]>
Commit | Line | Data |
---|---|---|
2d5d70b1 | 1 | /* |
38fc02a7 | 2 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. |
2d5d70b1 | 3 | * |
ab3fa1c0 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
440e5d80 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
2d5d70b1 MC |
8 | */ |
9 | ||
10 | /* | |
11 | * This is the OSSLTEST engine. It provides deliberately crippled digest | |
12 | * implementations for test purposes. It is highly insecure and must NOT be | |
13 | * used for any purpose except testing | |
14 | */ | |
15 | ||
cf8e8cba P |
16 | /* We need to use some engine deprecated APIs */ |
17 | #define OPENSSL_SUPPRESS_DEPRECATED | |
18 | ||
85d843c8 P |
19 | /* |
20 | * SHA low level APIs are deprecated for public use, but still ok for | |
21 | * internal use. Note, that due to symbols not being exported, only the | |
22 | * #defines and type definitions can be accessed, function calls are not | |
23 | * available. The digest lengths, block sizes and sizeof(CTX) are used herein | |
24 | * for several different digests. | |
25 | */ | |
26 | #include "internal/deprecated.h" | |
27 | ||
2d5d70b1 MC |
28 | #include <stdio.h> |
29 | #include <string.h> | |
747adb6a | 30 | #include "internal/cryptlib.h" |
2d5d70b1 MC |
31 | |
32 | #include <openssl/engine.h> | |
33 | #include <openssl/sha.h> | |
34 | #include <openssl/md5.h> | |
35 | #include <openssl/rsa.h> | |
36 | #include <openssl/evp.h> | |
37 | #include <openssl/modes.h> | |
38 | #include <openssl/aes.h> | |
c57c32a8 | 39 | #include <openssl/rand.h> |
7b9f8f7f | 40 | #include <openssl/crypto.h> |
0a3b330c | 41 | #include <openssl/pem.h> |
64da15c4 | 42 | #include <crypto/evp.h> |
2d5d70b1 | 43 | |
2d5d70b1 MC |
44 | #include "e_ossltest_err.c" |
45 | ||
46 | /* Engine Id and Name */ | |
47 | static const char *engine_ossltest_id = "ossltest"; | |
48 | static const char *engine_ossltest_name = "OpenSSL Test engine support"; | |
49 | ||
50 | ||
51 | /* Engine Lifetime functions */ | |
52 | static int ossltest_destroy(ENGINE *e); | |
53 | static int ossltest_init(ENGINE *e); | |
54 | static int ossltest_finish(ENGINE *e); | |
55 | void ENGINE_load_ossltest(void); | |
56 | ||
57 | ||
58 | /* Set up digests */ | |
59 | static int ossltest_digests(ENGINE *e, const EVP_MD **digest, | |
60 | const int **nids, int nid); | |
c57c32a8 | 61 | static const RAND_METHOD *ossltest_rand_method(void); |
2d5d70b1 | 62 | |
2d5d70b1 MC |
63 | /* MD5 */ |
64 | static int digest_md5_init(EVP_MD_CTX *ctx); | |
65 | static int digest_md5_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 66 | size_t count); |
2d5d70b1 MC |
67 | static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md); |
68 | ||
cddcea8c RL |
69 | static EVP_MD *_hidden_md5_md = NULL; |
70 | static const EVP_MD *digest_md5(void) | |
71 | { | |
72 | if (_hidden_md5_md == NULL) { | |
73 | EVP_MD *md; | |
74 | ||
75 | if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL | |
76 | || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH) | |
77 | || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK) | |
78 | || !EVP_MD_meth_set_app_datasize(md, | |
79 | sizeof(EVP_MD *) + sizeof(MD5_CTX)) | |
80 | || !EVP_MD_meth_set_flags(md, 0) | |
81 | || !EVP_MD_meth_set_init(md, digest_md5_init) | |
82 | || !EVP_MD_meth_set_update(md, digest_md5_update) | |
83 | || !EVP_MD_meth_set_final(md, digest_md5_final)) { | |
84 | EVP_MD_meth_free(md); | |
85 | md = NULL; | |
86 | } | |
87 | _hidden_md5_md = md; | |
88 | } | |
89 | return _hidden_md5_md; | |
90 | } | |
2d5d70b1 MC |
91 | |
92 | /* SHA1 */ | |
93 | static int digest_sha1_init(EVP_MD_CTX *ctx); | |
94 | static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 95 | size_t count); |
2d5d70b1 MC |
96 | static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); |
97 | ||
cddcea8c RL |
98 | static EVP_MD *_hidden_sha1_md = NULL; |
99 | static const EVP_MD *digest_sha1(void) | |
100 | { | |
101 | if (_hidden_sha1_md == NULL) { | |
102 | EVP_MD *md; | |
103 | ||
104 | if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL | |
105 | || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) | |
106 | || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) | |
