1 /* 2 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */ 11 #include <stdio.h> 12 #include <string.h> 13 #include <stdlib.h> 14 #include <ctype.h> 15 #include <openssl/evp.h> 16 #include <openssl/pem.h> 17 #include <openssl/err.h> 18 #include <openssl/provider.h> 19 #include <openssl/x509v3.h> 20 #include <openssl/pkcs12.h> 21 #include <openssl/kdf.h> 22 #include <openssl/params.h> 23 #include <openssl/param_build.h> 24 #include <openssl/core_names.h> 25 #include <openssl/fips_names.h> 26 #include <openssl/thread.h> 27 #include "internal/numbers.h" 28 #include "internal/nelem.h" 29 #include "internal/sizes.h" 30 #include "crypto/evp.h" 31 #include "testutil.h" 32 33 typedef struct evp_test_buffer_st EVP_TEST_BUFFER; 34 DEFINE_STACK_OF(EVP_TEST_BUFFER) 35 36 #define AAD_NUM 4 37 38 typedef struct evp_test_method_st EVP_TEST_METHOD; 39 40 /* Structure holding test information */ 41 typedef struct evp_test_st { 42 STANZA s; /* Common test stanza */ 43 char *name; 44 int skip; /* Current test should be skipped */ 45 const EVP_TEST_METHOD *meth; /* method for this test */ 46 const char *err, *aux_err; /* Error string for test */ 47 char *expected_err; /* Expected error value of test */ 48 char *reason; /* Expected error reason string */ 49 void *data; /* test specific data */ 50 int expect_unapproved; 51 } EVP_TEST; 52 53 /* Test method structure */ 54 struct evp_test_method_st { 55 /* Name of test as it appears in file */ 56 const char *name; 57 /* Initialise test for "alg" */ 58 int (*init) (EVP_TEST *t, const char *alg); 59 /* Clean up method */ 60 void (*cleanup) (EVP_TEST *t); 61 /* Test specific name value pair processing */ 62 int (*parse) (EVP_TEST *t, const char *name, const char *value); 63 /* Run the test itself */ 64 int (*run_test) (EVP_TEST *t); 65 }; 66 67 /* Linked list of named keys. */ 68 typedef struct key_list_st { 69 char *name; 70 EVP_PKEY *key; 71 struct key_list_st *next; 72 } KEY_LIST; 73 74 typedef enum OPTION_choice { 75 OPT_ERR = -1, 76 OPT_EOF = 0, 77 OPT_CONFIG_FILE, 78 OPT_IN_PLACE, 79 OPT_PROVIDER_NAME, 80 OPT_PROV_PROPQUERY, 81 OPT_DATA_CHUNK, 82 OPT_TEST_ENUM 83 } OPTION_CHOICE; 84 85 static OSSL_PROVIDER *prov_null = NULL; 86 static OSSL_PROVIDER *libprov = NULL; 87 static OSSL_LIB_CTX *libctx = NULL; 88 static int fips_indicator_callback_unapproved_count = 0; 89 static int extended_tests = 0; 90 91 /* List of public and private keys */ 92 static KEY_LIST *private_keys; 93 static KEY_LIST *public_keys; 94 95 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); 96 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); 97 static int parse_bin_chunk(const char *value, size_t offset, size_t max, 98 unsigned char **buf, size_t *buflen, size_t *out_offset); 99 static int is_digest_disabled(const char *name); 100 static int is_pkey_disabled(const char *name); 101 static int is_mac_disabled(const char *name); 102 static int is_cipher_disabled(const char *name); 103 static int is_kdf_disabled(const char *name); 104 105 /* A callback that is triggered if fips unapproved mode is detected */ 106 static int fips_indicator_cb(const char *type, const char *desc, 107 const OSSL_PARAM params[]) 108 { 109 fips_indicator_callback_unapproved_count++; 110 TEST_info("(Indicator Callback received %s : %s is not approved)", type, desc); 111 return 1; 112 } 113 114 static int check_fips_approved(EVP_TEST *t, int approved) 115 { 116 /* 117 * If the expected result is approved 118 * then it is expected that approved will be 1 119 * and the fips indicator callback has not been triggered, otherwise 120 * approved should be 0 and the fips indicator callback should be triggered. 121 */ 122 if (t->expect_unapproved) { 123 if (approved == 1 || fips_indicator_callback_unapproved_count == 0) { 124 TEST_error("Test is not expected to be FIPS approved"); 125 return 0; 126 } 127 } else { 128 if (approved == 0 || fips_indicator_callback_unapproved_count > 0) { 129 TEST_error("Test is expected to be FIPS approved"); 130 return 0; 131 } 132 } 133 return 1; 134 } 135 136 static int mac_check_fips_approved(EVP_MAC_CTX *ctx, EVP_TEST *t) 137 { 138 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 139 /* 140 * For any getters that do not handle the FIPS indicator assume a default 141 * value of approved. 142 */ 143 int approved = 1; 144 145 if (EVP_MAC_CTX_gettable_params(ctx) == NULL) 146 return 1; 147 148 params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR, 149 &approved); 150 if (!EVP_MAC_CTX_get_params(ctx, params)) 151 return 0; 152 return check_fips_approved(t, approved); 153 } 154 155 static int pkey_check_fips_approved(EVP_PKEY_CTX *ctx, EVP_TEST *t) 156 { 157 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 158 /* 159 * For any getters that do not handle the FIPS indicator assume a default 160 * value of approved. 161 */ 162 int approved = 1; 163 const OSSL_PARAM *gettables = EVP_PKEY_CTX_gettable_params(ctx); 164 165 if (gettables == NULL 166 || OSSL_PARAM_locate_const(gettables, 167 OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR) 168 == NULL) 169 return 1; 170 171 /* Older providers dont have a gettable */ 172 if (EVP_PKEY_CTX_gettable_params(ctx) == NULL) 173 return 1; 174 175 params[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, 176 &approved); 177 if (!EVP_PKEY_CTX_get_params(ctx, params)) 178 return 0; 179 return check_fips_approved(t, approved); 180 } 181 182 static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t) 183 { 184 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 185 /* 186 * For any getters that do not handle the FIPS indicator assume a default 187 * value of approved. 188 */ 189 int approved = 1; 190 191 if (EVP_RAND_CTX_gettable_params(ctx) == NULL) 192 return 1; 193 194 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR, 195 &approved); 196 if (!EVP_RAND_CTX_get_params(ctx, params)) 197 return 0; 198 return check_fips_approved(t, approved); 199 } 200 201 static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value) 202 { 203 char *data = OPENSSL_strdup(value); 204 205 if (data == NULL) 206 return -1; 207 208 if (sk_OPENSSL_STRING_push(controls, data) <= 0) { 209 OPENSSL_free(data); 210 return -1; 211 } 212 213 return 1; 214 } 215 216 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ 217 static void openssl_free(char *m) 218 { 219 OPENSSL_free(m); 220 } 221 222 static void ctrlfree(STACK_OF(OPENSSL_STRING) *controls) 223 { 224 sk_OPENSSL_STRING_pop_free(controls, openssl_free); 225 } 226 227 /* 228 * This is used if ctrl2params() passes settables as NULL. 229 * A default list of settable OSSL_PARAM that may be set during an operations 230 * init(). 231 * Using the algorithms settable list is problematic since it requires that the 232 * init() has already run. 233 */ 234 static const OSSL_PARAM settable_ctx_params[] = { 235 OSSL_PARAM_int("key-check", NULL), 236 OSSL_PARAM_int("digest-check", NULL), 237 OSSL_PARAM_int("ems_check", NULL), 238 OSSL_PARAM_int("sign-check", NULL), 239 OSSL_PARAM_int("encrypt-check", NULL), 240 OSSL_PARAM_int("rsa-pss-saltlen-check", NULL), 241 OSSL_PARAM_int("sign-x931-pad-check", NULL), 242 OSSL_PARAM_END 243 }; 244 245 static int ctrl2params(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls, 246 const OSSL_PARAM *settables, 247 OSSL_PARAM params[], size_t params_sz, size_t *params_n) 248 { 249 int i; 250 251 if (settables == NULL) 252 settables = settable_ctx_params; 253 /* check bounds */ 254 if (*params_n + sk_OPENSSL_STRING_num(controls) >= params_sz) { 255 t->err = "ERR_TOO_MANY_PARAMETERS"; 256 goto err; 257 } 258 for (i = 0; i < sk_OPENSSL_STRING_num(controls); i++) { 259 char *tmpkey, *tmpval; 260 char *value = sk_OPENSSL_STRING_value(controls, i); 261 262 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) { 263 t->err = "ERR_PARAM_ERROR"; 264 goto err; 265 } 266 tmpval = strchr(tmpkey, ':'); 267 if (tmpval != NULL) 268 *tmpval++ = '\0'; 269 270 if (tmpval == NULL 271 || !OSSL_PARAM_allocate_from_text(¶ms[*params_n], 272 settables, 273 tmpkey, tmpval, 274 strlen(tmpval), NULL)) { 275 OPENSSL_free(tmpkey); 276 t->err = "ERR_PARAM_ERROR"; 277 goto err; 278 } 279 *params_n += 1; 280 OPENSSL_free(tmpkey); 281 } 282 params[*params_n] = OSSL_PARAM_construct_end(); 283 return 1; 284 err: 285 return 0; 286 } 287 288 static void ctrl2params_free(OSSL_PARAM params[], 289 size_t params_n, size_t params_n_allocstart) 290 { 291 while (params_n-- > params_n_allocstart) { 292 OPENSSL_free(params[params_n].data); 293 } 294 } 295 296 static int kdf_check_fips_approved(EVP_KDF_CTX *ctx, EVP_TEST *t) 297 { 298 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 299 int approved = 1; 300 301 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR, 302 &approved); 303 if (!EVP_KDF_CTX_get_params(ctx, params)) 304 return 0; 305 return check_fips_approved(t, approved); 306 } 307 308 static int cipher_check_fips_approved(EVP_CIPHER_CTX *ctx, EVP_TEST *t) 309 { 310 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 311 int approved = 1; 312 313 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR, 314 &approved); 315 if (!EVP_CIPHER_CTX_get_params(ctx, params)) 316 return 0; 317 return check_fips_approved(t, approved); 318 } 319 320 /* 321 * Compare two memory regions for equality, returning zero if they differ. 