e_ossltest.c@ 94082

Last change on this file since 94082 was 94082, checked in by vboxsync, 3 years ago
libs/openssl-3.0.1: started applying and adjusting our OpenSSL changes to 3.0.1. bugref:10128
File size: 28.8 KB

Line
1	/*
2	* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* This is the OSSLTEST engine. It provides deliberately crippled digest
12	* implementations for test purposes. It is highly insecure and must NOT be
13	* used for any purpose except testing
14	*/
15
16	/* We need to use some engine deprecated APIs */
17	#define OPENSSL_SUPPRESS_DEPRECATED
18
19	/*
20	* SHA low level APIs are deprecated for public use, but still ok for
21	* internal use. Note, that due to symbols not being exported, only the
22	* #defines and type definitions can be accessed, function calls are not
23	* available. The digest lengths, block sizes and sizeof(CTX) are used herein
24	* for several different digests.
25	*/
26	#include "internal/deprecated.h"
27
28	#include <stdio.h>
29	#include <string.h>
30
31	#include <openssl/engine.h>
32	#include <openssl/sha.h>
33	#include <openssl/md5.h>
34	#include <openssl/rsa.h>
35	#include <openssl/evp.h>
36	#include <openssl/modes.h>
37	#include <openssl/aes.h>
38	#include <openssl/rand.h>
39	#include <openssl/crypto.h>
40	#include <openssl/pem.h>
41	#include <crypto/evp.h>
42
43	#include "e_ossltest_err.c"
44
45	#ifdef _WIN32
46	# define strncasecmp _strnicmp
47	#endif
48
49	/* Engine Id and Name */
50	static const char *engine_ossltest_id = "ossltest";
51	static const char *engine_ossltest_name = "OpenSSL Test engine support";
52
53
54	/* Engine Lifetime functions */
55	static int ossltest_destroy(ENGINE *e);
56	static int ossltest_init(ENGINE *e);
57	static int ossltest_finish(ENGINE *e);
58	void ENGINE_load_ossltest(void);
59
60
61	/* Set up digests */
62	static int ossltest_digests(ENGINE e, const EVP_MD *digest,
63	const int **nids, int nid);
64	static const RAND_METHOD *ossltest_rand_method(void);
65
66	/* MD5 */
67	static int digest_md5_init(EVP_MD_CTX *ctx);
68	static int digest_md5_update(EVP_MD_CTX ctx, const void data,
69	size_t count);
70	static int digest_md5_final(EVP_MD_CTX ctx, unsigned char md);
71
72	static EVP_MD *_hidden_md5_md = NULL;
73	static const EVP_MD *digest_md5(void)
74	{
75	if (_hidden_md5_md == NULL) {
76	EVP_MD *md;
77
78	if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
79	\|\| !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
80	\|\| !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
81	\|\| !EVP_MD_meth_set_app_datasize(md,
82	sizeof(EVP_MD *) + sizeof(MD5_CTX))
83	\|\| !EVP_MD_meth_set_flags(md, 0)
84	\|\| !EVP_MD_meth_set_init(md, digest_md5_init)
85	\|\| !EVP_MD_meth_set_update(md, digest_md5_update)
86	\|\| !EVP_MD_meth_set_final(md, digest_md5_final)) {
87	EVP_MD_meth_free(md);
88	md = NULL;
89	}
90	_hidden_md5_md = md;
91	}
92	return _hidden_md5_md;
93	}
94
95	/* SHA1 */
96	static int digest_sha1_init(EVP_MD_CTX *ctx);
97	static int digest_sha1_update(EVP_MD_CTX ctx, const void data,
98	size_t count);
99	static int digest_sha1_final(EVP_MD_CTX ctx, unsigned char md);
100
101	static EVP_MD *_hidden_sha1_md = NULL;
102	static const EVP_MD *digest_sha1(void)
103	{
104	if (_hidden_sha1_md == NULL) {
105	EVP_MD *md;
106
107	if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
108	\|\| !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
109	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
110	\|\| !EVP_MD_meth_set_app_datasize(md,
111	sizeof(EVP_MD *) + sizeof(SHA_CTX))
112	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
113	\|\| !EVP_MD_meth_set_init(md, digest_sha1_init)
114	\|\| !EVP_MD_meth_set_update(md, digest_sha1_update)
115	\|\| !EVP_MD_meth_set_final(md, digest_sha1_final)) {
116	EVP_MD_meth_free(md);
117	md = NULL;
118	}
