e_ossltest.c@ 106165

最後變更在這個檔案從106165是 104078,由 vboxsync 提交於 8 月前
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 28.8 KB

行
1	/*
2	* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* This is the OSSLTEST engine. It provides deliberately crippled digest
12	* implementations for test purposes. It is highly insecure and must NOT be
13	* used for any purpose except testing
14	*/
15
16	/* We need to use some engine deprecated APIs */
17	#define OPENSSL_SUPPRESS_DEPRECATED
18
19	/*
20	* SHA low level APIs are deprecated for public use, but still ok for
21	* internal use. Note, that due to symbols not being exported, only the
22	* #defines and type definitions can be accessed, function calls are not
23	* available. The digest lengths, block sizes and sizeof(CTX) are used herein
24	* for several different digests.
25	*/
26	#include "internal/deprecated.h"
27
28	#include <stdio.h>
29	#include <string.h>
30
31	#include <openssl/engine.h>
32	#include <openssl/sha.h>
33	#include <openssl/md5.h>
34	#include <openssl/rsa.h>
35	#include <openssl/evp.h>
36	#include <openssl/modes.h>
37	#include <openssl/aes.h>
38	#include <openssl/rand.h>
39	#include <openssl/crypto.h>
40	#include <openssl/pem.h>
41	#include <crypto/evp.h>
42
43	#include "e_ossltest_err.c"
44
45	/* Engine Id and Name */
46	static const char *engine_ossltest_id = "ossltest";
47	static const char *engine_ossltest_name = "OpenSSL Test engine support";
48
49
50	/* Engine Lifetime functions */
51	static int ossltest_destroy(ENGINE *e);
52	static int ossltest_init(ENGINE *e);
53	static int ossltest_finish(ENGINE *e);
54	void ENGINE_load_ossltest(void);
55
56
57	/* Set up digests */
58	static int ossltest_digests(ENGINE e, const EVP_MD *digest,
59	const int **nids, int nid);
60	static const RAND_METHOD *ossltest_rand_method(void);
61
62	/* MD5 */
63	static int digest_md5_init(EVP_MD_CTX *ctx);
64	static int digest_md5_update(EVP_MD_CTX ctx, const void data,
65	size_t count);
66	static int digest_md5_final(EVP_MD_CTX ctx, unsigned char md);
67
68	static EVP_MD *_hidden_md5_md = NULL;
69	static const EVP_MD *digest_md5(void)
70	{
71	if (_hidden_md5_md == NULL) {
72	EVP_MD *md;
73
74	if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
75	\|\| !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
76	\|\| !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
77	\|\| !EVP_MD_meth_set_app_datasize(md,
78	sizeof(EVP_MD *) + sizeof(MD5_CTX))
79	\|\| !EVP_MD_meth_set_flags(md, 0)
80	\|\| !EVP_MD_meth_set_init(md, digest_md5_init)
81	\|\| !EVP_MD_meth_set_update(md, digest_md5_update)
82	\|\| !EVP_MD_meth_set_final(md, digest_md5_final)) {
83	EVP_MD_meth_free(md);
84	md = NULL;
85	}
86	_hidden_md5_md = md;
87	}
88	return _hidden_md5_md;
89	}
90
91	/* SHA1 */
92	static int digest_sha1_init(EVP_MD_CTX *ctx);
93	static int digest_sha1_update(EVP_MD_CTX ctx, const void data,
94	size_t count);
95	static int digest_sha1_final(EVP_MD_CTX ctx, unsigned char md);
96
97	static EVP_MD *_hidden_sha1_md = NULL;
98	static const EVP_MD *digest_sha1(void)
99	{
100	if (_hidden_sha1_md == NULL) {
101	EVP_MD *md;
102
103	if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
104	\|\| !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
105	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
106	\|\| !EVP_MD_meth_set_app_datasize(md,
107	sizeof(EVP_MD *) + sizeof(SHA_CTX))
108	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
109	\|\| !EVP_MD_meth_set_init(md, digest_sha1_init)
110	\|\| !EVP_MD_meth_set_update(md, digest_sha1_update)
111	\|\| !EVP_MD_meth_set_final(md, digest_sha1_final)) {
112	EVP_MD_meth_free(md);
113	md = NULL;
114	}
115	_hidden_sha1_md = md;
116	}
117	return _hidden_sha1_md;
118	}
119
120	/* SHA256 */
121	static int digest_sha256_init(EVP_MD_CTX *ctx);
122	static int digest_sha256_update(EVP_MD_CTX ctx, const void data,
123	size_t count);
