1 /*
2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <ctype.h>
15 #include <openssl/evp.h>
16 #include <openssl/pem.h>
17 #include <openssl/err.h>
18 #include <openssl/provider.h>
19 #include <openssl/x509v3.h>
20 #include <openssl/pkcs12.h>
21 #include <openssl/kdf.h>
22 #include <openssl/params.h>
23 #include <openssl/param_build.h>
24 #include <openssl/core_names.h>
25 #include <openssl/fips_names.h>
26 #include <openssl/thread.h>
27 #include "internal/numbers.h"
28 #include "internal/nelem.h"
29 #include "internal/sizes.h"
30 #include "crypto/evp.h"
31 #include "testutil.h"
32
33 typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
34 DEFINE_STACK_OF(EVP_TEST_BUFFER)
35
36 #define AAD_NUM 4
37
38 typedef struct evp_test_method_st EVP_TEST_METHOD;
39
40 /* Structure holding test information */
41 typedef struct evp_test_st {
42 STANZA s; /* Common test stanza */
43 char *name;
44 int skip; /* Current test should be skipped */
45 const EVP_TEST_METHOD *meth; /* method for this test */
46 const char *err, *aux_err; /* Error string for test */
47 char *expected_err; /* Expected error value of test */
48 char *reason; /* Expected error reason string */
49 void *data; /* test specific data */
50 int expect_unapproved;
51 } EVP_TEST;
52
53 /* Test method structure */
54 struct evp_test_method_st {
55 /* Name of test as it appears in file */
56 const char *name;
57 /* Initialise test for "alg" */
58 int (*init) (EVP_TEST *t, const char *alg);
59 /* Clean up method */
60 void (*cleanup) (EVP_TEST *t);
61 /* Test specific name value pair processing */
62 int (*parse) (EVP_TEST *t, const char *name, const char *value);
63 /* Run the test itself */
64 int (*run_test) (EVP_TEST *t);
65 };
66
67 /* Linked list of named keys. */
68 typedef struct key_list_st {
69 char *name;
70 EVP_PKEY *key;
71 struct key_list_st *next;
72 } KEY_LIST;
73
74 typedef enum OPTION_choice {
75 OPT_ERR = -1,
76 OPT_EOF = 0,
77 OPT_CONFIG_FILE,
78 OPT_IN_PLACE,
79 OPT_PROVIDER_NAME,
80 OPT_PROV_PROPQUERY,
81 OPT_DATA_CHUNK,
82 OPT_TEST_ENUM
83 } OPTION_CHOICE;
84
85 static OSSL_PROVIDER *prov_null = NULL;
86 static OSSL_PROVIDER *libprov = NULL;
87 static OSSL_LIB_CTX *libctx = NULL;
88 static int fips_indicator_callback_unapproved_count = 0;
89 static int extended_tests = 0;
90
91 /* List of public and private keys */
92 static KEY_LIST *private_keys;
93 static KEY_LIST *public_keys;
94
95 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
96 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
97 static int parse_bin_chunk(const char *value, size_t offset, size_t max,
98 unsigned char **buf, size_t *buflen, size_t *out_offset);
99 static int is_digest_disabled(const char *name);
100 static int is_pkey_disabled(const char *name);
101 static int is_mac_disabled(const char *name);
102 static int is_cipher_disabled(const char *name);
103 static int is_kdf_disabled(const char *name);
104
105 /* A callback that is triggered if fips unapproved mode is detected */
fips_indicator_cb(const char * type,const char * desc,const OSSL_PARAM params[])106 static int fips_indicator_cb(const char *type, const char *desc,
107 const OSSL_PARAM params[])
108 {
109 fips_indicator_callback_unapproved_count++;
110 TEST_info("(Indicator Callback received %s : %s is not approved)", type, desc);
111 return 1;
112 }
113
check_fips_approved(EVP_TEST * t,int approved)114 static int check_fips_approved(EVP_TEST *t, int approved)
115 {
116 /*
117 * If the expected result is approved
118 * then it is expected that approved will be 1
119 * and the fips indicator callback has not been triggered, otherwise
120 * approved should be 0 and the fips indicator callback should be triggered.
121 */
122 if (t->expect_unapproved) {
123 if (approved == 1 || fips_indicator_callback_unapproved_count == 0) {
124 TEST_error("Test is not expected to be FIPS approved");
125 return 0;
126 }
127 } else {
128 if (approved == 0 || fips_indicator_callback_unapproved_count > 0) {
129 TEST_error("Test is expected to be FIPS approved");
130 return 0;
131 }
132 }
133 return 1;
134 }
135
mac_check_fips_approved(EVP_MAC_CTX * ctx,EVP_TEST * t)136 static int mac_check_fips_approved(EVP_MAC_CTX *ctx, EVP_TEST *t)
137 {
138 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
139 /*
140 * For any getters that do not handle the FIPS indicator assume a default
141 * value of approved.
142 */
143 int approved = 1;
144
145 if (EVP_MAC_CTX_gettable_params(ctx) == NULL)
146 return 1;
147
148 params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR,
149 &approved);
150 if (!EVP_MAC_CTX_get_params(ctx, params))
151 return 0;
152 return check_fips_approved(t, approved);
153 }
154
pkey_check_fips_approved(EVP_PKEY_CTX * ctx,EVP_TEST * t)155 static int pkey_check_fips_approved(EVP_PKEY_CTX *ctx, EVP_TEST *t)
156 {
157 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
158 /*
159 * For any getters that do not handle the FIPS indicator assume a default
160 * value of approved.
161 */
162 int approved = 1;
163 const OSSL_PARAM *gettables = EVP_PKEY_CTX_gettable_params(ctx);
164
165 if (gettables == NULL
166 || OSSL_PARAM_locate_const(gettables,
167 OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR)
168 == NULL)
169 return 1;
170
171 /* Older providers dont have a gettable */
172 if (EVP_PKEY_CTX_gettable_params(ctx) == NULL)
173 return 1;
174
175 params[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR,
176 &approved);
177 if (!EVP_PKEY_CTX_get_params(ctx, params))
178 return 0;
179 return check_fips_approved(t, approved);
180 }
181
rand_check_fips_approved(EVP_RAND_CTX * ctx,EVP_TEST * t)182 static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t)
183 {
184 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
185 /*
186 * For any getters that do not handle the FIPS indicator assume a default
187 * value of approved.
188 */
189 int approved = 1;
190
191 if (EVP_RAND_CTX_gettable_params(ctx) == NULL)
192 return 1;
193
194 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR,
195 &approved);
196 if (!EVP_RAND_CTX_get_params(ctx, params))
197 return 0;
198 return check_fips_approved(t, approved);
199 }
200
ctrladd(STACK_OF (OPENSSL_STRING)* controls,const char * value)201 static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value)
202 {
203 char *data = OPENSSL_strdup(value);
204
205 if (data == NULL)
206 return -1;
207
208 if (sk_OPENSSL_STRING_push(controls, data) <= 0) {
209 OPENSSL_free(data);
210 return -1;
211 }
212
213 return 1;
214 }
215
216 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
openssl_free(char * m)217 static void openssl_free(char *m)
218 {
219 OPENSSL_free(m);
220 }
221
ctrlfree(STACK_OF (OPENSSL_STRING)* controls)222 static void ctrlfree(STACK_OF(OPENSSL_STRING) *controls)
223 {
224 sk_OPENSSL_STRING_pop_free(controls, openssl_free);
225 }
226
227 /*
228 * This is used if ctrl2params() passes settables as NULL.
229 * A default list of settable OSSL_PARAM that may be set during an operations
230 * init().
231 * Using the algorithms settable list is problematic since it requires that the
232 * init() has already run.
233 */
234 static const OSSL_PARAM settable_ctx_params[] = {
235 OSSL_PARAM_int("key-check", NULL),
236 OSSL_PARAM_int("digest-check", NULL),
237 OSSL_PARAM_int("ems_check", NULL),
238 OSSL_PARAM_int("sign-check", NULL),
239 OSSL_PARAM_int("encrypt-check", NULL),
240 OSSL_PARAM_int("rsa-pss-saltlen-check", NULL),
241 OSSL_PARAM_int("sign-x931-pad-check", NULL),
242 OSSL_PARAM_END
243 };
244
ctrl2params(EVP_TEST * t,STACK_OF (OPENSSL_STRING)* controls,const OSSL_PARAM * settables,OSSL_PARAM params[],size_t params_sz,size_t * params_n)245 static int ctrl2params(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls,
246 const OSSL_PARAM *settables,
247 OSSL_PARAM params[], size_t params_sz, size_t *params_n)
248 {
249 int i;
250
251 if (settables == NULL)
252 settables = settable_ctx_params;
253 /* check bounds */
254 if (*params_n + sk_OPENSSL_STRING_num(controls) >= params_sz) {
255 t->err = "ERR_TOO_MANY_PARAMETERS";
256 goto err;
257 }
258 for (i = 0; i < sk_OPENSSL_STRING_num(controls); i++) {
259 char *tmpkey, *tmpval;
260 char *value = sk_OPENSSL_STRING_value(controls, i);
261
262 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
263 t->err = "ERR_PARAM_ERROR";
264 goto err;
265 }
266 tmpval = strchr(tmpkey, ':');
267 if (tmpval != NULL)
268 *tmpval++ = '\0';
269
270 if (tmpval == NULL
271 || !OSSL_PARAM_allocate_from_text(¶ms[*params_n],
272 settables,
273 tmpkey, tmpval,
274 strlen(tmpval), NULL)) {
275 OPENSSL_free(tmpkey);
276 t->err = "ERR_PARAM_ERROR";
277 goto err;
278 }
279 *params_n += 1;
280 OPENSSL_free(tmpkey);
281 }
282 params[*params_n] = OSSL_PARAM_construct_end();
283 return 1;
284 err:
285 return 0;
286 }
287
ctrl2params_free(OSSL_PARAM params[],size_t params_n,size_t params_n_allocstart)288 static void ctrl2params_free(OSSL_PARAM params[],
289 size_t params_n, size_t params_n_allocstart)
290 {
291 while (params_n-- > params_n_allocstart) {
292 OPENSSL_free(params[params_n].data);
293 }
294 }
295
kdf_check_fips_approved(EVP_KDF_CTX * ctx,EVP_TEST * t)296 static int kdf_check_fips_approved(EVP_KDF_CTX *ctx, EVP_TEST *t)
297 {
298 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
299 int approved = 1;
300
301 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR,
302 &approved);
303 if (!EVP_KDF_CTX_get_params(ctx, params))
304 return 0;
305 return check_fips_approved(t, approved);
306 }
307
cipher_check_fips_approved(EVP_CIPHER_CTX * ctx,EVP_TEST * t)308 static int cipher_check_fips_approved(EVP_CIPHER_CTX *ctx, EVP_TEST *t)
309 {
310 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
311 int approved = 1;
312
313 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR,
314 &approved);
315 if (!EVP_CIPHER_CTX_get_params(ctx, params))
316 return 0;
317 return check_fips_approved(t, approved);
318 }
319
320 /*
321 * Compare two memory regions for equality, returning zero if they differ.
322 * However, if there is expected to be an error and the actual error
323 * matches then the memory is expected to be different so handle this
324 * case without producing unnecessary test framework output.
325 */
memory_err_compare(EVP_TEST * t,const char * err,const void * expected,size_t expected_len,const void * got,size_t got_len)326 static int memory_err_compare(EVP_TEST *t, const char *err,
327 const void *expected, size_t expected_len,
328 const void *got, size_t got_len)
329 {
330 int r;
331
332 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
333 r = !TEST_mem_ne(expected, expected_len, got, got_len);
334 else
335 r = TEST_mem_eq(expected, expected_len, got, got_len);
336 if (!r)
337 t->err = err;
338 return r;
339 }
340
341 /* Option specific for evp test */
342 static int process_mode_in_place;
343 static const char *propquery = NULL;
344 static int data_chunk_size;
345
evp_test_process_mode(char * mode)346 static int evp_test_process_mode(char *mode)
347 {
348 if (strcmp(mode, "in_place") == 0)
349 return 1;
350 else if (strcmp(mode, "both") == 0)
351 return 0;
352 return -1;
353 }
354
355 /*
356 * Structure used to hold a list of blocks of memory to test
357 * calls to "update" like functions.
358 */
359 struct evp_test_buffer_st {
360 unsigned char *buf;
361 size_t buflen;
362 size_t count;
363 int count_set;
364 };
365
evp_test_buffer_free(EVP_TEST_BUFFER * db)366 static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
367 {
368 if (db != NULL) {
369 OPENSSL_free(db->buf);
370 OPENSSL_free(db);
371 }
372 }
373
374 /* append buffer to a list */
evp_test_buffer_append(const char * value,size_t max_len,STACK_OF (EVP_TEST_BUFFER)** sk)375 static int evp_test_buffer_append(const char *value, size_t max_len,
376 STACK_OF(EVP_TEST_BUFFER) **sk)
377 {
378 EVP_TEST_BUFFER *db = NULL;
379 int rv = 0;
380 size_t offset = 0;
381
382 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
383 goto err;
384
385 do {
386 if (!TEST_ptr(db = OPENSSL_zalloc(sizeof(*db))))
387 goto err;
388 if (max_len == 0) {
389 /* parse all in one shot */
390 if ((rv = parse_bin(value, &db->buf, &db->buflen)) != 1)
391 goto err;
392 } else {
393 /* parse in chunks */
394 size_t new_offset = 0;
395
396 if ((rv = parse_bin_chunk(value, offset, max_len, &db->buf,
397 &db->buflen, &new_offset)) == -1)
398 goto err;
399 offset = new_offset;
400 }
401
402 db->count = 1;
403 db->count_set = 0;
404
405 if (db->buf == NULL)
406 evp_test_buffer_free(db);
407 else if (db->buf != NULL && !sk_EVP_TEST_BUFFER_push(*sk, db))
408 goto err;
409 /* if processing by chunks, continue until the whole value is parsed */
410 } while (rv == 1 && max_len != 0);
411
412 return 1;
413
414 err:
415 evp_test_buffer_free(db);
416 return 0;
417 }
418
419 /* replace last buffer in list with copies of itself */
evp_test_buffer_ncopy(const char * value,STACK_OF (EVP_TEST_BUFFER)* sk)420 static int evp_test_buffer_ncopy(const char *value,
421 STACK_OF(EVP_TEST_BUFFER) *sk)
422 {
423 EVP_TEST_BUFFER *db;
424 unsigned char *tbuf, *p;
425 size_t tbuflen;
426 int ncopy = atoi(value);
427 int i;
428
429 if (ncopy <= 0)
430 return 0;
431 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
432 return 0;
433 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
434
435 tbuflen = db->buflen * ncopy;
436 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
437 return 0;
438 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
439 memcpy(p, db->buf, db->buflen);
440
441 OPENSSL_free(db->buf);
442 db->buf = tbuf;
443 db->buflen = tbuflen;
444 return 1;
445 }
446
447 /* set repeat count for last buffer in list */
evp_test_buffer_set_count(const char * value,STACK_OF (EVP_TEST_BUFFER)* sk)448 static int evp_test_buffer_set_count(const char *value,
449 STACK_OF(EVP_TEST_BUFFER) *sk)
450 {
451 EVP_TEST_BUFFER *db;
452 int count = atoi(value);
453
454 if (count <= 0)
455 return 0;
456
457 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
458 return 0;
459
460 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
461 if (db->count_set != 0)
462 return 0;
463
464 db->count = (size_t)count;
465 db->count_set = 1;
466 return 1;
467 }
468
469 /* call "fn" with each element of the list in turn */
evp_test_buffer_do(STACK_OF (EVP_TEST_BUFFER)* sk,int (* fn)(void * ctx,const unsigned char * buf,size_t buflen),void * ctx)470 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
471 int (*fn)(void *ctx,
472 const unsigned char *buf,
473 size_t buflen),
474 void *ctx)
475 {
476 int i;
477
478 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
479 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
480 size_t j;
481
482 for (j = 0; j < tb->count; j++) {
483 if (fn(ctx, tb->buf, tb->buflen) <= 0)
484 return 0;
485 }
486 }
487 return 1;
488 }
489
490 /*
491 * Unescape some sequences in string literals (only \n for now).
492 * Return an allocated buffer, set |out_len|. If |input_len|
493 * is zero, get an empty buffer but set length to zero.
494 */
unescape(const char * input,size_t input_len,size_t * out_len)495 static unsigned char* unescape(const char *input, size_t input_len,
496 size_t *out_len)
497 {
498 unsigned char *ret, *p;
499 size_t i;
500
501 if (input_len == 0) {
502 *out_len = 0;
503 return OPENSSL_zalloc(1);
504 }
505
506 /* Escaping is non-expanding; over-allocate original size for simplicity. */
507 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
508 return NULL;
509
510 for (i = 0; i < input_len; i++) {
511 if (*input == '\\') {
512 if (i == input_len - 1 || *++input != 'n') {
513 TEST_error("Bad escape sequence in file");
514 goto err;
515 }
516 *p++ = '\n';
517 i++;
518 input++;
519 } else {
520 *p++ = *input++;
521 }
522 }
523
524 *out_len = p - ret;
525 return ret;
526
527 err:
528 OPENSSL_free(ret);
529 return NULL;
530 }
531
532 /*
533 * For a hex string "value" convert to a binary allocated buffer.
534 * Return 1 on success or 0 on failure.
535 */
parse_bin(const char * value,unsigned char ** buf,size_t * buflen)536 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
537 {
538 long len;
539
540 /* Check for NULL literal */
541 if (strcmp(value, "NULL") == 0) {
542 *buf = NULL;
543 *buflen = 0;
544 return 1;
545 }
546
547 /* Check for empty value */
548 if (*value == '\0') {
549 /*
550 * Don't return NULL for zero length buffer. This is needed for
551 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
552 * buffer even if the key length is 0, in order to detect key reset.
553 */
554 *buf = OPENSSL_malloc(1);
555 if (*buf == NULL)
556 return 0;
557 **buf = 0;
558 *buflen = 0;
559 return 1;
560 }
561
562 /* Check for string literal */
563 if (value[0] == '"') {
564 size_t vlen = strlen(++value);
565
566 if (vlen == 0 || value[vlen - 1] != '"')
567 return 0;
568 vlen--;
569 *buf = unescape(value, vlen, buflen);
570 return *buf == NULL ? 0 : 1;
571 }
572
573 /* Otherwise assume as hex literal and convert it to binary buffer */
574 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
575 TEST_info("Can't convert %s", value);
576 TEST_openssl_errors();
577 return -1;
578 }
579 /* Size of input buffer means we'll never overflow */
580 *buflen = len;
581 return 1;
582 }
583
584 /*
585 * Convert at maximum "max" bytes to a binary allocated buffer.
586 * Return 1 on success, -1 on failure or 0 for end of value string.
