EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) { EC_GROUP *ret; if (meth == NULL) { ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL); return NULL; } if (meth->group_init == 0) { ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; } ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->meth = meth; if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { ret->order = BN_new(); if (ret->order == NULL) goto err; ret->cofactor = BN_new(); if (ret->cofactor == NULL) goto err; } ret->asn1_flag = OPENSSL_EC_NAMED_CURVE; ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; if (!meth->group_init(ret)) goto err; return ret; err: BN_free(ret->order); BN_free(ret->cofactor); OPENSSL_free(ret); return NULL; }
static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, char **data) { assert(name != NULL); assert(data != NULL); { const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/"; long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep) + strlen(name) + 1 /* \0 */; *data = OPENSSL_zalloc(calculated_length); if (*data == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE); return 0; } OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length); OPENSSL_strlcat(*data, pathsep, calculated_length); OPENSSL_strlcat(*data, name, calculated_length); } return 1; }
EC_KEY *EC_KEY_new_method(ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); } ret->meth = EC_KEY_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine != NULL) { if (!ENGINE_init(engine)) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_EC(); if (ret->engine != NULL) { ret->meth = ENGINE_get_EC(ret->engine); if (ret->meth == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; } } #endif ret->version = 1; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { EC_KEY_free(ret); return NULL; } return ret; }
UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag) { struct pem_password_cb_data *data = NULL; UI_METHOD *ui_method = NULL; if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL || UI_method_set_opener(ui_method, ui_open) < 0 || UI_method_set_reader(ui_method, ui_read) < 0 || UI_method_set_writer(ui_method, ui_write) < 0 || UI_method_set_closer(ui_method, ui_close) < 0 || !RUN_ONCE(&get_index_once, ui_method_data_index_init) || UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) { UI_destroy_method(ui_method); OPENSSL_free(data); return NULL; } data->rwflag = rwflag; data->cb = cb; return ui_method; }
ERR_STATE *ERR_get_state(void) { ERR_STATE *state; int saveerrno = get_last_sys_error(); if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) return NULL; if (!RUN_ONCE(&err_init, err_do_init)) return NULL; state = CRYPTO_THREAD_get_local(&err_thread_local); if (state == (ERR_STATE*)-1) return NULL; if (state == NULL) { if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) return NULL; if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; } if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE) || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { ERR_STATE_free(state); CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; } /* Ignore failures from these */ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); } set_sys_error(saveerrno); return state; }
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; pmeth = OPENSSL_zalloc(sizeof(*pmeth)); if (!pmeth) return NULL; pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; pmeth->init = 0; pmeth->copy = 0; pmeth->cleanup = 0; pmeth->paramgen_init = 0; pmeth->paramgen = 0; pmeth->keygen_init = 0; pmeth->keygen = 0; pmeth->sign_init = 0; pmeth->sign = 0; pmeth->verify_init = 0; pmeth->verify = 0; pmeth->verify_recover_init = 0; pmeth->verify_recover = 0; pmeth->signctx_init = 0; pmeth->signctx = 0; pmeth->verifyctx_init = 0; pmeth->verifyctx = 0; pmeth->encrypt_init = 0; pmeth->encrypt = 0; pmeth->decrypt_init = 0; pmeth->decrypt = 0; pmeth->derive_init = 0; pmeth->derive = 0; pmeth->ctrl = 0; pmeth->ctrl_str = 0; return pmeth; }
CERT *ssl_cert_new(void) { CERT *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->key = &(ret->pkeys[SSL_PKEY_RSA]); ret->references = 1; ret->sec_cb = ssl_security_default_callback; ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL; ret->sec_ex = NULL; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } return ret; }
int BIO_accept(int sock, char **ip_port) { BIO_ADDR *res = BIO_ADDR_new(); int ret = -1; if (res == NULL) { BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); return ret; } ret = BIO_accept_ex(sock, res, 0); if (ret == (int)INVALID_SOCKET) { if (BIO_sock_should_retry(ret)) { ret = -2; goto end; } SYSerr(SYS_F_ACCEPT, get_last_socket_error()); BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR); goto end; } if (ip_port != NULL) { char *host = BIO_ADDR_hostname_string(res, 1); char *port = BIO_ADDR_service_string(res, 1); *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2); strcpy(*ip_port, host); strcat(*ip_port, ":"); strcat(*ip_port, port); OPENSSL_free(host); OPENSSL_free(port); } end: BIO_ADDR_free(res); return ret; }
int dtls1_new(SSL *s) { DTLS1_STATE *d1; if (!DTLS_RECORD_LAYER_new(&s->rlayer)) { return 0; } if (!ssl3_new(s)) return (0); if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) { ssl3_free(s); return (0); } d1->buffered_messages = pqueue_new(); d1->sent_messages = pqueue_new(); if (s->server) { d1->cookie_len = sizeof(s->d1->cookie); } d1->link_mtu = 0; d1->mtu = 0; if (d1->buffered_messages == NULL || d1->sent_messages == NULL) { pqueue_free(d1->buffered_messages); pqueue_free(d1->sent_messages); OPENSSL_free(d1); ssl3_free(s); return (0); } s->d1 = d1; s->method->ssl_clear(s); return (1); }
