1109998Smarkm/* crypto/engine/eng_openssl.c */
2280304Sjkim/*
3280304Sjkim * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
4280304Sjkim * 2000.
5109998Smarkm */
6109998Smarkm/* ====================================================================
7109998Smarkm * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
8109998Smarkm *
9109998Smarkm * Redistribution and use in source and binary forms, with or without
10109998Smarkm * modification, are permitted provided that the following conditions
11109998Smarkm * are met:
12109998Smarkm *
13109998Smarkm * 1. Redistributions of source code must retain the above copyright
14280304Sjkim *    notice, this list of conditions and the following disclaimer.
15109998Smarkm *
16109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright
17109998Smarkm *    notice, this list of conditions and the following disclaimer in
18109998Smarkm *    the documentation and/or other materials provided with the
19109998Smarkm *    distribution.
20109998Smarkm *
21109998Smarkm * 3. All advertising materials mentioning features or use of this
22109998Smarkm *    software must display the following acknowledgment:
23109998Smarkm *    "This product includes software developed by the OpenSSL Project
24109998Smarkm *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25109998Smarkm *
26109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27109998Smarkm *    endorse or promote products derived from this software without
28109998Smarkm *    prior written permission. For written permission, please contact
29109998Smarkm *    licensing@OpenSSL.org.
30109998Smarkm *
31109998Smarkm * 5. Products derived from this software may not be called "OpenSSL"
32109998Smarkm *    nor may "OpenSSL" appear in their names without prior written
33109998Smarkm *    permission of the OpenSSL Project.
34109998Smarkm *
35109998Smarkm * 6. Redistributions of any form whatsoever must retain the following
36109998Smarkm *    acknowledgment:
37109998Smarkm *    "This product includes software developed by the OpenSSL Project
38109998Smarkm *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39109998Smarkm *
40109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43109998Smarkm * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE.
52109998Smarkm * ====================================================================
53109998Smarkm *
54109998Smarkm * This product includes cryptographic software written by Eric Young
55109998Smarkm * (eay@cryptsoft.com).  This product includes software written by Tim
56109998Smarkm * Hudson (tjh@cryptsoft.com).
57109998Smarkm *
58109998Smarkm */
59160814Ssimon/* ====================================================================
60160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
61280304Sjkim * ECDH support in OpenSSL originally developed by
62160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
63160814Ssimon */
64109998Smarkm
65109998Smarkm#include <stdio.h>
66109998Smarkm#include <openssl/crypto.h>
67109998Smarkm#include "cryptlib.h"
68109998Smarkm#include <openssl/engine.h>
69109998Smarkm#include <openssl/dso.h>
70109998Smarkm#include <openssl/pem.h>
71109998Smarkm#include <openssl/evp.h>
72160814Ssimon#include <openssl/rand.h>
73160814Ssimon#ifndef OPENSSL_NO_RSA
74280304Sjkim# include <openssl/rsa.h>
75160814Ssimon#endif
76160814Ssimon#ifndef OPENSSL_NO_DSA
77280304Sjkim# include <openssl/dsa.h>
78160814Ssimon#endif
79160814Ssimon#ifndef OPENSSL_NO_DH
80280304Sjkim# include <openssl/dh.h>
81160814Ssimon#endif
82109998Smarkm
83280304Sjkim/*
84280304Sjkim * This testing gunk is implemented (and explained) lower down. It also
85280304Sjkim * assumes the application explicitly calls "ENGINE_load_openssl()" because
86280304Sjkim * this is no longer automatic in ENGINE_load_builtin_engines().