587 */
parse_bin_chunk(const char * value,size_t offset,size_t max,unsigned char ** buf,size_t * buflen,size_t * out_offset)588 static int parse_bin_chunk(const char *value, size_t offset, size_t max,
589 unsigned char **buf, size_t *buflen, size_t *out_offset)
590 {
591 size_t vlen;
592 size_t chunk_len;
593 const char *value_str = value[0] == '"' ? value + offset + 1 : value + offset;
594
595 if (max < 1)
596 return -1;
597
598 if (*value == '\0' || strcmp(value, "\"\"") == 0) {
599 *buf = OPENSSL_malloc(1);
600 if (*buf == NULL)
601 return 0;
602 **buf = 0;
603 *buflen = 0;
604 return 0;
605 }
606
607 if (*value_str == '\0')
608 return 0;
609
610 vlen = strlen(value_str);
611 if (value[0] == '"') {
612 /* Parse string literal */
613 if (vlen == 1 && value_str[0] != '"')
614 /* Missing ending quotation mark */
615 return -1;
616 if (vlen == 1 && value_str[0] == '"')
617 /* End of value */
618 return 0;
619 vlen--;
620 chunk_len = max > vlen ? vlen : max;
621 if ((*buf = unescape(value_str, chunk_len, buflen)) == NULL)
622 return -1;
623 } else {
624 /* Parse hex string chunk */
625 long len;
626 char *chunk = NULL;
627
628 chunk_len = 2 * max > vlen ? vlen : 2 * max;
629 chunk = OPENSSL_strndup(value_str, chunk_len);
630 if (chunk == NULL)
631 return -1;
632 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(chunk, &len))) {
633 OPENSSL_free(chunk);
634 TEST_openssl_errors();
635 return -1;
636 }
637 OPENSSL_free(chunk);
638 *buflen = len;
639 }
640 *out_offset = value[0] == '"' ? offset + (*buflen) : offset + 2 * (*buflen);
641 return 1;
642 }
643
644 /**
645 ** MESSAGE DIGEST TESTS
646 **/
647
648 typedef struct digest_data_st {
649 /* Digest this test is for */
650 const EVP_MD *digest;
651 EVP_MD *fetched_digest;
652 /* Input to digest */
653 STACK_OF(EVP_TEST_BUFFER) *input;
654 /* Expected output */
655 unsigned char *output;
656 size_t output_len;
657 /* Padding type */
658 int pad_type;
659 /* XOF mode? */
660 int xof;
661 /* Size for variable output length but non-XOF */
662 size_t digest_size;
663 } DIGEST_DATA;
664
digest_test_init(EVP_TEST * t,const char * alg)665 static int digest_test_init(EVP_TEST *t, const char *alg)
666 {
667 DIGEST_DATA *mdat;
668 const EVP_MD *digest;
669 EVP_MD *fetched_digest;
670
671 if (is_digest_disabled(alg)) {
672 TEST_info("skipping, '%s' is disabled", alg);
673 t->skip = 1;
674 return 1;
675 }
676
677 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
678 && (digest = EVP_get_digestbyname(alg)) == NULL)
679 return 0;
680 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) {
681 EVP_MD_free(fetched_digest);
682 return 0;
683 }
684 t->data = mdat;
685 mdat->digest = digest;
686 mdat->fetched_digest = fetched_digest;
687 mdat->pad_type = 0;
688 mdat->xof = 0;
689 if (fetched_digest != NULL)
690 TEST_info("%s is fetched", alg);
691 return 1;
692 }
693
digest_test_cleanup(EVP_TEST * t)694 static void digest_test_cleanup(EVP_TEST *t)
695 {
696 DIGEST_DATA *mdat = t->data;
697
698 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
699 OPENSSL_free(mdat->output);
700 EVP_MD_free(mdat->fetched_digest);
701 }
702
digest_test_parse(EVP_TEST * t,const char * keyword,const char * value)703 static int digest_test_parse(EVP_TEST *t,
704 const char *keyword, const char *value)
705 {
706 DIGEST_DATA *mdata = t->data;
707
708 if (strcmp(keyword, "Input") == 0)
709 return evp_test_buffer_append(value, data_chunk_size, &mdata->input);
710 if (strcmp(keyword, "Output") == 0)
711 return parse_bin(value, &mdata->output, &mdata->output_len);
712 if (strcmp(keyword, "Count") == 0)
713 return evp_test_buffer_set_count(value, mdata->input);
714 if (strcmp(keyword, "Ncopy") == 0)
715 return evp_test_buffer_ncopy(value, mdata->input);
716 if (strcmp(keyword, "Padding") == 0)
717 return (mdata->pad_type = atoi(value)) > 0;
718 if (strcmp(keyword, "XOF") == 0)
719 return (mdata->xof = atoi(value)) > 0;
720 if (strcmp(keyword, "OutputSize") == 0) {
721 int sz;
722
723 sz = atoi(value);
724 if (sz < 0)
725 return -1;
726 mdata->digest_size = sz;
727 return 1;
728 }
729 return 0;
730 }
731
digest_update_fn(void * ctx,const unsigned char * buf,size_t buflen)732 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
733 {
734 return EVP_DigestUpdate(ctx, buf, buflen);
735 }
736
test_duplicate_md_ctx(EVP_TEST * t,EVP_MD_CTX * mctx)737 static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx)
738 {
739 char dont[] = "touch";
740
741 if (!TEST_ptr(mctx))
742 return 0;
743 if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) {
744 EVP_MD_CTX_free(mctx);
745 t->err = "DIGESTFINALXOF_ERROR";
746 return 0;
747 }
748 if (!TEST_str_eq(dont, "touch")) {
749 EVP_MD_CTX_free(mctx);
750 t->err = "DIGESTFINALXOF_ERROR";
751 return 0;
752 }
753 EVP_MD_CTX_free(mctx);
754 return 1;
755 }
756
digest_test_run(EVP_TEST * t)757 static int digest_test_run(EVP_TEST *t)
758 {
759 DIGEST_DATA *expected = t->data;
760 EVP_TEST_BUFFER *inbuf;
761 EVP_MD_CTX *mctx;
762 unsigned char *got = NULL;
763 unsigned int got_len;
764 size_t size = 0;
765 int xof = 0;
766 OSSL_PARAM params[4], *p = ¶ms[0];
767
768 t->err = "TEST_FAILURE";
769 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
770 goto err;
771
772 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
773 expected->output_len : EVP_MAX_MD_SIZE);
774 if (!TEST_ptr(got))
775 goto err;
776
777 if (expected->xof > 0) {
778 xof |= 1;
779 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
780 &expected->output_len);
781 }
782 if (expected->digest_size > 0) {
783 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE,
784 &expected->digest_size);
785 }
786 if (expected->pad_type > 0)
787 *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
788 &expected->pad_type);
789 *p++ = OSSL_PARAM_construct_end();
790
791 if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) {
792 t->err = "DIGESTINIT_ERROR";
793 goto err;
794 }
795
796 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
797 t->err = "DIGESTUPDATE_ERROR";
798 goto err;
799 }
800
801 xof |= EVP_MD_xof(expected->digest);
802 if (xof) {
803 EVP_MD_CTX *mctx_cpy;
804
805 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
806 goto err;
807 }
808 if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) {
809 EVP_MD_CTX_free(mctx_cpy);
810 goto err;
811 } else if (!test_duplicate_md_ctx(t, mctx_cpy)) {
812 goto err;
813 }
814
815 if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx)))
816 goto err;
817
818 got_len = expected->output_len;
819 if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
820 t->err = "DIGESTFINALXOF_ERROR";
821 goto err;
822 }
823 } else {
824 if (!EVP_DigestFinal(mctx, got, &got_len)) {
825 t->err = "DIGESTFINAL_ERROR";
826 goto err;
827 }
828 }
829 if (!TEST_int_eq(expected->output_len, got_len)) {
830 t->err = "DIGEST_LENGTH_MISMATCH";
831 goto err;
832 }
833 if (!memory_err_compare(t, "DIGEST_MISMATCH",
834 expected->output, expected->output_len,
835 got, got_len))
836 goto err;
837
838 t->err = NULL;
839
840 /* Test the EVP_Q_digest interface as well */
841 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
842 && !xof
843 /* This should never fail but we need the returned pointer now */
844 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
845 && !inbuf->count_set) {
846 OPENSSL_cleanse(got, got_len);
847 if (!TEST_true(EVP_Q_digest(libctx,
848 EVP_MD_get0_name(expected->fetched_digest),
849 NULL, inbuf->buf, inbuf->buflen,
850 got, &size))
851 || !TEST_mem_eq(got, size,
852 expected->output, expected->output_len)) {
853 t->err = "EVP_Q_digest failed";
854 goto err;
855 }
856 }
857
858 err:
859 OPENSSL_free(got);
860 EVP_MD_CTX_free(mctx);
861 return 1;
862 }
863
864 static const EVP_TEST_METHOD digest_test_method = {
865 "Digest",
866 digest_test_init,
867 digest_test_cleanup,
868 digest_test_parse,
869 digest_test_run
870 };
871
872 /**
873 *** CIPHER TESTS
874 **/
875
876 typedef struct cipher_data_st {
877 const EVP_CIPHER *cipher;
878 EVP_CIPHER *fetched_cipher;
879 int enc;
880 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
881 int aead;
882 unsigned char *key;
883 size_t key_len;
884 size_t key_bits; /* Used by RC2 */
885 unsigned char *iv;
886 unsigned char *next_iv; /* Expected IV state after operation */
887 unsigned int rounds;
888 size_t iv_len;
889 unsigned char *plaintext;
890 size_t plaintext_len;
891 unsigned char *ciphertext;
892 size_t ciphertext_len;
893 /* AEAD ciphers only */
894 unsigned char *aad[AAD_NUM];
895 size_t aad_len[AAD_NUM];
896 int tls_aad;
897 int tls_version;
898 unsigned char *tag;
899 const char *cts_mode;
900 size_t tag_len;
901 int tag_late;
902 unsigned char *mac_key;
903 size_t mac_key_len;
904 const char *xts_standard;
905 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
906 } CIPHER_DATA;
907
908
909 /*
910 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special
911 * requirements about input lengths so we don't fragment for those
912 */
cipher_test_valid_fragmentation(CIPHER_DATA * cdat)913 static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat)
914 {
915 return (cdat->aead == EVP_CIPH_CCM_MODE
916 || cdat->aead == EVP_CIPH_CBC_MODE
917 || (cdat->aead == -1
918 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
919 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
920 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
921 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE
922 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
923 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1;
924 }
925
cipher_test_init(EVP_TEST * t,const char * alg)926 static int cipher_test_init(EVP_TEST *t, const char *alg)
927 {
928 const EVP_CIPHER *cipher;
929 EVP_CIPHER *fetched_cipher;
930 CIPHER_DATA *cdat;
931 int m;
932
933 if (is_cipher_disabled(alg)) {
934 t->skip = 1;
935 TEST_info("skipping, '%s' is disabled", alg);
936 return 1;
937 }
938
939 ERR_set_mark();
940 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL
941 && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
942 /* a stitched cipher might not be available */
943 if (strstr(alg, "HMAC") != NULL) {
944 ERR_pop_to_mark();
945 t->skip = 1;
946 TEST_info("skipping, '%s' is not available", alg);
947 return 1;
948 }
949 ERR_clear_last_mark();
950 return 0;
951 }
952 ERR_clear_last_mark();
953
954 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
955 return 0;
956
957 cdat->init_controls = sk_OPENSSL_STRING_new_null();
958 cdat->cipher = cipher;
959 cdat->fetched_cipher = fetched_cipher;
960 cdat->enc = -1;
961 m = EVP_CIPHER_get_mode(cipher);
962 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
963 cdat->aead = m != 0 ? m : -1;
964 else
965 cdat->aead = 0;
966
967 if (data_chunk_size != 0 && !cipher_test_valid_fragmentation(cdat)) {
968 ERR_pop_to_mark();
969 EVP_CIPHER_free(fetched_cipher);
970 OPENSSL_free(cdat);
971 t->skip = 1;
972 TEST_info("skipping, '%s' does not support fragmentation", alg);
973 return 1;
974 }
975
976 t->data = cdat;
977 if (fetched_cipher != NULL)
978 TEST_info("%s is fetched", alg);
979 return 1;
980 }
981
cipher_test_cleanup(EVP_TEST * t)982 static void cipher_test_cleanup(EVP_TEST *t)
983 {
984 int i;
985 CIPHER_DATA *cdat = t->data;
986
987 OPENSSL_free(cdat->key);
988 OPENSSL_free(cdat->iv);
989 OPENSSL_free(cdat->next_iv);
990 OPENSSL_free(cdat->ciphertext);
991 OPENSSL_free(cdat->plaintext);
992 for (i = 0; i < AAD_NUM; i++)
993 OPENSSL_free(cdat->aad[i]);
994 OPENSSL_free(cdat->tag);
995 OPENSSL_free(cdat->mac_key);
996 EVP_CIPHER_free(cdat->fetched_cipher);
997 ctrlfree(cdat->init_controls);
998 }
999
cipher_test_parse(EVP_TEST * t,const char * keyword,const char * value)1000 static int cipher_test_parse(EVP_TEST *t, const char *keyword,
1001 const char *value)
1002 {
1003 CIPHER_DATA *cdat = t->data;
1004 int i;
1005
1006 if (strcmp(keyword, "Key") == 0)
1007 return parse_bin(value, &cdat->key, &cdat->key_len);
1008 if (strcmp(keyword, "Rounds") == 0) {
1009 i = atoi(value);
1010 if (i < 0)
1011 return -1;
1012 cdat->rounds = (unsigned int)i;
1013 return 1;
1014 }
1015 if (strcmp(keyword, "IV") == 0)
1016 return parse_bin(value, &cdat->iv, &cdat->iv_len);
1017 if (strcmp(keyword, "NextIV") == 0)
1018 return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
1019 if (strcmp(keyword, "Plaintext") == 0)
1020 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
1021 if (strcmp(keyword, "Ciphertext") == 0)
1022 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
1023 if (strcmp(keyword, "KeyBits") == 0) {
1024 i = atoi(value);
1025 if (i < 0)
1026 return -1;
1027 cdat->key_bits = (size_t)i;
1028 return 1;
1029 }
1030 if (cdat->aead) {
1031 int tls_aad = 0;
1032
1033 if (strcmp(keyword, "TLSAAD") == 0)
1034 cdat->tls_aad = tls_aad = 1;
1035 if (strcmp(keyword, "AAD") == 0 || tls_aad) {
1036 for (i = 0; i < AAD_NUM; i++) {
1037 if (cdat->aad[i] == NULL)
1038 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
1039 }
1040 return -1;
1041 }
1042 if (strcmp(keyword, "Tag") == 0)
1043 return parse_bin(value, &cdat->tag, &cdat->tag_len);
1044 if (strcmp(keyword, "SetTagLate") == 0) {
1045 if (strcmp(value, "TRUE") == 0)
1046 cdat->tag_late = 1;
1047 else if (strcmp(value, "FALSE") == 0)
1048 cdat->tag_late = 0;
1049 else
1050 return -1;
1051 return 1;
1052 }
1053 if (strcmp(keyword, "MACKey") == 0)
1054 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
1055 if (strcmp(keyword, "TLSVersion") == 0) {
1056 char *endptr;
1057
1058 cdat->tls_version = (int)strtol(value, &endptr, 0);
1059 return value[0] != '\0' && endptr[0] == '\0';
1060 }
1061 }
1062
1063 if (strcmp(keyword, "Operation") == 0) {
1064 if (strcmp(value, "ENCRYPT") == 0)
1065 cdat->enc = 1;
1066 else if (strcmp(value, "DECRYPT") == 0)
1067 cdat->enc = 0;
1068 else
1069 return -1;
1070 return 1;
1071 }
1072 if (strcmp(keyword, "CTSMode") == 0) {
1073 cdat->cts_mode = value;
1074 return 1;
1075 }
1076 if (strcmp(keyword, "XTSStandard") == 0) {
1077 cdat->xts_standard = value;
1078 return 1;
1079 }
1080 if (strcmp(keyword, "CtrlInit") == 0)
1081 return ctrladd(cdat->init_controls, value);
1082 return 0;
1083 }
1084
cipher_test_enc(EVP_TEST * t,int enc,size_t out_misalign,size_t inp_misalign,int frag,int in_place,const OSSL_PARAM initparams[])1085 static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
1086 size_t inp_misalign, int frag, int in_place,
1087 const OSSL_PARAM initparams[])
1088 {
1089 CIPHER_DATA *expected = t->data;
1090 unsigned char *in, *expected_out, *tmp = NULL;
1091 size_t in_len, out_len, donelen = 0;
1092 int ok = 0, tmplen, chunklen, tmpflen, i;
1093 EVP_CIPHER_CTX *ctx_base = NULL;
1094 EVP_CIPHER_CTX *ctx = NULL, *duped;
1095 int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0);
1096
1097 t->err = "TEST_FAILURE";
1098 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
1099 goto err;
1100 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1101 goto err;
1102 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
1103 if (enc) {
1104 in = expected->plaintext;
1105 in_len = expected->plaintext_len;
1106 expected_out = expected->ciphertext;
1107 out_len = expected->ciphertext_len;
1108 } else {
1109 in = expected->ciphertext;
1110 in_len = expected->ciphertext_len;
1111 expected_out = expected->plaintext;
1112 out_len = expected->plaintext_len;
1113 }
1114 if (in_place == 1) {
1115 /* Exercise in-place encryption */
1116 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
1117 if (!tmp)
1118 goto err;
1119 in = memcpy(tmp + out_misalign, in, in_len);
1120 } else {
1121 inp_misalign += 16 - ((out_misalign + in_len) & 15);
1122 /*
1123 * 'tmp' will store both output and copy of input. We make the copy
1124 * of input to specifically aligned part of 'tmp'. So we just
1125 * figured out how much padding would ensure the required alignment,
1126 * now we allocate extended buffer and finally copy the input just
1127 * past inp_misalign in expression below. Output will be written
1128 * past out_misalign...
1129 */
1130 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
1131 inp_misalign + in_len);
1132 if (!tmp)
1133 goto err;
1134 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
1135 inp_misalign, in, in_len);
1136 }
1137 if (!EVP_CipherInit_ex2(ctx_base, expected->cipher, NULL, NULL, enc,
1138 initparams)) {
1139 t->err = "CIPHERINIT_ERROR";
1140 goto err;
1141 }
1142 if (expected->cts_mode != NULL) {
1143 OSSL_PARAM params[2];
1144
1145 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
1146 (char *)expected->cts_mode,
1147 0);
1148 params[1] = OSSL_PARAM_construct_end();
1149 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
1150 t->err = "INVALID_CTS_MODE";
1151 goto err;
1152 }
1153 }
1154 if (expected->iv) {
1155 if (expected->aead) {
1156 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
1157 expected->iv_len, 0) <= 0) {
1158 t->err = "INVALID_IV_LENGTH";
1159 goto err;
1160 }
1161 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
1162 t->err = "INVALID_IV_LENGTH";
1163 goto err;
1164 }
1165 }
1166 if (expected->aead && !expected->tls_aad) {
1167 unsigned char *tag;
1168 /*
1169 * If encrypting or OCB just set tag length initially, otherwise
1170 * set tag length and value.
1171 */
1172 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
1173 t->err = "TAG_LENGTH_SET_ERROR";
1174 tag = NULL;
1175 } else {
1176 t->err = "TAG_SET_ERROR";
1177 tag = expected->tag;
1178 }
1179 if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
1180 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
1181 expected->tag_len, tag) <= 0)
1182 goto err;
1183 }
1184 }
1185
1186 if (expected->rounds > 0) {
1187 int rounds = (int)expected->rounds;
1188
1189 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
1190 t->err = "INVALID_ROUNDS";
1191 goto err;
1192 }
1193 }
1194
1195 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
1196 t->err = "INVALID_KEY_LENGTH";
1197 goto err;
1198 }
1199 if (expected->key_bits > 0) {
1200 int bits = (int)expected->key_bits;
1201
1202 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
1203 t->err = "INVALID KEY BITS";
1204 goto err;
1205 }
1206 }
1207 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
1208 t->err = "KEY_SET_ERROR";
1209 goto err;
1210 }
1211
1212 /* Check that we get the same IV back */
1213 if (expected->iv != NULL) {
1214 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
1215 unsigned char iv[128];
1216 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
1217 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
1218 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
1219 expected->iv_len))) {
1220 t->err = "INVALID_IV";
1221 goto err;
1222 }
1223 }
1224
1225 /* Test that the cipher dup functions correctly if it is supported */
1226 ERR_set_mark();
1227 if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
1228 if (fips_dupctx_supported) {
1229 TEST_info("Doing a copy of Cipher %s Fails!\n",
1230 EVP_CIPHER_get0_name(expected->cipher));
1231 ERR_print_errors_fp(stderr);
1232 goto err;
1233 } else {
1234 TEST_info("Allowing copy fail as an old fips provider is in use.");
1235 }
1236 EVP_CIPHER_CTX_free(ctx);
1237 ctx = ctx_base;
1238 } else {
1239 EVP_CIPHER_CTX_free(ctx_base);
1240 ctx_base = NULL;
1241 }
1242 /* Likewise for dup */
1243 duped = EVP_CIPHER_CTX_dup(ctx);
1244 if (duped != NULL) {
1245 EVP_CIPHER_CTX_free(ctx);
1246 ctx = duped;
1247 } else {
1248 if (fips_dupctx_supported) {
1249 TEST_info("Doing a dup of Cipher %s Fails!\n",
1250 EVP_CIPHER_get0_name(expected->cipher));
1251 ERR_print_errors_fp(stderr);
1252 goto err;
1253 } else {
1254 TEST_info("Allowing dup fail as an old fips provider is in use.");
1255 }
1256 }
1257 ERR_pop_to_mark();
1258
1259 if (expected->mac_key != NULL
1260 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
1261 (int)expected->mac_key_len,
1262 (void *)expected->mac_key) <= 0) {
1263 t->err = "SET_MAC_KEY_ERROR";
1264 goto err;
1265 }
1266
1267 if (expected->tls_version) {
1268 OSSL_PARAM params[2];
1269
1270 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
1271 &expected->tls_version);
1272 params[1] = OSSL_PARAM_construct_end();
1273 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1274 t->err = "SET_TLS_VERSION_ERROR";
1275 goto err;
1276 }
1277 }
1278
1279 if (expected->aead == EVP_CIPH_CCM_MODE) {
1280 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
1281 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
1282 goto err;
1283 }
1284 }
1285 if (expected->aad[0] != NULL && !expected->tls_aad) {
1286 t->err = "AAD_SET_ERROR";
1287 if (!frag) {
1288 /* Supply the data all in one go or according to data_chunk_size */
1289 for (i = 0; expected->aad[i] != NULL; i++) {
1290 size_t aad_len = expected->aad_len[i];
1291 donelen = 0;
1292
1293 do {
1294 size_t current_aad_len = (size_t) data_chunk_size;
1295
1296 if (data_chunk_size == 0 || (size_t) data_chunk_size > aad_len)
1297 current_aad_len = aad_len;
1298 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
1299 expected->aad[i] + donelen,
1300 current_aad_len))
1301 goto err;
1302 donelen += current_aad_len;
1303 aad_len -= current_aad_len;
1304 } while (aad_len > 0);
1305 }
1306 } else {
1307 /* Supply the AAD in chunks less than the block size where possible */
1308 for (i = 0; expected->aad[i] != NULL; i++) {
1309 if (expected->aad_len[i] > 0) {
1310 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
1311 goto err;
1312 donelen++;
1313 }
1314 if (expected->aad_len[i] > 2) {
1315 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
1316 expected->aad[i] + donelen,
1317 expected->aad_len[i] - 2))
1318 goto err;
1319 donelen += expected->aad_len[i] - 2;
1320 }
1321 if (expected->aad_len[i] > 1
1322 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
1323 expected->aad[i] + donelen, 1))
1324 goto err;
1325 }
1326 }
1327 }
1328
1329 if (expected->tls_aad) {
1330 OSSL_PARAM params[2];
1331 char *tls_aad;
1332
1333 /* duplicate the aad as the implementation might modify it */
1334 if ((tls_aad = OPENSSL_memdup(expected->aad[0],
1335 expected->aad_len[0])) == NULL)
1336 goto err;
1337 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
1338 tls_aad,
1339 expected->aad_len[0]);
1340 params[1] = OSSL_PARAM_construct_end();
1341 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1342 OPENSSL_free(tls_aad);
1343 t->err = "TLS1_AAD_ERROR";
1344 goto err;
1345 }
1346 OPENSSL_free(tls_aad);
1347 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
1348 || expected->tag_late)) {
1349 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1350 expected->tag_len, expected->tag) <= 0) {
1351 t->err = "TAG_SET_ERROR";
1352 goto err;
1353 }
1354 }
1355 if (expected->xts_standard != NULL) {
1356 OSSL_PARAM params[2];
1357
1358 params[0] =
1359 OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD,
1360 (char *)expected->xts_standard, 0);
1361 params[1] = OSSL_PARAM_construct_end();
1362 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1363 t->err = "SET_XTS_STANDARD_ERROR";
1364 goto err;
1365 }
1366 }
1367 EVP_CIPHER_CTX_set_padding(ctx, 0);
1368 t->err = "CIPHERUPDATE_ERROR";
1369 tmplen = 0;
1370 if (!frag) {
1371 do {
1372 /* Supply the data all in one go or according to data_chunk_size */
1373 size_t current_in_len = (size_t) data_chunk_size;
1374
1375 if (data_chunk_size == 0 || (size_t) data_chunk_size > in_len)
1376 current_in_len = in_len;
1377 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1378 in, current_in_len))
1379 goto err;
1380 tmplen += chunklen;
1381 in += current_in_len;
1382 in_len -= current_in_len;
1383 } while (in_len > 0);
1384 } else {
1385 /* Supply the data in chunks less than the block size where possible */
1386 if (in_len > 0) {
1387 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
1388 goto err;
1389 tmplen += chunklen;
1390 in++;
1391 in_len--;
1392 }
1393 if (in_len > 1) {
1394 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1395 in, in_len - 1))
1396 goto err;
1397 tmplen += chunklen;
1398 in += in_len - 1;
1399 in_len = 1;
1400 }
1401 if (in_len > 0) {
1402 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1403 in, 1))
1404 goto err;
1405 tmplen += chunklen;
1406 }
1407 }
1408 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
1409 t->err = "CIPHERFINAL_ERROR";
1410 goto err;
1411 }
1412 if (!cipher_check_fips_approved(ctx, t)) {
1413 t->err = "FIPSAPPROVED_ERROR";
1414 goto err;
1415 }
1416
1417 if (!enc && expected->tls_aad) {
1418 if (expected->tls_version >= TLS1_1_VERSION
1419 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
1420 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
1421 tmplen -= expected->iv_len;
1422 expected_out += expected->iv_len;
1423 out_misalign += expected->iv_len;
1424 }
1425 if ((int)out_len > tmplen + tmpflen)
1426 out_len = tmplen + tmpflen;
1427 }
1428 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
1429 tmp + out_misalign, tmplen + tmpflen))
1430 goto err;
1431 if (enc && expected->aead && !expected->tls_aad) {
1432 unsigned char rtag[48]; /* longest known for TLS_SHA384_SHA384 */
1433
1434 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
1435 t->err = "TAG_LENGTH_INTERNAL_ERROR";
1436 goto err;
1437 }
1438 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1439 expected->tag_len, rtag) <= 0) {
1440 t->err = "TAG_RETRIEVE_ERROR";
1441 goto err;
1442 }
1443 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
1444 expected->tag, expected->tag_len,
1445 rtag, expected->tag_len))
1446 goto err;
1447 }
1448 /* Check the updated IV */
1449 if (expected->next_iv != NULL) {
1450 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
1451 unsigned char iv[128];
1452 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
1453 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
1454 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
1455 expected->iv_len))) {
1456 t->err = "INVALID_NEXT_IV";
1457 goto err;
1458 }
1459 }
1460
1461 t->err = NULL;
1462 ok = 1;
1463 err:
1464 OPENSSL_free(tmp);
1465 if (ctx != ctx_base)
1466 EVP_CIPHER_CTX_free(ctx_base);
1467 EVP_CIPHER_CTX_free(ctx);
1468 return ok;
1469 }
1470
cipher_test_run(EVP_TEST * t)1471 static int cipher_test_run(EVP_TEST *t)
1472 {
1473 CIPHER_DATA *cdat = t->data;
1474 int rv, frag, fragmax, in_place;
1475 size_t out_misalign, inp_misalign;
1476 OSSL_PARAM initparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1477 size_t params_n = 0;
1478
1479 TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
1480 if (!cdat->key) {
1481 t->err = "NO_KEY";
1482 return 0;
1483 }
1484 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) {
1485 /* IV is optional and usually omitted in wrap mode */
1486 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
1487 t->err = "NO_IV";
1488 return 0;
1489 }
1490 }
1491 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
1492 t->err = "NO_TAG";
1493 return 0;
1494 }
1495
1496 if (sk_OPENSSL_STRING_num(cdat->init_controls) > 0) {
1497 if (!ctrl2params(t, cdat->init_controls, NULL,
1498 initparams, OSSL_NELEM(initparams), ¶ms_n))
1499 return 0;
1500 }
1501
1502 fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1;
1503 for (in_place = 1; in_place >= 0; in_place--) {
1504 static char aux_err[64];
1505
1506 t->aux_err = aux_err;
1507 /* Test only in-place data processing */
1508 if (process_mode_in_place == 1 && in_place == 0)
1509 break;
1510
1511 for (frag = 0; frag <= fragmax; frag++) {
1512 if (frag == 1 && data_chunk_size != 0)
1513 break;
1514 for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
1515 for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) {
1516 /* Skip input misalign tests for in-place processing */
1517 if (inp_misalign == 1 && in_place == 1)
1518 break;
1519 if (in_place == 1) {
1520 BIO_snprintf(aux_err, sizeof(aux_err),
1521 "%s in-place, %sfragmented",
1522 out_misalign ? "misaligned" : "aligned",
1523 frag ? "" : "not ");
1524 } else {
1525 BIO_snprintf(aux_err, sizeof(aux_err),
1526 "%s output and %s input, %sfragmented",
1527 out_misalign ? "misaligned" : "aligned",
1528 inp_misalign ? "misaligned" : "aligned",
1529 frag ? "" : "not ");
1530 }
1531 if (cdat->enc) {
1532 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign,
1533 frag, in_place, initparams);
1534 if (rv != 1)
1535 goto end;
1536 }
1537 if (cdat->enc != 1) {
1538 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign,
1539 frag, in_place, initparams);
1540 if (rv != 1)
1541 goto end;
1542 }
1543 }
1544 }
1545 }
1546 }
1547 ctrl2params_free(initparams, params_n, 0);
1548 t->aux_err = NULL;
1549 return 1;
1550 end:
1551 ctrl2params_free(initparams, params_n, 0);
1552 return (rv < 0 ? 0 : 1);
1553 }
1554
1555 static const EVP_TEST_METHOD cipher_test_method = {
1556 "Cipher",
1557 cipher_test_init,
1558 cipher_test_cleanup,
1559 cipher_test_parse,
1560 cipher_test_run
1561 };
1562
1563
1564 /**
1565 ** MAC TESTS
1566 **/
1567
1568 typedef struct mac_data_st {
1569 /* MAC type in one form or another */
1570 char *mac_name;
1571 EVP_MAC *mac; /* for mac_test_run_mac */
1572 int type; /* for mac_test_run_pkey */
1573 /* Algorithm string for this MAC */
1574 char *alg;
1575 /* MAC key */
1576 unsigned char *key;
1577 size_t key_len;
1578 /* MAC IV (GMAC) */
1579 unsigned char *iv;
1580 size_t iv_len;
1581 /* Input to MAC */
1582 unsigned char *input;
1583 size_t input_len;
1584 /* Expected output */
1585 unsigned char *output;
1586 size_t output_len;
1587 unsigned char *custom;
1588 size_t custom_len;
1589 /* MAC salt (blake2) */
1590 unsigned char *salt;
1591 size_t salt_len;
1592 /* XOF mode? */
1593 int xof;
1594 /* Reinitialization fails */
1595 int no_reinit;
1596 /* Collection of controls */
1597 STACK_OF(OPENSSL_STRING) *controls;
1598 /* Output size */
1599 int output_size;
1600 /* Block size */
1601 int block_size;
1602 } MAC_DATA;
1603
mac_test_init(EVP_TEST * t,const char * alg)1604 static int mac_test_init(EVP_TEST *t, const char *alg)
1605 {
1606 EVP_MAC *mac = NULL;
1607 int type = NID_undef;
1608 MAC_DATA *mdat;
1609
1610 if (is_mac_disabled(alg)) {
1611 TEST_info("skipping, '%s' is disabled", alg);
1612 t->skip = 1;
1613 return 1;
1614 }
1615 if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) {
1616 /*
1617 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
1618 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
1619 * the EVP_PKEY method.
