evp_test.c 127 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379
  1. /*
  2. * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
  10. #include <stdio.h>
  11. #include <string.h>
  12. #include <stdlib.h>
  13. #include <ctype.h>
  14. #include <openssl/evp.h>
  15. #include <openssl/pem.h>
  16. #include <openssl/err.h>
  17. #include <openssl/provider.h>
  18. #include <openssl/x509v3.h>
  19. #include <openssl/pkcs12.h>
  20. #include <openssl/kdf.h>
  21. #include <openssl/params.h>
  22. #include <openssl/core_names.h>
  23. #include <openssl/fips_names.h>
  24. #include <openssl/thread.h>
  25. #include "internal/numbers.h"
  26. #include "internal/nelem.h"
  27. #include "crypto/evp.h"
  28. #include "testutil.h"
  29. typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
  30. DEFINE_STACK_OF(EVP_TEST_BUFFER)
  31. #define AAD_NUM 4
  32. typedef struct evp_test_method_st EVP_TEST_METHOD;
  33. /* Structure holding test information */
  34. typedef struct evp_test_st {
  35. STANZA s; /* Common test stanza */
  36. char *name;
  37. int skip; /* Current test should be skipped */
  38. const EVP_TEST_METHOD *meth; /* method for this test */
  39. const char *err, *aux_err; /* Error string for test */
  40. char *expected_err; /* Expected error value of test */
  41. char *reason; /* Expected error reason string */
  42. void *data; /* test specific data */
  43. } EVP_TEST;
  44. /* Test method structure */
  45. struct evp_test_method_st {
  46. /* Name of test as it appears in file */
  47. const char *name;
  48. /* Initialise test for "alg" */
  49. int (*init) (EVP_TEST *t, const char *alg);
  50. /* Clean up method */
  51. void (*cleanup) (EVP_TEST *t);
  52. /* Test specific name value pair processing */
  53. int (*parse) (EVP_TEST *t, const char *name, const char *value);
  54. /* Run the test itself */
  55. int (*run_test) (EVP_TEST *t);
  56. };
  57. /* Linked list of named keys. */
  58. typedef struct key_list_st {
  59. char *name;
  60. EVP_PKEY *key;
  61. struct key_list_st *next;
  62. } KEY_LIST;
  63. typedef enum OPTION_choice {
  64. OPT_ERR = -1,
  65. OPT_EOF = 0,
  66. OPT_CONFIG_FILE,
  67. OPT_IN_PLACE,
  68. OPT_PROVIDER_NAME,
  69. OPT_PROV_PROPQUERY,
  70. OPT_TEST_ENUM
  71. } OPTION_CHOICE;
  72. static OSSL_PROVIDER *prov_null = NULL;
  73. static OSSL_PROVIDER *libprov = NULL;
  74. static OSSL_LIB_CTX *libctx = NULL;
  75. /* List of public and private keys */
  76. static KEY_LIST *private_keys;
  77. static KEY_LIST *public_keys;
  78. static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
  79. static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
  80. static int is_digest_disabled(const char *name);
  81. static int is_pkey_disabled(const char *name);
  82. static int is_mac_disabled(const char *name);
  83. static int is_cipher_disabled(const char *name);
  84. static int is_kdf_disabled(const char *name);
  85. /*
  86. * Compare two memory regions for equality, returning zero if they differ.
  87. * However, if there is expected to be an error and the actual error
  88. * matches then the memory is expected to be different so handle this
  89. * case without producing unnecessary test framework output.
  90. */
  91. static int memory_err_compare(EVP_TEST *t, const char *err,
  92. const void *expected, size_t expected_len,
  93. const void *got, size_t got_len)
  94. {
  95. int r;
  96. if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
  97. r = !TEST_mem_ne(expected, expected_len, got, got_len);
  98. else
  99. r = TEST_mem_eq(expected, expected_len, got, got_len);
  100. if (!r)
  101. t->err = err;
  102. return r;
  103. }
  104. /* Option specific for evp test */
  105. static int process_mode_in_place;
  106. static const char *propquery = NULL;
  107. static int evp_test_process_mode(char *mode)
  108. {
  109. if (strcmp(mode, "in_place") == 0)
  110. return 1;
  111. else if (strcmp(mode, "both") == 0)
  112. return 0;
  113. return -1;
  114. }
  115. /*
  116. * Structure used to hold a list of blocks of memory to test
  117. * calls to "update" like functions.
  118. */
  119. struct evp_test_buffer_st {
  120. unsigned char *buf;
  121. size_t buflen;
  122. size_t count;
  123. int count_set;
  124. };
  125. static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
  126. {
  127. if (db != NULL) {
  128. OPENSSL_free(db->buf);
  129. OPENSSL_free(db);
  130. }
  131. }
  132. /* append buffer to a list */
  133. static int evp_test_buffer_append(const char *value,
  134. STACK_OF(EVP_TEST_BUFFER) **sk)
  135. {
  136. EVP_TEST_BUFFER *db = NULL;
  137. if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
  138. goto err;
  139. if (!parse_bin(value, &db->buf, &db->buflen))
  140. goto err;
  141. db->count = 1;
  142. db->count_set = 0;
  143. if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
  144. goto err;
  145. if (!sk_EVP_TEST_BUFFER_push(*sk, db))
  146. goto err;
  147. return 1;
  148. err:
  149. evp_test_buffer_free(db);
  150. return 0;
  151. }
  152. /* replace last buffer in list with copies of itself */
  153. static int evp_test_buffer_ncopy(const char *value,
  154. STACK_OF(EVP_TEST_BUFFER) *sk)
  155. {
  156. EVP_TEST_BUFFER *db;
  157. unsigned char *tbuf, *p;
  158. size_t tbuflen;
  159. int ncopy = atoi(value);
  160. int i;
  161. if (ncopy <= 0)
  162. return 0;
  163. if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
  164. return 0;
  165. db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
  166. tbuflen = db->buflen * ncopy;
  167. if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
  168. return 0;
  169. for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
  170. memcpy(p, db->buf, db->buflen);
  171. OPENSSL_free(db->buf);
  172. db->buf = tbuf;
  173. db->buflen = tbuflen;
  174. return 1;
  175. }
  176. /* set repeat count for last buffer in list */
  177. static int evp_test_buffer_set_count(const char *value,
  178. STACK_OF(EVP_TEST_BUFFER) *sk)
  179. {
  180. EVP_TEST_BUFFER *db;
  181. int count = atoi(value);
  182. if (count <= 0)
  183. return 0;
  184. if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
  185. return 0;
  186. db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
  187. if (db->count_set != 0)
  188. return 0;
  189. db->count = (size_t)count;
  190. db->count_set = 1;
  191. return 1;
  192. }
  193. /* call "fn" with each element of the list in turn */
  194. static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
  195. int (*fn)(void *ctx,
  196. const unsigned char *buf,
  197. size_t buflen),
  198. void *ctx)
  199. {
  200. int i;
  201. for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
  202. EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
  203. size_t j;
  204. for (j = 0; j < tb->count; j++) {
  205. if (fn(ctx, tb->buf, tb->buflen) <= 0)
  206. return 0;
  207. }
  208. }
  209. return 1;
  210. }
  211. /*
  212. * Unescape some sequences in string literals (only \n for now).
  213. * Return an allocated buffer, set |out_len|. If |input_len|
  214. * is zero, get an empty buffer but set length to zero.
  215. */
  216. static unsigned char* unescape(const char *input, size_t input_len,
  217. size_t *out_len)
  218. {
  219. unsigned char *ret, *p;
  220. size_t i;
  221. if (input_len == 0) {
  222. *out_len = 0;
  223. return OPENSSL_zalloc(1);
  224. }
  225. /* Escaping is non-expanding; over-allocate original size for simplicity. */
  226. if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
  227. return NULL;
  228. for (i = 0; i < input_len; i++) {
  229. if (*input == '\\') {
  230. if (i == input_len - 1 || *++input != 'n') {
  231. TEST_error("Bad escape sequence in file");
  232. goto err;
  233. }
  234. *p++ = '\n';
  235. i++;
  236. input++;
  237. } else {
  238. *p++ = *input++;
  239. }
  240. }
  241. *out_len = p - ret;
  242. return ret;
  243. err:
  244. OPENSSL_free(ret);
  245. return NULL;
  246. }
  247. /*
  248. * For a hex string "value" convert to a binary allocated buffer.
  249. * Return 1 on success or 0 on failure.
  250. */
  251. static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
  252. {
  253. long len;
  254. /* Check for NULL literal */
  255. if (strcmp(value, "NULL") == 0) {
  256. *buf = NULL;
  257. *buflen = 0;
  258. return 1;
  259. }
  260. /* Check for empty value */
  261. if (*value == '\0') {
  262. /*
  263. * Don't return NULL for zero length buffer. This is needed for
  264. * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
  265. * buffer even if the key length is 0, in order to detect key reset.
  266. */
  267. *buf = OPENSSL_malloc(1);
  268. if (*buf == NULL)
  269. return 0;
  270. **buf = 0;
  271. *buflen = 0;
  272. return 1;
  273. }
  274. /* Check for string literal */
  275. if (value[0] == '"') {
  276. size_t vlen = strlen(++value);
  277. if (vlen == 0 || value[vlen - 1] != '"')
  278. return 0;
  279. vlen--;
  280. *buf = unescape(value, vlen, buflen);
  281. return *buf == NULL ? 0 : 1;
  282. }
  283. /* Otherwise assume as hex literal and convert it to binary buffer */
  284. if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
  285. TEST_info("Can't convert %s", value);
  286. TEST_openssl_errors();
  287. return -1;
  288. }
  289. /* Size of input buffer means we'll never overflow */
  290. *buflen = len;
  291. return 1;
  292. }
  293. /**
  294. ** MESSAGE DIGEST TESTS
  295. **/
  296. typedef struct digest_data_st {
  297. /* Digest this test is for */
  298. const EVP_MD *digest;
  299. EVP_MD *fetched_digest;
  300. /* Input to digest */
  301. STACK_OF(EVP_TEST_BUFFER) *input;
  302. /* Expected output */
  303. unsigned char *output;
  304. size_t output_len;
  305. /* Padding type */
  306. int pad_type;
  307. /* XOF mode? */
  308. int xof;
  309. /* Size for variable output length but non-XOF */
  310. size_t digest_size;
  311. } DIGEST_DATA;
  312. static int digest_test_init(EVP_TEST *t, const char *alg)
  313. {
  314. DIGEST_DATA *mdat;
  315. const EVP_MD *digest;
  316. EVP_MD *fetched_digest;
  317. if (is_digest_disabled(alg)) {
  318. TEST_info("skipping, '%s' is disabled", alg);
  319. t->skip = 1;
  320. return 1;
  321. }
  322. if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
  323. && (digest = EVP_get_digestbyname(alg)) == NULL)
  324. return 0;
  325. if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
  326. return 0;
  327. t->data = mdat;
  328. mdat->digest = digest;
  329. mdat->fetched_digest = fetched_digest;
  330. mdat->pad_type = 0;
  331. mdat->xof = 0;
  332. if (fetched_digest != NULL)
  333. TEST_info("%s is fetched", alg);
  334. return 1;
  335. }
  336. static void digest_test_cleanup(EVP_TEST *t)
  337. {
  338. DIGEST_DATA *mdat = t->data;
  339. sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
  340. OPENSSL_free(mdat->output);
  341. EVP_MD_free(mdat->fetched_digest);
  342. }
  343. static int digest_test_parse(EVP_TEST *t,
  344. const char *keyword, const char *value)
  345. {
  346. DIGEST_DATA *mdata = t->data;
  347. if (strcmp(keyword, "Input") == 0)
  348. return evp_test_buffer_append(value, &mdata->input);
  349. if (strcmp(keyword, "Output") == 0)
  350. return parse_bin(value, &mdata->output, &mdata->output_len);
  351. if (strcmp(keyword, "Count") == 0)
  352. return evp_test_buffer_set_count(value, mdata->input);
  353. if (strcmp(keyword, "Ncopy") == 0)
  354. return evp_test_buffer_ncopy(value, mdata->input);
  355. if (strcmp(keyword, "Padding") == 0)
  356. return (mdata->pad_type = atoi(value)) > 0;
  357. if (strcmp(keyword, "XOF") == 0)
  358. return (mdata->xof = atoi(value)) > 0;
  359. if (strcmp(keyword, "OutputSize") == 0) {
  360. int sz;
  361. sz = atoi(value);
  362. if (sz < 0)
  363. return -1;
  364. mdata->digest_size = sz;
  365. return 1;
  366. }
  367. return 0;
  368. }
  369. static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
  370. {
  371. return EVP_DigestUpdate(ctx, buf, buflen);
  372. }
  373. static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx)
  374. {
  375. char dont[] = "touch";
  376. if (!TEST_ptr(mctx))
  377. return 0;
  378. if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) {
  379. EVP_MD_CTX_free(mctx);
  380. t->err = "DIGESTFINALXOF_ERROR";
  381. return 0;
  382. }
  383. if (!TEST_str_eq(dont, "touch")) {
  384. EVP_MD_CTX_free(mctx);
  385. t->err = "DIGESTFINALXOF_ERROR";
  386. return 0;
  387. }
  388. EVP_MD_CTX_free(mctx);
  389. return 1;
  390. }
  391. static int digest_test_run(EVP_TEST *t)
  392. {
  393. DIGEST_DATA *expected = t->data;
  394. EVP_TEST_BUFFER *inbuf;
  395. EVP_MD_CTX *mctx;
  396. unsigned char *got = NULL;
  397. unsigned int got_len;
  398. size_t size = 0;
  399. int xof = 0;
  400. OSSL_PARAM params[4], *p = &params[0];
  401. t->err = "TEST_FAILURE";
  402. if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
  403. goto err;
  404. got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
  405. expected->output_len : EVP_MAX_MD_SIZE);
  406. if (!TEST_ptr(got))
  407. goto err;
  408. if (expected->xof > 0) {
  409. xof |= 1;
  410. *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
  411. &expected->output_len);
  412. }
  413. if (expected->digest_size > 0) {
  414. *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE,
  415. &expected->digest_size);
  416. }
  417. if (expected->pad_type > 0)
  418. *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
  419. &expected->pad_type);
  420. *p++ = OSSL_PARAM_construct_end();
  421. if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) {
  422. t->err = "DIGESTINIT_ERROR";
  423. goto err;
  424. }
  425. if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
  426. t->err = "DIGESTUPDATE_ERROR";
  427. goto err;
  428. }
  429. xof |= (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0;
  430. if (xof) {
  431. EVP_MD_CTX *mctx_cpy;
  432. if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
  433. goto err;
  434. }
  435. if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) {
  436. EVP_MD_CTX_free(mctx_cpy);
  437. goto err;
  438. } else if (!test_duplicate_md_ctx(t, mctx_cpy)) {
  439. goto err;
  440. }
  441. if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx)))
  442. goto err;
  443. got_len = expected->output_len;
  444. if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
  445. t->err = "DIGESTFINALXOF_ERROR";
  446. goto err;
  447. }
  448. } else {
  449. if (!EVP_DigestFinal(mctx, got, &got_len)) {
  450. t->err = "DIGESTFINAL_ERROR";
  451. goto err;
  452. }
  453. }
  454. if (!TEST_int_eq(expected->output_len, got_len)) {
  455. t->err = "DIGEST_LENGTH_MISMATCH";
  456. goto err;
  457. }
  458. if (!memory_err_compare(t, "DIGEST_MISMATCH",
  459. expected->output, expected->output_len,
  460. got, got_len))
  461. goto err;
  462. t->err = NULL;
  463. /* Test the EVP_Q_digest interface as well */
  464. if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
  465. && !xof
  466. /* This should never fail but we need the returned pointer now */
  467. && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
  468. && !inbuf->count_set) {
  469. OPENSSL_cleanse(got, got_len);
  470. if (!TEST_true(EVP_Q_digest(libctx,
  471. EVP_MD_get0_name(expected->fetched_digest),
  472. NULL, inbuf->buf, inbuf->buflen,
  473. got, &size))
  474. || !TEST_mem_eq(got, size,
  475. expected->output, expected->output_len)) {
  476. t->err = "EVP_Q_digest failed";
  477. goto err;
  478. }
  479. }
  480. err:
  481. OPENSSL_free(got);
  482. EVP_MD_CTX_free(mctx);
  483. return 1;
  484. }
  485. static const EVP_TEST_METHOD digest_test_method = {
  486. "Digest",
  487. digest_test_init,
  488. digest_test_cleanup,
  489. digest_test_parse,
  490. digest_test_run
  491. };
  492. /**
  493. *** CIPHER TESTS
  494. **/
  495. typedef struct cipher_data_st {
  496. const EVP_CIPHER *cipher;
  497. EVP_CIPHER *fetched_cipher;
  498. int enc;
  499. /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
  500. int aead;
  501. unsigned char *key;
  502. size_t key_len;
  503. size_t key_bits; /* Used by RC2 */
  504. unsigned char *iv;
  505. unsigned char *next_iv; /* Expected IV state after operation */
  506. unsigned int rounds;
  507. size_t iv_len;
  508. unsigned char *plaintext;
  509. size_t plaintext_len;
  510. unsigned char *ciphertext;
  511. size_t ciphertext_len;
  512. /* AEAD ciphers only */
  513. unsigned char *aad[AAD_NUM];
  514. size_t aad_len[AAD_NUM];
  515. int tls_aad;
  516. int tls_version;
  517. unsigned char *tag;
  518. const char *cts_mode;
  519. size_t tag_len;
  520. int tag_late;
  521. unsigned char *mac_key;
  522. size_t mac_key_len;
  523. const char *xts_standard;
  524. } CIPHER_DATA;
  525. static int cipher_test_init(EVP_TEST *t, const char *alg)
  526. {
  527. const EVP_CIPHER *cipher;
  528. EVP_CIPHER *fetched_cipher;
  529. CIPHER_DATA *cdat;
  530. int m;
  531. if (is_cipher_disabled(alg)) {
  532. t->skip = 1;
  533. TEST_info("skipping, '%s' is disabled", alg);
  534. return 1;
  535. }
  536. ERR_set_mark();
  537. if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL
  538. && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
  539. /* a stitched cipher might not be available */
  540. if (strstr(alg, "HMAC") != NULL) {
  541. ERR_pop_to_mark();
  542. t->skip = 1;
  543. TEST_info("skipping, '%s' is not available", alg);
  544. return 1;
  545. }
  546. ERR_clear_last_mark();
  547. return 0;
  548. }
  549. ERR_clear_last_mark();
  550. if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
  551. return 0;
  552. cdat->cipher = cipher;
  553. cdat->fetched_cipher = fetched_cipher;
  554. cdat->enc = -1;
  555. m = EVP_CIPHER_get_mode(cipher);
  556. if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
  557. cdat->aead = m != 0 ? m : -1;
  558. else
  559. cdat->aead = 0;
  560. t->data = cdat;
  561. if (fetched_cipher != NULL)
  562. TEST_info("%s is fetched", alg);
  563. return 1;
  564. }
  565. static void cipher_test_cleanup(EVP_TEST *t)
  566. {
  567. int i;
  568. CIPHER_DATA *cdat = t->data;
  569. OPENSSL_free(cdat->key);
  570. OPENSSL_free(cdat->iv);
  571. OPENSSL_free(cdat->next_iv);
  572. OPENSSL_free(cdat->ciphertext);
  573. OPENSSL_free(cdat->plaintext);
  574. for (i = 0; i < AAD_NUM; i++)
  575. OPENSSL_free(cdat->aad[i]);
  576. OPENSSL_free(cdat->tag);
  577. OPENSSL_free(cdat->mac_key);
  578. EVP_CIPHER_free(cdat->fetched_cipher);
  579. }
  580. static int cipher_test_parse(EVP_TEST *t, const char *keyword,
  581. const char *value)
  582. {
  583. CIPHER_DATA *cdat = t->data;
  584. int i;
  585. if (strcmp(keyword, "Key") == 0)