87280304Sjkim */
88109998Smarkm#define TEST_ENG_OPENSSL_RC4
89109998Smarkm#define TEST_ENG_OPENSSL_PKEY
90109998Smarkm/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
91109998Smarkm#define TEST_ENG_OPENSSL_RC4_P_INIT
92109998Smarkm/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
93109998Smarkm#define TEST_ENG_OPENSSL_SHA
94109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
95109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
96109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
97109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
98109998Smarkm
99109998Smarkm/* Now check what of those algorithms are actually enabled */
100109998Smarkm#ifdef OPENSSL_NO_RC4
101280304Sjkim# undef TEST_ENG_OPENSSL_RC4
102280304Sjkim# undef TEST_ENG_OPENSSL_RC4_OTHERS
103280304Sjkim# undef TEST_ENG_OPENSSL_RC4_P_INIT
104280304Sjkim# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
105109998Smarkm#endif
106109998Smarkm#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
107280304Sjkim# undef TEST_ENG_OPENSSL_SHA
108280304Sjkim# undef TEST_ENG_OPENSSL_SHA_OTHERS
109280304Sjkim# undef TEST_ENG_OPENSSL_SHA_P_INIT
110280304Sjkim# undef TEST_ENG_OPENSSL_SHA_P_UPDATE
111280304Sjkim# undef TEST_ENG_OPENSSL_SHA_P_FINAL
112109998Smarkm#endif
113109998Smarkm
114109998Smarkm#ifdef TEST_ENG_OPENSSL_RC4
115109998Smarkmstatic int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
116280304Sjkim                           const int **nids, int nid);
117109998Smarkm#endif
118109998Smarkm#ifdef TEST_ENG_OPENSSL_SHA
119109998Smarkmstatic int openssl_digests(ENGINE *e, const EVP_MD **digest,
120280304Sjkim                           const int **nids, int nid);
121109998Smarkm#endif
122109998Smarkm
123109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY
124109998Smarkmstatic EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
125280304Sjkim                                      UI_METHOD *ui_method,
126280304Sjkim                                      void *callback_data);
127109998Smarkm#endif
128109998Smarkm
129109998Smarkm/* The constants used when creating the ENGINE */
130109998Smarkmstatic const char *engine_openssl_id = "openssl";
131109998Smarkmstatic const char *engine_openssl_name = "Software engine support";
132109998Smarkm
133280304Sjkim/*
134280304Sjkim * This internal function is used by ENGINE_openssl() and possibly by the
135280304Sjkim * "dynamic" ENGINE support too
136280304Sjkim */
137109998Smarkmstatic int bind_helper(ENGINE *e)
138280304Sjkim{
139280304Sjkim    if (!ENGINE_set_id(e, engine_openssl_id)
140280304Sjkim        || !ENGINE_set_name(e, engine_openssl_name)
141109998Smarkm#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
142280304Sjkim# ifndef OPENSSL_NO_RSA
143280304Sjkim        || !ENGINE_set_RSA(e, RSA_get_default_method())
144280304Sjkim# endif
145280304Sjkim# ifndef OPENSSL_NO_DSA
146280304Sjkim        || !ENGINE_set_DSA(e, DSA_get_default_method())
147280304Sjkim# endif
148280304Sjkim# ifndef OPENSSL_NO_ECDH
149280304Sjkim        || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
150280304Sjkim# endif
151280304Sjkim# ifndef OPENSSL_NO_ECDSA
152280304Sjkim        || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
153280304Sjkim# endif
154280304Sjkim# ifndef OPENSSL_NO_DH
155280304Sjkim        || !ENGINE_set_DH(e, DH_get_default_method())
156280304Sjkim# endif
157280304Sjkim        || !ENGINE_set_RAND(e, RAND_SSLeay())
158280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4
159280304Sjkim        || !ENGINE_set_ciphers(e, openssl_ciphers)
160280304Sjkim# endif
161280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA
162280304Sjkim        || !ENGINE_set_digests(e, openssl_digests)
163280304Sjkim# endif
164109998Smarkm#endif
165109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY
166280304Sjkim        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
167109998Smarkm#endif
168280304Sjkim        )
169280304Sjkim        return 0;
170280304Sjkim    /*
171280304Sjkim     * If we add errors to this ENGINE, ensure the error handling is setup
172280304Sjkim     * here
173280304Sjkim     */
174280304Sjkim    /* openssl_load_error_strings(); */
175280304Sjkim    return 1;
176280304Sjkim}
177109998Smarkm
178109998Smarkmstatic ENGINE *engine_openssl(void)
179280304Sjkim{
180280304Sjkim    ENGINE *ret = ENGINE_new();
181280304Sjkim    if (!ret)
182280304Sjkim        return NULL;
183280304Sjkim    if (!bind_helper(ret)) {
184280304Sjkim        ENGINE_free(ret);
185280304Sjkim        return NULL;
186280304Sjkim    }
187280304Sjkim    return ret;
188280304Sjkim}
189109998Smarkm
190109998Smarkmvoid ENGINE_load_openssl(void)
191280304Sjkim{
192280304Sjkim    ENGINE *toadd = engine_openssl();
193280304Sjkim    if (!toadd)
194280304Sjkim        return;
195280304Sjkim    ENGINE_add(toadd);
196280304Sjkim    /*
197280304Sjkim     * If the "add" worked, it gets a structural reference. So either way, we
198280304Sjkim     * release our just-created reference.