124	static int digest_sha256_final(EVP_MD_CTX ctx, unsigned char md);
125
126	static EVP_MD *_hidden_sha256_md = NULL;
127	static const EVP_MD *digest_sha256(void)
128	{
129	if (_hidden_sha256_md == NULL) {
130	EVP_MD *md;
131
132	if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
133	\|\| !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
134	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
135	\|\| !EVP_MD_meth_set_app_datasize(md,
136	sizeof(EVP_MD *) + sizeof(SHA256_CTX))
137	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
138	\|\| !EVP_MD_meth_set_init(md, digest_sha256_init)
139	\|\| !EVP_MD_meth_set_update(md, digest_sha256_update)
140	\|\| !EVP_MD_meth_set_final(md, digest_sha256_final)) {
141	EVP_MD_meth_free(md);
142	md = NULL;
143	}
144	_hidden_sha256_md = md;
145	}
146	return _hidden_sha256_md;
147	}
148
149	/* SHA384/SHA512 */
150	static int digest_sha384_init(EVP_MD_CTX *ctx);
151	static int digest_sha384_update(EVP_MD_CTX ctx, const void data,
152	size_t count);
153	static int digest_sha384_final(EVP_MD_CTX ctx, unsigned char md);
154
155	static int digest_sha512_init(EVP_MD_CTX *ctx);
156	static int digest_sha512_update(EVP_MD_CTX ctx, const void data,
157	size_t count);
158	static int digest_sha512_final(EVP_MD_CTX ctx, unsigned char md);
159
160	static EVP_MD *_hidden_sha384_md = NULL;
161	static const EVP_MD *digest_sha384(void)
162	{
163	if (_hidden_sha384_md == NULL) {
164	EVP_MD *md;
165
166	if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
167	\|\| !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
168	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
169	\|\| !EVP_MD_meth_set_app_datasize(md,
170	sizeof(EVP_MD *) + sizeof(SHA512_CTX))
171	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
172	\|\| !EVP_MD_meth_set_init(md, digest_sha384_init)
173	\|\| !EVP_MD_meth_set_update(md, digest_sha384_update)
174	\|\| !EVP_MD_meth_set_final(md, digest_sha384_final)) {
175	EVP_MD_meth_free(md);
176	md = NULL;
177	}
178	_hidden_sha384_md = md;
179	}
180	return _hidden_sha384_md;
181	}
182	static EVP_MD *_hidden_sha512_md = NULL;
183	static const EVP_MD *digest_sha512(void)
184	{
185	if (_hidden_sha512_md == NULL) {
186	EVP_MD *md;
187
188	if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
189	\|\| !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
190	\|\| !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
191	\|\| !EVP_MD_meth_set_app_datasize(md,
192	sizeof(EVP_MD *) + sizeof(SHA512_CTX))
193	\|\| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
194	\|\| !EVP_MD_meth_set_init(md, digest_sha512_init)
195	\|\| !EVP_MD_meth_set_update(md, digest_sha512_update)
196	\|\| !EVP_MD_meth_set_final(md, digest_sha512_final)) {
197	EVP_MD_meth_free(md);
198	md = NULL;
199	}
200	_hidden_sha512_md = md;
201	}
202	return _hidden_sha512_md;
203	}
204	static void destroy_digests(void)
205	{
206	EVP_MD_meth_free(_hidden_md5_md);
207	_hidden_md5_md = NULL;
208	EVP_MD_meth_free(_hidden_sha1_md);
209	_hidden_sha1_md = NULL;
210	EVP_MD_meth_free(_hidden_sha256_md);
211	_hidden_sha256_md = NULL;
212	EVP_MD_meth_free(_hidden_sha384_md);
213	_hidden_sha384_md = NULL;
214	EVP_MD_meth_free(_hidden_sha512_md);
215	_hidden_sha512_md = NULL;
216	}
217	static int ossltest_digest_nids(const int **nids)
218	{
219	static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
220	static int pos = 0;
221	static int init = 0;
222
223	if (!init) {
224	const EVP_MD *md;
225	if ((md = digest_md5()) != NULL)
226	digest_nids[pos++] = EVP_MD_get_type(md);
227	if ((md = digest_sha1()) != NULL)
228	digest_nids[pos++] = EVP_MD_get_type(md);
229	if ((md = digest_sha256()) != NULL)
230	digest_nids[pos++] = EVP_MD_get_type(md);
231	if ((md = digest_sha384()) != NULL)
232	digest_nids[pos++] = EVP_MD_get_type(md);
233	if ((md = digest_sha512()) != NULL)
234	digest_nids[pos++] = EVP_MD_get_type(md);
235	digest_nids[pos] = 0;
236	init = 1;
