1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

Upgrade openssl from 1.1.0e to 1.1.1b, with source code. 4.0.78

This commit is contained in:
winlin 2021-03-01 20:47:57 +08:00
parent 8f1c992379
commit 96dbd7bced
1476 changed files with 616554 additions and 4 deletions

View file

@ -0,0 +1,627 @@
#! /usr/bin/env perl
# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# ====================================================================
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
# September 2011
#
# Assembler helpers for Padlock engine. Compared to original engine
# version relying on inline assembler and compiled with gcc 3.4.6 it
# was measured to provide ~100% improvement on misaligned data in ECB
# mode and ~75% in CBC mode. For aligned data improvement can be
# observed for short inputs only, e.g. 45% for 64-byte messages in
# ECB mode, 20% in CBC. Difference in performance for aligned vs.
# misaligned data depends on misalignment and is either ~1.8x or 2.9x.
# These are approximately same factors as for hardware support, so
# there is little reason to rely on the latter. On the contrary, it
# might actually hurt performance in mixture of aligned and misaligned
# buffers, because a) if you choose to flip 'align' flag in control
# word on per-buffer basis, then you'd have to reload key context,
# which incurs penalty; b) if you choose to set 'align' flag
# permanently, it limits performance even for aligned data to ~1/2.
# All above mentioned results were collected on 1.5GHz C7. Nano on the
# other hand handles unaligned data more gracefully. Depending on
# algorithm and how unaligned data is, hardware can be up to 70% more
# efficient than below software alignment procedures, nor does 'align'
# flag have affect on aligned performance [if has any meaning at all].
# Therefore suggestion is to unconditionally set 'align' flag on Nano
# for optimal performance.
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../crypto/perlasm");
require "x86asm.pl";
$output=pop;
open STDOUT,">$output";
&asm_init($ARGV[0]);
%PADLOCK_PREFETCH=(ecb=>128, cbc=>64); # prefetch errata
$PADLOCK_CHUNK=512; # Must be a power of 2 larger than 16
$ctx="edx";
$out="edi";
$inp="esi";
$len="ecx";
$chunk="ebx";
&function_begin_B("padlock_capability");
&push ("ebx");
&pushf ();
&pop ("eax");
&mov ("ecx","eax");
&xor ("eax",1<<21);
&push ("eax");
&popf ();
&pushf ();
&pop ("eax");
&xor ("ecx","eax");
&xor ("eax","eax");
&bt ("ecx",21);
&jnc (&label("noluck"));
&cpuid ();
&xor ("eax","eax");
&cmp ("ebx","0x".unpack("H*",'tneC'));
&jne (&label("zhaoxin"));
&cmp ("edx","0x".unpack("H*",'Hrua'));
&jne (&label("noluck"));
&cmp ("ecx","0x".unpack("H*",'slua'));
&jne (&label("noluck"));
&jmp (&label("zhaoxinEnd"));
&set_label("zhaoxin");
&cmp ("ebx","0x".unpack("H*",'hS '));
&jne (&label("noluck"));
&cmp ("edx","0x".unpack("H*",'hgna'));
&jne (&label("noluck"));
&cmp ("ecx","0x".unpack("H*",' ia'));
&jne (&label("noluck"));
&set_label("zhaoxinEnd");
&mov ("eax",0xC0000000);
&cpuid ();
&mov ("edx","eax");
&xor ("eax","eax");
&cmp ("edx",0xC0000001);
&jb (&label("noluck"));
&mov ("eax",1);
&cpuid ();
&or ("eax",0x0f);
&xor ("ebx","ebx");
&and ("eax",0x0fff);
&cmp ("eax",0x06ff); # check for Nano
&sete ("bl");
&mov ("eax",0xC0000001);
&push ("ebx");
&cpuid ();
&pop ("ebx");
&mov ("eax","edx");
&shl ("ebx",4); # bit#4 denotes Nano
&and ("eax",0xffffffef);
&or ("eax","ebx")
&set_label("noluck");
&pop ("ebx");
&ret ();
&function_end_B("padlock_capability")
&function_begin_B("padlock_key_bswap");
&mov ("edx",&wparam(0));
&mov ("ecx",&DWP(240,"edx"));
&set_label("bswap_loop");
&mov ("eax",&DWP(0,"edx"));
&bswap ("eax");
&mov (&DWP(0,"edx"),"eax");
&lea ("edx",&DWP(4,"edx"));
&sub ("ecx",1);
&jnz (&label("bswap_loop"));
&ret ();
&function_end_B("padlock_key_bswap");
# This is heuristic key context tracing. At first one
# believes that one should use atomic swap instructions,
# but it's not actually necessary. Point is that if
# padlock_saved_context was changed by another thread
# after we've read it and before we compare it with ctx,
# our key *shall* be reloaded upon thread context switch
# and we are therefore set in either case...
&static_label("padlock_saved_context");
&function_begin_B("padlock_verify_context");
&mov ($ctx,&wparam(0));
&lea ("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
&DWP(&label("padlock_saved_context")."-".&label("verify_pic_point")));
&pushf ();
&call ("_padlock_verify_ctx");
&set_label("verify_pic_point");
&lea ("esp",&DWP(4,"esp"));
&ret ();
&function_end_B("padlock_verify_context");
&function_begin_B("_padlock_verify_ctx");
&add ("eax",&DWP(0,"esp")) if(!($::win32 or $::coff));# &padlock_saved_context
&bt (&DWP(4,"esp"),30); # eflags
&jnc (&label("verified"));
&cmp ($ctx,&DWP(0,"eax"));
&je (&label("verified"));
&pushf ();
&popf ();
&set_label("verified");
&mov (&DWP(0,"eax"),$ctx);
&ret ();
&function_end_B("_padlock_verify_ctx");
&function_begin_B("padlock_reload_key");
&pushf ();
&popf ();
&ret ();
&function_end_B("padlock_reload_key");
&function_begin_B("padlock_aes_block");
&push ("edi");
&push ("esi");
&push ("ebx");
&mov ($out,&wparam(0)); # must be 16-byte aligned
&mov ($inp,&wparam(1)); # must be 16-byte aligned
&mov ($ctx,&wparam(2));
&mov ($len,1);
&lea ("ebx",&DWP(32,$ctx)); # key
&lea ($ctx,&DWP(16,$ctx)); # control word
&data_byte(0xf3,0x0f,0xa7,0xc8); # rep xcryptecb
&pop ("ebx");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_aes_block");
sub generate_mode {
my ($mode,$opcode) = @_;
# int padlock_$mode_encrypt(void *out, const void *inp,
# struct padlock_cipher_data *ctx, size_t len);
&function_begin("padlock_${mode}_encrypt");
&mov ($out,&wparam(0));
&mov ($inp,&wparam(1));
&mov ($ctx,&wparam(2));
&mov ($len,&wparam(3));
&test ($ctx,15);
&jnz (&label("${mode}_abort"));
&test ($len,15);
&jnz (&label("${mode}_abort"));
&lea ("eax",($::win32 or $::coff) ? &DWP(&label("padlock_saved_context")) :
&DWP(&label("padlock_saved_context")."-".&label("${mode}_pic_point")));
&pushf ();
&cld ();
&call ("_padlock_verify_ctx");
&set_label("${mode}_pic_point");
&lea ($ctx,&DWP(16,$ctx)); # control word
&xor ("eax","eax");
if ($mode eq "ctr32") {
&movq ("mm0",&QWP(-16,$ctx)); # load [upper part of] counter
} else {
&xor ("ebx","ebx");
&test (&DWP(0,$ctx),1<<5); # align bit in control word
&jnz (&label("${mode}_aligned"));
&test ($out,0x0f);
&setz ("al"); # !out_misaligned
&test ($inp,0x0f);
&setz ("bl"); # !inp_misaligned
&test ("eax","ebx");
&jnz (&label("${mode}_aligned"));
&neg ("eax");
}
&mov ($chunk,$PADLOCK_CHUNK);
&not ("eax"); # out_misaligned?-1:0
&lea ("ebp",&DWP(-24,"esp"));
&cmp ($len,$chunk);
&cmovc ($chunk,$len); # chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
&and ("eax",$chunk); # out_misaligned?chunk:0
&mov ($chunk,$len);
&neg ("eax");
&and ($chunk,$PADLOCK_CHUNK-1); # chunk=len%PADLOCK_CHUNK
&lea ("esp",&DWP(0,"eax","ebp")); # alloca
&mov ("eax",$PADLOCK_CHUNK);
&cmovz ($chunk,"eax"); # chunk=chunk?:PADLOCK_CHUNK
&mov ("eax","ebp");
&and ("ebp",-16);
&and ("esp",-16);
&mov (&DWP(16,"ebp"),"eax");
if ($PADLOCK_PREFETCH{$mode}) {
&cmp ($len,$chunk);
&ja (&label("${mode}_loop"));
&mov ("eax",$inp); # check if prefetch crosses page
&cmp ("ebp","esp");
&cmove ("eax",$out);
&add ("eax",$len);
&neg ("eax");
&and ("eax",0xfff); # distance to page boundary
&cmp ("eax",$PADLOCK_PREFETCH{$mode});
&mov ("eax",-$PADLOCK_PREFETCH{$mode});
&cmovae ("eax",$chunk); # mask=distance<prefetch?-prefetch:-1
&and ($chunk,"eax");
&jz (&label("${mode}_unaligned_tail"));
}
&jmp (&label("${mode}_loop"));
&set_label("${mode}_loop",16);
&mov (&DWP(0,"ebp"),$out); # save parameters
&mov (&DWP(4,"ebp"),$inp);
&mov (&DWP(8,"ebp"),$len);
&mov ($len,$chunk);
&mov (&DWP(12,"ebp"),$chunk); # chunk
if ($mode eq "ctr32") {
&mov ("ecx",&DWP(-4,$ctx));
&xor ($out,$out);
&mov ("eax",&DWP(-8,$ctx)); # borrow $len
&set_label("${mode}_prepare");
&mov (&DWP(12,"esp",$out),"ecx");
&bswap ("ecx");
&movq (&QWP(0,"esp",$out),"mm0");
&inc ("ecx");
&mov (&DWP(8,"esp",$out),"eax");
&bswap ("ecx");
&lea ($out,&DWP(16,$out));
&cmp ($out,$chunk);
&jb (&label("${mode}_prepare"));
&mov (&DWP(-4,$ctx),"ecx");
&lea ($inp,&DWP(0,"esp"));
&lea ($out,&DWP(0,"esp"));
&mov ($len,$chunk);
} else {
&test ($out,0x0f); # out_misaligned
&cmovnz ($out,"esp");
&test ($inp,0x0f); # inp_misaligned
&jz (&label("${mode}_inp_aligned"));
&shr ($len,2);
&data_byte(0xf3,0xa5); # rep movsl
&sub ($out,$chunk);
&mov ($len,$chunk);
&mov ($inp,$out);
&set_label("${mode}_inp_aligned");
}
&lea ("eax",&DWP(-16,$ctx)); # ivp
&lea ("ebx",&DWP(16,$ctx)); # key
&shr ($len,4); # len/=AES_BLOCK_SIZE
&data_byte(0xf3,0x0f,0xa7,$opcode); # rep xcrypt*
