]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
EVP: add missing common functionality
[thirdparty/openssl.git] / test / evp_test.c
CommitLineData
0e360199 1/*
760e2d60 2 * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
0e360199 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
0e360199
BL		 8 */
9
10#include <stdio.h>
11#include <string.h>
307e3978
DSH		 12#include <stdlib.h>
13#include <ctype.h>
0e360199 14#include <openssl/evp.h>
5824cc29 15#include <openssl/pem.h>
0b13e9f0 16#include <openssl/err.h>
d5e5e2ff 17#include <openssl/provider.h>
307e3978 18#include <openssl/x509v3.h>
351fe214 19#include <openssl/pkcs12.h>
44a284d2 20#include <openssl/kdf.h>
25446a66
RL		 21#include <openssl/params.h>
22#include <openssl/core_names.h>
3b53e18a 23#include "internal/numbers.h"
25446a66 24#include "internal/nelem.h"
6c5943c9 25#include "testutil.h"
c3fc7d9a 26#include "evp_test.h"
0e360199 27
b1ceb439 28#define AAD_NUM 4
c49e0b04
RS		 29
30typedef struct evp_test_method_st EVP_TEST_METHOD;
7193f872 31
6c5943c9 32/*
c49e0b04 33 * Structure holding test information
6c5943c9 34 */
c49e0b04 35typedef struct evp_test_st {
ae269dd8
RS		 36 STANZA s; /* Common test stanza */
37 char *name;
c49e0b04 38 int skip; /* Current test should be skipped */
c49e0b04
RS		 39 const EVP_TEST_METHOD *meth; /* method for this test */
40 const char *err, *aux_err; /* Error string for test */
41 char *expected_err; /* Expected error value of test */
c49e0b04
RS		 42 char *reason; /* Expected error reason string */
43 void *data; /* test specific data */
44} EVP_TEST;
0e360199 45
307e3978 46/*
c49e0b04 47 * Test method structure
307e3978 48 */
c49e0b04
RS		 49struct evp_test_method_st {
50 /* Name of test as it appears in file */
51 const char *name;
52 /* Initialise test for "alg" */
53 int (*init) (EVP_TEST * t, const char *alg);
54 /* Clean up method */
55 void (*cleanup) (EVP_TEST * t);
56 /* Test specific name value pair processing */
57 int (*parse) (EVP_TEST * t, const char *name, const char *value);
58 /* Run the test itself */
59 int (*run_test) (EVP_TEST * t);
60};
5b46eee0 61
0e360199 62
3cdd1e94 63/*
c49e0b04 64 * Linked list of named keys.
3cdd1e94 65 */
c49e0b04
RS		 66typedef struct key_list_st {
67 char *name;
68 EVP_PKEY *key;
69 struct key_list_st *next;
70} KEY_LIST;
fa013b65 71
c49e0b04
RS		 72/*
73 * List of public and private keys
74 */
75static KEY_LIST *private_keys;
76static KEY_LIST *public_keys;
77static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
fa013b65 78
c49e0b04 79static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
3cdd1e94 80
4cceb185
P		 81/*
82 * Compare two memory regions for equality, returning zero if they differ.
83 * However, if there is expected to be an error and the actual error
84 * matches then the memory is expected to be different so handle this
85 * case without producing unnecessary test framework output.
86 */
87static int memory_err_compare(EVP_TEST *t, const char *err,
88 const void *expected, size_t expected_len,
89 const void *got, size_t got_len)
90{
91 int r;
92
93 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
94 r = !TEST_mem_ne(expected, expected_len, got, got_len);
95 else
96 r = TEST_mem_eq(expected, expected_len, got, got_len);
97 if (!r)
98 t->err = err;
99 return r;
100}
101
c3fc7d9a
DSH		 102/*
103 * Structure used to hold a list of blocks of memory to test
104 * calls to "update" like functions.
105 */
c3fc7d9a
DSH		 106struct evp_test_buffer_st {
107 unsigned char *buf;
108 size_t buflen;
109 size_t count;
110 int count_set;
111};
112
113static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
114{
115 if (db != NULL) {
116 OPENSSL_free(db->buf);
117 OPENSSL_free(db);
118 }
119}
120
c49e0b04
RS		 121/*
122 * append buffer to a list
123 */
c3fc7d9a
DSH		 124static int evp_test_buffer_append(const char *value,
125 STACK_OF(EVP_TEST_BUFFER) **sk)
126{
127 EVP_TEST_BUFFER *db = NULL;
128
129 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
130 goto err;
131
c49e0b04 132 if (!parse_bin(value, &db->buf, &db->buflen))
c3fc7d9a
DSH		 133 goto err;
134 db->count = 1;
135 db->count_set = 0;
136
137 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
c49e0b04 138 goto err;
c3fc7d9a
DSH		 139 if (!sk_EVP_TEST_BUFFER_push(*sk, db))
140 goto err;
141
142 return 1;
143
c49e0b04 144err:
c3fc7d9a 145 evp_test_buffer_free(db);
c3fc7d9a
DSH		 146 return 0;
147}
148
149/*
150 * replace last buffer in list with copies of itself
151 */
152static int evp_test_buffer_ncopy(const char *value,
153 STACK_OF(EVP_TEST_BUFFER) *sk)
154{
155 EVP_TEST_BUFFER *db;
156 unsigned char *tbuf, *p;
157 size_t tbuflen;
158 int ncopy = atoi(value);
159 int i;
160
161 if (ncopy <= 0)
162 return 0;
163 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
164 return 0;
165 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
166
167 tbuflen = db->buflen * ncopy;
168 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
169 return 0;
170 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
171 memcpy(p, db->buf, db->buflen);
172
173 OPENSSL_free(db->buf);
174 db->buf = tbuf;
175 db->buflen = tbuflen;
176 return 1;
177}
178
c49e0b04
RS		 179/*
180 * set repeat count for last buffer in list
181 */
c3fc7d9a
DSH		 182static int evp_test_buffer_set_count(const char *value,
183 STACK_OF(EVP_TEST_BUFFER) *sk)
184{
185 EVP_TEST_BUFFER *db;
186 int count = atoi(value);
187
188 if (count <= 0)
189 return 0;
190
191 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
192 return 0;
193
194 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
c49e0b04 195 if (db->count_set != 0)
c3fc7d9a
DSH		 196 return 0;
197
198 db->count = (size_t)count;
199 db->count_set = 1;
200 return 1;
201}
202
203/*
204 * call "fn" with each element of the list in turn
205 */
206static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
207 int (*fn)(void *ctx,
208 const unsigned char *buf,
209 size_t buflen),
210 void *ctx)
211{
212 int i;
213
214 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
215 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
216 size_t j;
217
218 for (j = 0; j < tb->count; j++) {
219 if (fn(ctx, tb->buf, tb->buflen) <= 0)
220 return 0;
221 }
222 }
223 return 1;
224}
225
6c5943c9 226/*
c49e0b04
RS		 227 * Unescape some sequences in string literals (only \n for now).
228 * Return an allocated buffer, set |out_len|. If |input_len|
229 * is zero, get an empty buffer but set length to zero.
6c5943c9 230 */
c49e0b04
RS		 231static unsigned char* unescape(const char *input, size_t input_len,
232 size_t *out_len)
233{
234 unsigned char *ret, *p;
235 size_t i;
5824cc29 236
c49e0b04
RS		 237 if (input_len == 0) {
238 *out_len = 0;
239 return OPENSSL_zalloc(1);
240 }
307e3978 241
c49e0b04
RS		 242 /* Escaping is non-expanding; over-allocate original size for simplicity. */
243 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
244 return NULL;
6c5943c9 245
c49e0b04
RS		 246 for (i = 0; i < input_len; i++) {
247 if (*input == '\\') {
248 if (i == input_len - 1 || *++input != 'n') {
249 TEST_error("Bad escape sequence in file");
250 goto err;
251 }
252 *p++ = '\n';
253 i++;
254 input++;
255 } else {
256 *p++ = *input++;
257 }
258 }
307e3978 259
c49e0b04
RS		 260 *out_len = p - ret;
261 return ret;
86885c28 262
c49e0b04
RS		 263 err:
264 OPENSSL_free(ret);
307e3978 265 return NULL;
0f113f3e
MC		 266}
267
6c5943c9 268/*
c49e0b04
RS		 269 * For a hex string "value" convert to a binary allocated buffer.
270 * Return 1 on success or 0 on failure.
6c5943c9 271 */
c49e0b04 272static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
0f113f3e 273{
c49e0b04 274 long len;
6c5943c9 275
c49e0b04
RS		 276 /* Check for NULL literal */
277 if (strcmp(value, "NULL") == 0) {
278 *buf = NULL;
279 *buflen = 0;
307e3978 280 return 1;
71f60ef3 281 }
6c5943c9 282
c49e0b04
RS		 283 /* Check for empty value */
284 if (*value == '\0') {
285 /*
286 * Don't return NULL for zero length buffer. This is needed for
287 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
288 * buffer even if the key length is 0, in order to detect key reset.
289 */
290 *buf = OPENSSL_malloc(1);
291 if (*buf == NULL)
5824cc29 292 return 0;
c49e0b04
RS		 293 **buf = 0;
294 *buflen = 0;
71f60ef3 295 return 1;
5824cc29
DSH		 296 }
297
c49e0b04
RS		 298 /* Check for string literal */
299 if (value[0] == '"') {
300 size_t vlen = strlen(++value);
301
302 if (vlen == 0 || value[vlen - 1] != '"')
307e3978 303 return 0;
c49e0b04
RS		 304 vlen--;
305 *buf = unescape(value, vlen, buflen);
306 return *buf == NULL ? 0 : 1;
6c5943c9 307 }
307e3978 308
c49e0b04
RS		 309 /* Otherwise assume as hex literal and convert it to binary buffer */
310 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
311 TEST_info("Can't convert %s", value);
8fe3127c 312 TEST_openssl_errors();
c49e0b04 313 return -1;
0f113f3e 314 }
c49e0b04
RS		 315 /* Size of input buffer means we'll never overflow */
316 *buflen = len;
307e3978
DSH		 317 return 1;
318}
0f113f3e 319
c49e0b04
RS		 320
321/**
322*** MESSAGE DIGEST TESTS
323**/
4897dc40 324
6c5943c9 325typedef struct digest_data_st {
307e3978
DSH		 326 /* Digest this test is for */
327 const EVP_MD *digest;
022351fd 328 EVP_MD *fetched_digest;
307e3978 329 /* Input to digest */
c3fc7d9a 330 STACK_OF(EVP_TEST_BUFFER) *input;
307e3978
DSH		 331 /* Expected output */
332 unsigned char *output;
333 size_t output_len;
6c5943c9 334} DIGEST_DATA;
4897dc40 335
6c5943c9 336static int digest_test_init(EVP_TEST *t, const char *alg)
307e3978 337{
6c5943c9 338 DIGEST_DATA *mdat;
c49e0b04 339 const EVP_MD *digest;
022351fd 340 EVP_MD *fetched_digest;
6c5943c9 341
022351fd
RL		 342 if ((digest = fetched_digest = EVP_MD_fetch(NULL, alg, NULL)) == NULL
343 && (digest = EVP_get_digestbyname(alg)) == NULL) {
578ce42d
DSH		 344 /* If alg has an OID assume disabled algorithm */
345 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
346 t->skip = 1;
347 return 1;
348 }
307e3978 349 return 0;
578ce42d 350 }
c49e0b04
RS		 351 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
352 return 0;
307e3978 353 t->data = mdat;
c49e0b04 354 mdat->digest = digest;
022351fd
RL		 355 mdat->fetched_digest = fetched_digest;
356 if (fetched_digest != NULL)
357 TEST_info("%s is fetched", alg);
4897dc40 358 return 1;
0f113f3e 359}
4897dc40 360
6c5943c9 361static void digest_test_cleanup(EVP_TEST *t)
307e3978 362{
6c5943c9
RS		 363 DIGEST_DATA *mdat = t->data;
364
c3fc7d9a 365 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
6c5943c9 366 OPENSSL_free(mdat->output);
022351fd 367 EVP_MD_meth_free(mdat->fetched_digest);
307e3978
DSH		 368}
369
6c5943c9 370static int digest_test_parse(EVP_TEST *t,
307e3978
DSH		 371 const char *keyword, const char *value)
372{
6c5943c9
RS		 373 DIGEST_DATA *mdata = t->data;
374
86885c28 375 if (strcmp(keyword, "Input") == 0)
c3fc7d9a 376 return evp_test_buffer_append(value, &mdata->input);
86885c28 377 if (strcmp(keyword, "Output") == 0)
c49e0b04 378 return parse_bin(value, &mdata->output, &mdata->output_len);
c3fc7d9a
DSH		 379 if (strcmp(keyword, "Count") == 0)
380 return evp_test_buffer_set_count(value, mdata->input);
381 if (strcmp(keyword, "Ncopy") == 0)
382 return evp_test_buffer_ncopy(value, mdata->input);
307e3978
DSH		 383 return 0;
384}
385
c3fc7d9a
DSH		 386static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
387{
388 return EVP_DigestUpdate(ctx, buf, buflen);
389}
390
6c5943c9 391static int digest_test_run(EVP_TEST *t)
0f113f3e 392{
e3d378bc 393 DIGEST_DATA *expected = t->data;
307e3978 394 EVP_MD_CTX *mctx;
cd8d1456 395 unsigned char *got = NULL;
e3d378bc 396 unsigned int got_len;
6c5943c9
RS		 397
398 t->err = "TEST_FAILURE";
399 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
307e3978 400 goto err;
6c5943c9 401
cd8d1456
AP		 402 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
403 expected->output_len : EVP_MAX_MD_SIZE);
404 if (!TEST_ptr(got))
405 goto err;
406
e3d378bc 407 if (!EVP_DigestInit_ex(mctx, expected->digest, NULL)) {
6c5943c9 408 t->err = "DIGESTINIT_ERROR";
307e3978 409 goto err;
618be04e 410 }
e3d378bc 411 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
c3fc7d9a
DSH		 412 t->err = "DIGESTUPDATE_ERROR";
413 goto err;
414 }
415
cd8d1456 416 if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) {
3ce46435
PS		 417 EVP_MD_CTX *mctx_cpy;
418 char dont[] = "touch";
419
420 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
421 goto err;
422 }
423 if (!EVP_MD_CTX_copy(mctx_cpy, mctx)) {
424 EVP_MD_CTX_free(mctx_cpy);
425 goto err;
426 }
427 if (!EVP_DigestFinalXOF(mctx_cpy, (unsigned char *)dont, 0)) {
428 EVP_MD_CTX_free(mctx_cpy);
429 t->err = "DIGESTFINALXOF_ERROR";
430 goto err;
