2
0

e_ossltest.c 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926
  1. /*
  2. * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * This is the OSSLTEST engine. It provides deliberately crippled digest
  11. * implementations for test purposes. It is highly insecure and must NOT be
  12. * used for any purpose except testing
  13. */
  14. /* We need to use some engine deprecated APIs */
  15. #define OPENSSL_SUPPRESS_DEPRECATED
  16. /*
  17. * SHA low level APIs are deprecated for public use, but still ok for
  18. * internal use. Note, that due to symbols not being exported, only the
  19. * #defines and type definitions can be accessed, function calls are not
  20. * available. The digest lengths, block sizes and sizeof(CTX) are used herein
  21. * for several different digests.
  22. */
  23. #include "internal/deprecated.h"
  24. #include <stdio.h>
  25. #include <string.h>
  26. #include "internal/common.h" /* for CHECK_AND_SKIP_CASE_PREFIX */
  27. #include <openssl/engine.h>
  28. #include <openssl/sha.h>
  29. #include <openssl/md5.h>
  30. #include <openssl/rsa.h>
  31. #include <openssl/evp.h>
  32. #include <openssl/modes.h>
  33. #include <openssl/aes.h>
  34. #include <openssl/rand.h>
  35. #include <openssl/crypto.h>
  36. #include <openssl/pem.h>
  37. #include <crypto/evp.h>
  38. #include "e_ossltest_err.c"
  39. /* Engine Id and Name */
  40. static const char *engine_ossltest_id = "ossltest";
  41. static const char *engine_ossltest_name = "OpenSSL Test engine support";
  42. /* Engine Lifetime functions */
  43. static int ossltest_destroy(ENGINE *e);
  44. static int ossltest_init(ENGINE *e);
  45. static int ossltest_finish(ENGINE *e);
  46. void ENGINE_load_ossltest(void);
  47. /* Set up digests */
  48. static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
  49. const int **nids, int nid);
  50. static const RAND_METHOD *ossltest_rand_method(void);
  51. /* MD5 */
  52. static int digest_md5_init(EVP_MD_CTX *ctx);
  53. static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
  54. size_t count);
  55. static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
  56. static EVP_MD *_hidden_md5_md = NULL;
  57. static const EVP_MD *digest_md5(void)
  58. {
  59. if (_hidden_md5_md == NULL) {
  60. EVP_MD *md;
  61. if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
  62. || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
  63. || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
  64. || !EVP_MD_meth_set_app_datasize(md,
  65. sizeof(EVP_MD *) + sizeof(MD5_CTX))
  66. || !EVP_MD_meth_set_flags(md, 0)
  67. || !EVP_MD_meth_set_init(md, digest_md5_init)
  68. || !EVP_MD_meth_set_update(md, digest_md5_update)
  69. || !EVP_MD_meth_set_final(md, digest_md5_final)) {
  70. EVP_MD_meth_free(md);
  71. md = NULL;
  72. }
  73. _hidden_md5_md = md;
  74. }
  75. return _hidden_md5_md;
  76. }
  77. /* SHA1 */
  78. static int digest_sha1_init(EVP_MD_CTX *ctx);
  79. static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
  80. size_t count);
  81. static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
  82. static EVP_MD *_hidden_sha1_md = NULL;
  83. static const EVP_MD *digest_sha1(void)
  84. {
  85. if (_hidden_sha1_md == NULL) {
  86. EVP_MD *md;
  87. if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
  88. || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
  89. || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
  90. || !EVP_MD_meth_set_app_datasize(md,
  91. sizeof(EVP_MD *) + sizeof(SHA_CTX))
  92. || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
  93. || !EVP_MD_meth_set_init(md, digest_sha1_init)
  94. || !EVP_MD_meth_set_update(md, digest_sha1_update)
  95. || !EVP_MD_meth_set_final(md, digest_sha1_final)) {
  96. EVP_MD_meth_free(md);
  97. md = NULL;
  98. }
  99. _hidden_sha1_md = md;
  100. }
  101. return _hidden_sha1_md;
  102. }
  103. /* SHA256 */
  104. static int digest_sha256_init(EVP_MD_CTX *ctx);
  105. static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
  106. size_t count);
  107. static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
