2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * This is the OSSLTEST engine. It provides deliberately crippled digest
12 * implementations for test purposes. It is highly insecure and must NOT be
13 * used for any purpose except testing
19 #include <openssl/engine.h>
20 #include <openssl/sha.h>
21 #include <openssl/md5.h>
22 #include <openssl/rsa.h>
23 #include <openssl/evp.h>
24 #include <openssl/modes.h>
25 #include <openssl/aes.h>
26 #include <openssl/rand.h>
27 #include <openssl/crypto.h>
29 #include "e_ossltest_err.c"
31 /* Engine Id and Name */
32 static const char *engine_ossltest_id
= "ossltest";
33 static const char *engine_ossltest_name
= "OpenSSL Test engine support";
36 /* Engine Lifetime functions */
37 static int ossltest_destroy(ENGINE
*e
);
38 static int ossltest_init(ENGINE
*e
);
39 static int ossltest_finish(ENGINE
*e
);
40 void ENGINE_load_ossltest(void);
44 static int ossltest_digests(ENGINE
*e
, const EVP_MD
**digest
,
45 const int **nids
, int nid
);
46 static const RAND_METHOD
*ossltest_rand_method(void);
49 static int digest_md5_init(EVP_MD_CTX
*ctx
);
50 static int digest_md5_update(EVP_MD_CTX
*ctx
, const void *data
,
52 static int digest_md5_final(EVP_MD_CTX
*ctx
, unsigned char *md
);
54 static EVP_MD
*_hidden_md5_md
= NULL
;
55 static const EVP_MD
*digest_md5(void)
57 if (_hidden_md5_md
== NULL
) {
60 if ((md
= EVP_MD_meth_new(NID_md5
, NID_md5WithRSAEncryption
)) == NULL
61 || !EVP_MD_meth_set_result_size(md
, MD5_DIGEST_LENGTH
)
62 || !EVP_MD_meth_set_input_blocksize(md
, MD5_CBLOCK
)
63 || !EVP_MD_meth_set_app_datasize(md
,
64 sizeof(EVP_MD
*) + sizeof(MD5_CTX
))
65 || !EVP_MD_meth_set_flags(md
, 0)
66 || !EVP_MD_meth_set_init(md
, digest_md5_init
)
67 || !EVP_MD_meth_set_update(md
, digest_md5_update
)
68 || !EVP_MD_meth_set_final(md
, digest_md5_final
)) {
74 return _hidden_md5_md
;
78 static int digest_sha1_init(EVP_MD_CTX
*ctx
);
79 static int digest_sha1_update(EVP_MD_CTX
*ctx
, const void *data
,
81 static int digest_sha1_final(EVP_MD_CTX
*ctx
, unsigned char *md
);
83 static EVP_MD
*_hidden_sha1_md
= NULL
;
84 static const EVP_MD
*digest_sha1(void)
86 if (_hidden_sha1_md
== NULL
) {
89 if ((md
= EVP_MD_meth_new(NID_sha1
, NID_sha1WithRSAEncryption
)) == NULL
90 || !EVP_MD_meth_set_result_size(md
, SHA_DIGEST_LENGTH
)
91 || !EVP_MD_meth_set_input_blocksize(md
, SHA_CBLOCK
)
92 || !EVP_MD_meth_set_app_datasize(md
,
93 sizeof(EVP_MD
*) + sizeof(SHA_CTX
))
94 || !EVP_MD_meth_set_flags(md
, EVP_MD_FLAG_DIGALGID_ABSENT
)
95 || !EVP_MD_meth_set_init(md
, digest_sha1_init
)
96 || !EVP_MD_meth_set_update(md
, digest_sha1_update
)
97 || !EVP_MD_meth_set_final(md
, digest_sha1_final
)) {
101 _hidden_sha1_md
= md
;
103 return _hidden_sha1_md
;
107 static int digest_sha256_init(EVP_MD_CTX
*ctx
);
108 static int digest_sha256_update(EVP_MD_CTX
*ctx
, const void *data
,
110 static int digest_sha256_final(EVP_MD_CTX
*ctx
, unsigned char *md
);
112 static EVP_MD
*_hidden_sha256_md
= NULL
;
113 static const EVP_MD
*digest_sha256(void)
115 if (_hidden_sha256_md
== NULL
) {
118 if ((md
= EVP_MD_meth_new(NID_sha256
, NID_sha256WithRSAEncryption
)) == NULL
119 || !EVP_MD_meth_set_result_size(md