107 | || !EVP_MD_meth_set_app_datasize(md, | |
108 | sizeof(EVP_MD *) + sizeof(SHA_CTX)) | |
109 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
110 | || !EVP_MD_meth_set_init(md, digest_sha1_init) | |
111 | || !EVP_MD_meth_set_update(md, digest_sha1_update) | |
112 | || !EVP_MD_meth_set_final(md, digest_sha1_final)) { | |
113 | EVP_MD_meth_free(md); | |
114 | md = NULL; | |
115 | } | |
116 | _hidden_sha1_md = md; | |
117 | } | |
118 | return _hidden_sha1_md; | |
119 | } | |
2d5d70b1 MC |
120 | |
121 | /* SHA256 */ | |
122 | static int digest_sha256_init(EVP_MD_CTX *ctx); | |
123 | static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 124 | size_t count); |
2d5d70b1 MC |
125 | static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md); |
126 | ||
cddcea8c RL |
127 | static EVP_MD *_hidden_sha256_md = NULL; |
128 | static const EVP_MD *digest_sha256(void) | |
129 | { | |
130 | if (_hidden_sha256_md == NULL) { | |
131 | EVP_MD *md; | |
132 | ||
133 | if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL | |
134 | || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH) | |
135 | || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK) | |
136 | || !EVP_MD_meth_set_app_datasize(md, | |
137 | sizeof(EVP_MD *) + sizeof(SHA256_CTX)) | |
138 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
139 | || !EVP_MD_meth_set_init(md, digest_sha256_init) | |
140 | || !EVP_MD_meth_set_update(md, digest_sha256_update) | |
141 | || !EVP_MD_meth_set_final(md, digest_sha256_final)) { | |
142 | EVP_MD_meth_free(md); | |
143 | md = NULL; | |
144 | } | |
145 | _hidden_sha256_md = md; | |
146 | } | |
147 | return _hidden_sha256_md; | |
148 | } | |
2d5d70b1 MC |
149 | |
150 | /* SHA384/SHA512 */ | |
151 | static int digest_sha384_init(EVP_MD_CTX *ctx); | |
85d843c8 P |
152 | static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data, |
153 | size_t count); | |
154 | static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md); | |
155 | ||
2d5d70b1 MC |
156 | static int digest_sha512_init(EVP_MD_CTX *ctx); |
157 | static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 158 | size_t count); |
2d5d70b1 MC |
159 | static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md); |
160 | ||
cddcea8c RL |
161 | static EVP_MD *_hidden_sha384_md = NULL; |
162 | static const EVP_MD *digest_sha384(void) | |
163 | { | |
164 | if (_hidden_sha384_md == NULL) { | |
165 | EVP_MD *md; | |
166 | ||
167 | if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL | |
168 | || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH) | |
169 | || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) | |
170 | || !EVP_MD_meth_set_app_datasize(md, | |
171 | sizeof(EVP_MD *) + sizeof(SHA512_CTX)) | |
172 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
173 | || !EVP_MD_meth_set_init(md, digest_sha384_init) | |
85d843c8 | 174 | || !EVP_MD_meth_set_update(md, digest_sha384_update) |
cddcea8c RL |
175 | || !EVP_MD_meth_set_final(md, digest_sha384_final)) { |
176 | EVP_MD_meth_free(md); | |
177 | md = NULL; | |
178 | } | |
179 | _hidden_sha384_md = md; | |
180 | } | |
181 | return _hidden_sha384_md; | |
182 | } | |
183 | static EVP_MD *_hidden_sha512_md = NULL; | |
184 | static const EVP_MD *digest_sha512(void) | |
185 | { | |
186 | if (_hidden_sha512_md == NULL) { | |
187 | EVP_MD *md; | |
188 | ||
189 | if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL | |
190 | || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH) | |
191 | || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) | |
192 | || !EVP_MD_meth_set_app_datasize(md, | |
193 | sizeof(EVP_MD *) + sizeof(SHA512_CTX)) | |
194 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) | |
195 | || !EVP_MD_meth_set_init(md, digest_sha512_init) | |
196 | || !EVP_MD_meth_set_update(md, digest_sha512_update) | |
197 | || !EVP_MD_meth_set_final(md, digest_sha512_final)) { | |
198 | EVP_MD_meth_free(md); | |
199 | md = NULL; | |
200 | } | |
201 | _hidden_sha512_md = md; | |
202 | } | |
203 | return _hidden_sha512_md; | |
204 | } | |
205 | static void destroy_digests(void) | |
206 | { | |
207 | EVP_MD_meth_free(_hidden_md5_md); | |
208 | _hidden_md5_md = NULL; | |