431 }
432 if (!TEST_str_eq(dont, "touch")) {
433 EVP_MD_CTX_free(mctx_cpy);
434 t->err = "DIGESTFINALXOF_ERROR";
435 goto err;
436 }
437 EVP_MD_CTX_free(mctx_cpy);
438
cd8d1456
AP		 439 got_len = expected->output_len;
440 if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
441 t->err = "DIGESTFINALXOF_ERROR";
442 goto err;
443 }
444 } else {
445 if (!EVP_DigestFinal(mctx, got, &got_len)) {
446 t->err = "DIGESTFINAL_ERROR";
447 goto err;
448 }
6c5943c9 449 }
e3d378bc 450 if (!TEST_int_eq(expected->output_len, got_len)) {
6c5943c9 451 t->err = "DIGEST_LENGTH_MISMATCH";
307e3978 452 goto err;
6c5943c9 453 }
4cceb185
P		 454 if (!memory_err_compare(t, "DIGEST_MISMATCH",
455 expected->output, expected->output_len,
456 got, got_len))
307e3978 457 goto err;
4cceb185 458
6c5943c9
RS		 459 t->err = NULL;
460
307e3978 461 err:
cd8d1456 462 OPENSSL_free(got);
bfb0641f 463 EVP_MD_CTX_free(mctx);
b033e5d5 464 return 1;
307e3978 465}
4897dc40 466
6c5943c9 467static const EVP_TEST_METHOD digest_test_method = {
307e3978
DSH		 468 "Digest",
469 digest_test_init,
470 digest_test_cleanup,
471 digest_test_parse,
472 digest_test_run
473};
474
c49e0b04
RS		 475
476/**
477*** CIPHER TESTS
478**/
479
6c5943c9 480typedef struct cipher_data_st {
307e3978 481 const EVP_CIPHER *cipher;
022351fd 482 EVP_CIPHER *fetched_cipher;
307e3978 483 int enc;
2207ba7b 484 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
307e3978
DSH		 485 int aead;
486 unsigned char *key;
487 size_t key_len;
f816aa47 488 size_t key_bits; /* Used by RC2 */
307e3978 489 unsigned char *iv;
6a41156c 490 unsigned int rounds;
307e3978
DSH		 491 size_t iv_len;
492 unsigned char *plaintext;
493 size_t plaintext_len;
494 unsigned char *ciphertext;
495 size_t ciphertext_len;
b1ceb439
TS		 496 /* GCM, CCM, OCB and SIV only */
497 unsigned char *aad[AAD_NUM];
498 size_t aad_len[AAD_NUM];
307e3978
DSH		 499 unsigned char *tag;
500 size_t tag_len;
67c81ec3 501 int tag_late;
6c5943c9 502} CIPHER_DATA;
307e3978 503
6c5943c9 504static int cipher_test_init(EVP_TEST *t, const char *alg)
307e3978
DSH		 505{
506 const EVP_CIPHER *cipher;
022351fd 507 EVP_CIPHER *fetched_cipher;
c49e0b04
RS		 508 CIPHER_DATA *cdat;
509 int m;
6c5943c9 510
022351fd
RL		 511 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(NULL, alg, NULL)) == NULL
512 && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
33a89fa6
DSH		 513 /* If alg has an OID assume disabled algorithm */
514 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
515 t->skip = 1;
516 return 1;
517 }
0f113f3e 518 return 0;
33a89fa6 519 }
c49e0b04 520 cdat = OPENSSL_zalloc(sizeof(*cdat));
307e3978 521 cdat->cipher = cipher;
022351fd 522 cdat->fetched_cipher = fetched_cipher;
307e3978 523 cdat->enc = -1;
c49e0b04
RS		 524 m = EVP_CIPHER_mode(cipher);
525 if (m == EVP_CIPH_GCM_MODE
526 || m == EVP_CIPH_OCB_MODE
b1ceb439 527 || m == EVP_CIPH_SIV_MODE
c49e0b04 528 || m == EVP_CIPH_CCM_MODE)
523fcfb4 529 cdat->aead = m;
eb85cb86
AP		 530 else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
531 cdat->aead = -1;
307e3978
DSH		 532 else
533 cdat->aead = 0;
4897dc40 534
c49e0b04 535 t->data = cdat;
022351fd
RL		 536 if (fetched_cipher != NULL)
537 TEST_info("%s is fetched", alg);
307e3978
DSH		 538 return 1;
539}
4897dc40 540
6c5943c9 541static void cipher_test_cleanup(EVP_TEST *t)
307e3978 542{
b1ceb439 543 int i;
6c5943c9
RS		 544 CIPHER_DATA *cdat = t->data;
545
546 OPENSSL_free(cdat->key);
547 OPENSSL_free(cdat->iv);
548 OPENSSL_free(cdat->ciphertext);
549 OPENSSL_free(cdat->plaintext);
b1ceb439
TS		 550 for (i = 0; i < AAD_NUM; i++)
551 OPENSSL_free(cdat->aad[i]);
6c5943c9 552 OPENSSL_free(cdat->tag);
022351fd 553 EVP_CIPHER_meth_free(cdat->fetched_cipher);
307e3978 554}
4897dc40 555
6c5943c9 556static int cipher_test_parse(EVP_TEST *t, const char *keyword,
307e3978
DSH		 557 const char *value)
558{
6c5943c9 559 CIPHER_DATA *cdat = t->data;
b1ceb439 560 int i;
6c5943c9 561
86885c28 562 if (strcmp(keyword, "Key") == 0)
c49e0b04 563 return parse_bin(value, &cdat->key, &cdat->key_len);
6a41156c
SL		 564 if (strcmp(keyword, "Rounds") == 0) {
565 i = atoi(value);
566 if (i < 0)
567 return -1;
568 cdat->rounds = (unsigned int)i;
569 return 1;
570 }
86885c28 571 if (strcmp(keyword, "IV") == 0)
c49e0b04 572 return parse_bin(value, &cdat->iv, &cdat->iv_len);
86885c28 573 if (strcmp(keyword, "Plaintext") == 0)
c49e0b04 574 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
86885c28 575 if (strcmp(keyword, "Ciphertext") == 0)
c49e0b04 576 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
f816aa47
SL		 577 if (strcmp(keyword, "KeyBits") == 0) {
578 i = atoi(value);
579 if (i < 0)
580 return -1;
581 cdat->key_bits = (size_t)i;
582 return 1;
583 }
307e3978 584 if (cdat->aead) {
b1ceb439
TS		 585 if (strcmp(keyword, "AAD") == 0) {
586 for (i = 0; i < AAD_NUM; i++) {
587 if (cdat->aad[i] == NULL)
588 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
589 }
f42c225d 590 return -1;
b1ceb439 591 }
86885c28 592 if (strcmp(keyword, "Tag") == 0)
c49e0b04 593 return parse_bin(value, &cdat->tag, &cdat->tag_len);
67c81ec3
TN		 594 if (strcmp(keyword, "SetTagLate") == 0) {
595 if (strcmp(value, "TRUE") == 0)
596 cdat->tag_late = 1;
597 else if (strcmp(value, "FALSE") == 0)
598 cdat->tag_late = 0;
599 else
f42c225d 600 return -1;
67c81ec3
TN		 601 return 1;
602 }
0f113f3e 603 }
4897dc40 604
86885c28
RS		 605 if (strcmp(keyword, "Operation") == 0) {
606 if (strcmp(value, "ENCRYPT") == 0)
307e3978 607 cdat->enc = 1;
86885c28 608 else if (strcmp(value, "DECRYPT") == 0)
307e3978
DSH		 609 cdat->enc = 0;
610 else
f42c225d 611 return -1;
307e3978 612 return 1;
0f113f3e 613 }
307e3978 614 return 0;
0f113f3e 615}
4897dc40 616
6c5943c9 617static int cipher_test_enc(EVP_TEST *t, int enc,
0b96d77a 618 size_t out_misalign, size_t inp_misalign, int frag)
0f113f3e 619{
e3d378bc
AP		 620 CIPHER_DATA *expected = t->data;
621 unsigned char *in, *expected_out, *tmp = NULL;
0b96d77a 622 size_t in_len, out_len, donelen = 0;
b1ceb439 623 int ok = 0, tmplen, chunklen, tmpflen, i;
307e3978 624 EVP_CIPHER_CTX *ctx = NULL;
6c5943c9
RS		 625
626 t->err = "TEST_FAILURE";
627 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
307e3978
DSH		 628 goto err;
629 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
630 if (enc) {
e3d378bc
AP		 631 in = expected->plaintext;
632 in_len = expected->plaintext_len;
633 expected_out = expected->ciphertext;
634 out_len = expected->ciphertext_len;
307e3978 635 } else {
e3d378bc
AP		 636 in = expected->ciphertext;
637 in_len = expected->ciphertext_len;
638 expected_out = expected->plaintext;
639 out_len = expected->plaintext_len;
0f113f3e 640 }
ff715da4
AP		 641 if (inp_misalign == (size_t)-1) {
642 /*
643 * Exercise in-place encryption
644 */
645 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
646 if (!tmp)
647 goto err;
648 in = memcpy(tmp + out_misalign, in, in_len);
649 } else {
650 inp_misalign += 16 - ((out_misalign + in_len) & 15);
651 /*
652 * 'tmp' will store both output and copy of input. We make the copy
653 * of input to specifically aligned part of 'tmp'. So we just
654 * figured out how much padding would ensure the required alignment,
655 * now we allocate extended buffer and finally copy the input just
656 * past inp_misalign in expression below. Output will be written
657 * past out_misalign...
658 */
659 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
660 inp_misalign + in_len);
661 if (!tmp)
662 goto err;
663 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
664 inp_misalign, in, in_len);
665 }
e3d378bc 666 if (!EVP_CipherInit_ex(ctx, expected->cipher, NULL, NULL, NULL, enc)) {
6c5943c9 667 t->err = "CIPHERINIT_ERROR";
307e3978 668 goto err;
6c5943c9 669 }
e3d378bc
AP		 670 if (expected->iv) {
671 if (expected->aead) {
2207ba7b 672 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
e3d378bc 673 expected->iv_len, 0)) {
6c5943c9 674 t->err = "INVALID_IV_LENGTH";
307e3978 675 goto err;
6c5943c9 676 }
e3d378bc 677 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) {
6c5943c9 678 t->err = "INVALID_IV_LENGTH";
307e3978 679 goto err;
6c5943c9 680 }
0f113f3e 681 }
e3d378bc 682 if (expected->aead) {
307e3978
DSH		 683 unsigned char *tag;
684 /*
2207ba7b
DSH		 685 * If encrypting or OCB just set tag length initially, otherwise
686 * set tag length and value.
307e3978 687 */
67c81ec3 688 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
6c5943c9 689 t->err = "TAG_LENGTH_SET_ERROR";
307e3978 690 tag = NULL;
0f113f3e 691 } else {
6c5943c9 692 t->err = "TAG_SET_ERROR";
e3d378bc 693 tag = expected->tag;
0f113f3e 694 }
e3d378bc 695 if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
2207ba7b 696 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
e3d378bc 697 expected->tag_len, tag))
307e3978 698 goto err;
0f113f3e 699 }
307e3978 700 }
0f113f3e 701
6a41156c
SL		 702 if (expected->rounds > 0) {
703 int rounds = (int)expected->rounds;
704
705 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)) {
706 t->err = "INVALID_ROUNDS";
707 goto err;
708 }
709 }
710
e3d378bc 711 if (!EVP_CIPHER_CTX_set_key_length(ctx, expected->key_len)) {
6c5943c9 712 t->err = "INVALID_KEY_LENGTH";
307e3978 713 goto err;
6c5943c9 714 }
f816aa47
SL		 715 if (expected->key_bits > 0) {
716 int bits = (int)expected->key_bits;
717
718 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL)) {
719 t->err = "INVALID KEY BITS";
720 goto err;
721 }
722 }
e3d378bc 723 if (!EVP_CipherInit_ex(ctx, NULL, NULL, expected->key, expected->iv, -1)) {
6c5943c9 724 t->err = "KEY_SET_ERROR";
307e3978 725 goto err;
6c5943c9 726 }
f816aa47 727
48ebde22
RL		 728 /* Check that we get the same IV back */
729 if (expected->iv != NULL
730 && (EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
731 && !TEST_mem_eq(expected->iv, expected->iv_len,
732 EVP_CIPHER_CTX_iv(ctx), expected->iv_len)) {
733 t->err = "INVALID_IV";
734 goto err;
735 }
307e3978 736
e3d378bc 737 if (expected->aead == EVP_CIPH_CCM_MODE) {
307e3978 738 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
6c5943c9 739 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
307e3978 740 goto err;
0f113f3e
MC		 741 }
742 }
b1ceb439 743 if (expected->aad[0] != NULL) {
6c5943c9 744 t->err = "AAD_SET_ERROR";
0b96d77a 745 if (!frag) {
b1ceb439
TS		 746 for (i = 0; expected->aad[i] != NULL; i++) {
747 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i],
748 expected->aad_len[i]))
749 goto err;
750 }
0b96d77a
MC		 751 } else {
752 /*
753 * Supply the AAD in chunks less than the block size where possible
754 */
b1ceb439
TS		 755 for (i = 0; expected->aad[i] != NULL; i++) {
756 if (expected->aad_len[i] > 0) {
757 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
758 goto err;
759 donelen++;
760 }
761 if (expected->aad_len[i] > 2) {
762 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
763 expected->aad[i] + donelen,
764 expected->aad_len[i] - 2))
765 goto err;
766 donelen += expected->aad_len[i] - 2;
767 }
768 if (expected->aad_len[i] > 1
769 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
770 expected->aad[i] + donelen, 1))
0b96d77a 771 goto err;
0b96d77a 772 }
307e3978
DSH		 773 }
774 }
67c81ec3
TN		 775
776 if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) {
777 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
778 expected->tag_len, expected->tag)) {
779 t->err = "TAG_SET_ERROR";
780 goto err;
781 }
782 }
783
307e3978 784 EVP_CIPHER_CTX_set_padding(ctx, 0);
6c5943c9 785 t->err = "CIPHERUPDATE_ERROR";
0b96d77a 786 tmplen = 0;
0b96d77a
MC		 787 if (!frag) {
788 /* We supply the data all in one go */
789 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
790 goto err;
791 } else {
792 /* Supply the data in chunks less than the block size where possible */
793 if (in_len > 0) {
794 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
795 goto err;
796 tmplen += chunklen;
ef055ec5
MC		 797 in++;
798 in_len--;
0b96d77a 799 }
ef055ec5 800 if (in_len > 1) {
0b96d77a 801 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
ef055ec5 802 in, in_len - 1))
0b96d77a
MC		 803 goto err;
804 tmplen += chunklen;
ef055ec5
MC		 805 in += in_len - 1;
806 in_len = 1;
0b96d77a 807 }
ef055ec5 808 if (in_len > 0 ) {
0b96d77a 809 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
ef055ec5 810 in, 1))
0b96d77a
MC		 811 goto err;
812 tmplen += chunklen;
813 }
814 }
6c5943c9
RS		 815 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
816 t->err = "CIPHERFINAL_ERROR";
00212c66 817 goto err;
6c5943c9 818 }
4cceb185
P		 819 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
820 tmp + out_misalign, tmplen + tmpflen))
307e3978 821 goto err;
e3d378bc 822 if (enc && expected->aead) {
307e3978 823 unsigned char rtag[16];