BIO *BIO_new(const BIO_METHOD *method) { BIO *bio = OPENSSL_zalloc(sizeof(*bio)); if (bio == NULL) { BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } bio->method = method; bio->shutdown = 1; bio->references = 1; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data)) goto err; bio->lock = CRYPTO_THREAD_lock_new(); if (bio->lock == NULL) { BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); goto err; } if (method->create != NULL && !method->create(bio)) { BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); CRYPTO_THREAD_lock_free(bio->lock); goto err; } return bio; err: OPENSSL_free(bio); return NULL; }
/* * Allocate memory and initialize a new DRBG. The |parent|, if not * NULL, will be used to auto-seed this RAND_DRBG as needed. * * Returns a pointer to the new DRBG instance on success, NULL on failure. */ RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) { RAND_DRBG *drbg = OPENSSL_zalloc(sizeof(*drbg)); if (drbg == NULL) { RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE); goto err; } drbg->fork_count = rand_fork_count; drbg->parent = parent; if (RAND_DRBG_set(drbg, type, flags) == 0) goto err; if (!RAND_DRBG_set_callbacks(drbg, rand_drbg_get_entropy, rand_drbg_cleanup_entropy, NULL, NULL)) goto err; return drbg; err: OPENSSL_free(drbg); return NULL; }
static void *provider_store_new(void) { struct provider_store_st *store = OPENSSL_zalloc(sizeof(*store)); const struct predefined_providers_st *p = NULL; if (store == NULL || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) { provider_store_free(store); return NULL; } store->use_fallbacks = 1; for (p = predefined_providers; p->name != NULL; p++) { OSSL_PROVIDER *prov = NULL; /* * We use the internal constructor directly here, * otherwise we get a call loop */ prov = provider_new(p->name, p->init); if (prov == NULL || sk_OSSL_PROVIDER_push(store->providers, prov) == 0) { ossl_provider_free(prov); provider_store_free(store); CRYPTOerr(CRYPTO_F_PROVIDER_STORE_NEW, ERR_R_INTERNAL_ERROR); return NULL; } prov->store = store; if(p->is_fallback) ossl_provider_set_fallback(prov); } return store; }
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a) { SAF_SYMMKEYOBJ *ret = NULL; SAF_SYMMKEYOBJ *obj = NULL; if (!(obj = OPENSSL_zalloc(sizeof(*obj))) || !(obj->pucContainerName = OPENSSL_memdup(a->pucContainerName, a->uiContainerLen)) || !(obj->pucIV = OPENSSL_memdup(a->pucIV, a->uiIVLen))) { SAFerr(SAF_F_SAF_SYMMKEYOBJ_DUP, ERR_R_MALLOC_FAILURE); goto end; } obj->uiContainerLen = a->uiContainerLen; obj->uiIVLen = a->uiIVLen; obj->uiEncOrDec = a->uiEncOrDec; obj->uiCryptoAlgID = a->uiCryptoAlgID; ret = obj; obj = NULL; end: SAF_SYMMKEYOBJ_free(obj); return ret; }
/* * Construct the per-ENGINE context. We create it blindly and then use a lock * to check for a race - if so, all but one of the threads "racing" will have * wasted their time. The alternative involves creating everything inside the * lock which is far worse. */ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) { dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c)); if (c == NULL) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); return 0; } c->dirs = sk_OPENSSL_STRING_new_null(); if (c->dirs == NULL) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); OPENSSL_free(c); return 0; } c->DYNAMIC_F1 = "v_check"; c->DYNAMIC_F2 = "bind_engine"; c->dir_load = 1; CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx)) == NULL) { /* Good, we're the first */ ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); *ctx = c; c = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* * If we lost the race to set the context, c is non-NULL and *ctx is the * context of the thread that won. */ if (c) sk_OPENSSL_STRING_free(c->dirs); OPENSSL_free(c); return 1; }
DSO *DSO_new_method(DSO_METHOD *meth) { DSO *ret; if (default_DSO_meth == NULL) { /* * We default to DSO_METH_openssl() which in turn defaults to * stealing the "best available" method. Will fallback to * DSO_METH_null() in the worst case. */ default_DSO_meth = DSO_METHOD_openssl(); } ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); } ret->meth_data = sk_void_new_null(); if (ret->meth_data == NULL) { /* sk_new doesn't generate any errors so we do */ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return (NULL); } if (meth == NULL) ret->meth = default_DSO_meth; else ret->meth = meth; ret->references = 1; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { sk_void_free(ret->meth_data); OPENSSL_free(ret); ret = NULL; } return (ret); }
/* * Configure callbacks and other properties that can't be set directly * in the server/client CONF. */ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, const SSL_TEST_CTX *test_ctx, CTX_DATA *server_ctx_data, CTX_DATA *server2_ctx_data, CTX_DATA *client_ctx_data) { unsigned char *ticket_keys; size_t ticket_key_len; switch (test_ctx->client_verify_callback) { case SSL_TEST_VERIFY_ACCEPT_ALL: SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, NULL); break; case SSL_TEST_VERIFY_REJECT_ALL: SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb, NULL); break; default: break; } /* link the two contexts for SNI purposes */ switch (test_ctx->servername_callback) { case SSL_TEST_SERVERNAME_IGNORE_MISMATCH: SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb); SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); break; case SSL_TEST_SERVERNAME_REJECT_MISMATCH: SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_reject_cb); SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); break; default: break; } /* * The initial_ctx/session_ctx always handles the encrypt/decrypt of the * session ticket. This ticket_key callback is assigned to the second * session (assigned via SNI), and should never be invoked */ if (server2_ctx != NULL) SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx, do_not_call_session_ticket_cb); if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) { SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb); } if (test_ctx->server_npn_protocols != NULL) { parse_protos(test_ctx->server_npn_protocols, &server_ctx_data->npn_protocols, &server_ctx_data->npn_protocols_len); SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb, server_ctx_data); } if (test_ctx->server2_npn_protocols != NULL) { parse_protos(test_ctx->server2_npn_protocols, &server2_ctx_data->npn_protocols, &server2_ctx_data->npn_protocols_len); OPENSSL_assert(server2_ctx != NULL); SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb, server2_ctx_data); } if (test_ctx->client_npn_protocols != NULL) { parse_protos(test_ctx->client_npn_protocols, &client_ctx_data->npn_protocols, &client_ctx_data->npn_protocols_len); SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb, client_ctx_data); } if (test_ctx->server_alpn_protocols != NULL) { parse_protos(test_ctx->server_alpn_protocols, &server_ctx_data->alpn_protocols, &server_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data); } if (test_ctx->server2_alpn_protocols != NULL) { OPENSSL_assert(server2_ctx != NULL); parse_protos(test_ctx->server2_alpn_protocols, &server2_ctx_data->alpn_protocols, &server2_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data); } if (test_ctx->client_alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; size_t alpn_protos_len; parse_protos(test_ctx->client_alpn_protocols, &alpn_protos, &alpn_protos_len); /* Reversed return value convention... */ OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, alpn_protos_len) == 0); OPENSSL_free(alpn_protos); } /* * Use fixed session ticket keys so that we can decrypt a ticket created with * one CTX in another CTX. Don't address server2 for the moment. */ ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0); ticket_keys = OPENSSL_zalloc(ticket_key_len); OPENSSL_assert(ticket_keys != NULL); OPENSSL_assert(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys, ticket_key_len) == 1); OPENSSL_free(ticket_keys); }
static struct file_st *win32_splitter(DSO *dso, const char *filename, int assume_last_is_dir) { struct file_st *result = NULL; enum { IN_NODE, IN_DEVICE, IN_FILE } position; const char *start = filename; char last; if (!filename) { DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME); /* * goto err; */ return (NULL); } result = OPENSSL_zalloc(sizeof(*result)); if (result == NULL) { DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); return (NULL); } position = IN_DEVICE; if ((filename[0] == '\\' && filename[1] == '\\') || (filename[0] == '/' && filename[1] == '/')) { position = IN_NODE; filename += 2; start = filename; result->node = start; } do { last = filename[0]; switch (last) { case ':': if (position != IN_DEVICE) { DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX); /* * goto err; */ OPENSSL_free(result); return (NULL); } result->device = start; result->devicelen = (int)(filename - start); position = IN_FILE; start = ++filename; result->dir = start; break; case '\\': case '/': if (position == IN_NODE) { result->nodelen = (int)(filename - start); position = IN_FILE; start = ++filename; result->dir = start; } else if (position == IN_DEVICE) { position = IN_FILE; filename++; result->dir = start; result->dirlen = (int)(filename - start); start = filename; } else { filename++; result->dirlen += (int)(filename - start); start = filename; } break; case '\0': if (position == IN_NODE) { result->nodelen = (int)(filename - start); } else { if (filename - start > 0) { if (assume_last_is_dir) { if (position == IN_DEVICE) { result->dir = start; result->dirlen = 0; } result->dirlen += (int)(filename - start); } else { result->file = start; result->filelen = (int)(filename - start); } } } break; default: filename++; break; } } while (last); if (!result->nodelen) result->node = NULL; if (!result->devicelen) result->device = NULL; if (!result->dirlen) result->dir = NULL; if (!result->filelen) result->file = NULL; return (result); }
SSL_CONF_CTX *SSL_CONF_CTX_new(void) { SSL_CONF_CTX *ret = OPENSSL_zalloc(sizeof(*ret)); return ret; }
static void *sha256_newctx(void) { SHA256_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); return ctx; }
static int build_encrypt_op(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding, CpaCyRsaEncryptOpData ** enc_op_data, CpaFlatBuffer ** output_buffer, int alloc_pad) { CpaCyRsaPublicKey *cpa_pub_key = NULL; int rsa_len = 0; const BIGNUM *n = NULL; const BIGNUM *e = NULL; const BIGNUM *d = NULL; DEBUG("- Started\n"); RSA_get0_key((const RSA*)rsa, &n, &e, &d); /* Note: not checking 'd' as it is not used */ if (n == NULL || e == NULL) { WARN("RSA key values n = %p or e = %p are NULL\n", n, e); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_N_E_NULL); return 0; } if (padding != RSA_PKCS1_PADDING) { WARN("Unknown Padding %d\n", padding); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_UNKNOWN_PADDING); return 0; } cpa_pub_key = OPENSSL_zalloc(sizeof(CpaCyRsaPublicKey)); if (NULL == cpa_pub_key) { WARN("Public Key zalloc failed\n"); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_PUB_KEY_MALLOC_FAILURE); return 0; } rsa_len = RSA_size(rsa); /* Output and input data MUST