209 | EVP_MD_meth_free(_hidden_sha1_md); | |
210 | _hidden_sha1_md = NULL; | |
211 | EVP_MD_meth_free(_hidden_sha256_md); | |
212 | _hidden_sha256_md = NULL; | |
213 | EVP_MD_meth_free(_hidden_sha384_md); | |
214 | _hidden_sha384_md = NULL; | |
215 | EVP_MD_meth_free(_hidden_sha512_md); | |
216 | _hidden_sha512_md = NULL; | |
217 | } | |
218 | static int ossltest_digest_nids(const int **nids) | |
219 | { | |
220 | static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 }; | |
221 | static int pos = 0; | |
222 | static int init = 0; | |
223 | ||
224 | if (!init) { | |
225 | const EVP_MD *md; | |
226 | if ((md = digest_md5()) != NULL) | |
ed576acd | 227 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 228 | if ((md = digest_sha1()) != NULL) |
ed576acd | 229 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 230 | if ((md = digest_sha256()) != NULL) |
ed576acd | 231 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 232 | if ((md = digest_sha384()) != NULL) |
ed576acd | 233 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c | 234 | if ((md = digest_sha512()) != NULL) |
ed576acd | 235 | digest_nids[pos++] = EVP_MD_get_type(md); |
cddcea8c RL |
236 | digest_nids[pos] = 0; |
237 | init = 1; | |
238 | } | |
239 | *nids = digest_nids; | |
240 | return pos; | |
241 | } | |
2d5d70b1 MC |
242 | |
243 | /* Setup ciphers */ | |
244 | static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, | |
245 | const int **, int); | |
246 | ||
247 | static int ossltest_cipher_nids[] = { | |
64da15c4 BE |
248 | NID_aes_128_cbc, NID_aes_128_gcm, |
249 | NID_aes_128_cbc_hmac_sha1, 0 | |
2d5d70b1 MC |
250 | }; |
251 | ||
252 | /* AES128 */ | |
253 | ||
64da15c4 BE |
254 | static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, |
255 | const unsigned char *key, | |
256 | const unsigned char *iv, int enc); | |
257 | static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
258 | const unsigned char *in, size_t inl); | |
259 | static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, | |
260 | const unsigned char *key, | |
261 | const unsigned char *iv, int enc); | |
262 | static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
263 | const unsigned char *in, size_t inl); | |
aad22ba2 MC |
264 | static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, |
265 | void *ptr); | |
64da15c4 BE |
266 | static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, |
267 | const unsigned char *key, | |
268 | const unsigned char *iv, | |
269 | int enc); | |
270 | static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, | |
271 | unsigned char *out, | |
272 | const unsigned char *in, | |
273 | size_t inl); | |
274 | static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | |
275 | int arg, void *ptr); | |
276 | ||
277 | typedef struct { | |
278 | size_t payload_length; /* AAD length in decrypt case */ | |
279 | unsigned int tls_ver; | |
280 | } EVP_AES_HMAC_SHA1; | |
2d5d70b1 | 281 | |
39e8d0ce RL |
282 | static EVP_CIPHER *_hidden_aes_128_cbc = NULL; |
283 | static const EVP_CIPHER *ossltest_aes_128_cbc(void) | |
284 | { | |
285 | if (_hidden_aes_128_cbc == NULL | |
286 | && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, | |
287 | 16 /* block size */, | |
288 | 16 /* key len */)) == NULL | |
289 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) | |
290 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, | |
291 | EVP_CIPH_FLAG_DEFAULT_ASN1 | |
292 | | EVP_CIPH_CBC_MODE) | |
293 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, | |
294 | ossltest_aes128_init_key) | |
295 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, | |
296 | ossltest_aes128_cbc_cipher) | |
297 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, | |
ed576acd | 298 | EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) { |
39e8d0ce RL |
299 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc); |
300 | _hidden_aes_128_cbc = NULL; | |
301 | } | |
302 | return _hidden_aes_128_cbc; | |
303 | } | |
64da15c4 | 304 | |
aad22ba2 | 305 | static EVP_CIPHER *_hidden_aes_128_gcm = NULL; |
ca0b75ad | 306 | |
aad22ba2 MC |
307 | #define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ |
308 | | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | |
309 | | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | |
310 | | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \ | |
311 | | EVP_CIPH_GCM_MODE) | |
ca0b75ad | 312 | |
aad22ba2 MC |
313 | static const EVP_CIPHER *ossltest_aes_128_gcm(void) |
314 | { | |
315 | if (_hidden_aes_128_gcm == NULL | |
316 | && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm, | |
317 | 1 /* block size */, | |
318 | 16 /* key len */)) == NULL | |
319 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12) | |
320 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS) | |
321 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm, | |
322 | ossltest_aes128_gcm_init_key) | |
323 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm, | |
324 | ossltest_aes128_gcm_cipher) | |
325 | || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm, | |
326 | ossltest_aes128_gcm_ctrl) | |
327 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm, | |
ed576acd | 328 | EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { |
aad22ba2 MC |
329 | EVP_CIPHER_meth_free(_hidden_aes_128_gcm); |
330 | _hidden_aes_128_gcm = NULL; | |
331 | } | |
332 | return _hidden_aes_128_gcm; | |
333 | } | |
334 | ||
64da15c4 BE |
335 | static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; |
336 | ||
337 | static const EVP_CIPHER *ossltest_aes_128_cbc_hmac_sha1(void) | |
338 | { | |
339 | if (_hidden_aes_128_cbc_hmac_sha1 == NULL | |
340 | && ((_hidden_aes_128_cbc_hmac_sha1 | |
341 | = EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1, | |
342 | 16 /* block size */, | |
343 | 16 /* key len */)) == NULL | |
344 | || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) | |
345 | || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, | |
346 | EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | | |
347 | EVP_CIPH_FLAG_AEAD_CIPHER) | |
348 | || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, | |
349 | ossltest_aes128_cbc_hmac_sha1_init_key) | |
350 | || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, | |
351 | ossltest_aes128_cbc_hmac_sha1_cipher) | |
352 | || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, | |
353 | ossltest_aes128_cbc_hmac_sha1_ctrl) | |
354 | || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_128_cbc_hmac_sha1, | |
355 | EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv) | |
356 | || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_128_cbc_hmac_sha1, | |
357 | EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv) | |
358 | || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, | |
359 | sizeof(EVP_AES_HMAC_SHA1)))) { | |
360 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); | |
361 | _hidden_aes_128_cbc_hmac_sha1 = NULL; | |
362 | } | |
363 | return _hidden_aes_128_cbc_hmac_sha1; | |
364 | } | |
365 | ||
39e8d0ce RL |
366 | static void destroy_ciphers(void) |
367 | { | |
368 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc); | |
aad22ba2 | 369 | EVP_CIPHER_meth_free(_hidden_aes_128_gcm); |
64da15c4 | 370 | EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); |
39e8d0ce | 371 | _hidden_aes_128_cbc = NULL; |
64da15c4 BE |
372 | _hidden_aes_128_gcm = NULL; |
373 | _hidden_aes_128_cbc_hmac_sha1 = NULL; | |
39e8d0ce | 374 | } |
2d5d70b1 | 375 | |
0a3b330c RL |
376 | /* Key loading */ |
377 | static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub, | |
378 | UI_METHOD *ui_method, void *ui_data) | |
379 | { | |
380 | BIO *in; | |
381 | EVP_PKEY *key; | |
382 | ||
747adb6a | 383 | if (!CHECK_AND_SKIP_CASE_PREFIX(key_id, "ot:")) |
0a3b330c | 384 | return NULL; |
0a3b330c RL |
385 | |
386 | fprintf(stderr, "[ossltest]Loading %s key %s\n", | |
387 | pub ? "Public" : "Private", key_id); | |
388 | in = BIO_new_file(key_id, "r"); | |
389 | if (!in) | |
390 | return NULL; | |
391 | if (pub) | |
392 | key = PEM_read_bio_PUBKEY(in, NULL, 0, NULL); | |
393 | else | |
394 | key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); | |
395 | BIO_free(in); | |
396 | return key; | |
397 | } | |
398 | ||
399 | static EVP_PKEY *ossltest_load_privkey(ENGINE *eng, const char *key_id, | |
400 | UI_METHOD *ui_method, void *ui_data) | |
401 | { | |
