
120 | || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
|
---|
121 | #endif
|
---|
122 | )
|
---|
123 | return 0;
|
---|
124 | /*
|
---|
125 | * If we add errors to this ENGINE, ensure the error handling is setup
|
---|
126 | * here
|
---|
127 | */
|
---|
128 | /* openssl_load_error_strings(); */
|
---|
129 | return 1;
|
---|
130 | }
|
---|
131 |
|
---|
132 | static ENGINE *engine_openssl(void)
|
---|
133 | {
|
---|
134 | ENGINE *ret = ENGINE_new();
|
---|
135 | if (ret == NULL)
|
---|
136 | return NULL;
|
---|
137 | if (!bind_helper(ret)) {
|
---|
138 | ENGINE_free(ret);
|
---|
139 | return NULL;
|
---|
140 | }
|
---|
141 | return ret;
|
---|
142 | }
|
---|
143 |
|
---|
144 | void engine_load_openssl_int(void)
|
---|
145 | {
|
---|
146 | ENGINE *toadd = engine_openssl();
|
---|
147 | if (!toadd)
|
---|
148 | return;
|
---|
149 | ENGINE_add(toadd);
|
---|
150 | /*
|
---|
151 | * If the "add" worked, it gets a structural reference. So either way, we
|
---|
152 | * release our just-created reference.
|
---|
153 | */
|
---|
154 | ENGINE_free(toadd);
|
---|
155 | ERR_clear_error();
|
---|
156 | }
|
---|
157 |
|
---|
158 | /*
|
---|
159 | * This stuff is needed if this ENGINE is being compiled into a
|
---|
160 | * self-contained shared-library.
|
---|
161 | */
|
---|
162 | #ifdef ENGINE_DYNAMIC_SUPPORT
|
---|
163 | static int bind_fn(ENGINE *e, const char *id)
|
---|
164 | {
|
---|
165 | if (id && (strcmp(id, engine_openssl_id) != 0))
|
---|
166 | return 0;
|
---|
167 | if (!bind_helper(e))
|
---|
168 | return 0;
|
---|
169 | return 1;
|
---|
170 | }
|
---|
171 |
|
---|
172 | IMPLEMENT_DYNAMIC_CHECK_FN()
|
---|
173 | IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
|
---|
174 | #endif /* ENGINE_DYNAMIC_SUPPORT */
|
---|
175 | #ifdef TEST_ENG_OPENSSL_RC4
|
---|
176 | /*-
|
---|
177 | * This section of code compiles an "alternative implementation" of two modes of
|
---|
178 | * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
|
---|
179 | * should under normal circumstances go via this support rather than the default
|
---|
180 | * EVP support. There are other symbols to tweak the testing;
|
---|
181 | * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
|
---|
182 | * we're asked for a cipher we don't support (should not happen).
|
---|
183 | * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
|
---|
184 | * the "init_key" handler is called.
|
---|
185 | * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
|
---|
186 | */
|
---|
187 | # include <openssl/rc4.h>
|
---|
188 | # define TEST_RC4_KEY_SIZE 16
|
---|
189 | typedef struct {
|
---|
190 | unsigned char key[TEST_RC4_KEY_SIZE];
|
---|
191 | RC4_KEY ks;
|
---|
192 | } TEST_RC4_KEY;
|
---|
193 | # define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
|
---|
194 | static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
---|
195 | const unsigned char *iv, int enc)
|
---|
196 | {
|
---|
197 | # ifdef TEST_ENG_OPENSSL_RC4_P_INIT
|
---|
198 | fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
|
---|
199 | # endif
|
---|
200 | memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
|
---|
201 | RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
|
---|
202 | test(ctx)->key);
|
---|
203 | return 1;
|
---|
204 | }
|
---|
205 |
|
---|
206 | static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
---|
207 | const unsigned char *in, size_t inl)
|
---|
208 | {
|
---|
209 | # ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
|
---|
210 | fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
|
---|
211 | # endif
|
---|
212 | RC4(&test(ctx)->ks, inl, in, out);
|
---|
213 | return 1;
|
---|
214 | }
|
---|
215 |
|
---|
216 | static EVP_CIPHER *r4_cipher = NULL;
|
---|
217 | static const EVP_CIPHER *test_r4_cipher(void)
|
---|
218 | {
