1 /*
2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <ctype.h>
15 #include <openssl/evp.h>
16 #include <openssl/pem.h>
17 #include <openssl/err.h>
18 #include <openssl/provider.h>
19 #include <openssl/x509v3.h>
20 #include <openssl/pkcs12.h>
21 #include <openssl/kdf.h>
22 #include <openssl/params.h>
23 #include <openssl/param_build.h>
24 #include <openssl/core_names.h>
25 #include <openssl/fips_names.h>
26 #include <openssl/thread.h>
27 #include "internal/numbers.h"
28 #include "internal/nelem.h"
29 #include "internal/sizes.h"
30 #include "crypto/evp.h"
31 #include "testutil.h"
32
33 typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
34 DEFINE_STACK_OF(EVP_TEST_BUFFER)
35
36 #define AAD_NUM 4
37
38 typedef struct evp_test_method_st EVP_TEST_METHOD;
39
40 /* Structure holding test information */
41 typedef struct evp_test_st {
42 STANZA s; /* Common test stanza */
43 char *name;
44 int skip; /* Current test should be skipped */
45 const EVP_TEST_METHOD *meth; /* method for this test */
46 const char *err, *aux_err; /* Error string for test */
47 char *expected_err; /* Expected error value of test */
48 char *reason; /* Expected error reason string */
49 void *data; /* test specific data */
50 int expect_unapproved;
51 } EVP_TEST;
52
53 /* Test method structure */
54 struct evp_test_method_st {
55 /* Name of test as it appears in file */
56 const char *name;
57 /* Initialise test for "alg" */
58 int (*init)(EVP_TEST *t, const char *alg);
59 /* Clean up method */
60 void (*cleanup)(EVP_TEST *t);
61 /* Test specific name value pair processing */
62 int (*parse)(EVP_TEST *t, const char *name, const char *value);
63 /* Run the test itself */
64 int (*run_test)(EVP_TEST *t);
65 };
66
67 /* Linked list of named keys. */
68 typedef struct key_list_st {
69 char *name;
70 EVP_PKEY *key;
71 struct key_list_st *next;
72 } KEY_LIST;
73
74 typedef enum OPTION_choice {
75 OPT_ERR = -1,
76 OPT_EOF = 0,
77 OPT_CONFIG_FILE,
78 OPT_IN_PLACE,
79 OPT_PROVIDER_NAME,
80 OPT_PROV_PROPQUERY,
81 OPT_DATA_CHUNK,
82 OPT_TEST_ENUM
83 } OPTION_CHOICE;
84
85 static OSSL_PROVIDER *prov_null = NULL;
86 static OSSL_PROVIDER *libprov = NULL;
87 static OSSL_LIB_CTX *libctx = NULL;
88 static int fips_indicator_callback_unapproved_count = 0;
89 static int extended_tests = 0;
90
91 /* List of public and private keys */
92 static KEY_LIST *private_keys;
93 static KEY_LIST *public_keys;
94
95 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
96 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
97 static int parse_bin_chunk(const char *value, size_t offset, size_t max,
98 unsigned char **buf, size_t *buflen, size_t *out_offset);
99 static int is_digest_disabled(const char *name);
100 static int is_pkey_disabled(const char *name);
101 static int is_mac_disabled(const char *name);
102 static int is_cipher_disabled(const char *name);
103 static int is_kdf_disabled(const char *name);
104
105 /* A callback that is triggered if fips unapproved mode is detected */
fips_indicator_cb(const char * type,const char * desc,const OSSL_PARAM params[])106 static int fips_indicator_cb(const char *type, const char *desc,
107 const OSSL_PARAM params[])
108 {
109 fips_indicator_callback_unapproved_count++;
110 TEST_info("(Indicator Callback received %s : %s is not approved)", type, desc);
111 return 1;
112 }
113
check_fips_approved(EVP_TEST * t,int approved)114 static int check_fips_approved(EVP_TEST *t, int approved)
115 {
116 /*
117 * If the expected result is approved
118 * then it is expected that approved will be 1
119 * and the fips indicator callback has not been triggered, otherwise
120 * approved should be 0 and the fips indicator callback should be triggered.
121 */
122 if (t->expect_unapproved) {
123 if (approved == 1 || fips_indicator_callback_unapproved_count == 0) {
124 TEST_error("Test is not expected to be FIPS approved");
125 return 0;
126 }
127 } else {
128 if (approved == 0 || fips_indicator_callback_unapproved_count > 0) {
129 TEST_error("Test is expected to be FIPS approved");
130 return 0;
131 }
132 }
133 return 1;
134 }
135
mac_check_fips_approved(EVP_MAC_CTX * ctx,EVP_TEST * t)136 static int mac_check_fips_approved(EVP_MAC_CTX *ctx, EVP_TEST *t)
137 {
138 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
139 /*
140 * For any getters that do not handle the FIPS indicator assume a default
141 * value of approved.
142 */
143 int approved = 1;
144
145 if (EVP_MAC_CTX_gettable_params(ctx) == NULL)
146 return 1;
147
148 params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR,
149 &approved);
150 if (!EVP_MAC_CTX_get_params(ctx, params))
151 return 0;
152 return check_fips_approved(t, approved);
153 }
154
pkey_check_fips_approved(EVP_PKEY_CTX * ctx,EVP_TEST * t)155 static int pkey_check_fips_approved(EVP_PKEY_CTX *ctx, EVP_TEST *t)
156 {
157 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
158 /*
159 * For any getters that do not handle the FIPS indicator assume a default
160 * value of approved.
161 */
162 int approved = 1;
163 const OSSL_PARAM *gettables = EVP_PKEY_CTX_gettable_params(ctx);
164
165 if (gettables == NULL
166 || OSSL_PARAM_locate_const(gettables,
167 OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR)
168 == NULL)
169 return 1;
170
171 /* Older providers dont have a gettable */
172 if (EVP_PKEY_CTX_gettable_params(ctx) == NULL)
173 return 1;
174
175 params[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR,
176 &approved);
177 if (!EVP_PKEY_CTX_get_params(ctx, params))
178 return 0;
179 return check_fips_approved(t, approved);
180 }
181
rand_check_fips_approved(EVP_RAND_CTX * ctx,EVP_TEST * t)182 static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t)
183 {
184 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
185 /*
186 * For any getters that do not handle the FIPS indicator assume a default
187 * value of approved.
188 */
189 int approved = 1;
190
191 if (EVP_RAND_CTX_gettable_params(ctx) == NULL)
192 return 1;
193
194 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR,
195 &approved);
196 if (!EVP_RAND_CTX_get_params(ctx, params))
197 return 0;
198 return check_fips_approved(t, approved);
199 }
200
ctrladd(STACK_OF (OPENSSL_STRING)* controls,const char * value)201 static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value)
202 {
203 char *data = OPENSSL_strdup(value);
204
205 if (data == NULL)
206 return -1;
207
208 if (sk_OPENSSL_STRING_push(controls, data) <= 0) {
209 OPENSSL_free(data);
210 return -1;
211 }
212
213 return 1;
214 }
215
216 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
openssl_free(char * m)217 static void openssl_free(char *m)
218 {
219 OPENSSL_free(m);
220 }
221
ctrlfree(STACK_OF (OPENSSL_STRING)* controls)222 static void ctrlfree(STACK_OF(OPENSSL_STRING) *controls)
223 {
224 sk_OPENSSL_STRING_pop_free(controls, openssl_free);
225 }
226
227 /*
228 * This is used if ctrl2params() passes settables as NULL.
229 * A default list of settable OSSL_PARAM that may be set during an operations
230 * init().
231 * Using the algorithms settable list is problematic since it requires that the
232 * init() has already run.
233 */
234 static const OSSL_PARAM settable_ctx_params[] = {
235 OSSL_PARAM_int("key-check", NULL),
236 OSSL_PARAM_int("digest-check", NULL),
237 OSSL_PARAM_int("ems_check", NULL),
238 OSSL_PARAM_int("sign-check", NULL),
239 OSSL_PARAM_int("encrypt-check", NULL),
240 OSSL_PARAM_int("rsa-pss-saltlen-check", NULL),
241 OSSL_PARAM_int("sign-x931-pad-check", NULL),
242 OSSL_PARAM_END
243 };
244
ctrl2params(EVP_TEST * t,STACK_OF (OPENSSL_STRING)* controls,const OSSL_PARAM * settables,OSSL_PARAM params[],size_t params_sz,size_t * params_n)245 static int ctrl2params(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls,
246 const OSSL_PARAM *settables,
247 OSSL_PARAM params[], size_t params_sz, size_t *params_n)
248 {
249 int i;
250
251 if (settables == NULL)
252 settables = settable_ctx_params;
253 /* check bounds */
254 if (*params_n + sk_OPENSSL_STRING_num(controls) >= params_sz) {
255 t->err = "ERR_TOO_MANY_PARAMETERS";
256 goto err;
257 }
258 for (i = 0; i < sk_OPENSSL_STRING_num(controls); i++) {
259 char *tmpkey, *tmpval;
260 char *value = sk_OPENSSL_STRING_value(controls, i);
261
262 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
263 t->err = "ERR_PARAM_ERROR";
264 goto err;
265 }
266 tmpval = strchr(tmpkey, ':');
267 if (tmpval != NULL)
268 *tmpval++ = '\0';
269
270 if (tmpval == NULL
271 || !OSSL_PARAM_allocate_from_text(¶ms[*params_n],
272 settables,
273 tmpkey, tmpval,
274 strlen(tmpval), NULL)) {
275 OPENSSL_free(tmpkey);
276 t->err = "ERR_PARAM_ERROR";
277 goto err;
278 }
279 *params_n += 1;
280 OPENSSL_free(tmpkey);
281 }
282 params[*params_n] = OSSL_PARAM_construct_end();
283 return 1;
284 err:
285 return 0;
286 }
287
ctrl2params_free(OSSL_PARAM params[],size_t params_n,size_t params_n_allocstart)288 static void ctrl2params_free(OSSL_PARAM params[],
289 size_t params_n, size_t params_n_allocstart)
290 {
291 while (params_n-- > params_n_allocstart) {
292 OPENSSL_free(params[params_n].data);
293 }
294 }
295
kdf_check_fips_approved(EVP_KDF_CTX * ctx,EVP_TEST * t)296 static int kdf_check_fips_approved(EVP_KDF_CTX *ctx, EVP_TEST *t)
297 {
298 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
299 int approved = 1;
300
301 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR,
302 &approved);
303 if (!EVP_KDF_CTX_get_params(ctx, params))
304 return 0;
305 return check_fips_approved(t, approved);
306 }
307
cipher_check_fips_approved(EVP_CIPHER_CTX * ctx,EVP_TEST * t)308 static int cipher_check_fips_approved(EVP_CIPHER_CTX *ctx, EVP_TEST *t)
309 {
310 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
311 int approved = 1;
312
313 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR,
314 &approved);
315 if (!EVP_CIPHER_CTX_get_params(ctx, params))
316 return 0;
317 return check_fips_approved(t, approved);
318 }
319
320 /*
321 * Compare two memory regions for equality, returning zero if they differ.
322 * However, if there is expected to be an error and the actual error
323 * matches then the memory is expected to be different so handle this
324 * case without producing unnecessary test framework output.
325 */
memory_err_compare(EVP_TEST * t,const char * err,const void * expected,size_t expected_len,const void * got,size_t got_len)326 static int memory_err_compare(EVP_TEST *t, const char *err,
327 const void *expected, size_t expected_len,
328 const void *got, size_t got_len)
329 {
330 int r;
331
332 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
333 r = !TEST_mem_ne(expected, expected_len, got, got_len);
334 else
335 r = TEST_mem_eq(expected, expected_len, got, got_len);
336 if (!r)
337 t->err = err;
338 return r;
339 }
340
341 /* Option specific for evp test */
342 static int process_mode_in_place;
343 static const char *propquery = NULL;
344 static int data_chunk_size;
345
evp_test_process_mode(char * mode)346 static int evp_test_process_mode(char *mode)
347 {
348 if (strcmp(mode, "in_place") == 0)
349 return 1;
350 else if (strcmp(mode, "both") == 0)
351 return 0;
352 return -1;
353 }
354
355 /*
356 * Structure used to hold a list of blocks of memory to test
357 * calls to "update" like functions.
358 */
359 struct evp_test_buffer_st {
360 unsigned char *buf;
361 size_t buflen;
362 size_t count;
363 int count_set;
364 };
365
evp_test_buffer_free(EVP_TEST_BUFFER * db)366 static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
367 {
368 if (db != NULL) {
369 OPENSSL_free(db->buf);
370 OPENSSL_free(db);
371 }
372 }
373
374 /* append buffer to a list */
evp_test_buffer_append(const char * value,size_t max_len,STACK_OF (EVP_TEST_BUFFER)** sk)375 static int evp_test_buffer_append(const char *value, size_t max_len,
376 STACK_OF(EVP_TEST_BUFFER) **sk)
377 {
378 EVP_TEST_BUFFER *db = NULL;
379 int rv = 0;
380 size_t offset = 0;
381
382 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
383 goto err;
384
385 do {
386 if (!TEST_ptr(db = OPENSSL_zalloc(sizeof(*db))))
387 goto err;
388 if (max_len == 0) {
389 /* parse all in one shot */
390 if ((rv = parse_bin(value, &db->buf, &db->buflen)) != 1)
391 goto err;
392 } else {
393 /* parse in chunks */
394 size_t new_offset = 0;
395
396 if ((rv = parse_bin_chunk(value, offset, max_len, &db->buf,
397 &db->buflen, &new_offset))
398 == -1)
399 goto err;
400 offset = new_offset;
401 }
402
403 db->count = 1;
404 db->count_set = 0;
405
406 if (db->buf == NULL)
407 evp_test_buffer_free(db);
408 else if (db->buf != NULL && !sk_EVP_TEST_BUFFER_push(*sk, db))
409 goto err;
410 /* if processing by chunks, continue until the whole value is parsed */
411 } while (rv == 1 && max_len != 0);
412
413 return 1;
414
415 err:
416 evp_test_buffer_free(db);
417 return 0;
418 }
419
420 /* replace last buffer in list with copies of itself */
evp_test_buffer_ncopy(const char * value,STACK_OF (EVP_TEST_BUFFER)* sk)421 static int evp_test_buffer_ncopy(const char *value,
422 STACK_OF(EVP_TEST_BUFFER) *sk)
423 {
424 EVP_TEST_BUFFER *db;
425 unsigned char *tbuf, *p;
426 size_t tbuflen;
427 int ncopy = atoi(value);
428 int i;
429
430 if (ncopy <= 0)
431 return 0;
432 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
433 return 0;
434 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
435
436 tbuflen = db->buflen * ncopy;
437 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
438 return 0;
439 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
440 memcpy(p, db->buf, db->buflen);
441
442 OPENSSL_free(db->buf);
443 db->buf = tbuf;
444 db->buflen = tbuflen;
445 return 1;
446 }
447
448 /* set repeat count for last buffer in list */
evp_test_buffer_set_count(const char * value,STACK_OF (EVP_TEST_BUFFER)* sk)449 static int evp_test_buffer_set_count(const char *value,
450 STACK_OF(EVP_TEST_BUFFER) *sk)
451 {
452 EVP_TEST_BUFFER *db;
453 int count = atoi(value);
454
455 if (count <= 0)
456 return 0;
457
458 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
459 return 0;
460
461 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
462 if (db->count_set != 0)
463 return 0;
464
465 db->count = (size_t)count;
466 db->count_set = 1;
467 return 1;
468 }
469
470 /* call "fn" with each element of the list in turn */
evp_test_buffer_do(STACK_OF (EVP_TEST_BUFFER)* sk,int (* fn)(void * ctx,const unsigned char * buf,size_t buflen),void * ctx)471 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
472 int (*fn)(void *ctx,
473 const unsigned char *buf,
474 size_t buflen),
475 void *ctx)
476 {
477 int i;
478
479 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
480 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
481 size_t j;
482
483 for (j = 0; j < tb->count; j++) {
484 if (fn(ctx, tb->buf, tb->buflen) <= 0)
485 return 0;
486 }
487 }
488 return 1;
489 }
490
491 /*
492 * Unescape some sequences in string literals (only \n for now).
493 * Return an allocated buffer, set |out_len|. If |input_len|
494 * is zero, get an empty buffer but set length to zero.
495 */
unescape(const char * input,size_t input_len,size_t * out_len)496 static unsigned char *unescape(const char *input, size_t input_len,
497 size_t *out_len)
498 {
499 unsigned char *ret, *p;
500 size_t i;
501
502 if (input_len == 0) {
503 *out_len = 0;
504 return OPENSSL_zalloc(1);
505 }
506
507 /* Escaping is non-expanding; over-allocate original size for simplicity. */
508 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
509 return NULL;
510
511 for (i = 0; i < input_len; i++) {
512 if (*input == '\\') {
513 if (i == input_len - 1 || *++input != 'n') {
514 TEST_error("Bad escape sequence in file");
515 goto err;
516 }
517 *p++ = '\n';
518 i++;
519 input++;
520 } else {
521 *p++ = *input++;
522 }
523 }
524
525 *out_len = p - ret;
526 return ret;
527
528 err:
529 OPENSSL_free(ret);
530 return NULL;
531 }
532
533 /*
534 * For a hex string "value" convert to a binary allocated buffer.
535 * Return 1 on success or 0 on failure.
536 */
parse_bin(const char * value,unsigned char ** buf,size_t * buflen)537 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
538 {
539 long len;
540
541 /* Check for NULL literal */
542 if (strcmp(value, "NULL") == 0) {
543 *buf = NULL;
544 *buflen = 0;
545 return 1;
546 }
547
548 /* Check for empty value */
549 if (*value == '\0') {
550 /*
551 * Don't return NULL for zero length buffer. This is needed for
552 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
553 * buffer even if the key length is 0, in order to detect key reset.
554 */
555 *buf = OPENSSL_malloc(1);
556 if (*buf == NULL)
557 return 0;
558 **buf = 0;
559 *buflen = 0;
560 return 1;
561 }
562
563 /* Check for string literal */
564 if (value[0] == '"') {
565 size_t vlen = strlen(++value);
566
567 if (vlen == 0 || value[vlen - 1] != '"')
568 return 0;
569 vlen--;
570 *buf = unescape(value, vlen, buflen);
571 return *buf == NULL ? 0 : 1;
572 }
573
574 /* Otherwise assume as hex literal and convert it to binary buffer */
575 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
576 TEST_info("Can't convert %s", value);
577 TEST_openssl_errors();
578 return -1;
579 }
580 /* Size of input buffer means we'll never overflow */
581 *buflen = len;
582 return 1;
583 }
584
585 /*
586 * Convert at maximum "max" bytes to a binary allocated buffer.
587 * Return 1 on success, -1 on failure or 0 for end of value string.
588 */
parse_bin_chunk(const char * value,size_t offset,size_t max,unsigned char ** buf,size_t * buflen,size_t * out_offset)589 static int parse_bin_chunk(const char *value, size_t offset, size_t max,
590 unsigned char **buf, size_t *buflen, size_t *out_offset)
591 {
592 size_t vlen;
593 size_t chunk_len;
594 const char *value_str = value[0] == '"' ? value + offset + 1 : value + offset;
595
596 if (max < 1)
597 return -1;
598
599 if (*value == '\0' || strcmp(value, "\"\"") == 0) {
600 *buf = OPENSSL_malloc(1);
601 if (*buf == NULL)
602 return 0;
603 **buf = 0;
604 *buflen = 0;
605 return 0;
606 }
607
608 if (*value_str == '\0')
609 return 0;
610
611 vlen = strlen(value_str);
612 if (value[0] == '"') {
613 /* Parse string literal */
614 if (vlen == 1 && value_str[0] != '"')
615 /* Missing ending quotation mark */
616 return -1;
617 if (vlen == 1 && value_str[0] == '"')
618 /* End of value */
619 return 0;
620 vlen--;
621 chunk_len = max > vlen ? vlen : max;
622 if ((*buf = unescape(value_str, chunk_len, buflen)) == NULL)
623 return -1;
624 } else {
625 /* Parse hex string chunk */
626 long len;
627 char *chunk = NULL;
628
629 chunk_len = 2 * max > vlen ? vlen : 2 * max;
630 chunk = OPENSSL_strndup(value_str, chunk_len);
631 if (chunk == NULL)
632 return -1;
633 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(chunk, &len))) {
634 OPENSSL_free(chunk);
635 TEST_openssl_errors();
636 return -1;
637 }
638 OPENSSL_free(chunk);
639 *buflen = len;
640 }
641 *out_offset = value[0] == '"' ? offset + (*buflen) : offset + 2 * (*buflen);
642 return 1;
643 }
644
645 /**
646 ** MESSAGE DIGEST TESTS
647 **/
648
649 typedef struct digest_data_st {
650 /* Digest this test is for */
651 const EVP_MD *digest;
652 EVP_MD *fetched_digest;
653 /* Input to digest */
654 STACK_OF(EVP_TEST_BUFFER) *input;
655 /* Expected output */
656 unsigned char *output;
657 size_t output_len;
658 /* Padding type */
659 int pad_type;
660 /* XOF mode? */
661 int xof;
662 /* Size for variable output length but non-XOF */
663 size_t digest_size;
664 } DIGEST_DATA;
665
digest_test_init(EVP_TEST * t,const char * alg)666 static int digest_test_init(EVP_TEST *t, const char *alg)
667 {
668 DIGEST_DATA *mdat;
669 const EVP_MD *digest;
670 EVP_MD *fetched_digest;
671
672 if (is_digest_disabled(alg)) {
673 TEST_info("skipping, '%s' is disabled", alg);
674 t->skip = 1;
675 return 1;
676 }
677
678 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
679 && (digest = EVP_get_digestbyname(alg)) == NULL)
680 return 0;
681 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) {
682 EVP_MD_free(fetched_digest);
683 return 0;
684 }
685 t->data = mdat;
686 mdat->digest = digest;
687 mdat->fetched_digest = fetched_digest;
688 mdat->pad_type = 0;
689 mdat->xof = 0;
690 if (fetched_digest != NULL)
691 TEST_info("%s is fetched", alg);
692 return 1;
693 }
694
digest_test_cleanup(EVP_TEST * t)695 static void digest_test_cleanup(EVP_TEST *t)
696 {
697 DIGEST_DATA *mdat = t->data;
698
699 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
700 OPENSSL_free(mdat->output);
701 EVP_MD_free(mdat->fetched_digest);
702 }
703
digest_test_parse(EVP_TEST * t,const char * keyword,const char * value)704 static int digest_test_parse(EVP_TEST *t,
705 const char *keyword, const char *value)
706 {
707 DIGEST_DATA *mdata = t->data;
708
709 if (strcmp(keyword, "Input") == 0)
710 return evp_test_buffer_append(value, data_chunk_size, &mdata->input);
711 if (strcmp(keyword, "Output") == 0)
712 return parse_bin(value, &mdata->output, &mdata->output_len);
713 if (strcmp(keyword, "Count") == 0)
714 return evp_test_buffer_set_count(value, mdata->input);
715 if (strcmp(keyword, "Ncopy") == 0)
716 return evp_test_buffer_ncopy(value, mdata->input);
717 if (strcmp(keyword, "Padding") == 0)
718 return (mdata->pad_type = atoi(value)) > 0;
719 if (strcmp(keyword, "XOF") == 0)
720 return (mdata->xof = atoi(value)) > 0;
721 if (strcmp(keyword, "OutputSize") == 0) {
722 int sz;
723
724 sz = atoi(value);
725 if (sz < 0)
726 return -1;
727 mdata->digest_size = sz;
728 return 1;
729 }
730 return 0;
731 }
732
digest_update_fn(void * ctx,const unsigned char * buf,size_t buflen)733 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
734 {
735 return EVP_DigestUpdate(ctx, buf, buflen);
736 }
737
test_duplicate_md_ctx(EVP_TEST * t,EVP_MD_CTX * mctx)738 static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx)
739 {
740 char dont[] = "touch";
741
742 if (!TEST_ptr(mctx))
743 return 0;
744 if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) {
745 EVP_MD_CTX_free(mctx);
746 t->err = "DIGESTFINALXOF_ERROR";
747 return 0;
748 }
749 if (!TEST_str_eq(dont, "touch")) {
750 EVP_MD_CTX_free(mctx);
751 t->err = "DIGESTFINALXOF_ERROR";
752 return 0;
753 }
754 EVP_MD_CTX_free(mctx);
755 return 1;
756 }
757
digest_test_run(EVP_TEST * t)758 static int digest_test_run(EVP_TEST *t)
759 {
760 DIGEST_DATA *expected = t->data;
761 EVP_TEST_BUFFER *inbuf;
762 EVP_MD_CTX *mctx;
763 unsigned char *got = NULL;
764 unsigned int got_len;
765 size_t size = 0;
766 int xof = 0;
767 OSSL_PARAM params[4], *p = ¶ms[0];
768
769 t->err = "TEST_FAILURE";
770 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
771 goto err;
772
773 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? expected->output_len : EVP_MAX_MD_SIZE);
774 if (!TEST_ptr(got))
775 goto err;
776
777 if (expected->xof > 0) {
778 xof |= 1;
779 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
780 &expected->output_len);
781 }
782 if (expected->digest_size > 0) {
783 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE,
784 &expected->digest_size);
785 }
786 if (expected->pad_type > 0)
787 *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
788 &expected->pad_type);
789 *p++ = OSSL_PARAM_construct_end();
790
791 if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) {
792 t->err = "DIGESTINIT_ERROR";
793 goto err;
794 }
795
796 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
797 t->err = "DIGESTUPDATE_ERROR";
798 goto err;
799 }
800
801 xof |= EVP_MD_xof(expected->digest);
802 if (xof) {
803 EVP_MD_CTX *mctx_cpy;
804
805 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
806 goto err;
807 }
808 if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) {
809 EVP_MD_CTX_free(mctx_cpy);
810 goto err;
811 } else if (!test_duplicate_md_ctx(t, mctx_cpy)) {
812 goto err;
813 }
814
815 if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx)))
816 goto err;
817
818 got_len = expected->output_len;
819 if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
820 t->err = "DIGESTFINALXOF_ERROR";
821 goto err;
822 }
823 } else {
824 if (!EVP_DigestFinal(mctx, got, &got_len)) {
825 t->err = "DIGESTFINAL_ERROR";
826 goto err;
827 }
828 }
829 if (!TEST_int_eq(expected->output_len, got_len)) {
830 t->err = "DIGEST_LENGTH_MISMATCH";
831 goto err;
832 }
833 if (!memory_err_compare(t, "DIGEST_MISMATCH",
834 expected->output, expected->output_len,
835 got, got_len))
836 goto err;
837
838 t->err = NULL;
839
840 /* Test the EVP_Q_digest interface as well */
841 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
842 && !xof
843 /* This should never fail but we need the returned pointer now */
844 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
845 && !inbuf->count_set) {
846 OPENSSL_cleanse(got, got_len);
847 if (!TEST_true(EVP_Q_digest(libctx,
848 EVP_MD_get0_name(expected->fetched_digest),
849 NULL, inbuf->buf, inbuf->buflen,
850 got, &size))
851 || !TEST_mem_eq(got, size,
852 expected->output, expected->output_len)) {
853 t->err = "EVP_Q_digest failed";
854 goto err;
855 }
856 }
857
858 err:
859 OPENSSL_free(got);
860 EVP_MD_CTX_free(mctx);
861 return 1;
862 }
863
864 static const EVP_TEST_METHOD digest_test_method = {
865 "Digest",
866 digest_test_init,
867 digest_test_cleanup,
868 digest_test_parse,
869 digest_test_run
870 };
871
872 /**
873 *** CIPHER TESTS
874 **/
875
876 typedef struct cipher_data_st {
877 const EVP_CIPHER *cipher;
878 EVP_CIPHER *fetched_cipher;
879 int enc;
880 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
881 int aead;
882 unsigned char *key;
883 size_t key_len;
884 size_t key_bits; /* Used by RC2 */
885 unsigned char *iv;
886 unsigned char *next_iv; /* Expected IV state after operation */
887 unsigned int rounds;
888 size_t iv_len;
889 unsigned char *plaintext;
890 size_t plaintext_len;
891 unsigned char *ciphertext;
892 size_t ciphertext_len;
893 /* AEAD ciphers only */
894 unsigned char *aad[AAD_NUM];
895 size_t aad_len[AAD_NUM];
896 int tls_aad;
897 int tls_version;
898 unsigned char *tag;
899 const char *cts_mode;
900 size_t tag_len;
901 int tag_late;
902 unsigned char *mac_key;
903 size_t mac_key_len;
904 const char *xts_standard;
905 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
906 } CIPHER_DATA;
907
908 /*
909 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special
910 * requirements about input lengths so we don't fragment for those
911 */
cipher_test_valid_fragmentation(CIPHER_DATA * cdat)912 static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat)
913 {
914 return (cdat->aead == EVP_CIPH_CCM_MODE
915 || cdat->aead == EVP_CIPH_CBC_MODE
916 || (cdat->aead == -1
917 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
918 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
919 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
920 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE
921 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
922 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
923 ? 0
924 : 1;
925 }
926
cipher_test_init(EVP_TEST * t,const char * alg)927 static int cipher_test_init(EVP_TEST *t, const char *alg)
928 {
929 const EVP_CIPHER *cipher;
930 EVP_CIPHER *fetched_cipher;
931 CIPHER_DATA *cdat;
932 int m;
933
934 if (is_cipher_disabled(alg)) {
935 t->skip = 1;
936 TEST_info("skipping, '%s' is disabled", alg);
937 return 1;
938 }
939
940 ERR_set_mark();
941 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL
942 && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
943 /* a stitched cipher might not be available */
944 if (strstr(alg, "HMAC") != NULL) {
945 ERR_pop_to_mark();
946 t->skip = 1;
947 TEST_info("skipping, '%s' is not available", alg);
948 return 1;
949 }
950 ERR_clear_last_mark();
951 return 0;
952 }
953 ERR_clear_last_mark();
954
955 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
956 return 0;
957
958 cdat->init_controls = sk_OPENSSL_STRING_new_null();
959 cdat->cipher = cipher;
960 cdat->fetched_cipher = fetched_cipher;
961 cdat->enc = -1;
962 m = EVP_CIPHER_get_mode(cipher);
963 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
964 cdat->aead = m != 0 ? m : -1;
965 else
966 cdat->aead = 0;
967
968 if (data_chunk_size != 0 && !cipher_test_valid_fragmentation(cdat)) {
969 ERR_pop_to_mark();
970 EVP_CIPHER_free(fetched_cipher);
971 OPENSSL_free(cdat);
972 t->skip = 1;
973 TEST_info("skipping, '%s' does not support fragmentation", alg);
974 return 1;
975 }
976
977 t->data = cdat;
978 if (fetched_cipher != NULL)
979 TEST_info("%s is fetched", alg);
980 return 1;
981 }
982
cipher_test_cleanup(EVP_TEST * t)983 static void cipher_test_cleanup(EVP_TEST *t)
984 {
985 int i;
986 CIPHER_DATA *cdat = t->data;
987
988 OPENSSL_free(cdat->key);
989 OPENSSL_free(cdat->iv);
990 OPENSSL_free(cdat->next_iv);
991 OPENSSL_free(cdat->ciphertext);
992 OPENSSL_free(cdat->plaintext);
993 for (i = 0; i < AAD_NUM; i++)
994 OPENSSL_free(cdat->aad[i]);
995 OPENSSL_free(cdat->tag);
996 OPENSSL_free(cdat->mac_key);
997 EVP_CIPHER_free(cdat->fetched_cipher);
998 ctrlfree(cdat->init_controls);
999 }
1000
cipher_test_parse(EVP_TEST * t,const char * keyword,const char * value)1001 static int cipher_test_parse(EVP_TEST *t, const char *keyword,
1002 const char *value)
1003 {
1004 CIPHER_DATA *cdat = t->data;
1005 int i;
1006
1007 if (strcmp(keyword, "Key") == 0)
1008 return parse_bin(value, &cdat->key, &cdat->key_len);
1009 if (strcmp(keyword, "Rounds") == 0) {
1010 i = atoi(value);
1011 if (i < 0)
1012 return -1;
1013 cdat->rounds = (unsigned int)i;
1014 return 1;
1015 }
1016 if (strcmp(keyword, "IV") == 0)
1017 return parse_bin(value, &cdat->iv, &cdat->iv_len);
1018 if (strcmp(keyword, "NextIV") == 0)
1019 return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
1020 if (strcmp(keyword, "Plaintext") == 0)
1021 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
1022 if (strcmp(keyword, "Ciphertext") == 0)
1023 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
1024 if (strcmp(keyword, "KeyBits") == 0) {
1025 i = atoi(value);
1026 if (i < 0)
1027 return -1;
1028 cdat->key_bits = (size_t)i;
1029 return 1;
1030 }
1031 if (cdat->aead) {
1032 int tls_aad = 0;
1033
1034 if (strcmp(keyword, "TLSAAD") == 0)
1035 cdat->tls_aad = tls_aad = 1;
1036 if (strcmp(keyword, "AAD") == 0 || tls_aad) {
1037 for (i = 0; i < AAD_NUM; i++) {
1038 if (cdat->aad[i] == NULL)
1039 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
1040 }
1041 return -1;
1042 }
1043 if (strcmp(keyword, "Tag") == 0)
1044 return parse_bin(value, &cdat->tag, &cdat->tag_len);
1045 if (strcmp(keyword, "SetTagLate") == 0) {
1046 if (strcmp(value, "TRUE") == 0)
1047 cdat->tag_late = 1;
1048 else if (strcmp(value, "FALSE") == 0)
1049 cdat->tag_late = 0;
1050 else
1051 return -1;
1052 return 1;
1053 }
1054 if (strcmp(keyword, "MACKey") == 0)
1055 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
1056 if (strcmp(keyword, "TLSVersion") == 0) {
1057 char *endptr;
1058
1059 cdat->tls_version = (int)strtol(value, &endptr, 0);
1060 return value[0] != '\0' && endptr[0] == '\0';
1061 }
1062 }
1063
1064 if (strcmp(keyword, "Operation") == 0) {
1065 if (strcmp(value, "ENCRYPT") == 0)
1066 cdat->enc = 1;
1067 else if (strcmp(value, "DECRYPT") == 0)
1068 cdat->enc = 0;
1069 else
1070 return -1;
1071 return 1;
1072 }
1073 if (strcmp(keyword, "CTSMode") == 0) {
1074 cdat->cts_mode = value;
1075 return 1;
1076 }
1077 if (strcmp(keyword, "XTSStandard") == 0) {
1078 cdat->xts_standard = value;
1079 return 1;
1080 }
1081 if (strcmp(keyword, "CtrlInit") == 0)
1082 return ctrladd(cdat->init_controls, value);
1083 return 0;
1084 }
1085
cipher_test_enc(EVP_TEST * t,int enc,size_t out_misalign,size_t inp_misalign,int frag,int in_place,const OSSL_PARAM initparams[])1086 static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
1087 size_t inp_misalign, int frag, int in_place,
1088 const OSSL_PARAM initparams[])
1089 {
1090 CIPHER_DATA *expected = t->data;
1091 unsigned char *in, *expected_out, *tmp = NULL;
1092 size_t in_len, out_len, donelen = 0;
1093 int ok = 0, tmplen, chunklen, tmpflen, i;
1094 EVP_CIPHER_CTX *ctx_base = NULL;
1095 EVP_CIPHER_CTX *ctx = NULL, *duped;
1096 int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0);
1097
1098 t->err = "TEST_FAILURE";
1099 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
1100 goto err;
1101 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1102 goto err;
1103 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
1104 if (enc) {
1105 in = expected->plaintext;
1106 in_len = expected->plaintext_len;
1107 expected_out = expected->ciphertext;
1108 out_len = expected->ciphertext_len;
1109 } else {
1110 in = expected->ciphertext;
1111 in_len = expected->ciphertext_len;
1112 expected_out = expected->plaintext;
1113 out_len = expected->plaintext_len;
1114 }
1115 if (in_place == 1) {
1116 /* Exercise in-place encryption */
1117 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
1118 if (!tmp)
1119 goto err;
1120 in = memcpy(tmp + out_misalign, in, in_len);
1121 } else {
1122 inp_misalign += 16 - ((out_misalign + in_len) & 15);
1123 /*
1124 * 'tmp' will store both output and copy of input. We make the copy
1125 * of input to specifically aligned part of 'tmp'. So we just
1126 * figured out how much padding would ensure the required alignment,
1127 * now we allocate extended buffer and finally copy the input just
1128 * past inp_misalign in expression below. Output will be written
1129 * past out_misalign...
1130 */
1131 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign + in_len);
1132 if (!tmp)
1133 goto err;
1134 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign, in, in_len);
1135 }
1136 if (!EVP_CipherInit_ex2(ctx_base, expected->cipher, NULL, NULL, enc,
1137 initparams)) {
1138 t->err = "CIPHERINIT_ERROR";
1139 goto err;
1140 }
1141 if (expected->cts_mode != NULL) {
1142 OSSL_PARAM params[2];
1143
1144 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
1145 (char *)expected->cts_mode,
1146 0);
1147 params[1] = OSSL_PARAM_construct_end();
1148 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
1149 t->err = "INVALID_CTS_MODE";
1150 goto err;
1151 }
1152 }
1153 if (expected->iv) {
1154 if (expected->aead) {
1155 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
1156 expected->iv_len, 0)
1157 <= 0) {
1158 t->err = "INVALID_IV_LENGTH";
1159 goto err;
1160 }
1161 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
1162 t->err = "INVALID_IV_LENGTH";
1163 goto err;
1164 }
1165 }
1166 if (expected->aead && !expected->tls_aad) {
1167 unsigned char *tag;
1168 /*
1169 * If encrypting or OCB just set tag length initially, otherwise
1170 * set tag length and value.
1171 */
1172 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
1173 t->err = "TAG_LENGTH_SET_ERROR";
1174 tag = NULL;
1175 } else {
1176 t->err = "TAG_SET_ERROR";
1177 tag = expected->tag;
1178 }
1179 if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
1180 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
1181 expected->tag_len, tag)
1182 <= 0)
1183 goto err;
1184 }
1185 }
1186
1187 if (expected->rounds > 0) {
1188 int rounds = (int)expected->rounds;
1189
1190 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
1191 t->err = "INVALID_ROUNDS";
1192 goto err;
1193 }
1194 }
1195
1196 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
1197 t->err = "INVALID_KEY_LENGTH";
1198 goto err;
1199 }
1200 if (expected->key_bits > 0) {
1201 int bits = (int)expected->key_bits;
1202
1203 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
1204 t->err = "INVALID KEY BITS";
1205 goto err;
1206 }
1207 }
1208 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
1209 t->err = "KEY_SET_ERROR";
1210 goto err;
1211 }
1212
1213 /* Check that we get the same IV back */
1214 if (expected->iv != NULL) {
1215 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
1216 unsigned char iv[128];
1217 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
1218 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
1219 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
1220 expected->iv_len))) {
1221 t->err = "INVALID_IV";
1222 goto err;
1223 }
1224 }
1225
1226 /* Test that the cipher dup functions correctly if it is supported */
1227 ERR_set_mark();
1228 if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
1229 if (fips_dupctx_supported) {
1230 TEST_info("Doing a copy of Cipher %s Fails!\n",
1231 EVP_CIPHER_get0_name(expected->cipher));
1232 ERR_print_errors_fp(stderr);
1233 goto err;
1234 } else {
1235 TEST_info("Allowing copy fail as an old fips provider is in use.");
1236 }
1237 EVP_CIPHER_CTX_free(ctx);
1238 ctx = ctx_base;
1239 } else {
1240 EVP_CIPHER_CTX_free(ctx_base);
1241 ctx_base = NULL;
1242 }
1243 /* Likewise for dup */
1244 duped = EVP_CIPHER_CTX_dup(ctx);
1245 if (duped != NULL) {
1246 EVP_CIPHER_CTX_free(ctx);
1247 ctx = duped;
1248 } else {
1249 if (fips_dupctx_supported) {
1250 TEST_info("Doing a dup of Cipher %s Fails!\n",
1251 EVP_CIPHER_get0_name(expected->cipher));
1252 ERR_print_errors_fp(stderr);
1253 goto err;
1254 } else {
1255 TEST_info("Allowing dup fail as an old fips provider is in use.");
1256 }
1257 }
1258 ERR_pop_to_mark();
1259
1260 if (expected->mac_key != NULL
1261 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
1262 (int)expected->mac_key_len,
1263 (void *)expected->mac_key)
1264 <= 0) {
1265 t->err = "SET_MAC_KEY_ERROR";
1266 goto err;
1267 }
1268
1269 if (expected->tls_version) {
1270 OSSL_PARAM params[2];
1271
1272 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
1273 &expected->tls_version);
1274 params[1] = OSSL_PARAM_construct_end();
1275 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1276 t->err = "SET_TLS_VERSION_ERROR";
1277 goto err;
1278 }
1279 }
1280
1281 if (expected->aead == EVP_CIPH_CCM_MODE) {
1282 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
1283 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
1284 goto err;
1285 }
1286 }
1287 if (expected->aad[0] != NULL && !expected->tls_aad) {
1288 t->err = "AAD_SET_ERROR";
1289 if (!frag) {
1290 /* Supply the data all in one go or according to data_chunk_size */
1291 for (i = 0; expected->aad[i] != NULL; i++) {
1292 size_t aad_len = expected->aad_len[i];
1293 donelen = 0;
1294
1295 do {
1296 size_t current_aad_len = (size_t)data_chunk_size;
1297
1298 if (data_chunk_size == 0 || (size_t)data_chunk_size > aad_len)
1299 current_aad_len = aad_len;
1300 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
1301 expected->aad[i] + donelen,
1302 current_aad_len))
1303 goto err;
1304 donelen += current_aad_len;
1305 aad_len -= current_aad_len;
1306 } while (aad_len > 0);
1307 }
1308 } else {
1309 /* Supply the AAD in chunks less than the block size where possible */
1310 for (i = 0; expected->aad[i] != NULL; i++) {
1311 if (expected->aad_len[i] > 0) {
1312 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
1313 goto err;
1314 donelen++;
1315 }
1316 if (expected->aad_len[i] > 2) {
1317 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
1318 expected->aad[i] + donelen,
1319 expected->aad_len[i] - 2))
1320 goto err;
1321 donelen += expected->aad_len[i] - 2;
1322 }
1323 if (expected->aad_len[i] > 1
1324 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
1325 expected->aad[i] + donelen, 1))
1326 goto err;
1327 }
1328 }
1329 }
1330
1331 if (expected->tls_aad) {
1332 OSSL_PARAM params[2];
1333 char *tls_aad;
1334
1335 /* duplicate the aad as the implementation might modify it */
1336 if ((tls_aad = OPENSSL_memdup(expected->aad[0],
1337 expected->aad_len[0]))
1338 == NULL)
1339 goto err;
1340 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
1341 tls_aad,
1342 expected->aad_len[0]);
1343 params[1] = OSSL_PARAM_construct_end();
1344 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1345 OPENSSL_free(tls_aad);
1346 t->err = "TLS1_AAD_ERROR";
1347 goto err;
1348 }
1349 OPENSSL_free(tls_aad);
1350 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) {
1351 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1352 expected->tag_len, expected->tag)
1353 <= 0) {
1354 t->err = "TAG_SET_ERROR";
1355 goto err;
1356 }
1357 }
1358 if (expected->xts_standard != NULL) {
1359 OSSL_PARAM params[2];
1360
1361 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD,
1362 (char *)expected->xts_standard, 0);
1363 params[1] = OSSL_PARAM_construct_end();
1364 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1365 t->err = "SET_XTS_STANDARD_ERROR";
1366 goto err;
1367 }
1368 }
1369 EVP_CIPHER_CTX_set_padding(ctx, 0);
1370 t->err = "CIPHERUPDATE_ERROR";
1371 tmplen = 0;
1372 if (!frag) {
1373 do {
1374 /* Supply the data all in one go or according to data_chunk_size */
1375 size_t current_in_len = (size_t)data_chunk_size;
1376
1377 if (data_chunk_size == 0 || (size_t)data_chunk_size > in_len)
1378 current_in_len = in_len;
1379 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1380 in, current_in_len))
1381 goto err;
1382 tmplen += chunklen;
1383 in += current_in_len;
1384 in_len -= current_in_len;
1385 } while (in_len > 0);
1386 } else {
1387 /* Supply the data in chunks less than the block size where possible */
1388 if (in_len > 0) {
1389 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
1390 goto err;
1391 tmplen += chunklen;
1392 in++;
1393 in_len--;
1394 }
1395 if (in_len > 1) {
1396 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1397 in, in_len - 1))
1398 goto err;
1399 tmplen += chunklen;
1400 in += in_len - 1;
1401 in_len = 1;
1402 }
1403 if (in_len > 0) {
1404 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1405 in, 1))
1406 goto err;
1407 tmplen += chunklen;
1408 }
1409 }
1410 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
1411 t->err = "CIPHERFINAL_ERROR";
1412 goto err;
1413 }
1414 if (!cipher_check_fips_approved(ctx, t)) {
1415 t->err = "FIPSAPPROVED_ERROR";
1416 goto err;
1417 }
1418
1419 if (!enc && expected->tls_aad) {
1420 if (expected->tls_version >= TLS1_1_VERSION
1421 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
1422 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
1423 tmplen -= expected->iv_len;
1424 expected_out += expected->iv_len;
1425 out_misalign += expected->iv_len;
1426 }
1427 if ((int)out_len > tmplen + tmpflen)
1428 out_len = tmplen + tmpflen;
1429 }
1430 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
1431 tmp + out_misalign, tmplen + tmpflen))
1432 goto err;
1433 if (enc && expected->aead && !expected->tls_aad) {
1434 unsigned char rtag[48]; /* longest known for TLS_SHA384_SHA384 */
1435
1436 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
1437 t->err = "TAG_LENGTH_INTERNAL_ERROR";
1438 goto err;
1439 }
1440 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1441 expected->tag_len, rtag)
1442 <= 0) {
1443 t->err = "TAG_RETRIEVE_ERROR";
1444 goto err;
1445 }
1446 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
1447 expected->tag, expected->tag_len,
1448 rtag, expected->tag_len))
1449 goto err;
1450 }
1451 /* Check the updated IV */
1452 if (expected->next_iv != NULL) {
1453 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
1454 unsigned char iv[128];
1455 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
1456 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
1457 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
1458 expected->iv_len))) {
1459 t->err = "INVALID_NEXT_IV";
1460 goto err;
1461 }
1462 }
1463
1464 t->err = NULL;
1465 ok = 1;
1466 err:
1467 OPENSSL_free(tmp);
1468 if (ctx != ctx_base)
1469 EVP_CIPHER_CTX_free(ctx_base);
1470 EVP_CIPHER_CTX_free(ctx);
1471 return ok;
1472 }
1473
cipher_test_run(EVP_TEST * t)1474 static int cipher_test_run(EVP_TEST *t)
1475 {
1476 CIPHER_DATA *cdat = t->data;
1477 int rv, frag, fragmax, in_place;
1478 size_t out_misalign, inp_misalign;
1479 OSSL_PARAM initparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1480 size_t params_n = 0;
1481
1482 TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
1483 if (!cdat->key) {
1484 t->err = "NO_KEY";
1485 return 0;
1486 }
1487 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) {
1488 /* IV is optional and usually omitted in wrap mode */
1489 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
1490 t->err = "NO_IV";
1491 return 0;
1492 }
1493 }
1494 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
1495 t->err = "NO_TAG";
1496 return 0;
1497 }
1498
1499 if (sk_OPENSSL_STRING_num(cdat->init_controls) > 0) {
1500 if (!ctrl2params(t, cdat->init_controls, NULL,
1501 initparams, OSSL_NELEM(initparams), ¶ms_n))
1502 return 0;
1503 }
1504
1505 fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1;
1506 for (in_place = 1; in_place >= 0; in_place--) {
1507 static char aux_err[64];
1508
1509 t->aux_err = aux_err;
1510 /* Test only in-place data processing */
1511 if (process_mode_in_place == 1 && in_place == 0)
1512 break;
1513
1514 for (frag = 0; frag <= fragmax; frag++) {
1515 if (frag == 1 && data_chunk_size != 0)
1516 break;
1517 for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
1518 for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) {
1519 /* Skip input misalign tests for in-place processing */
1520 if (inp_misalign == 1 && in_place == 1)
1521 break;
1522 if (in_place == 1) {
1523 BIO_snprintf(aux_err, sizeof(aux_err),
1524 "%s in-place, %sfragmented",
1525 out_misalign ? "misaligned" : "aligned",
1526 frag ? "" : "not ");
1527 } else {
1528 BIO_snprintf(aux_err, sizeof(aux_err),
1529 "%s output and %s input, %sfragmented",
1530 out_misalign ? "misaligned" : "aligned",
1531 inp_misalign ? "misaligned" : "aligned",
1532 frag ? "" : "not ");
1533 }
1534 if (cdat->enc) {
1535 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign,
1536 frag, in_place, initparams);
1537 if (rv != 1)
1538 goto end;
1539 }
1540 if (cdat->enc != 1) {
1541 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign,
1542 frag, in_place, initparams);
1543 if (rv != 1)
1544 goto end;
1545 }
1546 }
1547 }
1548 }
1549 }
1550 ctrl2params_free(initparams, params_n, 0);
1551 t->aux_err = NULL;
1552 return 1;
1553 end:
1554 ctrl2params_free(initparams, params_n, 0);
1555 return (rv < 0 ? 0 : 1);
1556 }
1557
1558 static const EVP_TEST_METHOD cipher_test_method = {
1559 "Cipher",
1560 cipher_test_init,
1561 cipher_test_cleanup,
1562 cipher_test_parse,
1563 cipher_test_run
1564 };
1565
1566 /**
1567 ** MAC TESTS
1568 **/
1569
1570 typedef struct mac_data_st {
1571 /* MAC type in one form or another */
1572 char *mac_name;
1573 EVP_MAC *mac; /* for mac_test_run_mac */
1574 int type; /* for mac_test_run_pkey */
1575 /* Algorithm string for this MAC */
1576 char *alg;
1577 /* MAC key */
1578 unsigned char *key;
1579 size_t key_len;
1580 /* MAC IV (GMAC) */
1581 unsigned char *iv;
1582 size_t iv_len;
1583 /* Input to MAC */
1584 unsigned char *input;
1585 size_t input_len;
1586 /* Expected output */
1587 unsigned char *output;
1588 size_t output_len;
1589 unsigned char *custom;
1590 size_t custom_len;
1591 /* MAC salt (blake2) */
1592 unsigned char *salt;
1593 size_t salt_len;
1594 /* XOF mode? */
1595 int xof;
1596 /* Reinitialization fails */
1597 int no_reinit;
1598 /* Collection of controls */
1599 STACK_OF(OPENSSL_STRING) *controls;
1600 /* Output size */
1601 int output_size;
1602 /* Block size */
1603 int block_size;
1604 } MAC_DATA;
1605
mac_test_init(EVP_TEST * t,const char * alg)1606 static int mac_test_init(EVP_TEST *t, const char *alg)
1607 {
1608 EVP_MAC *mac = NULL;
1609 int type = NID_undef;
1610 MAC_DATA *mdat;
1611
1612 if (is_mac_disabled(alg)) {
1613 TEST_info("skipping, '%s' is disabled", alg);
1614 t->skip = 1;
1615 return 1;
1616 }
1617 if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) {
1618 /*
1619 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
1620 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
1621 * the EVP_PKEY method.
1622 */
1623 size_t sz = strlen(alg);
1624 static const char epilogue[] = " by EVP_PKEY";
1625
1626 if (sz >= sizeof(epilogue)
1627 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
1628 sz -= sizeof(epilogue) - 1;
1629
1630 if (strncmp(alg, "HMAC", sz) == 0)
1631 type = EVP_PKEY_HMAC;
1632 else if (strncmp(alg, "CMAC", sz) == 0)
1633 type = EVP_PKEY_CMAC;
1634 else if (strncmp(alg, "Poly1305", sz) == 0)
1635 type = EVP_PKEY_POLY1305;
1636 else if (strncmp(alg, "SipHash", sz) == 0)
1637 type = EVP_PKEY_SIPHASH;
1638 else
1639 return 0;
1640 }
1641
1642 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
1643 return 0;
1644
1645 mdat->type = type;
1646 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
1647 OPENSSL_free(mdat);
1648 return 0;
1649 }
1650
1651 mdat->mac = mac;
1652 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
1653 OPENSSL_free(mdat->mac_name);
1654 OPENSSL_free(mdat);
1655 return 0;
1656 }
1657
1658 mdat->output_size = mdat->block_size = -1;
1659 t->data = mdat;
1660 return 1;
1661 }
1662
mac_test_cleanup(EVP_TEST * t)1663 static void mac_test_cleanup(EVP_TEST *t)
1664 {
1665 MAC_DATA *mdat = t->data;
1666
1667 EVP_MAC_free(mdat->mac);
1668 OPENSSL_free(mdat->mac_name);
1669 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
1670 OPENSSL_free(mdat->alg);
1671 OPENSSL_free(mdat->key);
1672 OPENSSL_free(mdat->iv);
1673 OPENSSL_free(mdat->custom);
1674 OPENSSL_free(mdat->salt);
1675 OPENSSL_free(mdat->input);
1676 OPENSSL_free(mdat->output);
1677 }
1678
mac_test_parse(EVP_TEST * t,const char * keyword,const char * value)1679 static int mac_test_parse(EVP_TEST *t,
1680 const char *keyword, const char *value)
1681 {
1682 MAC_DATA *mdata = t->data;
1683
1684 if (strcmp(keyword, "Key") == 0)
1685 return parse_bin(value, &mdata->key, &mdata->key_len);
1686 if (strcmp(keyword, "IV") == 0)
1687 return parse_bin(value, &mdata->iv, &mdata->iv_len);
1688 if (strcmp(keyword, "Custom") == 0)
1689 return parse_bin(value, &mdata->custom, &mdata->custom_len);
1690 if (strcmp(keyword, "Salt") == 0)
1691 return parse_bin(value, &mdata->salt, &mdata->salt_len);
1692 if (strcmp(keyword, "Algorithm") == 0) {
1693 mdata->alg = OPENSSL_strdup(value);
1694 if (mdata->alg == NULL)
1695 return -1;
1696 return 1;
1697 }
1698 if (strcmp(keyword, "Input") == 0)
1699 return parse_bin(value, &mdata->input, &mdata->input_len);
1700 if (strcmp(keyword, "Output") == 0)
1701 return parse_bin(value, &mdata->output, &mdata->output_len);
1702 if (strcmp(keyword, "XOF") == 0)
1703 return mdata->xof = 1;
1704 if (strcmp(keyword, "NoReinit") == 0)
1705 return mdata->no_reinit = 1;
1706 if (strcmp(keyword, "Ctrl") == 0)
1707 return ctrladd(mdata->controls, value);
1708 if (strcmp(keyword, "OutputSize") == 0) {
1709 mdata->output_size = atoi(value);
1710 if (mdata->output_size < 0)
1711 return -1;
1712 return 1;
1713 }
1714 if (strcmp(keyword, "BlockSize") == 0) {
1715 mdata->block_size = atoi(value);
1716 if (mdata->block_size < 0)
1717 return -1;
1718 return 1;
1719 }
1720 return 0;
1721 }
1722
mac_test_ctrl_pkey(EVP_TEST * t,EVP_PKEY_CTX * pctx,const char * value)1723 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1724 const char *value)
1725 {
1726 int rv = 0;
1727 char *p, *tmpval;
1728
1729 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1730 return 0;
1731 p = strchr(tmpval, ':');
1732 if (p != NULL) {
1733 *p++ = '\0';
1734 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1735 }
1736 if (rv == -2)
1737 t->err = "PKEY_CTRL_INVALID";
1738 else if (rv <= 0)
1739 t->err = "PKEY_CTRL_ERROR";
1740 else
1741 rv = 1;
1742 OPENSSL_free(tmpval);
1743 return rv > 0;
1744 }
1745
mac_test_run_pkey(EVP_TEST * t)1746 static int mac_test_run_pkey(EVP_TEST *t)
1747 {
1748 MAC_DATA *expected = t->data;
1749 EVP_MD_CTX *mctx = NULL;
1750 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1751 EVP_PKEY *key = NULL;
1752 const char *mdname = NULL;
1753 EVP_CIPHER *cipher = NULL;
1754 unsigned char *got = NULL;
1755 size_t got_len;
1756 int i;
1757 size_t input_len, donelen;
1758
1759 /* We don't do XOF mode via PKEY */
1760 if (expected->xof)
1761 return 1;
1762
1763 if (expected->alg == NULL)
1764 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1765 else
1766 TEST_info("Trying the EVP_PKEY %s test with %s",
1767 OBJ_nid2sn(expected->type), expected->alg);
1768
1769 if (expected->type == EVP_PKEY_CMAC) {
1770 #ifdef OPENSSL_NO_DEPRECATED_3_0
1771 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1772 t->skip = 1;
1773 t->err = NULL;
1774 goto err;
1775 #else
1776 OSSL_LIB_CTX *tmpctx;
1777
1778 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
1779 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1780 t->skip = 1;
1781 t->err = NULL;
1782 goto err;
1783 }
1784 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) {
1785 t->err = "MAC_KEY_CREATE_ERROR";
1786 goto err;
1787 }
1788 tmpctx = OSSL_LIB_CTX_set0_default(libctx);
1789 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1790 cipher);
1791 OSSL_LIB_CTX_set0_default(tmpctx);
1792 #endif
1793 } else {
1794 key = EVP_PKEY_new_raw_private_key_ex(libctx,
1795 OBJ_nid2sn(expected->type), NULL,
1796 expected->key, expected->key_len);
1797 }
1798 if (key == NULL) {
1799 t->err = "MAC_KEY_CREATE_ERROR";
1800 goto err;
1801 }
1802
1803 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
1804 if (is_digest_disabled(expected->alg)) {
1805 TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
1806 t->skip = 1;
1807 t->err = NULL;
1808 goto err;
1809 }
1810 mdname = expected->alg;
1811 }
1812 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1813 t->err = "INTERNAL_ERROR";
1814 goto err;
1815 }
1816 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
1817 t->err = "DIGESTSIGNINIT_ERROR";
1818 goto err;
1819 }
1820 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
1821 if (!mac_test_ctrl_pkey(t, pctx,
1822 sk_OPENSSL_STRING_value(expected->controls,
1823 i))) {
1824 t->err = "EVPPKEYCTXCTRL_ERROR";
1825 goto err;
1826 }
1827 input_len = expected->input_len;
1828 donelen = 0;
1829 do {
1830 size_t current_len = (size_t)data_chunk_size;
1831
1832 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len)
1833 current_len = input_len;
1834 if (!EVP_DigestSignUpdate(mctx, expected->input + donelen, current_len)) {
1835 t->err = "DIGESTSIGNUPDATE_ERROR";
1836 goto err;
1837 }
1838 donelen += current_len;
1839 input_len -= current_len;
1840 } while (input_len > 0);
1841
1842 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
1843 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1844 goto err;
1845 }
1846 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1847 t->err = "TEST_FAILURE";
1848 goto err;
1849 }
1850 if (!EVP_DigestSignFinal(mctx, got, &got_len)
1851 || !memory_err_compare(t, "TEST_MAC_ERR",
1852 expected->output, expected->output_len,
1853 got, got_len)) {
1854 t->err = "TEST_MAC_ERR";
1855 goto err;
1856 }
1857 t->err = NULL;
1858 err:
1859 EVP_CIPHER_free(cipher);
1860 EVP_MD_CTX_free(mctx);
1861 OPENSSL_free(got);
1862 EVP_PKEY_CTX_free(genctx);
1863 EVP_PKEY_free(key);
1864 return 1;
1865 }
1866
mac_test_run_mac(EVP_TEST * t)1867 static int mac_test_run_mac(EVP_TEST *t)
1868 {
1869 MAC_DATA *expected = t->data;
1870 EVP_MAC_CTX *ctx = NULL;
1871 unsigned char *got = NULL;
1872 size_t got_len = 0, size = 0;
1873 size_t size_before_init = 0, size_after_init, size_val = 0;
1874 int block_size = -1, output_size = -1;
1875 OSSL_PARAM params[21], sizes[3], *psizes = sizes, *p;
1876 size_t params_n = 0;
1877 size_t params_n_allocstart = 0;
1878 const OSSL_PARAM *defined_params = EVP_MAC_settable_ctx_params(expected->mac);
1879 int xof;
1880 int reinit = 1;
1881 size_t input_len, donelen;
1882
1883 if (expected->alg == NULL)
1884 TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
1885 else
1886 TEST_info("Trying the EVP_MAC %s test with %s",
1887 expected->mac_name, expected->alg);
1888
1889 if (expected->alg != NULL) {
1890 int skip = 0;
1891
1892 /*
1893 * The underlying algorithm may be a cipher or a digest.
1894 * We don't know which it is, but we can ask the MAC what it
1895 * should be and bet on that.
1896 */
1897 if (OSSL_PARAM_locate_const(defined_params,
1898 OSSL_MAC_PARAM_CIPHER)
1899 != NULL) {
1900 if (is_cipher_disabled(expected->alg))
1901 skip = 1;
1902 else
1903 params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
1904 expected->alg, 0);
1905 } else if (OSSL_PARAM_locate_const(defined_params,
1906 OSSL_MAC_PARAM_DIGEST)
1907 != NULL) {
1908 if (is_digest_disabled(expected->alg))
1909 skip = 1;
1910 else
1911 params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1912 expected->alg, 0);
1913 } else {
1914 t->err = "MAC_BAD_PARAMS";
1915 goto err;
1916 }
1917 if (skip) {
1918 TEST_info("skipping, algorithm '%s' is disabled", expected->alg);
1919 t->skip = 1;
1920 t->err = NULL;
1921 goto err;
1922 }
1923 }
1924 if (expected->custom != NULL)
1925 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1926 expected->custom,
1927 expected->custom_len);
1928 if (expected->salt != NULL)
1929 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1930 expected->salt,
1931 expected->salt_len);
1932 if (expected->iv != NULL)
1933 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1934 expected->iv,
1935 expected->iv_len);
1936
1937 params_n_allocstart = params_n;
1938 if (!ctrl2params(t, expected->controls, defined_params,
1939 params, OSSL_NELEM(params), ¶ms_n))
1940 goto err;
1941
1942 p = OSSL_PARAM_locate(params + params_n_allocstart, "size");
1943 if (p != NULL) {
1944 if (!OSSL_PARAM_get_size_t(p, &size_val))
1945 goto err;
1946 }
1947
1948 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
1949 t->err = "MAC_CREATE_ERROR";
1950 goto err;
1951 }
1952 if (fips_provider_version_gt(libctx, 3, 2, 0)) {
1953 /* HMAC will put an error on the stack here (digest is not set yet) */
1954 ERR_set_mark();
1955 size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
1956 ERR_pop_to_mark();
1957 }
1958 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
1959 t->err = "MAC_INIT_ERROR";
1960 goto err;
1961 }
1962 size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
1963 if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
1964 t->err = "MAC SIZE not set";
1965 goto err;
1966 }
1967 if (size_before_init != 0) {
1968 /* mac-size not modified by init params */
1969 if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
1970 t->err = "MAC SIZE check failed";
1971 goto err;
1972 }
1973 /* mac-size modified by init params */
1974 if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
1975 t->err = "MAC SIZE check failed";
1976 goto err;
1977 }
1978 }
1979 if (expected->output_size >= 0)
1980 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
1981 &output_size);
1982 if (expected->block_size >= 0)
1983 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
1984 &block_size);
1985 if (psizes != sizes) {
1986 *psizes = OSSL_PARAM_construct_end();
1987 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
1988 t->err = "INTERNAL_ERROR";
1989 goto err;
1990 }
1991 if (expected->output_size >= 0
1992 && !TEST_int_eq(output_size, expected->output_size)) {
1993 t->err = "TEST_FAILURE";
1994 goto err;
1995 }
1996 if (expected->block_size >= 0
1997 && !TEST_int_eq(block_size, expected->block_size)) {
1998 t->err = "TEST_FAILURE";
1999 goto err;
2000 }
2001 }
2002 retry:
2003 input_len = expected->input_len;
2004 donelen = 0;
2005 do {
2006 size_t current_len = (size_t)data_chunk_size;
2007
2008 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len)
2009 current_len = input_len;
2010 if (!EVP_MAC_update(ctx, expected->input + donelen, current_len)) {
2011 t->err = "MAC_UPDATE_ERROR";
2012 goto err;
2013 }
2014 donelen += current_len;
2015 input_len -= current_len;
2016 } while (input_len > 0);
2017
2018 xof = expected->xof;
2019 if (xof) {
2020 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
2021 t->err = "TEST_FAILURE";
2022 goto err;
2023 }
2024 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
2025 || !memory_err_compare(t, "TEST_MAC_ERR",
2026 expected->output, expected->output_len,
2027 got, expected->output_len)) {
2028 t->err = "MAC_FINAL_ERROR";
2029 goto err;
2030 }
2031 } else {
2032 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
2033 t->err = "MAC_FINAL_LENGTH_ERROR";
2034 goto err;
2035 }
2036 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2037 t->err = "TEST_FAILURE";
2038 goto err;
2039 }
2040 if (!EVP_MAC_final(ctx, got, &got_len, got_len)
2041 || !memory_err_compare(t, "TEST_MAC_ERR",
2042 expected->output, expected->output_len,
2043 got, got_len)) {
2044 t->err = "TEST_MAC_ERR";
2045 goto err;
2046 }
2047 if (!mac_check_fips_approved(ctx, t))
2048 goto err;
2049 }
2050 /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */
2051 if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) {
2052 OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2053 int ret;
2054
2055 /* If the MAC uses IV, we have to set it again */
2056 if (expected->iv != NULL) {
2057 ivparams[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
2058 expected->iv,
2059 expected->iv_len);
2060 ivparams[1] = OSSL_PARAM_construct_end();
2061 }
2062 ERR_set_mark();
2063 ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
2064 if (expected->no_reinit) {
2065 if (ret) {
2066 ERR_clear_last_mark();
2067 t->err = "MAC_REINIT_SHOULD_FAIL";
2068 goto err;
2069 }
2070 } else if (ret) {
2071 ERR_clear_last_mark();
2072 OPENSSL_free(got);
2073 got = NULL;
2074 goto retry;
2075 } else {
2076 ERR_clear_last_mark();
2077 t->err = "MAC_REINIT_ERROR";
2078 goto err;
2079 }
2080 /* If reinitialization fails, it is unsupported by the algorithm */
2081 ERR_pop_to_mark();
2082 }
2083 t->err = NULL;
2084
2085 /* Test the EVP_Q_mac interface as well */
2086 if (!xof) {
2087 OPENSSL_cleanse(got, got_len);
2088 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
2089 expected->alg, params,
2090 expected->key, expected->key_len,
2091 expected->input, expected->input_len,
2092 got, got_len, &size))
2093 || !TEST_mem_eq(got, size,
2094 expected->output, expected->output_len)) {
2095 t->err = "EVP_Q_mac failed";
2096 goto err;
2097 }
2098 }
2099 err:
2100 ctrl2params_free(params, params_n, params_n_allocstart);
2101 EVP_MAC_CTX_free(ctx);
2102 OPENSSL_free(got);
2103 return 1;
2104 }
2105
mac_test_run(EVP_TEST * t)2106 static int mac_test_run(EVP_TEST *t)
2107 {
2108 MAC_DATA *expected = t->data;
2109
2110 if (expected->mac != NULL)
2111 return mac_test_run_mac(t);
2112 return mac_test_run_pkey(t);
2113 }
2114
2115 static const EVP_TEST_METHOD mac_test_method = {
2116 "MAC",
2117 mac_test_init,
2118 mac_test_cleanup,
2119 mac_test_parse,
2120 mac_test_run
2121 };
2122
2123 typedef struct kem_data_st {
2124 /* Context for this operation */
2125 EVP_PKEY_CTX *ctx;
2126 const char *op;
2127 /* Input to decapsulate */
2128 unsigned char *input;
2129 size_t inputlen;
2130 /* Expected secret */
2131 unsigned char *output;
2132 size_t outputlen;
2133 STACK_OF(OPENSSL_STRING) *init_ctrls;
2134 /* Algorithm name */
2135 char *algname;
2136 /* Name of previously generated key */
2137 char *keyname;
2138 /* Encoded public key */
2139 unsigned char *encoded_pub_key;
2140 size_t encoded_pub_key_len;
2141 /* Encoded private key */
2142 unsigned char *encoded_priv_key;
2143 size_t encoded_priv_key_len;
2144 /* Entropy for encapsulation */
2145 unsigned char *entropy;
2146 size_t entropylen;
2147 /* Ciphertext */
2148 unsigned char *ciphertext;
2149 size_t ciphertext_len;
2150 } KEM_DATA;
2151
kem_test_init(EVP_TEST * t,const char * alg)2152 static int kem_test_init(EVP_TEST *t, const char *alg)
2153 {
2154 KEM_DATA *kdata = NULL;
2155 EVP_PKEY *pkey = NULL;
2156
2157 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))
2158 || !TEST_ptr(kdata->algname = OPENSSL_strdup(alg)))
2159 goto err;
2160
2161 kdata->init_ctrls = sk_OPENSSL_STRING_new_null();
2162 t->data = kdata;
2163 return 1;
2164 err:
2165 EVP_PKEY_free(pkey);
2166 OPENSSL_free(kdata);
2167 return 0;
2168 }
2169
kem_test_cleanup(EVP_TEST * t)2170 static void kem_test_cleanup(EVP_TEST *t)
2171 {
2172 KEM_DATA *kdata = t->data;
2173
2174 ctrlfree(kdata->init_ctrls);
2175 OPENSSL_free(kdata->input);
2176 OPENSSL_free(kdata->output);
2177 OPENSSL_free(kdata->algname);
2178 OPENSSL_free(kdata->keyname);
2179 OPENSSL_free(kdata->encoded_pub_key);
2180 OPENSSL_free(kdata->encoded_priv_key);
2181 OPENSSL_free(kdata->entropy);
2182 OPENSSL_free(kdata->ciphertext);
2183 EVP_PKEY_CTX_free(kdata->ctx);
2184 }
2185
kem_test_parse(EVP_TEST * t,const char * keyword,const char * value)2186 static int kem_test_parse(EVP_TEST *t, const char *keyword, const char *value)
2187 {
2188 KEM_DATA *kdata = t->data;
2189
2190 if (strcmp(keyword, "Op") == 0) {
2191 kdata->op = value;
2192 return 1;
2193 }
2194 if (strcmp(keyword, "CtrlInit") == 0)
2195 return ctrladd(kdata->init_ctrls, value);
2196 if (strcmp(keyword, "Input") == 0)
2197 return parse_bin(value, &kdata->input, &kdata->inputlen);
2198 if (strcmp(keyword, "Output") == 0)
2199 return parse_bin(value, &kdata->output, &kdata->outputlen);
2200 if (strcmp(keyword, "EncodedPublicKey") == 0)
2201 return parse_bin(value, &kdata->encoded_pub_key,
2202 &kdata->encoded_pub_key_len);
2203 if (strcmp(keyword, "EncodedPrivateKey") == 0)
2204 return parse_bin(value, &kdata->encoded_priv_key,
2205 &kdata->encoded_priv_key_len);
2206 if (strcmp(keyword, "Entropy") == 0)
2207 return parse_bin(value, &kdata->entropy, &kdata->entropylen);
2208 if (strcmp(keyword, "Ciphertext") == 0)
2209 return parse_bin(value, &kdata->ciphertext, &kdata->ciphertext_len);
2210 if (strcmp(keyword, "KeyName") == 0)
2211 return TEST_ptr(kdata->keyname = OPENSSL_strdup(value));
2212 return 1;
2213 }
2214
encapsulate(EVP_TEST * t,EVP_PKEY_CTX * ctx,const char * op,unsigned char ** outwrapped,size_t * outwrappedlen,unsigned char ** outsecret,size_t * outsecretlen)2215 static int encapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op,
2216 unsigned char **outwrapped, size_t *outwrappedlen,
2217 unsigned char **outsecret, size_t *outsecretlen)
2218 {
2219 int ret = 0;
2220 KEM_DATA *kdata = t->data;
2221 unsigned char *wrapped = NULL, *secret = NULL;
2222 size_t wrappedlen = 0, secretlen = 0;
2223 OSSL_PARAM params[10];
2224 size_t params_n = 0;
2225 /* Reserve space for the terminator and possibly IKME */
2226 const size_t params_max = OSSL_NELEM(params) - 1 - (kdata->entropy != NULL);
2227
2228 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0)
2229 if (!ctrl2params(t, kdata->init_ctrls, NULL, params, params_max,
2230 ¶ms_n))
2231 goto err;
2232
2233 /* We don't expect very many controls here */
2234 if (!TEST_size_t_lt(params_n, params_max))
2235 goto err;
2236
2237 if (kdata->entropy != NULL)
2238 /* Input key material a.k.a entropy */
2239 params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME,
2240 kdata->entropy,
2241 kdata->entropylen);
2242 params[params_n] = OSSL_PARAM_construct_end();
2243
2244 if (EVP_PKEY_encapsulate_init(ctx, params) <= 0) {
2245 t->err = "TEST_ENCAPSULATE_INIT_ERROR";
2246 goto ok;
2247 }
2248
2249 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) {
2250 t->err = "TEST_SET_KEM_OP_ERROR";
2251 goto ok;
2252 }
2253 if (EVP_PKEY_encapsulate(ctx, NULL, &wrappedlen, NULL, &secretlen) <= 0) {
2254 t->err = "TEST_ENCAPSULATE_LEN_ERROR";
2255 goto ok;
2256 }
2257 wrapped = OPENSSL_malloc(wrappedlen);
2258 secret = OPENSSL_malloc(secretlen);
2259 if (!TEST_ptr(wrapped) || !TEST_ptr(secret)) {
2260 ret = 0;
2261 goto err;
2262 }
2263 if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0) {
2264 t->err = "TEST_ENCAPSULATE_ERROR";
2265 goto ok;
2266 }
2267 ret = pkey_check_fips_approved(ctx, t);
2268
2269 if (kdata->ciphertext != NULL
2270 && !TEST_mem_eq(wrapped, wrappedlen, kdata->ciphertext, kdata->ciphertext_len)) {
2271 ret = 0;
2272 goto err;
2273 }
2274
2275 if (kdata->output != NULL
2276 && !TEST_mem_eq(secret, secretlen, kdata->output, kdata->outputlen)) {
2277 ret = 0;
2278 goto err;
2279 }
2280
2281 if (ret == 0)
2282 goto err;
2283
2284 t->err = NULL;
2285 *outwrapped = wrapped;
2286 *outsecret = secret;
2287 *outwrappedlen = wrappedlen;
2288 *outsecretlen = secretlen;
2289 ok:
2290 ret = 1;
2291 err:
2292 if (ret == 0) {
2293 OPENSSL_free(wrapped);
2294 OPENSSL_free(secret);
2295 }
2296 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0)
2297 ctrl2params_free(params, params_n, 0);
2298 return ret;
2299 }
2300
decapsulate(EVP_TEST * t,EVP_PKEY_CTX * ctx,const char * op,const unsigned char * in,size_t inlen,const unsigned char * expected,size_t expectedlen)2301 static int decapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op,
2302 const unsigned char *in, size_t inlen,
2303 const unsigned char *expected, size_t expectedlen)
2304 {
2305 int ret = 0;
2306 KEM_DATA *kdata = t->data;
2307 size_t outlen = 0;
2308 unsigned char *out = NULL;
2309 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2310 OSSL_PARAM *p = NULL;
2311 size_t params_n = 0, params_n_allocated = 0;
2312
2313 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) {
2314 if (!ctrl2params(t, kdata->init_ctrls, NULL,
2315 params, 2, ¶ms_n))
2316 goto err;
2317 p = params;
2318 }
2319
2320 if (EVP_PKEY_decapsulate_init(ctx, p) <= 0) {
2321 t->err = "TEST_DECAPSULATE_INIT_ERROR";
2322 goto ok;
2323 }
2324
2325 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) {
2326 t->err = "TEST_SET_KEM_OP_ERROR";
2327 goto ok;
2328 }
2329 if (EVP_PKEY_decapsulate(ctx, NULL, &outlen, in, inlen) <= 0) {
2330 t->err = "TEST_DECAPSULATE_LEN_ERROR";
2331 goto ok;
2332 }
2333 if (!TEST_ptr(out = OPENSSL_malloc(outlen))) {
2334 ret = 0;
2335 goto err;
2336 }
2337
2338 if (EVP_PKEY_decapsulate(ctx, out, &outlen, in, inlen) <= 0) {
2339 t->err = "TEST_DECAPSULATE_ERROR";
2340 goto err;
2341 }
2342 if (!TEST_mem_eq(out, outlen, expected, expectedlen)) {
2343 t->err = "TEST_SECRET_MISMATCH";
2344 goto ok;
2345 }
2346 t->err = NULL;
2347 ok:
2348 ret = 1;
2349 err:
2350 OPENSSL_free(out);
2351 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0)
2352 ctrl2params_free(params, params_n, params_n_allocated);
2353 return ret;
2354 }
2355
kem_test_run(EVP_TEST * t)2356 static int kem_test_run(EVP_TEST *t)
2357 {
2358 int ret = 0, found_key = 0;
2359 EVP_PKEY *pkey = NULL;
2360 KEM_DATA *kdata = t->data;
2361 unsigned char *wrapped = NULL, *secret = NULL;
2362
2363 /* Generate either public or private key based on given params */
2364 if (kdata->keyname != NULL) {
2365 /* Previously generated private key */
2366 found_key = find_key(&pkey, kdata->keyname, private_keys);
2367 if (found_key == 0 || pkey == NULL) {
2368 TEST_info("skipping, key '%s' is disabled", kdata->keyname);
2369 t->skip = 1;
2370 goto ok;
2371 }
2372 } else if (kdata->encoded_pub_key != NULL) {
2373 /* Encoded public key */
2374 if ((pkey = EVP_PKEY_new_raw_public_key_ex(libctx, kdata->algname,
2375 propquery,
2376 kdata->encoded_pub_key,
2377 kdata->encoded_pub_key_len))
2378 == NULL) {
2379 t->err = "TEST_PARSE_PUBLIC_KEY_ERROR";
2380 goto ok;
2381 }
2382 } else if (kdata->encoded_priv_key != NULL) {
2383 /* Encoded private key */
2384 if ((pkey = EVP_PKEY_new_raw_private_key_ex(libctx, kdata->algname,
2385 propquery,
2386 kdata->encoded_priv_key,
2387 kdata->encoded_priv_key_len))
2388 == NULL) {
2389 t->err = "TEST_PARSE_PRIVATE_KEY_ERROR";
2390 goto ok;
2391 }
2392 } else {
2393 TEST_info("Missing parameters to create key");
2394 goto err;
2395 }
2396
2397 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery)))
2398 goto err;
2399
2400 if (kdata->input == NULL) {
2401 size_t wrappedlen = 0, secretlen = 0;
2402
2403 ret = encapsulate(t, kdata->ctx, kdata->op, &wrapped, &wrappedlen,
2404 &secret, &secretlen);
2405 if (ret == 0 || t->err != NULL)
2406 goto err;
2407
2408 /* Also attempt to decrypt if we have the private key */
2409 if (found_key || kdata->encoded_priv_key != NULL)
2410 ret = decapsulate(t, kdata->ctx, kdata->op, wrapped, wrappedlen,
2411 secret, secretlen);
2412 } else {
2413 ret = decapsulate(t, kdata->ctx, kdata->op, kdata->input, kdata->inputlen,
2414 kdata->output, kdata->outputlen);
2415 }
2416
2417 ok:
2418 ret = 1;
2419 err:
2420 if (!found_key)
2421 EVP_PKEY_free(pkey);
2422 OPENSSL_free(wrapped);
2423 OPENSSL_free(secret);
2424 return ret;
2425 }
2426
2427 static const EVP_TEST_METHOD pkey_kem_test_method = {
2428 "Kem",
2429 kem_test_init,
2430 kem_test_cleanup,
2431 kem_test_parse,
2432 kem_test_run
2433 };
2434
2435 /**
2436 ** PUBLIC KEY TESTS
2437 ** These are all very similar and share much common code.
2438 **/
2439
2440 typedef struct pkey_data_st {
2441 /* Context for this operation */
2442 EVP_PKEY_CTX *ctx;
2443 /* Signature algo for such operations */
2444 EVP_SIGNATURE *sigalgo;
2445 /* Key operation to perform */
2446 int (*keyopinit)(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
2447 int (*keyopinit_ex2)(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *algo,
2448 const OSSL_PARAM params[]);
2449 int (*keyop)(EVP_PKEY_CTX *ctx,
2450 unsigned char *sig, size_t *siglen,
2451 const unsigned char *tbs, size_t tbslen);
2452 /* Input to MAC */
2453 unsigned char *input;
2454 size_t input_len;
2455 /* Expected output */
2456 unsigned char *output;
2457 size_t output_len;
2458 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
2459 STACK_OF(OPENSSL_STRING) *controls; /* collection of controls */
2460 EVP_PKEY *peer;
2461 int validate;
2462 } PKEY_DATA;
2463
2464 /*
2465 * Perform public key operation setup: lookup key, allocated ctx and call
2466 * the appropriate initialisation function
2467 */
pkey_test_init_keyctx(EVP_TEST * t,const char * keyname,int use_public)2468 static int pkey_test_init_keyctx(EVP_TEST *t, const char *keyname,
2469 int use_public)
2470 {
2471 PKEY_DATA *kdata;
2472 EVP_PKEY *pkey = NULL;
2473 int rv = 0;
2474
2475 if (use_public)
2476 rv = find_key(&pkey, keyname, public_keys);
2477 if (rv == 0)
2478 rv = find_key(&pkey, keyname, private_keys);
2479 if (rv == 0 || pkey == NULL) {
2480 TEST_info("skipping, key '%s' is disabled", keyname);
2481 t->skip = 1;
2482 return 1;
2483 }
2484
2485 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
2486 EVP_PKEY_free(pkey);
2487 return 0;
2488 }
2489 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) {
2490 EVP_PKEY_free(pkey);
2491 OPENSSL_free(kdata);
2492 return 0;
2493 }
2494 t->data = kdata;
2495 return 1;
2496 }
2497
pkey_test_init(EVP_TEST * t,const char * name,int use_public,int (* keyopinit)(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[]),int (* keyop)(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen))2498 static int pkey_test_init(EVP_TEST *t, const char *name,
2499 int use_public,
2500 int (*keyopinit)(EVP_PKEY_CTX *ctx,
2501 const OSSL_PARAM params[]),
2502 int (*keyop)(EVP_PKEY_CTX *ctx,
2503 unsigned char *sig, size_t *siglen,
2504 const unsigned char *tbs,
2505 size_t tbslen))
2506 {
2507 PKEY_DATA *kdata = NULL;
2508 int rv = 0;
2509
2510 rv = pkey_test_init_keyctx(t, name, use_public);
2511 if (t->skip || !rv)
2512 return rv;
2513 kdata = t->data;
2514 kdata->keyopinit = keyopinit;
2515 kdata->keyop = keyop;
2516 kdata->init_controls = sk_OPENSSL_STRING_new_null();
2517 kdata->controls = sk_OPENSSL_STRING_new_null();
2518 return 1;
2519 }
2520
pkey_test_init_ex2(EVP_TEST * t,const char * name,int use_public,int (* keyopinit)(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM param[]),int (* keyop)(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen))2521 static int pkey_test_init_ex2(EVP_TEST *t, const char *name,
2522 int use_public,
2523 int (*keyopinit)(EVP_PKEY_CTX *ctx,
2524 EVP_SIGNATURE *algo,
2525 const OSSL_PARAM param[]),
2526 int (*keyop)(EVP_PKEY_CTX *ctx,
2527 unsigned char *sig, size_t *siglen,
2528 const unsigned char *tbs,
2529 size_t tbslen))
2530 {
2531 PKEY_DATA *kdata = NULL;
2532 int rv = 0;
2533 char algoname[OSSL_MAX_NAME_SIZE + 1];
2534 const char *p;
2535
2536 if ((p = strchr(name, ':')) == NULL
2537 || p == name || p[1] == '\0' || p - name > OSSL_MAX_NAME_SIZE) {
2538 TEST_info("Can't extract algorithm or key name from '%s'", name);
2539 return 0;
2540 }
2541 memcpy(algoname, name, p - name);
2542 algoname[p - name] = '\0';
2543
2544 if (is_pkey_disabled(algoname)) {
2545 t->skip = 1;
2546 return 1;
2547 }
2548
2549 rv = pkey_test_init_keyctx(t, /* keyname */ p + 1, use_public);
2550 if (t->skip || !rv)
2551 return rv;
2552 kdata = t->data;
2553 kdata->keyopinit_ex2 = keyopinit;
2554 kdata->keyop = keyop;
2555 if (!TEST_ptr(kdata->sigalgo
2556 = EVP_SIGNATURE_fetch(libctx, algoname, propquery))) {
2557 TEST_info("algoname = '%s'", algoname);
2558 return 0;
2559 }
2560 kdata->init_controls = sk_OPENSSL_STRING_new_null();
2561 kdata->controls = sk_OPENSSL_STRING_new_null();
2562 return 1;
2563 }
2564
pkey_test_cleanup(EVP_TEST * t)2565 static void pkey_test_cleanup(EVP_TEST *t)
2566 {
2567 PKEY_DATA *kdata = t->data;
2568
2569 ctrlfree(kdata->init_controls);
2570 ctrlfree(kdata->controls);
2571 OPENSSL_free(kdata->input);
2572 OPENSSL_free(kdata->output);
2573 EVP_PKEY_CTX_free(kdata->ctx);
2574 EVP_SIGNATURE_free(kdata->sigalgo);
2575 }
2576
pkey_test_ctrl(EVP_TEST * t,EVP_PKEY_CTX * pctx,const char * value)2577 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
2578 const char *value)
2579 {
2580 int rv = 0;
2581 char *p, *tmpval;
2582
2583 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
2584 return 0;
2585 p = strchr(tmpval, ':');
2586 if (p != NULL) {
2587 *p++ = '\0';
2588 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
2589 }
2590 if (rv == -2) {
2591 t->err = "PKEY_CTRL_INVALID";
2592 rv = 1;
2593 } else if (p != NULL && rv <= 0) {
2594 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
2595 TEST_info("skipping, '%s' is disabled", p);
2596 t->skip = 1;
2597 rv = 1;
2598 } else {
2599 t->err = "PKEY_CTRL_ERROR";
2600 rv = 1;
2601 }
2602 }
2603 OPENSSL_free(tmpval);
2604 return rv > 0;
2605 }
2606
pkey_add_control(EVP_TEST * t,STACK_OF (OPENSSL_STRING)* controls,const char * value)2607 static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls,
2608 const char *value)
2609 {
2610 char *p;
2611
2612 if (controls == NULL)
2613 return 0;
2614
2615 p = strchr(value, ':');
2616 if (p == NULL)
2617 return 0;
2618 p++;
2619 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
2620 TEST_info("skipping, '%s' is disabled", p);
2621 t->skip = 1;
2622 return 1;
2623 }
2624
2625 return ctrladd(controls, value) > 0;
2626 }
2627
pkey_test_parse(EVP_TEST * t,const char * keyword,const char * value)2628 static int pkey_test_parse(EVP_TEST *t,
2629 const char *keyword, const char *value)
2630 {
2631 PKEY_DATA *kdata = t->data;
2632 if (strcmp(keyword, "Input") == 0)
2633 return parse_bin(value, &kdata->input, &kdata->input_len);
2634 if (strcmp(keyword, "Output") == 0)
2635 return parse_bin(value, &kdata->output, &kdata->output_len);
2636 if (strcmp(keyword, "CtrlInit") == 0)
2637 return ctrladd(kdata->init_controls, value);
2638 if (strcmp(keyword, "Ctrl") == 0)
2639 return pkey_add_control(t, kdata->controls, value);
2640 return 0;
2641 }
2642
pkey_test_run_init(EVP_TEST * t)2643 static int pkey_test_run_init(EVP_TEST *t)
2644 {
2645 PKEY_DATA *data = t->data;
2646 int i, ret = 0;
2647 OSSL_PARAM params[5] = {
2648 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END,
2649 OSSL_PARAM_END, OSSL_PARAM_END
2650 };
2651 OSSL_PARAM *p = NULL;
2652 size_t params_n = 0, params_n_allocstart = 0;
2653
2654 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) {
2655 if (!ctrl2params(t, data->init_controls,
2656 NULL,
2657 params, OSSL_NELEM(params), ¶ms_n))
2658 goto err;
2659 p = params;
2660 }
2661 if (data->keyopinit != NULL) {
2662 if (data->keyopinit(data->ctx, p) <= 0) {
2663 t->err = "KEYOP_INIT_ERROR";
2664 goto err;
2665 }
2666 } else if (data->keyopinit_ex2 != NULL) {
2667 if (data->keyopinit_ex2(data->ctx, data->sigalgo, p) <= 0) {
2668 t->err = "KEYOP_INIT_ERROR";
2669 goto err;
2670 }
2671 } else {
2672 t->err = "KEYOP_INIT_ERROR";
2673 goto err;
2674 }
2675
2676 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) {
2677 char *value = sk_OPENSSL_STRING_value(data->controls, i);
2678
2679 if (!pkey_test_ctrl(t, data->ctx, value) || t->err != NULL)
2680 goto err;
2681 }
2682 ret = 1;
2683 err:
2684 ctrl2params_free(params, params_n, params_n_allocstart);
2685 return ret;
2686 }
2687
pkey_test_run(EVP_TEST * t)2688 static int pkey_test_run(EVP_TEST *t)
2689 {
2690 PKEY_DATA *expected = t->data;
2691 unsigned char *got = NULL;
2692 size_t got_len;
2693 EVP_PKEY_CTX *copy = NULL;
2694
2695 if (!pkey_test_run_init(t))
2696 goto err;
2697
2698 /* Make a copy of the EVP_PKEY context, for repeat use further down */
2699 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
2700 t->err = "INTERNAL_ERROR";
2701 goto err;
2702 }
2703
2704 if (expected->keyop(expected->ctx, NULL, &got_len,
2705 expected->input, expected->input_len)
2706 <= 0
2707 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
2708 t->err = "KEYOP_LENGTH_ERROR";
2709 goto err;
2710 }
2711 if (expected->keyop(expected->ctx, got, &got_len,
2712 expected->input, expected->input_len)
2713 <= 0) {
2714 t->err = "KEYOP_ERROR";
2715 goto err;
2716 }
2717
2718 if (!memory_err_compare(t, "KEYOP_MISMATCH",
2719 expected->output, expected->output_len,
2720 got, got_len))
2721 goto err;
2722
2723 t->err = NULL;
2724 OPENSSL_free(got);
2725 got = NULL;
2726
2727 /* Repeat the test on the EVP_PKEY context copy. */
2728 if (expected->keyop(copy, NULL, &got_len, expected->input,
2729 expected->input_len)
2730 <= 0
2731 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
2732 t->err = "KEYOP_LENGTH_ERROR";
2733 goto err;
2734 }
2735 if (expected->keyop(copy, got, &got_len, expected->input,
2736 expected->input_len)
2737 <= 0) {
2738 t->err = "KEYOP_ERROR";
2739 goto err;
2740 }
2741 if (!memory_err_compare(t, "KEYOP_MISMATCH",
2742 expected->output, expected->output_len,
2743 got, got_len))
2744 goto err;
2745
2746 if (pkey_check_fips_approved(expected->ctx, t) <= 0)
2747 goto err;
2748
2749 err:
2750 OPENSSL_free(got);
2751 EVP_PKEY_CTX_free(copy);
2752 return 1;
2753 }
2754
pkey_fromdata_test_init(EVP_TEST * t,const char * name)2755 static int pkey_fromdata_test_init(EVP_TEST *t, const char *name)
2756 {
2757 PKEY_DATA *kdata = NULL;
2758
2759 if (is_pkey_disabled(name)) {
2760 TEST_info("skipping, '%s' is disabled", name);
2761 t->skip = 1;
2762 return 1;
2763 }
2764
2765 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2766 return 0;
2767 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, "");
2768 if (kdata->ctx == NULL)
2769 goto err;
2770 if (EVP_PKEY_fromdata_init(kdata->ctx) <= 0)
2771 goto err;
2772 kdata->controls = sk_OPENSSL_STRING_new_null();
2773 if (kdata->controls == NULL)
2774 goto err;
2775 t->data = kdata;
2776 return 1;
2777 err:
2778 EVP_PKEY_CTX_free(kdata->ctx);
2779 OPENSSL_free(kdata);
2780 return 0;
2781 }
2782
pkey_fromdata_test_cleanup(EVP_TEST * t)2783 static void pkey_fromdata_test_cleanup(EVP_TEST *t)
2784 {
2785 PKEY_DATA *kdata = t->data;
2786
2787 ctrlfree(kdata->controls);
2788 EVP_PKEY_CTX_free(kdata->ctx);
2789 }
2790
pkey_fromdata_test_parse(EVP_TEST * t,const char * keyword,const char * value)2791 static int pkey_fromdata_test_parse(EVP_TEST *t,
2792 const char *keyword, const char *value)
2793 {
2794 PKEY_DATA *kdata = t->data;
2795
2796 if (strcmp(keyword, "Ctrl") == 0)
2797 return pkey_add_control(t, kdata->controls, value);
2798 return 0;
2799 }
2800
pkey_fromdata_test_run(EVP_TEST * t)2801 static int pkey_fromdata_test_run(EVP_TEST *t)
2802 {
2803 EVP_PKEY *key = NULL;
2804 PKEY_DATA *kdata = t->data;
2805 int ret = 0;
2806 static const OSSL_PARAM key_settable_ctx_params[] = {
2807 OSSL_PARAM_octet_string("priv", NULL, 0),
2808 OSSL_PARAM_octet_string("pub", NULL, 0),
2809 OSSL_PARAM_END
2810 };
2811 OSSL_PARAM params[5] = {
2812 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END,
2813 OSSL_PARAM_END, OSSL_PARAM_END
2814 };
2815 OSSL_PARAM *p = NULL;
2816 size_t params_n = 0, params_n_allocstart = 0;
2817
2818 if (sk_OPENSSL_STRING_num(kdata->controls) > 0) {
2819 if (!ctrl2params(t, kdata->controls, key_settable_ctx_params,
2820 params, OSSL_NELEM(params), ¶ms_n))
2821 goto err;
2822 p = params;
2823 }
2824
2825 ret = 1;
2826 if (EVP_PKEY_fromdata(kdata->ctx, &key, EVP_PKEY_KEYPAIR, p) <= 0) {
2827 t->err = "KEY_FROMDATA_ERROR";
2828 goto err;
2829 }
2830 err:
2831 ctrl2params_free(params, params_n, params_n_allocstart);
2832 EVP_PKEY_free(key);
2833 return ret;
2834 }
2835
2836 static const EVP_TEST_METHOD pkey_fromdata_test_method = {
2837 "KeyFromData",
2838 pkey_fromdata_test_init,
2839 pkey_fromdata_test_cleanup,
2840 pkey_fromdata_test_parse,
2841 pkey_fromdata_test_run
2842 };
2843
2844 /*
2845 * "Sign" implies EVP_PKEY_sign_init_ex2() if the argument is a colon-separated
2846 * pair, {algorithm}:{key}. If not, it implies EVP_PKEY_sign_init_ex()
2847 */
sign_test_init(EVP_TEST * t,const char * name)2848 static int sign_test_init(EVP_TEST *t, const char *name)
2849 {
2850 if (strchr(name, ':') != NULL)
2851 return pkey_test_init_ex2(t, name, 0,
2852 EVP_PKEY_sign_init_ex2, EVP_PKEY_sign);
2853 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init_ex, EVP_PKEY_sign);
2854 }
2855
2856 static const EVP_TEST_METHOD psign_test_method = {
2857 "Sign",
2858 sign_test_init,
2859 pkey_test_cleanup,
2860 pkey_test_parse,
2861 pkey_test_run
2862 };
2863
2864 /*
2865 * "Sign-Message" is like "Sign", but uses EVP_PKEY_sign_message_init()
2866 * The argument must be a colon separated pair, {algorithm}:{key}
2867 */
sign_test_message_init(EVP_TEST * t,const char * name)2868 static int sign_test_message_init(EVP_TEST *t, const char *name)
2869 {
2870 return pkey_test_init_ex2(t, name, 0,
2871 EVP_PKEY_sign_message_init, EVP_PKEY_sign);
2872 }
2873
2874 static const EVP_TEST_METHOD psign_message_test_method = {
2875 "Sign-Message",
2876 sign_test_message_init,
2877 pkey_test_cleanup,
2878 pkey_test_parse,
2879 pkey_test_run
2880 };
2881
2882 /*
2883 * "VerifyRecover" implies EVP_PKEY_verify_recover_init_ex2() if the argument is a
2884 * colon-separated pair, {algorithm}:{key}.
2885 * If not, it implies EVP_PKEY_verify_recover_init_ex()
2886 */
verify_recover_test_init(EVP_TEST * t,const char * name)2887 static int verify_recover_test_init(EVP_TEST *t, const char *name)
2888 {
2889 if (strchr(name, ':') != NULL)
2890 return pkey_test_init_ex2(t, name, 1,
2891 EVP_PKEY_verify_recover_init_ex2,
2892 EVP_PKEY_verify_recover);
2893 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init_ex,
2894 EVP_PKEY_verify_recover);
2895 }
2896
2897 static const EVP_TEST_METHOD pverify_recover_test_method = {
2898 "VerifyRecover",
2899 verify_recover_test_init,
2900 pkey_test_cleanup,
2901 pkey_test_parse,
2902 pkey_test_run
2903 };
2904
decrypt_test_init(EVP_TEST * t,const char * name)2905 static int decrypt_test_init(EVP_TEST *t, const char *name)
2906 {
2907 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init_ex,
2908 EVP_PKEY_decrypt);
2909 }
2910
2911 static const EVP_TEST_METHOD pdecrypt_test_method = {
2912 "Decrypt",
2913 decrypt_test_init,
2914 pkey_test_cleanup,
2915 pkey_test_parse,
2916 pkey_test_run
2917 };
2918
2919 /*
2920 * "Verify" implies EVP_PKEY_verify_init_ex2() if the argument is a
2921 * colon-separated pair, {algorithm}:{key}.
2922 * If not, it implies EVP_PKEY_verify_init_ex()
2923 */
verify_test_init(EVP_TEST * t,const char * name)2924 static int verify_test_init(EVP_TEST *t, const char *name)
2925 {
2926 if (strchr(name, ':') != NULL)
2927 return pkey_test_init_ex2(t, name, 1,
2928 EVP_PKEY_verify_init_ex2, NULL);
2929 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init_ex, NULL);
2930 }
2931
verify_test_run(EVP_TEST * t)2932 static int verify_test_run(EVP_TEST *t)
2933 {
2934 int ret = 1;
2935 PKEY_DATA *kdata = t->data;
2936
2937 if (!pkey_test_run_init(t))
2938 goto err;
2939 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
2940 kdata->input, kdata->input_len)
2941 <= 0) {
2942 t->err = "VERIFY_ERROR";
2943 goto err;
2944 }
2945 if (!pkey_check_fips_approved(kdata->ctx, t))
2946 ret = 0;
2947 err:
2948 return ret;
2949 }
2950
2951 static const EVP_TEST_METHOD pverify_test_method = {
2952 "Verify",
2953 verify_test_init,
2954 pkey_test_cleanup,
2955 pkey_test_parse,
2956 verify_test_run
2957 };
2958
2959 /*
2960 * "Verify-Message" is like "Verify", but uses EVP_PKEY_verify_message_init()
2961 * The argument must be a colon separated pair, {algorithm}:{key}
2962 */
verify_message_test_init(EVP_TEST * t,const char * name)2963 static int verify_message_test_init(EVP_TEST *t, const char *name)
2964 {
2965 return pkey_test_init_ex2(t, name, 0,
2966 EVP_PKEY_verify_message_init, NULL);
2967 }
2968
2969 static const EVP_TEST_METHOD pverify_message_test_method = {
2970 "Verify-Message",
2971 verify_message_test_init,
2972 pkey_test_cleanup,
2973 pkey_test_parse,
2974 verify_test_run
2975 };
2976
2977 /*
2978 * "Verify-Message-Public" is like "Verify-Message", but uses a public key
2979 * instead of a private key.
2980 * The argument must be a colon separated pair, {algorithm}:{key}
2981 */
verify_message_public_test_init(EVP_TEST * t,const char * name)2982 static int verify_message_public_test_init(EVP_TEST *t, const char *name)
2983 {
2984 return pkey_test_init_ex2(t, name, 1,
2985 EVP_PKEY_verify_message_init, NULL);
2986 }
2987
2988 static const EVP_TEST_METHOD pverify_message_public_test_method = {
2989 "Verify-Message-Public",
2990 verify_message_public_test_init,
2991 pkey_test_cleanup,
2992 pkey_test_parse,
2993 verify_test_run
2994 };
2995
pderive_test_init(EVP_TEST * t,const char * name)2996 static int pderive_test_init(EVP_TEST *t, const char *name)
2997 {
2998 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init_ex, 0);
2999 }
3000
pderive_test_parse(EVP_TEST * t,const char * keyword,const char * value)3001 static int pderive_test_parse(EVP_TEST *t,
3002 const char *keyword, const char *value)
3003 {
3004 PKEY_DATA *kdata = t->data;
3005 int validate = 0;
3006
3007 if (strcmp(keyword, "PeerKeyValidate") == 0)
3008 validate = 1;
3009
3010 if (validate || strcmp(keyword, "PeerKey") == 0) {
3011 EVP_PKEY *peer = NULL;
3012
3013 kdata->validate = validate;
3014 if (find_key(&peer, value, public_keys) == 0)
3015 return -1;
3016 kdata->peer = peer;
3017 return 1;
3018 }
3019 if (strcmp(keyword, "SharedSecret") == 0)
3020 return parse_bin(value, &kdata->output, &kdata->output_len);
3021 if (strcmp(keyword, "Ctrl") == 0)
3022 return pkey_add_control(t, kdata->controls, value);
3023 if (strcmp(keyword, "CtrlInit") == 0)
3024 return ctrladd(kdata->init_controls, value);
3025 return 0;
3026 }
3027
pderive_test_run(EVP_TEST * t)3028 static int pderive_test_run(EVP_TEST *t)
3029 {
3030 EVP_PKEY_CTX *dctx = NULL;
3031 PKEY_DATA *expected = t->data;
3032 unsigned char *got = NULL;
3033 size_t got_len;
3034 int ret = 1;
3035
3036 if (!pkey_test_run_init(t))
3037 goto err;
3038
3039 t->err = NULL;
3040 if (EVP_PKEY_derive_set_peer_ex(expected->ctx, expected->peer,
3041 expected->validate)
3042 <= 0) {
3043 t->err = "DERIVE_SET_PEER_ERROR";
3044 goto err;
3045 }
3046
3047 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
3048 t->err = "DERIVE_ERROR";
3049 goto err;
3050 }
3051
3052 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
3053 || !TEST_size_t_ne(got_len, 0)) {
3054 t->err = "DERIVE_ERROR";
3055 goto err;
3056 }
3057 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3058 t->err = "DERIVE_ERROR";
3059 goto err;
3060 }
3061 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
3062 t->err = "DERIVE_ERROR";
3063 goto err;
3064 }
3065 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
3066 expected->output, expected->output_len,
3067 got, got_len))
3068 goto err;
3069
3070 if (!pkey_check_fips_approved(dctx, t)) {
3071 ret = 0;
3072 goto err;
3073 }
3074 t->err = NULL;
3075 err:
3076 OPENSSL_free(got);
3077 EVP_PKEY_CTX_free(dctx);
3078 return ret;
3079 }
3080
3081 static const EVP_TEST_METHOD pderive_test_method = {
3082 "Derive",
3083 pderive_test_init,
3084 pkey_test_cleanup,
3085 pderive_test_parse,
3086 pderive_test_run
3087 };
3088
3089 /**
3090 ** PBE TESTS
3091 **/
3092
3093 typedef enum pbe_type_enum {
3094 PBE_TYPE_INVALID = 0,
3095 PBE_TYPE_SCRYPT,
3096 PBE_TYPE_PBKDF2,
3097 PBE_TYPE_PKCS12
3098 } PBE_TYPE;
3099
3100 typedef struct pbe_data_st {
3101 PBE_TYPE pbe_type;
3102 /* scrypt parameters */
3103 uint64_t N, r, p, maxmem;
3104 /* PKCS#12 parameters */
3105 int id, iter;
3106 const EVP_MD *md;
3107 /* password */
3108 unsigned char *pass;
3109 size_t pass_len;
3110 /* salt */
3111 unsigned char *salt;
3112 size_t salt_len;
3113 /* Expected output */
3114 unsigned char *key;
3115 size_t key_len;
3116 } PBE_DATA;
3117
3118 #ifndef OPENSSL_NO_SCRYPT
3119 /* Parse unsigned decimal 64 bit integer value */
parse_uint64(const char * value,uint64_t * pr)3120 static int parse_uint64(const char *value, uint64_t *pr)
3121 {
3122 const char *p = value;
3123
3124 if (!TEST_true(*p)) {
3125 TEST_info("Invalid empty integer value");
3126 return -1;
3127 }
3128 for (*pr = 0; *p;) {
3129 if (*pr > UINT64_MAX / 10) {
3130 TEST_error("Integer overflow in string %s", value);
3131 return -1;
3132 }
3133 *pr *= 10;
3134 if (!TEST_true(isdigit((unsigned char)*p))) {
3135 TEST_error("Invalid character in string %s", value);
3136 return -1;
3137 }
3138 *pr += *p - '0';
3139 p++;
3140 }
3141 return 1;
3142 }
3143
scrypt_test_parse(EVP_TEST * t,const char * keyword,const char * value)3144 static int scrypt_test_parse(EVP_TEST *t,
3145 const char *keyword, const char *value)
3146 {
3147 PBE_DATA *pdata = t->data;
3148
3149 if (strcmp(keyword, "N") == 0)
3150 return parse_uint64(value, &pdata->N);
3151 if (strcmp(keyword, "p") == 0)
3152 return parse_uint64(value, &pdata->p);
3153 if (strcmp(keyword, "r") == 0)
3154 return parse_uint64(value, &pdata->r);
3155 if (strcmp(keyword, "maxmem") == 0)
3156 return parse_uint64(value, &pdata->maxmem);
3157 return 0;
3158 }
3159 #endif
3160
pbkdf2_test_parse(EVP_TEST * t,const char * keyword,const char * value)3161 static int pbkdf2_test_parse(EVP_TEST *t,
3162 const char *keyword, const char *value)
3163 {
3164 PBE_DATA *pdata = t->data;
3165
3166 if (strcmp(keyword, "iter") == 0) {
3167 pdata->iter = atoi(value);
3168 if (pdata->iter <= 0)
3169 return -1;
3170 return 1;
3171 }
3172 if (strcmp(keyword, "MD") == 0) {
3173 pdata->md = EVP_get_digestbyname(value);
3174 if (pdata->md == NULL)
3175 return -1;
3176 return 1;
3177 }
3178 return 0;
3179 }
3180
pkcs12_test_parse(EVP_TEST * t,const char * keyword,const char * value)3181 static int pkcs12_test_parse(EVP_TEST *t,
3182 const char *keyword, const char *value)
3183 {
3184 PBE_DATA *pdata = t->data;
3185
3186 if (strcmp(keyword, "id") == 0) {
3187 pdata->id = atoi(value);
3188 if (pdata->id <= 0)
3189 return -1;
3190 return 1;
3191 }
3192 return pbkdf2_test_parse(t, keyword, value);
3193 }
3194
pbe_test_init(EVP_TEST * t,const char * alg)3195 static int pbe_test_init(EVP_TEST *t, const char *alg)
3196 {
3197 PBE_DATA *pdat;
3198 PBE_TYPE pbe_type = PBE_TYPE_INVALID;
3199
3200 if (is_kdf_disabled(alg)) {
3201 TEST_info("skipping, '%s' is disabled", alg);
3202 t->skip = 1;
3203 return 1;
3204 }
3205 if (strcmp(alg, "scrypt") == 0) {
3206 pbe_type = PBE_TYPE_SCRYPT;
3207 } else if (strcmp(alg, "pbkdf2") == 0) {
3208 pbe_type = PBE_TYPE_PBKDF2;
3209 } else if (strcmp(alg, "pkcs12") == 0) {
3210 pbe_type = PBE_TYPE_PKCS12;
3211 } else {
3212 TEST_error("Unknown pbe algorithm %s", alg);
3213 return 0;
3214 }
3215 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
3216 return 0;
3217 pdat->pbe_type = pbe_type;
3218 t->data = pdat;
3219 return 1;
3220 }
3221
pbe_test_cleanup(EVP_TEST * t)3222 static void pbe_test_cleanup(EVP_TEST *t)
3223 {
3224 PBE_DATA *pdat = t->data;
3225
3226 OPENSSL_free(pdat->pass);
3227 OPENSSL_free(pdat->salt);
3228 OPENSSL_free(pdat->key);
3229 }
3230
pbe_test_parse(EVP_TEST * t,const char * keyword,const char * value)3231 static int pbe_test_parse(EVP_TEST *t,
3232 const char *keyword, const char *value)
3233 {
3234 PBE_DATA *pdata = t->data;
3235
3236 if (strcmp(keyword, "Password") == 0)
3237 return parse_bin(value, &pdata->pass, &pdata->pass_len);
3238 if (strcmp(keyword, "Salt") == 0)
3239 return parse_bin(value, &pdata->salt, &pdata->salt_len);
3240 if (strcmp(keyword, "Key") == 0)
3241 return parse_bin(value, &pdata->key, &pdata->key_len);
3242 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
3243 return pbkdf2_test_parse(t, keyword, value);
3244 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
3245 return pkcs12_test_parse(t, keyword, value);
3246 #ifndef OPENSSL_NO_SCRYPT
3247 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
3248 return scrypt_test_parse(t, keyword, value);
3249 #endif
3250 return 0;
3251 }
3252
pbe_test_run(EVP_TEST * t)3253 static int pbe_test_run(EVP_TEST *t)
3254 {
3255 PBE_DATA *expected = t->data;
3256 unsigned char *key;
3257 EVP_MD *fetched_digest = NULL;
3258 OSSL_LIB_CTX *save_libctx;
3259
3260 save_libctx = OSSL_LIB_CTX_set0_default(libctx);
3261
3262 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
3263 t->err = "INTERNAL_ERROR";
3264 goto err;
3265 }
3266 if (expected->pbe_type == PBE_TYPE_PBKDF2) {
3267 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
3268 expected->salt, expected->salt_len,
3269 expected->iter, expected->md,
3270 expected->key_len, key)
3271 == 0) {
3272 t->err = "PBKDF2_ERROR";
3273 goto err;
3274 }
3275 #ifndef OPENSSL_NO_SCRYPT
3276 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
3277 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
3278 expected->salt, expected->salt_len,
3279 expected->N, expected->r, expected->p,
3280 expected->maxmem, key, expected->key_len)
3281 == 0) {
3282 t->err = "SCRYPT_ERROR";
3283 goto err;
3284 }
3285 #endif
3286 } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
3287 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
3288 propquery);
3289 if (fetched_digest == NULL) {
3290 t->err = "PKCS12_ERROR";
3291 goto err;
3292 }
3293 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
3294 expected->salt, expected->salt_len,
3295 expected->id, expected->iter, expected->key_len,
3296 key, fetched_digest)
3297 == 0) {
3298 t->err = "PKCS12_ERROR";
3299 goto err;
3300 }
3301 }
3302 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
3303 key, expected->key_len))
3304 goto err;
3305
3306 t->err = NULL;
3307 err:
3308 EVP_MD_free(fetched_digest);
3309 OPENSSL_free(key);
3310 OSSL_LIB_CTX_set0_default(save_libctx);
3311 return 1;
3312 }
3313
3314 static const EVP_TEST_METHOD pbe_test_method = {
3315 "PBE",
3316 pbe_test_init,
3317 pbe_test_cleanup,
3318 pbe_test_parse,
3319 pbe_test_run
3320 };
3321
3322 /**
3323 ** BASE64 TESTS
3324 **/
3325
3326 typedef enum {
3327 BASE64_CANONICAL_ENCODING = 0,
3328 BASE64_VALID_ENCODING = 1,
3329 BASE64_INVALID_ENCODING = 2
3330 } base64_encoding_type;
3331
3332 typedef struct encode_data_st {
3333 /* Input to encoding */
3334 unsigned char *input;
3335 size_t input_len;
3336 /* Expected output */
3337 unsigned char *output;
3338 size_t output_len;
3339 base64_encoding_type encoding;
3340 } ENCODE_DATA;
3341
encode_test_init(EVP_TEST * t,const char * encoding)3342 static int encode_test_init(EVP_TEST *t, const char *encoding)
3343 {
3344 ENCODE_DATA *edata;
3345
3346 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
3347 return 0;
3348 if (strcmp(encoding, "canonical") == 0) {
3349 edata->encoding = BASE64_CANONICAL_ENCODING;
3350 } else if (strcmp(encoding, "valid") == 0) {
3351 edata->encoding = BASE64_VALID_ENCODING;
3352 } else if (strcmp(encoding, "invalid") == 0) {
3353 edata->encoding = BASE64_INVALID_ENCODING;
3354 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
3355 goto err;
3356 } else {
3357 TEST_error("Bad encoding: %s."
3358 " Should be one of {canonical, valid, invalid}",
3359 encoding);
3360 goto err;
3361 }
3362 t->data = edata;
3363 return 1;
3364 err:
3365 OPENSSL_free(edata);
3366 return 0;
3367 }
3368
encode_test_cleanup(EVP_TEST * t)3369 static void encode_test_cleanup(EVP_TEST *t)
3370 {
3371 ENCODE_DATA *edata = t->data;
3372
3373 OPENSSL_free(edata->input);
3374 OPENSSL_free(edata->output);
3375 memset(edata, 0, sizeof(*edata));
3376 }
3377
encode_test_parse(EVP_TEST * t,const char * keyword,const char * value)3378 static int encode_test_parse(EVP_TEST *t,
3379 const char *keyword, const char *value)
3380 {
3381 ENCODE_DATA *edata = t->data;
3382
3383 if (strcmp(keyword, "Input") == 0)
3384 return parse_bin(value, &edata->input, &edata->input_len);
3385 if (strcmp(keyword, "Output") == 0)
3386 return parse_bin(value, &edata->output, &edata->output_len);
3387 return 0;
3388 }
3389
encode_test_run(EVP_TEST * t)3390 static int encode_test_run(EVP_TEST *t)
3391 {
3392 ENCODE_DATA *expected = t->data;
3393 unsigned char *encode_out = NULL, *decode_out = NULL;
3394 int output_len, chunk_len;
3395 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
3396 size_t input_len, donelen, decode_length;
3397
3398 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
3399 t->err = "INTERNAL_ERROR";
3400 goto err;
3401 }
3402
3403 if (expected->encoding == BASE64_CANONICAL_ENCODING) {
3404
3405 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
3406 || !TEST_ptr(encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
3407 goto err;
3408
3409 EVP_EncodeInit(encode_ctx);
3410
3411 input_len = expected->input_len;
3412 donelen = 0;
3413 output_len = 0;
3414 do {
3415 size_t current_len = (size_t)data_chunk_size;
3416
3417 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len)
3418 current_len = input_len;
3419 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
3420 expected->input + donelen,
3421 current_len)))
3422 goto err;
3423 donelen += current_len;
3424 input_len -= current_len;
3425 output_len += chunk_len;
3426 } while (input_len > 0);
3427
3428 EVP_EncodeFinal(encode_ctx, encode_out + output_len, &chunk_len);
3429 output_len += chunk_len;
3430
3431 if (!memory_err_compare(t, "BAD_ENCODING",
3432 expected->output, expected->output_len,
3433 encode_out, output_len))
3434 goto err;
3435 }
3436
3437 decode_length = EVP_DECODE_LENGTH(expected->output_len);
3438 if (!TEST_ptr(decode_out = OPENSSL_malloc(decode_length)))
3439 goto err;
3440 /*
3441 * Fill memory with non-zeros
3442 * to check that decoding does not place redundant zeros.
3443 */
3444 memset(decode_out, 0xff, decode_length);
3445
3446 output_len = 0;
3447 EVP_DecodeInit(decode_ctx);
3448
3449 input_len = expected->output_len;
3450 donelen = 0;
3451 do {
3452 size_t current_len = (size_t)data_chunk_size;
3453
3454 if (data_chunk_size == 0 || (size_t)data_chunk_size > input_len)
3455 current_len = input_len;
3456 if (EVP_DecodeUpdate(decode_ctx, decode_out + output_len, &chunk_len,
3457 expected->output + donelen, current_len)
3458 < 0) {
3459 t->err = "DECODE_ERROR";
3460 goto err;
3461 }
3462 donelen += current_len;
3463 input_len -= current_len;
3464 output_len += chunk_len;
3465 } while (input_len > 0);
3466
3467 if (EVP_DecodeFinal(decode_ctx, decode_out + output_len, &chunk_len) != 1) {
3468 t->err = "DECODE_ERROR";
3469 goto err;
3470 }
3471 output_len += chunk_len;
3472
3473 if (expected->encoding != BASE64_INVALID_ENCODING
3474 && !memory_err_compare(t, "BAD_DECODING",
3475 expected->input, expected->input_len,
3476 decode_out, output_len)) {
3477 t->err = "BAD_DECODING";
3478 goto err;
3479 }
3480
3481 for (; output_len < (int)decode_length; output_len++) {
3482 if (decode_out[output_len] != 0xff) {
3483 t->err = "BAD_DECODING";
3484 goto err;
3485 }
3486 }
3487
3488 t->err = NULL;
3489 err:
3490 OPENSSL_free(encode_out);
3491 OPENSSL_free(decode_out);
3492 EVP_ENCODE_CTX_free(decode_ctx);
3493 EVP_ENCODE_CTX_free(encode_ctx);
3494 return 1;
3495 }
3496
3497 static const EVP_TEST_METHOD encode_test_method = {
3498 "Encoding",
3499 encode_test_init,
3500 encode_test_cleanup,
3501 encode_test_parse,
3502 encode_test_run,
3503 };
3504
3505 /**
3506 ** RAND TESTS
3507 **/
3508 #define MAX_RAND_REPEATS 15
3509
3510 typedef struct rand_data_pass_st {
3511 unsigned char *entropy;
3512 unsigned char *reseed_entropy;
3513 unsigned char *nonce;
3514 unsigned char *pers;
3515 unsigned char *reseed_addin;
3516 unsigned char *addinA;
3517 unsigned char *addinB;
3518 unsigned char *pr_entropyA;
3519 unsigned char *pr_entropyB;
3520 unsigned char *output;
3521 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
3522 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
3523 reseed_addin_len;
3524 } RAND_DATA_PASS;
3525
3526 typedef struct rand_data_st {
3527 /* Context for this operation */
3528 EVP_RAND_CTX *ctx;
3529 EVP_RAND_CTX *parent;
3530 int n;
3531 int prediction_resistance;
3532 int use_df;
3533 unsigned int generate_bits;
3534 char *cipher;
3535 char *digest;
3536 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
3537
3538 /* Expected output */
3539 RAND_DATA_PASS data[MAX_RAND_REPEATS];
3540 } RAND_DATA;
3541
rand_test_init(EVP_TEST * t,const char * name)3542 static int rand_test_init(EVP_TEST *t, const char *name)
3543 {
3544 RAND_DATA *rdata;
3545 EVP_RAND *rand;
3546 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3547 unsigned int strength = 256;
3548
3549 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
3550 return 0;
3551
3552 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
3553 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
3554 if (rand == NULL)
3555 goto err;
3556 rdata->parent = EVP_RAND_CTX_new(rand, NULL);
3557 EVP_RAND_free(rand);
3558 if (rdata->parent == NULL)
3559 goto err;
3560
3561 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
3562 if (!EVP_RAND_CTX_set_params(rdata->parent, params))
3563 goto err;
3564
3565 rand = EVP_RAND_fetch(libctx, name, propquery);
3566 if (rand == NULL)
3567 goto err;
3568 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
3569 EVP_RAND_free(rand);
3570 if (rdata->ctx == NULL)
3571 goto err;
3572 rdata->init_controls = sk_OPENSSL_STRING_new_null();
3573
3574 rdata->n = -1;
3575 t->data = rdata;
3576 return 1;
3577 err:
3578 EVP_RAND_CTX_free(rdata->parent);
3579 OPENSSL_free(rdata);
3580 return 0;
3581 }
3582
rand_test_cleanup(EVP_TEST * t)3583 static void rand_test_cleanup(EVP_TEST *t)
3584 {
3585 RAND_DATA *rdata = t->data;
3586 int i;
3587
3588 ctrlfree(rdata->init_controls);
3589 OPENSSL_free(rdata->cipher);
3590 OPENSSL_free(rdata->digest);
3591
3592 for (i = 0; i <= rdata->n; i++) {
3593 OPENSSL_free(rdata->data[i].entropy);
3594 OPENSSL_free(rdata->data[i].reseed_entropy);
3595 OPENSSL_free(rdata->data[i].nonce);
3596 OPENSSL_free(rdata->data[i].pers);
3597 OPENSSL_free(rdata->data[i].reseed_addin);
3598 OPENSSL_free(rdata->data[i].addinA);
3599 OPENSSL_free(rdata->data[i].addinB);
3600 OPENSSL_free(rdata->data[i].pr_entropyA);
3601 OPENSSL_free(rdata->data[i].pr_entropyB);
3602 OPENSSL_free(rdata->data[i].output);
3603 }
3604 EVP_RAND_CTX_free(rdata->ctx);
3605 EVP_RAND_CTX_free(rdata->parent);
3606 }
3607
rand_test_parse(EVP_TEST * t,const char * keyword,const char * value)3608 static int rand_test_parse(EVP_TEST *t,
3609 const char *keyword, const char *value)
3610 {
3611 RAND_DATA *rdata = t->data;
3612 RAND_DATA_PASS *item;
3613 const char *p;
3614 int n;
3615
3616 if ((p = strchr(keyword, '.')) != NULL) {
3617 n = atoi(++p);
3618 if (n >= MAX_RAND_REPEATS)
3619 return 0;
3620 if (n > rdata->n)
3621 rdata->n = n;
3622 item = rdata->data + n;
3623 if (HAS_PREFIX(keyword, "Entropy."))
3624 return parse_bin(value, &item->entropy, &item->entropy_len);
3625 if (HAS_PREFIX(keyword, "ReseedEntropy."))
3626 return parse_bin(value, &item->reseed_entropy,
3627 &item->reseed_entropy_len);
3628 if (HAS_PREFIX(keyword, "Nonce."))
3629 return parse_bin(value, &item->nonce, &item->nonce_len);
3630 if (HAS_PREFIX(keyword, "PersonalisationString."))
3631 return parse_bin(value, &item->pers, &item->pers_len);
3632 if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
3633 return parse_bin(value, &item->reseed_addin,
3634 &item->reseed_addin_len);
3635 if (HAS_PREFIX(keyword, "AdditionalInputA."))
3636 return parse_bin(value, &item->addinA, &item->addinA_len);
3637 if (HAS_PREFIX(keyword, "AdditionalInputB."))
3638 return parse_bin(value, &item->addinB, &item->addinB_len);
3639 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
3640 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
3641 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
3642 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
3643 if (HAS_PREFIX(keyword, "Output."))
3644 return parse_bin(value, &item->output, &item->output_len);
3645 } else {
3646 if (strcmp(keyword, "Cipher") == 0)
3647 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
3648 if (strcmp(keyword, "Digest") == 0)
3649 return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
3650 if (strcmp(keyword, "DerivationFunction") == 0) {
3651 rdata->use_df = atoi(value) != 0;
3652 return 1;
3653 }
3654 if (strcmp(keyword, "GenerateBits") == 0) {
3655 if ((n = atoi(value)) <= 0 || n % 8 != 0)
3656 return 0;
3657 rdata->generate_bits = (unsigned int)n;
3658 return 1;
3659 }
3660 if (strcmp(keyword, "PredictionResistance") == 0) {
3661 rdata->prediction_resistance = atoi(value) != 0;
3662 return 1;
3663 }
3664 if (strcmp(keyword, "CtrlInit") == 0)
3665 return ctrladd(rdata->init_controls, value);
3666 }
3667 return 0;
3668 }
3669
rand_test_run(EVP_TEST * t)3670 static int rand_test_run(EVP_TEST *t)
3671 {
3672 RAND_DATA *expected = t->data;
3673 RAND_DATA_PASS *item;
3674 unsigned char *got;
3675 size_t got_len = expected->generate_bits / 8;
3676 OSSL_PARAM params[8], *p = params;
3677 int i = -1, ret = 0;
3678 unsigned int strength;
3679 unsigned char *z;
3680 size_t params_n = 0, params_allocated_n = 0;
3681
3682 if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
3683 return 0;
3684
3685 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) {
3686 if (!ctrl2params(t, expected->init_controls,
3687 NULL,
3688 params, OSSL_NELEM(params), ¶ms_n))
3689 goto err;
3690 }
3691 p = params + params_n;
3692
3693 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
3694 if (expected->cipher != NULL)
3695 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
3696 expected->cipher, 0);
3697 if (expected->digest != NULL)
3698 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
3699 expected->digest, 0);
3700 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
3701 *p = OSSL_PARAM_construct_end();
3702 if (!EVP_RAND_CTX_set_params(expected->ctx, params)) {
3703 if (t->expect_unapproved == 0) {
3704 t->err = "EVP_RAND_CTX_set_params";
3705 ret = 1;
3706 }
3707 goto err;
3708 }
3709 ctrl2params_free(params, params_n, params_allocated_n);
3710 params_n = 0;
3711
3712 strength = EVP_RAND_get_strength(expected->ctx);
3713 for (i = 0; i <= expected->n; i++) {
3714 item = expected->data + i;
3715
3716 p = params;
3717 z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
3718 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3719 z, item->entropy_len);
3720 z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
3721 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
3722 z, item->nonce_len);
3723 *p = OSSL_PARAM_construct_end();
3724 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
3725 0, NULL, 0, params)))
3726 goto err;
3727
3728 z = item->pers != NULL ? item->pers : (unsigned char *)"";
3729 if (!TEST_true(EVP_RAND_instantiate(expected->ctx, strength,
3730 expected->prediction_resistance, z,
3731 item->pers_len, NULL)))
3732 goto err;
3733
3734 if (item->reseed_entropy != NULL) {
3735 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
3736 item->reseed_entropy_len);
3737 params[1] = OSSL_PARAM_construct_end();
3738 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
3739 goto err;
3740
3741 if (!TEST_true(EVP_RAND_reseed(expected->ctx, expected->prediction_resistance,
3742 NULL, 0, item->reseed_addin,
3743 item->reseed_addin_len)))
3744 goto err;
3745 }
3746 if (item->pr_entropyA != NULL) {
3747 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
3748 item->pr_entropyA_len);
3749 params[1] = OSSL_PARAM_construct_end();
3750 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
3751 goto err;
3752 }
3753 if (!TEST_true(EVP_RAND_generate(expected->ctx, got, got_len,
3754 strength, expected->prediction_resistance,
3755 item->addinA, item->addinA_len)))
3756 goto err;
3757
3758 if (item->pr_entropyB != NULL) {
3759 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
3760 item->pr_entropyB_len);
3761 params[1] = OSSL_PARAM_construct_end();
3762 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
3763 goto err;
3764 }
3765 if (!TEST_true(EVP_RAND_generate(expected->ctx, got, got_len,
3766 strength, expected->prediction_resistance,
3767 item->addinB, item->addinB_len)))
3768 goto err;
3769 if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
3770 goto err;
3771 if (!rand_check_fips_approved(expected->ctx, t))
3772 goto err;
3773 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
3774 || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
3775 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
3776 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
3777 EVP_RAND_STATE_UNINITIALISED))
3778 goto err;
3779 }
3780 t->err = NULL;
3781 ret = 1;
3782
3783 err:
3784 if (ret == 0 && i >= 0)
3785 TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
3786 OPENSSL_free(got);
3787 ctrl2params_free(params, params_n, params_allocated_n);
3788 return ret;
3789 }
3790
3791 static const EVP_TEST_METHOD rand_test_method = {
3792 "RAND",
3793 rand_test_init,
3794 rand_test_cleanup,
3795 rand_test_parse,
3796 rand_test_run
3797 };
3798
3799 /**
3800 ** KDF TESTS
3801 **/
3802 typedef struct kdf_data_st {
3803 /* Context for this operation */
3804 EVP_KDF_CTX *ctx;
3805 /* Expected output */
3806 unsigned char *output;
3807 size_t output_len;
3808 OSSL_PARAM params[20];
3809 OSSL_PARAM *p;
3810 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
3811 } KDF_DATA;
3812
3813 /*
3814 * Perform public key operation setup: lookup key, allocated ctx and call
3815 * the appropriate initialisation function
3816 */
kdf_test_init(EVP_TEST * t,const char * name)3817 static int kdf_test_init(EVP_TEST *t, const char *name)
3818 {
3819 KDF_DATA *kdata;
3820 EVP_KDF *kdf;
3821
3822 if (is_kdf_disabled(name)) {
3823 TEST_info("skipping, '%s' is disabled", name);
3824 t->skip = 1;
3825 return 1;
3826 }
3827
3828 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
3829 return 0;
3830 kdata->p = kdata->params;
3831 *kdata->p = OSSL_PARAM_construct_end();
3832
3833 kdf = EVP_KDF_fetch(libctx, name, propquery);
3834 if (kdf == NULL) {
3835 OPENSSL_free(kdata);
3836 return 0;
3837 }
3838 kdata->ctx = EVP_KDF_CTX_new(kdf);
3839 EVP_KDF_free(kdf);
3840 if (kdata->ctx == NULL) {
3841 OPENSSL_free(kdata);
3842 return 0;
3843 }
3844 t->data = kdata;
3845 kdata->init_controls = sk_OPENSSL_STRING_new_null();
3846 return 1;
3847 }
3848
kdf_test_cleanup(EVP_TEST * t)3849 static void kdf_test_cleanup(EVP_TEST *t)
3850 {
3851 KDF_DATA *kdata = t->data;
3852 OSSL_PARAM *p;
3853
3854 ctrlfree(kdata->init_controls);
3855 for (p = kdata->params; p->key != NULL; p++)
3856 OPENSSL_free(p->data);
3857 OPENSSL_free(kdata->output);
3858 EVP_KDF_CTX_free(kdata->ctx);
3859 }
3860
kdf_test_ctrl(EVP_TEST * t,EVP_KDF_CTX * kctx,const char * value)3861 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
3862 const char *value)
3863 {
3864 KDF_DATA *kdata = t->data;
3865 int rv;
3866 char *p, *name;
3867 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
3868
3869 if (!TEST_ptr(name = OPENSSL_strdup(value)))
3870 return 0;
3871 p = strchr(name, ':');
3872 if (p == NULL)
3873 p = "";
3874 else
3875 *p++ = '\0';
3876
3877 if (strcmp(name, "r") == 0
3878 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3879 TEST_info("skipping, setting 'r' is unsupported");
3880 t->skip = 1;
3881 goto end;
3882 }
3883
3884 if (strcmp(name, "lanes") == 0
3885 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3886 TEST_info("skipping, setting 'lanes' is unsupported");
3887 t->skip = 1;
3888 goto end;
3889 }
3890
3891 if (strcmp(name, "iter") == 0
3892 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3893 TEST_info("skipping, setting 'iter' is unsupported");
3894 t->skip = 1;
3895 goto end;
3896 }
3897
3898 if (strcmp(name, "memcost") == 0
3899 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3900 TEST_info("skipping, setting 'memcost' is unsupported");
3901 t->skip = 1;
3902 goto end;
3903 }
3904
3905 if (strcmp(name, "secret") == 0
3906 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3907 TEST_info("skipping, setting 'secret' is unsupported");
3908 t->skip = 1;
3909 goto end;
3910 }
3911
3912 if (strcmp(name, "pass") == 0
3913 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3914 TEST_info("skipping, setting 'pass' is unsupported");
3915 t->skip = 1;
3916 goto end;
3917 }
3918
3919 if (strcmp(name, "ad") == 0
3920 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3921 TEST_info("skipping, setting 'ad' is unsupported");
3922 t->skip = 1;
3923 goto end;
3924 }
3925
3926 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
3927 strlen(p), NULL);
3928 *++kdata->p = OSSL_PARAM_construct_end();
3929 if (!rv) {
3930 t->err = "KDF_PARAM_ERROR";
3931 OPENSSL_free(name);
3932 return 0;
3933 }
3934 if (strcmp(name, "digest") == 0) {
3935 if (is_digest_disabled(p)) {
3936 TEST_info("skipping, '%s' is disabled", p);
3937 t->skip = 1;
3938 }
3939 goto end;
3940 }
3941
3942 if ((strcmp(name, "cipher") == 0
3943 || strcmp(name, "cekalg") == 0)
3944 && is_cipher_disabled(p)) {
3945 TEST_info("skipping, '%s' is disabled", p);
3946 t->skip = 1;
3947 goto end;
3948 }
3949 if ((strcmp(name, "mac") == 0)
3950 && is_mac_disabled(p)) {
3951 TEST_info("skipping, '%s' is disabled", p);
3952 t->skip = 1;
3953 }
3954 end:
3955 OPENSSL_free(name);
3956 return 1;
3957 }
3958
kdf_test_parse(EVP_TEST * t,const char * keyword,const char * value)3959 static int kdf_test_parse(EVP_TEST *t,
3960 const char *keyword, const char *value)
3961 {
3962 KDF_DATA *kdata = t->data;
3963
3964 if (strcmp(keyword, "Output") == 0)
3965 return parse_bin(value, &kdata->output, &kdata->output_len);
3966 if (strcmp(keyword, "CtrlInit") == 0)
3967 return ctrladd(kdata->init_controls, value);
3968 if (HAS_PREFIX(keyword, "Ctrl"))
3969 return kdf_test_ctrl(t, kdata->ctx, value);
3970 return 0;
3971 }
3972
kdf_test_run(EVP_TEST * t)3973 static int kdf_test_run(EVP_TEST *t)
3974 {
3975 int ret = 1;
3976 KDF_DATA *expected = t->data;
3977 unsigned char *got = NULL;
3978 size_t got_len = expected->output_len;
3979 EVP_KDF_CTX *ctx;
3980 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3981 size_t params_n = 0, params_allocated_n = 0;
3982
3983 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) {
3984 if (!ctrl2params(t, expected->init_controls,
3985 NULL,
3986 params, OSSL_NELEM(params), ¶ms_n))
3987 goto err;
3988 if (!EVP_KDF_CTX_set_params(expected->ctx, params)) {
3989 t->err = "KDF_CTRL_ERROR";
3990 goto err;
3991 }
3992 }
3993
3994 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
3995 t->err = "KDF_CTRL_ERROR";
3996 goto err;
3997 }
3998 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
3999 t->err = "INTERNAL_ERROR";
4000 goto err;
4001 }
4002 /* FIPS(3.0.0): can't dup KDF contexts #17572 */
4003 if (fips_provider_version_gt(libctx, 3, 0, 0)
4004 && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) {
4005 EVP_KDF_CTX_free(expected->ctx);
4006 expected->ctx = ctx;
4007 }
4008 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
4009 t->err = "KDF_DERIVE_ERROR";
4010 goto err;
4011 }
4012 if (!kdf_check_fips_approved(expected->ctx, t)) {
4013 ret = 0;
4014 goto err;
4015 }
4016 if (!memory_err_compare(t, "KDF_MISMATCH",
4017 expected->output, expected->output_len,
4018 got, got_len))
4019 goto err;
4020
4021 t->err = NULL;
4022
4023 err:
4024 ctrl2params_free(params, params_n, params_allocated_n);
4025 OPENSSL_free(got);
4026 return ret;
4027 }
4028
4029 static const EVP_TEST_METHOD kdf_test_method = {
4030 "KDF",
4031 kdf_test_init,
4032 kdf_test_cleanup,
4033 kdf_test_parse,
4034 kdf_test_run
4035 };
4036
4037 /**
4038 ** PKEY KDF TESTS
4039 **/
4040
4041 typedef struct pkey_kdf_data_st {
4042 /* Context for this operation */
4043 EVP_PKEY_CTX *ctx;
4044 /* Expected output */
4045 unsigned char *output;
4046 size_t output_len;
4047 } PKEY_KDF_DATA;
4048
4049 /*
4050 * Perform public key operation setup: lookup key, allocated ctx and call
4051 * the appropriate initialisation function
4052 */
pkey_kdf_test_init(EVP_TEST * t,const char * name)4053 static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
4054 {
4055 PKEY_KDF_DATA *kdata = NULL;
4056
4057 if (is_kdf_disabled(name)) {
4058 TEST_info("skipping, '%s' is disabled", name);
4059 t->skip = 1;
4060 return 1;
4061 }
4062
4063 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
4064 return 0;
4065
4066 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery);
4067 if (kdata->ctx == NULL
4068 || EVP_PKEY_derive_init(kdata->ctx) <= 0)
4069 goto err;
4070
4071 t->data = kdata;
4072 return 1;
4073 err:
4074 EVP_PKEY_CTX_free(kdata->ctx);
4075 OPENSSL_free(kdata);
4076 return 0;
4077 }
4078
pkey_kdf_test_cleanup(EVP_TEST * t)4079 static void pkey_kdf_test_cleanup(EVP_TEST *t)
4080 {
4081 PKEY_KDF_DATA *kdata = t->data;
4082
4083 OPENSSL_free(kdata->output);
4084 EVP_PKEY_CTX_free(kdata->ctx);
4085 }
4086
pkey_kdf_test_parse(EVP_TEST * t,const char * keyword,const char * value)4087 static int pkey_kdf_test_parse(EVP_TEST *t,
4088 const char *keyword, const char *value)
4089 {
4090 PKEY_KDF_DATA *kdata = t->data;
4091
4092 if (strcmp(keyword, "Output") == 0)
4093 return parse_bin(value, &kdata->output, &kdata->output_len);
4094 if (HAS_PREFIX(keyword, "Ctrl"))
4095 return pkey_test_ctrl(t, kdata->ctx, value);
4096 return 0;
4097 }
4098
pkey_kdf_test_run(EVP_TEST * t)4099 static int pkey_kdf_test_run(EVP_TEST *t)
4100 {
4101 int ret = 1;
4102 PKEY_KDF_DATA *expected = t->data;
4103 unsigned char *got = NULL;
4104 size_t got_len = 0;
4105
4106 if (fips_provider_version_eq(libctx, 3, 0, 0)) {
4107 /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */
4108 got_len = expected->output_len;
4109 } else {
4110 /* Find out the KDF output size */
4111 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
4112 t->err = "INTERNAL_ERROR";
4113 goto err;
4114 }
4115
4116 /*
4117 * We may get an absurd output size, which signals that anything goes.
4118 * If not, we specify a too big buffer for the output, to test that
4119 * EVP_PKEY_derive() can cope with it.
4120 */
4121 if (got_len == SIZE_MAX || got_len == 0)
4122 got_len = expected->output_len;
4123 else
4124 got_len = expected->output_len * 2;
4125 }
4126
4127 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
4128 t->err = "INTERNAL_ERROR";
4129 goto err;
4130 }
4131 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
4132 t->err = "KDF_DERIVE_ERROR";
4133 goto err;
4134 }
4135 if (!pkey_check_fips_approved(expected->ctx, t)) {
4136 ret = 0;
4137 goto err;
4138 }
4139 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
4140 t->err = "KDF_MISMATCH";
4141 goto err;
4142 }
4143 t->err = NULL;
4144
4145 err:
4146 OPENSSL_free(got);
4147 return ret;
4148 }
4149
4150 static const EVP_TEST_METHOD pkey_kdf_test_method = {
4151 "PKEYKDF",
4152 pkey_kdf_test_init,
4153 pkey_kdf_test_cleanup,
4154 pkey_kdf_test_parse,
4155 pkey_kdf_test_run
4156 };
4157
4158 /**
4159 ** KEYPAIR TESTS
4160 **/
4161
4162 typedef struct keypair_test_data_st {
4163 EVP_PKEY *privk;
4164 EVP_PKEY *pubk;
4165 } KEYPAIR_TEST_DATA;
4166
keypair_test_init(EVP_TEST * t,const char * pair)4167 static int keypair_test_init(EVP_TEST *t, const char *pair)
4168 {
4169 KEYPAIR_TEST_DATA *data;
4170 int rv = 0;
4171 EVP_PKEY *pk = NULL, *pubk = NULL;
4172 char *pub, *priv = NULL;
4173
4174 /* Split private and public names. */
4175 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
4176 || !TEST_ptr(pub = strchr(priv, ':'))) {
4177 t->err = "PARSING_ERROR";
4178 goto end;
4179 }
4180 *pub++ = '\0';
4181
4182 if (!TEST_true(find_key(&pk, priv, private_keys))) {
4183 TEST_info("Can't find private key: %s", priv);
4184 t->err = "MISSING_PRIVATE_KEY";
4185 goto end;
4186 }
4187 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
4188 TEST_info("Can't find public key: %s", pub);
4189 t->err = "MISSING_PUBLIC_KEY";
4190 goto end;
4191 }
4192
4193 if (pk == NULL && pubk == NULL) {
4194 /* Both keys are listed but unsupported: skip this test */
4195 t->skip = 1;
4196 rv = 1;
4197 goto end;
4198 }
4199
4200 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
4201 goto end;
4202 data->privk = pk;
4203 data->pubk = pubk;
4204 t->data = data;
4205 rv = 1;
4206 t->err = NULL;
4207
4208 end:
4209 OPENSSL_free(priv);
4210 return rv;
4211 }
4212
keypair_test_cleanup(EVP_TEST * t)4213 static void keypair_test_cleanup(EVP_TEST *t)
4214 {
4215 OPENSSL_free(t->data);
4216 t->data = NULL;
4217 }
4218
4219 /*
4220 * For tests that do not accept any custom keywords.
4221 */
void_test_parse(EVP_TEST * t,const char * keyword,const char * value)4222 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
4223 {
4224 return 0;
4225 }
4226
keypair_test_run(EVP_TEST * t)4227 static int keypair_test_run(EVP_TEST *t)
4228 {
4229 int rv = 0;
4230 const KEYPAIR_TEST_DATA *pair = t->data;
4231
4232 if (pair->privk == NULL || pair->pubk == NULL) {
4233 /*
4234 * this can only happen if only one of the keys is not set
4235 * which means that one of them was unsupported while the
4236 * other isn't: hence a key type mismatch.
4237 */
4238 t->err = "KEYPAIR_TYPE_MISMATCH";
4239 rv = 1;
4240 goto end;
4241 }
4242
4243 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) {
4244 if (0 == rv) {
4245 t->err = "KEYPAIR_MISMATCH";
4246 } else if (-1 == rv) {
4247 t->err = "KEYPAIR_TYPE_MISMATCH";
4248 } else if (-2 == rv) {
4249 t->err = "UNSUPPORTED_KEY_COMPARISON";
4250 } else {
4251 TEST_error("Unexpected error in key comparison");
4252 rv = 0;
4253 goto end;
4254 }
4255 rv = 1;
4256 goto end;
4257 }
4258
4259 rv = 1;
4260 t->err = NULL;
4261
4262 end:
4263 return rv;
4264 }
4265
4266 static const EVP_TEST_METHOD keypair_test_method = {
4267 "PrivPubKeyPair",
4268 keypair_test_init,
4269 keypair_test_cleanup,
4270 void_test_parse,
4271 keypair_test_run
4272 };
4273
4274 /**
4275 ** KEYGEN TEST
4276 **/
4277
4278 typedef struct keygen_test_data_st {
4279 char *keyname; /* Key name to store key or NULL */
4280 char *paramname;
4281 char *alg;
4282 STACK_OF(OPENSSL_STRING) *in_controls; /* Collection of controls */
4283 STACK_OF(OPENSSL_STRING) *out_controls;
4284 } KEYGEN_TEST_DATA;
4285
keygen_test_init(EVP_TEST * t,const char * alg)4286 static int keygen_test_init(EVP_TEST *t, const char *alg)
4287 {
4288 KEYGEN_TEST_DATA *data;
4289
4290 if (is_pkey_disabled(alg)) {
4291 t->skip = 1;
4292 return 1;
4293 }
4294
4295 if (!TEST_ptr(data = OPENSSL_zalloc(sizeof(*data))))
4296 return 0;
4297 data->keyname = NULL;
4298 data->paramname = NULL;
4299 data->in_controls = sk_OPENSSL_STRING_new_null();
4300 data->out_controls = sk_OPENSSL_STRING_new_null();
4301 data->alg = OPENSSL_strdup(alg);
4302 t->data = data;
4303 t->err = NULL;
4304 return 1;
4305 }
4306
keygen_test_cleanup(EVP_TEST * t)4307 static void keygen_test_cleanup(EVP_TEST *t)
4308 {
4309 KEYGEN_TEST_DATA *keygen = t->data;
4310
4311 ctrlfree(keygen->in_controls);
4312 ctrlfree(keygen->out_controls);
4313 OPENSSL_free(keygen->alg);
4314 OPENSSL_free(keygen->keyname);
4315 OPENSSL_free(keygen->paramname);
4316 OPENSSL_free(t->data);
4317 t->data = NULL;
4318 }
4319
keygen_test_parse(EVP_TEST * t,const char * keyword,const char * value)4320 static int keygen_test_parse(EVP_TEST *t,
4321 const char *keyword, const char *value)
4322 {
4323 KEYGEN_TEST_DATA *keygen = t->data;
4324
4325 if (strcmp(keyword, "KeyName") == 0)
4326 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
4327 if (strcmp(keyword, "KeyParam") == 0)
4328 return TEST_ptr(keygen->paramname = OPENSSL_strdup(value));
4329 if (strcmp(keyword, "Ctrl") == 0)
4330 return ctrladd(keygen->in_controls, value);
4331 if (strcmp(keyword, "CtrlOut") == 0)
4332 return ctrladd(keygen->out_controls, value);
4333 return 0;
4334 }
4335
4336 /* Iterate thru the key's expected values */
check_pkey_expected_values(EVP_TEST * t,const EVP_PKEY * pkey,STACK_OF (OPENSSL_STRING)* out_controls)4337 static int check_pkey_expected_values(EVP_TEST *t, const EVP_PKEY *pkey,
4338 STACK_OF(OPENSSL_STRING) *out_controls)
4339 {
4340 int ret = 0;
4341 OSSL_PARAM out_params[4], *p;
4342 size_t out_params_n = 0, len;
4343
4344 if (sk_OPENSSL_STRING_num(out_controls) > 0) {
4345
4346 if (!ctrl2params(t, out_controls,
4347 EVP_PKEY_gettable_params(pkey),
4348 out_params, OSSL_NELEM(out_params), &out_params_n))
4349 goto err;
4350 for (p = out_params; p->key != NULL; ++p) {
4351 if (p->data_type == OSSL_PARAM_OCTET_STRING) {
4352 uint8_t *data = OPENSSL_malloc(p->data_size);
4353
4354 if (data == NULL)
4355 goto err;
4356 ret = EVP_PKEY_get_octet_string_param(pkey, p->key, data,
4357 p->data_size, &len)
4358 && len == p->data_size
4359 && (TEST_mem_eq(p->data, len, data, len) == 1);
4360 OPENSSL_free(data);
4361 if (ret == 0) {
4362 TEST_error("Expected %s value is incorrect", p->key);
4363 goto err;
4364 }
4365 }
4366 }
4367 }
4368 ret = 1;
4369 err:
4370 ctrl2params_free(out_params, out_params_n, 0);
4371 return ret;
4372 }
4373
keygen_test_run(EVP_TEST * t)4374 static int keygen_test_run(EVP_TEST *t)
4375 {
4376 KEYGEN_TEST_DATA *keygen = t->data;
4377 EVP_PKEY *pkey = NULL, *keyparams = NULL;
4378 EVP_PKEY_CTX *genctx = NULL; /* Keygen context to use */
4379 int rv = 1;
4380 OSSL_PARAM_BLD *bld = NULL;
4381 OSSL_PARAM *params = NULL;
4382 size_t params_n = 0;
4383 int key_free = 1;
4384
4385 if (keygen->paramname != NULL) {
4386 rv = find_key(&keyparams, keygen->paramname, public_keys);
4387 if (rv == 0 || keyparams == NULL) {
4388 TEST_info("skipping, key '%s' is disabled", keygen->paramname);
4389 t->skip = 1;
4390 return 1;
4391 }
4392 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_pkey(libctx, keyparams,
4393 propquery)))
4394 goto err;
4395
4396 } else {
4397 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, keygen->alg,
4398 propquery)))
4399 goto err;
4400 }
4401
4402 if (EVP_PKEY_keygen_init(genctx) <= 0) {
4403 t->err = "KEYGEN_INIT_ERROR";
4404 goto err;
4405 }
4406
4407 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) {
4408 if ((params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4)) == NULL)
4409 goto err;
4410 if (!ctrl2params(t, keygen->in_controls,
4411 EVP_PKEY_CTX_settable_params(genctx),
4412 params, 4, ¶ms_n))
4413 goto err;
4414 if (!EVP_PKEY_CTX_set_params(genctx, params)) {
4415 t->err = "PKEY_CTRL_ERROR";
4416 goto err;
4417 }
4418 }
4419
4420 if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
4421 t->err = "KEYGEN_GENERATE_ERROR";
4422 goto err;
4423 }
4424
4425 if (!pkey_check_fips_approved(genctx, t)) {
4426 rv = 0;
4427 goto err;
4428 }
4429
4430 if (!evp_pkey_is_provided(pkey)) {
4431 TEST_info("Warning: legacy key generated %s", keygen->keyname);
4432 goto err;
4433 }
4434
4435 if (!check_pkey_expected_values(t, pkey, keygen->out_controls)) {
4436 t->err = "KEYGEN_PKEY_MISMATCH_ERROR";
4437 goto err;
4438 }
4439
4440 if (keygen->keyname != NULL) {
4441 KEY_LIST *key;
4442
4443 rv = 0;
4444 if (find_key(NULL, keygen->keyname, private_keys)) {
4445 TEST_info("Duplicate key %s", keygen->keyname);
4446 goto err;
4447 }
4448
4449 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
4450 goto err;
4451 key->name = keygen->keyname;
4452 keygen->keyname = NULL;
4453 key->key = pkey;
4454 key->next = private_keys;
4455 private_keys = key;
4456 rv = 1;
4457 key_free = 0;
4458 }
4459
4460 t->err = NULL;
4461 err:
4462 if (key_free) {
4463 EVP_PKEY_free(pkey);
4464 pkey = NULL;
4465 }
4466 EVP_PKEY_CTX_free(genctx);
4467 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0)
4468 ctrl2params_free(params, params_n, 0);
4469 OSSL_PARAM_free(params);
4470 OSSL_PARAM_BLD_free(bld);
4471 return rv;
4472 }
4473
4474 static const EVP_TEST_METHOD keygen_test_method = {
4475 "KeyGen",
4476 keygen_test_init,
4477 keygen_test_cleanup,
4478 keygen_test_parse,
4479 keygen_test_run,
4480 };
4481
4482 /**
4483 ** DIGEST SIGN+VERIFY TESTS
4484 **/
4485
4486 typedef struct {
4487 int is_verify; /* Set to 1 if verifying */
4488 int is_oneshot; /* Set to 1 for one shot operation */
4489 const EVP_MD *md; /* Digest to use */
4490 EVP_MD_CTX *ctx; /* Digest context */
4491 EVP_PKEY_CTX *pctx;
4492 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
4493 unsigned char *osin; /* Input data if one shot */
4494 size_t osin_len; /* Input length data if one shot */
4495 unsigned char *output; /* Expected output */
4496 size_t output_len; /* Expected output length */
4497 int deterministic_noncetype;
4498 EVP_PKEY *key;
4499 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
4500 STACK_OF(OPENSSL_STRING) *controls; /* Collection of controls */
4501 } DIGESTSIGN_DATA;
4502
digestsigver_test_init(EVP_TEST * t,const char * alg,int is_verify,int is_oneshot)4503 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
4504 int is_oneshot)
4505 {
4506 const EVP_MD *md = NULL;
4507 DIGESTSIGN_DATA *mdat;
4508
4509 if (strcmp(alg, "NULL") != 0) {
4510 if (is_digest_disabled(alg)) {
4511 t->skip = 1;
4512 return 1;
4513 }
4514 md = EVP_get_digestbyname(alg);
4515 if (md == NULL)
4516 return 0;
4517 }
4518 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
4519 return 0;
4520 mdat->init_controls = sk_OPENSSL_STRING_new_null();
4521 mdat->controls = sk_OPENSSL_STRING_new_null();
4522 mdat->md = md;
4523 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
4524 OPENSSL_free(mdat);
4525 return 0;
4526 }
4527 mdat->is_verify = is_verify;
4528 mdat->is_oneshot = is_oneshot;
4529 t->data = mdat;
4530 return 1;
4531 }
4532
digestsign_test_init(EVP_TEST * t,const char * alg)4533 static int digestsign_test_init(EVP_TEST *t, const char *alg)
4534 {
4535 return digestsigver_test_init(t, alg, 0, 0);
4536 }
4537
digestsigver_test_cleanup(EVP_TEST * t)4538 static void digestsigver_test_cleanup(EVP_TEST *t)
4539 {
4540 DIGESTSIGN_DATA *mdata = t->data;
4541
4542 ctrlfree(mdata->init_controls);
4543 ctrlfree(mdata->controls);
4544 EVP_MD_CTX_free(mdata->ctx);
4545 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
4546 OPENSSL_free(mdata->osin);
4547 OPENSSL_free(mdata->output);
4548 OPENSSL_free(mdata);
4549 t->data = NULL;
4550 }
4551
digestsigver_test_parse(EVP_TEST * t,const char * keyword,const char * value)4552 static int digestsigver_test_parse(EVP_TEST *t,
4553 const char *keyword, const char *value)
4554 {
4555 DIGESTSIGN_DATA *mdata = t->data;
4556
4557 if (strcmp(keyword, "Key") == 0) {
4558 EVP_PKEY *pkey = NULL;
4559 int rv = 0;
4560
4561 if (mdata->is_verify)
4562 rv = find_key(&pkey, value, public_keys);
4563 if (rv == 0)
4564 rv = find_key(&pkey, value, private_keys);
4565 if (rv == 0 || pkey == NULL) {
4566 t->skip = 1;
4567 return 1;
4568 }
4569 mdata->key = pkey;
4570 return 1;
4571 }
4572
4573 if (strcmp(keyword, "Input") == 0) {
4574 if (mdata->is_oneshot)
4575 return parse_bin(value, &mdata->osin, &mdata->osin_len);
4576 return evp_test_buffer_append(value, data_chunk_size, &mdata->input);
4577 }
4578 if (strcmp(keyword, "Output") == 0)
4579 return parse_bin(value, &mdata->output, &mdata->output_len);
4580
4581 if (!mdata->is_oneshot && data_chunk_size == 0) {
4582 if (strcmp(keyword, "Count") == 0)
4583 return evp_test_buffer_set_count(value, mdata->input);
4584 if (strcmp(keyword, "Ncopy") == 0)
4585 return evp_test_buffer_ncopy(value, mdata->input);
4586 }
4587 if (strcmp(keyword, "Ctrl") == 0)
4588 return pkey_add_control(t, mdata->controls, value);
4589 if (strcmp(keyword, "CtrlInit") == 0)
4590 return ctrladd(mdata->init_controls, value);
4591 if (strcmp(keyword, "NonceType") == 0) {
4592 if (strcmp(value, "deterministic") == 0)
4593 mdata->deterministic_noncetype = 1;
4594 return 1;
4595 }
4596 return 0;
4597 }
4598
check_deterministic_noncetype(EVP_TEST * t,DIGESTSIGN_DATA * mdata)4599 static int check_deterministic_noncetype(EVP_TEST *t,
4600 DIGESTSIGN_DATA *mdata)
4601 {
4602 if (mdata->deterministic_noncetype == 1) {
4603 OSSL_PARAM params[2];
4604 unsigned int nonce_type = 1;
4605
4606 params[0] = OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE,
4607 &nonce_type);
4608 params[1] = OSSL_PARAM_construct_end();
4609 if (!EVP_PKEY_CTX_set_params(mdata->pctx, params))
4610 t->err = "EVP_PKEY_CTX_set_params_ERROR";
4611 else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params))
4612 t->err = "EVP_PKEY_CTX_get_params_ERROR";
4613 else if (!OSSL_PARAM_modified(¶ms[0]))
4614 t->err = "nonce_type_not_modified_ERROR";
4615 else if (nonce_type != 1)
4616 t->err = "nonce_type_value_ERROR";
4617 }
4618 return t->err == NULL;
4619 }
4620
signverify_init(EVP_TEST * t,DIGESTSIGN_DATA * data)4621 static int signverify_init(EVP_TEST *t, DIGESTSIGN_DATA *data)
4622 {
4623 const char *name = data->md == NULL ? NULL : EVP_MD_get0_name(data->md);
4624 OSSL_PARAM params[5];
4625 OSSL_PARAM *p = NULL;
4626 int i, ret = 0;
4627 size_t params_n = 0, params_allocated_n = 0;
4628
4629 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) {
4630 if (!ctrl2params(t, data->init_controls,
4631 NULL,
4632 params, OSSL_NELEM(params), ¶ms_n))
4633 goto err;
4634 p = params;
4635 }
4636
4637 if (data->is_verify) {
4638 if (!EVP_DigestVerifyInit_ex(data->ctx, &data->pctx, name, libctx,
4639 NULL, data->key, p)) {
4640 t->err = "DIGESTVERIFYINIT_ERROR";
4641 goto err;
4642 }
4643 } else {
4644 if (!EVP_DigestSignInit_ex(data->ctx, &data->pctx, name, libctx, NULL,
4645 data->key, p)) {
4646 t->err = "DIGESTSIGNINIT_ERROR";
4647 goto err;
4648 }
4649 }
4650
4651 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) {
4652 char *value = sk_OPENSSL_STRING_value(data->controls, i);
4653
4654 if (!pkey_test_ctrl(t, data->pctx, value) || t->err != NULL)
4655 goto err;
4656 }
4657 ret = 1;
4658 err:
4659 ctrl2params_free(params, params_n, params_allocated_n);
4660 return ret;
4661 }
4662
digestsign_update_fn(void * ctx,const unsigned char * buf,size_t buflen)4663 static int digestsign_update_fn(void *ctx, const unsigned char *buf,
4664 size_t buflen)
4665 {
4666 return EVP_DigestSignUpdate(ctx, buf, buflen);
4667 }
4668
digestsign_test_run(EVP_TEST * t)4669 static int digestsign_test_run(EVP_TEST *t)
4670 {
4671 int i;
4672 DIGESTSIGN_DATA *expected = t->data;
4673 unsigned char *got = NULL;
4674 size_t got_len;
4675
4676 if (!signverify_init(t, expected))
4677 goto err;
4678 if (!check_deterministic_noncetype(t, expected))
4679 goto err;
4680
4681 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
4682 char *value = sk_OPENSSL_STRING_value(expected->controls, i);
4683 if (!pkey_test_ctrl(t, expected->pctx, value) || t->err != NULL)
4684 return 0;
4685 }
4686
4687 if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
4688 expected->ctx)) {
4689 t->err = "DIGESTUPDATE_ERROR";
4690 goto err;
4691 }
4692
4693 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
4694 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
4695 goto err;
4696 }
4697 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
4698 t->err = "MALLOC_FAILURE";
4699 goto err;
4700 }
4701 got_len *= 2;
4702 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
4703 t->err = "DIGESTSIGNFINAL_ERROR";
4704 goto err;
4705 }
4706 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
4707 expected->output, expected->output_len,
4708 got, got_len))
4709 goto err;
4710
4711 t->err = NULL;
4712 err:
4713 OPENSSL_free(got);
4714 return 1;
4715 }
4716
4717 static const EVP_TEST_METHOD digestsign_test_method = {
4718 "DigestSign",
4719 digestsign_test_init,
4720 digestsigver_test_cleanup,
4721 digestsigver_test_parse,
4722 digestsign_test_run
4723 };
4724
digestverify_test_init(EVP_TEST * t,const char * alg)4725 static int digestverify_test_init(EVP_TEST *t, const char *alg)
4726 {
4727 return digestsigver_test_init(t, alg, 1, 0);
4728 }
4729
digestverify_update_fn(void * ctx,const unsigned char * buf,size_t buflen)4730 static int digestverify_update_fn(void *ctx, const unsigned char *buf,
4731 size_t buflen)
4732 {
4733 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
4734 }
4735
digestverify_test_run(EVP_TEST * t)4736 static int digestverify_test_run(EVP_TEST *t)
4737 {
4738 DIGESTSIGN_DATA *mdata = t->data;
4739
4740 if (!signverify_init(t, mdata))
4741 return 1;
4742
4743 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
4744 t->err = "DIGESTUPDATE_ERROR";
4745 return 1;
4746 }
4747
4748 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
4749 mdata->output_len)
4750 <= 0)
4751 t->err = "VERIFY_ERROR";
4752 return 1;
4753 }
4754
4755 static const EVP_TEST_METHOD digestverify_test_method = {
4756 "DigestVerify",
4757 digestverify_test_init,
4758 digestsigver_test_cleanup,
4759 digestsigver_test_parse,
4760 digestverify_test_run
4761 };
4762
oneshot_digestsign_test_init(EVP_TEST * t,const char * alg)4763 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
4764 {
4765 return digestsigver_test_init(t, alg, 0, 1);
4766 }
4767
oneshot_digestsign_test_run(EVP_TEST * t)4768 static int oneshot_digestsign_test_run(EVP_TEST *t)
4769 {
4770 DIGESTSIGN_DATA *expected = t->data;
4771 unsigned char *got = NULL;
4772 size_t got_len;
4773
4774 if (!signverify_init(t, expected))
4775 goto err;
4776
4777 if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
4778 expected->osin, expected->osin_len)) {
4779 t->err = "DIGESTSIGN_LENGTH_ERROR";
4780 goto err;
4781 }
4782 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
4783 t->err = "MALLOC_FAILURE";
4784 goto err;
4785 }
4786 got_len *= 2;
4787 if (!EVP_DigestSign(expected->ctx, got, &got_len,
4788 expected->osin, expected->osin_len)) {
4789 t->err = "DIGESTSIGN_ERROR";
4790 goto err;
4791 }
4792 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
4793 expected->output, expected->output_len,
4794 got, got_len))
4795 goto err;
4796
4797 t->err = NULL;
4798 err:
4799 OPENSSL_free(got);
4800 return 1;
4801 }
4802
4803 static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
4804 "OneShotDigestSign",
4805 oneshot_digestsign_test_init,
4806 digestsigver_test_cleanup,
4807 digestsigver_test_parse,
4808 oneshot_digestsign_test_run
4809 };
4810
oneshot_digestverify_test_init(EVP_TEST * t,const char * alg)4811 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
4812 {
4813 return digestsigver_test_init(t, alg, 1, 1);
4814 }
4815
oneshot_digestverify_test_run(EVP_TEST * t)4816 static int oneshot_digestverify_test_run(EVP_TEST *t)
4817 {
4818 DIGESTSIGN_DATA *mdata = t->data;
4819
4820 if (!signverify_init(t, mdata))
4821 return 1;
4822
4823 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
4824 mdata->osin, mdata->osin_len)
4825 <= 0)
4826 t->err = "VERIFY_ERROR";
4827 return 1;
4828 }
4829
4830 static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
4831 "OneShotDigestVerify",
4832 oneshot_digestverify_test_init,
4833 digestsigver_test_cleanup,
4834 digestsigver_test_parse,
4835 oneshot_digestverify_test_run
4836 };
4837
4838 /**
4839 ** PARSING AND DISPATCH
4840 **/
4841
4842 static const EVP_TEST_METHOD *evp_test_list[] = {
4843 &rand_test_method,
4844 &cipher_test_method,
4845 &digest_test_method,
4846 &digestsign_test_method,
4847 &digestverify_test_method,
4848 &encode_test_method,
4849 &kdf_test_method,
4850 &pkey_kdf_test_method,
4851 &keypair_test_method,
4852 &keygen_test_method,
4853 &mac_test_method,
4854 &oneshot_digestsign_test_method,
4855 &oneshot_digestverify_test_method,
4856 &pbe_test_method,
4857 &pdecrypt_test_method,
4858 &pderive_test_method,
4859 &psign_test_method,
4860 &psign_message_test_method,
4861 &pverify_recover_test_method,
4862 &pverify_test_method,
4863 &pverify_message_test_method,
4864 &pverify_message_public_test_method,
4865 &pkey_kem_test_method,
4866 &pkey_fromdata_test_method,
4867 NULL
4868 };
4869
find_test(const char * name)4870 static const EVP_TEST_METHOD *find_test(const char *name)
4871 {
4872 const EVP_TEST_METHOD **tt;
4873
4874 for (tt = evp_test_list; *tt; tt++) {
4875 if (strcmp(name, (*tt)->name) == 0)
4876 return *tt;
4877 }
4878 return NULL;
4879 }
4880
clear_test(EVP_TEST * t)4881 static void clear_test(EVP_TEST *t)
4882 {
4883 test_clearstanza(&t->s);
4884 ERR_clear_error();
4885 if (t->data != NULL) {
4886 if (t->meth != NULL)
4887 t->meth->cleanup(t);
4888 OPENSSL_free(t->data);
4889 t->data = NULL;
4890 }
4891 OPENSSL_free(t->expected_err);
4892 t->expected_err = NULL;
4893 OPENSSL_free(t->reason);
4894 t->reason = NULL;
4895
4896 /* Text literal. */
4897 t->err = NULL;
4898 t->skip = 0;
4899 t->meth = NULL;
4900 t->expect_unapproved = 0;
4901
4902 #if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
4903 OSSL_set_max_threads(libctx, 0);
4904 #endif
4905 }
4906
4907 /* Check for errors in the test structure; return 1 if okay, else 0. */
check_test_error(EVP_TEST * t)4908 static int check_test_error(EVP_TEST *t)
4909 {
4910 unsigned long err;
4911 const char *reason;
4912
4913 if (t->err == NULL && t->expected_err == NULL)
4914 return 1;
4915 if (t->err != NULL && t->expected_err == NULL) {
4916 if (t->aux_err != NULL) {
4917 TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
4918 t->s.test_file, t->s.start, t->aux_err, t->err);
4919 } else {
4920 TEST_info("%s:%d: Source of above error; unexpected error %s",
4921 t->s.test_file, t->s.start, t->err);
4922 }
4923 return 0;
4924 }
4925 if (t->err == NULL && t->expected_err != NULL) {
4926 TEST_info("%s:%d: Succeeded but was expecting %s",
4927 t->s.test_file, t->s.start, t->expected_err);
4928 return 0;
4929 }
4930
4931 if (strcmp(t->err, t->expected_err) != 0) {
4932 TEST_info("%s:%d: Expected %s got %s",
4933 t->s.test_file, t->s.start, t->expected_err, t->err);
4934 return 0;
4935 }
4936
4937 if (t->reason == NULL)
4938 return 1;
4939
4940 if (t->reason == NULL) {
4941 TEST_info("%s:%d: Test is missing function or reason code",
4942 t->s.test_file, t->s.start);
4943 return 0;
4944 }
4945
4946 err = ERR_peek_error();
4947 if (err == 0) {
4948 TEST_info("%s:%d: Expected error \"%s\" not set",
4949 t->s.test_file, t->s.start, t->reason);
4950 return 0;
4951 }
4952
4953 reason = ERR_reason_error_string(err);
4954 if (reason == NULL) {
4955 TEST_info("%s:%d: Expected error \"%s\", no strings available."
4956 " Assuming ok.",
4957 t->s.test_file, t->s.start, t->reason);
4958 return 1;
4959 }
4960
4961 if (strcmp(reason, t->reason) == 0)
4962 return 1;
4963
4964 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
4965 t->s.test_file, t->s.start, t->reason, reason);
4966
4967 return 0;
4968 }
4969
4970 /* Run a parsed test. Log a message and return 0 on error. */
run_test(EVP_TEST * t)4971 static int run_test(EVP_TEST *t)
4972 {
4973 if (t->meth == NULL)
4974 return 1;
4975 t->s.numtests++;
4976 if (t->skip) {
4977 t->s.numskip++;
4978 } else {
4979 /* run the test */
4980 if (t->err == NULL && t->meth->run_test(t) != 1) {
4981 TEST_info("%s:%d %s error",
4982 t->s.test_file, t->s.start, t->meth->name);
4983 return 0;
4984 }
4985 if (!check_test_error(t)) {
4986 TEST_openssl_errors();
4987 t->s.errors++;
4988 }
4989 }
4990
4991 /* clean it up */
4992 return 1;
4993 }
4994
find_key(EVP_PKEY ** ppk,const char * name,KEY_LIST * lst)4995 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
4996 {
4997 for (; lst != NULL; lst = lst->next) {
4998 if (strcmp(lst->name, name) == 0) {
4999 if (ppk != NULL)
5000 *ppk = lst->key;
5001 return 1;
5002 }
5003 }
5004 return 0;
5005 }
5006
free_key_list(KEY_LIST * lst)5007 static void free_key_list(KEY_LIST *lst)
5008 {
5009 while (lst != NULL) {
5010 KEY_LIST *next = lst->next;
5011
5012 EVP_PKEY_free(lst->key);
5013 OPENSSL_free(lst->name);
5014 OPENSSL_free(lst);
5015 lst = next;
5016 }
5017 }
5018
5019 /*
5020 * Is the key type an unsupported algorithm?
5021 */
key_unsupported(void)5022 static int key_unsupported(void)
5023 {
5024 long err = ERR_peek_last_error();
5025 int lib = ERR_GET_LIB(err);
5026 long reason = ERR_GET_REASON(err);
5027
5028 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
5029 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
5030 || reason == ERR_R_UNSUPPORTED) {
5031 ERR_clear_error();
5032 return 1;
5033 }
5034 #ifndef OPENSSL_NO_EC
5035 /*
5036 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
5037 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
5038 * disabled).
5039 */
5040 if (lib == ERR_LIB_EC
5041 && (reason == EC_R_UNKNOWN_GROUP
5042 || reason == EC_R_INVALID_CURVE)) {
5043 ERR_clear_error();
5044 return 1;
5045 }
5046 #endif /* OPENSSL_NO_EC */
5047 return 0;
5048 }
5049
5050 /* NULL out the value from |pp| but return it. This "steals" a pointer. */
take_value(PAIR * pp)5051 static char *take_value(PAIR *pp)
5052 {
5053 char *p = pp->value;
5054
5055 pp->value = NULL;
5056 return p;
5057 }
5058
5059 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
securitycheck_enabled(void)5060 static int securitycheck_enabled(void)
5061 {
5062 static int enabled = -1;
5063
5064 if (enabled == -1) {
5065 if (OSSL_PROVIDER_available(libctx, "fips")) {
5066 OSSL_PARAM params[2];
5067 OSSL_PROVIDER *prov = NULL;
5068 int check = 1;
5069
5070 prov = OSSL_PROVIDER_load(libctx, "fips");
5071 if (prov != NULL) {
5072 params[0] = OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
5073 &check);
5074 params[1] = OSSL_PARAM_construct_end();
5075 OSSL_PROVIDER_get_params(prov, params);
5076 OSSL_PROVIDER_unload(prov);
5077 }
5078 enabled = check;
5079 return enabled;
5080 }
5081 enabled = 0;
5082 }
5083 return enabled;
5084 }
5085 #endif
5086
5087 /*
5088 * Return 1 if one of the providers named in the string is available.
5089 * The provider names are separated with whitespace.
5090 * NOTE: destructive function, it inserts '\0' after each provider name.
5091 */
prov_available(char * providers)5092 static int prov_available(char *providers)
5093 {
5094 char *p;
5095 int more = 1;
5096
5097 while (more) {
5098 for (; isspace((unsigned char)(*providers)); providers++)
5099 continue;
5100 if (*providers == '\0')
5101 break; /* End of the road */
5102 for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++)
5103 continue;
5104 if (*p == '\0')
5105 more = 0;
5106 else
5107 *p = '\0';
5108 if (OSSL_PROVIDER_available(libctx, providers))
5109 return 1; /* Found one */
5110 }
5111 return 0;
5112 }
5113
5114 /* Read and parse one test. Return 0 if failure, 1 if okay. */
parse(EVP_TEST * t)5115 static int parse(EVP_TEST *t)
5116 {
5117 KEY_LIST *key, **klist;
5118 EVP_PKEY *pkey;
5119 PAIR *pp;
5120 int i, j, skipped = 0;
5121
5122 fips_indicator_callback_unapproved_count = 0;
5123 top:
5124 do {
5125 if (BIO_eof(t->s.fp))
5126 return EOF;
5127 clear_test(t);
5128 if (!test_readstanza(&t->s))
5129 return 0;
5130 } while (t->s.numpairs == 0);
5131 pp = &t->s.pairs[0];
5132
5133 /* Are we adding a key? */
5134 klist = NULL;
5135 pkey = NULL;
5136 start:
5137 if (strcmp(pp->key, "PrivateKey") == 0) {
5138 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
5139 if (pkey == NULL && !key_unsupported()) {
5140 EVP_PKEY_free(pkey);
5141 TEST_info("Can't read private key %s", pp->value);
5142 TEST_openssl_errors();
5143 return 0;
5144 }
5145 klist = &private_keys;
5146 } else if (strcmp(pp->key, "PublicKey") == 0) {
5147 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
5148 if (pkey == NULL && !key_unsupported()) {
5149 EVP_PKEY_free(pkey);
5150 TEST_info("Can't read public key %s", pp->value);
5151 TEST_openssl_errors();
5152 return 0;
5153 }
5154 klist = &public_keys;
5155 } else if (strcmp(pp->key, "ParamKey") == 0) {
5156 pkey = PEM_read_bio_Parameters_ex(t->s.key, NULL, libctx, NULL);
5157 if (pkey == NULL && !key_unsupported()) {
5158 EVP_PKEY_free(pkey);
5159 TEST_info("Can't read params key %s", pp->value);
5160 TEST_openssl_errors();
5161 return 0;
5162 }
5163 klist = &public_keys;
5164 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
5165 || strcmp(pp->key, "PublicKeyRaw") == 0) {
5166 char *strnid = NULL, *keydata = NULL;
5167 unsigned char *keybin;
5168 size_t keylen;
5169 int nid;
5170
5171 if (strcmp(pp->key, "PrivateKeyRaw") == 0)
5172 klist = &private_keys;
5173 else
5174 klist = &public_keys;
5175
5176 strnid = strchr(pp->value, ':');
5177 if (strnid != NULL) {
5178 *strnid++ = '\0';
5179 keydata = strchr(strnid, ':');
5180 if (keydata != NULL)
5181 *keydata++ = '\0';
5182 }
5183 if (keydata == NULL) {
5184 TEST_info("Failed to parse %s value", pp->key);
5185 return 0;
5186 }
5187
5188 nid = OBJ_txt2nid(strnid);
5189 if (nid == NID_undef) {
5190 TEST_info("Unrecognised algorithm NID");
5191 return 0;
5192 }
5193 if (!parse_bin(keydata, &keybin, &keylen)) {
5194 TEST_info("Failed to create binary key");
5195 return 0;
5196 }
5197 if (klist == &private_keys)
5198 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
5199 keylen);
5200 else
5201 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
5202 keylen);
5203 if (pkey == NULL && !key_unsupported()) {
5204 TEST_info("Can't read %s data", pp->key);
5205 OPENSSL_free(keybin);
5206 TEST_openssl_errors();
5207 return 0;
5208 }
5209 OPENSSL_free(keybin);
5210 } else if (strcmp(pp->key, "Availablein") == 0) {
5211 if (!prov_available(pp->value)) {
5212 TEST_info("skipping, '%s' provider not available: %s:%d",
5213 pp->value, t->s.test_file, t->s.start);
5214 t->skip = 1;
5215 return 0;
5216 }
5217 skipped++;
5218 pp++;
5219 goto start;
5220 } else if (strcmp(pp->key, "FIPSversion") == 0) {
5221 if (prov_available("fips")) {
5222 j = fips_provider_version_match(libctx, pp->value);
5223 if (j < 0) {
5224 TEST_info("Line %d: error matching FIPS versions\n", t->s.curr);
5225 return 0;
5226 } else if (j == 0) {
5227 TEST_info("skipping, FIPS provider incompatible version: %s:%d",
5228 t->s.test_file, t->s.start);
5229 t->skip = 1;
5230 return 0;
5231 }
5232 }
5233 skipped++;
5234 pp++;
5235 goto start;
5236 }
5237
5238 /* If we have a key add to list */
5239 if (klist != NULL) {
5240 if (find_key(NULL, pp->value, *klist)) {
5241 TEST_info("Duplicate key %s", pp->value);
5242 return 0;
5243 }
5244 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
5245 return 0;
5246 key->name = take_value(pp);
5247 key->key = pkey;
5248 key->next = *klist;
5249 *klist = key;
5250
5251 /* Go back and start a new stanza. */
5252 if ((t->s.numpairs - skipped) != 1)
5253 TEST_info("Line %d: missing blank line\n", t->s.curr);
5254 goto top;
5255 }
5256
5257 /* Find the test, based on first keyword. */
5258 if (!TEST_ptr(t->meth = find_test(pp->key)))
5259 return 0;
5260 if (!t->meth->init(t, pp->value)) {
5261 TEST_error("unknown %s: %s\n", pp->key, pp->value);
5262 return 0;
5263 }
5264 if (t->skip == 1) {
5265 /* TEST_info("skipping %s %s", pp->key, pp->value); */
5266 return 0;
5267 }
5268
5269 for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) {
5270 if (strcmp(pp->key, "Securitycheck") == 0) {
5271 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
5272 #else
5273 if (!securitycheck_enabled())
5274 #endif
5275 {
5276 TEST_info("skipping, Securitycheck is disabled: %s:%d",
5277 t->s.test_file, t->s.start);
5278 t->skip = 1;
5279 return 0;
5280 }
5281 } else if (strcmp(pp->key, "Availablein") == 0) {
5282 TEST_info("Line %d: 'Availablein' should be the first option",
5283 t->s.curr);
5284 return 0;
5285 } else if (strcmp(pp->key, "Result") == 0) {
5286 if (t->expected_err != NULL) {
5287 TEST_info("Line %d: multiple result lines", t->s.curr);
5288 return 0;
5289 }
5290 t->expected_err = take_value(pp);
5291 } else if (strcmp(pp->key, "Function") == 0) {
5292 /* Ignore old line. */
5293 } else if (strcmp(pp->key, "Reason") == 0) {
5294 if (t->reason != NULL) {
5295 TEST_info("Line %d: multiple reason lines", t->s.curr);
5296 return 0;
5297 }
5298 t->reason = take_value(pp);
5299 } else if (strcmp(pp->key, "Threads") == 0) {
5300 if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) {
5301 TEST_info("skipping, '%s' threads not available: %s:%d",
5302 pp->value, t->s.test_file, t->s.start);
5303 t->skip = 1;
5304 }
5305 } else if (strcmp(pp->key, "Unapproved") == 0) {
5306 t->expect_unapproved = 1;
5307 } else if (strcmp(pp->key, "Extended-Test") == 0) {
5308 if (!extended_tests) {
5309 TEST_info("skipping extended test: %s:%d",
5310 t->s.test_file, t->s.start);
5311 t->skip = 1;
5312 }
5313 } else {
5314 /* Must be test specific line: try to parse it */
5315 int rv = t->meth->parse(t, pp->key, pp->value);
5316
5317 if (rv == 0) {
5318 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
5319 return 0;
5320 }
5321 if (rv < 0) {
5322 TEST_info("Line %d: error processing keyword %s = %s\n",
5323 t->s.curr, pp->key, pp->value);
5324 return 0;
5325 }
5326 if (t->skip)
5327 return 0;
5328 }
5329 }
5330
5331 return 1;
5332 }
5333
run_file_tests(int i)5334 static int run_file_tests(int i)
5335 {
5336 EVP_TEST *t;
5337 const char *testfile = test_get_argument(i);
5338 int c;
5339
5340 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
5341 return 0;
5342 if (!test_start_file(&t->s, testfile)) {
5343 OPENSSL_free(t);
5344 return 0;
5345 }
5346
5347 OSSL_INDICATOR_set_callback(libctx, fips_indicator_cb);
5348 while (!BIO_eof(t->s.fp)) {
5349 c = parse(t);
5350 if (t->skip) {
5351 t->s.numskip++;
5352 continue;
5353 }
5354 if (c == 0 || !run_test(t)) {
5355 t->s.errors++;
5356 break;
5357 }
5358 }
5359 test_end_file(&t->s);
5360 clear_test(t);
5361
5362 free_key_list(public_keys);
5363 public_keys = NULL;
5364 free_key_list(private_keys);
5365 private_keys = NULL;
5366 BIO_free(t->s.key);
5367 c = t->s.errors;
5368 OPENSSL_free(t);
5369 return c == 0;
5370 }
5371
test_get_options(void)5372 const OPTIONS *test_get_options(void)
5373 {
5374 static const OPTIONS test_options[] = {
5375 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
5376 { "config", OPT_CONFIG_FILE, '<',
5377 "The configuration file to use for the libctx" },
5378 { "process", OPT_IN_PLACE, 's',
5379 "Mode for data processing by cipher tests [in_place/both], both by default" },
5380 { "provider", OPT_PROVIDER_NAME, 's',
5381 "The provider to load (when no configuration file, the default value is 'default')" },
5382 { "propquery", OPT_PROV_PROPQUERY, 's',
5383 "Property query used when fetching algorithms" },
5384 { "chunk", OPT_DATA_CHUNK, 'N', "Size of data chunks to be processed, 0 for default size" },
5385 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
5386 { NULL }
5387 };
5388 return test_options;
5389 }
5390
setup_tests(void)5391 int setup_tests(void)
5392 {
5393 size_t n;
5394 char *config_file = NULL;
5395 char *provider_name = NULL;
5396
5397 OPTION_CHOICE o;
5398
5399 extended_tests = getenv("EVP_TEST_EXTENDED") != NULL;
5400
5401 while ((o = opt_next()) != OPT_EOF) {
5402 switch (o) {
5403 case OPT_CONFIG_FILE:
5404 config_file = opt_arg();
5405 break;
5406 case OPT_IN_PLACE:
5407 if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1)
5408 case OPT_DATA_CHUNK:
5409 if (!opt_int(opt_arg(), &data_chunk_size))
5410 return 0;
5411 break;
5412 case OPT_PROVIDER_NAME:
5413 provider_name = opt_arg();
5414 break;
5415 case OPT_PROV_PROPQUERY:
5416 propquery = opt_arg();
5417 break;
5418 case OPT_TEST_CASES:
5419 break;
5420 default:
5421 case OPT_ERR:
5422 return 0;
5423 }
5424 }
5425
5426 /*
5427 * Load the provider via configuration into the created library context.
5428 * Load the 'null' provider into the default library context to ensure that
5429 * the tests do not fallback to using the default provider.
5430 */
5431 if (config_file == NULL && provider_name == NULL)
5432 provider_name = "default";
5433 if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name))
5434 return 0;
5435
5436 n = test_get_argument_count();
5437 if (n == 0)
5438 return 0;
5439
5440 ADD_ALL_TESTS(run_file_tests, n);
5441 return 1;
5442 }
5443
cleanup_tests(void)5444 void cleanup_tests(void)
5445 {
5446 OSSL_PROVIDER_unload(libprov);
5447 OSSL_PROVIDER_unload(prov_null);
5448 OSSL_LIB_CTX_free(libctx);
5449 }
5450
is_digest_disabled(const char * name)5451 static int is_digest_disabled(const char *name)
5452 {
5453 #ifdef OPENSSL_NO_BLAKE2
5454 if (HAS_CASE_PREFIX(name, "BLAKE"))
5455 return 1;
5456 #endif
5457 #ifdef OPENSSL_NO_MD2
5458 if (OPENSSL_strcasecmp(name, "MD2") == 0)
5459 return 1;
5460 #endif
5461 #ifdef OPENSSL_NO_MDC2
5462 if (OPENSSL_strcasecmp(name, "MDC2") == 0)
5463 return 1;
5464 #endif
5465 #ifdef OPENSSL_NO_MD4
5466 if (OPENSSL_strcasecmp(name, "MD4") == 0)
5467 return 1;
5468 #endif
5469 #ifdef OPENSSL_NO_MD5
5470 if (OPENSSL_strcasecmp(name, "MD5") == 0)
5471 return 1;
5472 #endif
5473 #ifdef OPENSSL_NO_RMD160
5474 if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
5475 return 1;
5476 #endif
5477 #ifdef OPENSSL_NO_SM3
5478 if (OPENSSL_strcasecmp(name, "SM3") == 0)
5479 return 1;
5480 #endif
5481 #ifdef OPENSSL_NO_WHIRLPOOL
5482 if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
5483 return 1;
5484 #endif
5485 return 0;
5486 }
5487
is_pkey_disabled(const char * name)5488 static int is_pkey_disabled(const char *name)
5489 {
5490 #ifdef OPENSSL_NO_EC
5491 if (HAS_CASE_PREFIX(name, "EC"))
5492 return 1;
5493 #endif
5494 #ifdef OPENSSL_NO_DH
5495 if (HAS_CASE_PREFIX(name, "DH"))
5496 return 1;
5497 #endif
5498 #ifdef OPENSSL_NO_DSA
5499 if (HAS_CASE_PREFIX(name, "DSA"))
5500 return 1;
5501 #endif
5502 #ifdef OPENSSL_NO_SM2
5503 if (HAS_CASE_PREFIX(name, "SM2"))
5504 return 1;
5505 #endif
5506
5507 /* For sigalgs we use, we also check for digest suffixes */
5508 #ifdef OPENSSL_NO_RMD160
5509 if (HAS_CASE_SUFFIX(name, "-RIPEMD160"))
5510 return 1;
5511 #endif
5512 #ifdef OPENSSL_NO_SM3
5513 if (HAS_CASE_SUFFIX(name, "-SM3"))
5514 return 1;
5515 #endif
5516 #ifdef OPENSSL_NO_ML_DSA
5517 if (HAS_CASE_PREFIX(name, "ML-DSA"))
5518 return 1;
5519 #endif
5520 return 0;
5521 }
5522
is_mac_disabled(const char * name)5523 static int is_mac_disabled(const char *name)
5524 {
5525 #ifdef OPENSSL_NO_BLAKE2
5526 if (HAS_CASE_PREFIX(name, "BLAKE2BMAC")
5527 || HAS_CASE_PREFIX(name, "BLAKE2SMAC"))
5528 return 1;
5529 #endif
5530 #ifdef OPENSSL_NO_CMAC
5531 if (HAS_CASE_PREFIX(name, "CMAC"))
5532 return 1;
5533 #endif
5534 #ifdef OPENSSL_NO_POLY1305
5535 if (HAS_CASE_PREFIX(name, "Poly1305"))
5536 return 1;
5537 #endif
5538 #ifdef OPENSSL_NO_SIPHASH
5539 if (HAS_CASE_PREFIX(name, "SipHash"))
5540 return 1;
5541 #endif
5542 return 0;
5543 }
is_kdf_disabled(const char * name)5544 static int is_kdf_disabled(const char *name)
5545 {
5546 #ifdef OPENSSL_NO_SCRYPT
5547 if (HAS_CASE_SUFFIX(name, "SCRYPT"))
5548 return 1;
5549 #endif
5550 #ifdef OPENSSL_NO_ARGON2
5551 if (HAS_CASE_SUFFIX(name, "ARGON2"))
5552 return 1;
5553 #endif
5554 return 0;
5555 }
5556
is_cipher_disabled(const char * name)5557 static int is_cipher_disabled(const char *name)
5558 {
5559 #ifdef OPENSSL_NO_ARIA
5560 if (HAS_CASE_PREFIX(name, "ARIA"))
5561 return 1;
5562 #endif
5563 #ifdef OPENSSL_NO_BF
5564 if (HAS_CASE_PREFIX(name, "BF"))
5565 return 1;
5566 #endif
5567 #ifdef OPENSSL_NO_CAMELLIA
5568 if (HAS_CASE_PREFIX(name, "CAMELLIA"))
5569 return 1;
5570 #endif
5571 #ifdef OPENSSL_NO_CAST
5572 if (HAS_CASE_PREFIX(name, "CAST"))
5573 return 1;
5574 #endif
5575 #ifdef OPENSSL_NO_CHACHA
5576 if (HAS_CASE_PREFIX(name, "CHACHA"))
5577 return 1;
5578 #endif
5579 #ifdef OPENSSL_NO_POLY1305
5580 if (HAS_CASE_SUFFIX(name, "Poly1305"))
5581 return 1;
5582 #endif
5583 #ifdef OPENSSL_NO_DES
5584 if (HAS_CASE_PREFIX(name, "DES"))
5585 return 1;
5586 if (HAS_CASE_SUFFIX(name, "3DESwrap"))
5587 return 1;
5588 #endif
5589 #ifdef OPENSSL_NO_OCB
5590 if (HAS_CASE_SUFFIX(name, "OCB"))
5591 return 1;
5592 #endif
5593 #ifdef OPENSSL_NO_IDEA
5594 if (HAS_CASE_PREFIX(name, "IDEA"))
5595 return 1;
5596 #endif
5597 #ifdef OPENSSL_NO_RC2
5598 if (HAS_CASE_PREFIX(name, "RC2"))
5599 return 1;
5600 #endif
5601 #ifdef OPENSSL_NO_RC4
5602 if (HAS_CASE_PREFIX(name, "RC4"))
5603 return 1;
5604 #endif
5605 #ifdef OPENSSL_NO_RC5
5606 if (HAS_CASE_PREFIX(name, "RC5"))
5607 return 1;
5608 #endif
5609 #ifdef OPENSSL_NO_SEED
5610 if (HAS_CASE_PREFIX(name, "SEED"))
5611 return 1;
5612 #endif
5613 #ifdef OPENSSL_NO_SIV
5614 if (HAS_CASE_SUFFIX(name, "SIV"))
5615 return 1;
5616 #endif
5617 #ifdef OPENSSL_NO_SM4
5618 if (HAS_CASE_PREFIX(name, "SM4"))
5619 return 1;
5620 #endif
5621 return 0;
5622 }
5623