  108. static EVP_MD *_hidden_sha256_md = NULL;
  109. static const EVP_MD *digest_sha256(void)
  110. {
  111. if (_hidden_sha256_md == NULL) {
  112. EVP_MD *md;
  113. if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
  114. || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
  115. || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
  116. || !EVP_MD_meth_set_app_datasize(md,
  117. sizeof(EVP_MD *) + sizeof(SHA256_CTX))
  118. || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
  119. || !EVP_MD_meth_set_init(md, digest_sha256_init)
  120. || !EVP_MD_meth_set_update(md, digest_sha256_update)
  121. || !EVP_MD_meth_set_final(md, digest_sha256_final)) {
  122. EVP_MD_meth_free(md);
  123. md = NULL;
  124. }
  125. _hidden_sha256_md = md;
  126. }
  127. return _hidden_sha256_md;
  128. }
  129. /* SHA384/SHA512 */
  130. static int digest_sha384_init(EVP_MD_CTX *ctx);
  131. static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data,
  132. size_t count);
  133. static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
  134. static int digest_sha512_init(EVP_MD_CTX *ctx);
  135. static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
  136. size_t count);
  137. static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
  138. static EVP_MD *_hidden_sha384_md = NULL;
  139. static const EVP_MD *digest_sha384(void)
  140. {
  141. if (_hidden_sha384_md == NULL) {
  142. EVP_MD *md;
  143. if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
  144. || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
  145. || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
  146. || !EVP_MD_meth_set_app_datasize(md,
  147. sizeof(EVP_MD *) + sizeof(SHA512_CTX))
  148. || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
  149. || !EVP_MD_meth_set_init(md, digest_sha384_init)
  150. || !EVP_MD_meth_set_update(md, digest_sha384_update)
  151. || !EVP_MD_meth_set_final(md, digest_sha384_final)) {
  152. EVP_MD_meth_free(md);
  153. md = NULL;
  154. }
  155. _hidden_sha384_md = md;
  156. }
  157. return _hidden_sha384_md;
  158. }
  159. static EVP_MD *_hidden_sha512_md = NULL;
  160. static const EVP_MD *digest_sha512(void)
  161. {
  162. if (_hidden_sha512_md == NULL) {
  163. EVP_MD *md;
  164. if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
  165. || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
  166. || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
  167. || !EVP_MD_meth_set_app_datasize(md,
  168. sizeof(EVP_MD *) + sizeof(SHA512_CTX))
  169. || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
  170. || !EVP_MD_meth_set_init(md, digest_sha512_init)
  171. || !EVP_MD_meth_set_update(md, digest_sha512_update)
  172. || !EVP_MD_meth_set_final(md, digest_sha512_final)) {
  173. EVP_MD_meth_free(md);
  174. md = NULL;
  175. }
  176. _hidden_sha512_md = md;
  177. }
  178. return _hidden_sha512_md;
  179. }
  180. static void destroy_digests(void)
  181. {
  182. EVP_MD_meth_free(_hidden_md5_md);
  183. _hidden_md5_md = NULL;
  184. EVP_MD_meth_free(_hidden_sha1_md);
  185. _hidden_sha1_md = NULL;
  186. EVP_MD_meth_free(_hidden_sha256_md);
  187. _hidden_sha256_md = NULL;
  188. EVP_MD_meth_free(_hidden_sha384_md);
  189. _hidden_sha384_md = NULL;
  190. EVP_MD_meth_free(_hidden_sha512_md);
  191. _hidden_sha512_md = NULL;
  192. }
  193. static int ossltest_digest_nids(const int **nids)
  194. {
  195. static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
  196. static int pos = 0;
  197. static int init = 0;
  198. if (!init) {
  199. const EVP_MD *md;
  200. if ((md = digest_md5()) != NULL)
  201. digest_nids[pos++] = EVP_MD_get_type(md);
  202. if ((md = digest_sha1()) != NULL)
  203. digest_nids[pos++] = EVP_MD_get_type(md);
  204. if ((md = digest_sha256()) != NULL)
  205. digest_nids[pos++] = EVP_MD_get_type(md);
  206. if ((md = digest_sha384()) != NULL)
  207. digest_nids[pos++] = EVP_MD_get_type(md);
  208. if ((md = digest_sha512()) != NULL)
  209. digest_nids[pos++] = EVP_MD_get_type(md);
  210. digest_nids[pos] = 0;
  211. init = 1;
  212. }
  213. *nids = digest_nids;