|
---|
219 | if (r4_cipher == NULL) {
|
---|
220 | EVP_CIPHER *cipher;
|
---|
221 |
|
---|
222 | if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
|
---|
223 | || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
|
---|
224 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
|
---|
225 | || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
|
---|
226 | || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
|
---|
227 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
|
---|
228 | EVP_CIPHER_meth_free(cipher);
|
---|
229 | cipher = NULL;
|
---|
230 | }
|
---|
231 | r4_cipher = cipher;
|
---|
232 | }
|
---|
233 | return r4_cipher;
|
---|
234 | }
|
---|
235 | static void test_r4_cipher_destroy(void)
|
---|
236 | {
|
---|
237 | EVP_CIPHER_meth_free(r4_cipher);
|
---|
238 | r4_cipher = NULL;
|
---|
239 | }
|
---|
240 |
|
---|
241 | static EVP_CIPHER *r4_40_cipher = NULL;
|
---|
242 | static const EVP_CIPHER *test_r4_40_cipher(void)
|
---|
243 | {
|
---|
244 | if (r4_40_cipher == NULL) {
|
---|
245 | EVP_CIPHER *cipher;
|
---|
246 |
|
---|
247 | if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
|
---|
248 | || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
|
---|
249 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
|
---|
250 | || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
|
---|
251 | || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
|
---|
252 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
|
---|
253 | EVP_CIPHER_meth_free(cipher);
|
---|
254 | cipher = NULL;
|
---|
255 | }
|
---|
256 | r4_40_cipher = cipher;
|
---|
257 | }
|
---|
258 | return r4_40_cipher;
|
---|
259 | }
|
---|
260 | static void test_r4_40_cipher_destroy(void)
|
---|
261 | {
|
---|
262 | EVP_CIPHER_meth_free(r4_40_cipher);
|
---|
263 | r4_40_cipher = NULL;
|
---|
264 | }
|
---|
265 | static int test_cipher_nids(const int **nids)
|
---|
266 | {
|
---|
267 | static int cipher_nids[4] = { 0, 0, 0, 0 };
|
---|
268 | static int pos = 0;
|
---|
269 | static int init = 0;
|
---|
270 |
|
---|
271 | if (!init) {
|
---|
272 | const EVP_CIPHER *cipher;
|
---|
273 | if ((cipher = test_r4_cipher()) != NULL)
|
---|
274 | cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
|
---|
275 | if ((cipher = test_r4_40_cipher()) != NULL)
|
---|
276 | cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
|
---|
277 | cipher_nids[pos] = 0;
|
---|
278 | init = 1;
|
---|
279 | }
|
---|
280 | *nids = cipher_nids;
|
---|
281 | return pos;
|
---|
282 | }
|
---|
283 |
|
---|
284 | static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
---|
285 | const int **nids, int nid)
|
---|
286 | {
|
---|
287 | if (!cipher) {
|
---|
288 | /* We are returning a list of supported nids */
|
---|
289 | return test_cipher_nids(nids);
|
---|
290 | }
|
---|
291 | /* We are being asked for a specific cipher */
|
---|
292 | if (nid == NID_rc4)
|
---|
293 | *cipher = test_r4_cipher();
|
---|
294 | else if (nid == NID_rc4_40)
|
---|
295 | *cipher = test_r4_40_cipher();
|
---|
296 | else {
|
---|
297 | # ifdef TEST_ENG_OPENSSL_RC4_OTHERS
|
---|
298 | fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
|
---|
299 | "nid %d\n", nid);
|
---|
300 | # endif
|
---|
301 | *cipher = NULL;
|
---|
302 | return 0;
|
---|
303 | }
|
---|
304 | return 1;
|
---|
305 | }
|
---|
306 | #endif
|
---|
307 |
|
---|
308 | #ifdef TEST_ENG_OPENSSL_SHA
|
---|
309 | /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
|
---|
310 | # include <openssl/sha.h>
|
---|
311 |
|
---|
312 | static int test_sha1_init(EVP_MD_CTX *ctx)
|
---|
313 | {
|
---|
314 | # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
|
---|
315 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
|
---|
316 | # endif
|
---|
317 | return SHA1_Init(EVP_MD_CTX_md_data(ctx));
|
---|
318 | }
|