  586. return parse_bin(value, &cdat->key, &cdat->key_len);
  587. if (strcmp(keyword, "Rounds") == 0) {
  588. i = atoi(value);
  589. if (i < 0)
  590. return -1;
  591. cdat->rounds = (unsigned int)i;
  592. return 1;
  593. }
  594. if (strcmp(keyword, "IV") == 0)
  595. return parse_bin(value, &cdat->iv, &cdat->iv_len);
  596. if (strcmp(keyword, "NextIV") == 0)
  597. return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
  598. if (strcmp(keyword, "Plaintext") == 0)
  599. return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
  600. if (strcmp(keyword, "Ciphertext") == 0)
  601. return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
  602. if (strcmp(keyword, "KeyBits") == 0) {
  603. i = atoi(value);
  604. if (i < 0)
  605. return -1;
  606. cdat->key_bits = (size_t)i;
  607. return 1;
  608. }
  609. if (cdat->aead) {
  610. int tls_aad = 0;
  611. if (strcmp(keyword, "TLSAAD") == 0)
  612. cdat->tls_aad = tls_aad = 1;
  613. if (strcmp(keyword, "AAD") == 0 || tls_aad) {
  614. for (i = 0; i < AAD_NUM; i++) {
  615. if (cdat->aad[i] == NULL)
  616. return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
  617. }
  618. return -1;
  619. }
  620. if (strcmp(keyword, "Tag") == 0)
  621. return parse_bin(value, &cdat->tag, &cdat->tag_len);
  622. if (strcmp(keyword, "SetTagLate") == 0) {
  623. if (strcmp(value, "TRUE") == 0)
  624. cdat->tag_late = 1;
  625. else if (strcmp(value, "FALSE") == 0)
  626. cdat->tag_late = 0;
  627. else
  628. return -1;
  629. return 1;
  630. }
  631. if (strcmp(keyword, "MACKey") == 0)
  632. return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
  633. if (strcmp(keyword, "TLSVersion") == 0) {
  634. char *endptr;
  635. cdat->tls_version = (int)strtol(value, &endptr, 0);
  636. return value[0] != '\0' && endptr[0] == '\0';
  637. }
  638. }
  639. if (strcmp(keyword, "Operation") == 0) {
  640. if (strcmp(value, "ENCRYPT") == 0)
  641. cdat->enc = 1;
  642. else if (strcmp(value, "DECRYPT") == 0)
  643. cdat->enc = 0;
  644. else
  645. return -1;
  646. return 1;
  647. }
  648. if (strcmp(keyword, "CTSMode") == 0) {
  649. cdat->cts_mode = value;
  650. return 1;
  651. }
  652. if (strcmp(keyword, "XTSStandard") == 0) {
  653. cdat->xts_standard = value;
  654. return 1;
  655. }
  656. return 0;
  657. }
  658. static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
  659. size_t inp_misalign, int frag, int in_place)
  660. {
  661. CIPHER_DATA *expected = t->data;
  662. unsigned char *in, *expected_out, *tmp = NULL;
  663. size_t in_len, out_len, donelen = 0;
  664. int ok = 0, tmplen, chunklen, tmpflen, i;
  665. EVP_CIPHER_CTX *ctx_base = NULL;
  666. EVP_CIPHER_CTX *ctx = NULL, *duped;
  667. int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0);
  668. t->err = "TEST_FAILURE";
  669. if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
  670. goto err;
  671. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
  672. goto err;
  673. EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
  674. if (enc) {
  675. in = expected->plaintext;
  676. in_len = expected->plaintext_len;
  677. expected_out = expected->ciphertext;
  678. out_len = expected->ciphertext_len;
  679. } else {
  680. in = expected->ciphertext;
  681. in_len = expected->ciphertext_len;
  682. expected_out = expected->plaintext;
  683. out_len = expected->plaintext_len;
  684. }
  685. if (in_place == 1) {
  686. /* Exercise in-place encryption */
  687. tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
  688. if (!tmp)
  689. goto err;
  690. in = memcpy(tmp + out_misalign, in, in_len);
  691. } else {
  692. inp_misalign += 16 - ((out_misalign + in_len) & 15);
  693. /*
  694. * 'tmp' will store both output and copy of input. We make the copy
  695. * of input to specifically aligned part of 'tmp'. So we just
  696. * figured out how much padding would ensure the required alignment,
  697. * now we allocate extended buffer and finally copy the input just
  698. * past inp_misalign in expression below. Output will be written
  699. * past out_misalign...
  700. */
  701. tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
  702. inp_misalign + in_len);
  703. if (!tmp)
  704. goto err;
  705. in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
  706. inp_misalign, in, in_len);
  707. }
  708. if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) {
  709. t->err = "CIPHERINIT_ERROR";
  710. goto err;
  711. }
  712. if (expected->cts_mode != NULL) {
  713. OSSL_PARAM params[2];
  714. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
  715. (char *)expected->cts_mode,
  716. 0);
  717. params[1] = OSSL_PARAM_construct_end();
  718. if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
  719. t->err = "INVALID_CTS_MODE";
  720. goto err;
  721. }
  722. }
  723. if (expected->iv) {
  724. if (expected->aead) {
  725. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
  726. expected->iv_len, 0) <= 0) {
  727. t->err = "INVALID_IV_LENGTH";
  728. goto err;
  729. }
  730. } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
  731. t->err = "INVALID_IV_LENGTH";
  732. goto err;
  733. }
  734. }
  735. if (expected->aead && !expected->tls_aad) {
  736. unsigned char *tag;
  737. /*
  738. * If encrypting or OCB just set tag length initially, otherwise
  739. * set tag length and value.
  740. */
  741. if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
  742. t->err = "TAG_LENGTH_SET_ERROR";
  743. tag = NULL;
  744. } else {
  745. t->err = "TAG_SET_ERROR";
  746. tag = expected->tag;
  747. }
  748. if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
  749. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
  750. expected->tag_len, tag) <= 0)
  751. goto err;
  752. }
  753. }
  754. if (expected->rounds > 0) {
  755. int rounds = (int)expected->rounds;
  756. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
  757. t->err = "INVALID_ROUNDS";
  758. goto err;
  759. }
  760. }
  761. if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
  762. t->err = "INVALID_KEY_LENGTH";
  763. goto err;
  764. }
  765. if (expected->key_bits > 0) {
  766. int bits = (int)expected->key_bits;
  767. if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
  768. t->err = "INVALID KEY BITS";
  769. goto err;
  770. }
  771. }
  772. if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
  773. t->err = "KEY_SET_ERROR";
  774. goto err;
  775. }
  776. /* Check that we get the same IV back */
  777. if (expected->iv != NULL) {
  778. /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
  779. unsigned char iv[128];
  780. if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
  781. || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
  782. && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
  783. expected->iv_len))) {
  784. t->err = "INVALID_IV";
  785. goto err;
  786. }
  787. }
  788. /* Test that the cipher dup functions correctly if it is supported */
  789. ERR_set_mark();
  790. if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
  791. if (fips_dupctx_supported) {
  792. TEST_info("Doing a copy of Cipher %s Fails!\n",
  793. EVP_CIPHER_get0_name(expected->cipher));
  794. ERR_print_errors_fp(stderr);
  795. goto err;
  796. } else {
  797. TEST_info("Allowing copy fail as an old fips provider is in use.");
  798. }
  799. EVP_CIPHER_CTX_free(ctx);
  800. ctx = ctx_base;
  801. } else {
  802. EVP_CIPHER_CTX_free(ctx_base);
  803. ctx_base = NULL;
  804. }
  805. /* Likewise for dup */
  806. duped = EVP_CIPHER_CTX_dup(ctx);
  807. if (duped != NULL) {
  808. EVP_CIPHER_CTX_free(ctx);
  809. ctx = duped;
  810. } else {
  811. if (fips_dupctx_supported) {
  812. TEST_info("Doing a dup of Cipher %s Fails!\n",
  813. EVP_CIPHER_get0_name(expected->cipher));
  814. ERR_print_errors_fp(stderr);
  815. goto err;
  816. } else {
  817. TEST_info("Allowing dup fail as an old fips provider is in use.");
  818. }
  819. }
  820. ERR_pop_to_mark();
  821. if (expected->mac_key != NULL
  822. && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
  823. (int)expected->mac_key_len,
  824. (void *)expected->mac_key) <= 0) {
  825. t->err = "SET_MAC_KEY_ERROR";
  826. goto err;
  827. }
  828. if (expected->tls_version) {
  829. OSSL_PARAM params[2];
  830. params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
  831. &expected->tls_version);
  832. params[1] = OSSL_PARAM_construct_end();
  833. if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
  834. t->err = "SET_TLS_VERSION_ERROR";
  835. goto err;
  836. }
  837. }
  838. if (expected->aead == EVP_CIPH_CCM_MODE) {
  839. if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
  840. t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
  841. goto err;
  842. }
  843. }
  844. if (expected->aad[0] != NULL && !expected->tls_aad) {
  845. t->err = "AAD_SET_ERROR";
  846. if (!frag) {
  847. for (i = 0; expected->aad[i] != NULL; i++) {
  848. if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i],
  849. expected->aad_len[i]))
  850. goto err;
  851. }
  852. } else {
  853. /*
  854. * Supply the AAD in chunks less than the block size where possible
  855. */
  856. for (i = 0; expected->aad[i] != NULL; i++) {
  857. if (expected->aad_len[i] > 0) {
  858. if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
  859. goto err;
  860. donelen++;
  861. }
  862. if (expected->aad_len[i] > 2) {
  863. if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
  864. expected->aad[i] + donelen,
  865. expected->aad_len[i] - 2))
  866. goto err;
  867. donelen += expected->aad_len[i] - 2;
  868. }
  869. if (expected->aad_len[i] > 1
  870. && !EVP_CipherUpdate(ctx, NULL, &chunklen,
  871. expected->aad[i] + donelen, 1))
  872. goto err;
  873. }
  874. }
  875. }
  876. if (expected->tls_aad) {
  877. OSSL_PARAM params[2];
  878. char *tls_aad;
  879. /* duplicate the aad as the implementation might modify it */
  880. if ((tls_aad = OPENSSL_memdup(expected->aad[0],
  881. expected->aad_len[0])) == NULL)
  882. goto err;
  883. params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
  884. tls_aad,
  885. expected->aad_len[0]);
  886. params[1] = OSSL_PARAM_construct_end();
  887. if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
  888. OPENSSL_free(tls_aad);
  889. t->err = "TLS1_AAD_ERROR";
  890. goto err;
  891. }
  892. OPENSSL_free(tls_aad);
  893. } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
  894. || expected->tag_late)) {
  895. if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  896. expected->tag_len, expected->tag) <= 0) {
  897. t->err = "TAG_SET_ERROR";
  898. goto err;
  899. }
  900. }
  901. if (expected->xts_standard != NULL) {
  902. OSSL_PARAM params[2];
  903. params[0] =
  904. OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD,
  905. (char *)expected->xts_standard, 0);
  906. params[1] = OSSL_PARAM_construct_end();
  907. if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
  908. t->err = "SET_XTS_STANDARD_ERROR";
  909. goto err;
  910. }
  911. }
  912. EVP_CIPHER_CTX_set_padding(ctx, 0);
  913. t->err = "CIPHERUPDATE_ERROR";
  914. tmplen = 0;
  915. if (!frag) {
  916. /* We supply the data all in one go */
  917. if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
  918. goto err;
  919. } else {
  920. /* Supply the data in chunks less than the block size where possible */
  921. if (in_len > 0) {
  922. if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
  923. goto err;
  924. tmplen += chunklen;
  925. in++;
  926. in_len--;
  927. }
  928. if (in_len > 1) {
  929. if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
  930. in, in_len - 1))
  931. goto err;
  932. tmplen += chunklen;
  933. in += in_len - 1;
  934. in_len = 1;
  935. }
  936. if (in_len > 0) {
  937. if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
  938. in, 1))
  939. goto err;
  940. tmplen += chunklen;
  941. }
  942. }
  943. if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
  944. t->err = "CIPHERFINAL_ERROR";
  945. goto err;
  946. }
  947. if (!enc && expected->tls_aad) {
  948. if (expected->tls_version >= TLS1_1_VERSION
  949. && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
  950. || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
  951. tmplen -= expected->iv_len;
  952. expected_out += expected->iv_len;
  953. out_misalign += expected->iv_len;
  954. }
  955. if ((int)out_len > tmplen + tmpflen)
  956. out_len = tmplen + tmpflen;
  957. }
  958. if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
  959. tmp + out_misalign, tmplen + tmpflen))
  960. goto err;
  961. if (enc && expected->aead && !expected->tls_aad) {
  962. unsigned char rtag[16];
  963. if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
  964. t->err = "TAG_LENGTH_INTERNAL_ERROR";
  965. goto err;
  966. }
  967. if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  968. expected->tag_len, rtag) <= 0) {
  969. t->err = "TAG_RETRIEVE_ERROR";
  970. goto err;
  971. }
  972. if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
  973. expected->tag, expected->tag_len,
  974. rtag, expected->tag_len))
  975. goto err;
  976. }
  977. /* Check the updated IV */
  978. if (expected->next_iv != NULL) {
  979. /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
  980. unsigned char iv[128];
  981. if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
  982. || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
  983. && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
  984. expected->iv_len))) {
  985. t->err = "INVALID_NEXT_IV";
  986. goto err;
  987. }
  988. }
  989. t->err = NULL;
  990. ok = 1;
  991. err:
  992. OPENSSL_free(tmp);
  993. if (ctx != ctx_base)
  994. EVP_CIPHER_CTX_free(ctx_base);
  995. EVP_CIPHER_CTX_free(ctx);
  996. return ok;
  997. }
  998. /*
  999. * XTS, SIV, CCM, stitched ciphers and Wrap modes have special
  1000. * requirements about input lengths so we don't fragment for those
  1001. */
  1002. static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat)
  1003. {
  1004. return (cdat->aead == EVP_CIPH_CCM_MODE
  1005. || cdat->aead == EVP_CIPH_CBC_MODE
  1006. || (cdat->aead == -1
  1007. && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
  1008. || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
  1009. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
  1010. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE
  1011. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
  1012. || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1;
  1013. }
  1014. static int cipher_test_run(EVP_TEST *t)
  1015. {
  1016. CIPHER_DATA *cdat = t->data;
  1017. int rv, frag, fragmax, in_place;
  1018. size_t out_misalign, inp_misalign;
  1019. TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
  1020. if (!cdat->key) {
  1021. t->err = "NO_KEY";
  1022. return 0;
  1023. }
  1024. if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) {
  1025. /* IV is optional and usually omitted in wrap mode */
  1026. if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
  1027. t->err = "NO_IV";
  1028. return 0;
  1029. }
  1030. }
  1031. if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
  1032. t->err = "NO_TAG";
  1033. return 0;
  1034. }
  1035. fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1;
  1036. for (in_place = 1; in_place >= 0; in_place--) {
  1037. static char aux_err[64];
  1038. t->aux_err = aux_err;
  1039. /* Test only in-place data processing */
  1040. if (process_mode_in_place == 1 && in_place == 0)
  1041. break;
  1042. for (frag = 0; frag <= fragmax; frag++) {
  1043. for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
  1044. for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) {
  1045. /* Skip input misalign tests for in-place processing */
  1046. if (inp_misalign == 1 && in_place == 1)
  1047. break;
  1048. if (in_place == 1) {
  1049. BIO_snprintf(aux_err, sizeof(aux_err),
  1050. "%s in-place, %sfragmented",
  1051. out_misalign ? "misaligned" : "aligned",
  1052. frag ? "" : "not ");
  1053. } else {
  1054. BIO_snprintf(aux_err, sizeof(aux_err),
  1055. "%s output and %s input, %sfragmented",
  1056. out_misalign ? "misaligned" : "aligned",
  1057. inp_misalign ? "misaligned" : "aligned",
  1058. frag ? "" : "not ");
  1059. }
  1060. if (cdat->enc) {
  1061. rv = cipher_test_enc(t, 1, out_misalign, inp_misalign,
  1062. frag, in_place);
  1063. /* Not fatal errors: return */
  1064. if (rv != 1) {
  1065. if (rv < 0)
  1066. return 0;
  1067. return 1;
  1068. }
  1069. }
  1070. if (cdat->enc != 1) {
  1071. rv = cipher_test_enc(t, 0, out_misalign, inp_misalign,
  1072. frag, in_place);
  1073. /* Not fatal errors: return */
  1074. if (rv != 1) {
  1075. if (rv < 0)
  1076. return 0;
  1077. return 1;
  1078. }
  1079. }
  1080. }
  1081. }
  1082. }
  1083. }
  1084. t->aux_err = NULL;
  1085. return 1;
  1086. }
  1087. static const EVP_TEST_METHOD cipher_test_method = {
  1088. "Cipher",
  1089. cipher_test_init,
  1090. cipher_test_cleanup,
  1091. cipher_test_parse,
  1092. cipher_test_run
  1093. };
  1094. /**
  1095. ** MAC TESTS
  1096. **/
  1097. typedef struct mac_data_st {
  1098. /* MAC type in one form or another */
  1099. char *mac_name;
  1100. EVP_MAC *mac; /* for mac_test_run_mac */
  1101. int type; /* for mac_test_run_pkey */
  1102. /* Algorithm string for this MAC */
  1103. char *alg;
  1104. /* MAC key */
  1105. unsigned char *key;
  1106. size_t key_len;
  1107. /* MAC IV (GMAC) */
  1108. unsigned char *iv;
  1109. size_t iv_len;
  1110. /* Input to MAC */
  1111. unsigned char *input;
  1112. size_t input_len;
  1113. /* Expected output */
  1114. unsigned char *output;
  1115. size_t output_len;
  1116. unsigned char *custom;
  1117. size_t custom_len;
  1118. /* MAC salt (blake2) */
  1119. unsigned char *salt;
  1120. size_t salt_len;
  1121. /* XOF mode? */
  1122. int xof;
  1123. /* Reinitialization fails */
  1124. int no_reinit;
  1125. /* Collection of controls */
  1126. STACK_OF(OPENSSL_STRING) *controls;
  1127. /* Output size */
  1128. int output_size;
  1129. /* Block size */
  1130. int block_size;
  1131. } MAC_DATA;
  1132. static int mac_test_init(EVP_TEST *t, const char *alg)
  1133. {
  1134. EVP_MAC *mac = NULL;
  1135. int type = NID_undef;
  1136. MAC_DATA *mdat;
  1137. if (is_mac_disabled(alg)) {
  1138. TEST_info("skipping, '%s' is disabled", alg);
  1139. t->skip = 1;
  1140. return 1;
  1141. }
  1142. if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) {
  1143. /*
  1144. * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
  1145. * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
  1146. * the EVP_PKEY method.