402 | return load_key(eng, key_id, 0, ui_method, ui_data); | |
403 | } | |
404 | ||
405 | static EVP_PKEY *ossltest_load_pubkey(ENGINE *eng, const char *key_id, | |
406 | UI_METHOD *ui_method, void *ui_data) | |
407 | { | |
408 | return load_key(eng, key_id, 1, ui_method, ui_data); | |
409 | } | |
410 | ||
411 | ||
2d5d70b1 MC |
412 | static int bind_ossltest(ENGINE *e) |
413 | { | |
414 | /* Ensure the ossltest error handling is set up */ | |
415 | ERR_load_OSSLTEST_strings(); | |
416 | ||
417 | if (!ENGINE_set_id(e, engine_ossltest_id) | |
418 | || !ENGINE_set_name(e, engine_ossltest_name) | |
419 | || !ENGINE_set_digests(e, ossltest_digests) | |
420 | || !ENGINE_set_ciphers(e, ossltest_ciphers) | |
c57c32a8 | 421 | || !ENGINE_set_RAND(e, ossltest_rand_method()) |
2d5d70b1 | 422 | || !ENGINE_set_destroy_function(e, ossltest_destroy) |
0a3b330c RL |
423 | || !ENGINE_set_load_privkey_function(e, ossltest_load_privkey) |
424 | || !ENGINE_set_load_pubkey_function(e, ossltest_load_pubkey) | |
2d5d70b1 MC |
425 | || !ENGINE_set_init_function(e, ossltest_init) |
426 | || !ENGINE_set_finish_function(e, ossltest_finish)) { | |
427 | OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED); | |
428 | return 0; | |
429 | } | |
430 | ||
431 | return 1; | |
432 | } | |
433 | ||
c0cbb4c1 | 434 | #ifndef OPENSSL_NO_DYNAMIC_ENGINE |
2d5d70b1 MC |
435 | static int bind_helper(ENGINE *e, const char *id) |
436 | { | |
437 | if (id && (strcmp(id, engine_ossltest_id) != 0)) | |
438 | return 0; | |
439 | if (!bind_ossltest(e)) | |
440 | return 0; | |
441 | return 1; | |
442 | } | |
443 | ||
444 | IMPLEMENT_DYNAMIC_CHECK_FN() | |
445 | IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) | |
c0cbb4c1 RL |
446 | #endif |
447 | ||
2d5d70b1 MC |
448 | static ENGINE *engine_ossltest(void) |
449 | { | |
450 | ENGINE *ret = ENGINE_new(); | |
55646005 | 451 | if (ret == NULL) |
2d5d70b1 MC |
452 | return NULL; |
453 | if (!bind_ossltest(ret)) { | |
454 | ENGINE_free(ret); | |
455 | return NULL; | |
456 | } | |
457 | return ret; | |
458 | } | |
459 | ||
460 | void ENGINE_load_ossltest(void) | |
461 | { | |
462 | /* Copied from eng_[openssl|dyn].c */ | |
463 | ENGINE *toadd = engine_ossltest(); | |
464 | if (!toadd) | |
465 | return; | |
466 | ENGINE_add(toadd); | |
467 | ENGINE_free(toadd); | |
468 | ERR_clear_error(); | |
469 | } | |
2d5d70b1 MC |
470 | |
471 | ||
472 | static int ossltest_init(ENGINE *e) | |
473 | { | |
474 | return 1; | |
475 | } | |
476 | ||
477 | ||
478 | static int ossltest_finish(ENGINE *e) | |
479 | { | |
480 | return 1; | |
481 | } | |
482 | ||
483 | ||
484 | static int ossltest_destroy(ENGINE *e) | |
485 | { | |
cddcea8c | 486 | destroy_digests(); |
39e8d0ce | 487 | destroy_ciphers(); |
2d5d70b1 MC |
488 | ERR_unload_OSSLTEST_strings(); |
489 | return 1; | |
490 | } | |
491 | ||
492 | static int ossltest_digests(ENGINE *e, const EVP_MD **digest, | |
493 | const int **nids, int nid) | |
494 | { | |
495 | int ok = 1; | |
496 | if (!digest) { | |
497 | /* We are returning a list of supported nids */ | |
cddcea8c | 498 | return ossltest_digest_nids(nids); |
2d5d70b1 MC |
499 | } |
500 | /* We are being asked for a specific digest */ | |
501 | switch (nid) { | |
502 | case NID_md5: | |
cddcea8c | 503 | *digest = digest_md5(); |
2d5d70b1 MC |
504 | break; |
505 | case NID_sha1: | |
cddcea8c | 506 | *digest = digest_sha1(); |
2d5d70b1 MC |
507 | break; |
508 | case NID_sha256: | |
cddcea8c | 509 | *digest = digest_sha256(); |
2d5d70b1 MC |
510 | break; |
511 | case NID_sha384: | |
cddcea8c | 512 | *digest = digest_sha384(); |
2d5d70b1 MC |
513 | break; |
514 | case NID_sha512: | |
cddcea8c | 515 | *digest = digest_sha512(); |
2d5d70b1 MC |
516 | break; |
517 | default: | |
518 | ok = 0; | |
519 | *digest = NULL; | |
520 | break; | |
521 | } | |
522 | return ok; | |
523 | } | |
524 | ||
525 | static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
526 | const int **nids, int nid) | |
527 | { | |
528 | int ok = 1; | |
529 | if (!cipher) { | |
530 | /* We are returning a list of supported nids */ | |
531 | *nids = ossltest_cipher_nids; | |
532 | return (sizeof(ossltest_cipher_nids) - 1) | |
533 | / sizeof(ossltest_cipher_nids[0]); | |