6c5943c9 824
e3d378bc 825 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
6c5943c9 826 t->err = "TAG_LENGTH_INTERNAL_ERROR";
307e3978
DSH		 827 goto err;
828 }
2207ba7b 829 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
e3d378bc 830 expected->tag_len, rtag)) {
6c5943c9 831 t->err = "TAG_RETRIEVE_ERROR";
307e3978
DSH		 832 goto err;
833 }
4cceb185
P		 834 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
835 expected->tag, expected->tag_len,
836 rtag, expected->tag_len))
307e3978 837 goto err;
307e3978 838 }
6c5943c9
RS		 839 t->err = NULL;
840 ok = 1;
307e3978 841 err:
b548a1f1 842 OPENSSL_free(tmp);
307e3978 843 EVP_CIPHER_CTX_free(ctx);
6c5943c9 844 return ok;
307e3978 845}
0e360199 846
6c5943c9 847static int cipher_test_run(EVP_TEST *t)
307e3978 848{
6c5943c9 849 CIPHER_DATA *cdat = t->data;
0b96d77a 850 int rv, frag = 0;
9a2d2fb3
AP		 851 size_t out_misalign, inp_misalign;
852
307e3978
DSH		 853 if (!cdat->key) {
854 t->err = "NO_KEY";
855 return 0;
856 }
857 if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
858 /* IV is optional and usually omitted in wrap mode */
859 if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
860 t->err = "NO_IV";
861 return 0;
862 }
863 }
864 if (cdat->aead && !cdat->tag) {
865 t->err = "NO_TAG";
866 return 0;
867 }
0b96d77a 868 for (out_misalign = 0; out_misalign <= 1;) {
9a2d2fb3
AP		 869 static char aux_err[64];
870 t->aux_err = aux_err;
ff715da4
AP		 871 for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
872 if (inp_misalign == (size_t)-1) {
873 /* kludge: inp_misalign == -1 means "exercise in-place" */
0b96d77a
MC		 874 BIO_snprintf(aux_err, sizeof(aux_err),
875 "%s in-place, %sfragmented",
876 out_misalign ? "misaligned" : "aligned",
877 frag ? "" : "not ");
ff715da4 878 } else {
0b96d77a
MC		 879 BIO_snprintf(aux_err, sizeof(aux_err),
880 "%s output and %s input, %sfragmented",
ff715da4 881 out_misalign ? "misaligned" : "aligned",
0b96d77a
MC		 882 inp_misalign ? "misaligned" : "aligned",
883 frag ? "" : "not ");
ff715da4 884 }
9a2d2fb3 885 if (cdat->enc) {
0b96d77a 886 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag);
9a2d2fb3
AP		 887 /* Not fatal errors: return */
888 if (rv != 1) {
889 if (rv < 0)
890 return 0;
891 return 1;
892 }
893 }
894 if (cdat->enc != 1) {
0b96d77a 895 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag);
9a2d2fb3
AP		 896 /* Not fatal errors: return */
897 if (rv != 1) {
898 if (rv < 0)
899 return 0;
900 return 1;
901 }
902 }
307e3978 903 }
0b96d77a
MC		 904
905 if (out_misalign == 1 && frag == 0) {
906 /*
b1ceb439 907 * XTS, SIV, CCM and Wrap modes have special requirements about input
0b96d77a
MC		 908 * lengths so we don't fragment for those
909 */
910 if (cdat->aead == EVP_CIPH_CCM_MODE
b1ceb439 911 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
0b96d77a 912 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
e3d378bc 913 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
0b96d77a
MC		 914 break;
915 out_misalign = 0;
916 frag++;
917 } else {
918 out_misalign++;
919 }
307e3978 920 }
9a2d2fb3
AP		 921 t->aux_err = NULL;
922
307e3978 923 return 1;
0f113f3e 924}
307e3978 925
6c5943c9 926static const EVP_TEST_METHOD cipher_test_method = {
307e3978
DSH		 927 "Cipher",
928 cipher_test_init,
929 cipher_test_cleanup,
930 cipher_test_parse,
931 cipher_test_run
932};
83251f39 933
c49e0b04
RS		 934
935/**
936*** MAC TESTS
937**/
938
6c5943c9 939typedef struct mac_data_st {
2bdb4af5 940 /* MAC type in one form or another */
25446a66 941 EVP_MAC *mac; /* for mac_test_run_mac */
2bdb4af5 942 int type; /* for mac_test_run_pkey */
83251f39
DSH		 943 /* Algorithm string for this MAC */
944 char *alg;
945 /* MAC key */
946 unsigned char *key;
947 size_t key_len;
afc580b9
P		 948 /* MAC IV (GMAC) */
949 unsigned char *iv;
950 size_t iv_len;
83251f39
DSH		 951 /* Input to MAC */
952 unsigned char *input;
953 size_t input_len;
954 /* Expected output */
955 unsigned char *output;
956 size_t output_len;
6e624a64
SL		 957 unsigned char *custom;
958 size_t custom_len;
b215db23
AS		 959 /* MAC salt (blake2) */
960 unsigned char *salt;
961 size_t salt_len;
7e6a3025
RL		 962 /* Collection of controls */
963 STACK_OF(OPENSSL_STRING) *controls;
6c5943c9 964} MAC_DATA;
83251f39 965
6c5943c9 966static int mac_test_init(EVP_TEST *t, const char *alg)
83251f39 967{
25446a66 968 EVP_MAC *mac = NULL;
2bdb4af5 969 int type = NID_undef;
6c5943c9
RS		 970 MAC_DATA *mdat;
971
25446a66 972 if ((mac = EVP_MAC_fetch(NULL, alg, NULL)) == NULL) {
2bdb4af5
RL		 973 /*
974 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
975 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
976 * the EVP_PKEY method.
977 */
978 size_t sz = strlen(alg);
979 static const char epilogue[] = " by EVP_PKEY";
980
88e3cf0a
RL		 981 if (sz >= sizeof(epilogue)
982 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
2bdb4af5
RL		 983 sz -= sizeof(epilogue) - 1;
984
985 if (strncmp(alg, "HMAC", sz) == 0) {
986 type = EVP_PKEY_HMAC;
987 } else if (strncmp(alg, "CMAC", sz) == 0) {
b4a3aeeb 988#ifndef OPENSSL_NO_CMAC
2bdb4af5 989 type = EVP_PKEY_CMAC;
b4a3aeeb 990#else
2bdb4af5
RL		 991 t->skip = 1;
992 return 1;
52ad5b60 993#endif
2bdb4af5 994 } else if (strncmp(alg, "Poly1305", sz) == 0) {
52ad5b60 995#ifndef OPENSSL_NO_POLY1305
2bdb4af5 996 type = EVP_PKEY_POLY1305;
52ad5b60 997#else
2bdb4af5
RL		 998 t->skip = 1;
999 return 1;
3f5616d7 1000#endif
2bdb4af5 1001 } else if (strncmp(alg, "SipHash", sz) == 0) {
3f5616d7 1002#ifndef OPENSSL_NO_SIPHASH
2bdb4af5 1003 type = EVP_PKEY_SIPHASH;
3f5616d7 1004#else
2bdb4af5
RL		 1005 t->skip = 1;
1006 return 1;
b4a3aeeb 1007#endif
2bdb4af5
RL		 1008 } else {
1009 /*
1010 * Not a known EVP_PKEY method either. If it's a known OID, then
1011 * assume it's been disabled.
1012 */
1013 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
1014 t->skip = 1;
1015 return 1;
1016 }
1017
1018 return 0;
1019 }
1020 }
83251f39 1021
6c5943c9 1022 mdat = OPENSSL_zalloc(sizeof(*mdat));
83251f39 1023 mdat->type = type;
2bdb4af5 1024 mdat->mac = mac;
7e6a3025 1025 mdat->controls = sk_OPENSSL_STRING_new_null();
83251f39
DSH		 1026 t->data = mdat;
1027 return 1;
1028}
1029
7e6a3025
RL		 1030/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
1031static void openssl_free(char *m)
1032{
1033 OPENSSL_free(m);
1034}
1035
6c5943c9 1036static void mac_test_cleanup(EVP_TEST *t)
83251f39 1037{
6c5943c9
RS		 1038 MAC_DATA *mdat = t->data;
1039
25446a66 1040 EVP_MAC_free(mdat->mac);
7e6a3025 1041 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
6c5943c9
RS		 1042 OPENSSL_free(mdat->alg);
1043 OPENSSL_free(mdat->key);
afc580b9 1044 OPENSSL_free(mdat->iv);
6e624a64 1045 OPENSSL_free(mdat->custom);
b215db23 1046 OPENSSL_free(mdat->salt);
6c5943c9
RS		 1047 OPENSSL_free(mdat->input);
1048 OPENSSL_free(mdat->output);
83251f39
DSH		 1049}
1050
6c5943c9 1051static int mac_test_parse(EVP_TEST *t,
83251f39
DSH		 1052 const char *keyword, const char *value)
1053{
6c5943c9
RS		 1054 MAC_DATA *mdata = t->data;
1055
86885c28 1056 if (strcmp(keyword, "Key") == 0)
c49e0b04 1057 return parse_bin(value, &mdata->key, &mdata->key_len);
afc580b9
P		 1058 if (strcmp(keyword, "IV") == 0)
1059 return parse_bin(value, &mdata->iv, &mdata->iv_len);
6e624a64
SL		 1060 if (strcmp(keyword, "Custom") == 0)
1061 return parse_bin(value, &mdata->custom, &mdata->custom_len);
b215db23
AS		 1062 if (strcmp(keyword, "Salt") == 0)
1063 return parse_bin(value, &mdata->salt, &mdata->salt_len);
86885c28 1064 if (strcmp(keyword, "Algorithm") == 0) {
7644a9ae 1065 mdata->alg = OPENSSL_strdup(value);
83251f39 1066 if (!mdata->alg)
f42c225d 1067 return -1;
83251f39
DSH		 1068 return 1;
1069 }
86885c28 1070 if (strcmp(keyword, "Input") == 0)
c49e0b04 1071 return parse_bin(value, &mdata->input, &mdata->input_len);
86885c28 1072 if (strcmp(keyword, "Output") == 0)
c49e0b04 1073 return parse_bin(value, &mdata->output, &mdata->output_len);
7e6a3025
RL		 1074 if (strcmp(keyword, "Ctrl") == 0)
1075 return sk_OPENSSL_STRING_push(mdata->controls,
1076 OPENSSL_strdup(value)) != 0;
83251f39
DSH		 1077 return 0;
1078}
1079
ce5d64c7
RL		 1080static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1081 const char *value)
1082{
1083 int rv;
1084 char *p, *tmpval;
1085
1086 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1087 return 0;
1088 p = strchr(tmpval, ':');
1089 if (p != NULL)
1090 *p++ = '\0';
1091 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1092 if (rv == -2)
1093 t->err = "PKEY_CTRL_INVALID";
1094 else if (rv <= 0)
1095 t->err = "PKEY_CTRL_ERROR";
1096 else
1097 rv = 1;
1098 OPENSSL_free(tmpval);
1099 return rv > 0;
1100}
1101
2bdb4af5 1102static int mac_test_run_pkey(EVP_TEST *t)
83251f39 1103{
e3d378bc 1104 MAC_DATA *expected = t->data;
83251f39
DSH		 1105 EVP_MD_CTX *mctx = NULL;
1106 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1107 EVP_PKEY *key = NULL;
1108 const EVP_MD *md = NULL;
e3d378bc
AP		 1109 unsigned char *got = NULL;
1110 size_t got_len;
7e6a3025 1111 int i;
83251f39 1112
2bdb4af5
RL		 1113 if (expected->alg == NULL)
1114 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1115 else
1116 TEST_info("Trying the EVP_PKEY %s test with %s",
1117 OBJ_nid2sn(expected->type), expected->alg);
1118
96bea000 1119#ifdef OPENSSL_NO_DES
e3d378bc 1120 if (expected->alg != NULL && strstr(expected->alg, "DES") != NULL) {
96bea000 1121 /* Skip DES */
6c5943c9 1122 t->err = NULL;
96bea000
MC		 1123 goto err;
1124 }
1125#endif
1126
9442c8d7
MC		 1127 if (expected->type == EVP_PKEY_CMAC)
1128 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1129 EVP_get_cipherbyname(expected->alg));
1130 else
f929439f
MC		 1131 key = EVP_PKEY_new_raw_private_key(expected->type, NULL, expected->key,
1132 expected->key_len);
9442c8d7
MC		 1133 if (key == NULL) {
1134 t->err = "MAC_KEY_CREATE_ERROR";
83251f39 1135 goto err;
6c5943c9 1136 }
83251f39 1137
e3d378bc
AP		 1138 if (expected->type == EVP_PKEY_HMAC) {
1139 if (!TEST_ptr(md = EVP_get_digestbyname(expected->alg))) {
6c5943c9 1140 t->err = "MAC_ALGORITHM_SET_ERROR";
83251f39 1141 goto err;
6c5943c9 1142 }
83251f39 1143 }
6c5943c9
RS		 1144 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1145 t->err = "INTERNAL_ERROR";
83251f39 1146 goto err;
6c5943c9
RS		 1147 }
1148 if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) {
1149 t->err = "DIGESTSIGNINIT_ERROR";
83251f39 1150 goto err;
6c5943c9 1151 }
7e6a3025 1152 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
ce5d64c7
RL		 1153 if (!mac_test_ctrl_pkey(t, pctx,
1154 sk_OPENSSL_STRING_value(expected->controls,
1155 i))) {
7e6a3025
RL		 1156 t->err = "EVPPKEYCTXCTRL_ERROR";
1157 goto err;
1158 }
e3d378bc 1159 if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
6c5943c9 1160 t->err = "DIGESTSIGNUPDATE_ERROR";
83251f39 1161 goto err;
83251f39 1162 }
e3d378bc 1163 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
6c5943c9 1164 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
83251f39 1165 goto err;
6c5943c9 1166 }
e3d378bc 1167 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
6c5943c9 1168 t->err = "TEST_FAILURE";
83251f39 1169 goto err;
6c5943c9 1170 }
e3d378bc 1171 if (!EVP_DigestSignFinal(mctx, got, &got_len)
4cceb185
P		 1172 || !memory_err_compare(t, "TEST_MAC_ERR",
1173 expected->output, expected->output_len,
1174 got, got_len)) {
41248607
RS		 1175 t->err = "TEST_MAC_ERR";
1176 goto err;
1177 }
6c5943c9 1178 t->err = NULL;
83251f39 1179 err:
bfb0641f 1180 EVP_MD_CTX_free(mctx);
e3d378bc 1181 OPENSSL_free(got);
c5ba2d99
RS		 1182 EVP_PKEY_CTX_free(genctx);
1183 EVP_PKEY_free(key);
83251f39
DSH		 1184 return 1;
1185}
1186
2bdb4af5
RL		 1187static int mac_test_run_mac(EVP_TEST *t)
1188{
1189 MAC_DATA *expected = t->data;
1190 EVP_MAC_CTX *ctx = NULL;
2bdb4af5
RL		 1191 unsigned char *got = NULL;
1192 size_t got_len;
25446a66
RL		 1193 int i;
1194 OSSL_PARAM params[21];
1195 size_t params_n = 0;
1196 size_t params_n_allocstart = 0;
1197 const OSSL_PARAM *defined_params =
41f7ecf3 1198 EVP_MAC_settable_ctx_params(expected->mac);
2bdb4af5
RL		 1199
1200 if (expected->alg == NULL)
1201 TEST_info("Trying the EVP_MAC %s test", EVP_MAC_name(expected->mac));
1202 else
1203 TEST_info("Trying the EVP_MAC %s test with %s",
1204 EVP_MAC_name(expected->mac), expected->alg);
1205
1206#ifdef OPENSSL_NO_DES
1207 if (expected->alg != NULL && strstr(expected->alg, "DES") != NULL) {
1208 /* Skip DES */
1209 t->err = NULL;
1210 goto err;
1211 }
1212#endif
1213
703170d4
RL		 1214 if (expected->alg != NULL) {
1215 /*
1216 * The underlying algorithm may be a cipher or a digest.
1217 * We don't know which it is, but we can ask the MAC what it
1218 * should be and bet on that.