if ($mode !~ /ecb|ctr/) {
&movaps ("xmm0",&QWP(0,"eax"));
&movaps (&QWP(-16,$ctx),"xmm0"); # copy [or refresh] iv
}
&mov ($out,&DWP(0,"ebp")); # restore parameters
&mov ($chunk,&DWP(12,"ebp"));
if ($mode eq "ctr32") {
&mov ($inp,&DWP(4,"ebp"));
&xor ($len,$len);
&set_label("${mode}_xor");
&movups ("xmm1",&QWP(0,$inp,$len));
&lea ($len,&DWP(16,$len));
&pxor ("xmm1",&QWP(-16,"esp",$len));
&movups (&QWP(-16,$out,$len),"xmm1");
&cmp ($len,$chunk);
&jb (&label("${mode}_xor"));
} else {
&test ($out,0x0f);
&jz (&label("${mode}_out_aligned"));
&mov ($len,$chunk);
&lea ($inp,&DWP(0,"esp"));
&shr ($len,2);
&data_byte(0xf3,0xa5); # rep movsl
&sub ($out,$chunk);
&set_label("${mode}_out_aligned");
&mov ($inp,&DWP(4,"ebp"));
}
&mov ($len,&DWP(8,"ebp"));
&add ($out,$chunk);
&add ($inp,$chunk);
&sub ($len,$chunk);
&mov ($chunk,$PADLOCK_CHUNK);
if (!$PADLOCK_PREFETCH{$mode}) {
&jnz (&label("${mode}_loop"));
} else {
&jz (&label("${mode}_break"));
&cmp ($len,$chunk);
&jae (&label("${mode}_loop"));
&set_label("${mode}_unaligned_tail");
&xor ("eax","eax");
&cmp ("esp","ebp");
&cmove ("eax",$len);
&sub ("esp","eax"); # alloca
&mov ("eax", $out); # save parameters
&mov ($chunk,$len);
&shr ($len,2);
&lea ($out,&DWP(0,"esp"));
&data_byte(0xf3,0xa5); # rep movsl
&mov ($inp,"esp");
&mov ($out,"eax"); # restore parameters
&mov ($len,$chunk);
&jmp (&label("${mode}_loop"));
&set_label("${mode}_break",16);
}
if ($mode ne "ctr32") {
&cmp ("esp","ebp");
&je (&label("${mode}_done"));
}
&pxor ("xmm0","xmm0");
&lea ("eax",&DWP(0,"esp"));
&set_label("${mode}_bzero");
&movaps (&QWP(0,"eax"),"xmm0");
&lea ("eax",&DWP(16,"eax"));
&cmp ("ebp","eax");
&ja (&label("${mode}_bzero"));
&set_label("${mode}_done");
&mov ("ebp",&DWP(16,"ebp"));
&lea ("esp",&DWP(24,"ebp"));
if ($mode ne "ctr32") {
&jmp (&label("${mode}_exit"));
&set_label("${mode}_aligned",16);
if ($PADLOCK_PREFETCH{$mode}) {
&lea ("ebp",&DWP(0,$inp,$len));
&neg ("ebp");
&and ("ebp",0xfff); # distance to page boundary
&xor ("eax","eax");
&cmp ("ebp",$PADLOCK_PREFETCH{$mode});
&mov ("ebp",$PADLOCK_PREFETCH{$mode}-1);
&cmovae ("ebp","eax");
&and ("ebp",$len); # remainder
&sub ($len,"ebp");
&jz (&label("${mode}_aligned_tail"));
}
&lea ("eax",&DWP(-16,$ctx)); # ivp
&lea ("ebx",&DWP(16,$ctx)); # key
&shr ($len,4); # len/=AES_BLOCK_SIZE
&data_byte(0xf3,0x0f,0xa7,$opcode); # rep xcrypt*
if ($mode ne "ecb") {
&movaps ("xmm0",&QWP(0,"eax"));
&movaps (&QWP(-16,$ctx),"xmm0"); # copy [or refresh] iv
}
if ($PADLOCK_PREFETCH{$mode}) {
&test ("ebp","ebp");
&jz (&label("${mode}_exit"));
&set_label("${mode}_aligned_tail");
&mov ($len,"ebp");
&lea ("ebp",&DWP(-24,"esp"));
&mov ("esp","ebp");
&mov ("eax","ebp");
&sub ("esp",$len);
&and ("ebp",-16);
&and ("esp",-16);
&mov (&DWP(16,"ebp"),"eax");
&mov ("eax", $out); # save parameters
&mov ($chunk,$len);
&shr ($len,2);
&lea ($out,&DWP(0,"esp"));
&data_byte(0xf3,0xa5); # rep movsl
&mov ($inp,"esp");
&mov ($out,"eax"); # restore parameters
&mov ($len,$chunk);
&jmp (&label("${mode}_loop"));
}
&set_label("${mode}_exit"); }
&mov ("eax",1);
&lea ("esp",&DWP(4,"esp")); # popf
&emms () if ($mode eq "ctr32");
&set_label("${mode}_abort");
&function_end("padlock_${mode}_encrypt");
}
&generate_mode("ecb",0xc8);
&generate_mode("cbc",0xd0);
&generate_mode("cfb",0xe0);
&generate_mode("ofb",0xe8);
&generate_mode("ctr32",0xc8); # yes, it implements own CTR with ECB opcode,
# because hardware CTR was introduced later
# and even has errata on certain C7 stepping.
# own implementation *always* works, though
# ~15% slower than dedicated hardware...
&function_begin_B("padlock_xstore");
&push ("edi");
&mov ("edi",&wparam(0));
&mov ("edx",&wparam(1));
&data_byte(0x0f,0xa7,0xc0); # xstore
&pop ("edi");
&ret ();
&function_end_B("padlock_xstore");
&function_begin_B("_win32_segv_handler");
&mov ("eax",1); # ExceptionContinueSearch
&mov ("edx",&wparam(0)); # *ExceptionRecord
&mov ("ecx",&wparam(2)); # *ContextRecord
&cmp (&DWP(0,"edx"),0xC0000005) # ExceptionRecord->ExceptionCode == STATUS_ACCESS_VIOLATION
&jne (&label("ret"));
&add (&DWP(184,"ecx"),4); # skip over rep sha*
&mov ("eax",0); # ExceptionContinueExecution
&set_label("ret");
&ret ();
&function_end_B("_win32_segv_handler");
&safeseh("_win32_segv_handler") if ($::win32);
&function_begin_B("padlock_sha1_oneshot");
&push ("edi");
&push ("esi");
&xor ("eax","eax");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
if ($::win32 or $::coff) {
&push (&::islabel("_win32_segv_handler"));
&data_byte(0x64,0xff,0x30); # push %fs:(%eax)
&data_byte(0x64,0x89,0x20); # mov %esp,%fs:(%eax)
}
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128); # 32 is enough but spec says 128
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&mov ("eax",&DWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&mov (&DWP(16,"esp"),"eax");
&xor ("eax","eax");
&data_byte(0xf3,0x0f,0xa6,0xc8); # rep xsha1
&movaps ("xmm0",&QWP(0,"esp"));
&mov ("eax",&DWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
if ($::win32 or $::coff) {
&data_byte(0x64,0x8f,0x05,0,0,0,0); # pop %fs:0
&lea ("esp",&DWP(4,"esp"));
}
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&mov (&DWP(16,"edi"),"eax");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha1_oneshot");
&function_begin_B("padlock_sha1_blocks");
&push ("edi");
&push ("esi");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("edx","esp"); # put aside %esp
&mov ("ecx",&wparam(2));
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&mov ("eax",&DWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&mov (&DWP(16,"esp"),"eax");
&mov ("eax",-1);
&data_byte(0xf3,0x0f,0xa6,0xc8); # rep xsha1
&movaps ("xmm0",&QWP(0,"esp"));
&mov ("eax",&DWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&mov (&DWP(16,"edi"),"eax");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha1_blocks");
&function_begin_B("padlock_sha256_oneshot");
&push ("edi");
&push ("esi");
&xor ("eax","eax");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
if ($::win32 or $::coff) {
&push (&::islabel("_win32_segv_handler"));
&data_byte(0x64,0xff,0x30); # push %fs:(%eax)
&data_byte(0x64,0x89,0x20); # mov %esp,%fs:(%eax)
}
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&movups ("xmm1",&QWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&movaps (&QWP(16,"esp"),"xmm1");
&xor ("eax","eax");
&data_byte(0xf3,0x0f,0xa6,0xd0); # rep xsha256
&movaps ("xmm0",&QWP(0,"esp"));
&movaps ("xmm1",&QWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
if ($::win32 or $::coff) {
&data_byte(0x64,0x8f,0x05,0,0,0,0); # pop %fs:0
&lea ("esp",&DWP(4,"esp"));
}
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&movups (&QWP(16,"edi"),"xmm1");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha256_oneshot");
&function_begin_B("padlock_sha256_blocks");
&push ("edi");
&push ("esi");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&movups ("xmm1",&QWP(16,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&movaps (&QWP(16,"esp"),"xmm1");
&mov ("eax",-1);
&data_byte(0xf3,0x0f,0xa6,0xd0); # rep xsha256
&movaps ("xmm0",&QWP(0,"esp"));
&movaps ("xmm1",&QWP(16,"esp"));
&mov ("esp","edx"); # restore %esp
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&movups (&QWP(16,"edi"),"xmm1");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha256_blocks");
&function_begin_B("padlock_sha512_blocks");
&push ("edi");
&push ("esi");
&mov ("edi",&wparam(0));
&mov ("esi",&wparam(1));
&mov ("ecx",&wparam(2));
&mov ("edx","esp"); # put aside %esp
&add ("esp",-128);
&movups ("xmm0",&QWP(0,"edi")); # copy-in context
&and ("esp",-16);
&movups ("xmm1",&QWP(16,"edi"));
&movups ("xmm2",&QWP(32,"edi"));
&movups ("xmm3",&QWP(48,"edi"));
&movaps (&QWP(0,"esp"),"xmm0");
&mov ("edi","esp");
&movaps (&QWP(16,"esp"),"xmm1");
&movaps (&QWP(32,"esp"),"xmm2");
&movaps (&QWP(48,"esp"),"xmm3");
&data_byte(0xf3,0x0f,0xa6,0xe0); # rep xsha512
&movaps ("xmm0",&QWP(0,"esp"));
&movaps ("xmm1",&QWP(16,"esp"));
&movaps ("xmm2",&QWP(32,"esp"));
&movaps ("xmm3",&QWP(48,"esp"));
&mov ("esp","edx"); # restore %esp
&mov ("edi",&wparam(0));
&movups (&QWP(0,"edi"),"xmm0"); # copy-out context
&movups (&QWP(16,"edi"),"xmm1");
&movups (&QWP(32,"edi"),"xmm2");
&movups (&QWP(48,"edi"),"xmm3");
&pop ("esi");
&pop ("edi");
&ret ();
&function_end_B("padlock_sha512_blocks");
&asciz ("VIA Padlock x86 module, CRYPTOGAMS by <appro\@openssl.org>");
&align (16);
&dataseg();
# Essentially this variable belongs in thread local storage.
# Having this variable global on the other hand can only cause
# few bogus key reloads [if any at all on signle-CPU system],
# so we accept the penalty...
&set_label("padlock_saved_context",4);
&data_word(0);
&asm_finish();
close STDOUT;