---|
319 |
|
---|
320 | static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
|
---|
321 | {
|
---|
322 | # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
|
---|
323 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
|
---|
324 | # endif
|
---|
325 | return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
|
---|
326 | }
|
---|
327 |
|
---|
328 | static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
|
---|
329 | {
|
---|
330 | # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
|
---|
331 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
|
---|
332 | # endif
|
---|
333 | return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
|
---|
334 | }
|
---|
335 |
|
---|
336 | static EVP_MD *sha1_md = NULL;
|
---|
337 | static const EVP_MD *test_sha_md(void)
|
---|
338 | {
|
---|
339 | if (sha1_md == NULL) {
|
---|
340 | EVP_MD *md;
|
---|
341 |
|
---|
342 | if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
|
---|
343 | || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
|
---|
344 | || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
|
---|
345 | || !EVP_MD_meth_set_app_datasize(md,
|
---|
346 | sizeof(EVP_MD *) + sizeof(SHA_CTX))
|
---|
347 | || !EVP_MD_meth_set_flags(md, 0)
|
---|
348 | || !EVP_MD_meth_set_init(md, test_sha1_init)
|
---|
349 | || !EVP_MD_meth_set_update(md, test_sha1_update)
|
---|
350 | || !EVP_MD_meth_set_final(md, test_sha1_final)) {
|
---|
351 | EVP_MD_meth_free(md);
|
---|
352 | md = NULL;
|
---|
353 | }
|
---|
354 | sha1_md = md;
|
---|
355 | }
|
---|
356 | return sha1_md;
|
---|
357 | }
|
---|
358 | static void test_sha_md_destroy(void)
|
---|
359 | {
|
---|
360 | EVP_MD_meth_free(sha1_md);
|
---|
361 | sha1_md = NULL;
|
---|
362 | }
|
---|
363 | static int test_digest_nids(const int **nids)
|
---|
364 | {
|
---|
365 | static int digest_nids[2] = { 0, 0 };
|
---|
366 | static int pos = 0;
|
---|
367 | static int init = 0;
|
---|
368 |
|
---|
369 | if (!init) {
|
---|
370 | const EVP_MD *md;
|
---|
371 | if ((md = test_sha_md()) != NULL)
|
---|
372 | digest_nids[pos++] = EVP_MD_type(md);
|
---|
373 | digest_nids[pos] = 0;
|
---|
374 | init = 1;
|
---|
375 | }
|
---|
376 | *nids = digest_nids;
|
---|
377 | return pos;
|
---|
378 | }
|
---|
379 |
|
---|
380 | static int openssl_digests(ENGINE *e, const EVP_MD **digest,
|
---|
381 | const int **nids, int nid)
|
---|
382 | {
|
---|
383 | if (!digest) {
|
---|
384 | /* We are returning a list of supported nids */
|
---|
385 | return test_digest_nids(nids);
|
---|
386 | }
|
---|
387 | /* We are being asked for a specific digest */
|
---|
388 | if (nid == NID_sha1)
|
---|
389 | *digest = test_sha_md();
|
---|
390 | else {
|
---|
391 | # ifdef TEST_ENG_OPENSSL_SHA_OTHERS
|
---|
392 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
|
---|
393 | "nid %d\n", nid);
|
---|
394 | # endif
|
---|
395 | *digest = NULL;
|
---|
396 | return 0;
|
---|
397 | }
|
---|
398 | return 1;
|
---|
399 | }
|
---|
400 | #endif
|
---|
401 |
|
---|
402 | #ifdef TEST_ENG_OPENSSL_PKEY
|
---|
403 | static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
|
---|
404 | UI_METHOD *ui_method,
|
---|
405 | void *callback_data)
|
---|
406 | {
|
---|
407 | BIO *in;
|
---|
408 | EVP_PKEY *key;
|
---|
409 | fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
|
---|
410 | key_id);
|
---|
411 | in = BIO_new_file(key_id, "r");
|
---|
412 | if (!in)
|
---|
413 | return NULL;
|
---|
414 | key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
|
---|
415 | BIO_free(in);
|
---|
416 | return key;
|
---|
417 | }
|
---|
418 | #endif
|
---|
419 |
|
---|
420 | #ifdef TEST_ENG_OPENSSL_HMAC
|
---|
421 |
|
---|
422 | /*
|
---|
423 | * Experimental HMAC redirection implementation: mainly copied from
|
---|
424 | * hm_pmeth.c
|
---|
425 | */
|
---|