1620 */
1621 size_t sz = strlen(alg);
1622 static const char epilogue[] = " by EVP_PKEY";
1623
1624 if (sz >= sizeof(epilogue)
1625 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
1626 sz -= sizeof(epilogue) - 1;
1627
1628 if (strncmp(alg, "HMAC", sz) == 0)
1629 type = EVP_PKEY_HMAC;
1630 else if (strncmp(alg, "CMAC", sz) == 0)
1631 type = EVP_PKEY_CMAC;
1632 else if (strncmp(alg, "Poly1305", sz) == 0)
1633 type = EVP_PKEY_POLY1305;
1634 else if (strncmp(alg, "SipHash", sz) == 0)
1635 type = EVP_PKEY_SIPHASH;
1636 else
1637 return 0;
1638 }
1639
1640 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
1641 return 0;
1642
1643 mdat->type = type;
1644 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
1645 OPENSSL_free(mdat);
1646 return 0;
1647 }
1648
1649 mdat->mac = mac;
1650 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
1651 OPENSSL_free(mdat->mac_name);
1652 OPENSSL_free(mdat);
1653 return 0;
1654 }
1655
1656 mdat->output_size = mdat->block_size = -1;
1657 t->data = mdat;
1658 return 1;
1659 }
1660
mac_test_cleanup(EVP_TEST * t)1661 static void mac_test_cleanup(EVP_TEST *t)
1662 {
1663 MAC_DATA *mdat = t->data;
1664
1665 EVP_MAC_free(mdat->mac);
1666 OPENSSL_free(mdat->mac_name);
1667 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
1668 OPENSSL_free(mdat->alg);
1669 OPENSSL_free(mdat->key);
1670 OPENSSL_free(mdat->iv);
1671 OPENSSL_free(mdat->custom);
1672 OPENSSL_free(mdat->salt);
1673 OPENSSL_free(mdat->input);
1674 OPENSSL_free(mdat->output);
1675 }
1676
mac_test_parse(EVP_TEST * t,const char * keyword,const char * value)1677 static int mac_test_parse(EVP_TEST *t,
1678 const char *keyword, const char *value)
1679 {
1680 MAC_DATA *mdata = t->data;
1681
1682 if (strcmp(keyword, "Key") == 0)
1683 return parse_bin(value, &mdata->key, &mdata->key_len);
1684 if (strcmp(keyword, "IV") == 0)
1685 return parse_bin(value, &mdata->iv, &mdata->iv_len);
1686 if (strcmp(keyword, "Custom") == 0)
1687 return parse_bin(value, &mdata->custom, &mdata->custom_len);
1688 if (strcmp(keyword, "Salt") == 0)
1689 return parse_bin(value, &mdata->salt, &mdata->salt_len);
1690 if (strcmp(keyword, "Algorithm") == 0) {
1691 mdata->alg = OPENSSL_strdup(value);
1692 if (mdata->alg == NULL)
1693 return -1;
1694 return 1;
1695 }
1696 if (strcmp(keyword, "Input") == 0)
1697 return parse_bin(value, &mdata->input, &mdata->input_len);
1698 if (strcmp(keyword, "Output") == 0)
1699 return parse_bin(value, &mdata->output, &mdata->output_len);
1700 if (strcmp(keyword, "XOF") == 0)
1701 return mdata->xof = 1;
1702 if (strcmp(keyword, "NoReinit") == 0)
1703 return mdata->no_reinit = 1;
1704 if (strcmp(keyword, "Ctrl") == 0)
1705 return ctrladd(mdata->controls, value);
1706 if (strcmp(keyword, "OutputSize") == 0) {
1707 mdata->output_size = atoi(value);
1708 if (mdata->output_size < 0)
1709 return -1;
1710 return 1;
1711 }
1712 if (strcmp(keyword, "BlockSize") == 0) {
1713 mdata->block_size = atoi(value);
1714 if (mdata->block_size < 0)
1715 return -1;
1716 return 1;
1717 }
1718 return 0;
1719 }
1720
mac_test_ctrl_pkey(EVP_TEST * t,EVP_PKEY_CTX * pctx,const char * value)1721 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1722 const char *value)
1723 {
1724 int rv = 0;
1725 char *p, *tmpval;
1726
1727 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1728 return 0;
1729 p = strchr(tmpval, ':');
1730 if (p != NULL) {
1731 *p++ = '\0';
1732 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1733 }
1734 if (rv == -2)
1735 t->err = "PKEY_CTRL_INVALID";
1736 else if (rv <= 0)
1737 t->err = "PKEY_CTRL_ERROR";
1738 else
1739 rv = 1;
1740 OPENSSL_free(tmpval);
1741 return rv > 0;
1742 }
1743
mac_test_run_pkey(EVP_TEST * t)1744 static int mac_test_run_pkey(EVP_TEST *t)
1745 {
1746 MAC_DATA *expected = t->data;
1747 EVP_MD_CTX *mctx = NULL;
1748 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1749 EVP_PKEY *key = NULL;
1750 const char *mdname = NULL;
1751 EVP_CIPHER *cipher = NULL;
1752 unsigned char *got = NULL;
1753 size_t got_len;
1754 int i;
1755 size_t input_len, donelen;
1756
1757 /* We don't do XOF mode via PKEY */
1758 if (expected->xof)
1759 return 1;
1760
1761 if (expected->alg == NULL)
1762 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1763 else
1764 TEST_info("Trying the EVP_PKEY %s test with %s",
1765 OBJ_nid2sn(expected->type), expected->alg);
1766
1767 if (expected->type == EVP_PKEY_CMAC) {
1768 #ifdef OPENSSL_NO_DEPRECATED_3_0
1769 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1770 t->skip = 1;
1771 t->err = NULL;
1772 goto err;
1773 #else
1774 OSSL_LIB_CTX *tmpctx;
1775
1776 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
1777 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1778 t->skip = 1;
1779 t->err = NULL;
1780 goto err;
1781 }
1782 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) {
1783 t->err = "MAC_KEY_CREATE_ERROR";
1784 goto err;
1785 }
1786 tmpctx = OSSL_LIB_CTX_set0_default(libctx);
1787 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1788 cipher);
1789 OSSL_LIB_CTX_set0_default(tmpctx);
1790 #endif
1791 } else {
1792 key = EVP_PKEY_new_raw_private_key_ex(libctx,
1793 OBJ_nid2sn(expected->type), NULL,
1794 expected->key, expected->key_len);
1795 }
1796 if (key == NULL) {
1797 t->err = "MAC_KEY_CREATE_ERROR";
1798 goto err;
1799 }
1800
1801 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
1802 if (is_digest_disabled(expected->alg)) {
1803 TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
1804 t->skip = 1;
1805 t->err = NULL;
1806 goto err;
1807 }
1808 mdname = expected->alg;
1809 }
1810 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1811 t->err = "INTERNAL_ERROR";
1812 goto err;
1813 }
1814 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
1815 t->err = "DIGESTSIGNINIT_ERROR";
1816 goto err;
1817 }
1818 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
1819 if (!mac_test_ctrl_pkey(t, pctx,
1820 sk_OPENSSL_STRING_value(expected->controls,
1821 i))) {
1822 t->err = "EVPPKEYCTXCTRL_ERROR";
1823 goto err;
1824 }
1825 input_len = expected->input_len;
1826 donelen = 0;
1827 do {
1828 size_t current_len = (size_t) data_chunk_size;
1829
1830 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
1831 current_len = input_len;
1832 if (!EVP_DigestSignUpdate(mctx, expected->input + donelen, current_len)) {
1833 t->err = "DIGESTSIGNUPDATE_ERROR";
1834 goto err;
1835 }
1836 donelen += current_len;
1837 input_len -= current_len;
1838 } while (input_len > 0);
1839
1840 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
1841 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1842 goto err;
1843 }
1844 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1845 t->err = "TEST_FAILURE";
1846 goto err;
1847 }
1848 if (!EVP_DigestSignFinal(mctx, got, &got_len)
1849 || !memory_err_compare(t, "TEST_MAC_ERR",
1850 expected->output, expected->output_len,
1851 got, got_len)) {
1852 t->err = "TEST_MAC_ERR";
1853 goto err;
1854 }
1855 t->err = NULL;
1856 err:
1857 EVP_CIPHER_free(cipher);
1858 EVP_MD_CTX_free(mctx);
1859 OPENSSL_free(got);
1860 EVP_PKEY_CTX_free(genctx);
1861 EVP_PKEY_free(key);
1862 return 1;
1863 }
1864
mac_test_run_mac(EVP_TEST * t)1865 static int mac_test_run_mac(EVP_TEST *t)
1866 {
1867 MAC_DATA *expected = t->data;
1868 EVP_MAC_CTX *ctx = NULL;
1869 unsigned char *got = NULL;
1870 size_t got_len = 0, size = 0;
1871 size_t size_before_init = 0, size_after_init, size_val = 0;
1872 int block_size = -1, output_size = -1;
1873 OSSL_PARAM params[21], sizes[3], *psizes = sizes, *p;
1874 size_t params_n = 0;
1875 size_t params_n_allocstart = 0;
1876 const OSSL_PARAM *defined_params =
1877 EVP_MAC_settable_ctx_params(expected->mac);
1878 int xof;
1879 int reinit = 1;
1880 size_t input_len, donelen ;
1881
1882 if (expected->alg == NULL)
1883 TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
1884 else
1885 TEST_info("Trying the EVP_MAC %s test with %s",
1886 expected->mac_name, expected->alg);
1887
1888 if (expected->alg != NULL) {
1889 int skip = 0;
1890
1891 /*
1892 * The underlying algorithm may be a cipher or a digest.
1893 * We don't know which it is, but we can ask the MAC what it
1894 * should be and bet on that.
1895 */
1896 if (OSSL_PARAM_locate_const(defined_params,
1897 OSSL_MAC_PARAM_CIPHER) != NULL) {
1898 if (is_cipher_disabled(expected->alg))
1899 skip = 1;
1900 else
1901 params[params_n++] =
1902 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
1903 expected->alg, 0);
1904 } else if (OSSL_PARAM_locate_const(defined_params,
1905 OSSL_MAC_PARAM_DIGEST) != NULL) {
1906 if (is_digest_disabled(expected->alg))
1907 skip = 1;
1908 else
1909 params[params_n++] =
1910 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1911 expected->alg, 0);
1912 } else {
1913 t->err = "MAC_BAD_PARAMS";
1914 goto err;
1915 }
1916 if (skip) {
1917 TEST_info("skipping, algorithm '%s' is disabled", expected->alg);
1918 t->skip = 1;
1919 t->err = NULL;
1920 goto err;
1921 }
1922 }
1923 if (expected->custom != NULL)
1924 params[params_n++] =
1925 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1926 expected->custom,
1927 expected->custom_len);
1928 if (expected->salt != NULL)
1929 params[params_n++] =
1930 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1931 expected->salt,
1932 expected->salt_len);
1933 if (expected->iv != NULL)
1934 params[params_n++] =
1935 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1936 expected->iv,
1937 expected->iv_len);
1938
1939 params_n_allocstart = params_n;
1940 if (!ctrl2params(t, expected->controls, defined_params,
1941 params, OSSL_NELEM(params), ¶ms_n))
1942 goto err;
1943
1944 p = OSSL_PARAM_locate(params + params_n_allocstart, "size");
1945 if (p != NULL) {
1946 if (!OSSL_PARAM_get_size_t(p, &size_val))
1947 goto err;
1948 }
1949
1950 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
1951 t->err = "MAC_CREATE_ERROR";
1952 goto err;
1953 }
1954 if (fips_provider_version_gt(libctx, 3, 2, 0)) {
1955 /* HMAC will put an error on the stack here (digest is not set yet) */
1956 ERR_set_mark();
1957 size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
1958 ERR_pop_to_mark();
1959 }
1960 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
1961 t->err = "MAC_INIT_ERROR";
1962 goto err;
1963 }
1964 size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
1965 if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
1966 t->err = "MAC SIZE not set";
1967 goto err;
1968 }
1969 if (size_before_init != 0) {
1970 /* mac-size not modified by init params */
1971 if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
1972 t->err = "MAC SIZE check failed";
1973 goto err;
1974 }
1975 /* mac-size modified by init params */
1976 if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
1977 t->err = "MAC SIZE check failed";
1978 goto err;
1979 }
1980 }
1981 if (expected->output_size >= 0)
1982 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
1983 &output_size);
1984 if (expected->block_size >= 0)
1985 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
1986 &block_size);
1987 if (psizes != sizes) {
1988 *psizes = OSSL_PARAM_construct_end();
1989 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
1990 t->err = "INTERNAL_ERROR";
1991 goto err;
1992 }
1993 if (expected->output_size >= 0
1994 && !TEST_int_eq(output_size, expected->output_size)) {
1995 t->err = "TEST_FAILURE";
1996 goto err;
1997 }
1998 if (expected->block_size >= 0
1999 && !TEST_int_eq(block_size, expected->block_size)) {
2000 t->err = "TEST_FAILURE";
2001 goto err;
2002 }
2003 }
2004 retry:
2005 input_len = expected->input_len;
2006 donelen = 0;
2007 do {
2008 size_t current_len = (size_t) data_chunk_size;
2009
2010 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
2011 current_len = input_len;
2012 if (!EVP_MAC_update(ctx, expected->input + donelen, current_len)) {
2013 t->err = "MAC_UPDATE_ERROR";
2014 goto err;
2015 }
2016 donelen += current_len;
2017 input_len -= current_len;
2018 } while (input_len > 0);
2019
2020 xof = expected->xof;
2021 if (xof) {
2022 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
2023 t->err = "TEST_FAILURE";
2024 goto err;
2025 }
2026 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
2027 || !memory_err_compare(t, "TEST_MAC_ERR",
2028 expected->output, expected->output_len,
2029 got, expected->output_len)) {
2030 t->err = "MAC_FINAL_ERROR";
2031 goto err;
2032 }
2033 } else {
2034 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
2035 t->err = "MAC_FINAL_LENGTH_ERROR";
2036 goto err;
2037 }
2038 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2039 t->err = "TEST_FAILURE";
2040 goto err;
2041 }
2042 if (!EVP_MAC_final(ctx, got, &got_len, got_len)
2043 || !memory_err_compare(t, "TEST_MAC_ERR",
2044 expected->output, expected->output_len,
2045 got, got_len)) {
2046 t->err = "TEST_MAC_ERR";
2047 goto err;
2048 }
2049 if (!mac_check_fips_approved(ctx, t))
2050 goto err;
2051 }
2052 /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */
2053 if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) {
2054 OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2055 int ret;
2056
2057 /* If the MAC uses IV, we have to set it again */
2058 if (expected->iv != NULL) {
2059 ivparams[0] =
2060 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
2061 expected->iv,
2062 expected->iv_len);
2063 ivparams[1] = OSSL_PARAM_construct_end();
2064 }
2065 ERR_set_mark();
2066 ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
2067 if (expected->no_reinit) {
2068 if (ret) {
2069 ERR_clear_last_mark();
2070 t->err = "MAC_REINIT_SHOULD_FAIL";
2071 goto err;
2072 }
2073 } else if (ret) {
2074 ERR_clear_last_mark();
2075 OPENSSL_free(got);
2076 got = NULL;
2077 goto retry;
2078 } else {
2079 ERR_clear_last_mark();
2080 t->err = "MAC_REINIT_ERROR";
2081 goto err;
2082 }
2083 /* If reinitialization fails, it is unsupported by the algorithm */
2084 ERR_pop_to_mark();
2085 }
2086 t->err = NULL;
2087
2088 /* Test the EVP_Q_mac interface as well */
2089 if (!xof) {
2090 OPENSSL_cleanse(got, got_len);
2091 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
2092 expected->alg, params,
2093 expected->key, expected->key_len,
2094 expected->input, expected->input_len,
2095 got, got_len, &size))
2096 || !TEST_mem_eq(got, size,
2097 expected->output, expected->output_len)) {
2098 t->err = "EVP_Q_mac failed";
2099 goto err;
2100 }
2101 }
2102 err:
2103 ctrl2params_free(params, params_n, params_n_allocstart);
2104 EVP_MAC_CTX_free(ctx);
2105 OPENSSL_free(got);
2106 return 1;
2107 }
2108
mac_test_run(EVP_TEST * t)2109 static int mac_test_run(EVP_TEST *t)
2110 {
2111 MAC_DATA *expected = t->data;
2112
2113 if (expected->mac != NULL)
2114 return mac_test_run_mac(t);
2115 return mac_test_run_pkey(t);
2116 }
2117
2118 static const EVP_TEST_METHOD mac_test_method = {
2119 "MAC",
2120 mac_test_init,
2121 mac_test_cleanup,
2122 mac_test_parse,
2123 mac_test_run
2124 };
2125
2126 typedef struct kem_data_st {
2127 /* Context for this operation */
2128 EVP_PKEY_CTX *ctx;
2129 const char *op;
2130 /* Input to decapsulate */
2131 unsigned char *input;
2132 size_t inputlen;
2133 /* Expected secret */
2134 unsigned char *output;
2135 size_t outputlen;
2136 STACK_OF(OPENSSL_STRING) *init_ctrls;
2137 /* Algorithm name */
2138 char *algname;
2139 /* Name of previously generated key */
2140 char *keyname;
2141 /* Encoded public key */
2142 unsigned char *encoded_pub_key;
2143 size_t encoded_pub_key_len;
2144 /* Encoded private key */
2145 unsigned char *encoded_priv_key;
2146 size_t encoded_priv_key_len;
2147 /* Entropy for encapsulation */
2148 unsigned char *entropy;
2149 size_t entropylen;
2150 /* Ciphertext */
2151 unsigned char *ciphertext;
2152 size_t ciphertext_len;
2153 } KEM_DATA;
2154
kem_test_init(EVP_TEST * t,const char * alg)2155 static int kem_test_init(EVP_TEST *t, const char *alg)
2156 {
2157 KEM_DATA *kdata = NULL;
2158 EVP_PKEY *pkey = NULL;
2159
2160 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))
2161 || !TEST_ptr(kdata->algname = OPENSSL_strdup(alg)))
2162 goto err;
2163
2164 kdata->init_ctrls = sk_OPENSSL_STRING_new_null();
2165 t->data = kdata;
2166 return 1;
2167 err:
2168 EVP_PKEY_free(pkey);
2169 OPENSSL_free(kdata);
2170 return 0;
2171 }
2172
kem_test_cleanup(EVP_TEST * t)2173 static void kem_test_cleanup(EVP_TEST *t)
2174 {
2175 KEM_DATA *kdata = t->data;
2176
2177 ctrlfree(kdata->init_ctrls);
2178 OPENSSL_free(kdata->input);
2179 OPENSSL_free(kdata->output);
2180 OPENSSL_free(kdata->algname);
2181 OPENSSL_free(kdata->keyname);
2182 OPENSSL_free(kdata->encoded_pub_key);
2183 OPENSSL_free(kdata->encoded_priv_key);
2184 OPENSSL_free(kdata->entropy);
2185 OPENSSL_free(kdata->ciphertext);
2186 EVP_PKEY_CTX_free(kdata->ctx);
2187 }
2188
kem_test_parse(EVP_TEST * t,const char * keyword,const char * value)2189 static int kem_test_parse(EVP_TEST *t, const char *keyword, const char *value)
2190 {
2191 KEM_DATA *kdata = t->data;
2192
2193 if (strcmp(keyword, "Op") == 0) {
2194 kdata->op = value;
2195 return 1;
2196 }
2197 if (strcmp(keyword, "CtrlInit") == 0)
2198 return ctrladd(kdata->init_ctrls, value);
2199 if (strcmp(keyword, "Input") == 0)
2200 return parse_bin(value, &kdata->input, &kdata->inputlen);
2201 if (strcmp(keyword, "Output") == 0)
2202 return parse_bin(value, &kdata->output, &kdata->outputlen);
2203 if (strcmp(keyword, "EncodedPublicKey") == 0)
2204 return parse_bin(value, &kdata->encoded_pub_key,
2205 &kdata->encoded_pub_key_len);
2206 if (strcmp(keyword, "EncodedPrivateKey") == 0)
2207 return parse_bin(value, &kdata->encoded_priv_key,
2208 &kdata->encoded_priv_key_len);
2209 if (strcmp(keyword, "Entropy") == 0)
2210 return parse_bin(value, &kdata->entropy, &kdata->entropylen);
2211 if (strcmp(keyword, "Ciphertext") == 0)
2212 return parse_bin(value, &kdata->ciphertext, &kdata->ciphertext_len);
2213 if (strcmp(keyword, "KeyName") == 0)
2214 return TEST_ptr(kdata->keyname = OPENSSL_strdup(value));
2215 return 1;
2216 }
2217
encapsulate(EVP_TEST * t,EVP_PKEY_CTX * ctx,const char * op,unsigned char ** outwrapped,size_t * outwrappedlen,unsigned char ** outsecret,size_t * outsecretlen)2218 static int encapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op,
2219 unsigned char **outwrapped, size_t *outwrappedlen,
2220 unsigned char **outsecret, size_t *outsecretlen)
2221 {
2222 int ret = 0;
2223 KEM_DATA *kdata = t->data;
2224 unsigned char *wrapped = NULL, *secret = NULL;
2225 size_t wrappedlen = 0, secretlen = 0;
2226 OSSL_PARAM params[10];
2227 size_t params_n = 0;
2228 /* Reserve space for the terminator and possibly IKME */
2229 const size_t params_max = OSSL_NELEM(params) - 1 - (kdata->entropy != NULL);
2230
2231 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0)
2232 if (!ctrl2params(t, kdata->init_ctrls, NULL, params, params_max,
2233 ¶ms_n))
2234 goto err;
2235
2236 /* We don't expect very many controls here */
2237 if (!TEST_size_t_lt(params_n, params_max))
2238 goto err;
2239
2240 if (kdata->entropy != NULL)
2241 /* Input key material a.k.a entropy */
2242 params[params_n++] =
2243 OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME,
2244 kdata->entropy,
2245 kdata->entropylen);
2246 params[params_n] = OSSL_PARAM_construct_end();
2247