, SHA256_DIGEST_LENGTH
)
120 || !EVP_MD_meth_set_input_blocksize(md
, SHA256_CBLOCK
)
121 || !EVP_MD_meth_set_app_datasize(md
,
122 sizeof(EVP_MD
*) + sizeof(SHA256_CTX
))
123 || !EVP_MD_meth_set_flags(md
, EVP_MD_FLAG_DIGALGID_ABSENT
)
124 || !EVP_MD_meth_set_init(md
, digest_sha256_init
)
125 || !EVP_MD_meth_set_update(md
, digest_sha256_update
)
126 || !EVP_MD_meth_set_final(md
, digest_sha256_final
)) {
127 EVP_MD_meth_free(md
);
130 _hidden_sha256_md
= md
;
132 return _hidden_sha256_md
;
136 static int digest_sha384_init(EVP_MD_CTX
*ctx
);
137 static int digest_sha512_init(EVP_MD_CTX
*ctx
);
138 static int digest_sha512_update(EVP_MD_CTX
*ctx
, const void *data
,
140 static int digest_sha384_final(EVP_MD_CTX
*ctx
, unsigned char *md
);
141 static int digest_sha512_final(EVP_MD_CTX
*ctx
, unsigned char *md
);
143 static EVP_MD
*_hidden_sha384_md
= NULL
;
144 static const EVP_MD
*digest_sha384(void)
146 if (_hidden_sha384_md
== NULL
) {
149 if ((md
= EVP_MD_meth_new(NID_sha384
, NID_sha384WithRSAEncryption
)) == NULL
150 || !EVP_MD_meth_set_result_size(md
, SHA384_DIGEST_LENGTH
)
151 || !EVP_MD_meth_set_input_blocksize(md
, SHA512_CBLOCK
)
152 || !EVP_MD_meth_set_app_datasize(md
,
153 sizeof(EVP_MD
*) + sizeof(SHA512_CTX
))
154 || !EVP_MD_meth_set_flags(md
, EVP_MD_FLAG_DIGALGID_ABSENT
)
155 || !EVP_MD_meth_set_init(md
, digest_sha384_init
)
156 || !EVP_MD_meth_set_update(md
, digest_sha512_update
)
157 || !EVP_MD_meth_set_final(md
, digest_sha384_final
)) {
158 EVP_MD_meth_free(md
);
161 _hidden_sha384_md
= md
;
163 return _hidden_sha384_md
;
165 static EVP_MD
*_hidden_sha512_md
= NULL
;
166 static const EVP_MD
*digest_sha512(void)
168 if (_hidden_sha512_md
== NULL
) {
171 if ((md
= EVP_MD_meth_new(NID_sha512
, NID_sha512WithRSAEncryption
)) == NULL
172 || !EVP_MD_meth_set_result_size(md
, SHA512_DIGEST_LENGTH
)
173 || !EVP_MD_meth_set_input_blocksize(md
, SHA512_CBLOCK
)
174 || !EVP_MD_meth_set_app_datasize(md
,
175 sizeof(EVP_MD
*) + sizeof(SHA512_CTX
))
176 || !EVP_MD_meth_set_flags(md
, EVP_MD_FLAG_DIGALGID_ABSENT
)
177 || !EVP_MD_meth_set_init(md
, digest_sha512_init
)
178 || !EVP_MD_meth_set_update(md
, digest_sha512_update
)
179 || !EVP_MD_meth_set_final(md
, digest_sha512_final
)) {
180 EVP_MD_meth_free(md
);
183 _hidden_sha512_md
= md
;
185 return _hidden_sha512_md
;
187 static void destroy_digests(void)
189 EVP_MD_meth_free(_hidden_md5_md
);
190 _hidden_md5_md
= NULL
;
191 EVP_MD_meth_free(_hidden_sha1_md
);
192 _hidden_sha1_md
= NULL
;
193 EVP_MD_meth_free(_hidden_sha256_md
);
194 _hidden_sha256_md
= NULL
;
195 EVP_MD_meth_free(_hidden_sha384_md
);
196 _hidden_sha384_md
= NULL
;
197 EVP_MD_meth_free(_hidden_sha512_md
);
198 _hidden_sha512_md
= NULL
;
200 static int ossltest_digest_nids(const int **nids
)
202 static int digest_nids
[6] = { 0, 0, 0, 0, 0, 0 };
208 if ((md
= digest_md5()) != NULL
)
209 digest_nids
[pos
++] = EVP_MD_type(md
);
210 if ((md
= digest_sha1()) != NULL
)
211 digest_nids
[pos
++] = EVP_MD_type(md
);
212 if ((md
= digest_sha256()) != NULL
)
213 digest_nids
[pos
++] = EVP_MD_type(md
);
214 if ((md
= digest_sha384()) != NULL
)
215 digest_nids
[pos
++] = EVP_MD_type(md
);
216 if ((md
= digest_sha512()) != NULL
)
217 digest_nids
[pos
++] = EVP_MD_type(md
);
218 digest_nids
[pos
] = 0;
226 static int ossltest_ciphers(ENGINE
*, const EVP_CIPHER
**,
229 static int ossltest_cipher_nids
[] = {
230 NID_aes_128_cbc
, NID_aes_128_gcm
, 0
235 int ossltest_aes128_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
236 const unsigned char *iv
, int enc
);
237 int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
238 const unsigned char *in
, size_t inl
);
239 int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
240 const unsigned char *iv
, int enc
);
241 int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
242 const unsigned char *in
, size_t inl
);
243 static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX
*ctx
, int type
, int arg
,
246 static EVP_CIPHER
*_hidden_aes_128_cbc
= NULL
;
247 static const EVP_CIPHER
*ossltest_aes_128_cbc(void)
249 if (_hidden_aes_128_cbc
== NULL
250 && ((_hidden_aes_128_cbc
= EVP_CIPHER_meth_new(NID_aes_128_cbc
,
252 16 /* key len */)) == NULL
253 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc
,16)
254 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc
,
255 EVP_CIPH_FLAG_DEFAULT_ASN1
257 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc
,
258 ossltest_aes128_init_key
)
259 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc
,
260 ossltest_aes128_cbc_cipher
)
261 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc
,
262 EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
263 EVP_CIPHER_meth_free(_hidden_aes_128_cbc
);
264 _hidden_aes_128_cbc
= NULL
;
266 return _hidden_aes_128_cbc
;
268 static EVP_CIPHER
*_hidden_aes_128_gcm
= NULL
;
270 #define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
271 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
272 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
273 | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \
276 static const EVP_CIPHER
*ossltest_aes_128_gcm(void)
278 if (_hidden_aes_128_gcm
== NULL
279 && ((_hidden_aes_128_gcm
= EVP_CIPHER_meth_new(NID_aes_128_gcm
,
281 16 /* key len */)) == NULL
282 || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm
,12)
283 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm
, AES_GCM_FLAGS
)
284 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm
,
285 ossltest_aes128_gcm_init_key
)
286 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm
,
287 ossltest_aes128_gcm_cipher
)
288 || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm
,
289 ossltest_aes128_gcm_ctrl
)
290 || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm
,
291 EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
292 EVP_CIPHER_meth_free(_hidden_aes_128_gcm
);
293 _hidden_aes_128_gcm
= NULL
;
295 return _hidden_aes_128_gcm
;
298 static void destroy_ciphers(void)
300 EVP_CIPHER_meth_free(_hidden_aes_128_cbc
);
301 EVP_CIPHER_meth_free(_hidden_aes_128_gcm
);
302 _hidden_aes_128_cbc
= NULL
;
305 static int bind_ossltest(ENGINE
*e
)
307 /* Ensure the ossltest error handling is set up */
308 ERR_load_OSSLTEST_strings();
310 if (!ENGINE_set_id(e
, engine_ossltest_id
)
311 || !ENGINE_set_name(e
, engine_ossltest_name
)
312 || !ENGINE_set_digests(e
, ossltest_digests
)
313 || !ENGINE_set_ciphers(e