426 |
|
---|
427 | /* HMAC pkey context structure */
|
---|
428 |
|
---|
429 | typedef struct {
|
---|
430 | const EVP_MD *md; /* MD for HMAC use */
|
---|
431 | ASN1_OCTET_STRING ktmp; /* Temp storage for key */
|
---|
432 | HMAC_CTX *ctx;
|
---|
433 | } OSSL_HMAC_PKEY_CTX;
|
---|
434 |
|
---|
435 | static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
|
---|
436 | {
|
---|
437 | OSSL_HMAC_PKEY_CTX *hctx;
|
---|
438 |
|
---|
439 | hctx = OPENSSL_zalloc(sizeof(*hctx));
|
---|
440 | if (hctx == NULL)
|
---|
441 | return 0;
|
---|
442 | hctx->ktmp.type = V_ASN1_OCTET_STRING;
|
---|
443 | hctx->ctx = HMAC_CTX_new();
|
---|
444 | if (hctx->ctx == NULL) {
|
---|
445 | OPENSSL_free(hctx);
|
---|
446 | return 0;
|
---|
447 | }
|
---|
448 | EVP_PKEY_CTX_set_data(ctx, hctx);
|
---|
449 | EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
|
---|
450 | # ifdef TEST_ENG_OPENSSL_HMAC_INIT
|
---|
451 | fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
|
---|
452 | # endif
|
---|
453 | return 1;
|
---|
454 | }
|
---|
455 |
|
---|
456 | static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
|
---|
457 |
|
---|
458 | static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
|
---|
459 | {
|
---|
460 | OSSL_HMAC_PKEY_CTX *sctx, *dctx;
|
---|
461 |
|
---|
462 | /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
|
---|
463 | if (!ossl_hmac_init(dst))
|
---|
464 | return 0;
|
---|
465 | sctx = EVP_PKEY_CTX_get_data(src);
|
---|
466 | dctx = EVP_PKEY_CTX_get_data(dst);
|
---|
467 | dctx->md = sctx->md;
|
---|
468 | if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
|
---|
469 | goto err;
|
---|
470 | if (sctx->ktmp.data) {
|
---|
471 | if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
|
---|
472 | sctx->ktmp.data, sctx->ktmp.length))
|
---|
473 | goto err;
|
---|
474 | }
|
---|
475 | return 1;
|
---|
476 | err:
|
---|
477 | /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
|
---|
478 | ossl_hmac_cleanup(dst);
|
---|
479 | return 0;
|
---|
480 | }
|
---|
481 |
|
---|
482 | static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
|
---|
483 | {
|
---|
484 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
485 |
|
---|
486 | if (hctx) {
|
---|
487 | HMAC_CTX_free(hctx->ctx);
|
---|
488 | OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
|
---|
489 | OPENSSL_free(hctx);
|
---|
490 | EVP_PKEY_CTX_set_data(ctx, NULL);
|
---|
491 | }
|
---|
492 | }
|
---|
493 |
|
---|
494 | static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
|
---|
495 | {
|
---|
496 | ASN1_OCTET_STRING *hkey = NULL;
|
---|
497 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
498 | if (!hctx->ktmp.data)
|
---|
499 | return 0;
|
---|
500 | hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
|
---|
501 | if (!hkey)
|
---|
502 | return 0;
|
---|
503 | EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
|
---|
504 |
|
---|
505 | return 1;
|
---|
506 | }
|
---|
507 |
|
---|
508 | static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
|
---|
509 | {
|
---|
510 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
|
---|
511 | if (!HMAC_Update(hctx->ctx, data, count))
|
---|
512 | return 0;
|
---|
513 | return 1;
|
---|
514 | }
|
---|
515 |
|
---|
516 | static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
|
---|
517 | {
|
---|
518 | EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
|
---|
519 | EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
|
---|
520 | return 1;
|
---|
521 | }
|
---|
522 |
|
---|
523 | static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
|
---|
524 | size_t *siglen, EVP_MD_CTX *mctx)
|
---|
525 | {
|
---|
526 | unsigned int hlen;
|
---|
527 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
528 | int l = EVP_MD_CTX_size(mctx);
|
---|
529 |
|
---|
530 | if (l < 0)