237	}
238	*nids = digest_nids;
239	return pos;
240	}
241
242	/* Setup ciphers */
243	static int ossltest_ciphers(ENGINE , const EVP_CIPHER *,
244	const int **, int);
245
246	static int ossltest_cipher_nids[] = {
247	NID_aes_128_cbc, NID_aes_128_gcm,
248	NID_aes_128_cbc_hmac_sha1, 0
249	};
250
251	/* AES128 */
252
253	static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx,
254	const unsigned char *key,
255	const unsigned char *iv, int enc);
256	static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
257	const unsigned char *in, size_t inl);
258	static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx,
259	const unsigned char *key,
260	const unsigned char *iv, int enc);
261	static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
262	const unsigned char *in, size_t inl);
263	static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
264	void *ptr);
265	static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
266	const unsigned char *key,
267	const unsigned char *iv,
268	int enc);
269	static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
270	unsigned char *out,
271	const unsigned char *in,
272	size_t inl);
273	static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
274	int arg, void *ptr);
275
276	typedef struct {
277	size_t payload_length; /* AAD length in decrypt case */
278	unsigned int tls_ver;
279	} EVP_AES_HMAC_SHA1;
280
281	static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
282	static const EVP_CIPHER *ossltest_aes_128_cbc(void)
283	{
284	if (_hidden_aes_128_cbc == NULL
285	&& ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
286	16 /* block size */,
287	16 /* key len */)) == NULL
288	\|\| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
289	\|\| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
290	EVP_CIPH_FLAG_DEFAULT_ASN1
291	\| EVP_CIPH_CBC_MODE)
292	\|\| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
293	ossltest_aes128_init_key)
294	\|\| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
295	ossltest_aes128_cbc_cipher)
296	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
297	EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
298	EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
299	_hidden_aes_128_cbc = NULL;
300	}
301	return _hidden_aes_128_cbc;
302	}
303
304	static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
305
306	#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
307	\| EVP_CIPH_CUSTOM_IV \| EVP_CIPH_FLAG_CUSTOM_CIPHER \
308	\| EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_CTRL_INIT \
309	\| EVP_CIPH_CUSTOM_COPY \|EVP_CIPH_FLAG_AEAD_CIPHER \
310	\| EVP_CIPH_GCM_MODE)
311
312	static const EVP_CIPHER *ossltest_aes_128_gcm(void)
313	{
314	if (_hidden_aes_128_gcm == NULL
315	&& ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
316	1 /* block size */,
317	16 /* key len */)) == NULL
318	\|\| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
319	\|\| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
320	\|\| !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
321	ossltest_aes128_gcm_init_key)
322	\|\| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
323	ossltest_aes128_gcm_cipher)
324	\|\| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
325	ossltest_aes128_gcm_ctrl)
326	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
327	EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
328	EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
329	_hidden_aes_128_gcm = NULL;
330	}
331	return _hidden_aes_128_gcm;
332	}
333
334	static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
335
336	static const EVP_CIPHER *ossltest_aes_128_cbc_hmac_sha1(void)
337	{
338	if (_hidden_aes_128_cbc_hmac_sha1 == NULL
339	&& ((_hidden_aes_128_cbc_hmac_sha1
340	= EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1,
341	16 /* block size */,
342	16 /* key len */)) == NULL
343	\|\| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