2248 if (EVP_PKEY_encapsulate_init(ctx, params) <= 0) {
2249 t->err = "TEST_ENCAPSULATE_INIT_ERROR";
2250 goto ok;
2251 }
2252
2253 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) {
2254 t->err = "TEST_SET_KEM_OP_ERROR";
2255 goto ok;
2256 }
2257 if (EVP_PKEY_encapsulate(ctx, NULL, &wrappedlen, NULL, &secretlen) <= 0) {
2258 t->err = "TEST_ENCAPSULATE_LEN_ERROR";
2259 goto ok;
2260 }
2261 wrapped = OPENSSL_malloc(wrappedlen);
2262 secret = OPENSSL_malloc(secretlen);
2263 if (!TEST_ptr(wrapped) || !TEST_ptr(secret)) {
2264 ret = 0;
2265 goto err;
2266 }
2267 if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0) {
2268 t->err = "TEST_ENCAPSULATE_ERROR";
2269 goto ok;
2270 }
2271 ret = pkey_check_fips_approved(ctx, t);
2272
2273 if (kdata->ciphertext != NULL
2274 && !TEST_mem_eq(wrapped, wrappedlen, kdata->ciphertext, kdata->ciphertext_len)) {
2275 ret = 0;
2276 goto err;
2277 }
2278
2279 if (kdata->output != NULL
2280 && !TEST_mem_eq(secret, secretlen, kdata->output, kdata->outputlen)) {
2281 ret = 0;
2282 goto err;
2283 }
2284
2285 if (ret == 0)
2286 goto err;
2287
2288 t->err = NULL;
2289 *outwrapped = wrapped;
2290 *outsecret = secret;
2291 *outwrappedlen = wrappedlen;
2292 *outsecretlen = secretlen;
2293 ok:
2294 ret = 1;
2295 err:
2296 if (ret == 0) {
2297 OPENSSL_free(wrapped);
2298 OPENSSL_free(secret);
2299 }
2300 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0)
2301 ctrl2params_free(params, params_n, 0);
2302 return ret;
2303 }
2304
decapsulate(EVP_TEST * t,EVP_PKEY_CTX * ctx,const char * op,const unsigned char * in,size_t inlen,const unsigned char * expected,size_t expectedlen)2305 static int decapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op,
2306 const unsigned char *in, size_t inlen,
2307 const unsigned char *expected, size_t expectedlen)
2308 {
2309 int ret = 0;
2310 KEM_DATA *kdata = t->data;
2311 size_t outlen = 0;
2312 unsigned char *out = NULL;
2313 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2314 OSSL_PARAM *p = NULL;
2315 size_t params_n = 0, params_n_allocated = 0;
2316
2317 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) {
2318 if (!ctrl2params(t, kdata->init_ctrls, NULL,
2319 params, 2, ¶ms_n))
2320 goto err;
2321 p = params;
2322 }
2323
2324 if (EVP_PKEY_decapsulate_init(ctx, p) <= 0) {
2325 t->err = "TEST_DECAPSULATE_INIT_ERROR";
2326 goto ok;
2327 }
2328
2329 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) {
2330 t->err = "TEST_SET_KEM_OP_ERROR";
2331 goto ok;
2332 }
2333 if (EVP_PKEY_decapsulate(ctx, NULL, &outlen, in, inlen) <= 0) {
2334 t->err = "TEST_DECAPSULATE_LEN_ERROR";
2335 goto ok;
2336 }
2337 if (!TEST_ptr(out = OPENSSL_malloc(outlen))) {
2338 ret = 0;
2339 goto err;
2340 }
2341
2342 if (EVP_PKEY_decapsulate(ctx, out, &outlen, in, inlen) <= 0) {
2343 t->err = "TEST_DECAPSULATE_ERROR";
2344 goto err;
2345 }
2346 if (!TEST_mem_eq(out, outlen, expected, expectedlen)) {
2347 t->err = "TEST_SECRET_MISMATCH";
2348 goto ok;
2349 }
2350 t->err = NULL;
2351 ok:
2352 ret = 1;
2353 err:
2354 OPENSSL_free(out);
2355 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0)
2356 ctrl2params_free(params, params_n, params_n_allocated);
2357 return ret;
2358 }
2359
kem_test_run(EVP_TEST * t)2360 static int kem_test_run(EVP_TEST *t)
2361 {
2362 int ret = 0, found_key = 0;
2363 EVP_PKEY *pkey = NULL;
2364 KEM_DATA *kdata = t->data;
2365 unsigned char *wrapped = NULL, *secret = NULL;
2366
2367 /* Generate either public or private key based on given params */
2368 if (kdata->keyname != NULL) {
2369 /* Previously generated private key */
2370 found_key = find_key(&pkey, kdata->keyname, private_keys);
2371 if (found_key == 0 || pkey == NULL) {
2372 TEST_info("skipping, key '%s' is disabled", kdata->keyname);
2373 t->skip = 1;
2374 goto ok;
2375 }
2376 } else if (kdata->encoded_pub_key != NULL) {
2377 /* Encoded public key */
2378 if ((pkey = EVP_PKEY_new_raw_public_key_ex(libctx, kdata->algname,
2379 propquery,
2380 kdata->encoded_pub_key,
2381 kdata->encoded_pub_key_len)) == NULL) {
2382 t->err = "TEST_PARSE_PUBLIC_KEY_ERROR";
2383 goto ok;
2384 }
2385 } else if (kdata->encoded_priv_key != NULL) {
2386 /* Encoded private key */
2387 if ((pkey = EVP_PKEY_new_raw_private_key_ex(libctx, kdata->algname,
2388 propquery,
2389 kdata->encoded_priv_key,
2390 kdata->encoded_priv_key_len)) == NULL) {
2391 t->err = "TEST_PARSE_PRIVATE_KEY_ERROR";
2392 goto ok;
2393 }
2394 } else {
2395 TEST_info("Missing parameters to create key");
2396 goto err;
2397 }
2398
2399 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery)))
2400 goto err;
2401
2402 if (kdata->input == NULL) {
2403 size_t wrappedlen = 0, secretlen = 0;
2404
2405 ret = encapsulate(t, kdata->ctx, kdata->op, &wrapped, &wrappedlen,
2406 &secret, &secretlen);
2407 if (ret == 0 || t->err != NULL)
2408 goto err;
2409
2410 /* Also attempt to decrypt if we have the private key */
2411 if (found_key || kdata->encoded_priv_key != NULL)
2412 ret = decapsulate(t, kdata->ctx, kdata->op, wrapped, wrappedlen,
2413 secret, secretlen);
2414 } else {
2415 ret = decapsulate(t, kdata->ctx, kdata->op, kdata->input, kdata->inputlen,
2416 kdata->output, kdata->outputlen);
2417 }
2418
2419 ok:
2420 ret = 1;
2421 err:
2422 if (!found_key)
2423 EVP_PKEY_free(pkey);
2424 OPENSSL_free(wrapped);
2425 OPENSSL_free(secret);
2426 return ret;
2427 }
2428
2429 static const EVP_TEST_METHOD pkey_kem_test_method = {
2430 "Kem",
2431 kem_test_init,
2432 kem_test_cleanup,
2433 kem_test_parse,
2434 kem_test_run
2435 };
2436
2437 /**
2438 ** PUBLIC KEY TESTS
2439 ** These are all very similar and share much common code.
2440 **/
2441
2442 typedef struct pkey_data_st {
2443 /* Context for this operation */
2444 EVP_PKEY_CTX *ctx;
2445 /* Signature algo for such operations */
2446 EVP_SIGNATURE *sigalgo;
2447 /* Key operation to perform */
2448 int (*keyopinit) (EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
2449 int (*keyopinit_ex2) (EVP_PKEY_CTX *ctx, EVP_SIGNATURE *algo,
2450 const OSSL_PARAM params[]);
2451 int (*keyop) (EVP_PKEY_CTX *ctx,
2452 unsigned char *sig, size_t *siglen,
2453 const unsigned char *tbs, size_t tbslen);
2454 /* Input to MAC */
2455 unsigned char *input;
2456 size_t input_len;
2457 /* Expected output */
2458 unsigned char *output;
2459 size_t output_len;
2460 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
2461 STACK_OF(OPENSSL_STRING) *controls; /* collection of controls */
2462 EVP_PKEY *peer;
2463 int validate;
2464 } PKEY_DATA;
2465
2466 /*
2467 * Perform public key operation setup: lookup key, allocated ctx and call
2468 * the appropriate initialisation function
2469 */
pkey_test_init_keyctx(EVP_TEST * t,const char * keyname,int use_public)2470 static int pkey_test_init_keyctx(EVP_TEST *t, const char *keyname,
2471 int use_public)
2472 {
2473 PKEY_DATA *kdata;
2474 EVP_PKEY *pkey = NULL;
2475 int rv = 0;
2476
2477 if (use_public)
2478 rv = find_key(&pkey, keyname, public_keys);
2479 if (rv == 0)
2480 rv = find_key(&pkey, keyname, private_keys);
2481 if (rv == 0 || pkey == NULL) {
2482 TEST_info("skipping, key '%s' is disabled", keyname);
2483 t->skip = 1;
2484 return 1;
2485 }
2486
2487 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
2488 EVP_PKEY_free(pkey);
2489 return 0;
2490 }
2491 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) {
2492 EVP_PKEY_free(pkey);
2493 OPENSSL_free(kdata);
2494 return 0;
2495 }
2496 t->data = kdata;
2497 return 1;
2498 }
2499
pkey_test_init(EVP_TEST * t,const char * name,int use_public,int (* keyopinit)(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[]),int (* keyop)(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen))2500 static int pkey_test_init(EVP_TEST *t, const char *name,
2501 int use_public,
2502 int (*keyopinit) (EVP_PKEY_CTX *ctx,
2503 const OSSL_PARAM params[]),
2504 int (*keyop)(EVP_PKEY_CTX *ctx,
2505 unsigned char *sig, size_t *siglen,
2506 const unsigned char *tbs,
2507 size_t tbslen))
2508 {
2509 PKEY_DATA *kdata = NULL;
2510 int rv = 0;
2511
2512 rv = pkey_test_init_keyctx(t, name, use_public);
2513 if (t->skip || !rv)
2514 return rv;
2515 kdata = t->data;
2516 kdata->keyopinit = keyopinit;
2517 kdata->keyop = keyop;
2518 kdata->init_controls = sk_OPENSSL_STRING_new_null();
2519 kdata->controls = sk_OPENSSL_STRING_new_null();
2520 return 1;
2521 }
2522
pkey_test_init_ex2(EVP_TEST * t,const char * name,int use_public,int (* keyopinit)(EVP_PKEY_CTX * ctx,EVP_SIGNATURE * algo,const OSSL_PARAM param[]),int (* keyop)(EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen))2523 static int pkey_test_init_ex2(EVP_TEST *t, const char *name,
2524 int use_public,
2525 int (*keyopinit)(EVP_PKEY_CTX *ctx,
2526 EVP_SIGNATURE *algo,
2527 const OSSL_PARAM param[]),
2528 int (*keyop)(EVP_PKEY_CTX *ctx,
2529 unsigned char *sig, size_t *siglen,
2530 const unsigned char *tbs,
2531 size_t tbslen))
2532 {
2533 PKEY_DATA *kdata = NULL;
2534 int rv = 0;
2535 char algoname[OSSL_MAX_NAME_SIZE + 1];
2536 const char *p;
2537
2538 if ((p = strchr(name, ':')) == NULL
2539 || p == name || p[1] == '\0' || p - name > OSSL_MAX_NAME_SIZE) {
2540 TEST_info("Can't extract algorithm or key name from '%s'", name);
2541 return 0;
2542 }
2543 memcpy(algoname, name, p - name);
2544 algoname[p - name] = '\0';
2545
2546 if (is_pkey_disabled(algoname)) {
2547 t->skip = 1;
2548 return 1;
2549 }
2550
2551 rv = pkey_test_init_keyctx(t, /* keyname */ p + 1, use_public);
2552 if (t->skip || !rv)
2553 return rv;
2554 kdata = t->data;
2555 kdata->keyopinit_ex2 = keyopinit;
2556 kdata->keyop = keyop;
2557 if (!TEST_ptr(kdata->sigalgo
2558 = EVP_SIGNATURE_fetch(libctx, algoname, propquery))) {
2559 TEST_info("algoname = '%s'", algoname);
2560 return 0;
2561 }
2562 kdata->init_controls = sk_OPENSSL_STRING_new_null();
2563 kdata->controls = sk_OPENSSL_STRING_new_null();
2564 return 1;
2565 }
2566
pkey_test_cleanup(EVP_TEST * t)2567 static void pkey_test_cleanup(EVP_TEST *t)
2568 {
2569 PKEY_DATA *kdata = t->data;
2570
2571 ctrlfree(kdata->init_controls);
2572 ctrlfree(kdata->controls);
2573 OPENSSL_free(kdata->input);
2574 OPENSSL_free(kdata->output);
2575 EVP_PKEY_CTX_free(kdata->ctx);
2576 EVP_SIGNATURE_free(kdata->sigalgo);
2577 }
2578
pkey_test_ctrl(EVP_TEST * t,EVP_PKEY_CTX * pctx,const char * value)2579 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
2580 const char *value)
2581 {
2582 int rv = 0;
2583 char *p, *tmpval;
2584
2585 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
2586 return 0;
2587 p = strchr(tmpval, ':');
2588 if (p != NULL) {
2589 *p++ = '\0';
2590 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
2591 }
2592 if (rv == -2) {
2593 t->err = "PKEY_CTRL_INVALID";
2594 rv = 1;
2595 } else if (p != NULL && rv <= 0) {
2596 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
2597 TEST_info("skipping, '%s' is disabled", p);
2598 t->skip = 1;
2599 rv = 1;
2600 } else {
2601 t->err = "PKEY_CTRL_ERROR";
2602 rv = 1;
2603 }
2604 }
2605 OPENSSL_free(tmpval);
2606 return rv > 0;
2607 }
2608
pkey_add_control(EVP_TEST * t,STACK_OF (OPENSSL_STRING)* controls,const char * value)2609 static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls,
2610 const char *value)
2611 {
2612 char *p;
2613
2614 if (controls == NULL)
2615 return 0;
2616
2617 p = strchr(value, ':');
2618 if (p == NULL)
2619 return 0;
2620 p++;
2621 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
2622 TEST_info("skipping, '%s' is disabled", p);
2623 t->skip = 1;
2624 return 1;
2625 }
2626
2627 return ctrladd(controls, value) > 0;
2628 }
2629
pkey_test_parse(EVP_TEST * t,const char * keyword,const char * value)2630 static int pkey_test_parse(EVP_TEST *t,
2631 const char *keyword, const char *value)
2632 {
2633 PKEY_DATA *kdata = t->data;
2634 if (strcmp(keyword, "Input") == 0)
2635 return parse_bin(value, &kdata->input, &kdata->input_len);
2636 if (strcmp(keyword, "Output") == 0)
2637 return parse_bin(value, &kdata->output, &kdata->output_len);
2638 if (strcmp(keyword, "CtrlInit") == 0)
2639 return ctrladd(kdata->init_controls, value);
2640 if (strcmp(keyword, "Ctrl") == 0)
2641 return pkey_add_control(t, kdata->controls, value);
2642 return 0;
2643 }
2644
pkey_test_run_init(EVP_TEST * t)2645 static int pkey_test_run_init(EVP_TEST *t)
2646 {
2647 PKEY_DATA *data = t->data;
2648 int i, ret = 0;
2649 OSSL_PARAM params[5] = {
2650 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END,
2651 OSSL_PARAM_END, OSSL_PARAM_END
2652 };
2653 OSSL_PARAM *p = NULL;
2654 size_t params_n = 0, params_n_allocstart = 0;
2655
2656 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) {
2657 if (!ctrl2params(t, data->init_controls,
2658 NULL,
2659 params, OSSL_NELEM(params), ¶ms_n))
2660 goto err;
2661 p = params;
2662 }
2663 if (data->keyopinit != NULL) {
2664 if (data->keyopinit(data->ctx, p) <= 0) {
2665 t->err = "KEYOP_INIT_ERROR";
2666 goto err;
2667 }
2668 } else if (data->keyopinit_ex2 != NULL) {
2669 if (data->keyopinit_ex2(data->ctx, data->sigalgo, p) <= 0) {
2670 t->err = "KEYOP_INIT_ERROR";
2671 goto err;
2672 }
2673 } else {
2674 t->err = "KEYOP_INIT_ERROR";
2675 goto err;
2676 }
2677
2678 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) {
2679 char *value = sk_OPENSSL_STRING_value(data->controls, i);
2680
2681 if (!pkey_test_ctrl(t, data->ctx, value) || t->err != NULL)
2682 goto err;
2683 }
2684 ret = 1;
2685 err:
2686 ctrl2params_free(params, params_n, params_n_allocstart);
2687 return ret;
2688 }
2689
pkey_test_run(EVP_TEST * t)2690 static int pkey_test_run(EVP_TEST *t)
2691 {
2692 PKEY_DATA *expected = t->data;
2693 unsigned char *got = NULL;
2694 size_t got_len;
2695 EVP_PKEY_CTX *copy = NULL;
2696
2697 if (!pkey_test_run_init(t))
2698 goto err;
2699
2700 /* Make a copy of the EVP_PKEY context, for repeat use further down */
2701 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
2702 t->err = "INTERNAL_ERROR";
2703 goto err;
2704 }
2705
2706 if (expected->keyop(expected->ctx, NULL, &got_len,
2707 expected->input, expected->input_len) <= 0
2708 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
2709 t->err = "KEYOP_LENGTH_ERROR";
2710 goto err;
2711 }
2712 if (expected->keyop(expected->ctx, got, &got_len,
2713 expected->input, expected->input_len) <= 0) {
2714 t->err = "KEYOP_ERROR";
2715 goto err;
2716 }
2717
2718 if (!memory_err_compare(t, "KEYOP_MISMATCH",
2719 expected->output, expected->output_len,
2720 got, got_len))
2721 goto err;
2722
2723 t->err = NULL;
2724 OPENSSL_free(got);
2725 got = NULL;
2726
2727 /* Repeat the test on the EVP_PKEY context copy. */
2728 if (expected->keyop(copy, NULL, &got_len, expected->input,
2729 expected->input_len) <= 0
2730 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
2731 t->err = "KEYOP_LENGTH_ERROR";
2732 goto err;
2733 }
2734 if (expected->keyop(copy, got, &got_len, expected->input,
2735 expected->input_len) <= 0) {
2736 t->err = "KEYOP_ERROR";
2737 goto err;
2738 }
2739 if (!memory_err_compare(t, "KEYOP_MISMATCH",
2740 expected->output, expected->output_len,
2741 got, got_len))
2742 goto err;
2743
2744 if (pkey_check_fips_approved(expected->ctx, t) <= 0)
2745 goto err;
2746
2747 err:
2748 OPENSSL_free(got);
2749 EVP_PKEY_CTX_free(copy);
2750 return 1;
2751 }
2752
pkey_fromdata_test_init(EVP_TEST * t,const char * name)2753 static int pkey_fromdata_test_init(EVP_TEST *t, const char *name)
2754 {
2755 PKEY_DATA *kdata = NULL;
2756
2757 if (is_pkey_disabled(name)) {
2758 TEST_info("skipping, '%s' is disabled", name);
2759 t->skip = 1;
2760 return 1;
2761 }
2762
2763 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2764 return 0;
2765 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, "");
2766 if (kdata->ctx == NULL)
2767 goto err;
2768 if (EVP_PKEY_fromdata_init(kdata->ctx) <= 0)
2769 goto err;
2770 kdata->controls = sk_OPENSSL_STRING_new_null();
2771 if (kdata->controls == NULL)
2772 goto err;
2773 t->data = kdata;
2774 return 1;
2775 err:
2776 EVP_PKEY_CTX_free(kdata->ctx);
2777 OPENSSL_free(kdata);
2778 return 0;
2779 }
2780
pkey_fromdata_test_cleanup(EVP_TEST * t)2781 static void pkey_fromdata_test_cleanup(EVP_TEST *t)
2782 {
2783 PKEY_DATA *kdata = t->data;
2784
2785 ctrlfree(kdata->controls);
2786 EVP_PKEY_CTX_free(kdata->ctx);
2787 }
2788
pkey_fromdata_test_parse(EVP_TEST * t,const char * keyword,const char * value)2789 static int pkey_fromdata_test_parse(EVP_TEST *t,
2790 const char *keyword, const char *value)
2791 {
2792 PKEY_DATA *kdata = t->data;
2793
2794 if (strcmp(keyword, "Ctrl") == 0)
2795 return pkey_add_control(t, kdata->controls, value);
2796 return 0;
2797 }
2798
pkey_fromdata_test_run(EVP_TEST * t)2799 static int pkey_fromdata_test_run(EVP_TEST *t)
2800 {
2801 EVP_PKEY *key = NULL;
2802 PKEY_DATA *kdata = t->data;
2803 int ret = 0;
2804 static const OSSL_PARAM key_settable_ctx_params[] = {
2805 OSSL_PARAM_octet_string("priv", NULL, 0),
2806 OSSL_PARAM_octet_string("pub", NULL, 0),
2807 OSSL_PARAM_END
2808 };
2809 OSSL_PARAM params[5] = {
2810 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END,
2811 OSSL_PARAM_END, OSSL_PARAM_END
2812 };
2813 OSSL_PARAM *p = NULL;
2814 size_t params_n = 0, params_n_allocstart = 0;
2815
2816 if (sk_OPENSSL_STRING_num(kdata->controls) > 0) {
2817 if (!ctrl2params(t, kdata->controls, key_settable_ctx_params,
2818 params, OSSL_NELEM(params), ¶ms_n))
2819 goto err;
2820 p = params;
2821 }
2822
2823 ret = 1;
2824 if (EVP_PKEY_fromdata(kdata->ctx, &key, EVP_PKEY_KEYPAIR, p) <= 0) {
2825 t->err = "KEY_FROMDATA_ERROR";
2826 goto err;
2827 }
2828 err:
2829 ctrl2params_free(params, params_n, params_n_allocstart);
2830 EVP_PKEY_free(key);
2831 return ret;
2832 }
2833
2834 static const EVP_TEST_METHOD pkey_fromdata_test_method = {
2835 "KeyFromData",
2836 pkey_fromdata_test_init,
2837 pkey_fromdata_test_cleanup,
2838 pkey_fromdata_test_parse,
2839 pkey_fromdata_test_run
2840 };
2841
2842 /*
2843 * "Sign" implies EVP_PKEY_sign_init_ex2() if the argument is a colon-separated
2844 * pair, {algorithm}:{key}. If not, it implies EVP_PKEY_sign_init_ex()
2845 */
sign_test_init(EVP_TEST * t,const char * name)2846 static int sign_test_init(EVP_TEST *t, const char *name)
2847 {
2848 if (strchr(name, ':') != NULL)
2849 return pkey_test_init_ex2(t, name, 0,
2850 EVP_PKEY_sign_init_ex2, EVP_PKEY_sign);
2851 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init_ex, EVP_PKEY_sign);
2852 }
2853
2854 static const EVP_TEST_METHOD psign_test_method = {
2855 "Sign",
2856 sign_test_init,
2857 pkey_test_cleanup,
2858 pkey_test_parse,
2859 pkey_test_run
2860 };
2861
2862 /*
2863 * "Sign-Message" is like "Sign", but uses EVP_PKEY_sign_message_init()
2864 * The argument must be a colon separated pair, {algorithm}:{key}
2865 */
sign_test_message_init(EVP_TEST * t,const char * name)2866 static int sign_test_message_init(EVP_TEST *t, const char *name)
2867 {
2868 return pkey_test_init_ex2(t, name, 0,
2869 EVP_PKEY_sign_message_init, EVP_PKEY_sign);
2870 }
2871
2872 static const EVP_TEST_METHOD psign_message_test_method = {
2873 "Sign-Message",
2874 sign_test_message_init,
2875 pkey_test_cleanup,
2876 pkey_test_parse,
2877 pkey_test_run
2878 };
2879
2880 /*
2881 * "VerifyRecover" implies EVP_PKEY_verify_recover_init_ex2() if the argument is a
2882 * colon-separated pair, {algorithm}:{key}.