  214. return pos;
  215. }
  216. /* Setup ciphers */
  217. static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
  218. const int **, int);
  219. static int ossltest_cipher_nids[] = {
  220. NID_aes_128_cbc, NID_aes_128_gcm,
  221. NID_aes_128_cbc_hmac_sha1, 0
  222. };
  223. /* AES128 */
  224. static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx,
  225. const unsigned char *key,
  226. const unsigned char *iv, int enc);
  227. static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  228. const unsigned char *in, size_t inl);
  229. static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx,
  230. const unsigned char *key,
  231. const unsigned char *iv, int enc);
  232. static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  233. const unsigned char *in, size_t inl);
  234. static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  235. void *ptr);
  236. static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
  237. const unsigned char *key,
  238. const unsigned char *iv,
  239. int enc);
  240. static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
  241. unsigned char *out,
  242. const unsigned char *in,
  243. size_t inl);
  244. static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
  245. int arg, void *ptr);
  246. typedef struct {
  247. size_t payload_length; /* AAD length in decrypt case */
  248. unsigned int tls_ver;
  249. } EVP_AES_HMAC_SHA1;
  250. static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
  251. static const EVP_CIPHER *ossltest_aes_128_cbc(void)
  252. {
  253. if (_hidden_aes_128_cbc == NULL
  254. && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
  255. 16 /* block size */,
  256. 16 /* key len */)) == NULL
  257. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
  258. || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
  259. EVP_CIPH_FLAG_DEFAULT_ASN1
  260. | EVP_CIPH_CBC_MODE)
  261. || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
  262. ossltest_aes128_init_key)
  263. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
  264. ossltest_aes128_cbc_cipher)
  265. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
  266. EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
  267. EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
  268. _hidden_aes_128_cbc = NULL;
  269. }
  270. return _hidden_aes_128_cbc;
  271. }
  272. static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
  273. #define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
  274. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
  275. | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
  276. | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \
  277. | EVP_CIPH_GCM_MODE)
  278. static const EVP_CIPHER *ossltest_aes_128_gcm(void)
  279. {
  280. if (_hidden_aes_128_gcm == NULL
  281. && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
  282. 1 /* block size */,
  283. 16 /* key len */)) == NULL
  284. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
  285. || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
  286. || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
  287. ossltest_aes128_gcm_init_key)
  288. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
  289. ossltest_aes128_gcm_cipher)
  290. || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
  291. ossltest_aes128_gcm_ctrl)
  292. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
  293. EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
  294. EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
  295. _hidden_aes_128_gcm = NULL;
  296. }
  297. return _hidden_aes_128_gcm;
  298. }
  299. static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
  300. static const EVP_CIPHER *ossltest_aes_128_cbc_hmac_sha1(void)
  301. {
  302. if (_hidden_aes_128_cbc_hmac_sha1 == NULL
  303. && ((_hidden_aes_128_cbc_hmac_sha1
  304. = EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1,
  305. 16 /* block size */,
  306. 16 /* key len */)) == NULL
  307. || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
  308. || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