1219 */
1220 if (OSSL_PARAM_locate_const(defined_params,
1221 OSSL_MAC_PARAM_CIPHER) != NULL) {
1222 params[params_n++] =
1223 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
7f588d20 1224 expected->alg, 0);
703170d4
RL		 1225 } else if (OSSL_PARAM_locate_const(defined_params,
1226 OSSL_MAC_PARAM_DIGEST) != NULL) {
1227 params[params_n++] =
1228 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
7f588d20 1229 expected->alg, 0);
703170d4
RL		 1230 } else {
1231 t->err = "MAC_BAD_PARAMS";
1232 goto err;
1233 }
1234 }
25446a66
RL		 1235 if (expected->key != NULL)
1236 params[params_n++] =
1237 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
1238 expected->key,
1239 expected->key_len);
1240 if (expected->custom != NULL)
1241 params[params_n++] =
1242 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1243 expected->custom,
1244 expected->custom_len);
1245 if (expected->salt != NULL)
1246 params[params_n++] =
1247 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1248 expected->salt,
1249 expected->salt_len);
1250 if (expected->iv != NULL)
1251 params[params_n++] =
1252 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1253 expected->iv,
1254 expected->iv_len);
1255
1256 /*
1257 * Unknown controls. They must match parameters that the MAC recognises
1258 */
1259 if (params_n + sk_OPENSSL_STRING_num(expected->controls)
1260 >= OSSL_NELEM(params)) {
1261 t->err = "MAC_TOO_MANY_PARAMETERS";
2bdb4af5
RL		 1262 goto err;
1263 }
25446a66
RL		 1264 params_n_allocstart = params_n;
1265 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
1266 char *tmpkey, *tmpval;
1267 char *value = sk_OPENSSL_STRING_value(expected->controls, i);
2bdb4af5 1268
25446a66
RL		 1269 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
1270 t->err = "MAC_PARAM_ERROR";
2bdb4af5
RL		 1271 goto err;
1272 }
25446a66
RL		 1273 tmpval = strchr(tmpkey, ':');
1274 if (tmpval != NULL)
1275 *tmpval++ = '\0';
1276
d5f85429
RL		 1277 if (tmpval == NULL
1278 || !OSSL_PARAM_allocate_from_text(&params[params_n],
1279 defined_params,
1280 tmpkey, tmpval,
1281 strlen(tmpval))) {
25446a66
RL		 1282 OPENSSL_free(tmpkey);
1283 t->err = "MAC_PARAM_ERROR";
6e624a64
SL		 1284 goto err;
1285 }
25446a66 1286 params_n++;
2bdb4af5 1287
25446a66 1288 OPENSSL_free(tmpkey);
b215db23 1289 }
25446a66 1290 params[params_n] = OSSL_PARAM_construct_end();
b215db23 1291
25446a66
RL		 1292 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
1293 t->err = "MAC_CREATE_ERROR";
1294 goto err;
afc580b9
P		 1295 }
1296
25446a66
RL		 1297 if (!EVP_MAC_CTX_set_params(ctx, params)) {
1298 t->err = "MAC_BAD_PARAMS";
1299 goto err;
2bdb4af5 1300 }
b215db23
AS		 1301 if (!EVP_MAC_init(ctx)) {
1302 t->err = "MAC_INIT_ERROR";
1303 goto err;
1304 }
2bdb4af5
RL		 1305 if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
1306 t->err = "MAC_UPDATE_ERROR";
1307 goto err;
1308 }
25446a66 1309 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
2bdb4af5
RL		 1310 t->err = "MAC_FINAL_LENGTH_ERROR";
1311 goto err;
1312 }
1313 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1314 t->err = "TEST_FAILURE";
1315 goto err;
1316 }
25446a66 1317 if (!EVP_MAC_final(ctx, got, &got_len, got_len)
2bdb4af5
RL		 1318 || !memory_err_compare(t, "TEST_MAC_ERR",
1319 expected->output, expected->output_len,
1320 got, got_len)) {
1321 t->err = "TEST_MAC_ERR";
1322 goto err;
1323 }
1324 t->err = NULL;
1325 err:
25446a66
RL		 1326 while (params_n-- > params_n_allocstart) {
1327 OPENSSL_free(params[params_n].data);
1328 }
2bdb4af5
RL		 1329 EVP_MAC_CTX_free(ctx);
1330 OPENSSL_free(got);
1331 return 1;
1332}
1333
1334static int mac_test_run(EVP_TEST *t)
1335{
1336 MAC_DATA *expected = t->data;
1337
1338 if (expected->mac != NULL)
1339 return mac_test_run_mac(t);
1340 return mac_test_run_pkey(t);
1341}
1342
6c5943c9 1343static const EVP_TEST_METHOD mac_test_method = {
83251f39
DSH		 1344 "MAC",
1345 mac_test_init,
1346 mac_test_cleanup,
1347 mac_test_parse,
1348 mac_test_run
1349};
5824cc29 1350
c49e0b04
RS		 1351
1352/**
1353*** PUBLIC KEY TESTS
1354*** These are all very similar and share much common code.
1355**/
5824cc29 1356
6c5943c9 1357typedef struct pkey_data_st {
5824cc29
DSH		 1358 /* Context for this operation */
1359 EVP_PKEY_CTX *ctx;
1360 /* Key operation to perform */
1361 int (*keyop) (EVP_PKEY_CTX *ctx,
1362 unsigned char *sig, size_t *siglen,
1363 const unsigned char *tbs, size_t tbslen);
1364 /* Input to MAC */
1365 unsigned char *input;
1366 size_t input_len;
1367 /* Expected output */
1368 unsigned char *output;
1369 size_t output_len;
6c5943c9 1370} PKEY_DATA;
5824cc29
DSH		 1371
1372/*
1373 * Perform public key operation setup: lookup key, allocated ctx and call
1374 * the appropriate initialisation function
1375 */
6c5943c9 1376static int pkey_test_init(EVP_TEST *t, const char *name,
5824cc29
DSH		 1377 int use_public,
1378 int (*keyopinit) (EVP_PKEY_CTX *ctx),
c49e0b04
RS		 1379 int (*keyop)(EVP_PKEY_CTX *ctx,
1380 unsigned char *sig, size_t *siglen,
1381 const unsigned char *tbs,
1382 size_t tbslen))
5824cc29 1383{
6c5943c9 1384 PKEY_DATA *kdata;
5824cc29 1385 EVP_PKEY *pkey = NULL;
7a6c9792 1386 int rv = 0;
6c5943c9 1387
7a6c9792 1388 if (use_public)
6c5943c9
RS		 1389 rv = find_key(&pkey, name, public_keys);
1390 if (rv == 0)
1391 rv = find_key(&pkey, name, private_keys);
1392 if (rv == 0 || pkey == NULL) {
7a6c9792
DSH		 1393 t->skip = 1;
1394 return 1;
1395 }
1396
c49e0b04 1397 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
7a6c9792 1398 EVP_PKEY_free(pkey);
5824cc29 1399 return 0;
7a6c9792 1400 }
5824cc29 1401 kdata->keyop = keyop;
9e206ce5
P		 1402 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
1403 EVP_PKEY_free(pkey);
1404 OPENSSL_free(kdata);
5824cc29 1405 return 0;
9e206ce5 1406 }
5824cc29 1407 if (keyopinit(kdata->ctx) <= 0)
cce65266 1408 t->err = "KEYOP_INIT_ERROR";
c49e0b04 1409 t->data = kdata;
5824cc29
DSH		 1410 return 1;
1411}
1412
6c5943c9 1413static void pkey_test_cleanup(EVP_TEST *t)
5824cc29 1414{
6c5943c9 1415 PKEY_DATA *kdata = t->data;
b548a1f1
RS		 1416
1417 OPENSSL_free(kdata->input);
1418 OPENSSL_free(kdata->output);
c5ba2d99 1419 EVP_PKEY_CTX_free(kdata->ctx);
5824cc29
DSH		 1420}
1421
6c5943c9 1422static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
dfbdf4ab 1423 const char *value)
4ddd5ace
DSH		 1424{
1425 int rv;
1426 char *p, *tmpval;
1427
6c5943c9 1428 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
4ddd5ace
DSH		 1429 return 0;
1430 p = strchr(tmpval, ':');
1431 if (p != NULL)
c49e0b04 1432 *p++ = '\0';
4ddd5ace 1433 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
cce65266
DSH		 1434 if (rv == -2) {
1435 t->err = "PKEY_CTRL_INVALID";
1436 rv = 1;
1437 } else if (p != NULL && rv <= 0) {
1438 /* If p has an OID and lookup fails assume disabled algorithm */
1439 int nid = OBJ_sn2nid(p);
6c5943c9 1440
cce65266
DSH		 1441 if (nid == NID_undef)
1442 nid = OBJ_ln2nid(p);
c49e0b04
RS		 1443 if (nid != NID_undef
1444 && EVP_get_digestbynid(nid) == NULL
1445 && EVP_get_cipherbynid(nid) == NULL) {
dfbdf4ab
RL		 1446 t->skip = 1;
1447 rv = 1;
cce65266
DSH		 1448 } else {
1449 t->err = "PKEY_CTRL_ERROR";
1450 rv = 1;
dfbdf4ab
RL		 1451 }
1452 }
4ddd5ace
DSH		 1453 OPENSSL_free(tmpval);
1454 return rv > 0;
1455}
1456
6c5943c9 1457static int pkey_test_parse(EVP_TEST *t,
5824cc29
DSH		 1458 const char *keyword, const char *value)
1459{
6c5943c9 1460 PKEY_DATA *kdata = t->data;
86885c28 1461 if (strcmp(keyword, "Input") == 0)
c49e0b04 1462 return parse_bin(value, &kdata->input, &kdata->input_len);
86885c28 1463 if (strcmp(keyword, "Output") == 0)
c49e0b04 1464 return parse_bin(value, &kdata->output, &kdata->output_len);
4ddd5ace 1465 if (strcmp(keyword, "Ctrl") == 0)
dfbdf4ab 1466 return pkey_test_ctrl(t, kdata->ctx, value);
5824cc29
DSH		 1467 return 0;
1468}
1469
6c5943c9 1470static int pkey_test_run(EVP_TEST *t)
5824cc29 1471{
e3d378bc
AP		 1472 PKEY_DATA *expected = t->data;
1473 unsigned char *got = NULL;
1474 size_t got_len;
d7fcf1fe 1475 EVP_PKEY_CTX *copy = NULL;
6c5943c9 1476
e3d378bc
AP		 1477 if (expected->keyop(expected->ctx, NULL, &got_len,
1478 expected->input, expected->input_len) <= 0
1479 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
6c5943c9 1480 t->err = "KEYOP_LENGTH_ERROR";
5824cc29 1481 goto err;
6c5943c9 1482 }
e3d378bc
AP		 1483 if (expected->keyop(expected->ctx, got, &got_len,
1484 expected->input, expected->input_len) <= 0) {
6c5943c9 1485 t->err = "KEYOP_ERROR";
5824cc29 1486 goto err;
6c5943c9 1487 }
4cceb185
P		 1488 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1489 expected->output, expected->output_len,
1490 got, got_len))
5824cc29 1491 goto err;
4cceb185 1492
6c5943c9 1493 t->err = NULL;
d7fcf1fe
DB		 1494 OPENSSL_free(got);
1495 got = NULL;
1496
1497 /* Repeat the test on a copy. */
1498 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
1499 t->err = "INTERNAL_ERROR";
1500 goto err;
1501 }
1502 if (expected->keyop(copy, NULL, &got_len, expected->input,
1503 expected->input_len) <= 0
1504 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1505 t->err = "KEYOP_LENGTH_ERROR";
1506 goto err;
1507 }
1508 if (expected->keyop(copy, got, &got_len, expected->input,
1509 expected->input_len) <= 0) {
1510 t->err = "KEYOP_ERROR";
1511 goto err;
1512 }
1513 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1514 expected->output, expected->output_len,
1515 got, got_len))
1516 goto err;
1517
5824cc29 1518 err:
e3d378bc 1519 OPENSSL_free(got);
d7fcf1fe 1520 EVP_PKEY_CTX_free(copy);
5824cc29
DSH		 1521 return 1;
1522}
1523
6c5943c9 1524static int sign_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 1525{
1526 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
1527}
1528
6c5943c9 1529static const EVP_TEST_METHOD psign_test_method = {
5824cc29
DSH		 1530 "Sign",
1531 sign_test_init,
1532 pkey_test_cleanup,
1533 pkey_test_parse,
1534 pkey_test_run
1535};
1536
6c5943c9 1537static int verify_recover_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 1538{
1539 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
1540 EVP_PKEY_verify_recover);
1541}
1542
6c5943c9 1543static const EVP_TEST_METHOD pverify_recover_test_method = {
5824cc29
DSH		 1544 "VerifyRecover",
1545 verify_recover_test_init,
1546 pkey_test_cleanup,
1547 pkey_test_parse,
1548 pkey_test_run
1549};
1550
6c5943c9 1551static int decrypt_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 1552{
1553 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
1554 EVP_PKEY_decrypt);
1555}
1556
6c5943c9 1557static const EVP_TEST_METHOD pdecrypt_test_method = {
5824cc29
DSH		 1558 "Decrypt",
1559 decrypt_test_init,
1560 pkey_test_cleanup,
1561 pkey_test_parse,
1562 pkey_test_run
1563};
1564
6c5943c9 1565static int verify_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 1566{
