1 /*
2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <ctype.h>
15 #include "../e_os.h" /* strcasecmp */
16 #include <openssl/evp.h>
17 #include <openssl/pem.h>
18 #include <openssl/err.h>
19 #include <openssl/provider.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/pkcs12.h>
22 #include <openssl/kdf.h>
23 #include <openssl/params.h>
24 #include <openssl/core_names.h>
25 #include <openssl/fips_names.h>
26 #include "internal/numbers.h"
27 #include "internal/nelem.h"
28 #include "crypto/evp.h"
29 #include "testutil.h"
30
31 typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
32 DEFINE_STACK_OF(EVP_TEST_BUFFER)
33
34 #define AAD_NUM 4
35
36 typedef struct evp_test_method_st EVP_TEST_METHOD;
37
38 /* Structure holding test information */
39 typedef struct evp_test_st {
40 STANZA s; /* Common test stanza */
41 char *name;
42 int skip; /* Current test should be skipped */
43 const EVP_TEST_METHOD *meth; /* method for this test */
44 const char *err, *aux_err; /* Error string for test */
45 char *expected_err; /* Expected error value of test */
46 char *reason; /* Expected error reason string */
47 void *data; /* test specific data */
48 } EVP_TEST;
49
50 /* Test method structure */
51 struct evp_test_method_st {
52 /* Name of test as it appears in file */
53 const char *name;
54 /* Initialise test for "alg" */
55 int (*init) (EVP_TEST * t, const char *alg);
56 /* Clean up method */
57 void (*cleanup) (EVP_TEST * t);
58 /* Test specific name value pair processing */
59 int (*parse) (EVP_TEST * t, const char *name, const char *value);
60 /* Run the test itself */
61 int (*run_test) (EVP_TEST * t);
62 };
63
64 /* Linked list of named keys. */
65 typedef struct key_list_st {
66 char *name;
67 EVP_PKEY *key;
68 struct key_list_st *next;
69 } KEY_LIST;
70
71 typedef enum OPTION_choice {
72 OPT_ERR = -1,
73 OPT_EOF = 0,
74 OPT_CONFIG_FILE,
75 OPT_TEST_ENUM
76 } OPTION_CHOICE;
77
78 static OSSL_PROVIDER *prov_null = NULL;
79 static OSSL_LIB_CTX *libctx = NULL;
80
81 /* List of public and private keys */
82 static KEY_LIST *private_keys;
83 static KEY_LIST *public_keys;
84
85 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
86 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
87 static int is_digest_disabled(const char *name);
88 static int is_pkey_disabled(const char *name);
89 static int is_mac_disabled(const char *name);
90 static int is_cipher_disabled(const char *name);
91 static int is_kdf_disabled(const char *name);
92
93 /*
94 * Compare two memory regions for equality, returning zero if they differ.
95 * However, if there is expected to be an error and the actual error
96 * matches then the memory is expected to be different so handle this
97 * case without producing unnecessary test framework output.
98 */
memory_err_compare(EVP_TEST * t,const char * err,const void * expected,size_t expected_len,const void * got,size_t got_len)99 static int memory_err_compare(EVP_TEST *t, const char *err,
100 const void *expected, size_t expected_len,
101 const void *got, size_t got_len)
102 {
103 int r;
104
105 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
106 r = !TEST_mem_ne(expected, expected_len, got, got_len);
107 else
108 r = TEST_mem_eq(expected, expected_len, got, got_len);
109 if (!r)
110 t->err = err;
111 return r;
112 }
113
114 /*
115 * Structure used to hold a list of blocks of memory to test
116 * calls to "update" like functions.
117 */
118 struct evp_test_buffer_st {
119 unsigned char *buf;
120 size_t buflen;
121 size_t count;
122 int count_set;
123 };
124
evp_test_buffer_free(EVP_TEST_BUFFER * db)125 static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
126 {
127 if (db != NULL) {
128 OPENSSL_free(db->buf);
129 OPENSSL_free(db);
130 }
131 }
132
133 /* append buffer to a list */
evp_test_buffer_append(const char * value,STACK_OF (EVP_TEST_BUFFER)** sk)134 static int evp_test_buffer_append(const char *value,
135 STACK_OF(EVP_TEST_BUFFER) **sk)
136 {
137 EVP_TEST_BUFFER *db = NULL;
138
139 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
140 goto err;
141
142 if (!parse_bin(value, &db->buf, &db->buflen))
143 goto err;
144 db->count = 1;
145 db->count_set = 0;
146
147 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
148 goto err;
149 if (!sk_EVP_TEST_BUFFER_push(*sk, db))
150 goto err;
151
152 return 1;
153
154 err:
155 evp_test_buffer_free(db);
156 return 0;
157 }
158
159 /* replace last buffer in list with copies of itself */
evp_test_buffer_ncopy(const char * value,STACK_OF (EVP_TEST_BUFFER)* sk)160 static int evp_test_buffer_ncopy(const char *value,
161 STACK_OF(EVP_TEST_BUFFER) *sk)
162 {
163 EVP_TEST_BUFFER *db;
164 unsigned char *tbuf, *p;
165 size_t tbuflen;
166 int ncopy = atoi(value);
167 int i;
168
169 if (ncopy <= 0)
170 return 0;
171 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
172 return 0;
173 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
174
175 tbuflen = db->buflen * ncopy;
176 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
177 return 0;
178 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
179 memcpy(p, db->buf, db->buflen);
180
181 OPENSSL_free(db->buf);
182 db->buf = tbuf;
183 db->buflen = tbuflen;
184 return 1;
185 }
186
187 /* set repeat count for last buffer in list */
evp_test_buffer_set_count(const char * value,STACK_OF (EVP_TEST_BUFFER)* sk)188 static int evp_test_buffer_set_count(const char *value,
189 STACK_OF(EVP_TEST_BUFFER) *sk)
190 {
191 EVP_TEST_BUFFER *db;
192 int count = atoi(value);
193
194 if (count <= 0)
195 return 0;
196
197 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
198 return 0;
199
200 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
201 if (db->count_set != 0)
202 return 0;
203
204 db->count = (size_t)count;
205 db->count_set = 1;
206 return 1;
207 }
208
209 /* call "fn" with each element of the list in turn */
evp_test_buffer_do(STACK_OF (EVP_TEST_BUFFER)* sk,int (* fn)(void * ctx,const unsigned char * buf,size_t buflen),void * ctx)210 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
211 int (*fn)(void *ctx,
212 const unsigned char *buf,
213 size_t buflen),
214 void *ctx)
215 {
216 int i;
217
218 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
219 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
220 size_t j;
221
222 for (j = 0; j < tb->count; j++) {
223 if (fn(ctx, tb->buf, tb->buflen) <= 0)
224 return 0;
225 }
226 }
227 return 1;
228 }
229
230 /*
231 * Unescape some sequences in string literals (only \n for now).
232 * Return an allocated buffer, set |out_len|. If |input_len|
233 * is zero, get an empty buffer but set length to zero.
234 */
unescape(const char * input,size_t input_len,size_t * out_len)235 static unsigned char* unescape(const char *input, size_t input_len,
236 size_t *out_len)
237 {
238 unsigned char *ret, *p;
239 size_t i;
240
241 if (input_len == 0) {
242 *out_len = 0;
243 return OPENSSL_zalloc(1);
244 }
245
246 /* Escaping is non-expanding; over-allocate original size for simplicity. */
247 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
248 return NULL;
249
250 for (i = 0; i < input_len; i++) {
251 if (*input == '\\') {
252 if (i == input_len - 1 || *++input != 'n') {
253 TEST_error("Bad escape sequence in file");
254 goto err;
255 }
256 *p++ = '\n';
257 i++;
258 input++;
259 } else {
260 *p++ = *input++;
261 }
262 }
263
264 *out_len = p - ret;
265 return ret;
266
267 err:
268 OPENSSL_free(ret);
269 return NULL;
270 }
271
272 /*
273 * For a hex string "value" convert to a binary allocated buffer.
274 * Return 1 on success or 0 on failure.
275 */
parse_bin(const char * value,unsigned char ** buf,size_t * buflen)276 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
277 {
278 long len;
279
280 /* Check for NULL literal */
281 if (strcmp(value, "NULL") == 0) {
282 *buf = NULL;
283 *buflen = 0;
284 return 1;
285 }
286
287 /* Check for empty value */
288 if (*value == '\0') {
289 /*
290 * Don't return NULL for zero length buffer. This is needed for
291 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
292 * buffer even if the key length is 0, in order to detect key reset.
293 */
294 *buf = OPENSSL_malloc(1);
295 if (*buf == NULL)
296 return 0;
297 **buf = 0;
298 *buflen = 0;
299 return 1;
300 }
301
302 /* Check for string literal */
303 if (value[0] == '"') {
304 size_t vlen = strlen(++value);
305
306 if (vlen == 0 || value[vlen - 1] != '"')
307 return 0;
308 vlen--;
309 *buf = unescape(value, vlen, buflen);
310 return *buf == NULL ? 0 : 1;
311 }
312
313 /* Otherwise assume as hex literal and convert it to binary buffer */
314 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
315 TEST_info("Can't convert %s", value);
316 TEST_openssl_errors();
317 return -1;
318 }
319 /* Size of input buffer means we'll never overflow */
320 *buflen = len;
321 return 1;
322 }
323
324 /**
325 ** MESSAGE DIGEST TESTS
326 **/
327
328 typedef struct digest_data_st {
329 /* Digest this test is for */
330 const EVP_MD *digest;
331 EVP_MD *fetched_digest;
332 /* Input to digest */
333 STACK_OF(EVP_TEST_BUFFER) *input;
334 /* Expected output */
335 unsigned char *output;
336 size_t output_len;
337 /* Padding type */
338 int pad_type;
339 } DIGEST_DATA;
340
digest_test_init(EVP_TEST * t,const char * alg)341 static int digest_test_init(EVP_TEST *t, const char *alg)
342 {
343 DIGEST_DATA *mdat;
344 const EVP_MD *digest;
345 EVP_MD *fetched_digest;
346
347 if (is_digest_disabled(alg)) {
348 TEST_info("skipping, '%s' is disabled", alg);
349 t->skip = 1;
350 return 1;
351 }
352
353 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, NULL)) == NULL
354 && (digest = EVP_get_digestbyname(alg)) == NULL)
355 return 0;
356 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
357 return 0;
358 t->data = mdat;
359 mdat->digest = digest;
360 mdat->fetched_digest = fetched_digest;
361 mdat->pad_type = 0;
362 if (fetched_digest != NULL)
363 TEST_info("%s is fetched", alg);
364 return 1;
365 }
366
digest_test_cleanup(EVP_TEST * t)367 static void digest_test_cleanup(EVP_TEST *t)
368 {
369 DIGEST_DATA *mdat = t->data;
370
371 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
372 OPENSSL_free(mdat->output);
373 EVP_MD_free(mdat->fetched_digest);
374 }
375
digest_test_parse(EVP_TEST * t,const char * keyword,const char * value)376 static int digest_test_parse(EVP_TEST *t,
377 const char *keyword, const char *value)
378 {
379 DIGEST_DATA *mdata = t->data;
380
381 if (strcmp(keyword, "Input") == 0)
382 return evp_test_buffer_append(value, &mdata->input);
383 if (strcmp(keyword, "Output") == 0)
384 return parse_bin(value, &mdata->output, &mdata->output_len);
385 if (strcmp(keyword, "Count") == 0)
386 return evp_test_buffer_set_count(value, mdata->input);
387 if (strcmp(keyword, "Ncopy") == 0)
388 return evp_test_buffer_ncopy(value, mdata->input);
389 if (strcmp(keyword, "Padding") == 0)
390 return (mdata->pad_type = atoi(value)) > 0;
391 return 0;
392 }
393
digest_update_fn(void * ctx,const unsigned char * buf,size_t buflen)394 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
395 {
396 return EVP_DigestUpdate(ctx, buf, buflen);
397 }
398
digest_test_run(EVP_TEST * t)399 static int digest_test_run(EVP_TEST *t)
400 {
401 DIGEST_DATA *expected = t->data;
402 EVP_TEST_BUFFER *inbuf;
403 EVP_MD_CTX *mctx;
404 unsigned char *got = NULL;
405 unsigned int got_len;
406 size_t size = 0;
407 int xof = 0;
408 OSSL_PARAM params[2];
409
410 t->err = "TEST_FAILURE";
411 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
412 goto err;
413
414 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
415 expected->output_len : EVP_MAX_MD_SIZE);
416 if (!TEST_ptr(got))
417 goto err;
418
419 if (!EVP_DigestInit_ex(mctx, expected->digest, NULL)) {
420 t->err = "DIGESTINIT_ERROR";
421 goto err;
422 }
423 if (expected->pad_type > 0) {
424 params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
425 &expected->pad_type);
426 params[1] = OSSL_PARAM_construct_end();
427 if (!TEST_int_gt(EVP_MD_CTX_set_params(mctx, params), 0)) {
428 t->err = "PARAMS_ERROR";
429 goto err;
430 }
431 }
432 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
433 t->err = "DIGESTUPDATE_ERROR";
434 goto err;
435 }
436
437 xof = (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0;
438 if (xof) {
439 EVP_MD_CTX *mctx_cpy;
440 char dont[] = "touch";
441
442 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
443 goto err;
444 }
445 if (!EVP_MD_CTX_copy(mctx_cpy, mctx)) {
446 EVP_MD_CTX_free(mctx_cpy);
447 goto err;
448 }
449 if (!EVP_DigestFinalXOF(mctx_cpy, (unsigned char *)dont, 0)) {
450 EVP_MD_CTX_free(mctx_cpy);
451 t->err = "DIGESTFINALXOF_ERROR";
452 goto err;
453 }
454 if (!TEST_str_eq(dont, "touch")) {
455 EVP_MD_CTX_free(mctx_cpy);
456 t->err = "DIGESTFINALXOF_ERROR";
457 goto err;
458 }
459 EVP_MD_CTX_free(mctx_cpy);
460
461 got_len = expected->output_len;
462 if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
463 t->err = "DIGESTFINALXOF_ERROR";
464 goto err;
465 }
466 } else {
467 if (!EVP_DigestFinal(mctx, got, &got_len)) {
468 t->err = "DIGESTFINAL_ERROR";
469 goto err;
470 }
471 }
472 if (!TEST_int_eq(expected->output_len, got_len)) {
473 t->err = "DIGEST_LENGTH_MISMATCH";
474 goto err;
475 }
476 if (!memory_err_compare(t, "DIGEST_MISMATCH",
477 expected->output, expected->output_len,
478 got, got_len))
479 goto err;
480
481 t->err = NULL;
482
483 /* Test the EVP_Q_digest interface as well */
484 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
485 && !xof
486 /* This should never fail but we need the returned pointer now */
487 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
488 && !inbuf->count_set) {
489 OPENSSL_cleanse(got, got_len);
490 if (!TEST_true(EVP_Q_digest(libctx,
491 EVP_MD_get0_name(expected->fetched_digest),
492 NULL, inbuf->buf, inbuf->buflen,
493 got, &size))
494 || !TEST_mem_eq(got, size,
495 expected->output, expected->output_len)) {
496 t->err = "EVP_Q_digest failed";
497 goto err;
498 }
499 }
500
501 err:
502 OPENSSL_free(got);
503 EVP_MD_CTX_free(mctx);
504 return 1;
505 }
506
507 static const EVP_TEST_METHOD digest_test_method = {
508 "Digest",
509 digest_test_init,
510 digest_test_cleanup,
511 digest_test_parse,
512 digest_test_run
513 };
514
515 /**
516 *** CIPHER TESTS
517 **/
518
519 typedef struct cipher_data_st {
520 const EVP_CIPHER *cipher;
521 EVP_CIPHER *fetched_cipher;
522 int enc;
523 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
524 int aead;
525 unsigned char *key;
526 size_t key_len;
527 size_t key_bits; /* Used by RC2 */
528 unsigned char *iv;
529 unsigned char *next_iv; /* Expected IV state after operation */
530 unsigned int rounds;
531 size_t iv_len;
532 unsigned char *plaintext;
533 size_t plaintext_len;
534 unsigned char *ciphertext;
535 size_t ciphertext_len;
536 /* AEAD ciphers only */
537 unsigned char *aad[AAD_NUM];
538 size_t aad_len[AAD_NUM];
539 int tls_aad;
540 int tls_version;
541 unsigned char *tag;
542 const char *cts_mode;
543 size_t tag_len;
544 int tag_late;
545 unsigned char *mac_key;
546 size_t mac_key_len;
547 } CIPHER_DATA;
548
cipher_test_init(EVP_TEST * t,const char * alg)549 static int cipher_test_init(EVP_TEST *t, const char *alg)
550 {
551 const EVP_CIPHER *cipher;
552 EVP_CIPHER *fetched_cipher;
553 CIPHER_DATA *cdat;
554 int m;
555
556 if (is_cipher_disabled(alg)) {
557 t->skip = 1;
558 TEST_info("skipping, '%s' is disabled", alg);
559 return 1;
560 }
561
562 ERR_set_mark();
563 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, NULL)) == NULL
564 && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
565 /* a stitched cipher might not be available */
566 if (strstr(alg, "HMAC") != NULL) {
567 ERR_pop_to_mark();
568 t->skip = 1;
569 TEST_info("skipping, '%s' is not available", alg);
570 return 1;
571 }
572 ERR_clear_last_mark();
573 return 0;
574 }
575 ERR_clear_last_mark();
576
577 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
578 return 0;
579
580 cdat->cipher = cipher;
581 cdat->fetched_cipher = fetched_cipher;
582 cdat->enc = -1;
583 m = EVP_CIPHER_get_mode(cipher);
584 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
585 cdat->aead = m != 0 ? m : -1;
586 else
587 cdat->aead = 0;
588
589 t->data = cdat;
590 if (fetched_cipher != NULL)
591 TEST_info("%s is fetched", alg);
592 return 1;
593 }
594