|
---|
531 | return 0;
|
---|
532 | *siglen = l;
|
---|
533 | if (!sig)
|
---|
534 | return 1;
|
---|
535 |
|
---|
536 | if (!HMAC_Final(hctx->ctx, sig, &hlen))
|
---|
537 | return 0;
|
---|
538 | *siglen = (size_t)hlen;
|
---|
539 | return 1;
|
---|
540 | }
|
---|
541 |
|
---|
542 | static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
---|
543 | {
|
---|
544 | OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
|
---|
545 | EVP_PKEY *pk;
|
---|
546 | ASN1_OCTET_STRING *key;
|
---|
547 | switch (type) {
|
---|
548 |
|
---|
549 | case EVP_PKEY_CTRL_SET_MAC_KEY:
|
---|
550 | if ((!p2 && p1 > 0) || (p1 < -1))
|
---|
551 | return 0;
|
---|
552 | if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
|
---|
553 | return 0;
|
---|
554 | break;
|
---|
555 |
|
---|
556 | case EVP_PKEY_CTRL_MD:
|
---|
557 | hctx->md = p2;
|
---|
558 | break;
|
---|
559 |
|
---|
560 | case EVP_PKEY_CTRL_DIGESTINIT:
|
---|
561 | pk = EVP_PKEY_CTX_get0_pkey(ctx);
|
---|
562 | key = EVP_PKEY_get0(pk);
|
---|
563 | if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
|
---|
564 | return 0;
|
---|
565 | break;
|
---|
566 |
|
---|
567 | default:
|
---|
568 | return -2;
|
---|
569 |
|
---|
570 | }
|
---|
571 | return 1;
|
---|
572 | }
|
---|
573 |
|
---|
574 | static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
|
---|
575 | const char *type, const char *value)
|
---|
576 | {
|
---|
577 | if (!value) {
|
---|
578 | return 0;
|
---|
579 | }
|
---|
580 | if (strcmp(type, "key") == 0) {
|
---|
581 | void *p = (void *)value;
|
---|
582 | return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
|
---|
583 | }
|
---|
584 | if (strcmp(type, "hexkey") == 0) {
|
---|
585 | unsigned char *key;
|
---|
586 | int r;
|
---|
587 | long keylen;
|
---|
588 | key = OPENSSL_hexstr2buf(value, &keylen);
|
---|
589 | if (!key)
|
---|
590 | return 0;
|
---|
591 | r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
|
---|
592 | OPENSSL_free(key);
|
---|
593 | return r;
|
---|
594 | }
|
---|
595 | return -2;
|
---|
596 | }
|
---|
597 |
|
---|
598 | static EVP_PKEY_METHOD *ossl_hmac_meth;
|
---|
599 |
|
---|
600 | static int ossl_register_hmac_meth(void)
|
---|
601 | {
|
---|
602 | EVP_PKEY_METHOD *meth;
|
---|
603 | meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
|
---|
604 | if (meth == NULL)
|
---|
605 | return 0;
|
---|
606 | EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
|
---|
607 | EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
|
---|
608 | EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
|
---|
609 |
|
---|
610 | EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
|
---|
611 |
|
---|
612 | EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
|
---|
613 | ossl_hmac_signctx);
|
---|
614 |
|
---|
615 | EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
|
---|
616 | ossl_hmac_meth = meth;
|
---|
617 | return 1;
|
---|
618 | }
|
---|
619 |
|
---|
620 | static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
|
---|
621 | const int **nids, int nid)
|
---|
622 | {
|
---|
623 | static int ossl_pkey_nids[] = {
|
---|
624 | EVP_PKEY_HMAC,
|
---|
625 | 0
|
---|
626 | };
|
---|
627 | if (!pmeth) {
|
---|
628 | *nids = ossl_pkey_nids;
|
---|
629 | return 1;
|
---|
630 | }
|
---|
631 |
|
---|
632 | if (nid == EVP_PKEY_HMAC) {
|
---|
633 | *pmeth = ossl_hmac_meth;
|
---|
634 | return 1;
|
---|
635 | }
|
---|
636 |
|
---|
637 | *pmeth = NULL;
|
---|
638 | return 0;
|
---|
639 | }
|
---|
640 |
|
---|
641 | #endif
|
---|
642 |
|
---|
643 | int openssl_destroy(ENGINE *e)
|
---|
644 | {
|
---|
645 | test_sha_md_destroy();
|
---|
646 | #ifdef TEST_ENG_OPENSSL_RC4
|
---|
647 | test_r4_cipher_destroy();
|
---|
648 | test_r4_40_cipher_destroy();
|
---|
649 | #endif
|
---|
650 | return 1;
|
---|
651 | }
|
---|
652 |
|
---|