1567 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
1568}
1569
6c5943c9 1570static int verify_test_run(EVP_TEST *t)
5824cc29 1571{
6c5943c9
RS		 1572 PKEY_DATA *kdata = t->data;
1573
5824cc29
DSH		 1574 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
1575 kdata->input, kdata->input_len) <= 0)
1576 t->err = "VERIFY_ERROR";
1577 return 1;
1578}
1579
6c5943c9 1580static const EVP_TEST_METHOD pverify_test_method = {
5824cc29
DSH		 1581 "Verify",
1582 verify_test_init,
1583 pkey_test_cleanup,
1584 pkey_test_parse,
1585 verify_test_run
1586};
3b53e18a 1587
d4ad48d7 1588
6c5943c9 1589static int pderive_test_init(EVP_TEST *t, const char *name)
d4ad48d7
DSH		 1590{
1591 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
1592}
1593
6c5943c9 1594static int pderive_test_parse(EVP_TEST *t,
d4ad48d7
DSH		 1595 const char *keyword, const char *value)
1596{
6c5943c9 1597 PKEY_DATA *kdata = t->data;
d4ad48d7
DSH		 1598
1599 if (strcmp(keyword, "PeerKey") == 0) {
1600 EVP_PKEY *peer;
6c5943c9 1601 if (find_key(&peer, value, public_keys) == 0)
f42c225d 1602 return -1;
d4ad48d7 1603 if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
f42c225d 1604 return -1;
d4ad48d7
DSH		 1605 return 1;
1606 }
1607 if (strcmp(keyword, "SharedSecret") == 0)
c49e0b04 1608 return parse_bin(value, &kdata->output, &kdata->output_len);
4ddd5ace 1609 if (strcmp(keyword, "Ctrl") == 0)
dfbdf4ab 1610 return pkey_test_ctrl(t, kdata->ctx, value);
d4ad48d7
DSH		 1611 return 0;
1612}
1613
6c5943c9 1614static int pderive_test_run(EVP_TEST *t)
d4ad48d7 1615{
e3d378bc
AP		 1616 PKEY_DATA *expected = t->data;
1617 unsigned char *got = NULL;
1618 size_t got_len;
d4ad48d7 1619
9b82c8b1
DSH		 1620 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
1621 t->err = "DERIVE_ERROR";
1622 goto err;
1623 }
e3d378bc 1624 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
6c5943c9 1625 t->err = "DERIVE_ERROR";
d4ad48d7 1626 goto err;
6c5943c9 1627 }
e3d378bc 1628 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
6c5943c9 1629 t->err = "DERIVE_ERROR";
d4ad48d7 1630 goto err;
6c5943c9 1631 }
4cceb185
P		 1632 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
1633 expected->output, expected->output_len,
1634 got, got_len))
d4ad48d7 1635 goto err;
6c5943c9
RS		 1636
1637 t->err = NULL;
d4ad48d7 1638 err:
e3d378bc 1639 OPENSSL_free(got);
d4ad48d7
DSH		 1640 return 1;
1641}
1642
6c5943c9 1643static const EVP_TEST_METHOD pderive_test_method = {
d4ad48d7
DSH		 1644 "Derive",
1645 pderive_test_init,
1646 pkey_test_cleanup,
1647 pderive_test_parse,
1648 pderive_test_run
1649};
1650
3b53e18a 1651
c49e0b04
RS		 1652/**
1653*** PBE TESTS
1654**/
1655
1656typedef enum pbe_type_enum {
1657 PBE_TYPE_INVALID = 0,
1658 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
1659} PBE_TYPE;
3b53e18a 1660
6c5943c9 1661typedef struct pbe_data_st {
c49e0b04 1662 PBE_TYPE pbe_type;
6c5943c9 1663 /* scrypt parameters */
3b53e18a 1664 uint64_t N, r, p, maxmem;
6c5943c9 1665 /* PKCS#12 parameters */
351fe214
DSH		 1666 int id, iter;
1667 const EVP_MD *md;
6c5943c9 1668 /* password */
3b53e18a
DSH		 1669 unsigned char *pass;
1670 size_t pass_len;
6c5943c9 1671 /* salt */
3b53e18a
DSH		 1672 unsigned char *salt;
1673 size_t salt_len;
6c5943c9 1674 /* Expected output */
3b53e18a
DSH		 1675 unsigned char *key;
1676 size_t key_len;
6c5943c9 1677} PBE_DATA;
3b53e18a 1678
b0809bc8 1679#ifndef OPENSSL_NO_SCRYPT
c49e0b04
RS		 1680/*
1681 * Parse unsigned decimal 64 bit integer value
1682 */
1683static int parse_uint64(const char *value, uint64_t *pr)
1684{
1685 const char *p = value;
1686
1687 if (!TEST_true(*p)) {
1688 TEST_info("Invalid empty integer value");
1689 return -1;
1690 }
1691 for (*pr = 0; *p; ) {
1692 if (*pr > UINT64_MAX / 10) {
1693 TEST_error("Integer overflow in string %s", value);
1694 return -1;
1695 }
1696 *pr *= 10;
00dfbaad 1697 if (!TEST_true(isdigit((unsigned char)*p))) {
c49e0b04
RS		 1698 TEST_error("Invalid character in string %s", value);
1699 return -1;
1700 }
1701 *pr += *p - '0';
1702 p++;
1703 }
1704 return 1;
1705}
1706
6c5943c9 1707static int scrypt_test_parse(EVP_TEST *t,
3b53e18a
DSH		 1708 const char *keyword, const char *value)
1709{
6c5943c9 1710 PBE_DATA *pdata = t->data;
351fe214 1711
3b53e18a 1712 if (strcmp(keyword, "N") == 0)
c49e0b04 1713 return parse_uint64(value, &pdata->N);
3b53e18a 1714 if (strcmp(keyword, "p") == 0)
c49e0b04 1715 return parse_uint64(value, &pdata->p);
3b53e18a 1716 if (strcmp(keyword, "r") == 0)
c49e0b04 1717 return parse_uint64(value, &pdata->r);
3b53e18a 1718 if (strcmp(keyword, "maxmem") == 0)
c49e0b04 1719 return parse_uint64(value, &pdata->maxmem);
3b53e18a
DSH		 1720 return 0;
1721}
b0809bc8 1722#endif
3b53e18a 1723
6c5943c9 1724static int pbkdf2_test_parse(EVP_TEST *t,
351fe214 1725 const char *keyword, const char *value)
3b53e18a 1726{
6c5943c9 1727 PBE_DATA *pdata = t->data;
351fe214
DSH		 1728
1729 if (strcmp(keyword, "iter") == 0) {
1730 pdata->iter = atoi(value);
1731 if (pdata->iter <= 0)
c49e0b04 1732 return -1;
351fe214
DSH		 1733 return 1;
1734 }
1735 if (strcmp(keyword, "MD") == 0) {
1736 pdata->md = EVP_get_digestbyname(value);
1737 if (pdata->md == NULL)
c49e0b04 1738 return -1;
351fe214
DSH		 1739 return 1;
1740 }
1741 return 0;
1742}
1743
6c5943c9 1744static int pkcs12_test_parse(EVP_TEST *t,
351fe214
DSH		 1745 const char *keyword, const char *value)
1746{
6c5943c9 1747 PBE_DATA *pdata = t->data;
351fe214
DSH		 1748
1749 if (strcmp(keyword, "id") == 0) {
1750 pdata->id = atoi(value);
1751 if (pdata->id <= 0)
c49e0b04 1752 return -1;
351fe214
DSH		 1753 return 1;
1754 }
1755 return pbkdf2_test_parse(t, keyword, value);
3b53e18a
DSH		 1756}
1757
6c5943c9 1758static int pbe_test_init(EVP_TEST *t, const char *alg)
3b53e18a 1759{
6c5943c9 1760 PBE_DATA *pdat;
c49e0b04 1761 PBE_TYPE pbe_type = PBE_TYPE_INVALID;
351fe214 1762
83bd31da 1763 if (strcmp(alg, "scrypt") == 0) {
b0809bc8 1764#ifndef OPENSSL_NO_SCRYPT
3b53e18a 1765 pbe_type = PBE_TYPE_SCRYPT;
83bd31da
MC		 1766#else
1767 t->skip = 1;
1768 return 1;
b0809bc8 1769#endif
83bd31da 1770 } else if (strcmp(alg, "pbkdf2") == 0) {
351fe214 1771 pbe_type = PBE_TYPE_PBKDF2;
83bd31da 1772 } else if (strcmp(alg, "pkcs12") == 0) {
351fe214 1773 pbe_type = PBE_TYPE_PKCS12;
83bd31da 1774 } else {
6c5943c9 1775 TEST_error("Unknown pbe algorithm %s", alg);
83bd31da 1776 }
c49e0b04 1777 pdat = OPENSSL_zalloc(sizeof(*pdat));
3b53e18a 1778 pdat->pbe_type = pbe_type;
3b53e18a
DSH		 1779 t->data = pdat;
1780 return 1;
1781}
1782
6c5943c9 1783static void pbe_test_cleanup(EVP_TEST *t)
3b53e18a 1784{
6c5943c9
RS		 1785 PBE_DATA *pdat = t->data;
1786
1787 OPENSSL_free(pdat->pass);
1788 OPENSSL_free(pdat->salt);
1789 OPENSSL_free(pdat->key);
3b53e18a
DSH		 1790}
1791
6c5943c9
RS		 1792static int pbe_test_parse(EVP_TEST *t,
1793 const char *keyword, const char *value)
3b53e18a 1794{
6c5943c9 1795 PBE_DATA *pdata = t->data;
351fe214 1796
3b53e18a 1797 if (strcmp(keyword, "Password") == 0)
c49e0b04 1798 return parse_bin(value, &pdata->pass, &pdata->pass_len);
3b53e18a 1799 if (strcmp(keyword, "Salt") == 0)
c49e0b04 1800 return parse_bin(value, &pdata->salt, &pdata->salt_len);
3b53e18a 1801 if (strcmp(keyword, "Key") == 0)
c49e0b04 1802 return parse_bin(value, &pdata->key, &pdata->key_len);
b0809bc8 1803 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
351fe214
DSH		 1804 return pbkdf2_test_parse(t, keyword, value);
1805 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
1806 return pkcs12_test_parse(t, keyword, value);
b0809bc8
RS		 1807#ifndef OPENSSL_NO_SCRYPT
1808 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
1809 return scrypt_test_parse(t, keyword, value);
1810#endif
3b53e18a
DSH		 1811 return 0;
1812}
1813
6c5943c9 1814static int pbe_test_run(EVP_TEST *t)
3b53e18a 1815{
e3d378bc 1816 PBE_DATA *expected = t->data;
351fe214
DSH		 1817 unsigned char *key;
1818
e3d378bc 1819 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
6c5943c9 1820 t->err = "INTERNAL_ERROR";
351fe214 1821 goto err;
6c5943c9 1822 }
e3d378bc
AP		 1823 if (expected->pbe_type == PBE_TYPE_PBKDF2) {
1824 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
1825 expected->salt, expected->salt_len,
1826 expected->iter, expected->md,
1827 expected->key_len, key) == 0) {
6c5943c9 1828 t->err = "PBKDF2_ERROR";
351fe214 1829 goto err;
6c5943c9 1830 }
b0809bc8 1831#ifndef OPENSSL_NO_SCRYPT
e3d378bc
AP		 1832 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
1833 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
1834 expected->salt, expected->salt_len, expected->N,
1835 expected->r, expected->p, expected->maxmem,
1836 key, expected->key_len) == 0) {
6c5943c9 1837 t->err = "SCRYPT_ERROR";
351fe214 1838 goto err;
6c5943c9 1839 }
b0809bc8 1840#endif
e3d378bc
AP		 1841 } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
1842 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
1843 expected->salt, expected->salt_len,
1844 expected->id, expected->iter, expected->key_len,
1845 key, expected->md) == 0) {
6c5943c9 1846 t->err = "PKCS12_ERROR";
351fe214 1847 goto err;
6c5943c9 1848 }
351fe214 1849 }
4cceb185
P		 1850 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
1851 key, expected->key_len))
351fe214 1852 goto err;
4cceb185 1853
6c5943c9
RS		 1854 t->err = NULL;
1855err:
351fe214 1856 OPENSSL_free(key);
351fe214 1857 return 1;
3b53e18a
DSH		 1858}
1859
6c5943c9 1860static const EVP_TEST_METHOD pbe_test_method = {
3b53e18a
DSH		 1861 "PBE",
1862 pbe_test_init,
1863 pbe_test_cleanup,
1864 pbe_test_parse,
1865 pbe_test_run
1866};
3cdd1e94 1867
c49e0b04
RS		 1868
1869/**
1870*** BASE64 TESTS
1871**/
3cdd1e94
EK		 1872
1873typedef enum {
1874 BASE64_CANONICAL_ENCODING = 0,
1875 BASE64_VALID_ENCODING = 1,
1876 BASE64_INVALID_ENCODING = 2
1877} base64_encoding_type;
1878
6c5943c9 1879typedef struct encode_data_st {
3cdd1e94
EK		 1880 /* Input to encoding */
1881 unsigned char *input;
1882 size_t input_len;
1883 /* Expected output */
1884 unsigned char *output;
1885 size_t output_len;
1886 base64_encoding_type encoding;
6c5943c9 1887} ENCODE_DATA;
3cdd1e94 1888
6c5943c9 1889static int encode_test_init(EVP_TEST *t, const char *encoding)
3cdd1e94 1890{
c49e0b04 1891 ENCODE_DATA *edata;
3cdd1e94 1892
c49e0b04
RS		 1893 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
1894 return 0;
3cdd1e94
EK		 1895 if (strcmp(encoding, "canonical") == 0) {
1896 edata->encoding = BASE64_CANONICAL_ENCODING;
1897 } else if (strcmp(encoding, "valid") == 0) {
1898 edata->encoding = BASE64_VALID_ENCODING;
1899 } else if (strcmp(encoding, "invalid") == 0) {
1900 edata->encoding = BASE64_INVALID_ENCODING;
c49e0b04 1901 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
760e2d60 1902 goto err;
3cdd1e94 1903 } else {
c49e0b04
RS		 1904 TEST_error("Bad encoding: %s."