allocate memory for RSA verify process */ /* Memory allocation for EncOpData[IN] */ *enc_op_data = OPENSSL_zalloc(sizeof(CpaCyRsaEncryptOpData)); if (NULL == *enc_op_data) { WARN("Failed to allocate enc_op_data\n"); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_ENC_OP_DATA_MALLOC_FAILURE); OPENSSL_free(cpa_pub_key); return 0; } /* Setup the Encrypt operation Data structure */ (*enc_op_data)->pPublicKey = cpa_pub_key; DEBUG("flen=%d padding=%d\n", flen, padding); /* Passing Public key from big number format to big endian order binary */ if (qat_BN_to_FB(&cpa_pub_key->modulusN, n) != 1 || qat_BN_to_FB(&cpa_pub_key->publicExponentE, e) != 1) { WARN("Failed to convert cpa_pub_key elements to flatbuffer\n"); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_N_E_CONVERT_TO_FB_FAILURE); return 0; } if (alloc_pad) { (*enc_op_data)->inputData.pData = qat_alloc_pad((Cpa8U *) from, flen, rsa_len, 0); } else { (*enc_op_data)->inputData.pData = (Cpa8U *) copyAllocPinnedMemory((void *)from, flen, __FILE__, __LINE__); } if (NULL == (*enc_op_data)->inputData.pData) { WARN("Failed to allocate (*enc_op_data)->inputData.pData\n"); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_INPUT_DATA_MALLOC_FAILURE); return 0; } if (alloc_pad) (*enc_op_data)->inputData.dataLenInBytes = rsa_len; else (*enc_op_data)->inputData.dataLenInBytes = flen; /* * Memory allocation for outputBuffer[OUT] OutputBuffer size initialize * as the size of rsa size */ (*output_buffer) = (CpaFlatBuffer *) OPENSSL_malloc(sizeof(CpaFlatBuffer)); if (NULL == (*output_buffer)) { WARN("Failed to allocate output_buffer\n"); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_OUTPUT_BUF_MALLOC_FAILURE); return 0; } /* * outputBuffer size should large enough to hold the Hash value but * smaller than (RSA_size(rsa)-11) */ (*output_buffer)->dataLenInBytes = rsa_len; (*output_buffer)->pData = qaeCryptoMemAlloc(rsa_len, __FILE__, __LINE__); if (NULL == (*output_buffer)->pData) { WARN("Failed to allocate (*output_buffer)->pData\n"); QATerr(QAT_F_BUILD_ENCRYPT_OP, QAT_R_OUTPUT_BUF_PDATA_MALLOC_FAILURE); return 0;; } DEBUG("- Finished\n"); return 1; }
static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) { size_t i, j, cnt; int rv = 0; const char *ssl_conf_section; STACK_OF(CONF_VALUE) *cmd_lists; ssl_conf_section = CONF_imodule_get_value(md); cmd_lists = NCONF_get_section(cnf, ssl_conf_section); if (sk_CONF_VALUE_num(cmd_lists) <= 0) { if (cmd_lists == NULL) CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND); else CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY); ERR_add_error_data(2, "section=", ssl_conf_section); goto err; } cnt = sk_CONF_VALUE_num(cmd_lists); ssl_module_free(md); ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); if (ssl_names == NULL) goto err; ssl_names_count = cnt; for (i = 0; i < ssl_names_count; i++) { struct ssl_conf_name_st *ssl_name = ssl_names + i; CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i); STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); if (sk_CONF_VALUE_num(cmds) <= 0) { if (cmds == NULL) CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND); else CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_COMMAND_SECTION_EMPTY); ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value); goto err; } ssl_name->name = OPENSSL_strdup(sect->name); if (ssl_name->name == NULL) goto err; cnt = sk_CONF_VALUE_num(cmds); ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st)); if (ssl_name->cmds == NULL) goto err; ssl_name->cmd_count = cnt; for (j = 0; j < cnt; j++) { const char *name; CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j); struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j; /* Skip any initial dot in name */ name = strchr(cmd_conf->name, '.'); if (name != NULL) name++; else name = cmd_conf->name; cmd->cmd = OPENSSL_strdup(name); cmd->arg = OPENSSL_strdup(cmd_conf->value); if (cmd->cmd == NULL || cmd->arg == NULL) goto err; } } rv = 1; err: if (rv == 0) ssl_module_free(md); return rv; }
static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, const char *pem_name, const char *pem_header, unsigned char *data, size_t len, const UI_METHOD *ui_method, void *ui_data, int *matchcount) { OSSL_STORE_INFO *result = NULL; BUF_MEM *new_mem = NULL; char *new_pem_name = NULL; int t = 0; again: { size_t i = 0; void *handler_ctx = NULL; const FILE_HANDLER **matching_handlers = OPENSSL_zalloc(sizeof(*matching_handlers) * OSSL_NELEM(file_handlers)); if (matching_handlers == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE, ERR_R_MALLOC_FAILURE); goto err; } *matchcount = 0; for (i = 0; i < OSSL_NELEM(file_handlers); i++) { const FILE_HANDLER *handler = file_handlers[i]; int try_matchcount = 0; void *tmp_handler_ctx = NULL; OSSL_STORE_INFO *tmp_result = handler->try_decode(pem_name, pem_header, data, len, &tmp_handler_ctx, &try_matchcount, ui_method, ui_data); if (try_matchcount > 0) { matching_handlers[*matchcount] = handler; if (handler_ctx) handler->destroy_ctx(&handler_ctx); handler_ctx = tmp_handler_ctx; if ((*matchcount += try_matchcount) > 1) { /* more than one match => ambiguous, kill any result */ OSSL_STORE_INFO_free(result); OSSL_STORE_INFO_free(tmp_result); if (handler->destroy_ctx != NULL) handler->destroy_ctx(&handler_ctx); handler_ctx = NULL; tmp_result = NULL; result = NULL; } if (result == NULL) result = tmp_result; } } if (*matchcount == 1 && matching_handlers[0]->repeatable) { ctx->_.file.last_handler = matching_handlers[0]; ctx->_.file.last_handler_ctx = handler_ctx; } OPENSSL_free(matching_handlers); } err: OPENSSL_free(new_pem_name); BUF_MEM_free(new_mem); if (result != NULL && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) { pem_name = new_pem_name = ossl_store_info_get0_EMBEDDED_pem_name(result); new_mem = ossl_store_info_get0_EMBEDDED_buffer(result); data = (unsigned char *)new_mem->data; len = new_mem->length; OPENSSL_free(result); result = NULL; goto again; } if (result != NULL) ERR_clear_error(); return result; }