322 * However, if there is expected to be an error and the actual error 323 * matches then the memory is expected to be different so handle this 324 * case without producing unnecessary test framework output. 325 */ 326 static int memory_err_compare(EVP_TEST *t, const char *err, 327 const void *expected, size_t expected_len, 328 const void *got, size_t got_len) 329 { 330 int r; 331 332 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0) 333 r = !TEST_mem_ne(expected, expected_len, got, got_len); 334 else 335 r = TEST_mem_eq(expected, expected_len, got, got_len); 336 if (!r) 337 t->err = err; 338 return r; 339 } 340 341 /* Option specific for evp test */ 342 static int process_mode_in_place; 343 static const char *propquery = NULL; 344 static int data_chunk_size; 345 346 static int evp_test_process_mode(char *mode) 347 { 348 if (strcmp(mode, "in_place") == 0) 349 return 1; 350 else if (strcmp(mode, "both") == 0) 351 return 0; 352 return -1; 353 } 354 355 /* 356 * Structure used to hold a list of blocks of memory to test 357 * calls to "update" like functions. 358 */ 359 struct evp_test_buffer_st { 360 unsigned char *buf; 361 size_t buflen; 362 size_t count; 363 int count_set; 364 }; 365 366 static void evp_test_buffer_free(EVP_TEST_BUFFER *db) 367 { 368 if (db != NULL) { 369 OPENSSL_free(db->buf); 370 OPENSSL_free(db); 371 } 372 } 373 374 /* append buffer to a list */ 375 static int evp_test_buffer_append(const char *value, size_t max_len, 376 STACK_OF(EVP_TEST_BUFFER) **sk) 377 { 378 EVP_TEST_BUFFER *db = NULL; 379 int rv = 0; 380 size_t offset = 0; 381 382 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null())) 383 goto err; 384 385 do { 386 if (!TEST_ptr(db = OPENSSL_zalloc(sizeof(*db)))) 387 goto err; 388 if (max_len == 0) { 389 /* parse all in one shot */ 390 if ((rv = parse_bin(value, &db->buf, &db->buflen)) != 1) 391 goto err; 392 } else { 393 /* parse in chunks */ 394 size_t new_offset = 0; 395 396 if ((rv = parse_bin_chunk(value, offset, max_len, &db->buf, 397 &db->buflen, &new_offset)) == -1) 398 goto err; 399 offset = new_offset; 400 } 401 402 db->count = 1; 403 db->count_set = 0; 404 405 if (db->buf == NULL) 406 evp_test_buffer_free(db); 407 else if (db->buf != NULL && !sk_EVP_TEST_BUFFER_push(*sk, db)) 408 goto err; 409 /* if processing by chunks, continue until the whole value is parsed */ 410 } while (rv == 1 && max_len != 0); 411 412 return 1; 413 414 err: 415 evp_test_buffer_free(db); 416 return 0; 417 } 418 419 /* replace last buffer in list with copies of itself */ 420 static int evp_test_buffer_ncopy(const char *value, 421 STACK_OF(EVP_TEST_BUFFER) *sk) 422 { 423 EVP_TEST_BUFFER *db; 424 unsigned char *tbuf, *p; 425 size_t tbuflen; 426 int ncopy = atoi(value); 427 int i; 428 429 if (ncopy <= 0) 430 return 0; 431 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 432 return 0; 433 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 434 435 tbuflen = db->buflen * ncopy; 436 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen))) 437 return 0; 438 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen) 439 memcpy(p, db->buf, db->buflen); 440 441 OPENSSL_free(db->buf); 442 db->buf = tbuf; 443 db->buflen = tbuflen; 444 return 1; 445 } 446 447 /* set repeat count for last buffer in list */ 448 static int evp_test_buffer_set_count(const char *value, 449 STACK_OF(EVP_TEST_BUFFER) *sk) 450 { 451 EVP_TEST_BUFFER *db; 452 int count = atoi(value); 453 454 if (count <= 0) 455 return 0; 456 457 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 458 return 0; 459 460 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 461 if (db->count_set != 0) 462 return 0; 463 464 db->count = (size_t)count; 465 db->count_set = 1; 466 return 1; 467 } 468 469 /* call "fn" with each element of the list in turn */ 470 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk, 471 int (*fn)(void *ctx, 472 const unsigned char *buf, 473 size_t buflen), 474 void *ctx) 475 { 476 int i; 477 478 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) { 479 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i); 480 size_t j; 481 482 for (j = 0; j < tb->count; j++) { 483 if (fn(ctx, tb->buf, tb->buflen) <= 0) 484 return 0; 485 } 486 } 487 return 1; 488 } 489 490 /* 491 * Unescape some sequences in string literals (only \n for now). 492 * Return an allocated buffer, set |out_len|. If |input_len| 493 * is zero, get an empty buffer but set length to zero. 494 */ 495 static unsigned char* unescape(const char *input, size_t input_len, 496 size_t *out_len) 497 { 498 unsigned char *ret, *p; 499 size_t i; 500 501 if (input_len == 0) { 502 *out_len = 0; 503 return OPENSSL_zalloc(1); 504 } 505 506 /* Escaping is non-expanding; over-allocate original size for simplicity. */ 507 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len))) 508 return NULL; 509 510 for (i = 0; i < input_len; i++) { 511 if (*input == '\\') { 512 if (i == input_len - 1 || *++input != 'n') { 513 TEST_error("Bad escape sequence in file"); 514 goto err; 515 } 516 *p++ = '\n'; 517 i++; 518 input++; 519 } else { 520 *p++ = *input++; 521 } 522 } 523 524 *out_len = p - ret; 525 return ret; 526 527 err: 528 OPENSSL_free(ret); 529 return NULL; 530 } 531 532 /* 533 * For a hex string "value" convert to a binary allocated buffer. 534 * Return 1 on success or 0 on failure. 535 */ 536 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen) 537 { 538 long len; 539 540 /* Check for NULL literal */ 541 if (strcmp(value, "NULL") == 0) { 542 *buf = NULL; 543 *buflen = 0; 544 return 1; 545 } 546 547 /* Check for empty value */ 548 if (*value == '\0') { 549 /* 550 * Don't return NULL for zero length buffer. This is needed for 551 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key 552 * buffer even if the key length is 0, in order to detect key reset. 553 */ 554 *buf = OPENSSL_malloc(1); 555 if (*buf == NULL) 556 return 0; 557 **buf = 0; 558 *buflen = 0; 559 return 1; 560 } 561 562 /* Check for string literal */ 563 if (value[0] == '"') { 564 size_t vlen = strlen(++value); 565 566 if (vlen == 0 || value[vlen - 1] != '"') 567 return 0; 568 vlen--; 569 *buf = unescape(value, vlen, buflen); 570 return *buf == NULL ? 0 : 1; 571 } 572 573 /* Otherwise assume as hex literal and convert it to binary buffer */ 574 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) { 575 TEST_info("Can't convert %s", value); 576 TEST_openssl_errors(); 577 return -1; 578 } 579 /* Size of input buffer means we'll never overflow */ 580 *buflen = len; 581 return 1; 582 } 583 584 /* 585 * Convert at maximum "max" bytes to a binary allocated buffer. 586 * Return 1 on success, -1 on failure or 0 for end of value string. 587 */ 588 static int parse_bin_chunk(const char *value, size_t offset, size_t max, 589 unsigned char **buf, size_t *buflen, size_t *out_offset) 590 { 591 size_t vlen; 592 size_t chunk_len; 593 const char *value_str = value[0] == '"' ? value + offset + 1 : value + offset; 594 595 if (max < 1) 596 return -1; 597 598 if (*value == '\0' || strcmp(value, "\"\"") == 0) { 599 *buf = OPENSSL_malloc(1); 600 if (*buf == NULL) 601 return 0; 602 **buf = 0; 603 *buflen = 0; 604 return 0; 605 } 606 607 if (*value_str == '\0') 608 return 0; 609 610 vlen = strlen(value_str); 611 if (value[0] == '"') { 612 /* Parse string literal */ 613 if (vlen == 1 && value_str[0] != '"') 614 /* Missing ending quotation mark */ 615 return -1; 616 if (vlen == 1 && value_str[0] == '"') 617 /* End of value */ 618 return 0; 619 vlen--; 620 chunk_len = max > vlen ? vlen : max; 621 if ((*buf = unescape(value_str, chunk_len, buflen)) == NULL) 622 return -1; 623 } else { 624 /* Parse hex string chunk */ 625 long len; 626 char *chunk = NULL; 627 628 chunk_len = 2 * max > vlen ? vlen : 2 * max; 629 chunk = OPENSSL_strndup(value_str, chunk_len); 630 if (chunk == NULL) 631 return -1; 632 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(chunk, &len))) { 633 OPENSSL_free(chunk); 634 TEST_openssl_errors(); 635 return -1; 636 } 637 OPENSSL_free(chunk); 638 *buflen = len; 639 } 640 *out_offset = value[0] == '"' ? offset + (*buflen) : offset + 2 * (*buflen); 641 return 1; 642 } 643 644 /** 645 ** MESSAGE DIGEST TESTS 646 **/ 647 648 typedef struct digest_data_st { 649 /* Digest this test is for */ 650 const EVP_MD *digest; 651 EVP_MD *fetched_digest; 652 /* Input to digest */ 653 STACK_OF(EVP_TEST_BUFFER) *input; 654 /* Expected output */ 655 unsigned char *output; 656 size_t output_len; 657 /* Padding type */ 658 int pad_type; 659 /* XOF mode? */ 660 int xof; 661 /* Size for variable output length but non-XOF */ 662 size_t digest_size; 663 } DIGEST_DATA; 664 665 static int digest_test_init(EVP_TEST *t, const char *alg) 666 { 667 DIGEST_DATA *mdat; 668 const EVP_MD *digest; 669 EVP_MD *fetched_digest; 670 671 if (is_digest_disabled(alg)) { 672 TEST_info("skipping, '%s' is disabled", alg); 673 t->skip = 1; 674 return 1; 675 } 676 677 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL 678 && (digest = EVP_get_digestbyname(alg)) == NULL) 679 return 0; 680 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) { 681 EVP_MD_free(fetched_digest); 682 return 0; 683 } 684 t->data = mdat; 685 mdat->digest = digest; 686 mdat->fetched_digest = fetched_digest; 687 mdat->pad_type = 0; 688 mdat->xof = 0; 689 if (fetched_digest != NULL) 690 TEST_info("%s is fetched", alg); 691 return 1; 692 } 693 694 static void digest_test_cleanup(EVP_TEST *t) 695 { 696 DIGEST_DATA *mdat = t->data; 697 698 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free); 699 OPENSSL_free(mdat->output); 700 EVP_MD_free(mdat->fetched_digest); 701 } 702 703 static int digest_test_parse(EVP_TEST *t, 704 const char *keyword, const char *value) 705 { 706 DIGEST_DATA *mdata = t->data; 707 708 if (strcmp(keyword, "Input") == 0) 709 return evp_test_buffer_append(value, data_chunk_size, &mdata->input); 710 if (strcmp(keyword, "Output") == 0) 711 return parse_bin(value, &mdata->output, &mdata->output_len); 712 if (strcmp(keyword, "Count") == 0) 713 return evp_test_buffer_set_count(value, mdata->input); 714 if (strcmp(keyword, "Ncopy") == 0) 715 return evp_test_buffer_ncopy(value, mdata->input); 716 if (strcmp(keyword, "Padding") == 0) 717 return (mdata->pad_type = atoi(value)) > 0; 718 if (strcmp(keyword, "XOF") == 0) 719 return (mdata->xof = atoi(value)) > 0; 720 if (strcmp(keyword, "OutputSize") == 0) { 721 int sz; 722 723 sz = atoi(value); 724 if (sz < 0) 725 return -1; 726 mdata->digest_size = sz; 727 return 1; 728 } 729 return 0; 730 } 731 732 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen) 733 { 734 return EVP_DigestUpdate(ctx, buf, buflen); 735 } 736 737 static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx) 738 { 739 char dont[] = "touch"; 740 741 if (!TEST_ptr(mctx)) 742 return 0; 743 if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) { 744 EVP_MD_CTX_free(mctx); 745 t->err = "DIGESTFINALXOF_ERROR"; 746 return 0; 747 } 748 if (!TEST_str_eq(dont, "touch")) { 749 EVP_MD_CTX_free(mctx); 750 t->err = "DIGESTFINALXOF_ERROR"; 751 return 0; 752 } 753 EVP_MD_CTX_free(mctx); 754 return 1; 755 } 756 757 static int digest_test_run(EVP_TEST *t) 758 { 759 DIGEST_DATA *expected = t->data; 760 EVP_TEST_BUFFER *inbuf; 761 EVP_MD_CTX *mctx; 762 unsigned char *got = NULL; 763 unsigned int got_len; 764 size_t size = 0; 765 int xof = 0; 766 OSSL_PARAM params[4], *p = ¶ms[0]; 767 768 t->err = "TEST_FAILURE"; 769 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 770 goto err; 771 772 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? 773 expected->output_len : EVP_MAX_MD_SIZE); 774 if (!TEST_ptr(got)) 775 goto err; 776 777 if (expected->xof > 0) { 778 xof |= 1; 779 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, 780 &expected->output_len); 781 } 782 if (expected->digest_size > 0) { 783 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, 784 &expected->digest_size); 785 } 786 if (expected->pad_type > 0) 787 *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, 788 &expected->pad_type); 789 *p++ = OSSL_PARAM_construct_end(); 790 791 if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) { 792 t->err = "DIGESTINIT_ERROR"; 793 goto err; 794 } 795 796 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) { 797 t->err = "DIGESTUPDATE_ERROR"; 798 goto err; 799 } 800 801 xof |= EVP_MD_xof(expected->digest); 802 if (xof) { 803 EVP_MD_CTX *mctx_cpy; 804 805 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) { 806 goto err; 807 } 808 if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) { 809 EVP_MD_CTX_free(mctx_cpy); 810 goto err; 811 } else if (!test_duplicate_md_ctx(t, mctx_cpy)) { 812 goto err; 813 } 814 815 if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx))) 816 goto err; 817 818 got_len = expected->output_len; 819 if (!EVP_DigestFinalXOF(mctx, got, got_len)) { 820 t->err = "DIGESTFINALXOF_ERROR"; 821 goto err; 822 } 823 } else { 824 if (!EVP_DigestFinal(mctx, got, &got_len)) { 825 t->err = "DIGESTFINAL_ERROR"; 826 goto err; 827 } 828 } 829 if (!TEST_int_eq(expected->output_len, got_len)) { 830 t->err = "DIGEST_LENGTH_MISMATCH"; 831 goto err; 832 } 833 if (!memory_err_compare(t, "DIGEST_MISMATCH", 834 expected->output, expected->output_len, 835 got, got_len)) 836 goto err; 837 838 t->err = NULL; 839 840 /* Test the EVP_Q_digest interface as well */ 841 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1 842 && !xof 843 /* This should never fail but we need the returned pointer now */ 844 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0)) 845 && !inbuf->count_set) { 846 OPENSSL_cleanse(got, got_len); 847 if (!TEST_true(EVP_Q_digest(libctx, 848 EVP_MD_get0_name(expected->fetched_digest), 849 NULL, inbuf->buf, inbuf->buflen, 850 got, &size)) 851 || !TEST_mem_eq(got, size, 852 expected->output, expected->output_len)) { 853 t->err = "EVP_Q_digest failed"; 854 goto err; 855 } 856 } 857 858 err: 859 OPENSSL_free(got); 860 EVP_MD_CTX_free(mctx); 861 return 1; 862 } 863 864 static const EVP_TEST_METHOD digest_test_method = { 865 "Digest", 866 digest_test_init, 867 digest_test_cleanup, 868 digest_test_parse, 869 digest_test_run 870 }; 871 872 /** 873 *** CIPHER TESTS 874 **/ 875 876 typedef struct cipher_data_st { 877 const EVP_CIPHER *cipher; 878 EVP_CIPHER *fetched_cipher; 879 int enc; 880 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ 881 int aead; 882 unsigned char *key; 883 size_t key_len; 884 size_t key_bits; /* Used by RC2 */ 885 unsigned char *iv; 886 unsigned char *next_iv; /* Expected IV state after operation */ 887 unsigned int rounds; 888 size_t iv_len; 889 unsigned char *plaintext; 890 size_t plaintext_len; 891 unsigned char *ciphertext; 892 size_t ciphertext_len; 893 /* AEAD ciphers only */ 894 unsigned char *aad[AAD_NUM]; 895 size_t aad_len[AAD_NUM]; 896 int tls_aad; 897 int tls_version; 898 unsigned char *tag; 899 const char *cts_mode; 900 size_t tag_len; 901 int tag_late; 902 unsigned char *mac_key; 903 size_t mac_key_len; 904 const char *xts_standard; 905 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 906 } CIPHER_DATA; 907 908 909 /* 910 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special 911 * requirements about input lengths so we don't fragment for those 912 */ 913 static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat) 914 { 915 return (cdat->aead == EVP_CIPH_CCM_MODE 916 || cdat->aead == EVP_CIPH_CBC_MODE 917 || (cdat->aead == -1 918 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER) 919 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) 920 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE 921 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE 922 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE 923 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1; 924 } 925 926 static int cipher_test_init(EVP_TEST *t, const char *alg) 927 { 928 const EVP_CIPHER *cipher; 929 EVP_CIPHER *fetched_cipher; 930 CIPHER_DATA *cdat; 931 int m; 932 933 if (is_cipher_disabled(alg)) { 934 t->skip = 1; 935 TEST_info("skipping, '%s' is disabled", alg); 936 return 1; 937 } 938 939 ERR_set_mark(); 940 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL 941 && (cipher = EVP_get_cipherbyname(alg)) == NULL) { 942 /* a stitched cipher might not be available */ 943 if (strstr(alg, "HMAC") != NULL) { 944 ERR_pop_to_mark(); 945 t->skip = 1; 946 TEST_info("skipping, '%s' is not available", alg); 947 return 1; 948 } 949 ERR_clear_last_mark(); 950 return 0; 951 } 952 ERR_clear_last_mark(); 953 954 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat)))) 955 return 0; 956 957 cdat->init_controls = sk_OPENSSL_STRING_new_null(); 958 cdat->cipher = cipher; 959 cdat->fetched_cipher = fetched_cipher; 960 cdat->enc = -1; 961 m = EVP_CIPHER_get_mode(cipher); 962 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) 963 cdat->aead = m != 0 ? m : -1; 964 else 965 cdat->aead = 0; 966 967 if (data_chunk_size != 0 && !cipher_test_valid_fragmentation(cdat)) { 968 ERR_pop_to_mark(); 969 EVP_CIPHER_free(fetched_cipher); 970 OPENSSL_free(cdat); 971 t->skip = 1; 972 TEST_info("skipping, '%s' does not support fragmentation", alg); 973 return 1; 974 } 975 976 t->data = cdat; 977 if (fetched_cipher != NULL) 978 TEST_info("%s is fetched", alg); 979 return 1; 980 } 981 982 static void cipher_test_cleanup(EVP_TEST *t) 983 { 984 int i; 985 CIPHER_DATA *cdat = t->data; 986 987 OPENSSL_free(cdat->key); 988 OPENSSL_free(cdat->iv); 989 OPENSSL_free(cdat->next_iv); 990 OPENSSL_free(cdat->ciphertext); 991 OPENSSL_free(cdat->plaintext); 992 for (i = 0; i < AAD_NUM; i++) 993 OPENSSL_free(cdat->aad[i]); 994 OPENSSL_free(cdat->tag); 995 OPENSSL_free(cdat->mac_key); 996 EVP_CIPHER_free(cdat->fetched_cipher); 997 ctrlfree(cdat->init_controls); 998 } 999 1000 static int cipher_test_parse(EVP_TEST *t, const char *keyword, 1001 const char *value) 1002 { 1003 CIPHER_DATA *cdat = t->data; 1004 int i; 1005 1006 if (strcmp(keyword, "Key") == 0) 1007 return parse_bin(value, &cdat->key, &cdat->key_len); 1008 if (strcmp(keyword, "Rounds") == 0) { 1009 i = atoi(value); 1010 if (i < 0) 1011 return -1; 1012 cdat->rounds = (unsigned int)i; 1013 return 1; 1014 } 1015 if (strcmp(keyword, "IV") == 0) 1016 return parse_bin(value, &cdat->iv, &cdat->iv_len); 1017 if (strcmp(keyword, "NextIV") == 0) 1018 return parse_bin(value, &cdat->next_iv, &cdat->iv_len); 1019 if (strcmp(keyword, "Plaintext") == 0) 1020 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len); 1021 if (strcmp(keyword, "Ciphertext") == 0) 1022 