1109998Smarkm/* crypto/engine/eng_openssl.c */ 2280304Sjkim/* 3280304Sjkim * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project 4280304Sjkim * 2000. 5109998Smarkm */ 6109998Smarkm/* ==================================================================== 7109998Smarkm * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. 8109998Smarkm * 9109998Smarkm * Redistribution and use in source and binary forms, with or without 10109998Smarkm * modification, are permitted provided that the following conditions 11109998Smarkm * are met: 12109998Smarkm * 13109998Smarkm * 1. Redistributions of source code must retain the above copyright 14280304Sjkim * notice, this list of conditions and the following disclaimer. 15109998Smarkm * 16109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 17109998Smarkm * notice, this list of conditions and the following disclaimer in 18109998Smarkm * the documentation and/or other materials provided with the 19109998Smarkm * distribution. 20109998Smarkm * 21109998Smarkm * 3. All advertising materials mentioning features or use of this 22109998Smarkm * software must display the following acknowledgment: 23109998Smarkm * "This product includes software developed by the OpenSSL Project 24109998Smarkm * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25109998Smarkm * 26109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27109998Smarkm * endorse or promote products derived from this software without 28109998Smarkm * prior written permission. For written permission, please contact 29109998Smarkm * licensing@OpenSSL.org. 30109998Smarkm * 31109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 32109998Smarkm * nor may "OpenSSL" appear in their names without prior written 33109998Smarkm * permission of the OpenSSL Project. 34109998Smarkm * 35109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 36109998Smarkm * acknowledgment: 37109998Smarkm * "This product includes software developed by the OpenSSL Project 38109998Smarkm * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39109998Smarkm * 40109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 52109998Smarkm * ==================================================================== 53109998Smarkm * 54109998Smarkm * This product includes cryptographic software written by Eric Young 55109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 56109998Smarkm * Hudson (tjh@cryptsoft.com). 57109998Smarkm * 58109998Smarkm */ 59160814Ssimon/* ==================================================================== 60160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 61280304Sjkim * ECDH support in OpenSSL originally developed by 62160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 63160814Ssimon */ 64109998Smarkm 65109998Smarkm#include <stdio.h> 66109998Smarkm#include <openssl/crypto.h> 67109998Smarkm#include "cryptlib.h" 68109998Smarkm#include <openssl/engine.h> 69109998Smarkm#include <openssl/dso.h> 70109998Smarkm#include <openssl/pem.h> 71109998Smarkm#include <openssl/evp.h> 72160814Ssimon#include <openssl/rand.h> 73160814Ssimon#ifndef OPENSSL_NO_RSA 74280304Sjkim# include <openssl/rsa.h> 75160814Ssimon#endif 76160814Ssimon#ifndef OPENSSL_NO_DSA 77280304Sjkim# include <openssl/dsa.h> 78160814Ssimon#endif 79160814Ssimon#ifndef OPENSSL_NO_DH 80280304Sjkim# include <openssl/dh.h> 81160814Ssimon#endif 82109998Smarkm 83280304Sjkim/* 84280304Sjkim * This testing gunk is implemented (and explained) lower down. It also 85280304Sjkim * assumes the application explicitly calls "ENGINE_load_openssl()" because 86280304Sjkim * this is no longer automatic in ENGINE_load_builtin_engines(). 