344	\|\| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
345	EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_DEFAULT_ASN1 \|
346	EVP_CIPH_FLAG_AEAD_CIPHER)
347	\|\| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
348	ossltest_aes128_cbc_hmac_sha1_init_key)
349	\|\| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
350	ossltest_aes128_cbc_hmac_sha1_cipher)
351	\|\| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
352	ossltest_aes128_cbc_hmac_sha1_ctrl)
353	\|\| !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_128_cbc_hmac_sha1,
354	EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv)
355	\|\| !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_128_cbc_hmac_sha1,
356	EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv)
357	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
358	sizeof(EVP_AES_HMAC_SHA1)))) {
359	EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
360	_hidden_aes_128_cbc_hmac_sha1 = NULL;
361	}
362	return _hidden_aes_128_cbc_hmac_sha1;
363	}
364
365	static void destroy_ciphers(void)
366	{
367	EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
368	EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
369	EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
370	_hidden_aes_128_cbc = NULL;
371	_hidden_aes_128_gcm = NULL;
372	_hidden_aes_128_cbc_hmac_sha1 = NULL;
373	}
374
375	/* Key loading */
376	static EVP_PKEY load_key(ENGINE eng, const char *key_id, int pub,
377	UI_METHOD ui_method, void ui_data)
378	{
379	BIO *in;
380	EVP_PKEY *key;
381
382	if (OPENSSL_strncasecmp(key_id, "ot:", 3) != 0)
383	return NULL;
384	key_id += 3;
385
386	fprintf(stderr, "[ossltest]Loading %s key %s\n",
387	pub ? "Public" : "Private", key_id);
388	in = BIO_new_file(key_id, "r");
389	if (!in)
390	return NULL;
391	if (pub)
392	key = PEM_read_bio_PUBKEY(in, NULL, 0, NULL);
393	else
394	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
395	BIO_free(in);
396	return key;
397	}
398
399	static EVP_PKEY ossltest_load_privkey(ENGINE eng, const char *key_id,
400	UI_METHOD ui_method, void ui_data)
401	{
402	return load_key(eng, key_id, 0, ui_method, ui_data);
403	}
404
405	static EVP_PKEY ossltest_load_pubkey(ENGINE eng, const char *key_id,
406	UI_METHOD ui_method, void ui_data)
407	{
408	return load_key(eng, key_id, 1, ui_method, ui_data);
409	}
410
411
412	static int bind_ossltest(ENGINE *e)
413	{
414	/* Ensure the ossltest error handling is set up */
415	ERR_load_OSSLTEST_strings();
416
417	if (!ENGINE_set_id(e, engine_ossltest_id)
418	\|\| !ENGINE_set_name(e, engine_ossltest_name)
419	\|\| !ENGINE_set_digests(e, ossltest_digests)
420	\|\| !ENGINE_set_ciphers(e, ossltest_ciphers)
421	\|\| !ENGINE_set_RAND(e, ossltest_rand_method())
422	\|\| !ENGINE_set_destroy_function(e, ossltest_destroy)
423	\|\| !ENGINE_set_load_privkey_function(e, ossltest_load_privkey)
424	\|\| !ENGINE_set_load_pubkey_function(e, ossltest_load_pubkey)
425	\|\| !ENGINE_set_init_function(e, ossltest_init)
426	\|\| !ENGINE_set_finish_function(e, ossltest_finish)) {
427	OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
428	return 0;
429	}
430
431	return 1;
432	}
433
434	#ifndef OPENSSL_NO_DYNAMIC_ENGINE
435	static int bind_helper(ENGINE e, const char id)
436	{
437	if (id && (strcmp(id, engine_ossltest_id) != 0))
438	return 0;
439	if (!bind_ossltest(e))
440	return 0;
441	return 1;
442	}
443
444	IMPLEMENT_DYNAMIC_CHECK_FN()
445	IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
446	#endif
447
448	static ENGINE *engine_ossltest(void)
449	{
450	ENGINE *ret = ENGINE_new();
451	if (ret == NULL)
452	return NULL;
453	if (!bind_ossltest(ret)) {
454	ENGINE_free(ret);
455	return NULL;
456	}
457	return ret;
458	}
459
460	void ENGINE_load_ossltest(void)
461	{
462	/* Copied from eng_[openssl\|dyn].c */
463	ENGINE *toadd = engine_ossltest();
464	if (!toadd)
465	return;
466	ENGINE_add(toadd);
467	ENGINE_free(toadd);
468	ERR_clear_error();
469	}
470
471
472	static int ossltest_init(ENGINE *e)
473	{
474	return 1;
475	}
476
477
478	static int ossltest_finish(ENGINE *e)
479	{
480	return 1;
481	}
482
483
484	static int ossltest_destroy(ENGINE *e)
485	{
486	destroy_digests();
487	destroy_ciphers();
488	ERR_unload_OSSLTEST_strings();
489	return 1;
490	}
491
492	static int ossltest_digests(ENGINE e, const EVP_MD *digest,
493	const int **nids, int nid)
494	{
495	int ok = 1;
496	if (!digest) {
497	/* We are returning a list of supported nids */
498	return ossltest_digest_nids(nids);
499	}
500	/* We are being asked for a specific digest */
501	switch (nid) {
502	case NID_md5:
503	*digest = digest_md5();
504	break;
505	case NID_sha1:
506	*digest = digest_sha1();
507	break;
508	case NID_sha256:
509	*digest = digest_sha256();
510	break;
511	case NID_sha384:
512	*digest = digest_sha384();
513	break;
514	case NID_sha512:
515	*digest = digest_sha512();
516	break;
517	default:
518	ok = 0;
519	*digest = NULL;
520	break;
521	}
522	return ok;
523	}
524
525	static int ossltest_ciphers(ENGINE e, const EVP_CIPHER *cipher,
526	const int **nids, int nid)
527	{
528	int ok = 1;
529	if (!cipher) {
530	/* We are returning a list of supported nids */
531	*nids = ossltest_cipher_nids;
532	return (sizeof(ossltest_cipher_nids) - 1)
533	/ sizeof(ossltest_cipher_nids[0]);
534	}
535	/* We are being asked for a specific cipher */
536	switch (nid) {
537	case NID_aes_128_cbc:
538	*cipher = ossltest_aes_128_cbc();
539	break;
540	case NID_aes_128_gcm:
541	*cipher = ossltest_aes_128_gcm();
542	break;
543	case NID_aes_128_cbc_hmac_sha1:
544	*cipher = ossltest_aes_128_cbc_hmac_sha1();
545	break;
546	default:
547	ok = 0;
548	*cipher = NULL;
549	break;
550	}
551	return ok;
552	}
553
554	static void fill_known_data(unsigned char *md, unsigned int len)
555	{
556	unsigned int i;
557
558	for (i=0; i<len; i++) {
559	md[i] = (unsigned char)(i & 0xff);
560	}
561	}
562
563	/*
564	* MD5 implementation. We go through the motions of doing MD5 by deferring to
565	* the standard implementation. Then we overwrite the result with a will defined
566	* value, so that all "MD5" digests using the test engine always end up with
567	* the same value.
568	*/
569	static int digest_md5_init(EVP_MD_CTX *ctx)
570	{
571	return EVP_MD_meth_get_init(EVP_md5())(ctx);
572	}
573
574	static int digest_md5_update(EVP_MD_CTX ctx, const void data,
575	size_t count)
576	{
577	return EVP_MD_meth_get_update(EVP_md5())(ctx, data, count);
578	}
579
580	static int digest_md5_final(EVP_MD_CTX ctx, unsigned char md)
581	{
582	int ret = EVP_MD_meth_get_final(EVP_md5())(ctx, md);
583
584	if (ret > 0) {
585	fill_known_data(md, MD5_DIGEST_LENGTH);
586	}
587	return ret;
588	}
589
590	/*
591	* SHA1 implementation.
592	*/
593	static int digest_sha1_init(EVP_MD_CTX *ctx)
594	{
595	return EVP_MD_meth_get_init(EVP_sha1())(ctx);
596	}
597
598	static int digest_sha1_update(EVP_MD_CTX ctx, const void data,
599	size_t count)
600	{
601	return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
602	}
603
604	static int digest_sha1_final(EVP_MD_CTX ctx, unsigned char md)
605	{
606	int ret = EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
607
608	if (ret > 0) {
609	fill_known_data(md, SHA_DIGEST_LENGTH);
610	}
611	return ret;
612	}
613
614	/*
615	* SHA256 implementation.
616	*/
617	static int digest_sha256_init(EVP_MD_CTX *ctx)
618	{
619	return EVP_MD_meth_get_init(EVP_sha256())(ctx);
620	}
621
622	static int digest_sha256_update(EVP_MD_CTX ctx, const void data,
623	size_t count)
624	{
625	return EVP_MD_meth_get_update(EVP_sha256())(ctx, data, count);
626	}
627
628	static int digest_sha256_final(EVP_MD_CTX ctx, unsigned char md)
629	{
630	int ret = EVP_MD_meth_get_final(EVP_sha256())(ctx, md);
631
632	if (ret > 0) {
633	fill_known_data(md, SHA256_DIGEST_LENGTH);
634	}
635	return ret;
636	}
637
638	/*
639	* SHA384 implementation.