static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, const char *uri, const UI_METHOD *ui_method, void *ui_data) { OSSL_STORE_LOADER_CTX *ctx = NULL; struct stat st; struct { const char *path; unsigned int check_absolute:1; } path_data[2]; size_t path_data_n = 0, i; const char *path; /* * First step, just take the URI as is. */ path_data[path_data_n].check_absolute = 0; path_data[path_data_n++].path = uri; /* * Second step, if the URI appears to start with the 'file' scheme, * extract the path and make that the second path to check. * There's a special case if the URI also contains an authority, then * the full URI shouldn't be used as a path anywhere. */ if (strncasecmp(uri, "file:", 5) == 0) { const char *p = &uri[5]; if (strncmp(&uri[5], "//", 2) == 0) { path_data_n--; /* Invalidate using the full URI */ if (strncasecmp(&uri[7], "localhost/", 10) == 0) { p = &uri[16]; } else if (uri[7] == '/') { p = &uri[7]; } else { OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); return NULL; } } path_data[path_data_n].check_absolute = 1; #ifdef _WIN32 /* Windows file: URIs with a drive letter start with a / */ if (p[0] == '/' && p[2] == ':' && p[3] == '/') { char c = ossl_tolower(p[1]); if (c >= 'a' && c <= 'z') { p++; /* We know it's absolute, so no need to check */ path_data[path_data_n].check_absolute = 0; } } #endif path_data[path_data_n++].path = p; } for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { /* * If the scheme "file" was an explicit part of the URI, the path must * be absolute. So says RFC 8089 */ if (path_data[i].check_absolute && path_data[i].path[0] != '/') { OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); ERR_add_error_data(1, path_data[i].path); return NULL; } if (stat(path_data[i].path, &st) < 0) { SYSerr(SYS_F_STAT, errno); ERR_add_error_data(1, path_data[i].path); } else { path = path_data[i].path; } } if (path == NULL) { return NULL; } /* Successfully found a working path, clear possible collected errors */ ERR_clear_error(); ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); return NULL; } if ((st.st_mode & S_IFDIR) == S_IFDIR) { /* * Try to copy everything, even if we know that some of them must be * NULL for the moment. This prevents errors in the future, when more * components may be used. */ ctx->_.dir.uri = OPENSSL_strdup(uri); ctx->type = is_dir; if (ctx->_.dir.uri == NULL) goto err; ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); ctx->_.dir.last_errno = errno; if (ctx->_.dir.last_entry == NULL) { if (ctx->_.dir.last_errno != 0) { char errbuf[256]; errno = ctx->_.dir.last_errno; openssl_strerror_r(errno, errbuf, sizeof(errbuf)); OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); ERR_add_error_data(1, errbuf); goto err; } ctx->_.dir.end_reached = 1; } } else { BIO *buff = NULL; char peekbuf[4096] = { 0, }; if ((buff = BIO_new(BIO_f_buffer())) == NULL || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) { BIO_free_all(buff); goto err; } ctx->_.file.file = BIO_push(buff, ctx->_.file.file); if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { peekbuf[sizeof(peekbuf) - 1] = '\0'; if (strstr(peekbuf, "-----BEGIN ") != NULL) ctx->type = is_pem; } } return ctx; err: OSSL_STORE_LOADER_CTX_free(ctx); return NULL; }
int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) { const ASN1_TEMPLATE *tt = NULL; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb; ASN1_VALUE **pseqval; int i; if (aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; else asn1_cb = 0; #ifndef OPENSSL_NO_CRYPTO_MDEBUG OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new"); #endif switch (it->itype) { case ASN1_ITYPE_EXTERN: ef = it->funcs; if (ef && ef->asn1_ex_new) { if (!ef->asn1_ex_new(pval, it)) goto memerr; } break; case ASN1_ITYPE_PRIMITIVE: if (it->templates) { if (!asn1_template_new(pval, it->templates)) goto memerr; } else if (!asn1_primitive_new(pval, it, embed)) goto memerr; break; case ASN1_ITYPE_MSTRING: if (!asn1_primitive_new(pval, it, embed)) goto memerr; break; case ASN1_ITYPE_CHOICE: if (asn1_cb) { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); if (!i) goto auxerr; if (i == 2) { #ifndef OPENSSL_NO_CRYPTO_MDEBUG OPENSSL_mem_debug_pop(); #endif return 1; } } if (embed) { memset(*pval, 0, it->size); } else { *pval = OPENSSL_zalloc(it->size); if (*pval == NULL) goto memerr; } asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr; break; case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: if (asn1_cb) { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); if (!i) goto auxerr; if (i == 2) { #ifndef OPENSSL_NO_CRYPTO_MDEBUG OPENSSL_mem_debug_pop(); #endif return 1; } } if (embed) { memset(*pval, 0, it->size); } else { *pval = OPENSSL_zalloc(it->size); if (*pval == NULL) goto memerr; } asn1_do_lock(pval, 0, it); asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); if (!asn1_template_new(pseqval, tt)) goto memerr; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr; break; } #ifndef OPENSSL_NO_CRYPTO_MDEBUG OPENSSL_mem_debug_pop(); #endif return 1; memerr: ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE); #ifndef OPENSSL_NO_CRYPTO_MDEBUG OPENSSL_mem_debug_pop(); #endif return 0; auxerr: ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR); ASN1_item_ex_free(pval, it); #ifndef OPENSSL_NO_CRYPTO_MDEBUG OPENSSL_mem_debug_pop(); #endif return 0; }
