1 /*
2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <openssl/evp.h>
12 #include <openssl/kdf.h>
13 #include <openssl/core_names.h>
14 #include <openssl/param_build.h>
15 #include "internal/cryptlib.h"
16 #include "internal/nelem.h"
17 #include "self_test.h"
18 #include "self_test_data.inc"
19
self_test_digest(const ST_KAT_DIGEST * t,OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)20 static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
21 OSSL_LIB_CTX *libctx)
22 {
23 int ok = 0;
24 unsigned char out[EVP_MAX_MD_SIZE];
25 unsigned int out_len = 0;
26 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
27 EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
28
29 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
30
31 if (ctx == NULL
32 || md == NULL
33 || !EVP_DigestInit_ex(ctx, md, NULL)
34 || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
35 || !EVP_DigestFinal(ctx, out, &out_len))
36 goto err;
37
38 /* Optional corruption */
39 OSSL_SELF_TEST_oncorrupt_byte(st, out);
40
41 if (out_len != t->expected_len
42 || memcmp(out, t->expected, out_len) != 0)
43 goto err;
44 ok = 1;
45 err:
46 EVP_MD_free(md);
47 EVP_MD_CTX_free(ctx);
48 OSSL_SELF_TEST_onend(st, ok);
49 return ok;
50 }
51
52 /*
53 * Helper function to setup a EVP_CipherInit
54 * Used to hide the complexity of Authenticated ciphers.
55 */
cipher_init(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const ST_KAT_CIPHER * t,int enc)56 static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
57 const ST_KAT_CIPHER *t, int enc)
58 {
59 unsigned char *in_tag = NULL;
60 int pad = 0, tmp;
61
62 /* Flag required for Key wrapping */
63 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
64 if (t->tag == NULL) {
65 /* Use a normal cipher init */
66 return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
67 && EVP_CIPHER_CTX_set_padding(ctx, pad);
68 }
69
70 /* The authenticated cipher init */
71 if (!enc)
72 in_tag = (unsigned char *)t->tag;
73
74 return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
75 && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)
76 && (in_tag == NULL
77 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
78 in_tag) > 0)
79 && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
80 && EVP_CIPHER_CTX_set_padding(ctx, pad)
81 && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
82 }
83
84 /* Test a single KAT for encrypt/decrypt */
self_test_cipher(const ST_KAT_CIPHER * t,OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)85 static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
86 OSSL_LIB_CTX *libctx)
87 {
88 int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0;
89 EVP_CIPHER_CTX *ctx = NULL;
90 EVP_CIPHER *cipher = NULL;
91 unsigned char ct_buf[256] = { 0 };
92 unsigned char pt_buf[256] = { 0 };
93
94 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
95
96 ctx = EVP_CIPHER_CTX_new();
97 if (ctx == NULL)
98 goto err;
99 cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, NULL);
100 if (cipher == NULL)
101 goto err;
102
103 /* Encrypt plain text message */
104 if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {
105 if (!cipher_init(ctx, cipher, t, encrypt)
106 || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,
107 t->base.pt_len)
108 || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
109 goto err;
110
111 OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);
112 ct_len += len;
113 if (ct_len != (int)t->base.expected_len
114 || memcmp(t->base.expected, ct_buf, ct_len) != 0)
115 goto err;
116
117 if (t->tag != NULL) {
118 unsigned char tag[16] = { 0 };
119
120 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,
121 tag) <= 0
122 || memcmp(tag, t->tag, t->tag_len) != 0)
123 goto err;
124 }
125 }
126
127 /* Decrypt cipher text */
128 if ((t->mode & CIPHER_MODE_DECRYPT) != 0) {