119	_hidden_sha1_md = md;
120	}
121	return _hidden_sha1_md;
122	}
123
124	/* SHA256 */
125	static int digest_sha256_init(EVP_MD_CTX *ctx);
126	static int digest_sha256_update(EVP_MD_CTX ctx, const void data,
127	size_t count);
128	static int digest_sha256_final(EVP_MD_CTX ctx, unsigned char md);
129
130	static EVP_MD *_hidden_sha256_md = NULL;
131	static const EVP_MD *digest_sha256(void)
132	{
133	if (_hidden_sha256_md == NULL) {
134	EVP_MD *md;
135
136	if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
137	\|\| !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
138	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
139	\|\| !EVP_MD_meth_set_app_datasize(md,
140	sizeof(EVP_MD *) + sizeof(SHA256_CTX))
141	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
142	\|\| !EVP_MD_meth_set_init(md, digest_sha256_init)
143	\|\| !EVP_MD_meth_set_update(md, digest_sha256_update)
144	\|\| !EVP_MD_meth_set_final(md, digest_sha256_final)) {
145	EVP_MD_meth_free(md);
146	md = NULL;
147	}
148	_hidden_sha256_md = md;
149	}
150	return _hidden_sha256_md;
151	}
152
153	/* SHA384/SHA512 */
154	static int digest_sha384_init(EVP_MD_CTX *ctx);
155	static int digest_sha384_update(EVP_MD_CTX ctx, const void data,
156	size_t count);
157	static int digest_sha384_final(EVP_MD_CTX ctx, unsigned char md);
158
159	static int digest_sha512_init(EVP_MD_CTX *ctx);
160	static int digest_sha512_update(EVP_MD_CTX ctx, const void data,
161	size_t count);
162	static int digest_sha512_final(EVP_MD_CTX ctx, unsigned char md);
163
164	static EVP_MD *_hidden_sha384_md = NULL;
165	static const EVP_MD *digest_sha384(void)
166	{
167	if (_hidden_sha384_md == NULL) {
168	EVP_MD *md;
169
170	if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
171	\|\| !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
172	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
173	\|\| !EVP_MD_meth_set_app_datasize(md,
174	sizeof(EVP_MD *) + sizeof(SHA512_CTX))
175	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
176	\|\| !EVP_MD_meth_set_init(md, digest_sha384_init)
177	\|\| !EVP_MD_meth_set_update(md, digest_sha384_update)
178	\|\| !EVP_MD_meth_set_final(md, digest_sha384_final)) {
179	EVP_MD_meth_free(md);
180	md = NULL;
181	}
182	_hidden_sha384_md = md;
183	}
184	return _hidden_sha384_md;
185	}
186	static EVP_MD *_hidden_sha512_md = NULL;
187	static const EVP_MD *digest_sha512(void)
188	{
189	if (_hidden_sha512_md == NULL) {
190	EVP_MD *md;
191
192	if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
193	\|\| !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
194	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
195	\|\| !EVP_MD_meth_set_app_datasize(md,
196	sizeof(EVP_MD *) + sizeof(SHA512_CTX))
197	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
198	\|\| !EVP_MD_meth_set_init(md, digest_sha512_init)
199	\|\| !EVP_MD_meth_set_update(md, digest_sha512_update)
200	\|\| !EVP_MD_meth_set_final(md, digest_sha512_final)) {
201	EVP_MD_meth_free(md);
202	md = NULL;
203	}
204	_hidden_sha512_md = md;
205	}
206	return _hidden_sha512_md;
207	}
208	static void destroy_digests(void)
209	{
210	EVP_MD_meth_free(_hidden_md5_md);
211	_hidden_md5_md = NULL;
212	EVP_MD_meth_free(_hidden_sha1_md);
213	_hidden_sha1_md = NULL;
214	EVP_MD_meth_free(_hidden_sha256_md);
215	_hidden_sha256_md = NULL;
216	EVP_MD_meth_free(_hidden_sha384_md);
217	_hidden_sha384_md = NULL;
218	EVP_MD_meth_free(_hidden_sha512_md);
219	_hidden_sha512_md = NULL;
220	}
221	static int ossltest_digest_nids(const int **nids)
222	{
223	static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
224	static int pos = 0;
225	static int init = 0;
226
227	if (!init) {
228	const EVP_MD *md;
229	if ((md = digest_md5()) != NULL)
230	digest_nids[pos++] = EVP_MD_get_type(md);
231	if ((md = digest_sha1()) != NULL)
