1109998Smarkm/* crypto/engine/eng_openssl.c */ 2296341Sdelphij/* 3296341Sdelphij * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project 4296341Sdelphij * 2000. 5109998Smarkm */ 6109998Smarkm/* ==================================================================== 7109998Smarkm * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. 8109998Smarkm * 9109998Smarkm * Redistribution and use in source and binary forms, with or without 10109998Smarkm * modification, are permitted provided that the following conditions 11109998Smarkm * are met: 12109998Smarkm * 13109998Smarkm * 1. Redistributions of source code must retain the above copyright 14296341Sdelphij * notice, this list of conditions and the following disclaimer. 15109998Smarkm * 16109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 17109998Smarkm * notice, this list of conditions and the following disclaimer in 18109998Smarkm * the documentation and/or other materials provided with the 19109998Smarkm * distribution. 20109998Smarkm * 21109998Smarkm * 3. All advertising materials mentioning features or use of this 22109998Smarkm * software must display the following acknowledgment: 23109998Smarkm * "This product includes software developed by the OpenSSL Project 24109998Smarkm * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25109998Smarkm * 26109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27109998Smarkm * endorse or promote products derived from this software without 28109998Smarkm * prior written permission. For written permission, please contact 29109998Smarkm * licensing@OpenSSL.org. 30109998Smarkm * 31109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 32109998Smarkm * nor may "OpenSSL" appear in their names without prior written 33109998Smarkm * permission of the OpenSSL Project. 34109998Smarkm * 35109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 36109998Smarkm * acknowledgment: 37109998Smarkm * "This product includes software developed by the OpenSSL Project 38109998Smarkm * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39109998Smarkm * 40109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 52109998Smarkm * ==================================================================== 53109998Smarkm * 54109998Smarkm * This product includes cryptographic software written by Eric Young 55109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 56109998Smarkm * Hudson (tjh@cryptsoft.com). 57109998Smarkm * 58109998Smarkm */ 59160814Ssimon/* ==================================================================== 60160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 61296341Sdelphij * ECDH support in OpenSSL originally developed by 62160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 63160814Ssimon */ 64109998Smarkm 65109998Smarkm#include <stdio.h> 66109998Smarkm#include <openssl/crypto.h> 67109998Smarkm#include "cryptlib.h" 68109998Smarkm#include <openssl/engine.h> 69109998Smarkm#include <openssl/dso.h> 70109998Smarkm#include <openssl/pem.h> 71109998Smarkm#include <openssl/evp.h> 72160814Ssimon#include <openssl/rand.h> 73160814Ssimon#ifndef OPENSSL_NO_RSA 74296341Sdelphij# include <openssl/rsa.h> 75160814Ssimon#endif 76160814Ssimon#ifndef OPENSSL_NO_DSA 77296341Sdelphij# include <openssl/dsa.h> 78160814Ssimon#endif 79160814Ssimon#ifndef OPENSSL_NO_DH 80296341Sdelphij# include <openssl/dh.h> 81160814Ssimon#endif 82109998Smarkm 83296341Sdelphij/* 84296341Sdelphij * This testing gunk is implemented (and explained) lower down. It also 85296341Sdelphij * assumes the application explicitly calls "ENGINE_load_openssl()" because 86296341Sdelphij * this is no longer automatic in ENGINE_load_builtin_engines(). 