87280304Sjkim */ 88109998Smarkm#define TEST_ENG_OPENSSL_RC4 89109998Smarkm#define TEST_ENG_OPENSSL_PKEY 90109998Smarkm/* #define TEST_ENG_OPENSSL_RC4_OTHERS */ 91109998Smarkm#define TEST_ENG_OPENSSL_RC4_P_INIT 92109998Smarkm/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ 93109998Smarkm#define TEST_ENG_OPENSSL_SHA 94109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_OTHERS */ 95109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_INIT */ 96109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ 97109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ 98109998Smarkm 99109998Smarkm/* Now check what of those algorithms are actually enabled */ 100109998Smarkm#ifdef OPENSSL_NO_RC4 101280304Sjkim# undef TEST_ENG_OPENSSL_RC4 102280304Sjkim# undef TEST_ENG_OPENSSL_RC4_OTHERS 103280304Sjkim# undef TEST_ENG_OPENSSL_RC4_P_INIT 104280304Sjkim# undef TEST_ENG_OPENSSL_RC4_P_CIPHER 105109998Smarkm#endif 106109998Smarkm#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) 107280304Sjkim# undef TEST_ENG_OPENSSL_SHA 108280304Sjkim# undef TEST_ENG_OPENSSL_SHA_OTHERS 109280304Sjkim# undef TEST_ENG_OPENSSL_SHA_P_INIT 110280304Sjkim# undef TEST_ENG_OPENSSL_SHA_P_UPDATE 111280304Sjkim# undef TEST_ENG_OPENSSL_SHA_P_FINAL 112109998Smarkm#endif 113109998Smarkm 114109998Smarkm#ifdef TEST_ENG_OPENSSL_RC4 115109998Smarkmstatic int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 116280304Sjkim const int **nids, int nid); 117109998Smarkm#endif 118109998Smarkm#ifdef TEST_ENG_OPENSSL_SHA 119109998Smarkmstatic int openssl_digests(ENGINE *e, const EVP_MD **digest, 120280304Sjkim const int **nids, int nid); 121109998Smarkm#endif 122109998Smarkm 123109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY 124109998Smarkmstatic EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, 125280304Sjkim UI_METHOD *ui_method, 126280304Sjkim void *callback_data); 127109998Smarkm#endif 128109998Smarkm 129109998Smarkm/* The constants used when creating the ENGINE */ 130109998Smarkmstatic const char *engine_openssl_id = "openssl"; 131109998Smarkmstatic const char *engine_openssl_name = "Software engine support"; 132109998Smarkm 133280304Sjkim/* 134280304Sjkim * This internal function is used by ENGINE_openssl() and possibly by the 135280304Sjkim * "dynamic" ENGINE support too 136280304Sjkim */ 137109998Smarkmstatic int bind_helper(ENGINE *e) 138280304Sjkim{ 139280304Sjkim if (!ENGINE_set_id(e, engine_openssl_id) 140280304Sjkim || !ENGINE_set_name(e, engine_openssl_name) 141109998Smarkm#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS 142280304Sjkim# ifndef OPENSSL_NO_RSA 143280304Sjkim || !ENGINE_set_RSA(e, RSA_get_default_method()) 144280304Sjkim# endif 145280304Sjkim# ifndef OPENSSL_NO_DSA 146280304Sjkim || !ENGINE_set_DSA(e, DSA_get_default_method()) 147280304Sjkim# endif 148280304Sjkim# ifndef OPENSSL_NO_ECDH 149280304Sjkim || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) 150280304Sjkim# endif 151280304Sjkim# ifndef OPENSSL_NO_ECDSA 152280304Sjkim || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) 153280304Sjkim# endif 154280304Sjkim# ifndef OPENSSL_NO_DH 155280304Sjkim || !ENGINE_set_DH(e, DH_get_default_method()) 156280304Sjkim# endif 157280304Sjkim || !ENGINE_set_RAND(e, RAND_SSLeay()) 158280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4 159280304Sjkim || !ENGINE_set_ciphers(e, openssl_ciphers) 160280304Sjkim# endif 161280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA 162280304Sjkim || !ENGINE_set_digests(e, openssl_digests) 163280304Sjkim# endif 164109998Smarkm#endif 165109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY 166280304Sjkim || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) 167109998Smarkm#endif 168280304Sjkim ) 169280304Sjkim return 0; 170280304Sjkim /* 171280304Sjkim * If we add errors to this ENGINE, ensure the error handling is setup 172280304Sjkim * here 173280304Sjkim */ 174280304Sjkim /* openssl_load_error_strings(); */ 175280304Sjkim return 1; 176280304Sjkim} 177109998Smarkm 178109998Smarkmstatic ENGINE *engine_openssl(void) 179280304Sjkim{ 180280304Sjkim ENGINE *ret = ENGINE_new(); 181280304Sjkim if (!ret) 182280304Sjkim return NULL; 183280304Sjkim if (!bind_helper(ret)) { 184280304Sjkim ENGINE_free(ret); 185280304Sjkim return NULL; 186280304Sjkim } 187280304Sjkim return ret; 188280304Sjkim} 189109998Smarkm 190109998Smarkmvoid ENGINE_load_openssl(void) 191280304Sjkim{ 192280304Sjkim ENGINE *toadd = engine_openssl(); 193280304Sjkim if (!toadd) 194280304Sjkim return; 195280304Sjkim ENGINE_add(toadd); 196280304Sjkim /* 197280304Sjkim * If the "add" worked, it gets a structural reference. So either way, we 198280304Sjkim * release our just-created reference. 