534 | } | |
535 | /* We are being asked for a specific cipher */ | |
536 | switch (nid) { | |
537 | case NID_aes_128_cbc: | |
39e8d0ce | 538 | *cipher = ossltest_aes_128_cbc(); |
2d5d70b1 | 539 | break; |
aad22ba2 MC |
540 | case NID_aes_128_gcm: |
541 | *cipher = ossltest_aes_128_gcm(); | |
542 | break; | |
64da15c4 BE |
543 | case NID_aes_128_cbc_hmac_sha1: |
544 | *cipher = ossltest_aes_128_cbc_hmac_sha1(); | |
545 | break; | |
2d5d70b1 MC |
546 | default: |
547 | ok = 0; | |
548 | *cipher = NULL; | |
549 | break; | |
550 | } | |
551 | return ok; | |
552 | } | |
553 | ||
554 | static void fill_known_data(unsigned char *md, unsigned int len) | |
555 | { | |
556 | unsigned int i; | |
557 | ||
558 | for (i=0; i<len; i++) { | |
559 | md[i] = (unsigned char)(i & 0xff); | |
560 | } | |
561 | } | |
562 | ||
563 | /* | |
564 | * MD5 implementation. We go through the motions of doing MD5 by deferring to | |
565 | * the standard implementation. Then we overwrite the result with a will defined | |
566 | * value, so that all "MD5" digests using the test engine always end up with | |
567 | * the same value. | |
568 | */ | |
2d5d70b1 MC |
569 | static int digest_md5_init(EVP_MD_CTX *ctx) |
570 | { | |
85d843c8 | 571 | return EVP_MD_meth_get_init(EVP_md5())(ctx); |
2d5d70b1 MC |
572 | } |
573 | ||
574 | static int digest_md5_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 575 | size_t count) |
2d5d70b1 | 576 | { |
85d843c8 | 577 | return EVP_MD_meth_get_update(EVP_md5())(ctx, data, count); |
2d5d70b1 MC |
578 | } |
579 | ||
580 | static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md) | |
581 | { | |
85d843c8 | 582 | int ret = EVP_MD_meth_get_final(EVP_md5())(ctx, md); |
2d5d70b1 MC |
583 | |
584 | if (ret > 0) { | |
585 | fill_known_data(md, MD5_DIGEST_LENGTH); | |
586 | } | |
587 | return ret; | |
588 | } | |
589 | ||
590 | /* | |
591 | * SHA1 implementation. | |
592 | */ | |
2d5d70b1 MC |
593 | static int digest_sha1_init(EVP_MD_CTX *ctx) |
594 | { | |
85d843c8 | 595 | return EVP_MD_meth_get_init(EVP_sha1())(ctx); |
2d5d70b1 MC |
596 | } |
597 | ||
598 | static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 599 | size_t count) |
2d5d70b1 | 600 | { |
85d843c8 | 601 | return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count); |
2d5d70b1 MC |
602 | } |
603 | ||
604 | static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) | |
605 | { | |
85d843c8 | 606 | int ret = EVP_MD_meth_get_final(EVP_sha1())(ctx, md); |
2d5d70b1 MC |
607 | |
608 | if (ret > 0) { | |
609 | fill_known_data(md, SHA_DIGEST_LENGTH); | |
610 | } | |
611 | return ret; | |
612 | } | |
613 | ||
614 | /* | |
615 | * SHA256 implementation. | |
616 | */ | |
2d5d70b1 MC |
617 | static int digest_sha256_init(EVP_MD_CTX *ctx) |
618 | { | |
85d843c8 | 619 | return EVP_MD_meth_get_init(EVP_sha256())(ctx); |
2d5d70b1 MC |
620 | } |
621 | ||
622 | static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data, | |
16a9542a | 623 | size_t count) |
2d5d70b1 | 624 | { |
85d843c8 | 625 | return EVP_MD_meth_get_update(EVP_sha256())(ctx, data, count); |
2d5d70b1 MC |
626 | } |
627 | ||
628 | static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) | |
629 | { | |
85d843c8 | 630 | int ret = EVP_MD_meth_get_final(EVP_sha256())(ctx, md); |
2d5d70b1 MC |
631 | |
632 | if (ret > 0) { | |
633 | fill_known_data(md, SHA256_DIGEST_LENGTH); | |
634 | } | |
635 | return ret; | |
636 | } | |
637 | ||
638 | /* | |
85d843c8 | 639 | * SHA384 implementation. |
2d5d70b1 | 640 | */ |
2d5d70b1 MC |
641 | static int digest_sha384_init(EVP_MD_CTX *ctx) |
642 | { | |
85d843c8 | 643 | return EVP_MD_meth_get_init(EVP_sha384())(ctx); |
2d5d70b1 MC |
644 | } |
645 | ||
85d843c8 | 646 | static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data, |
16a9542a | 647 | size_t count) |
2d5d70b1 | 648 | { |
85d843c8 | 649 | return EVP_MD_meth_get_update(EVP_sha384())(ctx, data, count); |
2d5d70b1 MC |
650 | } |
651 | ||
652 | static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md) | |
653 | { | |
85d843c8 | 654 | int ret = EVP_MD_meth_get_final(EVP_sha384())(ctx, md); |
2d5d70b1 MC |
655 | |
656 | if (ret > 0) { | |
657 | fill_known_data(md, SHA384_DIGEST_LENGTH); | |