129 if (!(cipher_init(ctx, cipher, t, !encrypt)
130 && EVP_CipherUpdate(ctx, pt_buf, &len,
131 t->base.expected, t->base.expected_len)
132 && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
133 goto err;
134 OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf);
135 pt_len += len;
136 if (pt_len != (int)t->base.pt_len
137 || memcmp(pt_buf, t->base.pt, pt_len) != 0)
138 goto err;
139 }
140
141 ret = 1;
142 err:
143 EVP_CIPHER_free(cipher);
144 EVP_CIPHER_CTX_free(ctx);
145 OSSL_SELF_TEST_onend(st, ret);
146 return ret;
147 }
148
add_params(OSSL_PARAM_BLD * bld,const ST_KAT_PARAM * params,BN_CTX * ctx)149 static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
150 BN_CTX *ctx)
151 {
152 int ret = 0;
153 const ST_KAT_PARAM *p;
154
155 if (params == NULL)
156 return 1;
157 for (p = params; p->data != NULL; ++p)
158 {
159 switch (p->type) {
160 case OSSL_PARAM_UNSIGNED_INTEGER: {
161 BIGNUM *bn = BN_CTX_get(ctx);
162
163 if (bn == NULL
164 || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
165 || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
166 goto err;
167 break;
168 }
169 case OSSL_PARAM_UTF8_STRING: {
170 if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
171 p->data_len))
172 goto err;
173 break;
174 }
175 case OSSL_PARAM_OCTET_STRING: {
176 if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
177 p->data_len))
178 goto err;
179 break;
180 }
181 case OSSL_PARAM_INTEGER: {
182 if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))
183 goto err;
184 break;
185 }
186 default:
187 break;
188 }
189 }
190 ret = 1;
191 err:
192 return ret;
193 }
194
self_test_kdf(const ST_KAT_KDF * t,OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)195 static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
196 OSSL_LIB_CTX *libctx)
197 {
198 int ret = 0;
199 unsigned char out[128];
200 EVP_KDF *kdf = NULL;
201 EVP_KDF_CTX *ctx = NULL;
202 BN_CTX *bnctx = NULL;
203 OSSL_PARAM *params = NULL;
204 OSSL_PARAM_BLD *bld = NULL;
205
206 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
207
208 bld = OSSL_PARAM_BLD_new();
209 if (bld == NULL)
210 goto err;
211
212 kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
213 if (kdf == NULL)
214 goto err;
215
216 ctx = EVP_KDF_CTX_new(kdf);
217 if (ctx == NULL)
218 goto err;
219
220 bnctx = BN_CTX_new_ex(libctx);
221 if (bnctx == NULL)
222 goto err;
223 if (!add_params(bld, t->params, bnctx))
224 goto err;
225 params = OSSL_PARAM_BLD_to_param(bld);
226 if (params == NULL)
227 goto err;
228
229 if (t->expected_len > sizeof(out))
230 goto err;
231 if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0)
232 goto err;
233
234 OSSL_SELF_TEST_oncorrupt_byte(st, out);
235
236 if (memcmp(out, t->expected, t->expected_len) != 0)
237 goto err;
238
239 ret = 1;
240 err:
241 EVP_KDF_free(kdf);
242 EVP_KDF_CTX_free(ctx);
243 BN_CTX_free(bnctx);
244 OSSL_PARAM_free(params);
245 OSSL_PARAM_BLD_free(bld);
246 OSSL_SELF_TEST_onend(st, ret);
247 return ret;
248 }
249
self_test_drbg(const ST_KAT_DRBG * t,OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)250 static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st,
251 OSSL_LIB_CTX *libctx)
252 {
253 int ret = 0;
254 unsigned char out[256];
255 EVP_RAND *rand;
256 EVP_RAND_CTX *test = NULL, *drbg = NULL;
257 unsigned int strength = 256;
258 int prediction_resistance = 1; /* Causes a reseed */
259 OSSL_PARAM drbg_params[3] = {
260 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
261 };
262
263 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);
264
265 rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);
266 if (rand == NULL)
267 goto err;
268
269 test = EVP_RAND_CTX_new(rand, NULL);
270 EVP_RAND_free(rand);
271 if (test == NULL)
272 goto err;
273
274 drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
275 &strength);
276 if (!EVP_RAND_CTX_set_params(test, drbg_params))