  309. EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
  310. EVP_CIPH_FLAG_AEAD_CIPHER)
  311. || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
  312. ossltest_aes128_cbc_hmac_sha1_init_key)
  313. || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
  314. ossltest_aes128_cbc_hmac_sha1_cipher)
  315. || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
  316. ossltest_aes128_cbc_hmac_sha1_ctrl)
  317. || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_128_cbc_hmac_sha1,
  318. EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv)
  319. || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_128_cbc_hmac_sha1,
  320. EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv)
  321. || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
  322. sizeof(EVP_AES_HMAC_SHA1)))) {
  323. EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
  324. _hidden_aes_128_cbc_hmac_sha1 = NULL;
  325. }
  326. return _hidden_aes_128_cbc_hmac_sha1;
  327. }
  328. static void destroy_ciphers(void)
  329. {
  330. EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
  331. EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
  332. EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
  333. _hidden_aes_128_cbc = NULL;
  334. _hidden_aes_128_gcm = NULL;
  335. _hidden_aes_128_cbc_hmac_sha1 = NULL;
  336. }
  337. /* Key loading */
  338. static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub,
  339. UI_METHOD *ui_method, void *ui_data)
  340. {
  341. BIO *in;
  342. EVP_PKEY *key;
  343. if (!CHECK_AND_SKIP_CASE_PREFIX(key_id, "ot:"))
  344. return NULL;
  345. fprintf(stderr, "[ossltest]Loading %s key %s\n",
  346. pub ? "Public" : "Private", key_id);
  347. in = BIO_new_file(key_id, "r");
  348. if (!in)
  349. return NULL;
  350. if (pub)
  351. key = PEM_read_bio_PUBKEY(in, NULL, 0, NULL);
  352. else
  353. key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
  354. BIO_free(in);
  355. return key;
  356. }
  357. static EVP_PKEY *ossltest_load_privkey(ENGINE *eng, const char *key_id,
  358. UI_METHOD *ui_method, void *ui_data)
  359. {
  360. return load_key(eng, key_id, 0, ui_method, ui_data);
  361. }
  362. static EVP_PKEY *ossltest_load_pubkey(ENGINE *eng, const char *key_id,
  363. UI_METHOD *ui_method, void *ui_data)
  364. {
  365. return load_key(eng, key_id, 1, ui_method, ui_data);
  366. }
  367. static int bind_ossltest(ENGINE *e)
  368. {
  369. /* Ensure the ossltest error handling is set up */
  370. ERR_load_OSSLTEST_strings();
  371. if (!ENGINE_set_id(e, engine_ossltest_id)
  372. || !ENGINE_set_name(e, engine_ossltest_name)
  373. || !ENGINE_set_digests(e, ossltest_digests)
  374. || !ENGINE_set_ciphers(e, ossltest_ciphers)
  375. || !ENGINE_set_RAND(e, ossltest_rand_method())
  376. || !ENGINE_set_destroy_function(e, ossltest_destroy)
  377. || !ENGINE_set_load_privkey_function(e, ossltest_load_privkey)
  378. || !ENGINE_set_load_pubkey_function(e, ossltest_load_pubkey)
  379. || !ENGINE_set_init_function(e, ossltest_init)
  380. || !ENGINE_set_finish_function(e, ossltest_finish)) {
  381. OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
  382. return 0;
  383. }
  384. return 1;
  385. }
  386. #ifndef OPENSSL_NO_DYNAMIC_ENGINE
  387. static int bind_helper(ENGINE *e, const char *id)
  388. {
  389. if (id && (strcmp(id, engine_ossltest_id) != 0))
  390. return 0;
  391. if (!bind_ossltest(e))
  392. return 0;
  393. return 1;
  394. }
  395. IMPLEMENT_DYNAMIC_CHECK_FN()
  396. IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
  397. #endif
  398. static ENGINE *engine_ossltest(void)
  399. {
  400. ENGINE *ret = ENGINE_new();
  401. if (ret == NULL)
  402. return NULL;
  403. if (!bind_ossltest(ret)) {
  404. ENGINE_free(ret);
  405. return NULL;
  406. }
  407. return ret;
  408. }
  409. void ENGINE_load_ossltest(void)
  410. {
  411. /* Copied from eng_[openssl|dyn].c */
  412. ENGINE *toadd = engine_ossltest();
  413. if (!toadd)
  414. return;
  415. ENGINE_add(toadd);
  416. ENGINE_free(toadd);
  417. ERR_clear_error();
  418. }
  419. static int ossltest_init(ENGINE *e)
  420. {