87296341Sdelphij */ 88109998Smarkm#define TEST_ENG_OPENSSL_RC4 89109998Smarkm#define TEST_ENG_OPENSSL_PKEY 90109998Smarkm/* #define TEST_ENG_OPENSSL_RC4_OTHERS */ 91109998Smarkm#define TEST_ENG_OPENSSL_RC4_P_INIT 92109998Smarkm/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ 93109998Smarkm#define TEST_ENG_OPENSSL_SHA 94109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_OTHERS */ 95109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_INIT */ 96109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ 97109998Smarkm/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ 98109998Smarkm 99109998Smarkm/* Now check what of those algorithms are actually enabled */ 100109998Smarkm#ifdef OPENSSL_NO_RC4 101296341Sdelphij# undef TEST_ENG_OPENSSL_RC4 102296341Sdelphij# undef TEST_ENG_OPENSSL_RC4_OTHERS 103296341Sdelphij# undef TEST_ENG_OPENSSL_RC4_P_INIT 104296341Sdelphij# undef TEST_ENG_OPENSSL_RC4_P_CIPHER 105109998Smarkm#endif 106109998Smarkm#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) 107296341Sdelphij# undef TEST_ENG_OPENSSL_SHA 108296341Sdelphij# undef TEST_ENG_OPENSSL_SHA_OTHERS 109296341Sdelphij# undef TEST_ENG_OPENSSL_SHA_P_INIT 110296341Sdelphij# undef TEST_ENG_OPENSSL_SHA_P_UPDATE 111296341Sdelphij# undef TEST_ENG_OPENSSL_SHA_P_FINAL 112109998Smarkm#endif 113109998Smarkm 114109998Smarkm#ifdef TEST_ENG_OPENSSL_RC4 115109998Smarkmstatic int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 116296341Sdelphij const int **nids, int nid); 117109998Smarkm#endif 118109998Smarkm#ifdef TEST_ENG_OPENSSL_SHA 119109998Smarkmstatic int openssl_digests(ENGINE *e, const EVP_MD **digest, 120296341Sdelphij const int **nids, int nid); 121109998Smarkm#endif 122109998Smarkm 123109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY 124109998Smarkmstatic EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, 125296341Sdelphij UI_METHOD *ui_method, 126296341Sdelphij void *callback_data); 127109998Smarkm#endif 128109998Smarkm 129109998Smarkm/* The constants used when creating the ENGINE */ 130109998Smarkmstatic const char *engine_openssl_id = "openssl"; 131109998Smarkmstatic const char *engine_openssl_name = "Software engine support"; 132109998Smarkm 133296341Sdelphij/* 134296341Sdelphij * This internal function is used by ENGINE_openssl() and possibly by the 135296341Sdelphij * "dynamic" ENGINE support too 136296341Sdelphij */ 137109998Smarkmstatic int bind_helper(ENGINE *e) 138296341Sdelphij{ 139296341Sdelphij if (!ENGINE_set_id(e, engine_openssl_id) 140296341Sdelphij || !ENGINE_set_name(e, engine_openssl_name) 141109998Smarkm#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS 142296341Sdelphij# ifndef OPENSSL_NO_RSA 143296341Sdelphij || !ENGINE_set_RSA(e, RSA_get_default_method()) 144296341Sdelphij# endif 145296341Sdelphij# ifndef OPENSSL_NO_DSA 146296341Sdelphij || !ENGINE_set_DSA(e, DSA_get_default_method()) 147296341Sdelphij# endif 148296341Sdelphij# ifndef OPENSSL_NO_ECDH 149296341Sdelphij || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) 150296341Sdelphij# endif 151296341Sdelphij# ifndef OPENSSL_NO_ECDSA 152296341Sdelphij || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) 153296341Sdelphij# endif 154296341Sdelphij# ifndef OPENSSL_NO_DH 155296341Sdelphij || !ENGINE_set_DH(e, DH_get_default_method()) 156296341Sdelphij# endif 157296341Sdelphij || !ENGINE_set_RAND(e, RAND_SSLeay()) 158296341Sdelphij# ifdef TEST_ENG_OPENSSL_RC4 159296341Sdelphij || !ENGINE_set_ciphers(e, openssl_ciphers) 160296341Sdelphij# endif 161296341Sdelphij# ifdef TEST_ENG_OPENSSL_SHA 162296341Sdelphij || !ENGINE_set_digests(e, openssl_digests) 163296341Sdelphij# endif 164109998Smarkm#endif 165109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY 166296341Sdelphij || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) 167109998Smarkm#endif 168296341Sdelphij ) 169296341Sdelphij return 0; 170296341Sdelphij /* 171296341Sdelphij * If we add errors to this ENGINE, ensure the error handling is setup 172296341Sdelphij * here 173296341Sdelphij */ 174296341Sdelphij /* openssl_load_error_strings(); */ 175296341Sdelphij return 1; 176296341Sdelphij} 177109998Smarkm 178109998Smarkmstatic ENGINE *engine_openssl(void) 179296341Sdelphij{ 180296341Sdelphij ENGINE *ret = ENGINE_new(); 181296341Sdelphij if (!ret) 182296341Sdelphij return NULL; 183296341Sdelphij if (!bind_helper(ret)) { 184296341Sdelphij ENGINE_free(ret); 185296341Sdelphij return NULL; 186296341Sdelphij } 187296341Sdelphij return ret; 188296341Sdelphij} 189109998Smarkm 190109998Smarkmvoid ENGINE_load_openssl(void) 191296341Sdelphij{ 192296341Sdelphij ENGINE *toadd = engine_openssl(); 193296341Sdelphij if (!toadd) 194296341Sdelphij return; 195296341Sdelphij ENGINE_add(toadd); 196296341Sdelphij /* 197296341Sdelphij * If the "add" worked, it gets a structural reference. So either way, we 198296341Sdelphij * release our just-created reference. 