]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mac: allow XOF MACs to be specified either via control or via the dedicated function
[thirdparty/openssl.git] / test / evp_test.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <ctype.h>
15 #include "../e_os.h" /* strcasecmp */
16 #include <openssl/evp.h>
17 #include <openssl/pem.h>
18 #include <openssl/err.h>
19 #include <openssl/provider.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/pkcs12.h>
22 #include <openssl/kdf.h>
23 #include <openssl/params.h>
24 #include <openssl/core_names.h>
25 #include <openssl/fips_names.h>
26 #include "internal/numbers.h"
27 #include "internal/nelem.h"
28 #include "crypto/evp.h"
29 #include "testutil.h"
30
31 typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
32 DEFINE_STACK_OF(EVP_TEST_BUFFER)
33
34 #define AAD_NUM 4
35
36 typedef struct evp_test_method_st EVP_TEST_METHOD;
37
38 /* Structure holding test information */
39 typedef struct evp_test_st {
40 STANZA s; /* Common test stanza */
41 char *name;
42 int skip; /* Current test should be skipped */
43 const EVP_TEST_METHOD *meth; /* method for this test */
44 const char *err, *aux_err; /* Error string for test */
45 char *expected_err; /* Expected error value of test */
46 char *reason; /* Expected error reason string */
47 void *data; /* test specific data */
48 } EVP_TEST;
49
50 /* Test method structure */
51 struct evp_test_method_st {
52 /* Name of test as it appears in file */
53 const char *name;
54 /* Initialise test for "alg" */
55 int (*init) (EVP_TEST * t, const char *alg);
56 /* Clean up method */
57 void (*cleanup) (EVP_TEST * t);
58 /* Test specific name value pair processing */
59 int (*parse) (EVP_TEST * t, const char *name, const char *value);
60 /* Run the test itself */
61 int (*run_test) (EVP_TEST * t);
62 };
63
64 /* Linked list of named keys. */
65 typedef struct key_list_st {
66 char *name;
67 EVP_PKEY *key;
68 struct key_list_st *next;
69 } KEY_LIST;
70
71 typedef enum OPTION_choice {
72 OPT_ERR = -1,
73 OPT_EOF = 0,
74 OPT_CONFIG_FILE,
75 OPT_TEST_ENUM
76 } OPTION_CHOICE;
77
78 static OSSL_PROVIDER *prov_null = NULL;
79 static OSSL_LIB_CTX *libctx = NULL;
80
81 /* List of public and private keys */
82 static KEY_LIST *private_keys;
83 static KEY_LIST *public_keys;
84
85 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
86 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
87 static int is_digest_disabled(const char *name);
88 static int is_pkey_disabled(const char *name);
89 static int is_mac_disabled(const char *name);
90 static int is_cipher_disabled(const char *name);
91 static int is_kdf_disabled(const char *name);
92
93 /*
94 * Compare two memory regions for equality, returning zero if they differ.
95 * However, if there is expected to be an error and the actual error
96 * matches then the memory is expected to be different so handle this
97 * case without producing unnecessary test framework output.
98 */
99 static int memory_err_compare(EVP_TEST *t, const char *err,
100 const void *expected, size_t expected_len,
101 const void *got, size_t got_len)
102 {
103 int r;
104
105 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
106 r = !TEST_mem_ne(expected, expected_len, got, got_len);
107 else
108 r = TEST_mem_eq(expected, expected_len, got, got_len);
109 if (!r)
110 t->err = err;
111 return r;
112 }
113
114 /*
115 * Structure used to hold a list of blocks of memory to test
116 * calls to "update" like functions.
117 */
118 struct evp_test_buffer_st {
119 unsigned char *buf;
120 size_t buflen;
121 size_t count;
122 int count_set;
123 };
124
125 static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
126 {
127 if (db != NULL) {
128 OPENSSL_free(db->buf);
129 OPENSSL_free(db);
130 }
131 }
132
133 /* append buffer to a list */
134 static int evp_test_buffer_append(const char *value,
135 STACK_OF(EVP_TEST_BUFFER) **sk)
136 {
137 EVP_TEST_BUFFER *db = NULL;
138
139 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
140 goto err;
141
142 if (!parse_bin(value, &db->buf, &db->buflen))
143 goto err;
144 db->count = 1;
145 db->count_set = 0;
146
147 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
148 goto err;
149 if (!sk_EVP_TEST_BUFFER_push(*sk, db))
150 goto err;
151
152 return 1;
153
154 err:
155 evp_test_buffer_free(db);
156 return 0;
157 }
158
159 /* replace last buffer in list with copies of itself */
160 static int evp_test_buffer_ncopy(const char *value,
161 STACK_OF(EVP_TEST_BUFFER) *sk)
162 {
163 EVP_TEST_BUFFER *db;
164 unsigned char *tbuf, *p;
165 size_t tbuflen;
166 int ncopy = atoi(value);
167 int i;
168
169 if (ncopy <= 0)
170 return 0;
171 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
172 return 0;
173 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
174
175 tbuflen = db->buflen * ncopy;
176 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
177 return 0;
178 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
179 memcpy(p, db->buf, db->buflen);
180
181 OPENSSL_free(db->buf);
182 db->buf = tbuf;
183 db->buflen = tbuflen;
184 return 1;
185 }
186
187 /* set repeat count for last buffer in list */
188 static int evp_test_buffer_set_count(const char *value,
189 STACK_OF(EVP_TEST_BUFFER) *sk)
190 {
191 EVP_TEST_BUFFER *db;
192 int count = atoi(value);
193
194 if (count <= 0)
195 return 0;
196
197 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
198 return 0;
199
200 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
201 if (db->count_set != 0)
202 return 0;
203
204 db->count = (size_t)count;
205 db->count_set = 1;
206 return 1;
207 }
208
209 /* call "fn" with each element of the list in turn */
210 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
211 int (*fn)(void *ctx,
212 const unsigned char *buf,
213 size_t buflen),
214 void *ctx)
215 {
216 int i;
217
218 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
219 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
220 size_t j;
221
222 for (j = 0; j < tb->count; j++) {
223 if (fn(ctx, tb->buf, tb->buflen) <= 0)
224 return 0;
225 }
226 }
227 return 1;
228 }
229
230 /*
231 * Unescape some sequences in string literals (only \n for now).
232 * Return an allocated buffer, set |out_len|. If |input_len|
233 * is zero, get an empty buffer but set length to zero.
234 */
235 static unsigned char* unescape(const char *input, size_t input_len,
236 size_t *out_len)
237 {
238 unsigned char *ret, *p;
239 size_t i;
240
241 if (input_len == 0) {
242 *out_len = 0;
243 return OPENSSL_zalloc(1);
244 }
245
246 /* Escaping is non-expanding; over-allocate original size for simplicity. */
247 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
248 return NULL;
249
250 for (i = 0; i < input_len; i++) {
251 if (*input == '\\') {
252 if (i == input_len - 1 || *++input != 'n') {
253 TEST_error("Bad escape sequence in file");
254 goto err;
255 }
256 *p++ = '\n';
257 i++;
258 input++;
259 } else {
260 *p++ = *input++;
261 }
262 }
263
264 *out_len = p - ret;
265 return ret;
266
267 err:
268 OPENSSL_free(ret);
269 return NULL;
270 }
271
272 /*
273 * For a hex string "value" convert to a binary allocated buffer.
274 * Return 1 on success or 0 on failure.
275 */
276 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
277 {
278 long len;
279
280 /* Check for NULL literal */
281 if (strcmp(value, "NULL") == 0) {
282 *buf = NULL;
283 *buflen = 0;
284 return 1;
285 }
286
287 /* Check for empty value */
288 if (*value == '\0') {
289 /*
290 * Don't return NULL for zero length buffer. This is needed for
291 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
292 * buffer even if the key length is 0, in order to detect key reset.
293 */
294 *buf = OPENSSL_malloc(1);
295 if (*buf == NULL)
296 return 0;
297 **buf = 0;
298 *buflen = 0;
299 return 1;
300 }
301
302 /* Check for string literal */
303 if (value[0] == '"') {
304 size_t vlen = strlen(++value);
305
306 if (vlen == 0 || value[vlen - 1] != '"')
307 return 0;
308 vlen--;
309 *buf = unescape(value, vlen, buflen);
310 return *buf == NULL ? 0 : 1;
311 }
312
313 /* Otherwise assume as hex literal and convert it to binary buffer */
314 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
315 TEST_info("Can't convert %s", value);
316 TEST_openssl_errors();
317 return -1;
318 }
319 /* Size of input buffer means we'll never overflow */
320 *buflen = len;
321 return 1;
322 }
323
324 /**
325 ** MESSAGE DIGEST TESTS
326 **/
327
328 typedef struct digest_data_st {
329 /* Digest this test is for */
330 const EVP_MD *digest;
331 EVP_MD *fetched_digest;
332 /* Input to digest */
333 STACK_OF(EVP_TEST_BUFFER) *input;
334 /* Expected output */
335 unsigned char *output;
336 size_t output_len;
337 /* Padding type */
338 int pad_type;
339 } DIGEST_DATA;
340
341 static int digest_test_init(EVP_TEST *t, const char *alg)
342 {
343 DIGEST_DATA *mdat;
344 const EVP_MD *digest;
345 EVP_MD *fetched_digest;
346
347 if (is_digest_disabled(alg)) {
348 TEST_info("skipping, '%s' is disabled", alg);
349 t->skip = 1;
350 return 1;
351 }
352
353 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, NULL)) == NULL
354 && (digest = EVP_get_digestbyname(alg)) == NULL)
355 return 0;
356 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
357 return 0;
358 t->data = mdat;
359 mdat->digest = digest;
360 mdat->fetched_digest = fetched_digest;
361 mdat->pad_type = 0;
362 if (fetched_digest != NULL)
363 TEST_info("%s is fetched", alg);
364 return 1;
365 }
366
367 static void digest_test_cleanup(EVP_TEST *t)
368 {
369 DIGEST_DATA *mdat = t->data;
370
371 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
372 OPENSSL_free(mdat->output);
373 EVP_MD_free(mdat->fetched_digest);
374 }
375
376 static int digest_test_parse(EVP_TEST *t,
377 const char *keyword, const char *value)
378 {
379 DIGEST_DATA *mdata = t->data;
380
381 if (strcmp(keyword, "Input") == 0)
382 return evp_test_buffer_append(value, &mdata->input);
383 if (strcmp(keyword, "Output") == 0)
384 return parse_bin(value, &mdata->output, &mdata->output_len);
385 if (strcmp(keyword, "Count") == 0)
386 return evp_test_buffer_set_count(value, mdata->input);
387 if (strcmp(keyword, "Ncopy") == 0)
388 return evp_test_buffer_ncopy(value, mdata->input);
389 if (strcmp(keyword, "Padding") == 0)
390 return (mdata->pad_type = atoi(value)) > 0;
391 return 0;
392 }
393
394 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
395 {
396 return EVP_DigestUpdate(ctx, buf, buflen);
397 }
398
399 static int digest_test_run(EVP_TEST *t)
400 {
401 DIGEST_DATA *expected = t->data;
402 EVP_MD_CTX *mctx;
403 unsigned char *got = NULL;
404 unsigned int got_len;
405 OSSL_PARAM params[2];
406
407 t->err = "TEST_FAILURE";
408 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
409 goto err;
410
411 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
412 expected->output_len : EVP_MAX_MD_SIZE);
413 if (!TEST_ptr(got))
414 goto err;
415
416 if (!EVP_DigestInit_ex(mctx, expected->digest, NULL)) {
417 t->err = "DIGESTINIT_ERROR";
418 goto err;
419 }
420 if (expected->pad_type > 0) {
421 params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
422 &expected->pad_type);
423 params[1] = OSSL_PARAM_construct_end();
424 if (!TEST_int_gt(EVP_MD_CTX_set_params(mctx, params), 0)) {
425 t->err = "PARAMS_ERROR";
426 goto err;
427 }
428 }
429 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
430 t->err = "DIGESTUPDATE_ERROR";
431 goto err;
432 }
433
434 if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) {
435 EVP_MD_CTX *mctx_cpy;
436 char dont[] = "touch";
437
438 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
439 goto err;
440 }
441 if (!EVP_MD_CTX_copy(mctx_cpy, mctx)) {
442 EVP_MD_CTX_free(mctx_cpy);
443 goto err;
444 }
445 if (!EVP_DigestFinalXOF(mctx_cpy, (unsigned char *)dont, 0)) {
446 EVP_MD_CTX_free(mctx_cpy);
447 t->err = "DIGESTFINALXOF_ERROR";
448 goto err;
449 }
450 if (!TEST_str_eq(dont, "touch")) {
451 EVP_MD_CTX_free(mctx_cpy);
452 t->err = "DIGESTFINALXOF_ERROR";
453 goto err;
454 }
455 EVP_MD_CTX_free(mctx_cpy);
456
457 got_len = expected->output_len;
458 if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
459 t->err = "DIGESTFINALXOF_ERROR";
460 goto err;
461 }
462 } else {
463 if (!EVP_DigestFinal(mctx, got, &got_len)) {
464 t->err = "DIGESTFINAL_ERROR";
465 goto err;
466 }
467 }
468 if (!TEST_int_eq(expected->output_len, got_len)) {
469 t->err = "DIGEST_LENGTH_MISMATCH";
470 goto err;
471 }
472 if (!memory_err_compare(t, "DIGEST_MISMATCH",
473 expected->output, expected->output_len,
474 got, got_len))
475 goto err;
476
477 t->err = NULL;
478
479 err:
480 OPENSSL_free(got);
481 EVP_MD_CTX_free(mctx);
482 return 1;
483 }
484
485 static const EVP_TEST_METHOD digest_test_method = {
486 "Digest",
487 digest_test_init,
488 digest_test_cleanup,
489 digest_test_parse,
490 digest_test_run
491 };
492
493 /**
494 *** CIPHER TESTS
495 **/
496
497 typedef struct cipher_data_st {
498 const EVP_CIPHER *cipher;
499 EVP_CIPHER *fetched_cipher;
500 int enc;
501 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
502 int aead;
503 unsigned char *key;
504 size_t key_len;
505 size_t key_bits; /* Used by RC2 */
506 unsigned char *iv;
507 unsigned char *next_iv; /* Expected IV state after operation */
508 unsigned int rounds;
509 size_t iv_len;
510 unsigned char *plaintext;
511 size_t plaintext_len;
512 unsigned char *ciphertext;
513 size_t ciphertext_len;
514 /* GCM, CCM, OCB and SIV only */
515 unsigned char *aad[AAD_NUM];
516 size_t aad_len[AAD_NUM];
517 unsigned char *tag;
518 const char *cts_mode;
519 size_t tag_len;
520 int tag_late;
521 } CIPHER_DATA;
522
523 static int cipher_test_init(EVP_TEST *t, const char *alg)
524 {
525 const EVP_CIPHER *cipher;
526 EVP_CIPHER *fetched_cipher;
527 CIPHER_DATA *cdat;
528 int m;
529
530 if (is_cipher_disabled(alg)) {
531 t->skip = 1;
532 TEST_info("skipping, '%s' is disabled", alg);
533 return 1;
534 }
535
536 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, NULL)) == NULL
537 && (cipher = EVP_get_cipherbyname(alg)) == NULL)
538 return 0;
539
540 cdat = OPENSSL_zalloc(sizeof(*cdat));
541 cdat->cipher = cipher;
542 cdat->fetched_cipher = fetched_cipher;
543 cdat->enc = -1;
544 m = EVP_CIPHER_mode(cipher);
545 if (m == EVP_CIPH_GCM_MODE
546 || m == EVP_CIPH_OCB_MODE
547 || m == EVP_CIPH_SIV_MODE
548 || m == EVP_CIPH_CCM_MODE)
549 cdat->aead = m;
550 else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
551 cdat->aead = -1;
552 else
553 cdat->aead = 0;
554
555 t->data = cdat;
556 if (fetched_cipher != NULL)
557 TEST_info("%s is fetched", alg);
558 return 1;
559 }
560
561 static void cipher_test_cleanup(EVP_TEST *t)
562 {
563 int i;
564 CIPHER_DATA *cdat = t->data;
565
566 OPENSSL_free(cdat->key);
567 OPENSSL_free(cdat->iv);
568 OPENSSL_free(cdat->next_iv);
569 OPENSSL_free(cdat->ciphertext);
570 OPENSSL_free(cdat->plaintext);
571 for (i = 0; i < AAD_NUM; i++)
572 OPENSSL_free(cdat->aad[i]);
573 OPENSSL_free(cdat->tag);
574 EVP_CIPHER_free(cdat->fetched_cipher);
575 }
576
577 static int cipher_test_parse(EVP_TEST *t, const char *keyword,
578 const char *value)
579 {
580 CIPHER_DATA *cdat = t->data;
581 int i;
582
583 if (strcmp(keyword, "Key") == 0)
584 return parse_bin(value, &cdat->key, &cdat->key_len);
585 if (strcmp(keyword, "Rounds") == 0) {
586 i = atoi(value);
587 if (i < 0)
588 return -1;
589 cdat->rounds = (unsigned int)i;
590 return 1;
591 }
592 if (strcmp(keyword, "IV") == 0)
593 return parse_bin(value, &cdat->iv, &cdat->iv_len);
594 if (strcmp(keyword, "NextIV") == 0)
595 return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
596 if (strcmp(keyword, "Plaintext") == 0)
597 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
598 if (strcmp(keyword, "Ciphertext") == 0)
599 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
600 if (strcmp(keyword, "KeyBits") == 0) {
601 i = atoi(value);
602 if (i < 0)
603 return -1;
604 cdat->key_bits = (size_t)i;
605 return 1;
606 }
607 if (cdat->aead) {
608 if (strcmp(keyword, "AAD") == 0) {
609 for (i = 0; i < AAD_NUM; i++) {
610 if (cdat->aad[i] == NULL)
611 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
612 }
613 return -1;
614 }
615 if (strcmp(keyword, "Tag") == 0)
616 return parse_bin(value, &cdat->tag, &cdat->tag_len);
617 if (strcmp(keyword, "SetTagLate") == 0) {
618 if (strcmp(value, "TRUE") == 0)
619 cdat->tag_late = 1;
620 else if (strcmp(value, "FALSE") == 0)
621 cdat->tag_late = 0;
622 else
623 return -1;
624 return 1;
625 }
626 }
627
628 if (strcmp(keyword, "Operation") == 0) {
629 if (strcmp(value, "ENCRYPT") == 0)
630 cdat->enc = 1;
631 else if (strcmp(value, "DECRYPT") == 0)
632 cdat->enc = 0;
633 else
634 return -1;
635 return 1;
636 }
637 if (strcmp(keyword, "CTSMode") == 0) {
638 cdat->cts_mode = value;
639 return 1;
640 }
641 return 0;
642 }
643
644 static int cipher_test_enc(EVP_TEST *t, int enc,
645 size_t out_misalign, size_t inp_misalign, int frag)
646 {
647 CIPHER_DATA *expected = t->data;
648 unsigned char *in, *expected_out, *tmp = NULL;
649 size_t in_len, out_len, donelen = 0;
650 int ok = 0, tmplen, chunklen, tmpflen, i;
651 EVP_CIPHER_CTX *ctx_base = NULL;
652 EVP_CIPHER_CTX *ctx = NULL;
653
654 t->err = "TEST_FAILURE";
655 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
656 goto err;
657 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
658 goto err;
659 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
660 if (enc) {
661 in = expected->plaintext;
662 in_len = expected->plaintext_len;
663 expected_out = expected->ciphertext;
664 out_len = expected->ciphertext_len;
665 } else {
666 in = expected->ciphertext;
667 in_len = expected->ciphertext_len;
668 expected_out = expected->plaintext;
669 out_len = expected->plaintext_len;
670 }
671 if (inp_misalign == (size_t)-1) {
672 /* Exercise in-place encryption */
673 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
674 if (!tmp)
675 goto err;
676 in = memcpy(tmp + out_misalign, in, in_len);
677 } else {
678 inp_misalign += 16 - ((out_misalign + in_len) & 15);
679 /*
680 * 'tmp' will store both output and copy of input. We make the copy
681 * of input to specifically aligned part of 'tmp'. So we just
682 * figured out how much padding would ensure the required alignment,
683 * now we allocate extended buffer and finally copy the input just
684 * past inp_misalign in expression below. Output will be written
685 * past out_misalign...
686 */
687 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
688 inp_misalign + in_len);
689 if (!tmp)
690 goto err;
691 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
692 inp_misalign, in, in_len);
693 }
694 if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) {
695 t->err = "CIPHERINIT_ERROR";
696 goto err;
697 }
698 if (expected->cts_mode != NULL) {
699 OSSL_PARAM params[2];
700
701 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
702 (char *)expected->cts_mode,
703 0);
704 params[1] = OSSL_PARAM_construct_end();
705 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
706 t->err = "INVALID_CTS_MODE";
707 goto err;
708 }
709 }
710 if (expected->iv) {
711 if (expected->aead) {
712 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
713 expected->iv_len, 0)) {
714 t->err = "INVALID_IV_LENGTH";
715 goto err;
716 }
717 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx_base)) {
718 t->err = "INVALID_IV_LENGTH";
719 goto err;
720 }
721 }
722 if (expected->aead) {
723 unsigned char *tag;
724 /*
725 * If encrypting or OCB just set tag length initially, otherwise
726 * set tag length and value.
727 */
728 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
729 t->err = "TAG_LENGTH_SET_ERROR";
730 tag = NULL;
731 } else {
732 t->err = "TAG_SET_ERROR";
733 tag = expected->tag;
734 }
735 if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
736 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
737 expected->tag_len, tag))
738 goto err;
739 }
740 }
741
742 if (expected->rounds > 0) {
743 int rounds = (int)expected->rounds;
744
745 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)) {
746 t->err = "INVALID_ROUNDS";
747 goto err;
748 }
749 }
750
751 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
752 t->err = "INVALID_KEY_LENGTH";
753 goto err;
754 }
755 if (expected->key_bits > 0) {
756 int bits = (int)expected->key_bits;
757
758 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL)) {
759 t->err = "INVALID KEY BITS";
760 goto err;
761 }
762 }
763 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
764 t->err = "KEY_SET_ERROR";
765 goto err;
766 }
767
768 /* Check that we get the same IV back */
769 if (expected->iv != NULL) {
770 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
771 unsigned char iv[128];
772 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
773 || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
774 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
775 expected->iv_len))) {
776 t->err = "INVALID_IV";
777 goto err;
778 }
779 }
780
781 /* Test that the cipher dup functions correctly if it is supported */
782 if (EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
783 EVP_CIPHER_CTX_free(ctx_base);
784 ctx_base = NULL;
785 } else {
786 EVP_CIPHER_CTX_free(ctx);
787 ctx = ctx_base;
788 }
789
790 if (expected->aead == EVP_CIPH_CCM_MODE) {
791 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
792 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
793 goto err;
794 }
795 }
796 if (expected->aad[0] != NULL) {
797 t->err = "AAD_SET_ERROR";
798 if (!frag) {
799 for (i = 0; expected->aad[i] != NULL; i++) {
800 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i],
801 expected->aad_len[i]))
802 goto err;
803 }
804 } else {
805 /*
806 * Supply the AAD in chunks less than the block size where possible
807 */
808 for (i = 0; expected->aad[i] != NULL; i++) {
809 if (expected->aad_len[i] > 0) {
810 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
811 goto err;
812 donelen++;
813 }
814 if (expected->aad_len[i] > 2) {
815 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
816 expected->aad[i] + donelen,
817 expected->aad_len[i] - 2))
818 goto err;
819 donelen += expected->aad_len[i] - 2;
820 }
821 if (expected->aad_len[i] > 1
822 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
823 expected->aad[i] + donelen, 1))
824 goto err;
825 }
826 }
827 }
828
829 if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) {
830 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
831 expected->tag_len, expected->tag)) {
832 t->err = "TAG_SET_ERROR";
833 goto err;
834 }
835 }
836
837 EVP_CIPHER_CTX_set_padding(ctx, 0);
838 t->err = "CIPHERUPDATE_ERROR";
839 tmplen = 0;
840 if (!frag) {
841 /* We supply the data all in one go */
842 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
843 goto err;
844 } else {
845 /* Supply the data in chunks less than the block size where possible */
846 if (in_len > 0) {
847 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
848 goto err;
849 tmplen += chunklen;
850 in++;
851 in_len--;
852 }
853 if (in_len > 1) {
854 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
855 in, in_len - 1))
856 goto err;
857 tmplen += chunklen;
858 in += in_len - 1;
859 in_len = 1;
860 }
861 if (in_len > 0 ) {
862 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
863 in, 1))
864 goto err;
865 tmplen += chunklen;
866 }
867 }
868 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
869 t->err = "CIPHERFINAL_ERROR";
870 goto err;
871 }
872 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
873 tmp + out_misalign, tmplen + tmpflen))
874 goto err;
875 if (enc && expected->aead) {
876 unsigned char rtag[16];
877
878 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
879 t->err = "TAG_LENGTH_INTERNAL_ERROR";
880 goto err;
881 }
882 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
883 expected->tag_len, rtag)) {
884 t->err = "TAG_RETRIEVE_ERROR";
885 goto err;
886 }
887 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
888 expected->tag, expected->tag_len,
889 rtag, expected->tag_len))
890 goto err;
891 }
892 /* Check the updated IV */
893 if (expected->next_iv != NULL) {
894 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
895 unsigned char iv[128];
896 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
897 || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
898 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
899 expected->iv_len))) {
900 t->err = "INVALID_NEXT_IV";
901 goto err;
902 }
903 }
904
905 t->err = NULL;
906 ok = 1;
907 err:
908 OPENSSL_free(tmp);
909 if (ctx != ctx_base)
910 EVP_CIPHER_CTX_free(ctx_base);
911 EVP_CIPHER_CTX_free(ctx);
912 return ok;
913 }
914
915 static int cipher_test_run(EVP_TEST *t)
916 {
917 CIPHER_DATA *cdat = t->data;
918 int rv, frag = 0;
919 size_t out_misalign, inp_misalign;
920
921 if (!cdat->key) {
922 t->err = "NO_KEY";
923 return 0;
924 }
925 if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
926 /* IV is optional and usually omitted in wrap mode */
927 if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
928 t->err = "NO_IV";
929 return 0;
930 }
931 }
932 if (cdat->aead && !cdat->tag) {
933 t->err = "NO_TAG";
934 return 0;
935 }
936 for (out_misalign = 0; out_misalign <= 1;) {
937 static char aux_err[64];
938 t->aux_err = aux_err;
939 for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
940 if (inp_misalign == (size_t)-1) {
941 /* kludge: inp_misalign == -1 means "exercise in-place" */
942 BIO_snprintf(aux_err, sizeof(aux_err),
943 "%s in-place, %sfragmented",
944 out_misalign ? "misaligned" : "aligned",
945 frag ? "" : "not ");
946 } else {
947 BIO_snprintf(aux_err, sizeof(aux_err),
948 "%s output and %s input, %sfragmented",
949 out_misalign ? "misaligned" : "aligned",
950 inp_misalign ? "misaligned" : "aligned",
951 frag ? "" : "not ");
952 }
953 if (cdat->enc) {
954 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag);
955 /* Not fatal errors: return */
956 if (rv != 1) {
957 if (rv < 0)
958 return 0;
959 return 1;
960 }
961 }
962 if (cdat->enc != 1) {
963 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag);
964 /* Not fatal errors: return */
965 if (rv != 1) {
966 if (rv < 0)
967 return 0;
968 return 1;
969 }
970 }
971 }
972
973 if (out_misalign == 1 && frag == 0) {
974 /*
975 * XTS, SIV, CCM and Wrap modes have special requirements about input
976 * lengths so we don't fragment for those
977 */
978 if (cdat->aead == EVP_CIPH_CCM_MODE
979 || ((EVP_CIPHER_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
980 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
981 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
982 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
983 break;
984 out_misalign = 0;
985 frag++;
986 } else {
987 out_misalign++;
988 }
989 }
990 t->aux_err = NULL;
991
992 return 1;
993 }
994
995 static const EVP_TEST_METHOD cipher_test_method = {
996 "Cipher",
997 cipher_test_init,
998 cipher_test_cleanup,
999 cipher_test_parse,
1000 cipher_test_run
1001 };
1002
1003
1004 /**
1005 ** MAC TESTS
1006 **/
1007
1008 typedef struct mac_data_st {
1009 /* MAC type in one form or another */
1010 char *mac_name;
1011 EVP_MAC *mac; /* for mac_test_run_mac */
1012 int type; /* for mac_test_run_pkey */
1013 /* Algorithm string for this MAC */
1014 char *alg;
1015 /* MAC key */
1016 unsigned char *key;
1017 size_t key_len;
1018 /* MAC IV (GMAC) */
1019 unsigned char *iv;
1020 size_t iv_len;
1021 /* Input to MAC */
1022 unsigned char *input;
1023 size_t input_len;
1024 /* Expected output */
1025 unsigned char *output;
1026 size_t output_len;
1027 unsigned char *custom;
1028 size_t custom_len;
1029 /* MAC salt (blake2) */
1030 unsigned char *salt;
1031 size_t salt_len;
1032 /* XOF mode? */
1033 int xof;
1034 /* Collection of controls */
1035 STACK_OF(OPENSSL_STRING) *controls;
1036 } MAC_DATA;
1037
1038 static int mac_test_init(EVP_TEST *t, const char *alg)
1039 {
1040 EVP_MAC *mac = NULL;
1041 int type = NID_undef;
1042 MAC_DATA *mdat;
1043
1044 if (is_mac_disabled(alg)) {
1045 TEST_info("skipping, '%s' is disabled", alg);
1046 t->skip = 1;
1047 return 1;
1048 }
1049 if ((mac = EVP_MAC_fetch(libctx, alg, NULL)) == NULL) {
1050 /*
1051 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
1052 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
1053 * the EVP_PKEY method.
1054 */
1055 size_t sz = strlen(alg);
1056 static const char epilogue[] = " by EVP_PKEY";
1057
1058 if (sz >= sizeof(epilogue)
1059 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
1060 sz -= sizeof(epilogue) - 1;
1061
1062 if (strncmp(alg, "HMAC", sz) == 0)
1063 type = EVP_PKEY_HMAC;
1064 else if (strncmp(alg, "CMAC", sz) == 0)
1065 type = EVP_PKEY_CMAC;
1066 else if (strncmp(alg, "Poly1305", sz) == 0)
1067 type = EVP_PKEY_POLY1305;
1068 else if (strncmp(alg, "SipHash", sz) == 0)
1069 type = EVP_PKEY_SIPHASH;
1070 else
1071 return 0;
1072 }
1073
1074 mdat = OPENSSL_zalloc(sizeof(*mdat));
1075 mdat->type = type;
1076 mdat->mac_name = OPENSSL_strdup(alg);
1077 mdat->mac = mac;
1078 mdat->controls = sk_OPENSSL_STRING_new_null();
1079 t->data = mdat;
1080 return 1;
1081 }
1082
1083 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
1084 static void openssl_free(char *m)
1085 {
1086 OPENSSL_free(m);
1087 }
1088
1089 static void mac_test_cleanup(EVP_TEST *t)
1090 {
1091 MAC_DATA *mdat = t->data;
1092
1093 EVP_MAC_free(mdat->mac);
1094 OPENSSL_free(mdat->mac_name);
1095 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
1096 OPENSSL_free(mdat->alg);
1097 OPENSSL_free(mdat->key);
1098 OPENSSL_free(mdat->iv);
1099 OPENSSL_free(mdat->custom);
1100 OPENSSL_free(mdat->salt);
1101 OPENSSL_free(mdat->input);
1102 OPENSSL_free(mdat->output);
1103 }
1104
1105 static int mac_test_parse(EVP_TEST *t,
1106 const char *keyword, const char *value)
1107 {
1108 MAC_DATA *mdata = t->data;
1109
1110 if (strcmp(keyword, "Key") == 0)
1111 return parse_bin(value, &mdata->key, &mdata->key_len);
1112 if (strcmp(keyword, "IV") == 0)
1113 return parse_bin(value, &mdata->iv, &mdata->iv_len);
1114 if (strcmp(keyword, "Custom") == 0)
1115 return parse_bin(value, &mdata->custom, &mdata->custom_len);
1116 if (strcmp(keyword, "Salt") == 0)
1117 return parse_bin(value, &mdata->salt, &mdata->salt_len);
1118 if (strcmp(keyword, "Algorithm") == 0) {
1119 mdata->alg = OPENSSL_strdup(value);
1120 if (!mdata->alg)
1121 return -1;
1122 return 1;
1123 }
1124 if (strcmp(keyword, "Input") == 0)
1125 return parse_bin(value, &mdata->input, &mdata->input_len);
1126 if (strcmp(keyword, "Output") == 0)
1127 return parse_bin(value, &mdata->output, &mdata->output_len);
1128 if (strcmp(keyword, "XOF") == 0)
1129 return mdata->xof = 1;
1130 if (strcmp(keyword, "Ctrl") == 0)
1131 return sk_OPENSSL_STRING_push(mdata->controls,
1132 OPENSSL_strdup(value)) != 0;
1133 return 0;
1134 }
1135
1136 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1137 const char *value)
1138 {
1139 int rv = 0;
1140 char *p, *tmpval;
1141
1142 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1143 return 0;
1144 p = strchr(tmpval, ':');
1145 if (p != NULL) {
1146 *p++ = '\0';
1147 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1148 }
1149 if (rv == -2)
1150 t->err = "PKEY_CTRL_INVALID";
1151 else if (rv <= 0)
1152 t->err = "PKEY_CTRL_ERROR";
1153 else
1154 rv = 1;
1155 OPENSSL_free(tmpval);
1156 return rv > 0;
1157 }
1158
1159 static int mac_test_run_pkey(EVP_TEST *t)
1160 {
1161 MAC_DATA *expected = t->data;
1162 EVP_MD_CTX *mctx = NULL;
1163 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1164 EVP_PKEY *key = NULL;
1165 const char *mdname = NULL;
1166 EVP_CIPHER *cipher = NULL;
1167 unsigned char *got = NULL;
1168 size_t got_len;
1169 int i;
1170
1171 /* We don't do XOF mode via PKEY */
1172 if (expected->xof)
1173 return 1;
1174
1175 if (expected->alg == NULL)
1176 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1177 else
1178 TEST_info("Trying the EVP_PKEY %s test with %s",
1179 OBJ_nid2sn(expected->type), expected->alg);
1180
1181 if (expected->type == EVP_PKEY_CMAC) {
1182 #ifdef OPENSSL_NO_DEPRECATED_3_0
1183 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1184 t->skip = 1;
1185 t->err = NULL;
1186 goto err;
1187 #else
1188 OSSL_LIB_CTX *tmpctx;
1189
1190 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
1191 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1192 t->skip = 1;
1193 t->err = NULL;
1194 goto err;
1195 }
1196 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, NULL))) {
1197 t->err = "MAC_KEY_CREATE_ERROR";
1198 goto err;
1199 }
1200 tmpctx = OSSL_LIB_CTX_set0_default(libctx);
1201 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1202 cipher);
1203 OSSL_LIB_CTX_set0_default(tmpctx);
1204 #endif
1205 } else {
1206 key = EVP_PKEY_new_raw_private_key_ex(libctx,
1207 OBJ_nid2sn(expected->type), NULL,
1208 expected->key, expected->key_len);
1209 }
1210 if (key == NULL) {
1211 t->err = "MAC_KEY_CREATE_ERROR";
1212 goto err;
1213 }
1214
1215 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
1216 if (is_digest_disabled(expected->alg)) {
1217 TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
1218 t->skip = 1;
1219 t->err = NULL;
1220 goto err;
1221 }
1222 mdname = expected->alg;
1223 }
1224 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1225 t->err = "INTERNAL_ERROR";
1226 goto err;
1227 }
1228 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
1229 t->err = "DIGESTSIGNINIT_ERROR";
1230 goto err;
1231 }
1232 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
1233 if (!mac_test_ctrl_pkey(t, pctx,
1234 sk_OPENSSL_STRING_value(expected->controls,
1235 i))) {
1236 t->err = "EVPPKEYCTXCTRL_ERROR";
1237 goto err;
1238 }
1239 if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
1240 t->err = "DIGESTSIGNUPDATE_ERROR";
1241 goto err;
1242 }
1243 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
1244 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1245 goto err;
1246 }
1247 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1248 t->err = "TEST_FAILURE";
1249 goto err;
1250 }
1251 if (!EVP_DigestSignFinal(mctx, got, &got_len)
1252 || !memory_err_compare(t, "TEST_MAC_ERR",
1253 expected->output, expected->output_len,
1254 got, got_len)) {
1255 t->err = "TEST_MAC_ERR";
1256 goto err;
1257 }
1258 t->err = NULL;
1259 err:
1260 EVP_CIPHER_free(cipher);
1261 EVP_MD_CTX_free(mctx);
1262 OPENSSL_free(got);
1263 EVP_PKEY_CTX_free(genctx);
1264 EVP_PKEY_free(key);
1265 return 1;
1266 }
1267
1268 static int mac_test_run_mac(EVP_TEST *t)
1269 {
1270 MAC_DATA *expected = t->data;
1271 EVP_MAC_CTX *ctx = NULL;
1272 unsigned char *got = NULL;
1273 size_t got_len;
1274 int i;
1275 OSSL_PARAM params[21];
1276 size_t params_n = 0;
1277 size_t params_n_allocstart = 0;
1278 const OSSL_PARAM *defined_params =
1279 EVP_MAC_settable_ctx_params(expected->mac);
1280
1281 if (expected->alg == NULL)
1282 TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
1283 else
1284 TEST_info("Trying the EVP_MAC %s test with %s",
1285 expected->mac_name, expected->alg);
1286
1287 if (expected->alg != NULL) {
1288 /*
1289 * The underlying algorithm may be a cipher or a digest.
1290 * We don't know which it is, but we can ask the MAC what it
1291 * should be and bet on that.
1292 */
1293 if (OSSL_PARAM_locate_const(defined_params,
1294 OSSL_MAC_PARAM_CIPHER) != NULL) {
1295 params[params_n++] =
1296 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
1297 expected->alg, 0);
1298 } else if (OSSL_PARAM_locate_const(defined_params,
1299 OSSL_MAC_PARAM_DIGEST) != NULL) {
1300 params[params_n++] =
1301 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1302 expected->alg, 0);
1303 } else {
1304 t->err = "MAC_BAD_PARAMS";
1305 goto err;
1306 }
1307 }
1308 if (expected->custom != NULL)
1309 params[params_n++] =
1310 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1311 expected->custom,
1312 expected->custom_len);
1313 if (expected->salt != NULL)
1314 params[params_n++] =
1315 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1316 expected->salt,
1317 expected->salt_len);
1318 if (expected->iv != NULL)
1319 params[params_n++] =
1320 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1321 expected->iv,
1322 expected->iv_len);
1323
1324 /* Unknown controls. They must match parameters that the MAC recognizes */
1325 if (params_n + sk_OPENSSL_STRING_num(expected->controls)
1326 >= OSSL_NELEM(params)) {
1327 t->err = "MAC_TOO_MANY_PARAMETERS";
1328 goto err;
1329 }
1330 params_n_allocstart = params_n;
1331 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
1332 char *tmpkey, *tmpval;
1333 char *value = sk_OPENSSL_STRING_value(expected->controls, i);
1334
1335 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
1336 t->err = "MAC_PARAM_ERROR";
1337 goto err;
1338 }
1339 tmpval = strchr(tmpkey, ':');
1340 if (tmpval != NULL)
1341 *tmpval++ = '\0';
1342
1343 if (tmpval == NULL
1344 || !OSSL_PARAM_allocate_from_text(&params[params_n],
1345 defined_params,
1346 tmpkey, tmpval,
1347 strlen(tmpval), NULL)) {
1348 OPENSSL_free(tmpkey);
1349 t->err = "MAC_PARAM_ERROR";
1350 goto err;
1351 }
1352 params_n++;
1353
1354 OPENSSL_free(tmpkey);
1355 }
1356 params[params_n] = OSSL_PARAM_construct_end();
1357
1358 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
1359 t->err = "MAC_CREATE_ERROR";
1360 goto err;
1361 }
1362
1363 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
1364 t->err = "MAC_INIT_ERROR";
1365 goto err;
1366 }
1367 if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
1368 t->err = "MAC_UPDATE_ERROR";
1369 goto err;
1370 }
1371 if (expected->xof) {
1372 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
1373 t->err = "TEST_FAILURE";
1374 goto err;
1375 }
1376 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
1377 || !memory_err_compare(t, "TEST_MAC_ERR",
1378 expected->output, expected->output_len,
1379 got, expected->output_len)) {
1380 t->err = "MAC_FINAL_ERROR";
1381 goto err;
1382 }
1383 } else {
1384 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
1385 t->err = "MAC_FINAL_LENGTH_ERROR";
1386 goto err;
1387 }
1388 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1389 t->err = "TEST_FAILURE";
1390 goto err;
1391 }
1392 if (!EVP_MAC_final(ctx, got, &got_len, got_len)
1393 || !memory_err_compare(t, "TEST_MAC_ERR",
1394 expected->output, expected->output_len,
1395 got, got_len)) {
1396 t->err = "TEST_MAC_ERR";
1397 goto err;
1398 }
1399 }
1400 t->err = NULL;
1401 err:
1402 while (params_n-- > params_n_allocstart) {
1403 OPENSSL_free(params[params_n].data);
1404 }
1405 EVP_MAC_CTX_free(ctx);
1406 OPENSSL_free(got);
1407 return 1;
1408 }
1409
1410 static int mac_test_run(EVP_TEST *t)
1411 {
1412 MAC_DATA *expected = t->data;
1413
1414 if (expected->mac != NULL)
1415 return mac_test_run_mac(t);
1416 return mac_test_run_pkey(t);
1417 }
1418
1419 static const EVP_TEST_METHOD mac_test_method = {
1420 "MAC",
1421 mac_test_init,
1422 mac_test_cleanup,
1423 mac_test_parse,
1424 mac_test_run
1425 };
1426
1427
1428 /**
1429 ** PUBLIC KEY TESTS
1430 ** These are all very similar and share much common code.
1431 **/
1432
1433 typedef struct pkey_data_st {
1434 /* Context for this operation */
1435 EVP_PKEY_CTX *ctx;
1436 /* Key operation to perform */
1437 int (*keyop) (EVP_PKEY_CTX *ctx,
1438 unsigned char *sig, size_t *siglen,
1439 const unsigned char *tbs, size_t tbslen);
1440 /* Input to MAC */
1441 unsigned char *input;
1442 size_t input_len;
1443 /* Expected output */
1444 unsigned char *output;
1445 size_t output_len;
1446 } PKEY_DATA;
1447
1448 /*
1449 * Perform public key operation setup: lookup key, allocated ctx and call
1450 * the appropriate initialisation function
1451 */
1452 static int pkey_test_init(EVP_TEST *t, const char *name,
1453 int use_public,
1454 int (*keyopinit) (EVP_PKEY_CTX *ctx),
1455 int (*keyop)(EVP_PKEY_CTX *ctx,
1456 unsigned char *sig, size_t *siglen,
1457 const unsigned char *tbs,
1458 size_t tbslen))
1459 {
1460 PKEY_DATA *kdata;
1461 EVP_PKEY *pkey = NULL;
1462 int rv = 0;
1463
1464 if (use_public)
1465 rv = find_key(&pkey, name, public_keys);
1466 if (rv == 0)
1467 rv = find_key(&pkey, name, private_keys);
1468 if (rv == 0 || pkey == NULL) {
1469 TEST_info("skipping, key '%s' is disabled", name);
1470 t->skip = 1;
1471 return 1;
1472 }
1473
1474 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
1475 EVP_PKEY_free(pkey);
1476 return 0;
1477 }
1478 kdata->keyop = keyop;
1479 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL))) {
1480 EVP_PKEY_free(pkey);
1481 OPENSSL_free(kdata);
1482 return 0;
1483 }
1484 if (keyopinit(kdata->ctx) <= 0)
1485 t->err = "KEYOP_INIT_ERROR";
1486 t->data = kdata;
1487 return 1;
1488 }
1489
1490 static void pkey_test_cleanup(EVP_TEST *t)
1491 {
1492 PKEY_DATA *kdata = t->data;
1493
1494 OPENSSL_free(kdata->input);
1495 OPENSSL_free(kdata->output);
1496 EVP_PKEY_CTX_free(kdata->ctx);
1497 }
1498
1499 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1500 const char *value)
1501 {
1502 int rv = 0;
1503 char *p, *tmpval;
1504
1505 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1506 return 0;
1507 p = strchr(tmpval, ':');
1508 if (p != NULL) {
1509 *p++ = '\0';
1510 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1511 }
1512 if (rv == -2) {
1513 t->err = "PKEY_CTRL_INVALID";
1514 rv = 1;
1515 } else if (p != NULL && rv <= 0) {
1516 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
1517 TEST_info("skipping, '%s' is disabled", p);
1518 t->skip = 1;
1519 rv = 1;
1520 } else {
1521 t->err = "PKEY_CTRL_ERROR";
1522 rv = 1;
1523 }
1524 }
1525 OPENSSL_free(tmpval);
1526 return rv > 0;
1527 }
1528
1529 static int pkey_test_parse(EVP_TEST *t,
1530 const char *keyword, const char *value)
1531 {
1532 PKEY_DATA *kdata = t->data;
1533 if (strcmp(keyword, "Input") == 0)
1534 return parse_bin(value, &kdata->input, &kdata->input_len);
1535 if (strcmp(keyword, "Output") == 0)
1536 return parse_bin(value, &kdata->output, &kdata->output_len);
1537 if (strcmp(keyword, "Ctrl") == 0)
1538 return pkey_test_ctrl(t, kdata->ctx, value);
1539 return 0;
1540 }
1541
1542 static int pkey_test_run(EVP_TEST *t)
1543 {
1544 PKEY_DATA *expected = t->data;
1545 unsigned char *got = NULL;
1546 size_t got_len;
1547 EVP_PKEY_CTX *copy = NULL;
1548
1549 if (expected->keyop(expected->ctx, NULL, &got_len,
1550 expected->input, expected->input_len) <= 0
1551 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1552 t->err = "KEYOP_LENGTH_ERROR";
1553 goto err;
1554 }
1555 if (expected->keyop(expected->ctx, got, &got_len,
1556 expected->input, expected->input_len) <= 0) {
1557 t->err = "KEYOP_ERROR";
1558 goto err;
1559 }
1560 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1561 expected->output, expected->output_len,
1562 got, got_len))
1563 goto err;
1564
1565 t->err = NULL;
1566 OPENSSL_free(got);
1567 got = NULL;
1568
1569 /* Repeat the test on a copy. */
1570 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
1571 t->err = "INTERNAL_ERROR";
1572 goto err;
1573 }
1574 if (expected->keyop(copy, NULL, &got_len, expected->input,
1575 expected->input_len) <= 0
1576 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1577 t->err = "KEYOP_LENGTH_ERROR";
1578 goto err;
1579 }
1580 if (expected->keyop(copy, got, &got_len, expected->input,
1581 expected->input_len) <= 0) {
1582 t->err = "KEYOP_ERROR";
1583 goto err;
1584 }
1585 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1586 expected->output, expected->output_len,
1587 got, got_len))
1588 goto err;
1589
1590 err:
1591 OPENSSL_free(got);
1592 EVP_PKEY_CTX_free(copy);
1593 return 1;
1594 }
1595
1596 static int sign_test_init(EVP_TEST *t, const char *name)
1597 {
1598 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
1599 }
1600
1601 static const EVP_TEST_METHOD psign_test_method = {
1602 "Sign",
1603 sign_test_init,
1604 pkey_test_cleanup,
1605 pkey_test_parse,
1606 pkey_test_run
1607 };
1608
1609 static int verify_recover_test_init(EVP_TEST *t, const char *name)
1610 {
1611 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
1612 EVP_PKEY_verify_recover);
1613 }
1614
1615 static const EVP_TEST_METHOD pverify_recover_test_method = {
1616 "VerifyRecover",
1617 verify_recover_test_init,
1618 pkey_test_cleanup,
1619 pkey_test_parse,
1620 pkey_test_run
1621 };
1622
1623 static int decrypt_test_init(EVP_TEST *t, const char *name)
1624 {
1625 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
1626 EVP_PKEY_decrypt);
1627 }
1628
1629 static const EVP_TEST_METHOD pdecrypt_test_method = {
1630 "Decrypt",
1631 decrypt_test_init,
1632 pkey_test_cleanup,
1633 pkey_test_parse,
1634 pkey_test_run
1635 };
1636
1637 static int verify_test_init(EVP_TEST *t, const char *name)
1638 {
1639 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
1640 }
1641
1642 static int verify_test_run(EVP_TEST *t)
1643 {
1644 PKEY_DATA *kdata = t->data;
1645
1646 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
1647 kdata->input, kdata->input_len) <= 0)
1648 t->err = "VERIFY_ERROR";
1649 return 1;
1650 }
1651
1652 static const EVP_TEST_METHOD pverify_test_method = {
1653 "Verify",
1654 verify_test_init,
1655 pkey_test_cleanup,
1656 pkey_test_parse,
1657 verify_test_run
1658 };
1659
1660 static int pderive_test_init(EVP_TEST *t, const char *name)
1661 {
1662 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
1663 }
1664
1665 static int pderive_test_parse(EVP_TEST *t,
1666 const char *keyword, const char *value)
1667 {
1668 PKEY_DATA *kdata = t->data;
1669 int validate = 0;
1670
1671 if (strcmp(keyword, "PeerKeyValidate") == 0)
1672 validate = 1;
1673
1674 if (validate || strcmp(keyword, "PeerKey") == 0) {
1675 EVP_PKEY *peer;
1676 if (find_key(&peer, value, public_keys) == 0)
1677 return -1;
1678 if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) {
1679 t->err = "DERIVE_SET_PEER_ERROR";
1680 return 1;
1681 }
1682 t->err = NULL;
1683 return 1;
1684 }
1685 if (strcmp(keyword, "SharedSecret") == 0)
1686 return parse_bin(value, &kdata->output, &kdata->output_len);
1687 if (strcmp(keyword, "Ctrl") == 0)
1688 return pkey_test_ctrl(t, kdata->ctx, value);
1689 return 0;
1690 }
1691
1692 static int pderive_test_run(EVP_TEST *t)
1693 {
1694 PKEY_DATA *expected = t->data;
1695 unsigned char *got = NULL;
1696 size_t got_len;
1697
1698 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
1699 t->err = "DERIVE_ERROR";
1700 goto err;
1701 }
1702 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1703 t->err = "DERIVE_ERROR";
1704 goto err;
1705 }
1706 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
1707 t->err = "DERIVE_ERROR";
1708 goto err;
1709 }
1710 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
1711 expected->output, expected->output_len,
1712 got, got_len))
1713 goto err;
1714
1715 t->err = NULL;
1716 err:
1717 OPENSSL_free(got);
1718 return 1;
1719 }
1720
1721 static const EVP_TEST_METHOD pderive_test_method = {
1722 "Derive",
1723 pderive_test_init,
1724 pkey_test_cleanup,
1725 pderive_test_parse,
1726 pderive_test_run
1727 };
1728
1729
1730 /**
1731 ** PBE TESTS
1732 **/
1733
1734 typedef enum pbe_type_enum {
1735 PBE_TYPE_INVALID = 0,
1736 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
1737 } PBE_TYPE;
1738
1739 typedef struct pbe_data_st {
1740 PBE_TYPE pbe_type;
1741 /* scrypt parameters */
1742 uint64_t N, r, p, maxmem;
1743 /* PKCS#12 parameters */
1744 int id, iter;
1745 const EVP_MD *md;
1746 /* password */
1747 unsigned char *pass;
1748 size_t pass_len;
1749 /* salt */
1750 unsigned char *salt;
1751 size_t salt_len;
1752 /* Expected output */
1753 unsigned char *key;
1754 size_t key_len;
1755 } PBE_DATA;
1756
1757 #ifndef OPENSSL_NO_SCRYPT
1758 /* Parse unsigned decimal 64 bit integer value */
1759 static int parse_uint64(const char *value, uint64_t *pr)
1760 {
1761 const char *p = value;
1762
1763 if (!TEST_true(*p)) {
1764 TEST_info("Invalid empty integer value");
1765 return -1;
1766 }
1767 for (*pr = 0; *p; ) {
1768 if (*pr > UINT64_MAX / 10) {
1769 TEST_error("Integer overflow in string %s", value);
1770 return -1;
1771 }
1772 *pr *= 10;
1773 if (!TEST_true(isdigit((unsigned char)*p))) {
1774 TEST_error("Invalid character in string %s", value);
1775 return -1;
1776 }
1777 *pr += *p - '0';
1778 p++;
1779 }
1780 return 1;
1781 }
1782
1783 static int scrypt_test_parse(EVP_TEST *t,
1784 const char *keyword, const char *value)
1785 {
1786 PBE_DATA *pdata = t->data;
1787
1788 if (strcmp(keyword, "N") == 0)
1789 return parse_uint64(value, &pdata->N);
1790 if (strcmp(keyword, "p") == 0)
1791 return parse_uint64(value, &pdata->p);
1792 if (strcmp(keyword, "r") == 0)
1793 return parse_uint64(value, &pdata->r);
1794 if (strcmp(keyword, "maxmem") == 0)
1795 return parse_uint64(value, &pdata->maxmem);
1796 return 0;
1797 }
1798 #endif
1799
1800 static int pbkdf2_test_parse(EVP_TEST *t,
1801 const char *keyword, const char *value)
1802 {
1803 PBE_DATA *pdata = t->data;
1804
1805 if (strcmp(keyword, "iter") == 0) {
1806 pdata->iter = atoi(value);
1807 if (pdata->iter <= 0)
1808 return -1;
1809 return 1;
1810 }
1811 if (strcmp(keyword, "MD") == 0) {
1812 pdata->md = EVP_get_digestbyname(value);
1813 if (pdata->md == NULL)
1814 return -1;
1815 return 1;
1816 }
1817 return 0;
1818 }
1819
1820 static int pkcs12_test_parse(EVP_TEST *t,
1821 const char *keyword, const char *value)
1822 {
1823 PBE_DATA *pdata = t->data;
1824
1825 if (strcmp(keyword, "id") == 0) {
1826 pdata->id = atoi(value);
1827 if (pdata->id <= 0)
1828 return -1;
1829 return 1;
1830 }
1831 return pbkdf2_test_parse(t, keyword, value);
1832 }
1833
1834 static int pbe_test_init(EVP_TEST *t, const char *alg)
1835 {
1836 PBE_DATA *pdat;
1837 PBE_TYPE pbe_type = PBE_TYPE_INVALID;
1838
1839 if (is_kdf_disabled(alg)) {
1840 TEST_info("skipping, '%s' is disabled", alg);
1841 t->skip = 1;
1842 return 1;
1843 }
1844 if (strcmp(alg, "scrypt") == 0) {
1845 pbe_type = PBE_TYPE_SCRYPT;
1846 } else if (strcmp(alg, "pbkdf2") == 0) {
1847 pbe_type = PBE_TYPE_PBKDF2;
1848 } else if (strcmp(alg, "pkcs12") == 0) {
1849 pbe_type = PBE_TYPE_PKCS12;
1850 } else {
1851 TEST_error("Unknown pbe algorithm %s", alg);
1852 }
1853 pdat = OPENSSL_zalloc(sizeof(*pdat));
1854 pdat->pbe_type = pbe_type;
1855 t->data = pdat;
1856 return 1;
1857 }
1858
1859 static void pbe_test_cleanup(EVP_TEST *t)
1860 {
1861 PBE_DATA *pdat = t->data;
1862
1863 OPENSSL_free(pdat->pass);
1864 OPENSSL_free(pdat->salt);
1865 OPENSSL_free(pdat->key);
1866 }
1867
1868 static int pbe_test_parse(EVP_TEST *t,
1869 const char *keyword, const char *value)
1870 {
1871 PBE_DATA *pdata = t->data;
1872
1873 if (strcmp(keyword, "Password") == 0)
1874 return parse_bin(value, &pdata->pass, &pdata->pass_len);
1875 if (strcmp(keyword, "Salt") == 0)
1876 return parse_bin(value, &pdata->salt, &pdata->salt_len);
1877 if (strcmp(keyword, "Key") == 0)
1878 return parse_bin(value, &pdata->key, &pdata->key_len);
1879 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
1880 return pbkdf2_test_parse(t, keyword, value);
1881 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
1882 return pkcs12_test_parse(t, keyword, value);
1883 #ifndef OPENSSL_NO_SCRYPT
1884 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
1885 return scrypt_test_parse(t, keyword, value);
1886 #endif
1887 return 0;
1888 }
1889
1890 static int pbe_test_run(EVP_TEST *t)
1891 {
1892 PBE_DATA *expected = t->data;
1893 unsigned char *key;
1894 EVP_MD *fetched_digest = NULL;
1895 OSSL_LIB_CTX *save_libctx;
1896
1897 save_libctx = OSSL_LIB_CTX_set0_default(libctx);
1898
1899 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
1900 t->err = "INTERNAL_ERROR";
1901 goto err;
1902 }
1903 if (expected->pbe_type == PBE_TYPE_PBKDF2) {
1904 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
1905 expected->salt, expected->salt_len,
1906 expected->iter, expected->md,
1907 expected->key_len, key) == 0) {
1908 t->err = "PBKDF2_ERROR";
1909 goto err;
1910 }
1911 #ifndef OPENSSL_NO_SCRYPT
1912 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
1913 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
1914 expected->salt, expected->salt_len,
1915 expected->N, expected->r, expected->p,
1916 expected->maxmem, key, expected->key_len) == 0) {
1917 t->err = "SCRYPT_ERROR";
1918 goto err;
1919 }
1920 #endif
1921 } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
1922 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(expected->md), NULL);
1923 if (fetched_digest == NULL) {
1924 t->err = "PKCS12_ERROR";
1925 goto err;
1926 }
1927 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
1928 expected->salt, expected->salt_len,
1929 expected->id, expected->iter, expected->key_len,
1930 key, fetched_digest) == 0) {
1931 t->err = "PKCS12_ERROR";
1932 goto err;
1933 }
1934 }
1935 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
1936 key, expected->key_len))
1937 goto err;
1938
1939 t->err = NULL;
1940 err:
1941 EVP_MD_free(fetched_digest);
1942 OPENSSL_free(key);
1943 OSSL_LIB_CTX_set0_default(save_libctx);
1944 return 1;
1945 }
1946
1947 static const EVP_TEST_METHOD pbe_test_method = {
1948 "PBE",
1949 pbe_test_init,
1950 pbe_test_cleanup,
1951 pbe_test_parse,
1952 pbe_test_run
1953 };
1954
1955
1956 /**
1957 ** BASE64 TESTS
1958 **/
1959
1960 typedef enum {
1961 BASE64_CANONICAL_ENCODING = 0,
1962 BASE64_VALID_ENCODING = 1,
1963 BASE64_INVALID_ENCODING = 2
1964 } base64_encoding_type;
1965
1966 typedef struct encode_data_st {
1967 /* Input to encoding */
1968 unsigned char *input;
1969 size_t input_len;
1970 /* Expected output */
1971 unsigned char *output;
1972 size_t output_len;
1973 base64_encoding_type encoding;
1974 } ENCODE_DATA;
1975
1976 static int encode_test_init(EVP_TEST *t, const char *encoding)
1977 {
1978 ENCODE_DATA *edata;
1979
1980 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
1981 return 0;
1982 if (strcmp(encoding, "canonical") == 0) {
1983 edata->encoding = BASE64_CANONICAL_ENCODING;
1984 } else if (strcmp(encoding, "valid") == 0) {
1985 edata->encoding = BASE64_VALID_ENCODING;
1986 } else if (strcmp(encoding, "invalid") == 0) {
1987 edata->encoding = BASE64_INVALID_ENCODING;
1988 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
1989 goto err;
1990 } else {
1991 TEST_error("Bad encoding: %s."
1992 " Should be one of {canonical, valid, invalid}",
1993 encoding);
1994 goto err;
1995 }
1996 t->data = edata;
1997 return 1;
1998 err:
1999 OPENSSL_free(edata);
2000 return 0;
2001 }
2002
2003 static void encode_test_cleanup(EVP_TEST *t)
2004 {
2005 ENCODE_DATA *edata = t->data;
2006
2007 OPENSSL_free(edata->input);
2008 OPENSSL_free(edata->output);
2009 memset(edata, 0, sizeof(*edata));
2010 }
2011
2012 static int encode_test_parse(EVP_TEST *t,
2013 const char *keyword, const char *value)
2014 {
2015 ENCODE_DATA *edata = t->data;
2016
2017 if (strcmp(keyword, "Input") == 0)
2018 return parse_bin(value, &edata->input, &edata->input_len);
2019 if (strcmp(keyword, "Output") == 0)
2020 return parse_bin(value, &edata->output, &edata->output_len);
2021 return 0;
2022 }
2023
2024 static int encode_test_run(EVP_TEST *t)
2025 {
2026 ENCODE_DATA *expected = t->data;
2027 unsigned char *encode_out = NULL, *decode_out = NULL;
2028 int output_len, chunk_len;
2029 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
2030
2031 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
2032 t->err = "INTERNAL_ERROR";
2033 goto err;
2034 }
2035
2036 if (expected->encoding == BASE64_CANONICAL_ENCODING) {
2037
2038 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
2039 || !TEST_ptr(encode_out =
2040 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
2041 goto err;
2042
2043 EVP_EncodeInit(encode_ctx);
2044 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
2045 expected->input, expected->input_len)))
2046 goto err;
2047
2048 output_len = chunk_len;
2049
2050 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
2051 output_len += chunk_len;
2052
2053 if (!memory_err_compare(t, "BAD_ENCODING",
2054 expected->output, expected->output_len,
2055 encode_out, output_len))
2056 goto err;
2057 }
2058
2059 if (!TEST_ptr(decode_out =
2060 OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
2061 goto err;
2062
2063 EVP_DecodeInit(decode_ctx);
2064 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output,
2065 expected->output_len) < 0) {
2066 t->err = "DECODE_ERROR";
2067 goto err;
2068 }
2069 output_len = chunk_len;
2070
2071 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
2072 t->err = "DECODE_ERROR";
2073 goto err;
2074 }
2075 output_len += chunk_len;
2076
2077 if (expected->encoding != BASE64_INVALID_ENCODING
2078 && !memory_err_compare(t, "BAD_DECODING",
2079 expected->input, expected->input_len,
2080 decode_out, output_len)) {
2081 t->err = "BAD_DECODING";
2082 goto err;
2083 }
2084
2085 t->err = NULL;
2086 err:
2087 OPENSSL_free(encode_out);
2088 OPENSSL_free(decode_out);
2089 EVP_ENCODE_CTX_free(decode_ctx);
2090 EVP_ENCODE_CTX_free(encode_ctx);
2091 return 1;
2092 }
2093
2094 static const EVP_TEST_METHOD encode_test_method = {
2095 "Encoding",
2096 encode_test_init,
2097 encode_test_cleanup,
2098 encode_test_parse,
2099 encode_test_run,
2100 };
2101
2102
2103 /**
2104 ** RAND TESTS
2105 **/
2106 #define MAX_RAND_REPEATS 15
2107
2108 typedef struct rand_data_pass_st {
2109 unsigned char *entropy;
2110 unsigned char *reseed_entropy;
2111 unsigned char *nonce;
2112 unsigned char *pers;
2113 unsigned char *reseed_addin;
2114 unsigned char *addinA;
2115 unsigned char *addinB;
2116 unsigned char *pr_entropyA;
2117 unsigned char *pr_entropyB;
2118 unsigned char *output;
2119 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
2120 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
2121 reseed_addin_len;
2122 } RAND_DATA_PASS;
2123
2124 typedef struct rand_data_st {
2125 /* Context for this operation */
2126 EVP_RAND_CTX *ctx;
2127 EVP_RAND_CTX *parent;
2128 int n;
2129 int prediction_resistance;
2130 int use_df;
2131 unsigned int generate_bits;
2132 char *cipher;
2133 char *digest;
2134
2135 /* Expected output */
2136 RAND_DATA_PASS data[MAX_RAND_REPEATS];
2137 } RAND_DATA;
2138
2139 static int rand_test_init(EVP_TEST *t, const char *name)
2140 {
2141 RAND_DATA *rdata;
2142 EVP_RAND *rand;
2143 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2144 unsigned int strength = 256;
2145
2146 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
2147 return 0;
2148
2149 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
2150 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
2151 if (rand == NULL)
2152 goto err;
2153 rdata->parent = EVP_RAND_CTX_new(rand, NULL);
2154 EVP_RAND_free(rand);
2155 if (rdata->parent == NULL)
2156 goto err;
2157
2158 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
2159 if (!EVP_RAND_CTX_set_params(rdata->parent, params))
2160 goto err;
2161
2162 rand = EVP_RAND_fetch(libctx, name, NULL);
2163 if (rand == NULL)
2164 goto err;
2165 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
2166 EVP_RAND_free(rand);
2167 if (rdata->ctx == NULL)
2168 goto err;
2169
2170 rdata->n = -1;
2171 t->data = rdata;
2172 return 1;
2173 err:
2174 EVP_RAND_CTX_free(rdata->parent);
2175 OPENSSL_free(rdata);
2176 return 0;
2177 }
2178
2179 static void rand_test_cleanup(EVP_TEST *t)
2180 {
2181 RAND_DATA *rdata = t->data;
2182 int i;
2183
2184 OPENSSL_free(rdata->cipher);
2185 OPENSSL_free(rdata->digest);
2186
2187 for (i = 0; i <= rdata->n; i++) {
2188 OPENSSL_free(rdata->data[i].entropy);
2189 OPENSSL_free(rdata->data[i].reseed_entropy);
2190 OPENSSL_free(rdata->data[i].nonce);
2191 OPENSSL_free(rdata->data[i].pers);
2192 OPENSSL_free(rdata->data[i].reseed_addin);
2193 OPENSSL_free(rdata->data[i].addinA);
2194 OPENSSL_free(rdata->data[i].addinB);
2195 OPENSSL_free(rdata->data[i].pr_entropyA);
2196 OPENSSL_free(rdata->data[i].pr_entropyB);
2197 OPENSSL_free(rdata->data[i].output);
2198 }
2199 EVP_RAND_CTX_free(rdata->ctx);
2200 EVP_RAND_CTX_free(rdata->parent);
2201 }
2202
2203 static int rand_test_parse(EVP_TEST *t,
2204 const char *keyword, const char *value)
2205 {
2206 RAND_DATA *rdata = t->data;
2207 RAND_DATA_PASS *item;
2208 const char *p;
2209 int n;
2210
2211 if ((p = strchr(keyword, '.')) != NULL) {
2212 n = atoi(++p);
2213 if (n >= MAX_RAND_REPEATS)
2214 return 0;
2215 if (n > rdata->n)
2216 rdata->n = n;
2217 item = rdata->data + n;
2218 if (strncmp(keyword, "Entropy.", sizeof("Entropy")) == 0)
2219 return parse_bin(value, &item->entropy, &item->entropy_len);
2220 if (strncmp(keyword, "ReseedEntropy.", sizeof("ReseedEntropy")) == 0)
2221 return parse_bin(value, &item->reseed_entropy,
2222 &item->reseed_entropy_len);
2223 if (strncmp(keyword, "Nonce.", sizeof("Nonce")) == 0)
2224 return parse_bin(value, &item->nonce, &item->nonce_len);
2225 if (strncmp(keyword, "PersonalisationString.",
2226 sizeof("PersonalisationString")) == 0)
2227 return parse_bin(value, &item->pers, &item->pers_len);
2228 if (strncmp(keyword, "ReseedAdditionalInput.",
2229 sizeof("ReseedAdditionalInput")) == 0)
2230 return parse_bin(value, &item->reseed_addin,
2231 &item->reseed_addin_len);
2232 if (strncmp(keyword, "AdditionalInputA.",
2233 sizeof("AdditionalInputA")) == 0)
2234 return parse_bin(value, &item->addinA, &item->addinA_len);
2235 if (strncmp(keyword, "AdditionalInputB.",
2236 sizeof("AdditionalInputB")) == 0)
2237 return parse_bin(value, &item->addinB, &item->addinB_len);
2238 if (strncmp(keyword, "EntropyPredictionResistanceA.",
2239 sizeof("EntropyPredictionResistanceA")) == 0)
2240 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
2241 if (strncmp(keyword, "EntropyPredictionResistanceB.",
2242 sizeof("EntropyPredictionResistanceB")) == 0)
2243 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
2244 if (strncmp(keyword, "Output.", sizeof("Output")) == 0)
2245 return parse_bin(value, &item->output, &item->output_len);
2246 } else {
2247 if (strcmp(keyword, "Cipher") == 0)
2248 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
2249 if (strcmp(keyword, "Digest") == 0)
2250 return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
2251 if (strcmp(keyword, "DerivationFunction") == 0) {
2252 rdata->use_df = atoi(value) != 0;
2253 return 1;
2254 }
2255 if (strcmp(keyword, "GenerateBits") == 0) {
2256 if ((n = atoi(value)) <= 0 || n % 8 != 0)
2257 return 0;
2258 rdata->generate_bits = (unsigned int)n;
2259 return 1;
2260 }
2261 if (strcmp(keyword, "PredictionResistance") == 0) {
2262 rdata->prediction_resistance = atoi(value) != 0;
2263 return 1;
2264 }
2265 }
2266 return 0;
2267 }
2268
2269 static int rand_test_run(EVP_TEST *t)
2270 {
2271 RAND_DATA *expected = t->data;
2272 RAND_DATA_PASS *item;
2273 unsigned char *got;
2274 size_t got_len = expected->generate_bits / 8;
2275 OSSL_PARAM params[5], *p = params;
2276 int i = -1, ret = 0;
2277 unsigned int strength;
2278 unsigned char *z;
2279
2280 if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
2281 return 0;
2282
2283 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
2284 if (expected->cipher != NULL)
2285 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
2286 expected->cipher, 0);
2287 if (expected->digest != NULL)
2288 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
2289 expected->digest, 0);
2290 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
2291 *p = OSSL_PARAM_construct_end();
2292 if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
2293 goto err;
2294
2295 strength = EVP_RAND_strength(expected->ctx);
2296 for (i = 0; i <= expected->n; i++) {
2297 item = expected->data + i;
2298
2299 p = params;
2300 z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
2301 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2302 z, item->entropy_len);
2303 z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
2304 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
2305 z, item->nonce_len);
2306 *p = OSSL_PARAM_construct_end();
2307 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
2308 0, NULL, 0, params)))
2309 goto err;
2310
2311 z = item->pers != NULL ? item->pers : (unsigned char *)"";
2312 if (!TEST_true(EVP_RAND_instantiate
2313 (expected->ctx, strength,
2314 expected->prediction_resistance, z,
2315 item->pers_len, NULL)))
2316 goto err;
2317
2318 if (item->reseed_entropy != NULL) {
2319 params[0] = OSSL_PARAM_construct_octet_string
2320 (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
2321 item->reseed_entropy_len);
2322 params[1] = OSSL_PARAM_construct_end();
2323 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2324 goto err;
2325
2326 if (!TEST_true(EVP_RAND_reseed
2327 (expected->ctx, expected->prediction_resistance,
2328 NULL, 0, item->reseed_addin,
2329 item->reseed_addin_len)))
2330 goto err;
2331 }
2332 if (item->pr_entropyA != NULL) {
2333 params[0] = OSSL_PARAM_construct_octet_string
2334 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
2335 item->pr_entropyA_len);
2336 params[1] = OSSL_PARAM_construct_end();
2337 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2338 goto err;
2339 }
2340 if (!TEST_true(EVP_RAND_generate
2341 (expected->ctx, got, got_len,
2342 strength, expected->prediction_resistance,
2343 item->addinA, item->addinA_len)))
2344 goto err;
2345
2346 if (item->pr_entropyB != NULL) {
2347 params[0] = OSSL_PARAM_construct_octet_string
2348 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
2349 item->pr_entropyB_len);
2350 params[1] = OSSL_PARAM_construct_end();
2351 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2352 return 0;
2353 }
2354 if (!TEST_true(EVP_RAND_generate
2355 (expected->ctx, got, got_len,
2356 strength, expected->prediction_resistance,
2357 item->addinB, item->addinB_len)))
2358 goto err;
2359 if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
2360 goto err;
2361 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
2362 || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
2363 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
2364 || !TEST_int_eq(EVP_RAND_state(expected->ctx),
2365 EVP_RAND_STATE_UNINITIALISED))
2366 goto err;
2367 }
2368 t->err = NULL;
2369 ret = 1;
2370
2371 err:
2372 if (ret == 0 && i >= 0)
2373 TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
2374 OPENSSL_free(got);
2375 return ret;
2376 }
2377
2378 static const EVP_TEST_METHOD rand_test_method = {
2379 "RAND",
2380 rand_test_init,
2381 rand_test_cleanup,
2382 rand_test_parse,
2383 rand_test_run
2384 };
2385
2386
2387 /**
2388 ** KDF TESTS
2389 **/
2390 typedef struct kdf_data_st {
2391 /* Context for this operation */
2392 EVP_KDF_CTX *ctx;
2393 /* Expected output */
2394 unsigned char *output;
2395 size_t output_len;
2396 OSSL_PARAM params[20];
2397 OSSL_PARAM *p;
2398 } KDF_DATA;
2399
2400 /*
2401 * Perform public key operation setup: lookup key, allocated ctx and call
2402 * the appropriate initialisation function
2403 */
2404 static int kdf_test_init(EVP_TEST *t, const char *name)
2405 {
2406 KDF_DATA *kdata;
2407 EVP_KDF *kdf;
2408
2409 if (is_kdf_disabled(name)) {
2410 TEST_info("skipping, '%s' is disabled", name);
2411 t->skip = 1;
2412 return 1;
2413 }
2414
2415 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2416 return 0;
2417 kdata->p = kdata->params;
2418 *kdata->p = OSSL_PARAM_construct_end();
2419
2420 kdf = EVP_KDF_fetch(libctx, name, NULL);
2421 if (kdf == NULL) {
2422 OPENSSL_free(kdata);
2423 return 0;
2424 }
2425 kdata->ctx = EVP_KDF_CTX_new(kdf);
2426 EVP_KDF_free(kdf);
2427 if (kdata->ctx == NULL) {
2428 OPENSSL_free(kdata);
2429 return 0;
2430 }
2431 t->data = kdata;
2432 return 1;
2433 }
2434
2435 static void kdf_test_cleanup(EVP_TEST *t)
2436 {
2437 KDF_DATA *kdata = t->data;
2438 OSSL_PARAM *p;
2439
2440 for (p = kdata->params; p->key != NULL; p++)
2441 OPENSSL_free(p->data);
2442 OPENSSL_free(kdata->output);
2443 EVP_KDF_CTX_free(kdata->ctx);
2444 }
2445
2446 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
2447 const char *value)
2448 {
2449 KDF_DATA *kdata = t->data;
2450 int rv;
2451 char *p, *name;
2452 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
2453
2454 if (!TEST_ptr(name = OPENSSL_strdup(value)))
2455 return 0;
2456 p = strchr(name, ':');
2457 if (p != NULL)
2458 *p++ = '\0';
2459
2460 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
2461 p != NULL ? strlen(p) : 0, NULL);
2462 *++kdata->p = OSSL_PARAM_construct_end();
2463 if (!rv) {
2464 t->err = "KDF_PARAM_ERROR";
2465 OPENSSL_free(name);
2466 return 0;
2467 }
2468 if (p != NULL && strcmp(name, "digest") == 0) {
2469 if (is_digest_disabled(p)) {
2470 TEST_info("skipping, '%s' is disabled", p);
2471 t->skip = 1;
2472 }
2473 }
2474 if (p != NULL
2475 && (strcmp(name, "cipher") == 0
2476 || strcmp(name, "cekalg") == 0)
2477 && is_cipher_disabled(p)) {
2478 TEST_info("skipping, '%s' is disabled", p);
2479 t->skip = 1;
2480 }
2481 OPENSSL_free(name);
2482 return 1;
2483 }
2484
2485 static int kdf_test_parse(EVP_TEST *t,
2486 const char *keyword, const char *value)
2487 {
2488 KDF_DATA *kdata = t->data;
2489
2490 if (strcmp(keyword, "Output") == 0)
2491 return parse_bin(value, &kdata->output, &kdata->output_len);
2492 if (strncmp(keyword, "Ctrl", 4) == 0)
2493 return kdf_test_ctrl(t, kdata->ctx, value);
2494 return 0;
2495 }
2496
2497 static int kdf_test_run(EVP_TEST *t)
2498 {
2499 KDF_DATA *expected = t->data;
2500 unsigned char *got = NULL;
2501 size_t got_len = expected->output_len;
2502
2503 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
2504 t->err = "KDF_CTRL_ERROR";
2505 return 1;
2506 }
2507 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2508 t->err = "INTERNAL_ERROR";
2509 goto err;
2510 }
2511 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
2512 t->err = "KDF_DERIVE_ERROR";
2513 goto err;
2514 }
2515 if (!memory_err_compare(t, "KDF_MISMATCH",
2516 expected->output, expected->output_len,
2517 got, got_len))
2518 goto err;
2519
2520 t->err = NULL;
2521
2522 err:
2523 OPENSSL_free(got);
2524 return 1;
2525 }
2526
2527 static const EVP_TEST_METHOD kdf_test_method = {
2528 "KDF",
2529 kdf_test_init,
2530 kdf_test_cleanup,
2531 kdf_test_parse,
2532 kdf_test_run
2533 };
2534
2535 /**
2536 ** PKEY KDF TESTS
2537 **/
2538
2539 typedef struct pkey_kdf_data_st {
2540 /* Context for this operation */
2541 EVP_PKEY_CTX *ctx;
2542 /* Expected output */
2543 unsigned char *output;
2544 size_t output_len;
2545 } PKEY_KDF_DATA;
2546
2547 /*
2548 * Perform public key operation setup: lookup key, allocated ctx and call
2549 * the appropriate initialisation function
2550 */
2551 static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
2552 {
2553 PKEY_KDF_DATA *kdata = NULL;
2554
2555 if (is_kdf_disabled(name)) {
2556 TEST_info("skipping, '%s' is disabled", name);
2557 t->skip = 1;
2558 return 1;
2559 }
2560
2561 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2562 return 0;
2563
2564 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, NULL);
2565 if (kdata->ctx == NULL
2566 || EVP_PKEY_derive_init(kdata->ctx) <= 0)
2567 goto err;
2568
2569 t->data = kdata;
2570 return 1;
2571 err:
2572 EVP_PKEY_CTX_free(kdata->ctx);
2573 OPENSSL_free(kdata);
2574 return 0;
2575 }
2576
2577 static void pkey_kdf_test_cleanup(EVP_TEST *t)
2578 {
2579 PKEY_KDF_DATA *kdata = t->data;
2580
2581 OPENSSL_free(kdata->output);
2582 EVP_PKEY_CTX_free(kdata->ctx);
2583 }
2584
2585 static int pkey_kdf_test_parse(EVP_TEST *t,
2586 const char *keyword, const char *value)
2587 {
2588 PKEY_KDF_DATA *kdata = t->data;
2589
2590 if (strcmp(keyword, "Output") == 0)
2591 return parse_bin(value, &kdata->output, &kdata->output_len);
2592 if (strncmp(keyword, "Ctrl", 4) == 0)
2593 return pkey_test_ctrl(t, kdata->ctx, value);
2594 return 0;
2595 }
2596
2597 static int pkey_kdf_test_run(EVP_TEST *t)
2598 {
2599 PKEY_KDF_DATA *expected = t->data;
2600 unsigned char *got = NULL;
2601 size_t got_len = expected->output_len;
2602
2603 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2604 t->err = "INTERNAL_ERROR";
2605 goto err;
2606 }
2607 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
2608 t->err = "KDF_DERIVE_ERROR";
2609 goto err;
2610 }
2611 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
2612 t->err = "KDF_MISMATCH";
2613 goto err;
2614 }
2615 t->err = NULL;
2616
2617 err:
2618 OPENSSL_free(got);
2619 return 1;
2620 }
2621
2622 static const EVP_TEST_METHOD pkey_kdf_test_method = {
2623 "PKEYKDF",
2624 pkey_kdf_test_init,
2625 pkey_kdf_test_cleanup,
2626 pkey_kdf_test_parse,
2627 pkey_kdf_test_run
2628 };
2629
2630 /**
2631 ** KEYPAIR TESTS
2632 **/
2633
2634 typedef struct keypair_test_data_st {
2635 EVP_PKEY *privk;
2636 EVP_PKEY *pubk;
2637 } KEYPAIR_TEST_DATA;
2638
2639 static int keypair_test_init(EVP_TEST *t, const char *pair)
2640 {
2641 KEYPAIR_TEST_DATA *data;
2642 int rv = 0;
2643 EVP_PKEY *pk = NULL, *pubk = NULL;
2644 char *pub, *priv = NULL;
2645
2646 /* Split private and public names. */
2647 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
2648 || !TEST_ptr(pub = strchr(priv, ':'))) {
2649 t->err = "PARSING_ERROR";
2650 goto end;
2651 }
2652 *pub++ = '\0';
2653
2654 if (!TEST_true(find_key(&pk, priv, private_keys))) {
2655 TEST_info("Can't find private key: %s", priv);
2656 t->err = "MISSING_PRIVATE_KEY";
2657 goto end;
2658 }
2659 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
2660 TEST_info("Can't find public key: %s", pub);
2661 t->err = "MISSING_PUBLIC_KEY";
2662 goto end;
2663 }
2664
2665 if (pk == NULL && pubk == NULL) {
2666 /* Both keys are listed but unsupported: skip this test */
2667 t->skip = 1;
2668 rv = 1;
2669 goto end;
2670 }
2671
2672 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
2673 goto end;
2674 data->privk = pk;
2675 data->pubk = pubk;
2676 t->data = data;
2677 rv = 1;
2678 t->err = NULL;
2679
2680 end:
2681 OPENSSL_free(priv);
2682 return rv;
2683 }
2684
2685 static void keypair_test_cleanup(EVP_TEST *t)
2686 {
2687 OPENSSL_free(t->data);
2688 t->data = NULL;
2689 }
2690
2691 /*
2692 * For tests that do not accept any custom keywords.
2693 */
2694 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
2695 {
2696 return 0;
2697 }
2698
2699 static int keypair_test_run(EVP_TEST *t)
2700 {
2701 int rv = 0;
2702 const KEYPAIR_TEST_DATA *pair = t->data;
2703
2704 if (pair->privk == NULL || pair->pubk == NULL) {
2705 /*
2706 * this can only happen if only one of the keys is not set
2707 * which means that one of them was unsupported while the
2708 * other isn't: hence a key type mismatch.
2709 */
2710 t->err = "KEYPAIR_TYPE_MISMATCH";
2711 rv = 1;
2712 goto end;
2713 }
2714
2715 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1 ) {
2716 if ( 0 == rv ) {
2717 t->err = "KEYPAIR_MISMATCH";
2718 } else if ( -1 == rv ) {
2719 t->err = "KEYPAIR_TYPE_MISMATCH";
2720 } else if ( -2 == rv ) {
2721 t->err = "UNSUPPORTED_KEY_COMPARISON";
2722 } else {
2723 TEST_error("Unexpected error in key comparison");
2724 rv = 0;
2725 goto end;
2726 }
2727 rv = 1;
2728 goto end;
2729 }
2730
2731 rv = 1;
2732 t->err = NULL;
2733
2734 end:
2735 return rv;
2736 }
2737
2738 static const EVP_TEST_METHOD keypair_test_method = {
2739 "PrivPubKeyPair",
2740 keypair_test_init,
2741 keypair_test_cleanup,
2742 void_test_parse,
2743 keypair_test_run
2744 };
2745
2746 /**
2747 ** KEYGEN TEST
2748 **/
2749
2750 typedef struct keygen_test_data_st {
2751 EVP_PKEY_CTX *genctx; /* Keygen context to use */
2752 char *keyname; /* Key name to store key or NULL */
2753 } KEYGEN_TEST_DATA;
2754
2755 static int keygen_test_init(EVP_TEST *t, const char *alg)
2756 {
2757 KEYGEN_TEST_DATA *data;
2758 EVP_PKEY_CTX *genctx;
2759 int nid = OBJ_sn2nid(alg);
2760
2761 if (nid == NID_undef) {
2762 nid = OBJ_ln2nid(alg);
2763 if (nid == NID_undef)
2764 return 0;
2765 }
2766
2767 if (is_pkey_disabled(alg)) {
2768 t->skip = 1;
2769 return 1;
2770 }
2771 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, NULL)))
2772 goto err;
2773
2774 if (EVP_PKEY_keygen_init(genctx) <= 0) {
2775 t->err = "KEYGEN_INIT_ERROR";
2776 goto err;
2777 }
2778
2779 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
2780 goto err;
2781 data->genctx = genctx;
2782 data->keyname = NULL;
2783 t->data = data;
2784 t->err = NULL;
2785 return 1;
2786
2787 err:
2788 EVP_PKEY_CTX_free(genctx);
2789 return 0;
2790 }
2791
2792 static void keygen_test_cleanup(EVP_TEST *t)
2793 {
2794 KEYGEN_TEST_DATA *keygen = t->data;
2795
2796 EVP_PKEY_CTX_free(keygen->genctx);
2797 OPENSSL_free(keygen->keyname);
2798 OPENSSL_free(t->data);
2799 t->data = NULL;
2800 }
2801
2802 static int keygen_test_parse(EVP_TEST *t,
2803 const char *keyword, const char *value)
2804 {
2805 KEYGEN_TEST_DATA *keygen = t->data;
2806
2807 if (strcmp(keyword, "KeyName") == 0)
2808 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
2809 if (strcmp(keyword, "Ctrl") == 0)
2810 return pkey_test_ctrl(t, keygen->genctx, value);
2811 return 0;
2812 }
2813
2814 static int keygen_test_run(EVP_TEST *t)
2815 {
2816 KEYGEN_TEST_DATA *keygen = t->data;
2817 EVP_PKEY *pkey = NULL;
2818 int rv = 1;
2819
2820 if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
2821 t->err = "KEYGEN_GENERATE_ERROR";
2822 goto err;
2823 }
2824
2825 if (!evp_pkey_is_provided(pkey)) {
2826 TEST_info("Warning: legacy key generated %s", keygen->keyname);
2827 goto err;
2828 }
2829 if (keygen->keyname != NULL) {
2830 KEY_LIST *key;
2831
2832 rv = 0;
2833 if (find_key(NULL, keygen->keyname, private_keys)) {
2834 TEST_info("Duplicate key %s", keygen->keyname);
2835 goto err;
2836 }
2837
2838 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
2839 goto err;
2840 key->name = keygen->keyname;
2841 keygen->keyname = NULL;
2842 key->key = pkey;
2843 key->next = private_keys;
2844 private_keys = key;
2845 rv = 1;
2846 } else {
2847 EVP_PKEY_free(pkey);
2848 }
2849
2850 t->err = NULL;
2851
2852 err:
2853 return rv;
2854 }
2855
2856 static const EVP_TEST_METHOD keygen_test_method = {
2857 "KeyGen",
2858 keygen_test_init,
2859 keygen_test_cleanup,
2860 keygen_test_parse,
2861 keygen_test_run,
2862 };
2863
2864 /**
2865 ** DIGEST SIGN+VERIFY TESTS
2866 **/
2867
2868 typedef struct {
2869 int is_verify; /* Set to 1 if verifying */
2870 int is_oneshot; /* Set to 1 for one shot operation */
2871 const EVP_MD *md; /* Digest to use */
2872 EVP_MD_CTX *ctx; /* Digest context */
2873 EVP_PKEY_CTX *pctx;
2874 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
2875 unsigned char *osin; /* Input data if one shot */
2876 size_t osin_len; /* Input length data if one shot */
2877 unsigned char *output; /* Expected output */
2878 size_t output_len; /* Expected output length */
2879 } DIGESTSIGN_DATA;
2880
2881 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
2882 int is_oneshot)
2883 {
2884 const EVP_MD *md = NULL;
2885 DIGESTSIGN_DATA *mdat;
2886
2887 if (strcmp(alg, "NULL") != 0) {
2888 if (is_digest_disabled(alg)) {
2889 t->skip = 1;
2890 return 1;
2891 }
2892 md = EVP_get_digestbyname(alg);
2893 if (md == NULL)
2894 return 0;
2895 }
2896 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
2897 return 0;
2898 mdat->md = md;
2899 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
2900 OPENSSL_free(mdat);
2901 return 0;
2902 }
2903 mdat->is_verify = is_verify;
2904 mdat->is_oneshot = is_oneshot;
2905 t->data = mdat;
2906 return 1;
2907 }
2908
2909 static int digestsign_test_init(EVP_TEST *t, const char *alg)
2910 {
2911 return digestsigver_test_init(t, alg, 0, 0);
2912 }
2913
2914 static void digestsigver_test_cleanup(EVP_TEST *t)
2915 {
2916 DIGESTSIGN_DATA *mdata = t->data;
2917
2918 EVP_MD_CTX_free(mdata->ctx);
2919 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
2920 OPENSSL_free(mdata->osin);
2921 OPENSSL_free(mdata->output);
2922 OPENSSL_free(mdata);
2923 t->data = NULL;
2924 }
2925
2926 static int digestsigver_test_parse(EVP_TEST *t,
2927 const char *keyword, const char *value)
2928 {
2929 DIGESTSIGN_DATA *mdata = t->data;
2930
2931 if (strcmp(keyword, "Key") == 0) {
2932 EVP_PKEY *pkey = NULL;
2933 int rv = 0;
2934 const char *name = mdata->md == NULL ? NULL : EVP_MD_name(mdata->md);
2935
2936 if (mdata->is_verify)
2937 rv = find_key(&pkey, value, public_keys);
2938 if (rv == 0)
2939 rv = find_key(&pkey, value, private_keys);
2940 if (rv == 0 || pkey == NULL) {
2941 t->skip = 1;
2942 return 1;
2943 }
2944 if (mdata->is_verify) {
2945 if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
2946 NULL, pkey, NULL))
2947 t->err = "DIGESTVERIFYINIT_ERROR";
2948 return 1;
2949 }
2950 if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
2951 pkey, NULL))
2952 t->err = "DIGESTSIGNINIT_ERROR";
2953 return 1;
2954 }
2955
2956 if (strcmp(keyword, "Input") == 0) {
2957 if (mdata->is_oneshot)
2958 return parse_bin(value, &mdata->osin, &mdata->osin_len);
2959 return evp_test_buffer_append(value, &mdata->input);
2960 }
2961 if (strcmp(keyword, "Output") == 0)
2962 return parse_bin(value, &mdata->output, &mdata->output_len);
2963
2964 if (!mdata->is_oneshot) {
2965 if (strcmp(keyword, "Count") == 0)
2966 return evp_test_buffer_set_count(value, mdata->input);
2967 if (strcmp(keyword, "Ncopy") == 0)
2968 return evp_test_buffer_ncopy(value, mdata->input);
2969 }
2970 if (strcmp(keyword, "Ctrl") == 0) {
2971 if (mdata->pctx == NULL)
2972 return -1;
2973 return pkey_test_ctrl(t, mdata->pctx, value);
2974 }
2975 return 0;
2976 }
2977
2978 static int digestsign_update_fn(void *ctx, const unsigned char *buf,
2979 size_t buflen)
2980 {
2981 return EVP_DigestSignUpdate(ctx, buf, buflen);
2982 }
2983
2984 static int digestsign_test_run(EVP_TEST *t)
2985 {
2986 DIGESTSIGN_DATA *expected = t->data;
2987 unsigned char *got = NULL;
2988 size_t got_len;
2989
2990 if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
2991 expected->ctx)) {
2992 t->err = "DIGESTUPDATE_ERROR";
2993 goto err;
2994 }
2995
2996 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
2997 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
2998 goto err;
2999 }
3000 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3001 t->err = "MALLOC_FAILURE";
3002 goto err;
3003 }
3004 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
3005 t->err = "DIGESTSIGNFINAL_ERROR";
3006 goto err;
3007 }
3008 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3009 expected->output, expected->output_len,
3010 got, got_len))
3011 goto err;
3012
3013 t->err = NULL;
3014 err:
3015 OPENSSL_free(got);
3016 return 1;
3017 }
3018
3019 static const EVP_TEST_METHOD digestsign_test_method = {
3020 "DigestSign",
3021 digestsign_test_init,
3022 digestsigver_test_cleanup,
3023 digestsigver_test_parse,
3024 digestsign_test_run
3025 };
3026
3027 static int digestverify_test_init(EVP_TEST *t, const char *alg)
3028 {
3029 return digestsigver_test_init(t, alg, 1, 0);
3030 }
3031
3032 static int digestverify_update_fn(void *ctx, const unsigned char *buf,
3033 size_t buflen)
3034 {
3035 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
3036 }
3037
3038 static int digestverify_test_run(EVP_TEST *t)
3039 {
3040 DIGESTSIGN_DATA *mdata = t->data;
3041
3042 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
3043 t->err = "DIGESTUPDATE_ERROR";
3044 return 1;
3045 }
3046
3047 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
3048 mdata->output_len) <= 0)
3049 t->err = "VERIFY_ERROR";
3050 return 1;
3051 }
3052
3053 static const EVP_TEST_METHOD digestverify_test_method = {
3054 "DigestVerify",
3055 digestverify_test_init,
3056 digestsigver_test_cleanup,
3057 digestsigver_test_parse,
3058 digestverify_test_run
3059 };
3060
3061 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
3062 {
3063 return digestsigver_test_init(t, alg, 0, 1);
3064 }
3065
3066 static int oneshot_digestsign_test_run(EVP_TEST *t)
3067 {
3068 DIGESTSIGN_DATA *expected = t->data;
3069 unsigned char *got = NULL;
3070 size_t got_len;
3071
3072 if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
3073 expected->osin, expected->osin_len)) {
3074 t->err = "DIGESTSIGN_LENGTH_ERROR";
3075 goto err;
3076 }
3077 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3078 t->err = "MALLOC_FAILURE";
3079 goto err;
3080 }
3081 if (!EVP_DigestSign(expected->ctx, got, &got_len,
3082 expected->osin, expected->osin_len)) {
3083 t->err = "DIGESTSIGN_ERROR";
3084 goto err;
3085 }
3086 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3087 expected->output, expected->output_len,
3088 got, got_len))
3089 goto err;
3090
3091 t->err = NULL;
3092 err:
3093 OPENSSL_free(got);
3094 return 1;
3095 }
3096
3097 static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
3098 "OneShotDigestSign",
3099 oneshot_digestsign_test_init,
3100 digestsigver_test_cleanup,
3101 digestsigver_test_parse,
3102 oneshot_digestsign_test_run
3103 };
3104
3105 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
3106 {
3107 return digestsigver_test_init(t, alg, 1, 1);
3108 }
3109
3110 static int oneshot_digestverify_test_run(EVP_TEST *t)
3111 {
3112 DIGESTSIGN_DATA *mdata = t->data;
3113
3114 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
3115 mdata->osin, mdata->osin_len) <= 0)
3116 t->err = "VERIFY_ERROR";
3117 return 1;
3118 }
3119
3120 static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
3121 "OneShotDigestVerify",
3122 oneshot_digestverify_test_init,
3123 digestsigver_test_cleanup,
3124 digestsigver_test_parse,
3125 oneshot_digestverify_test_run
3126 };
3127
3128
3129 /**
3130 ** PARSING AND DISPATCH
3131 **/
3132
3133 static const EVP_TEST_METHOD *evp_test_list[] = {
3134 &rand_test_method,
3135 &cipher_test_method,
3136 &digest_test_method,
3137 &digestsign_test_method,
3138 &digestverify_test_method,
3139 &encode_test_method,
3140 &kdf_test_method,
3141 &pkey_kdf_test_method,
3142 &keypair_test_method,
3143 &keygen_test_method,
3144 &mac_test_method,
3145 &oneshot_digestsign_test_method,
3146 &oneshot_digestverify_test_method,
3147 &pbe_test_method,
3148 &pdecrypt_test_method,
3149 &pderive_test_method,
3150 &psign_test_method,
3151 &pverify_recover_test_method,
3152 &pverify_test_method,
3153 NULL
3154 };
3155
3156 static const EVP_TEST_METHOD *find_test(const char *name)
3157 {
3158 const EVP_TEST_METHOD **tt;
3159
3160 for (tt = evp_test_list; *tt; tt++) {
3161 if (strcmp(name, (*tt)->name) == 0)
3162 return *tt;
3163 }
3164 return NULL;
3165 }
3166
3167 static void clear_test(EVP_TEST *t)
3168 {
3169 test_clearstanza(&t->s);
3170 ERR_clear_error();
3171 if (t->data != NULL) {
3172 if (t->meth != NULL)
3173 t->meth->cleanup(t);
3174 OPENSSL_free(t->data);
3175 t->data = NULL;
3176 }
3177 OPENSSL_free(t->expected_err);
3178 t->expected_err = NULL;
3179 OPENSSL_free(t->reason);
3180 t->reason = NULL;
3181
3182 /* Text literal. */
3183 t->err = NULL;
3184 t->skip = 0;
3185 t->meth = NULL;
3186 }
3187
3188 /* Check for errors in the test structure; return 1 if okay, else 0. */
3189 static int check_test_error(EVP_TEST *t)
3190 {
3191 unsigned long err;
3192 const char *reason;
3193
3194 if (t->err == NULL && t->expected_err == NULL)
3195 return 1;
3196 if (t->err != NULL && t->expected_err == NULL) {
3197 if (t->aux_err != NULL) {
3198 TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
3199 t->s.test_file, t->s.start, t->aux_err, t->err);
3200 } else {
3201 TEST_info("%s:%d: Source of above error; unexpected error %s",
3202 t->s.test_file, t->s.start, t->err);
3203 }
3204 return 0;
3205 }
3206 if (t->err == NULL && t->expected_err != NULL) {
3207 TEST_info("%s:%d: Succeeded but was expecting %s",
3208 t->s.test_file, t->s.start, t->expected_err);
3209 return 0;
3210 }
3211
3212 if (strcmp(t->err, t->expected_err) != 0) {
3213 TEST_info("%s:%d: Expected %s got %s",
3214 t->s.test_file, t->s.start, t->expected_err, t->err);
3215 return 0;
3216 }
3217
3218 if (t->reason == NULL)
3219 return 1;
3220
3221 if (t->reason == NULL) {
3222 TEST_info("%s:%d: Test is missing function or reason code",
3223 t->s.test_file, t->s.start);
3224 return 0;
3225 }
3226
3227 err = ERR_peek_error();
3228 if (err == 0) {
3229 TEST_info("%s:%d: Expected error \"%s\" not set",
3230 t->s.test_file, t->s.start, t->reason);
3231 return 0;
3232 }
3233
3234 reason = ERR_reason_error_string(err);
3235 if (reason == NULL) {
3236 TEST_info("%s:%d: Expected error \"%s\", no strings available."
3237 " Assuming ok.",
3238 t->s.test_file, t->s.start, t->reason);
3239 return 1;
3240 }
3241
3242 if (strcmp(reason, t->reason) == 0)
3243 return 1;
3244
3245 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
3246 t->s.test_file, t->s.start, t->reason, reason);
3247
3248 return 0;
3249 }
3250
3251 /* Run a parsed test. Log a message and return 0 on error. */
3252 static int run_test(EVP_TEST *t)
3253 {
3254 if (t->meth == NULL)
3255 return 1;
3256 t->s.numtests++;
3257 if (t->skip) {
3258 t->s.numskip++;
3259 } else {
3260 /* run the test */
3261 if (t->err == NULL && t->meth->run_test(t) != 1) {
3262 TEST_info("%s:%d %s error",
3263 t->s.test_file, t->s.start, t->meth->name);
3264 return 0;
3265 }
3266 if (!check_test_error(t)) {
3267 TEST_openssl_errors();
3268 t->s.errors++;
3269 }
3270 }
3271
3272 /* clean it up */
3273 return 1;
3274 }
3275
3276 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
3277 {
3278 for (; lst != NULL; lst = lst->next) {
3279 if (strcmp(lst->name, name) == 0) {
3280 if (ppk != NULL)
3281 *ppk = lst->key;
3282 return 1;
3283 }
3284 }
3285 return 0;
3286 }
3287
3288 static void free_key_list(KEY_LIST *lst)
3289 {
3290 while (lst != NULL) {
3291 KEY_LIST *next = lst->next;
3292
3293 EVP_PKEY_free(lst->key);
3294 OPENSSL_free(lst->name);
3295 OPENSSL_free(lst);
3296 lst = next;
3297 }
3298 }
3299
3300 /*
3301 * Is the key type an unsupported algorithm?
3302 */
3303 static int key_unsupported(void)
3304 {
3305 long err = ERR_peek_last_error();
3306 int lib = ERR_GET_LIB(err);
3307 long reason = ERR_GET_REASON(err);
3308
3309 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
3310 || reason == ERR_R_UNSUPPORTED) {
3311 ERR_clear_error();
3312 return 1;
3313 }
3314 #ifndef OPENSSL_NO_EC
3315 /*
3316 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
3317 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
3318 * disabled).
3319 */
3320 if (lib == ERR_LIB_EC
3321 && (reason == EC_R_UNKNOWN_GROUP
3322 || reason == EC_R_INVALID_CURVE)) {
3323 ERR_clear_error();
3324 return 1;
3325 }
3326 #endif /* OPENSSL_NO_EC */
3327 return 0;
3328 }
3329
3330 /* NULL out the value from |pp| but return it. This "steals" a pointer. */
3331 static char *take_value(PAIR *pp)
3332 {
3333 char *p = pp->value;
3334
3335 pp->value = NULL;
3336 return p;
3337 }
3338
3339 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
3340 static int securitycheck_enabled(void)
3341 {
3342 static int enabled = -1;
3343
3344 if (enabled == -1) {
3345 if (OSSL_PROVIDER_available(libctx, "fips")) {
3346 OSSL_PARAM params[2];
3347 OSSL_PROVIDER *prov = NULL;
3348 int check = 1;
3349
3350 prov = OSSL_PROVIDER_load(libctx, "fips");
3351 if (prov != NULL) {
3352 params[0] =
3353 OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
3354 &check);
3355 params[1] = OSSL_PARAM_construct_end();
3356 OSSL_PROVIDER_get_params(prov, params);
3357 OSSL_PROVIDER_unload(prov);
3358 }
3359 enabled = check;
3360 return enabled;
3361 }
3362 enabled = 0;
3363 }
3364 return enabled;
3365 }
3366 #endif
3367
3368 /*
3369 * Return 1 if one of the providers named in the string is available.
3370 * The provider names are separated with whitespace.
3371 * NOTE: destructive function, it inserts '\0' after each provider name.
3372 */
3373 static int prov_available(char *providers)
3374 {
3375 char *p;
3376 int more = 1;
3377
3378 while (more) {
3379 for (; isspace(*providers); providers++)
3380 continue;
3381 if (*providers == '\0')
3382 break; /* End of the road */
3383 for (p = providers; *p != '\0' && !isspace(*p); p++)
3384 continue;
3385 if (*p == '\0')
3386 more = 0;
3387 else
3388 *p = '\0';
3389 if (OSSL_PROVIDER_available(libctx, providers))
3390 return 1; /* Found one */
3391 }
3392 return 0;
3393 }
3394
3395 /* Read and parse one test. Return 0 if failure, 1 if okay. */
3396 static int parse(EVP_TEST *t)
3397 {
3398 KEY_LIST *key, **klist;
3399 EVP_PKEY *pkey;
3400 PAIR *pp;
3401 int i, skip_availablein = 0;
3402
3403 top:
3404 do {
3405 if (BIO_eof(t->s.fp))
3406 return EOF;
3407 clear_test(t);
3408 if (!test_readstanza(&t->s))
3409 return 0;
3410 } while (t->s.numpairs == 0);
3411 pp = &t->s.pairs[0];
3412
3413 /* Are we adding a key? */
3414 klist = NULL;
3415 pkey = NULL;
3416 start:
3417 if (strcmp(pp->key, "PrivateKey") == 0) {
3418 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3419 if (pkey == NULL && !key_unsupported()) {
3420 EVP_PKEY_free(pkey);
3421 TEST_info("Can't read private key %s", pp->value);
3422 TEST_openssl_errors();
3423 return 0;
3424 }
3425 klist = &private_keys;
3426 } else if (strcmp(pp->key, "PublicKey") == 0) {
3427 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3428 if (pkey == NULL && !key_unsupported()) {
3429 EVP_PKEY_free(pkey);
3430 TEST_info("Can't read public key %s", pp->value);
3431 TEST_openssl_errors();
3432 return 0;
3433 }
3434 klist = &public_keys;
3435 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
3436 || strcmp(pp->key, "PublicKeyRaw") == 0 ) {
3437 char *strnid = NULL, *keydata = NULL;
3438 unsigned char *keybin;
3439 size_t keylen;
3440 int nid;
3441
3442 if (strcmp(pp->key, "PrivateKeyRaw") == 0)
3443 klist = &private_keys;
3444 else
3445 klist = &public_keys;
3446
3447 strnid = strchr(pp->value, ':');
3448 if (strnid != NULL) {
3449 *strnid++ = '\0';
3450 keydata = strchr(strnid, ':');
3451 if (keydata != NULL)
3452 *keydata++ = '\0';
3453 }
3454 if (keydata == NULL) {
3455 TEST_info("Failed to parse %s value", pp->key);
3456 return 0;
3457 }
3458
3459 nid = OBJ_txt2nid(strnid);
3460 if (nid == NID_undef) {
3461 TEST_info("Unrecognised algorithm NID");
3462 return 0;
3463 }
3464 if (!parse_bin(keydata, &keybin, &keylen)) {
3465 TEST_info("Failed to create binary key");
3466 return 0;
3467 }
3468 if (klist == &private_keys)
3469 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
3470 keylen);
3471 else
3472 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
3473 keylen);
3474 if (pkey == NULL && !key_unsupported()) {
3475 TEST_info("Can't read %s data", pp->key);
3476 OPENSSL_free(keybin);
3477 TEST_openssl_errors();
3478 return 0;
3479 }
3480 OPENSSL_free(keybin);
3481 } else if (strcmp(pp->key, "Availablein") == 0) {
3482 if (!prov_available(pp->value)) {
3483 TEST_info("skipping, '%s' provider not available: %s:%d",
3484 pp->value, t->s.test_file, t->s.start);
3485 t->skip = 1;
3486 return 0;
3487 }
3488 skip_availablein++;
3489 pp++;
3490 goto start;
3491 }
3492
3493 /* If we have a key add to list */
3494 if (klist != NULL) {
3495 if (find_key(NULL, pp->value, *klist)) {
3496 TEST_info("Duplicate key %s", pp->value);
3497 return 0;
3498 }
3499 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
3500 return 0;
3501 key->name = take_value(pp);
3502 key->key = pkey;
3503 key->next = *klist;
3504 *klist = key;
3505
3506 /* Go back and start a new stanza. */
3507 if ((t->s.numpairs - skip_availablein) != 1)
3508 TEST_info("Line %d: missing blank line\n", t->s.curr);
3509 goto top;
3510 }
3511
3512 /* Find the test, based on first keyword. */
3513 if (!TEST_ptr(t->meth = find_test(pp->key)))
3514 return 0;
3515 if (!t->meth->init(t, pp->value)) {
3516 TEST_error("unknown %s: %s\n", pp->key, pp->value);
3517 return 0;
3518 }
3519 if (t->skip == 1) {
3520 /* TEST_info("skipping %s %s", pp->key, pp->value); */
3521 return 0;
3522 }
3523
3524 for (pp++, i = 1; i < (t->s.numpairs - skip_availablein); pp++, i++) {
3525 if (strcmp(pp->key, "Securitycheck") == 0) {
3526 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
3527 #else
3528 if (!securitycheck_enabled())
3529 #endif
3530 {
3531 TEST_info("skipping, Securitycheck is disabled: %s:%d",
3532 t->s.test_file, t->s.start);
3533 t->skip = 1;
3534 return 0;
3535 }
3536 } else if (strcmp(pp->key, "Availablein") == 0) {
3537 TEST_info("Line %d: 'Availablein' should be the first option",
3538 t->s.curr);
3539 return 0;
3540 } else if (strcmp(pp->key, "Result") == 0) {
3541 if (t->expected_err != NULL) {
3542 TEST_info("Line %d: multiple result lines", t->s.curr);
3543 return 0;
3544 }
3545 t->expected_err = take_value(pp);
3546 } else if (strcmp(pp->key, "Function") == 0) {
3547 /* Ignore old line. */
3548 } else if (strcmp(pp->key, "Reason") == 0) {
3549 if (t->reason != NULL) {
3550 TEST_info("Line %d: multiple reason lines", t->s.curr);
3551 return 0;
3552 }
3553 t->reason = take_value(pp);
3554 } else {
3555 /* Must be test specific line: try to parse it */
3556 int rv = t->meth->parse(t, pp->key, pp->value);
3557
3558 if (rv == 0) {
3559 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
3560 return 0;
3561 }
3562 if (rv < 0) {
3563 TEST_info("Line %d: error processing keyword %s = %s\n",
3564 t->s.curr, pp->key, pp->value);
3565 return 0;
3566 }
3567 }
3568 }
3569
3570 return 1;
3571 }
3572
3573 static int run_file_tests(int i)
3574 {
3575 EVP_TEST *t;
3576 const char *testfile = test_get_argument(i);
3577 int c;
3578
3579 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
3580 return 0;
3581 if (!test_start_file(&t->s, testfile)) {
3582 OPENSSL_free(t);
3583 return 0;
3584 }
3585
3586 while (!BIO_eof(t->s.fp)) {
3587 c = parse(t);
3588 if (t->skip) {
3589 t->s.numskip++;
3590 continue;
3591 }
3592 if (c == 0 || !run_test(t)) {
3593 t->s.errors++;
3594 break;
3595 }
3596 }
3597 test_end_file(&t->s);
3598 clear_test(t);
3599
3600 free_key_list(public_keys);
3601 free_key_list(private_keys);
3602 BIO_free(t->s.key);
3603 c = t->s.errors;
3604 OPENSSL_free(t);
3605 return c == 0;
3606 }
3607
3608 const OPTIONS *test_get_options(void)
3609 {
3610 static const OPTIONS test_options[] = {
3611 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
3612 { "config", OPT_CONFIG_FILE, '<',
3613 "The configuration file to use for the libctx" },
3614 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
3615 { NULL }
3616 };
3617 return test_options;
3618 }
3619
3620 int setup_tests(void)
3621 {
3622 size_t n;
3623 char *config_file = NULL;
3624
3625 OPTION_CHOICE o;
3626
3627 while ((o = opt_next()) != OPT_EOF) {
3628 switch (o) {
3629 case OPT_CONFIG_FILE:
3630 config_file = opt_arg();
3631 break;
3632 case OPT_TEST_CASES:
3633 break;
3634 default:
3635 case OPT_ERR:
3636 return 0;
3637 }
3638 }
3639
3640 /*
3641 * Load the provider via configuration into the created library context.
3642 * Load the 'null' provider into the default library context to ensure that
3643 * the tests do not fallback to using the default provider.
3644 */
3645 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
3646 return 0;
3647
3648 n = test_get_argument_count();
3649 if (n == 0)
3650 return 0;
3651
3652 ADD_ALL_TESTS(run_file_tests, n);
3653 return 1;
3654 }
3655
3656 void cleanup_tests(void)
3657 {
3658 OSSL_PROVIDER_unload(prov_null);
3659 OSSL_LIB_CTX_free(libctx);
3660 }
3661
3662 #define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0
3663 #define STR_ENDS_WITH(str, pre) \
3664 strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0)
3665
3666 static int is_digest_disabled(const char *name)
3667 {
3668 #ifdef OPENSSL_NO_BLAKE2
3669 if (STR_STARTS_WITH(name, "BLAKE"))
3670 return 1;
3671 #endif
3672 #ifdef OPENSSL_NO_MD2
3673 if (strcasecmp(name, "MD2") == 0)
3674 return 1;
3675 #endif
3676 #ifdef OPENSSL_NO_MDC2
3677 if (strcasecmp(name, "MDC2") == 0)
3678 return 1;
3679 #endif
3680 #ifdef OPENSSL_NO_MD4
3681 if (strcasecmp(name, "MD4") == 0)
3682 return 1;
3683 #endif
3684 #ifdef OPENSSL_NO_MD5
3685 if (strcasecmp(name, "MD5") == 0)
3686 return 1;
3687 #endif
3688 #ifdef OPENSSL_NO_RMD160
3689 if (strcasecmp(name, "RIPEMD160") == 0)
3690 return 1;
3691 #endif
3692 #ifdef OPENSSL_NO_SM3
3693 if (strcasecmp(name, "SM3") == 0)
3694 return 1;
3695 #endif
3696 #ifdef OPENSSL_NO_WHIRLPOOL
3697 if (strcasecmp(name, "WHIRLPOOL") == 0)
3698 return 1;
3699 #endif
3700 return 0;
3701 }
3702
3703 static int is_pkey_disabled(const char *name)
3704 {
3705 #ifdef OPENSSL_NO_EC
3706 if (STR_STARTS_WITH(name, "EC"))
3707 return 1;
3708 #endif
3709 #ifdef OPENSSL_NO_DH
3710 if (STR_STARTS_WITH(name, "DH"))
3711 return 1;
3712 #endif
3713 #ifdef OPENSSL_NO_DSA
3714 if (STR_STARTS_WITH(name, "DSA"))
3715 return 1;
3716 #endif
3717 return 0;
3718 }
3719
3720 static int is_mac_disabled(const char *name)
3721 {
3722 #ifdef OPENSSL_NO_BLAKE2
3723 if (STR_STARTS_WITH(name, "BLAKE2BMAC")
3724 || STR_STARTS_WITH(name, "BLAKE2SMAC"))
3725 return 1;
3726 #endif
3727 #ifdef OPENSSL_NO_CMAC
3728 if (STR_STARTS_WITH(name, "CMAC"))
3729 return 1;
3730 #endif
3731 #ifdef OPENSSL_NO_POLY1305
3732 if (STR_STARTS_WITH(name, "Poly1305"))
3733 return 1;
3734 #endif
3735 #ifdef OPENSSL_NO_SIPHASH
3736 if (STR_STARTS_WITH(name, "SipHash"))
3737 return 1;
3738 #endif
3739 return 0;
3740 }
3741 static int is_kdf_disabled(const char *name)
3742 {
3743 #ifdef OPENSSL_NO_SCRYPT
3744 if (STR_ENDS_WITH(name, "SCRYPT"))
3745 return 1;
3746 #endif
3747 return 0;
3748 }
3749
3750 static int is_cipher_disabled(const char *name)
3751 {
3752 #ifdef OPENSSL_NO_ARIA
3753 if (STR_STARTS_WITH(name, "ARIA"))
3754 return 1;
3755 #endif
3756 #ifdef OPENSSL_NO_BF
3757 if (STR_STARTS_WITH(name, "BF"))
3758 return 1;
3759 #endif
3760 #ifdef OPENSSL_NO_CAMELLIA
3761 if (STR_STARTS_WITH(name, "CAMELLIA"))
3762 return 1;
3763 #endif
3764 #ifdef OPENSSL_NO_CAST
3765 if (STR_STARTS_WITH(name, "CAST"))
3766 return 1;
3767 #endif
3768 #ifdef OPENSSL_NO_CHACHA
3769 if (STR_STARTS_WITH(name, "CHACHA"))
3770 return 1;
3771 #endif
3772 #ifdef OPENSSL_NO_POLY1305
3773 if (STR_ENDS_WITH(name, "Poly1305"))
3774 return 1;
3775 #endif
3776 #ifdef OPENSSL_NO_DES
3777 if (STR_STARTS_WITH(name, "DES"))
3778 return 1;
3779 if (STR_ENDS_WITH(name, "3DESwrap"))
3780 return 1;
3781 #endif
3782 #ifdef OPENSSL_NO_OCB
3783 if (STR_ENDS_WITH(name, "OCB"))
3784 return 1;
3785 #endif
3786 #ifdef OPENSSL_NO_IDEA
3787 if (STR_STARTS_WITH(name, "IDEA"))
3788 return 1;
3789 #endif
3790 #ifdef OPENSSL_NO_RC2
3791 if (STR_STARTS_WITH(name, "RC2"))
3792 return 1;
3793 #endif
3794 #ifdef OPENSSL_NO_RC4
3795 if (STR_STARTS_WITH(name, "RC4"))
3796 return 1;
3797 #endif
3798 #ifdef OPENSSL_NO_RC5
3799 if (STR_STARTS_WITH(name, "RC5"))
3800 return 1;
3801 #endif
3802 #ifdef OPENSSL_NO_SEED
3803 if (STR_STARTS_WITH(name, "SEED"))
3804 return 1;
3805 #endif
3806 #ifdef OPENSSL_NO_SIV
3807 if (STR_ENDS_WITH(name, "SIV"))
3808 return 1;
3809 #endif
3810 #ifdef OPENSSL_NO_SM4
3811 if (STR_STARTS_WITH(name, "SM4"))
3812 return 1;
3813 #endif
3814 return 0;
3815 }
A mirror of the official openssl repository