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); 1023 if (strcmp(keyword, "KeyBits") == 0) { 1024 i = atoi(value); 1025 if (i < 0) 1026 return -1; 1027 cdat->key_bits = (size_t)i; 1028 return 1; 1029 } 1030 if (cdat->aead) { 1031 int tls_aad = 0; 1032 1033 if (strcmp(keyword, "TLSAAD") == 0) 1034 cdat->tls_aad = tls_aad = 1; 1035 if (strcmp(keyword, "AAD") == 0 || tls_aad) { 1036 for (i = 0; i < AAD_NUM; i++) { 1037 if (cdat->aad[i] == NULL) 1038 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]); 1039 } 1040 return -1; 1041 } 1042 if (strcmp(keyword, "Tag") == 0) 1043 return parse_bin(value, &cdat->tag, &cdat->tag_len); 1044 if (strcmp(keyword, "SetTagLate") == 0) { 1045 if (strcmp(value, "TRUE") == 0) 1046 cdat->tag_late = 1; 1047 else if (strcmp(value, "FALSE") == 0) 1048 cdat->tag_late = 0; 1049 else 1050 return -1; 1051 return 1; 1052 } 1053 if (strcmp(keyword, "MACKey") == 0) 1054 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len); 1055 if (strcmp(keyword, "TLSVersion") == 0) { 1056 char *endptr; 1057 1058 cdat->tls_version = (int)strtol(value, &endptr, 0); 1059 return value[0] != '\0' && endptr[0] == '\0'; 1060 } 1061 } 1062 1063 if (strcmp(keyword, "Operation") == 0) { 1064 if (strcmp(value, "ENCRYPT") == 0) 1065 cdat->enc = 1; 1066 else if (strcmp(value, "DECRYPT") == 0) 1067 cdat->enc = 0; 1068 else 1069 return -1; 1070 return 1; 1071 } 1072 if (strcmp(keyword, "CTSMode") == 0) { 1073 cdat->cts_mode = value; 1074 return 1; 1075 } 1076 if (strcmp(keyword, "XTSStandard") == 0) { 1077 cdat->xts_standard = value; 1078 return 1; 1079 } 1080 if (strcmp(keyword, "CtrlInit") == 0) 1081 return ctrladd(cdat->init_controls, value); 1082 return 0; 1083 } 1084 1085 static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign, 1086 size_t inp_misalign, int frag, int in_place, 1087 const OSSL_PARAM initparams[]) 1088 { 1089 CIPHER_DATA *expected = t->data; 1090 unsigned char *in, *expected_out, *tmp = NULL; 1091 size_t in_len, out_len, donelen = 0; 1092 int ok = 0, tmplen, chunklen, tmpflen, i; 1093 EVP_CIPHER_CTX *ctx_base = NULL; 1094 EVP_CIPHER_CTX *ctx = NULL, *duped; 1095 int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0); 1096 1097 t->err = "TEST_FAILURE"; 1098 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new())) 1099 goto err; 1100 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 1101 goto err; 1102 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); 1103 if (enc) { 1104 in = expected->plaintext; 1105 in_len = expected->plaintext_len; 1106 expected_out = expected->ciphertext; 1107 out_len = expected->ciphertext_len; 1108 } else { 1109 in = expected->ciphertext; 1110 in_len = expected->ciphertext_len; 1111 expected_out = expected->plaintext; 1112 out_len = expected->plaintext_len; 1113 } 1114 if (in_place == 1) { 1115 /* Exercise in-place encryption */ 1116 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH); 1117 if (!tmp) 1118 goto err; 1119 in = memcpy(tmp + out_misalign, in, in_len); 1120 } else { 1121 inp_misalign += 16 - ((out_misalign + in_len) & 15); 1122 /* 1123 * 'tmp' will store both output and copy of input. We make the copy 1124 * of input to specifically aligned part of 'tmp'. So we just 1125 * figured out how much padding would ensure the required alignment, 1126 * now we allocate extended buffer and finally copy the input just 1127 * past inp_misalign in expression below. Output will be written 1128 * past out_misalign... 1129 */ 1130 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + 1131 inp_misalign + in_len); 1132 if (!tmp) 1133 goto err; 1134 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + 1135 inp_misalign, in, in_len); 1136 } 1137 if (!EVP_CipherInit_ex2(ctx_base, expected->cipher, NULL, NULL, enc, 1138 initparams)) { 1139 t->err = "CIPHERINIT_ERROR"; 1140 goto err; 1141 } 1142 if (expected->cts_mode != NULL) { 1143 OSSL_PARAM params[2]; 1144 1145 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, 1146 (char *)expected->cts_mode, 1147 0); 1148 params[1] = OSSL_PARAM_construct_end(); 1149 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) { 1150 t->err = "INVALID_CTS_MODE"; 1151 goto err; 1152 } 1153 } 1154 if (expected->iv) { 1155 if (expected->aead) { 1156 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, 1157 expected->iv_len, 0) <= 0) { 1158 t->err = "INVALID_IV_LENGTH"; 1159 goto err; 1160 } 1161 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) { 1162 t->err = "INVALID_IV_LENGTH"; 1163 goto err; 1164 } 1165 } 1166 if (expected->aead && !expected->tls_aad) { 1167 unsigned char *tag; 1168 /* 1169 * If encrypting or OCB just set tag length initially, otherwise 1170 * set tag length and value. 1171 */ 1172 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) { 1173 t->err = "TAG_LENGTH_SET_ERROR"; 1174 tag = NULL; 1175 } else { 1176 t->err = "TAG_SET_ERROR"; 1177 tag = expected->tag; 1178 } 1179 if (tag || expected->aead != EVP_CIPH_GCM_MODE) { 1180 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, 1181 expected->tag_len, tag) <= 0) 1182 goto err; 1183 } 1184 } 1185 1186 if (expected->rounds > 0) { 1187 int rounds = (int)expected->rounds; 1188 1189 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) { 1190 t->err = "INVALID_ROUNDS"; 1191 goto err; 1192 } 1193 } 1194 1195 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) { 1196 t->err = "INVALID_KEY_LENGTH"; 1197 goto err; 1198 } 1199 if (expected->key_bits > 0) { 1200 int bits = (int)expected->key_bits; 1201 1202 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) { 1203 t->err = "INVALID KEY BITS"; 1204 goto err; 1205 } 1206 } 1207 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) { 1208 t->err = "KEY_SET_ERROR"; 1209 goto err; 1210 } 1211 1212 /* Check that we get the same IV back */ 1213 if (expected->iv != NULL) { 1214 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ 1215 unsigned char iv[128]; 1216 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv))) 1217 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 1218 && !TEST_mem_eq(expected->iv, expected->iv_len, iv, 1219 expected->iv_len))) { 1220 t->err = "INVALID_IV"; 1221 goto err; 1222 } 1223 } 1224 1225 /* Test that the cipher dup functions correctly if it is supported */ 1226 ERR_set_mark(); 1227 if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) { 1228 if (fips_dupctx_supported) { 1229 TEST_info("Doing a copy of Cipher %s Fails!\n", 1230 EVP_CIPHER_get0_name(expected->cipher)); 1231 ERR_print_errors_fp(stderr); 1232 goto err; 1233 } else { 1234 TEST_info("Allowing copy fail as an old fips provider is in use."); 1235 } 1236 EVP_CIPHER_CTX_free(ctx); 1237 ctx = ctx_base; 1238 } else { 1239 EVP_CIPHER_CTX_free(ctx_base); 1240 ctx_base = NULL; 1241 } 1242 /* Likewise for dup */ 1243 duped = EVP_CIPHER_CTX_dup(ctx); 1244 if (duped != NULL) { 1245 EVP_CIPHER_CTX_free(ctx); 1246 ctx = duped; 1247 } else { 1248 if (fips_dupctx_supported) { 1249 TEST_info("Doing a dup of Cipher %s Fails!\n", 1250 EVP_CIPHER_get0_name(expected->cipher)); 1251 ERR_print_errors_fp(stderr); 1252 goto err; 1253 } else { 1254 TEST_info("Allowing dup fail as an old fips provider is in use."); 1255 } 1256 } 1257 ERR_pop_to_mark(); 1258 1259 if (expected->mac_key != NULL 1260 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, 1261 (int)expected->mac_key_len, 1262 (void *)expected->mac_key) <= 0) { 1263 t->err = "SET_MAC_KEY_ERROR"; 1264 goto err; 1265 } 1266 1267 if (expected->tls_version) { 1268 OSSL_PARAM params[2]; 1269 1270 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, 1271 &expected->tls_version); 1272 params[1] = OSSL_PARAM_construct_end(); 1273 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 1274 t->err = "SET_TLS_VERSION_ERROR"; 1275 goto err; 1276 } 1277 } 1278 1279 if (expected->aead == EVP_CIPH_CCM_MODE) { 1280 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { 1281 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; 1282 goto err; 1283 } 1284 } 1285 if (expected->aad[0] != NULL && !expected->tls_aad) { 1286 t->err = "AAD_SET_ERROR"; 1287 if (!frag) { 1288 /* Supply the data all in one go or according to data_chunk_size */ 1289 for (i = 0; expected->aad[i] != NULL; i++) { 1290 size_t aad_len = expected->aad_len[i]; 1291 donelen = 0; 1292 1293 do { 1294 size_t current_aad_len = (size_t) data_chunk_size; 1295 1296 if (data_chunk_size == 0 || (size_t) data_chunk_size > aad_len) 1297 current_aad_len = aad_len; 1298 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, 1299 expected->aad[i] + donelen, 1300 current_aad_len)) 1301 goto err; 1302 donelen += current_aad_len; 1303 aad_len -= current_aad_len; 1304 } while (aad_len > 0); 1305 } 1306 } else { 1307 /* Supply the AAD in chunks less than the block size where possible */ 1308 for (i = 0; expected->aad[i] != NULL; i++) { 1309 if (expected->aad_len[i] > 0) { 1310 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1)) 1311 goto err; 1312 donelen++; 1313 } 1314 if (expected->aad_len[i] > 2) { 1315 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, 1316 expected->aad[i] + donelen, 1317 expected->aad_len[i] - 2)) 1318 goto err; 1319 donelen += expected->aad_len[i] - 2; 1320 } 1321 if (expected->aad_len[i] > 1 1322 && !EVP_CipherUpdate(ctx, NULL, &chunklen, 1323 expected->aad[i] + donelen, 