  421. return 1;
  422. }
  423. static int ossltest_finish(ENGINE *e)
  424. {
  425. return 1;
  426. }
  427. static int ossltest_destroy(ENGINE *e)
  428. {
  429. destroy_digests();
  430. destroy_ciphers();
  431. ERR_unload_OSSLTEST_strings();
  432. return 1;
  433. }
  434. static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
  435. const int **nids, int nid)
  436. {
  437. int ok = 1;
  438. if (!digest) {
  439. /* We are returning a list of supported nids */
  440. return ossltest_digest_nids(nids);
  441. }
  442. /* We are being asked for a specific digest */
  443. switch (nid) {
  444. case NID_md5:
  445. *digest = digest_md5();
  446. break;
  447. case NID_sha1:
  448. *digest = digest_sha1();
  449. break;
  450. case NID_sha256:
  451. *digest = digest_sha256();
  452. break;
  453. case NID_sha384:
  454. *digest = digest_sha384();
  455. break;
  456. case NID_sha512:
  457. *digest = digest_sha512();
  458. break;
  459. default:
  460. ok = 0;
  461. *digest = NULL;
  462. break;
  463. }
  464. return ok;
  465. }
  466. static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  467. const int **nids, int nid)
  468. {
  469. int ok = 1;
  470. if (!cipher) {
  471. /* We are returning a list of supported nids */
  472. *nids = ossltest_cipher_nids;
  473. return (sizeof(ossltest_cipher_nids) - 1)
  474. / sizeof(ossltest_cipher_nids[0]);
  475. }
  476. /* We are being asked for a specific cipher */
  477. switch (nid) {
  478. case NID_aes_128_cbc:
  479. *cipher = ossltest_aes_128_cbc();
  480. break;
  481. case NID_aes_128_gcm:
  482. *cipher = ossltest_aes_128_gcm();
  483. break;
  484. case NID_aes_128_cbc_hmac_sha1:
  485. *cipher = ossltest_aes_128_cbc_hmac_sha1();
  486. break;
  487. default:
  488. ok = 0;
  489. *cipher = NULL;
  490. break;
  491. }
  492. return ok;
  493. }
  494. static void fill_known_data(unsigned char *md, unsigned int len)
  495. {
  496. unsigned int i;
  497. for (i=0; i<len; i++) {
  498. md[i] = (unsigned char)(i & 0xff);
  499. }
  500. }
  501. /*
  502. * MD5 implementation. We go through the motions of doing MD5 by deferring to
  503. * the standard implementation. Then we overwrite the result with a will defined
  504. * value, so that all "MD5" digests using the test engine always end up with
  505. * the same value.
  506. */
  507. static int digest_md5_init(EVP_MD_CTX *ctx)
  508. {
  509. return EVP_MD_meth_get_init(EVP_md5())(ctx);
  510. }
  511. static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
  512. size_t count)
  513. {
  514. return EVP_MD_meth_get_update(EVP_md5())(ctx, data, count);
  515. }
  516. static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
  517. {
  518. int ret = EVP_MD_meth_get_final(EVP_md5())(ctx, md);
  519. if (ret > 0) {
  520. fill_known_data(md, MD5_DIGEST_LENGTH);
  521. }
  522. return ret;
  523. }
  524. /*
  525. * SHA1 implementation.
  526. */
  527. static int digest_sha1_init(EVP_MD_CTX *ctx)
  528. {
  529. return EVP_MD_meth_get_init(EVP_sha1())(ctx);
  530. }
  531. static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
  532. size_t count)
  533. {
  534. return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
  535. }
  536. static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
  537. {
  538. int ret = EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
  539. if (ret > 0) {
  540. fill_known_data(md, SHA_DIGEST_LENGTH);
  541. }
  542. return ret;
  543. }
  544. /*
  545. * SHA256 implementation.
  546. */
  547. static int digest_sha256_init(EVP_MD_CTX *ctx)
  548. {
  549. return EVP_MD_meth_get_init(EVP_sha256())(ctx);
  550. }
  551. static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
  552. size_t count)
  553. {
  554. return EVP_MD_meth_get_update(EVP_sha256())(ctx, data, count);
  555. }
  556. static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
  557. {
  558. int ret = EVP_MD_meth_get_final(EVP_sha256())(ctx, md);
  559. if (ret > 0) {
  560. fill_known_data(md, SHA256_DIGEST_LENGTH);
  561. }
  562. return ret;
  563. }
  564. /*
  565. * SHA384 implementation.