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) { BIGNUM *t; int found = 0; int i, j, c1 = 0; BN_CTX *ctx = NULL; prime_t *mods = NULL; int checks = BN_prime_checks_for_size(bits); if (bits < 2) { /* There are no prime numbers this small. */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; } else if (bits == 2 && safe) { /* The smallest safe prime (7) is three bits. */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; } mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES); if (mods == NULL) goto err; ctx = BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); t = BN_CTX_get(ctx); if (t == NULL) goto err; loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { if (!probable_prime(ret, bits, mods)) goto err; } else { if (safe) { if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) goto err; } else { if (!bn_probable_prime_dh(ret, bits, add, rem, ctx)) goto err; } } if (!BN_GENCB_call(cb, 0, c1++)) /* aborted */ goto err; if (!safe) { i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb); if (i == -1) goto err; if (i == 0) goto loop; } else { /* * for "safe prime" generation, check that (p-1)/2 is prime. Since a * prime is odd, We just need to divide by 2 */ if (!BN_rshift1(t, ret)) goto err; for (i = 0; i < checks; i++) { j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb); if (j == -1) goto err; if (j == 0) goto loop; j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb); if (j == -1) goto err; if (j == 0) goto loop; if (!BN_GENCB_call(cb, 2, c1 - 1)) goto err; /* We have a safe prime test pass */ } } /* we have a prime :-) */ found = 1; err: OPENSSL_free(mods); if (ctx != NULL) BN_CTX_end(ctx); BN_CTX_free(ctx); bn_check_top(ret); return found; }
int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, const unsigned char *from, int flen, int num) { int i; /* |em| is the encoded message, zero-padded to exactly |num| bytes */ unsigned char *em = NULL; unsigned int good, found_zero_byte; int zero_index = 0, msg_index, mlen = -1; if (tlen < 0 || flen < 0) return -1; /* * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard", * section 7.2.2. */ if (flen > num) goto err; if (num < 11) goto err; em = OPENSSL_zalloc(num); if (em == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); return -1; } /* * Always do this zero-padding copy (even when num == flen) to avoid * leaking that information. The copy still leaks some side-channel * information, but it's impossible to have a fixed memory access * pattern since we can't read out of the bounds of |from|. * * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. */ memcpy(em + num - flen, from, flen); good = constant_time_is_zero(em[0]); good &= constant_time_eq(em[1], 2); found_zero_byte = 0; for (i = 2; i < num; i++) { unsigned int equals0 = constant_time_is_zero(em[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); found_zero_byte |= equals0; } /* * PS must be at least 8 bytes long, and it starts two bytes into |em|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ good &= constant_time_ge((unsigned int)(zero_index), 2 + 8); /* * Skip the zero byte. This is incorrect if we never found a zero-byte * but in this case we also do not copy the message out. */ msg_index = zero_index + 1; mlen = num - msg_index; /* * For good measure, do this check in constant time as well; it could * leak something if |tlen| was assuming valid padding. */ good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen)); /* * We can't continue in constant-time because we need to copy the result * and we cannot fake its length. This unavoidably leaks timing * information at the API boundary. * TODO(emilia): this could be addressed at the call site, * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. */ if (!good) { mlen = -1; goto err; } memcpy(to, em + msg_index, mlen); err: OPENSSL_free(em); if (mlen == -1) RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); return mlen; }
/****************************************************************************** * function: * qat_engine_init(ENGINE *e) * * @param e [IN] - OpenSSL engine pointer * * description: * Qat engine init function, associated with Crypto memory setup * and cpaStartInstance setups. ******************************************************************************/ static int qat_engine_init(ENGINE *e) { int instNum, err, checkLimitStatus; CpaStatus status = CPA_STATUS_SUCCESS; CpaBoolean limitDevAccess = CPA_FALSE; pthread_mutex_lock(&qat_engine_mutex); if(engine_inited) { pthread_mutex_unlock(&qat_engine_mutex); return 1; } DEBUG("[%s] ---- Engine Initing\n\n", __func__); CRYPTO_INIT_QAT_LOG(); if ((err = pthread_key_create(&qatInstanceForThread, NULL)) != 0) { fprintf(stderr, "pthread_key_create: %s\n", strerror(err)); pthread_mutex_unlock(&qat_engine_mutex); return 0; } checkLimitStatus = checkLimitDevAccessValue((int *)&limitDevAccess, ICPConfigSectionName_libcrypto); if (!checkLimitStatus) { WARN("Assuming LimitDevAccess = 0\n"); } /* Initialise the QAT hardware */ if (CPA_STATUS_SUCCESS != icp_sal_userStartMultiProcess(ICPConfigSectionName_libcrypto, limitDevAccess)) { WARN("icp_sal_userStart failed\n"); pthread_mutex_unlock(&qat_engine_mutex); return 0; } /* Get the number of available instances */ status = cpaCyGetNumInstances(&numInstances); if (CPA_STATUS_SUCCESS != status) { WARN("cpaCyGetNumInstances failed, status=%d\n", status); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } if (!numInstances) { WARN("No crypto instances found\n"); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } DEBUG("%s: %d Cy instances got\n", __func__, numInstances); /* Allocate memory for the instance handle array */ qatInstanceHandles = (CpaInstanceHandle *) OPENSSL_zalloc(((int)numInstances) * sizeof(CpaInstanceHandle)); if (NULL == qatInstanceHandles) { WARN("OPENSSL_zalloc() failed for instance handles.