]>
Commit | Line | Data |
---|---|---|
2d5d70b1 | 1 | /* |
38fc02a7 | 2 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. |
2d5d70b1 | 3 | * |
ab3fa1c0 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
440e5d80 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
2d5d70b1 MC |
8 | */ |
9 | ||
10 | /* | |
11 | * This is the OSSLTEST engine. It provides deliberately crippled digest | |
12 | * implementations for test purposes. It is highly insecure and must NOT be | |
13 | * used for any purpose except testing | |
14 | */ | |
15 | ||
cf8e8cba P |
16 | /* We need to use some engine deprecated APIs */ |
17 | #define OPENSSL_SUPPRESS_DEPRECATED | |
18 | ||
85d843c8 P |
19 | /* |
20 | * SHA low level APIs are deprecated for public use, but still ok for | |
21 | * internal use. Note, that due to symbols not being exported, only the | |
22 | * #defines and type definitions can be accessed, function calls are not | |
23 | * available. The digest lengths, block sizes and sizeof(CTX) are used herein | |
24 | * for several different digests. | |
25 | */ | |
26 | #include "internal/deprecated.h" | |
27 | ||
2d5d70b1 MC |
28 | #include <stdio.h> |
29 | #include <string.h> | |
30 | ||
31 | #include <openssl/engine.h> | |
32 | #include <openssl/sha.h> | |
33 | #include <openssl/md5.h> | |
34 | #include <openssl/rsa.h> | |
35 | #include <openssl/evp.h> | |
36 | #include <openssl/modes.h> | |
37 | #include <openssl/aes.h> | |
c57c32a8 | 38 | #include <openssl/rand.h> |
7b9f8f7f | 39 | #include <openssl/crypto.h> |
0a3b330c | 40 | #include <openssl/pem.h> |
64da15c4 | 41 | #include <crypto/evp.h> |
2d5d70b1 | 42 | |
2d5d70b1 MC |
43 | #include "e_ossltest_err.c" |
44 | ||
0a3b330c RL |
45 | #ifdef _WIN32 |
46 | # define strncasecmp _strnicmp | |
47 | #endif | |
48 | ||
2d5d70b1 MC |
49 | /* Engine Id and Name */ |
50 | static const char *engine_ossltest_id = "ossltest"; | |
51 | static const char *engine_ossltest_name = "OpenSSL Test engine support"; | |
52 | ||
53 | ||
54 | /* Engine Lifetime functions */ | |
55 | static int ossltest_destroy(ENGINE *e); | |
56 | static int ossltest_init(ENGINE *e); | |
57 | static int ossltest_finish(ENGINE *e); | |
58 | void ENGINE_load_ossltest(void); | |
59 | ||
60 | ||
61 | /* Set up digests */ | |
62 | static int ossltest_digests(ENGINE *e, const EVP_MD **digest, | |
63 | const int **nids, int nid); | |
c57c32a8 | 64 | static const RAND_METHOD *ossltest_rand_method(void); |
2d5d70b1 | 65 | |
2d5d70b1 MC |
66 | /* MD5 */ |
67 | static int digest_md5_init(EVP_MD_CTX *ctx); | |
68 | static int digest_md5_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 69 | size_t count); |
2d5d70b1 MC |
70 | static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md); |
71 | ||
cddcea8c RL |
72 | static EVP_MD *_hidden_md5_md = NULL; |
73 | static const EVP_MD *digest_md5(void) | |
74 | { | |
75 | if (_hidden_md5_md == NULL) { | |
76 | EVP_MD *md; | |
77 | ||
78 | if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL | |
79 | || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH) | |
80 | || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK) | |
81 | || !EVP_MD_meth_set_app_datasize(md, | |
82 | sizeof(EVP_MD *) + sizeof(MD5_CTX)) | |
83 | || !EVP_MD_meth_set_flags(md, 0) | |
84 | || !EVP_MD_meth_set_init(md, digest_md5_init) | |
85 | || !EVP_MD_meth_set_update(md, digest_md5_update) | |
86 | || !EVP_MD_meth_set_final(md, digest_md5_final)) { | |
87 | EVP_MD_meth_free(md); | |
88 | md = NULL; | |
89 | } | |
90 | _hidden_md5_md = md; | |
91 | } | |
92 | return _hidden_md5_md; | |
93 | } | |
2d5d70b1 MC |
94 | |
95 | /* SHA1 */ | |
96 | static int digest_sha1_init(EVP_MD_CTX *ctx); | |
97 | static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 98 | size_t count); |
2d5d70b1 MC |
99 | static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); |
100 | ||
cddcea8c RL |
101 | static EVP_MD *_hidden_sha1_md = NULL; |
102 | static const EVP_MD *digest_sha1(void) | |
103 | { | |
104 | if (_hidden_sha1_md == NULL) { | |
105 | EVP_MD *md; | |
106 | ||
107 | if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL | |
108 | || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) | |
