ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.0f

Browse Source
This commit is contained in:
Steve Dower
2017-09-07 16:27:43 -07:00
committed by Steve Dower
parent ccd3ab4aff
commit f4b81cb7c9
3340 changed files with 325158 additions and 557542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

233
engines/e_chil.c
View File

@@ -1,68 +1,17 @@
/* crypto/engine/e_chil.c */
/*
* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
* (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org) for
* the OpenSSL project 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/dso.h>
#include "internal/dso.h"
#include <openssl/engine.h>
#include <openssl/ui.h>
#include <openssl/rand.h>
@@ -95,6 +44,8 @@
# define HWCRHK_LIB_NAME "CHIL engine"
# include "e_chil_err.c"
static CRYPTO_RWLOCK *chil_lock;
static int hwcrhk_destroy(ENGINE *e);
static int hwcrhk_init(ENGINE *e);
static int hwcrhk_finish(ENGINE *e);
@@ -245,7 +196,7 @@ static const char *engine_hwcrhk_id_alt = "ncipher";
* into HWCryptoHook_Mutex
*/
struct HWCryptoHook_MutexValue {
int lockid;
CRYPTO_RWLOCK *lock;
};
/*
@@ -356,6 +307,13 @@ static int bind_helper(ENGINE *e)
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
# endif
chil_lock = CRYPTO_THREAD_lock_new();
if (chil_lock == NULL) {
HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
!ENGINE_set_name(e, engine_hwcrhk_name) ||
# ifndef OPENSSL_NO_RSA
@@ -376,14 +334,14 @@ static int bind_helper(ENGINE *e)
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* We know that the "PKCS1_OpenSSL()" functions hook properly to the
* cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
meth1 = RSA_PKCS1_OpenSSL();
hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
@@ -399,6 +357,7 @@ static int bind_helper(ENGINE *e)
/* Ensure the hwcrhk error handling is set up */
ERR_load_HWCRHK_strings();
return 1;
}
@@ -406,7 +365,7 @@ static int bind_helper(ENGINE *e)
static ENGINE *engine_chil(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
if (ret == NULL)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
@@ -462,8 +421,7 @@ static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
static const char *HWCRHK_LIBNAME = NULL;
static void free_HWCRHK_LIBNAME(void)
{
if (HWCRHK_LIBNAME)
OPENSSL_free((void *)HWCRHK_LIBNAME);
OPENSSL_free(HWCRHK_LIBNAME);
HWCRHK_LIBNAME = NULL;
}
@@ -477,7 +435,7 @@ static const char *get_HWCRHK_LIBNAME(void)
static long set_HWCRHK_LIBNAME(const char *name)
{
free_HWCRHK_LIBNAME();
return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
return (((HWCRHK_LIBNAME = OPENSSL_strdup(name)) != NULL) ? 1 : 0);
}
static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
@@ -528,6 +486,7 @@ static int hwcrhk_destroy(ENGINE *e)
{
free_HWCRHK_LIBNAME();
ERR_unload_HWCRHK_strings();
CRYPTO_THREAD_lock_free(chil_lock);
return 1;
}
@@ -556,26 +515,19 @@ static int hwcrhk_init(ENGINE *e)
HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
goto err;
}
if (!(p1 = (HWCryptoHook_Init_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
!(p2 = (HWCryptoHook_Finish_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
!(p3 = (HWCryptoHook_ModExp_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
#define BINDIT(t, name) (t *)DSO_bind_func(hwcrhk_dso, name)
if ((p1 = BINDIT(HWCryptoHook_Init_t, n_hwcrhk_Init)) == NULL
|| (p2 = BINDIT(HWCryptoHook_Finish_t, n_hwcrhk_Finish)) == NULL
|| (p3 = BINDIT(HWCryptoHook_ModExp_t, n_hwcrhk_ModExp)) == NULL
# ifndef OPENSSL_NO_RSA
!(p4 = (HWCryptoHook_RSA_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
!(p5 = (HWCryptoHook_RSALoadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
!(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
|| (p4 = BINDIT(HWCryptoHook_RSA_t, n_hwcrhk_RSA)) == NULL
|| (p5 = BINDIT(HWCryptoHook_RSALoadKey_t, n_hwcrhk_RSALoadKey)) == NULL
|| (p6 = BINDIT(HWCryptoHook_RSAGetPublicKey_t, n_hwcrhk_RSAGetPublicKey)) == NULL
|| (p7 = BINDIT(HWCryptoHook_RSAUnloadKey_t, n_hwcrhk_RSAUnloadKey)) == NULL
# endif
!(p8 = (HWCryptoHook_RandomBytes_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
!(p9 = (HWCryptoHook_ModExpCRT_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) {
|| (p8 = BINDIT(HWCryptoHook_RandomBytes_t, n_hwcrhk_RandomBytes)) == NULL
|| (p9 = BINDIT(HWCryptoHook_ModExpCRT_t, n_hwcrhk_ModExpCRT)) == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
goto err;
}
@@ -597,14 +549,10 @@ static int hwcrhk_init(ENGINE *e)
* does, use them.
*/
if (disable_mutex_callbacks == 0) {
if (CRYPTO_get_dynlock_create_callback() != NULL &&
CRYPTO_get_dynlock_lock_callback() != NULL &&
CRYPTO_get_dynlock_destroy_callback() != NULL) {
hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
}
hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
}
/*
@@ -623,8 +571,7 @@ static int hwcrhk_init(ENGINE *e)
# endif
return 1;
err:
if (hwcrhk_dso)
DSO_free(hwcrhk_dso);
DSO_free(hwcrhk_dso);
hwcrhk_dso = NULL;
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
@@ -656,8 +603,7 @@ static int hwcrhk_finish(ENGINE *e)
goto err;
}
err:
if (logstream)
BIO_free(logstream);
BIO_free(logstream);
hwcrhk_dso = NULL;
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
@@ -692,34 +638,32 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
BIO *bio = (BIO *)p;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if (logstream) {
BIO_free(logstream);
logstream = NULL;
}
if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
CRYPTO_THREAD_write_lock(chil_lock);
BIO_free(logstream);
logstream = NULL;
if (BIO_up_ref(bio))