277 goto err;
278
279 rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);
280 if (rand == NULL)
281 goto err;
282
283 drbg = EVP_RAND_CTX_new(rand, test);
284 EVP_RAND_free(rand);
285 if (drbg == NULL)
286 goto err;
287
288 strength = EVP_RAND_get_strength(drbg);
289
290 drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,
291 t->param_value, 0);
292 /* This is only used by HMAC-DRBG but it is ignored by the others */
293 drbg_params[1] =
294 OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
295 if (!EVP_RAND_CTX_set_params(drbg, drbg_params))
296 goto err;
297
298 drbg_params[0] =
299 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
300 (void *)t->entropyin,
301 t->entropyinlen);
302 drbg_params[1] =
303 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
304 (void *)t->nonce, t->noncelen);
305 if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params))
306 goto err;
307 if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen,
308 NULL))
309 goto err;
310
311 drbg_params[0] =
312 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
313 (void *)t->entropyinpr1,
314 t->entropyinpr1len);
315 if (!EVP_RAND_CTX_set_params(test, drbg_params))
316 goto err;
317
318 if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
319 prediction_resistance,
320 t->entropyaddin1, t->entropyaddin1len))
321 goto err;
322
323 drbg_params[0] =
324 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
325 (void *)t->entropyinpr2,
326 t->entropyinpr2len);
327 if (!EVP_RAND_CTX_set_params(test, drbg_params))
328 goto err;
329
330 /*
331 * This calls ossl_prov_drbg_reseed() internally when
332 * prediction_resistance = 1
333 */
334 if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
335 prediction_resistance,
336 t->entropyaddin2, t->entropyaddin2len))
337 goto err;
338
339 OSSL_SELF_TEST_oncorrupt_byte(st, out);
340
341 if (memcmp(out, t->expected, t->expectedlen) != 0)
342 goto err;
343
344 if (!EVP_RAND_uninstantiate(drbg))
345 goto err;
346 /*
347 * Check that the DRBG data has been zeroized after
348 * ossl_prov_drbg_uninstantiate.
349 */
350 if (!EVP_RAND_verify_zeroization(drbg))
351 goto err;
352
353 ret = 1;
354 err:
355 EVP_RAND_CTX_free(drbg);
356 EVP_RAND_CTX_free(test);
357 OSSL_SELF_TEST_onend(st, ret);
358 return ret;
359 }
360
361 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
self_test_ka(const ST_KAT_KAS * t,OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)362 static int self_test_ka(const ST_KAT_KAS *t,
363 OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
364 {
365 int ret = 0;
366 EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
367 EVP_PKEY *pkey = NULL, *peerkey = NULL;
368 OSSL_PARAM *params = NULL;
369 OSSL_PARAM *params_peer = NULL;
370 unsigned char secret[256];
371 size_t secret_len = sizeof(secret);
372 OSSL_PARAM_BLD *bld = NULL;
373 BN_CTX *bnctx = NULL;
374
375 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
376
377 bnctx = BN_CTX_new_ex(libctx);
378 if (bnctx == NULL)
379 goto err;
380
381 bld = OSSL_PARAM_BLD_new();
382 if (bld == NULL)
383 goto err;
384
385 if (!add_params(bld, t->key_group, bnctx)
386 || !add_params(bld, t->key_host_data, bnctx))
387 goto err;
388 params = OSSL_PARAM_BLD_to_param(bld);
389
390 if (!add_params(bld, t->key_group, bnctx)
391 || !add_params(bld, t->key_peer_data, bnctx))
392 goto err;
393
394 params_peer = OSSL_PARAM_BLD_to_param(bld);
395 if (params == NULL || params_peer == NULL)
396 goto err;
397
398 /* Create a EVP_PKEY_CTX to load the DH keys into */
399 kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
400 if (kactx == NULL)
401 goto err;
402 if (EVP_PKEY_fromdata_init(kactx) <= 0
403 || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
404 goto err;
405 if (EVP_PKEY_fromdata_init(kactx) <= 0
406 || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)