  1147. */
  1148. size_t sz = strlen(alg);
  1149. static const char epilogue[] = " by EVP_PKEY";
  1150. if (sz >= sizeof(epilogue)
  1151. && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
  1152. sz -= sizeof(epilogue) - 1;
  1153. if (strncmp(alg, "HMAC", sz) == 0)
  1154. type = EVP_PKEY_HMAC;
  1155. else if (strncmp(alg, "CMAC", sz) == 0)
  1156. type = EVP_PKEY_CMAC;
  1157. else if (strncmp(alg, "Poly1305", sz) == 0)
  1158. type = EVP_PKEY_POLY1305;
  1159. else if (strncmp(alg, "SipHash", sz) == 0)
  1160. type = EVP_PKEY_SIPHASH;
  1161. else
  1162. return 0;
  1163. }
  1164. if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
  1165. return 0;
  1166. mdat->type = type;
  1167. if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
  1168. OPENSSL_free(mdat);
  1169. return 0;
  1170. }
  1171. mdat->mac = mac;
  1172. if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
  1173. OPENSSL_free(mdat->mac_name);
  1174. OPENSSL_free(mdat);
  1175. return 0;
  1176. }
  1177. mdat->output_size = mdat->block_size = -1;
  1178. t->data = mdat;
  1179. return 1;
  1180. }
  1181. /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
  1182. static void openssl_free(char *m)
  1183. {
  1184. OPENSSL_free(m);
  1185. }
  1186. static void mac_test_cleanup(EVP_TEST *t)
  1187. {
  1188. MAC_DATA *mdat = t->data;
  1189. EVP_MAC_free(mdat->mac);
  1190. OPENSSL_free(mdat->mac_name);
  1191. sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
  1192. OPENSSL_free(mdat->alg);
  1193. OPENSSL_free(mdat->key);
  1194. OPENSSL_free(mdat->iv);
  1195. OPENSSL_free(mdat->custom);
  1196. OPENSSL_free(mdat->salt);
  1197. OPENSSL_free(mdat->input);
  1198. OPENSSL_free(mdat->output);
  1199. }
  1200. static int mac_test_parse(EVP_TEST *t,
  1201. const char *keyword, const char *value)
  1202. {
  1203. MAC_DATA *mdata = t->data;
  1204. if (strcmp(keyword, "Key") == 0)
  1205. return parse_bin(value, &mdata->key, &mdata->key_len);
  1206. if (strcmp(keyword, "IV") == 0)
  1207. return parse_bin(value, &mdata->iv, &mdata->iv_len);
  1208. if (strcmp(keyword, "Custom") == 0)
  1209. return parse_bin(value, &mdata->custom, &mdata->custom_len);
  1210. if (strcmp(keyword, "Salt") == 0)
  1211. return parse_bin(value, &mdata->salt, &mdata->salt_len);
  1212. if (strcmp(keyword, "Algorithm") == 0) {
  1213. mdata->alg = OPENSSL_strdup(value);
  1214. if (mdata->alg == NULL)
  1215. return -1;
  1216. return 1;
  1217. }
  1218. if (strcmp(keyword, "Input") == 0)
  1219. return parse_bin(value, &mdata->input, &mdata->input_len);
  1220. if (strcmp(keyword, "Output") == 0)
  1221. return parse_bin(value, &mdata->output, &mdata->output_len);
  1222. if (strcmp(keyword, "XOF") == 0)
  1223. return mdata->xof = 1;
  1224. if (strcmp(keyword, "NoReinit") == 0)
  1225. return mdata->no_reinit = 1;
  1226. if (strcmp(keyword, "Ctrl") == 0) {
  1227. char *data = OPENSSL_strdup(value);
  1228. if (data == NULL)
  1229. return -1;
  1230. return sk_OPENSSL_STRING_push(mdata->controls, data) != 0;
  1231. }
  1232. if (strcmp(keyword, "OutputSize") == 0) {
  1233. mdata->output_size = atoi(value);
  1234. if (mdata->output_size < 0)
  1235. return -1;
  1236. return 1;
  1237. }
  1238. if (strcmp(keyword, "BlockSize") == 0) {
  1239. mdata->block_size = atoi(value);
  1240. if (mdata->block_size < 0)
  1241. return -1;
  1242. return 1;
  1243. }
  1244. return 0;
  1245. }
  1246. static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
  1247. const char *value)
  1248. {
  1249. int rv = 0;
  1250. char *p, *tmpval;
  1251. if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
  1252. return 0;
  1253. p = strchr(tmpval, ':');
  1254. if (p != NULL) {
  1255. *p++ = '\0';
  1256. rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
  1257. }
  1258. if (rv == -2)
  1259. t->err = "PKEY_CTRL_INVALID";
  1260. else if (rv <= 0)
  1261. t->err = "PKEY_CTRL_ERROR";
  1262. else
  1263. rv = 1;
  1264. OPENSSL_free(tmpval);
  1265. return rv > 0;
  1266. }
  1267. static int mac_test_run_pkey(EVP_TEST *t)
  1268. {
  1269. MAC_DATA *expected = t->data;
  1270. EVP_MD_CTX *mctx = NULL;
  1271. EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
  1272. EVP_PKEY *key = NULL;
  1273. const char *mdname = NULL;
  1274. EVP_CIPHER *cipher = NULL;
  1275. unsigned char *got = NULL;
  1276. size_t got_len;
  1277. int i;
  1278. /* We don't do XOF mode via PKEY */
  1279. if (expected->xof)
  1280. return 1;
  1281. if (expected->alg == NULL)
  1282. TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
  1283. else
  1284. TEST_info("Trying the EVP_PKEY %s test with %s",
  1285. OBJ_nid2sn(expected->type), expected->alg);
  1286. if (expected->type == EVP_PKEY_CMAC) {
  1287. #ifdef OPENSSL_NO_DEPRECATED_3_0
  1288. TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
  1289. t->skip = 1;
  1290. t->err = NULL;
  1291. goto err;
  1292. #else
  1293. OSSL_LIB_CTX *tmpctx;
  1294. if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
  1295. TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
  1296. t->skip = 1;
  1297. t->err = NULL;
  1298. goto err;
  1299. }
  1300. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) {
  1301. t->err = "MAC_KEY_CREATE_ERROR";
  1302. goto err;
  1303. }
  1304. tmpctx = OSSL_LIB_CTX_set0_default(libctx);
  1305. key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
  1306. cipher);
  1307. OSSL_LIB_CTX_set0_default(tmpctx);
  1308. #endif
  1309. } else {
  1310. key = EVP_PKEY_new_raw_private_key_ex(libctx,
  1311. OBJ_nid2sn(expected->type), NULL,
  1312. expected->key, expected->key_len);
  1313. }
  1314. if (key == NULL) {
  1315. t->err = "MAC_KEY_CREATE_ERROR";
  1316. goto err;
  1317. }
  1318. if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
  1319. if (is_digest_disabled(expected->alg)) {
  1320. TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
  1321. t->skip = 1;
  1322. t->err = NULL;
  1323. goto err;
  1324. }
  1325. mdname = expected->alg;
  1326. }
  1327. if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
  1328. t->err = "INTERNAL_ERROR";
  1329. goto err;
  1330. }
  1331. if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
  1332. t->err = "DIGESTSIGNINIT_ERROR";
  1333. goto err;
  1334. }
  1335. for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
  1336. if (!mac_test_ctrl_pkey(t, pctx,
  1337. sk_OPENSSL_STRING_value(expected->controls,
  1338. i))) {
  1339. t->err = "EVPPKEYCTXCTRL_ERROR";
  1340. goto err;
  1341. }
  1342. if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
  1343. t->err = "DIGESTSIGNUPDATE_ERROR";
  1344. goto err;
  1345. }
  1346. if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
  1347. t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
  1348. goto err;
  1349. }
  1350. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1351. t->err = "TEST_FAILURE";
  1352. goto err;
  1353. }
  1354. if (!EVP_DigestSignFinal(mctx, got, &got_len)
  1355. || !memory_err_compare(t, "TEST_MAC_ERR",
  1356. expected->output, expected->output_len,
  1357. got, got_len)) {
  1358. t->err = "TEST_MAC_ERR";
  1359. goto err;
  1360. }
  1361. t->err = NULL;
  1362. err:
  1363. EVP_CIPHER_free(cipher);
  1364. EVP_MD_CTX_free(mctx);
  1365. OPENSSL_free(got);
  1366. EVP_PKEY_CTX_free(genctx);
  1367. EVP_PKEY_free(key);
  1368. return 1;
  1369. }
  1370. static int mac_test_run_mac(EVP_TEST *t)
  1371. {
  1372. MAC_DATA *expected = t->data;
  1373. EVP_MAC_CTX *ctx = NULL;
  1374. unsigned char *got = NULL;
  1375. size_t got_len = 0, size = 0;
  1376. size_t size_before_init = 0, size_after_init, size_val = 0;
  1377. int i, block_size = -1, output_size = -1;
  1378. OSSL_PARAM params[21], sizes[3], *psizes = sizes;
  1379. size_t params_n = 0;
  1380. size_t params_n_allocstart = 0;
  1381. const OSSL_PARAM *defined_params =
  1382. EVP_MAC_settable_ctx_params(expected->mac);
  1383. int xof;
  1384. int reinit = 1;
  1385. if (expected->alg == NULL)
  1386. TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
  1387. else
  1388. TEST_info("Trying the EVP_MAC %s test with %s",
  1389. expected->mac_name, expected->alg);
  1390. if (expected->alg != NULL) {
  1391. int skip = 0;
  1392. /*
  1393. * The underlying algorithm may be a cipher or a digest.
  1394. * We don't know which it is, but we can ask the MAC what it
  1395. * should be and bet on that.
  1396. */
  1397. if (OSSL_PARAM_locate_const(defined_params,
  1398. OSSL_MAC_PARAM_CIPHER) != NULL) {
  1399. if (is_cipher_disabled(expected->alg))
  1400. skip = 1;
  1401. else
  1402. params[params_n++] =
  1403. OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
  1404. expected->alg, 0);
  1405. } else if (OSSL_PARAM_locate_const(defined_params,
  1406. OSSL_MAC_PARAM_DIGEST) != NULL) {
  1407. if (is_digest_disabled(expected->alg))
  1408. skip = 1;
  1409. else
  1410. params[params_n++] =
  1411. OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
  1412. expected->alg, 0);
  1413. } else {
  1414. t->err = "MAC_BAD_PARAMS";
  1415. goto err;
  1416. }
  1417. if (skip) {
  1418. TEST_info("skipping, algorithm '%s' is disabled", expected->alg);
  1419. t->skip = 1;
  1420. t->err = NULL;
  1421. goto err;
  1422. }
  1423. }
  1424. if (expected->custom != NULL)
  1425. params[params_n++] =
  1426. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
  1427. expected->custom,
  1428. expected->custom_len);
  1429. if (expected->salt != NULL)
  1430. params[params_n++] =
  1431. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
  1432. expected->salt,
  1433. expected->salt_len);
  1434. if (expected->iv != NULL)
  1435. params[params_n++] =
  1436. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
  1437. expected->iv,
  1438. expected->iv_len);
  1439. /* Unknown controls. They must match parameters that the MAC recognizes */
  1440. if (params_n + sk_OPENSSL_STRING_num(expected->controls)
  1441. >= OSSL_NELEM(params)) {
  1442. t->err = "MAC_TOO_MANY_PARAMETERS";
  1443. goto err;
  1444. }
  1445. params_n_allocstart = params_n;
  1446. for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
  1447. char *tmpkey, *tmpval;
  1448. char *value = sk_OPENSSL_STRING_value(expected->controls, i);
  1449. if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
  1450. t->err = "MAC_PARAM_ERROR";
  1451. goto err;
  1452. }
  1453. tmpval = strchr(tmpkey, ':');
  1454. if (tmpval != NULL)
  1455. *tmpval++ = '\0';
  1456. if (tmpval == NULL
  1457. || !OSSL_PARAM_allocate_from_text(&params[params_n],
  1458. defined_params,
  1459. tmpkey, tmpval,
  1460. strlen(tmpval), NULL)) {
  1461. OPENSSL_free(tmpkey);
  1462. t->err = "MAC_PARAM_ERROR";
  1463. goto err;
  1464. }
  1465. params_n++;
  1466. if (strcmp(tmpkey, "size") == 0)
  1467. size_val = (size_t)strtoul(tmpval, NULL, 0);
  1468. OPENSSL_free(tmpkey);
  1469. }
  1470. params[params_n] = OSSL_PARAM_construct_end();
  1471. if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
  1472. t->err = "MAC_CREATE_ERROR";
  1473. goto err;
  1474. }
  1475. if (fips_provider_version_gt(libctx, 3, 2, 0))
  1476. size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
  1477. if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
  1478. t->err = "MAC_INIT_ERROR";
  1479. goto err;
  1480. }
  1481. size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
  1482. if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
  1483. t->err = "MAC SIZE not set";
  1484. goto err;
  1485. }
  1486. if (size_before_init != 0) {
  1487. /* mac-size not modified by init params */
  1488. if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
  1489. t->err = "MAC SIZE check failed";
  1490. goto err;
  1491. }
  1492. /* mac-size modified by init params */
  1493. if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
  1494. t->err = "MAC SIZE check failed";
  1495. goto err;
  1496. }
  1497. }
  1498. if (expected->output_size >= 0)
  1499. *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
  1500. &output_size);
  1501. if (expected->block_size >= 0)
  1502. *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
  1503. &block_size);
  1504. if (psizes != sizes) {
  1505. *psizes = OSSL_PARAM_construct_end();
  1506. if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
  1507. t->err = "INTERNAL_ERROR";
  1508. goto err;
  1509. }
  1510. if (expected->output_size >= 0
  1511. && !TEST_int_eq(output_size, expected->output_size)) {
  1512. t->err = "TEST_FAILURE";
  1513. goto err;
  1514. }
  1515. if (expected->block_size >= 0
  1516. && !TEST_int_eq(block_size, expected->block_size)) {
  1517. t->err = "TEST_FAILURE";
  1518. goto err;
  1519. }
  1520. }
  1521. retry:
  1522. if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
  1523. t->err = "MAC_UPDATE_ERROR";
  1524. goto err;
  1525. }
  1526. xof = expected->xof;
  1527. if (xof) {
  1528. if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
  1529. t->err = "TEST_FAILURE";
  1530. goto err;
  1531. }
  1532. if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
  1533. || !memory_err_compare(t, "TEST_MAC_ERR",
  1534. expected->output, expected->output_len,
  1535. got, expected->output_len)) {
  1536. t->err = "MAC_FINAL_ERROR";
  1537. goto err;
  1538. }
  1539. } else {
  1540. if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
  1541. t->err = "MAC_FINAL_LENGTH_ERROR";
  1542. goto err;
  1543. }
  1544. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1545. t->err = "TEST_FAILURE";
  1546. goto err;
  1547. }
  1548. if (!EVP_MAC_final(ctx, got, &got_len, got_len)
  1549. || !memory_err_compare(t, "TEST_MAC_ERR",
  1550. expected->output, expected->output_len,
  1551. got, got_len)) {
  1552. t->err = "TEST_MAC_ERR";
  1553. goto err;
  1554. }
  1555. }
  1556. /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */
  1557. if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) {
  1558. OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  1559. int ret;
  1560. /* If the MAC uses IV, we have to set it again */
  1561. if (expected->iv != NULL) {
  1562. ivparams[0] =
  1563. OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
  1564. expected->iv,
  1565. expected->iv_len);
  1566. ivparams[1] = OSSL_PARAM_construct_end();
  1567. }
  1568. ERR_set_mark();
  1569. ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
  1570. if (expected->no_reinit) {
  1571. if (ret) {
  1572. ERR_clear_last_mark();
  1573. t->err = "MAC_REINIT_SHOULD_FAIL";
  1574. goto err;
  1575. }
  1576. } else if (ret) {
  1577. ERR_clear_last_mark();
  1578. OPENSSL_free(got);
  1579. got = NULL;
  1580. goto retry;
  1581. } else {
  1582. ERR_clear_last_mark();
  1583. t->err = "MAC_REINIT_ERROR";
  1584. goto err;
  1585. }
  1586. /* If reinitialization fails, it is unsupported by the algorithm */
  1587. ERR_pop_to_mark();
  1588. }
  1589. t->err = NULL;
  1590. /* Test the EVP_Q_mac interface as well */
  1591. if (!xof) {
  1592. OPENSSL_cleanse(got, got_len);
  1593. if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
  1594. expected->alg, params,
  1595. expected->key, expected->key_len,
  1596. expected->input, expected->input_len,
  1597. got, got_len, &size))
  1598. || !TEST_mem_eq(got, size,
  1599. expected->output, expected->output_len)) {
  1600. t->err = "EVP_Q_mac failed";
  1601. goto err;
  1602. }
  1603. }
  1604. err:
  1605. while (params_n-- > params_n_allocstart) {
  1606. OPENSSL_free(params[params_n].data);
  1607. }
  1608. EVP_MAC_CTX_free(ctx);
  1609. OPENSSL_free(got);
  1610. return 1;
  1611. }
  1612. static int mac_test_run(EVP_TEST *t)
  1613. {
  1614. MAC_DATA *expected = t->data;
  1615. if (expected->mac != NULL)
  1616. return mac_test_run_mac(t);
  1617. return mac_test_run_pkey(t);
  1618. }
  1619. static const EVP_TEST_METHOD mac_test_method = {
  1620. "MAC",
  1621. mac_test_init,
  1622. mac_test_cleanup,
  1623. mac_test_parse,
  1624. mac_test_run
  1625. };
  1626. /**
  1627. ** PUBLIC KEY TESTS
  1628. ** These are all very similar and share much common code.
  1629. **/
  1630. typedef struct pkey_data_st {
  1631. /* Context for this operation */
  1632. EVP_PKEY_CTX *ctx;
  1633. /* Key operation to perform */
  1634. int (*keyop) (EVP_PKEY_CTX *ctx,
  1635. unsigned char *sig, size_t *siglen,
  1636. const unsigned char *tbs, size_t tbslen);
  1637. /* Input to MAC */
  1638. unsigned char *input;
  1639. size_t input_len;
  1640. /* Expected output */
  1641. unsigned char *output;
  1642. size_t output_len;
  1643. } PKEY_DATA;
  1644. /*
  1645. * Perform public key operation setup: lookup key, allocated ctx and call
  1646. * the appropriate initialisation function
  1647. */
  1648. static int pkey_test_init(EVP_TEST *t, const char *name,
  1649. int use_public,
  1650. int (*keyopinit) (EVP_PKEY_CTX *ctx),
  1651. int (*keyop)(EVP_PKEY_CTX *ctx,
  1652. unsigned char *sig, size_t *siglen,
  1653. const unsigned char *tbs,
  1654. size_t tbslen))
  1655. {
  1656. PKEY_DATA *kdata;
  1657. EVP_PKEY *pkey = NULL;
  1658. int rv = 0;
  1659. if (use_public)
  1660. rv = find_key(&pkey, name, public_keys);
  1661. if (rv == 0)
  1662. rv = find_key(&pkey, name, private_keys);
  1663. if (rv == 0 || pkey == NULL) {
  1664. TEST_info("skipping, key '%s' is disabled", name);
  1665. t->skip = 1;
  1666. return 1;
  1667. }
  1668. if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
  1669. EVP_PKEY_free(pkey);
  1670. return 0;
  1671. }
  1672. kdata->keyop = keyop;
  1673. if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) {
  1674. EVP_PKEY_free(pkey);
  1675. OPENSSL_free(kdata);
  1676. return 0;
  1677. }
  1678. if (keyopinit(kdata->ctx) <= 0)
  1679. t->err = "KEYOP_INIT_ERROR";
  1680. t->data = kdata;
  1681. return 1;
  1682. }
  1683. static void pkey_test_cleanup(EVP_TEST *t)
  1684. {
  1685. PKEY_DATA *kdata = t->data;
  1686. OPENSSL_free(kdata->input);
  1687. OPENSSL_free(kdata->output);
  1688. EVP_PKEY_CTX_free(kdata->ctx);
  1689. }
  1690. static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
  1691. const char *value)
  1692. {
  1693. int rv = 0;
  1694. char *p, *tmpval;
  1695. if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
  1696. return 0;
  1697. p = strchr(tmpval, ':');
  1698. if (p != NULL) {
  1699. *p++ = '\0';
  1700. rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
  1701. }
  1702. if (rv == -2) {
  1703. t->err = "PKEY_CTRL_INVALID";
  1704. rv = 1;
  1705. } else if (p != NULL && rv <= 0) {
  1706. if (is_digest_disabled(p) || is_cipher_disabled(p)) {
  1707. TEST_info("skipping, '%s' is disabled", p);
  1708. t->skip = 1;
  1709. rv = 1;
  1710. } else {
  1711. t->err = "PKEY_CTRL_ERROR";
  1712. rv = 1;
  1713. }
  1714. }
  1715. OPENSSL_free(tmpval);
  1716. return rv > 0;
  1717. }
  1718. static int pkey_test_parse(EVP_TEST *t,
  1719. const char *keyword, const char *value)
  1720. {
  1721. PKEY_DATA *kdata = t->data;
  1722. if (strcmp(keyword, "Input") == 0)
  1723. return parse_bin(value, &kdata->input, &kdata->input_len);
  1724. if (strcmp(keyword, "Output") == 0)
  1725. return parse_bin(value, &kdata->output, &kdata->output_len);
  1726. if (strcmp(keyword, "Ctrl") == 0)
  1727. return pkey_test_ctrl(t, kdata->ctx, value);
  1728. return 0;
  1729. }
  1730. static int pkey_test_run(EVP_TEST *t)
  1731. {
  1732. PKEY_DATA *expected = t->data;
  1733. unsigned char *got = NULL;
  1734. size_t got_len;
  1735. EVP_PKEY_CTX *copy = NULL;
  1736. if (expected->keyop(expected->ctx, NULL, &got_len,
  1737. expected->input, expected->input_len) <= 0
  1738. || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1739. t->err = "KEYOP_LENGTH_ERROR";
  1740. goto err;
  1741. }
  1742. if (expected->keyop(expected->ctx, got, &got_len,
  1743. expected->input, expected->input_len) <= 0) {
  1744. t->err = "KEYOP_ERROR";
  1745. goto err;
  1746. }
  1747. if (!memory_err_compare(t, "KEYOP_MISMATCH",
  1748. expected->output, expected->output_len,
  1749. got, got_len))
  1750. goto err;
  1751. t->err = NULL;
  1752. OPENSSL_free(got);
  1753. got = NULL;
  1754. /* Repeat the test on a copy. */
  1755. if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
  1756. t->err = "INTERNAL_ERROR";
  1757. goto err;
  1758. }
  1759. if (expected->keyop(copy, NULL, &got_len, expected->input,
  1760. expected->input_len) <= 0
  1761. || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1762. t->err = "KEYOP_LENGTH_ERROR";
  1763. goto err;
  1764. }
  1765. if (expected->keyop(copy, got, &got_len, expected->input,
  1766. expected->input_len) <= 0) {
  1767. t->err = "KEYOP_ERROR";
  1768. goto err;
  1769. }
  1770. if (!memory_err_compare(t, "KEYOP_MISMATCH",
  1771. expected->output, expected->output_len,
  1772. got, got_len))
  1773. goto err;
  1774. err:
  1775. OPENSSL_free(got);
  1776. EVP_PKEY_CTX_free(copy);
  1777. return 1;
  1778. }
  1779. static int sign_test_init(EVP_TEST *t, const char *name)
  1780. {
  1781. return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
  1782. }
  1783. static const EVP_TEST_METHOD psign_test_method = {
  1784. "Sign",
  1785. sign_test_init,
  1786. pkey_test_cleanup,
  1787. pkey_test_parse,
  1788. pkey_test_run
  1789. };
  1790. static int verify_recover_test_init(EVP_TEST *t, const char *name)
  1791. {
  1792. return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
  1793. EVP_PKEY_verify_recover);
  1794. }
  1795. static const EVP_TEST_METHOD pverify_recover_test_method = {
  1796. "VerifyRecover",
  1797. verify_recover_test_init,
  1798. pkey_test_cleanup,
  1799. pkey_test_parse,
  1800. pkey_test_run
  1801. };
  1802. static int decrypt_test_init(EVP_TEST *t, const char *name)
  1803. {
  1804. return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
  1805. EVP_PKEY_decrypt);
  1806. }
  1807. static const EVP_TEST_METHOD pdecrypt_test_method = {
  1808. "Decrypt",
  1809. decrypt_test_init,
  1810. pkey_test_cleanup,
  1811. pkey_test_parse,
  1812. pkey_test_run
  1813. };
  1814. static int verify_test_init(EVP_TEST *t, const char *name)
  1815. {
  1816. return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
  1817. }
  1818. static int verify_test_run(EVP_TEST *t)
  1819. {
  1820. PKEY_DATA *kdata = t->data;
  1821. if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
  1822. kdata->input, kdata->input_len) <= 0)
  1823. t->err = "VERIFY_ERROR";
  1824. return 1;
  1825. }
  1826. static const EVP_TEST_METHOD pverify_test_method = {
  1827. "Verify",
  1828. verify_test_init,
  1829. pkey_test_cleanup,
  1830. pkey_test_parse,
  1831. verify_test_run
  1832. };
  1833. static int pderive_test_init(EVP_TEST *t, const char *name)
  1834. {
  1835. return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
  1836. }
  1837. static int pderive_test_parse(EVP_TEST *t,
  1838. const char *keyword, const char *value)
  1839. {
  1840. PKEY_DATA *kdata = t->data;
  1841. int validate = 0;
  1842. if (strcmp(keyword, "PeerKeyValidate") == 0)
  1843. validate = 1;
  1844. if (validate || strcmp(keyword, "PeerKey") == 0) {
  1845. EVP_PKEY *peer;
  1846. if (find_key(&peer, value, public_keys) == 0)
  1847. return -1;
  1848. if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) {
  1849. t->err = "DERIVE_SET_PEER_ERROR";
  1850. return 1;
  1851. }
  1852. t->err = NULL;
  1853. return 1;
  1854. }
  1855. if (strcmp(keyword, "SharedSecret") == 0)
  1856. return parse_bin(value, &kdata->output, &kdata->output_len);
  1857. if (strcmp(keyword, "Ctrl") == 0)
  1858. return pkey_test_ctrl(t, kdata->ctx, value);
  1859. if (strcmp(keyword, "KDFType") == 0) {
  1860. OSSL_PARAM params[2];
  1861. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
  1862. (char *)value, 0);
  1863. params[1] = OSSL_PARAM_construct_end();
  1864. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1865. return -1;
  1866. return 1;
  1867. }
  1868. if (strcmp(keyword, "KDFDigest") == 0) {
  1869. OSSL_PARAM params[2];
  1870. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
  1871. (char *)value, 0);
  1872. params[1] = OSSL_PARAM_construct_end();
  1873. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1874. return -1;
  1875. return 1;
  1876. }
  1877. if (strcmp(keyword, "CEKAlg") == 0) {
  1878. OSSL_PARAM params[2];
  1879. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
  1880. (char *)value, 0);
  1881. params[1] = OSSL_PARAM_construct_end();
  1882. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1883. return -1;
  1884. return 1;
  1885. }
  1886. if (strcmp(keyword, "KDFOutlen") == 0) {
  1887. OSSL_PARAM params[2];
  1888. char *endptr;
  1889. size_t outlen = (size_t)strtoul(value, &endptr, 0);
  1890. if (endptr[0] != '\0')
  1891. return -1;
  1892. params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
  1893. &outlen);
  1894. params[1] = OSSL_PARAM_construct_end();
  1895. if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
  1896. return -1;
  1897. return 1;
  1898. }
  1899. return 0;
  1900. }
  1901. static int pderive_test_run(EVP_TEST *t)
  1902. {
  1903. EVP_PKEY_CTX *dctx = NULL;
  1904. PKEY_DATA *expected = t->data;
  1905. unsigned char *got = NULL;
  1906. size_t got_len;
  1907. if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
  1908. t->err = "DERIVE_ERROR";
  1909. goto err;
  1910. }
  1911. if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
  1912. || !TEST_size_t_ne(got_len, 0)) {
  1913. t->err = "DERIVE_ERROR";
  1914. goto err;
  1915. }
  1916. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  1917. t->err = "DERIVE_ERROR";
  1918. goto err;
  1919. }
  1920. if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
  1921. t->err = "DERIVE_ERROR";
  1922. goto err;
  1923. }
  1924. if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
  1925. expected->output, expected->output_len,
  1926. got, got_len))
  1927. goto err;
  1928. t->err = NULL;
  1929. err:
  1930. OPENSSL_free(got);
  1931. EVP_PKEY_CTX_free(dctx);
  1932. return 1;
  1933. }
  1934. static const EVP_TEST_METHOD pderive_test_method = {
  1935. "Derive",
  1936. pderive_test_init,
  1937. pkey_test_cleanup,
  1938. pderive_test_parse,
  1939. pderive_test_run
  1940. };
  1941. /**
  1942. ** PBE TESTS
  1943. **/
  1944. typedef enum pbe_type_enum {
  1945. PBE_TYPE_INVALID = 0,
  1946. PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
  1947. } PBE_TYPE;
  1948. typedef struct pbe_data_st {
  1949. PBE_TYPE pbe_type;
  1950. /* scrypt parameters */
  1951. uint64_t N, r, p, maxmem;
  1952. /* PKCS#12 parameters */
  1953. int id, iter;
  1954. const EVP_MD *md;
  1955. /* password */
  1956. unsigned char *pass;
  1957. size_t pass_len;
  1958. /* salt */
  1959. unsigned char *salt;
  1960. size_t salt_len;
  1961. /* Expected output */
  1962. unsigned char *key;
  1963. size_t key_len;
  1964. } PBE_DATA;
  1965. #ifndef OPENSSL_NO_SCRYPT
  1966. /* Parse unsigned decimal 64 bit integer value */
  1967. static int parse_uint64(const char *value, uint64_t *pr)
  1968. {
  1969. const char *p = value;
  1970. if (!TEST_true(*p)) {
  1971. TEST_info("Invalid empty integer value");
  1972. return -1;
  1973. }
  1974. for (*pr = 0; *p; ) {
  1975. if (*pr > UINT64_MAX / 10) {
  1976. TEST_error("Integer overflow in string %s", value);
  1977. return -1;
  1978. }
  1979. *pr *= 10;
  1980. if (!TEST_true(isdigit((unsigned char)*p))) {
  1981. TEST_error("Invalid character in string %s", value);
  1982. return -1;
  1983. }
  1984. *pr += *p - '0';
  1985. p++;
  1986. }
  1987. return 1;
  1988. }
  1989. static int scrypt_test_parse(EVP_TEST *t,
  1990. const char *keyword, const char *value)
  1991. {
  1992. PBE_DATA *pdata = t->data;
  1993. if (strcmp(keyword, "N") == 0)
  1994. return parse_uint64(value, &pdata->N);
  1995. if (strcmp(keyword, "p") == 0)
  1996. return parse_uint64(value, &pdata->p);
  1997. if (strcmp(keyword, "r") == 0)
  1998. return parse_uint64(value, &pdata->r);
  1999. if (strcmp(keyword, "maxmem") == 0)
  2000. return parse_uint64(value, &pdata->maxmem);
  2001. return 0;
  2002. }
  2003. #endif
  2004. static int pbkdf2_test_parse(EVP_TEST *t,
  2005. const char *keyword, const char *value)
  2006. {
  2007. PBE_DATA *pdata = t->data;
  2008. if (strcmp(keyword, "iter") == 0) {
  2009. pdata->iter = atoi(value);
  2010. if (pdata->iter <= 0)
  2011. return -1;
  2012. return 1;
  2013. }
  2014. if (strcmp(keyword, "MD") == 0) {
  2015. pdata->md = EVP_get_digestbyname(value);
  2016. if (pdata->md == NULL)
  2017. return -1;
  2018. return 1;
  2019. }
  2020. return 0;
  2021. }
  2022. static int pkcs12_test_parse(EVP_TEST *t,
  2023. const char *keyword, const char *value)
  2024. {
  2025. PBE_DATA *pdata = t->data;
  2026. if (strcmp(keyword, "id") == 0) {
  2027. pdata->id = atoi(value);
  2028. if (pdata->id <= 0)
  2029. return -1;
  2030. return 1;
  2031. }
  2032. return pbkdf2_test_parse(t, keyword, value);
  2033. }
  2034. static int pbe_test_init(EVP_TEST *t, const char *alg)
  2035. {
  2036. PBE_DATA *pdat;
  2037. PBE_TYPE pbe_type = PBE_TYPE_INVALID;
  2038. if (is_kdf_disabled(alg)) {
  2039. TEST_info("skipping, '%s' is disabled", alg);
  2040. t->skip = 1;
  2041. return 1;
  2042. }
  2043. if (strcmp(alg, "scrypt") == 0) {
  2044. pbe_type = PBE_TYPE_SCRYPT;
  2045. } else if (strcmp(alg, "pbkdf2") == 0) {
  2046. pbe_type = PBE_TYPE_PBKDF2;
  2047. } else if (strcmp(alg, "pkcs12") == 0) {
  2048. pbe_type = PBE_TYPE_PKCS12;
  2049. } else {
  2050. TEST_error("Unknown pbe algorithm %s", alg);
  2051. return 0;
  2052. }
  2053. if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
  2054. return 0;
  2055. pdat->pbe_type = pbe_type;
  2056. t->data = pdat;
  2057. return 1;
  2058. }
  2059. static void pbe_test_cleanup(EVP_TEST *t)
  2060. {
  2061. PBE_DATA *pdat = t->data;
  2062. OPENSSL_free(pdat->pass);
  2063. OPENSSL_free(pdat->salt);
  2064. OPENSSL_free(pdat->key);
  2065. }
  2066. static int pbe_test_parse(EVP_TEST *t,
  2067. const char *keyword, const char *value)
  2068. {
  2069. PBE_DATA *pdata = t->data;
  2070. if (strcmp(keyword, "Password") == 0)
  2071. return parse_bin(value, &pdata->pass, &pdata->pass_len);
  2072. if (strcmp(keyword, "Salt") == 0)
  2073. return parse_bin(value, &pdata->salt, &pdata->salt_len);
  2074. if (strcmp(keyword, "Key") == 0)
  2075. return parse_bin(value, &pdata->key, &pdata->key_len);
  2076. if (pdata->pbe_type == PBE_TYPE_PBKDF2)
  2077. return pbkdf2_test_parse(t, keyword, value);
  2078. else if (pdata->pbe_type == PBE_TYPE_PKCS12)
  2079. return pkcs12_test_parse(t, keyword, value);
  2080. #ifndef OPENSSL_NO_SCRYPT
  2081. else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
  2082. return scrypt_test_parse(t, keyword, value);
  2083. #endif
  2084. return 0;
  2085. }
  2086. static int pbe_test_run(EVP_TEST *t)
  2087. {
  2088. PBE_DATA *expected = t->data;
  2089. unsigned char *key;
  2090. EVP_MD *fetched_digest = NULL;
  2091. OSSL_LIB_CTX *save_libctx;
  2092. save_libctx = OSSL_LIB_CTX_set0_default(libctx);
  2093. if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
  2094. t->err = "INTERNAL_ERROR";
  2095. goto err;
  2096. }
  2097. if (expected->pbe_type == PBE_TYPE_PBKDF2) {
  2098. if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
  2099. expected->salt, expected->salt_len,
  2100. expected->iter, expected->md,
  2101. expected->key_len, key) == 0) {
  2102. t->err = "PBKDF2_ERROR";
  2103. goto err;
  2104. }
  2105. #ifndef OPENSSL_NO_SCRYPT
  2106. } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
  2107. if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
  2108. expected->salt, expected->salt_len,
  2109. expected->N, expected->r, expected->p,
  2110. expected->maxmem, key, expected->key_len) == 0) {
  2111. t->err = "SCRYPT_ERROR";
  2112. goto err;
  2113. }
  2114. #endif
  2115. } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
  2116. fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
  2117. propquery);
  2118. if (fetched_digest == NULL) {
  2119. t->err = "PKCS12_ERROR";
  2120. goto err;
  2121. }
  2122. if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
  2123. expected->salt, expected->salt_len,
  2124. expected->id, expected->iter, expected->key_len,
  2125. key, fetched_digest) == 0) {
  2126. t->err = "PKCS12_ERROR";
  2127. goto err;
  2128. }
  2129. }
  2130. if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
  2131. key, expected->key_len))
  2132. goto err;
  2133. t->err = NULL;
  2134. err:
  2135. EVP_MD_free(fetched_digest);
  2136. OPENSSL_free(key);
  2137. OSSL_LIB_CTX_set0_default(save_libctx);
  2138. return 1;
  2139. }
  2140. static const EVP_TEST_METHOD pbe_test_method = {
  2141. "PBE",
  2142. pbe_test_init,
  2143. pbe_test_cleanup,
  2144. pbe_test_parse,
  2145. pbe_test_run
  2146. };
  2147. /**
  2148. ** BASE64 TESTS
  2149. **/
  2150. typedef enum {
  2151. BASE64_CANONICAL_ENCODING = 0,
  2152. BASE64_VALID_ENCODING = 1,
  2153. BASE64_INVALID_ENCODING = 2
  2154. } base64_encoding_type;
  2155. typedef struct encode_data_st {
  2156. /* Input to encoding */
  2157. unsigned char *input;
  2158. size_t input_len;
  2159. /* Expected output */
  2160. unsigned char *output;
  2161. size_t output_len;
  2162. base64_encoding_type encoding;
  2163. } ENCODE_DATA;
  2164. static int encode_test_init(EVP_TEST *t, const char *encoding)
  2165. {
  2166. ENCODE_DATA *edata;
  2167. if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
  2168. return 0;
  2169. if (strcmp(encoding, "canonical") == 0) {
  2170. edata->encoding = BASE64_CANONICAL_ENCODING;
  2171. } else if (strcmp(encoding, "valid") == 0) {
  2172. edata->encoding = BASE64_VALID_ENCODING;
  2173. } else if (strcmp(encoding, "invalid") == 0) {
  2174. edata->encoding = BASE64_INVALID_ENCODING;
  2175. if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
  2176. goto err;
  2177. } else {
  2178. TEST_error("Bad encoding: %s."
  2179. " Should be one of {canonical, valid, invalid}",
  2180. encoding);
  2181. goto err;
  2182. }
  2183. t->data = edata;
  2184. return 1;
  2185. err:
  2186. OPENSSL_free(edata);
  2187. return 0;
  2188. }
  2189. static void encode_test_cleanup(EVP_TEST *t)
  2190. {
  2191. ENCODE_DATA *edata = t->data;
  2192. OPENSSL_free(edata->input);
  2193. OPENSSL_free(edata->output);
  2194. memset(edata, 0, sizeof(*edata));
  2195. }
  2196. static int encode_test_parse(EVP_TEST *t,
  2197. const char *keyword, const char *value)
  2198. {
  2199. ENCODE_DATA *edata = t->data;
  2200. if (strcmp(keyword, "Input") == 0)
  2201. return parse_bin(value, &edata->input, &edata->input_len);
  2202. if (strcmp(keyword, "Output") == 0)
  2203. return parse_bin(value, &edata->output, &edata->output_len);
  2204. return 0;
  2205. }
  2206. static int encode_test_run(EVP_TEST *t)
  2207. {
  2208. ENCODE_DATA *expected = t->data;
  2209. unsigned char *encode_out = NULL, *decode_out = NULL;
  2210. int output_len, chunk_len;
  2211. EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
  2212. if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
  2213. t->err = "INTERNAL_ERROR";
  2214. goto err;
  2215. }
  2216. if (expected->encoding == BASE64_CANONICAL_ENCODING) {
  2217. if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
  2218. || !TEST_ptr(encode_out =
  2219. OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
  2220. goto err;
  2221. EVP_EncodeInit(encode_ctx);
  2222. if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
  2223. expected->input, expected->input_len)))
  2224. goto err;
  2225. output_len = chunk_len;
  2226. EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
  2227. output_len += chunk_len;
  2228. if (!memory_err_compare(t, "BAD_ENCODING",
  2229. expected->output, expected->output_len,
  2230. encode_out, output_len))
  2231. goto err;
  2232. }
  2233. if (!TEST_ptr(decode_out =
  2234. OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
  2235. goto err;
  2236. EVP_DecodeInit(decode_ctx);
  2237. if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output,
  2238. expected->output_len) < 0) {
  2239. t->err = "DECODE_ERROR";
  2240. goto err;
  2241. }
  2242. output_len = chunk_len;
  2243. if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
  2244. t->err = "DECODE_ERROR";
  2245. goto err;
  2246. }
  2247. output_len += chunk_len;
  2248. if (expected->encoding != BASE64_INVALID_ENCODING
  2249. && !memory_err_compare(t, "BAD_DECODING",
  2250. expected->input, expected->input_len,
  2251. decode_out, output_len)) {
  2252. t->err = "BAD_DECODING";
  2253. goto err;
  2254. }
  2255. t->err = NULL;
  2256. err:
  2257. OPENSSL_free(encode_out);
  2258. OPENSSL_free(decode_out);
  2259. EVP_ENCODE_CTX_free(decode_ctx);
  2260. EVP_ENCODE_CTX_free(encode_ctx);
  2261. return 1;
  2262. }
  2263. static const EVP_TEST_METHOD encode_test_method = {
  2264. "Encoding",
  2265. encode_test_init,
  2266. encode_test_cleanup,
  2267. encode_test_parse,
  2268. encode_test_run,
  2269. };
  2270. /**
  2271. ** RAND TESTS
  2272. **/
  2273. #define MAX_RAND_REPEATS 15
  2274. typedef struct rand_data_pass_st {
  2275. unsigned char *entropy;
  2276. unsigned char *reseed_entropy;
  2277. unsigned char *nonce;
  2278. unsigned char *pers;
  2279. unsigned char *reseed_addin;
  2280. unsigned char *addinA;
  2281. unsigned char *addinB;
  2282. unsigned char *pr_entropyA;
  2283. unsigned char *pr_entropyB;
  2284. unsigned char *output;
  2285. size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
  2286. pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
  2287. reseed_addin_len;
  2288. } RAND_DATA_PASS;
  2289. typedef struct rand_data_st {
  2290. /* Context for this operation */
  2291. EVP_RAND_CTX *ctx;
  2292. EVP_RAND_CTX *parent;
  2293. int n;
  2294. int prediction_resistance;
  2295. int use_df;
  2296. unsigned int generate_bits;
  2297. char *cipher;
  2298. char *digest;
  2299. /* Expected output */
  2300. RAND_DATA_PASS data[MAX_RAND_REPEATS];
  2301. } RAND_DATA;
  2302. static int rand_test_init(EVP_TEST *t, const char *name)
  2303. {
  2304. RAND_DATA *rdata;
  2305. EVP_RAND *rand;
  2306. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  2307. unsigned int strength = 256;
  2308. if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
  2309. return 0;
  2310. /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
  2311. rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
  2312. if (rand == NULL)
  2313. goto err;
  2314. rdata->parent = EVP_RAND_CTX_new(rand, NULL);
  2315. EVP_RAND_free(rand);
  2316. if (rdata->parent == NULL)
  2317. goto err;
  2318. *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
  2319. if (!EVP_RAND_CTX_set_params(rdata->parent, params))
  2320. goto err;
  2321. rand = EVP_RAND_fetch(libctx, name, propquery);
  2322. if (rand == NULL)
  2323. goto err;
  2324. rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
  2325. EVP_RAND_free(rand);
  2326. if (rdata->ctx == NULL)
  2327. goto err;
  2328. rdata->n = -1;
  2329. t->data = rdata;
  2330. return 1;
  2331. err:
  2332. EVP_RAND_CTX_free(rdata->parent);
  2333. OPENSSL_free(rdata);
  2334. return 0;
  2335. }
  2336. static void rand_test_cleanup(EVP_TEST *t)
  2337. {
  2338. RAND_DATA *rdata = t->data;
  2339. int i;
  2340. OPENSSL_free(rdata->cipher);
  2341. OPENSSL_free(rdata->digest);
  2342. for (i = 0; i <= rdata->n; i++) {
  2343. OPENSSL_free(rdata->data[i].entropy);
  2344. OPENSSL_free(rdata->data[i].reseed_entropy);
  2345. OPENSSL_free(rdata->data[i].nonce);
  2346. OPENSSL_free(rdata->data[i].pers);
  2347. OPENSSL_free(rdata->data[i].reseed_addin);
  2348. OPENSSL_free(rdata->data[i].addinA);
  2349. OPENSSL_free(rdata->data[i].addinB);
  2350. OPENSSL_free(rdata->data[i].pr_entropyA);
  2351. OPENSSL_free(rdata->data[i].pr_entropyB);
  2352. OPENSSL_free(rdata->data[i].output);
  2353. }
  2354. EVP_RAND_CTX_free(rdata->ctx);
  2355. EVP_RAND_CTX_free(rdata->parent);
  2356. }
  2357. static int rand_test_parse(EVP_TEST *t,
  2358. const char *keyword, const char *value)
  2359. {
  2360. RAND_DATA *rdata = t->data;
  2361. RAND_DATA_PASS *item;
  2362. const char *p;
  2363. int n;
  2364. if ((p = strchr(keyword, '.')) != NULL) {
  2365. n = atoi(++p);
  2366. if (n >= MAX_RAND_REPEATS)
  2367. return 0;
  2368. if (n > rdata->n)
  2369. rdata->n = n;
  2370. item = rdata->data + n;
  2371. if (HAS_PREFIX(keyword, "Entropy."))
  2372. return parse_bin(value, &item->entropy, &item->entropy_len);
  2373. if (HAS_PREFIX(keyword, "ReseedEntropy."))
  2374. return parse_bin(value, &item->reseed_entropy,
  2375. &item->reseed_entropy_len);
  2376. if (HAS_PREFIX(keyword, "Nonce."))
  2377. return parse_bin(value, &item->nonce, &item->nonce_len);
  2378. if (HAS_PREFIX(keyword, "PersonalisationString."))
  2379. return parse_bin(value, &item->pers, &item->pers_len);
  2380. if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
  2381. return parse_bin(value, &item->reseed_addin,
  2382. &item->reseed_addin_len);
  2383. if (HAS_PREFIX(keyword, "AdditionalInputA."))
  2384. return parse_bin(value, &item->addinA, &item->addinA_len);
  2385. if (HAS_PREFIX(keyword, "AdditionalInputB."))
  2386. return parse_bin(value, &item->addinB, &item->addinB_len);
  2387. if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
  2388. return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
  2389. if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
  2390. return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
  2391. if (HAS_PREFIX(keyword, "Output."))