199280304Sjkim */ 200280304Sjkim ENGINE_free(toadd); 201280304Sjkim ERR_clear_error(); 202280304Sjkim} 203109998Smarkm 204280304Sjkim/* 205280304Sjkim * This stuff is needed if this ENGINE is being compiled into a 206280304Sjkim * self-contained shared-library. 207280304Sjkim */ 208109998Smarkm#ifdef ENGINE_DYNAMIC_SUPPORT 209109998Smarkmstatic int bind_fn(ENGINE *e, const char *id) 210280304Sjkim{ 211280304Sjkim if (id && (strcmp(id, engine_openssl_id) != 0)) 212280304Sjkim return 0; 213280304Sjkim if (!bind_helper(e)) 214280304Sjkim return 0; 215280304Sjkim return 1; 216280304Sjkim} 217280304Sjkim 218109998SmarkmIMPLEMENT_DYNAMIC_CHECK_FN() 219280304Sjkim IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) 220280304Sjkim#endif /* ENGINE_DYNAMIC_SUPPORT */ 221109998Smarkm#ifdef TEST_ENG_OPENSSL_RC4 222280304Sjkim/*- 223280304Sjkim * This section of code compiles an "alternative implementation" of two modes of 224109998Smarkm * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" 225109998Smarkm * should under normal circumstances go via this support rather than the default 226109998Smarkm * EVP support. There are other symbols to tweak the testing; 227109998Smarkm * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time 228109998Smarkm * we're asked for a cipher we don't support (should not happen). 229109998Smarkm * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time 230109998Smarkm * the "init_key" handler is called. 231109998Smarkm * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. 232109998Smarkm */ 233280304Sjkim# include <openssl/rc4.h> 234280304Sjkim# define TEST_RC4_KEY_SIZE 16 235280304Sjkimstatic int test_cipher_nids[] = { NID_rc4, NID_rc4_40 }; 236280304Sjkim 237109998Smarkmstatic int test_cipher_nids_number = 2; 238109998Smarkmtypedef struct { 239280304Sjkim unsigned char key[TEST_RC4_KEY_SIZE]; 240280304Sjkim RC4_KEY ks; 241280304Sjkim} TEST_RC4_KEY; 242280304Sjkim# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) 243109998Smarkmstatic int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 244280304Sjkim const unsigned char *iv, int enc) 245280304Sjkim{ 246280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4_P_INIT 247280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); 248280304Sjkim# endif 249280304Sjkim memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx)); 250280304Sjkim RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), 251280304Sjkim test(ctx)->key); 252280304Sjkim return 1; 253280304Sjkim} 254280304Sjkim 255109998Smarkmstatic int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 256280304Sjkim const unsigned char *in, size_t inl) 257280304Sjkim{ 258280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER 259280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); 260280304Sjkim# endif 261280304Sjkim RC4(&test(ctx)->ks, inl, in, out); 262280304Sjkim return 1; 263280304Sjkim} 264280304Sjkim 265280304Sjkimstatic const EVP_CIPHER test_r4_cipher = { 266280304Sjkim NID_rc4, 267280304Sjkim 1, TEST_RC4_KEY_SIZE, 0, 268280304Sjkim EVP_CIPH_VARIABLE_LENGTH, 269280304Sjkim test_rc4_init_key, 270280304Sjkim test_rc4_cipher, 271280304Sjkim NULL, 272280304Sjkim sizeof(TEST_RC4_KEY), 273280304Sjkim NULL, 274280304Sjkim NULL, 275280304Sjkim NULL, 276280304Sjkim NULL 277280304Sjkim}; 278280304Sjkim 279280304Sjkimstatic const EVP_CIPHER test_r4_40_cipher = { 280280304Sjkim NID_rc4_40, 281280304Sjkim 1, 5 /* 40 bit */ , 0, 282280304Sjkim EVP_CIPH_VARIABLE_LENGTH, 283280304Sjkim test_rc4_init_key, 284280304Sjkim test_rc4_cipher, 285280304Sjkim NULL, 286280304Sjkim sizeof(TEST_RC4_KEY), 287280304Sjkim NULL, 288280304Sjkim NULL, 289280304Sjkim NULL, 290280304Sjkim NULL 291280304Sjkim}; 292280304Sjkim 293109998Smarkmstatic int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 