  566. */
  567. static int digest_sha384_init(EVP_MD_CTX *ctx)
  568. {
  569. return EVP_MD_meth_get_init(EVP_sha384())(ctx);
  570. }
  571. static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data,
  572. size_t count)
  573. {
  574. return EVP_MD_meth_get_update(EVP_sha384())(ctx, data, count);
  575. }
  576. static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
  577. {
  578. int ret = EVP_MD_meth_get_final(EVP_sha384())(ctx, md);
  579. if (ret > 0) {
  580. fill_known_data(md, SHA384_DIGEST_LENGTH);
  581. }
  582. return ret;
  583. }
  584. /*
  585. * SHA512 implementation.
  586. */
  587. static int digest_sha512_init(EVP_MD_CTX *ctx)
  588. {
  589. return EVP_MD_meth_get_init(EVP_sha512())(ctx);
  590. }
  591. static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
  592. size_t count)
  593. {
  594. return EVP_MD_meth_get_update(EVP_sha512())(ctx, data, count);
  595. }
  596. static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
  597. {
  598. int ret = EVP_MD_meth_get_final(EVP_sha512())(ctx, md);
  599. if (ret > 0) {
  600. fill_known_data(md, SHA512_DIGEST_LENGTH);
  601. }
  602. return ret;
  603. }
  604. /*
  605. * AES128 Implementation
  606. */
  607. static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx,
  608. const unsigned char *key,
  609. const unsigned char *iv, int enc)
  610. {
  611. return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
  612. }
  613. static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  614. const unsigned char *in, size_t inl)
  615. {
  616. unsigned char *tmpbuf;
  617. int ret;
  618. tmpbuf = OPENSSL_malloc(inl);
  619. /* OPENSSL_malloc will return NULL if inl == 0 */
  620. if (tmpbuf == NULL && inl > 0)
  621. return -1;
  622. /* Remember what we were asked to encrypt */
  623. if (tmpbuf != NULL)
  624. memcpy(tmpbuf, in, inl);
  625. /* Go through the motions of encrypting it */
  626. ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
  627. /* Throw it all away and just use the plaintext as the output */
  628. if (tmpbuf != NULL)
  629. memcpy(out, tmpbuf, inl);
  630. OPENSSL_free(tmpbuf);
  631. return ret;
  632. }
  633. static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx,
  634. const unsigned char *key,
  635. const unsigned char *iv, int enc)
  636. {
  637. return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
  638. }
  639. static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  640. const unsigned char *in, size_t inl)
  641. {
  642. unsigned char *tmpbuf = OPENSSL_malloc(inl);
  643. /* OPENSSL_malloc will return NULL if inl == 0 */
  644. if (tmpbuf == NULL && inl > 0)
  645. return -1;
  646. /* Remember what we were asked to encrypt */
  647. if (tmpbuf != NULL)
  648. memcpy(tmpbuf, in, inl);
  649. /* Go through the motions of encrypting it */
  650. EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
  651. /* Throw it all away and just use the plaintext as the output */
  652. if (tmpbuf != NULL && out != NULL)
  653. memcpy(out, tmpbuf, inl);
  654. OPENSSL_free(tmpbuf);
  655. return inl;
  656. }
  657. static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
  658. void *ptr)
  659. {
  660. /* Pass the ctrl down */
  661. int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
  662. if (ret <= 0)
  663. return ret;
  664. switch (type) {
  665. case EVP_CTRL_AEAD_GET_TAG:
  666. /* Always give the same tag */
  667. memset(ptr, 0, EVP_GCM_TLS_TAG_LEN);
  668. break;
  669. default:
  670. break;
  671. }
  672. return 1;
  673. }
  674. #define NO_PAYLOAD_LENGTH ((size_t)-1)
  675. # define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