199280304Sjkim     */
200280304Sjkim    ENGINE_free(toadd);
201280304Sjkim    ERR_clear_error();
202280304Sjkim}
203109998Smarkm
204280304Sjkim/*
205280304Sjkim * This stuff is needed if this ENGINE is being compiled into a
206280304Sjkim * self-contained shared-library.
207280304Sjkim */
208109998Smarkm#ifdef ENGINE_DYNAMIC_SUPPORT
209109998Smarkmstatic int bind_fn(ENGINE *e, const char *id)
210280304Sjkim{
211280304Sjkim    if (id && (strcmp(id, engine_openssl_id) != 0))
212280304Sjkim        return 0;
213280304Sjkim    if (!bind_helper(e))
214280304Sjkim        return 0;
215280304Sjkim    return 1;
216280304Sjkim}
217280304Sjkim
218109998SmarkmIMPLEMENT_DYNAMIC_CHECK_FN()
219280304Sjkim    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
220280304Sjkim#endif                          /* ENGINE_DYNAMIC_SUPPORT */
221109998Smarkm#ifdef TEST_ENG_OPENSSL_RC4
222280304Sjkim/*-
223280304Sjkim * This section of code compiles an "alternative implementation" of two modes of
224109998Smarkm * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
225109998Smarkm * should under normal circumstances go via this support rather than the default
226109998Smarkm * EVP support. There are other symbols to tweak the testing;
227109998Smarkm *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
228109998Smarkm *        we're asked for a cipher we don't support (should not happen).
229109998Smarkm *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
230109998Smarkm *        the "init_key" handler is called.
231109998Smarkm *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
232109998Smarkm */
233280304Sjkim# include <openssl/rc4.h>
234280304Sjkim# define TEST_RC4_KEY_SIZE               16
235280304Sjkimstatic int test_cipher_nids[] = { NID_rc4, NID_rc4_40 };
236280304Sjkim
237109998Smarkmstatic int test_cipher_nids_number = 2;
238109998Smarkmtypedef struct {
239280304Sjkim    unsigned char key[TEST_RC4_KEY_SIZE];
240280304Sjkim    RC4_KEY ks;
241280304Sjkim} TEST_RC4_KEY;
242280304Sjkim# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
243109998Smarkmstatic int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
244280304Sjkim                             const unsigned char *iv, int enc)
245280304Sjkim{
246280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
247280304Sjkim    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
248280304Sjkim# endif
249280304Sjkim    memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
250280304Sjkim    RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
251280304Sjkim                test(ctx)->key);
252280304Sjkim    return 1;
253280304Sjkim}
254280304Sjkim
255109998Smarkmstatic int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
256280304Sjkim                           const unsigned char *in, size_t inl)
257280304Sjkim{
258280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
259280304Sjkim    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
260280304Sjkim# endif
261280304Sjkim    RC4(&test(ctx)->ks, inl, in, out);
262280304Sjkim    return 1;
263280304Sjkim}
264280304Sjkim
265280304Sjkimstatic const EVP_CIPHER test_r4_cipher = {
266280304Sjkim    NID_rc4,
267280304Sjkim    1, TEST_RC4_KEY_SIZE, 0,
268280304Sjkim    EVP_CIPH_VARIABLE_LENGTH,
269280304Sjkim    test_rc4_init_key,
270280304Sjkim    test_rc4_cipher,
271280304Sjkim    NULL,
272280304Sjkim    sizeof(TEST_RC4_KEY),
273280304Sjkim    NULL,
274280304Sjkim    NULL,
275280304Sjkim    NULL,
276280304Sjkim    NULL
277280304Sjkim};
278280304Sjkim
279280304Sjkimstatic const EVP_CIPHER test_r4_40_cipher = {
280280304Sjkim    NID_rc4_40,
281280304Sjkim    1, 5 /* 40 bit */ , 0,
282280304Sjkim    EVP_CIPH_VARIABLE_LENGTH,
283280304Sjkim    test_rc4_init_key,
284280304Sjkim    test_rc4_cipher,
285280304Sjkim    NULL,
286280304Sjkim    sizeof(TEST_RC4_KEY),
287280304Sjkim    NULL,
288280304Sjkim    NULL,
289280304Sjkim    NULL,
290280304Sjkim    NULL
291280304Sjkim};
292280304Sjkim
293109998Smarkmstatic int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
294280304Sjkim                           const int **nids, int nid)
295280304Sjkim{
296280304Sjkim    if (!cipher) {
297280304Sjkim        /* We are returning a list of supported nids */