2883 * If not, it implies EVP_PKEY_verify_recover_init_ex()
2884 */
verify_recover_test_init(EVP_TEST * t,const char * name)2885 static int verify_recover_test_init(EVP_TEST *t, const char *name)
2886 {
2887 if (strchr(name, ':') != NULL)
2888 return pkey_test_init_ex2(t, name, 1,
2889 EVP_PKEY_verify_recover_init_ex2,
2890 EVP_PKEY_verify_recover);
2891 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init_ex,
2892 EVP_PKEY_verify_recover);
2893 }
2894
2895 static const EVP_TEST_METHOD pverify_recover_test_method = {
2896 "VerifyRecover",
2897 verify_recover_test_init,
2898 pkey_test_cleanup,
2899 pkey_test_parse,
2900 pkey_test_run
2901 };
2902
decrypt_test_init(EVP_TEST * t,const char * name)2903 static int decrypt_test_init(EVP_TEST *t, const char *name)
2904 {
2905 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init_ex,
2906 EVP_PKEY_decrypt);
2907 }
2908
2909 static const EVP_TEST_METHOD pdecrypt_test_method = {
2910 "Decrypt",
2911 decrypt_test_init,
2912 pkey_test_cleanup,
2913 pkey_test_parse,
2914 pkey_test_run
2915 };
2916
2917 /*
2918 * "Verify" implies EVP_PKEY_verify_init_ex2() if the argument is a
2919 * colon-separated pair, {algorithm}:{key}.
2920 * If not, it implies EVP_PKEY_verify_init_ex()
2921 */
verify_test_init(EVP_TEST * t,const char * name)2922 static int verify_test_init(EVP_TEST *t, const char *name)
2923 {
2924 if (strchr(name, ':') != NULL)
2925 return pkey_test_init_ex2(t, name, 1,
2926 EVP_PKEY_verify_init_ex2, NULL);
2927 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init_ex, NULL);
2928 }
2929
verify_test_run(EVP_TEST * t)2930 static int verify_test_run(EVP_TEST *t)
2931 {
2932 int ret = 1;
2933 PKEY_DATA *kdata = t->data;
2934
2935 if (!pkey_test_run_init(t))
2936 goto err;
2937 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
2938 kdata->input, kdata->input_len) <= 0) {
2939 t->err = "VERIFY_ERROR";
2940 goto err;
2941 }
2942 if (!pkey_check_fips_approved(kdata->ctx, t))
2943 ret = 0;
2944 err:
2945 return ret;
2946 }
2947
2948 static const EVP_TEST_METHOD pverify_test_method = {
2949 "Verify",
2950 verify_test_init,
2951 pkey_test_cleanup,
2952 pkey_test_parse,
2953 verify_test_run
2954 };
2955
2956 /*
2957 * "Verify-Message" is like "Verify", but uses EVP_PKEY_verify_message_init()
2958 * The argument must be a colon separated pair, {algorithm}:{key}
2959 */
verify_message_test_init(EVP_TEST * t,const char * name)2960 static int verify_message_test_init(EVP_TEST *t, const char *name)
2961 {
2962 return pkey_test_init_ex2(t, name, 0,
2963 EVP_PKEY_verify_message_init, NULL);
2964 }
2965
2966 static const EVP_TEST_METHOD pverify_message_test_method = {
2967 "Verify-Message",
2968 verify_message_test_init,
2969 pkey_test_cleanup,
2970 pkey_test_parse,
2971 verify_test_run
2972 };
2973
2974 /*
2975 * "Verify-Message-Public" is like "Verify-Message", but uses a public key
2976 * instead of a private key.
2977 * The argument must be a colon separated pair, {algorithm}:{key}
2978 */
verify_message_public_test_init(EVP_TEST * t,const char * name)2979 static int verify_message_public_test_init(EVP_TEST *t, const char *name)
2980 {
2981 return pkey_test_init_ex2(t, name, 1,
2982 EVP_PKEY_verify_message_init, NULL);
2983 }
2984
2985 static const EVP_TEST_METHOD pverify_message_public_test_method = {
2986 "Verify-Message-Public",
2987 verify_message_public_test_init,
2988 pkey_test_cleanup,
2989 pkey_test_parse,
2990 verify_test_run
2991 };
2992
pderive_test_init(EVP_TEST * t,const char * name)2993 static int pderive_test_init(EVP_TEST *t, const char *name)
2994 {
2995 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init_ex, 0);
2996 }
2997
pderive_test_parse(EVP_TEST * t,const char * keyword,const char * value)2998 static int pderive_test_parse(EVP_TEST *t,
2999 const char *keyword, const char *value)
3000 {
3001 PKEY_DATA *kdata = t->data;
3002 int validate = 0;
3003
3004 if (strcmp(keyword, "PeerKeyValidate") == 0)
3005 validate = 1;
3006
3007 if (validate || strcmp(keyword, "PeerKey") == 0) {
3008 EVP_PKEY *peer = NULL;
3009
3010 kdata->validate = validate;
3011 if (find_key(&peer, value, public_keys) == 0)
3012 return -1;
3013 kdata->peer = peer;
3014 return 1;
3015 }
3016 if (strcmp(keyword, "SharedSecret") == 0)
3017 return parse_bin(value, &kdata->output, &kdata->output_len);
3018 if (strcmp(keyword, "Ctrl") == 0)
3019 return pkey_add_control(t, kdata->controls, value);
3020 if (strcmp(keyword, "CtrlInit") == 0)
3021 return ctrladd(kdata->init_controls, value);
3022 return 0;
3023 }
3024
pderive_test_run(EVP_TEST * t)3025 static int pderive_test_run(EVP_TEST *t)
3026 {
3027 EVP_PKEY_CTX *dctx = NULL;
3028 PKEY_DATA *expected = t->data;
3029 unsigned char *got = NULL;
3030 size_t got_len;
3031 int ret = 1;
3032
3033 if (!pkey_test_run_init(t))
3034 goto err;
3035
3036 t->err = NULL;
3037 if (EVP_PKEY_derive_set_peer_ex(expected->ctx, expected->peer,
3038 expected->validate) <= 0) {
3039 t->err = "DERIVE_SET_PEER_ERROR";
3040 goto err;
3041 }
3042
3043 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
3044 t->err = "DERIVE_ERROR";
3045 goto err;
3046 }
3047
3048 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
3049 || !TEST_size_t_ne(got_len, 0)) {
3050 t->err = "DERIVE_ERROR";
3051 goto err;
3052 }
3053 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3054 t->err = "DERIVE_ERROR";
3055 goto err;
3056 }
3057 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
3058 t->err = "DERIVE_ERROR";
3059 goto err;
3060 }
3061 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
3062 expected->output, expected->output_len,
3063 got, got_len))
3064 goto err;
3065
3066 if (!pkey_check_fips_approved(dctx, t)) {
3067 ret = 0;
3068 goto err;
3069 }
3070 t->err = NULL;
3071 err:
3072 OPENSSL_free(got);
3073 EVP_PKEY_CTX_free(dctx);
3074 return ret;
3075 }
3076
3077 static const EVP_TEST_METHOD pderive_test_method = {
3078 "Derive",
3079 pderive_test_init,
3080 pkey_test_cleanup,
3081 pderive_test_parse,
3082 pderive_test_run
3083 };
3084
3085 /**
3086 ** PBE TESTS
3087 **/
3088
3089 typedef enum pbe_type_enum {
3090 PBE_TYPE_INVALID = 0,
3091 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
3092 } PBE_TYPE;
3093
3094 typedef struct pbe_data_st {
3095 PBE_TYPE pbe_type;
3096 /* scrypt parameters */
3097 uint64_t N, r, p, maxmem;
3098 /* PKCS#12 parameters */
3099 int id, iter;
3100 const EVP_MD *md;
3101 /* password */
3102 unsigned char *pass;
3103 size_t pass_len;
3104 /* salt */
3105 unsigned char *salt;
3106 size_t salt_len;
3107 /* Expected output */
3108 unsigned char *key;
3109 size_t key_len;
3110 } PBE_DATA;
3111
3112 #ifndef OPENSSL_NO_SCRYPT
3113 /* Parse unsigned decimal 64 bit integer value */
parse_uint64(const char * value,uint64_t * pr)3114 static int parse_uint64(const char *value, uint64_t *pr)
3115 {
3116 const char *p = value;
3117
3118 if (!TEST_true(*p)) {
3119 TEST_info("Invalid empty integer value");
3120 return -1;
3121 }
3122 for (*pr = 0; *p; ) {
3123 if (*pr > UINT64_MAX / 10) {
3124 TEST_error("Integer overflow in string %s", value);
3125 return -1;
3126 }
3127 *pr *= 10;
3128 if (!TEST_true(isdigit((unsigned char)*p))) {
3129 TEST_error("Invalid character in string %s", value);
3130 return -1;
3131 }
3132 *pr += *p - '0';
3133 p++;
3134 }
3135 return 1;
3136 }
3137
scrypt_test_parse(EVP_TEST * t,const char * keyword,const char * value)3138 static int scrypt_test_parse(EVP_TEST *t,
3139 const char *keyword, const char *value)
3140 {
3141 PBE_DATA *pdata = t->data;
3142
3143 if (strcmp(keyword, "N") == 0)
3144 return parse_uint64(value, &pdata->N);
3145 if (strcmp(keyword, "p") == 0)
3146 return parse_uint64(value, &pdata->p);
3147 if (strcmp(keyword, "r") == 0)
3148 return parse_uint64(value, &pdata->r);
3149 if (strcmp(keyword, "maxmem") == 0)
3150 return parse_uint64(value, &pdata->maxmem);
3151 return 0;
3152 }
3153 #endif
3154
pbkdf2_test_parse(EVP_TEST * t,const char * keyword,const char * value)3155 static int pbkdf2_test_parse(EVP_TEST *t,
3156 const char *keyword, const char *value)
3157 {
3158 PBE_DATA *pdata = t->data;
3159
3160 if (strcmp(keyword, "iter") == 0) {
3161 pdata->iter = atoi(value);
3162 if (pdata->iter <= 0)
3163 return -1;
3164 return 1;
3165 }
3166 if (strcmp(keyword, "MD") == 0) {
3167 pdata->md = EVP_get_digestbyname(value);
3168 if (pdata->md == NULL)
3169 return -1;
3170 return 1;
3171 }
3172 return 0;
3173 }
3174
pkcs12_test_parse(EVP_TEST * t,const char * keyword,const char * value)3175 static int pkcs12_test_parse(EVP_TEST *t,
3176 const char *keyword, const char *value)
3177 {
3178 PBE_DATA *pdata = t->data;
3179
3180 if (strcmp(keyword, "id") == 0) {
3181 pdata->id = atoi(value);
3182 if (pdata->id <= 0)
3183 return -1;
3184 return 1;
3185 }
3186 return pbkdf2_test_parse(t, keyword, value);
3187 }
3188
pbe_test_init(EVP_TEST * t,const char * alg)3189 static int pbe_test_init(EVP_TEST *t, const char *alg)
3190 {
3191 PBE_DATA *pdat;
3192 PBE_TYPE pbe_type = PBE_TYPE_INVALID;
3193
3194 if (is_kdf_disabled(alg)) {
3195 TEST_info("skipping, '%s' is disabled", alg);
3196 t->skip = 1;
3197 return 1;
3198 }
3199 if (strcmp(alg, "scrypt") == 0) {
3200 pbe_type = PBE_TYPE_SCRYPT;
3201 } else if (strcmp(alg, "pbkdf2") == 0) {
3202 pbe_type = PBE_TYPE_PBKDF2;
3203 } else if (strcmp(alg, "pkcs12") == 0) {
3204 pbe_type = PBE_TYPE_PKCS12;
3205 } else {
3206 TEST_error("Unknown pbe algorithm %s", alg);
3207 return 0;
3208 }
3209 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
3210 return 0;
3211 pdat->pbe_type = pbe_type;
3212 t->data = pdat;
3213 return 1;
3214 }
3215
pbe_test_cleanup(EVP_TEST * t)3216 static void pbe_test_cleanup(EVP_TEST *t)
3217 {
3218 PBE_DATA *pdat = t->data;
3219
3220 OPENSSL_free(pdat->pass);
3221 OPENSSL_free(pdat->salt);
3222 OPENSSL_free(pdat->key);
3223 }
3224
pbe_test_parse(EVP_TEST * t,const char * keyword,const char * value)3225 static int pbe_test_parse(EVP_TEST *t,
3226 const char *keyword, const char *value)
3227 {
3228 PBE_DATA *pdata = t->data;
3229
3230 if (strcmp(keyword, "Password") == 0)
3231 return parse_bin(value, &pdata->pass, &pdata->pass_len);
3232 if (strcmp(keyword, "Salt") == 0)
3233 return parse_bin(value, &pdata->salt, &pdata->salt_len);
3234 if (strcmp(keyword, "Key") == 0)
3235 return parse_bin(value, &pdata->key, &pdata->key_len);
3236 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
3237 return pbkdf2_test_parse(t, keyword, value);
3238 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
3239 return pkcs12_test_parse(t, keyword, value);
3240 #ifndef OPENSSL_NO_SCRYPT
3241 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
3242 return scrypt_test_parse(t, keyword, value);
3243 #endif
3244 return 0;
3245 }
3246
pbe_test_run(EVP_TEST * t)3247 static int pbe_test_run(EVP_TEST *t)
3248 {
3249 PBE_DATA *expected = t->data;
3250 unsigned char *key;
3251 EVP_MD *fetched_digest = NULL;
3252 OSSL_LIB_CTX *save_libctx;
3253
3254 save_libctx = OSSL_LIB_CTX_set0_default(libctx);
3255
3256 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
3257 t->err = "INTERNAL_ERROR";
3258 goto err;
3259 }
3260 if (expected->pbe_type == PBE_TYPE_PBKDF2) {
3261 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
3262 expected->salt, expected->salt_len,
3263 expected->iter, expected->md,
3264 expected->key_len, key) == 0) {
3265 t->err = "PBKDF2_ERROR";
3266 goto err;
3267 }
3268 #ifndef OPENSSL_NO_SCRYPT
3269 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
3270 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
3271 expected->salt, expected->salt_len,
3272 expected->N, expected->r, expected->p,
3273 expected->maxmem, key, expected->key_len) == 0) {
3274 t->err = "SCRYPT_ERROR";
3275 goto err;
3276 }
3277 #endif
3278 } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
3279 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
3280 propquery);
3281 if (fetched_digest == NULL) {
3282 t->err = "PKCS12_ERROR";
3283 goto err;
3284 }
3285 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
3286 expected->salt, expected->salt_len,
3287 expected->id, expected->iter, expected->key_len,
3288 key, fetched_digest) == 0) {
3289 t->err = "PKCS12_ERROR";
3290 goto err;
3291 }
3292 }
3293 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
3294 key, expected->key_len))
3295 goto err;
3296
3297 t->err = NULL;
3298 err:
3299 EVP_MD_free(fetched_digest);
3300 OPENSSL_free(key);
3301 OSSL_LIB_CTX_set0_default(save_libctx);
3302 return 1;
3303 }
3304
3305 static const EVP_TEST_METHOD pbe_test_method = {
3306 "PBE",
3307 pbe_test_init,
3308 pbe_test_cleanup,
3309 pbe_test_parse,
3310 pbe_test_run
3311 };
3312
3313
3314 /**
3315 ** BASE64 TESTS
3316 **/
3317
3318 typedef enum {
3319 BASE64_CANONICAL_ENCODING = 0,
3320 BASE64_VALID_ENCODING = 1,
3321 BASE64_INVALID_ENCODING = 2
3322 } base64_encoding_type;
3323
3324 typedef struct encode_data_st {
3325 /* Input to encoding */
3326 unsigned char *input;
3327 size_t input_len;
3328 /* Expected output */
3329 unsigned char *output;
3330 size_t output_len;
3331 base64_encoding_type encoding;
3332 } ENCODE_DATA;
3333
encode_test_init(EVP_TEST * t,const char * encoding)3334 static int encode_test_init(EVP_TEST *t, const char *encoding)
3335 {
3336 ENCODE_DATA *edata;
3337
3338 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
3339 return 0;
3340 if (strcmp(encoding, "canonical") == 0) {
3341 edata->encoding = BASE64_CANONICAL_ENCODING;
3342 } else if (strcmp(encoding, "valid") == 0) {
3343 edata->encoding = BASE64_VALID_ENCODING;
3344 } else if (strcmp(encoding, "invalid") == 0) {
3345 edata->encoding = BASE64_INVALID_ENCODING;
3346 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
3347 goto err;
3348 } else {
3349 TEST_error("Bad encoding: %s."
3350 " Should be one of {canonical, valid, invalid}",
3351 encoding);
3352 goto err;
3353 }
3354 t->data = edata;
3355 return 1;
3356 err:
3357 OPENSSL_free(edata);
3358 return 0;
3359 }
3360
encode_test_cleanup(EVP_TEST * t)3361 static void encode_test_cleanup(EVP_TEST *t)
3362 {
3363 ENCODE_DATA *edata = t->data;
3364
3365 OPENSSL_free(edata->input);
3366 OPENSSL_free(edata->output);
3367 memset(edata, 0, sizeof(*edata));
3368 }
3369
encode_test_parse(EVP_TEST * t,const char * keyword,const char * value)3370 static int encode_test_parse(EVP_TEST *t,
3371 const char *keyword, const char *value)
3372 {
3373 ENCODE_DATA *edata = t->data;
3374
3375 if (strcmp(keyword, "Input") == 0)
3376 return parse_bin(value, &edata->input, &edata->input_len);
3377 if (strcmp(keyword, "Output") == 0)
3378 return parse_bin(value, &edata->output, &edata->output_len);
3379 return 0;
3380 }
3381
encode_test_run(EVP_TEST * t)3382 static int encode_test_run(EVP_TEST *t)
3383 {
3384 ENCODE_DATA *expected = t->data;
3385 unsigned char *encode_out = NULL, *decode_out = NULL;
3386 int output_len, chunk_len;
3387 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
3388 size_t input_len, donelen, decode_length;
3389
3390 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
3391 t->err = "INTERNAL_ERROR";
3392 goto err;
3393 }
3394
3395 if (expected->encoding == BASE64_CANONICAL_ENCODING) {
3396
3397 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
3398 || !TEST_ptr(encode_out =
3399 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
3400 goto err;
3401
3402 EVP_EncodeInit(encode_ctx);
3403
3404 input_len = expected->input_len;
3405 donelen = 0;
3406 output_len = 0;
3407 do {
3408 size_t current_len = (size_t) data_chunk_size;
3409
3410 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
3411 current_len = input_len;
3412 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
3413 expected->input + donelen,
3414 current_len)))
3415 goto err;
3416 donelen += current_len;
3417 input_len -= current_len;
3418 output_len += chunk_len;
3419 } while (input_len > 0);
3420
3421 EVP_EncodeFinal(encode_ctx, encode_out + output_len, &chunk_len);
3422 output_len += chunk_len;
3423
3424 if (!memory_err_compare(t, "BAD_ENCODING",
3425 expected->output, expected->output_len,
3426 encode_out, output_len))
3427 goto err;
3428 }
3429
3430 decode_length = EVP_DECODE_LENGTH(expected->output_len);
3431 if (!TEST_ptr(decode_out = OPENSSL_malloc(decode_length)))
3432 goto err;
3433 /*
3434 * Fill memory with non-zeros
3435 * to check that decoding does not place redundant zeros.