109 | || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) | |
110 | || !EVP_MD_meth_set_app_datasize(md, | |
111 | sizeof(EVP_MD *) + sizeof(SHA_CTX)) | |
112 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
113 | || !EVP_MD_meth_set_init(md, digest_sha1_init) | |
114 | || !EVP_MD_meth_set_update(md, digest_sha1_update) | |
115 | || !EVP_MD_meth_set_final(md, digest_sha1_final)) { | |
116 | EVP_MD_meth_free(md); | |
117 | md = NULL; | |
118 | } | |
119 | _hidden_sha1_md = md; | |
120 | } | |
121 | return _hidden_sha1_md; | |
122 | } | |
2d5d70b1 MC |
123 | |
124 | /* SHA256 */ | |
125 | static int digest_sha256_init(EVP_MD_CTX *ctx); | |
126 | static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 127 | size_t count); |
2d5d70b1 MC |
128 | static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md); |
129 | ||
cddcea8c RL |
130 | static EVP_MD *_hidden_sha256_md = NULL; |
131 | static const EVP_MD *digest_sha256(void) | |
132 | { | |
133 | if (_hidden_sha256_md == NULL) { | |
134 | EVP_MD *md; | |
135 | ||
136 | if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL | |
137 | || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH) | |
138 | || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK) | |
139 | || !EVP_MD_meth_set_app_datasize(md, | |
140 | sizeof(EVP_MD *) + sizeof(SHA256_CTX)) | |
141 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
142 | || !EVP_MD_meth_set_init(md, digest_sha256_init) | |
143 | || !EVP_MD_meth_set_update(md, digest_sha256_update) | |
144 | || !EVP_MD_meth_set_final(md, digest_sha256_final)) { | |
145 | EVP_MD_meth_free(md); | |
146 | md = NULL; | |
147 | } | |
148 | _hidden_sha256_md = md; | |
149 | } | |
150 | return _hidden_sha256_md; | |
151 | } | |
2d5d70b1 MC |
152 | |
153 | /* SHA384/SHA512 */ | |
154 | static int digest_sha384_init(EVP_MD_CTX *ctx); | |
85d843c8 P |
155 | static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data, |
156 | size_t count); | |
157 | static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md); | |
158 | ||
2d5d70b1 MC |
159 | static int digest_sha512_init(EVP_MD_CTX *ctx); |
160 | static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 161 | size_t count); |
2d5d70b1 MC |
162 | static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md); |
163 | ||
cddcea8c RL |
164 | static EVP_MD *_hidden_sha384_md = NULL; |
165 | static const EVP_MD *digest_sha384(void) | |
166 | { | |
167 | if (_hidden_sha384_md == NULL) { | |
168 | EVP_MD *md; | |
169 | ||
170 | if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL | |
171 | || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH) | |
172 | || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) | |
173 | || !EVP_MD_meth_set_app_datasize(md, | |
174 | sizeof(EVP_MD *) + sizeof(SHA512_CTX)) | |
175 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
176 | || !EVP_MD_meth_set_init(md, digest_sha384_init) | |
85d843c8 | 177 | || !EVP_MD_meth_set_update(md, digest_sha384_update) |
cddcea8c RL |
178 | || !EVP_MD_meth_set_final(md, digest_sha384_final)) { |
179 | EVP_MD_meth_free(md); | |
180 | md = NULL; | |
181 | } | |
182 | _hidden_sha384_md = md; | |
183 | } | |
184 | return _hidden_sha384_md; | |
185 | } | |
186 | static EVP_MD *_hidden_sha512_md = NULL; | |
187 | static const EVP_MD *digest_sha512(void) | |
188 | { | |
189 | if (_hidden_sha512_md == NULL) { | |
190 | EVP_MD *md; | |
191 | ||
192 | if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL | |
193 | || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH) | |
194 | || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) | |
195 | || !EVP_MD_meth_set_app_datasize(md, | |
196 | sizeof(EVP_MD *) + sizeof(SHA512_CTX)) | |
197 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
198 | || !EVP_MD_meth_set_init(md, digest_sha512_init) | |
199 | || !EVP_MD_meth_set_update(md, digest_sha512_update) | |
200 | || !EVP_MD_meth_set_final(md, digest_sha512_final)) { | |
201 | EVP_MD_meth_free(md); | |
202 | md = NULL; | |
203 | } | |
204 | _hidden_sha512_md = md; | |
205 | } | |
206 | return _hidden_sha512_md; | |
207 | } | |
208 | static void destroy_digests(void) | |
209 | { | |
210 | EVP_MD_meth_free(_hidden_md5_md); | |