View file

@ -0,0 +1,583 @@
#! /usr/bin/env perl
# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# ====================================================================
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
# September 2011
#
# Assembler helpers for Padlock engine. See even e_padlock-x86.pl for
# details.
$flavour = shift;
$output = shift;
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$code=".text\n";
%PADLOCK_PREFETCH=(ecb=>128, cbc=>64, ctr32=>32); # prefetch errata
$PADLOCK_CHUNK=512; # Must be a power of 2 between 32 and 2^20
$ctx="%rdx";
$out="%rdi";
$inp="%rsi";
$len="%rcx";
$chunk="%rbx";
($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
("%rdi","%rsi","%rdx","%rcx"); # Unix order
$code.=<<___;
.globl padlock_capability
.type padlock_capability,\@abi-omnipotent
.align 16
padlock_capability:
mov %rbx,%r8
xor %eax,%eax
cpuid
xor %eax,%eax
cmp \$`"0x".unpack("H*",'tneC')`,%ebx
jne .Lzhaoxin
cmp \$`"0x".unpack("H*",'Hrua')`,%edx
jne .Lnoluck
cmp \$`"0x".unpack("H*",'slua')`,%ecx
jne .Lnoluck
jmp .LzhaoxinEnd
.Lzhaoxin:
cmp \$`"0x".unpack("H*",'hS ')`,%ebx
jne .Lnoluck
cmp \$`"0x".unpack("H*",'hgna')`,%edx
jne .Lnoluck
cmp \$`"0x".unpack("H*",' ia')`,%ecx
jne .Lnoluck
.LzhaoxinEnd:
mov \$0xC0000000,%eax
cpuid
mov %eax,%edx
xor %eax,%eax
cmp \$0xC0000001,%edx
jb .Lnoluck
mov \$0xC0000001,%eax
cpuid
mov %edx,%eax
and \$0xffffffef,%eax
or \$0x10,%eax # set Nano bit#4
.Lnoluck:
mov %r8,%rbx
ret
.size padlock_capability,.-padlock_capability
.globl padlock_key_bswap
.type padlock_key_bswap,\@abi-omnipotent,0
.align 16
padlock_key_bswap:
mov 240($arg1),%edx
.Lbswap_loop:
mov ($arg1),%eax
bswap %eax
mov %eax,($arg1)
lea 4($arg1),$arg1
sub \$1,%edx
jnz .Lbswap_loop
ret
.size padlock_key_bswap,.-padlock_key_bswap
.globl padlock_verify_context
.type padlock_verify_context,\@abi-omnipotent
.align 16
padlock_verify_context:
mov $arg1,$ctx
pushf
lea .Lpadlock_saved_context(%rip),%rax
call _padlock_verify_ctx
lea 8(%rsp),%rsp
ret
.size padlock_verify_context,.-padlock_verify_context
.type _padlock_verify_ctx,\@abi-omnipotent
.align 16
_padlock_verify_ctx:
mov 8(%rsp),%r8
bt \$30,%r8
jnc .Lverified
cmp (%rax),$ctx
je .Lverified
pushf
popf
.Lverified:
mov $ctx,(%rax)
ret
.size _padlock_verify_ctx,.-_padlock_verify_ctx
.globl padlock_reload_key
.type padlock_reload_key,\@abi-omnipotent
.align 16
padlock_reload_key:
pushf
popf
ret
.size padlock_reload_key,.-padlock_reload_key
.globl padlock_aes_block
.type padlock_aes_block,\@function,3
.align 16
padlock_aes_block:
mov %rbx,%r8
mov \$1,$len
lea 32($ctx),%rbx # key
lea 16($ctx),$ctx # control word
.byte 0xf3,0x0f,0xa7,0xc8 # rep xcryptecb
mov %r8,%rbx
ret
.size padlock_aes_block,.-padlock_aes_block
.globl padlock_xstore
.type padlock_xstore,\@function,2
.align 16
padlock_xstore:
mov %esi,%edx
.byte 0x0f,0xa7,0xc0 # xstore
ret
.size padlock_xstore,.-padlock_xstore
.globl padlock_sha1_oneshot
.type padlock_sha1_oneshot,\@function,3
.align 16
padlock_sha1_oneshot:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
mov 16(%rdi),%eax
movaps %xmm0,(%rsp)
mov %rsp,%rdi
mov %eax,16(%rsp)
xor %rax,%rax
.byte 0xf3,0x0f,0xa6,0xc8 # rep xsha1
movaps (%rsp),%xmm0
mov 16(%rsp),%eax
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
mov %eax,16(%rdx)
ret
.size padlock_sha1_oneshot,.-padlock_sha1_oneshot
.globl padlock_sha1_blocks
.type padlock_sha1_blocks,\@function,3
.align 16
padlock_sha1_blocks:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
mov 16(%rdi),%eax
movaps %xmm0,(%rsp)
mov %rsp,%rdi
mov %eax,16(%rsp)
mov \$-1,%rax
.byte 0xf3,0x0f,0xa6,0xc8 # rep xsha1
movaps (%rsp),%xmm0
mov 16(%rsp),%eax
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
mov %eax,16(%rdx)
ret
.size padlock_sha1_blocks,.-padlock_sha1_blocks
.globl padlock_sha256_oneshot
.type padlock_sha256_oneshot,\@function,3
.align 16
padlock_sha256_oneshot:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
movups 16(%rdi),%xmm1
movaps %xmm0,(%rsp)
mov %rsp,%rdi
movaps %xmm1,16(%rsp)
xor %rax,%rax
.byte 0xf3,0x0f,0xa6,0xd0 # rep xsha256
movaps (%rsp),%xmm0
movaps 16(%rsp),%xmm1
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
movups %xmm1,16(%rdx)
ret
.size padlock_sha256_oneshot,.-padlock_sha256_oneshot
.globl padlock_sha256_blocks
.type padlock_sha256_blocks,\@function,3
.align 16
padlock_sha256_blocks:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
movups 16(%rdi),%xmm1
movaps %xmm0,(%rsp)
mov %rsp,%rdi
movaps %xmm1,16(%rsp)
mov \$-1,%rax
.byte 0xf3,0x0f,0xa6,0xd0 # rep xsha256
movaps (%rsp),%xmm0
movaps 16(%rsp),%xmm1
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
movups %xmm1,16(%rdx)
ret
.size padlock_sha256_blocks,.-padlock_sha256_blocks
.globl padlock_sha512_blocks
.type padlock_sha512_blocks,\@function,3
.align 16
padlock_sha512_blocks:
mov %rdx,%rcx
mov %rdi,%rdx # put aside %rdi
movups (%rdi),%xmm0 # copy-in context
sub \$128+8,%rsp
movups 16(%rdi),%xmm1
movups 32(%rdi),%xmm2
movups 48(%rdi),%xmm3
movaps %xmm0,(%rsp)
mov %rsp,%rdi
movaps %xmm1,16(%rsp)
movaps %xmm2,32(%rsp)
movaps %xmm3,48(%rsp)
.byte 0xf3,0x0f,0xa6,0xe0 # rep xha512
movaps (%rsp),%xmm0
movaps 16(%rsp),%xmm1
movaps 32(%rsp),%xmm2
movaps 48(%rsp),%xmm3
add \$128+8,%rsp
movups %xmm0,(%rdx) # copy-out context
movups %xmm1,16(%rdx)
movups %xmm2,32(%rdx)
movups %xmm3,48(%rdx)
ret
.size padlock_sha512_blocks,.-padlock_sha512_blocks
___
sub generate_mode {
my ($mode,$opcode) = @_;
# int padlock_$mode_encrypt(void *out, const void *inp,
# struct padlock_cipher_data *ctx, size_t len);
$code.=<<___;
.globl padlock_${mode}_encrypt
.type padlock_${mode}_encrypt,\@function,4
.align 16
padlock_${mode}_encrypt:
push %rbp
push %rbx
xor %eax,%eax
test \$15,$ctx
jnz .L${mode}_abort
test \$15,$len
jnz .L${mode}_abort
lea .Lpadlock_saved_context(%rip),%rax
pushf
cld
call _padlock_verify_ctx
lea 16($ctx),$ctx # control word
xor %eax,%eax
xor %ebx,%ebx
testl \$`1<<5`,($ctx) # align bit in control word
jnz .L${mode}_aligned
test \$0x0f,$out
setz %al # !out_misaligned
test \$0x0f,$inp
setz %bl # !inp_misaligned
test %ebx,%eax
jnz .L${mode}_aligned
neg %rax
mov \$$PADLOCK_CHUNK,$chunk
not %rax # out_misaligned?-1:0
lea (%rsp),%rbp
cmp $chunk,$len
cmovc $len,$chunk # chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
and $chunk,%rax # out_misaligned?chunk:0
mov $len,$chunk
neg %rax
and \$$PADLOCK_CHUNK-1,$chunk # chunk%=PADLOCK_CHUNK
lea (%rax,%rbp),%rsp
mov \$$PADLOCK_CHUNK,%rax
cmovz %rax,$chunk # chunk=chunk?:PADLOCK_CHUNK
___
$code.=<<___ if ($mode eq "ctr32");
.L${mode}_reenter:
mov -4($ctx),%eax # pull 32-bit counter
bswap %eax
neg %eax
and \$`$PADLOCK_CHUNK/16-1`,%eax
mov \$$PADLOCK_CHUNK,$chunk
shl \$4,%eax
cmovz $chunk,%rax
cmp %rax,$len
cmova %rax,$chunk # don't let counter cross PADLOCK_CHUNK
cmovbe $len,$chunk
___
$code.=<<___ if ($PADLOCK_PREFETCH{$mode});
cmp $chunk,$len
ja .L${mode}_loop
mov $inp,%rax # check if prefetch crosses page
cmp %rsp,%rbp
cmove $out,%rax
add $len,%rax
neg %rax
and \$0xfff,%rax # distance to page boundary
cmp \$$PADLOCK_PREFETCH{$mode},%rax
mov \$-$PADLOCK_PREFETCH{$mode},%rax
cmovae $chunk,%rax # mask=distance<prefetch?-prefetch:-1
and %rax,$chunk
jz .L${mode}_unaligned_tail
___
$code.=<<___;
jmp .L${mode}_loop
.align 16
.L${mode}_loop:
cmp $len,$chunk # ctr32 artefact
cmova $len,$chunk # ctr32 artefact
mov $out,%r8 # save parameters
mov $inp,%r9
mov $len,%r10
mov $chunk,$len
mov $chunk,%r11
test \$0x0f,$out # out_misaligned
cmovnz %rsp,$out
test \$0x0f,$inp # inp_misaligned
jz .L${mode}_inp_aligned
shr \$3,$len
.byte 0xf3,0x48,0xa5 # rep movsq
sub $chunk,$out
mov $chunk,$len
mov $out,$inp
.L${mode}_inp_aligned:
lea -16($ctx),%rax # ivp
lea 16($ctx),%rbx # key
shr \$4,$len
.byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
___
$code.=<<___ if ($mode !~ /ecb|ctr/);
movdqa (%rax),%xmm0
movdqa %xmm0,-16($ctx) # copy [or refresh] iv
___
$code.=<<___ if ($mode eq "ctr32");
mov -4($ctx),%eax # pull 32-bit counter
test \$0xffff0000,%eax
jnz .L${mode}_no_carry
bswap %eax
add \$0x10000,%eax
bswap %eax
mov %eax,-4($ctx)
.L${mode}_no_carry:
___
$code.=<<___;
mov %r8,$out # restore parameters
mov %r11,$chunk
test \$0x0f,$out
jz .L${mode}_out_aligned
mov $chunk,$len
lea (%rsp),$inp
shr \$3,$len
.byte 0xf3,0x48,0xa5 # rep movsq
sub $chunk,$out
.L${mode}_out_aligned:
mov %r9,$inp
mov %r10,$len
add $chunk,$out
add $chunk,$inp
sub $chunk,$len
mov \$$PADLOCK_CHUNK,$chunk
___
if (!$PADLOCK_PREFETCH{$mode}) {
$code.=<<___;
jnz .L${mode}_loop
___
} else {
$code.=<<___;
jz .L${mode}_break
cmp $chunk,$len
jae .L${mode}_loop
___
$code.=<<___ if ($mode eq "ctr32");
mov $len,$chunk
mov $inp,%rax # check if prefetch crosses page
cmp %rsp,%rbp
cmove $out,%rax
add $len,%rax
neg %rax
and \$0xfff,%rax # distance to page boundary
cmp \$$PADLOCK_PREFETCH{$mode},%rax
mov \$-$PADLOCK_PREFETCH{$mode},%rax
cmovae $chunk,%rax
and %rax,$chunk
jnz .L${mode}_loop
___
$code.=<<___;
.L${mode}_unaligned_tail:
xor %eax,%eax
cmp %rsp,%rbp
cmove $len,%rax
mov $out,%r8 # save parameters
mov $len,$chunk
sub %rax,%rsp # alloca
shr \$3,$len
lea (%rsp),$out
.byte 0xf3,0x48,0xa5 # rep movsq
mov %rsp,$inp
mov %r8, $out # restore parameters
mov $chunk,$len
jmp .L${mode}_loop
.align 16
.L${mode}_break:
___
}
$code.=<<___;
cmp %rbp,%rsp
je .L${mode}_done
pxor %xmm0,%xmm0
lea (%rsp),%rax
.L${mode}_bzero:
movaps %xmm0,(%rax)
lea 16(%rax),%rax
cmp %rax,%rbp
ja .L${mode}_bzero
.L${mode}_done:
lea (%rbp),%rsp
jmp .L${mode}_exit
.align 16
.L${mode}_aligned:
___
$code.=<<___ if ($mode eq "ctr32");
mov -4($ctx),%eax # pull 32-bit counter
bswap %eax
neg %eax
and \$0xffff,%eax
mov \$`16*0x10000`,$chunk
shl \$4,%eax
cmovz $chunk,%rax
cmp %rax,$len
cmova %rax,$chunk # don't let counter cross 2^16
cmovbe $len,$chunk
jbe .L${mode}_aligned_skip
.L${mode}_aligned_loop:
mov $len,%r10 # save parameters
mov $chunk,$len
mov $chunk,%r11
lea -16($ctx),%rax # ivp
lea 16($ctx),%rbx # key
shr \$4,$len # len/=AES_BLOCK_SIZE
.byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
mov -4($ctx),%eax # pull 32-bit counter
bswap %eax
add \$0x10000,%eax
bswap %eax
mov %eax,-4($ctx)
mov %r10,$len # restore parameters
sub %r11,$len
mov \$`16*0x10000`,$chunk
jz .L${mode}_exit
cmp $chunk,$len
jae .L${mode}_aligned_loop
.L${mode}_aligned_skip:
___
$code.=<<___ if ($PADLOCK_PREFETCH{$mode});
lea ($inp,$len),%rbp
neg %rbp
and \$0xfff,%rbp # distance to page boundary
xor %eax,%eax
cmp \$$PADLOCK_PREFETCH{$mode},%rbp
mov \$$PADLOCK_PREFETCH{$mode}-1,%rbp
cmovae %rax,%rbp
and $len,%rbp # remainder
sub %rbp,$len
jz .L${mode}_aligned_tail
___
$code.=<<___;
lea -16($ctx),%rax # ivp
lea 16($ctx),%rbx # key
shr \$4,$len # len/=AES_BLOCK_SIZE
.byte 0xf3,0x0f,0xa7,$opcode # rep xcrypt*
___
$code.=<<___ if ($mode !~ /ecb|ctr/);
movdqa (%rax),%xmm0
movdqa %xmm0,-16($ctx) # copy [or refresh] iv
___
$code.=<<___ if ($PADLOCK_PREFETCH{$mode});
test %rbp,%rbp # check remainder
jz .L${mode}_exit
.L${mode}_aligned_tail:
mov $out,%r8
mov %rbp,$chunk
mov %rbp,$len
lea (%rsp),%rbp
sub $len,%rsp
shr \$3,$len
lea (%rsp),$out
.byte 0xf3,0x48,0xa5 # rep movsq
lea (%r8),$out
lea (%rsp),$inp
mov $chunk,$len
jmp .L${mode}_loop
___
$code.=<<___;
.L${mode}_exit:
mov \$1,%eax
lea 8(%rsp),%rsp
.L${mode}_abort:
pop %rbx
pop %rbp
ret
.size padlock_${mode}_encrypt,.-padlock_${mode}_encrypt
___
}
&generate_mode("ecb",0xc8);
&generate_mode("cbc",0xd0);
&generate_mode("cfb",0xe0);
&generate_mode("ofb",0xe8);
&generate_mode("ctr32",0xd8); # all 64-bit CPUs have working CTR...
$code.=<<___;
.asciz "VIA Padlock x86_64 module, CRYPTOGAMS by <appro\@openssl.org>"
.align 16
.data
.align 8
.Lpadlock_saved_context:
.quad 0
___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code;
close STDOUT;

View file

@ -0,0 +1,43 @@
IF[{- !$disabled{"engine"} -}]
IF[{- $disabled{"dynamic-engine"} -}]
LIBS=../libcrypto
SOURCE[../libcrypto]=\
e_padlock.c {- $target{padlock_asm_src} -}
IF[{- !$disabled{capieng} -}]
SOURCE[../libcrypto]=e_capi.c
ENDIF
IF[{- !$disabled{afalgeng} -}]
SOURCE[../libcrypto]=e_afalg.c
ENDIF
ELSE
ENGINES=padlock
SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
DEPEND[padlock]=../libcrypto
INCLUDE[padlock]=../include
IF[{- !$disabled{capieng} -}]
ENGINES=capi
SOURCE[capi]=e_capi.c
DEPEND[capi]=../libcrypto
INCLUDE[capi]=../include
ENDIF
IF[{- !$disabled{afalgeng} -}]
ENGINES=afalg
SOURCE[afalg]=e_afalg.c
DEPEND[afalg]=../libcrypto
INCLUDE[afalg]= ../include
ENDIF
ENGINES_NO_INST=ossltest dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto
INCLUDE[ossltest]=../include
ENDIF
GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
ENDIF