232	digest_nids[pos++] = EVP_MD_get_type(md);
233	if ((md = digest_sha256()) != NULL)
234	digest_nids[pos++] = EVP_MD_get_type(md);
235	if ((md = digest_sha384()) != NULL)
236	digest_nids[pos++] = EVP_MD_get_type(md);
237	if ((md = digest_sha512()) != NULL)
238	digest_nids[pos++] = EVP_MD_get_type(md);
239	digest_nids[pos] = 0;
240	init = 1;
241	}
242	*nids = digest_nids;
243	return pos;
244	}
245
246	/* Setup ciphers */
247	static int ossltest_ciphers(ENGINE , const EVP_CIPHER *,
248	const int **, int);
249
250	static int ossltest_cipher_nids[] = {
251	NID_aes_128_cbc, NID_aes_128_gcm,
252	NID_aes_128_cbc_hmac_sha1, 0
253	};
254
255	/* AES128 */
256
257	static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx,
258	const unsigned char *key,
259	const unsigned char *iv, int enc);
260	static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
261	const unsigned char *in, size_t inl);
262	static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx,
263	const unsigned char *key,
264	const unsigned char *iv, int enc);
265	static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
266	const unsigned char *in, size_t inl);
267	static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
268	void *ptr);
269	static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
270	const unsigned char *key,
271	const unsigned char *iv,
272	int enc);
273	static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
274	unsigned char *out,
275	const unsigned char *in,
276	size_t inl);
277	static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
278	int arg, void *ptr);
279
280	typedef struct {
281	size_t payload_length; /* AAD length in decrypt case */
282	unsigned int tls_ver;
283	} EVP_AES_HMAC_SHA1;
284
285	static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
286	static const EVP_CIPHER *ossltest_aes_128_cbc(void)
287	{
288	if (_hidden_aes_128_cbc == NULL
289	&& ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
290	16 /* block size */,
291	16 /* key len */)) == NULL
292	\|\| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
293	\|\| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
294	EVP_CIPH_FLAG_DEFAULT_ASN1
295	\| EVP_CIPH_CBC_MODE)
296	\|\| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
297	ossltest_aes128_init_key)
298	\|\| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
299	ossltest_aes128_cbc_cipher)
300	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
301	EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
302	EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
303	_hidden_aes_128_cbc = NULL;
304	}
305	return _hidden_aes_128_cbc;
306	}
307
308	static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
309
310	#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
311	\| EVP_CIPH_CUSTOM_IV \| EVP_CIPH_FLAG_CUSTOM_CIPHER \
312	\| EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_CTRL_INIT \
313	\| EVP_CIPH_CUSTOM_COPY \|EVP_CIPH_FLAG_AEAD_CIPHER \
314	\| EVP_CIPH_GCM_MODE)
315
316	static const EVP_CIPHER *ossltest_aes_128_gcm(void)
317	{
318	if (_hidden_aes_128_gcm == NULL
319	&& ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
320	1 /* block size */,
321	16 /* key len */)) == NULL
322	\|\| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
323	\|\| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
324	\|\| !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
325	ossltest_aes128_gcm_init_key)
326	\|\| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
327	ossltest_aes128_gcm_cipher)
328	\|\| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
329	ossltest_aes128_gcm_ctrl)
330	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
331	EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
332	EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
333	_hidden_aes_128_gcm = NULL;
334	}
335	return _hidden_aes_128_gcm;