294280304Sjkim const int **nids, int nid) 295280304Sjkim{ 296280304Sjkim if (!cipher) { 297280304Sjkim /* We are returning a list of supported nids */ 298280304Sjkim *nids = test_cipher_nids; 299280304Sjkim return test_cipher_nids_number; 300280304Sjkim } 301280304Sjkim /* We are being asked for a specific cipher */ 302280304Sjkim if (nid == NID_rc4) 303280304Sjkim *cipher = &test_r4_cipher; 304280304Sjkim else if (nid == NID_rc4_40) 305280304Sjkim *cipher = &test_r4_40_cipher; 306280304Sjkim else { 307280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4_OTHERS 308280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " 309280304Sjkim "nid %d\n", nid); 310280304Sjkim# endif 311280304Sjkim *cipher = NULL; 312280304Sjkim return 0; 313280304Sjkim } 314280304Sjkim return 1; 315280304Sjkim} 316109998Smarkm#endif 317109998Smarkm 318109998Smarkm#ifdef TEST_ENG_OPENSSL_SHA 319109998Smarkm/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ 320280304Sjkim# include <openssl/sha.h> 321280304Sjkimstatic int test_digest_nids[] = { NID_sha1 }; 322280304Sjkim 323109998Smarkmstatic int test_digest_nids_number = 1; 324109998Smarkmstatic int test_sha1_init(EVP_MD_CTX *ctx) 325280304Sjkim{ 326280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_P_INIT 327280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); 328280304Sjkim# endif 329280304Sjkim return SHA1_Init(ctx->md_data); 330280304Sjkim} 331280304Sjkim 332280304Sjkimstatic int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) 333280304Sjkim{ 334280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE 335280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); 336280304Sjkim# endif 337280304Sjkim return SHA1_Update(ctx->md_data, data, count); 338280304Sjkim} 339280304Sjkim 340280304Sjkimstatic int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) 341280304Sjkim{ 342280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL 343280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); 344280304Sjkim# endif 345280304Sjkim return SHA1_Final(md, ctx->md_data); 346280304Sjkim} 347280304Sjkim 348280304Sjkimstatic const EVP_MD test_sha_md = { 349280304Sjkim NID_sha1, 350280304Sjkim NID_sha1WithRSAEncryption, 351280304Sjkim SHA_DIGEST_LENGTH, 352280304Sjkim 0, 353280304Sjkim test_sha1_init, 354280304Sjkim test_sha1_update, 355280304Sjkim test_sha1_final, 356280304Sjkim NULL, 357280304Sjkim NULL, 358280304Sjkim EVP_PKEY_RSA_method, 359280304Sjkim SHA_CBLOCK, 360280304Sjkim sizeof(EVP_MD *) + sizeof(SHA_CTX), 361280304Sjkim}; 362280304Sjkim 363109998Smarkmstatic int openssl_digests(ENGINE *e, const EVP_MD **digest, 364280304Sjkim const int **nids, int nid) 365280304Sjkim{ 366280304Sjkim if (!digest) { 367280304Sjkim /* We are returning a list of supported nids */ 368280304Sjkim *nids = test_digest_nids; 369280304Sjkim return test_digest_nids_number; 370280304Sjkim } 371280304Sjkim /* We are being asked for a specific digest */ 372280304Sjkim if (nid == NID_sha1) 373280304Sjkim *digest = &test_sha_md; 374280304Sjkim else { 375280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_OTHERS 376280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " 377280304Sjkim "nid %d\n", nid); 378280304Sjkim# endif 379280304Sjkim *digest = NULL; 380280304Sjkim return 0; 381280304Sjkim } 382280304Sjkim return 1; 383280304Sjkim} 384109998Smarkm#endif 385109998Smarkm 386109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY 387109998Smarkmstatic EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, 388280304Sjkim UI_METHOD *ui_method, 389280304Sjkim void *callback_data) 390280304Sjkim{ 391280304Sjkim BIO *in; 392280304Sjkim EVP_PKEY *key; 393280304Sjkim fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", 394280304Sjkim key_id); 395280304Sjkim in = BIO_new_file(key_id, "r"); 396280304Sjkim if (!in) 397280304Sjkim return NULL; 398280304Sjkim key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); 399280304Sjkim BIO_free(in); 400280304Sjkim return key; 401280304Sjkim} 402109998Smarkm#endif 403