199296341Sdelphij */ 200296341Sdelphij ENGINE_free(toadd); 201296341Sdelphij ERR_clear_error(); 202296341Sdelphij} 203109998Smarkm 204296341Sdelphij/* 205296341Sdelphij * This stuff is needed if this ENGINE is being compiled into a 206296341Sdelphij * self-contained shared-library. 207296341Sdelphij */ 208109998Smarkm#ifdef ENGINE_DYNAMIC_SUPPORT 209109998Smarkmstatic int bind_fn(ENGINE *e, const char *id) 210296341Sdelphij{ 211296341Sdelphij if (id && (strcmp(id, engine_openssl_id) != 0)) 212296341Sdelphij return 0; 213296341Sdelphij if (!bind_helper(e)) 214296341Sdelphij return 0; 215296341Sdelphij return 1; 216296341Sdelphij} 217296341Sdelphij 218109998SmarkmIMPLEMENT_DYNAMIC_CHECK_FN() 219296341Sdelphij IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) 220296341Sdelphij#endif /* ENGINE_DYNAMIC_SUPPORT */ 221109998Smarkm#ifdef TEST_ENG_OPENSSL_RC4 222296341Sdelphij/*- 223296341Sdelphij * This section of code compiles an "alternative implementation" of two modes of 224109998Smarkm * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" 225109998Smarkm * should under normal circumstances go via this support rather than the default 226109998Smarkm * EVP support. There are other symbols to tweak the testing; 227109998Smarkm * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time 228109998Smarkm * we're asked for a cipher we don't support (should not happen). 229109998Smarkm * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time 230109998Smarkm * the "init_key" handler is called. 231109998Smarkm * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. 232109998Smarkm */ 233296341Sdelphij# include <openssl/rc4.h> 234296341Sdelphij# define TEST_RC4_KEY_SIZE 16 235296341Sdelphijstatic int test_cipher_nids[] = { NID_rc4, NID_rc4_40 }; 236296341Sdelphij 237109998Smarkmstatic int test_cipher_nids_number = 2; 238109998Smarkmtypedef struct { 239296341Sdelphij unsigned char key[TEST_RC4_KEY_SIZE]; 240296341Sdelphij RC4_KEY ks; 241296341Sdelphij} TEST_RC4_KEY; 242296341Sdelphij# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) 243109998Smarkmstatic int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 244296341Sdelphij const unsigned char *iv, int enc) 245296341Sdelphij{ 246296341Sdelphij# ifdef TEST_ENG_OPENSSL_RC4_P_INIT 247296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); 248296341Sdelphij# endif 249296341Sdelphij memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx)); 250296341Sdelphij RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), 251296341Sdelphij test(ctx)->key); 252296341Sdelphij return 1; 253296341Sdelphij} 254296341Sdelphij 255109998Smarkmstatic int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 256296341Sdelphij const unsigned char *in, size_t inl) 257296341Sdelphij{ 258296341Sdelphij# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER 259296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); 260296341Sdelphij# endif 261296341Sdelphij RC4(&test(ctx)->ks, inl, in, out); 262296341Sdelphij return 1; 263296341Sdelphij} 264296341Sdelphij 265296341Sdelphijstatic const EVP_CIPHER test_r4_cipher = { 266296341Sdelphij NID_rc4, 267296341Sdelphij 1, TEST_RC4_KEY_SIZE, 0, 268296341Sdelphij EVP_CIPH_VARIABLE_LENGTH, 269296341Sdelphij test_rc4_init_key, 270296341Sdelphij test_rc4_cipher, 271296341Sdelphij NULL, 272296341Sdelphij sizeof(TEST_RC4_KEY), 273296341Sdelphij NULL, 274296341Sdelphij NULL, 275296341Sdelphij NULL, 276296341Sdelphij NULL 277296341Sdelphij}; 278296341Sdelphij 279296341Sdelphijstatic const EVP_CIPHER test_r4_40_cipher = { 280296341Sdelphij NID_rc4_40, 281296341Sdelphij 1, 5 /* 40 bit */ , 0, 282296341Sdelphij EVP_CIPH_VARIABLE_LENGTH, 283296341Sdelphij test_rc4_init_key, 284296341Sdelphij test_rc4_cipher, 285296341Sdelphij NULL, 286296341Sdelphij sizeof(TEST_RC4_KEY), 287296341Sdelphij NULL, 288296341Sdelphij NULL, 289296341Sdelphij NULL, 290296341Sdelphij NULL 291296341Sdelphij}; 292296341Sdelphij 293109998Smarkmstatic int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, 294296341Sdelphij const int **nids, int nid) 295296341Sdelphij{ 296296341Sdelphij if (!cipher) { 297296341Sdelphij /* We are returning a list of supported nids */ 298296341Sdelphij *nids = test_cipher_nids; 299296341Sdelphij return test_cipher_nids_number; 300296341Sdelphij } 301296341Sdelphij /* We are being asked for a specific cipher */ 302296341Sdelphij if (nid == NID_rc4) 303296341Sdelphij *cipher = &test_r4_cipher; 304296341Sdelphij else if (nid == NID_rc4_40) 305296341Sdelphij *cipher = &test_r4_40_cipher; 306296341Sdelphij else { 307296341Sdelphij# ifdef TEST_ENG_OPENSSL_RC4_OTHERS 308296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " 309296341Sdelphij "nid %d\n", nid); 310296341Sdelphij# endif 311296341Sdelphij *cipher = NULL; 312296341Sdelphij return 0; 313296341Sdelphij } 314296341Sdelphij return 1; 315296341Sdelphij} 316109998Smarkm#endif 317109998Smarkm 318109998Smarkm#ifdef TEST_ENG_OPENSSL_SHA 319109998Smarkm/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ 320296341Sdelphij# include <openssl/sha.h> 321296341Sdelphijstatic int test_digest_nids[] = { NID_sha1 }; 322296341Sdelphij 323109998Smarkmstatic int test_digest_nids_number = 1; 324109998Smarkmstatic int test_sha1_init(EVP_MD_CTX *ctx) 325296341Sdelphij{ 326296341Sdelphij# ifdef TEST_ENG_OPENSSL_SHA_P_INIT 327296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); 328296341Sdelphij# endif 329296341Sdelphij return SHA1_Init(ctx->md_data); 330296341Sdelphij} 331296341Sdelphij 332296341Sdelphijstatic int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) 333296341Sdelphij{ 334296341Sdelphij# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE 335296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); 336296341Sdelphij# endif 337296341Sdelphij return SHA1_Update(ctx->md_data, data, count); 338296341Sdelphij} 339296341Sdelphij 340296341Sdelphijstatic int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) 341296341Sdelphij{ 342296341Sdelphij# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL 343296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); 344296341Sdelphij# endif 345296341Sdelphij return SHA1_Final(md, ctx->md_data); 346296341Sdelphij} 347296341Sdelphij 348296341Sdelphijstatic const EVP_MD test_sha_md = { 349296341Sdelphij NID_sha1, 350296341Sdelphij NID_sha1WithRSAEncryption, 351296341Sdelphij SHA_DIGEST_LENGTH, 352296341Sdelphij 0, 353296341Sdelphij test_sha1_init, 354296341Sdelphij test_sha1_update, 355296341Sdelphij test_sha1_final, 356296341Sdelphij NULL, 357296341Sdelphij NULL, 358296341Sdelphij EVP_PKEY_RSA_method, 359296341Sdelphij SHA_CBLOCK, 360296341Sdelphij sizeof(EVP_MD *) + sizeof(SHA_CTX), 361296341Sdelphij}; 362296341Sdelphij 363109998Smarkmstatic int openssl_digests(ENGINE *e, const EVP_MD **digest, 364296341Sdelphij const int **nids, int nid) 365296341Sdelphij{ 366296341Sdelphij if (!digest) { 367296341Sdelphij /* We are returning a list of supported nids */ 368296341Sdelphij *nids = test_digest_nids; 369296341Sdelphij return test_digest_nids_number; 370296341Sdelphij } 371296341Sdelphij /* We are being asked for a specific digest */ 372296341Sdelphij if (nid == NID_sha1) 373296341Sdelphij *digest = &test_sha_md; 374296341Sdelphij else { 375296341Sdelphij# ifdef TEST_ENG_OPENSSL_SHA_OTHERS 376296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " 377296341Sdelphij "nid %d\n", nid); 378296341Sdelphij# endif 379296341Sdelphij *digest = NULL; 380296341Sdelphij return 0; 381296341Sdelphij } 382296341Sdelphij return 1; 383296341Sdelphij} 384109998Smarkm#endif 385109998Smarkm 386109998Smarkm#ifdef TEST_ENG_OPENSSL_PKEY 387109998Smarkmstatic EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, 388296341Sdelphij UI_METHOD *ui_method, 389296341Sdelphij void *callback_data) 390296341Sdelphij{ 391296341Sdelphij BIO *in; 392296341Sdelphij EVP_PKEY *key; 393296341Sdelphij fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", 394296341Sdelphij key_id); 395296341Sdelphij in = BIO_new_file(key_id, "r"); 396296341Sdelphij if (!in) 397296341Sdelphij return NULL; 398296341Sdelphij key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); 399296341Sdelphij BIO_free(in); 400296341Sdelphij return key; 401296341Sdelphij} 402109998Smarkm#endif 403