  2392. return parse_bin(value, &item->output, &item->output_len);
  2393. } else {
  2394. if (strcmp(keyword, "Cipher") == 0)
  2395. return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
  2396. if (strcmp(keyword, "Digest") == 0)
  2397. return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
  2398. if (strcmp(keyword, "DerivationFunction") == 0) {
  2399. rdata->use_df = atoi(value) != 0;
  2400. return 1;
  2401. }
  2402. if (strcmp(keyword, "GenerateBits") == 0) {
  2403. if ((n = atoi(value)) <= 0 || n % 8 != 0)
  2404. return 0;
  2405. rdata->generate_bits = (unsigned int)n;
  2406. return 1;
  2407. }
  2408. if (strcmp(keyword, "PredictionResistance") == 0) {
  2409. rdata->prediction_resistance = atoi(value) != 0;
  2410. return 1;
  2411. }
  2412. }
  2413. return 0;
  2414. }
  2415. static int rand_test_run(EVP_TEST *t)
  2416. {
  2417. RAND_DATA *expected = t->data;
  2418. RAND_DATA_PASS *item;
  2419. unsigned char *got;
  2420. size_t got_len = expected->generate_bits / 8;
  2421. OSSL_PARAM params[5], *p = params;
  2422. int i = -1, ret = 0;
  2423. unsigned int strength;
  2424. unsigned char *z;
  2425. if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
  2426. return 0;
  2427. *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
  2428. if (expected->cipher != NULL)
  2429. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
  2430. expected->cipher, 0);
  2431. if (expected->digest != NULL)
  2432. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
  2433. expected->digest, 0);
  2434. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
  2435. *p = OSSL_PARAM_construct_end();
  2436. if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
  2437. goto err;
  2438. strength = EVP_RAND_get_strength(expected->ctx);
  2439. for (i = 0; i <= expected->n; i++) {
  2440. item = expected->data + i;
  2441. p = params;
  2442. z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
  2443. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  2444. z, item->entropy_len);
  2445. z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
  2446. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
  2447. z, item->nonce_len);
  2448. *p = OSSL_PARAM_construct_end();
  2449. if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
  2450. 0, NULL, 0, params)))
  2451. goto err;
  2452. z = item->pers != NULL ? item->pers : (unsigned char *)"";
  2453. if (!TEST_true(EVP_RAND_instantiate
  2454. (expected->ctx, strength,
  2455. expected->prediction_resistance, z,
  2456. item->pers_len, NULL)))
  2457. goto err;
  2458. if (item->reseed_entropy != NULL) {
  2459. params[0] = OSSL_PARAM_construct_octet_string
  2460. (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
  2461. item->reseed_entropy_len);
  2462. params[1] = OSSL_PARAM_construct_end();
  2463. if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
  2464. goto err;
  2465. if (!TEST_true(EVP_RAND_reseed
  2466. (expected->ctx, expected->prediction_resistance,
  2467. NULL, 0, item->reseed_addin,
  2468. item->reseed_addin_len)))
  2469. goto err;
  2470. }
  2471. if (item->pr_entropyA != NULL) {
  2472. params[0] = OSSL_PARAM_construct_octet_string
  2473. (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
  2474. item->pr_entropyA_len);
  2475. params[1] = OSSL_PARAM_construct_end();
  2476. if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
  2477. goto err;
  2478. }
  2479. if (!TEST_true(EVP_RAND_generate
  2480. (expected->ctx, got, got_len,
  2481. strength, expected->prediction_resistance,
  2482. item->addinA, item->addinA_len)))
  2483. goto err;
  2484. if (item->pr_entropyB != NULL) {
  2485. params[0] = OSSL_PARAM_construct_octet_string
  2486. (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
  2487. item->pr_entropyB_len);
  2488. params[1] = OSSL_PARAM_construct_end();
  2489. if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
  2490. goto err;
  2491. }
  2492. if (!TEST_true(EVP_RAND_generate
  2493. (expected->ctx, got, got_len,
  2494. strength, expected->prediction_resistance,
  2495. item->addinB, item->addinB_len)))
  2496. goto err;
  2497. if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
  2498. goto err;
  2499. if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
  2500. || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
  2501. || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
  2502. || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
  2503. EVP_RAND_STATE_UNINITIALISED))
  2504. goto err;
  2505. }
  2506. t->err = NULL;
  2507. ret = 1;
  2508. err:
  2509. if (ret == 0 && i >= 0)
  2510. TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
  2511. OPENSSL_free(got);
  2512. return ret;
  2513. }
  2514. static const EVP_TEST_METHOD rand_test_method = {
  2515. "RAND",
  2516. rand_test_init,
  2517. rand_test_cleanup,
  2518. rand_test_parse,
  2519. rand_test_run
  2520. };
  2521. /**
  2522. ** KDF TESTS
  2523. **/
  2524. typedef struct kdf_data_st {
  2525. /* Context for this operation */
  2526. EVP_KDF_CTX *ctx;
  2527. /* Expected output */
  2528. unsigned char *output;
  2529. size_t output_len;
  2530. OSSL_PARAM params[20];
  2531. OSSL_PARAM *p;
  2532. } KDF_DATA;
  2533. /*
  2534. * Perform public key operation setup: lookup key, allocated ctx and call
  2535. * the appropriate initialisation function
  2536. */
  2537. static int kdf_test_init(EVP_TEST *t, const char *name)
  2538. {
  2539. KDF_DATA *kdata;
  2540. EVP_KDF *kdf;
  2541. if (is_kdf_disabled(name)) {
  2542. TEST_info("skipping, '%s' is disabled", name);
  2543. t->skip = 1;
  2544. return 1;
  2545. }
  2546. if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
  2547. return 0;
  2548. kdata->p = kdata->params;
  2549. *kdata->p = OSSL_PARAM_construct_end();
  2550. kdf = EVP_KDF_fetch(libctx, name, propquery);
  2551. if (kdf == NULL) {
  2552. OPENSSL_free(kdata);
  2553. return 0;
  2554. }
  2555. kdata->ctx = EVP_KDF_CTX_new(kdf);
  2556. EVP_KDF_free(kdf);
  2557. if (kdata->ctx == NULL) {
  2558. OPENSSL_free(kdata);
  2559. return 0;
  2560. }
  2561. t->data = kdata;
  2562. return 1;
  2563. }
  2564. static void kdf_test_cleanup(EVP_TEST *t)
  2565. {
  2566. KDF_DATA *kdata = t->data;
  2567. OSSL_PARAM *p;
  2568. for (p = kdata->params; p->key != NULL; p++)
  2569. OPENSSL_free(p->data);
  2570. OPENSSL_free(kdata->output);
  2571. EVP_KDF_CTX_free(kdata->ctx);
  2572. }
  2573. static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
  2574. const char *value)
  2575. {
  2576. KDF_DATA *kdata = t->data;
  2577. int rv;
  2578. char *p, *name;
  2579. const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
  2580. if (!TEST_ptr(name = OPENSSL_strdup(value)))
  2581. return 0;
  2582. p = strchr(name, ':');
  2583. if (p == NULL)
  2584. p = "";
  2585. else
  2586. *p++ = '\0';
  2587. if (strcmp(name, "r") == 0
  2588. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2589. TEST_info("skipping, setting 'r' is unsupported");
  2590. t->skip = 1;
  2591. goto end;
  2592. }
  2593. if (strcmp(name, "lanes") == 0
  2594. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2595. TEST_info("skipping, setting 'lanes' is unsupported");
  2596. t->skip = 1;
  2597. goto end;
  2598. }
  2599. if (strcmp(name, "iter") == 0
  2600. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2601. TEST_info("skipping, setting 'iter' is unsupported");
  2602. t->skip = 1;
  2603. goto end;
  2604. }
  2605. if (strcmp(name, "memcost") == 0
  2606. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2607. TEST_info("skipping, setting 'memcost' is unsupported");
  2608. t->skip = 1;
  2609. goto end;
  2610. }
  2611. if (strcmp(name, "secret") == 0
  2612. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2613. TEST_info("skipping, setting 'secret' is unsupported");
  2614. t->skip = 1;
  2615. goto end;
  2616. }
  2617. if (strcmp(name, "pass") == 0
  2618. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2619. TEST_info("skipping, setting 'pass' is unsupported");
  2620. t->skip = 1;
  2621. goto end;
  2622. }
  2623. if (strcmp(name, "ad") == 0
  2624. && OSSL_PARAM_locate_const(defs, name) == NULL) {
  2625. TEST_info("skipping, setting 'ad' is unsupported");
  2626. t->skip = 1;
  2627. goto end;
  2628. }
  2629. rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
  2630. strlen(p), NULL);
  2631. *++kdata->p = OSSL_PARAM_construct_end();
  2632. if (!rv) {
  2633. t->err = "KDF_PARAM_ERROR";
  2634. OPENSSL_free(name);
  2635. return 0;
  2636. }
  2637. if (strcmp(name, "digest") == 0) {
  2638. if (is_digest_disabled(p)) {
  2639. TEST_info("skipping, '%s' is disabled", p);
  2640. t->skip = 1;
  2641. }
  2642. goto end;
  2643. }
  2644. if ((strcmp(name, "cipher") == 0
  2645. || strcmp(name, "cekalg") == 0)
  2646. && is_cipher_disabled(p)) {
  2647. TEST_info("skipping, '%s' is disabled", p);
  2648. t->skip = 1;
  2649. goto end;
  2650. }
  2651. if ((strcmp(name, "mac") == 0)
  2652. && is_mac_disabled(p)) {
  2653. TEST_info("skipping, '%s' is disabled", p);
  2654. t->skip = 1;
  2655. }
  2656. end:
  2657. OPENSSL_free(name);
  2658. return 1;
  2659. }
  2660. static int kdf_test_parse(EVP_TEST *t,
  2661. const char *keyword, const char *value)
  2662. {
  2663. KDF_DATA *kdata = t->data;
  2664. if (strcmp(keyword, "Output") == 0)
  2665. return parse_bin(value, &kdata->output, &kdata->output_len);
  2666. if (HAS_PREFIX(keyword, "Ctrl"))
  2667. return kdf_test_ctrl(t, kdata->ctx, value);
  2668. return 0;
  2669. }
  2670. static int kdf_test_run(EVP_TEST *t)
  2671. {
  2672. KDF_DATA *expected = t->data;
  2673. unsigned char *got = NULL;
  2674. size_t got_len = expected->output_len;
  2675. EVP_KDF_CTX *ctx;
  2676. if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
  2677. t->err = "KDF_CTRL_ERROR";
  2678. return 1;
  2679. }
  2680. if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
  2681. t->err = "INTERNAL_ERROR";
  2682. goto err;
  2683. }
  2684. /* FIPS(3.0.0): can't dup KDF contexts #17572 */
  2685. if (fips_provider_version_gt(libctx, 3, 0, 0)
  2686. && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) {
  2687. EVP_KDF_CTX_free(expected->ctx);
  2688. expected->ctx = ctx;
  2689. }
  2690. if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
  2691. t->err = "KDF_DERIVE_ERROR";
  2692. goto err;
  2693. }
  2694. if (!memory_err_compare(t, "KDF_MISMATCH",
  2695. expected->output, expected->output_len,
  2696. got, got_len))
  2697. goto err;
  2698. t->err = NULL;
  2699. err:
  2700. OPENSSL_free(got);
  2701. return 1;
  2702. }
  2703. static const EVP_TEST_METHOD kdf_test_method = {
  2704. "KDF",
  2705. kdf_test_init,
  2706. kdf_test_cleanup,
  2707. kdf_test_parse,
  2708. kdf_test_run
  2709. };
  2710. /**
  2711. ** PKEY KDF TESTS
  2712. **/
  2713. typedef struct pkey_kdf_data_st {
  2714. /* Context for this operation */
  2715. EVP_PKEY_CTX *ctx;
  2716. /* Expected output */
  2717. unsigned char *output;
  2718. size_t output_len;
  2719. } PKEY_KDF_DATA;
  2720. /*
  2721. * Perform public key operation setup: lookup key, allocated ctx and call
  2722. * the appropriate initialisation function
  2723. */
  2724. static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
  2725. {
  2726. PKEY_KDF_DATA *kdata = NULL;
  2727. if (is_kdf_disabled(name)) {
  2728. TEST_info("skipping, '%s' is disabled", name);
  2729. t->skip = 1;
  2730. return 1;
  2731. }
  2732. if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
  2733. return 0;
  2734. kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery);
  2735. if (kdata->ctx == NULL
  2736. || EVP_PKEY_derive_init(kdata->ctx) <= 0)
  2737. goto err;
  2738. t->data = kdata;
  2739. return 1;
  2740. err:
  2741. EVP_PKEY_CTX_free(kdata->ctx);
  2742. OPENSSL_free(kdata);
  2743. return 0;
  2744. }
  2745. static void pkey_kdf_test_cleanup(EVP_TEST *t)
  2746. {
  2747. PKEY_KDF_DATA *kdata = t->data;
  2748. OPENSSL_free(kdata->output);
  2749. EVP_PKEY_CTX_free(kdata->ctx);
  2750. }
  2751. static int pkey_kdf_test_parse(EVP_TEST *t,
  2752. const char *keyword, const char *value)
  2753. {
  2754. PKEY_KDF_DATA *kdata = t->data;
  2755. if (strcmp(keyword, "Output") == 0)
  2756. return parse_bin(value, &kdata->output, &kdata->output_len);
  2757. if (HAS_PREFIX(keyword, "Ctrl"))
  2758. return pkey_test_ctrl(t, kdata->ctx, value);
  2759. return 0;
  2760. }
  2761. static int pkey_kdf_test_run(EVP_TEST *t)
  2762. {
  2763. PKEY_KDF_DATA *expected = t->data;
  2764. unsigned char *got = NULL;
  2765. size_t got_len = 0;
  2766. if (fips_provider_version_eq(libctx, 3, 0, 0)) {
  2767. /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */
  2768. got_len = expected->output_len;
  2769. } else {
  2770. /* Find out the KDF output size */
  2771. if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
  2772. t->err = "INTERNAL_ERROR";
  2773. goto err;
  2774. }
  2775. /*
  2776. * We may get an absurd output size, which signals that anything goes.
  2777. * If not, we specify a too big buffer for the output, to test that
  2778. * EVP_PKEY_derive() can cope with it.
  2779. */
  2780. if (got_len == SIZE_MAX || got_len == 0)
  2781. got_len = expected->output_len;
  2782. else
  2783. got_len = expected->output_len * 2;
  2784. }
  2785. if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
  2786. t->err = "INTERNAL_ERROR";
  2787. goto err;
  2788. }
  2789. if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
  2790. t->err = "KDF_DERIVE_ERROR";
  2791. goto err;
  2792. }
  2793. if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
  2794. t->err = "KDF_MISMATCH";
  2795. goto err;
  2796. }
  2797. t->err = NULL;
  2798. err:
  2799. OPENSSL_free(got);
  2800. return 1;
  2801. }
  2802. static const EVP_TEST_METHOD pkey_kdf_test_method = {
  2803. "PKEYKDF",
  2804. pkey_kdf_test_init,
  2805. pkey_kdf_test_cleanup,
  2806. pkey_kdf_test_parse,
  2807. pkey_kdf_test_run
  2808. };
  2809. /**
  2810. ** KEYPAIR TESTS
  2811. **/
  2812. typedef struct keypair_test_data_st {
  2813. EVP_PKEY *privk;
  2814. EVP_PKEY *pubk;
  2815. } KEYPAIR_TEST_DATA;
  2816. static int keypair_test_init(EVP_TEST *t, const char *pair)
  2817. {
  2818. KEYPAIR_TEST_DATA *data;
  2819. int rv = 0;
  2820. EVP_PKEY *pk = NULL, *pubk = NULL;
  2821. char *pub, *priv = NULL;
  2822. /* Split private and public names. */
  2823. if (!TEST_ptr(priv = OPENSSL_strdup(pair))
  2824. || !TEST_ptr(pub = strchr(priv, ':'))) {
  2825. t->err = "PARSING_ERROR";
  2826. goto end;
  2827. }
  2828. *pub++ = '\0';
  2829. if (!TEST_true(find_key(&pk, priv, private_keys))) {
  2830. TEST_info("Can't find private key: %s", priv);
  2831. t->err = "MISSING_PRIVATE_KEY";
  2832. goto end;
  2833. }
  2834. if (!TEST_true(find_key(&pubk, pub, public_keys))) {
  2835. TEST_info("Can't find public key: %s", pub);
  2836. t->err = "MISSING_PUBLIC_KEY";
  2837. goto end;
  2838. }
  2839. if (pk == NULL && pubk == NULL) {
  2840. /* Both keys are listed but unsupported: skip this test */
  2841. t->skip = 1;
  2842. rv = 1;
  2843. goto end;
  2844. }
  2845. if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
  2846. goto end;
  2847. data->privk = pk;
  2848. data->pubk = pubk;
  2849. t->data = data;
  2850. rv = 1;
  2851. t->err = NULL;
  2852. end:
  2853. OPENSSL_free(priv);
  2854. return rv;
  2855. }
  2856. static void keypair_test_cleanup(EVP_TEST *t)
  2857. {
  2858. OPENSSL_free(t->data);
  2859. t->data = NULL;
  2860. }
  2861. /*
  2862. * For tests that do not accept any custom keywords.
  2863. */
  2864. static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
  2865. {
  2866. return 0;
  2867. }
  2868. static int keypair_test_run(EVP_TEST *t)
  2869. {
  2870. int rv = 0;
  2871. const KEYPAIR_TEST_DATA *pair = t->data;
  2872. if (pair->privk == NULL || pair->pubk == NULL) {
  2873. /*
  2874. * this can only happen if only one of the keys is not set
  2875. * which means that one of them was unsupported while the
  2876. * other isn't: hence a key type mismatch.
  2877. */
  2878. t->err = "KEYPAIR_TYPE_MISMATCH";
  2879. rv = 1;
  2880. goto end;
  2881. }
  2882. if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) {
  2883. if (0 == rv) {
  2884. t->err = "KEYPAIR_MISMATCH";
  2885. } else if (-1 == rv) {
  2886. t->err = "KEYPAIR_TYPE_MISMATCH";
  2887. } else if (-2 == rv) {
  2888. t->err = "UNSUPPORTED_KEY_COMPARISON";
  2889. } else {
  2890. TEST_error("Unexpected error in key comparison");
  2891. rv = 0;
  2892. goto end;
  2893. }
  2894. rv = 1;
  2895. goto end;
  2896. }
  2897. rv = 1;
  2898. t->err = NULL;
  2899. end:
  2900. return rv;
  2901. }
  2902. static const EVP_TEST_METHOD keypair_test_method = {
  2903. "PrivPubKeyPair",
  2904. keypair_test_init,
  2905. keypair_test_cleanup,
  2906. void_test_parse,
  2907. keypair_test_run
  2908. };
  2909. /**
  2910. ** KEYGEN TEST
  2911. **/
  2912. typedef struct keygen_test_data_st {
  2913. EVP_PKEY_CTX *genctx; /* Keygen context to use */
  2914. char *keyname; /* Key name to store key or NULL */
  2915. } KEYGEN_TEST_DATA;
  2916. static int keygen_test_init(EVP_TEST *t, const char *alg)
  2917. {
  2918. KEYGEN_TEST_DATA *data;
  2919. EVP_PKEY_CTX *genctx;
  2920. int nid = OBJ_sn2nid(alg);
  2921. if (nid == NID_undef) {
  2922. nid = OBJ_ln2nid(alg);
  2923. if (nid == NID_undef)
  2924. return 0;
  2925. }
  2926. if (is_pkey_disabled(alg)) {
  2927. t->skip = 1;
  2928. return 1;
  2929. }
  2930. if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, propquery)))
  2931. goto err;
  2932. if (EVP_PKEY_keygen_init(genctx) <= 0) {
  2933. t->err = "KEYGEN_INIT_ERROR";
  2934. goto err;
  2935. }
  2936. if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
  2937. goto err;
  2938. data->genctx = genctx;
  2939. data->keyname = NULL;
  2940. t->data = data;
  2941. t->err = NULL;
  2942. return 1;
  2943. err:
  2944. EVP_PKEY_CTX_free(genctx);
  2945. return 0;
  2946. }
  2947. static void keygen_test_cleanup(EVP_TEST *t)
  2948. {
  2949. KEYGEN_TEST_DATA *keygen = t->data;
  2950. EVP_PKEY_CTX_free(keygen->genctx);
  2951. OPENSSL_free(keygen->keyname);
  2952. OPENSSL_free(t->data);
  2953. t->data = NULL;
  2954. }
  2955. static int keygen_test_parse(EVP_TEST *t,
  2956. const char *keyword, const char *value)
  2957. {
  2958. KEYGEN_TEST_DATA *keygen = t->data;
  2959. if (strcmp(keyword, "KeyName") == 0)
  2960. return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
  2961. if (strcmp(keyword, "Ctrl") == 0)
  2962. return pkey_test_ctrl(t, keygen->genctx, value);
  2963. return 0;
  2964. }
  2965. static int keygen_test_run(EVP_TEST *t)
  2966. {
  2967. KEYGEN_TEST_DATA *keygen = t->data;
  2968. EVP_PKEY *pkey = NULL;
  2969. int rv = 1;
  2970. if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
  2971. t->err = "KEYGEN_GENERATE_ERROR";
  2972. goto err;
  2973. }
  2974. if (!evp_pkey_is_provided(pkey)) {
  2975. TEST_info("Warning: legacy key generated %s", keygen->keyname);
  2976. goto err;
  2977. }
  2978. if (keygen->keyname != NULL) {
  2979. KEY_LIST *key;
  2980. rv = 0;
  2981. if (find_key(NULL, keygen->keyname, private_keys)) {
  2982. TEST_info("Duplicate key %s", keygen->keyname);
  2983. goto err;
  2984. }
  2985. if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
  2986. goto err;
  2987. key->name = keygen->keyname;
  2988. keygen->keyname = NULL;
  2989. key->key = pkey;
  2990. key->next = private_keys;
  2991. private_keys = key;
  2992. rv = 1;
  2993. } else {
  2994. EVP_PKEY_free(pkey);
  2995. }
  2996. t->err = NULL;
  2997. err:
  2998. return rv;
  2999. }
  3000. static const EVP_TEST_METHOD keygen_test_method = {
  3001. "KeyGen",
  3002. keygen_test_init,
  3003. keygen_test_cleanup,
  3004. keygen_test_parse,
  3005. keygen_test_run,
  3006. };
  3007. /**
  3008. ** DIGEST SIGN+VERIFY TESTS
  3009. **/
  3010. typedef struct {
  3011. int is_verify; /* Set to 1 if verifying */
  3012. int is_oneshot; /* Set to 1 for one shot operation */
  3013. const EVP_MD *md; /* Digest to use */
  3014. EVP_MD_CTX *ctx; /* Digest context */
  3015. EVP_PKEY_CTX *pctx;
  3016. STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
  3017. unsigned char *osin; /* Input data if one shot */
  3018. size_t osin_len; /* Input length data if one shot */
  3019. unsigned char *output; /* Expected output */
  3020. size_t output_len; /* Expected output length */
  3021. const char *nonce_type;
  3022. } DIGESTSIGN_DATA;
  3023. static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
  3024. int is_oneshot)
  3025. {
  3026. const EVP_MD *md = NULL;
  3027. DIGESTSIGN_DATA *mdat;
  3028. if (strcmp(alg, "NULL") != 0) {
  3029. if (is_digest_disabled(alg)) {
  3030. t->skip = 1;
  3031. return 1;
  3032. }
  3033. md = EVP_get_digestbyname(alg);
  3034. if (md == NULL)
  3035. return 0;
  3036. }
  3037. if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
  3038. return 0;
  3039. mdat->md = md;
  3040. if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
  3041. OPENSSL_free(mdat);
  3042. return 0;
  3043. }
  3044. mdat->is_verify = is_verify;
  3045. mdat->is_oneshot = is_oneshot;
  3046. t->data = mdat;
  3047. return 1;
  3048. }
  3049. static int digestsign_test_init(EVP_TEST *t, const char *alg)
  3050. {
  3051. return digestsigver_test_init(t, alg, 0, 0);
  3052. }
  3053. static void digestsigver_test_cleanup(EVP_TEST *t)
  3054. {
  3055. DIGESTSIGN_DATA *mdata = t->data;
  3056. EVP_MD_CTX_free(mdata->ctx);
  3057. sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
  3058. OPENSSL_free(mdata->osin);
  3059. OPENSSL_free(mdata->output);
  3060. OPENSSL_free(mdata);
  3061. t->data = NULL;
  3062. }
  3063. static int digestsigver_test_parse(EVP_TEST *t,
  3064. const char *keyword, const char *value)
  3065. {
  3066. DIGESTSIGN_DATA *mdata = t->data;
  3067. if (strcmp(keyword, "Key") == 0) {
  3068. EVP_PKEY *pkey = NULL;
  3069. int rv = 0;
  3070. const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md);
  3071. if (mdata->is_verify)
  3072. rv = find_key(&pkey, value, public_keys);
  3073. if (rv == 0)
  3074. rv = find_key(&pkey, value, private_keys);
  3075. if (rv == 0 || pkey == NULL) {
  3076. t->skip = 1;
  3077. return 1;
  3078. }
  3079. if (mdata->is_verify) {
  3080. if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
  3081. NULL, pkey, NULL))
  3082. t->err = "DIGESTVERIFYINIT_ERROR";
  3083. return 1;
  3084. }
  3085. if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
  3086. pkey, NULL))
  3087. t->err = "DIGESTSIGNINIT_ERROR";
  3088. return 1;
  3089. }
  3090. if (strcmp(keyword, "Input") == 0) {
  3091. if (mdata->is_oneshot)
  3092. return parse_bin(value, &mdata->osin, &mdata->osin_len);
  3093. return evp_test_buffer_append(value, &mdata->input);
  3094. }
  3095. if (strcmp(keyword, "Output") == 0)
  3096. return parse_bin(value, &mdata->output, &mdata->output_len);
  3097. if (!mdata->is_oneshot) {
  3098. if (strcmp(keyword, "Count") == 0)
  3099. return evp_test_buffer_set_count(value, mdata->input);
  3100. if (strcmp(keyword, "Ncopy") == 0)
  3101. return evp_test_buffer_ncopy(value, mdata->input);
  3102. }
  3103. if (strcmp(keyword, "Ctrl") == 0) {
  3104. if (mdata->pctx == NULL)
  3105. return -1;
  3106. return pkey_test_ctrl(t, mdata->pctx, value);
  3107. }
  3108. if (strcmp(keyword, "NonceType") == 0) {
  3109. if (strcmp(value, "deterministic") == 0) {
  3110. OSSL_PARAM params[2];
  3111. unsigned int nonce_type = 1;
  3112. params[0] =
  3113. OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE,
  3114. &nonce_type);
  3115. params[1] = OSSL_PARAM_construct_end();
  3116. if (!EVP_PKEY_CTX_set_params(mdata->pctx, params))
  3117. t->err = "EVP_PKEY_CTX_set_params_ERROR";
  3118. else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params))
  3119. t->err = "EVP_PKEY_CTX_get_params_ERROR";
  3120. else if (!OSSL_PARAM_modified(&params[0]))
  3121. t->err = "nonce_type_not_modified_ERROR";
  3122. else if (nonce_type != 1)
  3123. t->err = "nonce_type_value_ERROR";
  3124. }
  3125. return 1;
  3126. }
  3127. return 0;
  3128. }
  3129. static int digestsign_update_fn(void *ctx, const unsigned char *buf,
  3130. size_t buflen)
  3131. {
  3132. return EVP_DigestSignUpdate(ctx, buf, buflen);
  3133. }
  3134. static int digestsign_test_run(EVP_TEST *t)
  3135. {
  3136. DIGESTSIGN_DATA *expected = t->data;
  3137. unsigned char *got = NULL;
  3138. size_t got_len;
  3139. if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
  3140. expected->ctx)) {
  3141. t->err = "DIGESTUPDATE_ERROR";
  3142. goto err;
  3143. }
  3144. if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
  3145. t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
  3146. goto err;
  3147. }
  3148. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  3149. t->err = "MALLOC_FAILURE";
  3150. goto err;
  3151. }
  3152. got_len *= 2;
  3153. if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
  3154. t->err = "DIGESTSIGNFINAL_ERROR";
  3155. goto err;
  3156. }
  3157. if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
  3158. expected->output, expected->output_len,
  3159. got, got_len))
  3160. goto err;
  3161. t->err = NULL;
  3162. err:
  3163. OPENSSL_free(got);
  3164. return 1;
  3165. }
  3166. static const EVP_TEST_METHOD digestsign_test_method = {
  3167. "DigestSign",
  3168. digestsign_test_init,
  3169. digestsigver_test_cleanup,
  3170. digestsigver_test_parse,
  3171. digestsign_test_run
  3172. };
  3173. static int digestverify_test_init(EVP_TEST *t, const char *alg)
  3174. {
  3175. return digestsigver_test_init(t, alg, 1, 0);
  3176. }
  3177. static int digestverify_update_fn(void *ctx, const unsigned char *buf,
  3178. size_t buflen)
  3179. {
  3180. return EVP_DigestVerifyUpdate(ctx, buf, buflen);
  3181. }
  3182. static int digestverify_test_run(EVP_TEST *t)
  3183. {
  3184. DIGESTSIGN_DATA *mdata = t->data;
  3185. if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
  3186. t->err = "DIGESTUPDATE_ERROR";
  3187. return 1;
  3188. }
  3189. if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
  3190. mdata->output_len) <= 0)
  3191. t->err = "VERIFY_ERROR";
  3192. return 1;
  3193. }
  3194. static const EVP_TEST_METHOD digestverify_test_method = {
  3195. "DigestVerify",
  3196. digestverify_test_init,
  3197. digestsigver_test_cleanup,
  3198. digestsigver_test_parse,
  3199. digestverify_test_run
  3200. };
  3201. static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
  3202. {
  3203. return digestsigver_test_init(t, alg, 0, 1);
  3204. }
  3205. static int oneshot_digestsign_test_run(EVP_TEST *t)
  3206. {
  3207. DIGESTSIGN_DATA *expected = t->data;
  3208. unsigned char *got = NULL;
  3209. size_t got_len;
  3210. if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
  3211. expected->osin, expected->osin_len)) {
  3212. t->err = "DIGESTSIGN_LENGTH_ERROR";
  3213. goto err;
  3214. }
  3215. if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
  3216. t->err = "MALLOC_FAILURE";
  3217. goto err;
  3218. }
  3219. got_len *= 2;
  3220. if (!EVP_DigestSign(expected->ctx, got, &got_len,
  3221. expected->osin, expected->osin_len)) {
  3222. t->err = "DIGESTSIGN_ERROR";
  3223. goto err;
  3224. }
  3225. if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
  3226. expected->output, expected->output_len,
  3227. got, got_len))
  3228. goto err;
  3229. t->err = NULL;
  3230. err:
  3231. OPENSSL_free(got);
  3232. return 1;
  3233. }
  3234. static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
  3235. "OneShotDigestSign",
  3236. oneshot_digestsign_test_init,
  3237. digestsigver_test_cleanup,
  3238. digestsigver_test_parse,
  3239. oneshot_digestsign_test_run
  3240. };
  3241. static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
  3242. {
  3243. return digestsigver_test_init(t, alg, 1, 1);
  3244. }
  3245. static int oneshot_digestverify_test_run(EVP_TEST *t)
  3246. {
  3247. DIGESTSIGN_DATA *mdata = t->data;
  3248. if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
  3249. mdata->osin, mdata->osin_len) <= 0)
  3250. t->err = "VERIFY_ERROR";
  3251. return 1;
  3252. }
  3253. static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
  3254. "OneShotDigestVerify",
  3255. oneshot_digestverify_test_init,
  3256. digestsigver_test_cleanup,
  3257. digestsigver_test_parse,
  3258. oneshot_digestverify_test_run
  3259. };
  3260. /**
  3261. ** PARSING AND DISPATCH
  3262. **/
  3263. static const EVP_TEST_METHOD *evp_test_list[] = {
  3264. &rand_test_method,
  3265. &cipher_test_method,
  3266. &digest_test_method,
  3267. &digestsign_test_method,
  3268. &digestverify_test_method,
  3269. &encode_test_method,
  3270. &kdf_test_method,
  3271. &pkey_kdf_test_method,
  3272. &keypair_test_method,
  3273. &keygen_test_method,
  3274. &mac_test_method,
  3275. &oneshot_digestsign_test_method,
  3276. &oneshot_digestverify_test_method,
  3277. &pbe_test_method,
  3278. &pdecrypt_test_method,
  3279. &pderive_test_method,
  3280. &psign_test_method,
  3281. &pverify_recover_test_method,
  3282. &pverify_test_method,
  3283. NULL
  3284. };
  3285. static const EVP_TEST_METHOD *find_test(const char *name)
  3286. {
  3287. const EVP_TEST_METHOD **tt;
  3288. for (tt = evp_test_list; *tt; tt++) {
  3289. if (strcmp(name, (*tt)->name) == 0)
  3290. return *tt;
  3291. }
  3292. return NULL;
  3293. }
  3294. static void clear_test(EVP_TEST *t)
  3295. {
  3296. test_clearstanza(&t->s);
  3297. ERR_clear_error();
  3298. if (t->data != NULL) {
  3299. if (t->meth != NULL)
  3300. t->meth->cleanup(t);
  3301. OPENSSL_free(t->data);
  3302. t->data = NULL;
  3303. }
  3304. OPENSSL_free(t->expected_err);
  3305. t->expected_err = NULL;
  3306. OPENSSL_free(t->reason);
  3307. t->reason = NULL;
  3308. /* Text literal. */
  3309. t->err = NULL;
  3310. t->skip = 0;
  3311. t->meth = NULL;
  3312. #if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
  3313. OSSL_set_max_threads(libctx, 0);
  3314. #endif
  3315. }
  3316. /* Check for errors in the test structure; return 1 if okay, else 0. */
  3317. static int check_test_error(EVP_TEST *t)
  3318. {
  3319. unsigned long err;
  3320. const char *reason;
  3321. if (t->err == NULL && t->expected_err == NULL)
  3322. return 1;
  3323. if (t->err != NULL && t->expected_err == NULL) {
  3324. if (t->aux_err != NULL) {
  3325. TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
  3326. t->s.test_file, t->s.start, t->aux_err, t->err);
  3327. } else {
  3328. TEST_info("%s:%d: Source of above error; unexpected error %s",
  3329. t->s.test_file, t->s.start, t->err);
  3330. }
  3331. return 0;
  3332. }
  3333. if (t->err == NULL && t->expected_err != NULL) {
  3334. TEST_info("%s:%d: Succeeded but was expecting %s",
  3335. t->s.test_file, t->s.start, t->expected_err);
  3336. return 0;
  3337. }
  3338. if (strcmp(t->err, t->expected_err) != 0) {
  3339. TEST_info("%s:%d: Expected %s got %s",
  3340. t->s.test_file, t->s.start, t->expected_err, t->err);
  3341. return 0;
  3342. }
  3343. if (t->reason == NULL)
  3344. return 1;
  3345. if (t->reason == NULL) {
  3346. TEST_info("%s:%d: Test is missing function or reason code",
  3347. t->s.test_file, t->s.start);
  3348. return 0;
  3349. }
  3350. err = ERR_peek_error();
  3351. if (err == 0) {
  3352. TEST_info("%s:%d: Expected error \"%s\" not set",
  3353. t->s.test_file, t->s.start, t->reason);
  3354. return 0;
  3355. }
  3356. reason = ERR_reason_error_string(err);
  3357. if (reason == NULL) {
  3358. TEST_info("%s:%d: Expected error \"%s\", no strings available."
  3359. " Assuming ok.",
  3360. t->s.test_file, t->s.start, t->reason);
  3361. return 1;
  3362. }
  3363. if (strcmp(reason, t->reason) == 0)
  3364. return 1;
  3365. TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
  3366. t->s.test_file, t->s.start, t->reason, reason);
  3367. return 0;
  3368. }
  3369. /* Run a parsed test. Log a message and return 0 on error. */
  3370. static int run_test(EVP_TEST *t)
  3371. {
  3372. if (t->meth == NULL)
  3373. return 1;
  3374. t->s.numtests++;
  3375. if (t->skip) {
  3376. t->s.numskip++;
  3377. } else {
  3378. /* run the test */
  3379. if (t->err == NULL && t->meth->run_test(t) != 1) {
  3380. TEST_info("%s:%d %s error",
  3381. t->s.test_file, t->s.start, t->meth->name);
  3382. return 0;
  3383. }
  3384. if (!check_test_error(t)) {
  3385. TEST_openssl_errors();
  3386. t->s.errors++;
  3387. }
  3388. }
  3389. /* clean it up */
  3390. return 1;
  3391. }
  3392. static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
  3393. {
  3394. for (; lst != NULL; lst = lst->next) {
  3395. if (strcmp(lst->name, name) == 0) {
  3396. if (ppk != NULL)
  3397. *ppk = lst->key;
  3398. return 1;
  3399. }
  3400. }
  3401. return 0;
  3402. }
  3403. static void free_key_list(KEY_LIST *lst)
  3404. {
  3405. while (lst != NULL) {
  3406. KEY_LIST *next = lst->next;
  3407. EVP_PKEY_free(lst->key);
  3408. OPENSSL_free(lst->name);
  3409. OPENSSL_free(lst);
  3410. lst = next;
  3411. }
  3412. }
  3413. /*
  3414. * Is the key type an unsupported algorithm?
  3415. */
  3416. static int key_unsupported(void)
  3417. {
  3418. long err = ERR_peek_last_error();
  3419. int lib = ERR_GET_LIB(err);
  3420. long reason = ERR_GET_REASON(err);
  3421. if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
  3422. || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
  3423. || reason == ERR_R_UNSUPPORTED) {
  3424. ERR_clear_error();
  3425. return 1;
  3426. }
  3427. #ifndef OPENSSL_NO_EC
  3428. /*
  3429. * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
  3430. * hint to an unsupported algorithm/curve (e.g. if binary EC support is
  3431. * disabled).
  3432. */
  3433. if (lib == ERR_LIB_EC
  3434. && (reason == EC_R_UNKNOWN_GROUP
  3435. || reason == EC_R_INVALID_CURVE)) {
  3436. ERR_clear_error();
  3437. return 1;
  3438. }
  3439. #endif /* OPENSSL_NO_EC */
  3440. return 0;
  3441. }
  3442. /* NULL out the value from |pp| but return it. This "steals" a pointer. */
  3443. static char *take_value(PAIR *pp)
  3444. {
  3445. char *p = pp->value;
  3446. pp->value = NULL;
  3447. return p;
  3448. }
  3449. #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
  3450. static int securitycheck_enabled(void)
  3451. {
  3452. static int enabled = -1;
  3453. if (enabled == -1) {
  3454. if (OSSL_PROVIDER_available(libctx, "fips")) {
  3455. OSSL_PARAM params[2];
  3456. OSSL_PROVIDER *prov = NULL;
  3457. int check = 1;
  3458. prov = OSSL_PROVIDER_load(libctx, "fips");
  3459. if (prov != NULL) {
  3460. params[0] =
  3461. OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
  3462. &check);
  3463. params[1] = OSSL_PARAM_construct_end();
  3464. OSSL_PROVIDER_get_params(prov, params);
  3465. OSSL_PROVIDER_unload(prov);
  3466. }
  3467. enabled = check;
  3468. return enabled;
  3469. }
  3470. enabled = 0;
  3471. }
  3472. return enabled;
  3473. }
  3474. #endif
  3475. /*
  3476. * Return 1 if one of the providers named in the string is available.
  3477. * The provider names are separated with whitespace.
  3478. * NOTE: destructive function, it inserts '\0' after each provider name.
  3479. */
  3480. static int prov_available(char *providers)
  3481. {
  3482. char *p;
  3483. int more = 1;
  3484. while (more) {
  3485. for (; isspace((unsigned char)(*providers)); providers++)
  3486. continue;
  3487. if (*providers == '\0')
  3488. break; /* End of the road */
  3489. for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++)
  3490. continue;
  3491. if (*p == '\0')
  3492. more = 0;
  3493. else
  3494. *p = '\0';
  3495. if (OSSL_PROVIDER_available(libctx, providers))
  3496. return 1; /* Found one */
  3497. }
  3498. return 0;
  3499. }
  3500. /* Read and parse one test. Return 0 if failure, 1 if okay. */
  3501. static int parse(EVP_TEST *t)
  3502. {
  3503. KEY_LIST *key, **klist;
  3504. EVP_PKEY *pkey;
  3505. PAIR *pp;
  3506. int i, j, skipped = 0;
  3507. top:
  3508. do {
  3509. if (BIO_eof(t->s.fp))
  3510. return EOF;
  3511. clear_test(t);
  3512. if (!test_readstanza(&t->s))
  3513. return 0;
  3514. } while (t->s.numpairs == 0);
  3515. pp = &t->s.pairs[0];
  3516. /* Are we adding a key? */
  3517. klist = NULL;
  3518. pkey = NULL;
  3519. start:
  3520. if (strcmp(pp->key, "PrivateKey") == 0) {
  3521. pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
  3522. if (pkey == NULL && !key_unsupported()) {
  3523. EVP_PKEY_free(pkey);
  3524. TEST_info("Can't read private key %s", pp->value);
  3525. TEST_openssl_errors();
  3526. return 0;
  3527. }
  3528. klist = &private_keys;
  3529. } else if (strcmp(pp->key, "PublicKey") == 0) {
  3530. pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
  3531. if (pkey == NULL && !key_unsupported()) {
  3532. EVP_PKEY_free(pkey);
  3533. TEST_info("Can't read public key %s", pp->value);
  3534. TEST_openssl_errors();
  3535. return 0;
  3536. }
  3537. klist = &public_keys;
  3538. } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
  3539. || strcmp(pp->key, "PublicKeyRaw") == 0) {
  3540. char *strnid = NULL, *keydata = NULL;
  3541. unsigned char *keybin;
  3542. size_t keylen;
  3543. int nid;
  3544. if (strcmp(pp->key, "PrivateKeyRaw") == 0)
  3545. klist = &private_keys;
  3546. else
  3547. klist = &public_keys;
  3548. strnid = strchr(pp->value, ':');
  3549. if (strnid != NULL) {
  3550. *strnid++ = '\0';
  3551. keydata = strchr(strnid, ':');
  3552. if (keydata != NULL)
  3553. *keydata++ = '\0';
  3554. }
  3555. if (keydata == NULL) {
  3556. TEST_info("Failed to parse %s value", pp->key);
  3557. return 0;
  3558. }
  3559. nid = OBJ_txt2nid(strnid);
  3560. if (nid == NID_undef) {
  3561. TEST_info("Unrecognised algorithm NID");
  3562. return 0;
  3563. }
  3564. if (!parse_bin(keydata, &keybin, &keylen)) {
  3565. TEST_info("Failed to create binary key");
  3566. return 0;
  3567. }
  3568. if (klist == &private_keys)
  3569. pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
  3570. keylen);
  3571. else
  3572. pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
  3573. keylen);
  3574. if (pkey == NULL && !key_unsupported()) {
  3575. TEST_info("Can't read %s data", pp->key);
  3576. OPENSSL_free(keybin);
  3577. TEST_openssl_errors();
  3578. return 0;
  3579. }
  3580. OPENSSL_free(keybin);
  3581. } else if (strcmp(pp->key, "Availablein") == 0) {
  3582. if (!prov_available(pp->value)) {
  3583. TEST_info("skipping, '%s' provider not available: %s:%d",
  3584. pp->value, t->s.test_file, t->s.start);
  3585. t->skip = 1;
  3586. return 0;
  3587. }
  3588. skipped++;
  3589. pp++;
  3590. goto start;
  3591. } else if (strcmp(pp->key, "FIPSversion") == 0) {
  3592. if (prov_available("fips")) {
  3593. j = fips_provider_version_match(libctx, pp->value);
  3594. if (j < 0) {
  3595. TEST_info("Line %d: error matching FIPS versions\n", t->s.curr);
  3596. return 0;
  3597. } else if (j == 0) {
  3598. TEST_info("skipping, FIPS provider incompatible version: %s:%d",
  3599. t->s.test_file, t->s.start);
  3600. t->skip = 1;
  3601. return 0;
  3602. }
  3603. }
  3604. skipped++;
  3605. pp++;
  3606. goto start;
  3607. }
  3608. /* If we have a key add to list */
  3609. if (klist != NULL) {
  3610. if (find_key(NULL, pp->value, *klist)) {
  3611. TEST_info("Duplicate key %s", pp->value);
  3612. return 0;
  3613. }
  3614. if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
  3615. return 0;
  3616. key->name = take_value(pp);
  3617. key->key = pkey;
  3618. key->next = *klist;
  3619. *klist = key;
  3620. /* Go back and start a new stanza. */
  3621. if ((t->s.numpairs - skipped) != 1)
  3622. TEST_info("Line %d: missing blank line\n", t->s.curr);
  3623. goto top;
  3624. }
  3625. /* Find the test, based on first keyword. */
  3626. if (!TEST_ptr(t->meth = find_test(pp->key)))
  3627. return 0;
  3628. if (!t->meth->init(t, pp->value)) {
  3629. TEST_error("unknown %s: %s\n", pp->key, pp->value);
  3630. return 0;
  3631. }
  3632. if (t->skip == 1) {
  3633. /* TEST_info("skipping %s %s", pp->key, pp->value); */
  3634. return 0;
  3635. }
  3636. for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) {
  3637. if (strcmp(pp->key, "Securitycheck") == 0) {
  3638. #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
  3639. #else
  3640. if (!securitycheck_enabled())
  3641. #endif
  3642. {
  3643. TEST_info("skipping, Securitycheck is disabled: %s:%d",
  3644. t->s.test_file, t->s.start);
  3645. t->skip = 1;
  3646. return 0;
  3647. }
  3648. } else if (strcmp(pp->key, "Availablein") == 0) {
  3649. TEST_info("Line %d: 'Availablein' should be the first option",
  3650. t->s.curr);
  3651. return 0;
  3652. } else if (strcmp(pp->key, "Result") == 0) {
  3653. if (t->expected_err != NULL) {
  3654. TEST_info("Line %d: multiple result lines", t->s.curr);
  3655. return 0;
  3656. }
  3657. t->expected_err = take_value(pp);
  3658. } else if (strcmp(pp->key, "Function") == 0) {
  3659. /* Ignore old line. */
  3660. } else if (strcmp(pp->key, "Reason") == 0) {
  3661. if (t->reason != NULL) {
  3662. TEST_info("Line %d: multiple reason lines", t->s.curr);
  3663. return 0;
  3664. }
  3665. t->reason = take_value(pp);
  3666. } else if (strcmp(pp->key, "Threads") == 0) {
  3667. if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) {
  3668. TEST_info("skipping, '%s' threads not available: %s:%d",
  3669. pp->value, t->s.test_file, t->s.start);
  3670. t->skip = 1;
  3671. }
  3672. } else {
  3673. /* Must be test specific line: try to parse it */
  3674. int rv = t->meth->parse(t, pp->key, pp->value);
  3675. if (rv == 0) {
  3676. TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
  3677. return 0;
  3678. }
  3679. if (rv < 0) {
  3680. TEST_info("Line %d: error processing keyword %s = %s\n",
  3681. t->s.curr, pp->key, pp->value);
  3682. return 0;
  3683. }
  3684. if (t->skip)
  3685. return 0;
  3686. }
  3687. }
  3688. return 1;
  3689. }
  3690. static int run_file_tests(int i)
  3691. {
  3692. EVP_TEST *t;
  3693. const char *testfile = test_get_argument(i);
  3694. int c;
  3695. if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
  3696. return 0;
  3697. if (!test_start_file(&t->s, testfile)) {
  3698. OPENSSL_free(t);
  3699. return 0;
  3700. }
  3701. while (!BIO_eof(t->s.fp)) {
  3702. c = parse(t);
  3703. if (t->skip) {
  3704. t->s.numskip++;
  3705. continue;
  3706. }
  3707. if (c == 0 || !run_test(t)) {
  3708. t->s.errors++;
  3709. break;
  3710. }
  3711. }
  3712. test_end_file(&t->s);
  3713. clear_test(t);
  3714. free_key_list(public_keys);
  3715. free_key_list(private_keys);
  3716. BIO_free(t->s.key);
  3717. c = t->s.errors;
  3718. OPENSSL_free(t);
  3719. return c == 0;
  3720. }
  3721. const OPTIONS *test_get_options(void)
  3722. {
  3723. static const OPTIONS test_options[] = {
  3724. OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
  3725. { "config", OPT_CONFIG_FILE, '<',
  3726. "The configuration file to use for the libctx" },
  3727. { "process", OPT_IN_PLACE, 's',
  3728. "Mode for data processing by cipher tests [in_place/both], both by default"},
  3729. { "provider", OPT_PROVIDER_NAME, 's',
  3730. "The provider to load (when no configuration file, the default value is 'default')" },
  3731. { "propquery", OPT_PROV_PROPQUERY, 's',
  3732. "Property query used when fetching algorithms" },
  3733. { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
  3734. { NULL }
  3735. };
  3736. return test_options;
  3737. }
  3738. int setup_tests(void)
  3739. {
  3740. size_t n;
  3741. char *config_file = NULL;
  3742. char *provider_name = NULL;
  3743. OPTION_CHOICE o;
  3744. while ((o = opt_next()) != OPT_EOF) {
  3745. switch (o) {
  3746. case OPT_CONFIG_FILE:
  3747. config_file = opt_arg();
  3748. break;
  3749. case OPT_IN_PLACE:
  3750. if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1)
  3751. return 0;
  3752. break;
  3753. case OPT_PROVIDER_NAME:
  3754. provider_name = opt_arg();
  3755. break;
  3756. case OPT_PROV_PROPQUERY:
  3757. propquery = opt_arg();
  3758. break;
  3759. case OPT_TEST_CASES:
  3760. break;
  3761. default:
  3762. case OPT_ERR:
  3763. return 0;
  3764. }
  3765. }
  3766. /*
  3767. * Load the provider via configuration into the created library context.
  3768. * Load the 'null' provider into the default library context to ensure that
  3769. * the tests do not fallback to using the default provider.
  3770. */
  3771. if (config_file == NULL && provider_name == NULL)
  3772. provider_name = "default";
  3773. if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name))
  3774. return 0;
  3775. n = test_get_argument_count();
  3776. if (n == 0)
  3777. return 0;
  3778. ADD_ALL_TESTS(run_file_tests, n);
  3779. return 1;
  3780. }
  3781. void cleanup_tests(void)
  3782. {
  3783. OSSL_PROVIDER_unload(libprov);
  3784. OSSL_PROVIDER_unload(prov_null);
  3785. OSSL_LIB_CTX_free(libctx);
  3786. }
  3787. static int is_digest_disabled(const char *name)
  3788. {
  3789. #ifdef OPENSSL_NO_BLAKE2
  3790. if (HAS_CASE_PREFIX(name, "BLAKE"))
  3791. return 1;
  3792. #endif
  3793. #ifdef OPENSSL_NO_MD2
  3794. if (OPENSSL_strcasecmp(name, "MD2") == 0)
  3795. return 1;
  3796. #endif
  3797. #ifdef OPENSSL_NO_MDC2
  3798. if (OPENSSL_strcasecmp(name, "MDC2") == 0)
  3799. return 1;
  3800. #endif
  3801. #ifdef OPENSSL_NO_MD4
  3802. if (OPENSSL_strcasecmp(name, "MD4") == 0)
  3803. return 1;
  3804. #endif
  3805. #ifdef OPENSSL_NO_MD5
  3806. if (OPENSSL_strcasecmp(name, "MD5") == 0)
  3807. return 1;
  3808. #endif
  3809. #ifdef OPENSSL_NO_RMD160
  3810. if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
  3811. return 1;
  3812. #endif
  3813. #ifdef OPENSSL_NO_SM3
  3814. if (OPENSSL_strcasecmp(name, "SM3") == 0)
  3815. return 1;
  3816. #endif
  3817. #ifdef OPENSSL_NO_WHIRLPOOL
  3818. if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
  3819. return 1;
  3820. #endif
  3821. return 0;
  3822. }
  3823. static int is_pkey_disabled(const char *name)
  3824. {
  3825. #ifdef OPENSSL_NO_EC
  3826. if (HAS_CASE_PREFIX(name, "EC"))
  3827. return 1;
  3828. #endif
  3829. #ifdef OPENSSL_NO_DH
  3830. if (HAS_CASE_PREFIX(name, "DH"))
  3831. return 1;
  3832. #endif
  3833. #ifdef OPENSSL_NO_DSA
  3834. if (HAS_CASE_PREFIX(name, "DSA"))
  3835. return 1;
  3836. #endif
  3837. return 0;
  3838. }
  3839. static int is_mac_disabled(const char *name)
  3840. {
  3841. #ifdef OPENSSL_NO_BLAKE2
  3842. if (HAS_CASE_PREFIX(name, "BLAKE2BMAC")
  3843. || HAS_CASE_PREFIX(name, "BLAKE2SMAC"))
  3844. return 1;
  3845. #endif
  3846. #ifdef OPENSSL_NO_CMAC
  3847. if (HAS_CASE_PREFIX(name, "CMAC"))
  3848. return 1;
  3849. #endif
  3850. #ifdef OPENSSL_NO_POLY1305
  3851. if (HAS_CASE_PREFIX(name, "Poly1305"))
  3852. return 1;
  3853. #endif
  3854. #ifdef OPENSSL_NO_SIPHASH
  3855. if (HAS_CASE_PREFIX(name, "SipHash"))
  3856. return 1;
  3857. #endif
  3858. return 0;
  3859. }
  3860. static int is_kdf_disabled(const char *name)
  3861. {
  3862. #ifdef OPENSSL_NO_SCRYPT
  3863. if (HAS_CASE_SUFFIX(name, "SCRYPT"))
  3864. return 1;
  3865. #endif
  3866. #ifdef OPENSSL_NO_ARGON2
  3867. if (HAS_CASE_SUFFIX(name, "ARGON2"))
  3868. return 1;
  3869. #endif
  3870. return 0;
  3871. }
  3872. static int is_cipher_disabled(const char *name)
  3873. {
  3874. #ifdef OPENSSL_NO_ARIA
  3875. if (HAS_CASE_PREFIX(name, "ARIA"))
  3876. return 1;
  3877. #endif
  3878. #ifdef OPENSSL_NO_BF
  3879. if (HAS_CASE_PREFIX(name, "BF"))
  3880. return 1;
  3881. #endif
  3882. #ifdef OPENSSL_NO_CAMELLIA
  3883. if (HAS_CASE_PREFIX(name, "CAMELLIA"))
  3884. return 1;
  3885. #endif
  3886. #ifdef OPENSSL_NO_CAST
  3887. if (HAS_CASE_PREFIX(name, "CAST"))
  3888. return 1;
  3889. #endif
  3890. #ifdef OPENSSL_NO_CHACHA
  3891. if (HAS_CASE_PREFIX(name, "CHACHA"))
  3892. return 1;
  3893. #endif
  3894. #ifdef OPENSSL_NO_POLY1305
  3895. if (HAS_CASE_SUFFIX(name, "Poly1305"))
  3896. return 1;
  3897. #endif
  3898. #ifdef OPENSSL_NO_DES
  3899. if (HAS_CASE_PREFIX(name, "DES"))
  3900. return 1;
  3901. if (HAS_CASE_SUFFIX(name, "3DESwrap"))
  3902. return 1;
  3903. #endif
  3904. #ifdef OPENSSL_NO_OCB
  3905. if (HAS_CASE_SUFFIX(name, "OCB"))
  3906. return 1;
  3907. #endif
  3908. #ifdef OPENSSL_NO_IDEA
  3909. if (HAS_CASE_PREFIX(name, "IDEA"))
  3910. return 1;
  3911. #endif
  3912. #ifdef OPENSSL_NO_RC2
  3913. if (HAS_CASE_PREFIX(name, "RC2"))
  3914. return 1;
  3915. #endif
  3916. #ifdef OPENSSL_NO_RC4
  3917. if (HAS_CASE_PREFIX(name, "RC4"))
  3918. return 1;
  3919. #endif
  3920. #ifdef OPENSSL_NO_RC5
  3921. if (HAS_CASE_PREFIX(name, "RC5"))
  3922. return 1;
  3923. #endif
  3924. #ifdef OPENSSL_NO_SEED
  3925. if (HAS_CASE_PREFIX(name, "SEED"))
  3926. return 1;
  3927. #endif
  3928. #ifdef OPENSSL_NO_SIV
  3929. if (HAS_CASE_SUFFIX(name, "SIV"))
  3930. return 1;
  3931. #endif
  3932. #ifdef OPENSSL_NO_SM4
  3933. if (HAS_CASE_PREFIX(name, "SM4"))
  3934. return 1;
  3935. #endif
  3936. return 0;
  3937. }