1 /* 2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */ 11 #include <stdio.h> 12 #include <string.h> 13 #include <stdlib.h> 14 #include <ctype.h> 15 #include <openssl/evp.h> 16 #include <openssl/pem.h> 17 #include <openssl/err.h> 18 #include <openssl/provider.h> 19 #include <openssl/x509v3.h> 20 #include <openssl/pkcs12.h> 21 #include <openssl/kdf.h> 22 #include <openssl/params.h> 23 #include <openssl/param_build.h> 24 #include <openssl/core_names.h> 25 #include <openssl/fips_names.h> 26 #include <openssl/thread.h> 27 #include "internal/numbers.h" 28 #include "internal/nelem.h" 29 #include "internal/sizes.h" 30 #include "crypto/evp.h" 31 #include "testutil.h" 32 33 typedef struct evp_test_buffer_st EVP_TEST_BUFFER; 34 DEFINE_STACK_OF(EVP_TEST_BUFFER) 35 36 #define AAD_NUM 4 37 38 typedef struct evp_test_method_st EVP_TEST_METHOD; 39 40 /* Structure holding test information */ 41 typedef struct evp_test_st { 42 STANZA s; /* Common test stanza */ 43 char *name; 44 int skip; /* Current test should be skipped */ 45 const EVP_TEST_METHOD *meth; /* method for this test */ 46 const char *err, *aux_err; /* Error string for test */ 47 char *expected_err; /* Expected error value of test */ 48 char *reason; /* Expected error reason string */ 49 void *data; /* test specific data */ 50 int expect_unapproved; 51 } EVP_TEST; 52 53 /* Test method structure */ 54 struct evp_test_method_st { 55 /* Name of test as it appears in file */ 56 const char *name; 57 /* Initialise test for "alg" */ 58 int (*init)(EVP_TEST *t, const char *alg); 59 /* Clean up method */ 60 void (*cleanup)(EVP_TEST *t); 61 /* Test specific name value pair processing */ 62 int (*parse)(EVP_TEST *t, const char *name, const char *value); 63 /* Run the test itself */ 64 int (*run_test)(EVP_TEST *t); 65 }; 66 67 /* Linked list of named keys. */ 68 typedef struct key_list_st { 69 char *name; 70 EVP_PKEY *key; 71 struct key_list_st *next; 72 } KEY_LIST; 73 74 typedef enum OPTION_choice { 75 OPT_ERR = -1, 76 OPT_EOF = 0, 77 OPT_CONFIG_FILE, 78 OPT_IN_PLACE, 79 OPT_PROVIDER_NAME, 80 OPT_PROV_PROPQUERY, 81 OPT_DATA_CHUNK, 82 OPT_TEST_ENUM 83 } OPTION_CHOICE; 84 85 static OSSL_PROVIDER *prov_null = NULL; 86 static OSSL_PROVIDER *libprov = NULL; 87 static OSSL_LIB_CTX *libctx = NULL; 88 static int fips_indicator_callback_unapproved_count = 0; 89 static int extended_tests = 0; 90 91 /* List of public and private keys */ 92 static KEY_LIST *private_keys; 93 static KEY_LIST *public_keys; 94 95 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); 96 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); 97 static int parse_bin_chunk(const char *value, size_t offset, size_t max, 98 unsigned char **buf, size_t *buflen, size_t *out_offset); 99 static int is_digest_disabled(const char *name); 100 static int is_pkey_disabled(const char *name); 101 static int is_mac_disabled(const char *name); 102 static int is_cipher_disabled(const char *name); 103 static int is_kdf_disabled(const char *name); 104 105 /* A callback that is triggered if fips unapproved mode is detected */ 106 static int fips_indicator_cb(const char *type, const char *desc, 107 const OSSL_PARAM params[]) 108 { 109 fips_indicator_callback_unapproved_count++; 110 TEST_info("(Indicator Callback received %s : %s is not approved)", type, desc); 111 return 1; 112 } 113 114 static int check_fips_approved(EVP_TEST *t, int approved) 115 { 116 /* 117 * If the expected result is approved 118 * then it is expected that approved will be 1 119 * and the fips indicator callback has not been triggered, otherwise 120 * approved should be 0 and the fips indicator callback should be triggered. 121 */ 122 if (t->expect_unapproved) { 123 if (approved == 1 || fips_indicator_callback_unapproved_count == 0) { 124 TEST_error("Test is not expected to be FIPS approved"); 125 return 0; 126 } 127 } else { 128 if (approved == 0 || fips_indicator_callback_unapproved_count > 0) { 129 TEST_error("Test is expected to be FIPS approved"); 130 return 0; 131 } 132 } 133 return 1; 134 } 135 136 static int mac_check_fips_approved(EVP_MAC_CTX *ctx, EVP_TEST *t) 137 { 138 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 139 /* 140 * For any getters that do not handle the FIPS indicator assume a default 141 * value of approved. 142 */ 143 int approved = 1; 144 145 if (EVP_MAC_CTX_gettable_params(ctx) == NULL) 146 return 1; 147 148 params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR, 149 &approved); 150 if (!EVP_MAC_CTX_get_params(ctx, params)) 151 return 0; 152 return check_fips_approved(t, approved); 153 } 154 155 static int pkey_check_fips_approved(EVP_PKEY_CTX *ctx, EVP_TEST *t) 156 { 157 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 158 /* 159 * For any getters that do not handle the FIPS indicator assume a default 160 * value of approved. 161 */ 162 int approved = 1; 163 const OSSL_PARAM *gettables = EVP_PKEY_CTX_gettable_params(ctx); 164 165 if (gettables == NULL 166 || OSSL_PARAM_locate_const(gettables, 167 OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR) 168 == NULL) 169 return 1; 170 171 /* Older providers dont have a gettable */ 172 if (EVP_PKEY_CTX_gettable_params(ctx) == NULL) 173 return 1; 174 175 params[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, 176 &approved); 177 if (!EVP_PKEY_CTX_get_params(ctx, params)) 178 return 0; 179 return check_fips_approved(t, approved); 180 } 181 182 static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t) 183 { 184 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 185 /* 186 * For any getters that do not handle the FIPS indicator assume a default 187 * value of approved. 188 */ 189 int approved = 1; 190 191 if (EVP_RAND_CTX_gettable_params(ctx) == NULL) 192 return 1; 193 194 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR, 195 &approved); 196 if (!EVP_RAND_CTX_get_params(ctx, params)) 197 return 0; 198 return check_fips_approved(t, approved); 199 } 200 201 static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value) 202 { 203 char *data = OPENSSL_strdup(value); 204 205 if (data == NULL) 206 return -1; 207 208 if (sk_OPENSSL_STRING_push(controls, data) <= 0) { 209 OPENSSL_free(data); 210 return -1; 211 } 212 213 return 1; 214 } 215 216 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ 217 static void openssl_free(char *m) 218 { 219 OPENSSL_free(m); 220 } 221 222 static void ctrlfree(STACK_OF(OPENSSL_STRING) *controls) 223 { 224 sk_OPENSSL_STRING_pop_free(controls, openssl_free); 225 } 226 227 /* 228 * This is used if ctrl2params() passes settables as NULL. 229 * A default list of settable OSSL_PARAM that may be set during an operations 230 * init(). 231 * Using the algorithms settable list is problematic since it requires that the 232 * init() has already run. 233 */ 234 static const OSSL_PARAM settable_ctx_params[] = { 235 OSSL_PARAM_int("key-check", NULL), 236 OSSL_PARAM_int("digest-check", NULL), 237 OSSL_PARAM_int("ems_check", NULL), 238 OSSL_PARAM_int("sign-check", NULL), 239 OSSL_PARAM_int("encrypt-check", NULL), 240 OSSL_PARAM_int("rsa-pss-saltlen-check", NULL), 241 OSSL_PARAM_int("sign-x931-pad-check", NULL), 242 OSSL_PARAM_END 243 }; 244 245 static int ctrl2params(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls, 246 const OSSL_PARAM *settables, 247 OSSL_PARAM params[], size_t params_sz, size_t *params_n) 248 { 249 int i; 250 251 if (settables == NULL) 252 settables = settable_ctx_params; 253 /* check bounds */ 254 if (*params_n + sk_OPENSSL_STRING_num(controls) >= params_sz) { 255 t->err = "ERR_TOO_MANY_PARAMETERS"; 256 goto err; 257 } 258 for (i = 0; i < sk_OPENSSL_STRING_num(controls); i++) { 259 char *tmpkey, *tmpval; 260 char *value = sk_OPENSSL_STRING_value(controls, i); 261 262 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) { 263 t->err = "ERR_PARAM_ERROR"; 264 goto err; 265 } 266 tmpval = strchr(tmpkey, ':'); 267 if (tmpval != NULL) 268 *tmpval++ = '\0'; 269 270 if (tmpval == NULL 271 || !OSSL_PARAM_allocate_from_text(¶ms[*params_n], 272 settables, 273 tmpkey, tmpval, 274 strlen(tmpval), NULL)) { 275 OPENSSL_free(tmpkey); 276 t->err = "ERR_PARAM_ERROR"; 277 goto err; 278 } 279 *params_n += 1; 280 OPENSSL_free(tmpkey); 281 } 282 params[*params_n] = OSSL_PARAM_construct_end(); 283 return 1; 284 err: 285 return 0; 286 } 287 288 static void ctrl2params_free(OSSL_PARAM params[], 289 size_t params_n, size_t params_n_allocstart) 290 { 291 while (params_n-- > params_n_allocstart) { 292 OPENSSL_free(params[params_n].data); 293 } 294 } 295 296 static int kdf_check_fips_approved(EVP_KDF_CTX *ctx, EVP_TEST *t) 297 { 298 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 299 int approved = 1; 300 301 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR, 302 &approved); 303 if (!EVP_KDF_CTX_get_params(ctx, params)) 304 return 0; 305 return check_fips_approved(t, approved); 306 } 307 308 static int cipher_check_fips_approved(EVP_CIPHER_CTX *ctx, EVP_TEST *t) 309 { 310 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 311 int approved = 1; 312 313 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR, 314 &approved); 315 if (!EVP_CIPHER_CTX_get_params(ctx, params)) 316 return 0; 317 return check_fips_approved(t, approved); 318 } 319 320 /* 321 * Compare two memory regions for equality, returning zero if they differ. 322 * However, if there is expected to be an error and the actual error 323 * matches then the memory is expected to be different so handle this 324 * case without producing unnecessary test framework output. 325 */ 326 static int memory_err_compare(EVP_TEST *t, const char *err, 327 const void *expected, size_t expected_len, 328 const void *got, size_t got_len) 329 { 330 int r; 331 332 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0) 333 r = !TEST_mem_ne(expected, expected_len, got, got_len); 334 else 335 r = TEST_mem_eq(expected, expected_len, got, got_len); 336 if (!r) 337 t->err = err; 338 return r; 339 } 340 341 /* Option specific for evp test */ 342 static int process_mode_in_place; 343 static const char *propquery = NULL; 344 static int data_chunk_size; 345 346 static int evp_test_process_mode(char *mode) 347 { 348 if (strcmp(mode, "in_place") == 0) 349 return 1; 350 else if (strcmp(mode, "both") == 0) 351 return 0; 352 return -1; 353 } 354 355 /* 356 * Structure used to hold a list of blocks of memory to test 357 * calls to "update" like functions. 358 */ 359 struct evp_test_buffer_st { 360 unsigned char *buf; 361 size_t buflen; 362 size_t count; 363 int count_set; 364 }; 365 366 static void evp_test_buffer_free(EVP_TEST_BUFFER *db) 367 { 368 if (db != NULL) { 369 OPENSSL_free(db->buf); 370 OPENSSL_free(db); 371 } 372 } 373 374 /* append buffer to a list */ 375 static int evp_test_buffer_append(const char *value, size_t max_len, 376 STACK_OF(EVP_TEST_BUFFER) **sk) 377 { 378 EVP_TEST_BUFFER *db = NULL; 379 int rv = 0; 380 size_t offset = 0; 381 382 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null())) 383 goto err; 384 385 do { 386 if (!TEST_ptr(db = OPENSSL_zalloc(sizeof(*db)))) 387 goto err; 388 if (max_len == 0) { 389 /* parse all in one shot */ 390 if ((rv = parse_bin(value, &db->buf, &db->buflen)) != 1) 391 goto err; 392 } else { 393 /* parse in chunks */ 394 size_t new_offset = 0; 395 396 if ((rv = parse_bin_chunk(value, offset, max_len, &db->buf, 397 &db->buflen, &new_offset)) 398 == -1) 399 goto err; 400 offset = new_offset; 401 } 402 403 db->count = 1; 404 db->count_set = 0; 405 406 if (db->buf == NULL) 407 evp_test_buffer_free(db); 408 else if (db->buf != NULL && !sk_EVP_TEST_BUFFER_push(*sk, db)) 409 goto err; 410 /* if processing by chunks, continue until the whole value is parsed */ 411 } while (rv == 1 && max_len != 0); 412 413 return 1; 414 415 err: 416 evp_test_buffer_free(db); 417 return 0; 418 } 419 420 /* replace last buffer in list with copies of itself */ 421 static int evp_test_buffer_ncopy(const char *value, 422 STACK_OF(EVP_TEST_BUFFER) *sk) 423 { 424 EVP_TEST_BUFFER *db; 425 unsigned char *tbuf, *p; 426 size_t tbuflen; 427 int ncopy = atoi(value); 428 int i; 429 430 if (ncopy <= 0) 431 return 0; 432 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 433 return 0; 434 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 435 436 tbuflen = db->buflen * ncopy; 437 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen))) 438 return 0; 439 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen) 440 memcpy(p, db->buf, db->buflen); 441 442 OPENSSL_free(db->buf); 443 db->buf = tbuf; 444 db->buflen = tbuflen; 445 return 1; 446 } 447 448 /* set repeat count for last buffer in list */ 449 static int evp_test_buffer_set_count(const char *value, 450 STACK_OF(EVP_TEST_BUFFER) *sk) 451 { 452 EVP_TEST_BUFFER *db; 453 int count = atoi(value); 454 455 if (count <= 0) 456 return 0; 457 458 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 459 return 0; 460 461 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 462 if (db->count_set != 0) 463 return 0; 464 465 db->count = (size_t)count; 466 db->count_set = 1; 467 return 1; 468 } 469 470 /* call "fn" with each element of the list in turn */ 471 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk, 472 int (*fn)(void *ctx, 473 const unsigned char *buf, 474 size_t buflen), 475 void *ctx) 476 { 477 int i; 478 479 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) { 480 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i); 481 size_t j; 482 483 for (j = 0; j < tb->count; j++) { 484 if (fn(ctx, tb->buf, tb->buflen) <= 0) 485 return 0; 486 } 487 } 488 return 1; 489 } 490 491 /* 492 * Unescape some sequences in string literals (only \n for now). 493 * Return an allocated buffer, set |out_len|. If |input_len| 494 * is zero, get an empty buffer but set length to zero. 495 */ 496 static unsigned char *unescape(const char *input, size_t input_len, 497 size_t *out_len) 498 { 499 unsigned char *ret, *p; 500 size_t i; 501 502 if (input_len == 0) { 503 *out_len = 0; 504 return OPENSSL_zalloc(1); 505 } 506 507 /* Escaping is non-expanding; over-allocate original size for simplicity. */ 508 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len))) 509 return NULL; 510 511 for (i = 0; i < input_len; i++) { 512 if (*input == '\\') { 513 if (i == input_len - 1 || *++input != 'n') { 514 TEST_error("Bad escape sequence in file"); 515 goto err; 516 } 517 *p++ = '\n'; 518 i++; 519 input++; 520 } else { 521 *p++ = *input++; 522 } 523 } 524 525 *out_len = p - ret; 526 return ret; 527 528 err: 529 OPENSSL_free(ret); 530 return NULL; 531 } 532 533 /* 534 * For a hex string "value" convert to a binary allocated buffer. 535 * Return 1 on success or 0 on failure. 536 */ 537 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen) 538 { 539 long len; 540 541 /* Check for NULL literal */ 542 if (strcmp(value, "NULL") == 0) { 543 *buf = NULL; 544 *buflen = 0; 545 return 1; 546 } 547 548 /* Check for empty value */ 549 if (*value == '\0') { 550 /* 551 * Don't return NULL for zero length buffer. This is needed for 552 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key 553 * buffer even if the key length is 0, in order to detect key reset. 554 */ 555 *buf = OPENSSL_malloc(1); 556 if (*buf == NULL) 557 return 0; 558 **buf = 0; 559 *buflen = 0; 560 return 1; 561 } 562 563 /* Check for string literal */ 564 if (value[0] == '"') { 565 size_t vlen = strlen(++value); 566 567 if (vlen == 0 || value[vlen - 1] != '"') 568 return 0; 569 vlen--; 570 *buf = unescape(value, vlen, buflen); 571 return *buf == NULL ? 0 : 1; 572 } 573 574 /* Otherwise assume as hex literal and convert it to binary buffer */ 575 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) { 576 TEST_info("Can't convert %s", value); 577 TEST_openssl_errors(); 578 return -1; 579 } 580 /* Size of input buffer means we'll never overflow */ 581 *buflen = len; 582 return 1; 583 } 584 585 /* 586 * Convert at maximum "max" bytes to a binary allocated buffer. 587 * Return 1 on success, -1 on failure or 0 for end of value string. 588 */ 589 static int parse_bin_chunk(const char *value, size_t offset, size_t max, 590 unsigned char **buf, size_t *buflen, size_t *out_offset) 591 { 592 size_t vlen; 593 size_t chunk_len; 594 const char *value_str = value[0] == '"' ? value + offset + 1 : value + offset; 595 596 if (max < 1) 597 return -1; 598 599 if (*value == '\0' || strcmp(value, "\"\"") == 0) { 600 *buf = OPENSSL_malloc(1); 601 if (*buf == NULL) 602 return 0; 603 **buf = 0; 604 *buflen = 0; 605 return 0; 606 } 607 608 if (*value_str == '\0') 609 return 0; 610 611 vlen = strlen(value_str); 612 if (value[0] == '"') { 613 /* Parse string literal */ 614 if (vlen == 1 && value_str[0] != '"') 615 /* Missing ending quotation mark */ 616 return -1; 617 if (vlen == 1 && value_str[0] == '"') 618 /* End of value */ 619 return 0; 620 vlen--; 621 chunk_len = max > vlen ? vlen : max; 622 if ((*buf = unescape(value_str, chunk_len, buflen)) == NULL) 623 return -1; 624 } else { 625 /* Parse hex string chunk */ 626 long len; 627 char *chunk = NULL; 628 629 chunk_len = 2 * max > vlen ? vlen : 2 * max; 630 chunk = OPENSSL_strndup(value_str, chunk_len); 631 if (chunk == NULL) 632 return -1; 633 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(chunk, &len))) { 634 OPENSSL_free(chunk); 635 TEST_openssl_errors(); 636 return -1; 637 } 638 OPENSSL_free(chunk); 639 *buflen = len; 640 } 641 *out_offset = value[0] == '"' ? offset + (*buflen) : offset + 2 * (*buflen); 642 return 1; 643 } 644 645 /** 646 ** MESSAGE DIGEST TESTS 647 **/ 648 649 typedef struct digest_data_st { 650 /* Digest this test is for */ 651 const EVP_MD *digest; 652 EVP_MD *fetched_digest; 653 /* Input to digest */ 654 STACK_OF(EVP_TEST_BUFFER) *input; 655 /* Expected output */ 656 unsigned char *output; 657 size_t output_len; 658 /* Padding type */ 659 int pad_type; 660 /* XOF mode? */ 661 int xof; 662 /* Size for variable output length but non-XOF */ 663 size_t digest_size; 664 } DIGEST_DATA; 665 666 static int digest_test_init(EVP_TEST *t, const char *alg) 667 { 668 DIGEST_DATA *mdat; 669 const EVP_MD *digest; 670 EVP_MD *fetched_digest; 671 672 if (is_digest_disabled(alg)) { 673 TEST_info("skipping, '%s' is disabled", alg); 674 t->skip = 1; 675 return 1; 676 } 677 678 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL 679 && (digest = EVP_get_digestbyname(alg)) == NULL) 680 return 0; 681 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) { 682 EVP_MD_free(fetched_digest); 683 return 0; 684 } 685 t->data = mdat; 686 mdat->digest = digest; 687 mdat->fetched_digest = fetched_digest; 688 mdat->pad_type = 0; 689 mdat->xof = 0; 690 if (fetched_digest != NULL) 691 TEST_info("%s is fetched", alg); 692 return 1; 693 } 694 695 static void digest_test_cleanup(EVP_TEST *t) 696 { 697 DIGEST_DATA *mdat = t->data; 698 699 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free); 700 OPENSSL_free(mdat->output); 701 EVP_MD_free(mdat->fetched_digest); 702 } 703 704 static int digest_test_parse(EVP_TEST *t, 705 const char *keyword, const char *value) 706 { 707 DIGEST_DATA *mdata = t->data; 708 709 if (strcmp(keyword, "Input") == 0) 710 return evp_test_buffer_append(value, data_chunk_size, &mdata->input); 711 if (strcmp(keyword, "Output") == 0) 712 return parse_bin(value, &mdata->output, &mdata->output_len); 713 if (strcmp(keyword, "Count") == 0) 714 return evp_test_buffer_set_count(value, mdata->input); 715 if (strcmp(keyword, "Ncopy") == 0) 716 return evp_test_buffer_ncopy(value, mdata->input); 717 if (strcmp(keyword, "Padding") == 0) 718 return (mdata->pad_type = atoi(value)) > 0; 719 if (strcmp(keyword, "XOF") == 0) 720 return (mdata->xof = atoi(value)) > 0; 721 if (strcmp(keyword, "OutputSize") == 0) { 722 int sz; 723 724 sz = atoi(value); 725 if (sz < 0) 726 return -1; 727 mdata->digest_size = sz; 728 return 1; 729 } 730 return 0; 731 } 732 733 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen) 734 { 735 return EVP_DigestUpdate(ctx, buf, buflen); 736 } 737 738 static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx) 739 { 740 char dont[] = "touch"; 741 742 if (!TEST_ptr(mctx)) 743 return 0; 744 if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) { 745 EVP_MD_CTX_free(mctx); 746 t->err = "DIGESTFINALXOF_ERROR"; 747 return 0; 748 } 749 if (!TEST_str_eq(dont, "touch")) { 750 EVP_MD_CTX_free(mctx); 751 t->err = "DIGESTFINALXOF_ERROR"; 752 return 0; 753 } 754 EVP_MD_CTX_free(mctx); 755 return 1; 756 } 757 758 static int digest_test_run(EVP_TEST *t) 759 { 760 DIGEST_DATA *expected = t->data; 761 EVP_TEST_BUFFER *inbuf; 762 EVP_MD_CTX *mctx; 763 unsigned char *got = NULL; 764 unsigned int got_len; 765 size_t size = 0; 766 int xof = 0; 767 OSSL_PARAM params[4], *p = ¶ms[0]; 768 769 t->err = "TEST_FAILURE"; 770 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 771 goto err; 772 773 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? expected->output_len : EVP_MAX_MD_SIZE); 774 if (!TEST_ptr(got)) 775 goto err; 776 777 if (expected->xof > 0) { 778 xof |= 1; 779 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, 780 &expected->output_len); 781 } 782 if (expected->digest_size > 0) { 783 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, 784 &expected->digest_size); 785 } 786 if (expected->pad_type > 0) 787 *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, 788 &expected->pad_type); 789 *p++ = OSSL_PARAM_construct_end(); 790 791 if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) { 792 t->err = "DIGESTINIT_ERROR"; 793 goto err; 794 } 795 796 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) { 797 t->err = "DIGESTUPDATE_ERROR"; 798 goto err; 799 } 800 801 xof |= EVP_MD_xof(expected->digest); 802 if (xof) { 803 EVP_MD_CTX *mctx_cpy; 804 805 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) { 806 goto err; 807 } 808 if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) { 809 EVP_MD_CTX_free(mctx_cpy); 810 goto err; 811 } else if (!test_duplicate_md_ctx(t, mctx_cpy)) { 812 goto err; 813 } 814 815 if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx))) 816 goto err; 817 818 got_len = expected->output_len; 819 if (!EVP_DigestFinalXOF(mctx, got, got_len)) { 820 t->err = "DIGESTFINALXOF_ERROR"; 821 goto err; 822 } 823 } else { 824 if (!EVP_DigestFinal(mctx, got, &got_len)) { 825 t->err = "DIGESTFINAL_ERROR"; 826 goto err; 827 } 828 } 829 if (!TEST_int_eq(expected->output_len, got_len)) { 830 t->err = "DIGEST_LENGTH_MISMATCH"; 831 goto err; 832 } 833 if (!memory_err_compare(t, "DIGEST_MISMATCH", 834 expected->output, expected->output_len, 835 got, got_len)) 836 goto err; 837 838 t->err = NULL; 839 840 /* Test the EVP_Q_digest interface as well */ 841 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1 842 && !xof 843 /* This should never fail but we need the returned pointer now */ 844 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0)) 845 && !inbuf->count_set) { 846 OPENSSL_cleanse(got, got_len); 847 if (!TEST_true(EVP_Q_digest(libctx, 848 EVP_MD_get0_name(expected->fetched_digest), 849 NULL, inbuf->buf, inbuf->buflen, 850 got, &size)) 851 || !TEST_mem_eq(got, size, 852 expected->output, expected->output_len)) { 853 t->err = "EVP_Q_digest failed"; 854 goto err; 855 } 856 } 857 858 err: 859 OPENSSL_free(got); 860 EVP_MD_CTX_free(mctx); 861 return 1; 862 } 863 864 static const EVP_TEST_METHOD digest_test_method = { 865 "Digest", 866 digest_test_init, 867 digest_test_cleanup, 868 digest_test_parse, 869 digest_test_run 870 }; 871 872 /** 873 *** CIPHER TESTS 874 **/ 875 876 typedef struct cipher_data_st { 877 const EVP_CIPHER *cipher; 878 EVP_CIPHER *fetched_cipher; 879 int enc; 880 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ 881 int aead; 882 unsigned char *key; 883 size_t key_len; 884 size_t key_bits; /* Used by RC2 */ 885 unsigned char *iv; 886 unsigned char *next_iv; /* Expected IV state after operation */ 887 unsigned int rounds; 888 size_t iv_len; 889 unsigned char *plaintext; 890 size_t plaintext_len; 891 unsigned char *ciphertext; 892 size_t ciphertext_len; 893 /* AEAD ciphers only */ 894 unsigned char *aad[AAD_NUM]; 895 size_t aad_len[AAD_NUM]; 896 int tls_aad; 897 int tls_version; 898 unsigned char *tag; 899 const char *cts_mode; 900 size_t tag_len; 901 int tag_late; 902 unsigned char *mac_key; 903 size_t mac_key_len; 904 const char *xts_standard; 905 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 906 } CIPHER_DATA; 907 908 /* 909 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special 910 * requirements about input lengths so we don't fragment for those 911 */ 912 static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat) 913 { 914 return (cdat->aead == EVP_CIPH_CCM_MODE 915 || cdat->aead == EVP_CIPH_CBC_MODE 916 || (cdat->aead == -1 917 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER) 918 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) 919 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE 920 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE 921 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE 922 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) 923 ? 0 924 : 1; 925 } 926 927 static int cipher_test_init(EVP_TEST *t, const char *alg) 928 { 929 const EVP_CIPHER *cipher; 930 EVP_CIPHER *fetched_cipher; 931 CIPHER_DATA *cdat; 932 int m; 933 934 if (is_cipher_disabled(alg)) { 935 t->skip = 1; 936 TEST_info("skipping, '%s' is disabled", alg); 937 return 1; 938 } 939 940 ERR_set_mark(); 941 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL 942 && (cipher = EVP_get_cipherbyname(alg)) == NULL) { 943 /* a stitched cipher might not be available */ 944 if (strstr(alg, "HMAC") != NULL) { 945 ERR_pop_to_mark(); 946 t->skip = 1; 947 TEST_info("skipping, '%s' is not available", alg); 948 return 1; 949 } 950 ERR_clear_last_mark(); 951 return 0; 952 } 953 ERR_clear_last_mark(); 954 955 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat)))) 956 return 0; 957 958 cdat->init_controls = sk_OPENSSL_STRING_new_null(); 959 cdat->cipher = cipher; 960 cdat->fetched_cipher = fetched_cipher; 961 cdat->enc = -1; 962 m = EVP_CIPHER_get_mode(cipher); 963 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) 964 cdat->aead = m != 0 ? m : -1; 965 else 966 cdat->aead = 0; 967 968 if (data_chunk_size != 0 && !cipher_test_valid_fragmentation(cdat)) { 969 ERR_pop_to_mark(); 970 EVP_CIPHER_free(fetched_cipher); 971 OPENSSL_free(cdat); 972 t->skip = 1; 973 TEST_info("skipping, '%s' does not support fragmentation", alg); 974 return 1; 975 } 976 977 t->data = cdat; 978 if (fetched_cipher != NULL) 979 TEST_info("%s is fetched", alg); 980 return 1; 981 } 982 983 static void cipher_test_cleanup(EVP_TEST *t) 984 { 985 int i; 986 CIPHER_DATA *cdat = t->data; 987 988 OPENSSL_free(cdat->key); 989 OPENSSL_free(cdat->iv); 990 OPENSSL_free(cdat->next_iv); 991 OPENSSL_free(cdat->ciphertext); 992 OPENSSL_free(cdat->plaintext); 993 for (i = 0; i < AAD_NUM; i++) 994 OPENSSL_free(cdat->aad[i]); 995 OPENSSL_free(cdat->tag); 996 OPENSSL_free(cdat->mac_key); 997 EVP_CIPHER_free(cdat->fetched_cipher); 998 ctrlfree(cdat->init_controls); 999 } 1000 1001 static int cipher_test_parse(EVP_TEST *t, const char *keyword, 1002 const char *value) 1003 { 1004 CIPHER_DATA *cdat = t->data; 1005 int i; 1006 1007 if (strcmp(keyword, "Key") == 0) 1008 return parse_bin(value, &cdat->key, &cdat->key_len); 1009 if (strcmp(keyword, "Rounds") == 0) { 1010 i = atoi(value); 1011 if (i < 0) 1012 return -1; 1013 cdat->rounds = (unsigned int)i; 1014 return 1; 1015 } 1016 if (strcmp(keyword, "IV") == 0) 1017 return parse_bin(value, &cdat->iv, &cdat->iv_len); 1018 if (strcmp(keyword, "NextIV") == 0) 1019 return parse_bin(value, &cdat->next_iv, &cdat->iv_len); 1020 if (strcmp(keyword, "Plaintext") == 0) 1021 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len); 1022 if (strcmp(keyword, "Ciphertext") == 0) 1023 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); 1024 if (strcmp(keyword, "KeyBits") == 0) { 1025 i = atoi(value); 1026 if (i < 0) 1027 return -1; 1028 cdat->key_bits = (size_t)i; 1029 return 1; 1030 } 1031 if (cdat->aead) { 1032 int tls_aad = 0; 1033 1034 if (strcmp(keyword, "TLSAAD") == 0) 1035 cdat->tls_aad = tls_aad = 1; 1036 if (strcmp(keyword, "AAD") == 0 || tls_aad) { 1037 for (i = 0; i < AAD_NUM; i++) { 1038 if (cdat->aad[i] == NULL) 1039 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]); 1040 } 1041 return -1; 1042 } 1043 if (strcmp(keyword, "Tag") == 0) 1044 return parse_bin(value, &cdat->tag, &cdat->tag_len); 1045 if (strcmp(keyword, "SetTagLate") == 0) { 1046 if (strcmp(value, "TRUE") == 0) 1047 cdat->tag_late = 1; 1048 else if (strcmp(value, "FALSE") == 0) 1049 cdat->tag_late = 0; 1050 else 1051 return -1; 1052 return 1; 1053 } 1054 if (strcmp(keyword, "MACKey") == 0) 1055 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len); 1056 if (strcmp(keyword, "TLSVersion") == 0) { 1057 char *endptr; 1058 1059 cdat->tls_version = (int)strtol(value, &endptr, 0); 1060 return value[0] != '\0' && endptr[0] == '\0'; 1061 } 1062 } 1063 1064 if (strcmp(keyword, "Operation") == 0) { 1065 if (strcmp(value, "ENCRYPT") == 0) 1066 cdat->enc = 1; 1067 else if (strcmp(value, "DECRYPT") == 0) 1068 cdat->enc = 0; 1069 else 1070 return -1; 1071 return 1; 1072 } 1073 if (strcmp(keyword, "CTSMode") == 0) { 1074 cdat->cts_mode = value; 1075 return 1; 1076 } 1077 if (strcmp(keyword, "XTSStandard") == 0) { 1078 cdat->xts_standard = value; 1079 return 1; 1080 } 1081 if (strcmp(keyword, "CtrlInit") == 0) 1082 return ctrladd(cdat->init_controls, value); 1083 return 0; 1084 } 1085 1086 static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign, 1087 size_t inp_misalign, int frag, int in_place, 1088 const OSSL_PARAM initparams[]) 1089 { 1090 CIPHER_DATA *expected = t->data; 1091 unsigned char *in, *expected_out, *tmp = NULL; 1092 size_t in_len, out_len, donelen = 0; 1093 int ok = 0, tmplen, chunklen, tmpflen, i; 1094 EVP_CIPHER_CTX *ctx_base = NULL; 1095 EVP_CIPHER_CTX *ctx = NULL, *duped; 1096 int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0); 1097 1098 t->err = "TEST_FAILURE"; 1099 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new())) 1100 goto err; 1101 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 1102 goto err; 1103 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); 1104 if (enc) { 1105 in = expected->plaintext; 1106 in_len = expected->plaintext_len; 1107 expected_out = expected->ciphertext; 1108 out_len = expected->ciphertext_len; 1109 } else { 1110 in = expected->ciphertext; 1111 in_len = expected->ciphertext_len; 1112 expected_out = expected->plaintext; 1113 out_len = expected->plaintext_len; 1114 } 1115 if (in_place == 1) { 1116 /* Exercise in-place encryption */ 1117 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH); 1118 if (!tmp) 1119 goto err; 1120 in = memcpy(tmp + out_misalign, in, in_len); 1121 } else { 1122 inp_misalign += 16 - ((out_misalign + in_len) & 15); 1123 /* 1124 * 'tmp' will store both output and copy of input. We make the copy 1125 * of input to specifically aligned part of 'tmp'. So we just 1126 * figured out how much padding would ensure the required alignment, 1127 * now we allocate extended buffer and finally copy the input just 1128 * past inp_misalign in expression below. Output will be written 1129 * past out_misalign... 1130 */ 1131 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign + in_len); 1132 if (!tmp) 1133 goto err; 1134 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign, in, in_len); 1135 } 1136 if (!EVP_CipherInit_ex2(ctx_base, expected->cipher, NULL, NULL, enc, 1137 initparams)) { 1138 t->err = "CIPHERINIT_ERROR"; 1139 goto err; 1140 } 1141 if (expected->cts_mode != NULL) { 1142 OSSL_PARAM params[2]; 1143 1144 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, 1145 (char *)(intptr_t)expected->cts_mode, 1146 0); 1147 params[1] = OSSL_PARAM_construct_end(); 1148 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) { 1149 t->err = "INVALID_CTS_MODE"; 1150 goto err; 1151 } 1152 } 1153 if (expected->iv) { 1154 if (expected->aead) { 1155 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, 1156 expected->iv_len, 0) 1157 <= 0) { 1158 t->err = "INVALID_IV_LENGTH"; 1159 goto err; 1160 } 1161 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) { 1162 t->err = "INVALID_IV_LENGTH"; 1163 goto err; 1164 } 1165 } 1166 if (expected->aead && !expected->tls_aad) { 1167 unsigned char *tag; 1168 /* 1169 * If encrypting or OCB just set tag length initially, otherwise 1170 * set tag length and value. 1171 */ 1172 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) { 1173 t->err = "TAG_LENGTH_SET_ERROR"; 1174 tag = NULL; 1175 } else { 1176 t->err = "TAG_SET_ERROR"; 1177 tag = expected->tag; 1178 } 1179 if (tag || expected->aead != EVP_CIPH_GCM_MODE) { 1180 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, 1181 expected->tag_len, tag) 1182 <= 0) 1183 goto err; 1184 } 1185 } 1186 1187 if (expected->rounds > 0) { 1188 int rounds = (int)expected->rounds; 1189 1190 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) { 1191 t->err = "INVALID_ROUNDS"; 1192 goto err; 1193 } 1194 } 1195 1196 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) { 1197 t->err = "INVALID_KEY_LENGTH"; 1198 goto err; 1199 } 1200 if (expected->key_bits > 0) { 1201 int bits = (int)expected->key_bits; 1202 1203 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) { 1204 t->err = "INVALID KEY BITS"; 1205 goto err; 1206 } 1207 } 1208 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) { 1209 t->err = "KEY_SET_ERROR"; 1210 goto err; 1211 } 1212 1213 /* Check that we get the same IV back */ 1214 if (expected->iv != NULL) { 1215 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ 1216 unsigned char iv[128]; 1217 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv))) 1218 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 1219 && !TEST_mem_eq(expected->iv, expected->iv_len, iv, 1220 expected->iv_len))) { 1221 t->err = "INVALID_IV"; 1222 goto err; 1223 } 1224 } 1225 1226 /* Test that the cipher dup functions correctly if it is supported */ 1227 ERR_set_mark(); 1228 if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) { 1229 if (fips_dupctx_supported) { 1230 TEST_info("Doing a copy of Cipher %s Fails!\n", 1231 EVP_CIPHER_get0_name(expected->cipher)); 1232 ERR_print_errors_fp(stderr); 1233 goto err; 1234 } else { 1235 TEST_info("Allowing copy fail as an old fips provider is in use."); 1236 } 1237 EVP_CIPHER_CTX_free(ctx); 1238 ctx = ctx_base; 1239 } else { 1240 EVP_CIPHER_CTX_free(ctx_base); 1241 ctx_base = NULL; 1242 } 1243 /* Likewise for dup */ 1244 duped = EVP_CIPHER_CTX_dup(ctx); 1245 if (duped != NULL) { 1246 EVP_CIPHER_CTX_free(ctx); 1247 ctx = duped; 1248 } else { 1249 if (fips_dupctx_supported) { 1250 TEST_info("Doing a dup of Cipher %s Fails!\n", 1251 EVP_CIPHER_get0_name(expected->cipher)); 1252 ERR_print_errors_fp(stderr); 1253 goto err; 1254 } else { 1255 TEST_info("Allowing dup fail as an old fips provider is in use."); 1256 } 1257 } 1258 ERR_pop_to_mark(); 1259 1260 if (expected->mac_key != NULL 1261 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, 1262 (int)expected->mac_key_len, 1263 (void *)expected->mac_key) 1264 <= 0) { 1265 t->err = "SET_MAC_KEY_ERROR"; 1266 goto err; 1267 } 1268 1269 if (expected->tls_version) { 1270 OSSL_PARAM params[2]; 1271 1272 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, 1273 &expected->tls_version); 1274 params[1] = OSSL_PARAM_construct_end(); 1275 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 1276 t->err = "SET_TLS_VERSION_ERROR"; 1277 goto err; 1278 } 1279 } 1280 1281 if (expected->aead == EVP_CIPH_CCM_MODE) { 1282 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { 1283 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; 1284 goto err; 1285 } 1286 } 1287 if (expected->aad[0] != NULL && !expected->tls_aad) { 1288 t->err = "AAD_SET_ERROR"; 1289 if (!frag) { 1290 /* Supply the data all in one go or according to data_chunk_size */ 1291 for (i = 0; expected->aad[i] != NULL; i++) { 1292 size_t aad_len = expected->aad_len[i]; 1293 donelen = 0; 1294 1295 do { 1296 size_t current_aad_len = (size_t)data_chunk_size; 1297 1298 if (data_chunk_size == 0 || (size_t)data_chunk_size > aad_len) 1299 current_aad_len = aad_len; 1300 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, 1301 expected->aad[i] + donelen, 1302 current_aad_len)) 1303 goto err; 1304 donelen += current_aad_len; 1305 aad_len -= current_aad_len; 1306 } while (aad_len > 0); 1307 } 1308 } else { 1309 /* Supply the AAD in chunks less than the block size where possible */ 1310 for (i = 0; expected->aad[i] != NULL; i++) { 1311 if (expected->aad_len[i] > 0) { 1312 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1)) 1313 goto err; 1314 donelen++; 1315 } 1316 if (expected->aad_len[i] > 2) { 1317 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, 1318 expected->aad[i] + donelen, 1319 expected->aad_len[i] - 2)) 1320 goto err; 1321 donelen += expected->aad_len[i] - 2; 1322 } 1323 if (expected->aad_len[i] > 1 1324 && !EVP_CipherUpdate(ctx, NULL, &chunklen, 1325 expected->aad[i] + donelen, 1)) 1326 goto err; 1327 } 1328 } 1329 } 1330 1331 if (expected->tls_aad) { 1332 OSSL_PARAM params[2]; 1333 char *tls_aad; 1334 1335 /* duplicate the aad as the implementation might modify it */ 1336 if ((tls_aad = OPENSSL_memdup(expected->aad[0], 1337 expected->aad_len[0])) 1338 == NULL) 1339 goto err; 1340 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, 1341 tls_aad, 1342 expected->aad_len[0]); 1343 params[1] = OSSL_PARAM_construct_end(); 1344 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 1345 OPENSSL_free(tls_aad); 1346 t->err = "TLS1_AAD_ERROR"; 1347 goto err; 1348 } 1349 OPENSSL_free(tls_aad); 1350 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) { 1351 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 1352 expected->tag_len, expected->tag) 1353 <= 0) { 1354 t->err = "TAG_SET_ERROR"; 1355 goto err; 1356 } 1357 } 1358 if (expected->xts_standard != NULL) { 1359 OSSL_PARAM params[2]; 1360 1361 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD, 1362 (char *)expected->xts_standard, 0); 1363 params[1] = OSSL_PARAM_construct_end(); 1364 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 1365 t->err = "SET_XTS_STANDARD_ERROR"; 1366 goto err; 1367 } 1368 } 1369 EVP_CIPHER_CTX_set_padding(ctx, 0); 1370 t->err = "CIPHERUPDATE_ERROR"; 1371 tmplen = 0; 1372 if (!frag) { 1373 do { 1374 /* Supply the data all in one go or according to data_chunk_size */ 1375 size_t current_in_len = (size_t)data_chunk_size; 1376 1377 if (data_chunk_size == 0 || (size_t)data_chunk_size > in_len) 1378 current_in_len = in_len; 1379 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 1380 in, current_in_len)) 1381 goto err; 1382 tmplen += chunklen; 1383 in += current_in_len; 1384 in_len -= current_in_len; 1385 } while (in_len > 0); 1386 } else { 1387 /* Supply the data in chunks less than the block size where possible */ 1388 if (in_len > 0) { 1389 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1)) 1390 goto err; 1391 tmplen += chunklen; 1392 in++; 1393 in_len--; 1394 } 1395 if (in_len > 1) { 1396 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 1397 in, in_len - 1)) 1398 goto err; 1399 tmplen += chunklen; 1400 in += in_len - 1; 1401 in_len = 1; 1402 } 1403 if (in_len > 0) { 1404 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 1405 in, 1)) 1406 goto err; 1407 tmplen += chunklen; 1408 } 1409 } 1410 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) { 1411 t->err = "CIPHERFINAL_ERROR"; 1412 goto err; 1413 } 1414 if (!cipher_check_fips_approved(ctx, t)) { 1415 t->err = "FIPSAPPROVED_ERROR"; 1416 goto err; 1417 } 1418 1419 if (!enc && expected->tls_aad) { 1420 if (expected->tls_version >= TLS1_1_VERSION 1421 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1") 1422 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) { 1423 tmplen -= expected->iv_len; 1424 expected_out += expected->iv_len; 1425 out_misalign += expected->iv_len; 1426 } 1427 if ((int)out_len > tmplen + tmpflen) 1428 out_len = tmplen + tmpflen; 1429 } 1430 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len, 1431 tmp + out_misalign, tmplen + tmpflen)) 1432 goto err; 1433 if (enc && expected->aead && !expected->tls_aad) { 1434 unsigned char rtag[48]; /* longest known for TLS_SHA384_SHA384 */ 1435 1436 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) { 1437 t->err = "TAG_LENGTH_INTERNAL_ERROR"; 1438 goto err; 1439 } 1440 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 1441 expected->tag_len, rtag) 1442 <= 0) { 1443 t->err = "TAG_RETRIEVE_ERROR"; 1444 goto err; 1445 } 1446 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH", 1447 expected->tag, expected->tag_len, 1448 rtag, expected->tag_len)) 1449 goto err; 1450 } 1451 /* Check the updated IV */ 1452 if (expected->next_iv != NULL) { 1453 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ 1454 unsigned char iv[128]; 1455 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 1456 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 1457 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv, 1458 expected->iv_len))) { 1459 t->err = "INVALID_NEXT_IV"; 1460 goto err; 1461 } 1462 } 1463 1464 t->err = NULL; 1465 ok = 1; 1466 err: 1467 OPENSSL_free(tmp); 1468 if (ctx != ctx_base) 1469 EVP_CIPHER_CTX_free(ctx_base); 1470 EVP_CIPHER_CTX_free(ctx); 1471 return ok; 1472 } 1473 1474 static int cipher_test_run(EVP_TEST *t) 1475 { 1476 CIPHER_DATA *cdat = t->data; 1477 int rv, frag, fragmax, in_place; 1478 size_t out_misalign, inp_misalign; 1479 OSSL_PARAM initparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 1480 size_t params_n = 0; 1481 1482 TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher)); 1483 if (!cdat->key) { 1484 t->err = "NO_KEY"; 1485 return 0; 1486 } 1487 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) { 1488 /* IV is optional and usually omitted in wrap mode */ 1489 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { 1490 t->err = "NO_IV"; 1491 return 0; 1492 } 1493 } 1494 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) { 1495 t->err = "NO_TAG"; 1496 return 0; 1497 } 1498 1499 if (sk_OPENSSL_STRING_num(cdat->init_controls) > 0) { 1500 if (!ctrl2params(t, cdat->init_controls, NULL, 1501 initparams, OSSL_NELEM(initparams), ¶ms_n)) 1502 return 0; 1503 } 1504 1505 fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1; 1506 for (in_place = 1; in_place >= 0; in_place--) { 1507 static char aux_err[64]; 1508 1509 t->aux_err = aux_err; 1510 /* Test only in-place data processing */ 1511 if (process_mode_in_place == 1 && in_place == 0) 1512 break; 1513 1514 for (frag = 0; frag <= fragmax; frag++) { 1515 if (frag == 1 && data_chunk_size != 0) 1516 break; 1517 for (out_misalign = 0; out_misalign <= 1; out_misalign++) { 1518 for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) { 1519 /* Skip input misalign tests for in-place processing */ 1520 if (inp_misalign == 1 && in_place == 1) 1521 break; 1522 if (in_place == 1) { 1523 BIO_snprintf(aux_err, sizeof(aux_err), 1524 "%s in-place, %sfragmented", 1525 out_misalign ? "misaligned" : "aligned", 1526 frag ? "" : "not "); 1527 } else { 1528 BIO_snprintf(aux_err, sizeof(aux_err), 1529 "%s output and %s input, %sfragmented", 1530 out_misalign ? "misaligned" : "aligned", 1531 inp_misalign ? "misaligned" : "aligned", 1532 frag ? "" : "not "); 1533 } 1534 if (cdat->enc) { 1535 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, 1536 frag, in_place, initparams); 1537 if (rv != 1) 1538 goto end; 1539 } 1540 if (cdat->enc != 1) { 1541 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, 1542 frag, in_place, initparams); 1543 if (rv != 1) 1544 goto end; 1545 } 1546 } 1547 } 1548 } 1549 } 1550 ctrl2params_free(initparams, params_n, 0); 1551 t->aux_err = NULL; 1552 return 1; 1553 end: 1554 ctrl2params_free(initparams, params_n, 0); 1555 return (rv < 0 ? 0 : 1); 1556 } 1557 1558 static const EVP_TEST_METHOD cipher_test_method = { 1559 "Cipher", 1560 cipher_test_init, 1561 cipher_test_cleanup, 1562 cipher_test_parse, 1563 cipher_test_run 1564 }; 1565 1566 /** 1567 ** MAC TESTS 1568 **/ 1569 1570 typedef struct mac_data_st { 1571 /* MAC type in one form or another */ 1572 char *mac_name; 1573 EVP_MAC *mac; /* for mac_test_run_mac */ 1574 int type; /* for mac_test_run_pkey */ 1575 /* Algorithm string for this MAC */ 1576 char *alg; 1577 /* MAC key */ 1578 unsigned char *key; 1579 size_t key_len; 1580 /* MAC IV (GMAC) */ 1581 unsigned char *iv; 1582 size_t iv_len; 1583 /* Input to MAC */ 1584 unsigned char *input; 1585 size_t input_len; 1586 /* Expected output */ 1587 unsigned char *output; 1588 size_t output_len; 1589 unsigned char *custom; 1590 size_t custom_len; 1591 /* MAC salt (blake2) */ 1592 unsigned char *salt; 1593 size_t salt_len; 1594 /* XOF mode? */ 1595 int xof; 1596 /* Reinitialization fails */ 1597 int no_reinit; 1598 /* Collection of controls */ 1599 STACK_OF(OPENSSL_STRING) *controls; 1600 /* Output size */ 1601 int output_size; 1602 /* Block size */ 1603 int block_size; 1604 } MAC_DATA; 1605 1606 static int mac_test_init(EVP_TEST *t, const char *alg) 1607 { 1608 EVP_MAC *mac = NULL; 1609 int type = NID_undef; 1610 MAC_DATA *mdat; 1611 1612 if (is_mac_disabled(alg)) { 1613 TEST_info("skipping, '%s' is disabled", alg); 1614 t->skip = 1; 1615 return 1; 1616 } 1617 if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) { 1618 /* 1619 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods 1620 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running 1621 * the EVP_PKEY method. 1622 */ 1623 size_t sz = strlen(alg); 1624 static const char epilogue[] = " by EVP_PKEY"; 1625 1626 if (sz >= sizeof(epilogue) 1627 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0) 1628 sz -= sizeof(epilogue) - 1; 1629 1630 if (strncmp(alg, "HMAC", sz) == 0) 1631 type = EVP_PKEY_HMAC; 1632 else if (strncmp(alg, "CMAC", sz) == 0) 1633 type = EVP_PKEY_CMAC; 1634 else if (strncmp(alg, "Poly1305", sz) == 0) 1635 type = EVP_PKEY_POLY1305; 1636 else if (strncmp(alg, "SipHash", sz) == 0) 1637 type = EVP_PKEY_SIPHASH; 1638 else 1639 return 0; 1640 } 1641 1642 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 1643 return 0; 1644 1645 mdat->type = type; 1646 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) { 1647 OPENSSL_free(mdat); 1648 return 0; 1649 } 1650 1651 mdat->mac = mac; 1652 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) { 1653 OPENSSL_free(mdat->mac_name); 1654 OPENSSL_free(mdat); 1655 return 0; 1656 } 1657 1658 mdat->output_size = mdat->block_size = -1; 1659 t->data = mdat; 1660 return 1; 1661 } 1662 1663 static void mac_test_cleanup(EVP_TEST *t) 1664 { 1665 MAC_DATA *mdat = t->data; 1666 1667 EVP_MAC_free(mdat->mac); 1668 OPENSSL_free(mdat->mac_name); 1669 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free); 1670 OPENSSL_free(mdat->alg); 1671 OPENSSL_free(mdat->key); 1672 OPENSSL_free(mdat->iv); 1673 OPENSSL_free(mdat->custom); 1674 OPENSSL_free(mdat->salt); 1675 OPENSSL_free(mdat->input); 1676 OPENSSL_free(mdat->output); 1677 } 1678 1679 static int mac_test_parse(EVP_TEST *t, 1680 const char *keyword, const char *value) 1681 { 1682 MAC_DATA *mdata = t->data; 1683 1684 if (strcmp(keyword, "Key") == 0) 1685 return parse_bin(value, &mdata->key, &mdata->key_len); 1686 if (strcmp(keyword, "IV") == 0) 1687 return parse_bin(value, &mdata->iv, &mdata->iv_len); 1688 if (strcmp(keyword, "Custom") == 0) 1689 return parse_bin(value, &mdata->custom, &mdata->custom_len); 1690 if (strcmp(keyword, "Salt") == 0) 1691 return parse_bin(value, &mdata->salt, &mdata->salt_len); 1692 if (strcmp(keyword, "Algorithm") == 0) { 1693 mdata->alg = OPENSSL_strdup(value); 1694 if (mdata->alg == NULL) 1695 return -1; 1696 return 1; 1697 } 1698 if (strcmp(keyword, "Input") == 0) 1699 return parse_bin(value, &mdata->input, &mdata->input_len); 1700 if (strcmp(keyword, "Output") == 0) 1701 return parse_bin(value, &mdata->output, &mdata->output_len); 1702 if (strcmp(keyword, "XOF") == 0) 1703 return mdata->xof = 1; 1704 if (strcmp(keyword, "NoReinit") == 0) 1705 return mdata->no_reinit = 1; 1706 if (strcmp(keyword, "Ctrl") == 0) 1707 return ctrladd(mdata->controls, value); 1708 if (strcmp(keyword, "OutputSize") == 0) { 1709 mdata->output_size = atoi(value); 1710 if (mdata->output_size < 0) 1711 return -1; 1712 return 1; 1713 } 1714 if (strcmp(keyword, "BlockSize") == 0) { 1715 mdata->block_size = atoi(value); 1716 if (mdata->block_size < 0) 1717 return -1; 1718 return 1; 1719 } 1720 return 0; 1721 } 1722 1723 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, 1724 const char *value) 1725 { 1726 int rv = 0; 1727 char *p, *tmpval; 1728 1729 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 1730 return 0; 1731 p = strchr(tmpval, ':'); 1732 if (p != NULL) { 1733 *p++ = '\0'; 1734 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 1735 } 1736 if (rv == -2) 1737 t->err = "PKEY_CTRL_INVALID"; 1738 else if (rv <= 0) 1739 t->err = "PKEY_CTRL_ERROR"; 1740 else 1741 rv = 1; 1742 OPENSSL_free(tmpval); 1743 return rv > 0; 1744 } 1745 1746 static int mac_test_run_pkey(EVP_TEST *t) 1747 { 1748 MAC_DATA *expected = t->data; 1749 EVP_MD_CTX *mctx = NULL; 1750 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; 1751 EVP_PKEY *key = NULL; 1752 const char *mdname = NULL; 1753 EVP_CIPHER *cipher = NULL; 1754 unsigned char *got = NULL; 1755 size_t got_len; 1756 int i; 1757 size_t input_len, donelen; 1758 1759 /* We don't do XOF mode via PKEY */ 1760 if (expected->xof) 1761 return 1; 1762 1763 if (expected->alg == NULL) 1764 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type)); 1765 else 1766 TEST_info("Trying the EVP_PKEY %s test with %s", 1767 OBJ_nid2sn(expected->type), expected->alg); 1768 1769 if (expected->type == EVP_PKEY_CMAC) { 1770 #ifdef OPENSSL_NO_DEPRECATED_3_0 1771 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg); 1772 t->skip = 1; 1773 t->err = NULL; 1774 goto err; 1775 #else 1776 OSSL_LIB_CTX *tmpctx; 1777 1778 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) { 1779 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg); 1780 t->skip = 1; 1781 t->err = NULL; 1782 goto err; 1783 } 1784 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) { 1785 t->err = "MAC_KEY_CREATE_ERROR"; 1786 goto err; 1787 } 1788 tmpctx = OSSL_LIB_CTX_set0_default(libctx); 1789 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, 1790 cipher); 1791 OSSL_LIB_CTX_set0_default(tmpctx); 1792 #endif 1793 } else { 1794 key = EVP_PKEY_new_raw_private_key_ex(libctx, 1795 OBJ_nid2sn(expected->type), NULL, 1796 expected->key, expected->key_len); 1797 } 1798 if (key == NULL) { 1799 t->err = "MAC_KEY_CREATE_ERROR"; 1800 goto err; 1801 } 1802 1803 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) { 1804 if (is_digest_disabled(expected->alg)) { 1805 TEST_info("skipping, HMAC '%s' is disabled", expected->alg); 1806 t->skip = 1; 1807 t->err = NULL; 1808 goto err; 1809 } 1810 mdname = expected->alg; 1811 } 1812 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) { 1813 t->err = "INTERNAL_ERROR"; 1814 goto err; 1815 } 1816 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) { 1817 t->err = "DIGESTSIGNINIT_ERROR"; 1818 goto err; 1819 } 1820 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) 1821 if (!mac_test_ctrl_pkey(t, pctx, 1822 sk_OPENSSL_STRING_value(expected->controls, 1823 i))) { 1824 t->err = "EVPPKEYCTXCTRL_ERROR"; 1825 goto err; 1826 } 1827 input_len = expected->input_len; 1828 donelen = 0; 1829 do { 1830 size_t current_len = (size_t)data_chunk_size; 1831 1832 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len) 1833 current_len = input_len; 1834 if (!EVP_DigestSignUpdate(mctx, expected->input + donelen, current_len)) { 1835 t->err = "DIGESTSIGNUPDATE_ERROR"; 1836 goto err; 1837 } 1838 donelen += current_len; 1839 input_len -= current_len; 1840 } while (input_len > 0); 1841 1842 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) { 1843 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 1844 goto err; 1845 } 1846 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1847 t->err = "TEST_FAILURE"; 1848 goto err; 1849 } 1850 if (!EVP_DigestSignFinal(mctx, got, &got_len) 1851 || !memory_err_compare(t, "TEST_MAC_ERR", 1852 expected->output, expected->output_len, 1853 got, got_len)) { 1854 t->err = "TEST_MAC_ERR"; 1855 goto err; 1856 } 1857 t->err = NULL; 1858 err: 1859 EVP_CIPHER_free(cipher); 1860 EVP_MD_CTX_free(mctx); 1861 OPENSSL_free(got); 1862 EVP_PKEY_CTX_free(genctx); 1863 EVP_PKEY_free(key); 1864 return 1; 1865 } 1866 1867 static int mac_test_run_mac(EVP_TEST *t) 1868 { 1869 MAC_DATA *expected = t->data; 1870 EVP_MAC_CTX *ctx = NULL; 1871 unsigned char *got = NULL; 1872 size_t got_len = 0, size = 0; 1873 size_t size_before_init = 0, size_after_init, size_val = 0; 1874 int block_size = -1, output_size = -1; 1875 OSSL_PARAM params[21], sizes[3], *psizes = sizes, *p; 1876 size_t params_n = 0; 1877 size_t params_n_allocstart = 0; 1878 const OSSL_PARAM *defined_params = EVP_MAC_settable_ctx_params(expected->mac); 1879 int xof; 1880 int reinit = 1; 1881 size_t input_len, donelen; 1882 1883 if (expected->alg == NULL) 1884 TEST_info("Trying the EVP_MAC %s test", expected->mac_name); 1885 else 1886 TEST_info("Trying the EVP_MAC %s test with %s", 1887 expected->mac_name, expected->alg); 1888 1889 if (expected->alg != NULL) { 1890 int skip = 0; 1891 1892 /* 1893 * The underlying algorithm may be a cipher or a digest. 1894 * We don't know which it is, but we can ask the MAC what it 1895 * should be and bet on that. 1896 */ 1897 if (OSSL_PARAM_locate_const(defined_params, 1898 OSSL_MAC_PARAM_CIPHER) 1899 != NULL) { 1900 if (is_cipher_disabled(expected->alg)) 1901 skip = 1; 1902 else 1903 params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, 1904 expected->alg, 0); 1905 } else if (OSSL_PARAM_locate_const(defined_params, 1906 OSSL_MAC_PARAM_DIGEST) 1907 != NULL) { 1908 if (is_digest_disabled(expected->alg)) 1909 skip = 1; 1910 else 1911 params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, 1912 expected->alg, 0); 1913 } else { 1914 t->err = "MAC_BAD_PARAMS"; 1915 goto err; 1916 } 1917 if (skip) { 1918 TEST_info("skipping, algorithm '%s' is disabled", expected->alg); 1919 t->skip = 1; 1920 t->err = NULL; 1921 goto err; 1922 } 1923 } 1924 if (expected->custom != NULL) 1925 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, 1926 expected->custom, 1927 expected->custom_len); 1928 if (expected->salt != NULL) 1929 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT, 1930 expected->salt, 1931 expected->salt_len); 1932 if (expected->iv != NULL) 1933 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, 1934 expected->iv, 1935 expected->iv_len); 1936 1937 params_n_allocstart = params_n; 1938 if (!ctrl2params(t, expected->controls, defined_params, 1939 params, OSSL_NELEM(params), ¶ms_n)) 1940 goto err; 1941 1942 p = OSSL_PARAM_locate(params + params_n_allocstart, "size"); 1943 if (p != NULL) { 1944 if (!OSSL_PARAM_get_size_t(p, &size_val)) 1945 goto err; 1946 } 1947 1948 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { 1949 t->err = "MAC_CREATE_ERROR"; 1950 goto err; 1951 } 1952 if (fips_provider_version_gt(libctx, 3, 2, 0)) { 1953 /* HMAC will put an error on the stack here (digest is not set yet) */ 1954 ERR_set_mark(); 1955 size_before_init = EVP_MAC_CTX_get_mac_size(ctx); 1956 ERR_pop_to_mark(); 1957 } 1958 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) { 1959 t->err = "MAC_INIT_ERROR"; 1960 goto err; 1961 } 1962 size_after_init = EVP_MAC_CTX_get_mac_size(ctx); 1963 if (!TEST_false(size_before_init == 0 && size_after_init == 0)) { 1964 t->err = "MAC SIZE not set"; 1965 goto err; 1966 } 1967 if (size_before_init != 0) { 1968 /* mac-size not modified by init params */ 1969 if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) { 1970 t->err = "MAC SIZE check failed"; 1971 goto err; 1972 } 1973 /* mac-size modified by init params */ 1974 if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) { 1975 t->err = "MAC SIZE check failed"; 1976 goto err; 1977 } 1978 } 1979 if (expected->output_size >= 0) 1980 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, 1981 &output_size); 1982 if (expected->block_size >= 0) 1983 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE, 1984 &block_size); 1985 if (psizes != sizes) { 1986 *psizes = OSSL_PARAM_construct_end(); 1987 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) { 1988 t->err = "INTERNAL_ERROR"; 1989 goto err; 1990 } 1991 if (expected->output_size >= 0 1992 && !TEST_int_eq(output_size, expected->output_size)) { 1993 t->err = "TEST_FAILURE"; 1994 goto err; 1995 } 1996 if (expected->block_size >= 0 1997 && !TEST_int_eq(block_size, expected->block_size)) { 1998 t->err = "TEST_FAILURE"; 1999 goto err; 2000 } 2001 } 2002 retry: 2003 input_len = expected->input_len; 2004 donelen = 0; 2005 do { 2006 size_t current_len = (size_t)data_chunk_size; 2007 2008 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len) 2009 current_len = input_len; 2010 if (!EVP_MAC_update(ctx, expected->input + donelen, current_len)) { 2011 t->err = "MAC_UPDATE_ERROR"; 2012 goto err; 2013 } 2014 donelen += current_len; 2015 input_len -= current_len; 2016 } while (input_len > 0); 2017 2018 xof = expected->xof; 2019 if (xof) { 2020 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) { 2021 t->err = "TEST_FAILURE"; 2022 goto err; 2023 } 2024 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len) 2025 || !memory_err_compare(t, "TEST_MAC_ERR", 2026 expected->output, expected->output_len, 2027 got, expected->output_len)) { 2028 t->err = "MAC_FINAL_ERROR"; 2029 goto err; 2030 } 2031 } else { 2032 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) { 2033 t->err = "MAC_FINAL_LENGTH_ERROR"; 2034 goto err; 2035 } 2036 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 2037 t->err = "TEST_FAILURE"; 2038 goto err; 2039 } 2040 if (!EVP_MAC_final(ctx, got, &got_len, got_len) 2041 || !memory_err_compare(t, "TEST_MAC_ERR", 2042 expected->output, expected->output_len, 2043 got, got_len)) { 2044 t->err = "TEST_MAC_ERR"; 2045 goto err; 2046 } 2047 if (!mac_check_fips_approved(ctx, t)) 2048 goto err; 2049 } 2050 /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */ 2051 if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) { 2052 OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2053 int ret; 2054 2055 /* If the MAC uses IV, we have to set it again */ 2056 if (expected->iv != NULL) { 2057 ivparams[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, 2058 expected->iv, 2059 expected->iv_len); 2060 ivparams[1] = OSSL_PARAM_construct_end(); 2061 } 2062 ERR_set_mark(); 2063 ret = EVP_MAC_init(ctx, NULL, 0, ivparams); 2064 if (expected->no_reinit) { 2065 if (ret) { 2066 ERR_clear_last_mark(); 2067 t->err = "MAC_REINIT_SHOULD_FAIL"; 2068 goto err; 2069 } 2070 } else if (ret) { 2071 ERR_clear_last_mark(); 2072 OPENSSL_free(got); 2073 got = NULL; 2074 goto retry; 2075 } else { 2076 ERR_clear_last_mark(); 2077 t->err = "MAC_REINIT_ERROR"; 2078 goto err; 2079 } 2080 /* If reinitialization fails, it is unsupported by the algorithm */ 2081 ERR_pop_to_mark(); 2082 } 2083 t->err = NULL; 2084 2085 /* Test the EVP_Q_mac interface as well */ 2086 if (!xof) { 2087 OPENSSL_cleanse(got, got_len); 2088 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL, 2089 expected->alg, params, 2090 expected->key, expected->key_len, 2091 expected->input, expected->input_len, 2092 got, got_len, &size)) 2093 || !TEST_mem_eq(got, size, 2094 expected->output, expected->output_len)) { 2095 t->err = "EVP_Q_mac failed"; 2096 goto err; 2097 } 2098 } 2099 err: 2100 ctrl2params_free(params, params_n, params_n_allocstart); 2101 EVP_MAC_CTX_free(ctx); 2102 OPENSSL_free(got); 2103 return 1; 2104 } 2105 2106 static int mac_test_run(EVP_TEST *t) 2107 { 2108 MAC_DATA *expected = t->data; 2109 2110 if (expected->mac != NULL) 2111 return mac_test_run_mac(t); 2112 return mac_test_run_pkey(t); 2113 } 2114 2115 static const EVP_TEST_METHOD mac_test_method = { 2116 "MAC", 2117 mac_test_init, 2118 mac_test_cleanup, 2119 mac_test_parse, 2120 mac_test_run 2121 }; 2122 2123 typedef struct kem_data_st { 2124 /* Context for this operation */ 2125 EVP_PKEY_CTX *ctx; 2126 const char *op; 2127 /* Input to decapsulate */ 2128 unsigned char *input; 2129 size_t inputlen; 2130 /* Expected secret */ 2131 unsigned char *output; 2132 size_t outputlen; 2133 STACK_OF(OPENSSL_STRING) *init_ctrls; 2134 /* Algorithm name */ 2135 char *algname; 2136 /* Name of previously generated key */ 2137 char *keyname; 2138 /* Encoded public key */ 2139 unsigned char *encoded_pub_key; 2140 size_t encoded_pub_key_len; 2141 /* Encoded private key */ 2142 unsigned char *encoded_priv_key; 2143 size_t encoded_priv_key_len; 2144 /* Entropy for encapsulation */ 2145 unsigned char *entropy; 2146 size_t entropylen; 2147 /* Ciphertext */ 2148 unsigned char *ciphertext; 2149 size_t ciphertext_len; 2150 } KEM_DATA; 2151 2152 static int kem_test_init(EVP_TEST *t, const char *alg) 2153 { 2154 KEM_DATA *kdata = NULL; 2155 EVP_PKEY *pkey = NULL; 2156 2157 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))) 2158 || !TEST_ptr(kdata->algname = OPENSSL_strdup(alg))) 2159 goto err; 2160 2161 kdata->init_ctrls = sk_OPENSSL_STRING_new_null(); 2162 t->data = kdata; 2163 return 1; 2164 err: 2165 EVP_PKEY_free(pkey); 2166 OPENSSL_free(kdata); 2167 return 0; 2168 } 2169 2170 static void kem_test_cleanup(EVP_TEST *t) 2171 { 2172 KEM_DATA *kdata = t->data; 2173 2174 ctrlfree(kdata->init_ctrls); 2175 OPENSSL_free(kdata->input); 2176 OPENSSL_free(kdata->output); 2177 OPENSSL_free(kdata->algname); 2178 OPENSSL_free(kdata->keyname); 2179 OPENSSL_free(kdata->encoded_pub_key); 2180 OPENSSL_free(kdata->encoded_priv_key); 2181 OPENSSL_free(kdata->entropy); 2182 OPENSSL_free(kdata->ciphertext); 2183 EVP_PKEY_CTX_free(kdata->ctx); 2184 } 2185 2186 static int kem_test_parse(EVP_TEST *t, const char *keyword, const char *value) 2187 { 2188 KEM_DATA *kdata = t->data; 2189 2190 if (strcmp(keyword, "Op") == 0) { 2191 kdata->op = value; 2192 return 1; 2193 } 2194 if (strcmp(keyword, "CtrlInit") == 0) 2195 return ctrladd(kdata->init_ctrls, value); 2196 if (strcmp(keyword, "Input") == 0) 2197 return parse_bin(value, &kdata->input, &kdata->inputlen); 2198 if (strcmp(keyword, "Output") == 0) 2199 return parse_bin(value, &kdata->output, &kdata->outputlen); 2200 if (strcmp(keyword, "EncodedPublicKey") == 0) 2201 return parse_bin(value, &kdata->encoded_pub_key, 2202 &kdata->encoded_pub_key_len); 2203 if (strcmp(keyword, "EncodedPrivateKey") == 0) 2204 return parse_bin(value, &kdata->encoded_priv_key, 2205 &kdata->encoded_priv_key_len); 2206 if (strcmp(keyword, "Entropy") == 0) 2207 return parse_bin(value, &kdata->entropy, &kdata->entropylen); 2208 if (strcmp(keyword, "Ciphertext") == 0) 2209 return parse_bin(value, &kdata->ciphertext, &kdata->ciphertext_len); 2210 if (strcmp(keyword, "KeyName") == 0) 2211 return TEST_ptr(kdata->keyname = OPENSSL_strdup(value)); 2212 return 1; 2213 } 2214 2215 static int encapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op, 2216 unsigned char **outwrapped, size_t *outwrappedlen, 2217 unsigned char **outsecret, size_t *outsecretlen) 2218 { 2219 int ret = 0; 2220 KEM_DATA *kdata = t->data; 2221 unsigned char *wrapped = NULL, *secret = NULL; 2222 size_t wrappedlen = 0, secretlen = 0; 2223 OSSL_PARAM params[10]; 2224 size_t params_n = 0; 2225 /* Reserve space for the terminator and possibly IKME */ 2226 const size_t params_max = OSSL_NELEM(params) - 1 - (kdata->entropy != NULL); 2227 2228 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) 2229 if (!ctrl2params(t, kdata->init_ctrls, NULL, params, params_max, 2230 ¶ms_n)) 2231 goto err; 2232 2233 /* We don't expect very many controls here */ 2234 if (!TEST_size_t_lt(params_n, params_max)) 2235 goto err; 2236 2237 if (kdata->entropy != NULL) 2238 /* Input key material a.k.a entropy */ 2239 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME, 2240 kdata->entropy, 2241 kdata->entropylen); 2242 params[params_n] = OSSL_PARAM_construct_end(); 2243 2244 if (EVP_PKEY_encapsulate_init(ctx, params) <= 0) { 2245 t->err = "TEST_ENCAPSULATE_INIT_ERROR"; 2246 goto ok; 2247 } 2248 2249 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) { 2250 t->err = "TEST_SET_KEM_OP_ERROR"; 2251 goto ok; 2252 } 2253 if (EVP_PKEY_encapsulate(ctx, NULL, &wrappedlen, NULL, &secretlen) <= 0) { 2254 t->err = "TEST_ENCAPSULATE_LEN_ERROR"; 2255 goto ok; 2256 } 2257 wrapped = OPENSSL_malloc(wrappedlen); 2258 secret = OPENSSL_malloc(secretlen); 2259 if (!TEST_ptr(wrapped) || !TEST_ptr(secret)) { 2260 ret = 0; 2261 goto err; 2262 } 2263 if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0) { 2264 t->err = "TEST_ENCAPSULATE_ERROR"; 2265 goto ok; 2266 } 2267 ret = pkey_check_fips_approved(ctx, t); 2268 2269 if (kdata->ciphertext != NULL 2270 && !TEST_mem_eq(wrapped, wrappedlen, kdata->ciphertext, kdata->ciphertext_len)) { 2271 ret = 0; 2272 goto err; 2273 } 2274 2275 if (kdata->output != NULL 2276 && !TEST_mem_eq(secret, secretlen, kdata->output, kdata->outputlen)) { 2277 ret = 0; 2278 goto err; 2279 } 2280 2281 if (ret == 0) 2282 goto err; 2283 2284 t->err = NULL; 2285 *outwrapped = wrapped; 2286 *outsecret = secret; 2287 *outwrappedlen = wrappedlen; 2288 *outsecretlen = secretlen; 2289 ok: 2290 ret = 1; 2291 err: 2292 if (ret == 0) { 2293 OPENSSL_free(wrapped); 2294 OPENSSL_free(secret); 2295 } 2296 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) 2297 ctrl2params_free(params, params_n, 0); 2298 return ret; 2299 } 2300 2301 static int decapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op, 2302 const unsigned char *in, size_t inlen, 2303 const unsigned char *expected, size_t expectedlen) 2304 { 2305 int ret = 0; 2306 KEM_DATA *kdata = t->data; 2307 size_t outlen = 0; 2308 unsigned char *out = NULL; 2309 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2310 OSSL_PARAM *p = NULL; 2311 size_t params_n = 0, params_n_allocated = 0; 2312 2313 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) { 2314 if (!ctrl2params(t, kdata->init_ctrls, NULL, 2315 params, 2, ¶ms_n)) 2316 goto err; 2317 p = params; 2318 } 2319 2320 if (EVP_PKEY_decapsulate_init(ctx, p) <= 0) { 2321 t->err = "TEST_DECAPSULATE_INIT_ERROR"; 2322 goto ok; 2323 } 2324 2325 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) { 2326 t->err = "TEST_SET_KEM_OP_ERROR"; 2327 goto ok; 2328 } 2329 if (EVP_PKEY_decapsulate(ctx, NULL, &outlen, in, inlen) <= 0) { 2330 t->err = "TEST_DECAPSULATE_LEN_ERROR"; 2331 goto ok; 2332 } 2333 if (!TEST_ptr(out = OPENSSL_malloc(outlen))) { 2334 ret = 0; 2335 goto err; 2336 } 2337 2338 if (EVP_PKEY_decapsulate(ctx, out, &outlen, in, inlen) <= 0) { 2339 t->err = "TEST_DECAPSULATE_ERROR"; 2340 goto err; 2341 } 2342 if (!TEST_mem_eq(out, outlen, expected, expectedlen)) { 2343 t->err = "TEST_SECRET_MISMATCH"; 2344 goto ok; 2345 } 2346 t->err = NULL; 2347 ok: 2348 ret = 1; 2349 err: 2350 OPENSSL_free(out); 2351 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) 2352 ctrl2params_free(params, params_n, params_n_allocated); 2353 return ret; 2354 } 2355 2356 static int kem_test_run(EVP_TEST *t) 2357 { 2358 int ret = 0, found_key = 0; 2359 EVP_PKEY *pkey = NULL; 2360 KEM_DATA *kdata = t->data; 2361 unsigned char *wrapped = NULL, *secret = NULL; 2362 2363 /* Generate either public or private key based on given params */ 2364 if (kdata->keyname != NULL) { 2365 /* Previously generated private key */ 2366 found_key = find_key(&pkey, kdata->keyname, private_keys); 2367 if (found_key == 0 || pkey == NULL) { 2368 TEST_info("skipping, key '%s' is disabled", kdata->keyname); 2369 t->skip = 1; 2370 goto ok; 2371 } 2372 } else if (kdata->encoded_pub_key != NULL) { 2373 /* Encoded public key */ 2374 if ((pkey = EVP_PKEY_new_raw_public_key_ex(libctx, kdata->algname, 2375 propquery, 2376 kdata->encoded_pub_key, 2377 kdata->encoded_pub_key_len)) 2378 == NULL) { 2379 t->err = "TEST_PARSE_PUBLIC_KEY_ERROR"; 2380 goto ok; 2381 } 2382 } else if (kdata->encoded_priv_key != NULL) { 2383 /* Encoded private key */ 2384 if ((pkey = EVP_PKEY_new_raw_private_key_ex(libctx, kdata->algname, 2385 propquery, 2386 kdata->encoded_priv_key, 2387 kdata->encoded_priv_key_len)) 2388 == NULL) { 2389 t->err = "TEST_PARSE_PRIVATE_KEY_ERROR"; 2390 goto ok; 2391 } 2392 } else { 2393 TEST_info("Missing parameters to create key"); 2394 goto err; 2395 } 2396 2397 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) 2398 goto err; 2399 2400 if (kdata->input == NULL) { 2401 size_t wrappedlen = 0, secretlen = 0; 2402 2403 ret = encapsulate(t, kdata->ctx, kdata->op, &wrapped, &wrappedlen, 2404 &secret, &secretlen); 2405 if (ret == 0 || t->err != NULL) 2406 goto err; 2407 2408 /* Also attempt to decrypt if we have the private key */ 2409 if (found_key || kdata->encoded_priv_key != NULL) 2410 ret = decapsulate(t, kdata->ctx, kdata->op, wrapped, wrappedlen, 2411 secret, secretlen); 2412 } else { 2413 ret = decapsulate(t, kdata->ctx, kdata->op, kdata->input, kdata->inputlen, 2414 kdata->output, kdata->outputlen); 2415 } 2416 2417 ok: 2418 ret = 1; 2419 err: 2420 if (!found_key) 2421 EVP_PKEY_free(pkey); 2422 OPENSSL_free(wrapped); 2423 OPENSSL_free(secret); 2424 return ret; 2425 } 2426 2427 static const EVP_TEST_METHOD pkey_kem_test_method = { 2428 "Kem", 2429 kem_test_init, 2430 kem_test_cleanup, 2431 kem_test_parse, 2432 kem_test_run 2433 }; 2434 2435 /** 2436 ** PUBLIC KEY TESTS 2437 ** These are all very similar and share much common code. 2438 **/ 2439 2440 typedef struct pkey_data_st { 2441 /* Context for this operation */ 2442 EVP_PKEY_CTX *ctx; 2443 /* Signature algo for such operations */ 2444 EVP_SIGNATURE *sigalgo; 2445 /* Key operation to perform */ 2446 int (*keyopinit)(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); 2447 int (*keyopinit_ex2)(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *algo, 2448 const OSSL_PARAM params[]); 2449 int (*keyop)(EVP_PKEY_CTX *ctx, 2450 unsigned char *sig, size_t *siglen, 2451 const unsigned char *tbs, size_t tbslen); 2452 /* Input to MAC */ 2453 unsigned char *input; 2454 size_t input_len; 2455 /* Expected output */ 2456 unsigned char *output; 2457 size_t output_len; 2458 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 2459 STACK_OF(OPENSSL_STRING) *controls; /* collection of controls */ 2460 EVP_PKEY *peer; 2461 int validate; 2462 } PKEY_DATA; 2463 2464 /* 2465 * Perform public key operation setup: lookup key, allocated ctx and call 2466 * the appropriate initialisation function 2467 */ 2468 static int pkey_test_init_keyctx(EVP_TEST *t, const char *keyname, 2469 int use_public) 2470 { 2471 PKEY_DATA *kdata; 2472 EVP_PKEY *pkey = NULL; 2473 int rv = 0; 2474 2475 if (use_public) 2476 rv = find_key(&pkey, keyname, public_keys); 2477 if (rv == 0) 2478 rv = find_key(&pkey, keyname, private_keys); 2479 if (rv == 0 || pkey == NULL) { 2480 TEST_info("skipping, key '%s' is disabled", keyname); 2481 t->skip = 1; 2482 return 1; 2483 } 2484 2485 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) { 2486 EVP_PKEY_free(pkey); 2487 return 0; 2488 } 2489 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) { 2490 EVP_PKEY_free(pkey); 2491 OPENSSL_free(kdata); 2492 return 0; 2493 } 2494 t->data = kdata; 2495 return 1; 2496 } 2497 2498 static int pkey_test_init(EVP_TEST *t, const char *name, 2499 int use_public, 2500 int (*keyopinit)(EVP_PKEY_CTX *ctx, 2501 const OSSL_PARAM params[]), 2502 int (*keyop)(EVP_PKEY_CTX *ctx, 2503 unsigned char *sig, size_t *siglen, 2504 const unsigned char *tbs, 2505 size_t tbslen)) 2506 { 2507 PKEY_DATA *kdata = NULL; 2508 int rv = 0; 2509 2510 rv = pkey_test_init_keyctx(t, name, use_public); 2511 if (t->skip || !rv) 2512 return rv; 2513 kdata = t->data; 2514 kdata->keyopinit = keyopinit; 2515 kdata->keyop = keyop; 2516 kdata->init_controls = sk_OPENSSL_STRING_new_null(); 2517 kdata->controls = sk_OPENSSL_STRING_new_null(); 2518 return 1; 2519 } 2520 2521 static int pkey_test_init_ex2(EVP_TEST *t, const char *name, 2522 int use_public, 2523 int (*keyopinit)(EVP_PKEY_CTX *ctx, 2524 EVP_SIGNATURE *algo, 2525 const OSSL_PARAM param[]), 2526 int (*keyop)(EVP_PKEY_CTX *ctx, 2527 unsigned char *sig, size_t *siglen, 2528 const unsigned char *tbs, 2529 size_t tbslen)) 2530 { 2531 PKEY_DATA *kdata = NULL; 2532 int rv = 0; 2533 char algoname[OSSL_MAX_NAME_SIZE + 1]; 2534 const char *p; 2535 2536 if ((p = strchr(name, ':')) == NULL 2537 || p == name || p[1] == '\0' || p - name > OSSL_MAX_NAME_SIZE) { 2538 TEST_info("Can't extract algorithm or key name from '%s'", name); 2539 return 0; 2540 } 2541 memcpy(algoname, name, p - name); 2542 algoname[p - name] = '\0'; 2543 2544 if (is_pkey_disabled(algoname)) { 2545 t->skip = 1; 2546 return 1; 2547 } 2548 2549 rv = pkey_test_init_keyctx(t, /* keyname */ p + 1, use_public); 2550 if (t->skip || !rv) 2551 return rv; 2552 kdata = t->data; 2553 kdata->keyopinit_ex2 = keyopinit; 2554 kdata->keyop = keyop; 2555 if (!TEST_ptr(kdata->sigalgo 2556 = EVP_SIGNATURE_fetch(libctx, algoname, propquery))) { 2557 TEST_info("algoname = '%s'", algoname); 2558 return 0; 2559 } 2560 kdata->init_controls = sk_OPENSSL_STRING_new_null(); 2561 kdata->controls = sk_OPENSSL_STRING_new_null(); 2562 return 1; 2563 } 2564 2565 static void pkey_test_cleanup(EVP_TEST *t) 2566 { 2567 PKEY_DATA *kdata = t->data; 2568 2569 ctrlfree(kdata->init_controls); 2570 ctrlfree(kdata->controls); 2571 OPENSSL_free(kdata->input); 2572 OPENSSL_free(kdata->output); 2573 EVP_PKEY_CTX_free(kdata->ctx); 2574 EVP_SIGNATURE_free(kdata->sigalgo); 2575 } 2576 2577 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, 2578 const char *value) 2579 { 2580 int rv = 0; 2581 char *p, *tmpval; 2582 2583 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 2584 return 0; 2585 p = strchr(tmpval, ':'); 2586 if (p != NULL) { 2587 *p++ = '\0'; 2588 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 2589 } 2590 if (rv == -2) { 2591 t->err = "PKEY_CTRL_INVALID"; 2592 rv = 1; 2593 } else if (p != NULL && rv <= 0) { 2594 if (is_digest_disabled(p) || is_cipher_disabled(p)) { 2595 TEST_info("skipping, '%s' is disabled", p); 2596 t->skip = 1; 2597 rv = 1; 2598 } else { 2599 t->err = "PKEY_CTRL_ERROR"; 2600 rv = 1; 2601 } 2602 } 2603 OPENSSL_free(tmpval); 2604 return rv > 0; 2605 } 2606 2607 static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls, 2608 const char *value) 2609 { 2610 char *p; 2611 2612 if (controls == NULL) 2613 return 0; 2614 2615 p = strchr(value, ':'); 2616 if (p == NULL) 2617 return 0; 2618 p++; 2619 if (is_digest_disabled(p) || is_cipher_disabled(p)) { 2620 TEST_info("skipping, '%s' is disabled", p); 2621 t->skip = 1; 2622 return 1; 2623 } 2624 2625 return ctrladd(controls, value) > 0; 2626 } 2627 2628 static int pkey_test_parse(EVP_TEST *t, 2629 const char *keyword, const char *value) 2630 { 2631 PKEY_DATA *kdata = t->data; 2632 if (strcmp(keyword, "Input") == 0) 2633 return parse_bin(value, &kdata->input, &kdata->input_len); 2634 if (strcmp(keyword, "Output") == 0) 2635 return parse_bin(value, &kdata->output, &kdata->output_len); 2636 if (strcmp(keyword, "CtrlInit") == 0) 2637 return ctrladd(kdata->init_controls, value); 2638 if (strcmp(keyword, "Ctrl") == 0) 2639 return pkey_add_control(t, kdata->controls, value); 2640 return 0; 2641 } 2642 2643 static int pkey_test_run_init(EVP_TEST *t) 2644 { 2645 PKEY_DATA *data = t->data; 2646 int i, ret = 0; 2647 OSSL_PARAM params[5] = { 2648 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, 2649 OSSL_PARAM_END, OSSL_PARAM_END 2650 }; 2651 OSSL_PARAM *p = NULL; 2652 size_t params_n = 0, params_n_allocstart = 0; 2653 2654 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) { 2655 if (!ctrl2params(t, data->init_controls, 2656 NULL, 2657 params, OSSL_NELEM(params), ¶ms_n)) 2658 goto err; 2659 p = params; 2660 } 2661 if (data->keyopinit != NULL) { 2662 if (data->keyopinit(data->ctx, p) <= 0) { 2663 t->err = "KEYOP_INIT_ERROR"; 2664 goto err; 2665 } 2666 } else if (data->keyopinit_ex2 != NULL) { 2667 if (data->keyopinit_ex2(data->ctx, data->sigalgo, p) <= 0) { 2668 t->err = "KEYOP_INIT_ERROR"; 2669 goto err; 2670 } 2671 } else { 2672 t->err = "KEYOP_INIT_ERROR"; 2673 goto err; 2674 } 2675 2676 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) { 2677 char *value = sk_OPENSSL_STRING_value(data->controls, i); 2678 2679 if (!pkey_test_ctrl(t, data->ctx, value) || t->err != NULL) 2680 goto err; 2681 } 2682 ret = 1; 2683 err: 2684 ctrl2params_free(params, params_n, params_n_allocstart); 2685 return ret; 2686 } 2687 2688 static int pkey_test_run(EVP_TEST *t) 2689 { 2690 PKEY_DATA *expected = t->data; 2691 unsigned char *got = NULL; 2692 size_t got_len; 2693 EVP_PKEY_CTX *copy = NULL; 2694 2695 if (!pkey_test_run_init(t)) 2696 goto err; 2697 2698 /* Make a copy of the EVP_PKEY context, for repeat use further down */ 2699 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { 2700 t->err = "INTERNAL_ERROR"; 2701 goto err; 2702 } 2703 2704 if (expected->keyop(expected->ctx, NULL, &got_len, 2705 expected->input, expected->input_len) 2706 <= 0 2707 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { 2708 t->err = "KEYOP_LENGTH_ERROR"; 2709 goto err; 2710 } 2711 if (expected->keyop(expected->ctx, got, &got_len, 2712 expected->input, expected->input_len) 2713 <= 0) { 2714 t->err = "KEYOP_ERROR"; 2715 goto err; 2716 } 2717 2718 if (!memory_err_compare(t, "KEYOP_MISMATCH", 2719 expected->output, expected->output_len, 2720 got, got_len)) 2721 goto err; 2722 2723 t->err = NULL; 2724 OPENSSL_free(got); 2725 got = NULL; 2726 2727 /* Repeat the test on the EVP_PKEY context copy. */ 2728 if (expected->keyop(copy, NULL, &got_len, expected->input, 2729 expected->input_len) 2730 <= 0 2731 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { 2732 t->err = "KEYOP_LENGTH_ERROR"; 2733 goto err; 2734 } 2735 if (expected->keyop(copy, got, &got_len, expected->input, 2736 expected->input_len) 2737 <= 0) { 2738 t->err = "KEYOP_ERROR"; 2739 goto err; 2740 } 2741 if (!memory_err_compare(t, "KEYOP_MISMATCH", 2742 expected->output, expected->output_len, 2743 got, got_len)) 2744 goto err; 2745 2746 if (pkey_check_fips_approved(expected->ctx, t) <= 0) 2747 goto err; 2748 2749 err: 2750 OPENSSL_free(got); 2751 EVP_PKEY_CTX_free(copy); 2752 return 1; 2753 } 2754 2755 static int pkey_fromdata_test_init(EVP_TEST *t, const char *name) 2756 { 2757 PKEY_DATA *kdata = NULL; 2758 2759 if (is_pkey_disabled(name)) { 2760 TEST_info("skipping, '%s' is disabled", name); 2761 t->skip = 1; 2762 return 1; 2763 } 2764 2765 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 2766 return 0; 2767 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, ""); 2768 if (kdata->ctx == NULL) 2769 goto err; 2770 if (EVP_PKEY_fromdata_init(kdata->ctx) <= 0) 2771 goto err; 2772 kdata->controls = sk_OPENSSL_STRING_new_null(); 2773 if (kdata->controls == NULL) 2774 goto err; 2775 t->data = kdata; 2776 return 1; 2777 err: 2778 EVP_PKEY_CTX_free(kdata->ctx); 2779 OPENSSL_free(kdata); 2780 return 0; 2781 } 2782 2783 static void pkey_fromdata_test_cleanup(EVP_TEST *t) 2784 { 2785 PKEY_DATA *kdata = t->data; 2786 2787 ctrlfree(kdata->controls); 2788 EVP_PKEY_CTX_free(kdata->ctx); 2789 } 2790 2791 static int pkey_fromdata_test_parse(EVP_TEST *t, 2792 const char *keyword, const char *value) 2793 { 2794 PKEY_DATA *kdata = t->data; 2795 2796 if (strcmp(keyword, "Ctrl") == 0) 2797 return pkey_add_control(t, kdata->controls, value); 2798 return 0; 2799 } 2800 2801 static int pkey_fromdata_test_run(EVP_TEST *t) 2802 { 2803 EVP_PKEY *key = NULL; 2804 PKEY_DATA *kdata = t->data; 2805 int ret = 0; 2806 static const OSSL_PARAM key_settable_ctx_params[] = { 2807 OSSL_PARAM_octet_string("priv", NULL, 0), 2808 OSSL_PARAM_octet_string("pub", NULL, 0), 2809 OSSL_PARAM_END 2810 }; 2811 OSSL_PARAM params[5] = { 2812 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, 2813 OSSL_PARAM_END, OSSL_PARAM_END 2814 }; 2815 OSSL_PARAM *p = NULL; 2816 size_t params_n = 0, params_n_allocstart = 0; 2817 2818 if (sk_OPENSSL_STRING_num(kdata->controls) > 0) { 2819 if (!ctrl2params(t, kdata->controls, key_settable_ctx_params, 2820 params, OSSL_NELEM(params), ¶ms_n)) 2821 goto err; 2822 p = params; 2823 } 2824 2825 ret = 1; 2826 if (EVP_PKEY_fromdata(kdata->ctx, &key, EVP_PKEY_KEYPAIR, p) <= 0) { 2827 t->err = "KEY_FROMDATA_ERROR"; 2828 goto err; 2829 } 2830 err: 2831 ctrl2params_free(params, params_n, params_n_allocstart); 2832 EVP_PKEY_free(key); 2833 return ret; 2834 } 2835 2836 static const EVP_TEST_METHOD pkey_fromdata_test_method = { 2837 "KeyFromData", 2838 pkey_fromdata_test_init, 2839 pkey_fromdata_test_cleanup, 2840 pkey_fromdata_test_parse, 2841 pkey_fromdata_test_run 2842 }; 2843 2844 /* 2845 * "Sign" implies EVP_PKEY_sign_init_ex2() if the argument is a colon-separated 2846 * pair, {algorithm}:{key}. If not, it implies EVP_PKEY_sign_init_ex() 2847 */ 2848 static int sign_test_init(EVP_TEST *t, const char *name) 2849 { 2850 if (strchr(name, ':') != NULL) 2851 return pkey_test_init_ex2(t, name, 0, 2852 EVP_PKEY_sign_init_ex2, EVP_PKEY_sign); 2853 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init_ex, EVP_PKEY_sign); 2854 } 2855 2856 static const EVP_TEST_METHOD psign_test_method = { 2857 "Sign", 2858 sign_test_init, 2859 pkey_test_cleanup, 2860 pkey_test_parse, 2861 pkey_test_run 2862 }; 2863 2864 /* 2865 * "Sign-Message" is like "Sign", but uses EVP_PKEY_sign_message_init() 2866 * The argument must be a colon separated pair, {algorithm}:{key} 2867 */ 2868 static int sign_test_message_init(EVP_TEST *t, const char *name) 2869 { 2870 return pkey_test_init_ex2(t, name, 0, 2871 EVP_PKEY_sign_message_init, EVP_PKEY_sign); 2872 } 2873 2874 static const EVP_TEST_METHOD psign_message_test_method = { 2875 "Sign-Message", 2876 sign_test_message_init, 2877 pkey_test_cleanup, 2878 pkey_test_parse, 2879 pkey_test_run 2880 }; 2881 2882 /* 2883 * "VerifyRecover" implies EVP_PKEY_verify_recover_init_ex2() if the argument is a 2884 * colon-separated pair, {algorithm}:{key}. 2885 * If not, it implies EVP_PKEY_verify_recover_init_ex() 2886 */ 2887 static int verify_recover_test_init(EVP_TEST *t, const char *name) 2888 { 2889 if (strchr(name, ':') != NULL) 2890 return pkey_test_init_ex2(t, name, 1, 2891 EVP_PKEY_verify_recover_init_ex2, 2892 EVP_PKEY_verify_recover); 2893 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init_ex, 2894 EVP_PKEY_verify_recover); 2895 } 2896 2897 static const EVP_TEST_METHOD pverify_recover_test_method = { 2898 "VerifyRecover", 2899 verify_recover_test_init, 2900 pkey_test_cleanup, 2901 pkey_test_parse, 2902 pkey_test_run 2903 }; 2904 2905 static int decrypt_test_init(EVP_TEST *t, const char *name) 2906 { 2907 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init_ex, 2908 EVP_PKEY_decrypt); 2909 } 2910 2911 static const EVP_TEST_METHOD pdecrypt_test_method = { 2912 "Decrypt", 2913 decrypt_test_init, 2914 pkey_test_cleanup, 2915 pkey_test_parse, 2916 pkey_test_run 2917 }; 2918 2919 /* 2920 * "Verify" implies EVP_PKEY_verify_init_ex2() if the argument is a 2921 * colon-separated pair, {algorithm}:{key}. 2922 * If not, it implies EVP_PKEY_verify_init_ex() 2923 */ 2924 static int verify_test_init(EVP_TEST *t, const char *name) 2925 { 2926 if (strchr(name, ':') != NULL) 2927 return pkey_test_init_ex2(t, name, 1, 2928 EVP_PKEY_verify_init_ex2, NULL); 2929 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init_ex, NULL); 2930 } 2931 2932 static int verify_test_run(EVP_TEST *t) 2933 { 2934 int ret = 1; 2935 PKEY_DATA *kdata = t->data; 2936 2937 if (!pkey_test_run_init(t)) 2938 goto err; 2939 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, 2940 kdata->input, kdata->input_len) 2941 <= 0) { 2942 t->err = "VERIFY_ERROR"; 2943 goto err; 2944 } 2945 if (!pkey_check_fips_approved(kdata->ctx, t)) 2946 ret = 0; 2947 err: 2948 return ret; 2949 } 2950 2951 static const EVP_TEST_METHOD pverify_test_method = { 2952 "Verify", 2953 verify_test_init, 2954 pkey_test_cleanup, 2955 pkey_test_parse, 2956 verify_test_run 2957 }; 2958 2959 /* 2960 * "Verify-Message" is like "Verify", but uses EVP_PKEY_verify_message_init() 2961 * The argument must be a colon separated pair, {algorithm}:{key} 2962 */ 2963 static int verify_message_test_init(EVP_TEST *t, const char *name) 2964 { 2965 return pkey_test_init_ex2(t, name, 0, 2966 EVP_PKEY_verify_message_init, NULL); 2967 } 2968 2969 static const EVP_TEST_METHOD pverify_message_test_method = { 2970 "Verify-Message", 2971 verify_message_test_init, 2972 pkey_test_cleanup, 2973 pkey_test_parse, 2974 verify_test_run 2975 }; 2976 2977 /* 2978 * "Verify-Message-Public" is like "Verify-Message", but uses a public key 2979 * instead of a private key. 2980 * The argument must be a colon separated pair, {algorithm}:{key} 2981 */ 2982 static int verify_message_public_test_init(EVP_TEST *t, const char *name) 2983 { 2984 return pkey_test_init_ex2(t, name, 1, 2985 EVP_PKEY_verify_message_init, NULL); 2986 } 2987 2988 static const EVP_TEST_METHOD pverify_message_public_test_method = { 2989 "Verify-Message-Public", 2990 verify_message_public_test_init, 2991 pkey_test_cleanup, 2992 pkey_test_parse, 2993 verify_test_run 2994 }; 2995 2996 static int pderive_test_init(EVP_TEST *t, const char *name) 2997 { 2998 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init_ex, 0); 2999 } 3000 3001 static int pderive_test_parse(EVP_TEST *t, 3002 const char *keyword, const char *value) 3003 { 3004 PKEY_DATA *kdata = t->data; 3005 int validate = 0; 3006 3007 if (strcmp(keyword, "PeerKeyValidate") == 0) 3008 validate = 1; 3009 3010 if (validate || strcmp(keyword, "PeerKey") == 0) { 3011 EVP_PKEY *peer = NULL; 3012 3013 kdata->validate = validate; 3014 if (find_key(&peer, value, public_keys) == 0) 3015 return -1; 3016 kdata->peer = peer; 3017 return 1; 3018 } 3019 if (strcmp(keyword, "SharedSecret") == 0) 3020 return parse_bin(value, &kdata->output, &kdata->output_len); 3021 if (strcmp(keyword, "Ctrl") == 0) 3022 return pkey_add_control(t, kdata->controls, value); 3023 if (strcmp(keyword, "CtrlInit") == 0) 3024 return ctrladd(kdata->init_controls, value); 3025 return 0; 3026 } 3027 3028 static int pderive_test_run(EVP_TEST *t) 3029 { 3030 EVP_PKEY_CTX *dctx = NULL; 3031 PKEY_DATA *expected = t->data; 3032 unsigned char *got = NULL; 3033 size_t got_len; 3034 int ret = 1; 3035 3036 if (!pkey_test_run_init(t)) 3037 goto err; 3038 3039 t->err = NULL; 3040 if (EVP_PKEY_derive_set_peer_ex(expected->ctx, expected->peer, 3041 expected->validate) 3042 <= 0) { 3043 t->err = "DERIVE_SET_PEER_ERROR"; 3044 goto err; 3045 } 3046 3047 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) { 3048 t->err = "DERIVE_ERROR"; 3049 goto err; 3050 } 3051 3052 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0 3053 || !TEST_size_t_ne(got_len, 0)) { 3054 t->err = "DERIVE_ERROR"; 3055 goto err; 3056 } 3057 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 3058 t->err = "DERIVE_ERROR"; 3059 goto err; 3060 } 3061 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) { 3062 t->err = "DERIVE_ERROR"; 3063 goto err; 3064 } 3065 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH", 3066 expected->output, expected->output_len, 3067 got, got_len)) 3068 goto err; 3069 3070 if (!pkey_check_fips_approved(dctx, t)) { 3071 ret = 0; 3072 goto err; 3073 } 3074 t->err = NULL; 3075 err: 3076 OPENSSL_free(got); 3077 EVP_PKEY_CTX_free(dctx); 3078 return ret; 3079 } 3080 3081 static const EVP_TEST_METHOD pderive_test_method = { 3082 "Derive", 3083 pderive_test_init, 3084 pkey_test_cleanup, 3085 pderive_test_parse, 3086 pderive_test_run 3087 }; 3088 3089 /** 3090 ** PBE TESTS 3091 **/ 3092 3093 typedef enum pbe_type_enum { 3094 PBE_TYPE_INVALID = 0, 3095 PBE_TYPE_SCRYPT, 3096 PBE_TYPE_PBKDF2, 3097 PBE_TYPE_PKCS12 3098 } PBE_TYPE; 3099 3100 typedef struct pbe_data_st { 3101 PBE_TYPE pbe_type; 3102 /* scrypt parameters */ 3103 uint64_t N, r, p, maxmem; 3104 /* PKCS#12 parameters */ 3105 int id, iter; 3106 const EVP_MD *md; 3107 /* password */ 3108 unsigned char *pass; 3109 size_t pass_len; 3110 /* salt */ 3111 unsigned char *salt; 3112 size_t salt_len; 3113 /* Expected output */ 3114 unsigned char *key; 3115 size_t key_len; 3116 } PBE_DATA; 3117 3118 #ifndef OPENSSL_NO_SCRYPT 3119 /* Parse unsigned decimal 64 bit integer value */ 3120 static int parse_uint64(const char *value, uint64_t *pr) 3121 { 3122 const char *p = value; 3123 3124 if (!TEST_true(*p)) { 3125 TEST_info("Invalid empty integer value"); 3126 return -1; 3127 } 3128 for (*pr = 0; *p;) { 3129 if (*pr > UINT64_MAX / 10) { 3130 TEST_error("Integer overflow in string %s", value); 3131 return -1; 3132 } 3133 *pr *= 10; 3134 if (!TEST_true(isdigit((unsigned char)*p))) { 3135 TEST_error("Invalid character in string %s", value); 3136 return -1; 3137 } 3138 *pr += *p - '0'; 3139 p++; 3140 } 3141 return 1; 3142 } 3143 3144 static int scrypt_test_parse(EVP_TEST *t, 3145 const char *keyword, const char *value) 3146 { 3147 PBE_DATA *pdata = t->data; 3148 3149 if (strcmp(keyword, "N") == 0) 3150 return parse_uint64(value, &pdata->N); 3151 if (strcmp(keyword, "p") == 0) 3152 return parse_uint64(value, &pdata->p); 3153 if (strcmp(keyword, "r") == 0) 3154 return parse_uint64(value, &pdata->r); 3155 if (strcmp(keyword, "maxmem") == 0) 3156 return parse_uint64(value, &pdata->maxmem); 3157 return 0; 3158 } 3159 #endif 3160 3161 static int pbkdf2_test_parse(EVP_TEST *t, 3162 const char *keyword, const char *value) 3163 { 3164 PBE_DATA *pdata = t->data; 3165 3166 if (strcmp(keyword, "iter") == 0) { 3167 pdata->iter = atoi(value); 3168 if (pdata->iter <= 0) 3169 return -1; 3170 return 1; 3171 } 3172 if (strcmp(keyword, "MD") == 0) { 3173 pdata->md = EVP_get_digestbyname(value); 3174 if (pdata->md == NULL) 3175 return -1; 3176 return 1; 3177 } 3178 return 0; 3179 } 3180 3181 static int pkcs12_test_parse(EVP_TEST *t, 3182 const char *keyword, const char *value) 3183 { 3184 PBE_DATA *pdata = t->data; 3185 3186 if (strcmp(keyword, "id") == 0) { 3187 pdata->id = atoi(value); 3188 if (pdata->id <= 0) 3189 return -1; 3190 return 1; 3191 } 3192 return pbkdf2_test_parse(t, keyword, value); 3193 } 3194 3195 static int pbe_test_init(EVP_TEST *t, const char *alg) 3196 { 3197 PBE_DATA *pdat; 3198 PBE_TYPE pbe_type = PBE_TYPE_INVALID; 3199 3200 if (is_kdf_disabled(alg)) { 3201 TEST_info("skipping, '%s' is disabled", alg); 3202 t->skip = 1; 3203 return 1; 3204 } 3205 if (strcmp(alg, "scrypt") == 0) { 3206 pbe_type = PBE_TYPE_SCRYPT; 3207 } else if (strcmp(alg, "pbkdf2") == 0) { 3208 pbe_type = PBE_TYPE_PBKDF2; 3209 } else if (strcmp(alg, "pkcs12") == 0) { 3210 pbe_type = PBE_TYPE_PKCS12; 3211 } else { 3212 TEST_error("Unknown pbe algorithm %s", alg); 3213 return 0; 3214 } 3215 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat)))) 3216 return 0; 3217 pdat->pbe_type = pbe_type; 3218 t->data = pdat; 3219 return 1; 3220 } 3221 3222 static void pbe_test_cleanup(EVP_TEST *t) 3223 { 3224 PBE_DATA *pdat = t->data; 3225 3226 OPENSSL_free(pdat->pass); 3227 OPENSSL_free(pdat->salt); 3228 OPENSSL_free(pdat->key); 3229 } 3230 3231 static int pbe_test_parse(EVP_TEST *t, 3232 const char *keyword, const char *value) 3233 { 3234 PBE_DATA *pdata = t->data; 3235 3236 if (strcmp(keyword, "Password") == 0) 3237 return parse_bin(value, &pdata->pass, &pdata->pass_len); 3238 if (strcmp(keyword, "Salt") == 0) 3239 return parse_bin(value, &pdata->salt, &pdata->salt_len); 3240 if (strcmp(keyword, "Key") == 0) 3241 return parse_bin(value, &pdata->key, &pdata->key_len); 3242 if (pdata->pbe_type == PBE_TYPE_PBKDF2) 3243 return pbkdf2_test_parse(t, keyword, value); 3244 else if (pdata->pbe_type == PBE_TYPE_PKCS12) 3245 return pkcs12_test_parse(t, keyword, value); 3246 #ifndef OPENSSL_NO_SCRYPT 3247 else if (pdata->pbe_type == PBE_TYPE_SCRYPT) 3248 return scrypt_test_parse(t, keyword, value); 3249 #endif 3250 return 0; 3251 } 3252 3253 static int pbe_test_run(EVP_TEST *t) 3254 { 3255 PBE_DATA *expected = t->data; 3256 unsigned char *key; 3257 EVP_MD *fetched_digest = NULL; 3258 OSSL_LIB_CTX *save_libctx; 3259 3260 save_libctx = OSSL_LIB_CTX_set0_default(libctx); 3261 3262 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) { 3263 t->err = "INTERNAL_ERROR"; 3264 goto err; 3265 } 3266 if (expected->pbe_type == PBE_TYPE_PBKDF2) { 3267 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len, 3268 expected->salt, expected->salt_len, 3269 expected->iter, expected->md, 3270 expected->key_len, key) 3271 == 0) { 3272 t->err = "PBKDF2_ERROR"; 3273 goto err; 3274 } 3275 #ifndef OPENSSL_NO_SCRYPT 3276 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) { 3277 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len, 3278 expected->salt, expected->salt_len, 3279 expected->N, expected->r, expected->p, 3280 expected->maxmem, key, expected->key_len) 3281 == 0) { 3282 t->err = "SCRYPT_ERROR"; 3283 goto err; 3284 } 3285 #endif 3286 } else if (expected->pbe_type == PBE_TYPE_PKCS12) { 3287 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md), 3288 propquery); 3289 if (fetched_digest == NULL) { 3290 t->err = "PKCS12_ERROR"; 3291 goto err; 3292 } 3293 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len, 3294 expected->salt, expected->salt_len, 3295 expected->id, expected->iter, expected->key_len, 3296 key, fetched_digest) 3297 == 0) { 3298 t->err = "PKCS12_ERROR"; 3299 goto err; 3300 } 3301 } 3302 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len, 3303 key, expected->key_len)) 3304 goto err; 3305 3306 t->err = NULL; 3307 err: 3308 EVP_MD_free(fetched_digest); 3309 OPENSSL_free(key); 3310 OSSL_LIB_CTX_set0_default(save_libctx); 3311 return 1; 3312 } 3313 3314 static const EVP_TEST_METHOD pbe_test_method = { 3315 "PBE", 3316 pbe_test_init, 3317 pbe_test_cleanup, 3318 pbe_test_parse, 3319 pbe_test_run 3320 }; 3321 3322 /** 3323 ** BASE64 TESTS 3324 **/ 3325 3326 typedef enum { 3327 BASE64_CANONICAL_ENCODING = 0, 3328 BASE64_VALID_ENCODING = 1, 3329 BASE64_INVALID_ENCODING = 2 3330 } base64_encoding_type; 3331 3332 typedef struct encode_data_st { 3333 /* Input to encoding */ 3334 unsigned char *input; 3335 size_t input_len; 3336 /* Expected output */ 3337 unsigned char *output; 3338 size_t output_len; 3339 base64_encoding_type encoding; 3340 } ENCODE_DATA; 3341 3342 static int encode_test_init(EVP_TEST *t, const char *encoding) 3343 { 3344 ENCODE_DATA *edata; 3345 3346 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata)))) 3347 return 0; 3348 if (strcmp(encoding, "canonical") == 0) { 3349 edata->encoding = BASE64_CANONICAL_ENCODING; 3350 } else if (strcmp(encoding, "valid") == 0) { 3351 edata->encoding = BASE64_VALID_ENCODING; 3352 } else if (strcmp(encoding, "invalid") == 0) { 3353 edata->encoding = BASE64_INVALID_ENCODING; 3354 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR"))) 3355 goto err; 3356 } else { 3357 TEST_error("Bad encoding: %s." 3358 " Should be one of {canonical, valid, invalid}", 3359 encoding); 3360 goto err; 3361 } 3362 t->data = edata; 3363 return 1; 3364 err: 3365 OPENSSL_free(edata); 3366 return 0; 3367 } 3368 3369 static void encode_test_cleanup(EVP_TEST *t) 3370 { 3371 ENCODE_DATA *edata = t->data; 3372 3373 OPENSSL_free(edata->input); 3374 OPENSSL_free(edata->output); 3375 memset(edata, 0, sizeof(*edata)); 3376 } 3377 3378 static int encode_test_parse(EVP_TEST *t, 3379 const char *keyword, const char *value) 3380 { 3381 ENCODE_DATA *edata = t->data; 3382 3383 if (strcmp(keyword, "Input") == 0) 3384 return parse_bin(value, &edata->input, &edata->input_len); 3385 if (strcmp(keyword, "Output") == 0) 3386 return parse_bin(value, &edata->output, &edata->output_len); 3387 return 0; 3388 } 3389 3390 static int encode_test_run(EVP_TEST *t) 3391 { 3392 ENCODE_DATA *expected = t->data; 3393 unsigned char *encode_out = NULL, *decode_out = NULL; 3394 int output_len, chunk_len; 3395 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL; 3396 size_t input_len, donelen, decode_length; 3397 3398 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) { 3399 t->err = "INTERNAL_ERROR"; 3400 goto err; 3401 } 3402 3403 if (expected->encoding == BASE64_CANONICAL_ENCODING) { 3404 3405 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new()) 3406 || !TEST_ptr(encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len)))) 3407 goto err; 3408 3409 EVP_EncodeInit(encode_ctx); 3410 3411 input_len = expected->input_len; 3412 donelen = 0; 3413 output_len = 0; 3414 do { 3415 size_t current_len = (size_t)data_chunk_size; 3416 3417 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len) 3418 current_len = input_len; 3419 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, 3420 expected->input + donelen, 3421 current_len))) 3422 goto err; 3423 donelen += current_len; 3424 input_len -= current_len; 3425 output_len += chunk_len; 3426 } while (input_len > 0); 3427 3428 EVP_EncodeFinal(encode_ctx, encode_out + output_len, &chunk_len); 3429 output_len += chunk_len; 3430 3431 if (!memory_err_compare(t, "BAD_ENCODING", 3432 expected->output, expected->output_len, 3433 encode_out, output_len)) 3434 goto err; 3435 } 3436 3437 decode_length = EVP_DECODE_LENGTH(expected->output_len); 3438 if (!TEST_ptr(decode_out = OPENSSL_malloc(decode_length))) 3439 goto err; 3440 /* 3441 * Fill memory with non-zeros 3442 * to check that decoding does not place redundant zeros. 3443 */ 3444 memset(decode_out, 0xff, decode_length); 3445 3446 output_len = 0; 3447 EVP_DecodeInit(decode_ctx); 3448 3449 input_len = expected->output_len; 3450 donelen = 0; 3451 do { 3452 size_t current_len = (size_t)data_chunk_size; 3453 3454 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len) 3455 current_len = input_len; 3456 if (EVP_DecodeUpdate(decode_ctx, decode_out + output_len, &chunk_len, 3457 expected->output + donelen, current_len) 3458 < 0) { 3459 t->err = "DECODE_ERROR"; 3460 goto err; 3461 } 3462 donelen += current_len; 3463 input_len -= current_len; 3464 output_len += chunk_len; 3465 } while (input_len > 0); 3466 3467 if (EVP_DecodeFinal(decode_ctx, decode_out + output_len, &chunk_len) != 1) { 3468 t->err = "DECODE_ERROR"; 3469 goto err; 3470 } 3471 output_len += chunk_len; 3472 3473 if (expected->encoding != BASE64_INVALID_ENCODING 3474 && !memory_err_compare(t, "BAD_DECODING", 3475 expected->input, expected->input_len, 3476 decode_out, output_len)) { 3477 t->err = "BAD_DECODING"; 3478 goto err; 3479 } 3480 3481 for (; output_len < (int)decode_length; output_len++) { 3482 if (decode_out[output_len] != 0xff) { 3483 t->err = "BAD_DECODING"; 3484 goto err; 3485 } 3486 } 3487 3488 t->err = NULL; 3489 err: 3490 OPENSSL_free(encode_out); 3491 OPENSSL_free(decode_out); 3492 EVP_ENCODE_CTX_free(decode_ctx); 3493 EVP_ENCODE_CTX_free(encode_ctx); 3494 return 1; 3495 } 3496 3497 static const EVP_TEST_METHOD encode_test_method = { 3498 "Encoding", 3499 encode_test_init, 3500 encode_test_cleanup, 3501 encode_test_parse, 3502 encode_test_run, 3503 }; 3504 3505 /** 3506 ** RAND TESTS 3507 **/ 3508 #define MAX_RAND_REPEATS 15 3509 3510 typedef struct rand_data_pass_st { 3511 unsigned char *entropy; 3512 unsigned char *reseed_entropy; 3513 unsigned char *nonce; 3514 unsigned char *pers; 3515 unsigned char *reseed_addin; 3516 unsigned char *addinA; 3517 unsigned char *addinB; 3518 unsigned char *pr_entropyA; 3519 unsigned char *pr_entropyB; 3520 unsigned char *output; 3521 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len, 3522 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len, 3523 reseed_addin_len; 3524 } RAND_DATA_PASS; 3525 3526 typedef struct rand_data_st { 3527 /* Context for this operation */ 3528 EVP_RAND_CTX *ctx; 3529 EVP_RAND_CTX *parent; 3530 int n; 3531 int prediction_resistance; 3532 int use_df; 3533 unsigned int generate_bits; 3534 char *cipher; 3535 char *digest; 3536 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 3537 3538 /* Expected output */ 3539 RAND_DATA_PASS data[MAX_RAND_REPEATS]; 3540 } RAND_DATA; 3541 3542 static int rand_test_init(EVP_TEST *t, const char *name) 3543 { 3544 RAND_DATA *rdata; 3545 EVP_RAND *rand; 3546 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3547 unsigned int strength = 256; 3548 3549 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata)))) 3550 return 0; 3551 3552 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */ 3553 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"); 3554 if (rand == NULL) 3555 goto err; 3556 rdata->parent = EVP_RAND_CTX_new(rand, NULL); 3557 EVP_RAND_free(rand); 3558 if (rdata->parent == NULL) 3559 goto err; 3560 3561 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); 3562 if (!EVP_RAND_CTX_set_params(rdata->parent, params)) 3563 goto err; 3564 3565 rand = EVP_RAND_fetch(libctx, name, propquery); 3566 if (rand == NULL) 3567 goto err; 3568 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent); 3569 EVP_RAND_free(rand); 3570 if (rdata->ctx == NULL) 3571 goto err; 3572 rdata->init_controls = sk_OPENSSL_STRING_new_null(); 3573 3574 rdata->n = -1; 3575 t->data = rdata; 3576 return 1; 3577 err: 3578 EVP_RAND_CTX_free(rdata->parent); 3579 OPENSSL_free(rdata); 3580 return 0; 3581 } 3582 3583 static void rand_test_cleanup(EVP_TEST *t) 3584 { 3585 RAND_DATA *rdata = t->data; 3586 int i; 3587 3588 ctrlfree(rdata->init_controls); 3589 OPENSSL_free(rdata->cipher); 3590 OPENSSL_free(rdata->digest); 3591 3592 for (i = 0; i <= rdata->n; i++) { 3593 OPENSSL_free(rdata->data[i].entropy); 3594 OPENSSL_free(rdata->data[i].reseed_entropy); 3595 OPENSSL_free(rdata->data[i].nonce); 3596 OPENSSL_free(rdata->data[i].pers); 3597 OPENSSL_free(rdata->data[i].reseed_addin); 3598 OPENSSL_free(rdata->data[i].addinA); 3599 OPENSSL_free(rdata->data[i].addinB); 3600 OPENSSL_free(rdata->data[i].pr_entropyA); 3601 OPENSSL_free(rdata->data[i].pr_entropyB); 3602 OPENSSL_free(rdata->data[i].output); 3603 } 3604 EVP_RAND_CTX_free(rdata->ctx); 3605 EVP_RAND_CTX_free(rdata->parent); 3606 } 3607 3608 static int rand_test_parse(EVP_TEST *t, 3609 const char *keyword, const char *value) 3610 { 3611 RAND_DATA *rdata = t->data; 3612 RAND_DATA_PASS *item; 3613 const char *p; 3614 int n; 3615 3616 if ((p = strchr(keyword, '.')) != NULL) { 3617 n = atoi(++p); 3618 if (n >= MAX_RAND_REPEATS) 3619 return 0; 3620 if (n > rdata->n) 3621 rdata->n = n; 3622 item = rdata->data + n; 3623 if (HAS_PREFIX(keyword, "Entropy.")) 3624 return parse_bin(value, &item->entropy, &item->entropy_len); 3625 if (HAS_PREFIX(keyword, "ReseedEntropy.")) 3626 return parse_bin(value, &item->reseed_entropy, 3627 &item->reseed_entropy_len); 3628 if (HAS_PREFIX(keyword, "Nonce.")) 3629 return parse_bin(value, &item->nonce, &item->nonce_len); 3630 if (HAS_PREFIX(keyword, "PersonalisationString.")) 3631 return parse_bin(value, &item->pers, &item->pers_len); 3632 if (HAS_PREFIX(keyword, "ReseedAdditionalInput.")) 3633 return parse_bin(value, &item->reseed_addin, 3634 &item->reseed_addin_len); 3635 if (HAS_PREFIX(keyword, "AdditionalInputA.")) 3636 return parse_bin(value, &item->addinA, &item->addinA_len); 3637 if (HAS_PREFIX(keyword, "AdditionalInputB.")) 3638 return parse_bin(value, &item->addinB, &item->addinB_len); 3639 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA.")) 3640 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len); 3641 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB.")) 3642 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len); 3643 if (HAS_PREFIX(keyword, "Output.")) 3644 return parse_bin(value, &item->output, &item->output_len); 3645 } else { 3646 if (strcmp(keyword, "Cipher") == 0) 3647 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value)); 3648 if (strcmp(keyword, "Digest") == 0) 3649 return TEST_ptr(rdata->digest = OPENSSL_strdup(value)); 3650 if (strcmp(keyword, "DerivationFunction") == 0) { 3651 rdata->use_df = atoi(value) != 0; 3652 return 1; 3653 } 3654 if (strcmp(keyword, "GenerateBits") == 0) { 3655 if ((n = atoi(value)) <= 0 || n % 8 != 0) 3656 return 0; 3657 rdata->generate_bits = (unsigned int)n; 3658 return 1; 3659 } 3660 if (strcmp(keyword, "PredictionResistance") == 0) { 3661 rdata->prediction_resistance = atoi(value) != 0; 3662 return 1; 3663 } 3664 if (strcmp(keyword, "CtrlInit") == 0) 3665 return ctrladd(rdata->init_controls, value); 3666 } 3667 return 0; 3668 } 3669 3670 static int rand_test_run(EVP_TEST *t) 3671 { 3672 RAND_DATA *expected = t->data; 3673 RAND_DATA_PASS *item; 3674 unsigned char *got; 3675 size_t got_len = expected->generate_bits / 8; 3676 OSSL_PARAM params[8], *p = params; 3677 int i = -1, ret = 0; 3678 unsigned int strength; 3679 unsigned char *z; 3680 size_t params_n = 0, params_allocated_n = 0; 3681 3682 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) 3683 return 0; 3684 3685 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) { 3686 if (!ctrl2params(t, expected->init_controls, 3687 NULL, 3688 params, OSSL_NELEM(params), ¶ms_n)) 3689 goto err; 3690 } 3691 p = params + params_n; 3692 3693 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df); 3694 if (expected->cipher != NULL) 3695 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, 3696 expected->cipher, 0); 3697 if (expected->digest != NULL) 3698 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, 3699 expected->digest, 0); 3700 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, (char *)(intptr_t)"HMAC", 0); 3701 *p = OSSL_PARAM_construct_end(); 3702 if (!EVP_RAND_CTX_set_params(expected->ctx, params)) { 3703 if (t->expect_unapproved == 0) { 3704 t->err = "EVP_RAND_CTX_set_params"; 3705 ret = 1; 3706 } 3707 goto err; 3708 } 3709 ctrl2params_free(params, params_n, params_allocated_n); 3710 params_n = 0; 3711 3712 strength = EVP_RAND_get_strength(expected->ctx); 3713 for (i = 0; i <= expected->n; i++) { 3714 item = expected->data + i; 3715 3716 p = params; 3717 z = item->entropy != NULL ? item->entropy : (unsigned char *)(intptr_t)""; 3718 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 3719 z, item->entropy_len); 3720 z = item->nonce != NULL ? item->nonce : (unsigned char *)(intptr_t)""; 3721 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, 3722 z, item->nonce_len); 3723 *p = OSSL_PARAM_construct_end(); 3724 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength, 3725 0, NULL, 0, params))) 3726 goto err; 3727 3728 z = item->pers != NULL ? item->pers : (unsigned char *)(intptr_t)""; 3729 if (!TEST_true(EVP_RAND_instantiate(expected->ctx, strength, 3730 expected->prediction_resistance, z, 3731 item->pers_len, NULL))) 3732 goto err; 3733 3734 if (item->reseed_entropy != NULL) { 3735 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy, 3736 item->reseed_entropy_len); 3737 params[1] = OSSL_PARAM_construct_end(); 3738 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 3739 goto err; 3740 3741 if (!TEST_true(EVP_RAND_reseed(expected->ctx, expected->prediction_resistance, 3742 NULL, 0, item->reseed_addin, 3743 item->reseed_addin_len))) 3744 goto err; 3745 } 3746 if (item->pr_entropyA != NULL) { 3747 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA, 3748 item->pr_entropyA_len); 3749 params[1] = OSSL_PARAM_construct_end(); 3750 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 3751 goto err; 3752 } 3753 if (!TEST_true(EVP_RAND_generate(expected->ctx, got, got_len, 3754 strength, expected->prediction_resistance, 3755 item->addinA, item->addinA_len))) 3756 goto err; 3757 3758 if (item->pr_entropyB != NULL) { 3759 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB, 3760 item->pr_entropyB_len); 3761 params[1] = OSSL_PARAM_construct_end(); 3762 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 3763 goto err; 3764 } 3765 if (!TEST_true(EVP_RAND_generate(expected->ctx, got, got_len, 3766 strength, expected->prediction_resistance, 3767 item->addinB, item->addinB_len))) 3768 goto err; 3769 if (!TEST_mem_eq(got, got_len, item->output, item->output_len)) 3770 goto err; 3771 if (!rand_check_fips_approved(expected->ctx, t)) 3772 goto err; 3773 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx)) 3774 || !TEST_true(EVP_RAND_uninstantiate(expected->parent)) 3775 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx)) 3776 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx), 3777 EVP_RAND_STATE_UNINITIALISED)) 3778 goto err; 3779 } 3780 t->err = NULL; 3781 ret = 1; 3782 3783 err: 3784 if (ret == 0 && i >= 0) 3785 TEST_info("Error in test case %d of %d\n", i, expected->n + 1); 3786 OPENSSL_free(got); 3787 ctrl2params_free(params, params_n, params_allocated_n); 3788 return ret; 3789 } 3790 3791 static const EVP_TEST_METHOD rand_test_method = { 3792 "RAND", 3793 rand_test_init, 3794 rand_test_cleanup, 3795 rand_test_parse, 3796 rand_test_run 3797 }; 3798 3799 /** 3800 ** KDF TESTS 3801 **/ 3802 typedef struct kdf_data_st { 3803 /* Context for this operation */ 3804 EVP_KDF_CTX *ctx; 3805 /* Expected output */ 3806 unsigned char *output; 3807 size_t output_len; 3808 OSSL_PARAM params[20]; 3809 OSSL_PARAM *p; 3810 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 3811 } KDF_DATA; 3812 3813 /* 3814 * Perform public key operation setup: lookup key, allocated ctx and call 3815 * the appropriate initialisation function 3816 */ 3817 static int kdf_test_init(EVP_TEST *t, const char *name) 3818 { 3819 KDF_DATA *kdata; 3820 EVP_KDF *kdf; 3821 3822 if (is_kdf_disabled(name)) { 3823 TEST_info("skipping, '%s' is disabled", name); 3824 t->skip = 1; 3825 return 1; 3826 } 3827 3828 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 3829 return 0; 3830 kdata->p = kdata->params; 3831 *kdata->p = OSSL_PARAM_construct_end(); 3832 3833 kdf = EVP_KDF_fetch(libctx, name, propquery); 3834 if (kdf == NULL) { 3835 OPENSSL_free(kdata); 3836 return 0; 3837 } 3838 kdata->ctx = EVP_KDF_CTX_new(kdf); 3839 EVP_KDF_free(kdf); 3840 if (kdata->ctx == NULL) { 3841 OPENSSL_free(kdata); 3842 return 0; 3843 } 3844 t->data = kdata; 3845 kdata->init_controls = sk_OPENSSL_STRING_new_null(); 3846 return 1; 3847 } 3848 3849 static void kdf_test_cleanup(EVP_TEST *t) 3850 { 3851 KDF_DATA *kdata = t->data; 3852 OSSL_PARAM *p; 3853 3854 ctrlfree(kdata->init_controls); 3855 for (p = kdata->params; p->key != NULL; p++) 3856 OPENSSL_free(p->data); 3857 OPENSSL_free(kdata->output); 3858 EVP_KDF_CTX_free(kdata->ctx); 3859 } 3860 3861 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, 3862 const char *value) 3863 { 3864 KDF_DATA *kdata = t->data; 3865 int rv; 3866 char *p, *name; 3867 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx)); 3868 3869 if (!TEST_ptr(name = OPENSSL_strdup(value))) 3870 return 0; 3871 p = strchr(name, ':'); 3872 if (p == NULL) 3873 p = ""; 3874 else 3875 *p++ = '\0'; 3876 3877 if (strcmp(name, "r") == 0 3878 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3879 TEST_info("skipping, setting 'r' is unsupported"); 3880 t->skip = 1; 3881 goto end; 3882 } 3883 3884 if (strcmp(name, "lanes") == 0 3885 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3886 TEST_info("skipping, setting 'lanes' is unsupported"); 3887 t->skip = 1; 3888 goto end; 3889 } 3890 3891 if (strcmp(name, "iter") == 0 3892 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3893 TEST_info("skipping, setting 'iter' is unsupported"); 3894 t->skip = 1; 3895 goto end; 3896 } 3897 3898 if (strcmp(name, "memcost") == 0 3899 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3900 TEST_info("skipping, setting 'memcost' is unsupported"); 3901 t->skip = 1; 3902 goto end; 3903 } 3904 3905 if (strcmp(name, "secret") == 0 3906 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3907 TEST_info("skipping, setting 'secret' is unsupported"); 3908 t->skip = 1; 3909 goto end; 3910 } 3911 3912 if (strcmp(name, "pass") == 0 3913 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3914 TEST_info("skipping, setting 'pass' is unsupported"); 3915 t->skip = 1; 3916 goto end; 3917 } 3918 3919 if (strcmp(name, "ad") == 0 3920 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3921 TEST_info("skipping, setting 'ad' is unsupported"); 3922 t->skip = 1; 3923 goto end; 3924 } 3925 3926 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, 3927 strlen(p), NULL); 3928 *++kdata->p = OSSL_PARAM_construct_end(); 3929 if (!rv) { 3930 t->err = "KDF_PARAM_ERROR"; 3931 OPENSSL_free(name); 3932 return 0; 3933 } 3934 if (strcmp(name, "digest") == 0) { 3935 if (is_digest_disabled(p)) { 3936 TEST_info("skipping, '%s' is disabled", p); 3937 t->skip = 1; 3938 } 3939 goto end; 3940 } 3941 3942 if ((strcmp(name, "cipher") == 0 3943 || strcmp(name, "cekalg") == 0) 3944 && is_cipher_disabled(p)) { 3945 TEST_info("skipping, '%s' is disabled", p); 3946 t->skip = 1; 3947 goto end; 3948 } 3949 if ((strcmp(name, "mac") == 0) 3950 && is_mac_disabled(p)) { 3951 TEST_info("skipping, '%s' is disabled", p); 3952 t->skip = 1; 3953 } 3954 end: 3955 OPENSSL_free(name); 3956 return 1; 3957 } 3958 3959 static int kdf_test_parse(EVP_TEST *t, 3960 const char *keyword, const char *value) 3961 { 3962 KDF_DATA *kdata = t->data; 3963 3964 if (strcmp(keyword, "Output") == 0) 3965 return parse_bin(value, &kdata->output, &kdata->output_len); 3966 if (strcmp(keyword, "CtrlInit") == 0) 3967 return ctrladd(kdata->init_controls, value); 3968 if (HAS_PREFIX(keyword, "Ctrl")) 3969 return kdf_test_ctrl(t, kdata->ctx, value); 3970 return 0; 3971 } 3972 3973 static int kdf_test_run(EVP_TEST *t) 3974 { 3975 int ret = 1; 3976 KDF_DATA *expected = t->data; 3977 unsigned char *got = NULL; 3978 size_t got_len = expected->output_len; 3979 EVP_KDF_CTX *ctx; 3980 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3981 size_t params_n = 0, params_allocated_n = 0; 3982 3983 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) { 3984 if (!ctrl2params(t, expected->init_controls, 3985 NULL, 3986 params, OSSL_NELEM(params), ¶ms_n)) 3987 goto err; 3988 if (!EVP_KDF_CTX_set_params(expected->ctx, params)) { 3989 t->err = "KDF_CTRL_ERROR"; 3990 goto err; 3991 } 3992 } 3993 3994 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) { 3995 t->err = "KDF_CTRL_ERROR"; 3996 goto err; 3997 } 3998 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { 3999 t->err = "INTERNAL_ERROR"; 4000 goto err; 4001 } 4002 /* FIPS(3.0.0): can't dup KDF contexts #17572 */ 4003 if (fips_provider_version_gt(libctx, 3, 0, 0) 4004 && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) { 4005 EVP_KDF_CTX_free(expected->ctx); 4006 expected->ctx = ctx; 4007 } 4008 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) { 4009 t->err = "KDF_DERIVE_ERROR"; 4010 goto err; 4011 } 4012 if (!kdf_check_fips_approved(expected->ctx, t)) { 4013 ret = 0; 4014 goto err; 4015 } 4016 if (!memory_err_compare(t, "KDF_MISMATCH", 4017 expected->output, expected->output_len, 4018 got, got_len)) 4019 goto err; 4020 4021 t->err = NULL; 4022 4023 err: 4024 ctrl2params_free(params, params_n, params_allocated_n); 4025 OPENSSL_free(got); 4026 return ret; 4027 } 4028 4029 static const EVP_TEST_METHOD kdf_test_method = { 4030 "KDF", 4031 kdf_test_init, 4032 kdf_test_cleanup, 4033 kdf_test_parse, 4034 kdf_test_run 4035 }; 4036 4037 /** 4038 ** PKEY KDF TESTS 4039 **/ 4040 4041 typedef struct pkey_kdf_data_st { 4042 /* Context for this operation */ 4043 EVP_PKEY_CTX *ctx; 4044 /* Expected output */ 4045 unsigned char *output; 4046 size_t output_len; 4047 } PKEY_KDF_DATA; 4048 4049 /* 4050 * Perform public key operation setup: lookup key, allocated ctx and call 4051 * the appropriate initialisation function 4052 */ 4053 static int pkey_kdf_test_init(EVP_TEST *t, const char *name) 4054 { 4055 PKEY_KDF_DATA *kdata = NULL; 4056 4057 if (is_kdf_disabled(name)) { 4058 TEST_info("skipping, '%s' is disabled", name); 4059 t->skip = 1; 4060 return 1; 4061 } 4062 4063 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 4064 return 0; 4065 4066 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery); 4067 if (kdata->ctx == NULL 4068 || EVP_PKEY_derive_init(kdata->ctx) <= 0) 4069 goto err; 4070 4071 t->data = kdata; 4072 return 1; 4073 err: 4074 EVP_PKEY_CTX_free(kdata->ctx); 4075 OPENSSL_free(kdata); 4076 return 0; 4077 } 4078 4079 static void pkey_kdf_test_cleanup(EVP_TEST *t) 4080 { 4081 PKEY_KDF_DATA *kdata = t->data; 4082 4083 OPENSSL_free(kdata->output); 4084 EVP_PKEY_CTX_free(kdata->ctx); 4085 } 4086 4087 static int pkey_kdf_test_parse(EVP_TEST *t, 4088 const char *keyword, const char *value) 4089 { 4090 PKEY_KDF_DATA *kdata = t->data; 4091 4092 if (strcmp(keyword, "Output") == 0) 4093 return parse_bin(value, &kdata->output, &kdata->output_len); 4094 if (HAS_PREFIX(keyword, "Ctrl")) 4095 return pkey_test_ctrl(t, kdata->ctx, value); 4096 return 0; 4097 } 4098 4099 static int pkey_kdf_test_run(EVP_TEST *t) 4100 { 4101 int ret = 1; 4102 PKEY_KDF_DATA *expected = t->data; 4103 unsigned char *got = NULL; 4104 size_t got_len = 0; 4105 4106 if (fips_provider_version_eq(libctx, 3, 0, 0)) { 4107 /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */ 4108 got_len = expected->output_len; 4109 } else { 4110 /* Find out the KDF output size */ 4111 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { 4112 t->err = "INTERNAL_ERROR"; 4113 goto err; 4114 } 4115 4116 /* 4117 * We may get an absurd output size, which signals that anything goes. 4118 * If not, we specify a too big buffer for the output, to test that 4119 * EVP_PKEY_derive() can cope with it. 4120 */ 4121 if (got_len == SIZE_MAX || got_len == 0) 4122 got_len = expected->output_len; 4123 else 4124 got_len = expected->output_len * 2; 4125 } 4126 4127 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { 4128 t->err = "INTERNAL_ERROR"; 4129 goto err; 4130 } 4131 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { 4132 t->err = "KDF_DERIVE_ERROR"; 4133 goto err; 4134 } 4135 if (!pkey_check_fips_approved(expected->ctx, t)) { 4136 ret = 0; 4137 goto err; 4138 } 4139 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) { 4140 t->err = "KDF_MISMATCH"; 4141 goto err; 4142 } 4143 t->err = NULL; 4144 4145 err: 4146 OPENSSL_free(got); 4147 return ret; 4148 } 4149 4150 static const EVP_TEST_METHOD pkey_kdf_test_method = { 4151 "PKEYKDF", 4152 pkey_kdf_test_init, 4153 pkey_kdf_test_cleanup, 4154 pkey_kdf_test_parse, 4155 pkey_kdf_test_run 4156 }; 4157 4158 /** 4159 ** KEYPAIR TESTS 4160 **/ 4161 4162 typedef struct keypair_test_data_st { 4163 EVP_PKEY *privk; 4164 EVP_PKEY *pubk; 4165 } KEYPAIR_TEST_DATA; 4166 4167 static int keypair_test_init(EVP_TEST *t, const char *pair) 4168 { 4169 KEYPAIR_TEST_DATA *data; 4170 int rv = 0; 4171 EVP_PKEY *pk = NULL, *pubk = NULL; 4172 char *pub, *priv = NULL; 4173 4174 /* Split private and public names. */ 4175 if (!TEST_ptr(priv = OPENSSL_strdup(pair)) 4176 || !TEST_ptr(pub = strchr(priv, ':'))) { 4177 t->err = "PARSING_ERROR"; 4178 goto end; 4179 } 4180 *pub++ = '\0'; 4181 4182 if (!TEST_true(find_key(&pk, priv, private_keys))) { 4183 TEST_info("Can't find private key: %s", priv); 4184 t->err = "MISSING_PRIVATE_KEY"; 4185 goto end; 4186 } 4187 if (!TEST_true(find_key(&pubk, pub, public_keys))) { 4188 TEST_info("Can't find public key: %s", pub); 4189 t->err = "MISSING_PUBLIC_KEY"; 4190 goto end; 4191 } 4192 4193 if (pk == NULL && pubk == NULL) { 4194 /* Both keys are listed but unsupported: skip this test */ 4195 t->skip = 1; 4196 rv = 1; 4197 goto end; 4198 } 4199 4200 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) 4201 goto end; 4202 data->privk = pk; 4203 data->pubk = pubk; 4204 t->data = data; 4205 rv = 1; 4206 t->err = NULL; 4207 4208 end: 4209 OPENSSL_free(priv); 4210 return rv; 4211 } 4212 4213 static void keypair_test_cleanup(EVP_TEST *t) 4214 { 4215 OPENSSL_free(t->data); 4216 t->data = NULL; 4217 } 4218 4219 /* 4220 * For tests that do not accept any custom keywords. 4221 */ 4222 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value) 4223 { 4224 return 0; 4225 } 4226 4227 static int keypair_test_run(EVP_TEST *t) 4228 { 4229 int rv = 0; 4230 const KEYPAIR_TEST_DATA *pair = t->data; 4231 4232 if (pair->privk == NULL || pair->pubk == NULL) { 4233 /* 4234 * this can only happen if only one of the keys is not set 4235 * which means that one of them was unsupported while the 4236 * other isn't: hence a key type mismatch. 4237 */ 4238 t->err = "KEYPAIR_TYPE_MISMATCH"; 4239 rv = 1; 4240 goto end; 4241 } 4242 4243 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) { 4244 if (0 == rv) { 4245 t->err = "KEYPAIR_MISMATCH"; 4246 } else if (-1 == rv) { 4247 t->err = "KEYPAIR_TYPE_MISMATCH"; 4248 } else if (-2 == rv) { 4249 t->err = "UNSUPPORTED_KEY_COMPARISON"; 4250 } else { 4251 TEST_error("Unexpected error in key comparison"); 4252 rv = 0; 4253 goto end; 4254 } 4255 rv = 1; 4256 goto end; 4257 } 4258 4259 rv = 1; 4260 t->err = NULL; 4261 4262 end: 4263 return rv; 4264 } 4265 4266 static const EVP_TEST_METHOD keypair_test_method = { 4267 "PrivPubKeyPair", 4268 keypair_test_init, 4269 keypair_test_cleanup, 4270 void_test_parse, 4271 keypair_test_run 4272 }; 4273 4274 /** 4275 ** KEYGEN TEST 4276 **/ 4277 4278 typedef struct keygen_test_data_st { 4279 char *keyname; /* Key name to store key or NULL */ 4280 char *paramname; 4281 char *alg; 4282 STACK_OF(OPENSSL_STRING) *in_controls; /* Collection of controls */ 4283 STACK_OF(OPENSSL_STRING) *out_controls; 4284 } KEYGEN_TEST_DATA; 4285 4286 static int keygen_test_init(EVP_TEST *t, const char *alg) 4287 { 4288 KEYGEN_TEST_DATA *data; 4289 4290 if (is_pkey_disabled(alg)) { 4291 t->skip = 1; 4292 return 1; 4293 } 4294 4295 if (!TEST_ptr(data = OPENSSL_zalloc(sizeof(*data)))) 4296 return 0; 4297 data->keyname = NULL; 4298 data->paramname = NULL; 4299 data->in_controls = sk_OPENSSL_STRING_new_null(); 4300 data->out_controls = sk_OPENSSL_STRING_new_null(); 4301 data->alg = OPENSSL_strdup(alg); 4302 t->data = data; 4303 t->err = NULL; 4304 return 1; 4305 } 4306 4307 static void keygen_test_cleanup(EVP_TEST *t) 4308 { 4309 KEYGEN_TEST_DATA *keygen = t->data; 4310 4311 ctrlfree(keygen->in_controls); 4312 ctrlfree(keygen->out_controls); 4313 OPENSSL_free(keygen->alg); 4314 OPENSSL_free(keygen->keyname); 4315 OPENSSL_free(keygen->paramname); 4316 OPENSSL_free(t->data); 4317 t->data = NULL; 4318 } 4319 4320 static int keygen_test_parse(EVP_TEST *t, 4321 const char *keyword, const char *value) 4322 { 4323 KEYGEN_TEST_DATA *keygen = t->data; 4324 4325 if (strcmp(keyword, "KeyName") == 0) 4326 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value)); 4327 if (strcmp(keyword, "KeyParam") == 0) 4328 return TEST_ptr(keygen->paramname = OPENSSL_strdup(value)); 4329 if (strcmp(keyword, "Ctrl") == 0) 4330 return ctrladd(keygen->in_controls, value); 4331 if (strcmp(keyword, "CtrlOut") == 0) 4332 return ctrladd(keygen->out_controls, value); 4333 return 0; 4334 } 4335 4336 /* Iterate thru the key's expected values */ 4337 static int check_pkey_expected_values(EVP_TEST *t, const EVP_PKEY *pkey, 4338 STACK_OF(OPENSSL_STRING) *out_controls) 4339 { 4340 int ret = 0; 4341 OSSL_PARAM out_params[4], *p; 4342 size_t out_params_n = 0, len; 4343 4344 if (sk_OPENSSL_STRING_num(out_controls) > 0) { 4345 4346 if (!ctrl2params(t, out_controls, 4347 EVP_PKEY_gettable_params(pkey), 4348 out_params, OSSL_NELEM(out_params), &out_params_n)) 4349 goto err; 4350 for (p = out_params; p->key != NULL; ++p) { 4351 if (p->data_type == OSSL_PARAM_OCTET_STRING) { 4352 uint8_t *data = OPENSSL_malloc(p->data_size); 4353 4354 if (data == NULL) 4355 goto err; 4356 ret = EVP_PKEY_get_octet_string_param(pkey, p->key, data, 4357 p->data_size, &len) 4358 && len == p->data_size 4359 && (TEST_mem_eq(p->data, len, data, len) == 1); 4360 OPENSSL_free(data); 4361 if (ret == 0) { 4362 TEST_error("Expected %s value is incorrect", p->key); 4363 goto err; 4364 } 4365 } 4366 } 4367 } 4368 ret = 1; 4369 err: 4370 ctrl2params_free(out_params, out_params_n, 0); 4371 return ret; 4372 } 4373 4374 static int keygen_test_run(EVP_TEST *t) 4375 { 4376 KEYGEN_TEST_DATA *keygen = t->data; 4377 EVP_PKEY *pkey = NULL, *keyparams = NULL; 4378 EVP_PKEY_CTX *genctx = NULL; /* Keygen context to use */ 4379 int rv = 1; 4380 OSSL_PARAM_BLD *bld = NULL; 4381 OSSL_PARAM *params = NULL; 4382 size_t params_n = 0; 4383 int key_free = 1; 4384 4385 if (keygen->paramname != NULL) { 4386 rv = find_key(&keyparams, keygen->paramname, public_keys); 4387 if (rv == 0 || keyparams == NULL) { 4388 TEST_info("skipping, key '%s' is disabled", keygen->paramname); 4389 t->skip = 1; 4390 return 1; 4391 } 4392 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_pkey(libctx, keyparams, 4393 propquery))) 4394 goto err; 4395 4396 } else { 4397 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, keygen->alg, 4398 propquery))) 4399 goto err; 4400 } 4401 4402 if (EVP_PKEY_keygen_init(genctx) <= 0) { 4403 t->err = "KEYGEN_INIT_ERROR"; 4404 goto err; 4405 } 4406 4407 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) { 4408 if ((params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4)) == NULL) 4409 goto err; 4410 if (!ctrl2params(t, keygen->in_controls, 4411 EVP_PKEY_CTX_settable_params(genctx), 4412 params, 4, ¶ms_n)) 4413 goto err; 4414 if (!EVP_PKEY_CTX_set_params(genctx, params)) { 4415 t->err = "PKEY_CTRL_ERROR"; 4416 goto err; 4417 } 4418 } 4419 4420 if (EVP_PKEY_keygen(genctx, &pkey) <= 0) { 4421 t->err = "KEYGEN_GENERATE_ERROR"; 4422 goto err; 4423 } 4424 4425 if (!pkey_check_fips_approved(genctx, t)) { 4426 rv = 0; 4427 goto err; 4428 } 4429 4430 if (!evp_pkey_is_provided(pkey)) { 4431 TEST_info("Warning: legacy key generated %s", keygen->keyname); 4432 goto err; 4433 } 4434 4435 if (!check_pkey_expected_values(t, pkey, keygen->out_controls)) { 4436 t->err = "KEYGEN_PKEY_MISMATCH_ERROR"; 4437 goto err; 4438 } 4439 4440 if (keygen->keyname != NULL) { 4441 KEY_LIST *key; 4442 4443 rv = 0; 4444 if (find_key(NULL, keygen->keyname, private_keys)) { 4445 TEST_info("Duplicate key %s", keygen->keyname); 4446 goto err; 4447 } 4448 4449 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 4450 goto err; 4451 key->name = keygen->keyname; 4452 keygen->keyname = NULL; 4453 key->key = pkey; 4454 key->next = private_keys; 4455 private_keys = key; 4456 rv = 1; 4457 key_free = 0; 4458 } 4459 4460 t->err = NULL; 4461 err: 4462 if (key_free) { 4463 EVP_PKEY_free(pkey); 4464 pkey = NULL; 4465 } 4466 EVP_PKEY_CTX_free(genctx); 4467 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) 4468 ctrl2params_free(params, params_n, 0); 4469 OSSL_PARAM_free(params); 4470 OSSL_PARAM_BLD_free(bld); 4471 return rv; 4472 } 4473 4474 static const EVP_TEST_METHOD keygen_test_method = { 4475 "KeyGen", 4476 keygen_test_init, 4477 keygen_test_cleanup, 4478 keygen_test_parse, 4479 keygen_test_run, 4480 }; 4481 4482 /** 4483 ** DIGEST SIGN+VERIFY TESTS 4484 **/ 4485 4486 typedef struct { 4487 int is_verify; /* Set to 1 if verifying */ 4488 int is_oneshot; /* Set to 1 for one shot operation */ 4489 const EVP_MD *md; /* Digest to use */ 4490 EVP_MD_CTX *ctx; /* Digest context */ 4491 EVP_PKEY_CTX *pctx; 4492 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */ 4493 unsigned char *osin; /* Input data if one shot */ 4494 size_t osin_len; /* Input length data if one shot */ 4495 unsigned char *output; /* Expected output */ 4496 size_t output_len; /* Expected output length */ 4497 int deterministic_noncetype; 4498 EVP_PKEY *key; 4499 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 4500 STACK_OF(OPENSSL_STRING) *controls; /* Collection of controls */ 4501 } DIGESTSIGN_DATA; 4502 4503 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, 4504 int is_oneshot) 4505 { 4506 const EVP_MD *md = NULL; 4507 DIGESTSIGN_DATA *mdat; 4508 4509 if (strcmp(alg, "NULL") != 0) { 4510 if (is_digest_disabled(alg)) { 4511 t->skip = 1; 4512 return 1; 4513 } 4514 md = EVP_get_digestbyname(alg); 4515 if (md == NULL) 4516 return 0; 4517 } 4518 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 4519 return 0; 4520 mdat->init_controls = sk_OPENSSL_STRING_new_null(); 4521 mdat->controls = sk_OPENSSL_STRING_new_null(); 4522 mdat->md = md; 4523 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) { 4524 OPENSSL_free(mdat); 4525 return 0; 4526 } 4527 mdat->is_verify = is_verify; 4528 mdat->is_oneshot = is_oneshot; 4529 t->data = mdat; 4530 return 1; 4531 } 4532 4533 static int digestsign_test_init(EVP_TEST *t, const char *alg) 4534 { 4535 return digestsigver_test_init(t, alg, 0, 0); 4536 } 4537 4538 static void digestsigver_test_cleanup(EVP_TEST *t) 4539 { 4540 DIGESTSIGN_DATA *mdata = t->data; 4541 4542 ctrlfree(mdata->init_controls); 4543 ctrlfree(mdata->controls); 4544 EVP_MD_CTX_free(mdata->ctx); 4545 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free); 4546 OPENSSL_free(mdata->osin); 4547 OPENSSL_free(mdata->output); 4548 OPENSSL_free(mdata); 4549 t->data = NULL; 4550 } 4551 4552 static int digestsigver_test_parse(EVP_TEST *t, 4553 const char *keyword, const char *value) 4554 { 4555 DIGESTSIGN_DATA *mdata = t->data; 4556 4557 if (strcmp(keyword, "Key") == 0) { 4558 EVP_PKEY *pkey = NULL; 4559 int rv = 0; 4560 4561 if (mdata->is_verify) 4562 rv = find_key(&pkey, value, public_keys); 4563 if (rv == 0) 4564 rv = find_key(&pkey, value, private_keys); 4565 if (rv == 0 || pkey == NULL) { 4566 t->skip = 1; 4567 return 1; 4568 } 4569 mdata->key = pkey; 4570 return 1; 4571 } 4572 4573 if (strcmp(keyword, "Input") == 0) { 4574 if (mdata->is_oneshot) 4575 return parse_bin(value, &mdata->osin, &mdata->osin_len); 4576 return evp_test_buffer_append(value, data_chunk_size, &mdata->input); 4577 } 4578 if (strcmp(keyword, "Output") == 0) 4579 return parse_bin(value, &mdata->output, &mdata->output_len); 4580 4581 if (!mdata->is_oneshot && data_chunk_size == 0) { 4582 if (strcmp(keyword, "Count") == 0) 4583 return evp_test_buffer_set_count(value, mdata->input); 4584 if (strcmp(keyword, "Ncopy") == 0) 4585 return evp_test_buffer_ncopy(value, mdata->input); 4586 } 4587 if (strcmp(keyword, "Ctrl") == 0) 4588 return pkey_add_control(t, mdata->controls, value); 4589 if (strcmp(keyword, "CtrlInit") == 0) 4590 return ctrladd(mdata->init_controls, value); 4591 if (strcmp(keyword, "NonceType") == 0) { 4592 if (strcmp(value, "deterministic") == 0) 4593 mdata->deterministic_noncetype = 1; 4594 return 1; 4595 } 4596 return 0; 4597 } 4598 4599 static int check_deterministic_noncetype(EVP_TEST *t, 4600 DIGESTSIGN_DATA *mdata) 4601 { 4602 if (mdata->deterministic_noncetype == 1) { 4603 OSSL_PARAM params[2]; 4604 unsigned int nonce_type = 1; 4605 4606 params[0] = OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, 4607 &nonce_type); 4608 params[1] = OSSL_PARAM_construct_end(); 4609 if (!EVP_PKEY_CTX_set_params(mdata->pctx, params)) 4610 t->err = "EVP_PKEY_CTX_set_params_ERROR"; 4611 else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params)) 4612 t->err = "EVP_PKEY_CTX_get_params_ERROR"; 4613 else if (!OSSL_PARAM_modified(¶ms[0])) 4614 t->err = "nonce_type_not_modified_ERROR"; 4615 else if (nonce_type != 1) 4616 t->err = "nonce_type_value_ERROR"; 4617 } 4618 return t->err == NULL; 4619 } 4620 4621 static int signverify_init(EVP_TEST *t, DIGESTSIGN_DATA *data) 4622 { 4623 const char *name = data->md == NULL ? NULL : EVP_MD_get0_name(data->md); 4624 OSSL_PARAM params[5]; 4625 OSSL_PARAM *p = NULL; 4626 int i, ret = 0; 4627 size_t params_n = 0, params_allocated_n = 0; 4628 4629 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) { 4630 if (!ctrl2params(t, data->init_controls, 4631 NULL, 4632 params, OSSL_NELEM(params), ¶ms_n)) 4633 goto err; 4634 p = params; 4635 } 4636 4637 if (data->is_verify) { 4638 if (!EVP_DigestVerifyInit_ex(data->ctx, &data->pctx, name, libctx, 4639 NULL, data->key, p)) { 4640 t->err = "DIGESTVERIFYINIT_ERROR"; 4641 goto err; 4642 } 4643 } else { 4644 if (!EVP_DigestSignInit_ex(data->ctx, &data->pctx, name, libctx, NULL, 4645 data->key, p)) { 4646 t->err = "DIGESTSIGNINIT_ERROR"; 4647 goto err; 4648 } 4649 } 4650 4651 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) { 4652 char *value = sk_OPENSSL_STRING_value(data->controls, i); 4653 4654 if (!pkey_test_ctrl(t, data->pctx, value) || t->err != NULL) 4655 goto err; 4656 } 4657 ret = 1; 4658 err: 4659 ctrl2params_free(params, params_n, params_allocated_n); 4660 return ret; 4661 } 4662 4663 static int digestsign_update_fn(void *ctx, const unsigned char *buf, 4664 size_t buflen) 4665 { 4666 return EVP_DigestSignUpdate(ctx, buf, buflen); 4667 } 4668 4669 static int digestsign_test_run(EVP_TEST *t) 4670 { 4671 int i; 4672 DIGESTSIGN_DATA *expected = t->data; 4673 unsigned char *got = NULL; 4674 size_t got_len; 4675 4676 if (!signverify_init(t, expected)) 4677 goto err; 4678 if (!check_deterministic_noncetype(t, expected)) 4679 goto err; 4680 4681 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) { 4682 char *value = sk_OPENSSL_STRING_value(expected->controls, i); 4683 if (!pkey_test_ctrl(t, expected->pctx, value) || t->err != NULL) 4684 return 0; 4685 } 4686 4687 if (!evp_test_buffer_do(expected->input, digestsign_update_fn, 4688 expected->ctx)) { 4689 t->err = "DIGESTUPDATE_ERROR"; 4690 goto err; 4691 } 4692 4693 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) { 4694 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 4695 goto err; 4696 } 4697 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 4698 t->err = "MALLOC_FAILURE"; 4699 goto err; 4700 } 4701 got_len *= 2; 4702 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) { 4703 t->err = "DIGESTSIGNFINAL_ERROR"; 4704 goto err; 4705 } 4706 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 4707 expected->output, expected->output_len, 4708 got, got_len)) 4709 goto err; 4710 4711 t->err = NULL; 4712 err: 4713 OPENSSL_free(got); 4714 return 1; 4715 } 4716 4717 static const EVP_TEST_METHOD digestsign_test_method = { 4718 "DigestSign", 4719 digestsign_test_init, 4720 digestsigver_test_cleanup, 4721 digestsigver_test_parse, 4722 digestsign_test_run 4723 }; 4724 4725 static int digestverify_test_init(EVP_TEST *t, const char *alg) 4726 { 4727 return digestsigver_test_init(t, alg, 1, 0); 4728 } 4729 4730 static int digestverify_update_fn(void *ctx, const unsigned char *buf, 4731 size_t buflen) 4732 { 4733 return EVP_DigestVerifyUpdate(ctx, buf, buflen); 4734 } 4735 4736 static int digestverify_test_run(EVP_TEST *t) 4737 { 4738 DIGESTSIGN_DATA *mdata = t->data; 4739 4740 if (!signverify_init(t, mdata)) 4741 return 1; 4742 4743 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) { 4744 t->err = "DIGESTUPDATE_ERROR"; 4745 return 1; 4746 } 4747 4748 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output, 4749 mdata->output_len) 4750 <= 0) 4751 t->err = "VERIFY_ERROR"; 4752 return 1; 4753 } 4754 4755 static const EVP_TEST_METHOD digestverify_test_method = { 4756 "DigestVerify", 4757 digestverify_test_init, 4758 digestsigver_test_cleanup, 4759 digestsigver_test_parse, 4760 digestverify_test_run 4761 }; 4762 4763 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg) 4764 { 4765 return digestsigver_test_init(t, alg, 0, 1); 4766 } 4767 4768 static int oneshot_digestsign_test_run(EVP_TEST *t) 4769 { 4770 DIGESTSIGN_DATA *expected = t->data; 4771 unsigned char *got = NULL; 4772 size_t got_len; 4773 4774 if (!signverify_init(t, expected)) 4775 goto err; 4776 4777 if (!EVP_DigestSign(expected->ctx, NULL, &got_len, 4778 expected->osin, expected->osin_len)) { 4779 t->err = "DIGESTSIGN_LENGTH_ERROR"; 4780 goto err; 4781 } 4782 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 4783 t->err = "MALLOC_FAILURE"; 4784 goto err; 4785 } 4786 got_len *= 2; 4787 if (!EVP_DigestSign(expected->ctx, got, &got_len, 4788 expected->osin, expected->osin_len)) { 4789 t->err = "DIGESTSIGN_ERROR"; 4790 goto err; 4791 } 4792 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 4793 expected->output, expected->output_len, 4794 got, got_len)) 4795 goto err; 4796 4797 t->err = NULL; 4798 err: 4799 OPENSSL_free(got); 4800 return 1; 4801 } 4802 4803 static const EVP_TEST_METHOD oneshot_digestsign_test_method = { 4804 "OneShotDigestSign", 4805 oneshot_digestsign_test_init, 4806 digestsigver_test_cleanup, 4807 digestsigver_test_parse, 4808 oneshot_digestsign_test_run 4809 }; 4810 4811 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg) 4812 { 4813 return digestsigver_test_init(t, alg, 1, 1); 4814 } 4815 4816 static int oneshot_digestverify_test_run(EVP_TEST *t) 4817 { 4818 DIGESTSIGN_DATA *mdata = t->data; 4819 4820 if (!signverify_init(t, mdata)) 4821 return 1; 4822 4823 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len, 4824 mdata->osin, mdata->osin_len) 4825 <= 0) 4826 t->err = "VERIFY_ERROR"; 4827 return 1; 4828 } 4829 4830 static const EVP_TEST_METHOD oneshot_digestverify_test_method = { 4831 "OneShotDigestVerify", 4832 oneshot_digestverify_test_init, 4833 digestsigver_test_cleanup, 4834 digestsigver_test_parse, 4835 oneshot_digestverify_test_run 4836 }; 4837 4838 /** 4839 ** PARSING AND DISPATCH 4840 **/ 4841 4842 static const EVP_TEST_METHOD *evp_test_list[] = { 4843 &rand_test_method, 4844 &cipher_test_method, 4845 &digest_test_method, 4846 &digestsign_test_method, 4847 &digestverify_test_method, 4848 &encode_test_method, 4849 &kdf_test_method, 4850 &pkey_kdf_test_method, 4851 &keypair_test_method, 4852 &keygen_test_method, 4853 &mac_test_method, 4854 &oneshot_digestsign_test_method, 4855 &oneshot_digestverify_test_method, 4856 &pbe_test_method, 4857 &pdecrypt_test_method, 4858 &pderive_test_method, 4859 &psign_test_method, 4860 &psign_message_test_method, 4861 &pverify_recover_test_method, 4862 &pverify_test_method, 4863 &pverify_message_test_method, 4864 &pverify_message_public_test_method, 4865 &pkey_kem_test_method, 4866 &pkey_fromdata_test_method, 4867 NULL 4868 }; 4869 4870 static const EVP_TEST_METHOD *find_test(const char *name) 4871 { 4872 const EVP_TEST_METHOD **tt; 4873 4874 for (tt = evp_test_list; *tt; tt++) { 4875 if (strcmp(name, (*tt)->name) == 0) 4876 return *tt; 4877 } 4878 return NULL; 4879 } 4880 4881 static void clear_test(EVP_TEST *t) 4882 { 4883 test_clearstanza(&t->s); 4884 ERR_clear_error(); 4885 if (t->data != NULL) { 4886 if (t->meth != NULL) 4887 t->meth->cleanup(t); 4888 OPENSSL_free(t->data); 4889 t->data = NULL; 4890 } 4891 OPENSSL_free(t->expected_err); 4892 t->expected_err = NULL; 4893 OPENSSL_free(t->reason); 4894 t->reason = NULL; 4895 4896 /* Text literal. */ 4897 t->err = NULL; 4898 t->skip = 0; 4899 t->meth = NULL; 4900 t->expect_unapproved = 0; 4901 4902 #if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL) 4903 OSSL_set_max_threads(libctx, 0); 4904 #endif 4905 } 4906 4907 /* Check for errors in the test structure; return 1 if okay, else 0. */ 4908 static int check_test_error(EVP_TEST *t) 4909 { 4910 unsigned long err; 4911 const char *reason; 4912 4913 if (t->err == NULL && t->expected_err == NULL) 4914 return 1; 4915 if (t->err != NULL && t->expected_err == NULL) { 4916 if (t->aux_err != NULL) { 4917 TEST_info("%s:%d: Source of above error (%s); unexpected error %s", 4918 t->s.test_file, t->s.start, t->aux_err, t->err); 4919 } else { 4920 TEST_info("%s:%d: Source of above error; unexpected error %s", 4921 t->s.test_file, t->s.start, t->err); 4922 } 4923 return 0; 4924 } 4925 if (t->err == NULL && t->expected_err != NULL) { 4926 TEST_info("%s:%d: Succeeded but was expecting %s", 4927 t->s.test_file, t->s.start, t->expected_err); 4928 return 0; 4929 } 4930 4931 if (strcmp(t->err, t->expected_err) != 0) { 4932 TEST_info("%s:%d: Expected %s got %s", 4933 t->s.test_file, t->s.start, t->expected_err, t->err); 4934 return 0; 4935 } 4936 4937 if (t->reason == NULL) 4938 return 1; 4939 4940 if (t->reason == NULL) { 4941 TEST_info("%s:%d: Test is missing function or reason code", 4942 t->s.test_file, t->s.start); 4943 return 0; 4944 } 4945 4946 err = ERR_peek_error(); 4947 if (err == 0) { 4948 TEST_info("%s:%d: Expected error \"%s\" not set", 4949 t->s.test_file, t->s.start, t->reason); 4950 return 0; 4951 } 4952 4953 reason = ERR_reason_error_string(err); 4954 if (reason == NULL) { 4955 TEST_info("%s:%d: Expected error \"%s\", no strings available." 4956 " Assuming ok.", 4957 t->s.test_file, t->s.start, t->reason); 4958 return 1; 4959 } 4960 4961 if (strcmp(reason, t->reason) == 0) 4962 return 1; 4963 4964 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"", 4965 t->s.test_file, t->s.start, t->reason, reason); 4966 4967 return 0; 4968 } 4969 4970 /* Run a parsed test. Log a message and return 0 on error. */ 4971 static int run_test(EVP_TEST *t) 4972 { 4973 if (t->meth == NULL) 4974 return 1; 4975 t->s.numtests++; 4976 if (t->skip) { 4977 t->s.numskip++; 4978 } else { 4979 /* run the test */ 4980 if (t->err == NULL && t->meth->run_test(t) != 1) { 4981 TEST_info("%s:%d %s error", 4982 t->s.test_file, t->s.start, t->meth->name); 4983 return 0; 4984 } 4985 if (!check_test_error(t)) { 4986 TEST_openssl_errors(); 4987 t->s.errors++; 4988 } 4989 } 4990 4991 /* clean it up */ 4992 return 1; 4993 } 4994 4995 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst) 4996 { 4997 for (; lst != NULL; lst = lst->next) { 4998 if (strcmp(lst->name, name) == 0) { 4999 if (ppk != NULL) 5000 *ppk = lst->key; 5001 return 1; 5002 } 5003 } 5004 return 0; 5005 } 5006 5007 static void free_key_list(KEY_LIST *lst) 5008 { 5009 while (lst != NULL) { 5010 KEY_LIST *next = lst->next; 5011 5012 EVP_PKEY_free(lst->key); 5013 OPENSSL_free(lst->name); 5014 OPENSSL_free(lst); 5015 lst = next; 5016 } 5017 } 5018 5019 /* 5020 * Is the key type an unsupported algorithm? 5021 */ 5022 static int key_unsupported(void) 5023 { 5024 long err = ERR_peek_last_error(); 5025 int lib = ERR_GET_LIB(err); 5026 long reason = ERR_GET_REASON(err); 5027 5028 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM) 5029 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR) 5030 || reason == ERR_R_UNSUPPORTED) { 5031 ERR_clear_error(); 5032 return 1; 5033 } 5034 #ifndef OPENSSL_NO_EC 5035 /* 5036 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an 5037 * hint to an unsupported algorithm/curve (e.g. if binary EC support is 5038 * disabled). 5039 */ 5040 if (lib == ERR_LIB_EC 5041 && (reason == EC_R_UNKNOWN_GROUP 5042 || reason == EC_R_INVALID_CURVE)) { 5043 ERR_clear_error(); 5044 return 1; 5045 } 5046 #endif /* OPENSSL_NO_EC */ 5047 return 0; 5048 } 5049 5050 /* NULL out the value from |pp| but return it. This "steals" a pointer. */ 5051 static char *take_value(PAIR *pp) 5052 { 5053 char *p = pp->value; 5054 5055 pp->value = NULL; 5056 return p; 5057 } 5058 5059 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) 5060 static int securitycheck_enabled(void) 5061 { 5062 static int enabled = -1; 5063 5064 if (enabled == -1) { 5065 if (OSSL_PROVIDER_available(libctx, "fips")) { 5066 OSSL_PARAM params[2]; 5067 OSSL_PROVIDER *prov = NULL; 5068 int check = 1; 5069 5070 prov = OSSL_PROVIDER_load(libctx, "fips"); 5071 if (prov != NULL) { 5072 params[0] = OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS, 5073 &check); 5074 params[1] = OSSL_PARAM_construct_end(); 5075 OSSL_PROVIDER_get_params(prov, params); 5076 OSSL_PROVIDER_unload(prov); 5077 } 5078 enabled = check; 5079 return enabled; 5080 } 5081 enabled = 0; 5082 } 5083 return enabled; 5084 } 5085 #endif 5086 5087 /* 5088 * Return 1 if one of the providers named in the string is available. 5089 * The provider names are separated with whitespace. 5090 * NOTE: destructive function, it inserts '\0' after each provider name. 5091 */ 5092 static int prov_available(char *providers) 5093 { 5094 char *p; 5095 int more = 1; 5096 5097 while (more) { 5098 for (; isspace((unsigned char)(*providers)); providers++) 5099 continue; 5100 if (*providers == '\0') 5101 break; /* End of the road */ 5102 for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++) 5103 continue; 5104 if (*p == '\0') 5105 more = 0; 5106 else 5107 *p = '\0'; 5108 if (OSSL_PROVIDER_available(libctx, providers)) 5109 return 1; /* Found one */ 5110 } 5111 return 0; 5112 } 5113 5114 /* Read and parse one test. Return 0 if failure, 1 if okay. */ 5115 static int parse(EVP_TEST *t) 5116 { 5117 KEY_LIST *key, **klist; 5118 EVP_PKEY *pkey; 5119 PAIR *pp; 5120 int i, j, skipped = 0; 5121 5122 fips_indicator_callback_unapproved_count = 0; 5123 top: 5124 do { 5125 if (BIO_eof(t->s.fp)) 5126 return EOF; 5127 clear_test(t); 5128 if (!test_readstanza(&t->s)) 5129 return 0; 5130 } while (t->s.numpairs == 0); 5131 pp = &t->s.pairs[0]; 5132 5133 /* Are we adding a key? */ 5134 klist = NULL; 5135 pkey = NULL; 5136 start: 5137 if (strcmp(pp->key, "PrivateKey") == 0) { 5138 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL); 5139 if (pkey == NULL && !key_unsupported()) { 5140 EVP_PKEY_free(pkey); 5141 TEST_info("Can't read private key %s", pp->value); 5142 TEST_openssl_errors(); 5143 return 0; 5144 } 5145 klist = &private_keys; 5146 } else if (strcmp(pp->key, "PublicKey") == 0) { 5147 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL); 5148 if (pkey == NULL && !key_unsupported()) { 5149 EVP_PKEY_free(pkey); 5150 TEST_info("Can't read public key %s", pp->value); 5151 TEST_openssl_errors(); 5152 return 0; 5153 } 5154 klist = &public_keys; 5155 } else if (strcmp(pp->key, "ParamKey") == 0) { 5156 pkey = PEM_read_bio_Parameters_ex(t->s.key, NULL, libctx, NULL); 5157 if (pkey == NULL && !key_unsupported()) { 5158 EVP_PKEY_free(pkey); 5159 TEST_info("Can't read params key %s", pp->value); 5160 TEST_openssl_errors(); 5161 return 0; 5162 } 5163 klist = &public_keys; 5164 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0 5165 || strcmp(pp->key, "PublicKeyRaw") == 0) { 5166 char *strnid = NULL, *keydata = NULL; 5167 unsigned char *keybin; 5168 size_t keylen; 5169 int nid; 5170 5171 if (strcmp(pp->key, "PrivateKeyRaw") == 0) 5172 klist = &private_keys; 5173 else 5174 klist = &public_keys; 5175 5176 strnid = strchr(pp->value, ':'); 5177 if (strnid != NULL) { 5178 *strnid++ = '\0'; 5179 keydata = strchr(strnid, ':'); 5180 if (keydata != NULL) 5181 *keydata++ = '\0'; 5182 } 5183 if (keydata == NULL) { 5184 TEST_info("Failed to parse %s value", pp->key); 5185 return 0; 5186 } 5187 5188 nid = OBJ_txt2nid(strnid); 5189 if (nid == NID_undef) { 5190 TEST_info("Unrecognised algorithm NID"); 5191 return 0; 5192 } 5193 if (!parse_bin(keydata, &keybin, &keylen)) { 5194 TEST_info("Failed to create binary key"); 5195 return 0; 5196 } 5197 if (klist == &private_keys) 5198 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin, 5199 keylen); 5200 else 5201 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin, 5202 keylen); 5203 if (pkey == NULL && !key_unsupported()) { 5204 TEST_info("Can't read %s data", pp->key); 5205 OPENSSL_free(keybin); 5206 TEST_openssl_errors(); 5207 return 0; 5208 } 5209 OPENSSL_free(keybin); 5210 } else if (strcmp(pp->key, "Availablein") == 0) { 5211 if (!prov_available(pp->value)) { 5212 TEST_info("skipping, '%s' provider not available: %s:%d", 5213 pp->value, t->s.test_file, t->s.start); 5214 t->skip = 1; 5215 return 0; 5216 } 5217 skipped++; 5218 pp++; 5219 goto start; 5220 } else if (strcmp(pp->key, "FIPSversion") == 0) { 5221 if (prov_available((char *)(intptr_t)"fips")) { 5222 j = fips_provider_version_match(libctx, pp->value); 5223 if (j < 0) { 5224 TEST_info("Line %d: error matching FIPS versions\n", t->s.curr); 5225 return 0; 5226 } else if (j == 0) { 5227 TEST_info("skipping, FIPS provider incompatible version: %s:%d", 5228 t->s.test_file, t->s.start); 5229 t->skip = 1; 5230 return 0; 5231 } 5232 } 5233 skipped++; 5234 pp++; 5235 goto start; 5236 } 5237 5238 /* If we have a key add to list */ 5239 if (klist != NULL) { 5240 if (find_key(NULL, pp->value, *klist)) { 5241 TEST_info("Duplicate key %s", pp->value); 5242 return 0; 5243 } 5244 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 5245 return 0; 5246 key->name = take_value(pp); 5247 key->key = pkey; 5248 key->next = *klist; 5249 *klist = key; 5250 5251 /* Go back and start a new stanza. */ 5252 if ((t->s.numpairs - skipped) != 1) 5253 TEST_info("Line %d: missing blank line\n", t->s.curr); 5254 goto top; 5255 } 5256 5257 /* Find the test, based on first keyword. */ 5258 if (!TEST_ptr(t->meth = find_test(pp->key))) 5259 return 0; 5260 if (!t->meth->init(t, pp->value)) { 5261 TEST_error("unknown %s: %s\n", pp->key, pp->value); 5262 return 0; 5263 } 5264 if (t->skip == 1) { 5265 /* TEST_info("skipping %s %s", pp->key, pp->value); */ 5266 return 0; 5267 } 5268 5269 for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) { 5270 if (strcmp(pp->key, "Securitycheck") == 0) { 5271 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS) 5272 #else 5273 if (!securitycheck_enabled()) 5274 #endif 5275 { 5276 TEST_info("skipping, Securitycheck is disabled: %s:%d", 5277 t->s.test_file, t->s.start); 5278 t->skip = 1; 5279 return 0; 5280 } 5281 } else if (strcmp(pp->key, "Availablein") == 0) { 5282 TEST_info("Line %d: 'Availablein' should be the first option", 5283 t->s.curr); 5284 return 0; 5285 } else if (strcmp(pp->key, "Result") == 0) { 5286 if (t->expected_err != NULL) { 5287 TEST_info("Line %d: multiple result lines", t->s.curr); 5288 return 0; 5289 } 5290 t->expected_err = take_value(pp); 5291 } else if (strcmp(pp->key, "Function") == 0) { 5292 /* Ignore old line. */ 5293 } else if (strcmp(pp->key, "Reason") == 0) { 5294 if (t->reason != NULL) { 5295 TEST_info("Line %d: multiple reason lines", t->s.curr); 5296 return 0; 5297 } 5298 t->reason = take_value(pp); 5299 } else if (strcmp(pp->key, "Threads") == 0) { 5300 if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) { 5301 TEST_info("skipping, '%s' threads not available: %s:%d", 5302 pp->value, t->s.test_file, t->s.start); 5303 t->skip = 1; 5304 } 5305 } else if (strcmp(pp->key, "Unapproved") == 0) { 5306 t->expect_unapproved = 1; 5307 } else if (strcmp(pp->key, "Extended-Test") == 0) { 5308 if (!extended_tests) { 5309 TEST_info("skipping extended test: %s:%d", 5310 t->s.test_file, t->s.start); 5311 t->skip = 1; 5312 } 5313 } else { 5314 /* Must be test specific line: try to parse it */ 5315 int rv = t->meth->parse(t, pp->key, pp->value); 5316 5317 if (rv == 0) { 5318 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key); 5319 return 0; 5320 } 5321 if (rv < 0) { 5322 TEST_info("Line %d: error processing keyword %s = %s\n", 5323 t->s.curr, pp->key, pp->value); 5324 return 0; 5325 } 5326 if (t->skip) 5327 return 0; 5328 } 5329 } 5330 5331 return 1; 5332 } 5333 5334 static int run_file_tests(int i) 5335 { 5336 EVP_TEST *t; 5337 const char *testfile = test_get_argument(i); 5338 int c; 5339 5340 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t)))) 5341 return 0; 5342 if (!test_start_file(&t->s, testfile)) { 5343 OPENSSL_free(t); 5344 return 0; 5345 } 5346 5347 OSSL_INDICATOR_set_callback(libctx, fips_indicator_cb); 5348 while (!BIO_eof(t->s.fp)) { 5349 c = parse(t); 5350 if (t->skip) { 5351 t->s.numskip++; 5352 continue; 5353 } 5354 if (c == 0 || !run_test(t)) { 5355 t->s.errors++; 5356 break; 5357 } 5358 } 5359 test_end_file(&t->s); 5360 clear_test(t); 5361 5362 free_key_list(public_keys); 5363 public_keys = NULL; 5364 free_key_list(private_keys); 5365 private_keys = NULL; 5366 BIO_free(t->s.key); 5367 c = t->s.errors; 5368 OPENSSL_free(t); 5369 return c == 0; 5370 } 5371 5372 const OPTIONS *test_get_options(void) 5373 { 5374 static const OPTIONS test_options[] = { 5375 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), 5376 { "config", OPT_CONFIG_FILE, '<', 5377 "The configuration file to use for the libctx" }, 5378 { "process", OPT_IN_PLACE, 's', 5379 "Mode for data processing by cipher tests [in_place/both], both by default" }, 5380 { "provider", OPT_PROVIDER_NAME, 's', 5381 "The provider to load (when no configuration file, the default value is 'default')" }, 5382 { "propquery", OPT_PROV_PROPQUERY, 's', 5383 "Property query used when fetching algorithms" }, 5384 { "chunk", OPT_DATA_CHUNK, 'N', "Size of data chunks to be processed, 0 for default size" }, 5385 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" }, 5386 { NULL } 5387 }; 5388 return test_options; 5389 } 5390 5391 int setup_tests(void) 5392 { 5393 size_t n; 5394 char *config_file = NULL; 5395 char *provider_name = NULL; 5396 5397 OPTION_CHOICE o; 5398 5399 extended_tests = getenv("EVP_TEST_EXTENDED") != NULL; 5400 5401 while ((o = opt_next()) != OPT_EOF) { 5402 switch (o) { 5403 case OPT_CONFIG_FILE: 5404 config_file = opt_arg(); 5405 break; 5406 case OPT_IN_PLACE: 5407 if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1) 5408 case OPT_DATA_CHUNK: 5409 if (!opt_int(opt_arg(), &data_chunk_size)) 5410 return 0; 5411 break; 5412 case OPT_PROVIDER_NAME: 5413 provider_name = opt_arg(); 5414 break; 5415 case OPT_PROV_PROPQUERY: 5416 propquery = opt_arg(); 5417 break; 5418 case OPT_TEST_CASES: 5419 break; 5420 default: 5421 case OPT_ERR: 5422 return 0; 5423 } 5424 } 5425 5426 /* 5427 * Load the provider via configuration into the created library context. 5428 * Load the 'null' provider into the default library context to ensure that 5429 * the tests do not fallback to using the default provider. 5430 */ 5431 if (config_file == NULL && provider_name == NULL) 5432 provider_name = "default"; 5433 if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name)) 5434 return 0; 5435 5436 n = test_get_argument_count(); 5437 if (n == 0) 5438 return 0; 5439 5440 ADD_ALL_TESTS(run_file_tests, n); 5441 return 1; 5442 } 5443 5444 void cleanup_tests(void) 5445 { 5446 OSSL_PROVIDER_unload(libprov); 5447 OSSL_PROVIDER_unload(prov_null); 5448 OSSL_LIB_CTX_free(libctx); 5449 } 5450 5451 static int is_digest_disabled(const char *name) 5452 { 5453 #ifdef OPENSSL_NO_BLAKE2 5454 if (HAS_CASE_PREFIX(name, "BLAKE")) 5455 return 1; 5456 #endif 5457 #ifdef OPENSSL_NO_MD2 5458 if (OPENSSL_strcasecmp(name, "MD2") == 0) 5459 return 1; 5460 #endif 5461 #ifdef OPENSSL_NO_MDC2 5462 if (OPENSSL_strcasecmp(name, "MDC2") == 0) 5463 return 1; 5464 #endif 5465 #ifdef OPENSSL_NO_MD4 5466 if (OPENSSL_strcasecmp(name, "MD4") == 0) 5467 return 1; 5468 #endif 5469 #ifdef OPENSSL_NO_MD5 5470 if (OPENSSL_strcasecmp(name, "MD5") == 0) 5471 return 1; 5472 #endif 5473 #ifdef OPENSSL_NO_RMD160 5474 if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0) 5475 return 1; 5476 #endif 5477 #ifdef OPENSSL_NO_SM3 5478 if (OPENSSL_strcasecmp(name, "SM3") == 0) 5479 return 1; 5480 #endif 5481 #ifdef OPENSSL_NO_WHIRLPOOL 5482 if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0) 5483 return 1; 5484 #endif 5485 return 0; 5486 } 5487 5488 static int is_pkey_disabled(const char *name) 5489 { 5490 #ifdef OPENSSL_NO_EC 5491 if (HAS_CASE_PREFIX(name, "EC")) 5492 return 1; 5493 #endif 5494 #ifdef OPENSSL_NO_DH 5495 if (HAS_CASE_PREFIX(name, "DH")) 5496 return 1; 5497 #endif 5498 #ifdef OPENSSL_NO_DSA 5499 if (HAS_CASE_PREFIX(name, "DSA")) 5500 return 1; 5501 #endif 5502 #ifdef OPENSSL_NO_SM2 5503 if (HAS_CASE_PREFIX(name, "SM2")) 5504 return 1; 5505 #endif 5506 5507 /* For sigalgs we use, we also check for digest suffixes */ 5508 #ifdef OPENSSL_NO_RMD160 5509 if (HAS_CASE_SUFFIX(name, "-RIPEMD160")) 5510 return 1; 5511 #endif 5512 #ifdef OPENSSL_NO_SM3 5513 if (HAS_CASE_SUFFIX(name, "-SM3")) 5514 return 1; 5515 #endif 5516 #ifdef OPENSSL_NO_ML_DSA 5517 if (HAS_CASE_PREFIX(name, "ML-DSA")) 5518 return 1; 5519 #endif 5520 return 0; 5521 } 5522 5523 static int is_mac_disabled(const char *name) 5524 { 5525 #ifdef OPENSSL_NO_BLAKE2 5526 if (HAS_CASE_PREFIX(name, "BLAKE2BMAC") 5527 || HAS_CASE_PREFIX(name, "BLAKE2SMAC")) 5528 return 1; 5529 #endif 5530 #ifdef OPENSSL_NO_CMAC 5531 if (HAS_CASE_PREFIX(name, "CMAC")) 5532 return 1; 5533 #endif 5534 #ifdef OPENSSL_NO_POLY1305 5535 if (HAS_CASE_PREFIX(name, "Poly1305")) 5536 return 1; 5537 #endif 5538 #ifdef OPENSSL_NO_SIPHASH 5539 if (HAS_CASE_PREFIX(name, "SipHash")) 5540 return 1; 5541 #endif 5542 return 0; 5543 } 5544 static int is_kdf_disabled(const char *name) 5545 { 5546 #ifdef OPENSSL_NO_SCRYPT 5547 if (HAS_CASE_SUFFIX(name, "SCRYPT")) 5548 return 1; 5549 #endif 5550 #ifdef OPENSSL_NO_ARGON2 5551 if (HAS_CASE_SUFFIX(name, "ARGON2")) 5552 return 1; 5553 #endif 5554 return 0; 5555 } 5556 5557 static int is_cipher_disabled(const char *name) 5558 { 5559 #ifdef OPENSSL_NO_ARIA 5560 if (HAS_CASE_PREFIX(name, "ARIA")) 5561 return 1; 5562 #endif 5563 #ifdef OPENSSL_NO_BF 5564 if (HAS_CASE_PREFIX(name, "BF")) 5565 return 1; 5566 #endif 5567 #ifdef OPENSSL_NO_CAMELLIA 5568 if (HAS_CASE_PREFIX(name, "CAMELLIA")) 5569 return 1; 5570 #endif 5571 #ifdef OPENSSL_NO_CAST 5572 if (HAS_CASE_PREFIX(name, "CAST")) 5573 return 1; 5574 #endif 5575 #ifdef OPENSSL_NO_CHACHA 5576 if (HAS_CASE_PREFIX(name, "CHACHA")) 5577 return 1; 5578 #endif 5579 #ifdef OPENSSL_NO_POLY1305 5580 if (HAS_CASE_SUFFIX(name, "Poly1305")) 5581 return 1; 5582 #endif 5583 #ifdef OPENSSL_NO_DES 5584 if (HAS_CASE_PREFIX(name, "DES")) 5585 return 1; 5586 if (HAS_CASE_SUFFIX(name, "3DESwrap")) 5587 return 1; 5588 #endif 5589 #ifdef OPENSSL_NO_OCB 5590 if (HAS_CASE_SUFFIX(name, "OCB")) 5591 return 1; 5592 #endif 5593 #ifdef OPENSSL_NO_IDEA 5594 if (HAS_CASE_PREFIX(name, "IDEA")) 5595 return 1; 5596 #endif 5597 #ifdef OPENSSL_NO_RC2 5598 if (HAS_CASE_PREFIX(name, "RC2")) 5599 return 1; 5600 #endif 5601 #ifdef OPENSSL_NO_RC4 5602 if (HAS_CASE_PREFIX(name, "RC4")) 5603 return 1; 5604 #endif 5605 #ifdef OPENSSL_NO_RC5 5606 if (HAS_CASE_PREFIX(name, "RC5")) 5607 return 1; 5608 #endif 5609 #ifdef OPENSSL_NO_SEED 5610 if (HAS_CASE_PREFIX(name, "SEED")) 5611 return 1; 5612 #endif 5613 #ifdef OPENSSL_NO_SIV 5614 if (HAS_CASE_SUFFIX(name, "SIV")) 5615 return 1; 5616 #endif 5617 #ifdef OPENSSL_NO_SM4 5618 if (HAS_CASE_PREFIX(name, "SM4")) 5619 return 1; 5620 #endif 5621 return 0; 5622 } 5623
Indexes created Sun Mar 01 05:31:48 UTC 2026