336	}
337
338	static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
339
340	static const EVP_CIPHER *ossltest_aes_128_cbc_hmac_sha1(void)
341	{
342	if (_hidden_aes_128_cbc_hmac_sha1 == NULL
343	&& ((_hidden_aes_128_cbc_hmac_sha1
344	= EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1,
345	16 /* block size */,
346	16 /* key len */)) == NULL
347	\|\| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
348	\|\| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
349	EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_DEFAULT_ASN1 \|
350	EVP_CIPH_FLAG_AEAD_CIPHER)
351	\|\| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
352	ossltest_aes128_cbc_hmac_sha1_init_key)
353	\|\| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
354	ossltest_aes128_cbc_hmac_sha1_cipher)
355	\|\| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
356	ossltest_aes128_cbc_hmac_sha1_ctrl)
357	\|\| !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_128_cbc_hmac_sha1,
358	EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv)
359	\|\| !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_128_cbc_hmac_sha1,
360	EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv)
361	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
362	sizeof(EVP_AES_HMAC_SHA1)))) {
363	EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
364	_hidden_aes_128_cbc_hmac_sha1 = NULL;
365	}
366	return _hidden_aes_128_cbc_hmac_sha1;
367	}
368
369	static void destroy_ciphers(void)
370	{
371	EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
372	EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
373	EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
374	_hidden_aes_128_cbc = NULL;
375	_hidden_aes_128_gcm = NULL;
376	_hidden_aes_128_cbc_hmac_sha1 = NULL;
377	}
378
379	/* Key loading */
380	static EVP_PKEY load_key(ENGINE eng, const char *key_id, int pub,
381	UI_METHOD ui_method, void ui_data)
382	{
383	BIO *in;
384	EVP_PKEY *key;
385
386	if (strncasecmp(key_id, "ot:", 3) != 0)
387	return NULL;
388	key_id += 3;
389
390	fprintf(stderr, "[ossltest]Loading %s key %s\n",
391	pub ? "Public" : "Private", key_id);
392	in = BIO_new_file(key_id, "r");
393	if (!in)
394	return NULL;
395	if (pub)
396	key = PEM_read_bio_PUBKEY(in, NULL, 0, NULL);
397	else
398	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
399	BIO_free(in);
400	return key;
401	}
402
403	static EVP_PKEY ossltest_load_privkey(ENGINE eng, const char *key_id,
404	UI_METHOD ui_method, void ui_data)
405	{
406	return load_key(eng, key_id, 0, ui_method, ui_data);
407	}
408
409	static EVP_PKEY ossltest_load_pubkey(ENGINE eng, const char *key_id,
410	UI_METHOD ui_method, void ui_data)
411	{
412	return load_key(eng, key_id, 1, ui_method, ui_data);
413	}
414
415
416	static int bind_ossltest(ENGINE *e)
417	{
418	/* Ensure the ossltest error handling is set up */
419	ERR_load_OSSLTEST_strings();
420
421	if (!ENGINE_set_id(e, engine_ossltest_id)
422	\|\| !ENGINE_set_name(e, engine_ossltest_name)
423	\|\| !ENGINE_set_digests(e, ossltest_digests)
424	\|\| !ENGINE_set_ciphers(e, ossltest_ciphers)
425	\|\| !ENGINE_set_RAND(e, ossltest_rand_method())
426	\|\| !ENGINE_set_destroy_function(e, ossltest_destroy)
427	\|\| !ENGINE_set_load_privkey_function(e, ossltest_load_privkey)
428	\|\| !ENGINE_set_load_pubkey_function(e, ossltest_load_pubkey)
429	\|\| !ENGINE_set_init_function(e, ossltest_init)
430	\|\| !ENGINE_set_finish_function(e, ossltest_finish)) {
431	OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
432	return 0;
433	}
434
435	return 1;
436	}
437
438	#ifndef OPENSSL_NO_DYNAMIC_ENGINE
439	static int bind_helper(ENGINE e, const char id)
440	{
441	if (id && (strcmp(id, engine_ossltest_id) != 0))
442	return 0;
443	if (!bind_ossltest(e))
444	return 0;
445	return 1;
446	}
447
448	IMPLEMENT_DYNAMIC_CHECK_FN()