640	*/
641	static int digest_sha384_init(EVP_MD_CTX *ctx)
642	{
643	return EVP_MD_meth_get_init(EVP_sha384())(ctx);
644	}
645
646	static int digest_sha384_update(EVP_MD_CTX ctx, const void data,
647	size_t count)
648	{
649	return EVP_MD_meth_get_update(EVP_sha384())(ctx, data, count);
650	}
651
652	static int digest_sha384_final(EVP_MD_CTX ctx, unsigned char md)
653	{
654	int ret = EVP_MD_meth_get_final(EVP_sha384())(ctx, md);
655
656	if (ret > 0) {
657	fill_known_data(md, SHA384_DIGEST_LENGTH);
658	}
659	return ret;
660	}
661
662	/*
663	* SHA512 implementation.
664	*/
665	static int digest_sha512_init(EVP_MD_CTX *ctx)
666	{
667	return EVP_MD_meth_get_init(EVP_sha512())(ctx);
668	}
669
670	static int digest_sha512_update(EVP_MD_CTX ctx, const void data,
671	size_t count)
672	{
673	return EVP_MD_meth_get_update(EVP_sha512())(ctx, data, count);
674	}
675
676	static int digest_sha512_final(EVP_MD_CTX ctx, unsigned char md)
677	{
678	int ret = EVP_MD_meth_get_final(EVP_sha512())(ctx, md);
679
680	if (ret > 0) {
681	fill_known_data(md, SHA512_DIGEST_LENGTH);
682	}
683	return ret;
684	}
685
686	/*
687	* AES128 Implementation
688	*/
689
690	static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx,
691	const unsigned char *key,
692	const unsigned char *iv, int enc)
693	{
694	return EVP_CIPHER_meth_get_init(EVP_aes_128_cbc()) (ctx, key, iv, enc);
695	}
696
697	static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
698	const unsigned char *in, size_t inl)
699	{
700	unsigned char *tmpbuf;
701	int ret;
702
703	tmpbuf = OPENSSL_malloc(inl);
704
705	/* OPENSSL_malloc will return NULL if inl == 0 */
706	if (tmpbuf == NULL && inl > 0)
707	return -1;
708
709	/* Remember what we were asked to encrypt */
710	if (tmpbuf != NULL)
711	memcpy(tmpbuf, in, inl);
712
713	/* Go through the motions of encrypting it */
714	ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl);
715
716	/* Throw it all away and just use the plaintext as the output */
717	if (tmpbuf != NULL)
718	memcpy(out, tmpbuf, inl);
719	OPENSSL_free(tmpbuf);
720
721	return ret;
722	}
723
724	static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx,
725	const unsigned char *key,
726	const unsigned char *iv, int enc)
727	{
728	return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
729	}
730
731	static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
732	const unsigned char *in, size_t inl)
733	{
734	unsigned char *tmpbuf = OPENSSL_malloc(inl);
735
736	/* OPENSSL_malloc will return NULL if inl == 0 */
737	if (tmpbuf == NULL && inl > 0)
738	return -1;
739
740	/* Remember what we were asked to encrypt */
741	if (tmpbuf != NULL)
742	memcpy(tmpbuf, in, inl);
743
744	/* Go through the motions of encrypting it */
745	EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
746
747	/* Throw it all away and just use the plaintext as the output */
748	if (tmpbuf != NULL && out != NULL)
749	memcpy(out, tmpbuf, inl);
750	OPENSSL_free(tmpbuf);
751
752	return inl;
753	}
754
755	static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
756	void *ptr)
757	{
758	/* Pass the ctrl down */
759	int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
760
761	if (ret <= 0)
762	return ret;
763
764	switch(type) {
765	case EVP_CTRL_AEAD_GET_TAG:
766	/* Always give the same tag */
767	memset(ptr, 0, EVP_GCM_TLS_TAG_LEN);
768	break;
769
770	default:
771	break;
772	}
773
774	return 1;
775	}
776
777	#define NO_PAYLOAD_LENGTH ((size_t)-1)
778	# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