1905 " Should be one of {canonical, valid, invalid}",
1906 encoding);
760e2d60 1907 goto err;
3cdd1e94
EK		 1908 }
1909 t->data = edata;
1910 return 1;
760e2d60
F		 1911err:
1912 OPENSSL_free(edata);
1913 return 0;
3cdd1e94
EK		 1914}
1915
6c5943c9 1916static void encode_test_cleanup(EVP_TEST *t)
3cdd1e94 1917{
6c5943c9
RS		 1918 ENCODE_DATA *edata = t->data;
1919
1920 OPENSSL_free(edata->input);
1921 OPENSSL_free(edata->output);
3cdd1e94
EK		 1922 memset(edata, 0, sizeof(*edata));
1923}
1924
6c5943c9 1925static int encode_test_parse(EVP_TEST *t,
3cdd1e94
EK		 1926 const char *keyword, const char *value)
1927{
6c5943c9 1928 ENCODE_DATA *edata = t->data;
c49e0b04 1929
3cdd1e94 1930 if (strcmp(keyword, "Input") == 0)
c49e0b04 1931 return parse_bin(value, &edata->input, &edata->input_len);
3cdd1e94 1932 if (strcmp(keyword, "Output") == 0)
c49e0b04 1933 return parse_bin(value, &edata->output, &edata->output_len);
3cdd1e94
EK		 1934 return 0;
1935}
1936
6c5943c9 1937static int encode_test_run(EVP_TEST *t)
3cdd1e94 1938{
e3d378bc 1939 ENCODE_DATA *expected = t->data;
3cdd1e94
EK		 1940 unsigned char *encode_out = NULL, *decode_out = NULL;
1941 int output_len, chunk_len;
760e2d60 1942 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
254b26af 1943
6c5943c9
RS		 1944 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
1945 t->err = "INTERNAL_ERROR";
254b26af 1946 goto err;
6c5943c9 1947 }
3cdd1e94 1948
e3d378bc 1949 if (expected->encoding == BASE64_CANONICAL_ENCODING) {
6c5943c9
RS		 1950
1951 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
1952 || !TEST_ptr(encode_out =
e3d378bc 1953 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
3cdd1e94
EK		 1954 goto err;
1955
254b26af 1956 EVP_EncodeInit(encode_ctx);
760e2d60
F		 1957 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
1958 expected->input, expected->input_len)))
1959 goto err;
1960
3cdd1e94
EK		 1961 output_len = chunk_len;
1962
254b26af 1963 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
3cdd1e94
EK		 1964 output_len += chunk_len;
1965
4cceb185
P		 1966 if (!memory_err_compare(t, "BAD_ENCODING",
1967 expected->output, expected->output_len,
1968 encode_out, output_len))
3cdd1e94 1969 goto err;
3cdd1e94
EK		 1970 }
1971
6c5943c9 1972 if (!TEST_ptr(decode_out =
e3d378bc 1973 OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
3cdd1e94
EK		 1974 goto err;
1975
254b26af 1976 EVP_DecodeInit(decode_ctx);
e3d378bc
AP		 1977 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output,
1978 expected->output_len) < 0) {
6c5943c9 1979 t->err = "DECODE_ERROR";
3cdd1e94
EK		 1980 goto err;
1981 }
1982 output_len = chunk_len;
1983
254b26af 1984 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
6c5943c9 1985 t->err = "DECODE_ERROR";
3cdd1e94
EK		 1986 goto err;
1987 }
1988 output_len += chunk_len;
1989
e3d378bc 1990 if (expected->encoding != BASE64_INVALID_ENCODING
4cceb185
P		 1991 && !memory_err_compare(t, "BAD_DECODING",
1992 expected->input, expected->input_len,
1993 decode_out, output_len)) {
6c5943c9 1994 t->err = "BAD_DECODING";
3cdd1e94
EK		 1995 goto err;
1996 }
1997
6c5943c9 1998 t->err = NULL;
3cdd1e94 1999 err:
3cdd1e94
EK		 2000 OPENSSL_free(encode_out);
2001 OPENSSL_free(decode_out);
254b26af 2002 EVP_ENCODE_CTX_free(decode_ctx);
760e2d60 2003 EVP_ENCODE_CTX_free(encode_ctx);
3cdd1e94
EK		 2004 return 1;
2005}
2006
6c5943c9 2007static const EVP_TEST_METHOD encode_test_method = {
3cdd1e94
EK		 2008 "Encoding",
2009 encode_test_init,
2010 encode_test_cleanup,
2011 encode_test_parse,
2012 encode_test_run,
2013};
44a284d2 2014
5a285add 2015
c49e0b04
RS		 2016/**
2017*** KDF TESTS
2018**/
44a284d2 2019
6c5943c9 2020typedef struct kdf_data_st {
44a284d2 2021 /* Context for this operation */
5a285add 2022 EVP_KDF_CTX *ctx;
44a284d2
DSH		 2023 /* Expected output */
2024 unsigned char *output;
2025 size_t output_len;
bf5739a0
P		 2026 OSSL_PARAM params[20];
2027 OSSL_PARAM *p;
6c5943c9 2028} KDF_DATA;
44a284d2
DSH		 2029
2030/*
2031 * Perform public key operation setup: lookup key, allocated ctx and call
2032 * the appropriate initialisation function
2033 */
6c5943c9 2034static int kdf_test_init(EVP_TEST *t, const char *name)
44a284d2 2035{
6c5943c9 2036 KDF_DATA *kdata;
bf5739a0 2037 EVP_KDF *kdf;
b15d5ab6 2038
ab78f89b 2039#ifdef OPENSSL_NO_SCRYPT
98b687f8
PY		 2040 /* TODO(3.0) Replace with "scrypt" once aliases are supported */
2041 if (strcmp(name, "id-scrypt") == 0) {
ab78f89b
MC		 2042 t->skip = 1;
2043 return 1;
2044 }
1aec7716
SL		 2045#endif /* OPENSSL_NO_SCRYPT */
2046
2047#ifdef OPENSSL_NO_CMS
2048 if (strcmp(name, "X942KDF") == 0) {
2049 t->skip = 1;
2050 return 1;
2051 }
2052#endif /* OPENSSL_NO_CMS */
ab78f89b 2053
bf5739a0 2054 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
d2ba8123 2055 return 0;
bf5739a0
P		 2056 kdata->p = kdata->params;
2057 *kdata->p = OSSL_PARAM_construct_end();
44a284d2 2058
bf5739a0 2059 kdf = EVP_KDF_fetch(NULL, name, NULL);
92475712
P		 2060 if (kdf == NULL) {
2061 OPENSSL_free(kdata);
44a284d2 2062 return 0;
92475712 2063 }
d2ba8123 2064 kdata->ctx = EVP_KDF_CTX_new(kdf);
bf5739a0 2065 EVP_KDF_free(kdf);
9e206ce5
P		 2066 if (kdata->ctx == NULL) {
2067 OPENSSL_free(kdata);
44a284d2 2068 return 0;
9e206ce5 2069 }
c49e0b04 2070 t->data = kdata;
44a284d2
DSH		 2071 return 1;
2072}
2073
6c5943c9 2074static void kdf_test_cleanup(EVP_TEST *t)
44a284d2 2075{
6c5943c9 2076 KDF_DATA *kdata = t->data;
bf5739a0
P		 2077 OSSL_PARAM *p;
2078
2079 for (p = kdata->params; p->key != NULL; p++)
2080 OPENSSL_free(p->data);
44a284d2 2081 OPENSSL_free(kdata->output);
5a285add
DM		 2082 EVP_KDF_CTX_free(kdata->ctx);
2083}
2084
2085static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
2086 const char *value)
2087{
bf5739a0 2088 KDF_DATA *kdata = t->data;
5a285add 2089 int rv;
bf5739a0 2090 char *p, *name;
41f7ecf3 2091 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
5a285add 2092
bf5739a0 2093 if (!TEST_ptr(name = OPENSSL_strdup(value)))
5a285add 2094 return 0;
bf5739a0 2095 p = strchr(name, ':');
5a285add
DM		 2096 if (p != NULL)
2097 *p++ = '\0';
bf5739a0 2098
64da55a6
P		 2099 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
2100 p != NULL ? strlen(p) : 0);
bf5739a0
P		 2101 *++kdata->p = OSSL_PARAM_construct_end();
2102 if (!rv) {
2103 t->err = "KDF_PARAM_ERROR";
2104 OPENSSL_free(name);
2105 return 0;
2106 }
64da55a6 2107 if (p != NULL && strcmp(name, "digest") == 0) {
5a285add
DM		 2108 /* If p has an OID and lookup fails assume disabled algorithm */
2109 int nid = OBJ_sn2nid(p);
2110
2111 if (nid == NID_undef)
2112 nid = OBJ_ln2nid(p);
bf5739a0 2113 if (nid != NID_undef && EVP_get_digestbynid(nid) == NULL)
5a285add 2114 t->skip = 1;
5a285add 2115 }
bf5739a0
P		 2116 OPENSSL_free(name);
2117 return 1;
44a284d2
DSH		 2118}
2119
6c5943c9 2120static int kdf_test_parse(EVP_TEST *t,
44a284d2
DSH		 2121 const char *keyword, const char *value)
2122{
6c5943c9
RS		 2123 KDF_DATA *kdata = t->data;
2124
44a284d2 2125 if (strcmp(keyword, "Output") == 0)
c49e0b04 2126 return parse_bin(value, &kdata->output, &kdata->output_len);
7d04be79 2127 if (strncmp(keyword, "Ctrl", 4) == 0)
5a285add 2128 return kdf_test_ctrl(t, kdata->ctx, value);
44a284d2
DSH		 2129 return 0;
2130}
2131
6c5943c9 2132static int kdf_test_run(EVP_TEST *t)
44a284d2 2133{
e3d378bc
AP		 2134 KDF_DATA *expected = t->data;
2135 unsigned char *got = NULL;
2136 size_t got_len = expected->output_len;
6c5943c9 2137
bf5739a0
P		 2138 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
2139 t->err = "KDF_CTRL_ERROR";
2140 return 1;
2141 }
e3d378bc 2142 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
6c5943c9 2143 t->err = "INTERNAL_ERROR";
44a284d2 2144 goto err;
6c5943c9 2145 }
5a285add 2146 if (EVP_KDF_derive(expected->ctx, got, got_len) <= 0) {
6c5943c9 2147 t->err = "KDF_DERIVE_ERROR";
44a284d2 2148 goto err;
6c5943c9 2149 }
4cceb185
P		 2150 if (!memory_err_compare(t, "KDF_MISMATCH",
2151 expected->output, expected->output_len,
2152 got, got_len))
44a284d2 2153 goto err;
4cceb185 2154
6c5943c9
RS		 2155 t->err = NULL;
2156
44a284d2 2157 err:
e3d378bc 2158 OPENSSL_free(got);
44a284d2
DSH		 2159 return 1;
2160}
2161
6c5943c9 2162static const EVP_TEST_METHOD kdf_test_method = {
44a284d2
DSH		 2163 "KDF",
2164 kdf_test_init,
2165 kdf_test_cleanup,
2166 kdf_test_parse,
2167 kdf_test_run
2168};
d91b7423 2169
c49e0b04 2170
5a285add
DM		 2171/**
2172*** PKEY KDF TESTS
2173**/
2174
2175typedef struct pkey_kdf_data_st {
2176 /* Context for this operation */
2177 EVP_PKEY_CTX *ctx;
2178 /* Expected output */
2179 unsigned char *output;
2180 size_t output_len;
2181} PKEY_KDF_DATA;
2182
2183/*
2184 * Perform public key operation setup: lookup key, allocated ctx and call
2185 * the appropriate initialisation function
2186 */
2187static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
2188{
2189 PKEY_KDF_DATA *kdata;
2190 int kdf_nid = OBJ_sn2nid(name);
2191
2192#ifdef OPENSSL_NO_SCRYPT
2193 if (strcmp(name, "scrypt") == 0) {
2194 t->skip = 1;
2195 return 1;
2196 }
1aec7716
SL		 2197#endif /* OPENSSL_NO_SCRYPT */
2198
2199#ifdef OPENSSL_NO_CMS
2200 if (strcmp(name, "X942KDF") == 0) {
2201 t->skip = 1;
2202 return 1;
2203 }
2204#endif /* OPENSSL_NO_CMS */
5a285add
DM		 2205
2206 if (kdf_nid == NID_undef)
2207 kdf_nid = OBJ_ln2nid(name);
2208
2209 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2210 return 0;
2211 kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL);
2212 if (kdata->ctx == NULL) {
2213 OPENSSL_free(kdata);
2214 return 0;
2215 }
2216 if (EVP_PKEY_derive_init(kdata->ctx) <= 0) {
2217 EVP_PKEY_CTX_free(kdata->ctx);
2218 OPENSSL_free(kdata);
2219 return 0;
2220 }
2221 t->data = kdata;
2222 return 1;
2223}
2224
2225static void pkey_kdf_test_cleanup(EVP_TEST *t)
2226{
2227 PKEY_KDF_DATA *kdata = t->data;
bf5739a0 2228
5a285add
DM		 2229 OPENSSL_free(kdata->output);
2230 EVP_PKEY_CTX_free(kdata->ctx);
2231}
2232
2233static int pkey_kdf_test_parse(EVP_TEST *t,
2234 const char *keyword, const char *value)
2235{
2236 PKEY_KDF_DATA *kdata = t->data;
2237
2238 if (strcmp(keyword, "Output") == 0)
2239 return parse_bin(value, &kdata->output, &kdata->output_len);
2240 if (strncmp(keyword, "Ctrl", 4) == 0)
2241 return pkey_test_ctrl(t, kdata->ctx, value);
2242 return 0;
2243}
2244
2245static int pkey_kdf_test_run(EVP_TEST *t)
2246{
2247 PKEY_KDF_DATA *expected = t->data;
2248 unsigned char *got = NULL;
2249 size_t got_len = expected->output_len;
2250
2251 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2252 t->err = "INTERNAL_ERROR";
2253 goto err;
2254 }
2255 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
2256 t->err = "KDF_DERIVE_ERROR";
2257 goto err;
2258 }
2259 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
2260 t->err = "KDF_MISMATCH";
2261 goto err;
2262 }
2263 t->err = NULL;
2264
2265 err:
2266 OPENSSL_free(got);
2267 return 1;
2268}
2269
2270static const EVP_TEST_METHOD pkey_kdf_test_method = {
2271 "PKEYKDF",
2272 pkey_kdf_test_init,
2273 pkey_kdf_test_cleanup,
2274 pkey_kdf_test_parse,
2275 pkey_kdf_test_run
2276};
2277
2278
c49e0b04
RS		 2279/**
2280*** KEYPAIR TESTS
2281**/
2282
2283typedef struct keypair_test_data_st {
d91b7423
RS		 2284 EVP_PKEY *privk;
2285 EVP_PKEY *pubk;
6c5943c9 2286} KEYPAIR_TEST_DATA;
d91b7423 2287
6c5943c9 2288static int keypair_test_init(EVP_TEST *t, const char *pair)
d91b7423 2289{
c49e0b04 2290 KEYPAIR_TEST_DATA *data;
d91b7423
RS		 2291 int rv = 0;
2292 EVP_PKEY *pk = NULL, *pubk = NULL;
2293 char *pub, *priv = NULL;
d91b7423 2294
c49e0b04 2295 /* Split private and public names. */
6c5943c9
RS		 2296 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
2297 || !TEST_ptr(pub = strchr(priv, ':'))) {
2298 t->err = "PARSING_ERROR";
d91b7423
RS		 2299 goto end;
2300 }
c49e0b04 2301 *pub++ = '\0';
d91b7423 2302
6c5943c9 2303 if (!TEST_true(find_key(&pk, priv, private_keys))) {
c49e0b04 2304 TEST_info("Can't find private key: %s", priv);
6c5943c9 2305 t->err = "MISSING_PRIVATE_KEY";
d91b7423
RS		 2306 goto end;
2307 }
6c5943c9 2308 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
c49e0b04 2309 TEST_info("Can't find public key: %s", pub);
6c5943c9 2310 t->err = "MISSING_PUBLIC_KEY";
d91b7423
RS		 2311 goto end;
2312 }
2313
2314 if (pk == NULL && pubk == NULL) {
2315 /* Both keys are listed but unsupported: skip this test */
2316 t->skip = 1;
2317 rv = 1;
2318 goto end;
2319 }
2320
6c5943c9 2321 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
d91b7423 2322 goto end;
d91b7423
RS		 2323 data->privk = pk;
2324 data->pubk = pubk;
2325 t->data = data;
d91b7423 2326 rv = 1;
6c5943c9 2327 t->err = NULL;
d91b7423
RS		 2328
2329end:
6c5943c9 2330 OPENSSL_free(priv);
d91b7423
RS		 2331 return rv;
2332}
2333
6c5943c9 2334static void keypair_test_cleanup(EVP_TEST *t)
d91b7423 2335{
6c5943c9 2336 OPENSSL_free(t->data);
d91b7423 2337 t->data = NULL;
d91b7423
RS		 2338}
2339
c49e0b04
RS		 2340/*
2341 * For tests that do not accept any custom keywords.
d91b7423 2342 */
6c5943c9 2343static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
d91b7423
RS		 2344{
2345 return 0;
2346}
2347
6c5943c9 2348static int keypair_test_run(EVP_TEST *t)
d91b7423
RS		 2349{
2350 int rv = 0;
6c5943c9 2351 const KEYPAIR_TEST_DATA *pair = t->data;
d91b7423
RS		 2352
2353 if (pair->privk == NULL || pair->pubk == NULL) {
6c5943c9
RS		 2354 /*
2355 * this can only happen if only one of the keys is not set
d91b7423
RS		 2356 * which means that one of them was unsupported while the
2357 * other isn't: hence a key type mismatch.