449	IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
450	#endif
451
452	static ENGINE *engine_ossltest(void)
453	{
454	ENGINE *ret = ENGINE_new();
455	if (ret == NULL)
456	return NULL;
457	if (!bind_ossltest(ret)) {
458	ENGINE_free(ret);
459	return NULL;
460	}
461	return ret;
462	}
463
464	void ENGINE_load_ossltest(void)
465	{
466	/* Copied from eng_[openssl\|dyn].c */
467	ENGINE *toadd = engine_ossltest();
468	if (!toadd)
469	return;
470	ENGINE_add(toadd);
471	ENGINE_free(toadd);
472	ERR_clear_error();
473	}
474
475
476	static int ossltest_init(ENGINE *e)
477	{
478	return 1;
479	}
480
481
482	static int ossltest_finish(ENGINE *e)
483	{
484	return 1;
485	}
486
487
488	static int ossltest_destroy(ENGINE *e)
489	{
490	destroy_digests();
491	destroy_ciphers();
492	ERR_unload_OSSLTEST_strings();
493	return 1;
494	}
495
496	static int ossltest_digests(ENGINE e, const EVP_MD *digest,
497	const int **nids, int nid)
498	{
499	int ok = 1;
500	if (!digest) {
501	/* We are returning a list of supported nids */
502	return ossltest_digest_nids(nids);
503	}
504	/* We are being asked for a specific digest */
505	switch (nid) {
506	case NID_md5:
507	*digest = digest_md5();
508	break;
509	case NID_sha1:
510	*digest = digest_sha1();
511	break;
512	case NID_sha256:
513	*digest = digest_sha256();
514	break;
515	case NID_sha384:
516	*digest = digest_sha384();
517	break;
518	case NID_sha512:
519	*digest = digest_sha512();
520	break;
521	default:
522	ok = 0;
523	*digest = NULL;
524	break;
525	}
526	return ok;
527	}
528
529	static int ossltest_ciphers(ENGINE e, const EVP_CIPHER *cipher,
530	const int **nids, int nid)
531	{
532	int ok = 1;
533	if (!cipher) {
534	/* We are returning a list of supported nids */
535	*nids = ossltest_cipher_nids;
536	return (sizeof(ossltest_cipher_nids) - 1)
537	/ sizeof(ossltest_cipher_nids[0]);
538	}
539	/* We are being asked for a specific cipher */
540	switch (nid) {
541	case NID_aes_128_cbc:
542	*cipher = ossltest_aes_128_cbc();
543	break;
544	case NID_aes_128_gcm:
545	*cipher = ossltest_aes_128_gcm();
546	break;
547	case NID_aes_128_cbc_hmac_sha1:
548	*cipher = ossltest_aes_128_cbc_hmac_sha1();
549	break;
550	default:
551	ok = 0;
552	*cipher = NULL;
553	break;
554	}
555	return ok;
556	}
557
558	static void fill_known_data(unsigned char *md, unsigned int len)
559	{
560	unsigned int i;
561
562	for (i=0; i<len; i++) {
563	md[i] = (unsigned char)(i & 0xff);
564	}
565	}
566
567	/*
568	* MD5 implementation. We go through the motions of doing MD5 by deferring to
569	* the standard implementation. Then we overwrite the result with a will defined
570	* value, so that all "MD5" digests using the test engine always end up with
571	* the same value.
572	*/
573	static int digest_md5_init(EVP_MD_CTX *ctx)
574	{
575	return EVP_MD_meth_get_init(EVP_md5())(ctx);
576	}
577
578	static int digest_md5_update(EVP_MD_CTX ctx, const void data,
579	size_t count)
580	{
581	return EVP_MD_meth_get_update(EVP_md5())(ctx, data, count);
582	}
583
584	static int digest_md5_final(EVP_MD_CTX ctx, unsigned char md)
585	{
586	int ret = EVP_MD_meth_get_final(EVP_md5())(ctx, md);
587
588	if (ret > 0) {
589	fill_known_data(md, MD5_DIGEST_LENGTH);
590	}
591	return ret;
592	}
593
594	/*
595	* SHA1 implementation.
596	*/
597	static int digest_sha1_init(EVP_MD_CTX *ctx)
598	{
599	return EVP_MD_meth_get_init(EVP_sha1())(ctx);
600	}
601
602	static int digest_sha1_update(EVP_MD_CTX ctx, const void data,
603	size_t count)
604	{
605	return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
606	}
607
608	static int digest_sha1_final(EVP_MD_CTX ctx, unsigned char md)
609	{
610	int ret = EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
611
612	if (ret > 0) {
613	fill_known_data(md, SHA_DIGEST_LENGTH);
614	}
615	return ret;
616	}
617
618	/*
619	* SHA256 implementation.
