]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Move ossl_asn1_string_to_time_t() to libtestutil
[thirdparty/openssl.git] / test / evp_test.c
CommitLineData
0e360199 1/*
b6461792 2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
0e360199 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
0e360199
BL		 8 */
9
a3d267f1 10#define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
0e360199
BL		 11#include <stdio.h>
12#include <string.h>
307e3978
DSH		 13#include <stdlib.h>
14#include <ctype.h>
0e360199 15#include <openssl/evp.h>
5824cc29 16#include <openssl/pem.h>
0b13e9f0 17#include <openssl/err.h>
d5e5e2ff 18#include <openssl/provider.h>
307e3978 19#include <openssl/x509v3.h>
351fe214 20#include <openssl/pkcs12.h>
44a284d2 21#include <openssl/kdf.h>
25446a66
RL		 22#include <openssl/params.h>
23#include <openssl/core_names.h>
991a6bb5 24#include <openssl/fips_names.h>
ae1792e3 25#include <openssl/thread.h>
3b53e18a 26#include "internal/numbers.h"
25446a66 27#include "internal/nelem.h"
5ccada09 28#include "crypto/evp.h"
6c5943c9 29#include "testutil.h"
20f8bc72
DDO		 30
31typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
32DEFINE_STACK_OF(EVP_TEST_BUFFER)
0e360199 33
b1ceb439 34#define AAD_NUM 4
c49e0b04
RS		 35
36typedef struct evp_test_method_st EVP_TEST_METHOD;
7193f872 37
5ccada09 38/* Structure holding test information */
c49e0b04 39typedef struct evp_test_st {
ae269dd8
RS		 40 STANZA s; /* Common test stanza */
41 char *name;
c49e0b04 42 int skip; /* Current test should be skipped */
c49e0b04
RS		 43 const EVP_TEST_METHOD *meth; /* method for this test */
44 const char *err, *aux_err; /* Error string for test */
45 char *expected_err; /* Expected error value of test */
c49e0b04
RS		 46 char *reason; /* Expected error reason string */
47 void *data; /* test specific data */
48} EVP_TEST;
0e360199 49
5ccada09 50/* Test method structure */
c49e0b04
RS		 51struct evp_test_method_st {
52 /* Name of test as it appears in file */
53 const char *name;
54 /* Initialise test for "alg" */
bbaeadb0 55 int (*init) (EVP_TEST *t, const char *alg);
c49e0b04 56 /* Clean up method */
bbaeadb0 57 void (*cleanup) (EVP_TEST *t);
c49e0b04 58 /* Test specific name value pair processing */
bbaeadb0 59 int (*parse) (EVP_TEST *t, const char *name, const char *value);
c49e0b04 60 /* Run the test itself */
bbaeadb0 61 int (*run_test) (EVP_TEST *t);
c49e0b04 62};
5b46eee0 63
5ccada09 64/* Linked list of named keys. */
c49e0b04
RS		 65typedef struct key_list_st {
66 char *name;
67 EVP_PKEY *key;
68 struct key_list_st *next;
69} KEY_LIST;
fa013b65 70
5ccada09
SL		 71typedef enum OPTION_choice {
72 OPT_ERR = -1,
73 OPT_EOF = 0,
74 OPT_CONFIG_FILE,
d57d0b81 75 OPT_IN_PLACE,
1bebf4b0 76 OPT_PROVIDER_NAME,
f34878d8 77 OPT_PROV_PROPQUERY,
0bfd744f 78 OPT_DATA_CHUNK,
5ccada09
SL		 79 OPT_TEST_ENUM
80} OPTION_CHOICE;
81
82static OSSL_PROVIDER *prov_null = NULL;
1bebf4b0 83static OSSL_PROVIDER *libprov = NULL;
b4250010 84static OSSL_LIB_CTX *libctx = NULL;
5ccada09
SL		 85
86/* List of public and private keys */
c49e0b04
RS		 87static KEY_LIST *private_keys;
88static KEY_LIST *public_keys;
fa013b65 89
5ccada09 90static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
c49e0b04 91static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
1208d526
VH		 92static int parse_bin_chunk(const char *value, size_t offset, size_t max,
93 unsigned char **buf, size_t *buflen, size_t *out_offset);
5ccada09
SL		 94static int is_digest_disabled(const char *name);
95static int is_pkey_disabled(const char *name);
96static int is_mac_disabled(const char *name);
97static int is_cipher_disabled(const char *name);
98static int is_kdf_disabled(const char *name);
3cdd1e94 99
4cceb185
P		 100/*
101 * Compare two memory regions for equality, returning zero if they differ.
102 * However, if there is expected to be an error and the actual error
103 * matches then the memory is expected to be different so handle this
104 * case without producing unnecessary test framework output.
105 */
106static int memory_err_compare(EVP_TEST *t, const char *err,
107 const void *expected, size_t expected_len,
108 const void *got, size_t got_len)
109{
110 int r;
111
112 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
113 r = !TEST_mem_ne(expected, expected_len, got, got_len);
114 else
115 r = TEST_mem_eq(expected, expected_len, got, got_len);
116 if (!r)
117 t->err = err;
118 return r;
119}
120
d57d0b81
VH		 121/* Option specific for evp test */
122static int process_mode_in_place;
f34878d8 123static const char *propquery = NULL;
0bfd744f 124static int data_chunk_size;
d57d0b81
VH		 125
126static int evp_test_process_mode(char *mode)
127{
128 if (strcmp(mode, "in_place") == 0)
129 return 1;
130 else if (strcmp(mode, "both") == 0)
131 return 0;
132 return -1;
133}
134
c3fc7d9a
DSH		 135/*
136 * Structure used to hold a list of blocks of memory to test
137 * calls to "update" like functions.
138 */
c3fc7d9a
DSH		 139struct evp_test_buffer_st {
140 unsigned char *buf;
141 size_t buflen;
142 size_t count;
143 int count_set;
144};
145
146static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
147{
148 if (db != NULL) {
149 OPENSSL_free(db->buf);
150 OPENSSL_free(db);
151 }
152}
153
5ccada09 154/* append buffer to a list */
1208d526 155static int evp_test_buffer_append(const char *value, size_t max_len,
c3fc7d9a
DSH		 156 STACK_OF(EVP_TEST_BUFFER) **sk)
157{
158 EVP_TEST_BUFFER *db = NULL;
1208d526
VH		 159 int rv = 0;
160 size_t offset = 0;
c3fc7d9a 161
1208d526 162 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
c3fc7d9a
DSH		 163 goto err;
164
1208d526
VH		 165 do {
166 if (!TEST_ptr(db = OPENSSL_zalloc(sizeof(*db))))
167 goto err;
168 if (max_len == 0) {
169 /* parse all in one shot */
170 if ((rv = parse_bin(value, &db->buf, &db->buflen)) != 1)
171 goto err;
172 } else {
173 /* parse in chunks */
174 size_t new_offset = 0;
c3fc7d9a 175
1208d526
VH		 176 if ((rv = parse_bin_chunk(value, offset, max_len, &db->buf,
177 &db->buflen, &new_offset)) == -1)
178 goto err;
179 offset = new_offset;
180 }
181
182 db->count = 1;
183 db->count_set = 0;
184
185 if (db->buf == NULL)
186 evp_test_buffer_free(db);
187 else if (db->buf != NULL && !sk_EVP_TEST_BUFFER_push(*sk, db))
188 goto err;
189 /* if processing by chunks, continue until the whole value is parsed */
190 } while (rv == 1 && max_len != 0);
c3fc7d9a
DSH		 191
192 return 1;
193
c49e0b04 194err:
c3fc7d9a 195 evp_test_buffer_free(db);
c3fc7d9a
DSH		 196 return 0;
197}
198
5ccada09 199/* replace last buffer in list with copies of itself */
c3fc7d9a
DSH		 200static int evp_test_buffer_ncopy(const char *value,
201 STACK_OF(EVP_TEST_BUFFER) *sk)
202{
203 EVP_TEST_BUFFER *db;
204 unsigned char *tbuf, *p;
205 size_t tbuflen;
206 int ncopy = atoi(value);
207 int i;
208
209 if (ncopy <= 0)
210 return 0;
211 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
212 return 0;
213 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
214
215 tbuflen = db->buflen * ncopy;
216 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
217 return 0;
218 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
219 memcpy(p, db->buf, db->buflen);
220
221 OPENSSL_free(db->buf);
222 db->buf = tbuf;
223 db->buflen = tbuflen;
224 return 1;
225}
226
5ccada09 227/* set repeat count for last buffer in list */
c3fc7d9a
DSH		 228static int evp_test_buffer_set_count(const char *value,
229 STACK_OF(EVP_TEST_BUFFER) *sk)
230{
231 EVP_TEST_BUFFER *db;
232 int count = atoi(value);
233
234 if (count <= 0)
235 return 0;
236
237 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
238 return 0;
239
240 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
c49e0b04 241 if (db->count_set != 0)
c3fc7d9a
DSH		 242 return 0;
243
244 db->count = (size_t)count;
245 db->count_set = 1;
246 return 1;
247}
248
5ccada09 249/* call "fn" with each element of the list in turn */
c3fc7d9a
DSH		 250static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
251 int (*fn)(void *ctx,
252 const unsigned char *buf,
253 size_t buflen),
254 void *ctx)
255{
256 int i;
257
258 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
259 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
260 size_t j;
261
262 for (j = 0; j < tb->count; j++) {
263 if (fn(ctx, tb->buf, tb->buflen) <= 0)
264 return 0;
265 }
266 }
267 return 1;
268}
269
6c5943c9 270/*
c49e0b04
RS		 271 * Unescape some sequences in string literals (only \n for now).
272 * Return an allocated buffer, set |out_len|. If |input_len|
273 * is zero, get an empty buffer but set length to zero.
6c5943c9 274 */
c49e0b04
RS		 275static unsigned char* unescape(const char *input, size_t input_len,
276 size_t *out_len)
277{
278 unsigned char *ret, *p;
279 size_t i;
5824cc29 280
c49e0b04
RS		 281 if (input_len == 0) {
282 *out_len = 0;
283 return OPENSSL_zalloc(1);
284 }
307e3978 285
c49e0b04
RS		 286 /* Escaping is non-expanding; over-allocate original size for simplicity. */
287 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
288 return NULL;
6c5943c9 289
c49e0b04
RS		 290 for (i = 0; i < input_len; i++) {
291 if (*input == '\\') {
292 if (i == input_len - 1 || *++input != 'n') {
293 TEST_error("Bad escape sequence in file");
294 goto err;
295 }
296 *p++ = '\n';
297 i++;
298 input++;
299 } else {
300 *p++ = *input++;
301 }
302 }
307e3978 303
c49e0b04
RS		 304 *out_len = p - ret;
305 return ret;
86885c28 306
c49e0b04
RS		 307 err:
308 OPENSSL_free(ret);
307e3978 309 return NULL;
0f113f3e
MC		 310}
311
6c5943c9 312/*
c49e0b04
RS		 313 * For a hex string "value" convert to a binary allocated buffer.
314 * Return 1 on success or 0 on failure.
6c5943c9 315 */
c49e0b04 316static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
0f113f3e 317{
c49e0b04 318 long len;
6c5943c9 319
c49e0b04
RS		 320 /* Check for NULL literal */
321 if (strcmp(value, "NULL") == 0) {
322 *buf = NULL;
323 *buflen = 0;
307e3978 324 return 1;
71f60ef3 325 }
6c5943c9 326
c49e0b04
RS		 327 /* Check for empty value */
328 if (*value == '\0') {
329 /*
330 * Don't return NULL for zero length buffer. This is needed for
331 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
332 * buffer even if the key length is 0, in order to detect key reset.
333 */
334 *buf = OPENSSL_malloc(1);
335 if (*buf == NULL)
5824cc29 336 return 0;
c49e0b04
RS		 337 **buf = 0;
338 *buflen = 0;
71f60ef3 339 return 1;
5824cc29
DSH		 340 }
341
c49e0b04
RS		 342 /* Check for string literal */
343 if (value[0] == '"') {
344 size_t vlen = strlen(++value);
345
346 if (vlen == 0 || value[vlen - 1] != '"')
307e3978 347 return 0;
c49e0b04
RS		 348 vlen--;
349 *buf = unescape(value, vlen, buflen);
350 return *buf == NULL ? 0 : 1;
6c5943c9 351 }
307e3978 352
c49e0b04
RS		 353 /* Otherwise assume as hex literal and convert it to binary buffer */
354 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
355 TEST_info("Can't convert %s", value);
8fe3127c 356 TEST_openssl_errors();
c49e0b04 357 return -1;
0f113f3e 358 }
c49e0b04
RS		 359 /* Size of input buffer means we'll never overflow */
360 *buflen = len;
307e3978
DSH		 361 return 1;
362}
0f113f3e 363
1208d526
VH		 364/*
365 * Convert at maximum "max" bytes to a binary allocated buffer.
366 * Return 1 on success, -1 on failure or 0 for end of value string.
367 */
368static int parse_bin_chunk(const char *value, size_t offset, size_t max,
369 unsigned char **buf, size_t *buflen, size_t *out_offset)
370{
371 size_t vlen;
372 size_t chunk_len;
373 const char *value_str = value[0] == '"' ? value + offset + 1 : value + offset;
374
375 if (max < 1)
376 return -1;
377
378 if (*value == '\0' || strcmp(value, "\"\"") == 0) {
379 *buf = OPENSSL_malloc(1);
380 if (*buf == NULL)
381 return 0;
382 **buf = 0;
383 *buflen = 0;
384 return 0;
385 }
386
387 if (*value_str == '\0')
388 return 0;
389
390 vlen = strlen(value_str);
391 if (value[0] == '"') {
392 /* Parse string literal */
393 if (vlen == 1 && value_str[0] != '"')
394 /* Missing ending quotation mark */
395 return -1;
396 if (vlen == 1 && value_str[0] == '"')
397 /* End of value */
398 return 0;
399 vlen--;
400 chunk_len = max > vlen ? vlen : max;
401 if ((*buf = unescape(value_str, chunk_len, buflen)) == NULL)
402 return -1;
403 } else {
404 /* Parse hex string chunk */
405 long len;
406 char *chunk = NULL;
407
408 chunk_len = 2 * max > vlen ? vlen : 2 * max;
409 chunk = OPENSSL_strndup(value_str, chunk_len);
410 if (chunk == NULL)
411 return -1;
412 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(chunk, &len))) {
413 OPENSSL_free(chunk);
414 TEST_info("Can't convert chunk %s", chunk);
415 TEST_openssl_errors();
416 return -1;
417 }
418 *buflen = len;
419 }
420 *out_offset = value[0] == '"' ? offset + (*buflen) : offset + 2 * (*buflen);
421 return 1;
422}
423
c49e0b04 424/**
5ccada09
SL		 425 ** MESSAGE DIGEST TESTS
426 **/
4897dc40 427
6c5943c9 428typedef struct digest_data_st {
307e3978
DSH		 429 /* Digest this test is for */
430 const EVP_MD *digest;
022351fd 431 EVP_MD *fetched_digest;
307e3978 432 /* Input to digest */
c3fc7d9a 433 STACK_OF(EVP_TEST_BUFFER) *input;
307e3978
DSH		 434 /* Expected output */
435 unsigned char *output;
436 size_t output_len;
ed5cb177
P		 437 /* Padding type */
438 int pad_type;
c8ebdd6a
ČK		 439 /* XOF mode? */
440 int xof;
6a0ae393
TM		 441 /* Size for variable output length but non-XOF */
442 size_t digest_size;
6c5943c9 443} DIGEST_DATA;
4897dc40 444
6c5943c9 445static int digest_test_init(EVP_TEST *t, const char *alg)
307e3978 446{
6c5943c9 447 DIGEST_DATA *mdat;
c49e0b04 448 const EVP_MD *digest;
022351fd 449 EVP_MD *fetched_digest;
6c5943c9 450
5ccada09
SL		 451 if (is_digest_disabled(alg)) {
452 TEST_info("skipping, '%s' is disabled", alg);
453 t->skip = 1;
454 return 1;
578ce42d 455 }
5ccada09 456
f34878d8 457 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
5ccada09
SL		 458 && (digest = EVP_get_digestbyname(alg)) == NULL)
459 return 0;
c49e0b04
RS		 460 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
461 return 0;
307e3978 462 t->data = mdat;
c49e0b04 463 mdat->digest = digest;
022351fd 464 mdat->fetched_digest = fetched_digest;
ed5cb177 465 mdat->pad_type = 0;
c8ebdd6a 466 mdat->xof = 0;
022351fd
RL		 467 if (fetched_digest != NULL)
468 TEST_info("%s is fetched", alg);
4897dc40 469 return 1;
0f113f3e 470}
4897dc40 471
6c5943c9 472static void digest_test_cleanup(EVP_TEST *t)
307e3978 473{
6c5943c9
RS		 474 DIGEST_DATA *mdat = t->data;
475
c3fc7d9a 476 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
6c5943c9 477 OPENSSL_free(mdat->output);
340f82a4 478 EVP_MD_free(mdat->fetched_digest);
307e3978
DSH		 479}
480
6c5943c9 481static int digest_test_parse(EVP_TEST *t,
307e3978
DSH		 482 const char *keyword, const char *value)
483{
6c5943c9
RS		 484 DIGEST_DATA *mdata = t->data;
485
86885c28 486 if (strcmp(keyword, "Input") == 0)
1208d526 487 return evp_test_buffer_append(value, data_chunk_size, &mdata->input);
86885c28 488 if (strcmp(keyword, "Output") == 0)
c49e0b04 489 return parse_bin(value, &mdata->output, &mdata->output_len);
c3fc7d9a
DSH		 490 if (strcmp(keyword, "Count") == 0)
491 return evp_test_buffer_set_count(value, mdata->input);
492 if (strcmp(keyword, "Ncopy") == 0)
493 return evp_test_buffer_ncopy(value, mdata->input);
ed5cb177
P		 494 if (strcmp(keyword, "Padding") == 0)
495 return (mdata->pad_type = atoi(value)) > 0;
c8ebdd6a
ČK		 496 if (strcmp(keyword, "XOF") == 0)
497 return (mdata->xof = atoi(value)) > 0;
6a0ae393
TM		 498 if (strcmp(keyword, "OutputSize") == 0) {
499 int sz;
500
501 sz = atoi(value);
502 if (sz < 0)
503 return -1;
504 mdata->digest_size = sz;
505 return 1;
506 }
307e3978
DSH		 507 return 0;
508}
509
c3fc7d9a
DSH		 510static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
511{
512 return EVP_DigestUpdate(ctx, buf, buflen);
513}
514
0be4b040
P		 515static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx)
516{
517 char dont[] = "touch";
518
519 if (!TEST_ptr(mctx))
520 return 0;
521 if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) {
522 EVP_MD_CTX_free(mctx);
523 t->err = "DIGESTFINALXOF_ERROR";
524 return 0;
525 }
526 if (!TEST_str_eq(dont, "touch")) {
527 EVP_MD_CTX_free(mctx);
528 t->err = "DIGESTFINALXOF_ERROR";
529 return 0;
530 }
531 EVP_MD_CTX_free(mctx);
532 return 1;
533}
534
6c5943c9 535static int digest_test_run(EVP_TEST *t)
0f113f3e 536{
e3d378bc 537 DIGEST_DATA *expected = t->data;
4d7c39f4 538 EVP_TEST_BUFFER *inbuf;
307e3978 539 EVP_MD_CTX *mctx;
cd8d1456 540 unsigned char *got = NULL;
e3d378bc 541 unsigned int got_len;
0f7a4ca5 542 size_t size = 0;
4d7c39f4 543 int xof = 0;
497a7810 544 OSSL_PARAM params[4], *p = &params[0];
6c5943c9
RS		 545
546 t->err = "TEST_FAILURE";
547 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
307e3978 548 goto err;
6c5943c9 549
cd8d1456
AP		 550 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
551 expected->output_len : EVP_MAX_MD_SIZE);
552 if (!TEST_ptr(got))
553 goto err;
554
c8ebdd6a
ČK		 555 if (expected->xof > 0) {
556 xof |= 1;
557 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
558 &expected->output_len);
559 }
6a0ae393
TM		 560 if (expected->digest_size > 0) {
561 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE,
562 &expected->digest_size);
563 }
c8ebdd6a
ČK		 564 if (expected->pad_type > 0)
565 *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
566 &expected->pad_type);
567 *p++ = OSSL_PARAM_construct_end();
568
569 if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) {
6c5943c9 570 t->err = "DIGESTINIT_ERROR";
307e3978 571 goto err;
618be04e 572 }
c8ebdd6a 573
e3d378bc 574 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
c3fc7d9a
DSH		 575 t->err = "DIGESTUPDATE_ERROR";
576 goto err;
577 }
578
c8ebdd6a 579 xof |= (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0;
4d7c39f4 580 if (xof) {
3ce46435 581 EVP_MD_CTX *mctx_cpy;
3ce46435
PS		 582
583 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
584 goto err;
585 }
0be4b040 586 if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) {
3ce46435
PS		 587 EVP_MD_CTX_free(mctx_cpy);
588 goto err;
0be4b040 589 } else if (!test_duplicate_md_ctx(t, mctx_cpy)) {
3ce46435
PS		 590 goto err;
591 }
0be4b040
P		 592
593 if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx)))
3ce46435 594 goto err;
3ce46435 595
cd8d1456
AP		 596 got_len = expected->output_len;
597 if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
598 t->err = "DIGESTFINALXOF_ERROR";
599 goto err;
600 }
601 } else {
602 if (!EVP_DigestFinal(mctx, got, &got_len)) {
603 t->err = "DIGESTFINAL_ERROR";
604 goto err;
605 }
6c5943c9 606 }
e3d378bc 607 if (!TEST_int_eq(expected->output_len, got_len)) {
6c5943c9 608 t->err = "DIGEST_LENGTH_MISMATCH";
307e3978 609 goto err;
6c5943c9 610 }
4cceb185
P		 611 if (!memory_err_compare(t, "DIGEST_MISMATCH",
612 expected->output, expected->output_len,
613 got, got_len))
307e3978 614 goto err;
4cceb185 615
6c5943c9
RS		 616 t->err = NULL;
617
0f7a4ca5 618 /* Test the EVP_Q_digest interface as well */
4d7c39f4
P		 619 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
620 && !xof
621 /* This should never fail but we need the returned pointer now */
622 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
623 && !inbuf->count_set) {
9f54970c 624 OPENSSL_cleanse(got, got_len);
4d7c39f4
P		 625 if (!TEST_true(EVP_Q_digest(libctx,
626 EVP_MD_get0_name(expected->fetched_digest),
627 NULL, inbuf->buf, inbuf->buflen,
628 got, &size))
629 || !TEST_mem_eq(got, size,
630 expected->output, expected->output_len)) {
631 t->err = "EVP_Q_digest failed";
632 goto err;
633 }
634 }
635
307e3978 636 err:
cd8d1456 637 OPENSSL_free(got);
bfb0641f 638 EVP_MD_CTX_free(mctx);
b033e5d5 639 return 1;
307e3978 640}
4897dc40 641
6c5943c9 642static const EVP_TEST_METHOD digest_test_method = {
307e3978
DSH		 643 "Digest",
644 digest_test_init,
645 digest_test_cleanup,
646 digest_test_parse,
647 digest_test_run
648};
649
c49e0b04
RS		 650/**
651*** CIPHER TESTS
652**/
653
6c5943c9 654typedef struct cipher_data_st {
307e3978 655 const EVP_CIPHER *cipher;
022351fd 656 EVP_CIPHER *fetched_cipher;
307e3978 657 int enc;
2207ba7b 658 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
307e3978
DSH		 659 int aead;
660 unsigned char *key;
661 size_t key_len;
f816aa47 662 size_t key_bits; /* Used by RC2 */
307e3978 663 unsigned char *iv;
e1491a2f 664 unsigned char *next_iv; /* Expected IV state after operation */
6a41156c 665 unsigned int rounds;
307e3978
DSH		 666 size_t iv_len;
667 unsigned char *plaintext;
668 size_t plaintext_len;
669 unsigned char *ciphertext;
670 size_t ciphertext_len;
f53c079f 671 /* AEAD ciphers only */
b1ceb439
TS		 672 unsigned char *aad[AAD_NUM];
673 size_t aad_len[AAD_NUM];
f53c079f
TM		 674 int tls_aad;
675 int tls_version;
307e3978 676 unsigned char *tag;
7cc355c2 677 const char *cts_mode;
307e3978 678 size_t tag_len;
67c81ec3 679 int tag_late;
f53c079f
TM		 680 unsigned char *mac_key;
681 size_t mac_key_len;
6cdf83ea 682 const char *xts_standard;
6c5943c9 683} CIPHER_DATA;
307e3978 684
2c8dc43b
VH		 685
686/*
687 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special
688 * requirements about input lengths so we don't fragment for those
689 */
690static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat)
691{
692 return (cdat->aead == EVP_CIPH_CCM_MODE
693 || cdat->aead == EVP_CIPH_CBC_MODE
694 || (cdat->aead == -1
695 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
696 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
697 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
698 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE
699 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
700 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1;
701}
702
6c5943c9 703static int cipher_test_init(EVP_TEST *t, const char *alg)
307e3978
DSH		 704{
705 const EVP_CIPHER *cipher;
022351fd 706 EVP_CIPHER *fetched_cipher;
c49e0b04
RS		 707 CIPHER_DATA *cdat;
708 int m;
6c5943c9 709
5ccada09
SL		 710 if (is_cipher_disabled(alg)) {
711 t->skip = 1;
712 TEST_info("skipping, '%s' is disabled", alg);
713 return 1;
33a89fa6 714 }
5ccada09 715
f53c079f 716 ERR_set_mark();
f34878d8 717 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL
f53c079f
TM		 718 && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
719 /* a stitched cipher might not be available */
720 if (strstr(alg, "HMAC") != NULL) {
721 ERR_pop_to_mark();
722 t->skip = 1;
723 TEST_info("skipping, '%s' is not available", alg);
724 return 1;
725 }
726 ERR_clear_last_mark();
5ccada09 727 return 0;
f53c079f
TM		 728 }
729 ERR_clear_last_mark();
5ccada09 730
2208ba56
JJ		 731 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
732 return 0;
733
307e3978 734 cdat->cipher = cipher;
022351fd 735 cdat->fetched_cipher = fetched_cipher;
307e3978 736 cdat->enc = -1;
ed576acd 737 m = EVP_CIPHER_get_mode(cipher);
f53c079f
TM		 738 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
739 cdat->aead = m != 0 ? m : -1;
307e3978
DSH		 740 else
741 cdat->aead = 0;
4897dc40 742
2c8dc43b
VH		 743 if (data_chunk_size != 0 && !cipher_test_valid_fragmentation(cdat)) {
744 ERR_pop_to_mark();
745 t->skip = 1;
746 TEST_info("skipping, '%s' does not support fragmentation", alg);
747 return 1;
748 }
749
c49e0b04 750 t->data = cdat;
022351fd
RL		 751 if (fetched_cipher != NULL)
752 TEST_info("%s is fetched", alg);
307e3978
DSH		 753 return 1;
754}
4897dc40 755
6c5943c9 756static void cipher_test_cleanup(EVP_TEST *t)
307e3978 757{
b1ceb439 758 int i;
6c5943c9
RS		 759 CIPHER_DATA *cdat = t->data;
760
761 OPENSSL_free(cdat->key);
762 OPENSSL_free(cdat->iv);
e1491a2f 763 OPENSSL_free(cdat->next_iv);
6c5943c9
RS		 764 OPENSSL_free(cdat->ciphertext);
765 OPENSSL_free(cdat->plaintext);
b1ceb439
TS		 766 for (i = 0; i < AAD_NUM; i++)
767 OPENSSL_free(cdat->aad[i]);
6c5943c9 768 OPENSSL_free(cdat->tag);
f53c079f 769 OPENSSL_free(cdat->mac_key);
9e5f344a 770 EVP_CIPHER_free(cdat->fetched_cipher);
307e3978 771}
4897dc40 772
6c5943c9 773static int cipher_test_parse(EVP_TEST *t, const char *keyword,
307e3978
DSH		 774 const char *value)
775{
6c5943c9 776 CIPHER_DATA *cdat = t->data;
b1ceb439 777 int i;
6c5943c9 778
86885c28 779 if (strcmp(keyword, "Key") == 0)
c49e0b04 780 return parse_bin(value, &cdat->key, &cdat->key_len);
6a41156c
SL		 781 if (strcmp(keyword, "Rounds") == 0) {
782 i = atoi(value);
783 if (i < 0)
784 return -1;
785 cdat->rounds = (unsigned int)i;
786 return 1;
787 }
86885c28 788 if (strcmp(keyword, "IV") == 0)
c49e0b04 789 return parse_bin(value, &cdat->iv, &cdat->iv_len);
e1491a2f
JS		 790 if (strcmp(keyword, "NextIV") == 0)
791 return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
86885c28 792 if (strcmp(keyword, "Plaintext") == 0)
c49e0b04 793 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
86885c28 794 if (strcmp(keyword, "Ciphertext") == 0)
c49e0b04 795 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
f816aa47
SL		 796 if (strcmp(keyword, "KeyBits") == 0) {
797 i = atoi(value);
798 if (i < 0)
799 return -1;
800 cdat->key_bits = (size_t)i;
801 return 1;
802 }
307e3978 803 if (cdat->aead) {
f53c079f
TM		 804 int tls_aad = 0;
805
806 if (strcmp(keyword, "TLSAAD") == 0)
807 cdat->tls_aad = tls_aad = 1;
808 if (strcmp(keyword, "AAD") == 0 || tls_aad) {
b1ceb439
TS		 809 for (i = 0; i < AAD_NUM; i++) {
810 if (cdat->aad[i] == NULL)
811 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
812 }
f42c225d 813 return -1;
b1ceb439 814 }
86885c28 815 if (strcmp(keyword, "Tag") == 0)
c49e0b04 816 return parse_bin(value, &cdat->tag, &cdat->tag_len);
67c81ec3
TN		 817 if (strcmp(keyword, "SetTagLate") == 0) {
818 if (strcmp(value, "TRUE") == 0)
819 cdat->tag_late = 1;
820 else if (strcmp(value, "FALSE") == 0)
821 cdat->tag_late = 0;
822 else
f42c225d 823 return -1;
67c81ec3
TN		 824 return 1;
825 }
f53c079f
TM		 826 if (strcmp(keyword, "MACKey") == 0)
827 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
828 if (strcmp(keyword, "TLSVersion") == 0) {
829 char *endptr;
830
831 cdat->tls_version = (int)strtol(value, &endptr, 0);
832 return value[0] != '\0' && endptr[0] == '\0';
833 }
0f113f3e 834 }
4897dc40 835
86885c28
RS		 836 if (strcmp(keyword, "Operation") == 0) {
837 if (strcmp(value, "ENCRYPT") == 0)
307e3978 838 cdat->enc = 1;
86885c28 839 else if (strcmp(value, "DECRYPT") == 0)
307e3978
DSH		 840 cdat->enc = 0;
841 else
f42c225d 842 return -1;
307e3978 843 return 1;
0f113f3e 844 }
7cc355c2
SL		 845 if (strcmp(keyword, "CTSMode") == 0) {
846 cdat->cts_mode = value;
847 return 1;
848 }
6cdf83ea
XY		 849 if (strcmp(keyword, "XTSStandard") == 0) {
850 cdat->xts_standard = value;
851 return 1;
852 }
307e3978 853 return 0;
0f113f3e 854}
4897dc40 855
d57d0b81
VH		 856static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
857 size_t inp_misalign, int frag, int in_place)
0f113f3e 858{
e3d378bc
AP		 859 CIPHER_DATA *expected = t->data;
860 unsigned char *in, *expected_out, *tmp = NULL;
0b96d77a 861 size_t in_len, out_len, donelen = 0;
b1ceb439 862 int ok = 0, tmplen, chunklen, tmpflen, i;
f75abcc0 863 EVP_CIPHER_CTX *ctx_base = NULL;
ed16b0fc 864 EVP_CIPHER_CTX *ctx = NULL, *duped;
1a185961 865 int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0);
6c5943c9
RS		 866
867 t->err = "TEST_FAILURE";
f75abcc0
SL		 868 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
869 goto err;
6c5943c9 870 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
307e3978 871 goto err;
f75abcc0 872 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
307e3978 873 if (enc) {
e3d378bc
AP		 874 in = expected->plaintext;
875 in_len = expected->plaintext_len;
876 expected_out = expected->ciphertext;
877 out_len = expected->ciphertext_len;
307e3978 878 } else {
e3d378bc
AP		 879 in = expected->ciphertext;
880 in_len = expected->ciphertext_len;
881 expected_out = expected->plaintext;
882 out_len = expected->plaintext_len;
0f113f3e 883 }
d57d0b81 884 if (in_place == 1) {
5ccada09 885 /* Exercise in-place encryption */
ff715da4
AP		 886 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
887 if (!tmp)
888 goto err;
889 in = memcpy(tmp + out_misalign, in, in_len);
890 } else {
891 inp_misalign += 16 - ((out_misalign + in_len) & 15);
892 /*
893 * 'tmp' will store both output and copy of input. We make the copy
894 * of input to specifically aligned part of 'tmp'. So we just
895 * figured out how much padding would ensure the required alignment,
896 * now we allocate extended buffer and finally copy the input just
897 * past inp_misalign in expression below. Output will be written
898 * past out_misalign...
899 */
900 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
901 inp_misalign + in_len);
902 if (!tmp)
903 goto err;
904 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
905 inp_misalign, in, in_len);
906 }
f75abcc0 907 if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) {
6c5943c9 908 t->err = "CIPHERINIT_ERROR";
307e3978 909 goto err;
6c5943c9 910 }
7cc355c2
SL		 911 if (expected->cts_mode != NULL) {
912 OSSL_PARAM params[2];
913
914 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
915 (char *)expected->cts_mode,
916 0);
917 params[1] = OSSL_PARAM_construct_end();
918 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
919 t->err = "INVALID_CTS_MODE";
920 goto err;
921 }
922 }
e3d378bc
AP		 923 if (expected->iv) {
924 if (expected->aead) {
d649c51a
PH		 925 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
926 expected->iv_len, 0) <= 0) {
6c5943c9 927 t->err = "INVALID_IV_LENGTH";
307e3978 928 goto err;
6c5943c9 929 }
ed576acd 930 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
6c5943c9 931 t->err = "INVALID_IV_LENGTH";
307e3978 932 goto err;
6c5943c9 933 }
0f113f3e 934 }
f53c079f 935 if (expected->aead && !expected->tls_aad) {
307e3978
DSH		 936 unsigned char *tag;
937 /*
2207ba7b
DSH		 938 * If encrypting or OCB just set tag length initially, otherwise
939 * set tag length and value.
307e3978 940 */
67c81ec3 941 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
6c5943c9 942 t->err = "TAG_LENGTH_SET_ERROR";
307e3978 943 tag = NULL;
0f113f3e 944 } else {
6c5943c9 945 t->err = "TAG_SET_ERROR";
e3d378bc 946 tag = expected->tag;
0f113f3e 947 }
e3d378bc 948 if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
d649c51a
PH		 949 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
950 expected->tag_len, tag) <= 0)
307e3978 951 goto err;
0f113f3e 952 }
307e3978 953 }
0f113f3e 954
6a41156c
SL		 955 if (expected->rounds > 0) {
956 int rounds = (int)expected->rounds;
957
d649c51a 958 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
6a41156c
SL		 959 t->err = "INVALID_ROUNDS";
960 goto err;
961 }
962 }
963
f75abcc0 964 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
6c5943c9 965 t->err = "INVALID_KEY_LENGTH";
307e3978 966 goto err;
6c5943c9 967 }
f816aa47
SL		 968 if (expected->key_bits > 0) {
969 int bits = (int)expected->key_bits;
970
d649c51a 971 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
f816aa47
SL		 972 t->err = "INVALID KEY BITS";
973 goto err;
974 }
975 }
f75abcc0 976 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
6c5943c9 977 t->err = "KEY_SET_ERROR";
307e3978 978 goto err;
6c5943c9 979 }
f816aa47 980
48ebde22 981 /* Check that we get the same IV back */
bdc0df8a
BK		 982 if (expected->iv != NULL) {
983 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
984 unsigned char iv[128];
0d83b7b9 985 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
ed576acd
TM		 986 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
987 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
988 expected->iv_len))) {
bdc0df8a
BK		 989 t->err = "INVALID_IV";
990 goto err;
991 }
48ebde22 992 }
307e3978 993
f75abcc0 994 /* Test that the cipher dup functions correctly if it is supported */
f53c079f 995 ERR_set_mark();
39d857bb
NH		 996 if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
997 if (fips_dupctx_supported) {
998 TEST_info("Doing a copy of Cipher %s Fails!\n",
999 EVP_CIPHER_get0_name(expected->cipher));
1000 ERR_print_errors_fp(stderr);
1001 goto err;
1002 } else {
1003 TEST_info("Allowing copy fail as an old fips provider is in use.");
1004 }
bbb6d620
NH		 1005 EVP_CIPHER_CTX_free(ctx);
1006 ctx = ctx_base;
1007 } else {
1008 EVP_CIPHER_CTX_free(ctx_base);
1009 ctx_base = NULL;
f75abcc0 1010 }
ed16b0fc
P		 1011 /* Likewise for dup */
1012 duped = EVP_CIPHER_CTX_dup(ctx);
1013 if (duped != NULL) {
1014 EVP_CIPHER_CTX_free(ctx);
1015 ctx = duped;
39d857bb
NH		 1016 } else {
1017 if (fips_dupctx_supported) {
1018 TEST_info("Doing a dup of Cipher %s Fails!\n",
1019 EVP_CIPHER_get0_name(expected->cipher));
1020 ERR_print_errors_fp(stderr);
1021 goto err;
1022 } else {
1023 TEST_info("Allowing dup fail as an old fips provider is in use.");
1024 }
ed16b0fc 1025 }
f53c079f
TM		 1026 ERR_pop_to_mark();
1027
1028 if (expected->mac_key != NULL
d649c51a 1029 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
f53c079f 1030 (int)expected->mac_key_len,
d649c51a 1031 (void *)expected->mac_key) <= 0) {
f53c079f
TM		 1032 t->err = "SET_MAC_KEY_ERROR";
1033 goto err;
1034 }
1035
1036 if (expected->tls_version) {
1037 OSSL_PARAM params[2];
1038
1039 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
1040 &expected->tls_version);
1041 params[1] = OSSL_PARAM_construct_end();
1042 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1043 t->err = "SET_TLS_VERSION_ERROR";
1044 goto err;
1045 }
1046 }
f75abcc0 1047
e3d378bc 1048 if (expected->aead == EVP_CIPH_CCM_MODE) {
307e3978 1049 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
6c5943c9 1050 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
307e3978 1051 goto err;
0f113f3e
MC		 1052 }
1053 }
f53c079f 1054 if (expected->aad[0] != NULL && !expected->tls_aad) {
6c5943c9 1055 t->err = "AAD_SET_ERROR";
0b96d77a 1056 if (!frag) {
2c8dc43b 1057 /* Supply the data all in one go or according to data_chunk_size */
b1ceb439 1058 for (i = 0; expected->aad[i] != NULL; i++) {
2c8dc43b
VH		 1059 size_t aad_len = expected->aad_len[i];
1060 donelen = 0;
1061
1062 do {
1063 size_t current_aad_len = (size_t) data_chunk_size;
1064
1065 if (data_chunk_size == 0 || (size_t) data_chunk_size > aad_len)
1066 current_aad_len = aad_len;
1067 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
1068 expected->aad[i] + donelen,
1069 current_aad_len))
1070 goto err;
1071 donelen += current_aad_len;
1072 aad_len -= current_aad_len;
1073 } while (aad_len > 0);
b1ceb439 1074 }
0b96d77a 1075 } else {
2c8dc43b 1076 /* Supply the AAD in chunks less than the block size where possible */
b1ceb439
TS		 1077 for (i = 0; expected->aad[i] != NULL; i++) {
1078 if (expected->aad_len[i] > 0) {
1079 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
1080 goto err;
1081 donelen++;
1082 }
1083 if (expected->aad_len[i] > 2) {
1084 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
1085 expected->aad[i] + donelen,
1086 expected->aad_len[i] - 2))
1087 goto err;
1088 donelen += expected->aad_len[i] - 2;
1089 }
1090 if (expected->aad_len[i] > 1
1091 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
1092 expected->aad[i] + donelen, 1))
0b96d77a 1093 goto err;
0b96d77a 1094 }
307e3978
DSH		 1095 }
1096 }
67c81ec3 1097
f53c079f
TM		 1098 if (expected->tls_aad) {
1099 OSSL_PARAM params[2];
1100 char *tls_aad;
1101
1102 /* duplicate the aad as the implementation might modify it */
1103 if ((tls_aad = OPENSSL_memdup(expected->aad[0],
1104 expected->aad_len[0])) == NULL)
1105 goto err;
1106 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
1107 tls_aad,
1108 expected->aad_len[0]);
1109 params[1] = OSSL_PARAM_construct_end();
1110 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1111 OPENSSL_free(tls_aad);
1112 t->err = "TLS1_AAD_ERROR";
1113 goto err;
1114 }
1115 OPENSSL_free(tls_aad);
1116 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
1117 || expected->tag_late)) {
d649c51a
PH		 1118 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1119 expected->tag_len, expected->tag) <= 0) {
67c81ec3
TN		 1120 t->err = "TAG_SET_ERROR";
1121 goto err;
1122 }
1123 }
6cdf83ea
XY		 1124 if (expected->xts_standard != NULL) {
1125 OSSL_PARAM params[2];
67c81ec3 1126
6cdf83ea
XY		 1127 params[0] =
1128 OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD,
1129 (char *)expected->xts_standard, 0);
1130 params[1] = OSSL_PARAM_construct_end();
1131 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1132 t->err = "SET_XTS_STANDARD_ERROR";
1133 goto err;
1134 }
1135 }
307e3978 1136 EVP_CIPHER_CTX_set_padding(ctx, 0);
6c5943c9 1137 t->err = "CIPHERUPDATE_ERROR";
0b96d77a 1138 tmplen = 0;
0b96d77a 1139 if (!frag) {
2c8dc43b
VH		 1140 do {
1141 /* Supply the data all in one go or according to data_chunk_size */
1142 size_t current_in_len = (size_t) data_chunk_size;
1143
1144 if (data_chunk_size == 0 || (size_t) data_chunk_size > in_len)
1145 current_in_len = in_len;
1146 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1147 in, current_in_len))
1148 goto err;
1149 tmplen += chunklen;
1150 in += current_in_len;
1151 in_len -= current_in_len;
1152 } while (in_len > 0);
0b96d77a
MC		 1153 } else {
1154 /* Supply the data in chunks less than the block size where possible */
1155 if (in_len > 0) {
1156 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
1157 goto err;
1158 tmplen += chunklen;
ef055ec5
MC		 1159 in++;
1160 in_len--;
0b96d77a 1161 }
ef055ec5 1162 if (in_len > 1) {
0b96d77a 1163 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
ef055ec5 1164 in, in_len - 1))
0b96d77a
MC		 1165 goto err;
1166 tmplen += chunklen;
ef055ec5
MC		 1167 in += in_len - 1;
1168 in_len = 1;
0b96d77a 1169 }
1287dabd 1170 if (in_len > 0) {
0b96d77a 1171 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
ef055ec5 1172 in, 1))
0b96d77a
MC		 1173 goto err;
1174 tmplen += chunklen;
1175 }
1176 }
6c5943c9
RS		 1177 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
1178 t->err = "CIPHERFINAL_ERROR";
00212c66 1179 goto err;
6c5943c9 1180 }
f53c079f
TM		 1181 if (!enc && expected->tls_aad) {
1182 if (expected->tls_version >= TLS1_1_VERSION
1183 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
1184 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
1185 tmplen -= expected->iv_len;
1186 expected_out += expected->iv_len;
1187 out_misalign += expected->iv_len;
1188 }
1189 if ((int)out_len > tmplen + tmpflen)
1190 out_len = tmplen + tmpflen;
1191 }
4cceb185
P		 1192 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
1193 tmp + out_misalign, tmplen + tmpflen))
307e3978 1194 goto err;
f53c079f 1195 if (enc && expected->aead && !expected->tls_aad) {
307e3978 1196 unsigned char rtag[16];
6c5943c9 1197
e3d378bc 1198 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
6c5943c9 1199 t->err = "TAG_LENGTH_INTERNAL_ERROR";
307e3978
DSH		 1200 goto err;
1201 }
d649c51a
PH		 1202 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1203 expected->tag_len, rtag) <= 0) {
6c5943c9 1204 t->err = "TAG_RETRIEVE_ERROR";
307e3978
DSH		 1205 goto err;
1206 }
4cceb185
P		 1207 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
1208 expected->tag, expected->tag_len,
1209 rtag, expected->tag_len))
307e3978 1210 goto err;
307e3978 1211 }
e1491a2f
JS		 1212 /* Check the updated IV */
1213 if (expected->next_iv != NULL) {
1214 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
1215 unsigned char iv[128];
1216 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
ed576acd
TM		 1217 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
1218 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
1219 expected->iv_len))) {
e1491a2f
JS		 1220 t->err = "INVALID_NEXT_IV";
1221 goto err;
1222 }
1223 }
1224
6c5943c9
RS		 1225 t->err = NULL;
1226 ok = 1;
307e3978 1227 err:
b548a1f1 1228 OPENSSL_free(tmp);
f75abcc0
SL		 1229 if (ctx != ctx_base)
1230 EVP_CIPHER_CTX_free(ctx_base);
307e3978 1231 EVP_CIPHER_CTX_free(ctx);
6c5943c9 1232 return ok;
307e3978 1233}
0e360199 1234
6c5943c9 1235static int cipher_test_run(EVP_TEST *t)
307e3978 1236{
6c5943c9 1237 CIPHER_DATA *cdat = t->data;
d57d0b81 1238 int rv, frag, fragmax, in_place;
9a2d2fb3
AP		 1239 size_t out_misalign, inp_misalign;
1240
39d857bb 1241 TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
307e3978
DSH		 1242 if (!cdat->key) {
1243 t->err = "NO_KEY";
1244 return 0;
1245 }
6f22bcd6 1246 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) {
307e3978 1247 /* IV is optional and usually omitted in wrap mode */
ed576acd 1248 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
307e3978
DSH		 1249 t->err = "NO_IV";
1250 return 0;
1251 }
1252 }
f53c079f 1253 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
307e3978
DSH		 1254 t->err = "NO_TAG";
1255 return 0;
1256 }
d57d0b81
VH		 1257
1258 fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1;
1259 for (in_place = 1; in_place >= 0; in_place--) {
9a2d2fb3 1260 static char aux_err[64];
d57d0b81 1261
9a2d2fb3 1262 t->aux_err = aux_err;
d57d0b81
VH		 1263 /* Test only in-place data processing */
1264 if (process_mode_in_place == 1 && in_place == 0)
1265 break;
1266
1267 for (frag = 0; frag <= fragmax; frag++) {
2c8dc43b
VH		 1268 if (frag == 1 && data_chunk_size != 0)
1269 break;
d57d0b81
VH		 1270 for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
1271 for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) {
1272 /* Skip input misalign tests for in-place processing */
1273 if (inp_misalign == 1 && in_place == 1)
1274 break;
1275 if (in_place == 1) {
1276 BIO_snprintf(aux_err, sizeof(aux_err),
1277 "%s in-place, %sfragmented",
1278 out_misalign ? "misaligned" : "aligned",
1279 frag ? "" : "not ");
1280 } else {
1281 BIO_snprintf(aux_err, sizeof(aux_err),
1282 "%s output and %s input, %sfragmented",
1283 out_misalign ? "misaligned" : "aligned",
1284 inp_misalign ? "misaligned" : "aligned",
1285 frag ? "" : "not ");
1286 }
1287 if (cdat->enc) {
1288 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign,
1289 frag, in_place);
1290 /* Not fatal errors: return */
1291 if (rv != 1) {
1292 if (rv < 0)
1293 return 0;
1294 return 1;
1295 }
1296 }
1297 if (cdat->enc != 1) {
1298 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign,
1299 frag, in_place);
1300 /* Not fatal errors: return */
1301 if (rv != 1) {
1302 if (rv < 0)
1303 return 0;
1304 return 1;
1305 }
1306 }
9a2d2fb3
AP		 1307 }
1308 }
307e3978
DSH		 1309 }
1310 }
9a2d2fb3
AP		 1311 t->aux_err = NULL;
1312
307e3978 1313 return 1;
0f113f3e 1314}
307e3978 1315
6c5943c9 1316static const EVP_TEST_METHOD cipher_test_method = {
307e3978
DSH		 1317 "Cipher",
1318 cipher_test_init,
1319 cipher_test_cleanup,
1320 cipher_test_parse,
1321 cipher_test_run
1322};
83251f39 1323
c49e0b04
RS		 1324
1325/**
5ccada09
SL		 1326 ** MAC TESTS
1327 **/
c49e0b04 1328
6c5943c9 1329typedef struct mac_data_st {
2bdb4af5 1330 /* MAC type in one form or another */
f651c727 1331 char *mac_name;
25446a66 1332 EVP_MAC *mac; /* for mac_test_run_mac */
2bdb4af5 1333 int type; /* for mac_test_run_pkey */
83251f39
DSH		 1334 /* Algorithm string for this MAC */
1335 char *alg;
1336 /* MAC key */
1337 unsigned char *key;
1338 size_t key_len;
afc580b9
P		 1339 /* MAC IV (GMAC) */
1340 unsigned char *iv;
1341 size_t iv_len;
83251f39
DSH		 1342 /* Input to MAC */
1343 unsigned char *input;
1344 size_t input_len;
1345 /* Expected output */
1346 unsigned char *output;
1347 size_t output_len;
6e624a64
SL		 1348 unsigned char *custom;
1349 size_t custom_len;
b215db23
AS		 1350 /* MAC salt (blake2) */
1351 unsigned char *salt;
1352 size_t salt_len;
6a38b09a
P		 1353 /* XOF mode? */
1354 int xof;
e58ba181
TM		 1355 /* Reinitialization fails */
1356 int no_reinit;
7e6a3025
RL		 1357 /* Collection of controls */
1358 STACK_OF(OPENSSL_STRING) *controls;
36b6db08
P		 1359 /* Output size */
1360 int output_size;
1361 /* Block size */
1362 int block_size;
6c5943c9 1363} MAC_DATA;
83251f39 1364
6c5943c9 1365static int mac_test_init(EVP_TEST *t, const char *alg)
83251f39 1366{
25446a66 1367 EVP_MAC *mac = NULL;
2bdb4af5 1368 int type = NID_undef;
6c5943c9
RS		 1369 MAC_DATA *mdat;
1370
5ccada09
SL		 1371 if (is_mac_disabled(alg)) {
1372 TEST_info("skipping, '%s' is disabled", alg);
1373 t->skip = 1;
1374 return 1;
1375 }
f34878d8 1376 if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) {
2bdb4af5
RL		 1377 /*
1378 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
1379 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
1380 * the EVP_PKEY method.
1381 */
1382 size_t sz = strlen(alg);
1383 static const char epilogue[] = " by EVP_PKEY";
1384
88e3cf0a
RL		 1385 if (sz >= sizeof(epilogue)
1386 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
2bdb4af5
RL		 1387 sz -= sizeof(epilogue) - 1;
1388
5ccada09 1389 if (strncmp(alg, "HMAC", sz) == 0)
2bdb4af5 1390 type = EVP_PKEY_HMAC;
5ccada09 1391 else if (strncmp(alg, "CMAC", sz) == 0)
2bdb4af5 1392 type = EVP_PKEY_CMAC;
5ccada09 1393 else if (strncmp(alg, "Poly1305", sz) == 0)
2bdb4af5 1394 type = EVP_PKEY_POLY1305;
5ccada09 1395 else if (strncmp(alg, "SipHash", sz) == 0)
2bdb4af5 1396 type = EVP_PKEY_SIPHASH;
5ccada09 1397 else
2bdb4af5 1398 return 0;
2bdb4af5 1399 }
83251f39 1400
2208ba56
JJ		 1401 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
1402 return 0;
1403
83251f39 1404 mdat->type = type;
b2f90e93
JJ		 1405 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
1406 OPENSSL_free(mdat);
1407 return 0;
1408 }
1409
2bdb4af5 1410 mdat->mac = mac;
b2f90e93
JJ		 1411 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
1412 OPENSSL_free(mdat->mac_name);
1413 OPENSSL_free(mdat);
1414 return 0;
1415 }
1416
36b6db08 1417 mdat->output_size = mdat->block_size = -1;
83251f39
DSH		 1418 t->data = mdat;
1419 return 1;
1420}
1421
7e6a3025
RL		 1422/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
1423static void openssl_free(char *m)
1424{
1425 OPENSSL_free(m);
1426}
1427
6c5943c9 1428static void mac_test_cleanup(EVP_TEST *t)
83251f39 1429{
6c5943c9
RS		 1430 MAC_DATA *mdat = t->data;
1431
25446a66 1432 EVP_MAC_free(mdat->mac);
f651c727 1433 OPENSSL_free(mdat->mac_name);
7e6a3025 1434 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
6c5943c9
RS		 1435 OPENSSL_free(mdat->alg);
1436 OPENSSL_free(mdat->key);
afc580b9 1437 OPENSSL_free(mdat->iv);
6e624a64 1438 OPENSSL_free(mdat->custom);
b215db23 1439 OPENSSL_free(mdat->salt);
6c5943c9
RS		 1440 OPENSSL_free(mdat->input);
1441 OPENSSL_free(mdat->output);
83251f39
DSH		 1442}
1443
6c5943c9 1444static int mac_test_parse(EVP_TEST *t,
83251f39
DSH		 1445 const char *keyword, const char *value)
1446{
6c5943c9
RS		 1447 MAC_DATA *mdata = t->data;
1448
86885c28 1449 if (strcmp(keyword, "Key") == 0)
c49e0b04 1450 return parse_bin(value, &mdata->key, &mdata->key_len);
afc580b9
P		 1451 if (strcmp(keyword, "IV") == 0)
1452 return parse_bin(value, &mdata->iv, &mdata->iv_len);
6e624a64
SL		 1453 if (strcmp(keyword, "Custom") == 0)
1454 return parse_bin(value, &mdata->custom, &mdata->custom_len);
b215db23
AS		 1455 if (strcmp(keyword, "Salt") == 0)
1456 return parse_bin(value, &mdata->salt, &mdata->salt_len);
86885c28 1457 if (strcmp(keyword, "Algorithm") == 0) {
7644a9ae 1458 mdata->alg = OPENSSL_strdup(value);
5203a8df 1459 if (mdata->alg == NULL)
f42c225d 1460 return -1;
83251f39
DSH		 1461 return 1;
1462 }
86885c28 1463 if (strcmp(keyword, "Input") == 0)
c49e0b04 1464 return parse_bin(value, &mdata->input, &mdata->input_len);
86885c28 1465 if (strcmp(keyword, "Output") == 0)
c49e0b04 1466 return parse_bin(value, &mdata->output, &mdata->output_len);
6a38b09a
P		 1467 if (strcmp(keyword, "XOF") == 0)
1468 return mdata->xof = 1;
e58ba181
TM		 1469 if (strcmp(keyword, "NoReinit") == 0)
1470 return mdata->no_reinit = 1;
5203a8df
JJ		 1471 if (strcmp(keyword, "Ctrl") == 0) {
1472 char *data = OPENSSL_strdup(value);
1473
1474 if (data == NULL)
1475 return -1;
1476 return sk_OPENSSL_STRING_push(mdata->controls, data) != 0;
1477 }
36b6db08
P		 1478 if (strcmp(keyword, "OutputSize") == 0) {
1479 mdata->output_size = atoi(value);
1480 if (mdata->output_size < 0)
1481 return -1;
1482 return 1;
1483 }
1484 if (strcmp(keyword, "BlockSize") == 0) {
1485 mdata->block_size = atoi(value);
1486 if (mdata->block_size < 0)
1487 return -1;
1488 return 1;
1489 }
83251f39
DSH		 1490 return 0;
1491}
1492
ce5d64c7
RL		 1493static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1494 const char *value)
1495{
337ace06 1496 int rv = 0;
ce5d64c7
RL		 1497 char *p, *tmpval;
1498
1499 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1500 return 0;
1501 p = strchr(tmpval, ':');
337ace06 1502 if (p != NULL) {
ce5d64c7 1503 *p++ = '\0';
337ace06
P		 1504 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1505 }
ce5d64c7
RL		 1506 if (rv == -2)
1507 t->err = "PKEY_CTRL_INVALID";
1508 else if (rv <= 0)
1509 t->err = "PKEY_CTRL_ERROR";
1510 else
1511 rv = 1;
1512 OPENSSL_free(tmpval);
1513 return rv > 0;
1514}
1515
2bdb4af5 1516static int mac_test_run_pkey(EVP_TEST *t)
83251f39 1517{
e3d378bc 1518 MAC_DATA *expected = t->data;
83251f39
DSH		 1519 EVP_MD_CTX *mctx = NULL;
1520 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1521 EVP_PKEY *key = NULL;
5ccada09
SL		 1522 const char *mdname = NULL;
1523 EVP_CIPHER *cipher = NULL;
e3d378bc
AP		 1524 unsigned char *got = NULL;
1525 size_t got_len;
7e6a3025 1526 int i;
fedbfff4 1527 size_t input_len, donelen;
83251f39 1528
6a38b09a
P		 1529 /* We don't do XOF mode via PKEY */
1530 if (expected->xof)
1531 return 1;
1532
2bdb4af5
RL		 1533 if (expected->alg == NULL)
1534 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1535 else
1536 TEST_info("Trying the EVP_PKEY %s test with %s",
1537 OBJ_nid2sn(expected->type), expected->alg);
1538
5ccada09 1539 if (expected->type == EVP_PKEY_CMAC) {
a3d267f1
RS		 1540#ifdef OPENSSL_NO_DEPRECATED_3_0
1541 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1542 t->skip = 1;
1543 t->err = NULL;
1544 goto err;
1545#else
1546 OSSL_LIB_CTX *tmpctx;
1547
ab7f4a3d 1548 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
5ccada09
SL		 1549 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1550 t->skip = 1;
1551 t->err = NULL;
1552 goto err;
1553 }
f34878d8 1554 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) {
5ccada09
SL		 1555 t->err = "MAC_KEY_CREATE_ERROR";
1556 goto err;
1557 }
a3d267f1
RS		 1558 tmpctx = OSSL_LIB_CTX_set0_default(libctx);
1559 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1560 cipher);
1561 OSSL_LIB_CTX_set0_default(tmpctx);
1562#endif
5ccada09 1563 } else {
d8652be0
MC		 1564 key = EVP_PKEY_new_raw_private_key_ex(libctx,
1565 OBJ_nid2sn(expected->type), NULL,
1566 expected->key, expected->key_len);
5ccada09 1567 }
9442c8d7
MC		 1568 if (key == NULL) {
1569 t->err = "MAC_KEY_CREATE_ERROR";
83251f39 1570 goto err;
6c5943c9 1571 }
83251f39 1572
ab7f4a3d 1573 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
5ccada09
SL		 1574 if (is_digest_disabled(expected->alg)) {
1575 TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
1576 t->skip = 1;
1577 t->err = NULL;
83251f39 1578 goto err;
6c5943c9 1579 }
5ccada09 1580 mdname = expected->alg;
83251f39 1581 }
6c5943c9
RS		 1582 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1583 t->err = "INTERNAL_ERROR";
83251f39 1584 goto err;
6c5943c9 1585 }
af6171b3 1586 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
6c5943c9 1587 t->err = "DIGESTSIGNINIT_ERROR";
83251f39 1588 goto err;
6c5943c9 1589 }
7e6a3025 1590 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
ce5d64c7
RL		 1591 if (!mac_test_ctrl_pkey(t, pctx,
1592 sk_OPENSSL_STRING_value(expected->controls,
1593 i))) {
7e6a3025
RL		 1594 t->err = "EVPPKEYCTXCTRL_ERROR";
1595 goto err;
1596 }
fedbfff4
VH		 1597 input_len = expected->input_len;
1598 donelen = 0;
1599 do {
1600 size_t current_len = (size_t) data_chunk_size;
1601
1602 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
1603 current_len = input_len;
1604 if (!EVP_DigestSignUpdate(mctx, expected->input + donelen, current_len)) {
1605 t->err = "DIGESTSIGNUPDATE_ERROR";
1606 goto err;
1607 }
1608 donelen += current_len;
1609 input_len -= current_len;
1610 } while (input_len > 0);
1611
e3d378bc 1612 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
6c5943c9 1613 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
83251f39 1614 goto err;
6c5943c9 1615 }
e3d378bc 1616 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
6c5943c9 1617 t->err = "TEST_FAILURE";
83251f39 1618 goto err;
6c5943c9 1619 }
e3d378bc 1620 if (!EVP_DigestSignFinal(mctx, got, &got_len)
4cceb185
P		 1621 || !memory_err_compare(t, "TEST_MAC_ERR",
1622 expected->output, expected->output_len,
1623 got, got_len)) {
41248607
RS		 1624 t->err = "TEST_MAC_ERR";
1625 goto err;
1626 }
6c5943c9 1627 t->err = NULL;
83251f39 1628 err:
5ccada09 1629 EVP_CIPHER_free(cipher);
bfb0641f 1630 EVP_MD_CTX_free(mctx);
e3d378bc 1631 OPENSSL_free(got);
c5ba2d99
RS		 1632 EVP_PKEY_CTX_free(genctx);
1633 EVP_PKEY_free(key);
83251f39
DSH		 1634 return 1;
1635}
1636
2bdb4af5
RL		 1637static int mac_test_run_mac(EVP_TEST *t)
1638{
1639 MAC_DATA *expected = t->data;
1640 EVP_MAC_CTX *ctx = NULL;
2bdb4af5 1641 unsigned char *got = NULL;
0f7a4ca5 1642 size_t got_len = 0, size = 0;
e4542332 1643 size_t size_before_init = 0, size_after_init, size_val = 0;
36b6db08
P		 1644 int i, block_size = -1, output_size = -1;
1645 OSSL_PARAM params[21], sizes[3], *psizes = sizes;
25446a66
RL		 1646 size_t params_n = 0;
1647 size_t params_n_allocstart = 0;
1648 const OSSL_PARAM *defined_params =
41f7ecf3 1649 EVP_MAC_settable_ctx_params(expected->mac);
0f7a4ca5 1650 int xof;
e58ba181 1651 int reinit = 1;
fedbfff4 1652 size_t input_len, donelen ;
2bdb4af5
RL		 1653
1654 if (expected->alg == NULL)
f651c727 1655 TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
2bdb4af5
RL		 1656 else
1657 TEST_info("Trying the EVP_MAC %s test with %s",
f651c727 1658 expected->mac_name, expected->alg);
2bdb4af5 1659
703170d4 1660 if (expected->alg != NULL) {
c8a016ca 1661 int skip = 0;
1662
703170d4
RL		 1663 /*
1664 * The underlying algorithm may be a cipher or a digest.
1665 * We don't know which it is, but we can ask the MAC what it
1666 * should be and bet on that.
1667 */
1668 if (OSSL_PARAM_locate_const(defined_params,
1669 OSSL_MAC_PARAM_CIPHER) != NULL) {
c8a016ca 1670 if (is_cipher_disabled(expected->alg))
1671 skip = 1;
1672 else
1673 params[params_n++] =
1674 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
1675 expected->alg, 0);
703170d4
RL		 1676 } else if (OSSL_PARAM_locate_const(defined_params,
1677 OSSL_MAC_PARAM_DIGEST) != NULL) {
c8a016ca 1678 if (is_digest_disabled(expected->alg))
1679 skip = 1;
1680 else
1681 params[params_n++] =
1682 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1683 expected->alg, 0);
703170d4
RL		 1684 } else {
1685 t->err = "MAC_BAD_PARAMS";
1686 goto err;
1687 }
c8a016ca 1688 if (skip) {
1689 TEST_info("skipping, algorithm '%s' is disabled", expected->alg);
1690 t->skip = 1;
1691 t->err = NULL;
1692 goto err;
1693 }
703170d4 1694 }
25446a66
RL		 1695 if (expected->custom != NULL)
1696 params[params_n++] =
1697 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1698 expected->custom,
1699 expected->custom_len);
1700 if (expected->salt != NULL)
1701 params[params_n++] =
1702 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1703 expected->salt,
1704 expected->salt_len);
1705 if (expected->iv != NULL)
1706 params[params_n++] =
1707 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1708 expected->iv,
1709 expected->iv_len);
1710
5ccada09 1711 /* Unknown controls. They must match parameters that the MAC recognizes */
25446a66
RL		 1712 if (params_n + sk_OPENSSL_STRING_num(expected->controls)
1713 >= OSSL_NELEM(params)) {
1714 t->err = "MAC_TOO_MANY_PARAMETERS";
2bdb4af5
RL		 1715 goto err;
1716 }
25446a66
RL		 1717 params_n_allocstart = params_n;
1718 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
1719 char *tmpkey, *tmpval;
1720 char *value = sk_OPENSSL_STRING_value(expected->controls, i);
2bdb4af5 1721
25446a66
RL		 1722 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
1723 t->err = "MAC_PARAM_ERROR";
2bdb4af5
RL		 1724 goto err;
1725 }
25446a66
RL		 1726 tmpval = strchr(tmpkey, ':');
1727 if (tmpval != NULL)
1728 *tmpval++ = '\0';
1729
d5f85429
RL		 1730 if (tmpval == NULL
1731 || !OSSL_PARAM_allocate_from_text(&params[params_n],
1732 defined_params,
1733 tmpkey, tmpval,
2ee0dfa6 1734 strlen(tmpval), NULL)) {
25446a66
RL		 1735 OPENSSL_free(tmpkey);
1736 t->err = "MAC_PARAM_ERROR";
6e624a64
SL		 1737 goto err;
1738 }
25446a66 1739 params_n++;
2bdb4af5 1740
ff181969
JM		 1741 if (strcmp(tmpkey, "size") == 0)
1742 size_val = (size_t)strtoul(tmpval, NULL, 0);
1743
25446a66 1744 OPENSSL_free(tmpkey);
b215db23 1745 }
25446a66 1746 params[params_n] = OSSL_PARAM_construct_end();
b215db23 1747
865adf97 1748 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
25446a66
RL		 1749 t->err = "MAC_CREATE_ERROR";
1750 goto err;
afc580b9 1751 }
e4542332
TM		 1752 if (fips_provider_version_gt(libctx, 3, 2, 0))
1753 size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
41df96ef 1754 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
b215db23
AS		 1755 t->err = "MAC_INIT_ERROR";
1756 goto err;
1757 }
ff181969
JM		 1758 size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
1759 if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
1760 t->err = "MAC SIZE not set";
1761 goto err;
1762 }
1763 if (size_before_init != 0) {
1764 /* mac-size not modified by init params */
1765 if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
1766 t->err = "MAC SIZE check failed";
1767 goto err;
1768 }
1769 /* mac-size modified by init params */
1770 if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
1771 t->err = "MAC SIZE check failed";
1772 goto err;
1773 }
1774 }
36b6db08
P		 1775 if (expected->output_size >= 0)
1776 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
1777 &output_size);
1778 if (expected->block_size >= 0)
1779 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
1780 &block_size);
1781 if (psizes != sizes) {
1782 *psizes = OSSL_PARAM_construct_end();
1783 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
1784 t->err = "INTERNAL_ERROR";
1785 goto err;
1786 }
1787 if (expected->output_size >= 0
1788 && !TEST_int_eq(output_size, expected->output_size)) {
1789 t->err = "TEST_FAILURE";
1790 goto err;
1791 }
1792 if (expected->block_size >= 0
1793 && !TEST_int_eq(block_size, expected->block_size)) {
1794 t->err = "TEST_FAILURE";
1795 goto err;
1796 }
1797 }
e58ba181 1798 retry:
fedbfff4
VH		 1799 input_len = expected->input_len;
1800 donelen = 0;
1801 do {
1802 size_t current_len = (size_t) data_chunk_size;
1803
1804 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
1805 current_len = input_len;
1806 if (!EVP_MAC_update(ctx, expected->input + donelen, current_len)) {
1807 t->err = "MAC_UPDATE_ERROR";
1808 goto err;
1809 }
1810 donelen += current_len;
1811 input_len -= current_len;
1812 } while (input_len > 0);
1813
0f7a4ca5
P		 1814 xof = expected->xof;
1815 if (xof) {
6a38b09a
P		 1816 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
1817 t->err = "TEST_FAILURE";
1818 goto err;
1819 }
1820 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
1821 || !memory_err_compare(t, "TEST_MAC_ERR",
1822 expected->output, expected->output_len,
1823 got, expected->output_len)) {
1824 t->err = "MAC_FINAL_ERROR";
1825 goto err;
1826 }
1827 } else {
1828 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
1829 t->err = "MAC_FINAL_LENGTH_ERROR";
1830 goto err;
1831 }
1832 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1833 t->err = "TEST_FAILURE";
1834 goto err;
1835 }
1836 if (!EVP_MAC_final(ctx, got, &got_len, got_len)
1837 || !memory_err_compare(t, "TEST_MAC_ERR",
1838 expected->output, expected->output_len,
1839 got, got_len)) {
1840 t->err = "TEST_MAC_ERR";
1841 goto err;
1842 }
2bdb4af5 1843 }
e1289d90 1844 /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */
54a7bbed 1845 if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) {
e58ba181
TM		 1846 OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1847 int ret;
1848
1849 /* If the MAC uses IV, we have to set it again */
1850 if (expected->iv != NULL) {
1851 ivparams[0] =
1852 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1853 expected->iv,
1854 expected->iv_len);
1855 ivparams[1] = OSSL_PARAM_construct_end();
1856 }
1857 ERR_set_mark();
1858 ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
1859 if (expected->no_reinit) {
1860 if (ret) {
1861 ERR_clear_last_mark();
1862 t->err = "MAC_REINIT_SHOULD_FAIL";
1863 goto err;
1864 }
1865 } else if (ret) {
1866 ERR_clear_last_mark();
1867 OPENSSL_free(got);
1868 got = NULL;
1869 goto retry;
1870 } else {
1871 ERR_clear_last_mark();
1872 t->err = "MAC_REINIT_ERROR";
1873 goto err;
1874 }
1875 /* If reinitialization fails, it is unsupported by the algorithm */
1876 ERR_pop_to_mark();
1877 }
2bdb4af5 1878 t->err = NULL;
0f7a4ca5
P		 1879
1880 /* Test the EVP_Q_mac interface as well */
1881 if (!xof) {
9f54970c 1882 OPENSSL_cleanse(got, got_len);
0f7a4ca5
P		 1883 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
1884 expected->alg, params,
1885 expected->key, expected->key_len,
1886 expected->input, expected->input_len,
1887 got, got_len, &size))
1888 || !TEST_mem_eq(got, size,
1889 expected->output, expected->output_len)) {
1890 t->err = "EVP_Q_mac failed";
1891 goto err;
1892 }
1893 }
2bdb4af5 1894 err:
25446a66
RL		 1895 while (params_n-- > params_n_allocstart) {
1896 OPENSSL_free(params[params_n].data);
1897 }
865adf97 1898 EVP_MAC_CTX_free(ctx);
2bdb4af5
RL		 1899 OPENSSL_free(got);
1900 return 1;
1901}
1902
1903static int mac_test_run(EVP_TEST *t)
1904{
1905 MAC_DATA *expected = t->data;
1906
1907 if (expected->mac != NULL)
1908 return mac_test_run_mac(t);
1909 return mac_test_run_pkey(t);
1910}
1911
6c5943c9 1912static const EVP_TEST_METHOD mac_test_method = {
83251f39
DSH		 1913 "MAC",
1914 mac_test_init,
1915 mac_test_cleanup,
1916 mac_test_parse,
1917 mac_test_run
1918};
5824cc29 1919
c49e0b04
RS		 1920
1921/**
5ccada09
SL		 1922 ** PUBLIC KEY TESTS
1923 ** These are all very similar and share much common code.
1924 **/
5824cc29 1925
6c5943c9 1926typedef struct pkey_data_st {
5824cc29
DSH		 1927 /* Context for this operation */
1928 EVP_PKEY_CTX *ctx;
1929 /* Key operation to perform */
1930 int (*keyop) (EVP_PKEY_CTX *ctx,
1931 unsigned char *sig, size_t *siglen,
1932 const unsigned char *tbs, size_t tbslen);
1933 /* Input to MAC */
1934 unsigned char *input;
1935 size_t input_len;
1936 /* Expected output */
1937 unsigned char *output;
1938 size_t output_len;
6c5943c9 1939} PKEY_DATA;
5824cc29
DSH		 1940
1941/*
1942 * Perform public key operation setup: lookup key, allocated ctx and call
1943 * the appropriate initialisation function
1944 */
6c5943c9 1945static int pkey_test_init(EVP_TEST *t, const char *name,
5824cc29
DSH		 1946 int use_public,
1947 int (*keyopinit) (EVP_PKEY_CTX *ctx),
c49e0b04
RS		 1948 int (*keyop)(EVP_PKEY_CTX *ctx,
1949 unsigned char *sig, size_t *siglen,
1950 const unsigned char *tbs,
1951 size_t tbslen))
5824cc29 1952{
6c5943c9 1953 PKEY_DATA *kdata;
5824cc29 1954 EVP_PKEY *pkey = NULL;
7a6c9792 1955 int rv = 0;
6c5943c9 1956
7a6c9792 1957 if (use_public)
6c5943c9
RS		 1958 rv = find_key(&pkey, name, public_keys);
1959 if (rv == 0)
1960 rv = find_key(&pkey, name, private_keys);
1961 if (rv == 0 || pkey == NULL) {
5ccada09 1962 TEST_info("skipping, key '%s' is disabled", name);
7a6c9792
DSH		 1963 t->skip = 1;
1964 return 1;
1965 }
1966
c49e0b04 1967 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
7a6c9792 1968 EVP_PKEY_free(pkey);
5824cc29 1969 return 0;
7a6c9792 1970 }
5824cc29 1971 kdata->keyop = keyop;
f34878d8 1972 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) {
9e206ce5
P		 1973 EVP_PKEY_free(pkey);
1974 OPENSSL_free(kdata);
5824cc29 1975 return 0;
9e206ce5 1976 }
5824cc29 1977 if (keyopinit(kdata->ctx) <= 0)
cce65266 1978 t->err = "KEYOP_INIT_ERROR";
c49e0b04 1979 t->data = kdata;
5824cc29
DSH		 1980 return 1;
1981}
1982
6c5943c9 1983static void pkey_test_cleanup(EVP_TEST *t)
5824cc29 1984{
6c5943c9 1985 PKEY_DATA *kdata = t->data;
b548a1f1
RS		 1986
1987 OPENSSL_free(kdata->input);
1988 OPENSSL_free(kdata->output);
c5ba2d99 1989 EVP_PKEY_CTX_free(kdata->ctx);
5824cc29
DSH		 1990}
1991
6c5943c9 1992static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
dfbdf4ab 1993 const char *value)
4ddd5ace 1994{
8f586f5b 1995 int rv = 0;
4ddd5ace
DSH		 1996 char *p, *tmpval;
1997
6c5943c9 1998 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
4ddd5ace
DSH		 1999 return 0;
2000 p = strchr(tmpval, ':');
8f586f5b 2001 if (p != NULL) {
c49e0b04 2002 *p++ = '\0';
8f586f5b
P		 2003 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
2004 }
cce65266
DSH		 2005 if (rv == -2) {
2006 t->err = "PKEY_CTRL_INVALID";
2007 rv = 1;
2008 } else if (p != NULL && rv <= 0) {
5ccada09
SL		 2009 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
2010 TEST_info("skipping, '%s' is disabled", p);
dfbdf4ab
RL		 2011 t->skip = 1;
2012 rv = 1;
cce65266
DSH		 2013 } else {
2014 t->err = "PKEY_CTRL_ERROR";
2015 rv = 1;
dfbdf4ab
RL		 2016 }
2017 }
4ddd5ace
DSH		 2018 OPENSSL_free(tmpval);
2019 return rv > 0;
2020}
2021
6c5943c9 2022static int pkey_test_parse(EVP_TEST *t,
5824cc29
DSH		 2023 const char *keyword, const char *value)
2024{
6c5943c9 2025 PKEY_DATA *kdata = t->data;
86885c28 2026 if (strcmp(keyword, "Input") == 0)
c49e0b04 2027 return parse_bin(value, &kdata->input, &kdata->input_len);
86885c28 2028 if (strcmp(keyword, "Output") == 0)
c49e0b04 2029 return parse_bin(value, &kdata->output, &kdata->output_len);
4ddd5ace 2030 if (strcmp(keyword, "Ctrl") == 0)
dfbdf4ab 2031 return pkey_test_ctrl(t, kdata->ctx, value);
5824cc29
DSH		 2032 return 0;
2033}
2034
6c5943c9 2035static int pkey_test_run(EVP_TEST *t)
5824cc29 2036{
e3d378bc
AP		 2037 PKEY_DATA *expected = t->data;
2038 unsigned char *got = NULL;
2039 size_t got_len;
d7fcf1fe 2040 EVP_PKEY_CTX *copy = NULL;
6c5943c9 2041
e3d378bc
AP		 2042 if (expected->keyop(expected->ctx, NULL, &got_len,
2043 expected->input, expected->input_len) <= 0
2044 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
6c5943c9 2045 t->err = "KEYOP_LENGTH_ERROR";
5824cc29 2046 goto err;
6c5943c9 2047 }
e3d378bc
AP		 2048 if (expected->keyop(expected->ctx, got, &got_len,
2049 expected->input, expected->input_len) <= 0) {
6c5943c9 2050 t->err = "KEYOP_ERROR";
5824cc29 2051 goto err;
6c5943c9 2052 }
4cceb185
P		 2053 if (!memory_err_compare(t, "KEYOP_MISMATCH",
2054 expected->output, expected->output_len,
2055 got, got_len))
5824cc29 2056 goto err;
4cceb185 2057
6c5943c9 2058 t->err = NULL;
d7fcf1fe
DB		 2059 OPENSSL_free(got);
2060 got = NULL;
2061
2062 /* Repeat the test on a copy. */
2063 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
2064 t->err = "INTERNAL_ERROR";
2065 goto err;
2066 }
2067 if (expected->keyop(copy, NULL, &got_len, expected->input,
2068 expected->input_len) <= 0
2069 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
2070 t->err = "KEYOP_LENGTH_ERROR";
2071 goto err;
2072 }
2073 if (expected->keyop(copy, got, &got_len, expected->input,
2074 expected->input_len) <= 0) {
2075 t->err = "KEYOP_ERROR";
2076 goto err;
2077 }
2078 if (!memory_err_compare(t, "KEYOP_MISMATCH",
2079 expected->output, expected->output_len,
2080 got, got_len))
2081 goto err;
2082
5824cc29 2083 err:
e3d378bc 2084 OPENSSL_free(got);
d7fcf1fe 2085 EVP_PKEY_CTX_free(copy);
5824cc29
DSH		 2086 return 1;
2087}
2088
6c5943c9 2089static int sign_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 2090{
2091 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
2092}
2093
6c5943c9 2094static const EVP_TEST_METHOD psign_test_method = {
5824cc29
DSH		 2095 "Sign",
2096 sign_test_init,
2097 pkey_test_cleanup,
2098 pkey_test_parse,
2099 pkey_test_run
2100};
2101
6c5943c9 2102static int verify_recover_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 2103{
2104 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
2105 EVP_PKEY_verify_recover);
2106}
2107
6c5943c9 2108static const EVP_TEST_METHOD pverify_recover_test_method = {
5824cc29
DSH		 2109 "VerifyRecover",
2110 verify_recover_test_init,
2111 pkey_test_cleanup,
2112 pkey_test_parse,
2113 pkey_test_run
2114};
2115
6c5943c9 2116static int decrypt_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 2117{
2118 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
2119 EVP_PKEY_decrypt);
2120}
2121
6c5943c9 2122static const EVP_TEST_METHOD pdecrypt_test_method = {
5824cc29
DSH		 2123 "Decrypt",
2124 decrypt_test_init,
2125 pkey_test_cleanup,
2126 pkey_test_parse,
2127 pkey_test_run
2128};
2129
6c5943c9 2130static int verify_test_init(EVP_TEST *t, const char *name)
5824cc29
DSH		 2131{
2132 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
2133}
2134
6c5943c9 2135static int verify_test_run(EVP_TEST *t)
5824cc29 2136{
6c5943c9
RS		 2137 PKEY_DATA *kdata = t->data;
2138
5824cc29
DSH		 2139 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
2140 kdata->input, kdata->input_len) <= 0)
2141 t->err = "VERIFY_ERROR";
2142 return 1;
2143}
2144
6c5943c9 2145static const EVP_TEST_METHOD pverify_test_method = {
5824cc29
DSH		 2146 "Verify",
2147 verify_test_init,
2148 pkey_test_cleanup,
2149 pkey_test_parse,
2150 verify_test_run
2151};
3b53e18a 2152
6c5943c9 2153static int pderive_test_init(EVP_TEST *t, const char *name)
d4ad48d7
DSH		 2154{
2155 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
2156}
2157
6c5943c9 2158static int pderive_test_parse(EVP_TEST *t,
d4ad48d7
DSH		 2159 const char *keyword, const char *value)
2160{
6c5943c9 2161 PKEY_DATA *kdata = t->data;
46eee710 2162 int validate = 0;
d4ad48d7 2163
46eee710
SL		 2164 if (strcmp(keyword, "PeerKeyValidate") == 0)
2165 validate = 1;
2166
2167 if (validate || strcmp(keyword, "PeerKey") == 0) {
d4ad48d7 2168 EVP_PKEY *peer;
6c5943c9 2169 if (find_key(&peer, value, public_keys) == 0)
f42c225d 2170 return -1;
46eee710 2171 if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) {
0645110e
SL		 2172 t->err = "DERIVE_SET_PEER_ERROR";
2173 return 1;
2174 }
2175 t->err = NULL;
d4ad48d7
DSH		 2176 return 1;
2177 }
2178 if (strcmp(keyword, "SharedSecret") == 0)
c49e0b04 2179 return parse_bin(value, &kdata->output, &kdata->output_len);
4ddd5ace 2180 if (strcmp(keyword, "Ctrl") == 0)
dfbdf4ab 2181 return pkey_test_ctrl(t, kdata->ctx, value);
4413fe35
TM		 2182 if (strcmp(keyword, "KDFType") == 0) {
2183 OSSL_PARAM params[2];
2184
2185 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
2186 (char *)value, 0);
2187 params[1] = OSSL_PARAM_construct_end();
2188 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2189 return -1;
2190 return 1;
2191 }
2192 if (strcmp(keyword, "KDFDigest") == 0) {
2193 OSSL_PARAM params[2];
2194
2195 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
2196 (char *)value, 0);
2197 params[1] = OSSL_PARAM_construct_end();
2198 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2199 return -1;
2200 return 1;
2201 }
2202 if (strcmp(keyword, "CEKAlg") == 0) {
2203 OSSL_PARAM params[2];
2204
2205 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
2206 (char *)value, 0);
2207 params[1] = OSSL_PARAM_construct_end();
2208 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2209 return -1;
2210 return 1;
2211 }
2212 if (strcmp(keyword, "KDFOutlen") == 0) {
2213 OSSL_PARAM params[2];
2214 char *endptr;
2215 size_t outlen = (size_t)strtoul(value, &endptr, 0);
2216
2217 if (endptr[0] != '\0')
2218 return -1;
2219
2220 params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
2221 &outlen);
2222 params[1] = OSSL_PARAM_construct_end();
2223 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2224 return -1;
2225 return 1;
2226 }
d4ad48d7
DSH		 2227 return 0;
2228}
2229
6c5943c9 2230static int pderive_test_run(EVP_TEST *t)
d4ad48d7 2231{
21a0d9f3 2232 EVP_PKEY_CTX *dctx = NULL;
e3d378bc
AP		 2233 PKEY_DATA *expected = t->data;
2234 unsigned char *got = NULL;
2235 size_t got_len;
d4ad48d7 2236
21a0d9f3 2237 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
2238 t->err = "DERIVE_ERROR";
2239 goto err;
2240 }
2241
4413fe35
TM		 2242 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
2243 || !TEST_size_t_ne(got_len, 0)) {
9b82c8b1
DSH		 2244 t->err = "DERIVE_ERROR";
2245 goto err;
2246 }
e3d378bc 2247 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
6c5943c9 2248 t->err = "DERIVE_ERROR";
d4ad48d7 2249 goto err;
6c5943c9 2250 }
21a0d9f3 2251 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
6c5943c9 2252 t->err = "DERIVE_ERROR";
d4ad48d7 2253 goto err;
6c5943c9 2254 }
4cceb185
P		 2255 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
2256 expected->output, expected->output_len,
2257 got, got_len))
d4ad48d7 2258 goto err;
6c5943c9
RS		 2259
2260 t->err = NULL;
d4ad48d7 2261 err:
e3d378bc 2262 OPENSSL_free(got);
21a0d9f3 2263 EVP_PKEY_CTX_free(dctx);
d4ad48d7
DSH		 2264 return 1;
2265}
2266
6c5943c9 2267static const EVP_TEST_METHOD pderive_test_method = {
d4ad48d7
DSH		 2268 "Derive",
2269 pderive_test_init,
2270 pkey_test_cleanup,
2271 pderive_test_parse,
2272 pderive_test_run
2273};
2274
3b53e18a 2275
c49e0b04 2276/**
5ccada09
SL		 2277 ** PBE TESTS
2278 **/
c49e0b04
RS		 2279
2280typedef enum pbe_type_enum {
2281 PBE_TYPE_INVALID = 0,
2282 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
2283} PBE_TYPE;
3b53e18a 2284
6c5943c9 2285typedef struct pbe_data_st {
c49e0b04 2286 PBE_TYPE pbe_type;
6c5943c9 2287 /* scrypt parameters */
3b53e18a 2288 uint64_t N, r, p, maxmem;
6c5943c9 2289 /* PKCS#12 parameters */
351fe214
DSH		 2290 int id, iter;
2291 const EVP_MD *md;
6c5943c9 2292 /* password */
3b53e18a
DSH		 2293 unsigned char *pass;
2294 size_t pass_len;
6c5943c9 2295 /* salt */
3b53e18a
DSH		 2296 unsigned char *salt;
2297 size_t salt_len;
6c5943c9 2298 /* Expected output */
3b53e18a
DSH		 2299 unsigned char *key;
2300 size_t key_len;
6c5943c9 2301} PBE_DATA;
3b53e18a 2302
b0809bc8 2303#ifndef OPENSSL_NO_SCRYPT
5ccada09 2304/* Parse unsigned decimal 64 bit integer value */
c49e0b04
RS		 2305static int parse_uint64(const char *value, uint64_t *pr)
2306{
2307 const char *p = value;
2308
2309 if (!TEST_true(*p)) {
2310 TEST_info("Invalid empty integer value");
2311 return -1;
2312 }
2313 for (*pr = 0; *p; ) {
2314 if (*pr > UINT64_MAX / 10) {
2315 TEST_error("Integer overflow in string %s", value);
2316 return -1;
2317 }
2318 *pr *= 10;
00dfbaad 2319 if (!TEST_true(isdigit((unsigned char)*p))) {
c49e0b04
RS		 2320 TEST_error("Invalid character in string %s", value);
2321 return -1;
2322 }
2323 *pr += *p - '0';
2324 p++;
2325 }
2326 return 1;
2327}
2328
6c5943c9 2329static int scrypt_test_parse(EVP_TEST *t,
3b53e18a
DSH		 2330 const char *keyword, const char *value)
2331{
6c5943c9 2332 PBE_DATA *pdata = t->data;
351fe214 2333
3b53e18a 2334 if (strcmp(keyword, "N") == 0)
c49e0b04 2335 return parse_uint64(value, &pdata->N);
3b53e18a 2336 if (strcmp(keyword, "p") == 0)
c49e0b04 2337 return parse_uint64(value, &pdata->p);
3b53e18a 2338 if (strcmp(keyword, "r") == 0)
c49e0b04 2339 return parse_uint64(value, &pdata->r);
3b53e18a 2340 if (strcmp(keyword, "maxmem") == 0)
c49e0b04 2341 return parse_uint64(value, &pdata->maxmem);
3b53e18a
DSH		 2342 return 0;
2343}
b0809bc8 2344#endif
3b53e18a 2345
6c5943c9 2346static int pbkdf2_test_parse(EVP_TEST *t,
351fe214 2347 const char *keyword, const char *value)
3b53e18a 2348{
6c5943c9 2349 PBE_DATA *pdata = t->data;
351fe214
DSH		 2350
2351 if (strcmp(keyword, "iter") == 0) {
2352 pdata->iter = atoi(value);
2353 if (pdata->iter <= 0)
c49e0b04 2354 return -1;
351fe214
DSH		 2355 return 1;
2356 }
2357 if (strcmp(keyword, "MD") == 0) {
2358 pdata->md = EVP_get_digestbyname(value);
2359 if (pdata->md == NULL)
c49e0b04 2360 return -1;
351fe214
DSH		 2361 return 1;
2362 }
2363 return 0;
2364}
2365
6c5943c9 2366static int pkcs12_test_parse(EVP_TEST *t,
351fe214
DSH		 2367 const char *keyword, const char *value)
2368{
6c5943c9 2369 PBE_DATA *pdata = t->data;
351fe214
DSH		 2370
2371 if (strcmp(keyword, "id") == 0) {
2372 pdata->id = atoi(value);
2373 if (pdata->id <= 0)
c49e0b04 2374 return -1;
351fe214
DSH		 2375 return 1;
2376 }
2377 return pbkdf2_test_parse(t, keyword, value);
3b53e18a
DSH		 2378}
2379
6c5943c9 2380static int pbe_test_init(EVP_TEST *t, const char *alg)
3b53e18a 2381{
6c5943c9 2382 PBE_DATA *pdat;
c49e0b04 2383 PBE_TYPE pbe_type = PBE_TYPE_INVALID;
351fe214 2384
5ccada09
SL		 2385 if (is_kdf_disabled(alg)) {
2386 TEST_info("skipping, '%s' is disabled", alg);
83bd31da
MC		 2387 t->skip = 1;
2388 return 1;
5ccada09
SL		 2389 }
2390 if (strcmp(alg, "scrypt") == 0) {
2391 pbe_type = PBE_TYPE_SCRYPT;
83bd31da 2392 } else if (strcmp(alg, "pbkdf2") == 0) {
351fe214 2393 pbe_type = PBE_TYPE_PBKDF2;
83bd31da 2394 } else if (strcmp(alg, "pkcs12") == 0) {
351fe214 2395 pbe_type = PBE_TYPE_PKCS12;
83bd31da 2396 } else {
6c5943c9 2397 TEST_error("Unknown pbe algorithm %s", alg);
1f25fd16 2398 return 0;
83bd31da 2399 }
1f25fd16
P		 2400 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
2401 return 0;
3b53e18a 2402 pdat->pbe_type = pbe_type;
3b53e18a
DSH		 2403 t->data = pdat;
2404 return 1;
2405}
2406
6c5943c9 2407static void pbe_test_cleanup(EVP_TEST *t)
3b53e18a 2408{
6c5943c9
RS		 2409 PBE_DATA *pdat = t->data;
2410
2411 OPENSSL_free(pdat->pass);
2412 OPENSSL_free(pdat->salt);
2413 OPENSSL_free(pdat->key);
3b53e18a
DSH		 2414}
2415
6c5943c9
RS		 2416static int pbe_test_parse(EVP_TEST *t,
2417 const char *keyword, const char *value)
3b53e18a 2418{
6c5943c9 2419 PBE_DATA *pdata = t->data;
351fe214 2420
3b53e18a 2421 if (strcmp(keyword, "Password") == 0)
c49e0b04 2422 return parse_bin(value, &pdata->pass, &pdata->pass_len);
3b53e18a 2423 if (strcmp(keyword, "Salt") == 0)
c49e0b04 2424 return parse_bin(value, &pdata->salt, &pdata->salt_len);
3b53e18a 2425 if (strcmp(keyword, "Key") == 0)
c49e0b04 2426 return parse_bin(value, &pdata->key, &pdata->key_len);
b0809bc8 2427 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
351fe214
DSH		 2428 return pbkdf2_test_parse(t, keyword, value);
2429 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
2430 return pkcs12_test_parse(t, keyword, value);
b0809bc8
RS		 2431#ifndef OPENSSL_NO_SCRYPT
2432 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
2433 return scrypt_test_parse(t, keyword, value);
2434#endif
3b53e18a
DSH		 2435 return 0;
2436}
2437
6c5943c9 2438static int pbe_test_run(EVP_TEST *t)
3b53e18a 2439{
e3d378bc 2440 PBE_DATA *expected = t->data;
351fe214 2441 unsigned char *key;
5ccada09 2442 EVP_MD *fetched_digest = NULL;
b4250010 2443 OSSL_LIB_CTX *save_libctx;
5ccada09 2444
b4250010 2445 save_libctx = OSSL_LIB_CTX_set0_default(libctx);
351fe214 2446
e3d378bc 2447 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
6c5943c9 2448 t->err = "INTERNAL_ERROR";
351fe214 2449 goto err;
6c5943c9 2450 }
e3d378bc
AP		 2451 if (expected->pbe_type == PBE_TYPE_PBKDF2) {
2452 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
2453 expected->salt, expected->salt_len,
2454 expected->iter, expected->md,
2455 expected->key_len, key) == 0) {
6c5943c9 2456 t->err = "PBKDF2_ERROR";
351fe214 2457 goto err;
6c5943c9 2458 }
b0809bc8 2459#ifndef OPENSSL_NO_SCRYPT
e3d378bc
AP		 2460 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
2461 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
5ccada09
SL		 2462 expected->salt, expected->salt_len,
2463 expected->N, expected->r, expected->p,
2464 expected->maxmem, key, expected->key_len) == 0) {
6c5943c9 2465 t->err = "SCRYPT_ERROR";
351fe214 2466 goto err;
6c5943c9 2467 }
b0809bc8 2468#endif
e3d378bc 2469 } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
ed576acd 2470 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
f34878d8 2471 propquery);
5ccada09
SL		 2472 if (fetched_digest == NULL) {
2473 t->err = "PKCS12_ERROR";
2474 goto err;
2475 }
e3d378bc
AP		 2476 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
2477 expected->salt, expected->salt_len,
2478 expected->id, expected->iter, expected->key_len,
5ccada09 2479 key, fetched_digest) == 0) {
6c5943c9 2480 t->err = "PKCS12_ERROR";
351fe214 2481 goto err;
6c5943c9 2482 }
351fe214 2483 }
4cceb185
P		 2484 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
2485 key, expected->key_len))
351fe214 2486 goto err;
4cceb185 2487
6c5943c9
RS		 2488 t->err = NULL;
2489err:
5ccada09 2490 EVP_MD_free(fetched_digest);
351fe214 2491 OPENSSL_free(key);
b4250010 2492 OSSL_LIB_CTX_set0_default(save_libctx);
351fe214 2493 return 1;
3b53e18a
DSH		 2494}
2495
6c5943c9 2496static const EVP_TEST_METHOD pbe_test_method = {
3b53e18a
DSH		 2497 "PBE",
2498 pbe_test_init,
2499 pbe_test_cleanup,
2500 pbe_test_parse,
2501 pbe_test_run
2502};
3cdd1e94 2503
c49e0b04
RS		 2504
2505/**
5ccada09
SL		 2506 ** BASE64 TESTS
2507 **/
3cdd1e94
EK		 2508
2509typedef enum {
2510 BASE64_CANONICAL_ENCODING = 0,
2511 BASE64_VALID_ENCODING = 1,
2512 BASE64_INVALID_ENCODING = 2
2513} base64_encoding_type;
2514
6c5943c9 2515typedef struct encode_data_st {
3cdd1e94
EK		 2516 /* Input to encoding */
2517 unsigned char *input;
2518 size_t input_len;
2519 /* Expected output */
2520 unsigned char *output;
2521 size_t output_len;
2522 base64_encoding_type encoding;
6c5943c9 2523} ENCODE_DATA;
3cdd1e94 2524
6c5943c9 2525static int encode_test_init(EVP_TEST *t, const char *encoding)
3cdd1e94 2526{
c49e0b04 2527 ENCODE_DATA *edata;
3cdd1e94 2528
c49e0b04
RS		 2529 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
2530 return 0;
3cdd1e94
EK		 2531 if (strcmp(encoding, "canonical") == 0) {
2532 edata->encoding = BASE64_CANONICAL_ENCODING;
2533 } else if (strcmp(encoding, "valid") == 0) {
2534 edata->encoding = BASE64_VALID_ENCODING;
2535 } else if (strcmp(encoding, "invalid") == 0) {
2536 edata->encoding = BASE64_INVALID_ENCODING;
c49e0b04 2537 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
760e2d60 2538 goto err;
3cdd1e94 2539 } else {
c49e0b04
RS		 2540 TEST_error("Bad encoding: %s."
2541 " Should be one of {canonical, valid, invalid}",
2542 encoding);
760e2d60 2543 goto err;
3cdd1e94
EK		 2544 }
2545 t->data = edata;
2546 return 1;
760e2d60
F		 2547err:
2548 OPENSSL_free(edata);
2549 return 0;
3cdd1e94
EK		 2550}
2551
6c5943c9 2552static void encode_test_cleanup(EVP_TEST *t)
3cdd1e94 2553{
6c5943c9
RS		 2554 ENCODE_DATA *edata = t->data;
2555
2556 OPENSSL_free(edata->input);
2557 OPENSSL_free(edata->output);
3cdd1e94
EK		 2558 memset(edata, 0, sizeof(*edata));
2559}
2560
6c5943c9 2561static int encode_test_parse(EVP_TEST *t,
3cdd1e94
EK		 2562 const char *keyword, const char *value)
2563{
6c5943c9 2564 ENCODE_DATA *edata = t->data;
c49e0b04 2565
3cdd1e94 2566 if (strcmp(keyword, "Input") == 0)
c49e0b04 2567 return parse_bin(value, &edata->input, &edata->input_len);
3cdd1e94 2568 if (strcmp(keyword, "Output") == 0)
c49e0b04 2569 return parse_bin(value, &edata->output, &edata->output_len);
3cdd1e94
EK		 2570 return 0;
2571}
2572
6c5943c9 2573static int encode_test_run(EVP_TEST *t)
3cdd1e94 2574{
e3d378bc 2575 ENCODE_DATA *expected = t->data;
3cdd1e94
EK		 2576 unsigned char *encode_out = NULL, *decode_out = NULL;
2577 int output_len, chunk_len;
760e2d60 2578 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
5f4983f9 2579 size_t input_len, donelen;
254b26af 2580
6c5943c9
RS		 2581 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
2582 t->err = "INTERNAL_ERROR";
254b26af 2583 goto err;
6c5943c9 2584 }
3cdd1e94 2585
e3d378bc 2586 if (expected->encoding == BASE64_CANONICAL_ENCODING) {
6c5943c9
RS		 2587
2588 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
2589 || !TEST_ptr(encode_out =
e3d378bc 2590 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
3cdd1e94
EK		 2591 goto err;
2592
254b26af 2593 EVP_EncodeInit(encode_ctx);
760e2d60 2594
5f4983f9
VH		 2595 input_len = expected->input_len;
2596 donelen = 0;
2597 output_len = 0;
2598 do {
2599 size_t current_len = (size_t) data_chunk_size;
2600
2601 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
2602 current_len = input_len;
2603 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
2604 expected->input + donelen,
2605 current_len)))
2606 goto err;
2607 donelen += current_len;
2608 input_len -= current_len;
2609 output_len += chunk_len;
2610 } while (input_len > 0);
3cdd1e94 2611
5f4983f9 2612 EVP_EncodeFinal(encode_ctx, encode_out + output_len, &chunk_len);
3cdd1e94
EK		 2613 output_len += chunk_len;
2614
4cceb185
P		 2615 if (!memory_err_compare(t, "BAD_ENCODING",
2616 expected->output, expected->output_len,
2617 encode_out, output_len))
3cdd1e94 2618 goto err;
3cdd1e94
EK		 2619 }
2620
6c5943c9 2621 if (!TEST_ptr(decode_out =
e3d378bc 2622 OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
3cdd1e94
EK		 2623 goto err;
2624
5f4983f9 2625 output_len = 0;
254b26af 2626 EVP_DecodeInit(decode_ctx);
3cdd1e94 2627
5f4983f9
VH		 2628 input_len = expected->output_len;
2629 donelen = 0;
2630 do {
2631 size_t current_len = (size_t) data_chunk_size;
2632
2633 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
2634 current_len = input_len;
2635 if (EVP_DecodeUpdate(decode_ctx, decode_out + output_len, &chunk_len,
2636 expected->output + donelen, current_len) < 0) {
2637 t->err = "DECODE_ERROR";
2638 goto err;
2639 }
2640 donelen += current_len;
2641 input_len -= current_len;
2642 output_len += chunk_len;
2643 } while (input_len > 0);
2644
2645 if (EVP_DecodeFinal(decode_ctx, decode_out + output_len, &chunk_len) != 1) {
6c5943c9 2646 t->err = "DECODE_ERROR";
3cdd1e94
EK		 2647 goto err;
2648 }
2649 output_len += chunk_len;
2650
e3d378bc 2651 if (expected->encoding != BASE64_INVALID_ENCODING
4cceb185
P		 2652 && !memory_err_compare(t, "BAD_DECODING",
2653 expected->input, expected->input_len,
2654 decode_out, output_len)) {
6c5943c9 2655 t->err = "BAD_DECODING";
3cdd1e94
EK		 2656 goto err;
2657 }
2658
6c5943c9 2659 t->err = NULL;
3cdd1e94 2660 err:
3cdd1e94
EK		 2661 OPENSSL_free(encode_out);
2662 OPENSSL_free(decode_out);
254b26af 2663 EVP_ENCODE_CTX_free(decode_ctx);
760e2d60 2664 EVP_ENCODE_CTX_free(encode_ctx);
3cdd1e94
EK		 2665 return 1;
2666}
2667
6c5943c9 2668static const EVP_TEST_METHOD encode_test_method = {
3cdd1e94
EK		 2669 "Encoding",
2670 encode_test_init,
2671 encode_test_cleanup,
2672 encode_test_parse,
2673 encode_test_run,
2674};
44a284d2 2675
5a285add 2676
c9ed9307 2677/**
5ccada09
SL		 2678 ** RAND TESTS
2679 **/
c9ed9307
P		 2680#define MAX_RAND_REPEATS 15
2681
2682typedef struct rand_data_pass_st {
2683 unsigned char *entropy;
2684 unsigned char *reseed_entropy;
2685 unsigned char *nonce;
2686 unsigned char *pers;
2687 unsigned char *reseed_addin;
2688 unsigned char *addinA;
2689 unsigned char *addinB;
2690 unsigned char *pr_entropyA;
2691 unsigned char *pr_entropyB;
2692 unsigned char *output;
2693 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
2694 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
2695 reseed_addin_len;
2696} RAND_DATA_PASS;
2697
2698typedef struct rand_data_st {
2699 /* Context for this operation */
2700 EVP_RAND_CTX *ctx;
2701 EVP_RAND_CTX *parent;
2702 int n;
2703 int prediction_resistance;
2704 int use_df;
2705 unsigned int generate_bits;
2706 char *cipher;
2707 char *digest;
2708
2709 /* Expected output */
2710 RAND_DATA_PASS data[MAX_RAND_REPEATS];
2711} RAND_DATA;
2712
2713static int rand_test_init(EVP_TEST *t, const char *name)
2714{
2715 RAND_DATA *rdata;
2716 EVP_RAND *rand;
2717 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2718 unsigned int strength = 256;
2719
2720 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
2721 return 0;
2722
bfa6aaab
MC		 2723 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
2724 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
c9ed9307
P		 2725 if (rand == NULL)
2726 goto err;
2727 rdata->parent = EVP_RAND_CTX_new(rand, NULL);
2728 EVP_RAND_free(rand);
2729 if (rdata->parent == NULL)
2730 goto err;
2731
2732 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
e494fac7 2733 if (!EVP_RAND_CTX_set_params(rdata->parent, params))
c9ed9307
P		 2734 goto err;
2735
f34878d8 2736 rand = EVP_RAND_fetch(libctx, name, propquery);
c9ed9307
P		 2737 if (rand == NULL)
2738 goto err;
2739 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
2740 EVP_RAND_free(rand);
2741 if (rdata->ctx == NULL)
2742 goto err;
2743
2744 rdata->n = -1;
2745 t->data = rdata;
2746 return 1;
2747 err:
2748 EVP_RAND_CTX_free(rdata->parent);
2749 OPENSSL_free(rdata);
2750 return 0;
2751}
2752
2753static void rand_test_cleanup(EVP_TEST *t)
2754{
2755 RAND_DATA *rdata = t->data;
2756 int i;
2757
2758 OPENSSL_free(rdata->cipher);
2759 OPENSSL_free(rdata->digest);
2760
2761 for (i = 0; i <= rdata->n; i++) {
2762 OPENSSL_free(rdata->data[i].entropy);
2763 OPENSSL_free(rdata->data[i].reseed_entropy);
2764 OPENSSL_free(rdata->data[i].nonce);
2765 OPENSSL_free(rdata->data[i].pers);
2766 OPENSSL_free(rdata->data[i].reseed_addin);
2767 OPENSSL_free(rdata->data[i].addinA);
2768 OPENSSL_free(rdata->data[i].addinB);
2769 OPENSSL_free(rdata->data[i].pr_entropyA);
2770 OPENSSL_free(rdata->data[i].pr_entropyB);
2771 OPENSSL_free(rdata->data[i].output);
2772 }
2773 EVP_RAND_CTX_free(rdata->ctx);
2774 EVP_RAND_CTX_free(rdata->parent);
2775}
2776
2777static int rand_test_parse(EVP_TEST *t,
2778 const char *keyword, const char *value)
2779{
2780 RAND_DATA *rdata = t->data;
2781 RAND_DATA_PASS *item;
2782 const char *p;
2783 int n;
2784
2785 if ((p = strchr(keyword, '.')) != NULL) {
2786 n = atoi(++p);
2787 if (n >= MAX_RAND_REPEATS)
2788 return 0;
2789 if (n > rdata->n)
2790 rdata->n = n;
2791 item = rdata->data + n;
2ff286c2 2792 if (HAS_PREFIX(keyword, "Entropy."))
c9ed9307 2793 return parse_bin(value, &item->entropy, &item->entropy_len);
2ff286c2 2794 if (HAS_PREFIX(keyword, "ReseedEntropy."))
c9ed9307
P		 2795 return parse_bin(value, &item->reseed_entropy,
2796 &item->reseed_entropy_len);
2ff286c2 2797 if (HAS_PREFIX(keyword, "Nonce."))
c9ed9307 2798 return parse_bin(value, &item->nonce, &item->nonce_len);
2ff286c2 2799 if (HAS_PREFIX(keyword, "PersonalisationString."))
c9ed9307 2800 return parse_bin(value, &item->pers, &item->pers_len);
2ff286c2 2801 if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
c9ed9307
P		 2802 return parse_bin(value, &item->reseed_addin,
2803 &item->reseed_addin_len);
2ff286c2 2804 if (HAS_PREFIX(keyword, "AdditionalInputA."))
c9ed9307 2805 return parse_bin(value, &item->addinA, &item->addinA_len);
2ff286c2 2806 if (HAS_PREFIX(keyword, "AdditionalInputB."))
c9ed9307 2807 return parse_bin(value, &item->addinB, &item->addinB_len);
2ff286c2 2808 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
c9ed9307 2809 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
2ff286c2 2810 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
c9ed9307 2811 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
2ff286c2 2812 if (HAS_PREFIX(keyword, "Output."))
c9ed9307
P		 2813 return parse_bin(value, &item->output, &item->output_len);
2814 } else {
2815 if (strcmp(keyword, "Cipher") == 0)
2816 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
2817 if (strcmp(keyword, "Digest") == 0)
2818 return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
2819 if (strcmp(keyword, "DerivationFunction") == 0) {
2820 rdata->use_df = atoi(value) != 0;
2821 return 1;
2822 }
2823 if (strcmp(keyword, "GenerateBits") == 0) {
2824 if ((n = atoi(value)) <= 0 || n % 8 != 0)
2825 return 0;
2826 rdata->generate_bits = (unsigned int)n;
2827 return 1;
2828 }
2829 if (strcmp(keyword, "PredictionResistance") == 0) {
2830 rdata->prediction_resistance = atoi(value) != 0;
2831 return 1;
2832 }
2833 }
2834 return 0;
2835}
2836
2837static int rand_test_run(EVP_TEST *t)
2838{
2839 RAND_DATA *expected = t->data;
2840 RAND_DATA_PASS *item;
2841 unsigned char *got;
2842 size_t got_len = expected->generate_bits / 8;
2843 OSSL_PARAM params[5], *p = params;
2844 int i = -1, ret = 0;
2845 unsigned int strength;
2846 unsigned char *z;
2847
2848 if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
2849 return 0;
2850
2851 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
2852 if (expected->cipher != NULL)
2853 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
2854 expected->cipher, 0);
2855 if (expected->digest != NULL)
2856 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
2857 expected->digest, 0);
2858 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
2859 *p = OSSL_PARAM_construct_end();
e494fac7 2860 if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
c9ed9307
P		 2861 goto err;
2862
ed576acd 2863 strength = EVP_RAND_get_strength(expected->ctx);
c9ed9307
P		 2864 for (i = 0; i <= expected->n; i++) {
2865 item = expected->data + i;
2866
2867 p = params;
2868 z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
2869 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2870 z, item->entropy_len);
2871 z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
2872 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
2873 z, item->nonce_len);
2874 *p = OSSL_PARAM_construct_end();
7198bd1a
P		 2875 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
2876 0, NULL, 0, params)))
c9ed9307
P		 2877 goto err;
2878
2879 z = item->pers != NULL ? item->pers : (unsigned char *)"";
2880 if (!TEST_true(EVP_RAND_instantiate
2881 (expected->ctx, strength,
2882 expected->prediction_resistance, z,
7198bd1a 2883 item->pers_len, NULL)))
c9ed9307
P		 2884 goto err;
2885
2886 if (item->reseed_entropy != NULL) {
2887 params[0] = OSSL_PARAM_construct_octet_string
2888 (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
2889 item->reseed_entropy_len);
2890 params[1] = OSSL_PARAM_construct_end();
e494fac7 2891 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
c9ed9307
P		 2892 goto err;
2893
2894 if (!TEST_true(EVP_RAND_reseed
2895 (expected->ctx, expected->prediction_resistance,
2896 NULL, 0, item->reseed_addin,
2897 item->reseed_addin_len)))
2898 goto err;
2899 }
2900 if (item->pr_entropyA != NULL) {
2901 params[0] = OSSL_PARAM_construct_octet_string
2902 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
2903 item->pr_entropyA_len);
2904 params[1] = OSSL_PARAM_construct_end();
e494fac7 2905 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
c9ed9307
P		 2906 goto err;
2907 }
2908 if (!TEST_true(EVP_RAND_generate
2909 (expected->ctx, got, got_len,
2910 strength, expected->prediction_resistance,
2911 item->addinA, item->addinA_len)))
2912 goto err;
2913
2914 if (item->pr_entropyB != NULL) {
2915 params[0] = OSSL_PARAM_construct_octet_string
2916 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
2917 item->pr_entropyB_len);
2918 params[1] = OSSL_PARAM_construct_end();
e494fac7 2919 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
10481d33 2920 goto err;
c9ed9307
P		 2921 }
2922 if (!TEST_true(EVP_RAND_generate
2923 (expected->ctx, got, got_len,
2924 strength, expected->prediction_resistance,
2925 item->addinB, item->addinB_len)))
2926 goto err;
2927 if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
2928 goto err;
2929 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
2930 || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
2931 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
ed576acd 2932 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
c9ed9307
P		 2933 EVP_RAND_STATE_UNINITIALISED))
2934 goto err;
2935 }
2936 t->err = NULL;
2937 ret = 1;
2938
2939 err:
2940 if (ret == 0 && i >= 0)
2941 TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
2942 OPENSSL_free(got);
2943 return ret;
2944}
2945
2946static const EVP_TEST_METHOD rand_test_method = {
2947 "RAND",
2948 rand_test_init,
2949 rand_test_cleanup,
2950 rand_test_parse,
2951 rand_test_run
2952};
2953
2954
c49e0b04 2955/**
5ccada09
SL		 2956 ** KDF TESTS
2957 **/
6c5943c9 2958typedef struct kdf_data_st {
44a284d2 2959 /* Context for this operation */
5a285add 2960 EVP_KDF_CTX *ctx;
44a284d2
DSH		 2961 /* Expected output */
2962 unsigned char *output;
2963 size_t output_len;
bf5739a0
P		 2964 OSSL_PARAM params[20];
2965 OSSL_PARAM *p;
6c5943c9 2966} KDF_DATA;
44a284d2
DSH		 2967
2968/*
2969 * Perform public key operation setup: lookup key, allocated ctx and call
2970 * the appropriate initialisation function
2971 */
6c5943c9 2972static int kdf_test_init(EVP_TEST *t, const char *name)
44a284d2 2973{
6c5943c9 2974 KDF_DATA *kdata;
bf5739a0 2975 EVP_KDF *kdf;
b15d5ab6 2976
5ccada09
SL		 2977 if (is_kdf_disabled(name)) {
2978 TEST_info("skipping, '%s' is disabled", name);
1aec7716
SL		 2979 t->skip = 1;
2980 return 1;
2981 }
ab78f89b 2982
bf5739a0 2983 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
d2ba8123 2984 return 0;
bf5739a0
P		 2985 kdata->p = kdata->params;
2986 *kdata->p = OSSL_PARAM_construct_end();
44a284d2 2987
f34878d8 2988 kdf = EVP_KDF_fetch(libctx, name, propquery);
92475712
P		 2989 if (kdf == NULL) {
2990 OPENSSL_free(kdata);
44a284d2 2991 return 0;
92475712 2992 }
660c5344 2993 kdata->ctx = EVP_KDF_CTX_new(kdf);
bf5739a0 2994 EVP_KDF_free(kdf);
9e206ce5
P		 2995 if (kdata->ctx == NULL) {
2996 OPENSSL_free(kdata);
44a284d2 2997 return 0;
9e206ce5 2998 }
c49e0b04 2999 t->data = kdata;
44a284d2
DSH		 3000 return 1;
3001}
3002
6c5943c9 3003static void kdf_test_cleanup(EVP_TEST *t)
44a284d2 3004{
6c5943c9 3005 KDF_DATA *kdata = t->data;
bf5739a0
P		 3006 OSSL_PARAM *p;
3007
3008 for (p = kdata->params; p->key != NULL; p++)
3009 OPENSSL_free(p->data);
44a284d2 3010 OPENSSL_free(kdata->output);
660c5344 3011 EVP_KDF_CTX_free(kdata->ctx);
5a285add
DM		 3012}
3013
3014static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
3015 const char *value)
3016{
bf5739a0 3017 KDF_DATA *kdata = t->data;
5a285add 3018 int rv;
bf5739a0 3019 char *p, *name;
660c5344 3020 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
5a285add 3021
bf5739a0 3022 if (!TEST_ptr(name = OPENSSL_strdup(value)))
5a285add 3023 return 0;
bf5739a0 3024 p = strchr(name, ':');
6ca1d3ee
NH		 3025 if (p == NULL)
3026 p = "";
3027 else
5a285add 3028 *p++ = '\0';
bf5739a0 3029
bbbd1210
TM		 3030 if (strcmp(name, "r") == 0
3031 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3032 TEST_info("skipping, setting 'r' is unsupported");
3033 t->skip = 1;
3034 goto end;
3035 }
3036
6dfa998f
ČK		 3037 if (strcmp(name, "lanes") == 0
3038 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3039 TEST_info("skipping, setting 'lanes' is unsupported");
3040 t->skip = 1;
3041 goto end;
3042 }
3043
3044 if (strcmp(name, "iter") == 0
3045 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3046 TEST_info("skipping, setting 'iter' is unsupported");
3047 t->skip = 1;
3048 goto end;
3049 }
3050
3051 if (strcmp(name, "memcost") == 0
3052 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3053 TEST_info("skipping, setting 'memcost' is unsupported");
3054 t->skip = 1;
3055 goto end;
3056 }
3057
3058 if (strcmp(name, "secret") == 0
3059 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3060 TEST_info("skipping, setting 'secret' is unsupported");
3061 t->skip = 1;
3062 goto end;
3063 }
3064
3065 if (strcmp(name, "pass") == 0
3066 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3067 TEST_info("skipping, setting 'pass' is unsupported");
3068 t->skip = 1;
3069 goto end;
3070 }
3071
3072 if (strcmp(name, "ad") == 0
3073 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3074 TEST_info("skipping, setting 'ad' is unsupported");
3075 t->skip = 1;
3076 goto end;
3077 }
3078
64da55a6 3079 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
6ca1d3ee 3080 strlen(p), NULL);
bf5739a0
P		 3081 *++kdata->p = OSSL_PARAM_construct_end();
3082 if (!rv) {
3083 t->err = "KDF_PARAM_ERROR";
3084 OPENSSL_free(name);
3085 return 0;
3086 }
6ca1d3ee 3087 if (strcmp(name, "digest") == 0) {
5ccada09
SL		 3088 if (is_digest_disabled(p)) {
3089 TEST_info("skipping, '%s' is disabled", p);
5a285add 3090 t->skip = 1;
5ccada09 3091 }
bbbd1210 3092 goto end;
5a285add 3093 }
6ca1d3ee
NH		 3094
3095 if ((strcmp(name, "cipher") == 0
3096 || strcmp(name, "cekalg") == 0)
89cccbea
SL		 3097 && is_cipher_disabled(p)) {
3098 TEST_info("skipping, '%s' is disabled", p);
3099 t->skip = 1;
bbbd1210 3100 goto end;
33f54da3 3101 }
6ca1d3ee 3102 if ((strcmp(name, "mac") == 0)
0e9a265e
PU		 3103 && is_mac_disabled(p)) {
3104 TEST_info("skipping, '%s' is disabled", p);
3105 t->skip = 1;
3106 }
bbbd1210 3107 end:
bf5739a0
P		 3108 OPENSSL_free(name);
3109 return 1;
44a284d2
DSH		 3110}
3111
6c5943c9 3112static int kdf_test_parse(EVP_TEST *t,
44a284d2
DSH		 3113 const char *keyword, const char *value)
3114{
6c5943c9
RS		 3115 KDF_DATA *kdata = t->data;
3116
44a284d2 3117 if (strcmp(keyword, "Output") == 0)
c49e0b04 3118 return parse_bin(value, &kdata->output, &kdata->output_len);
2ff286c2 3119 if (HAS_PREFIX(keyword, "Ctrl"))
5a285add 3120 return kdf_test_ctrl(t, kdata->ctx, value);
44a284d2
DSH		 3121 return 0;
3122}
3123
6c5943c9 3124static int kdf_test_run(EVP_TEST *t)
44a284d2 3125{
e3d378bc
AP		 3126 KDF_DATA *expected = t->data;
3127 unsigned char *got = NULL;
3128 size_t got_len = expected->output_len;
c8adf19d 3129 EVP_KDF_CTX *ctx;
6c5943c9 3130
660c5344 3131 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
bf5739a0
P		 3132 t->err = "KDF_CTRL_ERROR";
3133 return 1;
3134 }
cce935b2 3135 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
6c5943c9 3136 t->err = "INTERNAL_ERROR";
44a284d2 3137 goto err;
6c5943c9 3138 }
e1289d90 3139 /* FIPS(3.0.0): can't dup KDF contexts #17572 */
54a7bbed
P		 3140 if (fips_provider_version_gt(libctx, 3, 0, 0)
3141 && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) {
c8adf19d
P		 3142 EVP_KDF_CTX_free(expected->ctx);
3143 expected->ctx = ctx;
3144 }
05cdec39 3145 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
6c5943c9 3146 t->err = "KDF_DERIVE_ERROR";
44a284d2 3147 goto err;
6c5943c9 3148 }
4cceb185
P		 3149 if (!memory_err_compare(t, "KDF_MISMATCH",
3150 expected->output, expected->output_len,
3151 got, got_len))
44a284d2 3152 goto err;
4cceb185 3153
6c5943c9
RS		 3154 t->err = NULL;
3155
44a284d2 3156 err:
e3d378bc 3157 OPENSSL_free(got);
44a284d2
DSH		 3158 return 1;
3159}
3160
6c5943c9 3161static const EVP_TEST_METHOD kdf_test_method = {
44a284d2
DSH		 3162 "KDF",
3163 kdf_test_init,
3164 kdf_test_cleanup,
3165 kdf_test_parse,
3166 kdf_test_run
3167};
d91b7423 3168
5a285add 3169/**
5ccada09
SL		 3170 ** PKEY KDF TESTS
3171 **/
5a285add
DM		 3172
3173typedef struct pkey_kdf_data_st {
3174 /* Context for this operation */
3175 EVP_PKEY_CTX *ctx;
3176 /* Expected output */
3177 unsigned char *output;
3178 size_t output_len;
3179} PKEY_KDF_DATA;
3180
3181/*
3182 * Perform public key operation setup: lookup key, allocated ctx and call
3183 * the appropriate initialisation function
3184 */
3185static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
3186{
5ccada09 3187 PKEY_KDF_DATA *kdata = NULL;
5a285add 3188
5ccada09
SL		 3189 if (is_kdf_disabled(name)) {
3190 TEST_info("skipping, '%s' is disabled", name);
5a285add
DM		 3191 t->skip = 1;
3192 return 1;
3193 }
5a285add 3194
5a285add
DM		 3195 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
3196 return 0;
711ae5d3 3197
f34878d8 3198 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery);
5ccada09
SL		 3199 if (kdata->ctx == NULL
3200 || EVP_PKEY_derive_init(kdata->ctx) <= 0)
3201 goto err;
3202
5a285add
DM		 3203 t->data = kdata;
3204 return 1;
5ccada09 3205err:
5ccada09
SL		 3206 EVP_PKEY_CTX_free(kdata->ctx);
3207 OPENSSL_free(kdata);
3208 return 0;
5a285add
DM		 3209}
3210
3211static void pkey_kdf_test_cleanup(EVP_TEST *t)
3212{
3213 PKEY_KDF_DATA *kdata = t->data;
bf5739a0 3214
5a285add
DM		 3215 OPENSSL_free(kdata->output);
3216 EVP_PKEY_CTX_free(kdata->ctx);
3217}
3218
3219static int pkey_kdf_test_parse(EVP_TEST *t,
3220 const char *keyword, const char *value)
3221{
3222 PKEY_KDF_DATA *kdata = t->data;
3223
3224 if (strcmp(keyword, "Output") == 0)
3225 return parse_bin(value, &kdata->output, &kdata->output_len);
2ff286c2 3226 if (HAS_PREFIX(keyword, "Ctrl"))
5a285add
DM		 3227 return pkey_test_ctrl(t, kdata->ctx, value);
3228 return 0;
3229}
3230
3231static int pkey_kdf_test_run(EVP_TEST *t)
3232{
3233 PKEY_KDF_DATA *expected = t->data;
3234 unsigned char *got = NULL;
f68283c1
RL		 3235 size_t got_len = 0;
3236
54a7bbed 3237 if (fips_provider_version_eq(libctx, 3, 0, 0)) {
e1289d90 3238 /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */
f68283c1 3239 got_len = expected->output_len;
54a7bbed
P		 3240 } else {
3241 /* Find out the KDF output size */
3242 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
3243 t->err = "INTERNAL_ERROR";
3244 goto err;
3245 }
3246
3247 /*
3248 * We may get an absurd output size, which signals that anything goes.
3249 * If not, we specify a too big buffer for the output, to test that
3250 * EVP_PKEY_derive() can cope with it.
3251 */
3252 if (got_len == SIZE_MAX || got_len == 0)
3253 got_len = expected->output_len;
3254 else
3255 got_len = expected->output_len * 2;
3256 }
5a285add 3257
cce935b2 3258 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
5a285add
DM		 3259 t->err = "INTERNAL_ERROR";
3260 goto err;
3261 }
3262 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
3263 t->err = "KDF_DERIVE_ERROR";
3264 goto err;
3265 }
3266 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
3267 t->err = "KDF_MISMATCH";
3268 goto err;
3269 }
3270 t->err = NULL;
3271
3272 err:
3273 OPENSSL_free(got);
3274 return 1;
3275}
3276
3277static const EVP_TEST_METHOD pkey_kdf_test_method = {
3278 "PKEYKDF",
3279 pkey_kdf_test_init,
3280 pkey_kdf_test_cleanup,
3281 pkey_kdf_test_parse,
3282 pkey_kdf_test_run
3283};
3284
c49e0b04 3285/**
5ccada09
SL		 3286 ** KEYPAIR TESTS
3287 **/
c49e0b04
RS		 3288
3289typedef struct keypair_test_data_st {
d91b7423
RS		 3290 EVP_PKEY *privk;
3291 EVP_PKEY *pubk;
6c5943c9 3292} KEYPAIR_TEST_DATA;
d91b7423 3293
6c5943c9 3294static int keypair_test_init(EVP_TEST *t, const char *pair)
d91b7423 3295{
c49e0b04 3296 KEYPAIR_TEST_DATA *data;
d91b7423
RS		 3297 int rv = 0;
3298 EVP_PKEY *pk = NULL, *pubk = NULL;
3299 char *pub, *priv = NULL;
d91b7423 3300
c49e0b04 3301 /* Split private and public names. */
6c5943c9
RS		 3302 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
3303 || !TEST_ptr(pub = strchr(priv, ':'))) {
3304 t->err = "PARSING_ERROR";
d91b7423
RS		 3305 goto end;
3306 }
c49e0b04 3307 *pub++ = '\0';
d91b7423 3308
6c5943c9 3309 if (!TEST_true(find_key(&pk, priv, private_keys))) {
c49e0b04 3310 TEST_info("Can't find private key: %s", priv);
6c5943c9 3311 t->err = "MISSING_PRIVATE_KEY";
d91b7423
RS		 3312 goto end;
3313 }
6c5943c9 3314 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
c49e0b04 3315 TEST_info("Can't find public key: %s", pub);
6c5943c9 3316 t->err = "MISSING_PUBLIC_KEY";
d91b7423
RS		 3317 goto end;
3318 }
3319
3320 if (pk == NULL && pubk == NULL) {
3321 /* Both keys are listed but unsupported: skip this test */
3322 t->skip = 1;
3323 rv = 1;
3324 goto end;
3325 }
3326
6c5943c9 3327 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
d91b7423 3328 goto end;
d91b7423
RS		 3329 data->privk = pk;
3330 data->pubk = pubk;
3331 t->data = data;
d91b7423 3332 rv = 1;
6c5943c9 3333 t->err = NULL;
d91b7423
RS		 3334
3335end:
6c5943c9 3336 OPENSSL_free(priv);
d91b7423
RS		 3337 return rv;
3338}
3339
6c5943c9 3340static void keypair_test_cleanup(EVP_TEST *t)
d91b7423 3341{
6c5943c9 3342 OPENSSL_free(t->data);
d91b7423 3343 t->data = NULL;
d91b7423
RS		 3344}
3345
c49e0b04
RS		 3346/*
3347 * For tests that do not accept any custom keywords.
d91b7423 3348 */
6c5943c9 3349static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
d91b7423
RS		 3350{
3351 return 0;
3352}
3353
6c5943c9 3354static int keypair_test_run(EVP_TEST *t)
d91b7423
RS		 3355{
3356 int rv = 0;
6c5943c9 3357 const KEYPAIR_TEST_DATA *pair = t->data;
d91b7423
RS		 3358
3359 if (pair->privk == NULL || pair->pubk == NULL) {
6c5943c9
RS		 3360 /*
3361 * this can only happen if only one of the keys is not set
d91b7423
RS		 3362 * which means that one of them was unsupported while the
3363 * other isn't: hence a key type mismatch.
3364 */
6c5943c9 3365 t->err = "KEYPAIR_TYPE_MISMATCH";
d91b7423
RS		 3366 rv = 1;
3367 goto end;
3368 }
3369
1287dabd 3370 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) {
3371 if (0 == rv) {
6c5943c9 3372 t->err = "KEYPAIR_MISMATCH";
1287dabd 3373 } else if (-1 == rv) {
6c5943c9 3374 t->err = "KEYPAIR_TYPE_MISMATCH";
1287dabd 3375 } else if (-2 == rv) {
6c5943c9 3376 t->err = "UNSUPPORTED_KEY_COMPARISON";
d91b7423 3377 } else {
6c5943c9 3378 TEST_error("Unexpected error in key comparison");
d91b7423
RS		 3379 rv = 0;
3380 goto end;
3381 }
3382 rv = 1;
3383 goto end;
3384 }
3385
3386 rv = 1;
6c5943c9 3387 t->err = NULL;
d91b7423
RS		 3388
3389end:
d91b7423
RS		 3390 return rv;
3391}
3392
6c5943c9 3393static const EVP_TEST_METHOD keypair_test_method = {
d91b7423
RS		 3394 "PrivPubKeyPair",
3395 keypair_test_init,
3396 keypair_test_cleanup,
3397 void_test_parse,
3398 keypair_test_run
3399};
3400
1f0fc03b 3401/**
5ccada09
SL		 3402 ** KEYGEN TEST
3403 **/
1f0fc03b
DSH		 3404
3405typedef struct keygen_test_data_st {
3406 EVP_PKEY_CTX *genctx; /* Keygen context to use */
3407 char *keyname; /* Key name to store key or NULL */
3408} KEYGEN_TEST_DATA;
3409
3410static int keygen_test_init(EVP_TEST *t, const char *alg)
3411{
3412 KEYGEN_TEST_DATA *data;
3413 EVP_PKEY_CTX *genctx;
3414 int nid = OBJ_sn2nid(alg);
3415
3416 if (nid == NID_undef) {
3417 nid = OBJ_ln2nid(alg);
3418 if (nid == NID_undef)
3419 return 0;
3420 }
3421
5ccada09 3422 if (is_pkey_disabled(alg)) {
1f0fc03b
DSH		 3423 t->skip = 1;
3424 return 1;
3425 }
f34878d8 3426 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, propquery)))
5ccada09 3427 goto err;
1f0fc03b
DSH		 3428
3429 if (EVP_PKEY_keygen_init(genctx) <= 0) {
3430 t->err = "KEYGEN_INIT_ERROR";
3431 goto err;
3432 }
3433
3434 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
3435 goto err;
3436 data->genctx = genctx;
3437 data->keyname = NULL;
3438 t->data = data;
3439 t->err = NULL;
3440 return 1;
3441
3442err:
3443 EVP_PKEY_CTX_free(genctx);
3444 return 0;
3445}
3446
3447static void keygen_test_cleanup(EVP_TEST *t)
3448{
3449 KEYGEN_TEST_DATA *keygen = t->data;
3450
3451 EVP_PKEY_CTX_free(keygen->genctx);
3452 OPENSSL_free(keygen->keyname);
3453 OPENSSL_free(t->data);
3454 t->data = NULL;
3455}
3456
3457static int keygen_test_parse(EVP_TEST *t,
3458 const char *keyword, const char *value)
3459{
3460 KEYGEN_TEST_DATA *keygen = t->data;
3461
3462 if (strcmp(keyword, "KeyName") == 0)
3463 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
3464 if (strcmp(keyword, "Ctrl") == 0)
3465 return pkey_test_ctrl(t, keygen->genctx, value);
3466 return 0;
3467}
3468
3469static int keygen_test_run(EVP_TEST *t)
3470{
3471 KEYGEN_TEST_DATA *keygen = t->data;
3472 EVP_PKEY *pkey = NULL;
88af1ebb 3473 int rv = 1;
1f0fc03b 3474
1f0fc03b
DSH		 3475 if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
3476 t->err = "KEYGEN_GENERATE_ERROR";
3477 goto err;
3478 }
3479
5ccada09
SL		 3480 if (!evp_pkey_is_provided(pkey)) {
3481 TEST_info("Warning: legacy key generated %s", keygen->keyname);
3482 goto err;
3483 }
1f0fc03b
DSH		 3484 if (keygen->keyname != NULL) {
3485 KEY_LIST *key;
3486
88af1ebb 3487 rv = 0;
1f0fc03b
DSH		 3488 if (find_key(NULL, keygen->keyname, private_keys)) {
3489 TEST_info("Duplicate key %s", keygen->keyname);
3490 goto err;
3491 }
3492
3493 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
3494 goto err;
3495 key->name = keygen->keyname;
3496 keygen->keyname = NULL;
3497 key->key = pkey;
3498 key->next = private_keys;
3499 private_keys = key;
88af1ebb 3500 rv = 1;
1f0fc03b
DSH		 3501 } else {
3502 EVP_PKEY_free(pkey);
3503 }
3504
88af1ebb 3505 t->err = NULL;
1f0fc03b
DSH		 3506
3507err:
88af1ebb 3508 return rv;
1f0fc03b
DSH		 3509}
3510
3511static const EVP_TEST_METHOD keygen_test_method = {
3512 "KeyGen",
3513 keygen_test_init,
3514 keygen_test_cleanup,
3515 keygen_test_parse,
3516 keygen_test_run,
3517};
c49e0b04
RS		 3518
3519/**
5ccada09
SL		 3520 ** DIGEST SIGN+VERIFY TESTS
3521 **/
c49e0b04 3522
75726fe8 3523typedef struct {
2117a737
DSH		 3524 int is_verify; /* Set to 1 if verifying */
3525 int is_oneshot; /* Set to 1 for one shot operation */
3526 const EVP_MD *md; /* Digest to use */
3527 EVP_MD_CTX *ctx; /* Digest context */
75726fe8 3528 EVP_PKEY_CTX *pctx;
2117a737
DSH		 3529 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
3530 unsigned char *osin; /* Input data if one shot */
3531 size_t osin_len; /* Input length data if one shot */
3532 unsigned char *output; /* Expected output */
3533 size_t output_len; /* Expected output length */
f3090fc7 3534 const char *nonce_type;
75726fe8
DSH		 3535} DIGESTSIGN_DATA;
3536
7b22334f
DSH		 3537static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
3538 int is_oneshot)
75726fe8
DSH		 3539{
3540 const EVP_MD *md = NULL;
3541 DIGESTSIGN_DATA *mdat;
3542
3543 if (strcmp(alg, "NULL") != 0) {
5ccada09
SL		 3544 if (is_digest_disabled(alg)) {
3545 t->skip = 1;
3546 return 1;
75726fe8 3547 }
5ccada09
SL		 3548 md = EVP_get_digestbyname(alg);
3549 if (md == NULL)
3550 return 0;
75726fe8
DSH		 3551 }
3552 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
3553 return 0;
3554 mdat->md = md;
3555 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
3556 OPENSSL_free(mdat);
3557 return 0;
3558 }
3559 mdat->is_verify = is_verify;
7b22334f 3560 mdat->is_oneshot = is_oneshot;
75726fe8
DSH		 3561 t->data = mdat;
3562 return 1;
3563}
3564
3565static int digestsign_test_init(EVP_TEST *t, const char *alg)
3566{
7b22334f 3567 return digestsigver_test_init(t, alg, 0, 0);
75726fe8
DSH		 3568}
3569
3570static void digestsigver_test_cleanup(EVP_TEST *t)
3571{
3572 DIGESTSIGN_DATA *mdata = t->data;
3573
3574 EVP_MD_CTX_free(mdata->ctx);
3575 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
7b22334f 3576 OPENSSL_free(mdata->osin);
75726fe8
DSH		 3577 OPENSSL_free(mdata->output);
3578 OPENSSL_free(mdata);
3579 t->data = NULL;
3580}
3581
3582static int digestsigver_test_parse(EVP_TEST *t,
3583 const char *keyword, const char *value)
3584{
3585 DIGESTSIGN_DATA *mdata = t->data;
3586
3587 if (strcmp(keyword, "Key") == 0) {
3588 EVP_PKEY *pkey = NULL;
3589 int rv = 0;
ed576acd 3590 const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md);
75726fe8
DSH		 3591
3592 if (mdata->is_verify)
3593 rv = find_key(&pkey, value, public_keys);
3594 if (rv == 0)
3595 rv = find_key(&pkey, value, private_keys);
3596 if (rv == 0 || pkey == NULL) {
3597 t->skip = 1;
3598 return 1;
3599 }
3600 if (mdata->is_verify) {
d8652be0 3601 if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
af6171b3 3602 NULL, pkey, NULL))
75726fe8
DSH		 3603 t->err = "DIGESTVERIFYINIT_ERROR";
3604 return 1;
3605 }
d8652be0 3606 if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
af6171b3 3607 pkey, NULL))
75726fe8
DSH		 3608 t->err = "DIGESTSIGNINIT_ERROR";
3609 return 1;
3610 }
3611
7b22334f
DSH		 3612 if (strcmp(keyword, "Input") == 0) {
3613 if (mdata->is_oneshot)
c49e0b04 3614 return parse_bin(value, &mdata->osin, &mdata->osin_len);
1208d526 3615 return evp_test_buffer_append(value, data_chunk_size, &mdata->input);
7b22334f 3616 }
75726fe8 3617 if (strcmp(keyword, "Output") == 0)
c49e0b04 3618 return parse_bin(value, &mdata->output, &mdata->output_len);
7b22334f 3619
1208d526 3620 if (!mdata->is_oneshot && data_chunk_size == 0) {
7b22334f
DSH		 3621 if (strcmp(keyword, "Count") == 0)
3622 return evp_test_buffer_set_count(value, mdata->input);
3623 if (strcmp(keyword, "Ncopy") == 0)
3624 return evp_test_buffer_ncopy(value, mdata->input);
3625 }
75726fe8
DSH		 3626 if (strcmp(keyword, "Ctrl") == 0) {
3627 if (mdata->pctx == NULL)
f42c225d 3628 return -1;
75726fe8
DSH		 3629 return pkey_test_ctrl(t, mdata->pctx, value);
3630 }
f3090fc7 3631 if (strcmp(keyword, "NonceType") == 0) {
3632 if (strcmp(value, "deterministic") == 0) {
3633 OSSL_PARAM params[2];
3634 unsigned int nonce_type = 1;
3635
3636 params[0] =
3637 OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE,
3638 &nonce_type);
3639 params[1] = OSSL_PARAM_construct_end();
3640 if (!EVP_PKEY_CTX_set_params(mdata->pctx, params))
3641 t->err = "EVP_PKEY_CTX_set_params_ERROR";
1d857945
IF		 3642 else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params))
3643 t->err = "EVP_PKEY_CTX_get_params_ERROR";
3644 else if (!OSSL_PARAM_modified(&params[0]))
3645 t->err = "nonce_type_not_modified_ERROR";
3646 else if (nonce_type != 1)
3647 t->err = "nonce_type_value_ERROR";
f3090fc7 3648 }
3649 return 1;
3650 }
75726fe8
DSH		 3651 return 0;
3652}
3653
3654static int digestsign_update_fn(void *ctx, const unsigned char *buf,
3655 size_t buflen)
3656{
3657 return EVP_DigestSignUpdate(ctx, buf, buflen);
3658}
3659
3660static int digestsign_test_run(EVP_TEST *t)
3661{
e3d378bc
AP		 3662 DIGESTSIGN_DATA *expected = t->data;
3663 unsigned char *got = NULL;
3664 size_t got_len;
75726fe8 3665
e3d378bc
AP		 3666 if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
3667 expected->ctx)) {
75726fe8
DSH		 3668 t->err = "DIGESTUPDATE_ERROR";
3669 goto err;
3670 }
3671
e3d378bc 3672 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
75726fe8
DSH		 3673 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
3674 goto err;
3675 }
e3d378bc 3676 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
75726fe8
DSH		 3677 t->err = "MALLOC_FAILURE";
3678 goto err;
3679 }
fc5888cc 3680 got_len *= 2;
e3d378bc 3681 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
75726fe8
DSH		 3682 t->err = "DIGESTSIGNFINAL_ERROR";
3683 goto err;
3684 }
4cceb185
P		 3685 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3686 expected->output, expected->output_len,
3687 got, got_len))
75726fe8 3688 goto err;
75726fe8 3689
4cceb185 3690 t->err = NULL;
75726fe8 3691 err:
e3d378bc 3692 OPENSSL_free(got);
75726fe8
DSH		 3693 return 1;
3694}
3695
3696static const EVP_TEST_METHOD digestsign_test_method = {
3697 "DigestSign",
3698 digestsign_test_init,
3699 digestsigver_test_cleanup,
3700 digestsigver_test_parse,
3701 digestsign_test_run
3702};
3703
3704static int digestverify_test_init(EVP_TEST *t, const char *alg)
3705{
7b22334f 3706 return digestsigver_test_init(t, alg, 1, 0);
75726fe8
DSH		 3707}
3708
3709static int digestverify_update_fn(void *ctx, const unsigned char *buf,
3710 size_t buflen)
3711{
3712 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
3713}
3714
3715static int digestverify_test_run(EVP_TEST *t)
3716{
3717 DIGESTSIGN_DATA *mdata = t->data;
3718
3719 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
3720 t->err = "DIGESTUPDATE_ERROR";
3721 return 1;
3722 }
3723
3724 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
3725 mdata->output_len) <= 0)
3726 t->err = "VERIFY_ERROR";
3727 return 1;
3728}
3729
3730static const EVP_TEST_METHOD digestverify_test_method = {
3731 "DigestVerify",
3732 digestverify_test_init,
3733 digestsigver_test_cleanup,
3734 digestsigver_test_parse,
3735 digestverify_test_run
3736};
3737
7b22334f
DSH		 3738static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
3739{
3740 return digestsigver_test_init(t, alg, 0, 1);
3741}
3742
3743static int oneshot_digestsign_test_run(EVP_TEST *t)
3744{
e3d378bc
AP		 3745 DIGESTSIGN_DATA *expected = t->data;
3746 unsigned char *got = NULL;
3747 size_t got_len;
7b22334f 3748
e3d378bc
AP		 3749 if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
3750 expected->osin, expected->osin_len)) {
7b22334f
DSH		 3751 t->err = "DIGESTSIGN_LENGTH_ERROR";
3752 goto err;
3753 }
e3d378bc 3754 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
7b22334f
DSH		 3755 t->err = "MALLOC_FAILURE";
3756 goto err;
3757 }
fc5888cc 3758 got_len *= 2;
e3d378bc
AP		 3759 if (!EVP_DigestSign(expected->ctx, got, &got_len,
3760 expected->osin, expected->osin_len)) {
7b22334f
DSH		 3761 t->err = "DIGESTSIGN_ERROR";
3762 goto err;
3763 }
4cceb185
P		 3764 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3765 expected->output, expected->output_len,
3766 got, got_len))
7b22334f 3767 goto err;
7b22334f 3768
4cceb185 3769 t->err = NULL;
7b22334f 3770 err:
e3d378bc 3771 OPENSSL_free(got);
7b22334f
DSH		 3772 return 1;
3773}
3774
3775static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
3776 "OneShotDigestSign",
3777 oneshot_digestsign_test_init,
3778 digestsigver_test_cleanup,
3779 digestsigver_test_parse,
3780 oneshot_digestsign_test_run
3781};
3782
3783static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
3784{
3785 return digestsigver_test_init(t, alg, 1, 1);
3786}
3787
3788static int oneshot_digestverify_test_run(EVP_TEST *t)
3789{
3790 DIGESTSIGN_DATA *mdata = t->data;
3791
3792 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
3793 mdata->osin, mdata->osin_len) <= 0)
3794 t->err = "VERIFY_ERROR";
3795 return 1;
3796}
3797
3798static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
3799 "OneShotDigestVerify",
3800 oneshot_digestverify_test_init,
3801 digestsigver_test_cleanup,
3802 digestsigver_test_parse,
3803 oneshot_digestverify_test_run
3804};
3805
c49e0b04
RS		 3806
3807/**
5ccada09
SL		 3808 ** PARSING AND DISPATCH
3809 **/
c49e0b04
RS		 3810
3811static const EVP_TEST_METHOD *evp_test_list[] = {
c9ed9307 3812 &rand_test_method,
c49e0b04
RS		 3813 &cipher_test_method,
3814 &digest_test_method,
3815 &digestsign_test_method,
3816 &digestverify_test_method,
3817 &encode_test_method,
3818 &kdf_test_method,
5a285add 3819 &pkey_kdf_test_method,
c49e0b04 3820 &keypair_test_method,
1f0fc03b 3821 &keygen_test_method,
c49e0b04
RS		 3822 &mac_test_method,
3823 &oneshot_digestsign_test_method,
3824 &oneshot_digestverify_test_method,
3825 &pbe_test_method,
3826 &pdecrypt_test_method,
3827 &pderive_test_method,
3828 &psign_test_method,
3829 &pverify_recover_test_method,
3830 &pverify_test_method,
3831 NULL
3832};
3833
3834static const EVP_TEST_METHOD *find_test(const char *name)
3835{
3836 const EVP_TEST_METHOD **tt;
3837
3838 for (tt = evp_test_list; *tt; tt++) {
3839 if (strcmp(name, (*tt)->name) == 0)
3840 return *tt;
3841 }
3842 return NULL;
3843}
3844
3845static void clear_test(EVP_TEST *t)
3846{
ae269dd8 3847 test_clearstanza(&t->s);
c49e0b04
RS		 3848 ERR_clear_error();
3849 if (t->data != NULL) {
3850 if (t->meth != NULL)
3851 t->meth->cleanup(t);
3852 OPENSSL_free(t->data);
3853 t->data = NULL;
3854 }
3855 OPENSSL_free(t->expected_err);
3856 t->expected_err = NULL;
c49e0b04
RS		 3857 OPENSSL_free(t->reason);
3858 t->reason = NULL;
ae269dd8 3859
c49e0b04
RS		 3860 /* Text literal. */
3861 t->err = NULL;
3862 t->skip = 0;
3863 t->meth = NULL;
ae1792e3
ČK		 3864
3865#if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
3866 OSSL_set_max_threads(libctx, 0);
3867#endif
c49e0b04
RS		 3868}
3869
5ccada09 3870/* Check for errors in the test structure; return 1 if okay, else 0. */
c49e0b04
RS		 3871static int check_test_error(EVP_TEST *t)
3872{
3873 unsigned long err;
c49e0b04
RS		 3874 const char *reason;
3875
3876 if (t->err == NULL && t->expected_err == NULL)
3877 return 1;
3878 if (t->err != NULL && t->expected_err == NULL) {
3879 if (t->aux_err != NULL) {
ae269dd8
RS		 3880 TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
3881 t->s.test_file, t->s.start, t->aux_err, t->err);
c49e0b04 3882 } else {
ae269dd8
RS		 3883 TEST_info("%s:%d: Source of above error; unexpected error %s",
3884 t->s.test_file, t->s.start, t->err);
c49e0b04
RS		 3885 }
3886 return 0;
3887 }
3888 if (t->err == NULL && t->expected_err != NULL) {
ae269dd8
RS		 3889 TEST_info("%s:%d: Succeeded but was expecting %s",
3890 t->s.test_file, t->s.start, t->expected_err);
c49e0b04
RS		 3891 return 0;
3892 }
3893
3894 if (strcmp(t->err, t->expected_err) != 0) {
ae269dd8
RS		 3895 TEST_info("%s:%d: Expected %s got %s",
3896 t->s.test_file, t->s.start, t->expected_err, t->err);
c49e0b04
RS		 3897 return 0;
3898 }
3899
aac96e27 3900 if (t->reason == NULL)
c49e0b04
RS		 3901 return 1;
3902
aac96e27 3903 if (t->reason == NULL) {
ae269dd8
RS		 3904 TEST_info("%s:%d: Test is missing function or reason code",
3905 t->s.test_file, t->s.start);
c49e0b04
RS		 3906 return 0;
3907 }
3908
3909 err = ERR_peek_error();
3910 if (err == 0) {
aac96e27
RS		 3911 TEST_info("%s:%d: Expected error \"%s\" not set",
3912 t->s.test_file, t->s.start, t->reason);
c49e0b04
RS		 3913 return 0;
3914 }
3915
c49e0b04 3916 reason = ERR_reason_error_string(err);
b13342e9 3917 if (reason == NULL) {
aac96e27 3918 TEST_info("%s:%d: Expected error \"%s\", no strings available."
ae269dd8 3919 " Assuming ok.",
aac96e27 3920 t->s.test_file, t->s.start, t->reason);
c49e0b04
RS		 3921 return 1;
3922 }
3923
aac96e27 3924 if (strcmp(reason, t->reason) == 0)
c49e0b04
RS		 3925 return 1;
3926
aac96e27
RS		 3927 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
3928 t->s.test_file, t->s.start, t->reason, reason);
c49e0b04
RS		 3929
3930 return 0;
3931}
3932
5ccada09 3933/* Run a parsed test. Log a message and return 0 on error. */
c49e0b04
RS		 3934static int run_test(EVP_TEST *t)
3935{
3936 if (t->meth == NULL)
3937 return 1;
ae269dd8 3938 t->s.numtests++;
c49e0b04 3939 if (t->skip) {
ae269dd8 3940 t->s.numskip++;
c49e0b04
RS		 3941 } else {
3942 /* run the test */
3943 if (t->err == NULL && t->meth->run_test(t) != 1) {
ae269dd8
RS		 3944 TEST_info("%s:%d %s error",
3945 t->s.test_file, t->s.start, t->meth->name);
c49e0b04
RS		 3946 return 0;
3947 }
3948 if (!check_test_error(t)) {
8fe3127c 3949 TEST_openssl_errors();
ae269dd8 3950 t->s.errors++;
c49e0b04
RS		 3951 }
3952 }
3953
3954 /* clean it up */
3955 return 1;
3956}
3957
3958static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
3959{
3960 for (; lst != NULL; lst = lst->next) {
3961 if (strcmp(lst->name, name) == 0) {
3962 if (ppk != NULL)
3963 *ppk = lst->key;
3964 return 1;
3965 }
3966 }
3967 return 0;
3968}
3969
3970static void free_key_list(KEY_LIST *lst)
3971{
3972 while (lst != NULL) {
3973 KEY_LIST *next = lst->next;
3974
3975 EVP_PKEY_free(lst->key);
3976 OPENSSL_free(lst->name);
3977 OPENSSL_free(lst);
3978 lst = next;
3979 }
3980}
3981
c49e0b04
RS		 3982/*
3983 * Is the key type an unsupported algorithm?
3984 */
3cb7c5cf 3985static int key_unsupported(void)
c49e0b04 3986{
88c1d0c1 3987 long err = ERR_peek_last_error();
7aef2000
RL		 3988 int lib = ERR_GET_LIB(err);
3989 long reason = ERR_GET_REASON(err);
c49e0b04 3990
7aef2000 3991 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
4bf696c1 3992 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
7aef2000 3993 || reason == ERR_R_UNSUPPORTED) {
c49e0b04
RS		 3994 ERR_clear_error();
3995 return 1;
3996 }
3997#ifndef OPENSSL_NO_EC
3998 /*
3999 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
4000 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
4001 * disabled).
4002 */
7aef2000
RL		 4003 if (lib == ERR_LIB_EC
4004 && (reason == EC_R_UNKNOWN_GROUP
4005 || reason == EC_R_INVALID_CURVE)) {
c49e0b04
RS		 4006 ERR_clear_error();
4007 return 1;
4008 }
4009#endif /* OPENSSL_NO_EC */
4010 return 0;
4011}
4012
5ccada09 4013/* NULL out the value from |pp| but return it. This "steals" a pointer. */
ae269dd8 4014static char *take_value(PAIR *pp)
c49e0b04 4015{
ae269dd8
RS		 4016 char *p = pp->value;
4017
4018 pp->value = NULL;
4019 return p;
4020}
4021
4605c5ab 4022#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
991a6bb5
SL		 4023static int securitycheck_enabled(void)
4024{
4025 static int enabled = -1;
4026
4027 if (enabled == -1) {
4028 if (OSSL_PROVIDER_available(libctx, "fips")) {
4029 OSSL_PARAM params[2];
4030 OSSL_PROVIDER *prov = NULL;
4031 int check = 1;
4032
4033 prov = OSSL_PROVIDER_load(libctx, "fips");
4034 if (prov != NULL) {
4035 params[0] =
4036 OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
4037 &check);
4038 params[1] = OSSL_PARAM_construct_end();
4039 OSSL_PROVIDER_get_params(prov, params);
4040 OSSL_PROVIDER_unload(prov);
4041 }
4042 enabled = check;
4043 return enabled;
4044 }
4045 enabled = 0;
4046 }
4047 return enabled;
4048}
4605c5ab 4049#endif
991a6bb5 4050
3b5d61f4
RL		 4051/*
4052 * Return 1 if one of the providers named in the string is available.
4053 * The provider names are separated with whitespace.
4054 * NOTE: destructive function, it inserts '\0' after each provider name.
4055 */
4056static int prov_available(char *providers)
4057{
4058 char *p;
4059 int more = 1;
4060
4061 while (more) {
8a2e74d0 4062 for (; isspace((unsigned char)(*providers)); providers++)
3b5d61f4
RL		 4063 continue;
4064 if (*providers == '\0')
4065 break; /* End of the road */
8a2e74d0 4066 for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++)
3b5d61f4
RL		 4067 continue;
4068 if (*p == '\0')
4069 more = 0;
4070 else
4071 *p = '\0';
5ccada09 4072 if (OSSL_PROVIDER_available(libctx, providers))
3b5d61f4
RL		 4073 return 1; /* Found one */
4074 }
4075 return 0;
4076}
4077
5ccada09 4078/* Read and parse one test. Return 0 if failure, 1 if okay. */
ae269dd8
RS		 4079static int parse(EVP_TEST *t)
4080{
4081 KEY_LIST *key, **klist;
c49e0b04 4082 EVP_PKEY *pkey;
ae269dd8 4083 PAIR *pp;
54a7bbed 4084 int i, j, skipped = 0;
c49e0b04 4085
c49e0b04 4086top:
ae269dd8
RS		 4087 do {
4088 if (BIO_eof(t->s.fp))
c49e0b04 4089 return EOF;
ae269dd8
RS		 4090 clear_test(t);
4091 if (!test_readstanza(&t->s))
4092 return 0;
4093 } while (t->s.numpairs == 0);
4094 pp = &t->s.pairs[0];
c49e0b04 4095
ae269dd8 4096 /* Are we adding a key? */
c49e0b04
RS		 4097 klist = NULL;
4098 pkey = NULL;
5ccada09 4099start:
ae269dd8 4100 if (strcmp(pp->key, "PrivateKey") == 0) {
5ccada09 4101 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
c49e0b04 4102 if (pkey == NULL && !key_unsupported()) {
1bf2cc23 4103 EVP_PKEY_free(pkey);
ae269dd8 4104 TEST_info("Can't read private key %s", pp->value);
8fe3127c 4105 TEST_openssl_errors();
c49e0b04
RS		 4106 return 0;
4107 }
4108 klist = &private_keys;
4665244c 4109 } else if (strcmp(pp->key, "PublicKey") == 0) {
5f2b7db0 4110 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
c49e0b04 4111 if (pkey == NULL && !key_unsupported()) {
1bf2cc23 4112 EVP_PKEY_free(pkey);
ae269dd8 4113 TEST_info("Can't read public key %s", pp->value);
8fe3127c 4114 TEST_openssl_errors();
c49e0b04
RS		 4115 return 0;
4116 }
4117 klist = &public_keys;
4665244c 4118 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
1287dabd 4119 || strcmp(pp->key, "PublicKeyRaw") == 0) {
4665244c
MC		 4120 char *strnid = NULL, *keydata = NULL;
4121 unsigned char *keybin;
4122 size_t keylen;
4123 int nid;
4124
4125 if (strcmp(pp->key, "PrivateKeyRaw") == 0)
4126 klist = &private_keys;
4127 else
4128 klist = &public_keys;
4129
4130 strnid = strchr(pp->value, ':');
4131 if (strnid != NULL) {
4132 *strnid++ = '\0';
4133 keydata = strchr(strnid, ':');
4134 if (keydata != NULL)
4135 *keydata++ = '\0';
4136 }
4137 if (keydata == NULL) {
4138 TEST_info("Failed to parse %s value", pp->key);
4139 return 0;
4140 }
4141
4142 nid = OBJ_txt2nid(strnid);
4143 if (nid == NID_undef) {
5ccada09 4144 TEST_info("Unrecognised algorithm NID");
4665244c
MC		 4145 return 0;
4146 }
4147 if (!parse_bin(keydata, &keybin, &keylen)) {
4148 TEST_info("Failed to create binary key");
4149 return 0;
4150 }
4151 if (klist == &private_keys)
d8652be0
MC		 4152 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
4153 keylen);
4665244c 4154 else
d8652be0
MC		 4155 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
4156 keylen);
66a925ea 4157 if (pkey == NULL && !key_unsupported()) {
4665244c
MC		 4158 TEST_info("Can't read %s data", pp->key);
4159 OPENSSL_free(keybin);
4160 TEST_openssl_errors();
4161 return 0;
4162 }
4163 OPENSSL_free(keybin);
5ccada09
SL		 4164 } else if (strcmp(pp->key, "Availablein") == 0) {
4165 if (!prov_available(pp->value)) {
4166 TEST_info("skipping, '%s' provider not available: %s:%d",
4167 pp->value, t->s.test_file, t->s.start);
4168 t->skip = 1;
4169 return 0;
4170 }
54a7bbed
P		 4171 skipped++;
4172 pp++;
4173 goto start;
4174 } else if (strcmp(pp->key, "FIPSversion") == 0) {
4175 if (prov_available("fips")) {
e1289d90 4176 j = fips_provider_version_match(libctx, pp->value);
54a7bbed
P		 4177 if (j < 0) {
4178 TEST_info("Line %d: error matching FIPS versions\n", t->s.curr);
4179 return 0;
4180 } else if (j == 0) {
4181 TEST_info("skipping, FIPS provider incompatible version: %s:%d",
4182 t->s.test_file, t->s.start);
4183 t->skip = 1;
4184 return 0;
4185 }
4186 }
4187 skipped++;
5ccada09
SL		 4188 pp++;
4189 goto start;
c49e0b04
RS		 4190 }
4191
4192 /* If we have a key add to list */
4193 if (klist != NULL) {
ae269dd8
RS		 4194 if (find_key(NULL, pp->value, *klist)) {
4195 TEST_info("Duplicate key %s", pp->value);
c49e0b04
RS		 4196 return 0;
4197 }
ae269dd8 4198 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
c49e0b04 4199 return 0;
ae269dd8 4200 key->name = take_value(pp);
c49e0b04
RS		 4201 key->key = pkey;
4202 key->next = *klist;
4203 *klist = key;
4204
4205 /* Go back and start a new stanza. */
54a7bbed 4206 if ((t->s.numpairs - skipped) != 1)
ae269dd8 4207 TEST_info("Line %d: missing blank line\n", t->s.curr);
c49e0b04
RS		 4208 goto top;
4209 }
4210
ae269dd8
RS		 4211 /* Find the test, based on first keyword. */
4212 if (!TEST_ptr(t->meth = find_test(pp->key)))
4213 return 0;
4214 if (!t->meth->init(t, pp->value)) {
4215 TEST_error("unknown %s: %s\n", pp->key, pp->value);
4216 return 0;
c49e0b04
RS		 4217 }
4218 if (t->skip == 1) {
ae269dd8
RS		 4219 /* TEST_info("skipping %s %s", pp->key, pp->value); */
4220 return 0;
c49e0b04
RS		 4221 }
4222
54a7bbed 4223 for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) {
7a810fac
SL		 4224 if (strcmp(pp->key, "Securitycheck") == 0) {
4225#if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
991a6bb5
SL		 4226#else
4227 if (!securitycheck_enabled())
7a810fac 4228#endif
991a6bb5
SL		 4229 {
4230 TEST_info("skipping, Securitycheck is disabled: %s:%d",
4231 t->s.test_file, t->s.start);
4232 t->skip = 1;
4233 return 0;
4234 }
7a810fac 4235 } else if (strcmp(pp->key, "Availablein") == 0) {
5ccada09
SL		 4236 TEST_info("Line %d: 'Availablein' should be the first option",
4237 t->s.curr);
4238 return 0;
8453096e 4239 } else if (strcmp(pp->key, "Result") == 0) {
c49e0b04 4240 if (t->expected_err != NULL) {
ae269dd8
RS		 4241 TEST_info("Line %d: multiple result lines", t->s.curr);
4242 return 0;
c49e0b04 4243 }
ae269dd8
RS		 4244 t->expected_err = take_value(pp);
4245 } else if (strcmp(pp->key, "Function") == 0) {
aac96e27 4246 /* Ignore old line. */
ae269dd8 4247 } else if (strcmp(pp->key, "Reason") == 0) {
c49e0b04 4248 if (t->reason != NULL) {
ae269dd8
RS		 4249 TEST_info("Line %d: multiple reason lines", t->s.curr);
4250 return 0;
c49e0b04 4251 }
ae269dd8 4252 t->reason = take_value(pp);
ae1792e3
ČK		 4253 } else if (strcmp(pp->key, "Threads") == 0) {
4254 if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) {
4255 TEST_info("skipping, '%s' threads not available: %s:%d",
4256 pp->value, t->s.test_file, t->s.start);
4257 t->skip = 1;
4258 }
c49e0b04
RS		 4259 } else {
4260 /* Must be test specific line: try to parse it */
ae269dd8 4261 int rv = t->meth->parse(t, pp->key, pp->value);
c49e0b04
RS		 4262
4263 if (rv == 0) {
ae269dd8
RS		 4264 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
4265 return 0;
c49e0b04
RS		 4266 }
4267 if (rv < 0) {
ce5d64c7
RL		 4268 TEST_info("Line %d: error processing keyword %s = %s\n",
4269 t->s.curr, pp->key, pp->value);
ae269dd8 4270 return 0;
c49e0b04 4271 }
6b3d2875 4272 if (t->skip)
4273 return 0;
c49e0b04
RS		 4274 }
4275 }
4276
4277 return 1;
c49e0b04
RS		 4278}
4279
ae269dd8 4280static int run_file_tests(int i)
6c5943c9 4281{
ae269dd8 4282 EVP_TEST *t;
ad887416 4283 const char *testfile = test_get_argument(i);
c49e0b04 4284 int c;
6c5943c9 4285
ae269dd8 4286 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
6c5943c9 4287 return 0;
ad887416 4288 if (!test_start_file(&t->s, testfile)) {
ae269dd8
RS		 4289 OPENSSL_free(t);
4290 return 0;
4291 }
c49e0b04 4292
ae269dd8
RS		 4293 while (!BIO_eof(t->s.fp)) {
4294 c = parse(t);
d5e5e2ff
SL		 4295 if (t->skip) {
4296 t->s.numskip++;
c49e0b04 4297 continue;
d5e5e2ff 4298 }
ae269dd8
RS		 4299 if (c == 0 || !run_test(t)) {
4300 t->s.errors++;
c49e0b04
RS		 4301 break;
4302 }
6c5943c9 4303 }
ae269dd8
RS		 4304 test_end_file(&t->s);
4305 clear_test(t);
6c5943c9 4306
6c5943c9
RS		 4307 free_key_list(public_keys);
4308 free_key_list(private_keys);
ae269dd8
RS		 4309 BIO_free(t->s.key);
4310 c = t->s.errors;
4311 OPENSSL_free(t);
4312 return c == 0;
6c5943c9
RS		 4313}
4314
5ccada09
SL		 4315const OPTIONS *test_get_options(void)
4316{
4317 static const OPTIONS test_options[] = {
4318 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
4319 { "config", OPT_CONFIG_FILE, '<',
4320 "The configuration file to use for the libctx" },
d57d0b81
VH		 4321 { "process", OPT_IN_PLACE, 's',
4322 "Mode for data processing by cipher tests [in_place/both], both by default"},
1bebf4b0
VH		 4323 { "provider", OPT_PROVIDER_NAME, 's',
4324 "The provider to load (when no configuration file, the default value is 'default')" },
f34878d8
VH		 4325 { "propquery", OPT_PROV_PROPQUERY, 's',
4326 "Property query used when fetching algorithms" },
0bfd744f 4327 { "chunk", OPT_DATA_CHUNK, 'N', "Size of data chunks to be processed, 0 for default size"},
f56c9c7c 4328 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
5ccada09
SL		 4329 { NULL }
4330 };
4331 return test_options;
4332}
a43ce58f 4333
ad887416 4334int setup_tests(void)
6c5943c9 4335{
8d242823 4336 size_t n;
5ccada09 4337 char *config_file = NULL;
1bebf4b0 4338 char *provider_name = NULL;
5ccada09
SL		 4339
4340 OPTION_CHOICE o;
4341
4342 while ((o = opt_next()) != OPT_EOF) {
4343 switch (o) {
4344 case OPT_CONFIG_FILE:
4345 config_file = opt_arg();
4346 break;
d57d0b81
VH		 4347 case OPT_IN_PLACE:
4348 if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1)
0bfd744f
VH		 4349 case OPT_DATA_CHUNK:
4350 if (!opt_int(opt_arg(), &data_chunk_size))
d57d0b81
VH		 4351 return 0;
4352 break;
1bebf4b0
VH		 4353 case OPT_PROVIDER_NAME:
4354 provider_name = opt_arg();
4355 break;
f34878d8
VH		 4356 case OPT_PROV_PROPQUERY:
4357 propquery = opt_arg();
4358 break;
5ccada09 4359 case OPT_TEST_CASES:
d57d0b81 4360 break;
5ccada09
SL		 4361 default:
4362 case OPT_ERR:
4363 return 0;
4364 }
4365 }
4366
4367 /*
bca7ad6e 4368 * Load the provider via configuration into the created library context.
5ccada09 4369 * Load the 'null' provider into the default library context to ensure that
3e6a0d57 4370 * the tests do not fallback to using the default provider.
5ccada09 4371 */
1bebf4b0
VH		 4372 if (config_file == NULL && provider_name == NULL)
4373 provider_name = "default";
4374 if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name))
5ccada09 4375 return 0;
8d242823
MC		 4376
4377 n = test_get_argument_count();
a43ce58f 4378 if (n == 0)
6c5943c9 4379 return 0;
6c5943c9 4380
ad887416
P		 4381 ADD_ALL_TESTS(run_file_tests, n);
4382 return 1;
6c5943c9 4383}
5ccada09
SL		 4384
4385void cleanup_tests(void)
4386{
1bebf4b0 4387 OSSL_PROVIDER_unload(libprov);
5ccada09 4388 OSSL_PROVIDER_unload(prov_null);
b4250010 4389 OSSL_LIB_CTX_free(libctx);
5ccada09
SL		 4390}
4391
5ccada09
SL		 4392static int is_digest_disabled(const char *name)
4393{
4394#ifdef OPENSSL_NO_BLAKE2
747adb6a 4395 if (HAS_CASE_PREFIX(name, "BLAKE"))
5ccada09
SL		 4396 return 1;
4397#endif
4398#ifdef OPENSSL_NO_MD2
fba140c7 4399 if (OPENSSL_strcasecmp(name, "MD2") == 0)
5ccada09
SL		 4400 return 1;
4401#endif
4402#ifdef OPENSSL_NO_MDC2
fba140c7 4403 if (OPENSSL_strcasecmp(name, "MDC2") == 0)
5ccada09
SL		 4404 return 1;
4405#endif
4406#ifdef OPENSSL_NO_MD4
fba140c7 4407 if (OPENSSL_strcasecmp(name, "MD4") == 0)
5ccada09
SL		 4408 return 1;
4409#endif
4410#ifdef OPENSSL_NO_MD5
fba140c7 4411 if (OPENSSL_strcasecmp(name, "MD5") == 0)
5ccada09
SL		 4412 return 1;
4413#endif
4414#ifdef OPENSSL_NO_RMD160
fba140c7 4415 if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
5ccada09
SL		 4416 return 1;
4417#endif
4418#ifdef OPENSSL_NO_SM3
fba140c7 4419 if (OPENSSL_strcasecmp(name, "SM3") == 0)
5ccada09
SL		 4420 return 1;
4421#endif
4422#ifdef OPENSSL_NO_WHIRLPOOL
fba140c7 4423 if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
5ccada09
SL		 4424 return 1;
4425#endif
4426 return 0;
4427}
4428
4429static int is_pkey_disabled(const char *name)
4430{
5ccada09 4431#ifdef OPENSSL_NO_EC
747adb6a 4432 if (HAS_CASE_PREFIX(name, "EC"))
5ccada09
SL		 4433 return 1;
4434#endif
4435#ifdef OPENSSL_NO_DH
747adb6a 4436 if (HAS_CASE_PREFIX(name, "DH"))
5ccada09
SL		 4437 return 1;
4438#endif
4439#ifdef OPENSSL_NO_DSA
747adb6a 4440 if (HAS_CASE_PREFIX(name, "DSA"))
5ccada09
SL		 4441 return 1;
4442#endif
4443 return 0;
4444}
4445
4446static int is_mac_disabled(const char *name)
4447{
4448#ifdef OPENSSL_NO_BLAKE2
747adb6a
DDO		 4449 if (HAS_CASE_PREFIX(name, "BLAKE2BMAC")
4450 || HAS_CASE_PREFIX(name, "BLAKE2SMAC"))
5ccada09
SL		 4451 return 1;
4452#endif
4453#ifdef OPENSSL_NO_CMAC
747adb6a 4454 if (HAS_CASE_PREFIX(name, "CMAC"))
5ccada09
SL		 4455 return 1;
4456#endif
4457#ifdef OPENSSL_NO_POLY1305
747adb6a 4458 if (HAS_CASE_PREFIX(name, "Poly1305"))
5ccada09
SL		 4459 return 1;
4460#endif
4461#ifdef OPENSSL_NO_SIPHASH
747adb6a 4462 if (HAS_CASE_PREFIX(name, "SipHash"))
5ccada09
SL		 4463 return 1;
4464#endif
4465 return 0;
4466}
4467static int is_kdf_disabled(const char *name)
4468{
4469#ifdef OPENSSL_NO_SCRYPT
747adb6a 4470 if (HAS_CASE_SUFFIX(name, "SCRYPT"))
5ccada09 4471 return 1;
6dfa998f
ČK		 4472#endif
4473#ifdef OPENSSL_NO_ARGON2
4474 if (HAS_CASE_SUFFIX(name, "ARGON2"))
4475 return 1;
5ccada09 4476#endif
5ccada09
SL		 4477 return 0;
4478}
4479
4480static int is_cipher_disabled(const char *name)
4481{
4482#ifdef OPENSSL_NO_ARIA
747adb6a 4483 if (HAS_CASE_PREFIX(name, "ARIA"))
5ccada09
SL		 4484 return 1;
4485#endif
4486#ifdef OPENSSL_NO_BF
747adb6a 4487 if (HAS_CASE_PREFIX(name, "BF"))
5ccada09
SL		 4488 return 1;
4489#endif
4490#ifdef OPENSSL_NO_CAMELLIA
747adb6a 4491 if (HAS_CASE_PREFIX(name, "CAMELLIA"))
5ccada09
SL		 4492 return 1;
4493#endif
4494#ifdef OPENSSL_NO_CAST
747adb6a 4495 if (HAS_CASE_PREFIX(name, "CAST"))
5ccada09
SL		 4496 return 1;
4497#endif
4498#ifdef OPENSSL_NO_CHACHA
747adb6a 4499 if (HAS_CASE_PREFIX(name, "CHACHA"))
5ccada09
SL		 4500 return 1;
4501#endif
4502#ifdef OPENSSL_NO_POLY1305
747adb6a 4503 if (HAS_CASE_SUFFIX(name, "Poly1305"))
5ccada09
SL		 4504 return 1;
4505#endif
4506#ifdef OPENSSL_NO_DES
747adb6a 4507 if (HAS_CASE_PREFIX(name, "DES"))
5ccada09 4508 return 1;
747adb6a 4509 if (HAS_CASE_SUFFIX(name, "3DESwrap"))
89cccbea 4510 return 1;
5ccada09
SL		 4511#endif
4512#ifdef OPENSSL_NO_OCB
747adb6a 4513 if (HAS_CASE_SUFFIX(name, "OCB"))
5ccada09
SL		 4514 return 1;
4515#endif
4516#ifdef OPENSSL_NO_IDEA
747adb6a 4517 if (HAS_CASE_PREFIX(name, "IDEA"))
5ccada09
SL		 4518 return 1;
4519#endif
4520#ifdef OPENSSL_NO_RC2
747adb6a 4521 if (HAS_CASE_PREFIX(name, "RC2"))
5ccada09
SL		 4522 return 1;
4523#endif
4524#ifdef OPENSSL_NO_RC4
747adb6a 4525 if (HAS_CASE_PREFIX(name, "RC4"))
5ccada09
SL		 4526 return 1;
4527#endif
4528#ifdef OPENSSL_NO_RC5
747adb6a 4529 if (HAS_CASE_PREFIX(name, "RC5"))
5ccada09
SL		 4530 return 1;
4531#endif
4532#ifdef OPENSSL_NO_SEED
747adb6a 4533 if (HAS_CASE_PREFIX(name, "SEED"))
5ccada09
SL		 4534 return 1;
4535#endif
4536#ifdef OPENSSL_NO_SIV
747adb6a 4537 if (HAS_CASE_SUFFIX(name, "SIV"))
5ccada09
SL		 4538 return 1;
4539#endif
4540#ifdef OPENSSL_NO_SM4
747adb6a 4541 if (HAS_CASE_PREFIX(name, "SM4"))
5ccada09
SL		 4542 return 1;
4543#endif
4544 return 0;
4545}
A mirror of the official openssl repository