658 | } | |
659 | return ret; | |
660 | } | |
661 | ||
85d843c8 P |
662 | /* |
663 | * SHA512 implementation. | |
664 | */ | |
665 | static int digest_sha512_init(EVP_MD_CTX *ctx) | |
666 | { | |
667 | return EVP_MD_meth_get_init(EVP_sha512())(ctx); | |
668 | } | |
669 | ||
670 | static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, | |
671 | size_t count) | |
672 | { | |
673 | return EVP_MD_meth_get_update(EVP_sha512())(ctx, data, count); | |
674 | } | |
675 | ||
2d5d70b1 MC |
676 | static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md) |
677 | { | |
85d843c8 | 678 | int ret = EVP_MD_meth_get_final(EVP_sha512())(ctx, md); |
2d5d70b1 MC |
679 | |
680 | if (ret > 0) { | |
681 | fill_known_data(md, SHA512_DIGEST_LENGTH); | |
682 | } | |
683 | return ret; | |
684 | } | |
685 | ||
686 | /* | |
687 | * AES128 Implementation | |
688 | */ | |
689 | ||
64da15c4 BE |
690 | static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, |
691 | const unsigned char *key, | |
692 | const unsigned char *iv, int enc) | |
2d5d70b1 | 693 | { |
39e8d0ce | 694 | return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc); |
2d5d70b1 MC |
695 | } |
696 | ||
64da15c4 BE |
697 | static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
698 | const unsigned char *in, size_t inl) | |
2d5d70b1 MC |
699 | { |
700 | unsigned char *tmpbuf; | |
701 | int ret; | |
702 | ||
703 | tmpbuf = OPENSSL_malloc(inl); | |
04e3bb04 MC |
704 | |
705 | /* OPENSSL_malloc will return NULL if inl == 0 */ | |
706 | if (tmpbuf == NULL && inl > 0) | |
2d5d70b1 MC |
707 | return -1; |
708 | ||
709 | /* Remember what we were asked to encrypt */ | |
04e3bb04 MC |
710 | if (tmpbuf != NULL) |
711 | memcpy(tmpbuf, in, inl); | |
2d5d70b1 MC |
712 | |
713 | /* Go through the motions of encrypting it */ | |
39e8d0ce | 714 | ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl); |
2d5d70b1 MC |
715 | |
716 | /* Throw it all away and just use the plaintext as the output */ | |
04e3bb04 MC |
717 | if (tmpbuf != NULL) |
718 | memcpy(out, tmpbuf, inl); | |
2d5d70b1 MC |
719 | OPENSSL_free(tmpbuf); |
720 | ||
721 | return ret; | |
722 | } | |
aad22ba2 | 723 | |
64da15c4 BE |
724 | static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, |
725 | const unsigned char *key, | |
726 | const unsigned char *iv, int enc) | |
aad22ba2 MC |
727 | { |
728 | return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc); | |
729 | } | |
730 | ||
64da15c4 BE |
731 | static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
732 | const unsigned char *in, size_t inl) | |
aad22ba2 | 733 | { |
bebc0c7d | 734 | unsigned char *tmpbuf = OPENSSL_malloc(inl); |
aad22ba2 | 735 | |
6606d600 | 736 | /* OPENSSL_malloc will return NULL if inl == 0 */ |
bebc0c7d | 737 | if (tmpbuf == NULL && inl > 0) |
aad22ba2 MC |
738 | return -1; |
739 | ||
740 | /* Remember what we were asked to encrypt */ | |
04e3bb04 MC |
741 | if (tmpbuf != NULL) |
742 | memcpy(tmpbuf, in, inl); | |
aad22ba2 MC |
743 | |
744 | /* Go through the motions of encrypting it */ | |
745 | EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl); | |
746 | ||
6606d600 | 747 | /* Throw it all away and just use the plaintext as the output */ |
3295d242 | 748 | if (tmpbuf != NULL && out != NULL) |
04e3bb04 | 749 | memcpy(out, tmpbuf, inl); |
aad22ba2 MC |
750 | OPENSSL_free(tmpbuf); |
751 | ||
bebc0c7d | 752 | return inl; |
aad22ba2 MC |
753 | } |
754 | ||
755 | static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | |
756 | void *ptr) | |
757 | { | |
aad22ba2 | 758 | /* Pass the ctrl down */ |
6606d600 | 759 | int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr); |
bebc0c7d MC |
760 | |
761 | if (ret <= 0) | |
762 | return ret; | |
763 | ||
1287dabd | 764 | switch (type) { |
bebc0c7d MC |
765 | case EVP_CTRL_AEAD_GET_TAG: |
766 | /* Always give the same tag */ | |
767 | memset(ptr, 0, EVP_GCM_TLS_TAG_LEN); | |
768 | break; | |
769 | ||
770 | default: | |
771 | break; | |
772 | } | |
773 | ||
774 | return 1; | |
aad22ba2 | 775 | } |
c57c32a8 | 776 | |
64da15c4 BE |
777 | #define NO_PAYLOAD_LENGTH ((size_t)-1) |
778 | # define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) | |
779 | ||