3436 */
3437 memset(decode_out, 0xff, decode_length);
3438
3439 output_len = 0;
3440 EVP_DecodeInit(decode_ctx);
3441
3442 input_len = expected->output_len;
3443 donelen = 0;
3444 do {
3445 size_t current_len = (size_t) data_chunk_size;
3446
3447 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len)
3448 current_len = input_len;
3449 if (EVP_DecodeUpdate(decode_ctx, decode_out + output_len, &chunk_len,
3450 expected->output + donelen, current_len) < 0) {
3451 t->err = "DECODE_ERROR";
3452 goto err;
3453 }
3454 donelen += current_len;
3455 input_len -= current_len;
3456 output_len += chunk_len;
3457 } while (input_len > 0);
3458
3459 if (EVP_DecodeFinal(decode_ctx, decode_out + output_len, &chunk_len) != 1) {
3460 t->err = "DECODE_ERROR";
3461 goto err;
3462 }
3463 output_len += chunk_len;
3464
3465 if (expected->encoding != BASE64_INVALID_ENCODING
3466 && !memory_err_compare(t, "BAD_DECODING",
3467 expected->input, expected->input_len,
3468 decode_out, output_len)) {
3469 t->err = "BAD_DECODING";
3470 goto err;
3471 }
3472
3473 for (; output_len < (int)decode_length; output_len++) {
3474 if (decode_out[output_len] != 0xff) {
3475 t->err = "BAD_DECODING";
3476 goto err;
3477 }
3478 }
3479
3480 t->err = NULL;
3481 err:
3482 OPENSSL_free(encode_out);
3483 OPENSSL_free(decode_out);
3484 EVP_ENCODE_CTX_free(decode_ctx);
3485 EVP_ENCODE_CTX_free(encode_ctx);
3486 return 1;
3487 }
3488
3489 static const EVP_TEST_METHOD encode_test_method = {
3490 "Encoding",
3491 encode_test_init,
3492 encode_test_cleanup,
3493 encode_test_parse,
3494 encode_test_run,
3495 };
3496
3497
3498 /**
3499 ** RAND TESTS
3500 **/
3501 #define MAX_RAND_REPEATS 15
3502
3503 typedef struct rand_data_pass_st {
3504 unsigned char *entropy;
3505 unsigned char *reseed_entropy;
3506 unsigned char *nonce;
3507 unsigned char *pers;
3508 unsigned char *reseed_addin;
3509 unsigned char *addinA;
3510 unsigned char *addinB;
3511 unsigned char *pr_entropyA;
3512 unsigned char *pr_entropyB;
3513 unsigned char *output;
3514 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
3515 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
3516 reseed_addin_len;
3517 } RAND_DATA_PASS;
3518
3519 typedef struct rand_data_st {
3520 /* Context for this operation */
3521 EVP_RAND_CTX *ctx;
3522 EVP_RAND_CTX *parent;
3523 int n;
3524 int prediction_resistance;
3525 int use_df;
3526 unsigned int generate_bits;
3527 char *cipher;
3528 char *digest;
3529 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
3530
3531 /* Expected output */
3532 RAND_DATA_PASS data[MAX_RAND_REPEATS];
3533 } RAND_DATA;
3534
rand_test_init(EVP_TEST * t,const char * name)3535 static int rand_test_init(EVP_TEST *t, const char *name)
3536 {
3537 RAND_DATA *rdata;
3538 EVP_RAND *rand;
3539 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3540 unsigned int strength = 256;
3541
3542 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
3543 return 0;
3544
3545 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
3546 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
3547 if (rand == NULL)
3548 goto err;
3549 rdata->parent = EVP_RAND_CTX_new(rand, NULL);
3550 EVP_RAND_free(rand);
3551 if (rdata->parent == NULL)
3552 goto err;
3553
3554 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
3555 if (!EVP_RAND_CTX_set_params(rdata->parent, params))
3556 goto err;
3557
3558 rand = EVP_RAND_fetch(libctx, name, propquery);
3559 if (rand == NULL)
3560 goto err;
3561 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
3562 EVP_RAND_free(rand);
3563 if (rdata->ctx == NULL)
3564 goto err;
3565 rdata->init_controls = sk_OPENSSL_STRING_new_null();
3566
3567 rdata->n = -1;
3568 t->data = rdata;
3569 return 1;
3570 err:
3571 EVP_RAND_CTX_free(rdata->parent);
3572 OPENSSL_free(rdata);
3573 return 0;
3574 }
3575
rand_test_cleanup(EVP_TEST * t)3576 static void rand_test_cleanup(EVP_TEST *t)
3577 {
3578 RAND_DATA *rdata = t->data;
3579 int i;
3580
3581 ctrlfree(rdata->init_controls);
3582 OPENSSL_free(rdata->cipher);
3583 OPENSSL_free(rdata->digest);
3584
3585 for (i = 0; i <= rdata->n; i++) {
3586 OPENSSL_free(rdata->data[i].entropy);
3587 OPENSSL_free(rdata->data[i].reseed_entropy);
3588 OPENSSL_free(rdata->data[i].nonce);
3589 OPENSSL_free(rdata->data[i].pers);
3590 OPENSSL_free(rdata->data[i].reseed_addin);
3591 OPENSSL_free(rdata->data[i].addinA);
3592 OPENSSL_free(rdata->data[i].addinB);
3593 OPENSSL_free(rdata->data[i].pr_entropyA);
3594 OPENSSL_free(rdata->data[i].pr_entropyB);
3595 OPENSSL_free(rdata->data[i].output);
3596 }
3597 EVP_RAND_CTX_free(rdata->ctx);
3598 EVP_RAND_CTX_free(rdata->parent);
3599 }
3600
rand_test_parse(EVP_TEST * t,const char * keyword,const char * value)3601 static int rand_test_parse(EVP_TEST *t,
3602 const char *keyword, const char *value)
3603 {
3604 RAND_DATA *rdata = t->data;
3605 RAND_DATA_PASS *item;
3606 const char *p;
3607 int n;
3608
3609 if ((p = strchr(keyword, '.')) != NULL) {
3610 n = atoi(++p);
3611 if (n >= MAX_RAND_REPEATS)
3612 return 0;
3613 if (n > rdata->n)
3614 rdata->n = n;
3615 item = rdata->data + n;
3616 if (HAS_PREFIX(keyword, "Entropy."))
3617 return parse_bin(value, &item->entropy, &item->entropy_len);
3618 if (HAS_PREFIX(keyword, "ReseedEntropy."))
3619 return parse_bin(value, &item->reseed_entropy,
3620 &item->reseed_entropy_len);
3621 if (HAS_PREFIX(keyword, "Nonce."))
3622 return parse_bin(value, &item->nonce, &item->nonce_len);
3623 if (HAS_PREFIX(keyword, "PersonalisationString."))
3624 return parse_bin(value, &item->pers, &item->pers_len);
3625 if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
3626 return parse_bin(value, &item->reseed_addin,
3627 &item->reseed_addin_len);
3628 if (HAS_PREFIX(keyword, "AdditionalInputA."))
3629 return parse_bin(value, &item->addinA, &item->addinA_len);
3630 if (HAS_PREFIX(keyword, "AdditionalInputB."))
3631 return parse_bin(value, &item->addinB, &item->addinB_len);
3632 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
3633 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
3634 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
3635 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
3636 if (HAS_PREFIX(keyword, "Output."))
3637 return parse_bin(value, &item->output, &item->output_len);
3638 } else {
3639 if (strcmp(keyword, "Cipher") == 0)
3640 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
3641 if (strcmp(keyword, "Digest") == 0)
3642 return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
3643 if (strcmp(keyword, "DerivationFunction") == 0) {
3644 rdata->use_df = atoi(value) != 0;
3645 return 1;
3646 }
3647 if (strcmp(keyword, "GenerateBits") == 0) {
3648 if ((n = atoi(value)) <= 0 || n % 8 != 0)
3649 return 0;
3650 rdata->generate_bits = (unsigned int)n;
3651 return 1;
3652 }
3653 if (strcmp(keyword, "PredictionResistance") == 0) {
3654 rdata->prediction_resistance = atoi(value) != 0;
3655 return 1;
3656 }
3657 if (strcmp(keyword, "CtrlInit") == 0)
3658 return ctrladd(rdata->init_controls, value);
3659 }
3660 return 0;
3661 }
3662
rand_test_run(EVP_TEST * t)3663 static int rand_test_run(EVP_TEST *t)
3664 {
3665 RAND_DATA *expected = t->data;
3666 RAND_DATA_PASS *item;
3667 unsigned char *got;
3668 size_t got_len = expected->generate_bits / 8;
3669 OSSL_PARAM params[8], *p = params;
3670 int i = -1, ret = 0;
3671 unsigned int strength;
3672 unsigned char *z;
3673 size_t params_n = 0, params_allocated_n = 0;
3674
3675 if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
3676 return 0;
3677
3678 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) {
3679 if (!ctrl2params(t, expected->init_controls,
3680 NULL,
3681 params, OSSL_NELEM(params), ¶ms_n))
3682 goto err;
3683 }
3684 p = params + params_n;
3685
3686 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
3687 if (expected->cipher != NULL)
3688 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
3689 expected->cipher, 0);
3690 if (expected->digest != NULL)
3691 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
3692 expected->digest, 0);
3693 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
3694 *p = OSSL_PARAM_construct_end();
3695 if (!EVP_RAND_CTX_set_params(expected->ctx, params)) {
3696 if (t->expect_unapproved == 0) {
3697 t->err = "EVP_RAND_CTX_set_params";
3698 ret = 1;
3699 }
3700 goto err;
3701 }
3702 ctrl2params_free(params, params_n, params_allocated_n);
3703 params_n = 0;
3704
3705 strength = EVP_RAND_get_strength(expected->ctx);
3706 for (i = 0; i <= expected->n; i++) {
3707 item = expected->data + i;
3708
3709 p = params;
3710 z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
3711 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3712 z, item->entropy_len);
3713 z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
3714 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
3715 z, item->nonce_len);
3716 *p = OSSL_PARAM_construct_end();
3717 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
3718 0, NULL, 0, params)))
3719 goto err;
3720
3721 z = item->pers != NULL ? item->pers : (unsigned char *)"";
3722 if (!TEST_true(EVP_RAND_instantiate
3723 (expected->ctx, strength,
3724 expected->prediction_resistance, z,
3725 item->pers_len, NULL)))
3726 goto err;
3727
3728 if (item->reseed_entropy != NULL) {
3729 params[0] = OSSL_PARAM_construct_octet_string
3730 (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
3731 item->reseed_entropy_len);
3732 params[1] = OSSL_PARAM_construct_end();
3733 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
3734 goto err;
3735
3736 if (!TEST_true(EVP_RAND_reseed
3737 (expected->ctx, expected->prediction_resistance,
3738 NULL, 0, item->reseed_addin,
3739 item->reseed_addin_len)))
3740 goto err;
3741 }
3742 if (item->pr_entropyA != NULL) {
3743 params[0] = OSSL_PARAM_construct_octet_string
3744 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
3745 item->pr_entropyA_len);
3746 params[1] = OSSL_PARAM_construct_end();
3747 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
3748 goto err;
3749 }
3750 if (!TEST_true(EVP_RAND_generate
3751 (expected->ctx, got, got_len,
3752 strength, expected->prediction_resistance,
3753 item->addinA, item->addinA_len)))
3754 goto err;
3755
3756 if (item->pr_entropyB != NULL) {
3757 params[0] = OSSL_PARAM_construct_octet_string
3758 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
3759 item->pr_entropyB_len);
3760 params[1] = OSSL_PARAM_construct_end();
3761 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
3762 goto err;
3763 }
3764 if (!TEST_true(EVP_RAND_generate
3765 (expected->ctx, got, got_len,
3766 strength, expected->prediction_resistance,
3767 item->addinB, item->addinB_len)))
3768 goto err;
3769 if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
3770 goto err;
3771 if (!rand_check_fips_approved(expected->ctx, t))
3772 goto err;
3773 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
3774 || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
3775 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
3776 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
3777 EVP_RAND_STATE_UNINITIALISED))
3778 goto err;
3779 }
3780 t->err = NULL;
3781 ret = 1;
3782
3783 err:
3784 if (ret == 0 && i >= 0)
3785 TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
3786 OPENSSL_free(got);
3787 ctrl2params_free(params, params_n, params_allocated_n);
3788 return ret;
3789 }
3790
3791 static const EVP_TEST_METHOD rand_test_method = {
3792 "RAND",
3793 rand_test_init,
3794 rand_test_cleanup,
3795 rand_test_parse,
3796 rand_test_run
3797 };
3798
3799 /**
3800 ** KDF TESTS
3801 **/
3802 typedef struct kdf_data_st {
3803 /* Context for this operation */
3804 EVP_KDF_CTX *ctx;
3805 /* Expected output */
3806 unsigned char *output;
3807 size_t output_len;
3808 OSSL_PARAM params[20];
3809 OSSL_PARAM *p;
3810 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
3811 } KDF_DATA;
3812
3813 /*
3814 * Perform public key operation setup: lookup key, allocated ctx and call
3815 * the appropriate initialisation function
3816 */
kdf_test_init(EVP_TEST * t,const char * name)3817 static int kdf_test_init(EVP_TEST *t, const char *name)
3818 {
3819 KDF_DATA *kdata;
3820 EVP_KDF *kdf;
3821
3822 if (is_kdf_disabled(name)) {
3823 TEST_info("skipping, '%s' is disabled", name);
3824 t->skip = 1;
3825 return 1;
3826 }
3827
3828 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
3829 return 0;
3830 kdata->p = kdata->params;
3831 *kdata->p = OSSL_PARAM_construct_end();
3832
3833 kdf = EVP_KDF_fetch(libctx, name, propquery);
3834 if (kdf == NULL) {
3835 OPENSSL_free(kdata);
3836 return 0;
3837 }
3838 kdata->ctx = EVP_KDF_CTX_new(kdf);
3839 EVP_KDF_free(kdf);
3840 if (kdata->ctx == NULL) {
3841 OPENSSL_free(kdata);
3842 return 0;
3843 }
3844 t->data = kdata;
3845 kdata->init_controls = sk_OPENSSL_STRING_new_null();
3846 return 1;
3847 }
3848
kdf_test_cleanup(EVP_TEST * t)3849 static void kdf_test_cleanup(EVP_TEST *t)
3850 {
3851 KDF_DATA *kdata = t->data;
3852 OSSL_PARAM *p;
3853
3854 ctrlfree(kdata->init_controls);
3855 for (p = kdata->params; p->key != NULL; p++)
3856 OPENSSL_free(p->data);
3857 OPENSSL_free(kdata->output);
3858 EVP_KDF_CTX_free(kdata->ctx);
3859 }
3860
kdf_test_ctrl(EVP_TEST * t,EVP_KDF_CTX * kctx,const char * value)3861 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
3862 const char *value)
3863 {
3864 KDF_DATA *kdata = t->data;
3865 int rv;
3866 char *p, *name;
3867 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
3868
3869 if (!TEST_ptr(name = OPENSSL_strdup(value)))
3870 return 0;
3871 p = strchr(name, ':');
3872 if (p == NULL)
3873 p = "";
3874 else
3875 *p++ = '\0';
3876
3877 if (strcmp(name, "r") == 0
3878 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3879 TEST_info("skipping, setting 'r' is unsupported");
3880 t->skip = 1;
3881 goto end;
3882 }
3883
3884 if (strcmp(name, "lanes") == 0
3885 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3886 TEST_info("skipping, setting 'lanes' is unsupported");
3887 t->skip = 1;
3888 goto end;
3889 }
3890
3891 if (strcmp(name, "iter") == 0
3892 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3893 TEST_info("skipping, setting 'iter' is unsupported");
3894 t->skip = 1;
3895 goto end;
3896 }
3897
3898 if (strcmp(name, "memcost") == 0
3899 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3900 TEST_info("skipping, setting 'memcost' is unsupported");
3901 t->skip = 1;
3902 goto end;
3903 }
3904
3905 if (strcmp(name, "secret") == 0
3906 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3907 TEST_info("skipping, setting 'secret' is unsupported");
3908 t->skip = 1;
3909 goto end;
3910 }
3911
3912 if (strcmp(name, "pass") == 0
3913 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3914 TEST_info("skipping, setting 'pass' is unsupported");
3915 t->skip = 1;
3916 goto end;
3917 }
3918
3919 if (strcmp(name, "ad") == 0
3920 && OSSL_PARAM_locate_const(defs, name) == NULL) {
3921 TEST_info("skipping, setting 'ad' is unsupported");
3922 t->skip = 1;
3923 goto end;
3924 }
3925
3926 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
3927 strlen(p), NULL);
3928 *++kdata->p = OSSL_PARAM_construct_end();
3929 if (!rv) {
3930 t->err = "KDF_PARAM_ERROR";
3931 OPENSSL_free(name);
3932 return 0;
3933 }
3934 if (strcmp(name, "digest") == 0) {
3935 if (is_digest_disabled(p)) {
3936 TEST_info("skipping, '%s' is disabled", p);
3937 t->skip = 1;
3938 }
3939 goto end;
3940 }
3941
3942 if ((strcmp(name, "cipher") == 0
3943 || strcmp(name, "cekalg") == 0)
3944 && is_cipher_disabled(p)) {
3945 TEST_info("skipping, '%s' is disabled", p);
3946 t->skip = 1;
3947 goto end;
3948 }
3949 if ((strcmp(name, "mac") == 0)
3950 && is_mac_disabled(p)) {
3951 TEST_info("skipping, '%s' is disabled", p);
3952 t->skip = 1;
3953 }
3954 end:
3955 OPENSSL_free(name);
3956 return 1;
3957 }
3958
kdf_test_parse(EVP_TEST * t,const char * keyword,const char * value)3959 static int kdf_test_parse(EVP_TEST *t,
3960 const char *keyword, const char *value)
3961 {
3962 KDF_DATA *kdata = t->data;
3963
3964 if (strcmp(keyword, "Output") == 0)
3965 return parse_bin(value, &kdata->output, &kdata->output_len);
3966 if (strcmp(keyword, "CtrlInit") == 0)
3967 return ctrladd(kdata->init_controls, value);
3968 if (HAS_PREFIX(keyword, "Ctrl"))
3969 return kdf_test_ctrl(t, kdata->ctx, value);
3970 return 0;
3971 }
3972
kdf_test_run(EVP_TEST * t)3973 static int kdf_test_run(EVP_TEST *t)
3974 {
3975 int ret = 1;
3976 KDF_DATA *expected = t->data;
3977 unsigned char *got = NULL;
3978 size_t got_len = expected->output_len;
3979 EVP_KDF_CTX *ctx;
3980 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
3981 size_t params_n = 0, params_allocated_n = 0;
3982
3983 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) {
3984 if (!ctrl2params(t, expected->init_controls,
3985 NULL,
3986 params, OSSL_NELEM(params), ¶ms_n))
3987 goto err;
3988 if (!EVP_KDF_CTX_set_params(expected->ctx, params)) {
3989 t->err = "KDF_CTRL_ERROR";
3990 goto err;
3991 }
3992 }
3993
3994 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
3995 t->err = "KDF_CTRL_ERROR";
3996 goto err;
3997 }
3998 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
3999 t->err = "INTERNAL_ERROR";
4000 goto err;
4001 }
4002 /* FIPS(3.0.0): can't dup KDF contexts #17572 */
4003 if (fips_provider_version_gt(libctx, 3, 0, 0)
4004 && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) {
4005 EVP_KDF_CTX_free(expected->ctx);
4006 expected->ctx = ctx;
4007 }
4008 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
4009 t->err = "KDF_DERIVE_ERROR";
4010 goto err;
4011 }
4012 if (!kdf_check_fips_approved(expected->ctx, t)) {
4013 ret = 0;
4014 goto err;
4015 }
4016 if (!memory_err_compare(t, "KDF_MISMATCH",
4017 expected->output, expected->output_len,
4018 got, got_len))
4019 goto err;
4020
4021 t->err = NULL;
4022
4023 err:
4024 ctrl2params_free(params, params_n, params_allocated_n);
4025 OPENSSL_free(got);
4026 return ret;
4027 }
4028
4029 static const EVP_TEST_METHOD kdf_test_method = {
4030 "KDF",
4031 kdf_test_init,
4032 kdf_test_cleanup,
4033 kdf_test_parse,
4034 kdf_test_run
4035 };
4036
4037 /**
4038 ** PKEY KDF TESTS
4039 **/
4040
4041 typedef struct pkey_kdf_data_st {
4042 /* Context for this operation */
4043 EVP_PKEY_CTX *ctx;
4044 /* Expected output */
4045 unsigned char *output;
4046 size_t output_len;
4047 } PKEY_KDF_DATA;
4048
4049 /*
4050 * Perform public key operation setup: lookup key, allocated ctx and call
4051 * the appropriate initialisation function
4052 */
pkey_kdf_test_init(EVP_TEST * t,const char * name)4053 static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
4054 {
4055 PKEY_KDF_DATA *kdata = NULL;
4056
4057 if (is_kdf_disabled(name)) {
4058 TEST_info("skipping, '%s' is disabled", name);
4059 t->skip = 1;
4060 return 1;
4061 }
4062
4063 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
4064 return 0;
4065
4066 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery);
4067 if (kdata->ctx == NULL
4068 || EVP_PKEY_derive_init(kdata->ctx) <= 0)
4069 goto err;
4070
4071 t->data = kdata;
4072 return 1;
4073 err:
4074 EVP_PKEY_CTX_free(kdata->ctx);
4075 OPENSSL_free(kdata);
4076 return 0;
4077 }
4078
pkey_kdf_test_cleanup(EVP_TEST * t)4079 static void pkey_kdf_test_cleanup(EVP_TEST *t)
4080 {
4081 PKEY_KDF_DATA *kdata = t->data;
4082
4083 OPENSSL_free(kdata->output);
4084 EVP_PKEY_CTX_free(kdata->ctx);
4085 }
4086
pkey_kdf_test_parse(EVP_TEST * t,const char * keyword,const char * value)4087 static int pkey_kdf_test_parse(EVP_TEST *t,
4088 const char *keyword, const char *value)
4089 {
4090 PKEY_KDF_DATA *kdata = t->data;
4091
4092 if (strcmp(keyword, "Output") == 0)
4093 return parse_bin(value, &kdata->output, &kdata->output_len);
4094 if (HAS_PREFIX(keyword, "Ctrl"))
4095 return pkey_test_ctrl(t, kdata->ctx, value);
4096 return 0;
4097 }
4098
pkey_kdf_test_run(EVP_TEST * t)4099 static int pkey_kdf_test_run(EVP_TEST *t)
4100 {
4101 int ret = 1;
4102 PKEY_KDF_DATA *expected = t->data;
4103 unsigned char *got = NULL;
4104 size_t got_len = 0;
4105
4106 if (fips_provider_version_eq(libctx, 3, 0, 0)) {
4107 /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */
4108 got_len = expected->output_len;
4109 } else {
4110 /* Find out the KDF output size */
4111 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
4112 t->err = "INTERNAL_ERROR";
4113 goto err;
4114 }
4115
4116 /*
4117 * We may get an absurd output size, which signals that anything goes.
4118 * If not, we specify a too big buffer for the output, to test that
4119 * EVP_PKEY_derive() can cope with it.
4120 */
4121 if (got_len == SIZE_MAX || got_len == 0)
4122 got_len = expected->output_len;
4123 else
4124 got_len = expected->output_len * 2;
4125 }
4126
4127 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
4128 t->err = "INTERNAL_ERROR";
4129 goto err;
4130 }
4131 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
4132 t->err = "KDF_DERIVE_ERROR";
4133 goto err;
4134 }
4135 if (!pkey_check_fips_approved(expected->ctx, t)) {
4136 ret = 0;
4137 goto err;
4138 }
4139 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
4140 t->err = "KDF_MISMATCH";
4141 goto err;
4142 }
4143 t->err = NULL;
4144
4145 err:
4146 OPENSSL_free(got);
4147 return ret;
4148 }
4149
4150 static const EVP_TEST_METHOD pkey_kdf_test_method = {
4151 "PKEYKDF",
4152 pkey_kdf_test_init,
4153 pkey_kdf_test_cleanup,
4154 pkey_kdf_test_parse,
4155 pkey_kdf_test_run
4156 };
4157
4158 /**
4159 ** KEYPAIR TESTS
4160 **/
4161
4162 typedef struct keypair_test_data_st {
4163 EVP_PKEY *privk;
4164 EVP_PKEY *pubk;
4165 } KEYPAIR_TEST_DATA;
4166
keypair_test_init(EVP_TEST * t,const char * pair)4167 static int keypair_test_init(EVP_TEST *t, const char *pair)
4168 {
4169 KEYPAIR_TEST_DATA *data;
4170 int rv = 0;
4171 EVP_PKEY *pk = NULL, *pubk = NULL;
4172 char *pub, *priv = NULL;
4173
4174 /* Split private and public names. */
4175 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
4176 || !TEST_ptr(pub = strchr(priv, ':'))) {
4177 t->err = "PARSING_ERROR";
4178 goto end;
4179 }
4180 *pub++ = '\0';
4181
4182 if (!TEST_true(find_key(&pk, priv, private_keys))) {
4183 TEST_info("Can't find private key: %s", priv);
4184 t->err = "MISSING_PRIVATE_KEY";
4185 goto end;
4186 }
4187 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
4188 TEST_info("Can't find public key: %s", pub);
4189 t->err = "MISSING_PUBLIC_KEY";
4190 goto end;
4191 }
4192
4193 if (pk == NULL && pubk == NULL) {
4194 /* Both keys are listed but unsupported: skip this test */
4195 t->skip = 1;
4196 rv = 1;
4197 goto end;
4198 }
4199
4200 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
4201 goto end;
4202 data->privk = pk;
4203 data->pubk = pubk;
4204 t->data = data;
4205 rv = 1;
4206 t->err = NULL;
4207
4208 end:
4209 OPENSSL_free(priv);
4210 return rv;
4211 }
4212
keypair_test_cleanup(EVP_TEST * t)4213 static void keypair_test_cleanup(EVP_TEST *t)
4214 {
4215 OPENSSL_free(t->data);
4216 t->data = NULL;
4217 }
4218
4219 /*
4220 * For tests that do not accept any custom keywords.
4221 */
void_test_parse(EVP_TEST * t,const char * keyword,const char * value)4222 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
4223 {
4224 return 0;
4225 }
4226
keypair_test_run(EVP_TEST * t)4227 static int keypair_test_run(EVP_TEST *t)
4228 {
4229 int rv = 0;
4230 const KEYPAIR_TEST_DATA *pair = t->data;
4231
4232 if (pair->privk == NULL || pair->pubk == NULL) {
4233 /*
4234 * this can only happen if only one of the keys is not set
4235 * which means that one of them was unsupported while the
4236 * other isn't: hence a key type mismatch.