View file

@ -0,0 +1,870 @@
/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Required for vmsplice */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/err.h>
#include "internal/nelem.h"
#include <sys/socket.h>
#include <linux/version.h>
#define K_MAJ 4
#define K_MIN1 1
#define K_MIN2 0
#if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \
!defined(AF_ALG)
# ifndef PEDANTIC
# warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
# warning "Skipping Compilation of AFALG engine"
# endif
void engine_load_afalg_int(void);
void engine_load_afalg_int(void)
{
}
#else
# include <linux/if_alg.h>
# include <fcntl.h>
# include <sys/utsname.h>
# include <linux/aio_abi.h>
# include <sys/syscall.h>
# include <errno.h>
# include "e_afalg.h"
# include "e_afalg_err.c"
# ifndef SOL_ALG
# define SOL_ALG 279
# endif
# ifdef ALG_ZERO_COPY
# ifndef SPLICE_F_GIFT
# define SPLICE_F_GIFT (0x08)
# endif
# endif
# define ALG_AES_IV_LEN 16
# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len))
# define ALG_OP_TYPE unsigned int
# define ALG_OP_LEN (sizeof(ALG_OP_TYPE))
#define ALG_MAX_SALG_NAME 64
#define ALG_MAX_SALG_TYPE 14
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
void engine_load_afalg_int(void);
# endif
/* Local Linkage Functions */
static int afalg_init_aio(afalg_aio *aio);
static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd,
unsigned char *buf, size_t len);
static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
const char *ciphername);
static int afalg_destroy(ENGINE *e);
static int afalg_init(ENGINE *e);
static int afalg_finish(ENGINE *e);
static const EVP_CIPHER *afalg_aes_cbc(int nid);
static cbc_handles *get_cipher_handle(int nid);
static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx);
static int afalg_chk_platform(void);
/* Engine Id and Name */
static const char *engine_afalg_id = "afalg";
static const char *engine_afalg_name = "AFALG engine support";
static int afalg_cipher_nids[] = {
NID_aes_128_cbc,
NID_aes_192_cbc,
NID_aes_256_cbc,
};
static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL},
{AES_KEY_SIZE_192, NULL},
{AES_KEY_SIZE_256, NULL}};
static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
{
return syscall(__NR_io_setup, n, ctx);
}
static ossl_inline int eventfd(int n)
{
return syscall(__NR_eventfd2, n, 0);
}
static ossl_inline int io_destroy(aio_context_t ctx)
{
return syscall(__NR_io_destroy, ctx);
}
static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
{
return syscall(__NR_io_submit, ctx, n, iocb);
}
static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
struct io_event *events,
struct timespec *timeout)
{
return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
}
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD waitfd, void *custom)
{
close(waitfd);
}
static int afalg_setup_async_event_notification(afalg_aio *aio)
{
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
void *custom = NULL;
int ret;
if ((job = ASYNC_get_current_job()) != NULL) {
/* Async mode */
waitctx = ASYNC_get_wait_ctx(job);
if (waitctx == NULL) {
ALG_WARN("%s(%d): ASYNC_get_wait_ctx error", __FILE__, __LINE__);
return 0;
}
/* Get waitfd from ASYNC_WAIT_CTX if it is already set */
ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
&aio->efd, &custom);
if (ret == 0) {
/*
* waitfd is not set in ASYNC_WAIT_CTX, create a new one
* and set it. efd will be signaled when AIO operation completes
*/
aio->efd = eventfd(0);
if (aio->efd == -1) {
ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__,
__LINE__);
AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
AFALG_R_EVENTFD_FAILED);
return 0;
}
ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
aio->efd, custom,
afalg_waitfd_cleanup);
if (ret == 0) {
ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__);
close(aio->efd);
return 0;
}
/* make fd non-blocking in async mode */
if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) {
ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING",
__FILE__, __LINE__);
}
}
aio->mode = MODE_ASYNC;
} else {
/* Sync mode */
aio->efd = eventfd(0);
if (aio->efd == -1) {
ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__);
AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
AFALG_R_EVENTFD_FAILED);
return 0;
}
aio->mode = MODE_SYNC;
}
return 1;
}
static int afalg_init_aio(afalg_aio *aio)
{
int r = -1;
/* Initialise for AIO */
aio->aio_ctx = 0;
r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx);
if (r < 0) {
ALG_PERR("%s(%d): io_setup error : ", __FILE__, __LINE__);
AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED);
return 0;
}
memset(aio->cbt, 0, sizeof(aio->cbt));
aio->efd = -1;
aio->mode = MODE_UNINIT;
return 1;
}
static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
size_t len)
{
int r;
int retry = 0;
unsigned int done = 0;
struct iocb *cb;
struct timespec timeout;
struct io_event events[MAX_INFLIGHTS];
u_int64_t eval = 0;
timeout.tv_sec = 0;
timeout.tv_nsec = 0;
/* if efd has not been initialised yet do it here */
if (aio->mode == MODE_UNINIT) {
r = afalg_setup_async_event_notification(aio);
if (r == 0)
return 0;
}
cb = &(aio->cbt[0 % MAX_INFLIGHTS]);
memset(cb, '\0', sizeof(*cb));
cb->aio_fildes = sfd;
cb->aio_lio_opcode = IOCB_CMD_PREAD;
/*
* The pointer has to be converted to unsigned value first to avoid
* sign extension on cast to 64 bit value in 32-bit builds
*/
cb->aio_buf = (size_t)buf;
cb->aio_offset = 0;
cb->aio_data = 0;
cb->aio_nbytes = len;
cb->aio_flags = IOCB_FLAG_RESFD;
cb->aio_resfd = aio->efd;
/*
* Perform AIO read on AFALG socket, this in turn performs an async
* crypto operation in kernel space
*/
r = io_read(aio->aio_ctx, 1, &cb);
if (r < 0) {
ALG_PWARN("%s(%d): io_read failed : ", __FILE__, __LINE__);
return 0;
}
do {
/* While AIO read is being performed pause job */
ASYNC_pause_job();
/* Check for completion of AIO read */
r = read(aio->efd, &eval, sizeof(eval));
if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK)
continue;
ALG_PERR("%s(%d): read failed for event fd : ", __FILE__, __LINE__);
return 0;
} else if (r == 0 || eval <= 0) {
ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__,
__LINE__, r, eval);
}
if (eval > 0) {
/* Get results of AIO read */
r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
events, &timeout);
if (r > 0) {
/*
* events.res indicates the actual status of the operation.
* Handle the error condition first.
*/
if (events[0].res < 0) {
/*
* Underlying operation cannot be completed at the time
* of previous submission. Resubmit for the operation.
*/
if (events[0].res == -EBUSY && retry++ < 3) {
r = io_read(aio->aio_ctx, 1, &cb);
if (r < 0) {
ALG_PERR("%s(%d): retry %d for io_read failed : ",
__FILE__, __LINE__, retry);
return 0;
}
continue;
} else {
/*
* Retries exceed for -EBUSY or unrecoverable error
* condition for this instance of operation.
*/
ALG_WARN
("%s(%d): Crypto Operation failed with code %lld\n",
__FILE__, __LINE__, events[0].res);
return 0;
}
}
/* Operation successful. */
done = 1;
} else if (r < 0) {
ALG_PERR("%s(%d): io_getevents failed : ", __FILE__, __LINE__);
return 0;
} else {
ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__,
__LINE__);
}
}
} while (!done);
return 1;
}
static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
const ALG_OP_TYPE op)
{
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN);
memcpy(CMSG_DATA(cmsg), &op, ALG_OP_LEN);
}
static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
const unsigned int len)
{
struct af_alg_iv *aiv;
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(ALG_IV_LEN(len));
aiv = (struct af_alg_iv *)CMSG_DATA(cmsg);
aiv->ivlen = len;
memcpy(aiv->iv, iv, len);
}
static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
const int klen)
{
int ret;
ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
if (ret < 0) {
ALG_PERR("%s(%d): Failed to set socket option : ", __FILE__, __LINE__);
AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
return 0;
}
return 1;
}
static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
const char *ciphername)
{
struct sockaddr_alg sa;
int r = -1;
actx->bfd = actx->sfd = -1;
memset(&sa, 0, sizeof(sa));
sa.salg_family = AF_ALG;
strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE);
sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0';
strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0';
actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (actx->bfd == -1) {
ALG_PERR("%s(%d): Failed to open socket : ", __FILE__, __LINE__);
AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED);
goto err;
}
r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa));
if (r < 0) {
ALG_PERR("%s(%d): Failed to bind socket : ", __FILE__, __LINE__);
AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED);
goto err;
}
actx->sfd = accept(actx->bfd, NULL, 0);
if (actx->sfd < 0) {
ALG_PERR("%s(%d): Socket Accept Failed : ", __FILE__, __LINE__);
AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED);
goto err;
}
return 1;
err:
if (actx->bfd >= 0)
close(actx->bfd);
if (actx->sfd >= 0)
close(actx->sfd);
actx->bfd = actx->sfd = -1;
return 0;
}
static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
size_t inl, const unsigned char *iv,
unsigned int enc)
{
struct msghdr msg = { 0 };
struct cmsghdr *cmsg;
struct iovec iov;
ssize_t sbytes;
# ifdef ALG_ZERO_COPY
int ret;
# endif
char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)];
memset(cbuf, 0, sizeof(cbuf));
msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);
/*
* cipher direction (i.e. encrypt or decrypt) and iv are sent to the
* kernel as part of sendmsg()'s ancillary data
*/
cmsg = CMSG_FIRSTHDR(&msg);
afalg_set_op_sk(cmsg, enc);
cmsg = CMSG_NXTHDR(&msg, cmsg);
afalg_set_iv_sk(cmsg, iv, ALG_AES_IV_LEN);
/* iov that describes input data */
iov.iov_base = (unsigned char *)in;
iov.iov_len = inl;
msg.msg_flags = MSG_MORE;
# ifdef ALG_ZERO_COPY
/*
* ZERO_COPY mode
* Works best when buffer is 4k aligned
* OPENS: out of place processing (i.e. out != in)
*/
/* Input data is not sent as part of call to sendmsg() */
msg.msg_iovlen = 0;
msg.msg_iov = NULL;
/* Sendmsg() sends iv and cipher direction to the kernel */
sbytes = sendmsg(actx->sfd, &msg, 0);
if (sbytes < 0) {
ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ",
__FILE__, __LINE__);
return 0;
}
/*
* vmsplice and splice are used to pin the user space input buffer for
* kernel space processing avoiding copys from user to kernel space
*/
ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT);
if (ret < 0) {
ALG_PERR("%s(%d): vmsplice failed : ", __FILE__, __LINE__);
return 0;
}
ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0);
if (ret < 0) {
ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__);
return 0;
}
# else
msg.msg_iovlen = 1;
msg.msg_iov = &iov;
/* Sendmsg() sends iv, cipher direction and input data to the kernel */
sbytes = sendmsg(actx->sfd, &msg, 0);
if (sbytes < 0) {
ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__,
__LINE__);
return 0;
}
if (sbytes != (ssize_t) inl) {
ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
inl);
return 0;
}
# endif
return 1;
}
static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ciphertype;
int ret;
afalg_ctx *actx;
char ciphername[ALG_MAX_SALG_NAME];
if (ctx == NULL || key == NULL) {
ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__);
return 0;
}
if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__);
return 0;
}
actx = EVP_CIPHER_CTX_get_cipher_data(ctx);
if (actx == NULL) {
ALG_WARN("%s(%d): Cipher data NULL\n", __FILE__, __LINE__);
return 0;
}
ciphertype = EVP_CIPHER_CTX_nid(ctx);
switch (ciphertype) {
case NID_aes_128_cbc:
case NID_aes_192_cbc:
case NID_aes_256_cbc:
strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
break;
default:
ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__,
ciphertype);
return 0;
}
ciphername[ALG_MAX_SALG_NAME-1]='\0';
if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__,
EVP_CIPHER_CTX_iv_length(ctx));
return 0;
}
/* Setup AFALG socket for crypto processing */
ret = afalg_create_sk(actx, "skcipher", ciphername);
if (ret < 1)
return 0;
ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
if (ret < 1)
goto err;
/* Setup AIO ctx to allow async AFALG crypto processing */
if (afalg_init_aio(&actx->aio) == 0)
goto err;
# ifdef ALG_ZERO_COPY
pipe(actx->zc_pipe);
# endif
actx->init_done = MAGIC_INIT_NUM;
return 1;
err:
close(actx->sfd);
close(actx->bfd);
return 0;
}
static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
afalg_ctx *actx;
int ret;
char nxtiv[ALG_AES_IV_LEN] = { 0 };
if (ctx == NULL || out == NULL || in == NULL) {
ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
__LINE__);
return 0;
}
actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
ALG_WARN("%s afalg ctx passed\n",
ctx == NULL ? "NULL" : "Uninitialised");
return 0;
}
/*
* set iv now for decrypt operation as the input buffer can be
* overwritten for inplace operation where in = out.
*/
if (EVP_CIPHER_CTX_encrypting(ctx) == 0) {
memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN);
}
/* Send input data to kernel space */
ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl,
EVP_CIPHER_CTX_iv(ctx),
EVP_CIPHER_CTX_encrypting(ctx));
if (ret < 1) {
return 0;
}
/* Perform async crypto operation in kernel space */
ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl);
if (ret < 1)
return 0;
if (EVP_CIPHER_CTX_encrypting(ctx)) {
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
ALG_AES_IV_LEN);
} else {
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN);
}
return 1;
}
static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
{
afalg_ctx *actx;
if (ctx == NULL) {
ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
__LINE__);
return 0;
}
actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
ALG_WARN("%s afalg ctx passed\n",
ctx == NULL ? "NULL" : "Uninitialised");
return 0;
}
close(actx->sfd);
close(actx->bfd);
# ifdef ALG_ZERO_COPY
close(actx->zc_pipe[0]);
close(actx->zc_pipe[1]);
# endif
/* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */
if (actx->aio.mode == MODE_SYNC)
close(actx->aio.efd);
io_destroy(actx->aio.aio_ctx);
return 1;
}
static cbc_handles *get_cipher_handle(int nid)
{
switch (nid) {
case NID_aes_128_cbc:
return &cbc_handle[AES_CBC_128];
case NID_aes_192_cbc:
return &cbc_handle[AES_CBC_192];
case NID_aes_256_cbc:
return &cbc_handle[AES_CBC_256];
default:
return NULL;
}
}
static const EVP_CIPHER *afalg_aes_cbc(int nid)
{
cbc_handles *cipher_handle = get_cipher_handle(nid);
if (cipher_handle->_hidden == NULL
&& ((cipher_handle->_hidden =
EVP_CIPHER_meth_new(nid,
AES_BLOCK_SIZE,
cipher_handle->key_size)) == NULL
|| !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden,
AES_IV_LEN)
|| !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden,
EVP_CIPH_CBC_MODE |
EVP_CIPH_FLAG_DEFAULT_ASN1)
|| !EVP_CIPHER_meth_set_init(cipher_handle->_hidden,
afalg_cipher_init)
|| !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden,
afalg_do_cipher)
|| !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden,
afalg_cipher_cleanup)
|| !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden,
sizeof(afalg_ctx)))) {
EVP_CIPHER_meth_free(cipher_handle->_hidden);
cipher_handle->_hidden= NULL;
}
return cipher_handle->_hidden;
}
static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int r = 1;
if (cipher == NULL) {
*nids = afalg_cipher_nids;
return (sizeof(afalg_cipher_nids) / sizeof(afalg_cipher_nids[0]));
}
switch (nid) {
case NID_aes_128_cbc:
case NID_aes_192_cbc:
case NID_aes_256_cbc:
*cipher = afalg_aes_cbc(nid);
break;
default:
*cipher = NULL;
r = 0;
}
return r;
}
static int bind_afalg(ENGINE *e)
{
/* Ensure the afalg error handling is set up */
unsigned short i;
ERR_load_AFALG_strings();
if (!ENGINE_set_id(e, engine_afalg_id)
|| !ENGINE_set_name(e, engine_afalg_name)
|| !ENGINE_set_destroy_function(e, afalg_destroy)
|| !ENGINE_set_init_function(e, afalg_init)
|| !ENGINE_set_finish_function(e, afalg_finish)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
/*
* Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
* now, as bind_aflag can only be called by one thread at a
* time.
*/
for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
}
if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
return 1;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_afalg_id) != 0))
return 0;
if (!afalg_chk_platform())
return 0;
if (!bind_afalg(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
# endif
static int afalg_chk_platform(void)
{
int ret;
int i;
int kver[3] = { -1, -1, -1 };
int sock;
char *str;
struct utsname ut;
ret = uname(&ut);
if (ret != 0) {
AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
AFALG_R_FAILED_TO_GET_PLATFORM_INFO);
return 0;
}
str = strtok(ut.release, ".");
for (i = 0; i < 3 && str != NULL; i++) {
kver[i] = atoi(str);
str = strtok(NULL, ".");
}
if (KERNEL_VERSION(kver[0], kver[1], kver[2])
< KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) {
ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
kver[0], kver[1], kver[2]);
ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
K_MAJ, K_MIN1, K_MIN2);
AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG);
return 0;
}
/* Test if we can actually create an AF_ALG socket */
sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (sock == -1) {
AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
return 0;
}
close(sock);
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_afalg(void)
{
ENGINE *ret = ENGINE_new();
if (ret == NULL)
return NULL;
if (!bind_afalg(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void engine_load_afalg_int(void)
{
ENGINE *toadd;
if (!afalg_chk_platform())
return;
toadd = engine_afalg();
if (toadd == NULL)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
# endif
static int afalg_init(ENGINE *e)
{
return 1;
}
static int afalg_finish(ENGINE *e)
{
return 1;
}
static int free_cbc(void)
{
short unsigned int i;
for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
EVP_CIPHER_meth_free(cbc_handle[i]._hidden);
cbc_handle[i]._hidden = NULL;
}
return 1;
}
static int afalg_destroy(ENGINE *e)
{
ERR_unload_AFALG_strings();
free_cbc();
return 1;
}
#endif /* KERNEL VERSION */

View file

@ -0,0 +1,3 @@
# The INPUT HEADER is scanned for declarations
# LIBNAME INPUT HEADER ERROR-TABLE FILE
L AFALG e_afalg_err.h e_afalg_err.c

View file

@ -0,0 +1,95 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_AFALG_H
# define HEADER_AFALG_H
# if defined(__GNUC__) && __GNUC__ >= 4 && \
(!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L)
# pragma GCC diagnostic ignored "-Wvariadic-macros"
# endif
# ifdef ALG_DEBUG
# define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
# define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__)
# define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__)
# else
# define ALG_DGB(x, ...)
# define ALG_INFO(x, ...)
# define ALG_WARN(x, ...)
# endif
# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__)
# define ALG_PERR(x, ...) \
do { \
fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
perror(NULL); \
} while(0)
# define ALG_PWARN(x, ...) \
do { \
fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
perror(NULL); \
} while(0)
# ifndef AES_BLOCK_SIZE
# define AES_BLOCK_SIZE 16
# endif
# define AES_KEY_SIZE_128 16
# define AES_KEY_SIZE_192 24
# define AES_KEY_SIZE_256 32
# define AES_IV_LEN 16
# define MAX_INFLIGHTS 1
typedef enum {
MODE_UNINIT = 0,
MODE_SYNC,
MODE_ASYNC
} op_mode;
enum {
AES_CBC_128 = 0,
AES_CBC_192,
AES_CBC_256
};
struct cbc_cipher_handles {
int key_size;
EVP_CIPHER *_hidden;
};
typedef struct cbc_cipher_handles cbc_handles;
struct afalg_aio_st {
int efd;
op_mode mode;
aio_context_t aio_ctx;
struct io_event events[MAX_INFLIGHTS];
struct iocb cbt[MAX_INFLIGHTS];
};
typedef struct afalg_aio_st afalg_aio;
/*
* MAGIC Number to identify correct initialisation
* of afalg_ctx.
*/
# define MAGIC_INIT_NUM 0x1890671
struct afalg_ctx_st {
int init_done;
int sfd;
int bfd;
# ifdef ALG_ZERO_COPY
int zc_pipe[2];
# endif
afalg_aio aio;
};
typedef struct afalg_ctx_st afalg_ctx;
#endif

View file

@ -0,0 +1,30 @@
# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Function codes
AFALG_F_AFALG_CHK_PLATFORM:100:afalg_chk_platform
AFALG_F_AFALG_CREATE_SK:101:afalg_create_sk
AFALG_F_AFALG_INIT_AIO:102:afalg_init_aio
AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION:103:\
afalg_setup_async_event_notification
AFALG_F_AFALG_SET_KEY:104:afalg_set_key
AFALG_F_BIND_AFALG:105:bind_afalg
#Reason codes
AFALG_R_EVENTFD_FAILED:108:eventfd failed
AFALG_R_FAILED_TO_GET_PLATFORM_INFO:111:failed to get platform info
AFALG_R_INIT_FAILED:100:init failed
AFALG_R_IO_SETUP_FAILED:105:io setup failed
AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG:101:kernel does not support afalg
AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG:107:\
kernel does not support async afalg
AFALG_R_MEM_ALLOC_FAILED:102:mem alloc failed
AFALG_R_SOCKET_ACCEPT_FAILED:110:socket accept failed
AFALG_R_SOCKET_BIND_FAILED:103:socket bind failed
AFALG_R_SOCKET_CREATE_FAILED:109:socket create failed
AFALG_R_SOCKET_OPERATION_FAILED:104:socket operation failed
AFALG_R_SOCKET_SET_KEY_FAILED:106:socket set key failed

