char *reason; /* Expected error reason string */
void *data; /* test specific data */
int expect_unapproved;
+ int security_category; /* NIST's security category */
} EVP_TEST;
/* Test method structure */
return check_fips_approved(t, approved);
}
+static int check_security_category(EVP_TEST *t, void *alg_obj,
+ int (*get_param)(void *, OSSL_PARAM *)) {
+ OSSL_PARAM p[2];
+ int security_category = -1;
+
+ if (t->security_category < 0)
+ return 1;
+ p[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_SECURITY_CATEGORY,
+ &security_category);
+ p[1] = OSSL_PARAM_construct_end();
+ if (!TEST_int_gt(get_param(alg_obj, p), 0)
+ || !TEST_true(OSSL_PARAM_modified(p))
+ || !TEST_int_eq(security_category, t->security_category)) {
+ t->err = "INCORRECT_SECURITY_CATEGORY";
+ return 0;
+ }
+ return 1;
+}
+
+static int pkey_check_security_category(EVP_TEST *t, EVP_PKEY *pkey) {
+ return check_security_category(t, pkey,
+ (int (*)(void *, OSSL_PARAM *))EVP_PKEY_get_params);
+}
+
static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value)
{
char *data = OPENSSL_strdup(value);
goto err;
}
+ if (!pkey_check_security_category(t, pkey))
+ goto err;
+
if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery)))
goto err;
if (!pkey_test_run_init(t))
goto err;
+ if (!pkey_check_security_category(t, EVP_PKEY_CTX_get0_pkey(expected->ctx)))
+ goto err;
+
/* Make a copy of the EVP_PKEY context, for repeat use further down */
if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
t->err = "INTERNAL_ERROR";
t->err = "KEY_FROMDATA_ERROR";
goto err;
}
+ if (!pkey_check_security_category(t, key))
+ goto err;
+
err:
ctrl2params_free(params, params_n, params_n_allocstart);
EVP_PKEY_free(key);
if (!pkey_test_run_init(t))
goto err;
+ if (!pkey_check_security_category(t, EVP_PKEY_CTX_get0_pkey(kdata->ctx)))
+ goto err;
if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
kdata->input, kdata->input_len) <= 0) {
t->err = "VERIFY_ERROR";
goto err;
t->err = NULL;
+ if (!pkey_check_security_category(t, EVP_PKEY_CTX_get0_pkey(expected->ctx)))
+ goto err;
if (EVP_PKEY_derive_set_peer_ex(expected->ctx, expected->peer,
expected->validate) <= 0) {
t->err = "DERIVE_SET_PEER_ERROR";
goto err;
}
+ if (!pkey_check_security_category(t, pkey))
+ goto err;
+
if (!evp_pkey_is_provided(pkey)) {
TEST_info("Warning: legacy key generated %s", keygen->keyname);
goto err;
if (!check_deterministic_noncetype(t, expected))
goto err;
+ if (!pkey_check_security_category(t, expected->key))
+ goto err;
+
for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
char *value = sk_OPENSSL_STRING_value(expected->controls, i);
if (!pkey_test_ctrl(t, expected->pctx, value) || t->err != NULL)
t->skip = 0;
t->meth = NULL;
t->expect_unapproved = 0;
+ t->security_category = -1;
#if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
OSSL_set_max_threads(libctx, 0);
t->s.test_file, t->s.start);
t->skip = 1;
}
+ } else if (strcmp(pp->key, "Security-Category") == 0) {
+ if (t->security_category >= 0) {
+ TEST_info("Line %d: multiple security category lines", t->s.curr);
+ return 0;
+ }
+ t->security_category = atoi(pp->value);
+ if (t->security_category < 0 || t->security_category > 5) {
+ TEST_info("Line %d: invalid security category, should be 0..5",
+ t->s.curr);
+ return 0;
+ }
} else {
/* Must be test specific line: try to parse it */
int rv = t->meth->parse(t, pp->key, pp->value);
projects / thirdparty / openssl.git / commitdiff