\n"); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } /* Get the Cy instances */ status = cpaCyGetInstances(numInstances, qatInstanceHandles); if (CPA_STATUS_SUCCESS != status) { WARN("cpaCyGetInstances failed, status=%d\n", status); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } if (0 == enable_external_polling) { if (qat_is_event_driven()) { CpaStatus status; int flags; int engine_fd; icp_polling_threads = (pthread_t *) OPENSSL_zalloc(sizeof(pthread_t)); /* Add the file descriptor to an epoll event list */ internal_efd = epoll_create1(0); if (-1 == internal_efd) { WARN("Error creating epoll fd\n"); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } for (instNum = 0; instNum < numInstances; instNum++) { /* Get the file descriptor for the instance */ status = icp_sal_CyGetFileDescriptor(qatInstanceHandles[instNum], &engine_fd); if (CPA_STATUS_FAIL == status) { WARN("Error getting file descriptor for instance\n"); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } /* Make the file descriptor non-blocking */ eng_poll_st[instNum].eng_fd = engine_fd; eng_poll_st[instNum].inst_index = instNum; flags = fcntl(engine_fd, F_GETFL, 0); fcntl(engine_fd, F_SETFL, flags | O_NONBLOCK); eng_epoll_events[instNum].data.ptr = &eng_poll_st[instNum]; eng_epoll_events[instNum].events = EPOLLIN | EPOLLET; if (-1 == epoll_ctl(internal_efd, EPOLL_CTL_ADD, engine_fd, &eng_epoll_events[instNum])) { WARN("Error adding fd to epoll\n"); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } } } else { icp_polling_threads = (pthread_t *) OPENSSL_zalloc(((int)numInstances) * sizeof(pthread_t)); } if (NULL == icp_polling_threads) { WARN("OPENSSL_malloc() failed for icp_polling_threads.\n"); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } } /* Set translation function and start each instance */ for (instNum = 0; instNum < numInstances; instNum++) { /* Set the address translation function */ status = cpaCySetAddressTranslation(qatInstanceHandles[instNum], virtualToPhysical); if (CPA_STATUS_SUCCESS != status) { WARN("cpaCySetAddressTranslation failed, status=%d\n", status); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } /* Start the instances */ status = cpaCyStartInstance(qatInstanceHandles[instNum]); if (CPA_STATUS_SUCCESS != status) { WARN("cpaCyStartInstance failed, status=%d\n", status); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } if (0 == enable_external_polling && !qat_is_event_driven()) { /* Create the polling threads */ if (qat_create_thread(&icp_polling_threads[instNum], NULL, sendPoll_ns, qatInstanceHandles[instNum])) { WARN("Polling thread create failed\n"); instance_started[instNum] = 1; pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } if (qat_adjust_thread_affinity(icp_polling_threads[instNum]) == 0) { instance_started[instNum] = 1; pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } } instance_started[instNum] = 1; } if (0 == enable_external_polling && qat_is_event_driven()) { if (qat_create_thread(&icp_polling_threads[0], NULL, eventPoll_ns, NULL)) { WARN("Epoll thread create failed\n"); pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } if (qat_adjust_thread_affinity(icp_polling_threads[0]) == 0) { pthread_mutex_unlock(&qat_engine_mutex); qat_engine_finish(e); return 0; } } /* Reset currInst */ currInst = 0; engine_inited = 1; pthread_mutex_unlock(&qat_engine_mutex); return 1; }
static int test_builtin(void) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL; unsigned char digest[20], wrong_digest[20]; unsigned char *signature = NULL; const unsigned char *sig_ptr; unsigned char *sig_ptr2; unsigned char *raw_buf = NULL; const BIGNUM *sig_r, *sig_s; BIGNUM *modified_r = NULL, *modified_s = NULL; BIGNUM *unmodified_r = NULL, *unmodified_s = NULL; unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; int nid, ret = 0; /* fill digest values with some random data */ if (!TEST_true(RAND_bytes(digest, 20)) || !TEST_true(RAND_bytes(wrong_digest, 20))) goto builtin_err; /* create and verify a ecdsa signature with every available curve */ /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) || !TEST_true(EC_get_builtin_curves(curves, crv_len))) goto builtin_err; /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { unsigned char dirt, offset; nid = curves[n].nid; if (nid == NID_ipsec4 || nid == NID_X25519) continue; /* create new ecdsa key (== EC_KEY) */ if (!TEST_ptr(eckey = EC_KEY_new()) || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) || !TEST_true(EC_KEY_set_group(eckey, group))) goto builtin_err; EC_GROUP_free(group); degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); if (degree < 160) { /* drop the curve */ EC_KEY_free(eckey); eckey = NULL; continue; } TEST_info("testing %s", OBJ_nid2sn(nid)); /* create key */ if (!TEST_true(EC_KEY_generate_key(eckey))) goto builtin_err; /* create second key */ if (!TEST_ptr(wrong_eckey = EC_KEY_new()) || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) || !TEST_true(EC_KEY_set_group(wrong_eckey, group))) goto builtin_err; EC_GROUP_free(group); if (!TEST_true(EC_KEY_generate_key(wrong_eckey))) goto builtin_err; /* check key */ if (!TEST_true(EC_KEY_check_key(eckey))) goto builtin_err; /* create signature */ sig_len = ECDSA_size(eckey); if (!TEST_ptr(signature = OPENSSL_malloc(sig_len)) || !