4237 */
4238 t->err = "KEYPAIR_TYPE_MISMATCH";
4239 rv = 1;
4240 goto end;
4241 }
4242
4243 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) {
4244 if (0 == rv) {
4245 t->err = "KEYPAIR_MISMATCH";
4246 } else if (-1 == rv) {
4247 t->err = "KEYPAIR_TYPE_MISMATCH";
4248 } else if (-2 == rv) {
4249 t->err = "UNSUPPORTED_KEY_COMPARISON";
4250 } else {
4251 TEST_error("Unexpected error in key comparison");
4252 rv = 0;
4253 goto end;
4254 }
4255 rv = 1;
4256 goto end;
4257 }
4258
4259 rv = 1;
4260 t->err = NULL;
4261
4262 end:
4263 return rv;
4264 }
4265
4266 static const EVP_TEST_METHOD keypair_test_method = {
4267 "PrivPubKeyPair",
4268 keypair_test_init,
4269 keypair_test_cleanup,
4270 void_test_parse,
4271 keypair_test_run
4272 };
4273
4274 /**
4275 ** KEYGEN TEST
4276 **/
4277
4278 typedef struct keygen_test_data_st {
4279 char *keyname; /* Key name to store key or NULL */
4280 char *paramname;
4281 char *alg;
4282 STACK_OF(OPENSSL_STRING) *in_controls; /* Collection of controls */
4283 STACK_OF(OPENSSL_STRING) *out_controls;
4284 } KEYGEN_TEST_DATA;
4285
keygen_test_init(EVP_TEST * t,const char * alg)4286 static int keygen_test_init(EVP_TEST *t, const char *alg)
4287 {
4288 KEYGEN_TEST_DATA *data;
4289
4290 if (is_pkey_disabled(alg)) {
4291 t->skip = 1;
4292 return 1;
4293 }
4294
4295 if (!TEST_ptr(data = OPENSSL_zalloc(sizeof(*data))))
4296 return 0;
4297 data->keyname = NULL;
4298 data->paramname = NULL;
4299 data->in_controls = sk_OPENSSL_STRING_new_null();
4300 data->out_controls = sk_OPENSSL_STRING_new_null();
4301 data->alg = OPENSSL_strdup(alg);
4302 t->data = data;
4303 t->err = NULL;
4304 return 1;
4305 }
4306
keygen_test_cleanup(EVP_TEST * t)4307 static void keygen_test_cleanup(EVP_TEST *t)
4308 {
4309 KEYGEN_TEST_DATA *keygen = t->data;
4310
4311 ctrlfree(keygen->in_controls);
4312 ctrlfree(keygen->out_controls);
4313 OPENSSL_free(keygen->alg);
4314 OPENSSL_free(keygen->keyname);
4315 OPENSSL_free(keygen->paramname);
4316 OPENSSL_free(t->data);
4317 t->data = NULL;
4318 }
4319
keygen_test_parse(EVP_TEST * t,const char * keyword,const char * value)4320 static int keygen_test_parse(EVP_TEST *t,
4321 const char *keyword, const char *value)
4322 {
4323 KEYGEN_TEST_DATA *keygen = t->data;
4324
4325 if (strcmp(keyword, "KeyName") == 0)
4326 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
4327 if (strcmp(keyword, "KeyParam") == 0)
4328 return TEST_ptr(keygen->paramname = OPENSSL_strdup(value));
4329 if (strcmp(keyword, "Ctrl") == 0)
4330 return ctrladd(keygen->in_controls, value);
4331 if (strcmp(keyword, "CtrlOut") == 0)
4332 return ctrladd(keygen->out_controls, value);
4333 return 0;
4334 }
4335
4336 /* Iterate thru the key's expected values */
check_pkey_expected_values(EVP_TEST * t,const EVP_PKEY * pkey,STACK_OF (OPENSSL_STRING)* out_controls)4337 static int check_pkey_expected_values(EVP_TEST *t, const EVP_PKEY *pkey,
4338 STACK_OF(OPENSSL_STRING) *out_controls)
4339 {
4340 int ret = 0;
4341 OSSL_PARAM out_params[4], *p;
4342 size_t out_params_n = 0, len;
4343
4344 if (sk_OPENSSL_STRING_num(out_controls) > 0) {
4345
4346 if (!ctrl2params(t, out_controls,
4347 EVP_PKEY_gettable_params(pkey),
4348 out_params, OSSL_NELEM(out_params), &out_params_n))
4349 goto err;
4350 for (p = out_params; p->key != NULL; ++p) {
4351 if (p->data_type == OSSL_PARAM_OCTET_STRING) {
4352 uint8_t *data = OPENSSL_malloc(p->data_size);
4353
4354 if (data == NULL)
4355 goto err;
4356 ret = EVP_PKEY_get_octet_string_param(pkey, p->key, data,
4357 p->data_size, &len)
4358 && len == p->data_size
4359 && (TEST_mem_eq(p->data, len, data, len) == 1);
4360 OPENSSL_free(data);
4361 if (ret == 0) {
4362 TEST_error("Expected %s value is incorrect", p->key);
4363 goto err;
4364 }
4365 }
4366 }
4367 }
4368 ret = 1;
4369 err:
4370 ctrl2params_free(out_params, out_params_n, 0);
4371 return ret;
4372 }
4373
keygen_test_run(EVP_TEST * t)4374 static int keygen_test_run(EVP_TEST *t)
4375 {
4376 KEYGEN_TEST_DATA *keygen = t->data;
4377 EVP_PKEY *pkey = NULL, *keyparams = NULL;
4378 EVP_PKEY_CTX *genctx = NULL; /* Keygen context to use */
4379 int rv = 1;
4380 OSSL_PARAM_BLD *bld = NULL;
4381 OSSL_PARAM *params = NULL;
4382 size_t params_n = 0;
4383 int key_free = 1;
4384
4385 if (keygen->paramname != NULL) {
4386 rv = find_key(&keyparams, keygen->paramname, public_keys);
4387 if (rv == 0 || keyparams == NULL) {
4388 TEST_info("skipping, key '%s' is disabled", keygen->paramname);
4389 t->skip = 1;
4390 return 1;
4391 }
4392 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_pkey(libctx, keyparams,
4393 propquery)))
4394 goto err;
4395
4396 } else {
4397 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, keygen->alg,
4398 propquery)))
4399 goto err;
4400 }
4401
4402 if (EVP_PKEY_keygen_init(genctx) <= 0) {
4403 t->err = "KEYGEN_INIT_ERROR";
4404 goto err;
4405 }
4406
4407 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) {
4408 if ((params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4)) == NULL)
4409 goto err;
4410 if (!ctrl2params(t, keygen->in_controls,
4411 EVP_PKEY_CTX_settable_params(genctx),
4412 params, 4, ¶ms_n))
4413 goto err;
4414 if (!EVP_PKEY_CTX_set_params(genctx, params)) {
4415 t->err = "PKEY_CTRL_ERROR";
4416 goto err;
4417 }
4418 }
4419
4420 if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
4421 t->err = "KEYGEN_GENERATE_ERROR";
4422 goto err;
4423 }
4424
4425 if (!pkey_check_fips_approved(genctx, t)) {
4426 rv = 0;
4427 goto err;
4428 }
4429
4430 if (!evp_pkey_is_provided(pkey)) {
4431 TEST_info("Warning: legacy key generated %s", keygen->keyname);
4432 goto err;
4433 }
4434
4435 if (!check_pkey_expected_values(t, pkey, keygen->out_controls)) {
4436 t->err = "KEYGEN_PKEY_MISMATCH_ERROR";
4437 goto err;
4438 }
4439
4440 if (keygen->keyname != NULL) {
4441 KEY_LIST *key;
4442
4443 rv = 0;
4444 if (find_key(NULL, keygen->keyname, private_keys)) {
4445 TEST_info("Duplicate key %s", keygen->keyname);
4446 goto err;
4447 }
4448
4449 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
4450 goto err;
4451 key->name = keygen->keyname;
4452 keygen->keyname = NULL;
4453 key->key = pkey;
4454 key->next = private_keys;
4455 private_keys = key;
4456 rv = 1;
4457 key_free = 0;
4458 }
4459
4460 t->err = NULL;
4461 err:
4462 if (key_free) {
4463 EVP_PKEY_free(pkey);
4464 pkey = NULL;
4465 }
4466 EVP_PKEY_CTX_free(genctx);
4467 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0)
4468 ctrl2params_free(params, params_n, 0);
4469 OSSL_PARAM_free(params);
4470 OSSL_PARAM_BLD_free(bld);
4471 return rv;
4472 }
4473
4474 static const EVP_TEST_METHOD keygen_test_method = {
4475 "KeyGen",
4476 keygen_test_init,
4477 keygen_test_cleanup,
4478 keygen_test_parse,
4479 keygen_test_run,
4480 };
4481
4482 /**
4483 ** DIGEST SIGN+VERIFY TESTS
4484 **/
4485
4486 typedef struct {
4487 int is_verify; /* Set to 1 if verifying */
4488 int is_oneshot; /* Set to 1 for one shot operation */
4489 const EVP_MD *md; /* Digest to use */
4490 EVP_MD_CTX *ctx; /* Digest context */
4491 EVP_PKEY_CTX *pctx;
4492 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
4493 unsigned char *osin; /* Input data if one shot */
4494 size_t osin_len; /* Input length data if one shot */
4495 unsigned char *output; /* Expected output */
4496 size_t output_len; /* Expected output length */
4497 int deterministic_noncetype;
4498 EVP_PKEY *key;
4499 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */
4500 STACK_OF(OPENSSL_STRING) *controls; /* Collection of controls */
4501 } DIGESTSIGN_DATA;
4502
digestsigver_test_init(EVP_TEST * t,const char * alg,int is_verify,int is_oneshot)4503 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
4504 int is_oneshot)
4505 {
4506 const EVP_MD *md = NULL;
4507 DIGESTSIGN_DATA *mdat;
4508
4509 if (strcmp(alg, "NULL") != 0) {
4510 if (is_digest_disabled(alg)) {
4511 t->skip = 1;
4512 return 1;
4513 }
4514 md = EVP_get_digestbyname(alg);
4515 if (md == NULL)
4516 return 0;
4517 }
4518 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
4519 return 0;
4520 mdat->init_controls = sk_OPENSSL_STRING_new_null();
4521 mdat->controls = sk_OPENSSL_STRING_new_null();
4522 mdat->md = md;
4523 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
4524 OPENSSL_free(mdat);
4525 return 0;
4526 }
4527 mdat->is_verify = is_verify;
4528 mdat->is_oneshot = is_oneshot;
4529 t->data = mdat;
4530 return 1;
4531 }
4532
digestsign_test_init(EVP_TEST * t,const char * alg)4533 static int digestsign_test_init(EVP_TEST *t, const char *alg)
4534 {
4535 return digestsigver_test_init(t, alg, 0, 0);
4536 }
4537
digestsigver_test_cleanup(EVP_TEST * t)4538 static void digestsigver_test_cleanup(EVP_TEST *t)
4539 {
4540 DIGESTSIGN_DATA *mdata = t->data;
4541
4542 ctrlfree(mdata->init_controls);
4543 ctrlfree(mdata->controls);
4544 EVP_MD_CTX_free(mdata->ctx);
4545 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
4546 OPENSSL_free(mdata->osin);
4547 OPENSSL_free(mdata->output);
4548 OPENSSL_free(mdata);
4549 t->data = NULL;
4550 }
4551
digestsigver_test_parse(EVP_TEST * t,const char * keyword,const char * value)4552 static int digestsigver_test_parse(EVP_TEST *t,
4553 const char *keyword, const char *value)
4554 {
4555 DIGESTSIGN_DATA *mdata = t->data;
4556
4557 if (strcmp(keyword, "Key") == 0) {
4558 EVP_PKEY *pkey = NULL;
4559 int rv = 0;
4560
4561 if (mdata->is_verify)
4562 rv = find_key(&pkey, value, public_keys);
4563 if (rv == 0)
4564 rv = find_key(&pkey, value, private_keys);
4565 if (rv == 0 || pkey == NULL) {
4566 t->skip = 1;
4567 return 1;
4568 }
4569 mdata->key = pkey;
4570 return 1;
4571 }
4572
4573 if (strcmp(keyword, "Input") == 0) {
4574 if (mdata->is_oneshot)
4575 return parse_bin(value, &mdata->osin, &mdata->osin_len);
4576 return evp_test_buffer_append(value, data_chunk_size, &mdata->input);
4577 }
4578 if (strcmp(keyword, "Output") == 0)
4579 return parse_bin(value, &mdata->output, &mdata->output_len);
4580
4581 if (!mdata->is_oneshot && data_chunk_size == 0) {
4582 if (strcmp(keyword, "Count") == 0)
4583 return evp_test_buffer_set_count(value, mdata->input);
4584 if (strcmp(keyword, "Ncopy") == 0)
4585 return evp_test_buffer_ncopy(value, mdata->input);
4586 }
4587 if (strcmp(keyword, "Ctrl") == 0)
4588 return pkey_add_control(t, mdata->controls, value);
4589 if (strcmp(keyword, "CtrlInit") == 0)
4590 return ctrladd(mdata->init_controls, value);
4591 if (strcmp(keyword, "NonceType") == 0) {
4592 if (strcmp(value, "deterministic") == 0)
4593 mdata->deterministic_noncetype = 1;
4594 return 1;
4595 }
4596 return 0;
4597 }
4598
check_deterministic_noncetype(EVP_TEST * t,DIGESTSIGN_DATA * mdata)4599 static int check_deterministic_noncetype(EVP_TEST *t,
4600 DIGESTSIGN_DATA *mdata)
4601 {
4602 if (mdata->deterministic_noncetype == 1) {
4603 OSSL_PARAM params[2];
4604 unsigned int nonce_type = 1;
4605
4606 params[0] =
4607 OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE,
4608 &nonce_type);
4609 params[1] = OSSL_PARAM_construct_end();
4610 if (!EVP_PKEY_CTX_set_params(mdata->pctx, params))
4611 t->err = "EVP_PKEY_CTX_set_params_ERROR";
4612 else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params))
4613 t->err = "EVP_PKEY_CTX_get_params_ERROR";
4614 else if (!OSSL_PARAM_modified(¶ms[0]))
4615 t->err = "nonce_type_not_modified_ERROR";
4616 else if (nonce_type != 1)
4617 t->err = "nonce_type_value_ERROR";
4618 }
4619 return t->err == NULL;
4620 }
4621
signverify_init(EVP_TEST * t,DIGESTSIGN_DATA * data)4622 static int signverify_init(EVP_TEST *t, DIGESTSIGN_DATA *data)
4623 {
4624 const char *name = data->md == NULL ? NULL : EVP_MD_get0_name(data->md);
4625 OSSL_PARAM params[5];
4626 OSSL_PARAM *p = NULL;
4627 int i, ret = 0;
4628 size_t params_n = 0, params_allocated_n = 0;
4629
4630 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) {
4631 if (!ctrl2params(t, data->init_controls,
4632 NULL,
4633 params, OSSL_NELEM(params), ¶ms_n))
4634 goto err;
4635 p = params;
4636 }
4637
4638 if (data->is_verify) {
4639 if (!EVP_DigestVerifyInit_ex(data->ctx, &data->pctx, name, libctx,
4640 NULL, data->key, p)) {
4641 t->err = "DIGESTVERIFYINIT_ERROR";
4642 goto err;
4643 }
4644 } else {
4645 if (!EVP_DigestSignInit_ex(data->ctx, &data->pctx, name, libctx, NULL,
4646 data->key, p)) {
4647 t->err = "DIGESTSIGNINIT_ERROR";
4648 goto err;
4649 }
4650 }
4651
4652 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) {
4653 char *value = sk_OPENSSL_STRING_value(data->controls, i);
4654
4655 if (!pkey_test_ctrl(t, data->pctx, value) || t->err != NULL)
4656 goto err;
4657 }
4658 ret = 1;
4659 err:
4660 ctrl2params_free(params, params_n, params_allocated_n);
4661 return ret;
4662 }
4663
digestsign_update_fn(void * ctx,const unsigned char * buf,size_t buflen)4664 static int digestsign_update_fn(void *ctx, const unsigned char *buf,
4665 size_t buflen)
4666 {
4667 return EVP_DigestSignUpdate(ctx, buf, buflen);
4668 }
4669
digestsign_test_run(EVP_TEST * t)4670 static int digestsign_test_run(EVP_TEST *t)
4671 {
4672 int i;
4673 DIGESTSIGN_DATA *expected = t->data;
4674 unsigned char *got = NULL;
4675 size_t got_len;
4676
4677 if (!signverify_init(t, expected))
4678 goto err;
4679 if (!check_deterministic_noncetype(t, expected))
4680 goto err;
4681
4682 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
4683 char *value = sk_OPENSSL_STRING_value(expected->controls, i);
4684 if (!pkey_test_ctrl(t, expected->pctx, value) || t->err != NULL)
4685 return 0;
4686 }
4687
4688 if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
4689 expected->ctx)) {
4690 t->err = "DIGESTUPDATE_ERROR";
4691 goto err;
4692 }
4693
4694 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
4695 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
4696 goto err;
4697 }
4698 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
4699 t->err = "MALLOC_FAILURE";
4700 goto err;
4701 }
4702 got_len *= 2;
4703 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
4704 t->err = "DIGESTSIGNFINAL_ERROR";
4705 goto err;
4706 }
4707 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
4708 expected->output, expected->output_len,
4709 got, got_len))
4710 goto err;
4711
4712 t->err = NULL;
4713 err:
4714 OPENSSL_free(got);
4715 return 1;
4716 }
4717
4718 static const EVP_TEST_METHOD digestsign_test_method = {
4719 "DigestSign",
4720 digestsign_test_init,
4721 digestsigver_test_cleanup,
4722 digestsigver_test_parse,
4723 digestsign_test_run
4724 };
4725
digestverify_test_init(EVP_TEST * t,const char * alg)4726 static int digestverify_test_init(EVP_TEST *t, const char *alg)
4727 {
4728 return digestsigver_test_init(t, alg, 1, 0);
4729 }
4730
digestverify_update_fn(void * ctx,const unsigned char * buf,size_t buflen)4731 static int digestverify_update_fn(void *ctx, const unsigned char *buf,
4732 size_t buflen)
4733 {
4734 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
4735 }
4736
digestverify_test_run(EVP_TEST * t)4737 static int digestverify_test_run(EVP_TEST *t)
4738 {
4739 DIGESTSIGN_DATA *mdata = t->data;
4740
4741 if (!signverify_init(t, mdata))
4742 return 1;
4743
4744 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
4745 t->err = "DIGESTUPDATE_ERROR";
4746 return 1;
4747 }
4748
4749 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
4750 mdata->output_len) <= 0)
4751 t->err = "VERIFY_ERROR";
4752 return 1;
4753 }
4754
4755 static const EVP_TEST_METHOD digestverify_test_method = {
4756 "DigestVerify",
4757 digestverify_test_init,
4758 digestsigver_test_cleanup,
4759 digestsigver_test_parse,
4760 digestverify_test_run
4761 };
4762
oneshot_digestsign_test_init(EVP_TEST * t,const char * alg)4763 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
4764 {
4765 return digestsigver_test_init(t, alg, 0, 1);
4766 }
4767
oneshot_digestsign_test_run(EVP_TEST * t)4768 static int oneshot_digestsign_test_run(EVP_TEST *t)
4769 {
4770 DIGESTSIGN_DATA *expected = t->data;
4771 unsigned char *got = NULL;
4772 size_t got_len;
4773
4774 if (!signverify_init(t, expected))
4775 goto err;
4776
4777 if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
4778 expected->osin, expected->osin_len)) {
4779 t->err = "DIGESTSIGN_LENGTH_ERROR";
4780 goto err;
4781 }
4782 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
4783 t->err = "MALLOC_FAILURE";
4784 goto err;
4785 }
4786 got_len *= 2;
4787 if (!EVP_DigestSign(expected->ctx, got, &got_len,
4788 expected->osin, expected->osin_len)) {
4789 t->err = "DIGESTSIGN_ERROR";
4790 goto err;
4791 }
4792 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
4793 expected->output, expected->output_len,
4794 got, got_len))
4795 goto err;
4796
4797 t->err = NULL;
4798 err:
4799 OPENSSL_free(got);
4800 return 1;
4801 }
4802
4803 static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
4804 "OneShotDigestSign",
4805 oneshot_digestsign_test_init,
4806 digestsigver_test_cleanup,
4807 digestsigver_test_parse,
4808 oneshot_digestsign_test_run
4809 };
4810
oneshot_digestverify_test_init(EVP_TEST * t,const char * alg)4811 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
4812 {
4813 return digestsigver_test_init(t, alg, 1, 1);
4814 }
4815
oneshot_digestverify_test_run(EVP_TEST * t)4816 static int oneshot_digestverify_test_run(EVP_TEST *t)
4817 {
4818 DIGESTSIGN_DATA *mdata = t->data;
4819
4820 if (!signverify_init(t, mdata))
4821 return 1;
4822
4823 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
4824 mdata->osin, mdata->osin_len) <= 0)
4825 t->err = "VERIFY_ERROR";
4826 return 1;
4827 }
4828
4829 static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
4830 "OneShotDigestVerify",
4831 oneshot_digestverify_test_init,
4832 digestsigver_test_cleanup,
4833 digestsigver_test_parse,
4834 oneshot_digestverify_test_run
4835 };
4836
4837
4838 /**
4839 ** PARSING AND DISPATCH
4840 **/
4841
4842 static const EVP_TEST_METHOD *evp_test_list[] = {
4843 &rand_test_method,
4844 &cipher_test_method,
4845 &digest_test_method,
4846 &digestsign_test_method,
4847 &digestverify_test_method,
4848 &encode_test_method,
4849 &kdf_test_method,
4850 &pkey_kdf_test_method,
4851 &keypair_test_method,
4852 &keygen_test_method,
4853 &mac_test_method,
4854 &oneshot_digestsign_test_method,
4855 &oneshot_digestverify_test_method,
4856 &pbe_test_method,
4857 &pdecrypt_test_method,
4858 &pderive_test_method,
4859 &psign_test_method,
4860 &psign_message_test_method,
4861 &pverify_recover_test_method,
4862 &pverify_test_method,
4863 &pverify_message_test_method,
4864 &pverify_message_public_test_method,
4865 &pkey_kem_test_method,
4866 &pkey_fromdata_test_method,
4867 NULL
4868 };
4869
find_test(const char * name)4870 static const EVP_TEST_METHOD *find_test(const char *name)
4871 {
4872 const EVP_TEST_METHOD **tt;
4873
4874 for (tt = evp_test_list; *tt; tt++) {
4875 if (strcmp(name, (*tt)->name) == 0)
4876 return *tt;
4877 }
4878 return NULL;
4879 }
4880
clear_test(EVP_TEST * t)4881 static void clear_test(EVP_TEST *t)
4882 {
4883 test_clearstanza(&t->s);
4884 ERR_clear_error();
4885 if (t->data != NULL) {
4886 if (t->meth != NULL)
4887 t->meth->cleanup(t);
4888 OPENSSL_free(t->data);
4889 t->data = NULL;
4890 }
4891 OPENSSL_free(t->expected_err);
4892 t->expected_err = NULL;
4893 OPENSSL_free(t->reason);
4894 t->reason = NULL;
4895
4896 /* Text literal. */
4897 t->err = NULL;
4898 t->skip = 0;
4899 t->meth = NULL;
4900 t->expect_unapproved = 0;
4901
4902 #if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
4903 OSSL_set_max_threads(libctx, 0);
4904 #endif
4905 }
4906
4907 /* Check for errors in the test structure; return 1 if okay, else 0. */
check_test_error(EVP_TEST * t)4908 static int check_test_error(EVP_TEST *t)
4909 {
4910 unsigned long err;
4911 const char *reason;
4912
4913 if (t->err == NULL && t->expected_err == NULL)
4914 return 1;
4915 if (t->err != NULL && t->expected_err == NULL) {
4916 if (t->aux_err != NULL) {
4917 TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
4918 t->s.test_file, t->s.start, t->aux_err, t->err);
4919 } else {
4920 TEST_info("%s:%d: Source of above error; unexpected error %s",
4921 t->s.test_file, t->s.start, t->err);
4922 }
4923 return 0;
4924 }
4925 if (t->err == NULL && t->expected_err != NULL) {
4926 TEST_info("%s:%d: Succeeded but was expecting %s",
4927 t->s.test_file, t->s.start, t->expected_err);
4928 return 0;
4929 }
4930
4931 if (strcmp(t->err, t->expected_err) != 0) {
4932 TEST_info("%s:%d: Expected %s got %s",
4933 t->s.test_file, t->s.start, t->expected_err, t->err);
4934 return 0;
4935 }
4936
4937 if (t->reason == NULL)
4938 return 1;
4939
4940 if (t->reason == NULL) {
4941 TEST_info("%s:%d: Test is missing function or reason code",
4942 t->s.test_file, t->s.start);
4943 return 0;
4944 }
4945
4946 err = ERR_peek_error();
4947 if (err == 0) {
4948 TEST_info("%s:%d: Expected error \"%s\" not set",
4949 t->s.test_file, t->s.start, t->reason);
4950 return 0;
4951 }
4952
4953 reason = ERR_reason_error_string(err);
4954 if (reason == NULL) {
4955 TEST_info("%s:%d: Expected error \"%s\", no strings available."
4956 " Assuming ok.",
4957 t->s.test_file, t->s.start, t->reason);
4958 return 1;
4959 }
4960
4961 if (strcmp(reason, t->reason) == 0)
4962 return 1;
4963
4964 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
4965 t->s.test_file, t->s.start, t->reason, reason);
4966
4967 return 0;
4968 }
4969
4970 /* Run a parsed test. Log a message and return 0 on error. */
run_test(EVP_TEST * t)4971 static int run_test(EVP_TEST *t)
4972 {
4973 if (t->meth == NULL)
4974 return 1;
4975 t->s.numtests++;
4976 if (t->skip) {
4977 t->s.numskip++;
4978 } else {
4979 /* run the test */
4980 if (t->err == NULL && t->meth->run_test(t) != 1) {
4981 TEST_info("%s:%d %s error",
4982 t->s.test_file, t->s.start, t->meth->name);
4983 return 0;
4984 }
4985 if (!check_test_error(t)) {
4986 TEST_openssl_errors();
4987 t->s.errors++;
4988 }
4989 }
4990
4991 /* clean it up */
4992 return 1;
4993 }
4994
find_key(EVP_PKEY ** ppk,const char * name,KEY_LIST * lst)4995 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
4996 {
4997 for (; lst != NULL; lst = lst->next) {
4998 if (strcmp(lst->name, name) == 0) {
4999 if (ppk != NULL)
5000 *ppk = lst->key;
5001 return 1;
5002 }
5003 }
5004 return 0;
5005 }
5006
free_key_list(KEY_LIST * lst)5007 static void free_key_list(KEY_LIST *lst)
5008 {
5009 while (lst != NULL) {
5010 KEY_LIST *next = lst->next;
5011
5012 EVP_PKEY_free(lst->key);
5013 OPENSSL_free(lst->name);
5014 OPENSSL_free(lst);
5015 lst = next;
5016 }
5017 }
5018
5019 /*
5020 * Is the key type an unsupported algorithm?
5021 */
key_unsupported(void)5022 static int key_unsupported(void)
5023 {
5024 long err = ERR_peek_last_error();
5025 int lib = ERR_GET_LIB(err);
5026 long reason = ERR_GET_REASON(err);
5027
5028 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
5029 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
5030 || reason == ERR_R_UNSUPPORTED) {
5031 ERR_clear_error();
5032 return 1;
5033 }
5034 #ifndef OPENSSL_NO_EC
5035 /*
5036 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
5037 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
5038 * disabled).
5039 */
5040 if (lib == ERR_LIB_EC
5041 && (reason == EC_R_UNKNOWN_GROUP
5042 || reason == EC_R_INVALID_CURVE)) {
5043 ERR_clear_error();
5044 return 1;
5045 }
5046 #endif /* OPENSSL_NO_EC */
5047 return 0;
5048 }
5049
5050 /* NULL out the value from |pp| but return it. This "steals" a pointer. */
take_value(PAIR * pp)5051 static char *take_value(PAIR *pp)
5052 {
5053 char *p = pp->value;
5054
5055 pp->value = NULL;
5056 return p;
5057 }
5058
5059 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
securitycheck_enabled(void)5060 static int securitycheck_enabled(void)
5061 {
5062 static int enabled = -1;
5063
5064 if (enabled == -1) {
5065 if (OSSL_PROVIDER_available(libctx, "fips")) {
5066 OSSL_PARAM params[2];
5067 OSSL_PROVIDER *prov = NULL;
5068 int check = 1;
5069
5070 prov = OSSL_PROVIDER_load(libctx, "fips");
5071 if (prov != NULL) {
5072 params[0] =
5073 OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
5074 &check);
5075 params[1] = OSSL_PARAM_construct_end();
5076 OSSL_PROVIDER_get_params(prov, params);
5077 OSSL_PROVIDER_unload(prov);
5078 }
5079 enabled = check;
5080 return enabled;
5081 }
5082 enabled = 0;
5083 }
5084 return enabled;
5085 }
5086 #endif
5087
5088 /*
5089 * Return 1 if one of the providers named in the string is available.
5090 * The provider names are separated with whitespace.
5091 * NOTE: destructive function, it inserts '\0' after each provider name.
5092 */
prov_available(char * providers)5093 static int prov_available(char *providers)
5094 {
5095 char *p;
5096 int more = 1;
5097
5098 while (more) {
5099 for (; isspace((unsigned char)(*providers)); providers++)
5100 continue;
5101 if (*providers == '\0')
5102 break; /* End of the road */
5103 for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++)
5104 continue;
5105 if (*p == '\0')
5106 more = 0;
5107 else
5108 *p = '\0';
5109 if (OSSL_PROVIDER_available(libctx, providers))
5110 return 1; /* Found one */
5111 }
5112 return 0;
5113 }
5114
5115 /* Read and parse one test. Return 0 if failure, 1 if okay. */
parse(EVP_TEST * t)5116 static int parse(EVP_TEST *t)
5117 {
5118 KEY_LIST *key, **klist;
5119 EVP_PKEY *pkey;
5120 PAIR *pp;
5121 int i, j, skipped = 0;
5122
5123 fips_indicator_callback_unapproved_count = 0;
5124 top:
5125 do {
5126 if (BIO_eof(t->s.fp))
5127 return EOF;
5128 clear_test(t);
5129 if (!test_readstanza(&t->s))
5130 return 0;
5131 } while (t->s.numpairs == 0);
5132 pp = &t->s.pairs[0];
5133
5134 /* Are we adding a key? */
5135 klist = NULL;
5136 pkey = NULL;
5137 start:
5138 if (strcmp(pp->key, "PrivateKey") == 0) {
5139 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
5140 if (pkey == NULL && !key_unsupported()) {
5141 EVP_PKEY_free(pkey);
5142 TEST_info("Can't read private key %s", pp->value);
5143 TEST_openssl_errors();
5144 return 0;
5145 }
5146 klist = &private_keys;
5147 } else if (strcmp(pp->key, "PublicKey") == 0) {
5148 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
5149 if (pkey == NULL && !key_unsupported()) {
5150 EVP_PKEY_free(pkey);
5151 TEST_info("Can't read public key %s", pp->value);
5152 TEST_openssl_errors();
5153 return 0;
5154 }
5155 klist = &public_keys;
5156 } else if (strcmp(pp->key, "ParamKey") == 0) {
5157 pkey = PEM_read_bio_Parameters_ex(t->s.key, NULL, libctx, NULL);
5158 if (pkey == NULL && !key_unsupported()) {
5159 EVP_PKEY_free(pkey);
5160 TEST_info("Can't read params key %s", pp->value);
5161 TEST_openssl_errors();
5162 return 0;
5163 }
5164 klist = &public_keys;
5165 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
5166 || strcmp(pp->key, "PublicKeyRaw") == 0) {
5167 char *strnid = NULL, *keydata = NULL;
5168 unsigned char *keybin;
5169 size_t keylen;
5170 int nid;
5171
5172 if (strcmp(pp->key, "PrivateKeyRaw") == 0)
5173 klist = &private_keys;
5174 else
5175 klist = &public_keys;
5176
5177 strnid = strchr(pp->value, ':');
5178 if (strnid != NULL) {
5179 *strnid++ = '\0';
5180 keydata = strchr(strnid, ':');
5181 if (keydata != NULL)
5182 *keydata++ = '\0';
5183 }
5184 if (keydata == NULL) {
5185 TEST_info("Failed to parse %s value", pp->key);
5186 return 0;
5187 }
5188
5189 nid = OBJ_txt2nid(strnid);
5190 if (nid == NID_undef) {
5191 TEST_info("Unrecognised algorithm NID");
5192 return 0;
5193 }
5194 if (!parse_bin(keydata, &keybin, &keylen)) {
5195 TEST_info("Failed to create binary key");
5196 return 0;
5197 }
5198 if (klist == &private_keys)
5199 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
5200 keylen);
5201 else
5202 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
5203 keylen);
5204 if (pkey == NULL && !key_unsupported()) {
5205 TEST_info("Can't read %s data", pp->key);
5206 OPENSSL_free(keybin);
5207 TEST_openssl_errors();
5208 return 0;
5209 }
5210 OPENSSL_free(keybin);
5211 } else if (strcmp(pp->key, "Availablein") == 0) {
5212 if (!prov_available(pp->value)) {
5213 TEST_info("skipping, '%s' provider not available: %s:%d",
5214 pp->value, t->s.test_file, t->s.start);
5215 t->skip = 1;
5216 return 0;
5217 }
5218 skipped++;
5219 pp++;
5220 goto start;
5221 } else if (strcmp(pp->key, "FIPSversion") == 0) {
5222 if (prov_available("fips")) {
5223 j = fips_provider_version_match(libctx, pp->value);
5224 if (j < 0) {
5225 TEST_info("Line %d: error matching FIPS versions\n", t->s.curr);
5226 return 0;
5227 } else if (j == 0) {
5228 TEST_info("skipping, FIPS provider incompatible version: %s:%d",
5229 t->s.test_file, t->s.start);
5230 t->skip = 1;
5231 return 0;
5232 }
5233 }
5234 skipped++;
5235 pp++;
5236 goto start;
5237 }
5238
5239 /* If we have a key add to list */
5240 if (klist != NULL) {
5241 if (find_key(NULL, pp->value, *klist)) {
5242 TEST_info("Duplicate key %s", pp->value);
5243 return 0;
5244 }
5245 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
5246 return 0;
5247 key->name = take_value(pp);
5248 key->key = pkey;
5249 key->next = *klist;
5250 *klist = key;
5251
5252 /* Go back and start a new stanza. */
5253 if ((t->s.numpairs - skipped) != 1)
5254 TEST_info("Line %d: missing blank line\n", t->s.curr);
5255 goto top;
5256 }
5257
5258 /* Find the test, based on first keyword. */
5259 if (!TEST_ptr(t->meth = find_test(pp->key)))
5260 return 0;
5261 if (!t->meth->init(t, pp->value)) {
5262 TEST_error("unknown %s: %s\n", pp->key, pp->value);
5263 return 0;
5264 }
5265 if (t->skip == 1) {
5266 /* TEST_info("skipping %s %s", pp->key, pp->value); */
5267 return 0;
5268 }
5269
5270 for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) {
5271 if (strcmp(pp->key, "Securitycheck") == 0) {
5272 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
5273 #else
5274 if (!securitycheck_enabled())
5275 #endif
5276 {
5277 TEST_info("skipping, Securitycheck is disabled: %s:%d",
5278 t->s.test_file, t->s.start);
5279 t->skip = 1;
5280 return 0;
5281 }
5282 } else if (strcmp(pp->key, "Availablein") == 0) {
5283 TEST_info("Line %d: 'Availablein' should be the first option",
5284 t->s.curr);
5285 return 0;
5286 } else if (strcmp(pp->key, "Result") == 0) {
5287 if (t->expected_err != NULL) {
5288 TEST_info("Line %d: multiple result lines", t->s.curr);
5289 return 0;
5290 }
5291 t->expected_err = take_value(pp);
5292 } else if (strcmp(pp->key, "Function") == 0) {
5293 /* Ignore old line. */
5294 } else if (strcmp(pp->key, "Reason") == 0) {
5295 if (t->reason != NULL) {
5296 TEST_info("Line %d: multiple reason lines", t->s.curr);
5297 return 0;
5298 }
5299 t->reason = take_value(pp);
5300 } else if (strcmp(pp->key, "Threads") == 0) {
5301 if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) {
5302 TEST_info("skipping, '%s' threads not available: %s:%d",
5303 pp->value, t->s.test_file, t->s.start);
5304 t->skip = 1;
5305 }
5306 } else if (strcmp(pp->key, "Unapproved") == 0) {
5307 t->expect_unapproved = 1;
5308 } else if (strcmp(pp->key, "Extended-Test") == 0) {
5309 if (!extended_tests) {
5310 TEST_info("skipping extended test: %s:%d",
5311 t->s.test_file, t->s.start);
5312 t->skip = 1;
5313 }
5314 } else {
5315 /* Must be test specific line: try to parse it */
5316 int rv = t->meth->parse(t, pp->key, pp->value);
5317
5318 if (rv == 0) {
5319 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
5320 return 0;
5321 }
5322 if (rv < 0) {
5323 TEST_info("Line %d: error processing keyword %s = %s\n",
5324 t->s.curr, pp->key, pp->value);
5325 return 0;
5326 }
5327 if (t->skip)
5328 return 0;
5329 }
5330 }
5331
5332 return 1;
5333 }
5334
run_file_tests(int i)5335 static int run_file_tests(int i)
5336 {
5337 EVP_TEST *t;
5338 const char *testfile = test_get_argument(i);
5339 int c;
5340
5341 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
5342 return 0;
5343 if (!test_start_file(&t->s, testfile)) {
5344 OPENSSL_free(t);
5345 return 0;
5346 }
5347
5348 OSSL_INDICATOR_set_callback(libctx, fips_indicator_cb);
5349 while (!BIO_eof(t->s.fp)) {
5350 c = parse(t);
5351 if (t->skip) {
5352 t->s.numskip++;
5353 continue;
5354 }
5355 if (c == 0 || !run_test(t)) {
5356 t->s.errors++;
5357 break;
5358 }
5359 }
5360 test_end_file(&t->s);
5361 clear_test(t);
5362
5363 free_key_list(public_keys);
5364 public_keys = NULL;
5365 free_key_list(private_keys);
5366 private_keys = NULL;
5367 BIO_free(t->s.key);
5368 c = t->s.errors;
5369 OPENSSL_free(t);
5370 return c == 0;
5371 }
5372
test_get_options(void)5373 const OPTIONS *test_get_options(void)
5374 {
5375 static const OPTIONS test_options[] = {
5376 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
5377 { "config", OPT_CONFIG_FILE, '<',
5378 "The configuration file to use for the libctx" },
5379 { "process", OPT_IN_PLACE, 's',
5380 "Mode for data processing by cipher tests [in_place/both], both by default"},
5381 { "provider", OPT_PROVIDER_NAME, 's',
5382 "The provider to load (when no configuration file, the default value is 'default')" },
5383 { "propquery", OPT_PROV_PROPQUERY, 's',
5384 "Property query used when fetching algorithms" },
5385 { "chunk", OPT_DATA_CHUNK, 'N', "Size of data chunks to be processed, 0 for default size"},
5386 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
5387 { NULL }
5388 };
5389 return test_options;
5390 }
5391
setup_tests(void)5392 int setup_tests(void)
5393 {
5394 size_t n;
5395 char *config_file = NULL;
5396 char *provider_name = NULL;
5397
5398 OPTION_CHOICE o;
5399
5400 extended_tests = getenv("EVP_TEST_EXTENDED") != NULL;
5401
5402 while ((o = opt_next()) != OPT_EOF) {
5403 switch (o) {
5404 case OPT_CONFIG_FILE:
5405 config_file = opt_arg();
5406 break;
5407 case OPT_IN_PLACE:
5408 if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1)
5409 case OPT_DATA_CHUNK:
5410 if (!opt_int(opt_arg(), &data_chunk_size))
5411 return 0;
5412 break;
5413 case OPT_PROVIDER_NAME:
5414 provider_name = opt_arg();
5415 break;
5416 case OPT_PROV_PROPQUERY:
5417 propquery = opt_arg();
5418 break;
5419 case OPT_TEST_CASES:
5420 break;
5421 default:
5422 case OPT_ERR:
5423 return 0;
5424 }
5425 }
5426
5427 /*
5428 * Load the provider via configuration into the created library context.
5429 * Load the 'null' provider into the default library context to ensure that
5430 * the tests do not fallback to using the default provider.
5431 */
5432 if (config_file == NULL && provider_name == NULL)
5433 provider_name = "default";
5434 if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name))
5435 return 0;
5436
5437 n = test_get_argument_count();
5438 if (n == 0)
5439 return 0;
5440
5441 ADD_ALL_TESTS(run_file_tests, n);
5442 return 1;
5443 }
5444
cleanup_tests(void)5445 void cleanup_tests(void)
5446 {
5447 OSSL_PROVIDER_unload(libprov);
5448 OSSL_PROVIDER_unload(prov_null);
5449 OSSL_LIB_CTX_free(libctx);
5450 }
5451
is_digest_disabled(const char * name)5452 static int is_digest_disabled(const char *name)
5453 {
5454 #ifdef OPENSSL_NO_BLAKE2
5455 if (HAS_CASE_PREFIX(name, "BLAKE"))
5456 return 1;
5457 #endif
5458 #ifdef OPENSSL_NO_MD2
5459 if (OPENSSL_strcasecmp(name, "MD2") == 0)
5460 return 1;
5461 #endif
5462 #ifdef OPENSSL_NO_MDC2
5463 if (OPENSSL_strcasecmp(name, "MDC2") == 0)
5464 return 1;
5465 #endif
5466 #ifdef OPENSSL_NO_MD4
5467 if (OPENSSL_strcasecmp(name, "MD4") == 0)
5468 return 1;
5469 #endif
5470 #ifdef OPENSSL_NO_MD5
5471 if (OPENSSL_strcasecmp(name, "MD5") == 0)
5472 return 1;
5473 #endif
5474 #ifdef OPENSSL_NO_RMD160
5475 if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
5476 return 1;
5477 #endif
5478 #ifdef OPENSSL_NO_SM3
5479 if (OPENSSL_strcasecmp(name, "SM3") == 0)
5480 return 1;
5481 #endif
5482 #ifdef OPENSSL_NO_WHIRLPOOL
5483 if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
5484 return 1;
5485 #endif
5486 return 0;
5487 }
5488
is_pkey_disabled(const char * name)5489 static int is_pkey_disabled(const char *name)
5490 {
5491 #ifdef OPENSSL_NO_EC
5492 if (HAS_CASE_PREFIX(name, "EC"))
5493 return 1;
5494 #endif
5495 #ifdef OPENSSL_NO_DH
5496 if (HAS_CASE_PREFIX(name, "DH"))
5497 return 1;
5498 #endif
5499 #ifdef OPENSSL_NO_DSA
5500 if (HAS_CASE_PREFIX(name, "DSA"))
5501 return 1;
5502 #endif
5503 #ifdef OPENSSL_NO_SM2
5504 if (HAS_CASE_PREFIX(name, "SM2"))
5505 return 1;
5506 #endif
5507
5508 /* For sigalgs we use, we also check for digest suffixes */
5509 #ifdef OPENSSL_NO_RMD160
5510 if (HAS_CASE_SUFFIX(name, "-RIPEMD160"))
5511 return 1;
5512 #endif
5513 #ifdef OPENSSL_NO_SM3
5514 if (HAS_CASE_SUFFIX(name, "-SM3"))
5515 return 1;
5516 #endif
5517 #ifdef OPENSSL_NO_ML_DSA
5518 if (HAS_CASE_PREFIX(name, "ML-DSA"))
5519 return 1;
5520 #endif
5521 return 0;
5522 }
5523
is_mac_disabled(const char * name)5524 static int is_mac_disabled(const char *name)
5525 {
5526 #ifdef OPENSSL_NO_BLAKE2
5527 if (HAS_CASE_PREFIX(name, "BLAKE2BMAC")
5528 || HAS_CASE_PREFIX(name, "BLAKE2SMAC"))
5529 return 1;
5530 #endif
5531 #ifdef OPENSSL_NO_CMAC
5532 if (HAS_CASE_PREFIX(name, "CMAC"))
5533 return 1;
5534 #endif
5535 #ifdef OPENSSL_NO_POLY1305
5536 if (HAS_CASE_PREFIX(name, "Poly1305"))
5537 return 1;
5538 #endif
5539 #ifdef OPENSSL_NO_SIPHASH
5540 if (HAS_CASE_PREFIX(name, "SipHash"))
5541 return 1;
5542 #endif
5543 return 0;
5544 }
is_kdf_disabled(const char * name)5545 static int is_kdf_disabled(const char *name)
5546 {
5547 #ifdef OPENSSL_NO_SCRYPT
5548 if (HAS_CASE_SUFFIX(name, "SCRYPT"))
5549 return 1;
5550 #endif
5551 #ifdef OPENSSL_NO_ARGON2
5552 if (HAS_CASE_SUFFIX(name, "ARGON2"))
5553 return 1;
5554 #endif
5555 return 0;
5556 }
5557
is_cipher_disabled(const char * name)5558 static int is_cipher_disabled(const char *name)
5559 {
5560 #ifdef OPENSSL_NO_ARIA
5561 if (HAS_CASE_PREFIX(name, "ARIA"))
5562 return 1;
5563 #endif
5564 #ifdef OPENSSL_NO_BF
5565 if (HAS_CASE_PREFIX(name, "BF"))
5566 return 1;
5567 #endif
5568 #ifdef OPENSSL_NO_CAMELLIA
5569 if (HAS_CASE_PREFIX(name, "CAMELLIA"))
5570 return 1;
5571 #endif
5572 #ifdef OPENSSL_NO_CAST
5573 if (HAS_CASE_PREFIX(name, "CAST"))
5574 return 1;
5575 #endif
5576 #ifdef OPENSSL_NO_CHACHA
5577 if (HAS_CASE_PREFIX(name, "CHACHA"))
5578 return 1;
5579 #endif
5580 #ifdef OPENSSL_NO_POLY1305
5581 if (HAS_CASE_SUFFIX(name, "Poly1305"))
5582 return 1;
5583 #endif
5584 #ifdef OPENSSL_NO_DES
5585 if (HAS_CASE_PREFIX(name, "DES"))
5586 return 1;
5587 if (HAS_CASE_SUFFIX(name, "3DESwrap"))
5588 return 1;
5589 #endif
5590 #ifdef OPENSSL_NO_OCB
5591 if (HAS_CASE_SUFFIX(name, "OCB"))
5592 return 1;
5593 #endif
5594 #ifdef OPENSSL_NO_IDEA
5595 if (HAS_CASE_PREFIX(name, "IDEA"))
5596 return 1;
5597 #endif
5598 #ifdef OPENSSL_NO_RC2
5599 if (HAS_CASE_PREFIX(name, "RC2"))
5600 return 1;
5601 #endif
5602 #ifdef OPENSSL_NO_RC4
5603 if (HAS_CASE_PREFIX(name, "RC4"))
5604 return 1;
5605 #endif
5606 #ifdef OPENSSL_NO_RC5
5607 if (HAS_CASE_PREFIX(name, "RC5"))
5608 return 1;
5609 #endif
5610 #ifdef OPENSSL_NO_SEED
5611 if (HAS_CASE_PREFIX(name, "SEED"))
5612 return 1;
5613 #endif
5614 #ifdef OPENSSL_NO_SIV
5615 if (HAS_CASE_SUFFIX(name, "SIV"))
5616 return 1;
5617 #endif
5618 #ifdef OPENSSL_NO_SM4
5619 if (HAS_CASE_PREFIX(name, "SM4"))
5620 return 1;
5621 #endif
5622 return 0;
5623 }
5624