780 | static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, | |
781 | const unsigned char *inkey, | |
782 | const unsigned char *iv, | |
783 | int enc) | |
784 | { | |
785 | EVP_AES_HMAC_SHA1 *key = data(ctx); | |
786 | key->payload_length = NO_PAYLOAD_LENGTH; | |
787 | return 1; | |
788 | } | |
789 | ||
790 | static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, | |
791 | unsigned char *out, | |
792 | const unsigned char *in, | |
793 | size_t len) | |
794 | { | |
795 | EVP_AES_HMAC_SHA1 *key = data(ctx); | |
796 | unsigned int l; | |
797 | size_t plen = key->payload_length; | |
798 | ||
799 | key->payload_length = NO_PAYLOAD_LENGTH; | |
800 | ||
801 | if (len % AES_BLOCK_SIZE) | |
802 | return 0; | |
803 | ||
804 | if (EVP_CIPHER_CTX_is_encrypting(ctx)) { | |
805 | if (plen == NO_PAYLOAD_LENGTH) | |
806 | plen = len; | |
807 | else if (len != | |
808 | ((plen + SHA_DIGEST_LENGTH + | |
809 | AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) | |
810 | return 0; | |
811 | ||
812 | memmove(out, in, plen); | |
813 | ||
814 | if (plen != len) { /* "TLS" mode of operation */ | |
815 | /* calculate HMAC and append it to payload */ | |
816 | fill_known_data(out + plen, SHA_DIGEST_LENGTH); | |
817 | ||
818 | /* pad the payload|hmac */ | |
819 | plen += SHA_DIGEST_LENGTH; | |
820 | for (l = len - plen - 1; plen < len; plen++) | |
821 | out[plen] = l; | |
822 | } | |
823 | } else { | |
824 | /* decrypt HMAC|padding at once */ | |
825 | memmove(out, in, len); | |
826 | ||
827 | if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ | |
828 | unsigned int maxpad, pad; | |
829 | ||
830 | if (key->tls_ver >= TLS1_1_VERSION) { | |
831 | if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1)) | |
832 | return 0; | |
833 | ||
834 | /* omit explicit iv */ | |
835 | in += AES_BLOCK_SIZE; | |
836 | out += AES_BLOCK_SIZE; | |
837 | len -= AES_BLOCK_SIZE; | |
838 | } else if (len < (SHA_DIGEST_LENGTH + 1)) | |
839 | return 0; | |
840 | ||
841 | /* figure out payload length */ | |
842 | pad = out[len - 1]; | |
843 | maxpad = len - (SHA_DIGEST_LENGTH + 1); | |
844 | if (pad > maxpad) | |
845 | return 0; | |
846 | for (plen = len - pad - 1; plen < len; plen++) | |
847 | if (out[plen] != pad) | |
848 | return 0; | |
849 | } | |
850 | } | |
851 | ||
852 | return 1; | |
853 | } | |
854 | ||
855 | static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | |
856 | int arg, void *ptr) | |
857 | { | |
858 | EVP_AES_HMAC_SHA1 *key = data(ctx); | |
859 | ||
860 | switch (type) { | |
861 | case EVP_CTRL_AEAD_SET_MAC_KEY: | |
862 | return 1; | |
863 | ||
864 | case EVP_CTRL_AEAD_TLS1_AAD: | |
865 | { | |
866 | unsigned char *p = ptr; | |
867 | unsigned int len; | |
868 | ||
869 | if (arg != EVP_AEAD_TLS1_AAD_LEN) | |
870 | return -1; | |
871 | ||
872 | len = p[arg - 2] << 8 | p[arg - 1]; | |
873 | key->tls_ver = p[arg - 4] << 8 | p[arg - 3]; | |
874 | ||
875 | if (EVP_CIPHER_CTX_is_encrypting(ctx)) { | |
876 | key->payload_length = len; | |
877 | if (key->tls_ver >= TLS1_1_VERSION) { | |
878 | if (len < AES_BLOCK_SIZE) | |
879 | return 0; | |
880 | len -= AES_BLOCK_SIZE; | |
881 | p[arg - 2] = len >> 8; | |
882 | p[arg - 1] = len; | |
883 | } | |
884 | ||
885 | return (int)(((len + SHA_DIGEST_LENGTH + | |
886 | AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) | |
887 | - len); | |
888 | } else { | |
889 | key->payload_length = arg; | |
890 | ||
891 | return SHA_DIGEST_LENGTH; | |
892 | } | |
893 | } | |
894 | default: | |
895 | return -1; | |
896 | } | |
897 | } | |
898 | ||
c57c32a8 DSH |
899 | static int ossltest_rand_bytes(unsigned char *buf, int num) |
900 | { | |
901 | unsigned char val = 1; | |
902 | ||
903 | while (--num >= 0) | |
904 | *buf++ = val++; | |
905 | return 1; | |
906 | } | |
907 | ||
908 | static int ossltest_rand_status(void) | |
909 | { | |
910 | return 1; | |
911 | } | |
912 | ||
913 | static const RAND_METHOD *ossltest_rand_method(void) | |
914 | { | |
915 | ||
916 | static RAND_METHOD osslt_rand_meth = { | |
917 | NULL, | |
918 | ossltest_rand_bytes, | |
919 | NULL, | |
920 | NULL, | |
921 | ossltest_rand_bytes, | |
922 | ossltest_rand_status | |
923 | }; | |
924 | ||
925 | return &osslt_rand_meth; | |
926 | } |