779
780	static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
781	const unsigned char *inkey,
782	const unsigned char *iv,
783	int enc)
784	{
785	EVP_AES_HMAC_SHA1 *key = data(ctx);
786	key->payload_length = NO_PAYLOAD_LENGTH;
787	return 1;
788	}
789
790	static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
791	unsigned char *out,
792	const unsigned char *in,
793	size_t len)
794	{
795	EVP_AES_HMAC_SHA1 *key = data(ctx);
796	unsigned int l;
797	size_t plen = key->payload_length;
798
799	key->payload_length = NO_PAYLOAD_LENGTH;
800
801	if (len % AES_BLOCK_SIZE)
802	return 0;
803
804	if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
805	if (plen == NO_PAYLOAD_LENGTH)
806	plen = len;
807	else if (len !=
808	((plen + SHA_DIGEST_LENGTH +
809	AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
810	return 0;
811
812	memmove(out, in, plen);
813
814	if (plen != len) { /* "TLS" mode of operation */
815	/* calculate HMAC and append it to payload */
816	fill_known_data(out + plen, SHA_DIGEST_LENGTH);
817
818	/* pad the payload\|hmac */
819	plen += SHA_DIGEST_LENGTH;
820	for (l = len - plen - 1; plen < len; plen++)
821	out[plen] = l;
822	}
823	} else {
824	/* decrypt HMAC\|padding at once */
825	memmove(out, in, len);
826
827	if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
828	unsigned int maxpad, pad;
829
830	if (key->tls_ver >= TLS1_1_VERSION) {
831	if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1))
832	return 0;
833
834	/* omit explicit iv */
835	in += AES_BLOCK_SIZE;
836	out += AES_BLOCK_SIZE;
837	len -= AES_BLOCK_SIZE;
838	} else if (len < (SHA_DIGEST_LENGTH + 1))
839	return 0;
840
841	/* figure out payload length */
842	pad = out[len - 1];
843	maxpad = len - (SHA_DIGEST_LENGTH + 1);
844	if (pad > maxpad)
845	return 0;
846	for (plen = len - pad - 1; plen < len; plen++)
847	if (out[plen] != pad)
848	return 0;
849	}
850	}
851
852	return 1;
853	}
854
855	static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
856	int arg, void *ptr)
857	{
858	EVP_AES_HMAC_SHA1 *key = data(ctx);
859
860	switch (type) {
861	case EVP_CTRL_AEAD_SET_MAC_KEY:
862	return 1;
863
864	case EVP_CTRL_AEAD_TLS1_AAD:
865	{
866	unsigned char *p = ptr;
867	unsigned int len;
868
869	if (arg != EVP_AEAD_TLS1_AAD_LEN)
870	return -1;
871
872	len = p[arg - 2] << 8 \| p[arg - 1];
873	key->tls_ver = p[arg - 4] << 8 \| p[arg - 3];
874
875	if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
876	key->payload_length = len;
877	if (key->tls_ver >= TLS1_1_VERSION) {
878	if (len < AES_BLOCK_SIZE)
879	return 0;
880	len -= AES_BLOCK_SIZE;
881	p[arg - 2] = len >> 8;
882	p[arg - 1] = len;
883	}
884
885	return (int)(((len + SHA_DIGEST_LENGTH +
886	AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
887	- len);
888	} else {
889	key->payload_length = arg;
890
891	return SHA_DIGEST_LENGTH;
892	}
893	}
894	default:
895	return -1;
896	}
897	}
898
899	static int ossltest_rand_bytes(unsigned char *buf, int num)
900	{
901	unsigned char val = 1;
902
903	while (--num >= 0)
904	*buf++ = val++;
905	return 1;
906	}
907
908	static int ossltest_rand_status(void)
909	{
910	return 1;
911	}
912
913	static const RAND_METHOD *ossltest_rand_method(void)
914	{
915
916	static RAND_METHOD osslt_rand_meth = {
917	NULL,
918	ossltest_rand_bytes,
919	NULL,
920	NULL,
921	ossltest_rand_bytes,
922	ossltest_rand_status
923	};
924
925	return &osslt_rand_meth;
926	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.7/engines/e_ossltest.c@ 106165

以其他格式下載: