1 /* 2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */ 11 #include <stdio.h> 12 #include <string.h> 13 #include <stdlib.h> 14 #include <ctype.h> 15 #include <openssl/evp.h> 16 #include <openssl/pem.h> 17 #include <openssl/err.h> 18 #include <openssl/provider.h> 19 #include <openssl/x509v3.h> 20 #include <openssl/pkcs12.h> 21 #include <openssl/kdf.h> 22 #include <openssl/params.h> 23 #include <openssl/core_names.h> 24 #include <openssl/fips_names.h> 25 #include "internal/numbers.h" 26 #include "internal/nelem.h" 27 #include "crypto/evp.h" 28 #include "testutil.h" 29 30 typedef struct evp_test_buffer_st EVP_TEST_BUFFER; 31 DEFINE_STACK_OF(EVP_TEST_BUFFER) 32 33 #define AAD_NUM 4 34 35 typedef struct evp_test_method_st EVP_TEST_METHOD; 36 37 /* Structure holding test information */ 38 typedef struct evp_test_st { 39 STANZA s; /* Common test stanza */ 40 char *name; 41 int skip; /* Current test should be skipped */ 42 const EVP_TEST_METHOD *meth; /* method for this test */ 43 const char *err, *aux_err; /* Error string for test */ 44 char *expected_err; /* Expected error value of test */ 45 char *reason; /* Expected error reason string */ 46 void *data; /* test specific data */ 47 } EVP_TEST; 48 49 /* Test method structure */ 50 struct evp_test_method_st { 51 /* Name of test as it appears in file */ 52 const char *name; 53 /* Initialise test for "alg" */ 54 int (*init) (EVP_TEST * t, const char *alg); 55 /* Clean up method */ 56 void (*cleanup) (EVP_TEST * t); 57 /* Test specific name value pair processing */ 58 int (*parse) (EVP_TEST * t, const char *name, const char *value); 59 /* Run the test itself */ 60 int (*run_test) (EVP_TEST * t); 61 }; 62 63 /* Linked list of named keys. */ 64 typedef struct key_list_st { 65 char *name; 66 EVP_PKEY *key; 67 struct key_list_st *next; 68 } KEY_LIST; 69 70 typedef enum OPTION_choice { 71 OPT_ERR = -1, 72 OPT_EOF = 0, 73 OPT_CONFIG_FILE, 74 OPT_TEST_ENUM 75 } OPTION_CHOICE; 76 77 static OSSL_PROVIDER *prov_null = NULL; 78 static OSSL_LIB_CTX *libctx = NULL; 79 80 /* List of public and private keys */ 81 static KEY_LIST *private_keys; 82 static KEY_LIST *public_keys; 83 84 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); 85 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); 86 static int is_digest_disabled(const char *name); 87 static int is_pkey_disabled(const char *name); 88 static int is_mac_disabled(const char *name); 89 static int is_cipher_disabled(const char *name); 90 static int is_kdf_disabled(const char *name); 91 92 /* 93 * Compare two memory regions for equality, returning zero if they differ. 94 * However, if there is expected to be an error and the actual error 95 * matches then the memory is expected to be different so handle this 96 * case without producing unnecessary test framework output. 97 */ 98 static int memory_err_compare(EVP_TEST *t, const char *err, 99 const void *expected, size_t expected_len, 100 const void *got, size_t got_len) 101 { 102 int r; 103 104 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0) 105 r = !TEST_mem_ne(expected, expected_len, got, got_len); 106 else 107 r = TEST_mem_eq(expected, expected_len, got, got_len); 108 if (!r) 109 t->err = err; 110 return r; 111 } 112 113 /* 114 * Structure used to hold a list of blocks of memory to test 115 * calls to "update" like functions. 116 */ 117 struct evp_test_buffer_st { 118 unsigned char *buf; 119 size_t buflen; 120 size_t count; 121 int count_set; 122 }; 123 124 static void evp_test_buffer_free(EVP_TEST_BUFFER *db) 125 { 126 if (db != NULL) { 127 OPENSSL_free(db->buf); 128 OPENSSL_free(db); 129 } 130 } 131 132 /* append buffer to a list */ 133 static int evp_test_buffer_append(const char *value, 134 STACK_OF(EVP_TEST_BUFFER) **sk) 135 { 136 EVP_TEST_BUFFER *db = NULL; 137 138 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db)))) 139 goto err; 140 141 if (!parse_bin(value, &db->buf, &db->buflen)) 142 goto err; 143 db->count = 1; 144 db->count_set = 0; 145 146 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null())) 147 goto err; 148 if (!sk_EVP_TEST_BUFFER_push(*sk, db)) 149 goto err; 150 151 return 1; 152 153 err: 154 evp_test_buffer_free(db); 155 return 0; 156 } 157 158 /* replace last buffer in list with copies of itself */ 159 static int evp_test_buffer_ncopy(const char *value, 160 STACK_OF(EVP_TEST_BUFFER) *sk) 161 { 162 EVP_TEST_BUFFER *db; 163 unsigned char *tbuf, *p; 164 size_t tbuflen; 165 int ncopy = atoi(value); 166 int i; 167 168 if (ncopy <= 0) 169 return 0; 170 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 171 return 0; 172 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 173 174 tbuflen = db->buflen * ncopy; 175 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen))) 176 return 0; 177 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen) 178 memcpy(p, db->buf, db->buflen); 179 180 OPENSSL_free(db->buf); 181 db->buf = tbuf; 182 db->buflen = tbuflen; 183 return 1; 184 } 185 186 /* set repeat count for last buffer in list */ 187 static int evp_test_buffer_set_count(const char *value, 188 STACK_OF(EVP_TEST_BUFFER) *sk) 189 { 190 EVP_TEST_BUFFER *db; 191 int count = atoi(value); 192 193 if (count <= 0) 194 return 0; 195 196 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 197 return 0; 198 199 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 200 if (db->count_set != 0) 201 return 0; 202 203 db->count = (size_t)count; 204 db->count_set = 1; 205 return 1; 206 } 207 208 /* call "fn" with each element of the list in turn */ 209 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk, 210 int (*fn)(void *ctx, 211 const unsigned char *buf, 212 size_t buflen), 213 void *ctx) 214 { 215 int i; 216 217 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) { 218 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i); 219 size_t j; 220 221 for (j = 0; j < tb->count; j++) { 222 if (fn(ctx, tb->buf, tb->buflen) <= 0) 223 return 0; 224 } 225 } 226 return 1; 227 } 228 229 /* 230 * Unescape some sequences in string literals (only \n for now). 231 * Return an allocated buffer, set |out_len|. If |input_len| 232 * is zero, get an empty buffer but set length to zero. 233 */ 234 static unsigned char* unescape(const char *input, size_t input_len, 235 size_t *out_len) 236 { 237 unsigned char *ret, *p; 238 size_t i; 239 240 if (input_len == 0) { 241 *out_len = 0; 242 return OPENSSL_zalloc(1); 243 } 244 245 /* Escaping is non-expanding; over-allocate original size for simplicity. */ 246 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len))) 247 return NULL; 248 249 for (i = 0; i < input_len; i++) { 250 if (*input == '\\') { 251 if (i == input_len - 1 || *++input != 'n') { 252 TEST_error("Bad escape sequence in file"); 253 goto err; 254 } 255 *p++ = '\n'; 256 i++; 257 input++; 258 } else { 259 *p++ = *input++; 260 } 261 } 262 263 *out_len = p - ret; 264 return ret; 265 266 err: 267 OPENSSL_free(ret); 268 return NULL; 269 } 270 271 /* 272 * For a hex string "value" convert to a binary allocated buffer. 273 * Return 1 on success or 0 on failure. 274 */ 275 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen) 276 { 277 long len; 278 279 /* Check for NULL literal */ 280 if (strcmp(value, "NULL") == 0) { 281 *buf = NULL; 282 *buflen = 0; 283 return 1; 284 } 285 286 /* Check for empty value */ 287 if (*value == '\0') { 288 /* 289 * Don't return NULL for zero length buffer. This is needed for 290 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key 291 * buffer even if the key length is 0, in order to detect key reset. 292 */ 293 *buf = OPENSSL_malloc(1); 294 if (*buf == NULL) 295 return 0; 296 **buf = 0; 297 *buflen = 0; 298 return 1; 299 } 300 301 /* Check for string literal */ 302 if (value[0] == '"') { 303 size_t vlen = strlen(++value); 304 305 if (vlen == 0 || value[vlen - 1] != '"') 306 return 0; 307 vlen--; 308 *buf = unescape(value, vlen, buflen); 309 return *buf == NULL ? 0 : 1; 310 } 311 312 /* Otherwise assume as hex literal and convert it to binary buffer */ 313 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) { 314 TEST_info("Can't convert %s", value); 315 TEST_openssl_errors(); 316 return -1; 317 } 318 /* Size of input buffer means we'll never overflow */ 319 *buflen = len; 320 return 1; 321 } 322 323 /** 324 ** MESSAGE DIGEST TESTS 325 **/ 326 327 typedef struct digest_data_st { 328 /* Digest this test is for */ 329 const EVP_MD *digest; 330 EVP_MD *fetched_digest; 331 /* Input to digest */ 332 STACK_OF(EVP_TEST_BUFFER) *input; 333 /* Expected output */ 334 unsigned char *output; 335 size_t output_len; 336 /* Padding type */ 337 int pad_type; 338 } DIGEST_DATA; 339 340 static int digest_test_init(EVP_TEST *t, const char *alg) 341 { 342 DIGEST_DATA *mdat; 343 const EVP_MD *digest; 344 EVP_MD *fetched_digest; 345 346 if (is_digest_disabled(alg)) { 347 TEST_info("skipping, '%s' is disabled", alg); 348 t->skip = 1; 349 return 1; 350 } 351 352 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, NULL)) == NULL 353 && (digest = EVP_get_digestbyname(alg)) == NULL) 354 return 0; 355 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 356 return 0; 357 t->data = mdat; 358 mdat->digest = digest; 359 mdat->fetched_digest = fetched_digest; 360 mdat->pad_type = 0; 361 if (fetched_digest != NULL) 362 TEST_info("%s is fetched", alg); 363 return 1; 364 } 365 366 static void digest_test_cleanup(EVP_TEST *t) 367 { 368 DIGEST_DATA *mdat = t->data; 369 370 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free); 371 OPENSSL_free(mdat->output); 372 EVP_MD_free(mdat->fetched_digest); 373 } 374 375 static int digest_test_parse(EVP_TEST *t, 376 const char *keyword, const char *value) 377 { 378 DIGEST_DATA *mdata = t->data; 379 380 if (strcmp(keyword, "Input") == 0) 381 return evp_test_buffer_append(value, &mdata->input); 382 if (strcmp(keyword, "Output") == 0) 383 return parse_bin(value, &mdata->output, &mdata->output_len); 384 if (strcmp(keyword, "Count") == 0) 385 return evp_test_buffer_set_count(value, mdata->input); 386 if (strcmp(keyword, "Ncopy") == 0) 387 return evp_test_buffer_ncopy(value, mdata->input); 388 if (strcmp(keyword, "Padding") == 0) 389 return (mdata->pad_type = atoi(value)) > 0; 390 return 0; 391 } 392 393 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen) 394 { 395 return EVP_DigestUpdate(ctx, buf, buflen); 396 } 397 398 static int digest_test_run(EVP_TEST *t) 399 { 400 DIGEST_DATA *expected = t->data; 401 EVP_TEST_BUFFER *inbuf; 402 EVP_MD_CTX *mctx; 403 unsigned char *got = NULL; 404 unsigned int got_len; 405 size_t size = 0; 406 int xof = 0; 407 OSSL_PARAM params[2]; 408 409 t->err = "TEST_FAILURE"; 410 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 411 goto err; 412 413 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? 414 expected->output_len : EVP_MAX_MD_SIZE); 415 if (!TEST_ptr(got)) 416 goto err; 417 418 if (!EVP_DigestInit_ex(mctx, expected->digest, NULL)) { 419 t->err = "DIGESTINIT_ERROR"; 420 goto err; 421 } 422 if (expected->pad_type > 0) { 423 params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, 424 &expected->pad_type); 425 params[1] = OSSL_PARAM_construct_end(); 426 if (!TEST_int_gt(EVP_MD_CTX_set_params(mctx, params), 0)) { 427 t->err = "PARAMS_ERROR"; 428 goto err; 429 } 430 } 431 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) { 432 t->err = "DIGESTUPDATE_ERROR"; 433 goto err; 434 } 435 436 xof = (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0; 437 if (xof) { 438 EVP_MD_CTX *mctx_cpy; 439 char dont[] = "touch"; 440 441 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) { 442 goto err; 443 } 444 if (!EVP_MD_CTX_copy(mctx_cpy, mctx)) { 445 EVP_MD_CTX_free(mctx_cpy); 446 goto err; 447 } 448 if (!EVP_DigestFinalXOF(mctx_cpy, (unsigned char *)dont, 0)) { 449 EVP_MD_CTX_free(mctx_cpy); 450 t->err = "DIGESTFINALXOF_ERROR"; 451 goto err; 452 } 453 if (!TEST_str_eq(dont, "touch")) { 454 EVP_MD_CTX_free(mctx_cpy); 455 t->err = "DIGESTFINALXOF_ERROR"; 456 goto err; 457 } 458 EVP_MD_CTX_free(mctx_cpy); 459 460 got_len = expected->output_len; 461 if (!EVP_DigestFinalXOF(mctx, got, got_len)) { 462 t->err = "DIGESTFINALXOF_ERROR"; 463 goto err; 464 } 465 } else { 466 if (!EVP_DigestFinal(mctx, got, &got_len)) { 467 t->err = "DIGESTFINAL_ERROR"; 468 goto err; 469 } 470 } 471 if (!TEST_int_eq(expected->output_len, got_len)) { 472 t->err = "DIGEST_LENGTH_MISMATCH"; 473 goto err; 474 } 475 if (!memory_err_compare(t, "DIGEST_MISMATCH", 476 expected->output, expected->output_len, 477 got, got_len)) 478 goto err; 479 480 t->err = NULL; 481 482 /* Test the EVP_Q_digest interface as well */ 483 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1 484 && !xof 485 /* This should never fail but we need the returned pointer now */ 486 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0)) 487 && !inbuf->count_set) { 488 OPENSSL_cleanse(got, got_len); 489 if (!TEST_true(EVP_Q_digest(libctx, 490 EVP_MD_get0_name(expected->fetched_digest), 491 NULL, inbuf->buf, inbuf->buflen, 492 got, &size)) 493 || !TEST_mem_eq(got, size, 494 expected->output, expected->output_len)) { 495 t->err = "EVP_Q_digest failed"; 496 goto err; 497 } 498 } 499 500 err: 501 OPENSSL_free(got); 502 EVP_MD_CTX_free(mctx); 503 return 1; 504 } 505 506 static const EVP_TEST_METHOD digest_test_method = { 507 "Digest", 508 digest_test_init, 509 digest_test_cleanup, 510 digest_test_parse, 511 digest_test_run 512 }; 513 514 /** 515 *** CIPHER TESTS 516 **/ 517 518 typedef struct cipher_data_st { 519 const EVP_CIPHER *cipher; 520 EVP_CIPHER *fetched_cipher; 521 int enc; 522 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ 523 int aead; 524 unsigned char *key; 525 size_t key_len; 526 size_t key_bits; /* Used by RC2 */ 527 unsigned char *iv; 528 unsigned char *next_iv; /* Expected IV state after operation */ 529 unsigned int rounds; 530 size_t iv_len; 531 unsigned char *plaintext; 532 size_t plaintext_len; 533 unsigned char *ciphertext; 534 size_t ciphertext_len; 535 /* AEAD ciphers only */ 536 unsigned char *aad[AAD_NUM]; 537 size_t aad_len[AAD_NUM]; 538 int tls_aad; 