cipher_test_cleanup(EVP_TEST * t)595 static void cipher_test_cleanup(EVP_TEST *t)
596 {
597 int i;
598 CIPHER_DATA *cdat = t->data;
599
600 OPENSSL_free(cdat->key);
601 OPENSSL_free(cdat->iv);
602 OPENSSL_free(cdat->next_iv);
603 OPENSSL_free(cdat->ciphertext);
604 OPENSSL_free(cdat->plaintext);
605 for (i = 0; i < AAD_NUM; i++)
606 OPENSSL_free(cdat->aad[i]);
607 OPENSSL_free(cdat->tag);
608 OPENSSL_free(cdat->mac_key);
609 EVP_CIPHER_free(cdat->fetched_cipher);
610 }
611
cipher_test_parse(EVP_TEST * t,const char * keyword,const char * value)612 static int cipher_test_parse(EVP_TEST *t, const char *keyword,
613 const char *value)
614 {
615 CIPHER_DATA *cdat = t->data;
616 int i;
617
618 if (strcmp(keyword, "Key") == 0)
619 return parse_bin(value, &cdat->key, &cdat->key_len);
620 if (strcmp(keyword, "Rounds") == 0) {
621 i = atoi(value);
622 if (i < 0)
623 return -1;
624 cdat->rounds = (unsigned int)i;
625 return 1;
626 }
627 if (strcmp(keyword, "IV") == 0)
628 return parse_bin(value, &cdat->iv, &cdat->iv_len);
629 if (strcmp(keyword, "NextIV") == 0)
630 return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
631 if (strcmp(keyword, "Plaintext") == 0)
632 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
633 if (strcmp(keyword, "Ciphertext") == 0)
634 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
635 if (strcmp(keyword, "KeyBits") == 0) {
636 i = atoi(value);
637 if (i < 0)
638 return -1;
639 cdat->key_bits = (size_t)i;
640 return 1;
641 }
642 if (cdat->aead) {
643 int tls_aad = 0;
644
645 if (strcmp(keyword, "TLSAAD") == 0)
646 cdat->tls_aad = tls_aad = 1;
647 if (strcmp(keyword, "AAD") == 0 || tls_aad) {
648 for (i = 0; i < AAD_NUM; i++) {
649 if (cdat->aad[i] == NULL)
650 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
651 }
652 return -1;
653 }
654 if (strcmp(keyword, "Tag") == 0)
655 return parse_bin(value, &cdat->tag, &cdat->tag_len);
656 if (strcmp(keyword, "SetTagLate") == 0) {
657 if (strcmp(value, "TRUE") == 0)
658 cdat->tag_late = 1;
659 else if (strcmp(value, "FALSE") == 0)
660 cdat->tag_late = 0;
661 else
662 return -1;
663 return 1;
664 }
665 if (strcmp(keyword, "MACKey") == 0)
666 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
667 if (strcmp(keyword, "TLSVersion") == 0) {
668 char *endptr;
669
670 cdat->tls_version = (int)strtol(value, &endptr, 0);
671 return value[0] != '\0' && endptr[0] == '\0';
672 }
673 }
674
675 if (strcmp(keyword, "Operation") == 0) {
676 if (strcmp(value, "ENCRYPT") == 0)
677 cdat->enc = 1;
678 else if (strcmp(value, "DECRYPT") == 0)
679 cdat->enc = 0;
680 else
681 return -1;
682 return 1;
683 }
684 if (strcmp(keyword, "CTSMode") == 0) {
685 cdat->cts_mode = value;
686 return 1;
687 }
688 return 0;
689 }
690
cipher_test_enc(EVP_TEST * t,int enc,size_t out_misalign,size_t inp_misalign,int frag)691 static int cipher_test_enc(EVP_TEST *t, int enc,
692 size_t out_misalign, size_t inp_misalign, int frag)
693 {
694 CIPHER_DATA *expected = t->data;
695 unsigned char *in, *expected_out, *tmp = NULL;
696 size_t in_len, out_len, donelen = 0;
697 int ok = 0, tmplen, chunklen, tmpflen, i;
698 EVP_CIPHER_CTX *ctx_base = NULL;
699 EVP_CIPHER_CTX *ctx = NULL;
700
701 t->err = "TEST_FAILURE";
702 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
703 goto err;
704 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
705 goto err;
706 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
707 if (enc) {
708 in = expected->plaintext;
709 in_len = expected->plaintext_len;
710 expected_out = expected->ciphertext;
711 out_len = expected->ciphertext_len;
712 } else {
713 in = expected->ciphertext;
714 in_len = expected->ciphertext_len;
715 expected_out = expected->plaintext;
716 out_len = expected->plaintext_len;
717 }
718 if (inp_misalign == (size_t)-1) {
719 /* Exercise in-place encryption */
720 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
721 if (!tmp)
722 goto err;
723 in = memcpy(tmp + out_misalign, in, in_len);
724 } else {
725 inp_misalign += 16 - ((out_misalign + in_len) & 15);
726 /*
727 * 'tmp' will store both output and copy of input. We make the copy
728 * of input to specifically aligned part of 'tmp'. So we just
729 * figured out how much padding would ensure the required alignment,
730 * now we allocate extended buffer and finally copy the input just
731 * past inp_misalign in expression below. Output will be written
732 * past out_misalign...
733 */
734 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
735 inp_misalign + in_len);
736 if (!tmp)
737 goto err;
738 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
739 inp_misalign, in, in_len);
740 }
741 if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) {
742 t->err = "CIPHERINIT_ERROR";
743 goto err;
744 }
745 if (expected->cts_mode != NULL) {
746 OSSL_PARAM params[2];
747
748 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
749 (char *)expected->cts_mode,
750 0);
751 params[1] = OSSL_PARAM_construct_end();
752 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
753 t->err = "INVALID_CTS_MODE";
754 goto err;
755 }
756 }
757 if (expected->iv) {
758 if (expected->aead) {
759 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
760 expected->iv_len, 0)) {
761 t->err = "INVALID_IV_LENGTH";
762 goto err;
763 }
764 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
765 t->err = "INVALID_IV_LENGTH";
766 goto err;
767 }
768 }
769 if (expected->aead && !expected->tls_aad) {
770 unsigned char *tag;
771 /*
772 * If encrypting or OCB just set tag length initially, otherwise
773 * set tag length and value.
774 */
775 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
776 t->err = "TAG_LENGTH_SET_ERROR";
777 tag = NULL;
778 } else {
779 t->err = "TAG_SET_ERROR";
780 tag = expected->tag;
781 }
782 if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
783 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
784 expected->tag_len, tag))
785 goto err;
786 }
787 }
788
789 if (expected->rounds > 0) {
790 int rounds = (int)expected->rounds;
791
792 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)) {
793 t->err = "INVALID_ROUNDS";
794 goto err;
795 }
796 }
797
798 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
799 t->err = "INVALID_KEY_LENGTH";
800 goto err;
801 }
802 if (expected->key_bits > 0) {
803 int bits = (int)expected->key_bits;
804
805 if (!EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL)) {
806 t->err = "INVALID KEY BITS";
807 goto err;
808 }
809 }
810 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
811 t->err = "KEY_SET_ERROR";
812 goto err;
813 }
814
815 /* Check that we get the same IV back */
816 if (expected->iv != NULL) {
817 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
818 unsigned char iv[128];
819 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
820 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
821 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
822 expected->iv_len))) {
823 t->err = "INVALID_IV";
824 goto err;
825 }
826 }
827
828 /* Test that the cipher dup functions correctly if it is supported */
829 ERR_set_mark();
830 if (EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
831 EVP_CIPHER_CTX_free(ctx_base);
832 ctx_base = NULL;
833 } else {
834 EVP_CIPHER_CTX_free(ctx);
835 ctx = ctx_base;
836 }
837 ERR_pop_to_mark();
838
839 if (expected->mac_key != NULL
840 && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
841 (int)expected->mac_key_len,
842 (void *)expected->mac_key)) {
843 t->err = "SET_MAC_KEY_ERROR";
844 goto err;
845 }
846
847 if (expected->tls_version) {
848 OSSL_PARAM params[2];
849
850 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
851 &expected->tls_version);
852 params[1] = OSSL_PARAM_construct_end();
853 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
854 t->err = "SET_TLS_VERSION_ERROR";
855 goto err;
856 }
857 }
858
859 if (expected->aead == EVP_CIPH_CCM_MODE) {
860 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
861 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
862 goto err;
863 }
864 }
865 if (expected->aad[0] != NULL && !expected->tls_aad) {
866 t->err = "AAD_SET_ERROR";
867 if (!frag) {
868 for (i = 0; expected->aad[i] != NULL; i++) {
869 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i],
870 expected->aad_len[i]))
871 goto err;
872 }
873 } else {
874 /*
875 * Supply the AAD in chunks less than the block size where possible
876 */
877 for (i = 0; expected->aad[i] != NULL; i++) {
878 if (expected->aad_len[i] > 0) {
879 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
880 goto err;
881 donelen++;
882 }
883 if (expected->aad_len[i] > 2) {
884 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
885 expected->aad[i] + donelen,
886 expected->aad_len[i] - 2))
887 goto err;
888 donelen += expected->aad_len[i] - 2;
889 }
890 if (expected->aad_len[i] > 1
891 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
892 expected->aad[i] + donelen, 1))
893 goto err;
894 }
895 }
896 }
897
898 if (expected->tls_aad) {
899 OSSL_PARAM params[2];
900 char *tls_aad;
901
902 /* duplicate the aad as the implementation might modify it */
903 if ((tls_aad = OPENSSL_memdup(expected->aad[0],
904 expected->aad_len[0])) == NULL)
905 goto err;
906 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
907 tls_aad,
908 expected->aad_len[0]);
909 params[1] = OSSL_PARAM_construct_end();
910 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
911 OPENSSL_free(tls_aad);
912 t->err = "TLS1_AAD_ERROR";
913 goto err;
914 }
915 OPENSSL_free(tls_aad);
916 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
917 || expected->tag_late)) {
918 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
919 expected->tag_len, expected->tag)) {
920 t->err = "TAG_SET_ERROR";
921 goto err;
922 }
923 }
924
925 EVP_CIPHER_CTX_set_padding(ctx, 0);
926 t->err = "CIPHERUPDATE_ERROR";
927 tmplen = 0;
928 if (!frag) {
929 /* We supply the data all in one go */
930 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
931 goto err;
932 } else {
933 /* Supply the data in chunks less than the block size where possible */
934 if (in_len > 0) {
935 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
936 goto err;
937 tmplen += chunklen;
938 in++;
939 in_len--;
940 }
941 if (in_len > 1) {
942 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
943 in, in_len - 1))
944 goto err;
945 tmplen += chunklen;
946 in += in_len - 1;
947 in_len = 1;
948 }
949 if (in_len > 0 ) {
950 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
951 in, 1))
952 goto err;
953 tmplen += chunklen;
954 }
955 }
956 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
957 t->err = "CIPHERFINAL_ERROR";
958 goto err;
959 }
960 if (!enc && expected->tls_aad) {
961 if (expected->tls_version >= TLS1_1_VERSION
962 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
963 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
964 tmplen -= expected->iv_len;
965 expected_out += expected->iv_len;
966 out_misalign += expected->iv_len;
967 }
968 if ((int)out_len > tmplen + tmpflen)
969 out_len = tmplen + tmpflen;
970 }
971 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
972 tmp + out_misalign, tmplen + tmpflen))
973 goto err;
974 if (enc && expected->aead && !expected->tls_aad) {
975 unsigned char rtag[16];
976
977 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
978 t->err = "TAG_LENGTH_INTERNAL_ERROR";
979 goto err;
980 }
981 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
982 expected->tag_len, rtag)) {
983 t->err = "TAG_RETRIEVE_ERROR";
984 goto err;
985 }
986 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
987 expected->tag, expected->tag_len,
988 rtag, expected->tag_len))
989 goto err;
990 }
991 /* Check the updated IV */
992 if (expected->next_iv != NULL) {
993 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
994 unsigned char iv[128];
995 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
996 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
997 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
998 expected->iv_len))) {
999 t->err = "INVALID_NEXT_IV";
1000 goto err;
1001 }
1002 }
1003
1004 t->err = NULL;
1005 ok = 1;
1006 err:
1007 OPENSSL_free(tmp);
1008 if (ctx != ctx_base)
1009 EVP_CIPHER_CTX_free(ctx_base);
1010 EVP_CIPHER_CTX_free(ctx);
1011 return ok;
1012 }
1013
cipher_test_run(EVP_TEST * t)1014 static int cipher_test_run(EVP_TEST *t)
1015 {
1016 CIPHER_DATA *cdat = t->data;
1017 int rv, frag = 0;
1018 size_t out_misalign, inp_misalign;
1019
1020 if (!cdat->key) {
1021 t->err = "NO_KEY";
1022 return 0;
1023 }
1024 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) {
1025 /* IV is optional and usually omitted in wrap mode */
1026 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
1027 t->err = "NO_IV";
1028 return 0;
1029 }
1030 }
1031 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
1032 t->err = "NO_TAG";
1033 return 0;
1034 }
1035 for (out_misalign = 0; out_misalign <= 1;) {
1036 static char aux_err[64];
1037 t->aux_err = aux_err;
1038 for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
1039 if (inp_misalign == (size_t)-1) {
1040 /* kludge: inp_misalign == -1 means "exercise in-place" */
1041 BIO_snprintf(aux_err, sizeof(aux_err),
1042 "%s in-place, %sfragmented",
1043 out_misalign ? "misaligned" : "aligned",
1044 frag ? "" : "not ");
1045 } else {
1046 BIO_snprintf(aux_err, sizeof(aux_err),
1047 "%s output and %s input, %sfragmented",
1048 out_misalign ? "misaligned" : "aligned",
1049 inp_misalign ? "misaligned" : "aligned",
1050 frag ? "" : "not ");
1051 }
1052 if (cdat->enc) {
1053 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag);
1054 /* Not fatal errors: return */
1055 if (rv != 1) {
1056 if (rv < 0)
1057 return 0;
1058 return 1;
1059 }
1060 }
1061 if (cdat->enc != 1) {
1062 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag);
1063 /* Not fatal errors: return */
1064 if (rv != 1) {
1065 if (rv < 0)
1066 return 0;
1067 return 1;
1068 }
1069 }
1070 }
1071
1072 if (out_misalign == 1 && frag == 0) {
1073 /*
1074 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special
1075 * requirements about input lengths so we don't fragment for those
1076 */
1077 if (cdat->aead == EVP_CIPH_CCM_MODE
1078 || cdat->aead == EVP_CIPH_CBC_MODE
1079 || (cdat->aead == -1
1080 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
1081 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
1082 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
1083 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
1084 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
1085 break;
1086 out_misalign = 0;
1087 frag++;
1088 } else {
1089 out_misalign++;
1090 }
1091 }
1092 t->aux_err = NULL;
1093
1094 return 1;
1095 }
1096
1097 static const EVP_TEST_METHOD cipher_test_method = {
1098 "Cipher",
1099 cipher_test_init,
1100 cipher_test_cleanup,
1101 cipher_test_parse,
1102 cipher_test_run
1103 };
1104
1105
1106 /**
1107 ** MAC TESTS
1108 **/
1109
1110 typedef struct mac_data_st {
1111 /* MAC type in one form or another */
1112 char *mac_name;
1113 EVP_MAC *mac; /* for mac_test_run_mac */
1114 int type; /* for mac_test_run_pkey */
1115 /* Algorithm string for this MAC */
1116 char *alg;
1117 /* MAC key */
1118 unsigned char *key;
1119 size_t key_len;
1120 /* MAC IV (GMAC) */
1121 unsigned char *iv;
1122 size_t iv_len;
1123 /* Input to MAC */
1124 unsigned char *input;
1125 size_t input_len;
1126 /* Expected output */
1127 unsigned char *output;
1128 size_t output_len;
1129 unsigned char *custom;
1130 size_t custom_len;
1131 /* MAC salt (blake2) */
1132 unsigned char *salt;
1133 size_t salt_len;
1134 /* XOF mode? */
1135 int xof;
1136 /* Collection of controls */
1137 STACK_OF(OPENSSL_STRING) *controls;
1138 /* Output size */
1139 int output_size;
1140 /* Block size */
1141 int block_size;
1142 } MAC_DATA;
1143
mac_test_init(EVP_TEST * t,const char * alg)1144 static int mac_test_init(EVP_TEST *t, const char *alg)
1145 {
1146 EVP_MAC *mac = NULL;
1147 int type = NID_undef;
1148 MAC_DATA *mdat;
1149
1150 if (is_mac_disabled(alg)) {
1151 TEST_info("skipping, '%s' is disabled", alg);
1152 t->skip = 1;
1153 return 1;
1154 }
1155 if ((mac = EVP_MAC_fetch(libctx, alg, NULL)) == NULL) {
1156 /*
1157 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
1158 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
1159 * the EVP_PKEY method.
1160 */
1161 size_t sz = strlen(alg);
1162 static const char epilogue[] = " by EVP_PKEY";
1163
1164 if (sz >= sizeof(epilogue)
1165 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
1166 sz -= sizeof(epilogue) - 1;
1167
1168 if (strncmp(alg, "HMAC", sz) == 0)
1169 type = EVP_PKEY_HMAC;
1170 else if (strncmp(alg, "CMAC", sz) == 0)
1171 type = EVP_PKEY_CMAC;
1172 else if (strncmp(alg, "Poly1305", sz) == 0)
1173 type = EVP_PKEY_POLY1305;
1174 else if (strncmp(alg, "SipHash", sz) == 0)
1175 type = EVP_PKEY_SIPHASH;
1176 else
1177 return 0;
1178 }
1179
1180 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
1181 return 0;
1182
1183 mdat->type = type;
1184 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
1185 OPENSSL_free(mdat);
1186 return 0;
1187 }
1188
1189 mdat->mac = mac;
1190 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
1191 OPENSSL_free(mdat->mac_name);
1192 OPENSSL_free(mdat);
1193 return 0;
1194 }
1195
1196 mdat->output_size = mdat->block_size = -1;
1197 t->data = mdat;
1198 return 1;
1199 }
1200
1201 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
openssl_free(char * m)1202 static void openssl_free(char *m)
1203 {
1204 OPENSSL_free(m);
1205 }
1206
mac_test_cleanup(EVP_TEST * t)1207 static void mac_test_cleanup(EVP_TEST *t)
1208 {
1209 MAC_DATA *mdat = t->data;
1210
1211 EVP_MAC_free(mdat->mac);
1212 OPENSSL_free(mdat->mac_name);
1213 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
1214 OPENSSL_free(mdat->alg);
1215 OPENSSL_free(mdat->key);
1216 OPENSSL_free(mdat->iv);
1217 OPENSSL_free(mdat->custom);
1218 OPENSSL_free(mdat->salt);
1219 OPENSSL_free(mdat->input);
1220 OPENSSL_free(mdat->output);
1221 }
1222
mac_test_parse(EVP_TEST * t,const char * keyword,const char * value)1223 static int mac_test_parse(EVP_TEST *t,
1224 const char *keyword, const char *value)
1225 {
1226 MAC_DATA *mdata = t->data;
1227
1228 if (strcmp(keyword, "Key") == 0)
1229 return parse_bin(value, &mdata->key, &mdata->key_len);
1230 if (strcmp(keyword, "IV") == 0)
1231 return parse_bin(value, &mdata->iv, &mdata->iv_len);
1232 if (strcmp(keyword, "Custom") == 0)
1233 return parse_bin(value, &mdata->custom, &mdata->custom_len);
1234 if (strcmp(keyword, "Salt") == 0)
1235 return parse_bin(value, &mdata->salt, &mdata->salt_len);
1236 if (strcmp(keyword, "Algorithm") == 0) {
1237 mdata->alg = OPENSSL_strdup(value);
1238 if (!mdata->alg)
1239 return -1;
1240 return 1;
1241 }
1242 if (strcmp(keyword, "Input") == 0)
1243 return parse_bin(value, &mdata->input, &mdata->input_len);
1244 if (strcmp(keyword, "Output") == 0)
1245 return parse_bin(value, &mdata->output, &mdata->output_len);
1246 if (strcmp(keyword, "XOF") == 0)
1247 return mdata->xof = 1;
1248 if (strcmp(keyword, "Ctrl") == 0)
1249 return sk_OPENSSL_STRING_push(mdata->controls,
1250 OPENSSL_strdup(value)) != 0;
1251 if (strcmp(keyword, "OutputSize") == 0) {
1252 mdata->output_size = atoi(value);
1253 if (mdata->output_size < 0)
1254 return -1;
1255 return 1;
1256 }
1257 if (strcmp(keyword, "BlockSize") == 0) {
1258 mdata->block_size = atoi(value);
1259 if (mdata->block_size < 0)
1260 return -1;
1261 return 1;
1262 }
1263 return 0;
1264 }
1265
mac_test_ctrl_pkey(EVP_TEST * t,EVP_PKEY_CTX * pctx,const char * value)1266 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1267 const char *value)
1268 {
1269 int rv = 0;
1270 char *p, *tmpval;
1271
1272 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1273 return 0;
1274 p = strchr(tmpval, ':');
1275 if (p != NULL) {
1276 *p++ = '\0';
1277 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1278 }
1279 if (rv == -2)
1280 t->err = "PKEY_CTRL_INVALID";
1281 else if (rv <= 0)
1282 t->err = "PKEY_CTRL_ERROR";
1283 else
1284 rv = 1;
1285 OPENSSL_free(tmpval);
1286 return rv > 0;
1287 }
1288
mac_test_run_pkey(EVP_TEST * t)1289 static int mac_test_run_pkey(EVP_TEST *t)
1290 {
1291 MAC_DATA *expected = t->data;
1292 EVP_MD_CTX *mctx = NULL;
1293 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1294 EVP_PKEY *key = NULL;
1295 const char *mdname = NULL;
1296 EVP_CIPHER *cipher = NULL;
1297 unsigned char *got = NULL;
1298 size_t got_len;
1299 int i;
1300
1301 /* We don't do XOF mode via PKEY */
1302 if (expected->xof)
1303 return 1;
1304
1305 if (expected->alg == NULL)
1306 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1307 else
1308 TEST_info("Trying the EVP_PKEY %s test with %s",
1309 OBJ_nid2sn(expected->type), expected->alg);
1310
1311 if (expected->type == EVP_PKEY_CMAC) {
1312 #ifdef OPENSSL_NO_DEPRECATED_3_0
1313 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1314 t->skip = 1;
1315 t->err = NULL;
1316 goto err;
1317 #else
1318 OSSL_LIB_CTX *tmpctx;
1319
1320 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
1321 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1322 t->skip = 1;
1323 t->err = NULL;
1324 goto err;
1325 }
1326 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, NULL))) {
1327 t->err = "MAC_KEY_CREATE_ERROR";
1328 goto err;
1329 }
1330 tmpctx = OSSL_LIB_CTX_set0_default(libctx);
1331 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1332 cipher);
1333 OSSL_LIB_CTX_set0_default(tmpctx);
1334 #endif
1335 } else {
1336 key = EVP_PKEY_new_raw_private_key_ex(libctx,
1337 OBJ_nid2sn(expected->type), NULL,
1338 expected->key, expected->key_len);
1339 }
1340 if (key == NULL) {
1341 t->err = "MAC_KEY_CREATE_ERROR";
1342 goto err;
1343 }
1344
1345 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
1346 if (is_digest_disabled(expected->alg)) {
1347 TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
1348 t->skip = 1;
1349 t->err = NULL;
1350 goto err;
1351 }
1352 mdname = expected->alg;
1353 }
1354 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1355 t->err = "INTERNAL_ERROR";
1356 goto err;
1357 }
1358 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
1359 t->err = "DIGESTSIGNINIT_ERROR";
1360 goto err;
1361 }
1362 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
1363 if (!mac_test_ctrl_pkey(t, pctx,
1364 sk_OPENSSL_STRING_value(expected->controls,
1365 i))) {
1366 t->err = "EVPPKEYCTXCTRL_ERROR";
1367 goto err;
1368 }
1369 if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
1370 t->err = "DIGESTSIGNUPDATE_ERROR";
1371 goto err;
1372 }
1373 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
1374 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1375 goto err;
1376 }
1377 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1378 t->err = "TEST_FAILURE";
1379 goto err;
1380 }
1381 if (!EVP_DigestSignFinal(mctx, got, &got_len)
1382 || !memory_err_compare(t, "TEST_MAC_ERR",
1383 expected->output, expected->output_len,
1384 got, got_len)) {
1385 t->err = "TEST_MAC_ERR";
1386 goto err;
1387 }
1388 t->err = NULL;
1389 err:
1390 EVP_CIPHER_free(cipher);
1391 EVP_MD_CTX_free(mctx);
1392 OPENSSL_free(got);
1393 EVP_PKEY_CTX_free(genctx);
1394 EVP_PKEY_free(key);
1395 return 1;
1396 }
1397
mac_test_run_mac(EVP_TEST * t)1398 static int mac_test_run_mac(EVP_TEST *t)
1399 {
1400 MAC_DATA *expected = t->data;
1401 EVP_MAC_CTX *ctx = NULL;
1402 unsigned char *got = NULL;
1403 size_t got_len = 0, size = 0;
1404 int i, block_size = -1, output_size = -1;
1405 OSSL_PARAM params[21], sizes[3], *psizes = sizes;
1406 size_t params_n = 0;
1407 size_t params_n_allocstart = 0;
1408 const OSSL_PARAM *defined_params =
1409 EVP_MAC_settable_ctx_params(expected->mac);
1410 int xof;
1411
1412 if (expected->alg == NULL)
1413 TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
1414 else
1415 TEST_info("Trying the EVP_MAC %s test with %s",
1416 expected->mac_name, expected->alg);
1417
1418 if (expected->alg != NULL) {
1419 /*
1420 * The underlying algorithm may be a cipher or a digest.
1421 * We don't know which it is, but we can ask the MAC what it
1422 * should be and bet on that.
1423 */
1424 if (OSSL_PARAM_locate_const(defined_params,
1425 OSSL_MAC_PARAM_CIPHER) != NULL) {
1426 params[params_n++] =
1427 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
1428 expected->alg, 0);
1429 } else if (OSSL_PARAM_locate_const(defined_params,
1430 OSSL_MAC_PARAM_DIGEST) != NULL) {
1431 params[params_n++] =
1432 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1433 expected->alg, 0);
1434 } else {
1435 t->err = "MAC_BAD_PARAMS";
1436 goto err;
1437 }
1438 }
1439 if (expected->custom != NULL)
1440 params[params_n++] =
1441 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1442 expected->custom,
1443 expected->custom_len);
1444 if (expected->salt != NULL)
1445 params[params_n++] =
1446 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1447 expected->salt,
1448 expected->salt_len);
1449 if (expected->iv != NULL)
1450 params[params_n++] =
1451 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1452 expected->iv,
1453 expected->iv_len);
1454
1455 /* Unknown controls. They must match parameters that the MAC recognizes */
1456 if (params_n + sk_OPENSSL_STRING_num(expected->controls)
1457 >= OSSL_NELEM(params)) {
1458 t->err = "MAC_TOO_MANY_PARAMETERS";
1459 goto err;
1460 }
1461 params_n_allocstart = params_n;
1462 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
1463 char *tmpkey, *tmpval;
1464 char *value = sk_OPENSSL_STRING_value(expected->controls, i);
1465
1466 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
1467 t->err = "MAC_PARAM_ERROR";
1468 goto err;
1469 }
1470 tmpval = strchr(tmpkey, ':');
1471 if (tmpval != NULL)
1472 *tmpval++ = '\0';
1473
1474 if (tmpval == NULL
1475 || !OSSL_PARAM_allocate_from_text(¶ms[params_n],
1476 defined_params,
1477 tmpkey, tmpval,
1478 strlen(tmpval), NULL)) {
1479 OPENSSL_free(tmpkey);
1480 t->err = "MAC_PARAM_ERROR";
1481 goto err;
1482 }
1483 params_n++;
1484
1485 OPENSSL_free(tmpkey);
1486 }
1487 params[params_n] = OSSL_PARAM_construct_end();
1488
1489 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
1490 t->err = "MAC_CREATE_ERROR";
1491 goto err;
1492 }
1493
1494 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
1495 t->err = "MAC_INIT_ERROR";
1496 goto err;
1497 }
1498 if (expected->output_size >= 0)
1499 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
1500 &output_size);
1501 if (expected->block_size >= 0)
1502 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
1503 &block_size);
1504 if (psizes != sizes) {
1505 *psizes = OSSL_PARAM_construct_end();
1506 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
1507 t->err = "INTERNAL_ERROR";
1508 goto err;
1509 }
1510 if (expected->output_size >= 0
1511 && !TEST_int_eq(output_size, expected->output_size)) {
1512 t->err = "TEST_FAILURE";
1513 goto err;
1514 }
1515 if (expected->block_size >= 0
1516 && !TEST_int_eq(block_size, expected->block_size)) {
1517 t->err = "TEST_FAILURE";
1518 goto err;
1519 }
1520 }
1521 if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
1522 t->err = "MAC_UPDATE_ERROR";
1523 goto err;
1524 }
1525 xof = expected->xof;
1526 if (xof) {
1527 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
1528 t->err = "TEST_FAILURE";
1529 goto err;
1530 }
1531 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
1532 || !memory_err_compare(t, "TEST_MAC_ERR",
1533 expected->output, expected->output_len,
1534 got, expected->output_len)) {
1535 t->err = "MAC_FINAL_ERROR";
1536 goto err;
1537 }
1538 } else {
1539 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
1540 t->err = "MAC_FINAL_LENGTH_ERROR";
1541 goto err;
1542 }
1543 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1544 t->err = "TEST_FAILURE";
1545 goto err;
1546 }
1547 if (!EVP_MAC_final(ctx, got, &got_len, got_len)
1548 || !memory_err_compare(t, "TEST_MAC_ERR",
1549 expected->output, expected->output_len,
1550 got, got_len)) {
1551 t->err = "TEST_MAC_ERR";
1552 goto err;
1553 }
1554 }
1555 t->err = NULL;
1556
1557 /* Test the EVP_Q_mac interface as well */
1558 if (!xof) {
1559 OPENSSL_cleanse(got, got_len);
1560 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
1561 expected->alg, params,
1562 expected->key, expected->key_len,
1563 expected->input, expected->input_len,
1564 got, got_len, &size))
1565 || !TEST_mem_eq(got, size,
1566 expected->output, expected->output_len)) {
1567 t->err = "EVP_Q_mac failed";
1568 goto err;
1569 }
1570 }
1571 err:
1572 while (params_n-- > params_n_allocstart) {
1573 OPENSSL_free(params[params_n].data);
1574 }
1575 EVP_MAC_CTX_free(ctx);
1576 OPENSSL_free(got);
1577 return 1;
1578 }
1579
mac_test_run(EVP_TEST * t)1580 static int mac_test_run(EVP_TEST *t)
1581 {
1582 MAC_DATA *expected = t->data;
1583
1584 if (expected->mac != NULL)
1585 return mac_test_run_mac(t);
1586 return mac_test_run_pkey(t);
1587 }
1588
1589 static const EVP_TEST_METHOD mac_test_method = {
1590 "MAC",
1591 mac_test_init,
1592 mac_test_cleanup,
1593 mac_test_parse,
1594 mac_test_run
1595 };
1596
1597
1598 /**
1599 ** PUBLIC KEY TESTS
1600 ** These are all very similar and share much common code.
1601 **/
1602
1603 typedef struct pkey_data_st {
1604 /* Context for this operation */
1605 EVP_PKEY_CTX *ctx;
1606 /* Key operation to perform */
1607 int (*keyop) (EVP_PKEY_CTX *ctx,
1608 unsigned char *sig, size_t *siglen,
1609 const unsigned char *tbs, size_t tbslen);
1610 /* Input to MAC */
1611 unsigned char *input;
1612 size_t input_len;
1613 /* Expected output */
1614 unsigned char *output;
1615 size_t output_len;
1616 } PKEY_DATA;
1617
1618 /*
1619 * Perform public key operation setup: lookup key, allocated ctx and call
1620 * the appropriate initialisation function
1621 */
pkey_test_init(EVP_TEST * t,const char * name,int use_public,int (* keyopinit)(EVP_PKEY_CTX * ctx),int (* keyop)(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen))1622 static int pkey_test_init(EVP_TEST *t, const char *name,
1623 int use_public,
1624 int (*keyopinit) (EVP_PKEY_CTX *ctx),
1625 int (*keyop)(EVP_PKEY_CTX *ctx,
1626 unsigned char *sig, size_t *siglen,
1627 const unsigned char *tbs,
1628 size_t tbslen))
1629 {
1630 PKEY_DATA *kdata;
1631 EVP_PKEY *pkey = NULL;
1632 int rv = 0;
1633
1634 if (use_public)
1635 rv = find_key(&pkey, name, public_keys);
1636 if (rv == 0)
1637 rv = find_key(&pkey, name, private_keys);
1638 if (rv == 0 || pkey == NULL) {
1639 TEST_info("skipping, key '%s' is disabled", name);
1640 t->skip = 1;
1641 return 1;
1642 }
1643
1644 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
1645 EVP_PKEY_free(pkey);
1646 return 0;
1647 }
1648 kdata->keyop = keyop;
1649 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL))) {
1650 EVP_PKEY_free(pkey);
1651 OPENSSL_free(kdata);
1652 return 0;
1653 }
1654 if (keyopinit(kdata->ctx) <= 0)
1655 t->err = "KEYOP_INIT_ERROR";
1656 t->data = kdata;
1657 return 1;
1658 }
1659
pkey_test_cleanup(EVP_TEST * t)1660 static void pkey_test_cleanup(EVP_TEST *t)
1661 {
1662 PKEY_DATA *kdata = t->data;
1663
1664 OPENSSL_free(kdata->input);
1665 OPENSSL_free(kdata->output);
1666 EVP_PKEY_CTX_free(kdata->ctx);
1667 }
1668
pkey_test_ctrl(EVP_TEST * t,EVP_PKEY_CTX * pctx,const char * value)1669 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1670 const char *value)
1671 {
1672 int rv = 0;
1673 char *p, *tmpval;
1674
1675 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1676 return 0;
1677 p = strchr(tmpval, ':');
1678 if (p != NULL) {
1679 *p++ = '\0';
1680 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1681 }
1682 if (rv == -2) {
1683 t->err = "PKEY_CTRL_INVALID";
1684 rv = 1;
1685 } else if (p != NULL && rv <= 0) {
1686 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
1687 TEST_info("skipping, '%s' is disabled", p);
1688 t->skip = 1;
1689 rv = 1;
1690 } else {
1691 t->err = "PKEY_CTRL_ERROR";
1692 rv = 1;
1693 }
1694 }
1695 OPENSSL_free(tmpval);
1696 return rv > 0;
1697 }
1698
pkey_test_parse(EVP_TEST * t,const char * keyword,const char * value)1699 static int pkey_test_parse(EVP_TEST *t,
1700 const char *keyword, const char *value)
1701 {
1702 PKEY_DATA *kdata = t->data;
1703 if (strcmp(keyword, "Input") == 0)
1704 return parse_bin(value, &kdata->input, &kdata->input_len);
1705 if (strcmp(keyword, "Output") == 0)
1706 return parse_bin(value, &kdata->output, &kdata->output_len);
1707 if (strcmp(keyword, "Ctrl") == 0)
1708 return pkey_test_ctrl(t, kdata->ctx, value);
1709 return 0;
1710 }
1711
pkey_test_run(EVP_TEST * t)1712 static int pkey_test_run(EVP_TEST *t)
1713 {
1714 PKEY_DATA *expected = t->data;
1715 unsigned char *got = NULL;
1716 size_t got_len;
1717 EVP_PKEY_CTX *copy = NULL;
1718
1719 if (expected->keyop(expected->ctx, NULL, &got_len,
1720 expected->input, expected->input_len) <= 0
1721 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1722 t->err = "KEYOP_LENGTH_ERROR";
1723 goto err;
1724 }
1725 if (expected->keyop(expected->ctx, got, &got_len,
1726 expected->input, expected->input_len) <= 0) {
1727 t->err = "KEYOP_ERROR";
1728 goto err;
1729 }
1730 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1731 expected->output, expected->output_len,
1732 got, got_len))
1733 goto err;
1734
1735 t->err = NULL;
1736 OPENSSL_free(got);
1737 got = NULL;
1738
1739 /* Repeat the test on a copy. */
1740 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
1741 t->err = "INTERNAL_ERROR";
1742 goto err;
1743 }
1744 if (expected->keyop(copy, NULL, &got_len, expected->input,
1745 expected->input_len) <= 0
1746 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1747 t->err = "KEYOP_LENGTH_ERROR";
1748 goto err;
1749 }
1750 if (expected->keyop(copy, got, &got_len, expected->input,
1751 expected->input_len) <= 0) {
1752 t->err = "KEYOP_ERROR";
1753 goto err;
1754 }
1755 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1756 expected->output, expected->output_len,
1757 got, got_len))
1758 goto err;
1759
1760 err:
1761 OPENSSL_free(got);
1762 EVP_PKEY_CTX_free(copy);
1763 return 1;
1764 }
1765
sign_test_init(EVP_TEST * t,const char * name)1766 static int sign_test_init(EVP_TEST *t, const char *name)
1767 {
1768 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
1769 }
1770
1771 static const EVP_TEST_METHOD psign_test_method = {
1772 "Sign",
1773 sign_test_init,
1774 pkey_test_cleanup,
1775 pkey_test_parse,
1776 pkey_test_run
1777 };
1778
verify_recover_test_init(EVP_TEST * t,const char * name)1779 static int verify_recover_test_init(EVP_TEST *t, const char *name)
1780 {
1781 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
1782 EVP_PKEY_verify_recover);
1783 }
1784
1785 static const EVP_TEST_METHOD pverify_recover_test_method = {
1786 "VerifyRecover",
1787 verify_recover_test_init,
1788 pkey_test_cleanup,
1789 pkey_test_parse,
1790 pkey_test_run
1791 };
1792
decrypt_test_init(EVP_TEST * t,const char * name)1793 static int decrypt_test_init(EVP_TEST *t, const char *name)
1794 {
1795 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
1796 EVP_PKEY_decrypt);
1797 }
1798
1799 static const EVP_TEST_METHOD pdecrypt_test_method = {
1800 "Decrypt",
1801 decrypt_test_init,
1802 pkey_test_cleanup,
1803 pkey_test_parse,
1804 pkey_test_run
1805 };
1806
verify_test_init(EVP_TEST * t,const char * name)1807 static int verify_test_init(EVP_TEST *t, const char *name)
1808 {
1809 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
1810 }
1811
verify_test_run(EVP_TEST * t)1812 static int verify_test_run(EVP_TEST *t)
1813 {
1814 PKEY_DATA *kdata = t->data;
1815
1816 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
1817 kdata->input, kdata->input_len) <= 0)
1818 t->err = "VERIFY_ERROR";
1819 return 1;
1820 }
1821
1822 static const EVP_TEST_METHOD pverify_test_method = {
1823 "Verify",
1824 verify_test_init,
1825 pkey_test_cleanup,
1826 pkey_test_parse,
1827 verify_test_run
1828 };
1829
pderive_test_init(EVP_TEST * t,const char * name)1830 static int pderive_test_init(EVP_TEST *t, const char *name)
1831 {
1832 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
1833 }
1834
pderive_test_parse(EVP_TEST * t,const char * keyword,const char * value)1835 static int pderive_test_parse(EVP_TEST *t,
1836 const char *keyword, const char *value)
1837 {
1838 PKEY_DATA *kdata = t->data;
1839 int validate = 0;
1840
1841 if (strcmp(keyword, "PeerKeyValidate") == 0)
1842 validate = 1;
1843
1844 if (validate || strcmp(keyword, "PeerKey") == 0) {
1845 EVP_PKEY *peer;
1846 if (find_key(&peer, value, public_keys) == 0)
1847 return -1;
1848 if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) {
1849 t->err = "DERIVE_SET_PEER_ERROR";
1850 return 1;
1851 }
1852 t->err = NULL;
1853 return 1;
1854 }
1855 if (strcmp(keyword, "SharedSecret") == 0)
1856 return parse_bin(value, &kdata->output, &kdata->output_len);
1857 if (strcmp(keyword, "Ctrl") == 0)
1858 return pkey_test_ctrl(t, kdata->ctx, value);
1859 if (strcmp(keyword, "KDFType") == 0) {
1860 OSSL_PARAM params[2];
1861
1862 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
1863 (char *)value, 0);
1864 params[1] = OSSL_PARAM_construct_end();
1865 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
1866 return -1;
1867 return 1;
1868 }
1869 if (strcmp(keyword, "KDFDigest") == 0) {
1870 OSSL_PARAM params[2];
1871
1872 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
1873 (char *)value, 0);
1874 params[1] = OSSL_PARAM_construct_end();
1875 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
1876 return -1;
1877 return 1;
1878 }
1879 if (strcmp(keyword, "CEKAlg") == 0) {
1880 OSSL_PARAM params[2];
1881
1882 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1883 (char *)value, 0);
1884 params[1] = OSSL_PARAM_construct_end();
1885 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
1886 return -1;
1887 return 1;
1888 }
1889 if (strcmp(keyword, "KDFOutlen") == 0) {
1890 OSSL_PARAM params[2];
1891 char *endptr;
1892 size_t outlen = (size_t)strtoul(value, &endptr, 0);
1893
1894 if (endptr[0] != '\0')
1895 return -1;
1896
1897 params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
1898 &outlen);
1899 params[1] = OSSL_PARAM_construct_end();
1900 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
1901 return -1;
1902 return 1;
1903 }
1904 return 0;
1905 }
1906
pderive_test_run(EVP_TEST * t)1907 static int pderive_test_run(EVP_TEST *t)
1908 {
1909 EVP_PKEY_CTX *dctx = NULL;
1910 PKEY_DATA *expected = t->data;
1911 unsigned char *got = NULL;
1912 size_t got_len;
1913
1914 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
1915 t->err = "DERIVE_ERROR";
1916 goto err;
1917 }
1918
1919 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
1920 || !TEST_size_t_ne(got_len, 0)) {
1921 t->err = "DERIVE_ERROR";
1922 goto err;
1923 }
1924 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1925 t->err = "DERIVE_ERROR";
1926 goto err;
1927 }
1928 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
1929 t->err = "DERIVE_ERROR";
1930 goto err;
1931 }
1932 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
1933 expected->output, expected->output_len,
1934 got, got_len))
1935 goto err;
1936
1937 t->err = NULL;
1938 err:
1939 OPENSSL_free(got);
1940 EVP_PKEY_CTX_free(dctx);
1941 return 1;
1942 }
1943
1944 static const EVP_TEST_METHOD pderive_test_method = {
1945 "Derive",
1946 pderive_test_init,
1947 pkey_test_cleanup,
1948 pderive_test_parse,
1949 pderive_test_run
1950 };
1951
1952
1953 /**
1954 ** PBE TESTS
1955 **/
1956
1957 typedef enum pbe_type_enum {
1958 PBE_TYPE_INVALID = 0,
1959 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
1960 } PBE_TYPE;
1961
1962 typedef struct pbe_data_st {
1963 PBE_TYPE pbe_type;
1964 /* scrypt parameters */
1965 uint64_t N, r, p, maxmem;
1966 /* PKCS#12 parameters */
1967 int id, iter;
1968 const EVP_MD *md;
1969 /* password */
1970 unsigned char *pass;
1971 size_t pass_len;
1972 /* salt */
1973 unsigned char *salt;
1974 size_t salt_len;
1975 /* Expected output */
1976 unsigned char *key;
1977 size_t key_len;
1978 } PBE_DATA;
1979
1980 #ifndef OPENSSL_NO_SCRYPT
1981 /* Parse unsigned decimal 64 bit integer value */
parse_uint64(const char * value,uint64_t * pr)1982 static int parse_uint64(const char *value, uint64_t *pr)
1983 {
1984 const char *p = value;
1985
1986 if (!TEST_true(*p)) {
1987 TEST_info("Invalid empty integer value");
1988 return -1;
1989 }
1990 for (*pr = 0; *p; ) {
1991 if (*pr > UINT64_MAX / 10) {
1992 TEST_error("Integer overflow in string %s", value);
1993 return -1;
1994 }
1995 *pr *= 10;
1996 if (!TEST_true(isdigit((unsigned char)*p))) {
1997 TEST_error("Invalid character in string %s", value);
1998 return -1;
1999 }
2000 *pr += *p - '0';
2001 p++;
2002 }
2003 return 1;
2004 }
2005
scrypt_test_parse(EVP_TEST * t,const char * keyword,const char * value)2006 static int scrypt_test_parse(EVP_TEST *t,
2007 const char *keyword, const char *value)
2008 {
2009 PBE_DATA *pdata = t->data;
2010
2011 if (strcmp(keyword, "N") == 0)
2012 return parse_uint64(value, &pdata->N);
2013 if (strcmp(keyword, "p") == 0)
2014 return parse_uint64(value, &pdata->p);
2015 if (strcmp(keyword, "r") == 0)
2016 return parse_uint64(value, &pdata->r);
2017 if (strcmp(keyword, "maxmem") == 0)
2018 return parse_uint64(value, &pdata->maxmem);
2019 return 0;
2020 }
2021 #endif
2022
pbkdf2_test_parse(EVP_TEST * t,const char * keyword,const char * value)2023 static int pbkdf2_test_parse(EVP_TEST *t,
2024 const char *keyword, const char *value)
2025 {
2026 PBE_DATA *pdata = t->data;
2027
2028 if (strcmp(keyword, "iter") == 0) {
2029 pdata->iter = atoi(value);
2030 if (pdata->iter <= 0)
2031 return -1;
2032 return 1;
2033 }
2034 if (strcmp(keyword, "MD") == 0) {
2035 pdata->md = EVP_get_digestbyname(value);
2036 if (pdata->md == NULL)
2037 return -1;
2038 return 1;
2039 }
2040 return 0;
2041 }
2042
pkcs12_test_parse(EVP_TEST * t,const char * keyword,const char * value)2043 static int pkcs12_test_parse(EVP_TEST *t,
2044 const char *keyword, const char *value)
2045 {
2046 PBE_DATA *pdata = t->data;
2047
2048 if (strcmp(keyword, "id") == 0) {
2049 pdata->id = atoi(value);
2050 if (pdata->id <= 0)
2051 return -1;
2052 return 1;
2053 }
2054 return pbkdf2_test_parse(t, keyword, value);
2055 }
2056
pbe_test_init(EVP_TEST * t,const char * alg)2057 static int pbe_test_init(EVP_TEST *t, const char *alg)
2058 {
2059 PBE_DATA *pdat;
2060 PBE_TYPE pbe_type = PBE_TYPE_INVALID;
2061
2062 if (is_kdf_disabled(alg)) {
2063 TEST_info("skipping, '%s' is disabled", alg);
2064 t->skip = 1;
2065 return 1;
2066 }
2067 if (strcmp(alg, "scrypt") == 0) {
2068 pbe_type = PBE_TYPE_SCRYPT;
2069 } else if (strcmp(alg, "pbkdf2") == 0) {
2070 pbe_type = PBE_TYPE_PBKDF2;
2071 } else if (strcmp(alg, "pkcs12") == 0) {
2072 pbe_type = PBE_TYPE_PKCS12;
2073 } else {
2074 TEST_error("Unknown pbe algorithm %s", alg);
2075 return 0;
2076 }
2077 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
2078 return 0;
2079 pdat->pbe_type = pbe_type;
2080 t->data = pdat;
2081 return 1;
2082 }
2083
pbe_test_cleanup(EVP_TEST * t)2084 static void pbe_test_cleanup(EVP_TEST *t)
2085 {
2086 PBE_DATA *pdat = t->data;
2087
2088 OPENSSL_free(pdat->pass);
2089 OPENSSL_free(pdat->salt);
2090 OPENSSL_free(pdat->key);
2091 }
2092
pbe_test_parse(EVP_TEST * t,const char * keyword,const char * value)2093 static int pbe_test_parse(EVP_TEST *t,
2094 const char *keyword, const char *value)
2095 {
2096 PBE_DATA *pdata = t->data;
2097
2098 if (strcmp(keyword, "Password") == 0)
2099 return parse_bin(value, &pdata->pass, &pdata->pass_len);
2100 if (strcmp(keyword, "Salt") == 0)
2101 return parse_bin(value, &pdata->salt, &pdata->salt_len);
2102 if (strcmp(keyword, "Key") == 0)
2103 return parse_bin(value, &pdata->key, &pdata->key_len);
2104 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
2105 return pbkdf2_test_parse(t, keyword, value);
2106 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
2107 return pkcs12_test_parse(t, keyword, value);
2108 #ifndef OPENSSL_NO_SCRYPT
2109 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
2110 return scrypt_test_parse(t, keyword, value);
2111 #endif
2112 return 0;
2113 }
2114
pbe_test_run(EVP_TEST * t)2115 static int pbe_test_run(EVP_TEST *t)
2116 {
2117 PBE_DATA *expected = t->data;
2118 unsigned char *key;
2119 EVP_MD *fetched_digest = NULL;
2120 OSSL_LIB_CTX *save_libctx;
2121
2122 save_libctx = OSSL_LIB_CTX_set0_default(libctx);
2123
2124 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
2125 t->err = "INTERNAL_ERROR";
2126 goto err;
2127 }
2128 if (expected->pbe_type == PBE_TYPE_PBKDF2) {
2129 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
2130 expected->salt, expected->salt_len,
2131 expected->iter, expected->md,
2132 expected->key_len, key) == 0) {
2133 t->err = "PBKDF2_ERROR";
2134 goto err;
2135 }
2136 #ifndef OPENSSL_NO_SCRYPT
2137 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
2138 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
2139 expected->salt, expected->salt_len,
2140 expected->N, expected->r, expected->p,
2141 expected->maxmem, key, expected->key_len) == 0) {
2142 t->err = "SCRYPT_ERROR";
2143 goto err;
2144 }
2145 #endif
2146 } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
2147 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
2148 NULL);
2149 if (fetched_digest == NULL) {
2150 t->err = "PKCS12_ERROR";
2151 goto err;
2152 }
2153 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
2154 expected->salt, expected->salt_len,
2155 expected->id, expected->iter, expected->key_len,
2156 key, fetched_digest) == 0) {
2157 t->err = "PKCS12_ERROR";
2158 goto err;
2159 }
2160 }
2161 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
2162 key, expected->key_len))
2163 goto err;
2164
2165 t->err = NULL;
2166 err:
2167 EVP_MD_free(fetched_digest);
2168 OPENSSL_free(key);
2169 OSSL_LIB_CTX_set0_default(save_libctx);
2170 return 1;
2171 }
2172
2173 static const EVP_TEST_METHOD pbe_test_method = {
2174 "PBE",
2175 pbe_test_init,
2176 pbe_test_cleanup,
2177 pbe_test_parse,
2178 pbe_test_run
2179 };
2180
2181
2182 /**
2183 ** BASE64 TESTS
2184 **/
2185
2186 typedef enum {
2187 BASE64_CANONICAL_ENCODING = 0,
2188 BASE64_VALID_ENCODING = 1,
2189 BASE64_INVALID_ENCODING = 2
2190 } base64_encoding_type;
2191
2192 typedef struct encode_data_st {
2193 /* Input to encoding */
2194 unsigned char *input;
2195 size_t input_len;
2196 /* Expected output */
2197 unsigned char *output;
2198 size_t output_len;
2199 base64_encoding_type encoding;
2200 } ENCODE_DATA;
2201
encode_test_init(EVP_TEST * t,const char * encoding)2202 static int encode_test_init(EVP_TEST *t, const char *encoding)
2203 {
2204 ENCODE_DATA *edata;
2205
2206 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
2207 return 0;
2208 if (strcmp(encoding, "canonical") == 0) {
2209 edata->encoding = BASE64_CANONICAL_ENCODING;
2210 } else if (strcmp(encoding, "valid") == 0) {
2211 edata->encoding = BASE64_VALID_ENCODING;
2212 } else if (strcmp(encoding, "invalid") == 0) {
2213 edata->encoding = BASE64_INVALID_ENCODING;
2214 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
2215 goto err;
2216 } else {
2217 TEST_error("Bad encoding: %s."
2218 " Should be one of {canonical, valid, invalid}",
2219 encoding);
2220 goto err;
2221 }
2222 t->data = edata;
2223 return 1;
2224 err:
2225 OPENSSL_free(edata);
2226 return 0;
2227 }
2228
encode_test_cleanup(EVP_TEST * t)2229 static void encode_test_cleanup(EVP_TEST *t)
2230 {
2231 ENCODE_DATA *edata = t->data;
2232
2233 OPENSSL_free(edata->input);
2234 OPENSSL_free(edata->output);
2235 memset(edata, 0, sizeof(*edata));
2236 }
2237
encode_test_parse(EVP_TEST * t,const char * keyword,const char * value)2238 static int encode_test_parse(EVP_TEST *t,
2239 const char *keyword, const char *value)
2240 {
2241 ENCODE_DATA *edata = t->data;
2242
2243 if (strcmp(keyword, "Input") == 0)
2244 return parse_bin(value, &edata->input, &edata->input_len);
2245 if (strcmp(keyword, "Output") == 0)
2246 return parse_bin(value, &edata->output, &edata->output_len);
2247 return 0;
2248 }
2249
encode_test_run(EVP_TEST * t)2250 static int encode_test_run(EVP_TEST *t)
2251 {
2252 ENCODE_DATA *expected = t->data;
2253 unsigned char *encode_out = NULL, *decode_out = NULL;
2254 int output_len, chunk_len;
2255 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
2256
2257 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
2258 t->err = "INTERNAL_ERROR";
2259 goto err;
2260 }
2261
2262 if (expected->encoding == BASE64_CANONICAL_ENCODING) {
2263
2264 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
2265 || !TEST_ptr(encode_out =
2266 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
2267 goto err;
2268
2269 EVP_EncodeInit(encode_ctx);
2270 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
2271 expected->input, expected->input_len)))
2272 goto err;
2273
2274 output_len = chunk_len;
2275
2276 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
2277 output_len += chunk_len;
2278
2279 if (!memory_err_compare(t, "BAD_ENCODING",
2280 expected->output, expected->output_len,
2281 encode_out, output_len))
2282 goto err;
2283 }
2284
2285 if (!TEST_ptr(decode_out =
2286 OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
2287 goto err;
2288
2289 EVP_DecodeInit(decode_ctx);
2290 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output,
2291 expected->output_len) < 0) {
2292 t->err = "DECODE_ERROR";
2293 goto err;
2294 }
2295 output_len = chunk_len;
2296
2297 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
2298 t->err = "DECODE_ERROR";
2299 goto err;
2300 }
2301 output_len += chunk_len;
2302
2303 if (expected->encoding != BASE64_INVALID_ENCODING
2304 && !memory_err_compare(t, "BAD_DECODING",
2305 expected->input, expected->input_len,
2306 decode_out, output_len)) {
2307 t->err = "BAD_DECODING";
2308 goto err;
2309 }
2310
2311 t->err = NULL;
2312 err:
2313 OPENSSL_free(encode_out);
2314 OPENSSL_free(decode_out);
2315 EVP_ENCODE_CTX_free(decode_ctx);
2316 EVP_ENCODE_CTX_free(encode_ctx);
2317 return 1;
2318 }
2319
2320 static const EVP_TEST_METHOD encode_test_method = {
2321 "Encoding",
2322 encode_test_init,
2323 encode_test_cleanup,
2324 encode_test_parse,
2325 encode_test_run,
2326 };
2327
2328
2329 /**
2330 ** RAND TESTS
2331 **/
2332 #define MAX_RAND_REPEATS 15
2333
2334 typedef struct rand_data_pass_st {
2335 unsigned char *entropy;
2336 unsigned char *reseed_entropy;
2337 unsigned char *nonce;
2338 unsigned char *pers;
2339 unsigned char *reseed_addin;
2340 unsigned char *addinA;
2341 unsigned char *addinB;
2342 unsigned char *pr_entropyA;
2343 unsigned char *pr_entropyB;
2344 unsigned char *output;
2345 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
2346 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
2347 reseed_addin_len;
2348 } RAND_DATA_PASS;
2349
2350 typedef struct rand_data_st {
2351 /* Context for this operation */
2352 EVP_RAND_CTX *ctx;
2353 EVP_RAND_CTX *parent;
2354 int n;
2355 int prediction_resistance;
2356 int use_df;
2357 unsigned int generate_bits;
2358 char *cipher;
2359 char *digest;
2360
2361 /* Expected output */
2362 RAND_DATA_PASS data[MAX_RAND_REPEATS];
2363 } RAND_DATA;
2364
rand_test_init(EVP_TEST * t,const char * name)2365 static int rand_test_init(EVP_TEST *t, const char *name)
2366 {
2367 RAND_DATA *rdata;
2368 EVP_RAND *rand;
2369 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2370 unsigned int strength = 256;
2371
2372 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
2373 return 0;
2374
2375 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
2376 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
2377 if (rand == NULL)
2378 goto err;
2379 rdata->parent = EVP_RAND_CTX_new(rand, NULL);
2380 EVP_RAND_free(rand);
2381 if (rdata->parent == NULL)
2382 goto err;
2383
2384 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
2385 if (!EVP_RAND_CTX_set_params(rdata->parent, params))
2386 goto err;
2387
2388 rand = EVP_RAND_fetch(libctx, name, NULL);
2389 if (rand == NULL)
2390 goto err;
2391 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
2392 EVP_RAND_free(rand);
2393 if (rdata->ctx == NULL)
2394 goto err;
2395
2396 rdata->n = -1;
2397 t->data = rdata;
2398 return 1;
2399 err:
2400 EVP_RAND_CTX_free(rdata->parent);
2401 OPENSSL_free(rdata);
2402 return 0;
2403 }
2404
rand_test_cleanup(EVP_TEST * t)2405 static void rand_test_cleanup(EVP_TEST *t)
2406 {
2407 RAND_DATA *rdata = t->data;
2408 int i;
2409
2410 OPENSSL_free(rdata->cipher);
2411 OPENSSL_free(rdata->digest);
2412
2413 for (i = 0; i <= rdata->n; i++) {
2414 OPENSSL_free(rdata->data[i].entropy);
2415 OPENSSL_free(rdata->data[i].reseed_entropy);
2416 OPENSSL_free(rdata->data[i].nonce);
2417 OPENSSL_free(rdata->data[i].pers);
2418 OPENSSL_free(rdata->data[i].reseed_addin);
2419 OPENSSL_free(rdata->data[i].addinA);
2420 OPENSSL_free(rdata->data[i].addinB);
2421 OPENSSL_free(rdata->data[i].pr_entropyA);
2422 OPENSSL_free(rdata->data[i].pr_entropyB);
2423 OPENSSL_free(rdata->data[i].output);
2424 }
2425 EVP_RAND_CTX_free(rdata->ctx);
2426 EVP_RAND_CTX_free(rdata->parent);
2427 }
2428
rand_test_parse(EVP_TEST * t,const char * keyword,const char * value)2429 static int rand_test_parse(EVP_TEST *t,
2430 const char *keyword, const char *value)
2431 {
2432 RAND_DATA *rdata = t->data;
2433 RAND_DATA_PASS *item;
2434 const char *p;
2435 int n;
2436
2437 if ((p = strchr(keyword, '.')) != NULL) {
2438 n = atoi(++p);
2439 if (n >= MAX_RAND_REPEATS)
2440 return 0;
2441 if (n > rdata->n)
2442 rdata->n = n;
2443 item = rdata->data + n;
2444 if (strncmp(keyword, "Entropy.", sizeof("Entropy")) == 0)
2445 return parse_bin(value, &item->entropy, &item->entropy_len);
2446 if (strncmp(keyword, "ReseedEntropy.", sizeof("ReseedEntropy")) == 0)
2447 return parse_bin(value, &item->reseed_entropy,
2448 &item->reseed_entropy_len);
2449 if (strncmp(keyword, "Nonce.", sizeof("Nonce")) == 0)
2450 return parse_bin(value, &item->nonce, &item->nonce_len);
2451 if (strncmp(keyword, "PersonalisationString.",
2452 sizeof("PersonalisationString")) == 0)
2453 return parse_bin(value, &item->pers, &item->pers_len);
2454 if (strncmp(keyword, "ReseedAdditionalInput.",
2455 sizeof("ReseedAdditionalInput")) == 0)
2456 return parse_bin(value, &item->reseed_addin,
2457 &item->reseed_addin_len);
2458 if (strncmp(keyword, "AdditionalInputA.",
2459 sizeof("AdditionalInputA")) == 0)
2460 return parse_bin(value, &item->addinA, &item->addinA_len);
2461 if (strncmp(keyword, "AdditionalInputB.",
2462 sizeof("AdditionalInputB")) == 0)
2463 return parse_bin(value, &item->addinB, &item->addinB_len);
2464 if (strncmp(keyword, "EntropyPredictionResistanceA.",
2465 sizeof("EntropyPredictionResistanceA")) == 0)
2466 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
2467 if (strncmp(keyword, "EntropyPredictionResistanceB.",
2468 sizeof("EntropyPredictionResistanceB")) == 0)
2469 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
2470 if (strncmp(keyword, "Output.", sizeof("Output")) == 0)
2471 return parse_bin(value, &item->output, &item->output_len);
2472 } else {
2473 if (strcmp(keyword, "Cipher") == 0)
2474 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
2475 if (strcmp(keyword, "Digest") == 0)
2476 return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
2477 if (strcmp(keyword, "DerivationFunction") == 0) {
2478 rdata->use_df = atoi(value) != 0;
2479 return 1;
2480 }
2481 if (strcmp(keyword, "GenerateBits") == 0) {
2482 if ((n = atoi(value)) <= 0 || n % 8 != 0)
2483 return 0;
2484 rdata->generate_bits = (unsigned int)n;
2485 return 1;
2486 }
2487 if (strcmp(keyword, "PredictionResistance") == 0) {
2488 rdata->prediction_resistance = atoi(value) != 0;
2489 return 1;
2490 }
2491 }
2492 return 0;
2493 }
2494
rand_test_run(EVP_TEST * t)2495 static int rand_test_run(EVP_TEST *t)
2496 {
2497 RAND_DATA *expected = t->data;
2498 RAND_DATA_PASS *item;
2499 unsigned char *got;
2500 size_t got_len = expected->generate_bits / 8;
2501 OSSL_PARAM params[5], *p = params;
2502 int i = -1, ret = 0;
2503 unsigned int strength;
2504 unsigned char *z;
2505
2506 if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
2507 return 0;
2508
2509 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
2510 if (expected->cipher != NULL)
2511 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
2512 expected->cipher, 0);
2513 if (expected->digest != NULL)
2514 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
2515 expected->digest, 0);
2516 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
2517 *p = OSSL_PARAM_construct_end();
2518 if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
2519 goto err;
2520
2521 strength = EVP_RAND_get_strength(expected->ctx);
2522 for (i = 0; i <= expected->n; i++) {
2523 item = expected->data + i;
2524
2525 p = params;
2526 z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
2527 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2528 z, item->entropy_len);
2529 z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
2530 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
2531 z, item->nonce_len);
2532 *p = OSSL_PARAM_construct_end();
2533 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
2534 0, NULL, 0, params)))
2535 goto err;
2536
2537 z = item->pers != NULL ? item->pers : (unsigned char *)"";
2538 if (!TEST_true(EVP_RAND_instantiate
2539 (expected->ctx, strength,
2540 expected->prediction_resistance, z,
2541 item->pers_len, NULL)))
2542 goto err;
2543
2544 if (item->reseed_entropy != NULL) {
2545 params[0] = OSSL_PARAM_construct_octet_string
2546 (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
2547 item->reseed_entropy_len);
2548 params[1] = OSSL_PARAM_construct_end();
2549 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2550 goto err;
2551
2552 if (!TEST_true(EVP_RAND_reseed
2553 (expected->ctx, expected->prediction_resistance,
2554 NULL, 0, item->reseed_addin,
2555 item->reseed_addin_len)))
2556 goto err;
2557 }
2558 if (item->pr_entropyA != NULL) {
2559 params[0] = OSSL_PARAM_construct_octet_string
2560 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
2561 item->pr_entropyA_len);
2562 params[1] = OSSL_PARAM_construct_end();
2563 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2564 goto err;
2565 }
2566 if (!TEST_true(EVP_RAND_generate
2567 (expected->ctx, got, got_len,
2568 strength, expected->prediction_resistance,
2569 item->addinA, item->addinA_len)))
2570 goto err;
2571
2572 if (item->pr_entropyB != NULL) {
2573 params[0] = OSSL_PARAM_construct_octet_string
2574 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
2575 item->pr_entropyB_len);
2576 params[1] = OSSL_PARAM_construct_end();
2577 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2578 goto err;
2579 }
2580 if (!TEST_true(EVP_RAND_generate
2581 (expected->ctx, got, got_len,
2582 strength, expected->prediction_resistance,
2583 item->addinB, item->addinB_len)))
2584 goto err;
2585 if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
2586 goto err;
2587 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
2588 || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
2589 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
2590 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
2591 EVP_RAND_STATE_UNINITIALISED))
2592 goto err;
2593 }
2594 t->err = NULL;
2595 ret = 1;
2596
2597 err:
2598 if (ret == 0 && i >= 0)
2599 TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
2600 OPENSSL_free(got);
2601 return ret;
2602 }
2603
2604 static const EVP_TEST_METHOD rand_test_method = {
2605 "RAND",
2606 rand_test_init,
2607 rand_test_cleanup,
2608 rand_test_parse,
2609 rand_test_run
2610 };
2611
2612
2613 /**
2614 ** KDF TESTS
2615 **/
2616 typedef struct kdf_data_st {
2617 /* Context for this operation */
2618 EVP_KDF_CTX *ctx;
2619 /* Expected output */
2620 unsigned char *output;
2621 size_t output_len;
2622 OSSL_PARAM params[20];
2623 OSSL_PARAM *p;
2624 } KDF_DATA;
2625
2626 /*
2627 * Perform public key operation setup: lookup key, allocated ctx and call
2628 * the appropriate initialisation function
2629 */
kdf_test_init(EVP_TEST * t,const char * name)2630 static int kdf_test_init(EVP_TEST *t, const char *name)
2631 {
2632 KDF_DATA *kdata;
2633 EVP_KDF *kdf;
2634
2635 if (is_kdf_disabled(name)) {
2636 TEST_info("skipping, '%s' is disabled", name);
2637 t->skip = 1;
2638 return 1;
2639 }
2640
2641 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2642 return 0;
2643 kdata->p = kdata->params;
2644 *kdata->p = OSSL_PARAM_construct_end();
2645
2646 kdf = EVP_KDF_fetch(libctx, name, NULL);
2647 if (kdf == NULL) {
2648 OPENSSL_free(kdata);
2649 return 0;
2650 }
2651 kdata->ctx = EVP_KDF_CTX_new(kdf);
2652 EVP_KDF_free(kdf);
2653 if (kdata->ctx == NULL) {
2654 OPENSSL_free(kdata);
2655 return 0;
2656 }
2657 t->data = kdata;
2658 return 1;
2659 }
2660
kdf_test_cleanup(EVP_TEST * t)2661 static void kdf_test_cleanup(EVP_TEST *t)
2662 {
2663 KDF_DATA *kdata = t->data;
2664 OSSL_PARAM *p;
2665
2666 for (p = kdata->params; p->key != NULL; p++)
2667 OPENSSL_free(p->data);
2668 OPENSSL_free(kdata->output);
2669 EVP_KDF_CTX_free(kdata->ctx);
2670 }
2671
kdf_test_ctrl(EVP_TEST * t,EVP_KDF_CTX * kctx,const char * value)2672 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
2673 const char *value)
2674 {
2675 KDF_DATA *kdata = t->data;
2676 int rv;
2677 char *p, *name;
2678 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
2679
2680 if (!TEST_ptr(name = OPENSSL_strdup(value)))
2681 return 0;
2682 p = strchr(name, ':');
2683 if (p != NULL)
2684 *p++ = '\0';
2685
2686 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
2687 p != NULL ? strlen(p) : 0, NULL);
2688 *++kdata->p = OSSL_PARAM_construct_end();
2689 if (!rv) {
2690 t->err = "KDF_PARAM_ERROR";
2691 OPENSSL_free(name);
2692 return 0;
2693 }
2694 if (p != NULL && strcmp(name, "digest") == 0) {
2695 if (is_digest_disabled(p)) {
2696 TEST_info("skipping, '%s' is disabled", p);
2697 t->skip = 1;
2698 }
2699 }
2700 if (p != NULL
2701 && (strcmp(name, "cipher") == 0
2702 || strcmp(name, "cekalg") == 0)
2703 && is_cipher_disabled(p)) {
2704 TEST_info("skipping, '%s' is disabled", p);
2705 t->skip = 1;
2706 }
2707 OPENSSL_free(name);
2708 return 1;
2709 }
2710
kdf_test_parse(EVP_TEST * t,const char * keyword,const char * value)2711 static int kdf_test_parse(EVP_TEST *t,
2712 const char *keyword, const char *value)
2713 {
2714 KDF_DATA *kdata = t->data;
2715
2716 if (strcmp(keyword, "Output") == 0)
2717 return parse_bin(value, &kdata->output, &kdata->output_len);
2718 if (strncmp(keyword, "Ctrl", 4) == 0)
2719 return kdf_test_ctrl(t, kdata->ctx, value);
2720 return 0;
2721 }
2722
kdf_test_run(EVP_TEST * t)2723 static int kdf_test_run(EVP_TEST *t)
2724 {
2725 KDF_DATA *expected = t->data;
2726 unsigned char *got = NULL;
2727 size_t got_len = expected->output_len;
2728
2729 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
2730 t->err = "KDF_CTRL_ERROR";
2731 return 1;
2732 }
2733 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
2734 t->err = "INTERNAL_ERROR";
2735 goto err;
2736 }
2737 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
2738 t->err = "KDF_DERIVE_ERROR";
2739 goto err;
2740 }
2741 if (!memory_err_compare(t, "KDF_MISMATCH",
2742 expected->output, expected->output_len,
2743 got, got_len))
2744 goto err;
2745
2746 t->err = NULL;
2747
2748 err:
2749 OPENSSL_free(got);
2750 return 1;
2751 }
2752
2753 static const EVP_TEST_METHOD kdf_test_method = {
2754 "KDF",
2755 kdf_test_init,
2756 kdf_test_cleanup,
2757 kdf_test_parse,
2758 kdf_test_run
2759 };
2760
2761 /**
2762 ** PKEY KDF TESTS
2763 **/
2764
2765 typedef struct pkey_kdf_data_st {
2766 /* Context for this operation */
2767 EVP_PKEY_CTX *ctx;
2768 /* Expected output */
2769 unsigned char *output;
2770 size_t output_len;
2771 } PKEY_KDF_DATA;
2772
2773 /*
2774 * Perform public key operation setup: lookup key, allocated ctx and call
2775 * the appropriate initialisation function
2776 */
pkey_kdf_test_init(EVP_TEST * t,const char * name)2777 static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
2778 {
2779 PKEY_KDF_DATA *kdata = NULL;
2780
2781 if (is_kdf_disabled(name)) {
2782 TEST_info("skipping, '%s' is disabled", name);
2783 t->skip = 1;
2784 return 1;
2785 }
2786
2787 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2788 return 0;
2789
2790 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, NULL);
2791 if (kdata->ctx == NULL
2792 || EVP_PKEY_derive_init(kdata->ctx) <= 0)
2793 goto err;
2794
2795 t->data = kdata;
2796 return 1;
2797 err:
2798 EVP_PKEY_CTX_free(kdata->ctx);
2799 OPENSSL_free(kdata);
2800 return 0;
2801 }
2802
pkey_kdf_test_cleanup(EVP_TEST * t)2803 static void pkey_kdf_test_cleanup(EVP_TEST *t)
2804 {
2805 PKEY_KDF_DATA *kdata = t->data;
2806
2807 OPENSSL_free(kdata->output);
2808 EVP_PKEY_CTX_free(kdata->ctx);
2809 }
2810
pkey_kdf_test_parse(EVP_TEST * t,const char * keyword,const char * value)2811 static int pkey_kdf_test_parse(EVP_TEST *t,
2812 const char *keyword, const char *value)
2813 {
2814 PKEY_KDF_DATA *kdata = t->data;
2815
2816 if (strcmp(keyword, "Output") == 0)
2817 return parse_bin(value, &kdata->output, &kdata->output_len);
2818 if (strncmp(keyword, "Ctrl", 4) == 0)
2819 return pkey_test_ctrl(t, kdata->ctx, value);
2820 return 0;
2821 }
2822
pkey_kdf_test_run(EVP_TEST * t)2823 static int pkey_kdf_test_run(EVP_TEST *t)
2824 {
2825 PKEY_KDF_DATA *expected = t->data;
2826 unsigned char *got = NULL;
2827 size_t got_len = expected->output_len;
2828
2829 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
2830 t->err = "INTERNAL_ERROR";
2831 goto err;
2832 }
2833 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
2834 t->err = "KDF_DERIVE_ERROR";
2835 goto err;
2836 }
2837 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
2838 t->err = "KDF_MISMATCH";
2839 goto err;
2840 }
2841 t->err = NULL;
2842
2843 err:
2844 OPENSSL_free(got);
2845 return 1;
2846 }
2847
2848 static const EVP_TEST_METHOD pkey_kdf_test_method = {
2849 "PKEYKDF",
2850 pkey_kdf_test_init,
2851 pkey_kdf_test_cleanup,
2852 pkey_kdf_test_parse,
2853 pkey_kdf_test_run
2854 };
2855
2856 /**
2857 ** KEYPAIR TESTS
2858 **/
2859
2860 typedef struct keypair_test_data_st {
2861 EVP_PKEY *privk;
2862 EVP_PKEY *pubk;
2863 } KEYPAIR_TEST_DATA;
2864
keypair_test_init(EVP_TEST * t,const char * pair)2865 static int keypair_test_init(EVP_TEST *t, const char *pair)
2866 {
2867 KEYPAIR_TEST_DATA *data;
2868 int rv = 0;
2869 EVP_PKEY *pk = NULL, *pubk = NULL;
2870 char *pub, *priv = NULL;
2871
2872 /* Split private and public names. */
2873 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
2874 || !TEST_ptr(pub = strchr(priv, ':'))) {
2875 t->err = "PARSING_ERROR";
2876 goto end;
2877 }
2878 *pub++ = '\0';
2879
2880 if (!TEST_true(find_key(&pk, priv, private_keys))) {
2881 TEST_info("Can't find private key: %s", priv);
2882 t->err = "MISSING_PRIVATE_KEY";
2883 goto end;
2884 }
2885 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
2886 TEST_info("Can't find public key: %s", pub);
2887 t->err = "MISSING_PUBLIC_KEY";
2888 goto end;
2889 }
2890
2891 if (pk == NULL && pubk == NULL) {
2892 /* Both keys are listed but unsupported: skip this test */
2893 t->skip = 1;
2894 rv = 1;
2895 goto end;
2896 }
2897
2898 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
2899 goto end;
2900 data->privk = pk;
2901 data->pubk = pubk;
2902 t->data = data;
2903 rv = 1;
2904 t->err = NULL;
2905
2906 end:
2907 OPENSSL_free(priv);
2908 return rv;
2909 }
2910
keypair_test_cleanup(EVP_TEST * t)2911 static void keypair_test_cleanup(EVP_TEST *t)
2912 {
2913 OPENSSL_free(t->data);
2914 t->data = NULL;
2915 }
2916
2917 /*
2918 * For tests that do not accept any custom keywords.
2919 */
void_test_parse(EVP_TEST * t,const char * keyword,const char * value)2920 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
2921 {
2922 return 0;
2923 }
2924
keypair_test_run(EVP_TEST * t)2925 static int keypair_test_run(EVP_TEST *t)
2926 {
2927 int rv = 0;
2928 const KEYPAIR_TEST_DATA *pair = t->data;
2929
2930 if (pair->privk == NULL || pair->pubk == NULL) {
2931 /*
2932 * this can only happen if only one of the keys is not set
2933 * which means that one of them was unsupported while the
2934 * other isn't: hence a key type mismatch.
2935 */
2936 t->err = "KEYPAIR_TYPE_MISMATCH";
2937 rv = 1;
2938 goto end;
2939 }
2940
2941 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1 ) {
2942 if ( 0 == rv ) {
2943 t->err = "KEYPAIR_MISMATCH";
2944 } else if ( -1 == rv ) {
2945 t->err = "KEYPAIR_TYPE_MISMATCH";
2946 } else if ( -2 == rv ) {
2947 t->err = "UNSUPPORTED_KEY_COMPARISON";
2948 } else {
2949 TEST_error("Unexpected error in key comparison");
2950 rv = 0;
2951 goto end;
2952 }
2953 rv = 1;
2954 goto end;
2955 }
2956
2957 rv = 1;
2958 t->err = NULL;
2959
2960 end:
2961 return rv;
2962 }
2963
2964 static const EVP_TEST_METHOD keypair_test_method = {
2965 "PrivPubKeyPair",
2966 keypair_test_init,
2967 keypair_test_cleanup,
2968 void_test_parse,
2969 keypair_test_run
2970 };
2971
2972 /**
2973 ** KEYGEN TEST
2974 **/
2975
2976 typedef struct keygen_test_data_st {
2977 EVP_PKEY_CTX *genctx; /* Keygen context to use */
2978 char *keyname; /* Key name to store key or NULL */
2979 } KEYGEN_TEST_DATA;
2980
keygen_test_init(EVP_TEST * t,const char * alg)2981 static int keygen_test_init(EVP_TEST *t, const char *alg)
2982 {
2983 KEYGEN_TEST_DATA *data;
2984 EVP_PKEY_CTX *genctx;
2985 int nid = OBJ_sn2nid(alg);
2986
2987 if (nid == NID_undef) {
2988 nid = OBJ_ln2nid(alg);
2989 if (nid == NID_undef)
2990 return 0;
2991 }
2992
2993 if (is_pkey_disabled(alg)) {
2994 t->skip = 1;
2995 return 1;
2996 }
2997 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, NULL)))
2998 goto err;
2999
3000 if (EVP_PKEY_keygen_init(genctx) <= 0) {
3001 t->err = "KEYGEN_INIT_ERROR";
3002 goto err;
3003 }
3004
3005 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
3006 goto err;
3007 data->genctx = genctx;
3008 data->keyname = NULL;
3009 t->data = data;
3010 t->err = NULL;
3011 return 1;
3012
3013 err:
3014 EVP_PKEY_CTX_free(genctx);
3015 return 0;
3016 }
3017
keygen_test_cleanup(EVP_TEST * t)3018 static void keygen_test_cleanup(EVP_TEST *t)
3019 {
3020 KEYGEN_TEST_DATA *keygen = t->data;
3021
3022 EVP_PKEY_CTX_free(keygen->genctx);
3023 OPENSSL_free(keygen->keyname);
3024 OPENSSL_free(t->data);
3025 t->data = NULL;
3026 }
3027
keygen_test_parse(EVP_TEST * t,const char * keyword,const char * value)3028 static int keygen_test_parse(EVP_TEST *t,
3029 const char *keyword, const char *value)
3030 {
3031 KEYGEN_TEST_DATA *keygen = t->data;
3032
3033 if (strcmp(keyword, "KeyName") == 0)
3034 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
3035 if (strcmp(keyword, "Ctrl") == 0)
3036 return pkey_test_ctrl(t, keygen->genctx, value);
3037 return 0;
3038 }
3039
keygen_test_run(EVP_TEST * t)3040 static int keygen_test_run(EVP_TEST *t)
3041 {
3042 KEYGEN_TEST_DATA *keygen = t->data;
3043 EVP_PKEY *pkey = NULL;
3044 int rv = 1;
3045
3046 if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
3047 t->err = "KEYGEN_GENERATE_ERROR";
3048 goto err;
3049 }
3050
3051 if (!evp_pkey_is_provided(pkey)) {
3052 TEST_info("Warning: legacy key generated %s", keygen->keyname);
3053 goto err;
3054 }
3055 if (keygen->keyname != NULL) {
3056 KEY_LIST *key;
3057
3058 rv = 0;
3059 if (find_key(NULL, keygen->keyname, private_keys)) {
3060 TEST_info("Duplicate key %s", keygen->keyname);
3061 goto err;
3062 }
3063
3064 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
3065 goto err;
3066 key->name = keygen->keyname;
3067 keygen->keyname = NULL;
3068 key->key = pkey;
3069 key->next = private_keys;
3070 private_keys = key;
3071 rv = 1;
3072 } else {
3073 EVP_PKEY_free(pkey);
3074 }
3075
3076 t->err = NULL;
3077
3078 err:
3079 return rv;
3080 }
3081
3082 static const EVP_TEST_METHOD keygen_test_method = {
3083 "KeyGen",
3084 keygen_test_init,
3085 keygen_test_cleanup,
3086 keygen_test_parse,
3087 keygen_test_run,
3088 };
3089
3090 /**
3091 ** DIGEST SIGN+VERIFY TESTS
3092 **/
3093
3094 typedef struct {
3095 int is_verify; /* Set to 1 if verifying */
3096 int is_oneshot; /* Set to 1 for one shot operation */
3097 const EVP_MD *md; /* Digest to use */
3098 EVP_MD_CTX *ctx; /* Digest context */
3099 EVP_PKEY_CTX *pctx;
3100 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
3101 unsigned char *osin; /* Input data if one shot */
3102 size_t osin_len; /* Input length data if one shot */
3103 unsigned char *output; /* Expected output */
3104 size_t output_len; /* Expected output length */
3105 } DIGESTSIGN_DATA;
3106
digestsigver_test_init(EVP_TEST * t,const char * alg,int is_verify,int is_oneshot)3107 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
3108 int is_oneshot)
3109 {
3110 const EVP_MD *md = NULL;
3111 DIGESTSIGN_DATA *mdat;
3112
3113 if (strcmp(alg, "NULL") != 0) {
3114 if (is_digest_disabled(alg)) {
3115 t->skip = 1;
3116 return 1;
3117 }
3118 md = EVP_get_digestbyname(alg);
3119 if (md == NULL)
3120 return 0;
3121 }
3122 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
3123 return 0;
3124 mdat->md = md;
3125 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
3126 OPENSSL_free(mdat);
3127 return 0;
3128 }
3129 mdat->is_verify = is_verify;
3130 mdat->is_oneshot = is_oneshot;
3131 t->data = mdat;
3132 return 1;
3133 }
3134
digestsign_test_init(EVP_TEST * t,const char * alg)3135 static int digestsign_test_init(EVP_TEST *t, const char *alg)
3136 {
3137 return digestsigver_test_init(t, alg, 0, 0);
3138 }
3139
digestsigver_test_cleanup(EVP_TEST * t)3140 static void digestsigver_test_cleanup(EVP_TEST *t)
3141 {
3142 DIGESTSIGN_DATA *mdata = t->data;
3143
3144 EVP_MD_CTX_free(mdata->ctx);
3145 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
3146 OPENSSL_free(mdata->osin);
3147 OPENSSL_free(mdata->output);
3148 OPENSSL_free(mdata);
3149 t->data = NULL;
3150 }
3151
digestsigver_test_parse(EVP_TEST * t,const char * keyword,const char * value)3152 static int digestsigver_test_parse(EVP_TEST *t,
3153 const char *keyword, const char *value)
3154 {
3155 DIGESTSIGN_DATA *mdata = t->data;
3156
3157 if (strcmp(keyword, "Key") == 0) {
3158 EVP_PKEY *pkey = NULL;
3159 int rv = 0;
3160 const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md);
3161
3162 if (mdata->is_verify)
3163 rv = find_key(&pkey, value, public_keys);
3164 if (rv == 0)
3165 rv = find_key(&pkey, value, private_keys);
3166 if (rv == 0 || pkey == NULL) {
3167 t->skip = 1;
3168 return 1;
3169 }
3170 if (mdata->is_verify) {
3171 if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
3172 NULL, pkey, NULL))
3173 t->err = "DIGESTVERIFYINIT_ERROR";
3174 return 1;
3175 }
3176 if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
3177 pkey, NULL))
3178 t->err = "DIGESTSIGNINIT_ERROR";
3179 return 1;
3180 }
3181
3182 if (strcmp(keyword, "Input") == 0) {
3183 if (mdata->is_oneshot)
3184 return parse_bin(value, &mdata->osin, &mdata->osin_len);
3185 return evp_test_buffer_append(value, &mdata->input);
3186 }
3187 if (strcmp(keyword, "Output") == 0)
3188 return parse_bin(value, &mdata->output, &mdata->output_len);
3189
3190 if (!mdata->is_oneshot) {
3191 if (strcmp(keyword, "Count") == 0)
3192 return evp_test_buffer_set_count(value, mdata->input);
3193 if (strcmp(keyword, "Ncopy") == 0)
3194 return evp_test_buffer_ncopy(value, mdata->input);
3195 }
3196 if (strcmp(keyword, "Ctrl") == 0) {
3197 if (mdata->pctx == NULL)
3198 return -1;
3199 return pkey_test_ctrl(t, mdata->pctx, value);
3200 }
3201 return 0;
3202 }
3203
digestsign_update_fn(void * ctx,const unsigned char * buf,size_t buflen)3204 static int digestsign_update_fn(void *ctx, const unsigned char *buf,
3205 size_t buflen)
3206 {
3207 return EVP_DigestSignUpdate(ctx, buf, buflen);
3208 }
3209
digestsign_test_run(EVP_TEST * t)3210 static int digestsign_test_run(EVP_TEST *t)
3211 {
3212 DIGESTSIGN_DATA *expected = t->data;
3213 unsigned char *got = NULL;
3214 size_t got_len;
3215
3216 if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
3217 expected->ctx)) {
3218 t->err = "DIGESTUPDATE_ERROR";
3219 goto err;
3220 }
3221
3222 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
3223 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
3224 goto err;
3225 }
3226 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3227 t->err = "MALLOC_FAILURE";
3228 goto err;
3229 }
3230 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
3231 t->err = "DIGESTSIGNFINAL_ERROR";
3232 goto err;
3233 }
3234 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3235 expected->output, expected->output_len,
3236 got, got_len))
3237 goto err;
3238
3239 t->err = NULL;
3240 err:
3241 OPENSSL_free(got);
3242 return 1;
3243 }
3244
3245 static const EVP_TEST_METHOD digestsign_test_method = {
3246 "DigestSign",
3247 digestsign_test_init,
3248 digestsigver_test_cleanup,
3249 digestsigver_test_parse,
3250 digestsign_test_run
3251 };
3252
digestverify_test_init(EVP_TEST * t,const char * alg)3253 static int digestverify_test_init(EVP_TEST *t, const char *alg)
3254 {
3255 return digestsigver_test_init(t, alg, 1, 0);
3256 }
3257
digestverify_update_fn(void * ctx,const unsigned char * buf,size_t buflen)3258 static int digestverify_update_fn(void *ctx, const unsigned char *buf,
3259 size_t buflen)
3260 {
3261 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
3262 }
3263
digestverify_test_run(EVP_TEST * t)3264 static int digestverify_test_run(EVP_TEST *t)
3265 {
3266 DIGESTSIGN_DATA *mdata = t->data;
3267
3268 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
3269 t->err = "DIGESTUPDATE_ERROR";
3270 return 1;
3271 }
3272
3273 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
3274 mdata->output_len) <= 0)
3275 t->err = "VERIFY_ERROR";
3276 return 1;
3277 }
3278
3279 static const EVP_TEST_METHOD digestverify_test_method = {
3280 "DigestVerify",
3281 digestverify_test_init,
3282 digestsigver_test_cleanup,
3283 digestsigver_test_parse,
3284 digestverify_test_run
3285 };
3286
oneshot_digestsign_test_init(EVP_TEST * t,const char * alg)3287 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
3288 {
3289 return digestsigver_test_init(t, alg, 0, 1);
3290 }
3291
oneshot_digestsign_test_run(EVP_TEST * t)3292 static int oneshot_digestsign_test_run(EVP_TEST *t)
3293 {
3294 DIGESTSIGN_DATA *expected = t->data;
3295 unsigned char *got = NULL;
3296 size_t got_len;
3297
3298 if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
3299 expected->osin, expected->osin_len)) {
3300 t->err = "DIGESTSIGN_LENGTH_ERROR";
3301 goto err;
3302 }
3303 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3304 t->err = "MALLOC_FAILURE";
3305 goto err;
3306 }
3307 if (!EVP_DigestSign(expected->ctx, got, &got_len,
3308 expected->osin, expected->osin_len)) {
3309 t->err = "DIGESTSIGN_ERROR";
3310 goto err;
3311 }
3312 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3313 expected->output, expected->output_len,
3314 got, got_len))
3315 goto err;
3316
3317 t->err = NULL;
3318 err:
3319 OPENSSL_free(got);
3320 return 1;
3321 }
3322
3323 static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
3324 "OneShotDigestSign",
3325 oneshot_digestsign_test_init,
3326 digestsigver_test_cleanup,
3327 digestsigver_test_parse,
3328 oneshot_digestsign_test_run
3329 };
3330
oneshot_digestverify_test_init(EVP_TEST * t,const char * alg)3331 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
3332 {
3333 return digestsigver_test_init(t, alg, 1, 1);
3334 }
3335
oneshot_digestverify_test_run(EVP_TEST * t)3336 static int oneshot_digestverify_test_run(EVP_TEST *t)
3337 {
3338 DIGESTSIGN_DATA *mdata = t->data;
3339
3340 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
3341 mdata->osin, mdata->osin_len) <= 0)
3342 t->err = "VERIFY_ERROR";
3343 return 1;
3344 }
3345
3346 static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
3347 "OneShotDigestVerify",
3348 oneshot_digestverify_test_init,
3349 digestsigver_test_cleanup,
3350 digestsigver_test_parse,
3351 oneshot_digestverify_test_run
3352 };
3353
3354
3355 /**
3356 ** PARSING AND DISPATCH
3357 **/
3358
3359 static const EVP_TEST_METHOD *evp_test_list[] = {
3360 &rand_test_method,
3361 &cipher_test_method,
3362 &digest_test_method,
3363 &digestsign_test_method,
3364 &digestverify_test_method,
3365 &encode_test_method,
3366 &kdf_test_method,
3367 &pkey_kdf_test_method,
3368 &keypair_test_method,
3369 &keygen_test_method,
3370 &mac_test_method,
3371 &oneshot_digestsign_test_method,
3372 &oneshot_digestverify_test_method,
3373 &pbe_test_method,
3374 &pdecrypt_test_method,
3375 &pderive_test_method,
3376 &psign_test_method,
3377 &pverify_recover_test_method,
3378 &pverify_test_method,
3379 NULL
3380 };
3381
find_test(const char * name)3382 static const EVP_TEST_METHOD *find_test(const char *name)
3383 {
3384 const EVP_TEST_METHOD **tt;
3385
3386 for (tt = evp_test_list; *tt; tt++) {
3387 if (strcmp(name, (*tt)->name) == 0)
3388 return *tt;
3389 }
3390 return NULL;
3391 }
3392
clear_test(EVP_TEST * t)3393 static void clear_test(EVP_TEST *t)
3394 {
3395 test_clearstanza(&t->s);
3396 ERR_clear_error();
3397 if (t->data != NULL) {
3398 if (t->meth != NULL)
3399 t->meth->cleanup(t);
3400 OPENSSL_free(t->data);
3401 t->data = NULL;
3402 }
3403 OPENSSL_free(t->expected_err);
3404 t->expected_err = NULL;
3405 OPENSSL_free(t->reason);
3406 t->reason = NULL;
3407
3408 /* Text literal. */
3409 t->err = NULL;
3410 t->skip = 0;
3411 t->meth = NULL;
3412 }
3413
3414 /* Check for errors in the test structure; return 1 if okay, else 0. */
check_test_error(EVP_TEST * t)3415 static int check_test_error(EVP_TEST *t)
3416 {
3417 unsigned long err;
3418 const char *reason;
3419
3420 if (t->err == NULL && t->expected_err == NULL)
3421 return 1;
3422 if (t->err != NULL && t->expected_err == NULL) {
3423 if (t->aux_err != NULL) {
3424 TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
3425 t->s.test_file, t->s.start, t->aux_err, t->err);
3426 } else {
3427 TEST_info("%s:%d: Source of above error; unexpected error %s",
3428 t->s.test_file, t->s.start, t->err);
3429 }
3430 return 0;
3431 }
3432 if (t->err == NULL && t->expected_err != NULL) {
3433 TEST_info("%s:%d: Succeeded but was expecting %s",
3434 t->s.test_file, t->s.start, t->expected_err);
3435 return 0;
3436 }
3437
3438 if (strcmp(t->err, t->expected_err) != 0) {
3439 TEST_info("%s:%d: Expected %s got %s",
3440 t->s.test_file, t->s.start, t->expected_err, t->err);
3441 return 0;
3442 }
3443
3444 if (t->reason == NULL)
3445 return 1;
3446
3447 if (t->reason == NULL) {
3448 TEST_info("%s:%d: Test is missing function or reason code",
3449 t->s.test_file, t->s.start);
3450 return 0;
3451 }
3452
3453 err = ERR_peek_error();
3454 if (err == 0) {
3455 TEST_info("%s:%d: Expected error \"%s\" not set",
3456 t->s.test_file, t->s.start, t->reason);
3457 return 0;
3458 }
3459
3460 reason = ERR_reason_error_string(err);
3461 if (reason == NULL) {
3462 TEST_info("%s:%d: Expected error \"%s\", no strings available."
3463 " Assuming ok.",
3464 t->s.test_file, t->s.start, t->reason);
3465 return 1;
3466 }
3467
3468 if (strcmp(reason, t->reason) == 0)
3469 return 1;
3470
3471 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
3472 t->s.test_file, t->s.start, t->reason, reason);
3473
3474 return 0;
3475 }
3476
3477 /* Run a parsed test. Log a message and return 0 on error. */
run_test(EVP_TEST * t)3478 static int run_test(EVP_TEST *t)
3479 {
3480 if (t->meth == NULL)
3481 return 1;
3482 t->s.numtests++;
3483 if (t->skip) {
3484 t->s.numskip++;
3485 } else {
3486 /* run the test */
3487 if (t->err == NULL && t->meth->run_test(t) != 1) {
3488 TEST_info("%s:%d %s error",
3489 t->s.test_file, t->s.start, t->meth->name);
3490 return 0;
3491 }
3492 if (!check_test_error(t)) {
3493 TEST_openssl_errors();
3494 t->s.errors++;
3495 }
3496 }
3497
3498 /* clean it up */
3499 return 1;
3500 }
3501
find_key(EVP_PKEY ** ppk,const char * name,KEY_LIST * lst)3502 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
3503 {
3504 for (; lst != NULL; lst = lst->next) {
3505 if (strcmp(lst->name, name) == 0) {
3506 if (ppk != NULL)
3507 *ppk = lst->key;
3508 return 1;
3509 }
3510 }
3511 return 0;
3512 }
3513
free_key_list(KEY_LIST * lst)3514 static void free_key_list(KEY_LIST *lst)
3515 {
3516 while (lst != NULL) {
3517 KEY_LIST *next = lst->next;
3518
3519 EVP_PKEY_free(lst->key);
3520 OPENSSL_free(lst->name);
3521 OPENSSL_free(lst);
3522 lst = next;
3523 }
3524 }
3525
3526 /*
3527 * Is the key type an unsupported algorithm?
3528 */
key_unsupported(void)3529 static int key_unsupported(void)
3530 {
3531 long err = ERR_peek_last_error();
3532 int lib = ERR_GET_LIB(err);
3533 long reason = ERR_GET_REASON(err);
3534
3535 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
3536 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
3537 || reason == ERR_R_UNSUPPORTED) {
3538 ERR_clear_error();
3539 return 1;
3540 }
3541 #ifndef OPENSSL_NO_EC
3542 /*
3543 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
3544 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
3545 * disabled).
3546 */
3547 if (lib == ERR_LIB_EC
3548 && (reason == EC_R_UNKNOWN_GROUP
3549 || reason == EC_R_INVALID_CURVE)) {
3550 ERR_clear_error();
3551 return 1;
3552 }
3553 #endif /* OPENSSL_NO_EC */
3554 return 0;
3555 }
3556
3557 /* NULL out the value from |pp| but return it. This "steals" a pointer. */
take_value(PAIR * pp)3558 static char *take_value(PAIR *pp)
3559 {
3560 char *p = pp->value;
3561
3562 pp->value = NULL;
3563 return p;
3564 }
3565
3566 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
securitycheck_enabled(void)3567 static int securitycheck_enabled(void)
3568 {
3569 static int enabled = -1;
3570
3571 if (enabled == -1) {
3572 if (OSSL_PROVIDER_available(libctx, "fips")) {
3573 OSSL_PARAM params[2];
3574 OSSL_PROVIDER *prov = NULL;
3575 int check = 1;
3576
3577 prov = OSSL_PROVIDER_load(libctx, "fips");
3578 if (prov != NULL) {
3579 params[0] =
3580 OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
3581 &check);
3582 params[1] = OSSL_PARAM_construct_end();
3583 OSSL_PROVIDER_get_params(prov, params);
3584 OSSL_PROVIDER_unload(prov);
3585 }
3586 enabled = check;
3587 return enabled;
3588 }
3589 enabled = 0;
3590 }
3591 return enabled;
3592 }
3593 #endif
3594
3595 /*
3596 * Return 1 if one of the providers named in the string is available.
3597 * The provider names are separated with whitespace.
3598 * NOTE: destructive function, it inserts '\0' after each provider name.
3599 */
prov_available(char * providers)3600 static int prov_available(char *providers)
3601 {
3602 char *p;
3603 int more = 1;
3604
3605 while (more) {
3606 for (; isspace(*providers); providers++)
3607 continue;
3608 if (*providers == '\0')
3609 break; /* End of the road */
3610 for (p = providers; *p != '\0' && !isspace(*p); p++)
3611 continue;
3612 if (*p == '\0')
3613 more = 0;
3614 else
3615 *p = '\0';
3616 if (OSSL_PROVIDER_available(libctx, providers))
3617 return 1; /* Found one */
3618 }
3619 return 0;
3620 }
3621
3622 /* Read and parse one test. Return 0 if failure, 1 if okay. */
parse(EVP_TEST * t)3623 static int parse(EVP_TEST *t)
3624 {
3625 KEY_LIST *key, **klist;
3626 EVP_PKEY *pkey;
3627 PAIR *pp;
3628 int i, skip_availablein = 0;
3629
3630 top:
3631 do {
3632 if (BIO_eof(t->s.fp))
3633 return EOF;
3634 clear_test(t);
3635 if (!test_readstanza(&t->s))
3636 return 0;
3637 } while (t->s.numpairs == 0);
3638 pp = &t->s.pairs[0];
3639
3640 /* Are we adding a key? */
3641 klist = NULL;
3642 pkey = NULL;
3643 start:
3644 if (strcmp(pp->key, "PrivateKey") == 0) {
3645 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3646 if (pkey == NULL && !key_unsupported()) {
3647 EVP_PKEY_free(pkey);
3648 TEST_info("Can't read private key %s", pp->value);
3649 TEST_openssl_errors();
3650 return 0;
3651 }
3652 klist = &private_keys;
3653 } else if (strcmp(pp->key, "PublicKey") == 0) {
3654 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3655 if (pkey == NULL && !key_unsupported()) {
3656 EVP_PKEY_free(pkey);
3657 TEST_info("Can't read public key %s", pp->value);
3658 TEST_openssl_errors();
3659 return 0;
3660 }
3661 klist = &public_keys;
3662 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
3663 || strcmp(pp->key, "PublicKeyRaw") == 0 ) {
3664 char *strnid = NULL, *keydata = NULL;
3665 unsigned char *keybin;
3666 size_t keylen;
3667 int nid;
3668
3669 if (strcmp(pp->key, "PrivateKeyRaw") == 0)
3670 klist = &private_keys;
3671 else
3672 klist = &public_keys;
3673
3674 strnid = strchr(pp->value, ':');
3675 if (strnid != NULL) {
3676 *strnid++ = '\0';
3677 keydata = strchr(strnid, ':');
3678 if (keydata != NULL)
3679 *keydata++ = '\0';
3680 }
3681 if (keydata == NULL) {
3682 TEST_info("Failed to parse %s value", pp->key);
3683 return 0;
3684 }
3685
3686 nid = OBJ_txt2nid(strnid);
3687 if (nid == NID_undef) {
3688 TEST_info("Unrecognised algorithm NID");
3689 return 0;
3690 }
3691 if (!parse_bin(keydata, &keybin, &keylen)) {
3692 TEST_info("Failed to create binary key");
3693 return 0;
3694 }
3695 if (klist == &private_keys)
3696 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
3697 keylen);
3698 else
3699 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
3700 keylen);
3701 if (pkey == NULL && !key_unsupported()) {
3702 TEST_info("Can't read %s data", pp->key);
3703 OPENSSL_free(keybin);
3704 TEST_openssl_errors();
3705 return 0;
3706 }
3707 OPENSSL_free(keybin);
3708 } else if (strcmp(pp->key, "Availablein") == 0) {
3709 if (!prov_available(pp->value)) {
3710 TEST_info("skipping, '%s' provider not available: %s:%d",
3711 pp->value, t->s.test_file, t->s.start);
3712 t->skip = 1;
3713 return 0;
3714 }
3715 skip_availablein++;
3716 pp++;
3717 goto start;
3718 }
3719
3720 /* If we have a key add to list */
3721 if (klist != NULL) {
3722 if (find_key(NULL, pp->value, *klist)) {
3723 TEST_info("Duplicate key %s", pp->value);
3724 return 0;
3725 }
3726 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
3727 return 0;
3728 key->name = take_value(pp);
3729 key->key = pkey;
3730 key->next = *klist;
3731 *klist = key;
3732
3733 /* Go back and start a new stanza. */
3734 if ((t->s.numpairs - skip_availablein) != 1)
3735 TEST_info("Line %d: missing blank line\n", t->s.curr);
3736 goto top;
3737 }
3738
3739 /* Find the test, based on first keyword. */
3740 if (!TEST_ptr(t->meth = find_test(pp->key)))
3741 return 0;
3742 if (!t->meth->init(t, pp->value)) {
3743 TEST_error("unknown %s: %s\n", pp->key, pp->value);
3744 return 0;
3745 }
3746 if (t->skip == 1) {
3747 /* TEST_info("skipping %s %s", pp->key, pp->value); */
3748 return 0;
3749 }
3750
3751 for (pp++, i = 1; i < (t->s.numpairs - skip_availablein); pp++, i++) {
3752 if (strcmp(pp->key, "Securitycheck") == 0) {
3753 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
3754 #else
3755 if (!securitycheck_enabled())
3756 #endif
3757 {
3758 TEST_info("skipping, Securitycheck is disabled: %s:%d",
3759 t->s.test_file, t->s.start);
3760 t->skip = 1;
3761 return 0;
3762 }
3763 } else if (strcmp(pp->key, "Availablein") == 0) {
3764 TEST_info("Line %d: 'Availablein' should be the first option",
3765 t->s.curr);
3766 return 0;
3767 } else if (strcmp(pp->key, "Result") == 0) {
3768 if (t->expected_err != NULL) {
3769 TEST_info("Line %d: multiple result lines", t->s.curr);
3770 return 0;
3771 }
3772 t->expected_err = take_value(pp);
3773 } else if (strcmp(pp->key, "Function") == 0) {
3774 /* Ignore old line. */
3775 } else if (strcmp(pp->key, "Reason") == 0) {
3776 if (t->reason != NULL) {
3777 TEST_info("Line %d: multiple reason lines", t->s.curr);
3778 return 0;
3779 }
3780 t->reason = take_value(pp);
3781 } else {
3782 /* Must be test specific line: try to parse it */
3783 int rv = t->meth->parse(t, pp->key, pp->value);
3784
3785 if (rv == 0) {
3786 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
3787 return 0;
3788 }
3789 if (rv < 0) {
3790 TEST_info("Line %d: error processing keyword %s = %s\n",
3791 t->s.curr, pp->key, pp->value);
3792 return 0;
3793 }
3794 }
3795 }
3796
3797 return 1;
3798 }
3799
run_file_tests(int i)3800 static int run_file_tests(int i)
3801 {
3802 EVP_TEST *t;
3803 const char *testfile = test_get_argument(i);
3804 int c;
3805
3806 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
3807 return 0;
3808 if (!test_start_file(&t->s, testfile)) {
3809 OPENSSL_free(t);
3810 return 0;
3811 }
3812
3813 while (!BIO_eof(t->s.fp)) {
3814 c = parse(t);
3815 if (t->skip) {
3816 t->s.numskip++;
3817 continue;
3818 }
3819 if (c == 0 || !run_test(t)) {
3820 t->s.errors++;
3821 break;
3822 }
3823 }
3824 test_end_file(&t->s);
3825 clear_test(t);
3826
3827 free_key_list(public_keys);
3828 free_key_list(private_keys);
3829 BIO_free(t->s.key);
3830 c = t->s.errors;
3831 OPENSSL_free(t);
3832 return c == 0;
3833 }
3834
test_get_options(void)3835 const OPTIONS *test_get_options(void)
3836 {
3837 static const OPTIONS test_options[] = {
3838 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
3839 { "config", OPT_CONFIG_FILE, '<',
3840 "The configuration file to use for the libctx" },
3841 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
3842 { NULL }
3843 };
3844 return test_options;
3845 }
3846
setup_tests(void)3847 int setup_tests(void)
3848 {
3849 size_t n;
3850 char *config_file = NULL;
3851
3852 OPTION_CHOICE o;
3853
3854 while ((o = opt_next()) != OPT_EOF) {
3855 switch (o) {
3856 case OPT_CONFIG_FILE:
3857 config_file = opt_arg();
3858 break;
3859 case OPT_TEST_CASES:
3860 break;
3861 default:
3862 case OPT_ERR:
3863 return 0;
3864 }
3865 }
3866
3867 /*
3868 * Load the provider via configuration into the created library context.
3869 * Load the 'null' provider into the default library context to ensure that
3870 * the tests do not fallback to using the default provider.
3871 */
3872 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
3873 return 0;
3874
3875 n = test_get_argument_count();
3876 if (n == 0)
3877 return 0;
3878
3879 ADD_ALL_TESTS(run_file_tests, n);
3880 return 1;
3881 }
3882
cleanup_tests(void)3883 void cleanup_tests(void)
3884 {
3885 OSSL_PROVIDER_unload(prov_null);
3886 OSSL_LIB_CTX_free(libctx);
3887 }
3888
3889 #define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0
3890 #define STR_ENDS_WITH(str, pre) \
3891 strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0)
3892
is_digest_disabled(const char * name)3893 static int is_digest_disabled(const char *name)
3894 {
3895 #ifdef OPENSSL_NO_BLAKE2
3896 if (STR_STARTS_WITH(name, "BLAKE"))
3897 return 1;
3898 #endif
3899 #ifdef OPENSSL_NO_MD2
3900 if (strcasecmp(name, "MD2") == 0)
3901 return 1;
3902 #endif
3903 #ifdef OPENSSL_NO_MDC2
3904 if (strcasecmp(name, "MDC2") == 0)
3905 return 1;
3906 #endif
3907 #ifdef OPENSSL_NO_MD4
3908 if (strcasecmp(name, "MD4") == 0)
3909 return 1;
3910 #endif
3911 #ifdef OPENSSL_NO_MD5
3912 if (strcasecmp(name, "MD5") == 0)
3913 return 1;
3914 #endif
3915 #ifdef OPENSSL_NO_RMD160
3916 if (strcasecmp(name, "RIPEMD160") == 0)
3917 return 1;
3918 #endif
3919 #ifdef OPENSSL_NO_SM3
3920 if (strcasecmp(name, "SM3") == 0)
3921 return 1;
3922 #endif
3923 #ifdef OPENSSL_NO_WHIRLPOOL
3924 if (strcasecmp(name, "WHIRLPOOL") == 0)
3925 return 1;
3926 #endif
3927 return 0;
3928 }
3929
is_pkey_disabled(const char * name)3930 static int is_pkey_disabled(const char *name)
3931 {
3932 #ifdef OPENSSL_NO_EC
3933 if (STR_STARTS_WITH(name, "EC"))
3934 return 1;
3935 #endif
3936 #ifdef OPENSSL_NO_DH
3937 if (STR_STARTS_WITH(name, "DH"))
3938 return 1;
3939 #endif
3940 #ifdef OPENSSL_NO_DSA
3941 if (STR_STARTS_WITH(name, "DSA"))
3942 return 1;
3943 #endif
3944 return 0;
3945 }
3946
is_mac_disabled(const char * name)3947 static int is_mac_disabled(const char *name)
3948 {
3949 #ifdef OPENSSL_NO_BLAKE2
3950 if (STR_STARTS_WITH(name, "BLAKE2BMAC")
3951 || STR_STARTS_WITH(name, "BLAKE2SMAC"))
3952 return 1;
3953 #endif
3954 #ifdef OPENSSL_NO_CMAC
3955 if (STR_STARTS_WITH(name, "CMAC"))
3956 return 1;
3957 #endif
3958 #ifdef OPENSSL_NO_POLY1305
3959 if (STR_STARTS_WITH(name, "Poly1305"))
3960 return 1;
3961 #endif
3962 #ifdef OPENSSL_NO_SIPHASH
3963 if (STR_STARTS_WITH(name, "SipHash"))
3964 return 1;
3965 #endif
3966 return 0;
3967 }
is_kdf_disabled(const char * name)3968 static int is_kdf_disabled(const char *name)
3969 {
3970 #ifdef OPENSSL_NO_SCRYPT
3971 if (STR_ENDS_WITH(name, "SCRYPT"))
3972 return 1;
3973 #endif
3974 return 0;
3975 }
3976
is_cipher_disabled(const char * name)3977 static int is_cipher_disabled(const char *name)
3978 {
3979 #ifdef OPENSSL_NO_ARIA
3980 if (STR_STARTS_WITH(name, "ARIA"))
3981 return 1;
3982 #endif
3983 #ifdef OPENSSL_NO_BF
3984 if (STR_STARTS_WITH(name, "BF"))
3985 return 1;
3986 #endif
3987 #ifdef OPENSSL_NO_CAMELLIA
3988 if (STR_STARTS_WITH(name, "CAMELLIA"))
3989 return 1;
3990 #endif
3991 #ifdef OPENSSL_NO_CAST
3992 if (STR_STARTS_WITH(name, "CAST"))
3993 return 1;
3994 #endif
3995 #ifdef OPENSSL_NO_CHACHA
3996 if (STR_STARTS_WITH(name, "CHACHA"))
3997 return 1;
3998 #endif
3999 #ifdef OPENSSL_NO_POLY1305
4000 if (STR_ENDS_WITH(name, "Poly1305"))
4001 return 1;
4002 #endif
4003 #ifdef OPENSSL_NO_DES
4004 if (STR_STARTS_WITH(name, "DES"))
4005 return 1;
4006 if (STR_ENDS_WITH(name, "3DESwrap"))
4007 return 1;
4008 #endif
4009 #ifdef OPENSSL_NO_OCB
4010 if (STR_ENDS_WITH(name, "OCB"))
4011 return 1;
4012 #endif
4013 #ifdef OPENSSL_NO_IDEA
4014 if (STR_STARTS_WITH(name, "IDEA"))
4015 return 1;
4016 #endif
4017 #ifdef OPENSSL_NO_RC2
4018 if (STR_STARTS_WITH(name, "RC2"))
4019 return 1;
4020 #endif
4021 #ifdef OPENSSL_NO_RC4
4022 if (STR_STARTS_WITH(name, "RC4"))
4023 return 1;
4024 #endif
4025 #ifdef OPENSSL_NO_RC5
4026 if (STR_STARTS_WITH(name, "RC5"))
4027 return 1;
4028 #endif
4029 #ifdef OPENSSL_NO_SEED
4030 if (STR_STARTS_WITH(name, "SEED"))
4031 return 1;
4032 #endif
4033 #ifdef OPENSSL_NO_SIV
4034 if (STR_ENDS_WITH(name, "SIV"))
4035 return 1;
4036 #endif
4037 #ifdef OPENSSL_NO_SM4
4038 if (STR_STARTS_WITH(name, "SM4"))
4039 return 1;
4040 #endif
4041 return 0;
4042 }
4043