1)) 1324 goto err; 1325 } 1326 } 1327 } 1328 1329 if (expected->tls_aad) { 1330 OSSL_PARAM params[2]; 1331 char *tls_aad; 1332 1333 /* duplicate the aad as the implementation might modify it */ 1334 if ((tls_aad = OPENSSL_memdup(expected->aad[0], 1335 expected->aad_len[0])) == NULL) 1336 goto err; 1337 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, 1338 tls_aad, 1339 expected->aad_len[0]); 1340 params[1] = OSSL_PARAM_construct_end(); 1341 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 1342 OPENSSL_free(tls_aad); 1343 t->err = "TLS1_AAD_ERROR"; 1344 goto err; 1345 } 1346 OPENSSL_free(tls_aad); 1347 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE 1348 || expected->tag_late)) { 1349 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 1350 expected->tag_len, expected->tag) <= 0) { 1351 t->err = "TAG_SET_ERROR"; 1352 goto err; 1353 } 1354 } 1355 if (expected->xts_standard != NULL) { 1356 OSSL_PARAM params[2]; 1357 1358 params[0] = 1359 OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD, 1360 (char *)expected->xts_standard, 0); 1361 params[1] = OSSL_PARAM_construct_end(); 1362 if (!EVP_CIPHER_CTX_set_params(ctx, params)) { 1363 t->err = "SET_XTS_STANDARD_ERROR"; 1364 goto err; 1365 } 1366 } 1367 EVP_CIPHER_CTX_set_padding(ctx, 0); 1368 t->err = "CIPHERUPDATE_ERROR"; 1369 tmplen = 0; 1370 if (!frag) { 1371 do { 1372 /* Supply the data all in one go or according to data_chunk_size */ 1373 size_t current_in_len = (size_t) data_chunk_size; 1374 1375 if (data_chunk_size == 0 || (size_t) data_chunk_size > in_len) 1376 current_in_len = in_len; 1377 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 1378 in, current_in_len)) 1379 goto err; 1380 tmplen += chunklen; 1381 in += current_in_len; 1382 in_len -= current_in_len; 1383 } while (in_len > 0); 1384 } else { 1385 /* Supply the data in chunks less than the block size where possible */ 1386 if (in_len > 0) { 1387 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1)) 1388 goto err; 1389 tmplen += chunklen; 1390 in++; 1391 in_len--; 1392 } 1393 if (in_len > 1) { 1394 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 1395 in, in_len - 1)) 1396 goto err; 1397 tmplen += chunklen; 1398 in += in_len - 1; 1399 in_len = 1; 1400 } 1401 if (in_len > 0) { 1402 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 1403 in, 1)) 1404 goto err; 1405 tmplen += chunklen; 1406 } 1407 } 1408 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) { 1409 t->err = "CIPHERFINAL_ERROR"; 1410 goto err; 1411 } 1412 if (!cipher_check_fips_approved(ctx, t)) { 1413 t->err = "FIPSAPPROVED_ERROR"; 1414 goto err; 1415 } 1416 1417 if (!enc && expected->tls_aad) { 1418 if (expected->tls_version >= TLS1_1_VERSION 1419 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1") 1420 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) { 1421 tmplen -= expected->iv_len; 1422 expected_out += expected->iv_len; 1423 out_misalign += expected->iv_len; 1424 } 1425 if ((int)out_len > tmplen + tmpflen) 1426 out_len = tmplen + tmpflen; 1427 } 1428 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len, 1429 tmp + out_misalign, tmplen + tmpflen)) 1430 goto err; 1431 if (enc && expected->aead && !expected->tls_aad) { 1432 unsigned char rtag[48]; /* longest known for TLS_SHA384_SHA384 */ 1433 1434 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) { 1435 t->err = "TAG_LENGTH_INTERNAL_ERROR"; 1436 goto err; 1437 } 1438 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 1439 expected->tag_len, rtag) <= 0) { 1440 t->err = "TAG_RETRIEVE_ERROR"; 1441 goto err; 1442 } 1443 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH", 1444 expected->tag, expected->tag_len, 1445 rtag, expected->tag_len)) 1446 goto err; 1447 } 1448 /* Check the updated IV */ 1449 if (expected->next_iv != NULL) { 1450 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ 1451 unsigned char iv[128]; 1452 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 1453 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 1454 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv, 1455 expected->iv_len))) { 1456 t->err = "INVALID_NEXT_IV"; 1457 goto err; 1458 } 1459 } 1460 1461 t->err = NULL; 1462 ok = 1; 1463 err: 1464 OPENSSL_free(tmp); 1465 if (ctx != ctx_base) 1466 EVP_CIPHER_CTX_free(ctx_base); 1467 EVP_CIPHER_CTX_free(ctx); 1468 return ok; 1469 } 1470 1471 static int cipher_test_run(EVP_TEST *t) 1472 { 1473 CIPHER_DATA *cdat = t->data; 1474 int rv, frag, fragmax, in_place; 1475 size_t out_misalign, inp_misalign; 1476 OSSL_PARAM initparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 1477 size_t params_n = 0; 1478 1479 TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher)); 1480 if (!cdat->key) { 1481 t->err = "NO_KEY"; 1482 return 0; 1483 } 1484 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) { 1485 /* IV is optional and usually omitted in wrap mode */ 1486 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { 1487 t->err = "NO_IV"; 1488 return 0; 1489 } 1490 } 1491 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) { 1492 t->err = "NO_TAG"; 1493 return 0; 1494 } 1495 1496 if (sk_OPENSSL_STRING_num(cdat->init_controls) > 0) { 1497 if (!ctrl2params(t, cdat->init_controls, NULL, 1498 initparams, OSSL_NELEM(initparams), ¶ms_n)) 1499 return 0; 1500 } 1501 1502 fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1; 1503 for (in_place = 1; in_place >= 0; in_place--) { 1504 static char aux_err[64]; 1505 1506 t->aux_err = aux_err; 1507 /* Test only in-place data processing */ 1508 if (process_mode_in_place == 1 && in_place == 0) 1509 break; 1510 1511 for (frag = 0; frag <= fragmax; frag++) { 1512 if (frag == 1 && data_chunk_size != 0) 1513 break; 1514 for (out_misalign = 0; out_misalign <= 1; out_misalign++) { 1515 for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) { 1516 /* Skip input misalign tests for in-place processing */ 1517 if (inp_misalign == 1 && in_place == 1) 1518 break; 1519 if (in_place == 1) { 1520 BIO_snprintf(aux_err, sizeof(aux_err), 1521 "%s in-place, %sfragmented", 1522 out_misalign ? "misaligned" : "aligned", 1523 frag ? "" : "not "); 1524 } else { 1525 BIO_snprintf(aux_err, sizeof(aux_err), 1526 "%s output and %s input, %sfragmented", 1527 out_misalign ? "misaligned" : "aligned", 1528 inp_misalign ? "misaligned" : "aligned", 1529 frag ? "" : "not "); 1530 } 1531 if (cdat->enc) { 1532 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, 1533 frag, in_place, initparams); 1534 if (rv != 1) 1535 goto end; 1536 } 1537 if (cdat->enc != 1) { 1538 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, 1539 frag, in_place, initparams); 1540 if (rv != 1) 1541 goto end; 1542 } 1543 } 1544 } 1545 } 1546 } 1547 ctrl2params_free(initparams, params_n, 0); 1548 t->aux_err = NULL; 1549 return 1; 1550 end: 1551 ctrl2params_free(initparams, params_n, 0); 1552 return (rv < 0 ? 0 : 1); 1553 } 1554 1555 static const EVP_TEST_METHOD cipher_test_method = { 1556 "Cipher", 1557 cipher_test_init, 1558 cipher_test_cleanup, 1559 cipher_test_parse, 1560 cipher_test_run 1561 }; 1562 1563 1564 /** 1565 ** MAC TESTS 1566 **/ 1567 1568 typedef struct mac_data_st { 1569 /* MAC type in one form or another */ 1570 char *mac_name; 1571 EVP_MAC *mac; /* for mac_test_run_mac */ 1572 int type; /* for mac_test_run_pkey */ 1573 /* Algorithm string for this MAC */ 1574 char *alg; 1575 /* MAC key */ 1576 unsigned char *key; 1577 size_t key_len; 1578 /* MAC IV (GMAC) */ 1579 unsigned char *iv; 1580 size_t iv_len; 1581 /* Input to MAC */ 1582 unsigned char *input; 1583 size_t input_len; 1584 /* Expected output */ 1585 unsigned char *output; 1586 size_t output_len; 1587 unsigned char *custom; 1588 size_t custom_len; 1589 /* MAC salt (blake2) */ 1590 unsigned char *salt; 1591 size_t salt_len; 1592 /* XOF mode? */ 1593 int xof; 1594 /* Reinitialization fails */ 1595 int no_reinit; 1596 /* Collection of controls */ 1597 STACK_OF(OPENSSL_STRING) *controls; 1598 /* Output size */ 1599 int output_size; 1600 /* Block size */ 1601 int block_size; 1602 } MAC_DATA; 1603 1604 static int mac_test_init(EVP_TEST *t, const char *alg) 1605 { 1606 EVP_MAC *mac = NULL; 1607 int type = NID_undef; 1608 MAC_DATA *mdat; 1609 1610 if (is_mac_disabled(alg)) { 1611 TEST_info("skipping, '%s' is disabled", alg); 1612 t->skip = 1; 1613 return 1; 1614 } 1615 if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) { 1616 /* 1617 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods 1618 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running 1619 * the EVP_PKEY method. 1620 */ 1621 size_t sz = strlen(alg); 1622 static const char epilogue[] = " by EVP_PKEY"; 1623 1624 if (sz >= sizeof(epilogue) 1625 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0) 1626 sz -= sizeof(epilogue) - 1; 1627 1628 if (strncmp(alg, "HMAC", sz) == 0) 1629 type = EVP_PKEY_HMAC; 1630 else if (strncmp(alg, "CMAC", sz) == 0) 1631 type = EVP_PKEY_CMAC; 1632 else if (strncmp(alg, "Poly1305", sz) == 0) 1633 type = EVP_PKEY_POLY1305; 1634 else if (strncmp(alg, "SipHash", sz) == 0) 1635 type = EVP_PKEY_SIPHASH; 1636 else 1637 return 0; 1638 } 1639 1640 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 1641 return 0; 1642 1643 mdat->type = type; 1644 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) { 1645 OPENSSL_free(mdat); 1646 return 0; 1647 } 1648 1649 mdat->mac = mac; 1650 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) { 1651 OPENSSL_free(mdat->mac_name); 1652 OPENSSL_free(mdat); 1653 return 0; 1654 } 1655 1656 mdat->output_size = mdat->block_size = -1; 1657 t->data = mdat; 1658 return 1; 1659 } 1660 1661 static void mac_test_cleanup(EVP_TEST *t) 1662 { 1663 MAC_DATA *mdat = t->data; 1664 1665 EVP_MAC_free(mdat->mac); 1666 OPENSSL_free(mdat->mac_name); 1667 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free); 1668 OPENSSL_free(mdat->alg); 1669 OPENSSL_free(mdat->key); 1670 OPENSSL_free(mdat->iv); 1671 OPENSSL_free(mdat->custom); 1672 OPENSSL_free(mdat->salt); 1673 OPENSSL_free(mdat->input); 1674 OPENSSL_free(mdat->output); 1675 } 1676 1677 static int mac_test_parse(EVP_TEST *t, 1678 const char *keyword, const char *value) 1679 { 1680 MAC_DATA *mdata = t->data; 1681 1682 if (strcmp(keyword, "Key") == 0) 1683 return parse_bin(value, &mdata->key, &mdata->key_len); 1684 if (strcmp(keyword, "IV") == 0) 1685 return parse_bin(value, &mdata->iv, &mdata->iv_len); 1686 if (strcmp(keyword, "Custom") == 0) 1687 return parse_bin(value, &mdata->custom, &mdata->custom_len); 1688 if (strcmp(keyword, "Salt") == 0) 1689 return parse_bin(value, &mdata->salt, &mdata->salt_len); 1690 if (strcmp(keyword, "Algorithm") == 0) { 1691 mdata->alg = OPENSSL_strdup(value); 1692 if (mdata->alg == NULL) 1693 return -1; 1694 return 1; 1695 } 1696 if (strcmp(keyword, "Input") == 0) 1697 return parse_bin(value, &mdata->input, &mdata->input_len); 1698 if (strcmp(keyword, "Output") == 0) 1699 return parse_bin(value, &mdata->output, &mdata->output_len); 1700 if (strcmp(keyword, "XOF") == 0) 1701 return mdata->xof = 1; 1702 if (strcmp(keyword, "NoReinit") == 0) 1703 return mdata->no_reinit = 1; 1704 if (strcmp(keyword, "Ctrl") == 0) 1705 return ctrladd(mdata->controls, value); 1706 if (strcmp(keyword, "OutputSize") == 0) { 1707 mdata->output_size = atoi(value); 1708 if (mdata->output_size < 0) 1709 return -1; 1710 return 1; 1711 } 1712 if (strcmp(keyword, "BlockSize") == 0) { 1713 mdata->block_size = atoi(value); 1714 if (mdata->block_size < 0) 1715 return -1; 1716 return 1; 1717 } 1718 return 0; 1719 } 1720 1721 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, 1722 const char *value) 1723 { 1724 int rv = 0; 1725 char *p, *tmpval; 1726 1727 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 1728 return 0; 1729 p = strchr(tmpval, ':'); 1730 if (p != NULL) { 1731 *p++ = '\0'; 1732 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 1733 } 1734 if (rv == -2) 1735 t->err = "PKEY_CTRL_INVALID"; 1736 else if (rv <= 0) 1737 t->err = "PKEY_CTRL_ERROR"; 1738 else 1739 rv = 1; 1740 OPENSSL_free(tmpval); 1741 return rv > 0; 1742 } 1743 1744 static int mac_test_run_pkey(EVP_TEST *t) 1745 { 1746 MAC_DATA *expected = t->data; 1747 EVP_MD_CTX *mctx = NULL; 1748 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; 1749 EVP_PKEY *key = NULL; 1750 const char *mdname = NULL; 1751 EVP_CIPHER *cipher = NULL; 1752 unsigned char *got = NULL; 1753 size_t got_len; 1754 int i; 1755 size_t input_len, donelen; 1756 1757 /* We don't do XOF mode via PKEY */ 1758 if (expected->xof) 1759 return 1; 1760 1761 if (expected->alg == NULL) 1762 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type)); 1763 else 1764 TEST_info("Trying the EVP_PKEY %s test with %s", 1765 OBJ_nid2sn(expected->type), expected->alg); 1766 1767 if (expected->type == EVP_PKEY_CMAC) { 1768 #ifdef OPENSSL_NO_DEPRECATED_3_0 1769 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg); 1770 t->skip = 1; 1771 t->err = NULL; 1772 goto err; 1773 #else 1774 OSSL_LIB_CTX *tmpctx; 1775 1776 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) { 1777 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg); 1778 t->skip = 1; 1779 t->err = NULL; 1780 goto err; 1781 } 1782 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) { 1783 t->err = "MAC_KEY_CREATE_ERROR"; 1784 goto err; 1785 } 1786 tmpctx = OSSL_LIB_CTX_set0_default(libctx); 1787 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, 1788 cipher); 1789 OSSL_LIB_CTX_set0_default(tmpctx); 1790 #endif 1791 } else { 1792 key = EVP_PKEY_new_raw_private_key_ex(libctx, 1793 OBJ_nid2sn(expected->type), NULL, 1794 expected->key, expected->key_len); 1795 } 1796 if (key == NULL) { 1797 t->err = "MAC_KEY_CREATE_ERROR"; 1798 goto err; 1799 } 1800 1801 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) { 1802 if (is_digest_disabled(expected->alg)) { 1803 TEST_info("skipping, HMAC '%s' is disabled", expected->alg); 1804 t->skip = 1; 1805 t->err = NULL; 1806 goto err; 1807 } 1808 mdname = expected->alg; 1809 } 1810 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) { 1811 t->err = "INTERNAL_ERROR"; 1812 goto err; 1813 } 1814 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) { 1815 t->err = "DIGESTSIGNINIT_ERROR"; 1816 goto err; 1817 } 1818 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) 1819 if (!mac_test_ctrl_pkey(t, pctx, 1820 sk_OPENSSL_STRING_value(expected->controls, 1821 i))) { 1822 t->err = "EVPPKEYCTXCTRL_ERROR"; 1823 goto err; 1824 } 1825 input_len = expected->input_len; 1826 donelen = 0; 1827 do { 1828 size_t current_len = (size_t) data_chunk_size; 1829 1830 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) 1831 current_len = input_len; 1832 if (!EVP_DigestSignUpdate(mctx, expected->input + donelen, current_len)) { 1833 t->err = "DIGESTSIGNUPDATE_ERROR"; 1834 goto err; 1835 } 1836 donelen += current_len; 1837 input_len -= current_len; 1838 } while (input_len > 0); 1839 1840 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) { 1841 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 1842 goto err; 1843 } 1844 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1845 t->err = "TEST_FAILURE"; 1846 goto err; 1847 } 1848 if (!EVP_DigestSignFinal(mctx, got, &got_len) 1849 || !memory_err_compare(t, "TEST_MAC_ERR", 1850 expected->output, expected->output_len, 1851 got, got_len)) { 1852 t->err = "TEST_MAC_ERR"; 1853 goto err; 1854 } 1855 t->err = NULL; 1856 err: 1857 EVP_CIPHER_free(cipher); 1858 EVP_MD_CTX_free(mctx); 1859 OPENSSL_free(got); 1860 EVP_PKEY_CTX_free(genctx); 1861 EVP_PKEY_free(key); 1862 return 1; 1863 } 1864 1865 static int mac_test_run_mac(EVP_TEST *t) 1866 { 1867 MAC_DATA *expected = t->data; 1868 EVP_MAC_CTX *ctx = NULL; 1869 unsigned char *got = NULL; 1870 size_t got_len = 0, size = 0; 1871 size_t size_before_init = 0, size_after_init, size_val = 0; 1872 int block_size = -1, output_size = -1; 1873 OSSL_PARAM params[21], sizes[3], *psizes = sizes, *p; 1874 size_t params_n = 0; 1875 size_t params_n_allocstart = 0; 1876 const OSSL_PARAM *defined_params = 1877 EVP_MAC_settable_ctx_params(expected->mac); 1878 int xof; 1879 int reinit = 1; 1880 size_t input_len, donelen ; 1881 1882 if (expected->alg == NULL) 1883 TEST_info("Trying the EVP_MAC %s test", expected->mac_name); 1884 else 1885 TEST_info("Trying the EVP_MAC %s test with %s", 1886 expected->mac_name, expected->alg); 1887 1888 if (expected->alg != NULL) { 1889 int skip = 0; 1890 1891 /* 1892 * The underlying algorithm may be a cipher or a digest. 1893 * We don't know which it is, but we can ask the MAC what it 1894 * should be and bet on that. 1895 */ 1896 if (OSSL_PARAM_locate_const(defined_params, 1897 OSSL_MAC_PARAM_CIPHER) != NULL) { 1898 if (is_cipher_disabled(expected->alg)) 1899 skip = 1; 1900 else 1901 params[params_n++] = 1902 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, 1903 expected->alg, 0); 1904 } else if (OSSL_PARAM_locate_const(defined_params, 1905 OSSL_MAC_PARAM_DIGEST) != NULL) { 1906 if (is_digest_disabled(expected->alg)) 1907 skip = 1; 1908 else 1909 params[params_n++] = 1910 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, 1911 expected->alg, 0); 1912 } else { 1913 t->err = "MAC_BAD_PARAMS"; 1914 goto err; 1915 } 1916 if (skip) { 1917 TEST_info("skipping, algorithm '%s' is disabled", expected->alg); 1918 t->skip = 1; 1919 t->err = NULL; 1920 goto err; 1921 } 1922 } 1923 if (expected->custom != NULL) 1924 params[params_n++] = 1925 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, 1926 expected->custom, 1927 expected->custom_len); 1928 if (expected->salt != NULL) 1929 params[params_n++] = 1930 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT, 1931 expected->salt, 1932 expected->salt_len); 1933 if (expected->iv != NULL) 1934 params[params_n++] = 1935 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, 1936 expected->iv, 1937 expected->iv_len); 1938 1939 params_n_allocstart = params_n; 1940 if (!ctrl2params(t, expected->controls, defined_params, 1941 params, OSSL_NELEM(params), ¶ms_n)) 1942 goto err; 1943 1944 p = OSSL_PARAM_locate(params + params_n_allocstart, "size"); 1945 if (p != NULL) { 1946 if (!OSSL_PARAM_get_size_t(p, &size_val)) 1947 goto err; 1948 } 1949 1950 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { 1951 t->err = "MAC_CREATE_ERROR"; 1952 goto err; 1953 } 1954 if (fips_provider_version_gt(libctx, 3, 2, 0)) { 1955 /* HMAC will put an error on the stack here (digest is not set yet) */ 1956 ERR_set_mark(); 1957 size_before_init = EVP_MAC_CTX_get_mac_size(ctx); 1958 ERR_pop_to_mark(); 1959 } 1960 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) { 