logstream = bio;
else
HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
password_context.password_callback = (pem_password_cb *)f;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case ENGINE_CTRL_SET_USER_INTERFACE:
case HWCRHK_CMD_SET_USER_INTERFACE:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
password_context.ui_method = (UI_METHOD *)p;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case ENGINE_CTRL_SET_CALLBACK_DATA:
case HWCRHK_CMD_SET_CALLBACK_DATA:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
password_context.callback_data = p;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
/*
* this enables or disables the "SimpleForkCheck" flag used in the
@@ -727,12 +671,12 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
*/
case ENGINE_CTRL_CHIL_SET_FORKCHECK:
case HWCRHK_CMD_FORK_CHECK:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
if (i)
hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
else
hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
/*
* This will prevent the initialisation function from "installing"
@@ -742,14 +686,14 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
* applications not using multithreading.
*/
case ENGINE_CTRL_CHIL_NO_LOCKING:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
disable_mutex_callbacks = 1;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
case HWCRHK_CMD_THREAD_LOCKING:
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_write_lock(chil_lock);
disable_mutex_callbacks = ((i == 0) ? 0 : 1);
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
CRYPTO_THREAD_unlock(chil_lock);
break;
/* The command isn't understood by this engine */
@@ -791,8 +735,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
goto err;
}
# ifndef OPENSSL_NO_RSA
hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
if (!hptr) {
hptr = OPENSSL_malloc(sizeof(*hptr));
if (hptr == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -810,17 +754,9 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
# endif
# ifndef OPENSSL_NO_RSA
rtmp = RSA_new_method(eng);
if (rtmp == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
rtmp->e = BN_new();
rtmp->n = BN_new();
if (rtmp->e == NULL || rtmp->n == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
rtmp->flags |= RSA_FLAG_EXT_PKEY;
MPI2BN(rtmp->e, e);
MPI2BN(rtmp->n, n);
@@ -831,14 +767,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
goto err;
}
if (bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)) == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)) == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
MPI2BN(rtmp->e, e);
MPI2BN(rtmp->n, n);
@@ -860,15 +790,14 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
EVP_PKEY_assign_RSA(res, rtmp);
# endif
if (!res)
if (res == NULL)
HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
return res;
err:
# ifndef OPENSSL_NO_RSA
if (rtmp)
RSA_free(rtmp);
RSA_free(rtmp);
# endif
return NULL;
}
@@ -889,14 +818,14 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
{
RSA *rsa = NULL;
CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
CRYPTO_THREAD_write_lock(chil_lock);
rsa = res->pkey.rsa;
res->pkey.rsa = RSA_new();
res->pkey.rsa->n = rsa->n;
res->pkey.rsa->e = rsa->e;
rsa->n = NULL;
rsa->e = NULL;
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
CRYPTO_THREAD_unlock(chil_lock);
RSA_free(rsa);
}
break;
@@ -909,8 +838,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
return res;
err:
if (res)
EVP_PKEY_free(res);
EVP_PKEY_free(res);
return NULL;
}
@@ -937,10 +865,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err;
}
/* Prepare the params */
if (bn_expand2(r, m->top) == NULL) { /* Check for error !! */
HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, ERR_R_MALLOC_FAILURE);
goto err;
}
bn_expand2(r, m->top); /* Check for error !! */
BN2MPI(m_a, a);
BN2MPI(m_p, p);
BN2MPI(m_n, m);
@@ -1006,10 +931,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
}
/* Prepare the params */
if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE);
goto err;
}
bn_expand2(r, rsa->n->top); /* Check for error !! */
BN2MPI(m_a, I);
MPI2BN(r, m_r);
@@ -1046,10 +968,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
}
/* Prepare the params */
if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE);
goto err;
}
bn_expand2(r, rsa->n->top); /* Check for error !! */
BN2MPI(m_a, I);
BN2MPI(m_p, rsa->p);
BN2MPI(m_q, rsa->q);
@@ -1174,26 +1093,28 @@ static int hwcrhk_rand_status(void)
static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
HWCryptoHook_CallerContext * cactx)
{
mt->lockid = CRYPTO_get_new_dynlockid();
if (mt->lockid == 0)
mt->lock = CRYPTO_THREAD_lock_new();
if (mt->lock == NULL) {
HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE);
return 1; /* failure */
}
return 0; /* success */
}
static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
{
CRYPTO_w_lock(mt->lockid);
CRYPTO_THREAD_write_lock(mt->lock);
return 0;
}
static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
{
CRYPTO_w_unlock(mt->lockid);
CRYPTO_THREAD_unlock(mt->lock);
}
static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
{
CRYPTO_destroy_dynlockid(mt->lockid);
CRYPTO_THREAD_lock_free(mt->lock);
}
static int hwcrhk_get_pass(const char *prompt_info,
@@ -1335,13 +1256,11 @@ static void hwcrhk_log_message(void *logstr, const char *message)
{
BIO *lstream = NULL;
CRYPTO_w_lock(CRYPTO_LOCK_BIO);
if (logstr)
lstream = *(BIO **)logstr;
if (lstream) {
BIO_printf(lstream, "%s\n", message);
}
CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
}
/*