211 | _hidden_md5_md = NULL; | |
212 | EVP_MD_meth_free(_hidden_sha1_md); | |
213 | _hidden_sha1_md = NULL; | |
214 | EVP_MD_meth_free(_hidden_sha256_md); | |
215 | _hidden_sha256_md = NULL; | |
216 | EVP_MD_meth_free(_hidden_sha384_md); | |
217 | _hidden_sha384_md = NULL; | |
218 | EVP_MD_meth_free(_hidden_sha512_md); | |
219 | _hidden_sha512_md = NULL; | |
220 | } | |
221 | static int ossltest_digest_nids(const int **nids) | |
222 | { | |
223 | static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 }; | |
224 | static int pos = 0; | |
225 | static int init = 0; | |
226 | ||
227 | if (!init) { | |
228 | const EVP_MD *md; | |
229 | if ((md = digest_md5()) != NULL) | |
ed576acd | 230 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 231 | if ((md = digest_sha1()) != NULL) |
ed576acd | 232 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 233 | if ((md = digest_sha256()) != NULL) |
ed576acd | 234 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 235 | if ((md = digest_sha384()) != NULL) |
ed576acd | 236 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 237 | if ((md = digest_sha512()) != NULL) |
ed576acd | 238 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c RL |
239 | digest_nids[pos] = 0; |
240 | init = 1; | |
241 | } | |
242 | *nids = digest_nids; | |
243 | return pos; | |
244 | } | |
2d5d70b1 MC |
245 | |
246 | /* Setup ciphers */ | |
247 | static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, | |
248 | const int **, int); | |
249 | ||
250 | static int ossltest_cipher_nids[] = { | |
64da15c4 BE |
251 | NID_aes_128_cbc, NID_aes_128_gcm, |
252 | NID_aes_128_cbc_hmac_sha1, 0 | |
2d5d70b1 MC |
253 | }; |
254 | ||
255 | /* AES128 */ | |
256 | ||
64da15c4 BE |
257 | static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, |
258 | const unsigned char *key, | |
259 | const unsigned char *iv, int enc); | |
260 | static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
261 | const unsigned char *in, size_t inl); | |
262 | static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, | |
263 | const unsigned char *key, | |
264 | const unsigned char *iv, int enc); | |
265 | static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
266 | const unsigned char *in, size_t inl); | |
aad22ba2 MC |
267 | static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, |
268 | void *ptr); | |
64da15c4 BE |
269 | static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, |
270 | const unsigned char *key, | |
271 | const unsigned char *iv, | |
272 | int enc); | |
273 | static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, | |
274 | unsigned char *out, | |
275 | const unsigned char *in, | |
276 | size_t inl); | |
277 | static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | |
278 | int arg, void *ptr); | |
279 | ||
280 | typedef struct { | |
281 | size_t payload_length; /* AAD length in decrypt case */ | |
282 | unsigned int tls_ver; | |
283 | } EVP_AES_HMAC_SHA1; | |
2d5d70b1 | 284 | |
39e8d0ce RL |
285 | static EVP_CIPHER *_hidden_aes_128_cbc = NULL; |
286 | static const EVP_CIPHER *ossltest_aes_128_cbc(void) | |
287 | { | |
288 | if (_hidden_aes_128_cbc == NULL | |
289 | && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, | |
290 | 16 /* block size */, | |
291 | 16 /* key len */)) == NULL | |
292 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) | |
293 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, | |
294 | EVP_CIPH_FLAG_DEFAULT_ASN1 | |
295 | | EVP_CIPH_CBC_MODE) | |
296 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, | |
297 | ossltest_aes128_init_key) | |
298 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, | |
299 | ossltest_aes128_cbc_cipher) | |
300 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, | |
ed576acd | 301 | EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) { |
39e8d0ce RL |
302 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc); |
303 | _hidden_aes_128_cbc = NULL; | |
304 | } | |
305 | return _hidden_aes_128_cbc; | |
306 | } | |
64da15c4 | 307 | |
aad22ba2 | 308 | static EVP_CIPHER *_hidden_aes_128_gcm = NULL; |
ca0b75ad | 309 | |
aad22ba2 MC |
310 | #define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ |
311 | | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | |
312 | | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | |
313 | | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \ | |
314 | | EVP_CIPH_GCM_MODE) | |
ca0b75ad | 315 | |
aad22ba2 MC |
316 | static const EVP_CIPHER *ossltest_aes_128_gcm(void) |
317 | { | |
318 | if (_hidden_aes_128_gcm == NULL | |
319 | && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm, | |
320 | 1 /* block size */, | |
321 | 16 /* key len */)) == NULL | |
322 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12) | |
323 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS) | |
324 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm, | |
325 | ossltest_aes128_gcm_init_key) | |
326 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm, | |
327 | ossltest_aes128_gcm_cipher) | |
328 | || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm, | |
329 | ossltest_aes128_gcm_ctrl) | |
330 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm, | |
ed576acd | 331 | EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { |
aad22ba2 MC |
332 | EVP_CIPHER_meth_free(_hidden_aes_128_gcm); |
333 | _hidden_aes_128_gcm = NULL; | |
334 | } | |
335 | return _hidden_aes_128_gcm; | |
336 | } | |
337 | ||
64da15c4 BE |
338 | static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; |
339 | ||
340 | static const EVP_CIPHER *ossltest_aes_128_cbc_hmac_sha1(void) | |
341 | { | |
342 | if (_hidden_aes_128_cbc_hmac_sha1 == NULL | |
343 | && ((_hidden_aes_128_cbc_hmac_sha1 | |
344 | = EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1, | |
345 | 16 /* block size */, | |
346 | 16 /* key len */)) == NULL | |
347 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) | |
348 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, | |
349 | EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | | |
350 | EVP_CIPH_FLAG_AEAD_CIPHER) | |
351 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, | |
352 | ossltest_aes128_cbc_hmac_sha1_init_key) | |
353 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, | |
354 | ossltest_aes128_cbc_hmac_sha1_cipher) | |
355 | || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, | |
356 | ossltest_aes128_cbc_hmac_sha1_ctrl) | |
357 | || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_128_cbc_hmac_sha1, | |
358 | EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv) | |
359 | || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_128_cbc_hmac_sha1, | |
360 | EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv) | |
361 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, | |
362 | sizeof(EVP_AES_HMAC_SHA1)))) { | |
363 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); | |
364 | _hidden_aes_128_cbc_hmac_sha1 = NULL; | |
365 | } | |
366 | return _hidden_aes_128_cbc_hmac_sha1; | |
367 | } | |
368 | ||
39e8d0ce RL |
369 | static void destroy_ciphers(void) |
370 | { | |
371 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc); | |
aad22ba2 | 372 | EVP_CIPHER_meth_free(_hidden_aes_128_gcm); |
64da15c4 | 373 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); |
39e8d0ce | 374 | _hidden_aes_128_cbc = NULL; |
64da15c4 BE |
375 | _hidden_aes_128_gcm = NULL; |
376 | _hidden_aes_128_cbc_hmac_sha1 = NULL; | |
39e8d0ce | 377 | } |
2d5d70b1 | 378 | |
0a3b330c RL |
379 | /* Key loading */ |
380 | static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub, | |
381 | UI_METHOD *ui_method, void *ui_data) | |
382 | { | |
383 | BIO *in; | |
384 | EVP_PKEY *key; | |
385 | ||
386 | if (strncasecmp(key_id, "ot:", 3) != 0) | |
387 | return NULL; | |
388 | key_id += 3; | |
389 | ||
390 | fprintf(stderr, "[ossltest]Loading %s key %s\n", | |
391 | pub ? "Public" : "Private", key_id); | |
392 | in = BIO_new_file(key_id, "r"); | |
393 | if (!in) | |
394 | return NULL; | |
395 | if (pub) | |
396 | key = PEM_read_bio_PUBKEY(in, NULL, 0, NULL); | |
397 | else | |
398 | key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); | |
399 | BIO_free(in); | |
400 | return key; | |
401 | } | |
402 | ||
403 | static EVP_PKEY *ossltest_load_privkey(ENGINE *eng, const char *key_id, | |
404 | UI_METHOD *ui_method, void *ui_data) | |
405 | { | |