1961 t->err = "MAC_INIT_ERROR"; 1962 goto err; 1963 } 1964 size_after_init = EVP_MAC_CTX_get_mac_size(ctx); 1965 if (!TEST_false(size_before_init == 0 && size_after_init == 0)) { 1966 t->err = "MAC SIZE not set"; 1967 goto err; 1968 } 1969 if (size_before_init != 0) { 1970 /* mac-size not modified by init params */ 1971 if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) { 1972 t->err = "MAC SIZE check failed"; 1973 goto err; 1974 } 1975 /* mac-size modified by init params */ 1976 if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) { 1977 t->err = "MAC SIZE check failed"; 1978 goto err; 1979 } 1980 } 1981 if (expected->output_size >= 0) 1982 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, 1983 &output_size); 1984 if (expected->block_size >= 0) 1985 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE, 1986 &block_size); 1987 if (psizes != sizes) { 1988 *psizes = OSSL_PARAM_construct_end(); 1989 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) { 1990 t->err = "INTERNAL_ERROR"; 1991 goto err; 1992 } 1993 if (expected->output_size >= 0 1994 && !TEST_int_eq(output_size, expected->output_size)) { 1995 t->err = "TEST_FAILURE"; 1996 goto err; 1997 } 1998 if (expected->block_size >= 0 1999 && !TEST_int_eq(block_size, expected->block_size)) { 2000 t->err = "TEST_FAILURE"; 2001 goto err; 2002 } 2003 } 2004 retry: 2005 input_len = expected->input_len; 2006 donelen = 0; 2007 do { 2008 size_t current_len = (size_t) data_chunk_size; 2009 2010 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) 2011 current_len = input_len; 2012 if (!EVP_MAC_update(ctx, expected->input + donelen, current_len)) { 2013 t->err = "MAC_UPDATE_ERROR"; 2014 goto err; 2015 } 2016 donelen += current_len; 2017 input_len -= current_len; 2018 } while (input_len > 0); 2019 2020 xof = expected->xof; 2021 if (xof) { 2022 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) { 2023 t->err = "TEST_FAILURE"; 2024 goto err; 2025 } 2026 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len) 2027 || !memory_err_compare(t, "TEST_MAC_ERR", 2028 expected->output, expected->output_len, 2029 got, expected->output_len)) { 2030 t->err = "MAC_FINAL_ERROR"; 2031 goto err; 2032 } 2033 } else { 2034 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) { 2035 t->err = "MAC_FINAL_LENGTH_ERROR"; 2036 goto err; 2037 } 2038 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 2039 t->err = "TEST_FAILURE"; 2040 goto err; 2041 } 2042 if (!EVP_MAC_final(ctx, got, &got_len, got_len) 2043 || !memory_err_compare(t, "TEST_MAC_ERR", 2044 expected->output, expected->output_len, 2045 got, got_len)) { 2046 t->err = "TEST_MAC_ERR"; 2047 goto err; 2048 } 2049 if (!mac_check_fips_approved(ctx, t)) 2050 goto err; 2051 } 2052 /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */ 2053 if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) { 2054 OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2055 int ret; 2056 2057 /* If the MAC uses IV, we have to set it again */ 2058 if (expected->iv != NULL) { 2059 ivparams[0] = 2060 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, 2061 expected->iv, 2062 expected->iv_len); 2063 ivparams[1] = OSSL_PARAM_construct_end(); 2064 } 2065 ERR_set_mark(); 2066 ret = EVP_MAC_init(ctx, NULL, 0, ivparams); 2067 if (expected->no_reinit) { 2068 if (ret) { 2069 ERR_clear_last_mark(); 2070 t->err = "MAC_REINIT_SHOULD_FAIL"; 2071 goto err; 2072 } 2073 } else if (ret) { 2074 ERR_clear_last_mark(); 2075 OPENSSL_free(got); 2076 got = NULL; 2077 goto retry; 2078 } else { 2079 ERR_clear_last_mark(); 2080 t->err = "MAC_REINIT_ERROR"; 2081 goto err; 2082 } 2083 /* If reinitialization fails, it is unsupported by the algorithm */ 2084 ERR_pop_to_mark(); 2085 } 2086 t->err = NULL; 2087 2088 /* Test the EVP_Q_mac interface as well */ 2089 if (!xof) { 2090 OPENSSL_cleanse(got, got_len); 2091 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL, 2092 expected->alg, params, 2093 expected->key, expected->key_len, 2094 expected->input, expected->input_len, 2095 got, got_len, &size)) 2096 || !TEST_mem_eq(got, size, 2097 expected->output, expected->output_len)) { 2098 t->err = "EVP_Q_mac failed"; 2099 goto err; 2100 } 2101 } 2102 err: 2103 ctrl2params_free(params, params_n, params_n_allocstart); 2104 EVP_MAC_CTX_free(ctx); 2105 OPENSSL_free(got); 2106 return 1; 2107 } 2108 2109 static int mac_test_run(EVP_TEST *t) 2110 { 2111 MAC_DATA *expected = t->data; 2112 2113 if (expected->mac != NULL) 2114 return mac_test_run_mac(t); 2115 return mac_test_run_pkey(t); 2116 } 2117 2118 static const EVP_TEST_METHOD mac_test_method = { 2119 "MAC", 2120 mac_test_init, 2121 mac_test_cleanup, 2122 mac_test_parse, 2123 mac_test_run 2124 }; 2125 2126 typedef struct kem_data_st { 2127 /* Context for this operation */ 2128 EVP_PKEY_CTX *ctx; 2129 const char *op; 2130 /* Input to decapsulate */ 2131 unsigned char *input; 2132 size_t inputlen; 2133 /* Expected secret */ 2134 unsigned char *output; 2135 size_t outputlen; 2136 STACK_OF(OPENSSL_STRING) *init_ctrls; 2137 /* Algorithm name */ 2138 char *algname; 2139 /* Name of previously generated key */ 2140 char *keyname; 2141 /* Encoded public key */ 2142 unsigned char *encoded_pub_key; 2143 size_t encoded_pub_key_len; 2144 /* Encoded private key */ 2145 unsigned char *encoded_priv_key; 2146 size_t encoded_priv_key_len; 2147 /* Entropy for encapsulation */ 2148 unsigned char *entropy; 2149 size_t entropylen; 2150 /* Ciphertext */ 2151 unsigned char *ciphertext; 2152 size_t ciphertext_len; 2153 } KEM_DATA; 2154 2155 static int kem_test_init(EVP_TEST *t, const char *alg) 2156 { 2157 KEM_DATA *kdata = NULL; 2158 EVP_PKEY *pkey = NULL; 2159 2160 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))) 2161 || !TEST_ptr(kdata->algname = OPENSSL_strdup(alg))) 2162 goto err; 2163 2164 kdata->init_ctrls = sk_OPENSSL_STRING_new_null(); 2165 t->data = kdata; 2166 return 1; 2167 err: 2168 EVP_PKEY_free(pkey); 2169 OPENSSL_free(kdata); 2170 return 0; 2171 } 2172 2173 static void kem_test_cleanup(EVP_TEST *t) 2174 { 2175 KEM_DATA *kdata = t->data; 2176 2177 ctrlfree(kdata->init_ctrls); 2178 OPENSSL_free(kdata->input); 2179 OPENSSL_free(kdata->output); 2180 OPENSSL_free(kdata->algname); 2181 OPENSSL_free(kdata->keyname); 2182 OPENSSL_free(kdata->encoded_pub_key); 2183 OPENSSL_free(kdata->encoded_priv_key); 2184 OPENSSL_free(kdata->entropy); 2185 OPENSSL_free(kdata->ciphertext); 2186 EVP_PKEY_CTX_free(kdata->ctx); 2187 } 2188 2189 static int kem_test_parse(EVP_TEST *t, const char *keyword, const char *value) 2190 { 2191 KEM_DATA *kdata = t->data; 2192 2193 if (strcmp(keyword, "Op") == 0) { 2194 kdata->op = value; 2195 return 1; 2196 } 2197 if (strcmp(keyword, "CtrlInit") == 0) 2198 return ctrladd(kdata->init_ctrls, value); 2199 if (strcmp(keyword, "Input") == 0) 2200 return parse_bin(value, &kdata->input, &kdata->inputlen); 2201 if (strcmp(keyword, "Output") == 0) 2202 return parse_bin(value, &kdata->output, &kdata->outputlen); 2203 if (strcmp(keyword, "EncodedPublicKey") == 0) 2204 return parse_bin(value, &kdata->encoded_pub_key, 2205 &kdata->encoded_pub_key_len); 2206 if (strcmp(keyword, "EncodedPrivateKey") == 0) 2207 return parse_bin(value, &kdata->encoded_priv_key, 2208 &kdata->encoded_priv_key_len); 2209 if (strcmp(keyword, "Entropy") == 0) 2210 return parse_bin(value, &kdata->entropy, &kdata->entropylen); 2211 if (strcmp(keyword, "Ciphertext") == 0) 2212 return parse_bin(value, &kdata->ciphertext, &kdata->ciphertext_len); 2213 if (strcmp(keyword, "KeyName") == 0) 2214 return TEST_ptr(kdata->keyname = OPENSSL_strdup(value)); 2215 return 1; 2216 } 2217 2218 static int encapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op, 2219 unsigned char **outwrapped, size_t *outwrappedlen, 2220 unsigned char **outsecret, size_t *outsecretlen) 2221 { 2222 int ret = 0; 2223 KEM_DATA *kdata = t->data; 2224 unsigned char *wrapped = NULL, *secret = NULL; 2225 size_t wrappedlen = 0, secretlen = 0; 2226 OSSL_PARAM params[10]; 2227 size_t params_n = 0; 2228 /* Reserve space for the terminator and possibly IKME */ 2229 const size_t params_max = OSSL_NELEM(params) - 1 - (kdata->entropy != NULL); 2230 2231 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) 2232 if (!ctrl2params(t, kdata->init_ctrls, NULL, params, params_max, 2233 ¶ms_n)) 2234 goto err; 2235 2236 /* We don't expect very many controls here */ 2237 if (!TEST_size_t_lt(params_n, params_max)) 2238 goto err; 2239 2240 if (kdata->entropy != NULL) 2241 /* Input key material a.k.a entropy */ 2242 params[params_n++] = 2243 OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME, 2244 kdata->entropy, 2245 kdata->entropylen); 2246 params[params_n] = OSSL_PARAM_construct_end(); 2247 2248 if (EVP_PKEY_encapsulate_init(ctx, params) <= 0) { 2249 t->err = "TEST_ENCAPSULATE_INIT_ERROR"; 2250 goto ok; 2251 } 2252 2253 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) { 2254 t->err = "TEST_SET_KEM_OP_ERROR"; 2255 goto ok; 2256 } 2257 if (EVP_PKEY_encapsulate(ctx, NULL, &wrappedlen, NULL, &secretlen) <= 0) { 2258 t->err = "TEST_ENCAPSULATE_LEN_ERROR"; 2259 goto ok; 2260 } 2261 wrapped = OPENSSL_malloc(wrappedlen); 2262 secret = OPENSSL_malloc(secretlen); 2263 if (!TEST_ptr(wrapped) || !TEST_ptr(secret)) { 2264 ret = 0; 2265 goto err; 