View file

@ -0,0 +1,83 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/err.h>
#include "e_afalg_err.h"
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA AFALG_str_functs[] = {
{ERR_PACK(0, AFALG_F_AFALG_CHK_PLATFORM, 0), "afalg_chk_platform"},
{ERR_PACK(0, AFALG_F_AFALG_CREATE_SK, 0), "afalg_create_sk"},
{ERR_PACK(0, AFALG_F_AFALG_INIT_AIO, 0), "afalg_init_aio"},
{ERR_PACK(0, AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, 0),
"afalg_setup_async_event_notification"},
{ERR_PACK(0, AFALG_F_AFALG_SET_KEY, 0), "afalg_set_key"},
{ERR_PACK(0, AFALG_F_BIND_AFALG, 0), "bind_afalg"},
{0, NULL}
};
static ERR_STRING_DATA AFALG_str_reasons[] = {
{ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"},
{ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO),
"failed to get platform info"},
{ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed"},
{ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed"},
{ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG),
"kernel does not support afalg"},
{ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG),
"kernel does not support async afalg"},
{ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"},
{ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"},
{ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"},
{ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"},
{ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED),
"socket operation failed"},
{ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"},
{0, NULL}
};
#endif
static int lib_code = 0;
static int error_loaded = 0;
static int ERR_load_AFALG_strings(void)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
if (!error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_load_strings(lib_code, AFALG_str_functs);
ERR_load_strings(lib_code, AFALG_str_reasons);
#endif
error_loaded = 1;
}
return 1;
}
static void ERR_unload_AFALG_strings(void)
{
if (error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(lib_code, AFALG_str_functs);
ERR_unload_strings(lib_code, AFALG_str_reasons);
#endif
error_loaded = 0;
}
}
static void ERR_AFALG_error(int function, int reason, char *file, int line)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
ERR_PUT_error(lib_code, function, reason, file, line);
}

View file

@ -0,0 +1,43 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_AFALGERR_H
# define HEADER_AFALGERR_H
# define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
/*
* AFALG function codes.
*/
# define AFALG_F_AFALG_CHK_PLATFORM 100
# define AFALG_F_AFALG_CREATE_SK 101
# define AFALG_F_AFALG_INIT_AIO 102
# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 103
# define AFALG_F_AFALG_SET_KEY 104
# define AFALG_F_BIND_AFALG 105
/*
* AFALG reason codes.
*/
# define AFALG_R_EVENTFD_FAILED 108
# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111
# define AFALG_R_INIT_FAILED 100
# define AFALG_R_IO_SETUP_FAILED 105
# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101
# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107
# define AFALG_R_MEM_ALLOC_FAILED 102
# define AFALG_R_SOCKET_ACCEPT_FAILED 110
# define AFALG_R_SOCKET_BIND_FAILED 103
# define AFALG_R_SOCKET_CREATE_FAILED 109
# define AFALG_R_SOCKET_OPERATION_FAILED 104
# define AFALG_R_SOCKET_SET_KEY_FAILED 106
#endif

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,3 @@
# The INPUT HEADER is scanned for declarations
# LIBNAME INPUT HEADER ERROR-TABLE FILE
L CAPI e_capi_err.h e_capi_err.c

View file

@ -0,0 +1,62 @@
# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Function codes
CAPI_F_CAPI_CERT_GET_FNAME:99:capi_cert_get_fname
CAPI_F_CAPI_CTRL:100:capi_ctrl
CAPI_F_CAPI_CTX_NEW:101:capi_ctx_new
CAPI_F_CAPI_CTX_SET_PROVNAME:102:capi_ctx_set_provname
CAPI_F_CAPI_DSA_DO_SIGN:114:capi_dsa_do_sign
CAPI_F_CAPI_GET_KEY:103:capi_get_key
CAPI_F_CAPI_GET_PKEY:115:capi_get_pkey
CAPI_F_CAPI_GET_PROVNAME:104:capi_get_provname
CAPI_F_CAPI_GET_PROV_INFO:105:capi_get_prov_info
CAPI_F_CAPI_INIT:106:capi_init
CAPI_F_CAPI_LIST_CONTAINERS:107:capi_list_containers
CAPI_F_CAPI_LOAD_PRIVKEY:108:capi_load_privkey
CAPI_F_CAPI_OPEN_STORE:109:capi_open_store
CAPI_F_CAPI_RSA_PRIV_DEC:110:capi_rsa_priv_dec
CAPI_F_CAPI_RSA_PRIV_ENC:111:capi_rsa_priv_enc
CAPI_F_CAPI_RSA_SIGN:112:capi_rsa_sign
CAPI_F_CAPI_VTRACE:118:capi_vtrace
CAPI_F_CERT_SELECT_DIALOG:117:cert_select_dialog
CAPI_F_CLIENT_CERT_SELECT:116:*
CAPI_F_WIDE_TO_ASC:113:wide_to_asc
#Reason codes
CAPI_R_CANT_CREATE_HASH_OBJECT:100:cant create hash object
CAPI_R_CANT_FIND_CAPI_CONTEXT:101:cant find capi context
CAPI_R_CANT_GET_KEY:102:cant get key
CAPI_R_CANT_SET_HASH_VALUE:103:cant set hash value
CAPI_R_CRYPTACQUIRECONTEXT_ERROR:104:cryptacquirecontext error
CAPI_R_CRYPTENUMPROVIDERS_ERROR:105:cryptenumproviders error
CAPI_R_DECRYPT_ERROR:106:decrypt error
CAPI_R_ENGINE_NOT_INITIALIZED:107:engine not initialized
CAPI_R_ENUMCONTAINERS_ERROR:108:enumcontainers error
CAPI_R_ERROR_ADDING_CERT:109:error adding cert
CAPI_R_ERROR_CREATING_STORE:110:error creating store
CAPI_R_ERROR_GETTING_FRIENDLY_NAME:111:error getting friendly name
CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO:112:error getting key provider info
CAPI_R_ERROR_OPENING_STORE:113:error opening store
CAPI_R_ERROR_SIGNING_HASH:114:error signing hash
CAPI_R_FILE_OPEN_ERROR:115:file open error
CAPI_R_FUNCTION_NOT_SUPPORTED:116:function not supported
CAPI_R_GETUSERKEY_ERROR:117:getuserkey error
CAPI_R_INVALID_DIGEST_LENGTH:118:invalid digest length
CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:119:\
invalid dsa public key blob magic number
CAPI_R_INVALID_LOOKUP_METHOD:120:invalid lookup method
CAPI_R_INVALID_PUBLIC_KEY_BLOB:121:invalid public key blob
CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:122:\
invalid rsa public key blob magic number
CAPI_R_PUBKEY_EXPORT_ERROR:123:pubkey export error
CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR:124:pubkey export length error
CAPI_R_UNKNOWN_COMMAND:125:unknown command
CAPI_R_UNSUPPORTED_ALGORITHM_NID:126:unsupported algorithm nid
CAPI_R_UNSUPPORTED_PADDING:127:unsupported padding
CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM:128:unsupported public key algorithm
CAPI_R_WIN32_ERROR:129:win32 error

View file

@ -0,0 +1,119 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/err.h>
#include "e_capi_err.h"
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA CAPI_str_functs[] = {
{ERR_PACK(0, CAPI_F_CAPI_CERT_GET_FNAME, 0), "capi_cert_get_fname"},
{ERR_PACK(0, CAPI_F_CAPI_CTRL, 0), "capi_ctrl"},
{ERR_PACK(0, CAPI_F_CAPI_CTX_NEW, 0), "capi_ctx_new"},
{ERR_PACK(0, CAPI_F_CAPI_CTX_SET_PROVNAME, 0), "capi_ctx_set_provname"},
{ERR_PACK(0, CAPI_F_CAPI_DSA_DO_SIGN, 0), "capi_dsa_do_sign"},
{ERR_PACK(0, CAPI_F_CAPI_GET_KEY, 0), "capi_get_key"},
{ERR_PACK(0, CAPI_F_CAPI_GET_PKEY, 0), "capi_get_pkey"},
{ERR_PACK(0, CAPI_F_CAPI_GET_PROVNAME, 0), "capi_get_provname"},
{ERR_PACK(0, CAPI_F_CAPI_GET_PROV_INFO, 0), "capi_get_prov_info"},
{ERR_PACK(0, CAPI_F_CAPI_INIT, 0), "capi_init"},
{ERR_PACK(0, CAPI_F_CAPI_LIST_CONTAINERS, 0), "capi_list_containers"},
{ERR_PACK(0, CAPI_F_CAPI_LOAD_PRIVKEY, 0), "capi_load_privkey"},
{ERR_PACK(0, CAPI_F_CAPI_OPEN_STORE, 0), "capi_open_store"},
{ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_DEC, 0), "capi_rsa_priv_dec"},
{ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_ENC, 0), "capi_rsa_priv_enc"},
{ERR_PACK(0, CAPI_F_CAPI_RSA_SIGN, 0), "capi_rsa_sign"},
{ERR_PACK(0, CAPI_F_CAPI_VTRACE, 0), "capi_vtrace"},
{ERR_PACK(0, CAPI_F_CERT_SELECT_DIALOG, 0), "cert_select_dialog"},
{ERR_PACK(0, CAPI_F_CLIENT_CERT_SELECT, 0), ""},
{ERR_PACK(0, CAPI_F_WIDE_TO_ASC, 0), "wide_to_asc"},
{0, NULL}
};
static ERR_STRING_DATA CAPI_str_reasons[] = {
{ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
{ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
{ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key"},
{ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
{ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
"cryptacquirecontext error"},
{ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR),
"cryptenumproviders error"},
{ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error"},
{ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
{ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
{ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
{ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store"},
{ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
"error getting friendly name"},
{ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
"error getting key provider info"},
{ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store"},
{ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
{ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error"},
{ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
{ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
{ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
{ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
"invalid dsa public key blob magic number"},
{ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
{ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
{ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
"invalid rsa public key blob magic number"},
{ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
{ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
"pubkey export length error"},
{ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command"},
{ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID),
"unsupported algorithm nid"},
{ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
{ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
"unsupported public key algorithm"},
{ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error"},
{0, NULL}
};
#endif
static int lib_code = 0;
static int error_loaded = 0;
static int ERR_load_CAPI_strings(void)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
if (!error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_load_strings(lib_code, CAPI_str_functs);
ERR_load_strings(lib_code, CAPI_str_reasons);
#endif
error_loaded = 1;
}
return 1;
}
static void ERR_unload_CAPI_strings(void)
{
if (error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(lib_code, CAPI_str_functs);
ERR_unload_strings(lib_code, CAPI_str_reasons);
#endif
error_loaded = 0;
}
}
static void ERR_CAPI_error(int function, int reason, char *file, int line)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
ERR_PUT_error(lib_code, function, reason, file, line);
}

View file

@ -0,0 +1,75 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_CAPIERR_H
# define HEADER_CAPIERR_H
# define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
/*
* CAPI function codes.
*/
# define CAPI_F_CAPI_CERT_GET_FNAME 99
# define CAPI_F_CAPI_CTRL 100
# define CAPI_F_CAPI_CTX_NEW 101
# define CAPI_F_CAPI_CTX_SET_PROVNAME 102
# define CAPI_F_CAPI_DSA_DO_SIGN 114
# define CAPI_F_CAPI_GET_KEY 103
# define CAPI_F_CAPI_GET_PKEY 115
# define CAPI_F_CAPI_GET_PROVNAME 104
# define CAPI_F_CAPI_GET_PROV_INFO 105
# define CAPI_F_CAPI_INIT 106
# define CAPI_F_CAPI_LIST_CONTAINERS 107
# define CAPI_F_CAPI_LOAD_PRIVKEY 108
# define CAPI_F_CAPI_OPEN_STORE 109
# define CAPI_F_CAPI_RSA_PRIV_DEC 110
# define CAPI_F_CAPI_RSA_PRIV_ENC 111
# define CAPI_F_CAPI_RSA_SIGN 112
# define CAPI_F_CAPI_VTRACE 118
# define CAPI_F_CERT_SELECT_DIALOG 117
# define CAPI_F_CLIENT_CERT_SELECT 116
# define CAPI_F_WIDE_TO_ASC 113
/*
* CAPI reason codes.
*/
# define CAPI_R_CANT_CREATE_HASH_OBJECT 100
# define CAPI_R_CANT_FIND_CAPI_CONTEXT 101
# define CAPI_R_CANT_GET_KEY 102
# define CAPI_R_CANT_SET_HASH_VALUE 103
# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 104
# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 105
# define CAPI_R_DECRYPT_ERROR 106
# define CAPI_R_ENGINE_NOT_INITIALIZED 107
# define CAPI_R_ENUMCONTAINERS_ERROR 108
# define CAPI_R_ERROR_ADDING_CERT 109
# define CAPI_R_ERROR_CREATING_STORE 110
# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 111
# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 112
# define CAPI_R_ERROR_OPENING_STORE 113
# define CAPI_R_ERROR_SIGNING_HASH 114
# define CAPI_R_FILE_OPEN_ERROR 115
# define CAPI_R_FUNCTION_NOT_SUPPORTED 116
# define CAPI_R_GETUSERKEY_ERROR 117
# define CAPI_R_INVALID_DIGEST_LENGTH 118
# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 119
# define CAPI_R_INVALID_LOOKUP_METHOD 120
# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 121
# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122
# define CAPI_R_PUBKEY_EXPORT_ERROR 123
# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 124
# define CAPI_R_UNKNOWN_COMMAND 125
# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 126
# define CAPI_R_UNSUPPORTED_PADDING 127
# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 128
# define CAPI_R_WIN32_ERROR 129
#endif