2358 */
6c5943c9 2359 t->err = "KEYPAIR_TYPE_MISMATCH";
d91b7423
RS		 2360 rv = 1;
2361 goto end;
2362 }
2363
2364 if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) {
2365 if ( 0 == rv ) {
6c5943c9 2366 t->err = "KEYPAIR_MISMATCH";
d91b7423 2367 } else if ( -1 == rv ) {
6c5943c9 2368 t->err = "KEYPAIR_TYPE_MISMATCH";
d91b7423 2369 } else if ( -2 == rv ) {
6c5943c9 2370 t->err = "UNSUPPORTED_KEY_COMPARISON";
d91b7423 2371 } else {
6c5943c9 2372 TEST_error("Unexpected error in key comparison");
d91b7423
RS		 2373 rv = 0;
2374 goto end;
2375 }
2376 rv = 1;
2377 goto end;
2378 }
2379
2380 rv = 1;
6c5943c9 2381 t->err = NULL;
d91b7423
RS		 2382
2383end:
d91b7423
RS		 2384 return rv;
2385}
2386
6c5943c9 2387static const EVP_TEST_METHOD keypair_test_method = {
d91b7423
RS		 2388 "PrivPubKeyPair",
2389 keypair_test_init,
2390 keypair_test_cleanup,
2391 void_test_parse,
2392 keypair_test_run
2393};
2394
1f0fc03b
DSH		 2395/**
2396*** KEYGEN TEST
2397**/
2398
2399typedef struct keygen_test_data_st {
2400 EVP_PKEY_CTX *genctx; /* Keygen context to use */
2401 char *keyname; /* Key name to store key or NULL */
2402} KEYGEN_TEST_DATA;
2403
2404static int keygen_test_init(EVP_TEST *t, const char *alg)
2405{
2406 KEYGEN_TEST_DATA *data;
2407 EVP_PKEY_CTX *genctx;
2408 int nid = OBJ_sn2nid(alg);
2409
2410 if (nid == NID_undef) {
2411 nid = OBJ_ln2nid(alg);
2412 if (nid == NID_undef)
2413 return 0;
2414 }
2415
2416 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_id(nid, NULL))) {
2417 /* assume algorithm disabled */
2418 t->skip = 1;
2419 return 1;
2420 }
2421
2422 if (EVP_PKEY_keygen_init(genctx) <= 0) {
2423 t->err = "KEYGEN_INIT_ERROR";
2424 goto err;
2425 }
2426
2427 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
2428 goto err;
2429 data->genctx = genctx;
2430 data->keyname = NULL;
2431 t->data = data;
2432 t->err = NULL;
2433 return 1;
2434
2435err:
2436 EVP_PKEY_CTX_free(genctx);
2437 return 0;
2438}
2439
2440static void keygen_test_cleanup(EVP_TEST *t)
2441{
2442 KEYGEN_TEST_DATA *keygen = t->data;
2443
2444 EVP_PKEY_CTX_free(keygen->genctx);
2445 OPENSSL_free(keygen->keyname);
2446 OPENSSL_free(t->data);
2447 t->data = NULL;
2448}
2449
2450static int keygen_test_parse(EVP_TEST *t,
2451 const char *keyword, const char *value)
2452{
2453 KEYGEN_TEST_DATA *keygen = t->data;
2454
2455 if (strcmp(keyword, "KeyName") == 0)
2456 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
2457 if (strcmp(keyword, "Ctrl") == 0)
2458 return pkey_test_ctrl(t, keygen->genctx, value);
2459 return 0;
2460}
2461
2462static int keygen_test_run(EVP_TEST *t)
2463{
2464 KEYGEN_TEST_DATA *keygen = t->data;
2465 EVP_PKEY *pkey = NULL;
2466
2467 t->err = NULL;
2468 if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
2469 t->err = "KEYGEN_GENERATE_ERROR";
2470 goto err;
2471 }
2472
2473 if (keygen->keyname != NULL) {
2474 KEY_LIST *key;
2475
2476 if (find_key(NULL, keygen->keyname, private_keys)) {
2477 TEST_info("Duplicate key %s", keygen->keyname);
2478 goto err;
2479 }
2480
2481 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
2482 goto err;
2483 key->name = keygen->keyname;
2484 keygen->keyname = NULL;
2485 key->key = pkey;
2486 key->next = private_keys;
2487 private_keys = key;
2488 } else {
2489 EVP_PKEY_free(pkey);
2490 }
2491
2492 return 1;
2493
2494err:
2495 EVP_PKEY_free(pkey);
2496 return 0;
2497}
2498
2499static const EVP_TEST_METHOD keygen_test_method = {
2500 "KeyGen",
2501 keygen_test_init,
2502 keygen_test_cleanup,
2503 keygen_test_parse,
2504 keygen_test_run,
2505};
c49e0b04
RS		 2506
2507/**
2508*** DIGEST SIGN+VERIFY TESTS
2509**/
2510
75726fe8 2511typedef struct {
2117a737
DSH		 2512 int is_verify; /* Set to 1 if verifying */
2513 int is_oneshot; /* Set to 1 for one shot operation */
2514 const EVP_MD *md; /* Digest to use */
2515 EVP_MD_CTX *ctx; /* Digest context */
75726fe8 2516 EVP_PKEY_CTX *pctx;
2117a737
DSH		 2517 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
2518 unsigned char *osin; /* Input data if one shot */
2519 size_t osin_len; /* Input length data if one shot */
2520 unsigned char *output; /* Expected output */
2521 size_t output_len; /* Expected output length */
75726fe8
DSH		 2522} DIGESTSIGN_DATA;
2523
7b22334f
DSH		 2524static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
2525 int is_oneshot)
75726fe8
DSH		 2526{
2527 const EVP_MD *md = NULL;
2528 DIGESTSIGN_DATA *mdat;
2529
2530 if (strcmp(alg, "NULL") != 0) {
2531 if ((md = EVP_get_digestbyname(alg)) == NULL) {
2532 /* If alg has an OID assume disabled algorithm */
2533 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
2534 t->skip = 1;
2535 return 1;
2536 }
2537 return 0;
2538 }
2539 }
2540 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
2541 return 0;
2542 mdat->md = md;
2543 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
2544 OPENSSL_free(mdat);
2545 return 0;
2546 }
2547 mdat->is_verify = is_verify;
7b22334f 2548 mdat->is_oneshot = is_oneshot;
75726fe8
DSH		 2549 t->data = mdat;
2550 return 1;
2551}
2552
2553static int digestsign_test_init(EVP_TEST *t, const char *alg)
2554{
7b22334f 2555 return digestsigver_test_init(t, alg, 0, 0);
75726fe8
DSH		 2556}
2557
2558static void digestsigver_test_cleanup(EVP_TEST *t)
2559{
2560 DIGESTSIGN_DATA *mdata = t->data;
2561
2562 EVP_MD_CTX_free(mdata->ctx);
2563 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
7b22334f 2564 OPENSSL_free(mdata->osin);
75726fe8
DSH		 2565 OPENSSL_free(mdata->output);
2566 OPENSSL_free(mdata);
2567 t->data = NULL;
2568}
2569
2570static int digestsigver_test_parse(EVP_TEST *t,
2571 const char *keyword, const char *value)
2572{
2573 DIGESTSIGN_DATA *mdata = t->data;
2574
2575 if (strcmp(keyword, "Key") == 0) {
2576 EVP_PKEY *pkey = NULL;
2577 int rv = 0;
2578
2579 if (mdata->is_verify)
2580 rv = find_key(&pkey, value, public_keys);
2581 if (rv == 0)
2582 rv = find_key(&pkey, value, private_keys);
2583 if (rv == 0 || pkey == NULL) {
2584 t->skip = 1;
2585 return 1;
2586 }
2587 if (mdata->is_verify) {
2588 if (!EVP_DigestVerifyInit(mdata->ctx, &mdata->pctx, mdata->md,
2589 NULL, pkey))
2590 t->err = "DIGESTVERIFYINIT_ERROR";
2591 return 1;
2592 }
2593 if (!EVP_DigestSignInit(mdata->ctx, &mdata->pctx, mdata->md, NULL,
2594 pkey))
2595 t->err = "DIGESTSIGNINIT_ERROR";
2596 return 1;
2597 }
2598
7b22334f
DSH		 2599 if (strcmp(keyword, "Input") == 0) {
2600 if (mdata->is_oneshot)
c49e0b04 2601 return parse_bin(value, &mdata->osin, &mdata->osin_len);
75726fe8 2602 return evp_test_buffer_append(value, &mdata->input);
7b22334f 2603 }
75726fe8 2604 if (strcmp(keyword, "Output") == 0)
c49e0b04 2605 return parse_bin(value, &mdata->output, &mdata->output_len);
7b22334f
DSH		 2606
2607 if (!mdata->is_oneshot) {
2608 if (strcmp(keyword, "Count") == 0)
2609 return evp_test_buffer_set_count(value, mdata->input);
2610 if (strcmp(keyword, "Ncopy") == 0)
2611 return evp_test_buffer_ncopy(value, mdata->input);
2612 }
75726fe8
DSH		 2613 if (strcmp(keyword, "Ctrl") == 0) {
2614 if (mdata->pctx == NULL)
f42c225d 2615 return -1;
75726fe8
DSH		 2616 return pkey_test_ctrl(t, mdata->pctx, value);
2617 }
2618 return 0;
2619}
2620
2621static int digestsign_update_fn(void *ctx, const unsigned char *buf,
2622 size_t buflen)
2623{
2624 return EVP_DigestSignUpdate(ctx, buf, buflen);
2625}
2626
2627static int digestsign_test_run(EVP_TEST *t)
2628{
e3d378bc
AP		 2629 DIGESTSIGN_DATA *expected = t->data;
2630 unsigned char *got = NULL;
2631 size_t got_len;
75726fe8 2632
e3d378bc
AP		 2633 if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
2634 expected->ctx)) {
75726fe8
DSH		 2635 t->err = "DIGESTUPDATE_ERROR";
2636 goto err;
2637 }
2638
e3d378bc 2639 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
75726fe8
DSH		 2640 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
2641 goto err;
2642 }
e3d378bc 2643 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
75726fe8
DSH		 2644 t->err = "MALLOC_FAILURE";
2645 goto err;
2646 }
e3d378bc 2647 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
75726fe8
DSH		 2648 t->err = "DIGESTSIGNFINAL_ERROR";
2649 goto err;
2650 }
4cceb185
P		 2651 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
2652 expected->output, expected->output_len,
2653 got, got_len))
75726fe8 2654 goto err;
75726fe8 2655
4cceb185 2656 t->err = NULL;
75726fe8 2657 err:
e3d378bc 2658 OPENSSL_free(got);
75726fe8
DSH		 2659 return 1;
2660}
2661
2662static const EVP_TEST_METHOD digestsign_test_method = {
2663 "DigestSign",
2664 digestsign_test_init,
2665 digestsigver_test_cleanup,
2666 digestsigver_test_parse,
2667 digestsign_test_run
2668};
2669
2670static int digestverify_test_init(EVP_TEST *t, const char *alg)
2671{
7b22334f 2672 return digestsigver_test_init(t, alg, 1, 0);
75726fe8
DSH		 2673}
2674
2675static int digestverify_update_fn(void *ctx, const unsigned char *buf,
2676 size_t buflen)
2677{
2678 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
2679}
2680
2681static int digestverify_test_run(EVP_TEST *t)
2682{
2683 DIGESTSIGN_DATA *mdata = t->data;
2684
2685 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
2686 t->err = "DIGESTUPDATE_ERROR";
2687 return 1;
2688 }
2689
2690 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
2691 mdata->output_len) <= 0)
2692 t->err = "VERIFY_ERROR";
2693 return 1;
2694}
2695
2696static const EVP_TEST_METHOD digestverify_test_method = {
2697 "DigestVerify",
2698 digestverify_test_init,
2699 digestsigver_test_cleanup,
2700 digestsigver_test_parse,
2701 digestverify_test_run
2702};
2703
7b22334f
DSH		 2704static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
2705{
2706 return digestsigver_test_init(t, alg, 0, 1);
2707}
2708
2709static int oneshot_digestsign_test_run(EVP_TEST *t)
2710{
e3d378bc
AP		 2711 DIGESTSIGN_DATA *expected = t->data;
2712 unsigned char *got = NULL;
2713 size_t got_len;
7b22334f 2714
e3d378bc
AP		 2715 if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
2716 expected->osin, expected->osin_len)) {
7b22334f
DSH		 2717 t->err = "DIGESTSIGN_LENGTH_ERROR";
2718 goto err;
2719 }
e3d378bc 2720 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
7b22334f
DSH		 2721 t->err = "MALLOC_FAILURE";
2722 goto err;
2723 }
e3d378bc
AP		 2724 if (!EVP_DigestSign(expected->ctx, got, &got_len,
2725 expected->osin, expected->osin_len)) {
7b22334f
DSH		 2726 t->err = "DIGESTSIGN_ERROR";
2727 goto err;
2728 }
4cceb185
P		 2729 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
2730 expected->output, expected->output_len,
2731 got, got_len))
7b22334f 2732 goto err;
7b22334f 2733
4cceb185 2734 t->err = NULL;
7b22334f 2735 err:
e3d378bc 2736 OPENSSL_free(got);
7b22334f
DSH		 2737 return 1;
2738}
2739
2740static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
2741 "OneShotDigestSign",
2742 oneshot_digestsign_test_init,
2743 digestsigver_test_cleanup,
2744 digestsigver_test_parse,
2745 oneshot_digestsign_test_run
2746};
2747
2748static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
2749{
2750 return digestsigver_test_init(t, alg, 1, 1);
2751}
2752
2753static int oneshot_digestverify_test_run(EVP_TEST *t)
2754{
2755 DIGESTSIGN_DATA *mdata = t->data;
2756
2757 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
2758 mdata->osin, mdata->osin_len) <= 0)
2759 t->err = "VERIFY_ERROR";
2760 return 1;
2761}
2762
2763static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
2764 "OneShotDigestVerify",
2765 oneshot_digestverify_test_init,
2766 digestsigver_test_cleanup,
2767 digestsigver_test_parse,
2768 oneshot_digestverify_test_run
2769};
2770
c49e0b04
RS		 2771
2772/**
2773*** PARSING AND DISPATCH
2774**/
2775
2776static const EVP_TEST_METHOD *evp_test_list[] = {
2777 &cipher_test_method,
2778 &digest_test_method,
2779 &digestsign_test_method,
2780 &digestverify_test_method,
2781 &encode_test_method,
2782 &kdf_test_method,
5a285add 2783 &pkey_kdf_test_method,
c49e0b04 2784 &keypair_test_method,
1f0fc03b 2785 &keygen_test_method,
c49e0b04
RS		 2786 &mac_test_method,
2787 &oneshot_digestsign_test_method,
2788 &oneshot_digestverify_test_method,
2789 &pbe_test_method,
2790 &pdecrypt_test_method,
2791 &pderive_test_method,
2792 &psign_test_method,
2793 &pverify_recover_test_method,
2794 &pverify_test_method,
2795 NULL
2796};
2797
2798static const EVP_TEST_METHOD *find_test(const char *name)
2799{
2800 const EVP_TEST_METHOD **tt;
2801
2802 for (tt = evp_test_list; *tt; tt++) {
2803 if (strcmp(name, (*tt)->name) == 0)
2804 return *tt;
2805 }
2806 return NULL;
2807}
2808
2809static void clear_test(EVP_TEST *t)
2810{
ae269dd8 2811 test_clearstanza(&t->s);
c49e0b04
RS		 2812 ERR_clear_error();
2813 if (t->data != NULL) {
2814 if (t->meth != NULL)
2815 t->meth->cleanup(t);
2816 OPENSSL_free(t->data);
2817 t->data = NULL;
2818 }
2819 OPENSSL_free(t->expected_err);
2820 t->expected_err = NULL;
c49e0b04
RS		 2821 OPENSSL_free(t->reason);
2822 t->reason = NULL;
ae269dd8 2823
c49e0b04
RS		 2824 /* Text literal. */
2825 t->err = NULL;
2826 t->skip = 0;
2827 t->meth = NULL;
2828}
2829
2830/*
2831 * Check for errors in the test structure; return 1 if okay, else 0.
2832 */
2833static int check_test_error(EVP_TEST *t)
2834{
2835 unsigned long err;
c49e0b04
RS		 2836 const char *reason;
2837
2838 if (t->err == NULL && t->expected_err == NULL)
2839 return 1;
2840 if (t->err != NULL && t->expected_err == NULL) {
2841 if (t->aux_err != NULL) {
ae269dd8
RS		 2842 TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
2843 t->s.test_file, t->s.start, t->aux_err, t->err);
c49e0b04 2844 } else {
ae269dd8
RS		 2845 TEST_info("%s:%d: Source of above error; unexpected error %s",
2846 t->s.test_file, t->s.start, t->err);
c49e0b04
RS		 2847 }
2848 return 0;
2849 }
2850 if (t->err == NULL && t->expected_err != NULL) {
ae269dd8
RS		 2851 TEST_info("%s:%d: Succeeded but was expecting %s",
2852 t->s.test_file, t->s.start, t->expected_err);
c49e0b04
RS		 2853 return 0;
2854 }
2855
2856 if (strcmp(t->err, t->expected_err) != 0) {
ae269dd8
RS		 2857 TEST_info("%s:%d: Expected %s got %s",
2858 t->s.test_file, t->s.start, t->expected_err, t->err);
c49e0b04
RS		 2859 return 0;
2860 }
2861
aac96e27 2862 if (t->reason == NULL)
c49e0b04
RS		 2863 return 1;
2864
aac96e27 2865 if (t->reason == NULL) {
ae269dd8
RS		 2866 TEST_info("%s:%d: Test is missing function or reason code",
2867 t->s.test_file, t->s.start);
c49e0b04
RS		 2868 return 0;
2869 }
2870
2871 err = ERR_peek_error();
2872 if (err == 0) {
aac96e27
RS		 2873 TEST_info("%s:%d: Expected error \"%s\" not set",
2874 t->s.test_file, t->s.start, t->reason);
c49e0b04
RS		 2875 return 0;
2876 }
2877
c49e0b04 2878 reason = ERR_reason_error_string(err);
b13342e9 2879 if (reason == NULL) {
aac96e27 2880 TEST_info("%s:%d: Expected error \"%s\", no strings available."
ae269dd8 2881 " Assuming ok.",
aac96e27 2882 t->s.test_file, t->s.start, t->reason);
c49e0b04
RS		 2883 return 1;
2884 }
2885
aac96e27 2886 if (strcmp(reason, t->reason) == 0)
c49e0b04
RS		 2887 return 1;
2888
aac96e27
RS		 2889 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
2890 t->s.test_file, t->s.start, t->reason, reason);
c49e0b04
RS		 2891
2892 return 0;
2893}
2894
2895/*
2896 * Run a parsed test. Log a message and return 0 on error.
2897 */
2898static int run_test(EVP_TEST *t)
2899{
2900 if (t->meth == NULL)
2901 return 1;
ae269dd8 2902 t->s.numtests++;
c49e0b04 2903 if (t->skip) {
ae269dd8 2904 t->s.numskip++;
c49e0b04
RS		 2905 } else {
2906 /* run the test */
2907 if (t->err == NULL && t->meth->run_test(t) != 1) {
ae269dd8
RS		 2908 TEST_info("%s:%d %s error",
2909 t->s.test_file, t->s.start, t->meth->name);
c49e0b04
RS		 2910 return 0;
2911 }
2912 if (!check_test_error(t)) {
8fe3127c 2913 TEST_openssl_errors();
ae269dd8 2914 t->s.errors++;
c49e0b04
RS		 2915 }
2916 }
2917
2918 /* clean it up */
2919 return 1;
2920}
2921
2922static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
2923{
2924 for (; lst != NULL; lst = lst->next) {
2925 if (strcmp(lst->name, name) == 0) {
2926 if (ppk != NULL)
2927 *ppk = lst->key;
2928 return 1;
2929 }
2930 }
2931 return 0;
2932}
2933
2934static void free_key_list(KEY_LIST *lst)
2935{
2936 while (lst != NULL) {
2937 KEY_LIST *next = lst->next;
2938
2939 EVP_PKEY_free(lst->key);
2940 OPENSSL_free(lst->name);
2941 OPENSSL_free(lst);
2942 lst = next;
2943 }
2944}
2945
c49e0b04
RS		 2946/*
2947 * Is the key type an unsupported algorithm?
2948 */
3cb7c5cf 2949static int key_unsupported(void)
c49e0b04
RS		 2950{
2951 long err = ERR_peek_error();
2952
2953 if (ERR_GET_LIB(err) == ERR_LIB_EVP
2954 && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) {
2955 ERR_clear_error();
2956 return 1;
2957 }
2958#ifndef OPENSSL_NO_EC
2959 /*
2960 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
2961 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
2962 * disabled).
2963 */
2964 if (ERR_GET_LIB(err) == ERR_LIB_EC
2965 && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) {
2966 ERR_clear_error();
2967 return 1;
2968 }
2969#endif /* OPENSSL_NO_EC */
2970 return 0;
2971}
2972
2973/*
ae269dd8 2974 * NULL out the value from |pp| but return it. This "steals" a pointer.
c49e0b04 2975 */
ae269dd8 2976static char *take_value(PAIR *pp)
c49e0b04 2977{
ae269dd8
RS		 2978 char *p = pp->value;
2979
2980 pp->value = NULL;
2981 return p;
2982}
2983
3b5d61f4
RL		 2984/*
2985 * Return 1 if one of the providers named in the string is available.
2986 * The provider names are separated with whitespace.
2987 * NOTE: destructive function, it inserts '\0' after each provider name.
2988 */
2989static int prov_available(char *providers)
2990{
2991 char *p;
2992 int more = 1;
2993
2994 while (more) {
2995 for (; isspace(*providers); providers++)
2996 continue;
2997 if (*providers == '\0')
2998 break; /* End of the road */
2999 for (p = providers; *p != '\0' && !isspace(*p); p++)
3000 continue;
3001 if (*p == '\0')
3002 more = 0;
3003 else
3004 *p = '\0';
3005 if (OSSL_PROVIDER_available(NULL, providers))
3006 return 1; /* Found one */
3007 }
3008 return 0;
3009}
3010
ae269dd8
RS		 3011/*
3012 * Read and parse one test. Return 0 if failure, 1 if okay.
3013 */
3014static int parse(EVP_TEST *t)
3015{
3016 KEY_LIST *key, **klist;
c49e0b04 3017 EVP_PKEY *pkey;
ae269dd8
RS		 3018 PAIR *pp;
3019 int i;
c49e0b04 3020
c49e0b04 3021top:
ae269dd8
RS		 3022 do {
3023 if (BIO_eof(t->s.fp))
c49e0b04 3024 return EOF;
ae269dd8
RS		 3025 clear_test(t);
3026 if (!test_readstanza(&t->s))
3027 return 0;
3028 } while (t->s.numpairs == 0);
3029 pp = &t->s.pairs[0];
c49e0b04 3030
ae269dd8 3031 /* Are we adding a key? */
c49e0b04
RS		 3032 klist = NULL;
3033 pkey = NULL;
ae269dd8
RS		 3034 if (strcmp(pp->key, "PrivateKey") == 0) {
3035 pkey = PEM_read_bio_PrivateKey(t->s.key, NULL, 0, NULL);
c49e0b04 3036 if (pkey == NULL && !key_unsupported()) {
1bf2cc23 3037 EVP_PKEY_free(pkey);
ae269dd8 3038 TEST_info("Can't read private key %s", pp->value);
8fe3127c 3039 TEST_openssl_errors();
c49e0b04
RS		 3040 return 0;
3041 }
3042 klist = &private_keys;
4665244c 3043 } else if (strcmp(pp->key, "PublicKey") == 0) {
ae269dd8 3044 pkey = PEM_read_bio_PUBKEY(t->s.key, NULL, 0, NULL);
c49e0b04 3045 if (pkey == NULL && !key_unsupported()) {
1bf2cc23 3046 EVP_PKEY_free(pkey);
ae269dd8 3047 TEST_info("Can't read public key %s", pp->value);
8fe3127c 3048 TEST_openssl_errors();
c49e0b04
RS		 3049 return 0;
3050 }
3051 klist = &public_keys;
4665244c
MC		 3052 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
3053 || strcmp(pp->key, "PublicKeyRaw") == 0 ) {
3054 char *strnid = NULL, *keydata = NULL;
3055 unsigned char *keybin;
3056 size_t keylen;
3057 int nid;
3058
3059 if (strcmp(pp->key, "PrivateKeyRaw") == 0)
3060 klist = &private_keys;
3061 else
3062 klist = &public_keys;
3063
3064 strnid = strchr(pp->value, ':');
3065 if (strnid != NULL) {
3066 *strnid++ = '\0';
3067 keydata = strchr(strnid, ':');
3068 if (keydata != NULL)
3069 *keydata++ = '\0';
3070 }
3071 if (keydata == NULL) {
3072 TEST_info("Failed to parse %s value", pp->key);
3073 return 0;
3074 }
3075
3076 nid = OBJ_txt2nid(strnid);
3077 if (nid == NID_undef) {
3078 TEST_info("Uncrecognised algorithm NID");
3079 return 0;
3080 }
3081 if (!parse_bin(keydata, &keybin, &keylen)) {
3082 TEST_info("Failed to create binary key");
3083 return 0;
3084 }
3085 if (klist == &private_keys)
f929439f 3086 pkey = EVP_PKEY_new_raw_private_key(nid, NULL, keybin, keylen);
4665244c 3087 else
f929439f 3088 pkey = EVP_PKEY_new_raw_public_key(nid, NULL, keybin, keylen);
66a925ea 3089 if (pkey == NULL && !key_unsupported()) {
4665244c
MC		 3090 TEST_info("Can't read %s data", pp->key);
3091 OPENSSL_free(keybin);
3092 TEST_openssl_errors();
3093 return 0;
3094 }
3095 OPENSSL_free(keybin);
c49e0b04
RS		 3096 }
3097
3098 /* If we have a key add to list */
3099 if (klist != NULL) {
ae269dd8
RS		 3100 if (find_key(NULL, pp->value, *klist)) {
3101 TEST_info("Duplicate key %s", pp->value);
c49e0b04
RS		 3102 return 0;
3103 }
ae269dd8 3104 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
c49e0b04 3105 return 0;
ae269dd8 3106 key->name = take_value(pp);
ddb634fe
JL		 3107
3108 /* Hack to detect SM2 keys */
c86acc9f
MC		 3109 if(pkey != NULL && strstr(key->name, "SM2") != NULL) {
3110#ifdef OPENSSL_NO_SM2
3111 EVP_PKEY_free(pkey);
3112 pkey = NULL;
3113#else
ddb634fe 3114 EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
c86acc9f
MC		 3115#endif
3116 }
ddb634fe 3117
c49e0b04
RS		 3118 key->key = pkey;
3119 key->next = *klist;
3120 *klist = key;
3121
3122 /* Go back and start a new stanza. */
ae269dd8
RS		 3123 if (t->s.numpairs != 1)
3124 TEST_info("Line %d: missing blank line\n", t->s.curr);
c49e0b04
RS		 3125 goto top;
3126 }
3127
ae269dd8
RS		 3128 /* Find the test, based on first keyword. */
3129 if (!TEST_ptr(t->meth = find_test(pp->key)))
3130 return 0;
3131 if (!t->meth->init(t, pp->value)) {
3132 TEST_error("unknown %s: %s\n", pp->key, pp->value);
3133 return 0;
c49e0b04
RS		 3134 }
3135 if (t->skip == 1) {
ae269dd8
RS		 3136 /* TEST_info("skipping %s %s", pp->key, pp->value); */
3137 return 0;
c49e0b04
RS		 3138 }
3139
ae269dd8 3140 for (pp++, i = 1; i < t->s.numpairs; pp++, i++) {
3b5d61f4
RL		 3141 if (strcmp(pp->key, "Availablein") == 0) {
3142 if (!prov_available(pp->value)) {
3143 TEST_info("skipping, providers not available: %s:%d",
3144 t->s.test_file, t->s.start);
3145 t->skip = 1;
3146 return 0;
3147 }
8453096e 3148 } else if (strcmp(pp->key, "Result") == 0) {
c49e0b04 3149 if (t->expected_err != NULL) {
ae269dd8
RS		 3150 TEST_info("Line %d: multiple result lines", t->s.curr);
3151 return 0;
c49e0b04 3152 }
ae269dd8
RS		 3153 t->expected_err = take_value(pp);
3154 } else if (strcmp(pp->key, "Function") == 0) {
aac96e27 3155 /* Ignore old line. */
ae269dd8 3156 } else if (strcmp(pp->key, "Reason") == 0) {
c49e0b04 3157 if (t->reason != NULL) {
ae269dd8
RS		 3158 TEST_info("Line %d: multiple reason lines", t->s.curr);
3159 return 0;
c49e0b04 3160 }
ae269dd8 3161 t->reason = take_value(pp);
c49e0b04
RS		 3162 } else {
3163 /* Must be test specific line: try to parse it */
ae269dd8 3164 int rv = t->meth->parse(t, pp->key, pp->value);
c49e0b04
RS		 3165
3166 if (rv == 0) {
ae269dd8
RS		 3167 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
3168 return 0;
c49e0b04
RS		 3169 }
3170 if (rv < 0) {
ce5d64c7
RL		 3171 TEST_info("Line %d: error processing keyword %s = %s\n",
3172 t->s.curr, pp->key, pp->value);
ae269dd8 3173 return 0;
c49e0b04
RS		 3174 }
3175 }
3176 }
3177
3178 return 1;
c49e0b04
RS		 3179}
3180
ae269dd8 3181static int run_file_tests(int i)
6c5943c9 3182{
ae269dd8 3183 EVP_TEST *t;
ad887416 3184 const char *testfile = test_get_argument(i);
c49e0b04 3185 int c;
6c5943c9 3186
ae269dd8 3187 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
6c5943c9 3188 return 0;
ad887416 3189 if (!test_start_file(&t->s, testfile)) {
ae269dd8
RS		 3190 OPENSSL_free(t);
3191 return 0;
3192 }
c49e0b04 3193
ae269dd8
RS		 3194 while (!BIO_eof(t->s.fp)) {
3195 c = parse(t);
d5e5e2ff
SL		 3196 if (t->skip) {
3197 t->s.numskip++;
c49e0b04 3198 continue;
d5e5e2ff 3199 }
ae269dd8
RS		 3200 if (c == 0 || !run_test(t)) {
3201 t->s.errors++;
c49e0b04
RS		 3202 break;
3203 }
6c5943c9 3204 }
ae269dd8
RS		 3205 test_end_file(&t->s);
3206 clear_test(t);
6c5943c9 3207
6c5943c9
RS		 3208 free_key_list(public_keys);
3209 free_key_list(private_keys);
ae269dd8
RS		 3210 BIO_free(t->s.key);
3211 c = t->s.errors;
3212 OPENSSL_free(t);
3213 return c == 0;
6c5943c9
RS		 3214}
3215
a43ce58f
SL		 3216OPT_TEST_DECLARE_USAGE("file...\n")
3217
ad887416 3218int setup_tests(void)
6c5943c9 3219{
ad887416
P		 3220 size_t n = test_get_argument_count();
3221
a43ce58f 3222 if (n == 0)
6c5943c9 3223 return 0;
6c5943c9 3224
ad887416
P		 3225 ADD_ALL_TESTS(run_file_tests, n);
3226 return 1;
6c5943c9 3227}
A mirror of the official openssl repository