406 | return load_key(eng, key_id, 0, ui_method, ui_data); | |
407 | } | |
408 | ||
409 | static EVP_PKEY *ossltest_load_pubkey(ENGINE *eng, const char *key_id, | |
410 | UI_METHOD *ui_method, void *ui_data) | |
411 | { | |
412 | return load_key(eng, key_id, 1, ui_method, ui_data); | |
413 | } | |
414 | ||
415 | ||
2d5d70b1 MC |
416 | static int bind_ossltest(ENGINE *e) |
417 | { | |
418 | /* Ensure the ossltest error handling is set up */ | |
419 | ERR_load_OSSLTEST_strings(); | |
420 | ||
421 | if (!ENGINE_set_id(e, engine_ossltest_id) | |
422 | || !ENGINE_set_name(e, engine_ossltest_name) | |
423 | || !ENGINE_set_digests(e, ossltest_digests) | |
424 | || !ENGINE_set_ciphers(e, ossltest_ciphers) | |
c57c32a8 | 425 | || !ENGINE_set_RAND(e, ossltest_rand_method()) |
2d5d70b1 | 426 | || !ENGINE_set_destroy_function(e, ossltest_destroy) |
0a3b330c RL |
427 | || !ENGINE_set_load_privkey_function(e, ossltest_load_privkey) |
428 | || !ENGINE_set_load_pubkey_function(e, ossltest_load_pubkey) | |
2d5d70b1 MC |
429 | || !ENGINE_set_init_function(e, ossltest_init) |
430 | || !ENGINE_set_finish_function(e, ossltest_finish)) { | |
431 | OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED); | |
432 | return 0; | |
433 | } | |
434 | ||
435 | return 1; | |
436 | } | |
437 | ||
c0cbb4c1 | 438 | #ifndef OPENSSL_NO_DYNAMIC_ENGINE |
2d5d70b1 MC |
439 | static int bind_helper(ENGINE *e, const char *id) |
440 | { | |
441 | if (id && (strcmp(id, engine_ossltest_id) != 0)) | |
442 | return 0; | |
443 | if (!bind_ossltest(e)) | |
444 | return 0; | |
445 | return 1; | |
446 | } | |
447 | ||
448 | IMPLEMENT_DYNAMIC_CHECK_FN() | |
449 | IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) | |
c0cbb4c1 RL |
450 | #endif |
451 | ||
2d5d70b1 MC |
452 | static ENGINE *engine_ossltest(void) |
453 | { | |
454 | ENGINE *ret = ENGINE_new(); | |
55646005 | 455 | if (ret == NULL) |
2d5d70b1 MC |
456 | return NULL; |
457 | if (!bind_ossltest(ret)) { | |
458 | ENGINE_free(ret); | |
459 | return NULL; | |
460 | } | |
461 | return ret; | |
462 | } | |
463 | ||
464 | void ENGINE_load_ossltest(void) | |
465 | { | |
466 | /* Copied from eng_[openssl|dyn].c */ | |
467 | ENGINE *toadd = engine_ossltest(); | |
468 | if (!toadd) | |
469 | return; | |
470 | ENGINE_add(toadd); | |
471 | ENGINE_free(toadd); | |
472 | ERR_clear_error(); | |
473 | } | |
2d5d70b1 MC |
474 | |
475 | ||
476 | static int ossltest_init(ENGINE *e) | |
477 | { | |
478 | return 1; | |
479 | } | |
480 | ||
481 | ||
482 | static int ossltest_finish(ENGINE *e) | |
483 | { | |
484 | return 1; | |
485 | } | |
486 | ||
487 | ||
488 | static int ossltest_destroy(ENGINE *e) | |
489 | { | |
cddcea8c | 490 | destroy_digests(); |
39e8d0ce | 491 | destroy_ciphers(); |
2d5d70b1 MC |
492 | ERR_unload_OSSLTEST_strings(); |
493 | return 1; | |
494 | } | |
495 | ||
496 | static int ossltest_digests(ENGINE *e, const EVP_MD **digest, | |
497 | const int **nids, int nid) | |
498 | { | |
499 | int ok = 1; | |
500 | if (!digest) { | |
501 | /* We are returning a list of supported nids */ | |
cddcea8c | 502 | return ossltest_digest_nids(nids); |
2d5d70b1 MC |
503 | } |
504 | /* We are being asked for a specific digest */ | |
505 | switch (nid) { | |
506 | case NID_md5: | |
cddcea8c | 507 | *digest = digest_md5(); |
2d5d70b1 MC |
508 | break; |
509 | case NID_sha1: | |
cddcea8c | 510 | *digest = digest_sha1(); |
2d5d70b1 MC |
511 | break; |
512 | case NID_sha256: | |
cddcea8c | 513 | *digest = digest_sha256(); |
2d5d70b1 MC |
514 | break; |
515 | case NID_sha384: | |
cddcea8c | 516 | *digest = digest_sha384(); |
2d5d70b1 MC |
517 | break; |
518 | case NID_sha512: | |
cddcea8c | 519 | *digest = digest_sha512(); |
2d5d70b1 MC |
520 | break; |
521 | default: | |
522 | ok = 0; | |
523 | *digest = NULL; | |
524 | break; | |
525 | } | |
526 | return ok; | |
527 | } | |
528 | ||
529 | static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
530 | const int **nids, int nid) | |
531 | { | |
532 | int ok = 1; | |
533 | if (!cipher) { | |
534 | /* We are returning a list of supported nids */ | |
535 | *nids = ossltest_cipher_nids; | |
536 | return (sizeof(ossltest_cipher_nids) - 1) | |
537 | / sizeof(ossltest_cipher_nids[0]); | |