, ossltest_ciphers
)
314 || !ENGINE_set_RAND(e
, ossltest_rand_method())
315 || !ENGINE_set_destroy_function(e
, ossltest_destroy
)
316 || !ENGINE_set_init_function(e
, ossltest_init
)
317 || !ENGINE_set_finish_function(e
, ossltest_finish
)) {
318 OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST
, OSSLTEST_R_INIT_FAILED
);
325 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
326 static int bind_helper(ENGINE
*e
, const char *id
)
328 if (id
&& (strcmp(id
, engine_ossltest_id
) != 0))
330 if (!bind_ossltest(e
))
335 IMPLEMENT_DYNAMIC_CHECK_FN()
336 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper
)
339 static ENGINE
*engine_ossltest(void)
341 ENGINE
*ret
= ENGINE_new();
344 if (!bind_ossltest(ret
)) {
351 void ENGINE_load_ossltest(void)
353 /* Copied from eng_[openssl|dyn].c */
354 ENGINE
*toadd
= engine_ossltest();
363 static int ossltest_init(ENGINE
*e
)
369 static int ossltest_finish(ENGINE
*e
)
375 static int ossltest_destroy(ENGINE
*e
)
379 ERR_unload_OSSLTEST_strings();
383 static int ossltest_digests(ENGINE
*e
, const EVP_MD
**digest
,
384 const int **nids
, int nid
)
388 /* We are returning a list of supported nids */
389 return ossltest_digest_nids(nids
);
391 /* We are being asked for a specific digest */
394 *digest
= digest_md5();
397 *digest
= digest_sha1();
400 *digest
= digest_sha256();
403 *digest
= digest_sha384();
406 *digest
= digest_sha512();
416 static int ossltest_ciphers(ENGINE
*e
, const EVP_CIPHER
**cipher
,
417 const int **nids
, int nid
)
421 /* We are returning a list of supported nids */
422 *nids
= ossltest_cipher_nids
;
423 return (sizeof(ossltest_cipher_nids
) - 1)
424 / sizeof(ossltest_cipher_nids
[0]);
426 /* We are being asked for a specific cipher */
428 case NID_aes_128_cbc
:
429 *cipher
= ossltest_aes_128_cbc();
431 case NID_aes_128_gcm
:
432 *cipher
= ossltest_aes_128_gcm();
442 static void fill_known_data(unsigned char *md
, unsigned int len
)
446 for (i
=0; i
<len
; i
++) {
447 md
[i
] = (unsigned char)(i
& 0xff);
452 * MD5 implementation. We go through the motions of doing MD5 by deferring to
453 * the standard implementation. Then we overwrite the result with a will defined
454 * value, so that all "MD5" digests using the test engine always end up with
458 #define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
459 static int digest_md5_init(EVP_MD_CTX
*ctx
)
461 return MD5_Init(data(ctx
));
464 static int digest_md5_update(EVP_MD_CTX
*ctx
, const void *data
,
467 return MD5_Update(data(ctx
), data
, (size_t)count
);
470 static int digest_md5_final(EVP_MD_CTX
*ctx
, unsigned char *md
)
473 ret
= MD5_Final(md
, data(ctx
));
476 fill_known_data(md
, MD5_DIGEST_LENGTH
);
482 * SHA1 implementation.
485 #define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
486 static int digest_sha1_init(EVP_MD_CTX
*ctx
)
488 return SHA1_Init(data(ctx
));
491 static int digest_sha1_update(EVP_MD_CTX
*ctx
, const void *data
,
494 return SHA1_Update(data(ctx
), data
, (size_t)count
);
497 static int digest_sha1_final(EVP_MD_CTX
*ctx
, unsigned char *md
)
500 ret
= SHA1_Final(md
, data(ctx
));
503 fill_known_data(md
, SHA_DIGEST_LENGTH
);
509 * SHA256 implementation.
