summaryrefslogtreecommitdiffstats
path: root/engines
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2016-10-27 19:32:36 +0200
committerMatt Caswell <matt@openssl.org>2016-11-02 14:12:11 +0100
commitaad22ba2c6172508f70263bcf53f6af6257c8b14 (patch)
tree66a2f283d7113f2ea5038fc16d8638ec87c40da7 /engines
parentConvert a big "if" into a "switch" (diff)
downloadopenssl-aad22ba2c6172508f70263bcf53f6af6257c8b14.tar.xz
openssl-aad22ba2c6172508f70263bcf53f6af6257c8b14.zip
Make sure ossltest engine works with TLS1.3
This might need more changes once we do a "real" TLS1.3 ciphersuite. But it should do for now. Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'engines')
-rw-r--r--engines/e_ossltest.c86
1 files changed, 85 insertions, 1 deletions
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
index b4c83cb7c3..6b006a4440 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -226,7 +226,7 @@ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
const int **, int);
static int ossltest_cipher_nids[] = {
- NID_aes_128_cbc, 0
+ NID_aes_128_cbc, NID_aes_128_gcm, 0
};
/* AES128 */
@@ -235,6 +235,12 @@ int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ void *ptr);
static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
static const EVP_CIPHER *ossltest_aes_128_cbc(void)
@@ -258,9 +264,38 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void)
}
return _hidden_aes_128_cbc;
}
+static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
+#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+ | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \
+ | EVP_CIPH_GCM_MODE)
+static const EVP_CIPHER *ossltest_aes_128_gcm(void)
+{
+ if (_hidden_aes_128_gcm == NULL
+ && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
+ 1 /* block size */,
+ 16 /* key len */)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
+ || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
+ || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
+ ossltest_aes128_gcm_init_key)
+ || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
+ ossltest_aes128_gcm_cipher)
+ || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
+ ossltest_aes128_gcm_ctrl)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
+ EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
+ EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
+ _hidden_aes_128_gcm = NULL;
+ }
+ return _hidden_aes_128_gcm;
+}
+
static void destroy_ciphers(void)
{
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+ EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
_hidden_aes_128_cbc = NULL;
}
@@ -389,6 +424,9 @@ static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
case NID_aes_128_cbc:
*cipher = ossltest_aes_128_cbc();
break;
+ case NID_aes_128_gcm:
+ *cipher = ossltest_aes_128_gcm();
+ break;
default:
ok = 0;
*cipher = NULL;
@@ -566,3 +604,49 @@ int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return ret;
}
+
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
+}
+
+
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ unsigned char *tmpbuf;
+ const size_t datalen = inl - EVP_GCM_TLS_EXPLICIT_IV_LEN
+ - EVP_GCM_TLS_TAG_LEN;
+
+ tmpbuf = OPENSSL_malloc(datalen);
+ if (tmpbuf == NULL)
+ return -1;
+
+ /* Remember what we were asked to encrypt */
+ memcpy(tmpbuf, in + EVP_GCM_TLS_EXPLICIT_IV_LEN, datalen);
+
+ /* Go through the motions of encrypting it */
+ EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
+
+ /*
+ * Throw it all away and just use the plaintext as the output with empty
+ * IV and tag
+ */
+ memset(out, 0, inl);
+ memcpy(out + EVP_GCM_TLS_EXPLICIT_IV_LEN, tmpbuf, datalen);
+ OPENSSL_free(tmpbuf);
+
+ return 1;
+}
+
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ void *ptr)
+{
+ int ret;
+
+ /* Pass the ctrl down */
+ ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
+
+ return ret;
+}