View file

@ -0,0 +1,785 @@
/*
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#if defined(_WIN32)
# include <windows.h>
#endif
#include <stdio.h>
#include <string.h>
#include <openssl/engine.h>
#include <openssl/sha.h>
#include <openssl/aes.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/async.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/modes.h>
#if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS)
# undef ASYNC_POSIX
# define ASYNC_POSIX
# include <unistd.h>
#elif defined(_WIN32)
# undef ASYNC_WIN
# define ASYNC_WIN
#endif
#include "e_dasync_err.c"
/* Engine Id and Name */
static const char *engine_dasync_id = "dasync";
static const char *engine_dasync_name = "Dummy Async engine support";
/* Engine Lifetime functions */
static int dasync_destroy(ENGINE *e);
static int dasync_init(ENGINE *e);
static int dasync_finish(ENGINE *e);
void engine_load_dasync_int(void);
/* Set up digests. Just SHA1 for now */
static int dasync_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid);
static void dummy_pause_job(void);
/* SHA1 */
static int dasync_sha1_init(EVP_MD_CTX *ctx);
static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
/*
* Holds the EVP_MD object for sha1 in this engine. Set up once only during
* engine bind and can then be reused many times.
*/
static EVP_MD *_hidden_sha1_md = NULL;
static const EVP_MD *dasync_sha1(void)
{
return _hidden_sha1_md;
}
static void destroy_digests(void)
{
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
}
static int dasync_digest_nids(const int **nids)
{
static int digest_nids[2] = { 0, 0 };
static int pos = 0;
static int init = 0;
if (!init) {
const EVP_MD *md;
if ((md = dasync_sha1()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
digest_nids[pos] = 0;
init = 1;
}
*nids = digest_nids;
return pos;
}
/* RSA */
static int dasync_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
static int dasync_rsa_init(RSA *rsa);
static int dasync_rsa_finish(RSA *rsa);
static RSA_METHOD *dasync_rsa_method = NULL;
/* AES */
static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr);
static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx);
static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
int arg, void *ptr);
static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv,
int enc);
static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
size_t inl);
static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx);
struct dasync_pipeline_ctx {
void *inner_cipher_data;
unsigned int numpipes;
unsigned char **inbufs;
unsigned char **outbufs;
size_t *lens;
unsigned char tlsaad[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
unsigned int aadctr;
};
/*
* Holds the EVP_CIPHER object for aes_128_cbc in this engine. Set up once only
* during engine bind and can then be reused many times.
*/
static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
static const EVP_CIPHER *dasync_aes_128_cbc(void)
{
return _hidden_aes_128_cbc;
}
/*
* Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up
* once only during engine bind and can then be reused many times.
*
* This 'stitched' cipher depends on the EVP_aes_128_cbc_hmac_sha1() cipher,
* which is implemented only if the AES-NI instruction set extension is available
* (see OPENSSL_IA32CAP(3)). If that's not the case, then this cipher will not
* be available either.
*
* Note: Since it is a legacy mac-then-encrypt cipher, modern TLS peers (which
* negotiate the encrypt-then-mac extension) won't negotiate it anyway.
*/
static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
static const EVP_CIPHER *dasync_aes_128_cbc_hmac_sha1(void)
{
return _hidden_aes_128_cbc_hmac_sha1;
}
static void destroy_ciphers(void)
{
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
_hidden_aes_128_cbc = NULL;
_hidden_aes_128_cbc_hmac_sha1 = NULL;
}
static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int dasync_cipher_nids[] = {
NID_aes_128_cbc,
NID_aes_128_cbc_hmac_sha1,
0
};
static int bind_dasync(ENGINE *e)
{
/* Setup RSA_METHOD */
if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
|| RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
|| RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
|| RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
|| RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
|| RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
|| RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
|| RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
|| RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/* Ensure the dasync error handling is set up */
ERR_load_DASYNC_strings();
if (!ENGINE_set_id(e, engine_dasync_id)
|| !ENGINE_set_name(e, engine_dasync_name)
|| !ENGINE_set_RSA(e, dasync_rsa_method)
|| !ENGINE_set_digests(e, dasync_digests)
|| !ENGINE_set_ciphers(e, dasync_ciphers)
|| !ENGINE_set_destroy_function(e, dasync_destroy)
|| !ENGINE_set_init_function(e, dasync_init)
|| !ENGINE_set_finish_function(e, dasync_finish)) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/*
* Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
* supplied by this engine
*/
_hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
if (_hidden_sha1_md == NULL
|| !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
sizeof(EVP_MD *) + sizeof(SHA_CTX))
|| !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
|| !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
|| !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
}
_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
dasync_aes128_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
dasync_aes128_cbc_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
dasync_aes128_cbc_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
dasync_aes128_cbc_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
_hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
NID_aes_128_cbc_hmac_sha1,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc_hmac_sha1 == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_FLAG_AEAD_CIPHER
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
_hidden_aes_128_cbc_hmac_sha1 = NULL;
}
return 1;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_dasync_id) != 0))
return 0;
if (!bind_dasync(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
# endif
static ENGINE *engine_dasync(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_dasync(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void engine_load_dasync_int(void)
{
ENGINE *toadd = engine_dasync();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
static int dasync_init(ENGINE *e)
{
return 1;
}
static int dasync_finish(ENGINE *e)
{
return 1;
}
static int dasync_destroy(ENGINE *e)
{
destroy_digests();
destroy_ciphers();
RSA_meth_free(dasync_rsa_method);
ERR_unload_DASYNC_strings();
return 1;
}
static int dasync_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
int ok = 1;
if (!digest) {
/* We are returning a list of supported nids */
return dasync_digest_nids(nids);
}
/* We are being asked for a specific digest */
switch (nid) {
case NID_sha1:
*digest = dasync_sha1();
break;
default:
ok = 0;
*digest = NULL;
break;
}
return ok;
}
static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int ok = 1;
if (cipher == NULL) {
/* We are returning a list of supported nids */
*nids = dasync_cipher_nids;
return (sizeof(dasync_cipher_nids) -
1) / sizeof(dasync_cipher_nids[0]);
}
/* We are being asked for a specific cipher */
switch (nid) {
case NID_aes_128_cbc:
*cipher = dasync_aes_128_cbc();
break;
case NID_aes_128_cbc_hmac_sha1:
*cipher = dasync_aes_128_cbc_hmac_sha1();
break;
default:
ok = 0;
*cipher = NULL;
break;
}
return ok;
}
static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD readfd, void *pvwritefd)
{
OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd;
#if defined(ASYNC_WIN)
CloseHandle(readfd);
CloseHandle(*pwritefd);
#elif defined(ASYNC_POSIX)
close(readfd);
close(*pwritefd);
#endif
OPENSSL_free(pwritefd);
}
#define DUMMY_CHAR 'X'
static void dummy_pause_job(void) {
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
OSSL_ASYNC_FD pipefds[2] = {0, 0};
OSSL_ASYNC_FD *writefd;
#if defined(ASYNC_WIN)
DWORD numwritten, numread;
char buf = DUMMY_CHAR;
#elif defined(ASYNC_POSIX)
char buf = DUMMY_CHAR;
#endif
if ((job = ASYNC_get_current_job()) == NULL)
return;
waitctx = ASYNC_get_wait_ctx(job);
if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0],
(void **)&writefd)) {
pipefds[1] = *writefd;
} else {
writefd = OPENSSL_malloc(sizeof(*writefd));
if (writefd == NULL)
return;
#if defined(ASYNC_WIN)
if (CreatePipe(&pipefds[0], &pipefds[1], NULL, 256) == 0) {
OPENSSL_free(writefd);
return;
}
#elif defined(ASYNC_POSIX)
if (pipe(pipefds) != 0) {
OPENSSL_free(writefd);
return;
}
#endif
*writefd = pipefds[1];
if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0],
writefd, wait_cleanup)) {
wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd);
return;
}
}
/*
* In the Dummy async engine we are cheating. We signal that the job
* is complete by waking it before the call to ASYNC_pause_job(). A real
* async engine would only wake when the job was actually complete
*/
#if defined(ASYNC_WIN)
WriteFile(pipefds[1], &buf, 1, &numwritten, NULL);
#elif defined(ASYNC_POSIX)
if (write(pipefds[1], &buf, 1) < 0)
return;
#endif
/* Ignore errors - we carry on anyway */
ASYNC_pause_job();
/* Clear the wake signal */
#if defined(ASYNC_WIN)
ReadFile(pipefds[0], &buf, 1, &numread, NULL);
#elif defined(ASYNC_POSIX)
if (read(pipefds[0], &buf, 1) < 0)
return;
#endif
}
/*
* SHA1 implementation. At the moment we just defer to the standard
* implementation
*/
#undef data
#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int dasync_sha1_init(EVP_MD_CTX *ctx)
{
dummy_pause_job();
return SHA1_Init(data(ctx));
}
static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
dummy_pause_job();
return SHA1_Update(data(ctx), data, (size_t)count);
}
static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
{
dummy_pause_job();
return SHA1_Final(md, data(ctx));
}
/*
* RSA implementation
*/
static int dasync_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx);
}
static int dasync_rsa_init(RSA *rsa)
{
return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa);
}
static int dasync_rsa_finish(RSA *rsa)
{
return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa);
}
/* Cipher helper functions */
static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr, int aeadcapable)
{
int ret;
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
if (pipe_ctx == NULL)
return 0;
switch (type) {
case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS:
pipe_ctx->numpipes = arg;
pipe_ctx->outbufs = (unsigned char **)ptr;
break;
case EVP_CTRL_SET_PIPELINE_INPUT_BUFS:
pipe_ctx->numpipes = arg;
pipe_ctx->inbufs = (unsigned char **)ptr;
break;
case EVP_CTRL_SET_PIPELINE_INPUT_LENS:
pipe_ctx->numpipes = arg;
pipe_ctx->lens = (size_t *)ptr;
break;
case EVP_CTRL_AEAD_SET_MAC_KEY:
if (!aeadcapable)
return -1;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())
(ctx, type, arg, ptr);
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
return ret;
case EVP_CTRL_AEAD_TLS1_AAD:
{
unsigned char *p = ptr;
unsigned int len;
if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN)
return -1;
if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES)
return -1;
memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr,
EVP_AEAD_TLS1_AAD_LEN);
pipe_ctx->aadctr++;
len = p[arg - 2] << 8 | p[arg - 1];
if (EVP_CIPHER_CTX_encrypting(ctx)) {
if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
if (len < AES_BLOCK_SIZE)
return 0;
len -= AES_BLOCK_SIZE;
}
return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE)
& -AES_BLOCK_SIZE) - len;
} else {
return SHA_DIGEST_LENGTH;
}
}
default:
return 0;
}
return 1;
}
static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc,
const EVP_CIPHER *cipher)
{
int ret;
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
if (pipe_ctx->inner_cipher_data == NULL
&& EVP_CIPHER_impl_ctx_size(cipher) != 0) {
pipe_ctx->inner_cipher_data = OPENSSL_zalloc(
EVP_CIPHER_impl_ctx_size(cipher));
if (pipe_ctx->inner_cipher_data == NULL) {
DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER,
ERR_R_MALLOC_FAILURE);
return 0;
}
}
pipe_ctx->numpipes = 0;
pipe_ctx->aadctr = 0;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
ret = EVP_CIPHER_meth_get_init(cipher)(ctx, key, iv, enc);
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
return ret;
}
static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl,
const EVP_CIPHER *cipher)
{
int ret = 1;
unsigned int i, pipes;
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
pipes = pipe_ctx->numpipes;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data);
if (pipes == 0) {
if (pipe_ctx->aadctr != 0) {
if (pipe_ctx->aadctr != 1)
return -1;
EVP_CIPHER_meth_get_ctrl(cipher)
(ctx, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN,
pipe_ctx->tlsaad[0]);
}
ret = EVP_CIPHER_meth_get_do_cipher(cipher)
(ctx, out, in, inl);
} else {
if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes)
return -1;
for (i = 0; i < pipes; i++) {
if (pipe_ctx->aadctr > 0) {
EVP_CIPHER_meth_get_ctrl(cipher)
(ctx, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN,
pipe_ctx->tlsaad[i]);
}
ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)
(ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i],
pipe_ctx->lens[i]);
}
pipe_ctx->numpipes = 0;
}
pipe_ctx->aadctr = 0;
EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx);
return ret;
}
static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher)
{
struct dasync_pipeline_ctx *pipe_ctx =
(struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
OPENSSL_clear_free(pipe_ctx->inner_cipher_data,
EVP_CIPHER_impl_ctx_size(cipher));
return 1;
}
/*
* AES128 CBC Implementation
*/
static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr)
{
return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0);
}
static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc());
}
static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc());
}
static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx)
{
return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc());
}
/*
* AES128 CBC HMAC SHA1 Implementation
*/
static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
int arg, void *ptr)
{
return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1);
}
static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv,
int enc)
{
/*
* We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
* see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
*/
return dasync_cipher_init_key_helper(ctx, key, iv, enc,
EVP_aes_128_cbc_hmac_sha1());
}
static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in,
size_t inl)
{
return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1());
}
static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
{
/*
* We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL,
* see comment before the definition of dasync_aes_128_cbc_hmac_sha1().
*/
return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
}

View file

@ -0,0 +1,3 @@
# The INPUT HEADER is scanned for declarations
# LIBNAME INPUT HEADER ERROR-TABLE FILE
L DASYNC e_dasync_err.h e_dasync_err.c

View file

@ -0,0 +1,22 @@
# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Function codes
DASYNC_F_BIND_DASYNC:107:bind_dasync
DASYNC_F_CIPHER_AES_128_CBC_CODE:100:*
DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY:109:*
DASYNC_F_DASYNC_AES128_INIT_KEY:108:*
DASYNC_F_DASYNC_BN_MOD_EXP:101:*
DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER:110:dasync_cipher_init_key_helper
DASYNC_F_DASYNC_MOD_EXP:102:*
DASYNC_F_DASYNC_PRIVATE_DECRYPT:103:*
DASYNC_F_DASYNC_PRIVATE_ENCRYPT:104:*
DASYNC_F_DASYNC_PUBLIC_DECRYPT:105:*
DASYNC_F_DASYNC_PUBLIC_ENCRYPT:106:*
#Reason codes
DASYNC_R_INIT_FAILED:100:init failed

View file

@ -0,0 +1,73 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/err.h>
#include "e_dasync_err.h"
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA DASYNC_str_functs[] = {
{ERR_PACK(0, DASYNC_F_BIND_DASYNC, 0), "bind_dasync"},
{ERR_PACK(0, DASYNC_F_CIPHER_AES_128_CBC_CODE, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_AES128_INIT_KEY, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_BN_MOD_EXP, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 0),
"dasync_cipher_init_key_helper"},
{ERR_PACK(0, DASYNC_F_DASYNC_MOD_EXP, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_DECRYPT, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_ENCRYPT, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_DECRYPT, 0), ""},
{ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_ENCRYPT, 0), ""},
{0, NULL}
};
static ERR_STRING_DATA DASYNC_str_reasons[] = {
{ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed"},
{0, NULL}
};
#endif
static int lib_code = 0;
static int error_loaded = 0;
static int ERR_load_DASYNC_strings(void)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
if (!error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_load_strings(lib_code, DASYNC_str_functs);
ERR_load_strings(lib_code, DASYNC_str_reasons);
#endif
error_loaded = 1;
}
return 1;
}
static void ERR_unload_DASYNC_strings(void)
{
if (error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(lib_code, DASYNC_str_functs);
ERR_unload_strings(lib_code, DASYNC_str_reasons);
#endif
error_loaded = 0;
}
}
static void ERR_DASYNC_error(int function, int reason, char *file, int line)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
ERR_PUT_error(lib_code, function, reason, file, line);
}

View file

@ -0,0 +1,37 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_DASYNCERR_H
# define HEADER_DASYNCERR_H
# define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
/*
* DASYNC function codes.
*/
# define DASYNC_F_BIND_DASYNC 107
# define DASYNC_F_CIPHER_AES_128_CBC_CODE 100
# define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY 109
# define DASYNC_F_DASYNC_AES128_INIT_KEY 108
# define DASYNC_F_DASYNC_BN_MOD_EXP 101
# define DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER 110
# define DASYNC_F_DASYNC_MOD_EXP 102
# define DASYNC_F_DASYNC_PRIVATE_DECRYPT 103
# define DASYNC_F_DASYNC_PRIVATE_ENCRYPT 104
# define DASYNC_F_DASYNC_PUBLIC_DECRYPT 105
# define DASYNC_F_DASYNC_PUBLIC_ENCRYPT 106
/*
* DASYNC reason codes.
*/
# define DASYNC_R_INIT_FAILED 100
#endif

View file

@ -0,0 +1,696 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This is the OSSLTEST engine. It provides deliberately crippled digest
* implementations for test purposes. It is highly insecure and must NOT be
* used for any purpose except testing
*/
#include <stdio.h>
#include <string.h>
#include <openssl/engine.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/modes.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/crypto.h>
#include "e_ossltest_err.c"
/* Engine Id and Name */
static const char *engine_ossltest_id = "ossltest";
static const char *engine_ossltest_name = "OpenSSL Test engine support";
/* Engine Lifetime functions */
static int ossltest_destroy(ENGINE *e);
static int ossltest_init(ENGINE *e);
static int ossltest_finish(ENGINE *e);
void ENGINE_load_ossltest(void);
/* Set up digests */
static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid);
static const RAND_METHOD *ossltest_rand_method(void);
/* MD5 */
static int digest_md5_init(EVP_MD_CTX *ctx);
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_md5_md = NULL;
static const EVP_MD *digest_md5(void)
{
if (_hidden_md5_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(MD5_CTX))
|| !EVP_MD_meth_set_flags(md, 0)
|| !EVP_MD_meth_set_init(md, digest_md5_init)
|| !EVP_MD_meth_set_update(md, digest_md5_update)
|| !EVP_MD_meth_set_final(md, digest_md5_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_md5_md = md;
}
return _hidden_md5_md;
}
/* SHA1 */
static int digest_sha1_init(EVP_MD_CTX *ctx);
static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_sha1_md = NULL;
static const EVP_MD *digest_sha1(void)
{
if (_hidden_sha1_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha1_init)
|| !EVP_MD_meth_set_update(md, digest_sha1_update)
|| !EVP_MD_meth_set_final(md, digest_sha1_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha1_md = md;
}
return _hidden_sha1_md;
}
/* SHA256 */
static int digest_sha256_init(EVP_MD_CTX *ctx);
static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_sha256_md = NULL;
static const EVP_MD *digest_sha256(void)
{
if (_hidden_sha256_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA256_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha256_init)
|| !EVP_MD_meth_set_update(md, digest_sha256_update)
|| !EVP_MD_meth_set_final(md, digest_sha256_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha256_md = md;
}
return _hidden_sha256_md;
}
/* SHA384/SHA512 */
static int digest_sha384_init(EVP_MD_CTX *ctx);
static int digest_sha512_init(EVP_MD_CTX *ctx);
static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_sha384_md = NULL;
static const EVP_MD *digest_sha384(void)
{
if (_hidden_sha384_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA512_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha384_init)
|| !EVP_MD_meth_set_update(md, digest_sha512_update)
|| !EVP_MD_meth_set_final(md, digest_sha384_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha384_md = md;
}
return _hidden_sha384_md;
}
static EVP_MD *_hidden_sha512_md = NULL;
static const EVP_MD *digest_sha512(void)
{
if (_hidden_sha512_md == NULL) {
EVP_MD *md;
if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
|| !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(md,
sizeof(EVP_MD *) + sizeof(SHA512_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha512_init)
|| !EVP_MD_meth_set_update(md, digest_sha512_update)
|| !EVP_MD_meth_set_final(md, digest_sha512_final)) {
EVP_MD_meth_free(md);
md = NULL;
}
_hidden_sha512_md = md;
}
return _hidden_sha512_md;
}
static void destroy_digests(void)
{
EVP_MD_meth_free(_hidden_md5_md);
_hidden_md5_md = NULL;
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
EVP_MD_meth_free(_hidden_sha256_md);
_hidden_sha256_md = NULL;
EVP_MD_meth_free(_hidden_sha384_md);
_hidden_sha384_md = NULL;
EVP_MD_meth_free(_hidden_sha512_md);
_hidden_sha512_md = NULL;
}
static int ossltest_digest_nids(const int **nids)
{
static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
static int pos = 0;
static int init = 0;
if (!init) {
const EVP_MD *md;
if ((md = digest_md5()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha1()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha256()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha384()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
if ((md = digest_sha512()) != NULL)
digest_nids[pos++] = EVP_MD_type(md);
digest_nids[pos] = 0;
init = 1;
}
*nids = digest_nids;
return pos;
}
/* Setup ciphers */
static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
const int **, int);
static int ossltest_cipher_nids[] = {
NID_aes_128_cbc, NID_aes_128_gcm, 0
};
/* AES128 */
int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr);
static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
static const EVP_CIPHER *ossltest_aes_128_cbc(void)
{
if (_hidden_aes_128_cbc == NULL
&& ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
16 /* block size */,
16 /* key len */)) == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_CBC_MODE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
ossltest_aes128_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
ossltest_aes128_cbc_cipher)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
return _hidden_aes_128_cbc;
}
static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \
| EVP_CIPH_GCM_MODE)
static const EVP_CIPHER *ossltest_aes_128_gcm(void)
{
if (_hidden_aes_128_gcm == NULL
&& ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
1 /* block size */,
16 /* key len */)) == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
ossltest_aes128_gcm_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
ossltest_aes128_gcm_cipher)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
ossltest_aes128_gcm_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
_hidden_aes_128_gcm = NULL;
}
return _hidden_aes_128_gcm;
}
static void destroy_ciphers(void)
{
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
_hidden_aes_128_cbc = NULL;
}
static int bind_ossltest(ENGINE *e)
{
/* Ensure the ossltest error handling is set up */
ERR_load_OSSLTEST_strings();
if (!ENGINE_set_id(e, engine_ossltest_id)
|| !ENGINE_set_name(e, engine_ossltest_name)
|| !ENGINE_set_digests(e, ossltest_digests)
|| !ENGINE_set_ciphers(e, ossltest_ciphers)
|| !ENGINE_set_RAND(e, ossltest_rand_method())
|| !ENGINE_set_destroy_function(e, ossltest_destroy)
|| !ENGINE_set_init_function(e, ossltest_init)
|| !ENGINE_set_finish_function(e, ossltest_finish)) {
OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
return 0;
}
return 1;
}
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_ossltest_id) != 0))
return 0;
if (!bind_ossltest(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
#endif
static ENGINE *engine_ossltest(void)
{
ENGINE *ret = ENGINE_new();
if (ret == NULL)
return NULL;
if (!bind_ossltest(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_ossltest(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_ossltest();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
static int ossltest_init(ENGINE *e)
{
return 1;
}
static int ossltest_finish(ENGINE *e)
{
return 1;
}
static int ossltest_destroy(ENGINE *e)
{
destroy_digests();
destroy_ciphers();
ERR_unload_OSSLTEST_strings();
return 1;
}
static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
int ok = 1;
if (!digest) {
/* We are returning a list of supported nids */
return ossltest_digest_nids(nids);
}
/* We are being asked for a specific digest */
switch (nid) {
case NID_md5:
*digest = digest_md5();
break;
case NID_sha1:
*digest = digest_sha1();
break;
case NID_sha256:
*digest = digest_sha256();
break;
case NID_sha384:
*digest = digest_sha384();
break;
case NID_sha512:
*digest = digest_sha512();
break;
default:
ok = 0;
*digest = NULL;
break;
}
return ok;
}
static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int ok = 1;
if (!cipher) {
/* We are returning a list of supported nids */
*nids = ossltest_cipher_nids;
return (sizeof(ossltest_cipher_nids) - 1)
/ sizeof(ossltest_cipher_nids[0]);
}
/* We are being asked for a specific cipher */
switch (nid) {
case NID_aes_128_cbc:
*cipher = ossltest_aes_128_cbc();
break;
case NID_aes_128_gcm:
*cipher = ossltest_aes_128_gcm();
break;
default:
ok = 0;
*cipher = NULL;
break;
}
return ok;
}
static void fill_known_data(unsigned char *md, unsigned int len)
{
unsigned int i;
for (i=0; i<len; i++) {
md[i] = (unsigned char)(i & 0xff);
}
}
/*
* MD5 implementation. We go through the motions of doing MD5 by deferring to
* the standard implementation. Then we overwrite the result with a will defined
* value, so that all "MD5" digests using the test engine always end up with
* the same value.
*/
#undef data
#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_md5_init(EVP_MD_CTX *ctx)
{
return MD5_Init(data(ctx));
}
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return MD5_Update(data(ctx), data, (size_t)count);
}
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = MD5_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, MD5_DIGEST_LENGTH);
}
return ret;
}
/*
* SHA1 implementation.
*/
#undef data
#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha1_init(EVP_MD_CTX *ctx)
{
return SHA1_Init(data(ctx));
}
static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return SHA1_Update(data(ctx), data, (size_t)count);
}
static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = SHA1_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA_DIGEST_LENGTH);
}
return ret;
}
/*
* SHA256 implementation.
*/
#undef data
#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha256_init(EVP_MD_CTX *ctx)
{
return SHA256_Init(data(ctx));
}
static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return SHA256_Update(data(ctx), data, (size_t)count);
}
static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = SHA256_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA256_DIGEST_LENGTH);
}
return ret;
}
/*
* SHA384/512 implementation.
*/
#undef data
#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha384_init(EVP_MD_CTX *ctx)
{
return SHA384_Init(data(ctx));
}
static int digest_sha512_init(EVP_MD_CTX *ctx)
{
return SHA512_Init(data(ctx));
}
static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
return SHA512_Update(data(ctx), data, (size_t)count);
}
static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
/* Actually uses SHA512_Final! */
ret = SHA512_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA384_DIGEST_LENGTH);
}
return ret;
}
static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
{
int ret;
ret = SHA512_Final(md, data(ctx));
if (ret > 0) {
fill_known_data(md, SHA512_DIGEST_LENGTH);
}
return ret;
}
/*
* AES128 Implementation
*/
int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
}
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
unsigned char *tmpbuf;
int ret;
tmpbuf = OPENSSL_malloc(inl);
/* OPENSSL_malloc will return NULL if inl == 0 */
if (tmpbuf == NULL && inl > 0)
return -1;
/* Remember what we were asked to encrypt */
if (tmpbuf != NULL)
memcpy(tmpbuf, in, inl);
/* Go through the motions of encrypting it */
ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
/* Throw it all away and just use the plaintext as the output */
if (tmpbuf != NULL)
memcpy(out, tmpbuf, inl);
OPENSSL_free(tmpbuf);
return ret;
}
int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
}
int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
unsigned char *tmpbuf = OPENSSL_malloc(inl);
/* OPENSSL_malloc will return NULL if inl == 0 */
if (tmpbuf == NULL && inl > 0)
return -1;
/* Remember what we were asked to encrypt */
if (tmpbuf != NULL)
memcpy(tmpbuf, in, inl);
/* Go through the motions of encrypting it */
EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
/* Throw it all away and just use the plaintext as the output */
if (tmpbuf != NULL && out != NULL)
memcpy(out, tmpbuf, inl);
OPENSSL_free(tmpbuf);
return inl;
}
static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
void *ptr)
{
/* Pass the ctrl down */
int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
if (ret <= 0)
return ret;
switch(type) {
case EVP_CTRL_AEAD_GET_TAG:
/* Always give the same tag */
memset(ptr, 0, EVP_GCM_TLS_TAG_LEN);
break;
default:
break;
}
return 1;
}
static int ossltest_rand_bytes(unsigned char *buf, int num)
{
unsigned char val = 1;
while (--num >= 0)
*buf++ = val++;
return 1;
}
static int ossltest_rand_status(void)
{
return 1;
}
static const RAND_METHOD *ossltest_rand_method(void)
{
static RAND_METHOD osslt_rand_meth = {
NULL,
ossltest_rand_bytes,
NULL,
NULL,
ossltest_rand_bytes,
ossltest_rand_status
};
return &osslt_rand_meth;
}

View file

@ -0,0 +1,3 @@
# The INPUT HEADER is scanned for declarations
# LIBNAME INPUT HEADER ERROR-TABLE FILE
L OSSLTEST e_ossltest_err.h e_ossltest_err.c

View file

@ -0,0 +1,13 @@
# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Function codes
OSSLTEST_F_BIND_OSSLTEST:100:bind_ossltest
OSSLTEST_F_OSSLTEST_AES128_INIT_KEY:101:*
#Reason codes
OSSLTEST_R_INIT_FAILED:100:init failed

View file

@ -0,0 +1,63 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/err.h>
#include "e_ossltest_err.h"
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA OSSLTEST_str_functs[] = {
{ERR_PACK(0, OSSLTEST_F_BIND_OSSLTEST, 0), "bind_ossltest"},
{ERR_PACK(0, OSSLTEST_F_OSSLTEST_AES128_INIT_KEY, 0), ""},
{0, NULL}
};
static ERR_STRING_DATA OSSLTEST_str_reasons[] = {
{ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed"},
{0, NULL}
};
#endif
static int lib_code = 0;
static int error_loaded = 0;
static int ERR_load_OSSLTEST_strings(void)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
if (!error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_load_strings(lib_code, OSSLTEST_str_functs);
ERR_load_strings(lib_code, OSSLTEST_str_reasons);
#endif
error_loaded = 1;
}
return 1;
}
static void ERR_unload_OSSLTEST_strings(void)
{
if (error_loaded) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(lib_code, OSSLTEST_str_functs);
ERR_unload_strings(lib_code, OSSLTEST_str_reasons);
#endif
error_loaded = 0;
}
}
static void ERR_OSSLTEST_error(int function, int reason, char *file, int line)
{
if (lib_code == 0)
lib_code = ERR_get_next_error_library();
ERR_PUT_error(lib_code, function, reason, file, line);
}

View file

@ -0,0 +1,28 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_OSSLTESTERR_H
# define HEADER_OSSLTESTERR_H
# define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
/*
* OSSLTEST function codes.
*/
# define OSSLTEST_F_BIND_OSSLTEST 100
# define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY 101
/*
* OSSLTEST reason codes.
*/
# define OSSLTEST_R_INIT_FAILED 100
#endif

View file

@ -0,0 +1,747 @@
/*
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/modes.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_PADLOCK
/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
# if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
# define DYNAMIC_ENGINE
# endif
# elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
# ifdef ENGINE_DYNAMIC_SUPPORT
# define DYNAMIC_ENGINE
# endif
# else
# error "Only OpenSSL >= 0.9.7 is supported"
# endif
/*
* VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
* doesn't exist elsewhere, but it even can't be compiled on other platforms!
*/
# undef COMPILE_HW_PADLOCK
# if !defined(I386_ONLY) && defined(PADLOCK_ASM)
# define COMPILE_HW_PADLOCK
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *ENGINE_padlock(void);
# endif
# endif
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
void engine_load_padlock_int(void);
void engine_load_padlock_int(void)
{
/* On non-x86 CPUs it just returns. */
# ifdef COMPILE_HW_PADLOCK
ENGINE *toadd = ENGINE_padlock();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
# endif
}
# endif
# ifdef COMPILE_HW_PADLOCK
/* Function for ENGINE detection and control */
static int padlock_available(void);
static int padlock_init(ENGINE *e);
/* RNG Stuff */
static RAND_METHOD padlock_rand;
/* Cipher Stuff */
static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
/* Engine names */
static const char *padlock_id = "padlock";
static char padlock_name[100];
/* Available features */
static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
static int padlock_use_rng = 0; /* Random Number Generator */
/* ===== Engine "management" functions ===== */
/* Prepare the ENGINE structure for registration */
static int padlock_bind_helper(ENGINE *e)
{
/* Check available features */
padlock_available();
/*
* RNG is currently disabled for reasons discussed in commentary just
* before padlock_rand_bytes function.
*/
padlock_use_rng = 0;
/* Generate a nice engine name with available features */
BIO_snprintf(padlock_name, sizeof(padlock_name),
"VIA PadLock (%s, %s)",
padlock_use_rng ? "RNG" : "no-RNG",
padlock_use_ace ? "ACE" : "no-ACE");
/* Register everything or return with an error */
if (!ENGINE_set_id(e, padlock_id) ||
!ENGINE_set_name(e, padlock_name) ||
!ENGINE_set_init_function(e, padlock_init) ||
(padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
(padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
return 0;
}
/* Everything looks good */
return 1;
}
# ifdef OPENSSL_NO_DYNAMIC_ENGINE
/* Constructor */
static ENGINE *ENGINE_padlock(void)
{
ENGINE *eng = ENGINE_new();
if (eng == NULL) {
return NULL;
}
if (!padlock_bind_helper(eng)) {
ENGINE_free(eng);
return NULL;
}
return eng;
}
# endif
/* Check availability of the engine */
static int padlock_init(ENGINE *e)
{
return (padlock_use_rng || padlock_use_ace);
}
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifdef DYNAMIC_ENGINE
static int padlock_bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, padlock_id) != 0)) {
return 0;
}
if (!padlock_bind_helper(e)) {
return 0;
}
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
# endif /* DYNAMIC_ENGINE */
/* ===== Here comes the "real" engine ===== */
/* Some AES-related constants */
# define AES_BLOCK_SIZE 16
# define AES_KEY_SIZE_128 16
# define AES_KEY_SIZE_192 24
# define AES_KEY_SIZE_256 32
/*
* Here we store the status information relevant to the current context.
*/
/*
* BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
* the order of items in this structure. Don't blindly modify, reorder,
* etc!
*/
struct padlock_cipher_data {
unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
union {
unsigned int pad[4];
struct {
int rounds:4;
int dgst:1; /* n/a in C3 */
int align:1; /* n/a in C3 */
int ciphr:1; /* n/a in C3 */
unsigned int keygen:1;
int interm:1;
unsigned int encdec:1;
int ksize:2;
} b;
} cword; /* Control word */
AES_KEY ks; /* Encryption key */
};
/* Interface to assembler module */
unsigned int padlock_capability(void);
void padlock_key_bswap(AES_KEY *key);
void padlock_verify_context(struct padlock_cipher_data *ctx);
void padlock_reload_key(void);
void padlock_aes_block(void *out, const void *inp,
struct padlock_cipher_data *ctx);
int padlock_ecb_encrypt(void *out, const void *inp,
struct padlock_cipher_data *ctx, size_t len);
int padlock_cbc_encrypt(void *out, const void *inp,
struct padlock_cipher_data *ctx, size_t len);
int padlock_cfb_encrypt(void *out, const void *inp,
struct padlock_cipher_data *ctx, size_t len);
int padlock_ofb_encrypt(void *out, const void *inp,
struct padlock_cipher_data *ctx, size_t len);
int padlock_ctr32_encrypt(void *out, const void *inp,
struct padlock_cipher_data *ctx, size_t len);
int padlock_xstore(void *out, int edx);
void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
void padlock_sha1(void *ctx, const void *inp, size_t len);
void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
void padlock_sha256(void *ctx, const void *inp, size_t len);
/*
* Load supported features of the CPU to see if the PadLock is available.
*/
static int padlock_available(void)
{
unsigned int edx = padlock_capability();
/* Fill up some flags */
padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
return padlock_use_ace + padlock_use_rng;
}
/* ===== AES encryption/decryption ===== */
# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
# define NID_aes_128_cfb NID_aes_128_cfb128
# endif
# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
# define NID_aes_128_ofb NID_aes_128_ofb128
# endif
# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
# define NID_aes_192_cfb NID_aes_192_cfb128
# endif
# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
# define NID_aes_192_ofb NID_aes_192_ofb128
# endif
# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
# define NID_aes_256_cfb NID_aes_256_cfb128
# endif
# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
# define NID_aes_256_ofb NID_aes_256_ofb128
# endif
/* List of supported ciphers. */
static const int padlock_cipher_nids[] = {
NID_aes_128_ecb,
NID_aes_128_cbc,
NID_aes_128_cfb,
NID_aes_128_ofb,
NID_aes_128_ctr,
NID_aes_192_ecb,
NID_aes_192_cbc,
NID_aes_192_cfb,
NID_aes_192_ofb,
NID_aes_192_ctr,
NID_aes_256_ecb,
NID_aes_256_cbc,
NID_aes_256_cfb,
NID_aes_256_ofb,
NID_aes_256_ctr
};
static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
sizeof(padlock_cipher_nids[0]));
/* Function prototypes ... */
static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
static int
padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
const unsigned char *in_arg, size_t nbytes)
{
return padlock_ecb_encrypt(out_arg, in_arg,
ALIGNED_CIPHER_DATA(ctx), nbytes);
}
static int
padlock_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
const unsigned char *in_arg, size_t nbytes)
{
struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
int ret;
memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
if ((ret = padlock_cbc_encrypt(out_arg, in_arg, cdata, nbytes)))
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
return ret;
}
static int
padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
const unsigned char *in_arg, size_t nbytes)
{
struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
size_t chunk;
if ((chunk = EVP_CIPHER_CTX_num(ctx))) { /* borrow chunk variable */
unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
if (chunk >= AES_BLOCK_SIZE)
return 0; /* bogus value */
if (EVP_CIPHER_CTX_encrypting(ctx))
while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
chunk++, nbytes--;
} else
while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
unsigned char c = *(in_arg++);
*(out_arg++) = c ^ ivp[chunk];
ivp[chunk++] = c, nbytes--;
}
EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
}
if (nbytes == 0)
return 1;
memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
if (!padlock_cfb_encrypt(out_arg, in_arg, cdata, chunk))
return 0;
nbytes -= chunk;
}
if (nbytes) {
unsigned char *ivp = cdata->iv;
out_arg += chunk;
in_arg += chunk;
EVP_CIPHER_CTX_set_num(ctx, nbytes);
if (cdata->cword.b.encdec) {
cdata->cword.b.encdec = 0;
padlock_reload_key();
padlock_aes_block(ivp, ivp, cdata);
cdata->cword.b.encdec = 1;
padlock_reload_key();
while (nbytes) {
unsigned char c = *(in_arg++);
*(out_arg++) = c ^ *ivp;
*(ivp++) = c, nbytes--;
}
} else {
padlock_reload_key();
padlock_aes_block(ivp, ivp, cdata);
padlock_reload_key();
while (nbytes) {
*ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
ivp++, nbytes--;
}
}
}
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
return 1;
}
static int
padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
const unsigned char *in_arg, size_t nbytes)
{
struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
size_t chunk;
/*
* ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
*/
if ((chunk = EVP_CIPHER_CTX_num(ctx))) { /* borrow chunk variable */
unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
if (chunk >= AES_BLOCK_SIZE)
return 0; /* bogus value */
while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
*(out_arg++) = *(in_arg++) ^ ivp[chunk];
chunk++, nbytes--;
}
EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
}
if (nbytes == 0)
return 1;
memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
if (!padlock_ofb_encrypt(out_arg, in_arg, cdata, chunk))
return 0;
nbytes -= chunk;
}
if (nbytes) {
unsigned char *ivp = cdata->iv;
out_arg += chunk;
in_arg += chunk;
EVP_CIPHER_CTX_set_num(ctx, nbytes);
padlock_reload_key(); /* empirically found */
padlock_aes_block(ivp, ivp, cdata);
padlock_reload_key(); /* empirically found */
while (nbytes) {
*(out_arg++) = *(in_arg++) ^ *ivp;
ivp++, nbytes--;
}
}
memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
return 1;
}
static void padlock_ctr32_encrypt_glue(const unsigned char *in,
unsigned char *out, size_t blocks,
struct padlock_cipher_data *ctx,
const unsigned char *ivec)
{
memcpy(ctx->iv, ivec, AES_BLOCK_SIZE);
padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks);
}
static int
padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
const unsigned char *in_arg, size_t nbytes)
{
struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
unsigned int num = EVP_CIPHER_CTX_num(ctx);
CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
EVP_CIPHER_CTX_buf_noconst(ctx), &num,
(ctr128_f) padlock_ctr32_encrypt_glue);
EVP_CIPHER_CTX_set_num(ctx, (size_t)num);
return 1;
}
# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
# define EVP_CIPHER_block_size_OFB 1
# define EVP_CIPHER_block_size_CFB 1
# define EVP_CIPHER_block_size_CTR 1
/*
* Declaring so many ciphers by hand would be a pain. Instead introduce a bit
* of preprocessor magic :-)
*/
# define DECLARE_AES_EVP(ksize,lmode,umode) \
static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
{ \
if (_hidden_aes_##ksize##_##lmode == NULL \
&& ((_hidden_aes_##ksize##_##lmode = \
EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \
EVP_CIPHER_block_size_##umode, \
AES_KEY_SIZE_##ksize)) == NULL \
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
AES_BLOCK_SIZE) \
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
0 | EVP_CIPH_##umode##_MODE) \
|| !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
padlock_aes_init_key) \
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
padlock_##lmode##_cipher) \
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
sizeof(struct padlock_cipher_data) + 16) \
|| !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
EVP_CIPHER_set_asn1_iv) \
|| !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
EVP_CIPHER_get_asn1_iv))) { \
EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode); \
_hidden_aes_##ksize##_##lmode = NULL; \
} \
return _hidden_aes_##ksize##_##lmode; \
}
DECLARE_AES_EVP(128, ecb, ECB)
DECLARE_AES_EVP(128, cbc, CBC)
DECLARE_AES_EVP(128, cfb, CFB)
DECLARE_AES_EVP(128, ofb, OFB)
DECLARE_AES_EVP(128, ctr, CTR)
DECLARE_AES_EVP(192, ecb, ECB)
DECLARE_AES_EVP(192, cbc, CBC)
DECLARE_AES_EVP(192, cfb, CFB)
DECLARE_AES_EVP(192, ofb, OFB)
DECLARE_AES_EVP(192, ctr, CTR)
DECLARE_AES_EVP(256, ecb, ECB)
DECLARE_AES_EVP(256, cbc, CBC)
DECLARE_AES_EVP(256, cfb, CFB)
DECLARE_AES_EVP(256, ofb, OFB)
DECLARE_AES_EVP(256, ctr, CTR)
static int
padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
int nid)
{
/* No specific cipher => return a list of supported nids ... */
if (!cipher) {
*nids = padlock_cipher_nids;
return padlock_cipher_nids_num;
}
/* ... or the requested "cipher" otherwise */
switch (nid) {
case NID_aes_128_ecb:
*cipher = padlock_aes_128_ecb();
break;
case NID_aes_128_cbc:
*cipher = padlock_aes_128_cbc();
break;
case NID_aes_128_cfb:
*cipher = padlock_aes_128_cfb();
break;
case NID_aes_128_ofb:
*cipher = padlock_aes_128_ofb();
break;
case NID_aes_128_ctr:
*cipher = padlock_aes_128_ctr();
break;
case NID_aes_192_ecb:
*cipher = padlock_aes_192_ecb();
break;
case NID_aes_192_cbc:
*cipher = padlock_aes_192_cbc();
break;
case NID_aes_192_cfb:
*cipher = padlock_aes_192_cfb();
break;
case NID_aes_192_ofb:
*cipher = padlock_aes_192_ofb();
break;
case NID_aes_192_ctr:
*cipher = padlock_aes_192_ctr();
break;
case NID_aes_256_ecb:
*cipher = padlock_aes_256_ecb();
break;
case NID_aes_256_cbc:
*cipher = padlock_aes_256_cbc();
break;
case NID_aes_256_cfb:
*cipher = padlock_aes_256_cfb();
break;
case NID_aes_256_ofb:
*cipher = padlock_aes_256_ofb();
break;
case NID_aes_256_ctr:
*cipher = padlock_aes_256_ctr();
break;
default:
/* Sorry, we don't support this NID */
*cipher = NULL;
return 0;
}
return 1;
}
/* Prepare the encryption key for PadLock usage */
static int
padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
struct padlock_cipher_data *cdata;
int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
unsigned long mode = EVP_CIPHER_CTX_mode(ctx);
if (key == NULL)
return 0; /* ERROR */
cdata = ALIGNED_CIPHER_DATA(ctx);
memset(cdata, 0, sizeof(*cdata));
/* Prepare Control word. */
if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE)
cdata->cword.b.encdec = 0;
else
cdata->cword.b.encdec = (EVP_CIPHER_CTX_encrypting(ctx) == 0);
cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
cdata->cword.b.ksize = (key_len - 128) / 64;
switch (key_len) {
case 128:
/*
* PadLock can generate an extended key for AES128 in hardware
*/
memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
cdata->cword.b.keygen = 0;
break;
case 192:
case 256:
/*
* Generate an extended AES key in software. Needed for AES192/AES256
*/
/*
* Well, the above applies to Stepping 8 CPUs and is listed as
* hardware errata. They most likely will fix it at some point and
* then a check for stepping would be due here.
*/
if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
&& !enc)
AES_set_decrypt_key(key, key_len, &cdata->ks);
else
AES_set_encrypt_key(key, key_len, &cdata->ks);
# ifndef AES_ASM
/*
* OpenSSL C functions use byte-swapped extended key.
*/
padlock_key_bswap(&cdata->ks);
# endif
cdata->cword.b.keygen = 1;
break;
default:
/* ERROR */
return 0;
}
/*
* This is done to cover for cases when user reuses the
* context for new key. The catch is that if we don't do
* this, padlock_eas_cipher might proceed with old key...
*/
padlock_reload_key();
return 1;
}
/* ===== Random Number Generator ===== */
/*
* This code is not engaged. The reason is that it does not comply
* with recommendations for VIA RNG usage for secure applications
* (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
* provide meaningful error control...
*/
/*
* Wrapper that provides an interface between the API and the raw PadLock
* RNG
*/
static int padlock_rand_bytes(unsigned char *output, int count)
{
unsigned int eax, buf;
while (count >= 8) {
eax = padlock_xstore(output, 0);
if (!(eax & (1 << 6)))
return 0; /* RNG disabled */
/* this ---vv--- covers DC bias, Raw Bits and String Filter */
if (eax & (0x1F << 10))
return 0;
if ((eax & 0x1F) == 0)
continue; /* no data, retry... */
if ((eax & 0x1F) != 8)
return 0; /* fatal failure... */
output += 8;
count -= 8;
}
while (count > 0) {
eax = padlock_xstore(&buf, 3);
if (!(eax & (1 << 6)))
return 0; /* RNG disabled */
/* this ---vv--- covers DC bias, Raw Bits and String Filter */
if (eax & (0x1F << 10))
return 0;
if ((eax & 0x1F) == 0)
continue; /* no data, retry... */
if ((eax & 0x1F) != 1)
return 0; /* fatal failure... */
*output++ = (unsigned char)buf;
count--;
}
OPENSSL_cleanse(&buf, sizeof(buf));
return 1;
}
/* Dummy but necessary function */
static int padlock_rand_status(void)
{
return 1;
}
/* Prepare structure for registration */
static RAND_METHOD padlock_rand = {
NULL, /* seed */
padlock_rand_bytes, /* bytes */
NULL, /* cleanup */
NULL, /* add */
padlock_rand_bytes, /* pseudorand */
padlock_rand_status, /* rand status */
};
# endif /* COMPILE_HW_PADLOCK */
# endif /* !OPENSSL_NO_HW_PADLOCK */
#endif /* !OPENSSL_NO_HW */
#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
|| !defined(COMPILE_HW_PADLOCK)
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
{
return 0;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
# endif
#endif