620	*/
621	static int digest_sha256_init(EVP_MD_CTX *ctx)
622	{
623	return EVP_MD_meth_get_init(EVP_sha256())(ctx);
624	}
625
626	static int digest_sha256_update(EVP_MD_CTX ctx, const void data,
627	size_t count)
628	{
629	return EVP_MD_meth_get_update(EVP_sha256())(ctx, data, count);
630	}
631
632	static int digest_sha256_final(EVP_MD_CTX ctx, unsigned char md)
633	{
634	int ret = EVP_MD_meth_get_final(EVP_sha256())(ctx, md);
635
636	if (ret > 0) {
637	fill_known_data(md, SHA256_DIGEST_LENGTH);
638	}
639	return ret;
640	}
641
642	/*
643	* SHA384 implementation.
644	*/
645	static int digest_sha384_init(EVP_MD_CTX *ctx)
646	{
647	return EVP_MD_meth_get_init(EVP_sha384())(ctx);
648	}
649
650	static int digest_sha384_update(EVP_MD_CTX ctx, const void data,
651	size_t count)
652	{
653	return EVP_MD_meth_get_update(EVP_sha384())(ctx, data, count);
654	}
655
656	static int digest_sha384_final(EVP_MD_CTX ctx, unsigned char md)
657	{
658	int ret = EVP_MD_meth_get_final(EVP_sha384())(ctx, md);
659
660	if (ret > 0) {
661	fill_known_data(md, SHA384_DIGEST_LENGTH);
662	}
663	return ret;
664	}
665
666	/*
667	* SHA512 implementation.
668	*/
669	static int digest_sha512_init(EVP_MD_CTX *ctx)
670	{
671	return EVP_MD_meth_get_init(EVP_sha512())(ctx);
672	}
673
674	static int digest_sha512_update(EVP_MD_CTX ctx, const void data,
675	size_t count)
676	{
677	return EVP_MD_meth_get_update(EVP_sha512())(ctx, data, count);
678	}
679
680	static int digest_sha512_final(EVP_MD_CTX ctx, unsigned char md)
681	{
682	int ret = EVP_MD_meth_get_final(EVP_sha512())(ctx, md);
683
684	if (ret > 0) {
685	fill_known_data(md, SHA512_DIGEST_LENGTH);
686	}
687	return ret;
688	}
689
690	/*
691	* AES128 Implementation
692	*/
693
694	static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx,
695	const unsigned char *key,
696	const unsigned char *iv, int enc)
697	{
698	return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
699	}
700
701	static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
702	const unsigned char *in, size_t inl)
703	{
704	unsigned char *tmpbuf;
705	int ret;
706
707	tmpbuf = OPENSSL_malloc(inl);
708
709	/* OPENSSL_malloc will return NULL if inl == 0 */
710	if (tmpbuf == NULL && inl > 0)
711	return -1;
712
713	/* Remember what we were asked to encrypt */
714	if (tmpbuf != NULL)
715	memcpy(tmpbuf, in, inl);
716
717	/* Go through the motions of encrypting it */
718	ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
719
720	/* Throw it all away and just use the plaintext as the output */
721	if (tmpbuf != NULL)
722	memcpy(out, tmpbuf, inl);
723	OPENSSL_free(tmpbuf);
724
725	return ret;
726	}
727
728	static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx,
729	const unsigned char *key,
730	const unsigned char *iv, int enc)
731	{
732	return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
733	}
734
735	static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
736	const unsigned char *in, size_t inl)
737	{
738	unsigned char *tmpbuf = OPENSSL_malloc(inl);
739
740	/* OPENSSL_malloc will return NULL if inl == 0 */
741	if (tmpbuf == NULL && inl > 0)
742	return -1;
743
744	/* Remember what we were asked to encrypt */
745	if (tmpbuf != NULL)
746	memcpy(tmpbuf, in, inl);
747
748	/* Go through the motions of encrypting it */
749	EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
750
751	/* Throw it all away and just use the plaintext as the output */
752	if (tmpbuf != NULL && out != NULL)
753	memcpy(out, tmpbuf, inl);
754	OPENSSL_free(tmpbuf);
755
756	return inl;
757	}
758
759	static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
760	void *ptr)
761	{
762	/* Pass the ctrl down */
763	int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
764
765	if (ret <= 0)
766	return ret;
767
768	switch(type) {