539 int tls_version; 540 unsigned char *tag; 541 const char *cts_mode; 542 size_t tag_len; 543 int tag_late; 544 unsigned char *mac_key; 545 size_t mac_key_len; 546 } CIPHER_DATA; 547 548 static int cipher_test_init(EVP_TEST *t, const char *alg) 549 { 550 const EVP_CIPHER *cipher; 551 EVP_CIPHER *fetched_cipher; 552 CIPHER_DATA *cdat; 553 int m; 554 555 if (is_cipher_disabled(alg)) { 556 t->skip = 1; 557 TEST_info("skipping, '%s' is disabled", alg); 558 return 1; 559 } 560 561 ERR_set_mark(); 562 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, NULL)) == NULL 563 && (cipher = EVP_get_cipherbyname(alg)) == NULL) { 564 /* a stitched cipher might not be available */ 565 if (strstr(alg, "HMAC") != NULL) { 566 ERR_pop_to_mark(); 567 t->skip = 1; 568 TEST_info("skipping, '%s' is not available", alg); 569 return 1; 570 } 571 ERR_clear_last_mark(); 572 return 0; 573 } 574 ERR_clear_last_mark(); 575 576 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat)))) 577 return 0; 578 579 cdat->cipher = cipher; 580 cdat->fetched_cipher = fetched_cipher; 581 cdat->enc = -1; 582 m = EVP_CIPHER_get_mode(cipher); 583 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) 584 cdat->aead = m != 0 ? m : -1; 585 else 586 cdat->aead = 0; 587 588 t->data = cdat; 589 if (fetched_cipher != NULL) 590 TEST_info("%s is fetched", alg); 591 return 1; 592 } 593 594 static void cipher_test_cleanup(EVP_TEST *t) 595 { 596 int i; 597 CIPHER_DATA *cdat = t->data; 598 599 OPENSSL_free(cdat->key); 600 OPENSSL_free(cdat->iv); 601 OPENSSL_free(cdat->next_iv); 602 OPENSSL_free(cdat->ciphertext); 603 OPENSSL_free(cdat->plaintext); 604 for (i = 0; i < AAD_NUM; i++) 605 OPENSSL_free(cdat->aad[i]); 606 OPENSSL_free(cdat->tag); 607 OPENSSL_free(cdat->mac_key); 608 EVP_CIPHER_free(cdat->fetched_cipher); 609 } 610 611 static int cipher_test_parse(EVP_TEST *t, const char *keyword, 612 const char *value) 613 { 614 CIPHER_DATA *cdat = t->data; 615 int i; 616 617 if (strcmp(keyword, "Key") == 0) 618 return parse_bin(value, &cdat->key, &cdat->key_len); 619 if (strcmp(keyword, "Rounds") == 0) { 620 i = atoi(value); 621 if (i < 0) 622 return -1; 623 cdat->rounds = (unsigned int)i; 624 return 1; 625 } 626 if (strcmp(keyword, "IV") == 0) 627 return parse_bin(value, &cdat->iv, &cdat->iv_len); 628 if (strcmp(keyword, "NextIV") == 0) 629 return parse_bin(value, &cdat->next_iv, &cdat->iv_len); 630 if (strcmp(keyword, "Plaintext") == 0) 631 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len); 632 if (strcmp(keyword, "Ciphertext") == 0) 633 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); 634 if (strcmp(keyword, "KeyBits") == 0) { 635 i = atoi(value); 636 if (i < 0) 637 return -1; 638 cdat->key_bits = (size_t)i; 639 return 1; 640 } 641 if (cdat->aead) { 642 int tls_aad = 0; 643 644 if (strcmp(keyword, "TLSAAD") == 0) 645 cdat->tls_aad = tls_aad = 1; 646 if (strcmp(keyword, "AAD") == 0 || tls_aad) { 647 for (i = 0; i < AAD_NUM; i++) { 648 if (cdat->aad[i] == NULL) 649 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]); 650 } 651 return -1; 652 } 653 if (strcmp(keyword, "Tag") == 0) 654 return parse_bin(value, &cdat->tag, &cdat->tag_len); 655 if (strcmp(keyword, "SetTagLate") == 0) { 656 if (strcmp(value, "TRUE") == 0) 657 cdat->tag_late = 1; 658 else if (strcmp(value, "FALSE") == 0) 659 cdat->tag_late = 0; 660 else 661 return -1; 662 return 1; 663 } 664 if (strcmp(keyword, "MACKey") == 0) 665 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len); 666 if (strcmp(keyword, "TLSVersion") == 0) { 667 char *endptr; 668 669 cdat->tls_version = (int)strtol(value, &endptr, 0); 670 return value[0] != '\0' && endptr[0] == '\0'; 671 } 672 } 673 674 if (strcmp(keyword, "Operation") == 0) { 675 if (strcmp(value, "ENCRYPT") == 0) 676 cdat->enc = 1; 677 else if (strcmp(value, "DECRYPT") == 0) 678 cdat->enc = 0; 679 else 680 return -1; 681 return 1; 682 } 683 if (strcmp(keyword, "CTSMode") == 0) { 684 cdat->cts_mode = value; 685 return 1; 686 } 687 return 0; 688 } 689 690 static int cipher_test_enc(EVP_TEST *t, int enc, 691 size_t out_misalign, size_t inp_misalign, int frag) 692 { 693 CIPHER_DATA *expected = t->data; 694 unsigned char *in, *expected_out, *tmp = NULL; 695 size_t in_len, out_len, donelen = 0; 696 int ok = 0, tmplen, chunklen, tmpflen, i; 697 EVP_CIPHER_CTX *ctx_base = NULL; 698 EVP_CIPHER_CTX *ctx = NULL; 699 700 t->err = "TEST_FAILURE"; 701 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new())) 702 goto err; 703 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 704 goto err; 705 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); 706 if (enc) { 707 in = expected->plaintext; 708 in_len = expected->plaintext_len; 709 expected_out = expected->ciphertext; 710 out_len = expected->ciphertext_len; 711 } else { 712 in = expected->ciphertext; 713 in_len = expected->ciphertext_len; 714 expected_out = expected->plaintext; 715 out_len = expected->plaintext_len; 716 } 717 if (inp_misalign == (size_t)-1) { 718 /* Exercise in-place encryption */ 719 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH); 720 if (!tmp) 721 goto err; 722 in = memcpy(tmp + out_misalign, in, in_len); 723 } else { 724 inp_misalign += 16 - ((out_misalign + in_len) & 15); 725 /* 726 * 'tmp' will store both output and copy of input. We make the copy 727 * of input to specifically aligned part of 'tmp'. So we just 728 * figured out how much padding would ensure the required alignment, 729 * now we allocate extended buffer and finally copy the input just 730 * past inp_misalign in expression below. Output will be written 731 * past out_misalign... 732 */ 733 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + 734 inp_misalign + in_len); 735 if (!tmp) 736 goto err; 737 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + 738 inp_misalign, in, in_len); 739 } 740 if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) { 741 t->err = "CIPHERINIT_ERROR"; 742 goto err; 743 } 744 if (expected->cts_mode != NULL) { 745 OSSL_PARAM params[2]; 746 747 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, 748 (char *)(intptr_t)expected->cts_mode, 749 0); 750 params[1] = OSSL_PARAM_construct_end(); 751 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) { 752 t->err = "INVALID_CTS_MODE"; 753 goto err; 754 } 755 } 756 if (expected->iv) { 757 if (expected->aead) { 758 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, 759 expected->iv_len, 0) <= 0) { 760 t->err = "INVALID_IV_LENGTH"; 761 goto err; 762 } 763 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) { 764 t->err = "INVALID_IV_LENGTH"; 765 goto err; 766 } 767 } 768 if (expected->aead && !expected->tls_aad) { 769 unsigned char *tag; 770 /* 771 * If encrypting or OCB just set tag length initially, otherwise 772 * set tag length and value. 773 */ 774 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) { 775 t->err = "TAG_LENGTH_SET_ERROR"; 776 tag = NULL; 777 } else { 778 t->err = "TAG_SET_ERROR"; 779 tag = expected->tag; 780 } 781 if (tag || expected->aead != EVP_CIPH_GCM_MODE) { 782 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, 783 expected->tag_len, tag) <= 0) 784 goto err; 785 } 786 } 787 788 if (expected->rounds > 0) { 789 int rounds = (int)expected->rounds; 790 791 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) { 792 t->err = "INVALID_ROUNDS"; 793 goto err; 794 } 795 } 796 797 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) { 798 t->err = "INVALID_KEY_LENGTH"; 799 goto err; 800 } 801 if (expected->key_bits > 0) { 802 int bits = (int)expected->key_bits; 803 804 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) { 805 t->err = "INVALID KEY BITS"; 806 goto err; 807 } 808 } 809 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) { 810 t->err = "KEY_SET_ERROR"; 811 goto err; 812 } 813 814 /* Check that we get the same IV back */ 815 if (expected->iv != NULL) { 816 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ 817 unsigned char iv[128]; 818 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv))) 819 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 820 && !TEST_mem_eq(expected->iv, expected->iv_len, iv, 821 expected->iv_len))) { 822 t->err = "INVALID_IV"; 823 goto err; 824 } 825 } 826 827 /* Test that the cipher dup functions correctly if it is supported */ 828 ERR_set_mark(); 829 if (EVP_CIPHER_CTX_copy(ctx, ctx_base)) { 830 EVP_CIPHER_CTX_free(ctx_base); 831 ctx_base = NULL; 832 } else { 833 EVP_CIPHER_CTX_free(ctx); 834 ctx = ctx_base; 835 } 836 ERR_pop_to_mark(); 837 838 if (expected->mac_key != NULL 839 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, 840 (int)expected->mac_key_len, 841 (void *)expected->mac_key) <= 0) { 842 t->err = "SET_MAC_KEY_ERROR"; 843 goto err; 844 } 845 846 if (expected->tls_version) { 847 OSSL_PARAM params[2]; 848 849 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, 850 &expected->tls_version); 851 params[1] = OSSL_PARAM_construct_end(); 852 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 853 t->err = "SET_TLS_VERSION_ERROR"; 854 goto err; 855 } 856 } 857 858 if (expected->aead == EVP_CIPH_CCM_MODE) { 859 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { 860 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; 861 goto err; 862 } 863 } 864 if (expected->aad[0] != NULL && !expected->tls_aad) { 865 t->err = "AAD_SET_ERROR"; 866 if (!frag) { 867 for (i = 0; expected->aad[i] != NULL; i++) { 868 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 869 expected->aad_len[i])) 870 goto err; 871 } 872 } else { 873 /* 874 * Supply the AAD in chunks less than the block size where possible 875 */ 876 for (i = 0; expected->aad[i] != NULL; i++) { 877 if (expected->aad_len[i] > 0) { 878 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1)) 879 goto err; 880 donelen++; 881 } 882 if (expected->aad_len[i] > 2) { 883 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, 884 expected->aad[i] + donelen, 885 expected->aad_len[i] - 2)) 886 goto err; 887 donelen += expected->aad_len[i] - 2; 888 } 889 if (expected->aad_len[i] > 1 890 && !EVP_CipherUpdate(ctx, NULL, &chunklen, 891 expected->aad[i] + donelen, 1)) 892 goto err; 893 } 894 } 895 } 896 897 if (expected->tls_aad) { 898 OSSL_PARAM params[2]; 899 char *tls_aad; 900 901 /* duplicate the aad as the implementation might modify it */ 902 if ((tls_aad = OPENSSL_memdup(expected->aad[0], 903 expected->aad_len[0])) == NULL) 904 goto err; 905 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, 906 tls_aad, 907 expected->aad_len[0]); 908 params[1] = OSSL_PARAM_construct_end(); 909 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 910 OPENSSL_free(tls_aad); 911 t->err = "TLS1_AAD_ERROR"; 912 goto err; 913 } 914 OPENSSL_free(tls_aad); 915 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE 916 || expected->tag_late)) { 917 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 918 expected->tag_len, expected->tag) <= 0) { 919 t->err = "TAG_SET_ERROR"; 920 goto err; 921 } 922 } 923 924 EVP_CIPHER_CTX_set_padding(ctx, 0); 925 t->err = "CIPHERUPDATE_ERROR"; 926 tmplen = 0; 927 if (!frag) { 928 /* We supply the data all in one go */ 929 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len)) 930 goto err; 931 } else { 932 /* Supply the data in chunks less than the block size where possible */ 933 if (in_len > 0) { 934 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1)) 935 goto err; 936 tmplen += chunklen; 937 in++; 938 in_len--; 939 } 940 if (in_len > 1) { 941 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 942 in, in_len - 1)) 943 goto err; 944 tmplen += chunklen; 945 in += in_len - 1; 946 in_len = 1; 947 } 948 if (in_len > 0 ) { 949 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 950 in, 1)) 951 goto err; 952 tmplen += chunklen; 953 } 954 } 955 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) { 956 t->err = "CIPHERFINAL_ERROR"; 957 goto err; 958 } 959 if (!enc && expected->tls_aad) { 960 if (expected->tls_version >= TLS1_1_VERSION 961 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1") 962 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) { 963 tmplen -= expected->iv_len; 964 expected_out += expected->iv_len; 965 out_misalign += expected->iv_len; 966 } 967 if ((int)out_len > tmplen + tmpflen) 968 out_len = tmplen + tmpflen; 969 } 970 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len, 971 tmp + out_misalign, tmplen + tmpflen)) 972 goto err; 973 if (enc && expected->aead && !expected->tls_aad) { 974 unsigned char rtag[16]; 975 976 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) { 977 t->err = "TAG_LENGTH_INTERNAL_ERROR"; 978 goto err; 979 } 980 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 981 expected->tag_len, rtag) <= 0) { 982 t->err = "TAG_RETRIEVE_ERROR"; 983 goto err; 984 } 985 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH", 986 expected->tag, expected->tag_len, 987 rtag, expected->tag_len)) 988 goto err; 989 } 990 /* Check the updated IV */ 991 if (expected->next_iv != NULL) { 992 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ 993 unsigned char iv[128]; 994 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 995 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 996 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv, 997 expected->iv_len))) { 998 t->err = "INVALID_NEXT_IV"; 999 goto err; 1000 } 1001 } 1002 1003 t->err = NULL; 1004 ok = 1; 1005 err: 1006 OPENSSL_free(tmp); 1007 if (ctx != ctx_base) 1008 EVP_CIPHER_CTX_free(ctx_base); 1009 EVP_CIPHER_CTX_free(ctx); 1010 return ok; 1011 } 1012 1013 static int cipher_test_run(EVP_TEST *t) 1014 { 1015 CIPHER_DATA *cdat = t->data; 1016 int rv, frag = 0; 1017 size_t out_misalign, inp_misalign; 1018 1019 if (!cdat->key) { 1020 t->err = "NO_KEY"; 1021 return 0; 1022 } 1023 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) { 1024 /* IV is optional and usually omitted in wrap mode */ 1025 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { 1026 t->err = "NO_IV"; 1027 return 0; 1028 } 1029 } 1030 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) { 1031 t->err = "NO_TAG"; 1032 return 0; 1033 } 