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))) goto builtin_err; /* verify signature */ if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len, eckey), 1)) goto builtin_err; /* verify signature with the wrong key */ if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey), 1)) goto builtin_err; /* wrong digest */ if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey), 1)) goto builtin_err; /* wrong length */ if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey), 1)) goto builtin_err; /* * Modify a single byte of the signature: to ensure we don't garble * the ASN1 structure, we read the raw signature and modify a byte in * one of the bignums directly. */ sig_ptr = signature; if (!TEST_ptr(ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len))) goto builtin_err; ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s); /* Store the two BIGNUMs in raw_buf. */ r_len = BN_num_bytes(sig_r); s_len = BN_num_bytes(sig_s); bn_len = (degree + 7) / 8; if (!TEST_false(r_len > bn_len) || !TEST_false(s_len > bn_len)) goto builtin_err; buf_len = 2 * bn_len; if (!TEST_ptr(raw_buf = OPENSSL_zalloc(buf_len))) goto builtin_err; BN_bn2bin(sig_r, raw_buf + bn_len - r_len); BN_bn2bin(sig_s, raw_buf + buf_len - s_len); /* Modify a single byte in the buffer. */ offset = raw_buf[10] % buf_len; dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; /* Now read the BIGNUMs back in from raw_buf. */ if (!TEST_ptr(modified_sig = ECDSA_SIG_new())) goto builtin_err; if (!TEST_ptr(modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) || !TEST_ptr(modified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) || !TEST_true(ECDSA_SIG_set0(modified_sig, modified_r, modified_s))) { BN_free(modified_r); BN_free(modified_s); goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey))) goto builtin_err; /* Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) || !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) || !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r, unmodified_s))) { BN_free(unmodified_r); BN_free(unmodified_s); goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey))) goto builtin_err; /* cleanup */ ERR_clear_error(); OPENSSL_free(signature); signature = NULL; EC_KEY_free(eckey); eckey = NULL; EC_KEY_free(wrong_eckey); wrong_eckey = NULL; ECDSA_SIG_free(ecdsa_sig); ecdsa_sig = NULL; ECDSA_SIG_free(modified_sig); modified_sig = NULL; OPENSSL_free(raw_buf); raw_buf = NULL; } ret = 1; builtin_err: EC_KEY_free(eckey); EC_KEY_free(wrong_eckey); ECDSA_SIG_free(ecdsa_sig); ECDSA_SIG_free(modified_sig); OPENSSL_free(signature); OPENSSL_free(raw_buf); OPENSSL_free(curves); return ret; }
CERT *ssl_cert_dup(CERT *cert) { CERT *ret = OPENSSL_zalloc(sizeof(*ret)); int i; if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); return NULL; } ret->references = 1; ret->key = &ret->pkeys[cert->key - cert->pkeys]; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { ret->dh_tmp = cert->dh_tmp; EVP_PKEY_up_ref(ret->dh_tmp); } ret->dh_tmp_cb = cert->dh_tmp_cb; ret->dh_tmp_auto = cert->dh_tmp_auto; #endif for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = cert->pkeys + i; CERT_PKEY *rpk = ret->pkeys + i; if (cpk->x509 != NULL) { rpk->x509 = cpk->x509; X509_up_ref(rpk->x509); } if (cpk->privatekey != NULL) { rpk->privatekey = cpk->privatekey; EVP_PKEY_up_ref(cpk->privatekey); } if (cpk->chain) { rpk->chain = X509_chain_up_ref(cpk->chain); if (!rpk->chain) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); goto err; } } if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ ret->pkeys[i].serverinfo = OPENSSL_malloc(cert->pkeys[i].serverinfo_length); if (ret->pkeys[i].serverinfo == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); goto err; } ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length; memcpy(ret->pkeys[i].serverinfo, cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); } } /* Configured sigalgs copied across */ if (cert->conf_sigalgs) { ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); if (ret->conf_sigalgs == NULL) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; if (cert->client_sigalgs) { ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); if (ret->client_sigalgs == NULL) goto err; memcpy(ret->client_sigalgs, cert->client_sigalgs, cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); ret->client_sigalgslen = cert->client_sigalgslen; } else ret->client_sigalgs = NULL; /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; /* Copy any custom client certificate types */ if (cert->ctype) { ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len); if (ret->ctype == NULL) goto err; ret->ctype_len = cert->ctype_len; } ret->cert_flags = cert->cert_flags; ret->cert_cb = cert->cert_cb; ret->cert_cb_arg = cert->cert_cb_arg; if (cert->verify_store) { X509_STORE_up_ref(cert->verify_store); ret->verify_store = cert->verify_store; } if (cert->chain_store) { X509_STORE_up_ref(cert->chain_store); ret->chain_store = cert->chain_store; } ret->sec_cb = cert->sec_cb; ret->sec_level = cert->sec_level; ret->sec_ex = cert->sec_ex; if (!custom_exts_copy(&ret->custext, &cert->custext)) goto err; #ifndef OPENSSL_NO_PSK if (cert->psk_identity_hint) { ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint); if (ret->psk_identity_hint == NULL) goto err; } #endif return ret; err: ssl_cert_free(ret); return NULL; }
EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) { return (EVP_ENCODE_CTX *)OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); }