407 goto err;
408
409 /* Create a EVP_PKEY_CTX to perform key derivation */
410 dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
411 if (dctx == NULL)
412 goto err;
413
414 if (EVP_PKEY_derive_init(dctx) <= 0
415 || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
416 || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
417 goto err;
418
419 OSSL_SELF_TEST_oncorrupt_byte(st, secret);
420
421 if (secret_len != t->expected_len
422 || memcmp(secret, t->expected, t->expected_len) != 0)
423 goto err;
424 ret = 1;
425 err:
426 BN_CTX_free(bnctx);
427 EVP_PKEY_free(pkey);
428 EVP_PKEY_free(peerkey);
429 EVP_PKEY_CTX_free(kactx);
430 EVP_PKEY_CTX_free(dctx);
431 OSSL_PARAM_free(params_peer);
432 OSSL_PARAM_free(params);
433 OSSL_PARAM_BLD_free(bld);
434 OSSL_SELF_TEST_onend(st, ret);
435 return ret;
436 }
437 #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
438
self_test_sign(const ST_KAT_SIGN * t,OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)439 static int self_test_sign(const ST_KAT_SIGN *t,
440 OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
441 {
442 int ret = 0;
443 OSSL_PARAM *params = NULL, *params_sig = NULL;
444 OSSL_PARAM_BLD *bld = NULL;
445 EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
446 EVP_PKEY *pkey = NULL;
447 unsigned char sig[256];
448 BN_CTX *bnctx = NULL;
449 size_t siglen = sizeof(sig);
450 static const unsigned char dgst[] = {
451 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
452 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
453 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
454 };
455 const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;
456
457 if (t->sig_expected == NULL)
458 typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;
459
460 OSSL_SELF_TEST_onbegin(st, typ, t->desc);
461
462 bnctx = BN_CTX_new_ex(libctx);
463 if (bnctx == NULL)
464 goto err;
465
466 bld = OSSL_PARAM_BLD_new();
467 if (bld == NULL)
468 goto err;
469
470 if (!add_params(bld, t->key, bnctx))
471 goto err;
472 params = OSSL_PARAM_BLD_to_param(bld);
473
474 /* Create a EVP_PKEY_CTX to load the DSA key into */
475 kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
476 if (kctx == NULL || params == NULL)
477 goto err;
478 if (EVP_PKEY_fromdata_init(kctx) <= 0
479 || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
480 goto err;
481
482 /* Create a EVP_PKEY_CTX to use for the signing operation */
483 sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
484 if (sctx == NULL
485 || EVP_PKEY_sign_init(sctx) <= 0)
486 goto err;
487
488 /* set signature parameters */
489 if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
490 t->mdalgorithm,
491 strlen(t->mdalgorithm) + 1))
492 goto err;
493 params_sig = OSSL_PARAM_BLD_to_param(bld);
494 if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
495 goto err;
496
497 if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
498 || EVP_PKEY_verify_init(sctx) <= 0
499 || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
500 goto err;
501
502 /*
503 * Used by RSA, for other key types where the signature changes, we
504 * can only use the verify.
505 */
506 if (t->sig_expected != NULL
507 && (siglen != t->sig_expected_len
508 || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
509 goto err;
510
511 OSSL_SELF_TEST_oncorrupt_byte(st, sig);
512 if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
513 goto err;
514 ret = 1;
515 err:
516 BN_CTX_free(bnctx);
517 EVP_PKEY_free(pkey);
518 EVP_PKEY_CTX_free(kctx);
519 EVP_PKEY_CTX_free(sctx);
520 OSSL_PARAM_free(params);
521 OSSL_PARAM_free(params_sig);
522 OSSL_PARAM_BLD_free(bld);
523 OSSL_SELF_TEST_onend(st, ret);
524 return ret;
525 }
526
527 /*
528 * Test an encrypt or decrypt KAT..
529 *
530 * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt
531 * and decrypt..