1034 for (out_misalign = 0; out_misalign <= 1;) { 1035 static char aux_err[64]; 1036 t->aux_err = aux_err; 1037 for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) { 1038 if (inp_misalign == (size_t)-1) { 1039 /* kludge: inp_misalign == -1 means "exercise in-place" */ 1040 BIO_snprintf(aux_err, sizeof(aux_err), 1041 "%s in-place, %sfragmented", 1042 out_misalign ? "misaligned" : "aligned", 1043 frag ? "" : "not "); 1044 } else { 1045 BIO_snprintf(aux_err, sizeof(aux_err), 1046 "%s output and %s input, %sfragmented", 1047 out_misalign ? "misaligned" : "aligned", 1048 inp_misalign ? "misaligned" : "aligned", 1049 frag ? "" : "not "); 1050 } 1051 if (cdat->enc) { 1052 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag); 1053 /* Not fatal errors: return */ 1054 if (rv != 1) { 1055 if (rv < 0) 1056 return 0; 1057 return 1; 1058 } 1059 } 1060 if (cdat->enc != 1) { 1061 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag); 1062 /* Not fatal errors: return */ 1063 if (rv != 1) { 1064 if (rv < 0) 1065 return 0; 1066 return 1; 1067 } 1068 } 1069 } 1070 1071 if (out_misalign == 1 && frag == 0) { 1072 /* 1073 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special 1074 * requirements about input lengths so we don't fragment for those 1075 */ 1076 if (cdat->aead == EVP_CIPH_CCM_MODE 1077 || cdat->aead == EVP_CIPH_CBC_MODE 1078 || (cdat->aead == -1 1079 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER) 1080 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) 1081 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE 1082 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE 1083 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) 1084 break; 1085 out_misalign = 0; 1086 frag++; 1087 } else { 1088 out_misalign++; 1089 } 1090 } 1091 t->aux_err = NULL; 1092 1093 return 1; 1094 } 1095 1096 static const EVP_TEST_METHOD cipher_test_method = { 1097 "Cipher", 1098 cipher_test_init, 1099 cipher_test_cleanup, 1100 cipher_test_parse, 1101 cipher_test_run 1102 }; 1103 1104 1105 /** 1106 ** MAC TESTS 1107 **/ 1108 1109 typedef struct mac_data_st { 1110 /* MAC type in one form or another */ 1111 char *mac_name; 1112 EVP_MAC *mac; /* for mac_test_run_mac */ 1113 int type; /* for mac_test_run_pkey */ 1114 /* Algorithm string for this MAC */ 1115 char *alg; 1116 /* MAC key */ 1117 unsigned char *key; 1118 size_t key_len; 1119 /* MAC IV (GMAC) */ 1120 unsigned char *iv; 1121 size_t iv_len; 1122 /* Input to MAC */ 1123 unsigned char *input; 1124 size_t input_len; 1125 /* Expected output */ 1126 unsigned char *output; 1127 size_t output_len; 1128 unsigned char *custom; 1129 size_t custom_len; 1130 /* MAC salt (blake2) */ 1131 unsigned char *salt; 1132 size_t salt_len; 1133 /* XOF mode? */ 1134 int xof; 1135 /* Reinitialization fails */ 1136 int no_reinit; 1137 /* Collection of controls */ 1138 STACK_OF(OPENSSL_STRING) *controls; 1139 /* Output size */ 1140 int output_size; 1141 /* Block size */ 1142 int block_size; 1143 } MAC_DATA; 1144 1145 static int mac_test_init(EVP_TEST *t, const char *alg) 1146 { 1147 EVP_MAC *mac = NULL; 1148 int type = NID_undef; 1149 MAC_DATA *mdat; 1150 1151 if (is_mac_disabled(alg)) { 1152 TEST_info("skipping, '%s' is disabled", alg); 1153 t->skip = 1; 1154 return 1; 1155 } 1156 if ((mac = EVP_MAC_fetch(libctx, alg, NULL)) == NULL) { 1157 /* 1158 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods 1159 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running 1160 * the EVP_PKEY method. 1161 */ 1162 size_t sz = strlen(alg); 1163 static const char epilogue[] = " by EVP_PKEY"; 1164 1165 if (sz >= sizeof(epilogue) 1166 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0) 1167 sz -= sizeof(epilogue) - 1; 1168 1169 if (strncmp(alg, "HMAC", sz) == 0) 1170 type = EVP_PKEY_HMAC; 1171 else if (strncmp(alg, "CMAC", sz) == 0) 1172 type = EVP_PKEY_CMAC; 1173 else if (strncmp(alg, "Poly1305", sz) == 0) 1174 type = EVP_PKEY_POLY1305; 1175 else if (strncmp(alg, "SipHash", sz) == 0) 1176 type = EVP_PKEY_SIPHASH; 1177 else 1178 return 0; 1179 } 1180 1181 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 1182 return 0; 1183 1184 mdat->type = type; 1185 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) { 1186 OPENSSL_free(mdat); 1187 return 0; 1188 } 1189 1190 mdat->mac = mac; 1191 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) { 1192 OPENSSL_free(mdat->mac_name); 1193 OPENSSL_free(mdat); 1194 return 0; 1195 } 1196 1197 mdat->output_size = mdat->block_size = -1; 1198 t->data = mdat; 1199 return 1; 1200 } 1201 1202 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ 1203 static void openssl_free(char *m) 1204 { 1205 OPENSSL_free(m); 1206 } 1207 1208 static void mac_test_cleanup(EVP_TEST *t) 1209 { 1210 MAC_DATA *mdat = t->data; 1211 1212 EVP_MAC_free(mdat->mac); 1213 OPENSSL_free(mdat->mac_name); 1214 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free); 1215 OPENSSL_free(mdat->alg); 1216 OPENSSL_free(mdat->key); 1217 OPENSSL_free(mdat->iv); 1218 OPENSSL_free(mdat->custom); 1219 OPENSSL_free(mdat->salt); 1220 OPENSSL_free(mdat->input); 1221 OPENSSL_free(mdat->output); 1222 } 1223 1224 static int mac_test_parse(EVP_TEST *t, 1225 const char *keyword, const char *value) 1226 { 1227 MAC_DATA *mdata = t->data; 1228 1229 if (strcmp(keyword, "Key") == 0) 1230 return parse_bin(value, &mdata->key, &mdata->key_len); 1231 if (strcmp(keyword, "IV") == 0) 1232 return parse_bin(value, &mdata->iv, &mdata->iv_len); 1233 if (strcmp(keyword, "Custom") == 0) 1234 return parse_bin(value, &mdata->custom, &mdata->custom_len); 1235 if (strcmp(keyword, "Salt") == 0) 1236 return parse_bin(value, &mdata->salt, &mdata->salt_len); 1237 if (strcmp(keyword, "Algorithm") == 0) { 1238 mdata->alg = OPENSSL_strdup(value); 1239 if (mdata->alg == NULL) 1240 return -1; 1241 return 1; 1242 } 1243 if (strcmp(keyword, "Input") == 0) 1244 return parse_bin(value, &mdata->input, &mdata->input_len); 1245 if (strcmp(keyword, "Output") == 0) 1246 return parse_bin(value, &mdata->output, &mdata->output_len); 1247 if (strcmp(keyword, "XOF") == 0) 1248 return mdata->xof = 1; 1249 if (strcmp(keyword, "NoReinit") == 0) 1250 return mdata->no_reinit = 1; 1251 if (strcmp(keyword, "Ctrl") == 0) { 1252 char *data = OPENSSL_strdup(value); 1253 1254 if (data == NULL) 1255 return -1; 1256 return sk_OPENSSL_STRING_push(mdata->controls, data) != 0; 1257 } 1258 if (strcmp(keyword, "OutputSize") == 0) { 1259 mdata->output_size = atoi(value); 1260 if (mdata->output_size < 0) 1261 return -1; 1262 return 1; 1263 } 1264 if (strcmp(keyword, "BlockSize") == 0) { 1265 mdata->block_size = atoi(value); 1266 if (mdata->block_size < 0) 1267 return -1; 1268 return 1; 1269 } 1270 return 0; 1271 } 1272 1273 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, 1274 const char *value) 1275 { 1276 int rv = 0; 1277 char *p, *tmpval; 1278 1279 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 1280 return 0; 1281 p = strchr(tmpval, ':'); 1282 if (p != NULL) { 1283 *p++ = '\0'; 1284 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 1285 } 1286 if (rv == -2) 1287 t->err = "PKEY_CTRL_INVALID"; 1288 else if (rv <= 0) 1289 t->err = "PKEY_CTRL_ERROR"; 1290 else 1291 rv = 1; 1292 OPENSSL_free(tmpval); 1293 return rv > 0; 1294 } 1295 1296 static int mac_test_run_pkey(EVP_TEST *t) 1297 { 1298 MAC_DATA *expected = t->data; 1299 EVP_MD_CTX *mctx = NULL; 1300 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; 1301 EVP_PKEY *key = NULL; 1302 const char *mdname = NULL; 1303 EVP_CIPHER *cipher = NULL; 1304 unsigned char *got = NULL; 1305 size_t got_len; 1306 int i; 1307 1308 /* We don't do XOF mode via PKEY */ 1309 if (expected->xof) 1310 return 1; 1311 1312 if (expected->alg == NULL) 1313 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type)); 1314 else 1315 TEST_info("Trying the EVP_PKEY %s test with %s", 1316 OBJ_nid2sn(expected->type), expected->alg); 1317 1318 if (expected->type == EVP_PKEY_CMAC) { 1319 #ifdef OPENSSL_NO_DEPRECATED_3_0 1320 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg); 1321 t->skip = 1; 1322 t->err = NULL; 1323 goto err; 1324 #else 1325 OSSL_LIB_CTX *tmpctx; 1326 1327 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) { 1328 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg); 1329 t->skip = 1; 1330 t->err = NULL; 1331 goto err; 1332 } 1333 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, NULL))) { 1334 t->err = "MAC_KEY_CREATE_ERROR"; 1335 goto err; 1336 } 1337 tmpctx = OSSL_LIB_CTX_set0_default(libctx); 1338 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, 1339 cipher); 1340 OSSL_LIB_CTX_set0_default(tmpctx); 1341 #endif 1342 } else { 1343 key = EVP_PKEY_new_raw_private_key_ex(libctx, 1344 OBJ_nid2sn(expected->type), NULL, 1345 expected->key, expected->key_len); 1346 } 1347 if (key == NULL) { 1348 t->err = "MAC_KEY_CREATE_ERROR"; 1349 goto err; 1350 } 1351 1352 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) { 1353 if (is_digest_disabled(expected->alg)) { 1354 TEST_info("skipping, HMAC '%s' is disabled", expected->alg); 1355 t->skip = 1; 1356 t->err = NULL; 1357 goto err; 1358 } 1359 mdname = expected->alg; 1360 } 1361 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) { 1362 t->err = "INTERNAL_ERROR"; 1363 goto err; 1364 } 1365 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) { 1366 t->err = "DIGESTSIGNINIT_ERROR"; 1367 goto err; 1368 } 1369 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) 1370 if (!mac_test_ctrl_pkey(t, pctx, 1371 sk_OPENSSL_STRING_value(expected->controls, 1372 i))) { 1373 t->err = "EVPPKEYCTXCTRL_ERROR"; 1374 goto err; 1375 } 1376 if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) { 1377 t->err = "DIGESTSIGNUPDATE_ERROR"; 1378 goto err; 1379 } 1380 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) { 1381 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 1382 goto err; 1383 } 1384 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1385 t->err = "TEST_FAILURE"; 1386 goto err; 1387 } 1388 if (!EVP_DigestSignFinal(mctx, got, &got_len) 1389 || !memory_err_compare(t, "TEST_MAC_ERR", 1390 expected->output, expected->output_len, 1391 got, got_len)) { 1392 t->err = "TEST_MAC_ERR"; 1393 goto err; 1394 } 1395 t->err = NULL; 1396 err: 1397 EVP_CIPHER_free(cipher); 1398 EVP_MD_CTX_free(mctx); 1399 OPENSSL_free(got); 1400 EVP_PKEY_CTX_free(genctx); 1401 EVP_PKEY_free(key); 1402 return 1; 1403 } 1404 1405 static int mac_test_run_mac(EVP_TEST *t) 1406 { 1407 MAC_DATA *expected = t->data; 1408 EVP_MAC_CTX *ctx = NULL; 1409 unsigned char *got = NULL; 1410 size_t got_len = 0, size = 0; 1411 int i, block_size = -1, output_size = -1; 1412 OSSL_PARAM params[21], sizes[3], *psizes = sizes; 1413 size_t params_n = 0; 1414 size_t params_n_allocstart = 0; 1415 const OSSL_PARAM *defined_params = 1416 EVP_MAC_settable_ctx_params(expected->mac); 1417 int xof; 1418 int reinit = 1; 1419 1420 if (expected->alg == NULL) 1421 TEST_info("Trying the EVP_MAC %s test", expected->mac_name); 1422 else 1423 TEST_info("Trying the EVP_MAC %s test with %s", 1424 expected->mac_name, expected->alg); 1425 1426 if (expected->alg != NULL) { 1427 int skip = 0; 1428 1429 /* 1430 * The underlying algorithm may be a cipher or a digest. 1431 * We don't know which it is, but we can ask the MAC what it 1432 * should be and bet on that. 1433 */ 1434 if (OSSL_PARAM_locate_const(defined_params, 1435 OSSL_MAC_PARAM_CIPHER) != NULL) { 1436 if (is_cipher_disabled(expected->alg)) 1437 skip = 1; 1438 else 1439 params[params_n++] = 1440 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, 1441 expected->alg, 0); 1442 } else if (OSSL_PARAM_locate_const(defined_params, 1443 OSSL_MAC_PARAM_DIGEST) != NULL) { 1444 if (is_digest_disabled(expected->alg)) 1445 skip = 1; 1446 else 1447 params[params_n++] = 1448 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, 1449 expected->alg, 0); 1450 } else { 1451 t->err = "MAC_BAD_PARAMS"; 1452 goto err; 1453 } 1454 if (skip) { 1455 TEST_info("skipping, algorithm '%s' is disabled", expected->alg); 1456 t->skip = 1; 1457 t->err = NULL; 1458 goto err; 1459 } 1460 } 1461 if (expected->custom != NULL) 1462 params[params_n++] = 1463 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, 1464 expected->custom, 1465 expected->custom_len); 1466 if (expected->salt != NULL) 1467 params[params_n++] = 1468 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT, 1469 expected->salt, 1470 expected->salt_len); 1471 if (expected->iv != NULL) 1472 params[params_n++] = 1473 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, 1474 expected->iv, 1475 expected->iv_len); 1476 1477 /* Unknown controls. They must match parameters that the MAC recognizes */ 1478 if (params_n + sk_OPENSSL_STRING_num(expected->controls) 1479 >= OSSL_NELEM(params)) { 1480 t->err = "MAC_TOO_MANY_PARAMETERS"; 1481 goto err; 1482 } 1483 params_n_allocstart = params_n; 1484 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) { 1485 char *tmpkey, *tmpval; 1486 char *value = sk_OPENSSL_STRING_value(expected->controls, i); 1487 1488 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) { 1489 t->err = "MAC_PARAM_ERROR"; 1490 goto err; 1491 } 1492 tmpval = strchr(tmpkey, ':'); 1493 if (tmpval != NULL) 1494 *tmpval++ = '\0'; 1495 1496 if (tmpval == NULL 1497 || !OSSL_PARAM_allocate_from_text(¶ms[params_n], 1498 defined_params, 1499 tmpkey, tmpval, 1500 strlen(tmpval), NULL)) { 1501 OPENSSL_free(tmpkey); 1502 t->err = "MAC_PARAM_ERROR"; 1503 goto err; 1504 } 1505 params_n++; 1506 1507 OPENSSL_free(tmpkey); 1508 } 1509 params[params_n] = OSSL_PARAM_construct_end(); 1510 1511 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { 1512 t->err = "MAC_CREATE_ERROR"; 1513 goto err; 1514 } 1515 1516 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) { 1517 t->err = "MAC_INIT_ERROR"; 1518 goto err; 1519 } 1520 if (expected->output_size >= 0) 1521 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, 1522 &output_size); 1523 if (expected->block_size >= 0) 1524 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE, 1525 &block_size); 1526 if (psizes != sizes) { 1527 *psizes = OSSL_PARAM_construct_end(); 1528 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) { 1529 t->err = "INTERNAL_ERROR"; 1530 goto err; 1531 } 1532 if (expected->output_size >= 0 1533 && !TEST_int_eq(output_size, expected->output_size)) { 1534 t->err = "TEST_FAILURE"; 1535 goto err; 1536 } 1537 if (expected->block_size >= 0 1538 && !TEST_int_eq(block_size, expected->block_size)) { 1539 t->err = "TEST_FAILURE"; 1540 goto err; 1541 } 1542 } 1543 retry: 1544 if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) { 1545 t->err = "MAC_UPDATE_ERROR"; 1546 goto err; 1547 } 1548 xof = expected->xof; 1549 if (xof) { 1550 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) { 1551 t->err = "TEST_FAILURE"; 1552 goto err; 1553 } 1554 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len) 1555 || !memory_err_compare(t, "TEST_MAC_ERR", 1556 expected->output, expected->output_len, 1557 got, expected->output_len)) { 1558 t->err = "MAC_FINAL_ERROR"; 1559 goto err; 1560 } 1561 } else { 1562 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) { 1563 t->err = "MAC_FINAL_LENGTH_ERROR"; 1564 goto err; 1565 } 1566 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1567 t->err = "TEST_FAILURE"; 1568 goto err; 1569 } 1570 if (!EVP_MAC_final(ctx, got, &got_len, got_len) 1571 || !memory_err_compare(t, "TEST_MAC_ERR", 1572 expected->output, expected->output_len, 1573 got, got_len)) { 1574 t->err = "TEST_MAC_ERR"; 1575 goto err; 1576 } 1577 } 1578 /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */ 1579 if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) { 1580 OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 1581 int ret; 1582 1583 /* If the MAC uses IV, we have to set it again */ 1584 if (expected->iv != NULL) { 1585 ivparams[0] = 1586 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, 1587 expected->iv, 1588 expected->iv_len); 1589 ivparams[1] = OSSL_PARAM_construct_end(); 1590 } 1591 ERR_set_mark(); 1592 ret = EVP_MAC_init(ctx, NULL, 0, ivparams); 1593 if (expected->no_reinit) { 1594 if (ret) { 1595 ERR_clear_last_mark(); 1596 t->err = "MAC_REINIT_SHOULD_FAIL"; 1597 goto err; 1598 } 1599 } else if (ret) { 1600 ERR_clear_last_mark(); 1601 OPENSSL_free(got); 1602 got = NULL; 1603 goto retry; 1604 } else { 1605 ERR_clear_last_mark(); 1606 t->err = "MAC_REINIT_ERROR"; 1607 goto err; 1608 } 1609 /* If reinitialization fails, it is unsupported by the algorithm */ 1610 ERR_pop_to_mark(); 1611 } 1612 t->err = NULL; 1613 1614 /* Test the EVP_Q_mac interface as well */ 1615 if (!xof) { 1616 OPENSSL_cleanse(got, got_len); 1617 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL, 1618 expected->alg, params, 1619 expected->key, expected->key_len, 1620 expected->input, expected->input_len, 1621 got, got_len, &size)) 1622 || !TEST_mem_eq(got, size, 1623 expected->output, expected->output_len)) { 1624 t->err = "EVP_Q_mac failed"; 1625 goto err; 1626 } 1627 } 1628 err: 1629 while (params_n-- > params_n_allocstart) { 1630 OPENSSL_free(params[params_n].data); 1631 } 1632 EVP_MAC_CTX_free(ctx); 1633 OPENSSL_free(got); 1634 return 1; 1635 } 1636 1637 static int mac_test_run(EVP_TEST *t) 1638 { 1639 MAC_DATA *expected = t->data; 1640 1641 if (expected->mac != NULL) 1642 return mac_test_run_mac(t); 1643 return mac_test_run_pkey(t); 1644 } 1645 1646 static const EVP_TEST_METHOD mac_test_method = { 1647 "MAC", 1648 mac_test_init, 1649 mac_test_cleanup, 1650 mac_test_parse, 1651 mac_test_run 1652 }; 1653 1654 1655 /** 1656 ** PUBLIC KEY TESTS 1657 ** These are all very similar and share much common code. 1658 **/ 1659 1660 typedef struct pkey_data_st { 1661 /* Context for this operation */ 1662 EVP_PKEY_CTX *ctx; 1663 /* Key operation to perform */ 1664 int (*keyop) (EVP_PKEY_CTX *ctx, 1665 unsigned char *sig, size_t *siglen, 1666 const unsigned char *tbs, size_t tbslen); 1667 /* Input to MAC */ 1668 unsigned char *input; 1669 size_t input_len; 1670 /* Expected output */ 1671 unsigned char *output; 1672 size_t output_len; 1673 } PKEY_DATA; 1674 1675 /* 1676 * Perform public key operation setup: lookup key, allocated ctx and call 1677 * the appropriate initialisation function 1678 */ 1679 static int pkey_test_init(EVP_TEST *t, const char *name, 1680 int use_public, 1681 int (*keyopinit) (EVP_PKEY_CTX *ctx), 1682 int (*keyop)(EVP_PKEY_CTX *ctx, 1683 unsigned char *sig, size_t *siglen, 1684 const unsigned char *tbs, 1685 size_t tbslen)) 1686 { 1687 PKEY_DATA *kdata; 1688 EVP_PKEY *pkey = NULL; 1689 int rv = 0; 1690 1691 if (use_public) 1692 rv = find_key(&pkey, name, public_keys); 1693 if (rv == 0) 1694 rv = find_key(&pkey, name, private_keys); 1695 if (rv == 0 || pkey == NULL) { 1696 TEST_info("skipping, key '%s' is disabled", name); 1697 t->skip = 1; 1698 return 1; 1699 } 1700 1701 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) { 1702 EVP_PKEY_free(pkey); 1703 return 0; 1704 } 1705 kdata->keyop = keyop; 1706 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL))) { 1707 EVP_PKEY_free(pkey); 1708 OPENSSL_free(kdata); 1709 return 0; 1710 } 1711 if (keyopinit(kdata->ctx) <= 0) 1712 t->err = "KEYOP_INIT_ERROR"; 1713 t->data = kdata; 1714 return 1; 1715 } 1716 1717 static void pkey_test_cleanup(EVP_TEST *t) 1718 { 1719 PKEY_DATA *kdata = t->data; 1720 1721 OPENSSL_free(kdata->input); 1722 OPENSSL_free(kdata->output); 1723 EVP_PKEY_CTX_free(kdata->ctx); 1724 } 1725 1726 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, 1727 const char *value) 1728 { 1729 int rv = 0; 1730 char *p, *tmpval; 1731 1732 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 1733 return 0; 1734 p = strchr(tmpval, ':'); 1735 if (p != NULL) { 1736 *p++ = '\0'; 1737 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 1738 } 1739 if (rv == -2) { 1740 t->err = "PKEY_CTRL_INVALID"; 1741 rv = 1; 1742 } else if (p != NULL && rv <= 0) { 1743 if (is_digest_disabled(p) || is_cipher_disabled(p)) { 1744 TEST_info("skipping, '%s' is disabled", p); 1745 t->skip = 1; 1746 rv = 1; 1747 } else { 1748 t->err = "PKEY_CTRL_ERROR"; 1749 rv = 1; 1750 } 1751 } 1752 OPENSSL_free(tmpval); 1753 return rv > 0; 1754 } 1755 1756 static int pkey_test_parse(EVP_TEST *t, 1757 const char *keyword, const char *value) 1758 { 1759 PKEY_DATA *kdata = t->data; 1760 if (strcmp(keyword, "Input") == 0) 1761 return parse_bin(value, &kdata->input, &kdata->input_len); 1762 if (strcmp(keyword, "Output") == 0) 1763 return parse_bin(value, &kdata->output, &kdata->output_len); 1764 if (strcmp(keyword, "Ctrl") == 0) 1765 return pkey_test_ctrl(t, kdata->ctx, value); 1766 return 0; 1767 } 1768 1769 static int pkey_test_run(EVP_TEST *t) 1770 { 1771 PKEY_DATA *expected = t->data; 1772 unsigned char *got = NULL; 1773 size_t got_len; 1774 EVP_PKEY_CTX *copy = NULL; 1775 1776 if (expected->keyop(expected->ctx, NULL, &got_len, 1777 expected->input, expected->input_len) <= 0 1778 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { 1779 t->err = "KEYOP_LENGTH_ERROR"; 1780 goto err; 1781 } 1782 if (expected->keyop(expected->ctx, got, &got_len, 1783 expected->input, expected->input_len) <= 0) { 1784 t->err = "KEYOP_ERROR"; 1785 goto err; 1786 } 1787 if (!memory_err_compare(t, "KEYOP_MISMATCH", 1788 expected->output, expected->output_len, 1789 got, got_len)) 1790 goto err; 1791 1792 t->err = NULL; 1793 OPENSSL_free(got); 1794 got = NULL; 1795 1796 /* Repeat the test on a copy. */ 1797 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { 1798 t->err = "INTERNAL_ERROR"; 1799 goto err; 1800 } 1801 if (expected->keyop(copy, NULL, &got_len, expected->input, 1802 expected->input_len) <= 0 1803 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { 1804 t->err = "KEYOP_LENGTH_ERROR"; 1805 goto err; 1806 } 1807 if (expected->keyop(copy, got, &got_len, expected->input, 1808 expected->input_len) <= 0) { 1809 t->err = "KEYOP_ERROR"; 1810 goto err; 1811 } 1812 if (!memory_err_compare(t, "KEYOP_MISMATCH", 1813 expected->output, expected->output_len, 1814 got, got_len)) 1815 goto err; 1816 1817 err: 1818 OPENSSL_free(got); 1819 EVP_PKEY_CTX_free(copy); 1820 return 1; 1821 } 1822 1823 static int sign_test_init(EVP_TEST *t, const char *name) 1824 { 1825 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign); 1826 } 1827 1828 static const EVP_TEST_METHOD psign_test_method = { 1829 "Sign", 1830 sign_test_init, 1831 pkey_test_cleanup, 1832 pkey_test_parse, 1833 pkey_test_run 1834 }; 1835 1836 static int verify_recover_test_init(EVP_TEST *t, const char *name) 1837 { 1838 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, 1839 EVP_PKEY_verify_recover); 1840 } 1841 1842 static const EVP_TEST_METHOD pverify_recover_test_method = { 1843 "VerifyRecover", 1844 verify_recover_test_init, 1845 pkey_test_cleanup, 1846 pkey_test_parse, 1847 pkey_test_run 1848 }; 1849 1850 static int decrypt_test_init(EVP_TEST *t, const char *name) 1851 { 1852 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, 1853 EVP_PKEY_decrypt); 1854 } 1855 1856 static const EVP_TEST_METHOD pdecrypt_test_method = { 1857 "Decrypt", 1858 decrypt_test_init, 1859 pkey_test_cleanup, 1860 pkey_test_parse, 1861 pkey_test_run 1862 }; 1863 1864 static int verify_test_init(EVP_TEST *t, const char *name) 1865 { 1866 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0); 1867 } 1868 1869 static int verify_test_run(EVP_TEST *t) 1870 { 1871 PKEY_DATA *kdata = t->data; 1872 1873 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, 1874 kdata->input, kdata->input_len) <= 0) 1875 t->err = "VERIFY_ERROR"; 1876 return 1; 1877 } 1878 1879 static const EVP_TEST_METHOD pverify_test_method = { 1880 "Verify", 1881 verify_test_init, 1882 pkey_test_cleanup, 1883 pkey_test_parse, 1884 verify_test_run 1885 }; 1886 1887 static int pderive_test_init(EVP_TEST *t, const char *name) 1888 { 1889 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0); 1890 } 1891 1892 static int pderive_test_parse(EVP_TEST *t, 1893 const char *keyword, const char *value) 1894 { 1895 PKEY_DATA *kdata = t->data; 1896 int validate = 0; 1897 1898 if (strcmp(keyword, "PeerKeyValidate") == 0) 1899 validate = 1; 1900 1901 if (validate || strcmp(keyword, "PeerKey") == 0) { 1902 EVP_PKEY *peer; 1903 if (find_key(&peer, value, public_keys) == 0) 1904 return -1; 1905 if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) { 1906 t->err = "DERIVE_SET_PEER_ERROR"; 1907 return 1; 1908 } 1909 t->err = NULL; 1910 return 1; 1911 } 1912 if (strcmp(keyword, "SharedSecret") == 0) 1913 return parse_bin(value, &kdata->output, &kdata->output_len); 1914 if (strcmp(keyword, "Ctrl") == 0) 1915 return pkey_test_ctrl(t, kdata->ctx, value); 1916 if (strcmp(keyword, "KDFType") == 0) { 1917 OSSL_PARAM params[2]; 1918 1919 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, 1920 (char *)(intptr_t)value, 0); 1921 params[1] = OSSL_PARAM_construct_end(); 1922 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) 1923 return -1; 1924 return 1; 1925 } 1926 if (strcmp(keyword, "KDFDigest") == 0) { 1927 OSSL_PARAM params[2]; 1928 1929 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, 1930 (char *)(intptr_t)value, 0); 1931 params[1] = OSSL_PARAM_construct_end(); 1932 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) 1933 return -1; 1934 return 1; 1935 } 1936 if (strcmp(keyword, "CEKAlg") == 0) { 1937 OSSL_PARAM params[2]; 1938 1939 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, 1940 (char *)(intptr_t)value, 0); 1941 params[1] = OSSL_PARAM_construct_end(); 1942 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) 1943 return -1; 1944 return 1; 1945 } 1946 if (strcmp(keyword, "KDFOutlen") == 0) { 1947 OSSL_PARAM params[2]; 1948 char *endptr; 1949 size_t outlen = (size_t)strtoul(value, &endptr, 0); 1950 1951 if (endptr[0] != '\0') 1952 return -1; 1953 1954 params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, 1955 &outlen); 1956 params[1] = OSSL_PARAM_construct_end(); 1957 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) 1958 return -1; 1959 return 1; 1960 } 1961 return 0; 1962 } 1963 1964 static int pderive_test_run(EVP_TEST *t) 1965 { 1966 EVP_PKEY_CTX *dctx = NULL; 1967 PKEY_DATA *expected = t->data; 1968 unsigned char *got = NULL; 1969 size_t got_len; 1970 1971 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) { 1972 t->err = "DERIVE_ERROR"; 1973 goto err; 1974 } 1975 1976 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0 1977 || !TEST_size_t_ne(got_len, 0)) { 1978 t->err = "DERIVE_ERROR"; 1979 goto err; 1980 } 1981 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1982 t->err = "DERIVE_ERROR"; 1983 goto err; 1984 } 1985 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) { 1986 t->err = "DERIVE_ERROR"; 1987 goto err; 1988 } 1989 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH", 1990 expected->output, expected->output_len, 1991 got, got_len)) 1992 goto err; 1993 1994 t->err = NULL; 1995 err: 1996 OPENSSL_free(got); 1997 EVP_PKEY_CTX_free(dctx); 1998 return 1; 1999 } 2000 2001 static const EVP_TEST_METHOD pderive_test_method = { 2002 "Derive", 2003 pderive_test_init, 2004 pkey_test_cleanup, 2005 pderive_test_parse, 2006 pderive_test_run 2007 }; 2008 2009 2010 /** 2011 ** PBE TESTS 2012 **/ 2013 2014 typedef enum pbe_type_enum { 2015 PBE_TYPE_INVALID = 0, 2016 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12 2017 } PBE_TYPE; 2018 2019 typedef struct pbe_data_st { 2020 PBE_TYPE pbe_type; 2021 /* scrypt parameters */ 2022 uint64_t N, r, p, maxmem; 2023 /* PKCS#12 parameters */ 2024 int id, iter; 2025 const EVP_MD *md; 2026 /* password */ 2027 unsigned char *pass; 2028 size_t pass_len; 2029 /* salt */ 2030 unsigned char *salt; 2031 size_t salt_len; 2032 /* Expected output */ 2033 unsigned char *key; 2034 size_t key_len; 2035 } PBE_DATA; 2036 2037 #ifndef OPENSSL_NO_SCRYPT 2038 /* Parse unsigned decimal 64 bit integer value */ 2039 static int parse_uint64(const char *value, uint64_t *pr) 2040 { 2041 const char *p = value; 2042 2043 if (!TEST_true(*p)) { 2044 TEST_info("Invalid empty integer value"); 2045 return -1; 2046 } 2047 for (*pr = 0; *p; ) { 2048 if (*pr > UINT64_MAX / 10) { 2049 TEST_error("Integer