769	case EVP_CTRL_AEAD_GET_TAG:
770	/* Always give the same tag */
771	memset(ptr, 0, EVP_GCM_TLS_TAG_LEN);
772	break;
773
774	default:
775	break;
776	}
777
778	return 1;
779	}
780
781	#define NO_PAYLOAD_LENGTH ((size_t)-1)
782	# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
783
784	static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
785	const unsigned char *inkey,
786	const unsigned char *iv,
787	int enc)
788	{
789	EVP_AES_HMAC_SHA1 *key = data(ctx);
790	key->payload_length = NO_PAYLOAD_LENGTH;
791	return 1;
792	}
793
794	static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
795	unsigned char *out,
796	const unsigned char *in,
797	size_t len)
798	{
799	EVP_AES_HMAC_SHA1 *key = data(ctx);
800	unsigned int l;
801	size_t plen = key->payload_length;
802
803	key->payload_length = NO_PAYLOAD_LENGTH;
804
805	if (len % AES_BLOCK_SIZE)
806	return 0;
807
808	if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
809	if (plen == NO_PAYLOAD_LENGTH)
810	plen = len;
811	else if (len !=
812	((plen + SHA_DIGEST_LENGTH +
813	AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
814	return 0;
815
816	memmove(out, in, plen);
817
818	if (plen != len) { /* "TLS" mode of operation */
819	/* calculate HMAC and append it to payload */
820	fill_known_data(out + plen, SHA_DIGEST_LENGTH);
821
822	/* pad the payload\|hmac */
823	plen += SHA_DIGEST_LENGTH;
824	for (l = len - plen - 1; plen < len; plen++)
825	out[plen] = l;
826	}
827	} else {
828	/* decrypt HMAC\|padding at once */
829	memmove(out, in, len);
830
831	if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
832	unsigned int maxpad, pad;
833
834	if (key->tls_ver >= TLS1_1_VERSION) {
835	if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1))
836	return 0;
837
838	/* omit explicit iv */
839	in += AES_BLOCK_SIZE;
840	out += AES_BLOCK_SIZE;
841	len -= AES_BLOCK_SIZE;
842	} else if (len < (SHA_DIGEST_LENGTH + 1))
843	return 0;
844
845	/* figure out payload length */
846	pad = out[len - 1];
847	maxpad = len - (SHA_DIGEST_LENGTH + 1);
848	if (pad > maxpad)
849	return 0;
850	for (plen = len - pad - 1; plen < len; plen++)
851	if (out[plen] != pad)
852	return 0;
853	}
854	}
855
856	return 1;
857	}
858
859	static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
860	int arg, void *ptr)
861	{
862	EVP_AES_HMAC_SHA1 *key = data(ctx);
863
864	switch (type) {
865	case EVP_CTRL_AEAD_SET_MAC_KEY:
866	return 1;
867
868	case EVP_CTRL_AEAD_TLS1_AAD:
869	{
870	unsigned char *p = ptr;
871	unsigned int len;
872
873	if (arg != EVP_AEAD_TLS1_AAD_LEN)
874	return -1;
875
876	len = p[arg - 2] << 8 \| p[arg - 1];
877	key->tls_ver = p[arg - 4] << 8 \| p[arg - 3];
878
879	if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
880	key->payload_length = len;
881	if (key->tls_ver >= TLS1_1_VERSION) {
882	if (len < AES_BLOCK_SIZE)
883	return 0;
884	len -= AES_BLOCK_SIZE;
885	p[arg - 2] = len >> 8;
886	p[arg - 1] = len;
887	}
888
889	return (int)(((len + SHA_DIGEST_LENGTH +
890	AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
891	- len);
892	} else {
893	key->payload_length = arg;
894
895	return SHA_DIGEST_LENGTH;
896	}
897	}
898	default:
899	return -1;
900	}
901	}
902
903	static int ossltest_rand_bytes(unsigned char *buf, int num)
904	{
905	unsigned char val = 1;
906
907	while (--num >= 0)
908	*buf++ = val++;
909	return 1;
910	}
911
912	static int ossltest_rand_status(void)
913	{
914	return 1;
915	}
916
917	static const RAND_METHOD *ossltest_rand_method(void)
918	{
919
920	static RAND_METHOD osslt_rand_meth = {
921	NULL,
922	ossltest_rand_bytes,
923	NULL,
924	NULL,
925	ossltest_rand_bytes,
926	ossltest_rand_status
927	};
928
929	return &osslt_rand_meth;
930	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.0.1/engines/e_ossltest.c@ 94082

Download in other formats: