evp_test.c 125 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341
  1. /*
  2. * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
  10. #include <stdio.h>
  11. #include <string.h>
  12. #include <stdlib.h>
  13. #include <ctype.h>
  14. #include <openssl/evp.h>
  15. #include <openssl/pem.h>
  16. #include <openssl/err.h>
  17. #include <openssl/provider.h>
  18. #include <openssl/x509v3.h>
  19. #include <openssl/pkcs12.h>
  20. #include <openssl/kdf.h>
  21. #include <openssl/params.h>
  22. #include <openssl/core_names.h>
  23. #include <openssl/fips_names.h>
  24. #include <openssl/thread.h>
  25. #include "internal/numbers.h"
  26. #include "internal/nelem.h"
  27. #include "crypto/evp.h"
  28. #include "testutil.h"
  29. typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
  30. DEFINE_STACK_OF(EVP_TEST_BUFFER)
  31. #define AAD_NUM 4
  32. typedef struct evp_test_method_st EVP_TEST_METHOD;
  33. /* Structure holding test information */
  34. typedef struct evp_test_st {
  35. STANZA s; /* Common test stanza */
  36. char *name;
  37. int skip; /* Current test should be skipped */
  38. const EVP_TEST_METHOD *meth; /* method for this test */
  39. const char *err, *aux_err; /* Error string for test */
  40. char *expected_err; /* Expected error value of test */
  41. char *reason; /* Expected error reason string */
  42. void *data; /* test specific data */
  43. } EVP_TEST;
  44. /* Test method structure */
  45. struct evp_test_method_st {
  46. /* Name of test as it appears in file */
  47. const char *name;
  48. /* Initialise test for "alg" */
  49. int (*init) (EVP_TEST *t, const char *alg);
  50. /* Clean up method */
  51. void (*cleanup) (EVP_TEST *t);
  52. /* Test specific name value pair processing */
  53. int (*parse) (EVP_TEST *t, const char *name, const char *value);
  54. /* Run the test itself */
  55. int (*run_test) (EVP_TEST *t);
  56. };
  57. /* Linked list of named keys. */
  58. typedef struct key_list_st {
  59. char *name;
  60. EVP_PKEY *key;
  61. struct key_list_st *next;
  62. } KEY_LIST;
  63. typedef enum OPTION_choice {
  64. OPT_ERR = -1,
  65. OPT_EOF = 0,
  66. OPT_CONFIG_FILE,
  67. OPT_IN_PLACE,
  68. OPT_PROVIDER_NAME,
  69. OPT_PROV_PROPQUERY,
  70. OPT_TEST_ENUM
  71. } OPTION_CHOICE;
  72. static OSSL_PROVIDER *prov_null = NULL;
  73. static OSSL_PROVIDER *libprov = NULL;
  74. static OSSL_LIB_CTX *libctx = NULL;
  75. /* List of public and private keys */
  76. static KEY_LIST *private_keys;
  77. static KEY_LIST *public_keys;
  78. static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
  79. static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
  80. static int is_digest_disabled(const char *name);
  81. static int is_pkey_disabled(const char *name);
  82. static int is_mac_disabled(const char *name);
  83. static int is_cipher_disabled(const char *name);
  84. static int is_kdf_disabled(const char *name);
  85. /*
  86. * Compare two memory regions for equality, returning zero if they differ.
  87. * However, if there is expected to be an error and the actual error
  88. * matches then the memory is expected to be different so handle this
  89. * case without producing unnecessary test framework output.
  90. */
  91. static int memory_err_compare(EVP_TEST *t, const char *err,
  92. const void *expected, size_t expected_len,
  93. const void *got, size_t got_len)
  94. {
  95. int r;
  96. if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
  97. r = !TEST_mem_ne(expected, expected_len, got, got_len);
  98. else
  99. r = TEST_mem_eq(expected, expected_len, got, got_len);
  100. if (!r)
  101. t->err = err;
  102. return r;
  103. }
  104. /* Option specific for evp test */
  105. static int process_mode_in_place;
  106. static const char *propquery = NULL;
  107. static int evp_test_process_mode(char *mode)
  108. {
  109. if (strcmp(mode, "in_place") == 0)
  110. return 1;
  111. else if (strcmp(mode, "both") == 0)
  112. return 0;
  113. return -1;
  114. }
  115. /*
  116. * Structure used to hold a list of blocks of memory to test
  117. * calls to "update" like functions.
  118. */
  119. struct evp_test_buffer_st {
  120. unsigned char *buf;
  121. size_t buflen;
  122. size_t count;
  123. int count_set;
  124. };
  125. static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
  126. {
  127. if (db != NULL) {
  128. OPENSSL_free(db->buf);
  129. OPENSSL_free(db);
  130. }
  131. }
  132. /* append buffer to a list */
  133. static int evp_test_buffer_append(const char *value,
  134. STACK_OF(EVP_TEST_BUFFER) **sk)
  135. {
  136. EVP_TEST_BUFFER *db = NULL;
  137. if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
  138. goto err;
  139. if (!parse_bin(value, &db->buf, &db->buflen))
  140. goto err;
  141. db->count = 1;
  142. db->count_set = 0;
  143. if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
  144. goto err;
  145. if (!sk_EVP_TEST_BUFFER_push(*sk, db))
  146. goto err;
  147. return 1;
  148. err:
  149. evp_test_buffer_free(db);
  150. return 0;
  151. }
  152. /* replace last buffer in list with copies of itself */
  153. static int evp_test_buffer_ncopy(const char *value,
  154. STACK_OF(EVP_TEST_BUFFER) *sk)
  155. {
  156. EVP_TEST_BUFFER *db;
  157. unsigned char *tbuf, *p;
  158. size_t tbuflen;
  159. int ncopy = atoi(value);
  160. int i;
  161. if (ncopy <= 0)
  162. return 0;
  163. if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
  164. return 0;
  165. db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
  166. tbuflen = db->buflen * ncopy;
  167. if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
  168. return 0;
  169. for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
  170. memcpy(p, db->buf, db->buflen);
  171. OPENSSL_free(db->buf);
  172. db->buf = tbuf;
  173. db->buflen = tbuflen;
  174. return 1;
  175. }
  176. /* set repeat count for last buffer in list */
  177. static int evp_test_buffer_set_count(const char *value,
  178. STACK_OF(EVP_TEST_BUFFER) *sk)
  179. {
  180. EVP_TEST_BUFFER *db;
  181. int count = atoi(value);
  182. if (count <= 0)
  183. return 0;
  184. if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
  185. return 0;
  186. db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
  187. if (db->count_set != 0)
  188. return 0;
  189. db->count = (size_t)count;
  190. db->count_set = 1;
  191. return 1;
  192. }
  193. /* call "fn" with each element of the list in turn */
  194. static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
  195. int (*fn)(void *ctx,
  196. const unsigned char *buf,
  197. size_t buflen),
  198. void *ctx)
  199. {
  200. int i;
  201. for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
  202. EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
  203. size_t j;
  204. for (j = 0; j < tb->count; j++) {
  205. if (fn(ctx, tb->buf, tb->buflen) <= 0)
  206. return 0;
  207. }
  208. }
  209. return 1;
  210. }
  211. /*
  212. * Unescape some sequences in string literals (only \n for now).
  213. * Return an allocated buffer, set |out_len|. If |input_len|
  214. * is zero, get an empty buffer but set length to zero.
  215. */
  216. static unsigned char* unescape(const char *input, size_t input_len,
  217. size_t *out_len)
  218. {
  219. unsigned char *ret, *p;
  220. size_t i;
  221. if (input_len == 0) {
  222. *out_len = 0;
  223. return OPENSSL_zalloc(1);
  224. }
  225. /* Escaping is non-expanding; over-allocate original size for simplicity. */
  226. if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
  227. return NULL;
  228. for (i = 0; i < input_len; i++) {
  229. if (*input == '\\') {
  230. if (i == input_len - 1 || *++input != 'n') {
  231. TEST_error("Bad escape sequence in file");
  232. goto err;
  233. }
  234. *p++ = '\n';
  235. i++;
  236. input++;
  237. } else {
  238. *p++ = *input++;
  239. }
  240. }
  241. *out_len = p - ret;
  242. return ret;
  243. err:
  244. OPENSSL_free(ret);
  245. return NULL;
  246. }
  247. /*
  248. * For a hex string "value" convert to a binary allocated buffer.
  249. * Return 1 on success or 0 on failure.
  250. */
  251. static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
  252. {
  253. long len;
  254. /* Check for NULL literal */
  255. if (strcmp(value, "NULL") == 0) {
  256. *buf = NULL;
  257. *buflen = 0;
  258. return 1;
  259. }
  260. /* Check for empty value */
  261. if (*value == '\0') {
  262. /*
  263. * Don't return NULL for zero length buffer. This is needed for
  264. * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
  265. * buffer even if the key length is 0, in order to detect key reset.
  266. */
  267. *buf = OPENSSL_malloc(1);
  268. if (*buf == NULL)
  269. return 0;
  270. **buf = 0;
  271. *buflen = 0;
  272. return 1;
  273. }
  274. /* Check for string literal */
  275. if (value[0] == '"') {
  276. size_t vlen = strlen(++value);
  277. if (vlen == 0 || value[vlen - 1] != '"')
  278. return 0;
  279. vlen--;
  280. *buf = unescape(value, vlen, buflen);
  281. return *buf == NULL ? 0 : 1;
  282. }
  283. /* Otherwise assume as hex literal and convert it to binary buffer */
  284. if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
  285. TEST_info("Can't convert %s", value);
  286. TEST_openssl_errors();
  287. return -1;
  288. }
  289. /* Size of input buffer means we'll never overflow */
  290. *buflen = len;
  291. return 1;
  292. }
  293. /**
  294. ** MESSAGE DIGEST TESTS
  295. **/
  296. typedef struct digest_data_st {
  297. /* Digest this test is for */
  298. const EVP_MD *digest;
  299. EVP_MD *fetched_digest;
  300. /* Input to digest */
  301. STACK_OF(EVP_TEST_BUFFER) *input;
  302. /* Expected output */
  303. unsigned char *output;
  304. size_t output_len;
  305. /* Padding type */
  306. int pad_type;
  307. /* XOF mode? */
  308. int xof;
  309. } DIGEST_DATA;
  310. static int digest_test_init(EVP_TEST *t, const char *alg)
  311. {
  312. DIGEST_DATA *mdat;
  313. const EVP_MD *digest;
  314. EVP_MD *fetched_digest;
  315. if (is_digest_disabled(alg)) {
  316. TEST_info("skipping, '%s' is disabled", alg);
  317. t->skip = 1;
  318. return 1;
  319. }
  320. if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
  321. && (digest = EVP_get_digestbyname(alg)) == NULL)
  322. return 0;
  323. if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
  324. return 0;
  325. t->data = mdat;
  326. mdat->digest = digest;
  327. mdat->fetched_digest = fetched_digest;
  328. mdat->pad_type = 0;
  329. mdat->xof = 0;
  330. if (fetched_digest != NULL)
  331. TEST_info("%s is fetched", alg);
  332. return 1;
  333. }
  334. static void digest_test_cleanup(EVP_TEST *t)
  335. {
  336. DIGEST_DATA *mdat = t->data;
  337. sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
  338. OPENSSL_free(mdat->output);
  339. EVP_MD_free(mdat->fetched_digest);
  340. }
  341. static int digest_test_parse(EVP_TEST *t,
  342. const char *keyword, const char *value)
  343. {
  344. DIGEST_DATA *mdata = t->data;
  345. if (strcmp(keyword, "Input") == 0)
  346. return evp_test_buffer_append(value, &mdata->input);
  347. if (strcmp(keyword, "Output") == 0)
  348. return parse_bin(value, &mdata->output, &mdata->output_len);
  349. if (strcmp(keyword, "Count") == 0)
  350. return evp_test_buffer_set_count(value, mdata->input);
  351. if (strcmp(keyword, "Ncopy") == 0)
  352. return evp_test_buffer_ncopy(value, mdata->input);
  353. if (strcmp(keyword, "Padding") == 0)
  354. return (mdata->pad_type = atoi(value)) > 0;
  355. if (strcmp(keyword, "XOF") == 0)
  356. return (mdata->xof = atoi(value)) > 0;
  357. return 0;
  358. }
  359. static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
  360. {
  361. return EVP_DigestUpdate(ctx, buf, buflen);
  362. }
  363. static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx)
  364. {
  365. char dont[] = "touch";
  366. if (!TEST_ptr(mctx))
  367. return 0;
  368. if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) {
  369. EVP_MD_CTX_free(mctx);
  370. t->err = "DIGESTFINALXOF_ERROR";
  371. return 0;
  372. }
  373. if (!TEST_str_eq(dont, "touch")) {
  374. EVP_MD_CTX_free(mctx);
  375. t->err = "DIGESTFINALXOF_ERROR";
  376. return 0;
  377. }
  378. EVP_MD_CTX_free(mctx);
  379. return 1;
  380. }
  381. static int digest_test_run(EVP_TEST *t)
  382. {
  383. DIGEST_DATA *expected = t->data;
  384. EVP_TEST_BUFFER *inbuf;
  385. EVP_MD_CTX *mctx;
  386. unsigned char *got = NULL;
  387. unsigned int got_len;
  388. size_t size = 0;
  389. int xof = 0;
  390. OSSL_PARAM params[3], *p = &params[0];
  391. t->err = "TEST_FAILURE";
  392. if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
  393. goto err;
  394. got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
  395. expected->output_len : EVP_MAX_MD_SIZE);
  396. if (!TEST_ptr(got))
  397. goto err;
  398. if (expected->xof > 0) {
  399. xof |= 1;
  400. *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
  401. &expected->output_len);
  402. }
  403. if (expected->pad_type > 0)
  404. *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
  405. &expected->pad_type);
  406. *p++ = OSSL_PARAM_construct_end();
  407. if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) {
  408. t->err = "DIGESTINIT_ERROR";
  409. goto err;
  410. }
  411. if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
  412. t->err = "DIGESTUPDATE_ERROR";
  413. goto err;
  414. }
  415. xof |= (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0;
  416. if (xof) {
  417. EVP_MD_CTX *mctx_cpy;
  418. if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
  419. goto err;
  420. }
  421. if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) {
  422. EVP_MD_CTX_free(mctx_cpy);
  423. goto err;
  424. } else if (!test_duplicate_md_ctx(t, mctx_cpy)) {
  425. goto err;
  426. }
  427. if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx)))
  428. goto err;
  429. got_len = expected->output_len;
  430. if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
  431. t->err = "DIGESTFINALXOF_ERROR";
  432. goto err;
  433. }
  434. } else {
  435. if (!EVP_DigestFinal(mctx, got, &got_len)) {
  436. t->err = "DIGESTFINAL_ERROR";
  437. goto err;
  438. }
  439. }
  440. if (!TEST_int_eq(expected->output_len, got_len)) {
  441. t->err = "DIGEST_LENGTH_MISMATCH";
  442. goto err;
  443. }
  444. if (!memory_err_compare(t, "DIGEST_MISMATCH",
  445. expected->output, expected->output_len,
  446. got, got_len))
  447. goto err;
  448. t->err = NULL;
  449. /* Test the EVP_Q_digest interface as well */
  450. if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
  451. && !xof
  452. /* This should never fail but we need the returned pointer now */
  453. && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
  454. && !inbuf->count_set) {
  455. OPENSSL_cleanse(got, got_len);
  456. if (!TEST_true(EVP_Q_digest(libctx,
  457. EVP_MD_get0_name(expected->fetched_digest),
  458. NULL, inbuf->buf, inbuf->buflen,
  459. got, &size))
  460. || !TEST_mem_eq(got, size,
  461. expected->output, expected->output_len)) {
  462. t->err = "EVP_Q_digest failed";
  463. goto err;
  464. }
  465. }
  466. err:
  467. OPENSSL_free(got);
  468. EVP_MD_CTX_free(mctx);
  469. return 1;
  470. }
  471. static const EVP_TEST_METHOD digest_test_method = {
  472. "Digest",
  473. digest_test_init,
  474. digest_test_cleanup,
  475. digest_test_parse,
  476. digest_test_run
  477. };
  478. /**
  479. *** CIPHER TESTS
  480. **/
  481. typedef struct cipher_data_st {
  482. const EVP_CIPHER *cipher;
  483. EVP_CIPHER *fetched_cipher;
  484. int enc;
  485. /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
  486. int aead;
  487. unsigned char *key;
  488. size_t key_len;
  489. size_t key_bits; /* Used by RC2 */
  490. unsigned char *iv;
  491. unsigned char *next_iv; /* Expected IV state after operation */
  492. unsigned int rounds;
  493. size_t iv_len;
  494. unsigned char *plaintext;
  495. size_t plaintext_len;
  496. unsigned char *ciphertext;
  497. size_t ciphertext_len;
  498. /* AEAD ciphers only */
  499. unsigned char *aad[AAD_NUM];
  500. size_t aad_len[AAD_NUM];
  501. int tls_aad;
  502. int tls_version;
  503. unsigned char *tag;
  504. const char *cts_mode;
  505. size_t tag_len;
  506. int tag_late;
  507. unsigned char *mac_key;
  508. size_t mac_key_len;
  509. const char *xts_standard;
  510. } CIPHER_DATA;
  511. static int cipher_test_init(EVP_TEST *t, const char *alg)
  512. {
  513. const EVP_CIPHER *cipher;
  514. EVP_CIPHER *fetched_cipher;
  515. CIPHER_DATA *cdat;
  516. int m;
  517. if (is_cipher_disabled(alg)) {
  518. t->skip = 1;
  519. TEST_info("skipping, '%s' is disabled", alg);
  520. return 1;
  521. }
  522. ERR_set_mark();
  523. if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL
  524. && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
  525. /* a stitched cipher might not be available */
  526. if (strstr(alg, "HMAC") != NULL) {
  527. ERR_pop_to_mark();
  528. t->skip = 1;
  529. TEST_info("skipping, '%s' is not available", alg);
  530. return 1;
  531. }
  532. ERR_clear_last_mark();
  533. return 0;
  534. }
  535. ERR_clear_last_mark();
  536. if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
  537. return 0;
  538. cdat->cipher = cipher;
  539. cdat->fetched_cipher = fetched_cipher;
  540. cdat->enc = -1;
  541. m = EVP_CIPHER_get_mode(cipher);
  542. if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
  543. cdat->aead = m != 0 ? m : -1;
  544. else
  545. cdat->aead = 0;
  546. t->data = cdat;
  547. if (fetched_cipher != NULL)
  548. TEST_info("%s is fetched", alg);
  549. return 1;
  550. }
  551. static void cipher_test_cleanup(EVP_TEST *t)
  552. {
  553. int i;
  554. CIPHER_DATA *cdat = t->data;
  555. OPENSSL_free(cdat->key);
  556. OPENSSL_free(cdat->iv);
  557. OPENSSL_free(cdat->next_iv);
  558. OPENSSL_free(cdat->ciphertext);
  559. OPENSSL_free(cdat->plaintext);
  560. for (i = 0; i < AAD_NUM; i++)
  561. OPENSSL_free(cdat->aad[i]);
  562. OPENSSL_free(cdat->tag);
  563. OPENSSL_free(cdat->mac_key);
  564. EVP_CIPHER_free(cdat->fetched_cipher);
  565. }
  566. static int cipher_test_parse(EVP_TEST *t, const char *keyword,
  567. const char *value)
  568. {
  569. CIPHER_DATA *cdat = t->data;
  570. int i;
  571. if (strcmp(keyword, "Key") == 0)
  572. return parse_bin(value, &cdat->key, &cdat->key_len);
  573. if (strcmp(keyword, "Rounds") == 0) {
  574. i = atoi(value);
  575. if (i < 0)
  576. return -1;
  577. cdat->rounds = (unsigned int)i;
  578. return 1;
  579. }
  580. if (strcmp(keyword, "IV") == 0)
  581. return parse_bin(value, &cdat->iv, &cdat->iv_len);
  582. if (strcmp(keyword, "NextIV") == 0)
  583. return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
  584. if (strcmp(keyword, "Plaintext") == 0)
  585. return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
  586. if (strcmp(keyword, "Ciphertext") == 0)
  587. return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
  588. if (strcmp(keyword, "KeyBits") == 0) {
  589. i = atoi(value);
  590. if (i < 0)
  591. return -1;
  592. cdat->key_bits = (size_t)i;
  593. return 1;
  594. }
  595. if (cdat->aead) {
  596. int tls_aad = 0;
  597. if (strcmp(keyword, "TLSAAD") == 0)
  598. cdat->tls_aad = tls_aad = 1;
  599. if (strcmp(keyword, "AAD") == 0 || tls_aad) {
  600. for (i = 0; i < AAD_NUM; i++) {
  601. if (cdat->aad[i] == NULL)
  602. return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
  603. }
  604. return -1;
  605. }
  606. if (strcmp(keyword, "Tag") == 0)
  607. return parse_bin(value, &cdat->tag, &cdat->tag_len);
  608. if (strcmp(keyword, "SetTagLate") == 0) {
  609. if (strcmp(value, "TRUE") == 0)
  610. cdat->tag_late = 1;
  611. else if (strcmp(value, "FALSE") == 0)
  612. cdat->tag_late = 0;
  613. else
  614. return -1;
  615. return 1;
  616. }
  617. if (strcmp(keyword, "MACKey") == 0)
  618. return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
  619. if (strcmp(keyword, "TLSVersion") == 0) {
  620. char *endptr;
  621. cdat->tls_version = (int)strtol(value, &endptr, 0);
  622. return value[0] != '\0' && endptr[0] == '\0';
  623. }
  624. }
  625. if (strcmp(keyword, "Operation") == 0) {
  626. if (strcmp(value, "ENCRYPT") == 0)
  627. cdat->enc = 1;
  628. else if (strcmp(value, "DECRYPT") == 0)
  629. cdat->enc = 0;
  630. else
  631. return -1;
  632. return 1;
  633. }
  634. if (strcmp(keyword, "CTSMode") == 0) {
  635. cdat->cts_mode = value;
  636. return 1;
  637. }
  638. if (strcmp(keyword, "XTSStandard") == 0) {
  639. cdat->xts_standard = value;
  640. return 1;
  641. }
  642. return 0;
  643. }
  644. static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
  645. size_t inp_misalign, int frag, int in_place)
  646. {
  647. CIPHER_DATA *expected = t->data;
  648. unsigned char *in, *expected_out, *tmp = NULL;
  649. size_t in_len, out_len, donelen = 0;
  650. int ok = 0, tmplen, chunklen, tmpflen, i;
  651. EVP_CIPHER_CTX *ctx_base = NULL;
  652. EVP_CIPHER_CTX *ctx = NULL, *duped;
  653. int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0);
  654. t->err = "TEST_FAILURE";
  655. if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
  656. goto err;
  657. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
  658. goto err;
  659. EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
  660. if (enc) {
  661. in = expected->plaintext;
  662. in_len = expected->plaintext_len;
  663. expected_out = expected->ciphertext;
  664. out_len = expected->ciphertext_len;
  665. } else {
  666. in = expected->ciphertext;
  667. in_len = expected->ciphertext_len;
  668. expected_out = expected->plaintext;
  669. out_len = expected->plaintext_len;
  670. }
  671. if (in_place == 1) {
  672. /* Exercise in-place encryption */
  673. tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
  674. if (!tmp)
  675. goto err;
  676. in = memcpy(tmp + out_misalign, in, in_len);
  677. } else {
  678. inp_misalign += 16 - ((out_misalign + in_len) & 15);
  679. /*
  680. * 'tmp' will store both output and copy of input. We make the copy
  681. * of input to specifically aligned part of 'tmp'. So we just
  682. * figured out how much padding would ensure the required alignment,
  683. * now we allocate extended buffer and finally copy the input just
  684. * past inp_misalign in expression below. Output will be written
  685. * past out_misalign...
  686. */
  687. tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
  688. inp_misalign + in_len);
  689. if (!tmp)
  690. goto err;
  691. in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
  692. inp_misalign, in, in_len);
  693. }
  694. if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) {
  695. t->err = "CIPHERINIT_ERROR";
  696. goto err;
  697. }
  698. if (expected->cts_mode != NULL) {
  699. OSSL_PARAM params[2];
  700. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
  701. (char *)expected->cts_mode,
  702. 0);
  703. params[1] = OSSL_PARAM_construct_end();
  704. if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
  705. t->err = "INVALID_CTS_MODE";
  706. goto err;
  707. }
  708. }
  709. if (expected->iv) {
  710. if (expected->aead) {
  711. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
  712. expected->iv_len, 0) <= 0) {
  713. t->err = "INVALID_IV_LENGTH";
  714. goto err;
  715. }
  716. } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
  717. t->err = "INVALID_IV_LENGTH";
  718. goto err;
  719. }
  720. }
  721. if (expected->aead && !expected->tls_aad) {
  722. unsigned char *tag;
  723. /*
  724. * If encrypting or OCB just set tag length initially, otherwise
  725. * set tag length and value.
  726. */
  727. if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
  728. t->err = "TAG_LENGTH_SET_ERROR";
  729. tag = NULL;
  730. } else {
  731. t->err = "TAG_SET_ERROR";
  732. tag = expected->tag;
  733. }
  734. if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
  735. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
  736. expected->tag_len, tag) <= 0)
  737. goto err;
  738. }
  739. }
  740. if (expected->rounds > 0) {
  741. int rounds = (int)expected->rounds;
  742. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
  743. t->err = "INVALID_ROUNDS";
  744. goto err;
  745. }
  746. }
  747. if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
  748. t->err = "INVALID_KEY_LENGTH";
  749. goto err;
  750. }
  751. if (expected->key_bits > 0) {
  752. int bits = (int)expected->key_bits;
  753. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
  754. t->err = "INVALID KEY BITS";
  755. goto err;
  756. }
  757. }
  758. if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
  759. t->err = "KEY_SET_ERROR";
  760. goto err;
  761. }
  762. /* Check that we get the same IV back */
  763. if (expected->iv != NULL) {
  764. /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
  765. unsigned char iv[128];
  766. if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
  767. || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
  768. && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
  769. expected->iv_len))) {
  770. t->err = "INVALID_IV";
  771. goto err;
  772. }
  773. }
  774. /* Test that the cipher dup functions correctly if it is supported */
  775. ERR_set_mark();
  776. if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
  777. if (fips_dupctx_supported) {
  778. TEST_info("Doing a copy of Cipher %s Fails!\n",
  779. EVP_CIPHER_get0_name(expected->cipher));
  780. ERR_print_errors_fp(stderr);
  781. goto err;
  782. } else {
  783. TEST_info("Allowing copy fail as an old fips provider is in use.");
  784. }
  785. EVP_CIPHER_CTX_free(ctx);
  786. ctx = ctx_base;
  787. } else {
  788. EVP_CIPHER_CTX_free(ctx_base);
  789. ctx_base = NULL;
  790. }
  791. /* Likewise for dup */
  792. duped = EVP_CIPHER_CTX_dup(ctx);
  793. if (duped != NULL) {
  794. EVP_CIPHER_CTX_free(ctx);
  795. ctx = duped;
  796. } else {
  797. if (fips_dupctx_supported) {
  798. TEST_info("Doing a dup of Cipher %s Fails!\n",
  799. EVP_CIPHER_get0_name(expected->cipher));
  800. ERR_print_errors_fp(stderr);
  801. goto err;
  802. } else {
  803. TEST_info("Allowing dup fail as an old fips provider is in use.");
  804. }
  805. }
  806. ERR_pop_to_mark();
  807. if (expected->mac_key != NULL
  808. && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
  809. (int)expected->mac_key_len,
  810. (void *)expected->mac_key) <= 0) {
  811. t->err = "SET_MAC_KEY_ERROR";
  812. goto err;
  813. }
  814. if (expected->tls_version) {
  815. OSSL_PARAM params[2];
  816. params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
  817. &expected->tls_version);
  818. params[1] = OSSL_PARAM_construct_end();
  819. if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
  820. t->err = "SET_TLS_VERSION_ERROR";
  821. goto err;
  822. }
  823. }
  824. if (expected->aead == EVP_CIPH_CCM_MODE) {
  825. if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
  826. t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
  827. goto err;
  828. }
  829. }
  830. if (expected->aad[0] != NULL && !expected->tls_aad) {
  831. t->err = "AAD_SET_ERROR";
  832. if (!frag) {
  833. for (i = 0; expected->aad[i] != NULL; i++) {
  834. if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i],
  835. expected->aad_len[i]))
  836. goto err;
  837. }
  838. } else {
  839. /*
  840. * Supply the AAD in chunks less than the block size where possible
  841. */
  842. for (i = 0; expected->aad[i] != NULL; i++) {
  843. if (expected->aad_len[i] > 0) {
  844. if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
  845. goto err;
  846. donelen++;
  847. }
  848. if (expected->aad_len[i] > 2) {
  849. if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
  850. expected->aad[i] + donelen,
  851. expected->aad_len[i] - 2))
  852. goto err;
  853. donelen += expected->aad_len[i] - 2;
  854. }
  855. if (expected->aad_len[i] > 1
  856. && !EVP_CipherUpdate(ctx, NULL, &chunklen,
  857. expected->aad[i] + donelen, 1))
  858. goto err;
  859. }
  860. }
  861. }
  862. if (expected->tls_aad) {
  863. OSSL_PARAM params[2];
  864. char *tls_aad;
  865. /* duplicate the aad as the implementation might modify it */
  866. if ((tls_aad = OPENSSL_memdup(expected->aad[0],
  867. expected->aad_len[0])) == NULL)
  868. goto err;
  869. params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
  870. tls_aad,
  871. expected->aad_len[0]);
  872. params[1] = OSSL_PARAM_construct_end();
  873. if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
  874. OPENSSL_free(tls_aad);
  875. t->err = "TLS1_AAD_ERROR";
  876. goto err;
  877. }
  878. OPENSSL_free(tls_aad);
  879. } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
  880. || expected->tag_late)) {
  881. if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  882. expected->tag_len, expected->tag) <= 0) {
  883. t->err = "TAG_SET_ERROR";
  884. goto err;
  885. }
  886. }
  887. if (expected->xts_standard != NULL) {
  888. OSSL_PARAM params[2];
  889. params[0] =
  890. OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD,
  891. (char *)expected->xts_standard, 0);
  892. params[1] = OSSL_PARAM_construct_end();
  893. if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
  894. t->err = "SET_XTS_STANDARD_ERROR";
  895. goto err;
  896. }
  897. }
  898. EVP_CIPHER_CTX_set_padding(ctx, 0);
  899. t->err = "CIPHERUPDATE_ERROR";
  900. tmplen = 0;
  901. if (!frag) {
  902. /* We supply the data all in one go */
  903. if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
  904. goto err;
  905. } else {
  906. /* Supply the data in chunks less than the block size where possible */
  907. if (in_len > 0) {
  908. if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
  909. goto err;
  910. tmplen += chunklen;
  911. in++;
  912. in_len--;
  913. }
  914. if (in_len > 1) {
  915. if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
  916. in, in_len - 1))
  917. goto err;
  918. tmplen += chunklen;
  919. in += in_len - 1;
  920. in_len = 1;
  921. }
  922. if (in_len > 0) {
  923. if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
  924. in, 1))
  925. goto err;
  926. tmplen += chunklen;
  927. }
  928. }
  929. if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
  930. t->err = "CIPHERFINAL_ERROR";
  931. goto err;
  932. }
  933. if (!enc && expected->tls_aad) {
  934. if (expected->tls_version >= TLS1_1_VERSION
  935. && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
  936. || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
  937. tmplen -= expected->iv_len;
  938. expected_out += expected->iv_len;
  939. out_misalign += expected->iv_len;
  940. }
  941. if ((int)out_len > tmplen + tmpflen)
  942. out_len = tmplen + tmpflen;
  943. }
  944. if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
  945. tmp + out_misalign, tmplen + tmpflen))
  946. goto err;
  947. if (enc && expected->aead && !expected->tls_aad) {
  948. unsigned char rtag[16];
  949. if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
  950. t->err = "TAG_LENGTH_INTERNAL_ERROR";
  951. goto err;
  952. }
  953. if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  954. expected->tag_len, rtag) <= 0) {
  955. t->err = "TAG_RETRIEVE_ERROR";
  956. goto err;
  957. }
  958. if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
  959. expected->tag, expected->tag_len,
  960. rtag, expected->tag_len))
  961. goto err;
  962. }
  963. /* Check the updated IV */
  964. if (expected->next_iv != NULL) {
  965. /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
  966. unsigned char iv[128];
  967. if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
  968. || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
  969. && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
  970. expected->iv_len))) {
  971. t->err = "INVALID_NEXT_IV";
  972. goto err;
  973. }
  974. }
  975. t->err = NULL;
  976. ok = 1;
  977. err:
  978. OPENSSL_free(tmp);
  979. if (ctx != ctx_base)
  980. EVP_CIPHER_CTX_free(ctx_base);
  981. EVP_CIPHER_CTX_free(ctx);
  982. return ok;
  983. }
  984. /*
  985. * XTS, SIV, CCM, stitched ciphers and Wrap modes have special
  986. * requirements about input lengths so we don't fragment for those
  987. */
  988. static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat)
  989. {
  990. return (cdat->aead == EVP_CIPH_CCM_MODE
  991. || cdat->aead == EVP_CIPH_CBC_MODE
  992. || (cdat->aead == -1
  993. && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
  994. || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
  995. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
  996. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE
  997. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
  998. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1;
  999. }
  1000. static int cipher_test_run(EVP_TEST *t)
  1001. {
  1002. CIPHER_DATA *cdat = t->data;
  1003. int rv, frag, fragmax, in_place;
  1004. size_t out_misalign, inp_misalign;
  1005. TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
  1006. if (!cdat->key) {
  1007. t->err = "NO_KEY";
  1008. return 0;
  1009. }
  1010. if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) {
  1011. /* IV is optional and usually omitted in wrap mode */
  1012. if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
  1013. t->err = "NO_IV";
  1014. return 0;
  1015. }
  1016. }
  1017. if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
  1018. t->err = "NO_TAG";
  1019. return 0;
  1020. }
  1021. fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1;
  1022. for (in_place = 1; in_place >= 0; in_place--) {
  1023. static char aux_err[64];
  1024. t->aux_err = aux_err;
  1025. /* Test only in-place data processing */
  1026. if (process_mode_in_place == 1 && in_place == 0)
  1027. break;
  1028. for (frag = 0; frag <= fragmax; frag++) {
  1029. for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
  1030. for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) {
  1031. /* Skip input misalign tests for in-place processing */
  1032. if (inp_misalign == 1 && in_place == 1)
  1033. break;
  1034. if (in_place == 1) {
  1035. BIO_snprintf(aux_err, sizeof(aux_err),
  1036. "%s in-place, %sfragmented",
  1037. out_misalign ? "misaligned" : "aligned",
  1038. frag ? "" : "not ");
  1039. } else {
  1040. BIO_snprintf(aux_err, sizeof(aux_err),
  1041. "%s output and %s input, %sfragmented",
  1042. out_misalign ? "misaligned" : "aligned",
  1043. inp_misalign ? "misaligned" : "aligned",
  1044. frag ? "" : "not ");
  1045. }
  1046. if (cdat->enc) {
  1047. rv = cipher_test_enc(t, 1, out_misalign, inp_misalign,
  1048. frag, in_place);
  1049. /* Not fatal errors: return */
  1050. if (rv != 1) {
  1051. if (rv < 0)
  1052. return 0;
  1053. return 1;
  1054. }
  1055. }
  1056. if (cdat->enc != 1) {
  1057. rv = cipher_test_enc(t, 0, out_misalign, inp_misalign,
  1058. frag, in_place);
  1059. /* Not fatal errors: return */
  1060. if (rv != 1) {
  1061. if (rv < 0)
  1062. return 0;
  1063. return 1;
  1064. }
  1065. }
  1066. }
  1067. }
  1068. }
  1069. }
  1070. t->aux_err = NULL;
  1071. return 1;
  1072. }
  1073. static const EVP_TEST_METHOD cipher_test_method = {
  1074. "Cipher",
  1075. cipher_test_init,
  1076. cipher_test_cleanup,
  1077. cipher_test_parse,
  1078. cipher_test_run
  1079. };
  1080. /**
  1081. ** MAC TESTS
  1082. **/
  1083. typedef struct mac_data_st {
  1084. /* MAC type in one form or another */
  1085. char *mac_name;
  1086. EVP_MAC *mac; /* for mac_test_run_mac */
  1087. int type; /* for mac_test_run_pkey */
  1088. /* Algorithm string for this MAC */
  1089. char *alg;
  1090. /* MAC key */
  1091. unsigned char *key;
  1092. size_t key_len;
  1093. /* MAC IV (GMAC) */
  1094. unsigned char *iv;
  1095. size_t iv_len;
  1096. /* Input to MAC */
  1097. unsigned char *input;
  1098. size_t input_len;
  1099. /* Expected output */
  1100. unsigned char *output;
  1101. size_t output_len;
  1102. unsigned char *custom;
  1103. size_t custom_len;
  1104. /* MAC salt (blake2) */
  1105. unsigned char *salt;
  1106. size_t salt_len;
  1107. /* XOF mode? */
  1108. int xof;
  1109. /* Reinitialization fails */
  1110. int no_reinit;
  1111. /* Collection of controls */
  1112. STACK_OF(OPENSSL_STRING) *controls;
  1113. /* Output size */
  1114. int output_size;
  1115. /* Block size */
  1116. int block_size;
  1117. } MAC_DATA;
  1118. static int mac_test_init(EVP_TEST *t, const char *alg)
  1119. {
  1120. EVP_MAC *mac = NULL;
  1121. int type = NID_undef;
  1122. MAC_DATA *mdat;
  1123. if (is_mac_disabled(alg)) {
  1124. TEST_info("skipping, '%s' is disabled", alg);
  1125. t->skip = 1;
  1126. return 1;
  1127. }
  1128. if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) {
  1129. /*
  1130. * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
  1131. * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
  1132. * the EVP_PKEY method.
  1133. */
  1134. size_t sz = strlen(alg);
  1135. static const char epilogue[] = " by EVP_PKEY";
  1136. if (sz >= sizeof(epilogue)
  1137. && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
  1138. sz -= sizeof(epilogue) - 1;
  1139. if (strncmp(alg, "HMAC", sz) == 0)
  1140. type = EVP_PKEY_HMAC;
  1141. else if (strncmp(alg, "CMAC", sz) == 0)
  1142. type = EVP_PKEY_CMAC;
  1143. else if (strncmp(alg, "Poly1305", sz) == 0)
  1144. type = EVP_PKEY_POLY1305;
  1145. else if (strncmp(alg, "SipHash", sz) == 0)
  1146. type = EVP_PKEY_SIPHASH;
  1147. else
  1148. return 0;
  1149. }
  1150. if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
  1151. return 0;
  1152. mdat->type = type;
  1153. if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
  1154. OPENSSL_free(mdat);
  1155. return 0;
  1156. }
  1157. mdat->mac = mac;
  1158. if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
  1159. OPENSSL_free(mdat->mac_name);
  1160. OPENSSL_free(mdat);
  1161. return 0;
  1162. }
  1163. mdat->output_size = mdat->block_size = -1;
  1164. t->data = mdat;
  1165. return 1;
  1166. }
  1167. /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
  1168. static void openssl_free(char *m)
  1169. {
  1170. OPENSSL_free(m);
  1171. }
  1172. static void mac_test_cleanup(EVP_TEST *t)
  1173. {
  1174. MAC_DATA *mdat = t->data;
  1175. EVP_MAC_free(mdat->mac);
  1176. OPENSSL_free(mdat->mac_name);
  1177. sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
  1178. OPENSSL_free(mdat->alg);
  1179. OPENSSL_free(mdat->key);
  1180. OPENSSL_free(mdat->iv);
  1181. OPENSSL_free(mdat->custom);
  1182. OPENSSL_free(mdat->salt);
  1183. OPENSSL_free(mdat->input);
  1184. OPENSSL_free(mdat->output);
  1185. }
  1186. static int mac_test_parse(EVP_TEST *t,
  1187. const char *keyword, const char *value)
  1188. {
  1189. MAC_DATA *mdata = t->data;
  1190. if (strcmp(keyword, "Key") == 0)
  1191. return parse_bin(value, &mdata->key, &mdata->key_len);
  1192. if (strcmp(keyword, "IV") == 0)
  1193. return parse_bin(value, &mdata->iv, &mdata->iv_len);
  1194. if (strcmp(keyword, "Custom") == 0)
  1195. return parse_bin(value, &mdata->custom, &mdata->custom_len);
  1196. if (strcmp(keyword, "Salt") == 0)
  1197. return parse_bin(value, &mdata->salt, &mdata->salt_len);
  1198. if (strcmp(keyword, "Algorithm") == 0) {
  1199. mdata->alg = OPENSSL_strdup(value);
  1200. if (mdata->alg == NULL)
  1201. return -1;
  1202. return 1;
  1203. }
  1204. if (strcmp(keyword, "Input") == 0)
  1205. return parse_bin(value, &mdata->input, &mdata->input_len);
  1206. if (strcmp(keyword, "Output") == 0)
  1207. return parse_bin(value, &mdata->output, &mdata->output_len);
  1208. if (strcmp(keyword, "XOF") == 0)
  1209. return mdata->xof = 1;
  1210. if (strcmp(keyword, "NoReinit") == 0)
  1211. return mdata->no_reinit = 1;
  1212. if (strcmp(keyword, "Ctrl") == 0) {
  1213. char *data = OPENSSL_strdup(value);
  1214. if (data == NULL)
  1215. return -1;
  1216. return sk_OPENSSL_STRING_push(mdata->controls, data) != 0;
  1217. }
  1218. if (strcmp(keyword, "OutputSize") == 0) {
  1219. mdata->output_size = atoi(value);
  1220. if (mdata->output_size < 0)
  1221. return -1;
  1222. return 1;
  1223. }
  1224. if (strcmp(keyword, "BlockSize") == 0) {
  1225. mdata->block_size = atoi(value);
  1226. if (mdata->block_size < 0)
  1227. return -1;
  1228. return 1;
  1229. }
  1230. return 0;
  1231. }
  1232. static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
  1233. const char *value)
  1234. {
  1235. int rv = 0;
  1236. char *p, *tmpval;
  1237. if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
  1238. return 0;
  1239. p = strchr(tmpval, ':');
  1240. if (p != NULL) {
  1241. *p++ = '\0';
  1242. rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
  1243. }
  1244. if (rv == -2)
  1245. t->err = "PKEY_CTRL_INVALID";
  1246. else if (rv <= 0)
  1247. t->err = "PKEY_CTRL_ERROR";
  1248. else
  1249. rv = 1;
  1250. OPENSSL_free(tmpval);
  1251. return rv > 0;
  1252. }
  1253. static int mac_test_run_pkey(EVP_TEST *t)
  1254. {
  1255. MAC_DATA *expected = t->data;
  1256. EVP_MD_CTX *mctx = NULL;
  1257. EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
  1258. EVP_PKEY *key = NULL;
  1259. const char *mdname = NULL;
  1260. EVP_CIPHER *cipher = NULL;
  1261. unsigned char *got = NULL;
  1262. size_t got_len;
  1263. int i;
  1264. /* We don't do XOF mode via PKEY */
  1265. if (expected->xof)
  1266. return 1;
  1267. if (expected->alg == NULL)
  1268. TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
  1269. else
  1270. TEST_info("Trying the EVP_PKEY %s test with %s",
  1271. OBJ_nid2sn(expected->type), expected->alg);
  1272. if (expected->type == EVP_PKEY_CMAC) {
  1273. #ifdef OPENSSL_NO_DEPRECATED_3_0
  1274. TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
  1275. t->skip = 1;
  1276. t->err = NULL;
  1277. goto err;
  1278. #else
  1279. OSSL_LIB_CTX *tmpctx;
  1280. if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
  1281. TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
  1282. t->skip = 1;
  1283. t->err = NULL;
  1284. goto err;
  1285. }
  1286. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) {
  1287. t->err = "MAC_KEY_CREATE_ERROR";
  1288. goto err;
  1289. }
  1290. tmpctx = OSSL_LIB_CTX_set0_default(libctx);
  1291. key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
  1292. cipher);
  1293. OSSL_LIB_CTX_set0_default(tmpctx);
  1294. #endif
  1295. } else {
  1296. key = EVP_PKEY_new_raw_private_key_ex(libctx,
  1297. OBJ_nid2sn(expected->type), NULL,
  1298. expected->key, expected->key_len);
  1299. }
  1300. if (key == NULL) {
  1301. t->err = "MAC_KEY_CREATE_ERROR";
  1302. goto err;
  1303. }
  1304. if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
  1305. if (is_digest_disabled(expected->alg)) {
  1306. TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
  1307. t->skip = 1;
  1308. t->err = NULL;
  1309. goto err;
  1310. }
  1311. mdname = expected->alg;
  1312. }
  1313. if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
  1314. t->err = "INTERNAL_ERROR";
  1315. goto err;
  1316. }
  1317. if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
  1318. t->err = "DIGESTSIGNINIT_ERROR";
  1319. goto err;
  1320. }
  1321. for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
  1322. if (!mac_test_ctrl_pkey(t, pctx,
  1323. sk_OPENSSL_STRING_value(expected->controls,
  1324. i))) {
  1325. t->err = "EVPPKEYCTXCTRL_ERROR";
  1326. goto err;
  1327. }
  1328. if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
  1329. t->err = "DIGESTSIGNUPDATE_ERROR";
  1330. goto err;
  1331. }
  1332. if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
  1333. t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
  1334. goto err;
  1335. }
  1336. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1337. t->err = "TEST_FAILURE";
  1338. goto err;
  1339. }
  1340. if (!EVP_DigestSignFinal(mctx, got, &got_len)
  1341. || !memory_err_compare(t, "TEST_MAC_ERR",
  1342. expected->output, expected->output_len,
  1343. got, got_len)) {
  1344. t->err = "TEST_MAC_ERR";
  1345. goto err;
  1346. }
  1347. t->err = NULL;
  1348. err:
  1349. EVP_CIPHER_free(cipher);
  1350. EVP_MD_CTX_free(mctx);
  1351. OPENSSL_free(got);
  1352. EVP_PKEY_CTX_free(genctx);
  1353. EVP_PKEY_free(key);
  1354. return 1;
  1355. }
  1356. static int mac_test_run_mac(EVP_TEST *t)
  1357. {
  1358. MAC_DATA *expected = t->data;
  1359. EVP_MAC_CTX *ctx = NULL;
  1360. unsigned char *got = NULL;
  1361. size_t got_len = 0, size = 0;
  1362. int i, block_size = -1, output_size = -1;
  1363. OSSL_PARAM params[21], sizes[3], *psizes = sizes;
  1364. size_t params_n = 0;
  1365. size_t params_n_allocstart = 0;
  1366. const OSSL_PARAM *defined_params =
  1367. EVP_MAC_settable_ctx_params(expected->mac);
  1368. int xof;
  1369. int reinit = 1;
  1370. if (expected->alg == NULL)
  1371. TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
  1372. else
  1373. TEST_info("Trying the EVP_MAC %s test with %s",
  1374. expected->mac_name, expected->alg);
  1375. if (expected->alg != NULL) {
  1376. int skip = 0;
  1377. /*
  1378. * The underlying algorithm may be a cipher or a digest.
  1379. * We don't know which it is, but we can ask the MAC what it
  1380. * should be and bet on that.
  1381. */
  1382. if (OSSL_PARAM_locate_const(defined_params,
  1383. OSSL_MAC_PARAM_CIPHER) != NULL) {
  1384. if (is_cipher_disabled(expected->alg))
  1385. skip = 1;
  1386. else
  1387. params[params_n++] =
  1388. OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
  1389. expected->alg, 0);
  1390. } else if (OSSL_PARAM_locate_const(defined_params,
  1391. OSSL_MAC_PARAM_DIGEST) != NULL) {
  1392. if (is_digest_disabled(expected->alg))
  1393. skip = 1;
  1394. else
  1395. params[params_n++] =
  1396. OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
  1397. expected->alg, 0);
  1398. } else {
  1399. t->err = "MAC_BAD_PARAMS";
  1400. goto err;
  1401. }
  1402. if (skip) {
  1403. TEST_info("skipping, algorithm '%s' is disabled", expected->alg);
  1404. t->skip = 1;
  1405. t->err = NULL;
  1406. goto err;
  1407. }
  1408. }
  1409. if (expected->custom != NULL)
  1410. params[params_n++] =
  1411. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
  1412. expected->custom,
  1413. expected->custom_len);
  1414. if (expected->salt != NULL)
  1415. params[params_n++] =
  1416. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
  1417. expected->salt,
  1418. expected->salt_len);
  1419. if (expected->iv != NULL)
  1420. params[params_n++] =
  1421. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
  1422. expected->iv,
  1423. expected->iv_len);
  1424. /* Unknown controls. They must match parameters that the MAC recognizes */
  1425. if (params_n + sk_OPENSSL_STRING_num(expected->controls)
  1426. >= OSSL_NELEM(params)) {
  1427. t->err = "MAC_TOO_MANY_PARAMETERS";
  1428. goto err;
  1429. }
  1430. params_n_allocstart = params_n;
  1431. for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
  1432. char *tmpkey, *tmpval;
  1433. char *value = sk_OPENSSL_STRING_value(expected->controls, i);
  1434. if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
  1435. t->err = "MAC_PARAM_ERROR";
  1436. goto err;
  1437. }
  1438. tmpval = strchr(tmpkey, ':');
  1439. if (tmpval != NULL)
  1440. *tmpval++ = '\0';
  1441. if (tmpval == NULL
  1442. || !OSSL_PARAM_allocate_from_text(&params[params_n],
  1443. defined_params,
  1444. tmpkey, tmpval,
  1445. strlen(tmpval), NULL)) {
  1446. OPENSSL_free(tmpkey);
  1447. t->err = "MAC_PARAM_ERROR";
  1448. goto err;
  1449. }
  1450. params_n++;
  1451. OPENSSL_free(tmpkey);
  1452. }
  1453. params[params_n] = OSSL_PARAM_construct_end();
  1454. if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
  1455. t->err = "MAC_CREATE_ERROR";
  1456. goto err;
  1457. }
  1458. if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
  1459. t->err = "MAC_INIT_ERROR";
  1460. goto err;
  1461. }
  1462. if (expected->output_size >= 0)
  1463. *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
  1464. &output_size);
  1465. if (expected->block_size >= 0)
  1466. *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
  1467. &block_size);
  1468. if (psizes != sizes) {
  1469. *psizes = OSSL_PARAM_construct_end();
  1470. if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
  1471. t->err = "INTERNAL_ERROR";
  1472. goto err;
  1473. }
  1474. if (expected->output_size >= 0
  1475. && !TEST_int_eq(output_size, expected->output_size)) {
  1476. t->err = "TEST_FAILURE";
  1477. goto err;
  1478. }
  1479. if (expected->block_size >= 0
  1480. && !TEST_int_eq(block_size, expected->block_size)) {
  1481. t->err = "TEST_FAILURE";
  1482. goto err;
  1483. }
  1484. }
  1485. retry:
  1486. if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
  1487. t->err = "MAC_UPDATE_ERROR";
  1488. goto err;
  1489. }
  1490. xof = expected->xof;
  1491. if (xof) {
  1492. if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
  1493. t->err = "TEST_FAILURE";
  1494. goto err;
  1495. }
  1496. if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
  1497. || !memory_err_compare(t, "TEST_MAC_ERR",
  1498. expected->output, expected->output_len,
  1499. got, expected->output_len)) {
  1500. t->err = "MAC_FINAL_ERROR";
  1501. goto err;
  1502. }
  1503. } else {
  1504. if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
  1505. t->err = "MAC_FINAL_LENGTH_ERROR";
  1506. goto err;
  1507. }
  1508. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1509. t->err = "TEST_FAILURE";
  1510. goto err;
  1511. }
  1512. if (!EVP_MAC_final(ctx, got, &got_len, got_len)
  1513. || !memory_err_compare(t, "TEST_MAC_ERR",
  1514. expected->output, expected->output_len,
  1515. got, got_len)) {
  1516. t->err = "TEST_MAC_ERR";
  1517. goto err;
  1518. }
  1519. }
  1520. /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */
  1521. if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) {
  1522. OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  1523. int ret;
  1524. /* If the MAC uses IV, we have to set it again */
  1525. if (expected->iv != NULL) {
  1526. ivparams[0] =
  1527. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
  1528. expected->iv,
  1529. expected->iv_len);
  1530. ivparams[1] = OSSL_PARAM_construct_end();
  1531. }
  1532. ERR_set_mark();
  1533. ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
  1534. if (expected->no_reinit) {
  1535. if (ret) {
  1536. ERR_clear_last_mark();
  1537. t->err = "MAC_REINIT_SHOULD_FAIL";
  1538. goto err;
  1539. }
  1540. } else if (ret) {
  1541. ERR_clear_last_mark();
  1542. OPENSSL_free(got);
  1543. got = NULL;
  1544. goto retry;
  1545. } else {
  1546. ERR_clear_last_mark();
  1547. t->err = "MAC_REINIT_ERROR";
  1548. goto err;
  1549. }
  1550. /* If reinitialization fails, it is unsupported by the algorithm */
  1551. ERR_pop_to_mark();
  1552. }
  1553. t->err = NULL;
  1554. /* Test the EVP_Q_mac interface as well */
  1555. if (!xof) {
  1556. OPENSSL_cleanse(got, got_len);
  1557. if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
  1558. expected->alg, params,
  1559. expected->key, expected->key_len,
  1560. expected->input, expected->input_len,
  1561. got, got_len, &size))
  1562. || !TEST_mem_eq(got, size,
  1563. expected->output, expected->output_len)) {
  1564. t->err = "EVP_Q_mac failed";
  1565. goto err;
  1566. }
  1567. }
  1568. err:
  1569. while (params_n-- > params_n_allocstart) {
  1570. OPENSSL_free(params[params_n].data);
  1571. }
  1572. EVP_MAC_CTX_free(ctx);
  1573. OPENSSL_free(got);
  1574. return 1;
  1575. }
  1576. static int mac_test_run(EVP_TEST *t)
  1577. {
  1578. MAC_DATA *expected = t->data;
  1579. if (expected->mac != NULL)
  1580. return mac_test_run_mac(t);
  1581. return mac_test_run_pkey(t);
  1582. }
  1583. static const EVP_TEST_METHOD mac_test_method = {
  1584. "MAC",
  1585. mac_test_init,
  1586. mac_test_cleanup,
  1587. mac_test_parse,
  1588. mac_test_run
  1589. };
  1590. /**
  1591. ** PUBLIC KEY TESTS
  1592. ** These are all very similar and share much common code.
  1593. **/
  1594. typedef struct pkey_data_st {
  1595. /* Context for this operation */
  1596. EVP_PKEY_CTX *ctx;
  1597. /* Key operation to perform */
  1598. int (*keyop) (EVP_PKEY_CTX *ctx,
  1599. unsigned char *sig, size_t *siglen,
  1600. const unsigned char *tbs, size_t tbslen);
  1601. /* Input to MAC */
  1602. unsigned char *input;
  1603. size_t input_len;
  1604. /* Expected output */
  1605. unsigned char *output;
  1606. size_t output_len;
  1607. } PKEY_DATA;
  1608. /*
  1609. * Perform public key operation setup: lookup key, allocated ctx and call
  1610. * the appropriate initialisation function
  1611. */
  1612. static int pkey_test_init(EVP_TEST *t, const char *name,
  1613. int use_public,
  1614. int (*keyopinit) (EVP_PKEY_CTX *ctx),
  1615. int (*keyop)(EVP_PKEY_CTX *ctx,
  1616. unsigned char *sig, size_t *siglen,
  1617. const unsigned char *tbs,
  1618. size_t tbslen))
  1619. {
  1620. PKEY_DATA *kdata;
  1621. EVP_PKEY *pkey = NULL;
  1622. int rv = 0;
  1623. if (use_public)
  1624. rv = find_key(&pkey, name, public_keys);
  1625. if (rv == 0)
  1626. rv = find_key(&pkey, name, private_keys);
  1627. if (rv == 0 || pkey == NULL) {
  1628. TEST_info("skipping, key '%s' is disabled", name);
  1629. t->skip = 1;
  1630. return 1;
  1631. }
  1632. if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
  1633. EVP_PKEY_free(pkey);
  1634. return 0;
  1635. }
  1636. kdata->keyop = keyop;
  1637. if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) {
  1638. EVP_PKEY_free(pkey);
  1639. OPENSSL_free(kdata);
  1640. return 0;
  1641. }
  1642. if (keyopinit(kdata->ctx) <= 0)
  1643. t->err = "KEYOP_INIT_ERROR";
  1644. t->data = kdata;
  1645. return 1;
  1646. }
  1647. static void pkey_test_cleanup(EVP_TEST *t)
  1648. {
  1649. PKEY_DATA *kdata = t->data;
  1650. OPENSSL_free(kdata->input);
  1651. OPENSSL_free(kdata->output);
  1652. EVP_PKEY_CTX_free(kdata->ctx);
  1653. }
  1654. static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
  1655. const char *value)
  1656. {
  1657. int rv = 0;
  1658. char *p, *tmpval;
  1659. if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
  1660. return 0;
  1661. p = strchr(tmpval, ':');
  1662. if (p != NULL) {
  1663. *p++ = '\0';
  1664. rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
  1665. }
  1666. if (rv == -2) {
  1667. t->err = "PKEY_CTRL_INVALID";
  1668. rv = 1;
  1669. } else if (p != NULL && rv <= 0) {
  1670. if (is_digest_disabled(p) || is_cipher_disabled(p)) {
  1671. TEST_info("skipping, '%s' is disabled", p);
  1672. t->skip = 1;
  1673. rv = 1;
  1674. } else {
  1675. t->err = "PKEY_CTRL_ERROR";
  1676. rv = 1;
  1677. }
  1678. }
  1679. OPENSSL_free(tmpval);
  1680. return rv > 0;
  1681. }
  1682. static int pkey_test_parse(EVP_TEST *t,
  1683. const char *keyword, const char *value)
  1684. {
  1685. PKEY_DATA *kdata = t->data;
  1686. if (strcmp(keyword, "Input") == 0)
  1687. return parse_bin(value, &kdata->input, &kdata->input_len);
  1688. if (strcmp(keyword, "Output") == 0)
  1689. return parse_bin(value, &kdata->output, &kdata->output_len);
  1690. if (strcmp(keyword, "Ctrl") == 0)
  1691. return pkey_test_ctrl(t, kdata->ctx, value);
  1692. return 0;
  1693. }
  1694. static int pkey_test_run(EVP_TEST *t)
  1695. {
  1696. PKEY_DATA *expected = t->data;
  1697. unsigned char *got = NULL;
  1698. size_t got_len;
  1699. EVP_PKEY_CTX *copy = NULL;
  1700. if (expected->keyop(expected->ctx, NULL, &got_len,
  1701. expected->input, expected->input_len) <= 0
  1702. || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1703. t->err = "KEYOP_LENGTH_ERROR";
  1704. goto err;
  1705. }
  1706. if (expected->keyop(expected->ctx, got, &got_len,
  1707. expected->input, expected->input_len) <= 0) {
  1708. t->err = "KEYOP_ERROR";
  1709. goto err;
  1710. }
  1711. if (!memory_err_compare(t, "KEYOP_MISMATCH",
  1712. expected->output, expected->output_len,
  1713. got, got_len))
  1714. goto err;
  1715. t->err = NULL;
  1716. OPENSSL_free(got);
  1717. got = NULL;
  1718. /* Repeat the test on a copy. */
  1719. if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
  1720. t->err = "INTERNAL_ERROR";
  1721. goto err;
  1722. }
  1723. if (expected->keyop(copy, NULL, &got_len, expected->input,
  1724. expected->input_len) <= 0
  1725. || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1726. t->err = "KEYOP_LENGTH_ERROR";
  1727. goto err;
  1728. }
  1729. if (expected->keyop(copy, got, &got_len, expected->input,
  1730. expected->input_len) <= 0) {
  1731. t->err = "KEYOP_ERROR";
  1732. goto err;
  1733. }
  1734. if (!memory_err_compare(t, "KEYOP_MISMATCH",
  1735. expected->output, expected->output_len,
  1736. got, got_len))
  1737. goto err;
  1738. err:
  1739. OPENSSL_free(got);
  1740. EVP_PKEY_CTX_free(copy);
  1741. return 1;
  1742. }
  1743. static int sign_test_init(EVP_TEST *t, const char *name)
  1744. {
  1745. return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
  1746. }
  1747. static const EVP_TEST_METHOD psign_test_method = {
  1748. "Sign",
  1749. sign_test_init,
  1750. pkey_test_cleanup,
  1751. pkey_test_parse,
  1752. pkey_test_run
  1753. };
  1754. static int verify_recover_test_init(EVP_TEST *t, const char *name)
  1755. {
  1756. return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
  1757. EVP_PKEY_verify_recover);
  1758. }
  1759. static const EVP_TEST_METHOD pverify_recover_test_method = {
  1760. "VerifyRecover",
  1761. verify_recover_test_init,
  1762. pkey_test_cleanup,
  1763. pkey_test_parse,
  1764. pkey_test_run
  1765. };
  1766. static int decrypt_test_init(EVP_TEST *t, const char *name)
  1767. {
  1768. return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
  1769. EVP_PKEY_decrypt);
  1770. }
  1771. static const EVP_TEST_METHOD pdecrypt_test_method = {
  1772. "Decrypt",
  1773. decrypt_test_init,
  1774. pkey_test_cleanup,
  1775. pkey_test_parse,
  1776. pkey_test_run
  1777. };
  1778. static int verify_test_init(EVP_TEST *t, const char *name)
  1779. {
  1780. return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
  1781. }
  1782. static int verify_test_run(EVP_TEST *t)
  1783. {
  1784. PKEY_DATA *kdata = t->data;
  1785. if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
  1786. kdata->input, kdata->input_len) <= 0)
  1787. t->err = "VERIFY_ERROR";
  1788. return 1;
  1789. }
  1790. static const EVP_TEST_METHOD pverify_test_method = {
  1791. "Verify",
  1792. verify_test_init,
  1793. pkey_test_cleanup,
  1794. pkey_test_parse,
  1795. verify_test_run
  1796. };
  1797. static int pderive_test_init(EVP_TEST *t, const char *name)
  1798. {
  1799. return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
  1800. }
  1801. static int pderive_test_parse(EVP_TEST *t,
  1802. const char *keyword, const char *value)
  1803. {
  1804. PKEY_DATA *kdata = t->data;
  1805. int validate = 0;
  1806. if (strcmp(keyword, "PeerKeyValidate") == 0)
  1807. validate = 1;
  1808. if (validate || strcmp(keyword, "PeerKey") == 0) {
  1809. EVP_PKEY *peer;
  1810. if (find_key(&peer, value, public_keys) == 0)
  1811. return -1;
  1812. if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) {
  1813. t->err = "DERIVE_SET_PEER_ERROR";
  1814. return 1;
  1815. }
  1816. t->err = NULL;
  1817. return 1;
  1818. }
  1819. if (strcmp(keyword, "SharedSecret") == 0)
  1820. return parse_bin(value, &kdata->output, &kdata->output_len);
  1821. if (strcmp(keyword, "Ctrl") == 0)
  1822. return pkey_test_ctrl(t, kdata->ctx, value);
  1823. if (strcmp(keyword, "KDFType") == 0) {
  1824. OSSL_PARAM params[2];
  1825. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
  1826. (char *)value, 0);
  1827. params[1] = OSSL_PARAM_construct_end();
  1828. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1829. return -1;
  1830. return 1;
  1831. }
  1832. if (strcmp(keyword, "KDFDigest") == 0) {
  1833. OSSL_PARAM params[2];
  1834. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
  1835. (char *)value, 0);
  1836. params[1] = OSSL_PARAM_construct_end();
  1837. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1838. return -1;
  1839. return 1;
  1840. }
  1841. if (strcmp(keyword, "CEKAlg") == 0) {
  1842. OSSL_PARAM params[2];
  1843. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
  1844. (char *)value, 0);
  1845. params[1] = OSSL_PARAM_construct_end();
  1846. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1847. return -1;
  1848. return 1;
  1849. }
  1850. if (strcmp(keyword, "KDFOutlen") == 0) {
  1851. OSSL_PARAM params[2];
  1852. char *endptr;
  1853. size_t outlen = (size_t)strtoul(value, &endptr, 0);
  1854. if (endptr[0] != '\0')
  1855. return -1;
  1856. params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
  1857. &outlen);
  1858. params[1] = OSSL_PARAM_construct_end();
  1859. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1860. return -1;
  1861. return 1;
  1862. }
  1863. return 0;
  1864. }
  1865. static int pderive_test_run(EVP_TEST *t)
  1866. {
  1867. EVP_PKEY_CTX *dctx = NULL;
  1868. PKEY_DATA *expected = t->data;
  1869. unsigned char *got = NULL;
  1870. size_t got_len;
  1871. if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
  1872. t->err = "DERIVE_ERROR";
  1873. goto err;
  1874. }
  1875. if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
  1876. || !TEST_size_t_ne(got_len, 0)) {
  1877. t->err = "DERIVE_ERROR";
  1878. goto err;
  1879. }
  1880. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1881. t->err = "DERIVE_ERROR";
  1882. goto err;
  1883. }
  1884. if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
  1885. t->err = "DERIVE_ERROR";
  1886. goto err;
  1887. }
  1888. if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
  1889. expected->output, expected->output_len,
  1890. got, got_len))
  1891. goto err;
  1892. t->err = NULL;
  1893. err:
  1894. OPENSSL_free(got);
  1895. EVP_PKEY_CTX_free(dctx);
  1896. return 1;
  1897. }
  1898. static const EVP_TEST_METHOD pderive_test_method = {
  1899. "Derive",
  1900. pderive_test_init,
  1901. pkey_test_cleanup,
  1902. pderive_test_parse,
  1903. pderive_test_run
  1904. };
  1905. /**
  1906. ** PBE TESTS
  1907. **/
  1908. typedef enum pbe_type_enum {
  1909. PBE_TYPE_INVALID = 0,
  1910. PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
  1911. } PBE_TYPE;
  1912. typedef struct pbe_data_st {
  1913. PBE_TYPE pbe_type;
  1914. /* scrypt parameters */
  1915. uint64_t N, r, p, maxmem;
  1916. /* PKCS#12 parameters */
  1917. int id, iter;
  1918. const EVP_MD *md;
  1919. /* password */
  1920. unsigned char *pass;
  1921. size_t pass_len;
  1922. /* salt */
  1923. unsigned char *salt;
  1924. size_t salt_len;
  1925. /* Expected output */
  1926. unsigned char *key;
  1927. size_t key_len;
  1928. } PBE_DATA;
  1929. #ifndef OPENSSL_NO_SCRYPT
  1930. /* Parse unsigned decimal 64 bit integer value */
  1931. static int parse_uint64(const char *value, uint64_t *pr)
  1932. {
  1933. const char *p = value;
  1934. if (!TEST_true(*p)) {
  1935. TEST_info("Invalid empty integer value");
  1936. return -1;
  1937. }
  1938. for (*pr = 0; *p; ) {
  1939. if (*pr > UINT64_MAX / 10) {
  1940. TEST_error("Integer overflow in string %s", value);
  1941. return -1;
  1942. }
  1943. *pr *= 10;
  1944. if (!TEST_true(isdigit((unsigned char)*p))) {
  1945. TEST_error("Invalid character in string %s", value);
  1946. return -1;
  1947. }
  1948. *pr += *p - '0';
  1949. p++;
  1950. }
  1951. return 1;
  1952. }
  1953. static int scrypt_test_parse(EVP_TEST *t,
  1954. const char *keyword, const char *value)
  1955. {
  1956. PBE_DATA *pdata = t->data;
  1957. if (strcmp(keyword, "N") == 0)
  1958. return parse_uint64(value, &pdata->N);
  1959. if (strcmp(keyword, "p") == 0)
  1960. return parse_uint64(value, &pdata->p);
  1961. if (strcmp(keyword, "r") == 0)
  1962. return parse_uint64(value, &pdata->r);
  1963. if (strcmp(keyword, "maxmem") == 0)
  1964. return parse_uint64(value, &pdata->maxmem);
  1965. return 0;
  1966. }
  1967. #endif
  1968. static int pbkdf2_test_parse(EVP_TEST *t,
  1969. const char *keyword, const char *value)
  1970. {
  1971. PBE_DATA *pdata = t->data;
  1972. if (strcmp(keyword, "iter") == 0) {
  1973. pdata->iter = atoi(value);
  1974. if (pdata->iter <= 0)
  1975. return -1;
  1976. return 1;
  1977. }
  1978. if (strcmp(keyword, "MD") == 0) {
  1979. pdata->md = EVP_get_digestbyname(value);
  1980. if (pdata->md == NULL)
  1981. return -1;
  1982. return 1;
  1983. }
  1984. return 0;
  1985. }
  1986. static int pkcs12_test_parse(EVP_TEST *t,
  1987. const char *keyword, const char *value)
  1988. {
  1989. PBE_DATA *pdata = t->data;
  1990. if (strcmp(keyword, "id") == 0) {
  1991. pdata->id = atoi(value);
  1992. if (pdata->id <= 0)
  1993. return -1;
  1994. return 1;
  1995. }
  1996. return pbkdf2_test_parse(t, keyword, value);
  1997. }
  1998. static int pbe_test_init(EVP_TEST *t, const char *alg)
  1999. {
  2000. PBE_DATA *pdat;
  2001. PBE_TYPE pbe_type = PBE_TYPE_INVALID;
  2002. if (is_kdf_disabled(alg)) {
  2003. TEST_info("skipping, '%s' is disabled", alg);
  2004. t->skip = 1;
  2005. return 1;
  2006. }
  2007. if (strcmp(alg, "scrypt") == 0) {
  2008. pbe_type = PBE_TYPE_SCRYPT;
  2009. } else if (strcmp(alg, "pbkdf2") == 0) {
  2010. pbe_type = PBE_TYPE_PBKDF2;
  2011. } else if (strcmp(alg, "pkcs12") == 0) {
  2012. pbe_type = PBE_TYPE_PKCS12;
  2013. } else {
  2014. TEST_error("Unknown pbe algorithm %s", alg);
  2015. return 0;
  2016. }
  2017. if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
  2018. return 0;
  2019. pdat->pbe_type = pbe_type;
  2020. t->data = pdat;
  2021. return 1;
  2022. }
  2023. static void pbe_test_cleanup(EVP_TEST *t)
  2024. {
  2025. PBE_DATA *pdat = t->data;
  2026. OPENSSL_free(pdat->pass);
  2027. OPENSSL_free(pdat->salt);
  2028. OPENSSL_free(pdat->key);
  2029. }
  2030. static int pbe_test_parse(EVP_TEST *t,
  2031. const char *keyword, const char *value)
  2032. {
  2033. PBE_DATA *pdata = t->data;
  2034. if (strcmp(keyword, "Password") == 0)
  2035. return parse_bin(value, &pdata->pass, &pdata->pass_len);
  2036. if (strcmp(keyword, "Salt") == 0)
  2037. return parse_bin(value, &pdata->salt, &pdata->salt_len);
  2038. if (strcmp(keyword, "Key") == 0)
  2039. return parse_bin(value, &pdata->key, &pdata->key_len);
  2040. if (pdata->pbe_type == PBE_TYPE_PBKDF2)
  2041. return pbkdf2_test_parse(t, keyword, value);
  2042. else if (pdata->pbe_type == PBE_TYPE_PKCS12)
  2043. return pkcs12_test_parse(t, keyword, value);
  2044. #ifndef OPENSSL_NO_SCRYPT
  2045. else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
  2046. return scrypt_test_parse(t, keyword, value);
  2047. #endif
  2048. return 0;
  2049. }
  2050. static int pbe_test_run(EVP_TEST *t)
  2051. {
  2052. PBE_DATA *expected = t->data;
  2053. unsigned char *key;
  2054. EVP_MD *fetched_digest = NULL;
  2055. OSSL_LIB_CTX *save_libctx;
  2056. save_libctx = OSSL_LIB_CTX_set0_default(libctx);
  2057. if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
  2058. t->err = "INTERNAL_ERROR";
  2059. goto err;
  2060. }
  2061. if (expected->pbe_type == PBE_TYPE_PBKDF2) {
  2062. if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
  2063. expected->salt, expected->salt_len,
  2064. expected->iter, expected->md,
  2065. expected->key_len, key) == 0) {
  2066. t->err = "PBKDF2_ERROR";
  2067. goto err;
  2068. }
  2069. #ifndef OPENSSL_NO_SCRYPT
  2070. } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
  2071. if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
  2072. expected->salt, expected->salt_len,
  2073. expected->N, expected->r, expected->p,
  2074. expected->maxmem, key, expected->key_len) == 0) {
  2075. t->err = "SCRYPT_ERROR";
  2076. goto err;
  2077. }
  2078. #endif
  2079. } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
  2080. fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
  2081. propquery);
  2082. if (fetched_digest == NULL) {
  2083. t->err = "PKCS12_ERROR";
  2084. goto err;
  2085. }
  2086. if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
  2087. expected->salt, expected->salt_len,
  2088. expected->id, expected->iter, expected->key_len,
  2089. key, fetched_digest) == 0) {
  2090. t->err = "PKCS12_ERROR";
  2091. goto err;
  2092. }
  2093. }
  2094. if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
  2095. key, expected->key_len))
  2096. goto err;
  2097. t->err = NULL;
  2098. err:
  2099. EVP_MD_free(fetched_digest);
  2100. OPENSSL_free(key);
  2101. OSSL_LIB_CTX_set0_default(save_libctx);
  2102. return 1;
  2103. }
  2104. static const EVP_TEST_METHOD pbe_test_method = {
  2105. "PBE",
  2106. pbe_test_init,
  2107. pbe_test_cleanup,
  2108. pbe_test_parse,
  2109. pbe_test_run
  2110. };
  2111. /**
  2112. ** BASE64 TESTS
  2113. **/
  2114. typedef enum {
  2115. BASE64_CANONICAL_ENCODING = 0,
  2116. BASE64_VALID_ENCODING = 1,
  2117. BASE64_INVALID_ENCODING = 2
  2118. } base64_encoding_type;
  2119. typedef struct encode_data_st {
  2120. /* Input to encoding */
  2121. unsigned char *input;
  2122. size_t input_len;
  2123. /* Expected output */
  2124. unsigned char *output;
  2125. size_t output_len;
  2126. base64_encoding_type encoding;
  2127. } ENCODE_DATA;
  2128. static int encode_test_init(EVP_TEST *t, const char *encoding)
  2129. {
  2130. ENCODE_DATA *edata;
  2131. if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
  2132. return 0;
  2133. if (strcmp(encoding, "canonical") == 0) {
  2134. edata->encoding = BASE64_CANONICAL_ENCODING;
  2135. } else if (strcmp(encoding, "valid") == 0) {
  2136. edata->encoding = BASE64_VALID_ENCODING;
  2137. } else if (strcmp(encoding, "invalid") == 0) {
  2138. edata->encoding = BASE64_INVALID_ENCODING;
  2139. if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
  2140. goto err;
  2141. } else {
  2142. TEST_error("Bad encoding: %s."
  2143. " Should be one of {canonical, valid, invalid}",
  2144. encoding);
  2145. goto err;
  2146. }
  2147. t->data = edata;
  2148. return 1;
  2149. err:
  2150. OPENSSL_free(edata);
  2151. return 0;
  2152. }
  2153. static void encode_test_cleanup(EVP_TEST *t)
  2154. {
  2155. ENCODE_DATA *edata = t->data;
  2156. OPENSSL_free(edata->input);
  2157. OPENSSL_free(edata->output);
  2158. memset(edata, 0, sizeof(*edata));
  2159. }
  2160. static int encode_test_parse(EVP_TEST *t,
  2161. const char *keyword, const char *value)
  2162. {
  2163. ENCODE_DATA *edata = t->data;
  2164. if (strcmp(keyword, "Input") == 0)
  2165. return parse_bin(value, &edata->input, &edata->input_len);
  2166. if (strcmp(keyword, "Output") == 0)
  2167. return parse_bin(value, &edata->output, &edata->output_len);
  2168. return 0;
  2169. }
  2170. static int encode_test_run(EVP_TEST *t)
  2171. {
  2172. ENCODE_DATA *expected = t->data;
  2173. unsigned char *encode_out = NULL, *decode_out = NULL;
  2174. int output_len, chunk_len;
  2175. EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
  2176. if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
  2177. t->err = "INTERNAL_ERROR";
  2178. goto err;
  2179. }
  2180. if (expected->encoding == BASE64_CANONICAL_ENCODING) {
  2181. if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
  2182. || !TEST_ptr(encode_out =
  2183. OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
  2184. goto err;
  2185. EVP_EncodeInit(encode_ctx);
  2186. if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
  2187. expected->input, expected->input_len)))
  2188. goto err;
  2189. output_len = chunk_len;
  2190. EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
  2191. output_len += chunk_len;
  2192. if (!memory_err_compare(t, "BAD_ENCODING",
  2193. expected->output, expected->output_len,
  2194. encode_out, output_len))
  2195. goto err;
  2196. }
  2197. if (!TEST_ptr(decode_out =
  2198. OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
  2199. goto err;
  2200. EVP_DecodeInit(decode_ctx);
  2201. if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output,
  2202. expected->output_len) < 0) {
  2203. t->err = "DECODE_ERROR";
  2204. goto err;
  2205. }
  2206. output_len = chunk_len;
  2207. if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
  2208. t->err = "DECODE_ERROR";
  2209. goto err;
  2210. }
  2211. output_len += chunk_len;
  2212. if (expected->encoding != BASE64_INVALID_ENCODING
  2213. && !memory_err_compare(t, "BAD_DECODING",
  2214. expected->input, expected->input_len,
  2215. decode_out, output_len)) {
  2216. t->err = "BAD_DECODING";
  2217. goto err;
  2218. }
  2219. t->err = NULL;
  2220. err:
  2221. OPENSSL_free(encode_out);
  2222. OPENSSL_free(decode_out);
  2223. EVP_ENCODE_CTX_free(decode_ctx);
  2224. EVP_ENCODE_CTX_free(encode_ctx);
  2225. return 1;
  2226. }
  2227. static const EVP_TEST_METHOD encode_test_method = {
  2228. "Encoding",
  2229. encode_test_init,
  2230. encode_test_cleanup,
  2231. encode_test_parse,
  2232. encode_test_run,
  2233. };
  2234. /**
  2235. ** RAND TESTS
  2236. **/
  2237. #define MAX_RAND_REPEATS 15
  2238. typedef struct rand_data_pass_st {
  2239. unsigned char *entropy;
  2240. unsigned char *reseed_entropy;
  2241. unsigned char *nonce;
  2242. unsigned char *pers;
  2243. unsigned char *reseed_addin;
  2244. unsigned char *addinA;
  2245. unsigned char *addinB;
  2246. unsigned char *pr_entropyA;
  2247. unsigned char *pr_entropyB;
  2248. unsigned char *output;
  2249. size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
  2250. pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
  2251. reseed_addin_len;
  2252. } RAND_DATA_PASS;
  2253. typedef struct rand_data_st {
  2254. /* Context for this operation */
  2255. EVP_RAND_CTX *ctx;
  2256. EVP_RAND_CTX *parent;
  2257. int n;
  2258. int prediction_resistance;
  2259. int use_df;
  2260. unsigned int generate_bits;
  2261. char *cipher;
  2262. char *digest;
  2263. /* Expected output */
  2264. RAND_DATA_PASS data[MAX_RAND_REPEATS];
  2265. } RAND_DATA;
  2266. static int rand_test_init(EVP_TEST *t, const char *name)
  2267. {
  2268. RAND_DATA *rdata;
  2269. EVP_RAND *rand;
  2270. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  2271. unsigned int strength = 256;
  2272. if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
  2273. return 0;
  2274. /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
  2275. rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
  2276. if (rand == NULL)
  2277. goto err;
  2278. rdata->parent = EVP_RAND_CTX_new(rand, NULL);
  2279. EVP_RAND_free(rand);
  2280. if (rdata->parent == NULL)
  2281. goto err;
  2282. *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
  2283. if (!EVP_RAND_CTX_set_params(rdata->parent, params))
  2284. goto err;
  2285. rand = EVP_RAND_fetch(libctx, name, propquery);
  2286. if (rand == NULL)
  2287. goto err;
  2288. rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
  2289. EVP_RAND_free(rand);
  2290. if (rdata->ctx == NULL)
  2291. goto err;
  2292. rdata->n = -1;
  2293. t->data = rdata;
  2294. return 1;
  2295. err:
  2296. EVP_RAND_CTX_free(rdata->parent);
  2297. OPENSSL_free(rdata);
  2298. return 0;
  2299. }
  2300. static void rand_test_cleanup(EVP_TEST *t)
  2301. {
  2302. RAND_DATA *rdata = t->data;
  2303. int i;
  2304. OPENSSL_free(rdata->cipher);
  2305. OPENSSL_free(rdata->digest);
  2306. for (i = 0; i <= rdata->n; i++) {
  2307. OPENSSL_free(rdata->data[i].entropy);
  2308. OPENSSL_free(rdata->data[i].reseed_entropy);
  2309. OPENSSL_free(rdata->data[i].nonce);
  2310. OPENSSL_free(rdata->data[i].pers);
  2311. OPENSSL_free(rdata->data[i].reseed_addin);
  2312. OPENSSL_free(rdata->data[i].addinA);
  2313. OPENSSL_free(rdata->data[i].addinB);
  2314. OPENSSL_free(rdata->data[i].pr_entropyA);
  2315. OPENSSL_free(rdata->data[i].pr_entropyB);
  2316. OPENSSL_free(rdata->data[i].output);
  2317. }
  2318. EVP_RAND_CTX_free(rdata->ctx);
  2319. EVP_RAND_CTX_free(rdata->parent);
  2320. }
  2321. static int rand_test_parse(EVP_TEST *t,
  2322. const char *keyword, const char *value)
  2323. {
  2324. RAND_DATA *rdata = t->data;
  2325. RAND_DATA_PASS *item;
  2326. const char *p;
  2327. int n;
  2328. if ((p = strchr(keyword, '.')) != NULL) {
  2329. n = atoi(++p);
  2330. if (n >= MAX_RAND_REPEATS)
  2331. return 0;
  2332. if (n > rdata->n)
  2333. rdata->n = n;
  2334. item = rdata->data + n;
  2335. if (HAS_PREFIX(keyword, "Entropy."))
  2336. return parse_bin(value, &item->entropy, &item->entropy_len);
  2337. if (HAS_PREFIX(keyword, "ReseedEntropy."))
  2338. return parse_bin(value, &item->reseed_entropy,
  2339. &item->reseed_entropy_len);
  2340. if (HAS_PREFIX(keyword, "Nonce."))
  2341. return parse_bin(value, &item->nonce, &item->nonce_len);
  2342. if (HAS_PREFIX(keyword, "PersonalisationString."))
  2343. return parse_bin(value, &item->pers, &item->pers_len);
  2344. if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
  2345. return parse_bin(value, &item->reseed_addin,
  2346. &item->reseed_addin_len);
  2347. if (HAS_PREFIX(keyword, "AdditionalInputA."))
  2348. return parse_bin(value, &item->addinA, &item->addinA_len);
  2349. if (HAS_PREFIX(keyword, "AdditionalInputB."))
  2350. return parse_bin(value, &item->addinB, &item->addinB_len);
  2351. if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
  2352. return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
  2353. if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
  2354. return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
  2355. if (HAS_PREFIX(keyword, "Output."))
  2356. return parse_bin(value, &item->output, &item->output_len);
  2357. } else {
  2358. if (strcmp(keyword, "Cipher") == 0)
  2359. return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
  2360. if (strcmp(keyword, "Digest") == 0)
  2361. return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
  2362. if (strcmp(keyword, "DerivationFunction") == 0) {
  2363. rdata->use_df = atoi(value) != 0;
  2364. return 1;
  2365. }
  2366. if (strcmp(keyword, "GenerateBits") == 0) {
  2367. if ((n = atoi(value)) <= 0 || n % 8 != 0)
  2368. return 0;
  2369. rdata->generate_bits = (unsigned int)n;
  2370. return 1;
  2371. }
  2372. if (strcmp(keyword, "PredictionResistance") == 0) {
  2373. rdata->prediction_resistance = atoi(value) != 0;
  2374. return 1;
  2375. }
  2376. }
  2377. return 0;
  2378. }
  2379. static int rand_test_run(EVP_TEST *t)
  2380. {
  2381. RAND_DATA *expected = t->data;
  2382. RAND_DATA_PASS *item;
  2383. unsigned char *got;
  2384. size_t got_len = expected->generate_bits / 8;
  2385. OSSL_PARAM params[5], *p = params;
  2386. int i = -1, ret = 0;
  2387. unsigned int strength;
  2388. unsigned char *z;
  2389. if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
  2390. return 0;
  2391. *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
  2392. if (expected->cipher != NULL)
  2393. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
  2394. expected->cipher, 0);
  2395. if (expected->digest != NULL)
  2396. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
  2397. expected->digest, 0);
  2398. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
  2399. *p = OSSL_PARAM_construct_end();
  2400. if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
  2401. goto err;
  2402. strength = EVP_RAND_get_strength(expected->ctx);
  2403. for (i = 0; i <= expected->n; i++) {
  2404. item = expected->data + i;
  2405. p = params;
  2406. z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
  2407. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  2408. z, item->entropy_len);
  2409. z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
  2410. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
  2411. z, item->nonce_len);
  2412. *p = OSSL_PARAM_construct_end();
  2413. if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
  2414. 0, NULL, 0, params)))
  2415. goto err;
  2416. z = item->pers != NULL ? item->pers : (unsigned char *)"";
  2417. if (!TEST_true(EVP_RAND_instantiate
  2418. (expected->ctx, strength,
  2419. expected->prediction_resistance, z,
  2420. item->pers_len, NULL)))
  2421. goto err;
  2422. if (item->reseed_entropy != NULL) {
  2423. params[0] = OSSL_PARAM_construct_octet_string
  2424. (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
  2425. item->reseed_entropy_len);
  2426. params[1] = OSSL_PARAM_construct_end();
  2427. if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
  2428. goto err;
  2429. if (!TEST_true(EVP_RAND_reseed
  2430. (expected->ctx, expected->prediction_resistance,
  2431. NULL, 0, item->reseed_addin,
  2432. item->reseed_addin_len)))
  2433. goto err;
  2434. }
  2435. if (item->pr_entropyA != NULL) {
  2436. params[0] = OSSL_PARAM_construct_octet_string
  2437. (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
  2438. item->pr_entropyA_len);
  2439. params[1] = OSSL_PARAM_construct_end();
  2440. if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
  2441. goto err;
  2442. }
  2443. if (!TEST_true(EVP_RAND_generate
  2444. (expected->ctx, got, got_len,
  2445. strength, expected->prediction_resistance,
  2446. item->addinA, item->addinA_len)))
  2447. goto err;
  2448. if (item->pr_entropyB != NULL) {
  2449. params[0] = OSSL_PARAM_construct_octet_string
  2450. (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
  2451. item->pr_entropyB_len);
  2452. params[1] = OSSL_PARAM_construct_end();
  2453. if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
  2454. goto err;
  2455. }
  2456. if (!TEST_true(EVP_RAND_generate
  2457. (expected->ctx, got, got_len,
  2458. strength, expected->prediction_resistance,
  2459. item->addinB, item->addinB_len)))
  2460. goto err;
  2461. if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
  2462. goto err;
  2463. if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
  2464. || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
  2465. || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
  2466. || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
  2467. EVP_RAND_STATE_UNINITIALISED))
  2468. goto err;
  2469. }
  2470. t->err = NULL;
  2471. ret = 1;
  2472. err:
  2473. if (ret == 0 && i >= 0)
  2474. TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
  2475. OPENSSL_free(got);
  2476. return ret;
  2477. }
  2478. static const EVP_TEST_METHOD rand_test_method = {
  2479. "RAND",
  2480. rand_test_init,
  2481. rand_test_cleanup,
  2482. rand_test_parse,
  2483. rand_test_run
  2484. };
  2485. /**
  2486. ** KDF TESTS
  2487. **/
  2488. typedef struct kdf_data_st {
  2489. /* Context for this operation */
  2490. EVP_KDF_CTX *ctx;
  2491. /* Expected output */
  2492. unsigned char *output;
  2493. size_t output_len;
  2494. OSSL_PARAM params[20];
  2495. OSSL_PARAM *p;
  2496. } KDF_DATA;
  2497. /*
  2498. * Perform public key operation setup: lookup key, allocated ctx and call
  2499. * the appropriate initialisation function
  2500. */
  2501. static int kdf_test_init(EVP_TEST *t, const char *name)
  2502. {
  2503. KDF_DATA *kdata;
  2504. EVP_KDF *kdf;
  2505. if (is_kdf_disabled(name)) {
  2506. TEST_info("skipping, '%s' is disabled", name);
  2507. t->skip = 1;
  2508. return 1;
  2509. }
  2510. if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
  2511. return 0;
  2512. kdata->p = kdata->params;
  2513. *kdata->p = OSSL_PARAM_construct_end();
  2514. kdf = EVP_KDF_fetch(libctx, name, propquery);
  2515. if (kdf == NULL) {
  2516. OPENSSL_free(kdata);
  2517. return 0;
  2518. }
  2519. kdata->ctx = EVP_KDF_CTX_new(kdf);
  2520. EVP_KDF_free(kdf);
  2521. if (kdata->ctx == NULL) {
  2522. OPENSSL_free(kdata);
  2523. return 0;
  2524. }
  2525. t->data = kdata;
  2526. return 1;
  2527. }
  2528. static void kdf_test_cleanup(EVP_TEST *t)
  2529. {
  2530. KDF_DATA *kdata = t->data;
  2531. OSSL_PARAM *p;
  2532. for (p = kdata->params; p->key != NULL; p++)
  2533. OPENSSL_free(p->data);
  2534. OPENSSL_free(kdata->output);
  2535. EVP_KDF_CTX_free(kdata->ctx);
  2536. }
  2537. static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
  2538. const char *value)
  2539. {
  2540. KDF_DATA *kdata = t->data;
  2541. int rv;
  2542. char *p, *name;
  2543. const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
  2544. if (!TEST_ptr(name = OPENSSL_strdup(value)))
  2545. return 0;
  2546. p = strchr(name, ':');
  2547. if (p != NULL)
  2548. *p++ = '\0';
  2549. if (strcmp(name, "r") == 0
  2550. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2551. TEST_info("skipping, setting 'r' is unsupported");
  2552. t->skip = 1;
  2553. goto end;
  2554. }
  2555. if (strcmp(name, "lanes") == 0
  2556. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2557. TEST_info("skipping, setting 'lanes' is unsupported");
  2558. t->skip = 1;
  2559. goto end;
  2560. }
  2561. if (strcmp(name, "iter") == 0
  2562. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2563. TEST_info("skipping, setting 'iter' is unsupported");
  2564. t->skip = 1;
  2565. goto end;
  2566. }
  2567. if (strcmp(name, "memcost") == 0
  2568. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2569. TEST_info("skipping, setting 'memcost' is unsupported");
  2570. t->skip = 1;
  2571. goto end;
  2572. }
  2573. if (strcmp(name, "secret") == 0
  2574. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2575. TEST_info("skipping, setting 'secret' is unsupported");
  2576. t->skip = 1;
  2577. goto end;
  2578. }
  2579. if (strcmp(name, "pass") == 0
  2580. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2581. TEST_info("skipping, setting 'pass' is unsupported");
  2582. t->skip = 1;
  2583. goto end;
  2584. }
  2585. if (strcmp(name, "ad") == 0
  2586. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2587. TEST_info("skipping, setting 'ad' is unsupported");
  2588. t->skip = 1;
  2589. goto end;
  2590. }
  2591. rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
  2592. p != NULL ? strlen(p) : 0, NULL);
  2593. *++kdata->p = OSSL_PARAM_construct_end();
  2594. if (!rv) {
  2595. t->err = "KDF_PARAM_ERROR";
  2596. OPENSSL_free(name);
  2597. return 0;
  2598. }
  2599. if (p != NULL && strcmp(name, "digest") == 0) {
  2600. if (is_digest_disabled(p)) {
  2601. TEST_info("skipping, '%s' is disabled", p);
  2602. t->skip = 1;
  2603. }
  2604. goto end;
  2605. }
  2606. if (p != NULL
  2607. && (strcmp(name, "cipher") == 0
  2608. || strcmp(name, "cekalg") == 0)
  2609. && is_cipher_disabled(p)) {
  2610. TEST_info("skipping, '%s' is disabled", p);
  2611. t->skip = 1;
  2612. goto end;
  2613. }
  2614. if (p != NULL
  2615. && (strcmp(name, "mac") == 0)
  2616. && is_mac_disabled(p)) {
  2617. TEST_info("skipping, '%s' is disabled", p);
  2618. t->skip = 1;
  2619. }
  2620. end:
  2621. OPENSSL_free(name);
  2622. return 1;
  2623. }
  2624. static int kdf_test_parse(EVP_TEST *t,
  2625. const char *keyword, const char *value)
  2626. {
  2627. KDF_DATA *kdata = t->data;
  2628. if (strcmp(keyword, "Output") == 0)
  2629. return parse_bin(value, &kdata->output, &kdata->output_len);
  2630. if (HAS_PREFIX(keyword, "Ctrl"))
  2631. return kdf_test_ctrl(t, kdata->ctx, value);
  2632. return 0;
  2633. }
  2634. static int kdf_test_run(EVP_TEST *t)
  2635. {
  2636. KDF_DATA *expected = t->data;
  2637. unsigned char *got = NULL;
  2638. size_t got_len = expected->output_len;
  2639. EVP_KDF_CTX *ctx;
  2640. if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
  2641. t->err = "KDF_CTRL_ERROR";
  2642. return 1;
  2643. }
  2644. if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
  2645. t->err = "INTERNAL_ERROR";
  2646. goto err;
  2647. }
  2648. /* FIPS(3.0.0): can't dup KDF contexts #17572 */
  2649. if (fips_provider_version_gt(libctx, 3, 0, 0)
  2650. && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) {
  2651. EVP_KDF_CTX_free(expected->ctx);
  2652. expected->ctx = ctx;
  2653. }
  2654. if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
  2655. t->err = "KDF_DERIVE_ERROR";
  2656. goto err;
  2657. }
  2658. if (!memory_err_compare(t, "KDF_MISMATCH",
  2659. expected->output, expected->output_len,
  2660. got, got_len))
  2661. goto err;
  2662. t->err = NULL;
  2663. err:
  2664. OPENSSL_free(got);
  2665. return 1;
  2666. }
  2667. static const EVP_TEST_METHOD kdf_test_method = {
  2668. "KDF",
  2669. kdf_test_init,
  2670. kdf_test_cleanup,
  2671. kdf_test_parse,
  2672. kdf_test_run
  2673. };
  2674. /**
  2675. ** PKEY KDF TESTS
  2676. **/
  2677. typedef struct pkey_kdf_data_st {
  2678. /* Context for this operation */
  2679. EVP_PKEY_CTX *ctx;
  2680. /* Expected output */
  2681. unsigned char *output;
  2682. size_t output_len;
  2683. } PKEY_KDF_DATA;
  2684. /*
  2685. * Perform public key operation setup: lookup key, allocated ctx and call
  2686. * the appropriate initialisation function
  2687. */
  2688. static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
  2689. {
  2690. PKEY_KDF_DATA *kdata = NULL;
  2691. if (is_kdf_disabled(name)) {
  2692. TEST_info("skipping, '%s' is disabled", name);
  2693. t->skip = 1;
  2694. return 1;
  2695. }
  2696. if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
  2697. return 0;
  2698. kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery);
  2699. if (kdata->ctx == NULL
  2700. || EVP_PKEY_derive_init(kdata->ctx) <= 0)
  2701. goto err;
  2702. t->data = kdata;
  2703. return 1;
  2704. err:
  2705. EVP_PKEY_CTX_free(kdata->ctx);
  2706. OPENSSL_free(kdata);
  2707. return 0;
  2708. }
  2709. static void pkey_kdf_test_cleanup(EVP_TEST *t)
  2710. {
  2711. PKEY_KDF_DATA *kdata = t->data;
  2712. OPENSSL_free(kdata->output);
  2713. EVP_PKEY_CTX_free(kdata->ctx);
  2714. }
  2715. static int pkey_kdf_test_parse(EVP_TEST *t,
  2716. const char *keyword, const char *value)
  2717. {
  2718. PKEY_KDF_DATA *kdata = t->data;
  2719. if (strcmp(keyword, "Output") == 0)
  2720. return parse_bin(value, &kdata->output, &kdata->output_len);
  2721. if (HAS_PREFIX(keyword, "Ctrl"))
  2722. return pkey_test_ctrl(t, kdata->ctx, value);
  2723. return 0;
  2724. }
  2725. static int pkey_kdf_test_run(EVP_TEST *t)
  2726. {
  2727. PKEY_KDF_DATA *expected = t->data;
  2728. unsigned char *got = NULL;
  2729. size_t got_len = 0;
  2730. if (fips_provider_version_eq(libctx, 3, 0, 0)) {
  2731. /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */
  2732. got_len = expected->output_len;
  2733. } else {
  2734. /* Find out the KDF output size */
  2735. if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
  2736. t->err = "INTERNAL_ERROR";
  2737. goto err;
  2738. }
  2739. /*
  2740. * We may get an absurd output size, which signals that anything goes.
  2741. * If not, we specify a too big buffer for the output, to test that
  2742. * EVP_PKEY_derive() can cope with it.
  2743. */
  2744. if (got_len == SIZE_MAX || got_len == 0)
  2745. got_len = expected->output_len;
  2746. else
  2747. got_len = expected->output_len * 2;
  2748. }
  2749. if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
  2750. t->err = "INTERNAL_ERROR";
  2751. goto err;
  2752. }
  2753. if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
  2754. t->err = "KDF_DERIVE_ERROR";
  2755. goto err;
  2756. }
  2757. if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
  2758. t->err = "KDF_MISMATCH";
  2759. goto err;
  2760. }
  2761. t->err = NULL;
  2762. err:
  2763. OPENSSL_free(got);
  2764. return 1;
  2765. }
  2766. static const EVP_TEST_METHOD pkey_kdf_test_method = {
  2767. "PKEYKDF",
  2768. pkey_kdf_test_init,
  2769. pkey_kdf_test_cleanup,
  2770. pkey_kdf_test_parse,
  2771. pkey_kdf_test_run
  2772. };
  2773. /**
  2774. ** KEYPAIR TESTS
  2775. **/
  2776. typedef struct keypair_test_data_st {
  2777. EVP_PKEY *privk;
  2778. EVP_PKEY *pubk;
  2779. } KEYPAIR_TEST_DATA;
  2780. static int keypair_test_init(EVP_TEST *t, const char *pair)
  2781. {
  2782. KEYPAIR_TEST_DATA *data;
  2783. int rv = 0;
  2784. EVP_PKEY *pk = NULL, *pubk = NULL;
  2785. char *pub, *priv = NULL;
  2786. /* Split private and public names. */
  2787. if (!TEST_ptr(priv = OPENSSL_strdup(pair))
  2788. || !TEST_ptr(pub = strchr(priv, ':'))) {
  2789. t->err = "PARSING_ERROR";
  2790. goto end;
  2791. }
  2792. *pub++ = '\0';
  2793. if (!TEST_true(find_key(&pk, priv, private_keys))) {
  2794. TEST_info("Can't find private key: %s", priv);
  2795. t->err = "MISSING_PRIVATE_KEY";
  2796. goto end;
  2797. }
  2798. if (!TEST_true(find_key(&pubk, pub, public_keys))) {
  2799. TEST_info("Can't find public key: %s", pub);
  2800. t->err = "MISSING_PUBLIC_KEY";
  2801. goto end;
  2802. }
  2803. if (pk == NULL && pubk == NULL) {
  2804. /* Both keys are listed but unsupported: skip this test */
  2805. t->skip = 1;
  2806. rv = 1;
  2807. goto end;
  2808. }
  2809. if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
  2810. goto end;
  2811. data->privk = pk;
  2812. data->pubk = pubk;
  2813. t->data = data;
  2814. rv = 1;
  2815. t->err = NULL;
  2816. end:
  2817. OPENSSL_free(priv);
  2818. return rv;
  2819. }
  2820. static void keypair_test_cleanup(EVP_TEST *t)
  2821. {
  2822. OPENSSL_free(t->data);
  2823. t->data = NULL;
  2824. }
  2825. /*
  2826. * For tests that do not accept any custom keywords.
  2827. */
  2828. static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
  2829. {
  2830. return 0;
  2831. }
  2832. static int keypair_test_run(EVP_TEST *t)
  2833. {
  2834. int rv = 0;
  2835. const KEYPAIR_TEST_DATA *pair = t->data;
  2836. if (pair->privk == NULL || pair->pubk == NULL) {
  2837. /*
  2838. * this can only happen if only one of the keys is not set
  2839. * which means that one of them was unsupported while the
  2840. * other isn't: hence a key type mismatch.
  2841. */
  2842. t->err = "KEYPAIR_TYPE_MISMATCH";
  2843. rv = 1;
  2844. goto end;
  2845. }
  2846. if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) {
  2847. if (0 == rv) {
  2848. t->err = "KEYPAIR_MISMATCH";
  2849. } else if (-1 == rv) {
  2850. t->err = "KEYPAIR_TYPE_MISMATCH";
  2851. } else if (-2 == rv) {
  2852. t->err = "UNSUPPORTED_KEY_COMPARISON";
  2853. } else {
  2854. TEST_error("Unexpected error in key comparison");
  2855. rv = 0;
  2856. goto end;
  2857. }
  2858. rv = 1;
  2859. goto end;
  2860. }
  2861. rv = 1;
  2862. t->err = NULL;
  2863. end:
  2864. return rv;
  2865. }
  2866. static const EVP_TEST_METHOD keypair_test_method = {
  2867. "PrivPubKeyPair",
  2868. keypair_test_init,
  2869. keypair_test_cleanup,
  2870. void_test_parse,
  2871. keypair_test_run
  2872. };
  2873. /**
  2874. ** KEYGEN TEST
  2875. **/
  2876. typedef struct keygen_test_data_st {
  2877. EVP_PKEY_CTX *genctx; /* Keygen context to use */
  2878. char *keyname; /* Key name to store key or NULL */
  2879. } KEYGEN_TEST_DATA;
  2880. static int keygen_test_init(EVP_TEST *t, const char *alg)
  2881. {
  2882. KEYGEN_TEST_DATA *data;
  2883. EVP_PKEY_CTX *genctx;
  2884. int nid = OBJ_sn2nid(alg);
  2885. if (nid == NID_undef) {
  2886. nid = OBJ_ln2nid(alg);
  2887. if (nid == NID_undef)
  2888. return 0;
  2889. }
  2890. if (is_pkey_disabled(alg)) {
  2891. t->skip = 1;
  2892. return 1;
  2893. }
  2894. if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, propquery)))
  2895. goto err;
  2896. if (EVP_PKEY_keygen_init(genctx) <= 0) {
  2897. t->err = "KEYGEN_INIT_ERROR";
  2898. goto err;
  2899. }
  2900. if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
  2901. goto err;
  2902. data->genctx = genctx;
  2903. data->keyname = NULL;
  2904. t->data = data;
  2905. t->err = NULL;
  2906. return 1;
  2907. err:
  2908. EVP_PKEY_CTX_free(genctx);
  2909. return 0;
  2910. }
  2911. static void keygen_test_cleanup(EVP_TEST *t)
  2912. {
  2913. KEYGEN_TEST_DATA *keygen = t->data;
  2914. EVP_PKEY_CTX_free(keygen->genctx);
  2915. OPENSSL_free(keygen->keyname);
  2916. OPENSSL_free(t->data);
  2917. t->data = NULL;
  2918. }
  2919. static int keygen_test_parse(EVP_TEST *t,
  2920. const char *keyword, const char *value)
  2921. {
  2922. KEYGEN_TEST_DATA *keygen = t->data;
  2923. if (strcmp(keyword, "KeyName") == 0)
  2924. return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
  2925. if (strcmp(keyword, "Ctrl") == 0)
  2926. return pkey_test_ctrl(t, keygen->genctx, value);
  2927. return 0;
  2928. }
  2929. static int keygen_test_run(EVP_TEST *t)
  2930. {
  2931. KEYGEN_TEST_DATA *keygen = t->data;
  2932. EVP_PKEY *pkey = NULL;
  2933. int rv = 1;
  2934. if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
  2935. t->err = "KEYGEN_GENERATE_ERROR";
  2936. goto err;
  2937. }
  2938. if (!evp_pkey_is_provided(pkey)) {
  2939. TEST_info("Warning: legacy key generated %s", keygen->keyname);
  2940. goto err;
  2941. }
  2942. if (keygen->keyname != NULL) {
  2943. KEY_LIST *key;
  2944. rv = 0;
  2945. if (find_key(NULL, keygen->keyname, private_keys)) {
  2946. TEST_info("Duplicate key %s", keygen->keyname);
  2947. goto err;
  2948. }
  2949. if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
  2950. goto err;
  2951. key->name = keygen->keyname;
  2952. keygen->keyname = NULL;
  2953. key->key = pkey;
  2954. key->next = private_keys;
  2955. private_keys = key;
  2956. rv = 1;
  2957. } else {
  2958. EVP_PKEY_free(pkey);
  2959. }
  2960. t->err = NULL;
  2961. err:
  2962. return rv;
  2963. }
  2964. static const EVP_TEST_METHOD keygen_test_method = {
  2965. "KeyGen",
  2966. keygen_test_init,
  2967. keygen_test_cleanup,
  2968. keygen_test_parse,
  2969. keygen_test_run,
  2970. };
  2971. /**
  2972. ** DIGEST SIGN+VERIFY TESTS
  2973. **/
  2974. typedef struct {
  2975. int is_verify; /* Set to 1 if verifying */
  2976. int is_oneshot; /* Set to 1 for one shot operation */
  2977. const EVP_MD *md; /* Digest to use */
  2978. EVP_MD_CTX *ctx; /* Digest context */
  2979. EVP_PKEY_CTX *pctx;
  2980. STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
  2981. unsigned char *osin; /* Input data if one shot */
  2982. size_t osin_len; /* Input length data if one shot */
  2983. unsigned char *output; /* Expected output */
  2984. size_t output_len; /* Expected output length */
  2985. const char *nonce_type;
  2986. } DIGESTSIGN_DATA;
  2987. static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
  2988. int is_oneshot)
  2989. {
  2990. const EVP_MD *md = NULL;
  2991. DIGESTSIGN_DATA *mdat;
  2992. if (strcmp(alg, "NULL") != 0) {
  2993. if (is_digest_disabled(alg)) {
  2994. t->skip = 1;
  2995. return 1;
  2996. }
  2997. md = EVP_get_digestbyname(alg);
  2998. if (md == NULL)
  2999. return 0;
  3000. }
  3001. if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
  3002. return 0;
  3003. mdat->md = md;
  3004. if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
  3005. OPENSSL_free(mdat);
  3006. return 0;
  3007. }
  3008. mdat->is_verify = is_verify;
  3009. mdat->is_oneshot = is_oneshot;
  3010. t->data = mdat;
  3011. return 1;
  3012. }
  3013. static int digestsign_test_init(EVP_TEST *t, const char *alg)
  3014. {
  3015. return digestsigver_test_init(t, alg, 0, 0);
  3016. }
  3017. static void digestsigver_test_cleanup(EVP_TEST *t)
  3018. {
  3019. DIGESTSIGN_DATA *mdata = t->data;
  3020. EVP_MD_CTX_free(mdata->ctx);
  3021. sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
  3022. OPENSSL_free(mdata->osin);
  3023. OPENSSL_free(mdata->output);
  3024. OPENSSL_free(mdata);
  3025. t->data = NULL;
  3026. }
  3027. static int digestsigver_test_parse(EVP_TEST *t,
  3028. const char *keyword, const char *value)
  3029. {
  3030. DIGESTSIGN_DATA *mdata = t->data;
  3031. if (strcmp(keyword, "Key") == 0) {
  3032. EVP_PKEY *pkey = NULL;
  3033. int rv = 0;
  3034. const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md);
  3035. if (mdata->is_verify)
  3036. rv = find_key(&pkey, value, public_keys);
  3037. if (rv == 0)
  3038. rv = find_key(&pkey, value, private_keys);
  3039. if (rv == 0 || pkey == NULL) {
  3040. t->skip = 1;
  3041. return 1;
  3042. }
  3043. if (mdata->is_verify) {
  3044. if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
  3045. NULL, pkey, NULL))
  3046. t->err = "DIGESTVERIFYINIT_ERROR";
  3047. return 1;
  3048. }
  3049. if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
  3050. pkey, NULL))
  3051. t->err = "DIGESTSIGNINIT_ERROR";
  3052. return 1;
  3053. }
  3054. if (strcmp(keyword, "Input") == 0) {
  3055. if (mdata->is_oneshot)
  3056. return parse_bin(value, &mdata->osin, &mdata->osin_len);
  3057. return evp_test_buffer_append(value, &mdata->input);
  3058. }
  3059. if (strcmp(keyword, "Output") == 0)
  3060. return parse_bin(value, &mdata->output, &mdata->output_len);
  3061. if (!mdata->is_oneshot) {
  3062. if (strcmp(keyword, "Count") == 0)
  3063. return evp_test_buffer_set_count(value, mdata->input);
  3064. if (strcmp(keyword, "Ncopy") == 0)
  3065. return evp_test_buffer_ncopy(value, mdata->input);
  3066. }
  3067. if (strcmp(keyword, "Ctrl") == 0) {
  3068. if (mdata->pctx == NULL)
  3069. return -1;
  3070. return pkey_test_ctrl(t, mdata->pctx, value);
  3071. }
  3072. if (strcmp(keyword, "NonceType") == 0) {
  3073. if (strcmp(value, "deterministic") == 0) {
  3074. OSSL_PARAM params[2];
  3075. unsigned int nonce_type = 1;
  3076. params[0] =
  3077. OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE,
  3078. &nonce_type);
  3079. params[1] = OSSL_PARAM_construct_end();
  3080. if (!EVP_PKEY_CTX_set_params(mdata->pctx, params))
  3081. t->err = "EVP_PKEY_CTX_set_params_ERROR";
  3082. else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params))
  3083. t->err = "EVP_PKEY_CTX_get_params_ERROR";
  3084. else if (!OSSL_PARAM_modified(&params[0]))
  3085. t->err = "nonce_type_not_modified_ERROR";
  3086. else if (nonce_type != 1)
  3087. t->err = "nonce_type_value_ERROR";
  3088. }
  3089. return 1;
  3090. }
  3091. return 0;
  3092. }
  3093. static int digestsign_update_fn(void *ctx, const unsigned char *buf,
  3094. size_t buflen)
  3095. {
  3096. return EVP_DigestSignUpdate(ctx, buf, buflen);
  3097. }
  3098. static int digestsign_test_run(EVP_TEST *t)
  3099. {
  3100. DIGESTSIGN_DATA *expected = t->data;
  3101. unsigned char *got = NULL;
  3102. size_t got_len;
  3103. if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
  3104. expected->ctx)) {
  3105. t->err = "DIGESTUPDATE_ERROR";
  3106. goto err;
  3107. }
  3108. if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
  3109. t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
  3110. goto err;
  3111. }
  3112. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  3113. t->err = "MALLOC_FAILURE";
  3114. goto err;
  3115. }
  3116. got_len *= 2;
  3117. if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
  3118. t->err = "DIGESTSIGNFINAL_ERROR";
  3119. goto err;
  3120. }
  3121. if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
  3122. expected->output, expected->output_len,
  3123. got, got_len))
  3124. goto err;
  3125. t->err = NULL;
  3126. err:
  3127. OPENSSL_free(got);
  3128. return 1;
  3129. }
  3130. static const EVP_TEST_METHOD digestsign_test_method = {
  3131. "DigestSign",
  3132. digestsign_test_init,
  3133. digestsigver_test_cleanup,
  3134. digestsigver_test_parse,
  3135. digestsign_test_run
  3136. };
  3137. static int digestverify_test_init(EVP_TEST *t, const char *alg)
  3138. {
  3139. return digestsigver_test_init(t, alg, 1, 0);
  3140. }
  3141. static int digestverify_update_fn(void *ctx, const unsigned char *buf,
  3142. size_t buflen)
  3143. {
  3144. return EVP_DigestVerifyUpdate(ctx, buf, buflen);
  3145. }
  3146. static int digestverify_test_run(EVP_TEST *t)
  3147. {
  3148. DIGESTSIGN_DATA *mdata = t->data;
  3149. if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
  3150. t->err = "DIGESTUPDATE_ERROR";
  3151. return 1;
  3152. }
  3153. if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
  3154. mdata->output_len) <= 0)
  3155. t->err = "VERIFY_ERROR";
  3156. return 1;
  3157. }
  3158. static const EVP_TEST_METHOD digestverify_test_method = {
  3159. "DigestVerify",
  3160. digestverify_test_init,
  3161. digestsigver_test_cleanup,
  3162. digestsigver_test_parse,
  3163. digestverify_test_run
  3164. };
  3165. static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
  3166. {
  3167. return digestsigver_test_init(t, alg, 0, 1);
  3168. }
  3169. static int oneshot_digestsign_test_run(EVP_TEST *t)
  3170. {
  3171. DIGESTSIGN_DATA *expected = t->data;
  3172. unsigned char *got = NULL;
  3173. size_t got_len;
  3174. if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
  3175. expected->osin, expected->osin_len)) {
  3176. t->err = "DIGESTSIGN_LENGTH_ERROR";
  3177. goto err;
  3178. }
  3179. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  3180. t->err = "MALLOC_FAILURE";
  3181. goto err;
  3182. }
  3183. got_len *= 2;
  3184. if (!EVP_DigestSign(expected->ctx, got, &got_len,
  3185. expected->osin, expected->osin_len)) {
  3186. t->err = "DIGESTSIGN_ERROR";
  3187. goto err;
  3188. }
  3189. if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
  3190. expected->output, expected->output_len,
  3191. got, got_len))
  3192. goto err;
  3193. t->err = NULL;
  3194. err:
  3195. OPENSSL_free(got);
  3196. return 1;
  3197. }
  3198. static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
  3199. "OneShotDigestSign",
  3200. oneshot_digestsign_test_init,
  3201. digestsigver_test_cleanup,
  3202. digestsigver_test_parse,
  3203. oneshot_digestsign_test_run
  3204. };
  3205. static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
  3206. {
  3207. return digestsigver_test_init(t, alg, 1, 1);
  3208. }
  3209. static int oneshot_digestverify_test_run(EVP_TEST *t)
  3210. {
  3211. DIGESTSIGN_DATA *mdata = t->data;
  3212. if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
  3213. mdata->osin, mdata->osin_len) <= 0)
  3214. t->err = "VERIFY_ERROR";
  3215. return 1;
  3216. }
  3217. static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
  3218. "OneShotDigestVerify",
  3219. oneshot_digestverify_test_init,
  3220. digestsigver_test_cleanup,
  3221. digestsigver_test_parse,
  3222. oneshot_digestverify_test_run
  3223. };
  3224. /**
  3225. ** PARSING AND DISPATCH
  3226. **/
  3227. static const EVP_TEST_METHOD *evp_test_list[] = {
  3228. &rand_test_method,
  3229. &cipher_test_method,
  3230. &digest_test_method,
  3231. &digestsign_test_method,
  3232. &digestverify_test_method,
  3233. &encode_test_method,
  3234. &kdf_test_method,
  3235. &pkey_kdf_test_method,
  3236. &keypair_test_method,
  3237. &keygen_test_method,
  3238. &mac_test_method,
  3239. &oneshot_digestsign_test_method,
  3240. &oneshot_digestverify_test_method,
  3241. &pbe_test_method,
  3242. &pdecrypt_test_method,
  3243. &pderive_test_method,
  3244. &psign_test_method,
  3245. &pverify_recover_test_method,
  3246. &pverify_test_method,
  3247. NULL
  3248. };
  3249. static const EVP_TEST_METHOD *find_test(const char *name)
  3250. {
  3251. const EVP_TEST_METHOD **tt;
  3252. for (tt = evp_test_list; *tt; tt++) {
  3253. if (strcmp(name, (*tt)->name) == 0)
  3254. return *tt;
  3255. }
  3256. return NULL;
  3257. }
  3258. static void clear_test(EVP_TEST *t)
  3259. {
  3260. test_clearstanza(&t->s);
  3261. ERR_clear_error();
  3262. if (t->data != NULL) {
  3263. if (t->meth != NULL)
  3264. t->meth->cleanup(t);
  3265. OPENSSL_free(t->data);
  3266. t->data = NULL;
  3267. }
  3268. OPENSSL_free(t->expected_err);
  3269. t->expected_err = NULL;
  3270. OPENSSL_free(t->reason);
  3271. t->reason = NULL;
  3272. /* Text literal. */
  3273. t->err = NULL;
  3274. t->skip = 0;
  3275. t->meth = NULL;
  3276. #if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
  3277. OSSL_set_max_threads(libctx, 0);
  3278. #endif
  3279. }
  3280. /* Check for errors in the test structure; return 1 if okay, else 0. */
  3281. static int check_test_error(EVP_TEST *t)
  3282. {
  3283. unsigned long err;
  3284. const char *reason;
  3285. if (t->err == NULL && t->expected_err == NULL)
  3286. return 1;
  3287. if (t->err != NULL && t->expected_err == NULL) {
  3288. if (t->aux_err != NULL) {
  3289. TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
  3290. t->s.test_file, t->s.start, t->aux_err, t->err);
  3291. } else {
  3292. TEST_info("%s:%d: Source of above error; unexpected error %s",
  3293. t->s.test_file, t->s.start, t->err);
  3294. }
  3295. return 0;
  3296. }
  3297. if (t->err == NULL && t->expected_err != NULL) {
  3298. TEST_info("%s:%d: Succeeded but was expecting %s",
  3299. t->s.test_file, t->s.start, t->expected_err);
  3300. return 0;
  3301. }
  3302. if (strcmp(t->err, t->expected_err) != 0) {
  3303. TEST_info("%s:%d: Expected %s got %s",
  3304. t->s.test_file, t->s.start, t->expected_err, t->err);
  3305. return 0;
  3306. }
  3307. if (t->reason == NULL)
  3308. return 1;
  3309. if (t->reason == NULL) {
  3310. TEST_info("%s:%d: Test is missing function or reason code",
  3311. t->s.test_file, t->s.start);
  3312. return 0;
  3313. }
  3314. err = ERR_peek_error();
  3315. if (err == 0) {
  3316. TEST_info("%s:%d: Expected error \"%s\" not set",
  3317. t->s.test_file, t->s.start, t->reason);
  3318. return 0;
  3319. }
  3320. reason = ERR_reason_error_string(err);
  3321. if (reason == NULL) {
  3322. TEST_info("%s:%d: Expected error \"%s\", no strings available."
  3323. " Assuming ok.",
  3324. t->s.test_file, t->s.start, t->reason);
  3325. return 1;
  3326. }
  3327. if (strcmp(reason, t->reason) == 0)
  3328. return 1;
  3329. TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
  3330. t->s.test_file, t->s.start, t->reason, reason);
  3331. return 0;
  3332. }
  3333. /* Run a parsed test. Log a message and return 0 on error. */
  3334. static int run_test(EVP_TEST *t)
  3335. {
  3336. if (t->meth == NULL)
  3337. return 1;
  3338. t->s.numtests++;
  3339. if (t->skip) {
  3340. t->s.numskip++;
  3341. } else {
  3342. /* run the test */
  3343. if (t->err == NULL && t->meth->run_test(t) != 1) {
  3344. TEST_info("%s:%d %s error",
  3345. t->s.test_file, t->s.start, t->meth->name);
  3346. return 0;
  3347. }
  3348. if (!check_test_error(t)) {
  3349. TEST_openssl_errors();
  3350. t->s.errors++;
  3351. }
  3352. }
  3353. /* clean it up */
  3354. return 1;
  3355. }
  3356. static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
  3357. {
  3358. for (; lst != NULL; lst = lst->next) {
  3359. if (strcmp(lst->name, name) == 0) {
  3360. if (ppk != NULL)
  3361. *ppk = lst->key;
  3362. return 1;
  3363. }
  3364. }
  3365. return 0;
  3366. }
  3367. static void free_key_list(KEY_LIST *lst)
  3368. {
  3369. while (lst != NULL) {
  3370. KEY_LIST *next = lst->next;
  3371. EVP_PKEY_free(lst->key);
  3372. OPENSSL_free(lst->name);
  3373. OPENSSL_free(lst);
  3374. lst = next;
  3375. }
  3376. }
  3377. /*
  3378. * Is the key type an unsupported algorithm?
  3379. */
  3380. static int key_unsupported(void)
  3381. {
  3382. long err = ERR_peek_last_error();
  3383. int lib = ERR_GET_LIB(err);
  3384. long reason = ERR_GET_REASON(err);
  3385. if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
  3386. || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
  3387. || reason == ERR_R_UNSUPPORTED) {
  3388. ERR_clear_error();
  3389. return 1;
  3390. }
  3391. #ifndef OPENSSL_NO_EC
  3392. /*
  3393. * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
  3394. * hint to an unsupported algorithm/curve (e.g. if binary EC support is
  3395. * disabled).
  3396. */
  3397. if (lib == ERR_LIB_EC
  3398. && (reason == EC_R_UNKNOWN_GROUP
  3399. || reason == EC_R_INVALID_CURVE)) {
  3400. ERR_clear_error();
  3401. return 1;
  3402. }
  3403. #endif /* OPENSSL_NO_EC */
  3404. return 0;
  3405. }
  3406. /* NULL out the value from |pp| but return it. This "steals" a pointer. */
  3407. static char *take_value(PAIR *pp)
  3408. {
  3409. char *p = pp->value;
  3410. pp->value = NULL;
  3411. return p;
  3412. }
  3413. #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
  3414. static int securitycheck_enabled(void)
  3415. {
  3416. static int enabled = -1;
  3417. if (enabled == -1) {
  3418. if (OSSL_PROVIDER_available(libctx, "fips")) {
  3419. OSSL_PARAM params[2];
  3420. OSSL_PROVIDER *prov = NULL;
  3421. int check = 1;
  3422. prov = OSSL_PROVIDER_load(libctx, "fips");
  3423. if (prov != NULL) {
  3424. params[0] =
  3425. OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
  3426. &check);
  3427. params[1] = OSSL_PARAM_construct_end();
  3428. OSSL_PROVIDER_get_params(prov, params);
  3429. OSSL_PROVIDER_unload(prov);
  3430. }
  3431. enabled = check;
  3432. return enabled;
  3433. }
  3434. enabled = 0;
  3435. }
  3436. return enabled;
  3437. }
  3438. #endif
  3439. /*
  3440. * Return 1 if one of the providers named in the string is available.
  3441. * The provider names are separated with whitespace.
  3442. * NOTE: destructive function, it inserts '\0' after each provider name.
  3443. */
  3444. static int prov_available(char *providers)
  3445. {
  3446. char *p;
  3447. int more = 1;
  3448. while (more) {
  3449. for (; isspace((unsigned char)(*providers)); providers++)
  3450. continue;
  3451. if (*providers == '\0')
  3452. break; /* End of the road */
  3453. for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++)
  3454. continue;
  3455. if (*p == '\0')
  3456. more = 0;
  3457. else
  3458. *p = '\0';
  3459. if (OSSL_PROVIDER_available(libctx, providers))
  3460. return 1; /* Found one */
  3461. }
  3462. return 0;
  3463. }
  3464. /* Read and parse one test. Return 0 if failure, 1 if okay. */
  3465. static int parse(EVP_TEST *t)
  3466. {
  3467. KEY_LIST *key, **klist;
  3468. EVP_PKEY *pkey;
  3469. PAIR *pp;
  3470. int i, j, skipped = 0;
  3471. top:
  3472. do {
  3473. if (BIO_eof(t->s.fp))
  3474. return EOF;
  3475. clear_test(t);
  3476. if (!test_readstanza(&t->s))
  3477. return 0;
  3478. } while (t->s.numpairs == 0);
  3479. pp = &t->s.pairs[0];
  3480. /* Are we adding a key? */
  3481. klist = NULL;
  3482. pkey = NULL;
  3483. start:
  3484. if (strcmp(pp->key, "PrivateKey") == 0) {
  3485. pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
  3486. if (pkey == NULL && !key_unsupported()) {
  3487. EVP_PKEY_free(pkey);
  3488. TEST_info("Can't read private key %s", pp->value);
  3489. TEST_openssl_errors();
  3490. return 0;
  3491. }
  3492. klist = &private_keys;
  3493. } else if (strcmp(pp->key, "PublicKey") == 0) {
  3494. pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
  3495. if (pkey == NULL && !key_unsupported()) {
  3496. EVP_PKEY_free(pkey);
  3497. TEST_info("Can't read public key %s", pp->value);
  3498. TEST_openssl_errors();
  3499. return 0;
  3500. }
  3501. klist = &public_keys;
  3502. } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
  3503. || strcmp(pp->key, "PublicKeyRaw") == 0) {
  3504. char *strnid = NULL, *keydata = NULL;
  3505. unsigned char *keybin;
  3506. size_t keylen;
  3507. int nid;
  3508. if (strcmp(pp->key, "PrivateKeyRaw") == 0)
  3509. klist = &private_keys;
  3510. else
  3511. klist = &public_keys;
  3512. strnid = strchr(pp->value, ':');
  3513. if (strnid != NULL) {
  3514. *strnid++ = '\0';
  3515. keydata = strchr(strnid, ':');
  3516. if (keydata != NULL)
  3517. *keydata++ = '\0';
  3518. }
  3519. if (keydata == NULL) {
  3520. TEST_info("Failed to parse %s value", pp->key);
  3521. return 0;
  3522. }
  3523. nid = OBJ_txt2nid(strnid);
  3524. if (nid == NID_undef) {
  3525. TEST_info("Unrecognised algorithm NID");
  3526. return 0;
  3527. }
  3528. if (!parse_bin(keydata, &keybin, &keylen)) {
  3529. TEST_info("Failed to create binary key");
  3530. return 0;
  3531. }
  3532. if (klist == &private_keys)
  3533. pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
  3534. keylen);
  3535. else
  3536. pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
  3537. keylen);
  3538. if (pkey == NULL && !key_unsupported()) {
  3539. TEST_info("Can't read %s data", pp->key);
  3540. OPENSSL_free(keybin);
  3541. TEST_openssl_errors();
  3542. return 0;
  3543. }
  3544. OPENSSL_free(keybin);
  3545. } else if (strcmp(pp->key, "Availablein") == 0) {
  3546. if (!prov_available(pp->value)) {
  3547. TEST_info("skipping, '%s' provider not available: %s:%d",
  3548. pp->value, t->s.test_file, t->s.start);
  3549. t->skip = 1;
  3550. return 0;
  3551. }
  3552. skipped++;
  3553. pp++;
  3554. goto start;
  3555. } else if (strcmp(pp->key, "FIPSversion") == 0) {
  3556. if (prov_available("fips")) {
  3557. j = fips_provider_version_match(libctx, pp->value);
  3558. if (j < 0) {
  3559. TEST_info("Line %d: error matching FIPS versions\n", t->s.curr);
  3560. return 0;
  3561. } else if (j == 0) {
  3562. TEST_info("skipping, FIPS provider incompatible version: %s:%d",
  3563. t->s.test_file, t->s.start);
  3564. t->skip = 1;
  3565. return 0;
  3566. }
  3567. }
  3568. skipped++;
  3569. pp++;
  3570. goto start;
  3571. }
  3572. /* If we have a key add to list */
  3573. if (klist != NULL) {
  3574. if (find_key(NULL, pp->value, *klist)) {
  3575. TEST_info("Duplicate key %s", pp->value);
  3576. return 0;
  3577. }
  3578. if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
  3579. return 0;
  3580. key->name = take_value(pp);
  3581. key->key = pkey;
  3582. key->next = *klist;
  3583. *klist = key;
  3584. /* Go back and start a new stanza. */
  3585. if ((t->s.numpairs - skipped) != 1)
  3586. TEST_info("Line %d: missing blank line\n", t->s.curr);
  3587. goto top;
  3588. }
  3589. /* Find the test, based on first keyword. */
  3590. if (!TEST_ptr(t->meth = find_test(pp->key)))
  3591. return 0;
  3592. if (!t->meth->init(t, pp->value)) {
  3593. TEST_error("unknown %s: %s\n", pp->key, pp->value);
  3594. return 0;
  3595. }
  3596. if (t->skip == 1) {
  3597. /* TEST_info("skipping %s %s", pp->key, pp->value); */
  3598. return 0;
  3599. }
  3600. for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) {
  3601. if (strcmp(pp->key, "Securitycheck") == 0) {
  3602. #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
  3603. #else
  3604. if (!securitycheck_enabled())
  3605. #endif
  3606. {
  3607. TEST_info("skipping, Securitycheck is disabled: %s:%d",
  3608. t->s.test_file, t->s.start);
  3609. t->skip = 1;
  3610. return 0;
  3611. }
  3612. } else if (strcmp(pp->key, "Availablein") == 0) {
  3613. TEST_info("Line %d: 'Availablein' should be the first option",
  3614. t->s.curr);
  3615. return 0;
  3616. } else if (strcmp(pp->key, "Result") == 0) {
  3617. if (t->expected_err != NULL) {
  3618. TEST_info("Line %d: multiple result lines", t->s.curr);
  3619. return 0;
  3620. }
  3621. t->expected_err = take_value(pp);
  3622. } else if (strcmp(pp->key, "Function") == 0) {
  3623. /* Ignore old line. */
  3624. } else if (strcmp(pp->key, "Reason") == 0) {
  3625. if (t->reason != NULL) {
  3626. TEST_info("Line %d: multiple reason lines", t->s.curr);
  3627. return 0;
  3628. }
  3629. t->reason = take_value(pp);
  3630. } else if (strcmp(pp->key, "Threads") == 0) {
  3631. if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) {
  3632. TEST_info("skipping, '%s' threads not available: %s:%d",
  3633. pp->value, t->s.test_file, t->s.start);
  3634. t->skip = 1;
  3635. }
  3636. } else {
  3637. /* Must be test specific line: try to parse it */
  3638. int rv = t->meth->parse(t, pp->key, pp->value);
  3639. if (rv == 0) {
  3640. TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
  3641. return 0;
  3642. }
  3643. if (rv < 0) {
  3644. TEST_info("Line %d: error processing keyword %s = %s\n",
  3645. t->s.curr, pp->key, pp->value);
  3646. return 0;
  3647. }
  3648. if (t->skip)
  3649. return 0;
  3650. }
  3651. }
  3652. return 1;
  3653. }
  3654. static int run_file_tests(int i)
  3655. {
  3656. EVP_TEST *t;
  3657. const char *testfile = test_get_argument(i);
  3658. int c;
  3659. if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
  3660. return 0;
  3661. if (!test_start_file(&t->s, testfile)) {
  3662. OPENSSL_free(t);
  3663. return 0;
  3664. }
  3665. while (!BIO_eof(t->s.fp)) {
  3666. c = parse(t);
  3667. if (t->skip) {
  3668. t->s.numskip++;
  3669. continue;
  3670. }
  3671. if (c == 0 || !run_test(t)) {
  3672. t->s.errors++;
  3673. break;
  3674. }
  3675. }
  3676. test_end_file(&t->s);
  3677. clear_test(t);
  3678. free_key_list(public_keys);
  3679. free_key_list(private_keys);
  3680. BIO_free(t->s.key);
  3681. c = t->s.errors;
  3682. OPENSSL_free(t);
  3683. return c == 0;
  3684. }
  3685. const OPTIONS *test_get_options(void)
  3686. {
  3687. static const OPTIONS test_options[] = {
  3688. OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
  3689. { "config", OPT_CONFIG_FILE, '<',
  3690. "The configuration file to use for the libctx" },
  3691. { "process", OPT_IN_PLACE, 's',
  3692. "Mode for data processing by cipher tests [in_place/both], both by default"},
  3693. { "provider", OPT_PROVIDER_NAME, 's',
  3694. "The provider to load (when no configuration file, the default value is 'default')" },
  3695. { "propquery", OPT_PROV_PROPQUERY, 's',
  3696. "Property query used when fetching algorithms" },
  3697. { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
  3698. { NULL }
  3699. };
  3700. return test_options;
  3701. }
  3702. int setup_tests(void)
  3703. {
  3704. size_t n;
  3705. char *config_file = NULL;
  3706. char *provider_name = NULL;
  3707. OPTION_CHOICE o;
  3708. while ((o = opt_next()) != OPT_EOF) {
  3709. switch (o) {
  3710. case OPT_CONFIG_FILE:
  3711. config_file = opt_arg();
  3712. break;
  3713. case OPT_IN_PLACE:
  3714. if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1)
  3715. return 0;
  3716. break;
  3717. case OPT_PROVIDER_NAME:
  3718. provider_name = opt_arg();
  3719. break;
  3720. case OPT_PROV_PROPQUERY:
  3721. propquery = opt_arg();
  3722. break;
  3723. case OPT_TEST_CASES:
  3724. break;
  3725. default:
  3726. case OPT_ERR:
  3727. return 0;
  3728. }
  3729. }
  3730. /*
  3731. * Load the provider via configuration into the created library context.
  3732. * Load the 'null' provider into the default library context to ensure that
  3733. * the tests do not fallback to using the default provider.
  3734. */
  3735. if (config_file == NULL && provider_name == NULL)
  3736. provider_name = "default";
  3737. if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name))
  3738. return 0;
  3739. n = test_get_argument_count();
  3740. if (n == 0)
  3741. return 0;
  3742. ADD_ALL_TESTS(run_file_tests, n);
  3743. return 1;
  3744. }
  3745. void cleanup_tests(void)
  3746. {
  3747. OSSL_PROVIDER_unload(libprov);
  3748. OSSL_PROVIDER_unload(prov_null);
  3749. OSSL_LIB_CTX_free(libctx);
  3750. }
  3751. static int is_digest_disabled(const char *name)
  3752. {
  3753. #ifdef OPENSSL_NO_BLAKE2
  3754. if (HAS_CASE_PREFIX(name, "BLAKE"))
  3755. return 1;
  3756. #endif
  3757. #ifdef OPENSSL_NO_MD2
  3758. if (OPENSSL_strcasecmp(name, "MD2") == 0)
  3759. return 1;
  3760. #endif
  3761. #ifdef OPENSSL_NO_MDC2
  3762. if (OPENSSL_strcasecmp(name, "MDC2") == 0)
  3763. return 1;
  3764. #endif
  3765. #ifdef OPENSSL_NO_MD4
  3766. if (OPENSSL_strcasecmp(name, "MD4") == 0)
  3767. return 1;
  3768. #endif
  3769. #ifdef OPENSSL_NO_MD5
  3770. if (OPENSSL_strcasecmp(name, "MD5") == 0)
  3771. return 1;
  3772. #endif
  3773. #ifdef OPENSSL_NO_RMD160
  3774. if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
  3775. return 1;
  3776. #endif
  3777. #ifdef OPENSSL_NO_SM3
  3778. if (OPENSSL_strcasecmp(name, "SM3") == 0)
  3779. return 1;
  3780. #endif
  3781. #ifdef OPENSSL_NO_WHIRLPOOL
  3782. if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
  3783. return 1;
  3784. #endif
  3785. return 0;
  3786. }
  3787. static int is_pkey_disabled(const char *name)
  3788. {
  3789. #ifdef OPENSSL_NO_EC
  3790. if (HAS_CASE_PREFIX(name, "EC"))
  3791. return 1;
  3792. #endif
  3793. #ifdef OPENSSL_NO_DH
  3794. if (HAS_CASE_PREFIX(name, "DH"))
  3795. return 1;
  3796. #endif
  3797. #ifdef OPENSSL_NO_DSA
  3798. if (HAS_CASE_PREFIX(name, "DSA"))
  3799. return 1;
  3800. #endif
  3801. return 0;
  3802. }
  3803. static int is_mac_disabled(const char *name)
  3804. {
  3805. #ifdef OPENSSL_NO_BLAKE2
  3806. if (HAS_CASE_PREFIX(name, "BLAKE2BMAC")
  3807. || HAS_CASE_PREFIX(name, "BLAKE2SMAC"))
  3808. return 1;
  3809. #endif
  3810. #ifdef OPENSSL_NO_CMAC
  3811. if (HAS_CASE_PREFIX(name, "CMAC"))
  3812. return 1;
  3813. #endif
  3814. #ifdef OPENSSL_NO_POLY1305
  3815. if (HAS_CASE_PREFIX(name, "Poly1305"))
  3816. return 1;
  3817. #endif
  3818. #ifdef OPENSSL_NO_SIPHASH
  3819. if (HAS_CASE_PREFIX(name, "SipHash"))
  3820. return 1;
  3821. #endif
  3822. return 0;
  3823. }
  3824. static int is_kdf_disabled(const char *name)
  3825. {
  3826. #ifdef OPENSSL_NO_SCRYPT
  3827. if (HAS_CASE_SUFFIX(name, "SCRYPT"))
  3828. return 1;
  3829. #endif
  3830. #ifdef OPENSSL_NO_ARGON2
  3831. if (HAS_CASE_SUFFIX(name, "ARGON2"))
  3832. return 1;
  3833. #endif
  3834. return 0;
  3835. }
  3836. static int is_cipher_disabled(const char *name)
  3837. {
  3838. #ifdef OPENSSL_NO_ARIA
  3839. if (HAS_CASE_PREFIX(name, "ARIA"))
  3840. return 1;
  3841. #endif
  3842. #ifdef OPENSSL_NO_BF
  3843. if (HAS_CASE_PREFIX(name, "BF"))
  3844. return 1;
  3845. #endif
  3846. #ifdef OPENSSL_NO_CAMELLIA
  3847. if (HAS_CASE_PREFIX(name, "CAMELLIA"))
  3848. return 1;
  3849. #endif
  3850. #ifdef OPENSSL_NO_CAST
  3851. if (HAS_CASE_PREFIX(name, "CAST"))
  3852. return 1;
  3853. #endif
  3854. #ifdef OPENSSL_NO_CHACHA
  3855. if (HAS_CASE_PREFIX(name, "CHACHA"))
  3856. return 1;
  3857. #endif
  3858. #ifdef OPENSSL_NO_POLY1305
  3859. if (HAS_CASE_SUFFIX(name, "Poly1305"))
  3860. return 1;
  3861. #endif
  3862. #ifdef OPENSSL_NO_DES
  3863. if (HAS_CASE_PREFIX(name, "DES"))
  3864. return 1;
  3865. if (HAS_CASE_SUFFIX(name, "3DESwrap"))
  3866. return 1;
  3867. #endif
  3868. #ifdef OPENSSL_NO_OCB
  3869. if (HAS_CASE_SUFFIX(name, "OCB"))
  3870. return 1;
  3871. #endif
  3872. #ifdef OPENSSL_NO_IDEA
  3873. if (HAS_CASE_PREFIX(name, "IDEA"))
  3874. return 1;
  3875. #endif
  3876. #ifdef OPENSSL_NO_RC2
  3877. if (HAS_CASE_PREFIX(name, "RC2"))
  3878. return 1;
  3879. #endif
  3880. #ifdef OPENSSL_NO_RC4
  3881. if (HAS_CASE_PREFIX(name, "RC4"))
  3882. return 1;
  3883. #endif
  3884. #ifdef OPENSSL_NO_RC5
  3885. if (HAS_CASE_PREFIX(name, "RC5"))
  3886. return 1;
  3887. #endif
  3888. #ifdef OPENSSL_NO_SEED
  3889. if (HAS_CASE_PREFIX(name, "SEED"))
  3890. return 1;
  3891. #endif
  3892. #ifdef OPENSSL_NO_SIV
  3893. if (HAS_CASE_SUFFIX(name, "SIV"))
  3894. return 1;
  3895. #endif
  3896. #ifdef OPENSSL_NO_SM4
  3897. if (HAS_CASE_PREFIX(name, "SM4"))
  3898. return 1;
  3899. #endif
  3900. return 0;
  3901. }