  676. static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
  677. const unsigned char *inkey,
  678. const unsigned char *iv,
  679. int enc)
  680. {
  681. EVP_AES_HMAC_SHA1 *key = data(ctx);
  682. key->payload_length = NO_PAYLOAD_LENGTH;
  683. return 1;
  684. }
  685. static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
  686. unsigned char *out,
  687. const unsigned char *in,
  688. size_t len)
  689. {
  690. EVP_AES_HMAC_SHA1 *key = data(ctx);
  691. unsigned int l;
  692. size_t plen = key->payload_length;
  693. key->payload_length = NO_PAYLOAD_LENGTH;
  694. if (len % AES_BLOCK_SIZE)
  695. return 0;
  696. if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
  697. if (plen == NO_PAYLOAD_LENGTH)
  698. plen = len;
  699. else if (len !=
  700. ((plen + SHA_DIGEST_LENGTH +
  701. AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
  702. return 0;
  703. memmove(out, in, plen);
  704. if (plen != len) { /* "TLS" mode of operation */
  705. /* calculate HMAC and append it to payload */
  706. fill_known_data(out + plen, SHA_DIGEST_LENGTH);
  707. /* pad the payload|hmac */
  708. plen += SHA_DIGEST_LENGTH;
  709. for (l = len - plen - 1; plen < len; plen++)
  710. out[plen] = l;
  711. }
  712. } else {
  713. /* decrypt HMAC|padding at once */
  714. memmove(out, in, len);
  715. if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
  716. unsigned int maxpad, pad;
  717. if (key->tls_ver >= TLS1_1_VERSION) {
  718. if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1))
  719. return 0;
  720. /* omit explicit iv */
  721. in += AES_BLOCK_SIZE;
  722. out += AES_BLOCK_SIZE;
  723. len -= AES_BLOCK_SIZE;
  724. } else if (len < (SHA_DIGEST_LENGTH + 1))
  725. return 0;
  726. /* figure out payload length */
  727. pad = out[len - 1];
  728. maxpad = len - (SHA_DIGEST_LENGTH + 1);
  729. if (pad > maxpad)
  730. return 0;
  731. for (plen = len - pad - 1; plen < len; plen++)
  732. if (out[plen] != pad)
  733. return 0;
  734. }
  735. }
  736. return 1;
  737. }
  738. static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
  739. int arg, void *ptr)
  740. {
  741. EVP_AES_HMAC_SHA1 *key = data(ctx);
  742. switch (type) {
  743. case EVP_CTRL_AEAD_SET_MAC_KEY:
  744. return 1;
  745. case EVP_CTRL_AEAD_TLS1_AAD:
  746. {
  747. unsigned char *p = ptr;
  748. unsigned int len;
  749. if (arg != EVP_AEAD_TLS1_AAD_LEN)
  750. return -1;
  751. len = p[arg - 2] << 8 | p[arg - 1];
  752. key->tls_ver = p[arg - 4] << 8 | p[arg - 3];
  753. if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
  754. key->payload_length = len;
  755. if (key->tls_ver >= TLS1_1_VERSION) {
  756. if (len < AES_BLOCK_SIZE)
  757. return 0;
  758. len -= AES_BLOCK_SIZE;
  759. p[arg - 2] = len >> 8;
  760. p[arg - 1] = len;
  761. }
  762. return (int)(((len + SHA_DIGEST_LENGTH +
  763. AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
  764. - len);
  765. } else {
  766. key->payload_length = arg;
  767. return SHA_DIGEST_LENGTH;
  768. }
  769. }
  770. default:
  771. return -1;
  772. }
  773. }
  774. static int ossltest_rand_bytes(unsigned char *buf, int num)
  775. {
  776. unsigned char val = 1;
  777. while (--num >= 0)
  778. *buf++ = val++;
  779. return 1;
  780. }
  781. static int ossltest_rand_status(void)
  782. {
  783. return 1;
  784. }
  785. static const RAND_METHOD *ossltest_rand_method(void)
  786. {
  787. static RAND_METHOD osslt_rand_meth = {
  788. NULL,
  789. ossltest_rand_bytes,
  790. NULL,
  791. NULL,
  792. ossltest_rand_bytes,
  793. ossltest_rand_status
  794. };
  795. return &osslt_rand_meth;
  796. }