512 #define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
513 static int digest_sha256_init(EVP_MD_CTX
*ctx
)
515 return SHA256_Init(data(ctx
));
518 static int digest_sha256_update(EVP_MD_CTX
*ctx
, const void *data
,
521 return SHA256_Update(data(ctx
), data
, (size_t)count
);
524 static int digest_sha256_final(EVP_MD_CTX
*ctx
, unsigned char *md
)
527 ret
= SHA256_Final(md
, data(ctx
));
530 fill_known_data(md
, SHA256_DIGEST_LENGTH
);
536 * SHA384/512 implementation.
539 #define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
540 static int digest_sha384_init(EVP_MD_CTX
*ctx
)
542 return SHA384_Init(data(ctx
));
545 static int digest_sha512_init(EVP_MD_CTX
*ctx
)
547 return SHA512_Init(data(ctx
));
550 static int digest_sha512_update(EVP_MD_CTX
*ctx
, const void *data
,
553 return SHA512_Update(data(ctx
), data
, (size_t)count
);
556 static int digest_sha384_final(EVP_MD_CTX
*ctx
, unsigned char *md
)
559 /* Actually uses SHA512_Final! */
560 ret
= SHA512_Final(md
, data(ctx
));
563 fill_known_data(md
, SHA384_DIGEST_LENGTH
);
568 static int digest_sha512_final(EVP_MD_CTX
*ctx
, unsigned char *md
)
571 ret
= SHA512_Final(md
, data(ctx
));
574 fill_known_data(md
, SHA512_DIGEST_LENGTH
);
580 * AES128 Implementation
583 int ossltest_aes128_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
584 const unsigned char *iv
, int enc
)
586 return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx
, key
, iv
, enc
);
589 int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
590 const unsigned char *in
, size_t inl
)
592 unsigned char *tmpbuf
;
595 tmpbuf
= OPENSSL_malloc(inl
);
597 /* OPENSSL_malloc will return NULL if inl == 0 */
598 if (tmpbuf
== NULL
&& inl
> 0)
601 /* Remember what we were asked to encrypt */
603 memcpy(tmpbuf
, in
, inl
);
605 /* Go through the motions of encrypting it */
606 ret
= EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx
, out
, in
, inl
);
608 /* Throw it all away and just use the plaintext as the output */
610 memcpy(out
, tmpbuf
, inl
);
611 OPENSSL_free(tmpbuf
);
616 int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
617 const unsigned char *iv
, int enc
)
619 return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx
, key
, iv
, enc
);
623 int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
624 const unsigned char *in
, size_t inl
)
626 unsigned char *tmpbuf
= OPENSSL_malloc(inl
);
628 /* OPENSSL_malloc will return NULL if inl == 0 */
629 if (tmpbuf
== NULL
&& inl
> 0)
632 /* Remember what we were asked to encrypt */
634 memcpy(tmpbuf
, in
, inl
);
636 /* Go through the motions of encrypting it */
637 EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx
, out
, in
, inl
);
639 /* Throw it all away and just use the plaintext as the output */
640 if (tmpbuf
!= NULL
&& out
!= NULL
)
641 memcpy(out
, tmpbuf
, inl
);
642 OPENSSL_free(tmpbuf
);
647 static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX
*ctx
, int type
, int arg
,
650 /* Pass the ctrl down */
651 int ret
= EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx
, type
, arg
, ptr
);
657 case EVP_CTRL_AEAD_GET_TAG
:
658 /* Always give the same tag */
659 memset(ptr
, 0, EVP_GCM_TLS_TAG_LEN
);
669 static int ossltest_rand_bytes(unsigned char *buf
, int num
)
671 unsigned char val
= 1;
678 static int ossltest_rand_status(void)
683 static const RAND_METHOD
*ossltest_rand_method(void)
686 static RAND_METHOD osslt_rand_meth
= {
695 return &osslt_rand_meth
;