overflow in string %s", value); 2050 return -1; 2051 } 2052 *pr *= 10; 2053 if (!TEST_true(isdigit((unsigned char)*p))) { 2054 TEST_error("Invalid character in string %s", value); 2055 return -1; 2056 } 2057 *pr += *p - '0'; 2058 p++; 2059 } 2060 return 1; 2061 } 2062 2063 static int scrypt_test_parse(EVP_TEST *t, 2064 const char *keyword, const char *value) 2065 { 2066 PBE_DATA *pdata = t->data; 2067 2068 if (strcmp(keyword, "N") == 0) 2069 return parse_uint64(value, &pdata->N); 2070 if (strcmp(keyword, "p") == 0) 2071 return parse_uint64(value, &pdata->p); 2072 if (strcmp(keyword, "r") == 0) 2073 return parse_uint64(value, &pdata->r); 2074 if (strcmp(keyword, "maxmem") == 0) 2075 return parse_uint64(value, &pdata->maxmem); 2076 return 0; 2077 } 2078 #endif 2079 2080 static int pbkdf2_test_parse(EVP_TEST *t, 2081 const char *keyword, const char *value) 2082 { 2083 PBE_DATA *pdata = t->data; 2084 2085 if (strcmp(keyword, "iter") == 0) { 2086 pdata->iter = atoi(value); 2087 if (pdata->iter <= 0) 2088 return -1; 2089 return 1; 2090 } 2091 if (strcmp(keyword, "MD") == 0) { 2092 pdata->md = EVP_get_digestbyname(value); 2093 if (pdata->md == NULL) 2094 return -1; 2095 return 1; 2096 } 2097 return 0; 2098 } 2099 2100 static int pkcs12_test_parse(EVP_TEST *t, 2101 const char *keyword, const char *value) 2102 { 2103 PBE_DATA *pdata = t->data; 2104 2105 if (strcmp(keyword, "id") == 0) { 2106 pdata->id = atoi(value); 2107 if (pdata->id <= 0) 2108 return -1; 2109 return 1; 2110 } 2111 return pbkdf2_test_parse(t, keyword, value); 2112 } 2113 2114 static int pbe_test_init(EVP_TEST *t, const char *alg) 2115 { 2116 PBE_DATA *pdat; 2117 PBE_TYPE pbe_type = PBE_TYPE_INVALID; 2118 2119 if (is_kdf_disabled(alg)) { 2120 TEST_info("skipping, '%s' is disabled", alg); 2121 t->skip = 1; 2122 return 1; 2123 } 2124 if (strcmp(alg, "scrypt") == 0) { 2125 pbe_type = PBE_TYPE_SCRYPT; 2126 } else if (strcmp(alg, "pbkdf2") == 0) { 2127 pbe_type = PBE_TYPE_PBKDF2; 2128 } else if (strcmp(alg, "pkcs12") == 0) { 2129 pbe_type = PBE_TYPE_PKCS12; 2130 } else { 2131 TEST_error("Unknown pbe algorithm %s", alg); 2132 return 0; 2133 } 2134 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat)))) 2135 return 0; 2136 pdat->pbe_type = pbe_type; 2137 t->data = pdat; 2138 return 1; 2139 } 2140 2141 static void pbe_test_cleanup(EVP_TEST *t) 2142 { 2143 PBE_DATA *pdat = t->data; 2144 2145 OPENSSL_free(pdat->pass); 2146 OPENSSL_free(pdat->salt); 2147 OPENSSL_free(pdat->key); 2148 } 2149 2150 static int pbe_test_parse(EVP_TEST *t, 2151 const char *keyword, const char *value) 2152 { 2153 PBE_DATA *pdata = t->data; 2154 2155 if (strcmp(keyword, "Password") == 0) 2156 return parse_bin(value, &pdata->pass, &pdata->pass_len); 2157 if (strcmp(keyword, "Salt") == 0) 2158 return parse_bin(value, &pdata->salt, &pdata->salt_len); 2159 if (strcmp(keyword, "Key") == 0) 2160 return parse_bin(value, &pdata->key, &pdata->key_len); 2161 if (pdata->pbe_type == PBE_TYPE_PBKDF2) 2162 return pbkdf2_test_parse(t, keyword, value); 2163 else if (pdata->pbe_type == PBE_TYPE_PKCS12) 2164 return pkcs12_test_parse(t, keyword, value); 2165 #ifndef OPENSSL_NO_SCRYPT 2166 else if (pdata->pbe_type == PBE_TYPE_SCRYPT) 2167 return scrypt_test_parse(t, keyword, value); 2168 #endif 2169 return 0; 2170 } 2171 2172 static int pbe_test_run(EVP_TEST *t) 2173 { 2174 PBE_DATA *expected = t->data; 2175 unsigned char *key; 2176 EVP_MD *fetched_digest = NULL; 2177 OSSL_LIB_CTX *save_libctx; 2178 2179 save_libctx = OSSL_LIB_CTX_set0_default(libctx); 2180 2181 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) { 2182 t->err = "INTERNAL_ERROR"; 2183 goto err; 2184 } 2185 if (expected->pbe_type == PBE_TYPE_PBKDF2) { 2186 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len, 2187 expected->salt, expected->salt_len, 2188 expected->iter, expected->md, 2189 expected->key_len, key) == 0) { 2190 t->err = "PBKDF2_ERROR"; 2191 goto err; 2192 } 2193 #ifndef OPENSSL_NO_SCRYPT 2194 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) { 2195 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len, 2196 expected->salt, expected->salt_len, 2197 expected->N, expected->r, expected->p, 2198 expected->maxmem, key, expected->key_len) == 0) { 2199 t->err = "SCRYPT_ERROR"; 2200 goto err; 2201 } 2202 #endif 2203 } else if (expected->pbe_type == PBE_TYPE_PKCS12) { 2204 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md), 2205 NULL); 2206 if (fetched_digest == NULL) { 2207 t->err = "PKCS12_ERROR"; 2208 goto err; 2209 } 2210 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len, 2211 expected->salt, expected->salt_len, 2212 expected->id, expected->iter, expected->key_len, 2213 key, fetched_digest) == 0) { 2214 t->err = "PKCS12_ERROR"; 2215 goto err; 2216 } 2217 } 2218 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len, 2219 key, expected->key_len)) 2220 goto err; 2221 2222 t->err = NULL; 2223 err: 2224 EVP_MD_free(fetched_digest); 2225 OPENSSL_free(key); 2226 OSSL_LIB_CTX_set0_default(save_libctx); 2227 return 1; 2228 } 2229 2230 static const EVP_TEST_METHOD pbe_test_method = { 2231 "PBE", 2232 pbe_test_init, 2233 pbe_test_cleanup, 2234 pbe_test_parse, 2235 pbe_test_run 2236 }; 2237 2238 2239 /** 2240 ** BASE64 TESTS 2241 **/ 2242 2243 typedef enum { 2244 BASE64_CANONICAL_ENCODING = 0, 2245 BASE64_VALID_ENCODING = 1, 2246 BASE64_INVALID_ENCODING = 2 2247 } base64_encoding_type; 2248 2249 typedef struct encode_data_st { 2250 /* Input to encoding */ 2251 unsigned char *input; 2252 size_t input_len; 2253 /* Expected output */ 2254 unsigned char *output; 2255 size_t output_len; 2256 base64_encoding_type encoding; 2257 } ENCODE_DATA; 2258 2259 static int encode_test_init(EVP_TEST *t, const char *encoding) 2260 { 2261 ENCODE_DATA *edata; 2262 2263 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata)))) 2264 return 0; 2265 if (strcmp(encoding, "canonical") == 0) { 2266 edata->encoding = BASE64_CANONICAL_ENCODING; 2267 } else if (strcmp(encoding, "valid") == 0) { 2268 edata->encoding = BASE64_VALID_ENCODING; 2269 } else if (strcmp(encoding, "invalid") == 0) { 2270 edata->encoding = BASE64_INVALID_ENCODING; 2271 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR"))) 2272 goto err; 2273 } else { 2274 TEST_error("Bad encoding: %s." 2275 " Should be one of {canonical, valid, invalid}", 2276 encoding); 2277 goto err; 2278 } 2279 t->data = edata; 2280 return 1; 2281 err: 2282 OPENSSL_free(edata); 2283 return 0; 2284 } 2285 2286 static void encode_test_cleanup(EVP_TEST *t) 2287 { 2288 ENCODE_DATA *edata = t->data; 2289 2290 OPENSSL_free(edata->input); 2291 OPENSSL_free(edata->output); 2292 memset(edata, 0, sizeof(*edata)); 2293 } 2294 2295 static int encode_test_parse(EVP_TEST *t, 2296 const char *keyword, const char *value) 2297 { 2298 ENCODE_DATA *edata = t->data; 2299 2300 if (strcmp(keyword, "Input") == 0) 2301 return parse_bin(value, &edata->input, &edata->input_len); 2302 if (strcmp(keyword, "Output") == 0) 2303 return parse_bin(value, &edata->output, &edata->output_len); 2304 return 0; 2305 } 2306 2307 static int encode_test_run(EVP_TEST *t) 2308 { 2309 ENCODE_DATA *expected = t->data; 2310 unsigned char *encode_out = NULL, *decode_out = NULL; 2311 int output_len, chunk_len; 2312 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL; 2313 2314 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) { 2315 t->err = "INTERNAL_ERROR"; 2316 goto err; 2317 } 2318 2319 if (expected->encoding == BASE64_CANONICAL_ENCODING) { 2320 2321 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new()) 2322 || !TEST_ptr(encode_out = 2323 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len)))) 2324 goto err; 2325 2326 EVP_EncodeInit(encode_ctx); 2327 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, 2328 expected->input, expected->input_len))) 2329 goto err; 2330 2331 output_len = chunk_len; 2332 2333 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len); 2334 output_len += chunk_len; 2335 2336 if (!memory_err_compare(t, "BAD_ENCODING", 2337 expected->output, expected->output_len, 2338 encode_out, output_len)) 2339 goto err; 2340 } 2341 2342 if (!TEST_ptr(decode_out = 2343 OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len)))) 2344 goto err; 2345 2346 EVP_DecodeInit(decode_ctx); 2347 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output, 2348 expected->output_len) < 0) { 2349 t->err = "DECODE_ERROR"; 2350 goto err; 2351 } 2352 output_len = chunk_len; 2353 2354 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) { 2355 t->err = "DECODE_ERROR"; 2356 goto err; 2357 } 2358 output_len += chunk_len; 2359 2360 if (expected->encoding != BASE64_INVALID_ENCODING 2361 && !memory_err_compare(t, "BAD_DECODING", 2362 expected->input, expected->input_len, 2363 decode_out, output_len)) { 2364 t->err = "BAD_DECODING"; 2365 goto err; 2366 } 2367 2368 t->err = NULL; 2369 err: 2370 OPENSSL_free(encode_out); 2371 OPENSSL_free(decode_out); 2372 EVP_ENCODE_CTX_free(decode_ctx); 2373 EVP_ENCODE_CTX_free(encode_ctx); 2374 return 1; 2375 } 2376 2377 static const EVP_TEST_METHOD encode_test_method = { 2378 "Encoding", 2379 encode_test_init, 2380 encode_test_cleanup, 2381 encode_test_parse, 2382 encode_test_run, 2383 }; 2384 2385 2386 /** 2387 ** RAND TESTS 2388 **/ 2389 #define MAX_RAND_REPEATS 15 2390 2391 typedef struct rand_data_pass_st { 2392 unsigned char *entropy; 2393 unsigned char *reseed_entropy; 2394 unsigned char *nonce; 2395 unsigned char *pers; 2396 unsigned char *reseed_addin; 2397 unsigned char *addinA; 2398 unsigned char *addinB; 2399 unsigned char *pr_entropyA; 2400 unsigned char *pr_entropyB; 2401 unsigned char *output; 2402 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len, 2403 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len, 2404 reseed_addin_len; 2405 } RAND_DATA_PASS; 2406 2407 typedef struct rand_data_st { 2408 /* Context for this operation */ 2409 EVP_RAND_CTX *ctx; 2410 EVP_RAND_CTX *parent; 2411 int n; 2412 int prediction_resistance; 2413 int use_df; 2414 unsigned int generate_bits; 2415 char *cipher; 2416 char *digest; 2417 2418 /* Expected output */ 2419 RAND_DATA_PASS data[MAX_RAND_REPEATS]; 2420 } RAND_DATA; 2421 2422 static int rand_test_init(EVP_TEST *t, const char *name) 2423 { 2424 RAND_DATA *rdata; 2425 EVP_RAND *rand; 2426 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2427 unsigned int strength = 256; 2428 2429 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata)))) 2430 return 0; 2431 2432 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */ 2433 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"); 2434 if (rand == NULL) 2435 goto err; 2436 rdata->parent = EVP_RAND_CTX_new(rand, NULL); 2437 EVP_RAND_free(rand); 2438 if (rdata->parent == NULL) 2439 goto err; 2440 2441 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); 2442 if (!EVP_RAND_CTX_set_params(rdata->parent, params)) 2443 goto err; 2444 2445 rand = EVP_RAND_fetch(libctx, name, NULL); 2446 if (rand == NULL) 2447 goto err; 2448 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent); 2449 EVP_RAND_free(rand); 2450 if (rdata->ctx == NULL) 2451 goto err; 2452 2453 rdata->n = -1; 2454 t->data = rdata; 2455 return 1; 2456 err: 2457 EVP_RAND_CTX_free(rdata->parent); 2458 OPENSSL_free(rdata); 2459 return 0; 2460 } 2461 2462 static void rand_test_cleanup(EVP_TEST *t) 2463 { 2464 RAND_DATA *rdata = t->data; 2465 int i; 2466 2467 OPENSSL_free(rdata->cipher); 2468 OPENSSL_free(rdata->digest); 2469 2470 for (i = 0; i <= rdata->n; i++) { 2471 OPENSSL_free(rdata->data[i].entropy); 2472 OPENSSL_free(rdata->data[i].reseed_entropy); 2473 OPENSSL_free(rdata->data[i].nonce); 2474 OPENSSL_free(rdata->data[i].pers); 2475 OPENSSL_free(rdata->data[i].reseed_addin); 2476 OPENSSL_free(rdata->data[i].addinA); 2477 OPENSSL_free(rdata->data[i].addinB); 2478 OPENSSL_free(rdata->data[i].pr_entropyA); 2479 OPENSSL_free(rdata->data[i].pr_entropyB); 2480 OPENSSL_free(rdata->data[i].output); 2481 } 2482 EVP_RAND_CTX_free(rdata->ctx); 2483 EVP_RAND_CTX_free(rdata->parent); 2484 } 2485 2486 static int rand_test_parse(EVP_TEST *t, 2487 const char *keyword, const char *value) 2488 { 2489 RAND_DATA *rdata = t->data; 2490 RAND_DATA_PASS *item; 2491 const char *p; 2492 int n; 2493 2494 if ((p = strchr(keyword, '.')) != NULL) { 2495 n = atoi(++p); 2496 if (n >= MAX_RAND_REPEATS) 2497 return 0; 2498 if (n > rdata->n) 2499 rdata->n = n; 2500 item = rdata->data + n; 2501 if (strncmp(keyword, "Entropy.", sizeof("Entropy")) == 0) 2502 return parse_bin(value, &item->entropy, &item->entropy_len); 2503 if (strncmp(keyword, "ReseedEntropy.", sizeof("ReseedEntropy")) == 0) 2504 return parse_bin(value, &item->reseed_entropy, 2505 &item->reseed_entropy_len); 2506 if (strncmp(keyword, "Nonce.", sizeof("Nonce")) == 0) 2507 return parse_bin(value, &item->nonce, &item->nonce_len); 2508 if (strncmp(keyword, "PersonalisationString.", 2509 sizeof("PersonalisationString")) == 0) 2510 return parse_bin(value, &item->pers, &item->pers_len); 2511 if (strncmp(keyword, "ReseedAdditionalInput.", 2512 sizeof("ReseedAdditionalInput")) == 0) 2513 return parse_bin(value, &item->reseed_addin, 2514 &item->reseed_addin_len); 2515 if (strncmp(keyword, "AdditionalInputA.", 2516 sizeof("AdditionalInputA")) == 0) 2517 return parse_bin(value, &item->addinA, &item->addinA_len); 2518 if (strncmp(keyword, "AdditionalInputB.", 2519 sizeof("AdditionalInputB")) == 0) 2520 return parse_bin(value, &item->addinB, &item->addinB_len); 2521 if (strncmp(keyword, "EntropyPredictionResistanceA.", 2522 sizeof("EntropyPredictionResistanceA")) == 0) 2523 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len); 2524 if (strncmp(keyword, "EntropyPredictionResistanceB.", 2525 sizeof("EntropyPredictionResistanceB")) == 0) 2526 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len); 2527 if (strncmp(keyword, "Output.", sizeof("Output")) == 0) 2528 return parse_bin(value, &item->output, &item->output_len); 2529 } else { 2530 if (strcmp(keyword, "Cipher") == 0) 2531 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value)); 2532 if (strcmp(keyword, "Digest") == 0) 2533 return TEST_ptr(rdata->digest = OPENSSL_strdup(value)); 2534 if (strcmp(keyword, "DerivationFunction") == 0) { 2535 rdata->use_df = atoi(value) != 0; 2536 return 1; 2537 } 2538 if (strcmp(keyword, "GenerateBits") == 0) { 2539 if ((n = atoi(value)) <= 0 || n % 8 != 0) 2540 return 0; 2541 rdata->generate_bits = (unsigned int)n; 2542 return 1; 2543 } 2544 if (strcmp(keyword, "PredictionResistance") == 0) { 2545 rdata->prediction_resistance = atoi(value) != 0; 2546 return 1; 2547 } 2548 } 2549 return 0; 2550 } 2551 2552 static int rand_test_run(EVP_TEST *t) 2553 { 2554 RAND_DATA *expected = t->data; 2555 RAND_DATA_PASS *item; 2556 unsigned char *got; 2557 size_t got_len = expected->generate_bits / 8; 2558 OSSL_PARAM params[5], *p = params; 2559 int i = -1, ret = 0; 2560 unsigned int strength; 2561 unsigned char *z; 2562 2563 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) 2564 return 0; 2565 2566 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df); 2567 if (expected->cipher != NULL) 2568 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, 2569 expected->cipher, 0); 2570 if (expected->digest != NULL) 2571 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, 2572 expected->digest, 0); 2573 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, (char *)(intptr_t)"HMAC", 0); 2574 *p = OSSL_PARAM_construct_end(); 2575 if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params))) 2576 goto err; 2577 2578 strength = EVP_RAND_get_strength(expected->ctx); 2579 for (i = 0; i <= expected->n; i++) { 2580 item = expected->data + i; 2581 2582 p = params; 2583 z = item->entropy != NULL ? item->entropy : (unsigned char *)(intptr_t)""; 2584 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 2585 z, item->entropy_len); 2586 z = item->nonce != NULL ? item->nonce : (unsigned char *)(intptr_t)""; 2587 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, 2588 z, item->nonce_len); 2589 *p = OSSL_PARAM_construct_end(); 2590 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength, 2591 0, NULL, 0, params))) 2592 goto err; 2593 2594 z = item->pers != NULL ? item->pers : (unsigned char *)(intptr_t)""; 2595 if (!TEST_true(EVP_RAND_instantiate 2596 (expected->ctx, strength, 2597 expected->prediction_resistance, z, 2598 item->pers_len, NULL))) 2599 goto err; 2600 2601 if (item->reseed_entropy != NULL) { 2602 params[0] = OSSL_PARAM_construct_octet_string 2603 (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy, 2604 item->reseed_entropy_len); 2605 params[1] = OSSL_PARAM_construct_end(); 2606 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 2607 goto err; 2608 2609 if (!TEST_true(EVP_RAND_reseed 2610 (expected->ctx, expected->prediction_resistance, 2611 NULL, 0, item->reseed_addin, 2612 item->reseed_addin_len))) 2613 goto err; 2614 } 2615 if (item->pr_entropyA != NULL) { 2616 params[0] = OSSL_PARAM_construct_octet_string 2617 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA, 2618 item->pr_entropyA_len); 2619 params[1] = OSSL_PARAM_construct_end(); 2620 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 2621 goto err; 2622 } 2623 if (!TEST_true(EVP_RAND_generate 2624 (expected->ctx, got, got_len, 2625 strength, expected->prediction_resistance, 2626 item->addinA, item->addinA_len))) 2627 goto err; 2628 2629 if (item->pr_entropyB != NULL) { 2630 params[0] = OSSL_PARAM_construct_octet_string 2631 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB, 2632 item->pr_entropyB_len); 2633 params[1] = OSSL_PARAM_construct_end(); 2634 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 2635 goto err; 2636 } 2637 if (!TEST_true(EVP_RAND_generate 2638 (expected->ctx, got, got_len, 2639 strength, expected->prediction_resistance, 2640 item->addinB, item->addinB_len))) 2641 goto err; 2642 if (!TEST_mem_eq(got, got_len, item->output, item->output_len)) 2643 goto err; 2644 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx)) 2645 || !TEST_true(EVP_RAND_uninstantiate(expected->parent)) 2646 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx)) 2647 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx), 2648 EVP_RAND_STATE_UNINITIALISED)) 2649 goto err; 2650 } 2651 t->err = NULL; 2652 ret = 1; 2653 2654 err: 2655 if (ret == 0 && i >= 0) 2656 TEST_info("Error in test case %d of %d\n", i, expected->n + 1); 2657 OPENSSL_free(got); 2658 return ret; 2659 } 2660 2661 static const EVP_TEST_METHOD rand_test_method = { 2662 "RAND", 2663 rand_test_init, 2664 rand_test_cleanup, 2665 rand_test_parse, 2666 rand_test_run 2667 }; 2668 2669 2670 /** 2671 ** KDF TESTS 2672 **/ 2673 typedef struct kdf_data_st { 2674 /* Context for this operation */ 2675 EVP_KDF_CTX *ctx; 2676 /* Expected output */ 2677 unsigned char *output; 2678 size_t output_len; 2679 OSSL_PARAM params[20]; 2680 OSSL_PARAM *p; 2681 } KDF_DATA; 2682 2683 /* 2684 * Perform public key operation setup: lookup key, allocated ctx and call 2685 * the appropriate initialisation function 2686 */ 2687 static int kdf_test_init(EVP_TEST *t, const char *name) 2688 { 2689 KDF_DATA *kdata; 2690 EVP_KDF *kdf; 2691 2692 if (is_kdf_disabled(name)) { 2693 TEST_info("skipping, '%s' is disabled", name); 2694 t->skip = 1; 2695 return 1; 2696 } 2697 2698 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 2699 return 0; 2700 kdata->p = kdata->params; 2701 *kdata->p = OSSL_PARAM_construct_end(); 2702 2703 kdf = EVP_KDF_fetch(libctx, name, NULL); 2704 if (kdf == NULL) { 2705 OPENSSL_free(kdata); 2706 return 0; 2707 } 2708 kdata->ctx = EVP_KDF_CTX_new(kdf); 2709 EVP_KDF_free(kdf); 2710 if (kdata->ctx == NULL) { 2711 OPENSSL_free(kdata); 2712 return 0; 2713 } 2714 t->data = kdata; 2715 return 1; 2716 } 2717 2718 static void kdf_test_cleanup(EVP_TEST *t) 2719 { 2720 KDF_DATA *kdata = t->data; 2721 OSSL_PARAM *p; 2722 2723 for (p = kdata->params; p->key != NULL; p++) 2724 OPENSSL_free(p->data); 2725 OPENSSL_free(kdata->output); 2726 EVP_KDF_CTX_free(kdata->ctx); 2727 } 2728 2729 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, 2730 const char *value) 2731 { 2732 KDF_DATA *kdata = t->data; 2733 int rv; 2734 char *p, *name; 2735 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx)); 2736 2737 if (!TEST_ptr(name = OPENSSL_strdup(value))) 2738 return 0; 2739 p = strchr(name, ':'); 2740 if (p != NULL) 2741 *p++ = '\0'; 2742 2743 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, 2744 p != NULL ? strlen(p) : 0, NULL); 2745 *++kdata->p = OSSL_PARAM_construct_end(); 2746 if (!rv) { 2747 t->err = "KDF_PARAM_ERROR"; 2748 OPENSSL_free(name); 2749 return 0; 2750 } 2751 if (p != NULL && strcmp(name, "digest") == 0) { 2752 if (is_digest_disabled(p)) { 2753 TEST_info("skipping, '%s' is disabled", p); 2754 t->skip = 1; 2755 } 2756 } 2757 if (p != NULL 2758 && (strcmp(name, "cipher") == 0 2759 || strcmp(name, "cekalg") == 0) 2760 && is_cipher_disabled(p)) { 2761 TEST_info("skipping, '%s' is disabled", p); 2762 t->skip = 1; 2763 } 2764 OPENSSL_free(name); 2765 return 1; 2766 } 2767 2768 static int kdf_test_parse(EVP_TEST *t, 2769 const char *keyword, const char *value) 2770 { 2771 KDF_DATA *kdata = t->data; 2772 2773 if (strcmp(keyword, "Output") == 0) 2774 return parse_bin(value, &kdata->output, &kdata->output_len); 2775 if (strncmp(keyword, "Ctrl", 4) == 0) 2776 return kdf_test_ctrl(t, kdata->ctx, value); 2777 return 0; 2778 } 2779 2780 static int kdf_test_run(EVP_TEST *t) 2781 { 2782 KDF_DATA *expected = t->data; 2783 unsigned char *got = NULL; 2784 size_t got_len = expected->output_len; 2785 2786 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) { 2787 t->err = "KDF_CTRL_ERROR"; 2788 return 1; 2789 } 2790 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { 2791 t->err = "INTERNAL_ERROR"; 2792 goto err; 2793 } 2794 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) { 2795 t->err = "KDF_DERIVE_ERROR"; 2796 goto err; 2797 } 2798 if (!memory_err_compare(t, "KDF_MISMATCH", 2799 expected->output, expected->output_len, 2800 got, got_len)) 2801 goto err; 2802 2803 t->err = NULL; 2804 2805 err: 2806 OPENSSL_free(got); 2807 return 1; 2808 } 2809 2810 static const EVP_TEST_METHOD kdf_test_method = { 2811 "KDF", 2812 kdf_test_init, 2813 kdf_test_cleanup, 2814 kdf_test_parse, 2815 kdf_test_run 2816 }; 2817 2818 /** 2819 ** PKEY KDF TESTS 2820 **/ 2821 2822 typedef struct pkey_kdf_data_st { 2823 /* Context for this operation */ 2824 EVP_PKEY_CTX *ctx; 2825 /* Expected output */ 2826 unsigned char *output; 2827 size_t output_len; 2828 } PKEY_KDF_DATA; 2829 2830 /* 2831 * Perform public key operation setup: lookup key, allocated ctx and call 2832 * the appropriate initialisation function 2833 */ 2834 static int pkey_kdf_test_init(EVP_TEST *t, const char *name) 2835 { 2836 PKEY_KDF_DATA *kdata = NULL; 2837 2838 if (is_kdf_disabled(name)) { 2839 TEST_info("skipping, '%s' is disabled", name); 2840 t->skip = 1; 2841 return 1; 2842 } 2843 2844 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 2845 return 0; 2846 2847 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, NULL); 2848 if (kdata->ctx == NULL 2849 || EVP_PKEY_derive_init(kdata->ctx) <= 0) 2850 goto err; 2851 2852 t->data = kdata; 2853 return 1; 2854 err: 2855 EVP_PKEY_CTX_free(kdata->ctx); 2856 OPENSSL_free(kdata); 2857 return 0; 2858 } 2859 2860 static void pkey_kdf_test_cleanup(EVP_TEST *t) 2861 { 2862 PKEY_KDF_DATA *kdata = t->data; 2863 2864 OPENSSL_free(kdata->output); 2865 EVP_PKEY_CTX_free(kdata->ctx); 2866 } 2867 2868 static int pkey_kdf_test_parse(EVP_TEST *t, 2869 const char *keyword, const char *value) 2870 { 2871 PKEY_KDF_DATA *kdata = t->data; 2872 2873 if (strcmp(keyword, "Output") == 0) 2874 return parse_bin(value, &kdata->output, &kdata->output_len); 2875 if (strncmp(keyword, "Ctrl", 4) == 0) 2876 return pkey_test_ctrl(t, kdata->ctx, value); 2877 return 0; 2878 } 2879 2880 static int pkey_kdf_test_run(EVP_TEST *t) 2881 { 2882 PKEY_KDF_DATA *expected = t->data; 2883 unsigned char *got = NULL; 2884 size_t got_len = 0; 2885 2886 if (fips_provider_version_eq(libctx, 3, 0, 0)) { 2887 /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */ 2888 got_len = expected->output_len; 2889 } else { 2890 /* Find out the KDF output size */ 2891 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { 2892 t->err = "INTERNAL_ERROR"; 2893 goto err; 2894 } 2895 2896 /* 2897 * We may get an absurd output size, which signals that anything goes. 2898 * If not, we specify a too big buffer for the output, to test that 2899 * EVP_PKEY_derive() can cope with it. 2900 */ 2901 if (got_len == SIZE_MAX || got_len == 0) 2902 got_len = expected->output_len; 2903 else 2904 got_len = expected->output_len * 2; 2905 } 2906 2907 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { 2908 t->err = "INTERNAL_ERROR"; 2909 goto err; 2910 } 2911 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { 2912 t->err = "KDF_DERIVE_ERROR"; 2913 goto err; 2914 } 2915 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) { 2916 t->err = "KDF_MISMATCH"; 2917 goto err; 2918 } 2919 t->err = NULL; 2920 2921 err: 2922 OPENSSL_free(got); 2923 return 1; 2924 } 2925 2926 static const EVP_TEST_METHOD pkey_kdf_test_method = { 2927 "PKEYKDF", 2928 pkey_kdf_test_init, 2929 pkey_kdf_test_cleanup, 2930 pkey_kdf_test_parse, 2931 pkey_kdf_test_run 2932 }; 2933 2934 /** 2935 ** KEYPAIR TESTS 2936 **/ 2937 2938 typedef struct keypair_test_data_st { 2939 EVP_PKEY *privk; 2940 EVP_PKEY *pubk; 2941 } KEYPAIR_TEST_DATA; 2942 2943 static int keypair_test_init(EVP_TEST *t, const char *pair) 2944 { 2945 KEYPAIR_TEST_DATA *data; 2946 int rv = 0; 2947 EVP_PKEY *pk = NULL, *pubk = NULL; 2948 char *pub, *priv = NULL; 2949 2950 /* Split private and public names. */ 2951 if (!TEST_ptr(priv = OPENSSL_strdup(pair)) 2952 || !TEST_ptr(pub = strchr(priv, ':'))) { 2953 t->err = "PARSING_ERROR"; 2954 goto end; 2955 } 2956 *pub++ = '\0'; 2957 2958 if (!TEST_true(find_key(&pk, priv, private_keys))) { 2959 TEST_info("Can't find private key: %s", priv); 2960 t->err = "MISSING_PRIVATE_KEY"; 2961 goto end; 2962 } 2963 if (!TEST_true(find_key(&pubk, pub, public_keys))) { 2964 TEST_info("Can't find public key: %s", pub); 2965 t->err = "MISSING_PUBLIC_KEY"; 2966 goto end; 2967 } 2968 2969 if (pk == NULL && pubk == NULL) { 2970 /* Both keys are listed but unsupported: skip this test */ 2971 t->skip = 1; 2972 rv = 1; 2973 goto end; 2974 } 2975 2976 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) 2977 goto end; 2978 data->privk = pk; 2979 data->pubk = pubk; 2980 t->data = data; 2981 rv = 1; 2982 t->err = NULL; 2983 2984 end: 2985 OPENSSL_free(priv); 2986 return rv; 2987 } 2988 2989 static void keypair_test_cleanup(EVP_TEST *t) 2990 { 2991 OPENSSL_free(t->data); 2992 t->data = NULL; 2993 } 2994 2995 /* 2996 * For tests that do not accept any custom keywords. 2997 */ 2998 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value) 2999 { 3000 return 0; 3001 } 3002 3003 static int keypair_test_run(EVP_TEST *t) 3004 { 3005 int rv = 0; 3006 const KEYPAIR_TEST_DATA *pair = t->data; 3007 3008 if (pair->privk == NULL || pair->pubk == NULL) { 3009 /* 3010 * this can only happen if only one of the keys is not set 3011 * which means that one of them was unsupported while the 3012 * other isn't: hence a key type mismatch. 