532 */
self_test_asym_cipher(const ST_KAT_ASYM_CIPHER * t,OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)533 static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st,
534 OSSL_LIB_CTX *libctx)
535 {
536 int ret = 0;
537 OSSL_PARAM *keyparams = NULL, *initparams = NULL;
538 OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL;
539 EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL;
540 EVP_PKEY *key = NULL;
541 BN_CTX *bnctx = NULL;
542 unsigned char out[256];
543 size_t outlen = sizeof(out);
544
545 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);
546
547 bnctx = BN_CTX_new_ex(libctx);
548 if (bnctx == NULL)
549 goto err;
550
551 /* Load a public or private key from data */
552 keybld = OSSL_PARAM_BLD_new();
553 if (keybld == NULL
554 || !add_params(keybld, t->key, bnctx))
555 goto err;
556 keyparams = OSSL_PARAM_BLD_to_param(keybld);
557 keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);
558 if (keyctx == NULL || keyparams == NULL)
559 goto err;
560 if (EVP_PKEY_fromdata_init(keyctx) <= 0
561 || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)
562 goto err;
563
564 /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */
565 encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
566 if (encctx == NULL
567 || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)
568 || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))
569 goto err;
570
571 /* Add any additional parameters such as padding */
572 if (t->postinit != NULL) {
573 initbld = OSSL_PARAM_BLD_new();
574 if (initbld == NULL)
575 goto err;
576 if (!add_params(initbld, t->postinit, bnctx))
577 goto err;
578 initparams = OSSL_PARAM_BLD_to_param(initbld);
579 if (initparams == NULL)
580 goto err;
581 if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)
582 goto err;
583 }
584
585 if (t->encrypt) {
586 if (EVP_PKEY_encrypt(encctx, out, &outlen,
587 t->in, t->in_len) <= 0)
588 goto err;
589 } else {
590 if (EVP_PKEY_decrypt(encctx, out, &outlen,
591 t->in, t->in_len) <= 0)
592 goto err;
593 }
594 /* Check the KAT */
595 OSSL_SELF_TEST_oncorrupt_byte(st, out);
596 if (outlen != t->expected_len
597 || memcmp(out, t->expected, t->expected_len) != 0)
598 goto err;
599
600 ret = 1;
601 err:
602 BN_CTX_free(bnctx);
603 EVP_PKEY_free(key);
604 EVP_PKEY_CTX_free(encctx);
605 EVP_PKEY_CTX_free(keyctx);
606 OSSL_PARAM_free(keyparams);
607 OSSL_PARAM_BLD_free(keybld);
608 OSSL_PARAM_free(initparams);
609 OSSL_PARAM_BLD_free(initbld);
610 OSSL_SELF_TEST_onend(st, ret);
611 return ret;
612 }
613
614 /*
615 * Test a data driven list of KAT's for digest algorithms.
616 * All tests are run regardless of if they fail or not.
617 * Return 0 if any test fails.
618 */
self_test_digests(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)619 static int self_test_digests(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
620 {
621 int i, ret = 1;
622
623 for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
624 if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))
625 ret = 0;
626 }
627 return ret;
628 }
629
self_test_ciphers(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)630 static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
631 {
632 int i, ret = 1;
633
634 for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
635 if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))
636 ret = 0;
637 }
638 return ret;
639 }
640
self_test_asym_ciphers(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)641 static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
642 {
643 int i, ret = 1;
644
645 for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
646 if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
647 ret = 0;
648 }
649 return ret;
650 }
651
self_test_kdfs(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)652 static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
653 {
654 int i, ret = 1;
655
656 for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
657 if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))
658 ret = 0;
659 }
660 return ret;
661 }
662
self_test_drbgs(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)663 static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
664 {
665 int i, ret = 1;
666
667 for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {
668 if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))
669 ret = 0;
670 }
671 return ret;
672 }
673
self_test_kas(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)674 static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
675 {
676 int ret = 1;
677 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
678 int i;
679
680 for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
681 if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
682 ret = 0;
683 }
684 #endif
685
686 return ret;
687 }
688
self_test_signatures(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)689 static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
690 {
691 int i, ret = 1;
692
693 for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
694 if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
695 ret = 0;
696 }
697 return ret;
698 }
699
700 /*
701 * Run the algorithm KAT's.
702 * Return 1 is successful, otherwise return 0.
703 * This runs all the tests regardless of if any fail.
704 */
SELF_TEST_kats(OSSL_SELF_TEST * st,OSSL_LIB_CTX * libctx)705 int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
706 {
707 int ret = 1;
708
709 if (!self_test_digests(st, libctx))
710 ret = 0;
711 if (!self_test_ciphers(st, libctx))
712 ret = 0;
713 if (!self_test_signatures(st, libctx))
714 ret = 0;
715 if (!self_test_kdfs(st, libctx))
716 ret = 0;
717 if (!self_test_drbgs(st, libctx))
718 ret = 0;
719 if (!self_test_kas(st, libctx))
720 ret = 0;
721 if (!self_test_asym_ciphers(st, libctx))
722 ret = 0;
723
724 return ret;
725 }
726