538 | } | |
539 | /* We are being asked for a specific cipher */ | |
540 | switch (nid) { | |
541 | case NID_aes_128_cbc: | |
39e8d0ce | 542 | *cipher = ossltest_aes_128_cbc(); |
2d5d70b1 | 543 | break; |
aad22ba2 MC |
544 | case NID_aes_128_gcm: |
545 | *cipher = ossltest_aes_128_gcm(); | |
546 | break; | |
64da15c4 BE |
547 | case NID_aes_128_cbc_hmac_sha1: |
548 | *cipher = ossltest_aes_128_cbc_hmac_sha1(); | |
549 | break; | |
2d5d70b1 MC |
550 | default: |
551 | ok = 0; | |
552 | *cipher = NULL; | |
553 | break; | |
554 | } | |
555 | return ok; | |
556 | } | |
557 | ||
558 | static void fill_known_data(unsigned char *md, unsigned int len) | |
559 | { | |
560 | unsigned int i; | |
561 | ||
562 | for (i=0; i<len; i++) { | |
563 | md[i] = (unsigned char)(i & 0xff); | |
564 | } | |
565 | } | |
566 | ||
567 | /* | |
568 | * MD5 implementation. We go through the motions of doing MD5 by deferring to | |
569 | * the standard implementation. Then we overwrite the result with a will defined | |
570 | * value, so that all "MD5" digests using the test engine always end up with | |
571 | * the same value. | |
572 | */ | |
2d5d70b1 MC |
573 | static int digest_md5_init(EVP_MD_CTX *ctx) |
574 | { | |
85d843c8 | 575 | return EVP_MD_meth_get_init(EVP_md5())(ctx); |
2d5d70b1 MC |
576 | } |
577 | ||
578 | static int digest_md5_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 579 | size_t count) |
2d5d70b1 | 580 | { |
85d843c8 | 581 | return EVP_MD_meth_get_update(EVP_md5())(ctx, data, count); |
2d5d70b1 MC |
582 | } |
583 | ||
584 | static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md) | |
585 | { | |
85d843c8 | 586 | int ret = EVP_MD_meth_get_final(EVP_md5())(ctx, md); |
2d5d70b1 MC |
587 | |
588 | if (ret > 0) { | |
589 | fill_known_data(md, MD5_DIGEST_LENGTH); | |
590 | } | |
591 | return ret; | |
592 | } | |
593 | ||
594 | /* | |
595 | * SHA1 implementation. | |
596 | */ | |
2d5d70b1 MC |
597 | static int digest_sha1_init(EVP_MD_CTX *ctx) |
598 | { | |
85d843c8 | 599 | return EVP_MD_meth_get_init(EVP_sha1())(ctx); |
2d5d70b1 MC |
600 | } |
601 | ||
602 | static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 603 | size_t count) |
2d5d70b1 | 604 | { |
85d843c8 | 605 | return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count); |
2d5d70b1 MC |
606 | } |
607 | ||
608 | static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) | |
609 | { | |
85d843c8 | 610 | int ret = EVP_MD_meth_get_final(EVP_sha1())(ctx, md); |
2d5d70b1 MC |
611 | |
612 | if (ret > 0) { | |
613 | fill_known_data(md, SHA_DIGEST_LENGTH); | |
614 | } | |
615 | return ret; | |
616 | } | |
617 | ||
618 | /* | |
619 | * SHA256 implementation. | |
620 | */ | |
2d5d70b1 MC |
621 | static int digest_sha256_init(EVP_MD_CTX *ctx) |
622 | { | |
85d843c8 | 623 | return EVP_MD_meth_get_init(EVP_sha256())(ctx); |
2d5d70b1 MC |
624 | } |
625 | ||
626 | static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 627 | size_t count) |
2d5d70b1 | 628 | { |
85d843c8 | 629 | return EVP_MD_meth_get_update(EVP_sha256())(ctx, data, count); |
2d5d70b1 MC |
630 | } |
631 | ||
632 | static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) | |
633 | { | |
85d843c8 | 634 | int ret = EVP_MD_meth_get_final(EVP_sha256())(ctx, md); |
2d5d70b1 MC |
635 | |
636 | if (ret > 0) { | |
637 | fill_known_data(md, SHA256_DIGEST_LENGTH); | |
638 | } | |
639 | return ret; | |
640 | } | |
641 | ||
642 | /* | |
85d843c8 | 643 | * SHA384 implementation. |
2d5d70b1 | 644 | */ |
2d5d70b1 MC |
645 | static int digest_sha384_init(EVP_MD_CTX *ctx) |
646 | { | |
85d843c8 | 647 | return EVP_MD_meth_get_init(EVP_sha384())(ctx); |
2d5d70b1 MC |
648 | } |
649 | ||
85d843c8 | 650 | static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data, |
16a9542a | 651 | size_t count) |
2d5d70b1 | 652 | { |
85d843c8 | 653 | return EVP_MD_meth_get_update(EVP_sha384())(ctx, data, count); |
2d5d70b1 MC |
654 | } |
655 | ||
656 | static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md) | |
657 | { | |
85d843c8 | 658 | int ret = EVP_MD_meth_get_final(EVP_sha384())(ctx, md); |
2d5d70b1 MC |
659 | |
660 | if (ret > 0) { | |
661 | fill_known_data(md, SHA384_DIGEST_LENGTH); | |