3013 */ 3014 t->err = "KEYPAIR_TYPE_MISMATCH"; 3015 rv = 1; 3016 goto end; 3017 } 3018 3019 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1 ) { 3020 if ( 0 == rv ) { 3021 t->err = "KEYPAIR_MISMATCH"; 3022 } else if ( -1 == rv ) { 3023 t->err = "KEYPAIR_TYPE_MISMATCH"; 3024 } else if ( -2 == rv ) { 3025 t->err = "UNSUPPORTED_KEY_COMPARISON"; 3026 } else { 3027 TEST_error("Unexpected error in key comparison"); 3028 rv = 0; 3029 goto end; 3030 } 3031 rv = 1; 3032 goto end; 3033 } 3034 3035 rv = 1; 3036 t->err = NULL; 3037 3038 end: 3039 return rv; 3040 } 3041 3042 static const EVP_TEST_METHOD keypair_test_method = { 3043 "PrivPubKeyPair", 3044 keypair_test_init, 3045 keypair_test_cleanup, 3046 void_test_parse, 3047 keypair_test_run 3048 }; 3049 3050 /** 3051 ** KEYGEN TEST 3052 **/ 3053 3054 typedef struct keygen_test_data_st { 3055 EVP_PKEY_CTX *genctx; /* Keygen context to use */ 3056 char *keyname; /* Key name to store key or NULL */ 3057 } KEYGEN_TEST_DATA; 3058 3059 static int keygen_test_init(EVP_TEST *t, const char *alg) 3060 { 3061 KEYGEN_TEST_DATA *data; 3062 EVP_PKEY_CTX *genctx; 3063 int nid = OBJ_sn2nid(alg); 3064 3065 if (nid == NID_undef) { 3066 nid = OBJ_ln2nid(alg); 3067 if (nid == NID_undef) 3068 return 0; 3069 } 3070 3071 if (is_pkey_disabled(alg)) { 3072 t->skip = 1; 3073 return 1; 3074 } 3075 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, NULL))) 3076 goto err; 3077 3078 if (EVP_PKEY_keygen_init(genctx) <= 0) { 3079 t->err = "KEYGEN_INIT_ERROR"; 3080 goto err; 3081 } 3082 3083 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) 3084 goto err; 3085 data->genctx = genctx; 3086 data->keyname = NULL; 3087 t->data = data; 3088 t->err = NULL; 3089 return 1; 3090 3091 err: 3092 EVP_PKEY_CTX_free(genctx); 3093 return 0; 3094 } 3095 3096 static void keygen_test_cleanup(EVP_TEST *t) 3097 { 3098 KEYGEN_TEST_DATA *keygen = t->data; 3099 3100 EVP_PKEY_CTX_free(keygen->genctx); 3101 OPENSSL_free(keygen->keyname); 3102 OPENSSL_free(t->data); 3103 t->data = NULL; 3104 } 3105 3106 static int keygen_test_parse(EVP_TEST *t, 3107 const char *keyword, const char *value) 3108 { 3109 KEYGEN_TEST_DATA *keygen = t->data; 3110 3111 if (strcmp(keyword, "KeyName") == 0) 3112 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value)); 3113 if (strcmp(keyword, "Ctrl") == 0) 3114 return pkey_test_ctrl(t, keygen->genctx, value); 3115 return 0; 3116 } 3117 3118 static int keygen_test_run(EVP_TEST *t) 3119 { 3120 KEYGEN_TEST_DATA *keygen = t->data; 3121 EVP_PKEY *pkey = NULL; 3122 int rv = 1; 3123 3124 if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) { 3125 t->err = "KEYGEN_GENERATE_ERROR"; 3126 goto err; 3127 } 3128 3129 if (!evp_pkey_is_provided(pkey)) { 3130 TEST_info("Warning: legacy key generated %s", keygen->keyname); 3131 goto err; 3132 } 3133 if (keygen->keyname != NULL) { 3134 KEY_LIST *key; 3135 3136 rv = 0; 3137 if (find_key(NULL, keygen->keyname, private_keys)) { 3138 TEST_info("Duplicate key %s", keygen->keyname); 3139 goto err; 3140 } 3141 3142 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 3143 goto err; 3144 key->name = keygen->keyname; 3145 keygen->keyname = NULL; 3146 key->key = pkey; 3147 key->next = private_keys; 3148 private_keys = key; 3149 rv = 1; 3150 } else { 3151 EVP_PKEY_free(pkey); 3152 } 3153 3154 t->err = NULL; 3155 3156 err: 3157 return rv; 3158 } 3159 3160 static const EVP_TEST_METHOD keygen_test_method = { 3161 "KeyGen", 3162 keygen_test_init, 3163 keygen_test_cleanup, 3164 keygen_test_parse, 3165 keygen_test_run, 3166 }; 3167 3168 /** 3169 ** DIGEST SIGN+VERIFY TESTS 3170 **/ 3171 3172 typedef struct { 3173 int is_verify; /* Set to 1 if verifying */ 3174 int is_oneshot; /* Set to 1 for one shot operation */ 3175 const EVP_MD *md; /* Digest to use */ 3176 EVP_MD_CTX *ctx; /* Digest context */ 3177 EVP_PKEY_CTX *pctx; 3178 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */ 3179 unsigned char *osin; /* Input data if one shot */ 3180 size_t osin_len; /* Input length data if one shot */ 3181 unsigned char *output; /* Expected output */ 3182 size_t output_len; /* Expected output length */ 3183 } DIGESTSIGN_DATA; 3184 3185 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, 3186 int is_oneshot) 3187 { 3188 const EVP_MD *md = NULL; 3189 DIGESTSIGN_DATA *mdat; 3190 3191 if (strcmp(alg, "NULL") != 0) { 3192 if (is_digest_disabled(alg)) { 3193 t->skip = 1; 3194 return 1; 3195 } 3196 md = EVP_get_digestbyname(alg); 3197 if (md == NULL) 3198 return 0; 3199 } 3200 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 3201 return 0; 3202 mdat->md = md; 3203 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) { 3204 OPENSSL_free(mdat); 3205 return 0; 3206 } 3207 mdat->is_verify = is_verify; 3208 mdat->is_oneshot = is_oneshot; 3209 t->data = mdat; 3210 return 1; 3211 } 3212 3213 static int digestsign_test_init(EVP_TEST *t, const char *alg) 3214 { 3215 return digestsigver_test_init(t, alg, 0, 0); 3216 } 3217 3218 static void digestsigver_test_cleanup(EVP_TEST *t) 3219 { 3220 DIGESTSIGN_DATA *mdata = t->data; 3221 3222 EVP_MD_CTX_free(mdata->ctx); 3223 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free); 3224 OPENSSL_free(mdata->osin); 3225 OPENSSL_free(mdata->output); 3226 OPENSSL_free(mdata); 3227 t->data = NULL; 3228 } 3229 3230 static int digestsigver_test_parse(EVP_TEST *t, 3231 const char *keyword, const char *value) 3232 { 3233 DIGESTSIGN_DATA *mdata = t->data; 3234 3235 if (strcmp(keyword, "Key") == 0) { 3236 EVP_PKEY *pkey = NULL; 3237 int rv = 0; 3238 const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md); 3239 3240 if (mdata->is_verify) 3241 rv = find_key(&pkey, value, public_keys); 3242 if (rv == 0) 3243 rv = find_key(&pkey, value, private_keys); 3244 if (rv == 0 || pkey == NULL) { 3245 t->skip = 1; 3246 return 1; 3247 } 3248 if (mdata->is_verify) { 3249 if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx, 3250 NULL, pkey, NULL)) 3251 t->err = "DIGESTVERIFYINIT_ERROR"; 3252 return 1; 3253 } 3254 if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL, 3255 pkey, NULL)) 3256 t->err = "DIGESTSIGNINIT_ERROR"; 3257 return 1; 3258 } 3259 3260 if (strcmp(keyword, "Input") == 0) { 3261 if (mdata->is_oneshot) 3262 return parse_bin(value, &mdata->osin, &mdata->osin_len); 3263 return evp_test_buffer_append(value, &mdata->input); 3264 } 3265 if (strcmp(keyword, "Output") == 0) 3266 return parse_bin(value, &mdata->output, &mdata->output_len); 3267 3268 if (!mdata->is_oneshot) { 3269 if (strcmp(keyword, "Count") == 0) 3270 return evp_test_buffer_set_count(value, mdata->input); 3271 if (strcmp(keyword, "Ncopy") == 0) 3272 return evp_test_buffer_ncopy(value, mdata->input); 3273 } 3274 if (strcmp(keyword, "Ctrl") == 0) { 3275 if (mdata->pctx == NULL) 3276 return -1; 3277 return pkey_test_ctrl(t, mdata->pctx, value); 3278 } 3279 return 0; 3280 } 3281 3282 static int digestsign_update_fn(void *ctx, const unsigned char *buf, 3283 size_t buflen) 3284 { 3285 return EVP_DigestSignUpdate(ctx, buf, buflen); 3286 } 3287 3288 static int digestsign_test_run(EVP_TEST *t) 3289 { 3290 DIGESTSIGN_DATA *expected = t->data; 3291 unsigned char *got = NULL; 3292 size_t got_len; 3293 3294 if (!evp_test_buffer_do(expected->input, digestsign_update_fn, 3295 expected->ctx)) { 3296 t->err = "DIGESTUPDATE_ERROR"; 3297 goto err; 3298 } 3299 3300 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) { 3301 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 3302 goto err; 3303 } 3304 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 3305 t->err = "MALLOC_FAILURE"; 3306 goto err; 3307 } 3308 got_len *= 2; 3309 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) { 3310 t->err = "DIGESTSIGNFINAL_ERROR"; 3311 goto err; 3312 } 3313 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 3314 expected->output, expected->output_len, 3315 got, got_len)) 3316 goto err; 3317 3318 t->err = NULL; 3319 err: 3320 OPENSSL_free(got); 3321 return 1; 3322 } 3323 3324 static const EVP_TEST_METHOD digestsign_test_method = { 3325 "DigestSign", 3326 digestsign_test_init, 3327 digestsigver_test_cleanup, 3328 digestsigver_test_parse, 3329 digestsign_test_run 3330 }; 3331 3332 static int digestverify_test_init(EVP_TEST *t, const char *alg) 3333 { 3334 return digestsigver_test_init(t, alg, 1, 0); 3335 } 3336 3337 static int digestverify_update_fn(void *ctx, const unsigned char *buf, 3338 size_t buflen) 3339 { 3340 return EVP_DigestVerifyUpdate(ctx, buf, buflen); 3341 } 3342 3343 static int digestverify_test_run(EVP_TEST *t) 3344 { 3345 DIGESTSIGN_DATA *mdata = t->data; 3346 3347 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) { 3348 t->err = "DIGESTUPDATE_ERROR"; 3349 return 1; 3350 } 3351 3352 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output, 3353 mdata->output_len) <= 0) 3354 t->err = "VERIFY_ERROR"; 3355 return 1; 3356 } 3357 3358 static const EVP_TEST_METHOD digestverify_test_method = { 3359 "DigestVerify", 3360 digestverify_test_init, 3361 digestsigver_test_cleanup, 3362 digestsigver_test_parse, 3363 digestverify_test_run 3364 }; 3365 3366 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg) 3367 { 3368 return digestsigver_test_init(t, alg, 0, 1); 3369 } 3370 3371 static int oneshot_digestsign_test_run(EVP_TEST *t) 3372 { 3373 DIGESTSIGN_DATA *expected = t->data; 3374 unsigned char *got = NULL; 3375 size_t got_len; 3376 3377 if (!EVP_DigestSign(expected->ctx, NULL, &got_len, 3378 expected->osin, expected->osin_len)) { 3379 t->err = "DIGESTSIGN_LENGTH_ERROR"; 3380 goto err; 3381 } 3382 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 3383 t->err = "MALLOC_FAILURE"; 3384 goto err; 3385 } 3386 got_len *= 2; 3387 if (!EVP_DigestSign(expected->ctx, got, &got_len, 3388 expected->osin, expected->osin_len)) { 3389 t->err = "DIGESTSIGN_ERROR"; 3390 goto err; 3391 } 3392 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 3393 expected->output, expected->output_len, 3394 got, got_len)) 3395 goto err; 3396 3397 t->err = NULL; 3398 err: 3399 OPENSSL_free(got); 3400 return 1; 3401 } 3402 3403 static const EVP_TEST_METHOD oneshot_digestsign_test_method = { 3404 "OneShotDigestSign", 3405 oneshot_digestsign_test_init, 3406 digestsigver_test_cleanup, 3407 digestsigver_test_parse, 3408 oneshot_digestsign_test_run 3409 }; 3410 3411 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg) 3412 { 3413 return digestsigver_test_init(t, alg, 1, 1); 3414 } 3415 3416 static int oneshot_digestverify_test_run(EVP_TEST *t) 3417 { 3418 DIGESTSIGN_DATA *mdata = t->data; 3419 3420 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len, 3421 mdata->osin, mdata->osin_len) <= 0) 3422 t->err = "VERIFY_ERROR"; 3423 return 1; 3424 } 3425 3426 static const EVP_TEST_METHOD oneshot_digestverify_test_method = { 3427 "OneShotDigestVerify", 3428 oneshot_digestverify_test_init, 3429 digestsigver_test_cleanup, 3430 digestsigver_test_parse, 3431 oneshot_digestverify_test_run 3432 }; 3433 3434 3435 /** 3436 ** PARSING AND DISPATCH 3437 **/ 3438 3439 static const EVP_TEST_METHOD *evp_test_list[] = { 3440 &rand_test_method, 3441 &cipher_test_method, 3442 &digest_test_method, 3443 &digestsign_test_method, 3444 &digestverify_test_method, 3445 &encode_test_method, 3446 &kdf_test_method, 3447 &pkey_kdf_test_method, 3448 &keypair_test_method, 3449 &keygen_test_method, 3450 &mac_test_method, 3451 &oneshot_digestsign_test_method, 3452 &oneshot_digestverify_test_method, 3453 &pbe_test_method, 3454 &pdecrypt_test_method, 3455 &pderive_test_method, 3456 &psign_test_method, 3457 &pverify_recover_test_method, 3458 &pverify_test_method, 3459 NULL 3460 }; 3461 3462 static const EVP_TEST_METHOD *find_test(const char *name) 3463 { 3464 const EVP_TEST_METHOD **tt; 3465 3466 for (tt = evp_test_list; *tt; tt++) { 3467 if (strcmp(name, (*tt)->name) == 0) 3468 return *tt; 3469 } 3470 return NULL; 3471 } 3472 3473 static void clear_test(EVP_TEST *t) 3474 { 3475 test_clearstanza(&t->s); 3476 ERR_clear_error(); 3477 if (t->data != NULL) { 3478 if (t->meth != NULL) 3479 t->meth->cleanup(t); 3480 OPENSSL_free(t->data); 3481 t->data = NULL; 3482 } 3483 OPENSSL_free(t->expected_err); 3484 t->expected_err = NULL; 3485 OPENSSL_free(t->reason); 3486 t->reason = NULL; 3487 3488 /* Text literal. */ 3489 t->err = NULL; 3490 t->skip = 0; 3491 t->meth = NULL; 3492 } 3493 3494 /* Check for errors in the test structure; return 1 if okay, else 0. */ 3495 static int check_test_error(EVP_TEST *t) 3496 { 3497 unsigned long err; 3498 const char *reason; 3499 3500 if (t->err == NULL && t->expected_err == NULL) 3501 return 1; 3502 if (t->err != NULL && t->expected_err == NULL) { 3503 if (t->aux_err != NULL) { 3504 TEST_info("%s:%d: Source of above error (%s); unexpected error %s", 3505 t->s.test_file, t->s.start, t->aux_err, t->err); 3506 } else { 3507 TEST_info("%s:%d: Source of above error; unexpected error %s", 3508 t->s.test_file, t->s.start, t->err); 3509 } 3510 return 0; 3511 } 3512 if (t->err == NULL && t->expected_err != NULL) { 3513 TEST_info("%s:%d: Succeeded but was expecting %s", 3514 t->s.test_file, t->s.start, t->expected_err); 3515 return 0; 3516 } 3517 3518 if (strcmp(t->err, t->expected_err) != 0) { 3519 TEST_info("%s:%d: Expected %s got %s", 3520 t->s.test_file, t->s.start, t->expected_err, t->err); 3521 return 0; 3522 } 3523 3524 if (t->reason == NULL) 3525 return 1; 3526 3527 if (t->reason == NULL) { 3528 TEST_info("%s:%d: Test is missing function or reason code", 3529 t->s.test_file, t->s.start); 3530 return 0; 3531 } 3532 3533 err = ERR_peek_error(); 3534 if (err == 0) { 3535 TEST_info("%s:%d: Expected error \"%s\" not set", 3536 t->s.test_file, t->s.start, t->reason); 3537 return 0; 3538 } 3539 3540 reason = ERR_reason_error_string(err); 3541 if (reason == NULL) { 3542 TEST_info("%s:%d: Expected error \"%s\", no strings available." 3543 " Assuming ok.", 3544 t->s.test_file, t->s.start, t->reason); 3545 return 1; 3546 } 3547 3548 if (strcmp(reason, t->reason) == 0) 3549 return 1; 3550 3551 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"", 3552 t->s.test_file, t->s.start, t->reason, reason); 3553 3554 return 0; 3555 } 3556 3557 /* Run a parsed test. Log a message and return 0 on error. */ 3558 static int run_test(EVP_TEST *t) 3559 { 3560 if (t->meth == NULL) 3561 return 1; 3562 t->s.numtests++; 3563 if (t->skip) { 3564 t->s.numskip++; 3565 } else { 3566 /* run the test */ 3567 if (t->err == NULL && t->meth->run_test(t) != 1) { 3568 TEST_info("%s:%d %s error", 3569 t->s.test_file, t->s.start, t->meth->name); 3570 return 0; 3571 } 3572 if (!check_test_error(t)) { 3573 TEST_openssl_errors(); 3574 t->s.errors++; 3575 } 3576 } 3577 3578 /* clean it up */ 3579 return 1; 3580 } 3581 3582 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst) 3583 { 3584 for (; lst != NULL; lst = lst->next) { 3585 if (strcmp(lst->name, name) == 0) { 3586 if (ppk != NULL) 3587 *ppk = lst->key; 3588 return 1; 3589 } 3590 } 3591 return 0; 3592 } 3593 3594 static void free_key_list(KEY_LIST *lst) 3595 { 3596 while (lst != NULL) { 3597 KEY_LIST *next = lst->next; 3598 3599 EVP_PKEY_free(lst->key); 3600 OPENSSL_free(lst->name); 3601 OPENSSL_free(lst); 3602 lst = next; 3603 } 3604 } 3605 3606 /* 3607 * Is the key type an unsupported algorithm? 3608 */ 3609 static int key_unsupported(void) 3610 { 3611 long err = ERR_peek_last_error(); 3612 int lib = ERR_GET_LIB(err); 3613 long reason = ERR_GET_REASON(err); 3614 3615 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM) 3616 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR) 3617 || reason == ERR_R_UNSUPPORTED) { 3618 ERR_clear_error(); 3619 return 1; 3620 } 3621 #ifndef OPENSSL_NO_EC 3622 /* 3623 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an 3624 * hint to an unsupported algorithm/curve (e.g. if binary EC support is 3625 * disabled). 3626 */ 3627 if (lib == ERR_LIB_EC 3628 && (reason == EC_R_UNKNOWN_GROUP 3629 || reason == EC_R_INVALID_CURVE)) { 3630 ERR_clear_error(); 3631 return 1; 3632 } 3633 #endif /* OPENSSL_NO_EC */ 3634 return 0; 3635 } 3636 3637 /* NULL out the value from |pp| but return it. This "steals" a pointer. */ 3638 static char *take_value(PAIR *pp) 3639 { 3640 char *p = pp->value; 3641 3642 pp->value = NULL; 3643 return p; 3644 } 3645 3646 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) 3647 static int securitycheck_enabled(void) 3648 { 3649 static int enabled = -1; 3650 3651 if (enabled == -1) { 3652 if (OSSL_PROVIDER_available(libctx, "fips")) { 3653 OSSL_PARAM params[2]; 3654 OSSL_PROVIDER *prov = NULL; 3655 int check = 1; 3656 3657 prov = OSSL_PROVIDER_load(libctx, "fips"); 3658 if (prov != NULL) { 3659 params[0] = 3660 OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS, 3661 &check); 3662 params[1] = OSSL_PARAM_construct_end(); 3663 OSSL_PROVIDER_get_params(prov, params); 3664 OSSL_PROVIDER_unload(prov); 3665 } 3666 enabled = check; 3667 return enabled; 3668 } 3669 enabled = 0; 3670 } 3671 return enabled; 3672 } 3673 #endif 3674 3675 /* 3676 * Return 1 if one of the providers named in the string is available. 3677 * The provider names are separated with whitespace. 3678 * NOTE: destructive function, it inserts '\0' after each provider name. 3679 */ 3680 static int prov_available(char *providers) 3681 { 3682 char *p; 3683 int more = 1; 3684 3685 while (more) { 3686 for (; isspace((unsigned char)*providers); providers++) 3687 continue; 3688 if (*providers == '\0') 3689 break; /* End of the road */ 3690 for (p = providers; *p != '\0' && !isspace((unsigned char)*p); p++) 3691 continue; 3692 if (*p == '\0') 3693 more = 0; 3694 else 3695 *p = '\0'; 3696 if (OSSL_PROVIDER_available(libctx, providers)) 3697 return 1; /* Found one */ 3698 } 3699 return 0; 3700 } 3701 3702 /* Read and parse one test. Return 0 if failure, 1 if okay. */ 3703 static int parse(EVP_TEST *t) 3704 { 3705 KEY_LIST *key, **klist; 3706 EVP_PKEY *pkey; 3707 PAIR *pp; 3708 int i, j, skipped = 0; 3709 3710 top: 3711 do { 3712 if (BIO_eof(t->s.fp)) 3713 return EOF; 3714 clear_test(t); 3715 if (!test_readstanza(&t->s)) 3716 return 0; 3717 } while (t->s.numpairs == 0); 3718 pp = &t->s.pairs[0]; 3719 3720 /* Are we adding a key? */ 3721 klist = NULL; 3722 pkey = NULL; 3723 start: 3724 if (strcmp(pp->key, "PrivateKey") == 0) { 3725 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL); 3726 if (pkey == NULL && !key_unsupported()) { 3727 EVP_PKEY_free(pkey); 3728 TEST_info("Can't read private key %s", pp->value); 3729 TEST_openssl_errors(); 3730 return 0; 3731 } 3732 klist = &private_keys; 3733 } else if (strcmp(pp->key, "PublicKey") == 0) { 3734 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL); 3735 if (pkey == NULL && !key_unsupported()) { 3736 EVP_PKEY_free(pkey); 3737 TEST_info("Can't read public key %s", pp->value); 3738 TEST_openssl_errors(); 3739 return 0; 3740 } 3741 klist = &public_keys; 3742 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0 3743 || strcmp(pp->key, "PublicKeyRaw") == 0 ) { 3744 char *strnid = NULL, *keydata = NULL; 3745 unsigned char *keybin; 3746 size_t keylen; 3747 int nid; 3748 3749 if (strcmp(pp->key, "PrivateKeyRaw") == 0) 3750 klist = &private_keys; 3751 else 3752 klist = &public_keys; 3753 3754 strnid = strchr(pp->value, ':'); 3755 if (strnid != NULL) { 3756 *strnid++ = '\0'; 3757 keydata = strchr(strnid, ':'); 3758 if (keydata != NULL) 3759 *keydata++ = '\0'; 3760 } 3761 if (keydata == NULL) { 3762 TEST_info("Failed to parse %s value", pp->key); 3763 return 0; 3764 } 3765 3766 nid = OBJ_txt2nid(strnid); 3767 if (nid == NID_undef) { 3768 TEST_info("Unrecognised algorithm NID"); 3769 return 0; 3770 } 3771 if (!parse_bin(keydata, &keybin, &keylen)) { 3772 TEST_info("Failed to create binary key"); 3773 return 0; 3774 } 3775 if (klist == &private_keys) 3776 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin, 3777 keylen); 3778 else 3779 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin, 3780 keylen); 3781 if (pkey == NULL && !key_unsupported()) { 3782 TEST_info("Can't read %s data", pp->key); 3783 OPENSSL_free(keybin); 3784 TEST_openssl_errors(); 3785 return 0; 3786 } 3787 OPENSSL_free(keybin); 3788 } else if (strcmp(pp->key, "Availablein") == 0) { 3789 if (!prov_available(pp->value)) { 3790 TEST_info("skipping, '%s' provider not available: %s:%d", 3791 pp->value, t->s.test_file, t->s.start); 3792 t->skip = 1; 3793 return 0; 3794 } 3795 skipped++; 3796 pp++; 3797 goto start; 3798 } else if (strcmp(pp->key, "FIPSversion") == 0) { 3799 if (prov_available((char *)(intptr_t)"fips")) { 3800 j = fips_provider_version_match(libctx, pp->value); 3801 if (j < 0) { 3802 TEST_info("Line %d: error matching FIPS versions\n", t->s.curr); 3803 return 0; 3804 } else if (j == 0) { 3805 TEST_info("skipping, FIPS provider incompatible version: %s:%d", 3806 t->s.test_file, t->s.start); 3807 t->skip = 1; 3808 return 0; 3809 } 3810 } 3811 skipped++; 3812 pp++; 3813 goto start; 3814 } 3815 3816 /* If we have a key add to list */ 3817 if (klist != NULL) { 3818 if (find_key(NULL, pp->value, *klist)) { 3819 TEST_info("Duplicate key %s", pp->value); 3820 return 0; 3821 } 3822 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 3823 return 0; 3824 key->name = take_value(pp); 3825 key->key = pkey; 3826 key->next = *klist; 3827 *klist = key; 3828 3829 /* Go back and start a new stanza. */ 3830 if ((t->s.numpairs - skipped) != 1) 3831 TEST_info("Line %d: missing blank line\n", t->s.curr); 3832 goto top; 3833 } 3834 3835 /* Find the test, based on first keyword. */ 3836 if (!TEST_ptr(t->meth = find_test(pp->key))) 3837 return 0; 3838 if (!t->meth->init(t, pp->value)) { 3839 TEST_error("unknown %s: %s\n", pp->key, pp->value); 3840 return 0; 3841 } 3842 if (t->skip == 1) { 3843 /* TEST_info("skipping %s %s", pp->key, pp->value); */ 3844 return 0; 3845 } 3846 3847 for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) { 3848 if (strcmp(pp->key, "Securitycheck") == 0) { 3849 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS) 3850 #else 3851 if (!securitycheck_enabled()) 3852 #endif 3853 { 3854 TEST_info("skipping, Securitycheck is disabled: %s:%d", 3855 t->s.test_file, t->s.start); 3856 t->skip = 1; 3857 return 0; 3858 } 3859 } else if (strcmp(pp->key, "Availablein") == 0) { 3860 TEST_info("Line %d: 'Availablein' should be the first option", 3861 t->s.curr); 3862 return 0; 3863 } else if (strcmp(pp->key, "Result") == 0) { 3864 if (t->expected_err != NULL) { 3865 TEST_info("Line %d: multiple result lines", t->s.curr); 3866 return 0; 3867 } 3868 t->expected_err = take_value(pp); 3869 } else if (strcmp(pp->key, "Function") == 0) { 3870 /* Ignore old line. */ 3871 } else if (strcmp(pp->key, "Reason") == 0) { 3872 if (t->reason != NULL) { 3873 TEST_info("Line %d: multiple reason lines", t->s.curr); 3874 return 0; 3875 } 3876 t->reason = take_value(pp); 3877 } else { 3878 /* Must be test specific line: try to parse it */ 3879 int rv = t->meth->parse(t, pp->key, pp->value); 3880 3881 if (rv == 0) { 3882 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key); 3883 return 0; 3884 } 3885 if (rv < 0) { 3886 TEST_info("Line %d: error processing keyword %s = %s\n", 3887 t->s.curr, pp->key, pp->value); 3888 return 0; 3889 } 3890 } 3891 } 3892 3893 return 1; 3894 } 3895 3896 static int run_file_tests(int i) 3897 { 3898 EVP_TEST *t; 3899 const char *testfile = test_get_argument(i); 3900 int c; 3901 3902 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t)))) 3903 return 0; 3904 if (!test_start_file(&t->s, testfile)) { 3905 OPENSSL_free(t); 3906 return 0; 3907 } 3908 3909 while (!BIO_eof(t->s.fp)) { 3910 c = parse(t); 3911 if (t->skip) { 3912 t->s.numskip++; 3913 continue; 3914 } 3915 if (c == 0 || !run_test(t)) { 3916 t->s.errors++; 3917 break; 3918 } 3919 } 3920 test_end_file(&t->s); 3921 clear_test(t); 3922 3923 free_key_list(public_keys); 3924 free_key_list(private_keys); 3925 BIO_free(t->s.key); 3926 c = t->s.errors; 3927 OPENSSL_free(t); 3928 return c == 0; 3929 } 3930 3931 const OPTIONS *test_get_options(void) 3932 { 3933 static const OPTIONS test_options[] = { 3934 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), 3935 { "config", OPT_CONFIG_FILE, '<', 3936 "The configuration file to use for the libctx" }, 3937 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" }, 3938 { NULL } 3939 }; 3940 return test_options; 3941 } 3942 3943 int setup_tests(void) 3944 { 3945 size_t n; 3946 char *config_file = NULL; 3947 3948 OPTION_CHOICE o; 3949 3950 while ((o = opt_next()) != OPT_EOF) { 3951 switch (o) { 3952 case OPT_CONFIG_FILE: 3953 config_file = opt_arg(); 3954 break; 3955 case OPT_TEST_CASES: 3956 break; 3957 default: 3958 case OPT_ERR: 3959 return 0; 3960 } 3961 } 3962 3963 /* 3964 * Load the provider via configuration into the created library context. 3965 * Load the 'null' provider into the default library context to ensure that 3966 * the tests do not fallback to using the default provider. 3967 */ 3968 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL)) 3969 return 0; 3970 3971 n = test_get_argument_count(); 3972 if (n == 0) 3973 return 0; 3974 3975 ADD_ALL_TESTS(run_file_tests, n); 3976 return 1; 3977 } 3978 3979 void cleanup_tests(void) 3980 { 3981 OSSL_PROVIDER_unload(prov_null); 3982 OSSL_LIB_CTX_free(libctx); 3983 } 3984 3985 #define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0 3986 #define STR_ENDS_WITH(str, pre) \ 3987 strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) 3988 3989 static int is_digest_disabled(const char *name) 3990 { 3991 #ifdef OPENSSL_NO_BLAKE2 3992 if (STR_STARTS_WITH(name, "BLAKE")) 3993 return 1; 3994 #endif 3995 #ifdef OPENSSL_NO_MD2 3996 if (OPENSSL_strcasecmp(name, "MD2") == 0) 3997 return 1; 3998 #endif 3999 #ifdef OPENSSL_NO_MDC2 4000 if (OPENSSL_strcasecmp(name, "MDC2") == 0) 4001 return 1; 4002 #endif 4003 #ifdef OPENSSL_NO_MD4 4004 if (OPENSSL_strcasecmp(name, "MD4") == 0) 4005 return 1; 4006 #endif 4007 #ifdef OPENSSL_NO_MD5 4008 if (OPENSSL_strcasecmp(name, "MD5") == 0) 4009 return 1; 4010 #endif 4011 #ifdef OPENSSL_NO_RMD160 4012 if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0) 4013 return 1; 4014 #endif 4015 #ifdef OPENSSL_NO_SM3 4016 if (OPENSSL_strcasecmp(name, "SM3") == 0) 4017 return 1; 4018 #endif 4019 #ifdef OPENSSL_NO_WHIRLPOOL 4020 if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0) 4021 return 1; 4022 #endif 4023 return 0; 4024 } 4025 4026 static int is_pkey_disabled(const char *name) 4027 { 4028 #ifdef OPENSSL_NO_EC 4029 if (STR_STARTS_WITH(name, "EC")) 4030 return 1; 4031 #endif 4032 #ifdef OPENSSL_NO_DH 4033 if (STR_STARTS_WITH(name, "DH")) 4034 return 1; 4035 #endif 4036 #ifdef OPENSSL_NO_DSA 4037 if (STR_STARTS_WITH(name, "DSA")) 4038 return 1; 4039 #endif 4040 return 0; 4041 } 4042 4043 static int is_mac_disabled(const char *name) 4044 { 4045 #ifdef OPENSSL_NO_BLAKE2 4046 if (STR_STARTS_WITH(name, "BLAKE2BMAC") 4047 || STR_STARTS_WITH(name, "BLAKE2SMAC")) 4048 return 1; 4049 #endif 4050 #ifdef OPENSSL_NO_CMAC 4051 if (STR_STARTS_WITH(name, "CMAC")) 4052 return 1; 4053 #endif 4054 #ifdef OPENSSL_NO_POLY1305 4055 if (STR_STARTS_WITH(name, "Poly1305")) 4056 return 1; 4057 #endif 4058 #ifdef OPENSSL_NO_SIPHASH 4059 if (STR_STARTS_WITH(name, "SipHash")) 4060 return 1; 4061 #endif 4062 return 0; 4063 } 4064 static int is_kdf_disabled(const char *name) 4065 { 4066 #ifdef OPENSSL_NO_SCRYPT 4067 if (STR_ENDS_WITH(name, "SCRYPT")) 4068 return 1; 4069 #endif 4070 return 0; 4071 } 4072 4073 static int is_cipher_disabled(const char *name) 4074 { 4075 #ifdef OPENSSL_NO_ARIA 4076 if (STR_STARTS_WITH(name, "ARIA")) 4077 return 1; 4078 #endif 4079 #ifdef OPENSSL_NO_BF 4080 if (STR_STARTS_WITH(name, "BF")) 4081 return 1; 4082 #endif 4083 #ifdef OPENSSL_NO_CAMELLIA 4084 if (STR_STARTS_WITH(name, "CAMELLIA")) 4085 return 1; 4086 #endif 4087 #ifdef OPENSSL_NO_CAST 4088 if (STR_STARTS_WITH(name, "CAST")) 4089 return 1; 4090 #endif 4091 #ifdef OPENSSL_NO_CHACHA 4092 if (STR_STARTS_WITH(name, "CHACHA")) 4093 return 1; 4094 #endif 4095 #ifdef OPENSSL_NO_POLY1305 4096 if (STR_ENDS_WITH(name, "Poly1305")) 4097 return 1; 4098 #endif 4099 #ifdef OPENSSL_NO_DES 4100 if (STR_STARTS_WITH(name, "DES")) 4101 return 1; 4102 if (STR_ENDS_WITH(name, "3DESwrap")) 4103 return 1; 4104 #endif 4105 #ifdef OPENSSL_NO_OCB 4106 if (STR_ENDS_WITH(name, "OCB")) 4107 return 1; 4108 #endif 4109 #ifdef OPENSSL_NO_IDEA 4110 if (STR_STARTS_WITH(name, "IDEA")) 4111 return 1; 4112 #endif 4113 #ifdef OPENSSL_NO_RC2 4114 if (STR_STARTS_WITH(name, "RC2")) 4115 return 1; 4116 #endif 4117 #ifdef OPENSSL_NO_RC4 4118 if (STR_STARTS_WITH(name, "RC4")) 4119 return 1; 4120 #endif 4121 #ifdef OPENSSL_NO_RC5 4122 if (STR_STARTS_WITH(name, "RC5")) 4123 return 1; 4124 #endif 4125 #ifdef OPENSSL_NO_SEED 4126 if (STR_STARTS_WITH(name, "SEED")) 4127 return 1; 4128 #endif 4129 #ifdef OPENSSL_NO_SIV 4130 if (STR_ENDS_WITH(name, "SIV")) 4131 return 1; 4132 #endif 4133 #ifdef OPENSSL_NO_SM4 4134 if (STR_STARTS_WITH(name, "SM4")) 4135 return 1; 4136 #endif 4137 return 0; 4138 } 4139