298280304Sjkim        *nids = test_cipher_nids;
299280304Sjkim        return test_cipher_nids_number;
300280304Sjkim    }
301280304Sjkim    /* We are being asked for a specific cipher */
302280304Sjkim    if (nid == NID_rc4)
303280304Sjkim        *cipher = &test_r4_cipher;
304280304Sjkim    else if (nid == NID_rc4_40)
305280304Sjkim        *cipher = &test_r4_40_cipher;
306280304Sjkim    else {
307280304Sjkim# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
308280304Sjkim        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
309280304Sjkim                "nid %d\n", nid);
310280304Sjkim# endif
311280304Sjkim        *cipher = NULL;
312280304Sjkim        return 0;
313280304Sjkim    }
314280304Sjkim    return 1;
315280304Sjkim}
316109998Smarkm#endif
317109998Smarkm
318109998Smarkm#ifdef TEST_ENG_OPENSSL_SHA
319109998Smarkm/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
320280304Sjkim# include <openssl/sha.h>
321280304Sjkimstatic int test_digest_nids[] = { NID_sha1 };
322280304Sjkim
323109998Smarkmstatic int test_digest_nids_number = 1;
324109998Smarkmstatic int test_sha1_init(EVP_MD_CTX *ctx)
325280304Sjkim{
326280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
327280304Sjkim    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
328280304Sjkim# endif
329280304Sjkim    return SHA1_Init(ctx->md_data);
330280304Sjkim}
331280304Sjkim
332280304Sjkimstatic int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
333280304Sjkim{
334280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
335280304Sjkim    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
336280304Sjkim# endif
337280304Sjkim    return SHA1_Update(ctx->md_data, data, count);
338280304Sjkim}
339280304Sjkim
340280304Sjkimstatic int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
341280304Sjkim{
342280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
343280304Sjkim    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
344280304Sjkim# endif
345280304Sjkim    return SHA1_Final(md, ctx->md_data);
346280304Sjkim}
347280304Sjkim
348280304Sjkimstatic const EVP_MD test_sha_md = {
349280304Sjkim    NID_sha1,
350280304Sjkim    NID_sha1WithRSAEncryption,
351280304Sjkim    SHA_DIGEST_LENGTH,
352280304Sjkim    0,
353280304Sjkim    test_sha1_init,
354280304Sjkim    test_sha1_update,
355280304Sjkim    test_sha1_final,
356280304Sjkim    NULL,
357280304Sjkim    NULL,
358280304Sjkim    EVP_PKEY_RSA_method,
359280304Sjkim    SHA_CBLOCK,
360280304Sjkim    sizeof(EVP_MD *) + sizeof(SHA_CTX),
361280304Sjkim};
362280304Sjkim
363109998Smarkmstatic int openssl_digests(ENGINE *e, const EVP_MD **digest,
364280304Sjkim                           const int **nids, int nid)
365280304Sjkim{
366280304Sjkim    if (!digest) {
367280304Sjkim        /* We are returning a list of supported nids */
368280304Sjkim        *nids = test_digest_nids;
369280304Sjkim        return test_digest_nids_number;
370280304Sjkim    }
371280304Sjkim    /* We are being asked for a specific digest */
372280304Sjkim    if (nid == NID_sha1)
373280304Sjkim        *digest = &test_sha_md;
374280304Sjkim    else {
375280304Sjkim# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
376280304Sjkim        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
377280304Sjkim                "nid %d\n", nid);
378280304Sjkim# endif
379280304Sjkim        *digest = NULL;
380280304Sjkim        return 0;
381280304Sjkim    }
382280304Sjkim    return 1;
383280304Sjkim}
384109998Smarkm#endif
385109998Smarkm
386109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY
387109998Smarkmstatic EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
388280304Sjkim                                      UI_METHOD *ui_method,
389280304Sjkim                                      void *callback_data)
390280304Sjkim{
391280304Sjkim    BIO *in;
392280304Sjkim    EVP_PKEY *key;
393280304Sjkim    fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
394280304Sjkim            key_id);
395280304Sjkim    in = BIO_new_file(key_id, "r");
396280304Sjkim    if (!in)
397280304Sjkim        return NULL;
398280304Sjkim    key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
399280304Sjkim    BIO_free(in);
400280304Sjkim    return key;
401280304Sjkim}
402109998Smarkm#endif
403