662 | } | |
663 | return ret; | |
664 | } | |
665 | ||
85d843c8 P |
666 | /* |
667 | * SHA512 implementation. | |
668 | */ | |
669 | static int digest_sha512_init(EVP_MD_CTX *ctx) | |
670 | { | |
671 | return EVP_MD_meth_get_init(EVP_sha512())(ctx); | |
672 | } | |
673 | ||
674 | static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, | |
675 | size_t count) | |
676 | { | |
677 | return EVP_MD_meth_get_update(EVP_sha512())(ctx, data, count); | |
678 | } | |
679 | ||
2d5d70b1 MC |
680 | static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md) |
681 | { | |
85d843c8 | 682 | int ret = EVP_MD_meth_get_final(EVP_sha512())(ctx, md); |
2d5d70b1 MC |
683 | |
684 | if (ret > 0) { | |
685 | fill_known_data(md, SHA512_DIGEST_LENGTH); | |
686 | } | |
687 | return ret; | |
688 | } | |
689 | ||
690 | /* | |
691 | * AES128 Implementation | |
692 | */ | |
693 | ||
64da15c4 BE |
694 | static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, |
695 | const unsigned char *key, | |
696 | const unsigned char *iv, int enc) | |
2d5d70b1 | 697 | { |
39e8d0ce | 698 | return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc); |
2d5d70b1 MC |
699 | } |
700 | ||
64da15c4 BE |
701 | static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
702 | const unsigned char *in, size_t inl) | |
2d5d70b1 MC |
703 | { |
704 | unsigned char *tmpbuf; | |
705 | int ret; | |
706 | ||
707 | tmpbuf = OPENSSL_malloc(inl); | |
04e3bb04 MC |
708 | |
709 | /* OPENSSL_malloc will return NULL if inl == 0 */ | |
710 | if (tmpbuf == NULL && inl > 0) | |
2d5d70b1 MC |
711 | return -1; |
712 | ||
713 | /* Remember what we were asked to encrypt */ | |
04e3bb04 MC |
714 | if (tmpbuf != NULL) |
715 | memcpy(tmpbuf, in, inl); | |
2d5d70b1 MC |
716 | |
717 | /* Go through the motions of encrypting it */ | |
39e8d0ce | 718 | ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl); |
2d5d70b1 MC |
719 | |
720 | /* Throw it all away and just use the plaintext as the output */ | |
04e3bb04 MC |
721 | if (tmpbuf != NULL) |
722 | memcpy(out, tmpbuf, inl); | |
2d5d70b1 MC |
723 | OPENSSL_free(tmpbuf); |
724 | ||
725 | return ret; | |
726 | } | |
aad22ba2 | 727 | |
64da15c4 BE |
728 | static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, |
729 | const unsigned char *key, | |
730 | const unsigned char *iv, int enc) | |
aad22ba2 MC |
731 | { |
732 | return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc); | |
733 | } | |
734 | ||
64da15c4 BE |
735 | static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
736 | const unsigned char *in, size_t inl) | |
aad22ba2 | 737 | { |
bebc0c7d | 738 | unsigned char *tmpbuf = OPENSSL_malloc(inl); |
aad22ba2 | 739 | |
6606d600 | 740 | /* OPENSSL_malloc will return NULL if inl == 0 */ |
bebc0c7d | 741 | if (tmpbuf == NULL && inl > 0) |
aad22ba2 MC |
742 | return -1; |
743 | ||
744 | /* Remember what we were asked to encrypt */ | |
04e3bb04 MC |
745 | if (tmpbuf != NULL) |
746 | memcpy(tmpbuf, in, inl); | |
aad22ba2 MC |
747 | |
748 | /* Go through the motions of encrypting it */ | |
749 | EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl); | |
750 | ||
6606d600 | 751 | /* Throw it all away and just use the plaintext as the output */ |
3295d242 | 752 | if (tmpbuf != NULL && out != NULL) |
04e3bb04 | 753 | memcpy(out, tmpbuf, inl); |
aad22ba2 MC |
754 | OPENSSL_free(tmpbuf); |
755 | ||
bebc0c7d | 756 | return inl; |
aad22ba2 MC |
757 | } |
758 | ||
759 | static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | |
760 | void *ptr) | |
761 | { | |
aad22ba2 | 762 | /* Pass the ctrl down */ |
6606d600 | 763 | int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr); |
bebc0c7d MC |
764 | |
765 | if (ret <= 0) | |
766 | return ret; | |
767 | ||
1287dabd | 768 | switch (type) { |
bebc0c7d MC |
769 | case EVP_CTRL_AEAD_GET_TAG: |
770 | /* Always give the same tag */ | |
771 | memset(ptr, 0, EVP_GCM_TLS_TAG_LEN); | |
772 | break; | |
773 | ||
774 | default: | |
775 | break; | |
776 | } | |
777 | ||
778 | return 1; | |
aad22ba2 | 779 | } |
c57c32a8 | 780 | |
64da15c4 BE |
781 | #define NO_PAYLOAD_LENGTH ((size_t)-1) |
782 | # define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) | |
783 | ||
784 | static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, | |
785 | const unsigned char *inkey, | |
786 | const unsigned char *iv, | |
787 | int enc) | |
788 | { | |
789 | EVP_AES_HMAC_SHA1 *key = data(ctx); | |
790 | key->payload_length = NO_PAYLOAD_LENGTH; | |
791 | return 1; | |
792 | } | |
793 | ||
794 | static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, | |
795 | unsigned char *out, | |
796 | const unsigned char *in, | |
797 | size_t len) | |
798 | { | |
799 | EVP_AES_HMAC_SHA1 *key = data(ctx); | |
800 | unsigned int l; | |
801 | size_t plen = key->payload_length; | |
802 | ||
803 | key->payload_length = NO_PAYLOAD_LENGTH; | |
804 | ||
805 | if (len % AES_BLOCK_SIZE) | |
806 | return 0; | |
807 | ||
808 | if (EVP_CIPHER_CTX_is_encrypting(ctx)) { | |
809 | if (plen == NO_PAYLOAD_LENGTH) | |
810 | plen = len; | |
811 | else if (len != | |
812 | ((plen + SHA_DIGEST_LENGTH + | |
813 | AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) | |
814 | return 0; | |
815 | ||
816 | memmove(out, in, plen); | |
817 | ||
818 | if (plen != len) { /* "TLS" mode of operation */ | |
819 | /* calculate HMAC and append it to payload */ | |
820 | fill_known_data(out + plen, SHA_DIGEST_LENGTH); | |
821 | ||
822 | /* pad the payload|hmac */ | |
823 | plen += SHA_DIGEST_LENGTH; | |
824 | for (l = len - plen - 1; plen < len; plen++) | |
825 | out[plen] = l; | |
826 | } | |
827 | } else { | |
828 | /* decrypt HMAC|padding at once */ | |
829 | memmove(out, in, len); | |
830 | ||
831 | if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ | |
832 | unsigned int maxpad, pad; | |
833 | ||
834 | if (key->tls_ver >= TLS1_1_VERSION) { | |
835 | if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1)) | |
836 | return 0; | |
837 | ||
838 | /* omit explicit iv */ | |
839 | in += AES_BLOCK_SIZE; | |
840 | out += AES_BLOCK_SIZE; | |
841 | len -= AES_BLOCK_SIZE; | |
842 | } else if (len < (SHA_DIGEST_LENGTH + 1)) | |
843 | return 0; | |
844 | ||
845 | /* figure out payload length */ | |
846 | pad = out[len - 1]; | |
847 | maxpad = len - (SHA_DIGEST_LENGTH + 1); | |
848 | if (pad > maxpad) | |
849 | return 0; | |
850 | for (plen = len - pad - 1; plen < len; plen++) | |
851 | if (out[plen] != pad) | |
852 | return 0; | |
853 | } | |
854 | } | |
855 | ||
856 | return 1; | |
857 | } | |
858 | ||
859 | static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | |
860 | int arg, void *ptr) | |
861 | { | |
862 | EVP_AES_HMAC_SHA1 *key = data(ctx); | |
863 | ||
864 | switch (type) { | |
865 | case EVP_CTRL_AEAD_SET_MAC_KEY: | |
866 | return 1; | |
867 | ||
868 | case EVP_CTRL_AEAD_TLS1_AAD: | |
869 | { | |
870 | unsigned char *p = ptr; | |
871 | unsigned int len; | |
872 | ||
873 | if (arg != EVP_AEAD_TLS1_AAD_LEN) | |
874 | return -1; | |
875 | ||
876 | len = p[arg - 2] << 8 | p[arg - 1]; | |
877 | key->tls_ver = p[arg - 4] << 8 | p[arg - 3]; | |
878 | ||
879 | if (EVP_CIPHER_CTX_is_encrypting(ctx)) { | |
880 | key->payload_length = len; | |
881 | if (key->tls_ver >= TLS1_1_VERSION) { | |
882 | if (len < AES_BLOCK_SIZE) | |
883 | return 0; | |
884 | len -= AES_BLOCK_SIZE; | |
885 | p[arg - 2] = len >> 8; | |
886 | p[arg - 1] = len; | |
887 | } | |
888 | ||
889 | return (int)(((len + SHA_DIGEST_LENGTH + | |
890 | AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) | |
891 | - len); | |
892 | } else { | |
893 | key->payload_length = arg; | |
894 | ||
895 | return SHA_DIGEST_LENGTH; | |
896 | } | |
897 | } | |
898 | default: | |
899 | return -1; | |
900 | } | |
901 | } | |
902 | ||
c57c32a8 DSH |
903 | static int ossltest_rand_bytes(unsigned char *buf, int num) |
904 | { | |
905 | unsigned char val = 1; | |
906 | ||
907 | while (--num >= 0) | |
908 | *buf++ = val++; | |
909 | return 1; | |
910 | } | |
911 | ||
912 | static int ossltest_rand_status(void) | |
913 | { | |
914 | return 1; | |
915 | } | |
916 | ||
917 | static const RAND_METHOD *ossltest_rand_method(void) | |
918 | { | |
919 | ||
920 | static RAND_METHOD osslt_rand_meth = { | |
921 | NULL, | |
922 | ossltest_rand_bytes, | |
923 | NULL, | |
924 | NULL, | |
925 | ossltest_rand_bytes, | |
926 | ossltest_rand_status | |
927 | }; | |
928 | ||
929 | return &osslt_rand_meth; | |
930 | } |