2266 } 2267 if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0) { 2268 t->err = "TEST_ENCAPSULATE_ERROR"; 2269 goto ok; 2270 } 2271 ret = pkey_check_fips_approved(ctx, t); 2272 2273 if (kdata->ciphertext != NULL 2274 && !TEST_mem_eq(wrapped, wrappedlen, kdata->ciphertext, kdata->ciphertext_len)) { 2275 ret = 0; 2276 goto err; 2277 } 2278 2279 if (kdata->output != NULL 2280 && !TEST_mem_eq(secret, secretlen, kdata->output, kdata->outputlen)) { 2281 ret = 0; 2282 goto err; 2283 } 2284 2285 if (ret == 0) 2286 goto err; 2287 2288 t->err = NULL; 2289 *outwrapped = wrapped; 2290 *outsecret = secret; 2291 *outwrappedlen = wrappedlen; 2292 *outsecretlen = secretlen; 2293 ok: 2294 ret = 1; 2295 err: 2296 if (ret == 0) { 2297 OPENSSL_free(wrapped); 2298 OPENSSL_free(secret); 2299 } 2300 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) 2301 ctrl2params_free(params, params_n, 0); 2302 return ret; 2303 } 2304 2305 static int decapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op, 2306 const unsigned char *in, size_t inlen, 2307 const unsigned char *expected, size_t expectedlen) 2308 { 2309 int ret = 0; 2310 KEM_DATA *kdata = t->data; 2311 size_t outlen = 0; 2312 unsigned char *out = NULL; 2313 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 2314 OSSL_PARAM *p = NULL; 2315 size_t params_n = 0, params_n_allocated = 0; 2316 2317 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) { 2318 if (!ctrl2params(t, kdata->init_ctrls, NULL, 2319 params, 2, ¶ms_n)) 2320 goto err; 2321 p = params; 2322 } 2323 2324 if (EVP_PKEY_decapsulate_init(ctx, p) <= 0) { 2325 t->err = "TEST_DECAPSULATE_INIT_ERROR"; 2326 goto ok; 2327 } 2328 2329 if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) { 2330 t->err = "TEST_SET_KEM_OP_ERROR"; 2331 goto ok; 2332 } 2333 if (EVP_PKEY_decapsulate(ctx, NULL, &outlen, in, inlen) <= 0) { 2334 t->err = "TEST_DECAPSULATE_LEN_ERROR"; 2335 goto ok; 2336 } 2337 if (!TEST_ptr(out = OPENSSL_malloc(outlen))) { 2338 ret = 0; 2339 goto err; 2340 } 2341 2342 if (EVP_PKEY_decapsulate(ctx, out, &outlen, in, inlen) <= 0) { 2343 t->err = "TEST_DECAPSULATE_ERROR"; 2344 goto err; 2345 } 2346 if (!TEST_mem_eq(out, outlen, expected, expectedlen)) { 2347 t->err = "TEST_SECRET_MISMATCH"; 2348 goto ok; 2349 } 2350 t->err = NULL; 2351 ok: 2352 ret = 1; 2353 err: 2354 OPENSSL_free(out); 2355 if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) 2356 ctrl2params_free(params, params_n, params_n_allocated); 2357 return ret; 2358 } 2359 2360 static int kem_test_run(EVP_TEST *t) 2361 { 2362 int ret = 0, found_key = 0; 2363 EVP_PKEY *pkey = NULL; 2364 KEM_DATA *kdata = t->data; 2365 unsigned char *wrapped = NULL, *secret = NULL; 2366 2367 /* Generate either public or private key based on given params */ 2368 if (kdata->keyname != NULL) { 2369 /* Previously generated private key */ 2370 found_key = find_key(&pkey, kdata->keyname, private_keys); 2371 if (found_key == 0 || pkey == NULL) { 2372 TEST_info("skipping, key '%s' is disabled", kdata->keyname); 2373 t->skip = 1; 2374 goto ok; 2375 } 2376 } else if (kdata->encoded_pub_key != NULL) { 2377 /* Encoded public key */ 2378 if ((pkey = EVP_PKEY_new_raw_public_key_ex(libctx, kdata->algname, 2379 propquery, 2380 kdata->encoded_pub_key, 2381 kdata->encoded_pub_key_len)) == NULL) { 2382 t->err = "TEST_PARSE_PUBLIC_KEY_ERROR"; 2383 goto ok; 2384 } 2385 } else if (kdata->encoded_priv_key != NULL) { 2386 /* Encoded private key */ 2387 if ((pkey = EVP_PKEY_new_raw_private_key_ex(libctx, kdata->algname, 2388 propquery, 2389 kdata->encoded_priv_key, 2390 kdata->encoded_priv_key_len)) == NULL) { 2391 t->err = "TEST_PARSE_PRIVATE_KEY_ERROR"; 2392 goto ok; 2393 } 2394 } else { 2395 TEST_info("Missing parameters to create key"); 2396 goto err; 2397 } 2398 2399 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) 2400 goto err; 2401 2402 if (kdata->input == NULL) { 2403 size_t wrappedlen = 0, secretlen = 0; 2404 2405 ret = encapsulate(t, kdata->ctx, kdata->op, &wrapped, &wrappedlen, 2406 &secret, &secretlen); 2407 if (ret == 0 || t->err != NULL) 2408 goto err; 2409 2410 /* Also attempt to decrypt if we have the private key */ 2411 if (found_key || kdata->encoded_priv_key != NULL) 2412 ret = decapsulate(t, kdata->ctx, kdata->op, wrapped, wrappedlen, 2413 secret, secretlen); 2414 } else { 2415 ret = decapsulate(t, kdata->ctx, kdata->op, kdata->input, kdata->inputlen, 2416 kdata->output, kdata->outputlen); 2417 } 2418 2419 ok: 2420 ret = 1; 2421 err: 2422 if (!found_key) 2423 EVP_PKEY_free(pkey); 2424 OPENSSL_free(wrapped); 2425 OPENSSL_free(secret); 2426 return ret; 2427 } 2428 2429 static const EVP_TEST_METHOD pkey_kem_test_method = { 2430 "Kem", 2431 kem_test_init, 2432 kem_test_cleanup, 2433 kem_test_parse, 2434 kem_test_run 2435 }; 2436 2437 /** 2438 ** PUBLIC KEY TESTS 2439 ** These are all very similar and share much common code. 2440 **/ 2441 2442 typedef struct pkey_data_st { 2443 /* Context for this operation */ 2444 EVP_PKEY_CTX *ctx; 2445 /* Signature algo for such operations */ 2446 EVP_SIGNATURE *sigalgo; 2447 /* Key operation to perform */ 2448 int (*keyopinit) (EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); 2449 int (*keyopinit_ex2) (EVP_PKEY_CTX *ctx, EVP_SIGNATURE *algo, 2450 const OSSL_PARAM params[]); 2451 int (*keyop) (EVP_PKEY_CTX *ctx, 2452 unsigned char *sig, size_t *siglen, 2453 const unsigned char *tbs, size_t tbslen); 2454 /* Input to MAC */ 2455 unsigned char *input; 2456 size_t input_len; 2457 /* Expected output */ 2458 unsigned char *output; 2459 size_t output_len; 2460 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 2461 STACK_OF(OPENSSL_STRING) *controls; /* collection of controls */ 2462 EVP_PKEY *peer; 2463 int validate; 2464 } PKEY_DATA; 2465 2466 /* 2467 * Perform public key operation setup: lookup key, allocated ctx and call 2468 * the appropriate initialisation function 2469 */ 2470 static int pkey_test_init_keyctx(EVP_TEST *t, const char *keyname, 2471 int use_public) 2472 { 2473 PKEY_DATA *kdata; 2474 EVP_PKEY *pkey = NULL; 2475 int rv = 0; 2476 2477 if (use_public) 2478 rv = find_key(&pkey, keyname, public_keys); 2479 if (rv == 0) 2480 rv = find_key(&pkey, keyname, private_keys); 2481 if (rv == 0 || pkey == NULL) { 2482 TEST_info("skipping, key '%s' is disabled", keyname); 2483 t->skip = 1; 2484 return 1; 2485 } 2486 2487 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) { 2488 EVP_PKEY_free(pkey); 2489 return 0; 2490 } 2491 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) { 2492 EVP_PKEY_free(pkey); 2493 OPENSSL_free(kdata); 2494 return 0; 2495 } 2496 t->data = kdata; 2497 return 1; 2498 } 2499 2500 static int pkey_test_init(EVP_TEST *t, const char *name, 2501 int use_public, 2502 int (*keyopinit) (EVP_PKEY_CTX *ctx, 2503 const OSSL_PARAM params[]), 2504 int (*keyop)(EVP_PKEY_CTX *ctx, 2505 unsigned char *sig, size_t *siglen, 2506 const unsigned char *tbs, 2507 size_t tbslen)) 2508 { 2509 PKEY_DATA *kdata = NULL; 2510 int rv = 0; 2511 2512 rv = pkey_test_init_keyctx(t, name, use_public); 2513 if (t->skip || !rv) 2514 return rv; 2515 kdata = t->data; 2516 kdata->keyopinit = keyopinit; 2517 kdata->keyop = keyop; 2518 kdata->init_controls = sk_OPENSSL_STRING_new_null(); 2519 kdata->controls = sk_OPENSSL_STRING_new_null(); 2520 return 1; 2521 } 2522 2523 static int pkey_test_init_ex2(EVP_TEST *t, const char *name, 2524 int use_public, 2525 int (*keyopinit)(EVP_PKEY_CTX *ctx, 2526 EVP_SIGNATURE *algo, 2527 const OSSL_PARAM param[]), 2528 int (*keyop)(EVP_PKEY_CTX *ctx, 2529 unsigned char *sig, size_t *siglen, 2530 const unsigned char *tbs, 2531 size_t tbslen)) 2532 { 2533 PKEY_DATA *kdata = NULL; 2534 int rv = 0; 2535 char algoname[OSSL_MAX_NAME_SIZE + 1]; 2536 const char *p; 2537 2538 if ((p = strchr(name, ':')) == NULL 2539 || p == name || p[1] == '\0' || p - name > OSSL_MAX_NAME_SIZE) { 2540 TEST_info("Can't extract algorithm or key name from '%s'", name); 2541 return 0; 2542 } 2543 memcpy(algoname, name, p - name); 2544 algoname[p - name] = '\0'; 2545 2546 if (is_pkey_disabled(algoname)) { 2547 t->skip = 1; 2548 return 1; 2549 } 2550 2551 rv = pkey_test_init_keyctx(t, /* keyname */ p + 1, use_public); 2552 if (t->skip || !rv) 2553 return rv; 2554 kdata = t->data; 2555 kdata->keyopinit_ex2 = keyopinit; 2556 kdata->keyop = keyop; 2557 if (!TEST_ptr(kdata->sigalgo 2558 = EVP_SIGNATURE_fetch(libctx, algoname, propquery))) { 2559 TEST_info("algoname = '%s'", algoname); 2560 return 0; 2561 } 2562 kdata->init_controls = sk_OPENSSL_STRING_new_null(); 2563 kdata->controls = sk_OPENSSL_STRING_new_null(); 2564 return 1; 2565 } 2566 2567 static void pkey_test_cleanup(EVP_TEST *t) 2568 { 2569 PKEY_DATA *kdata = t->data; 2570 2571 ctrlfree(kdata->init_controls); 2572 ctrlfree(kdata->controls); 2573 OPENSSL_free(kdata->input); 2574 OPENSSL_free(kdata->output); 2575 EVP_PKEY_CTX_free(kdata->ctx); 2576 EVP_SIGNATURE_free(kdata->sigalgo); 2577 } 2578 2579 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, 2580 const char *value) 2581 { 2582 int rv = 0; 2583 char *p, *tmpval; 2584 2585 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 2586 return 0; 2587 p = strchr(tmpval, ':'); 2588 if (p != NULL) { 2589 *p++ = '\0'; 2590 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 2591 } 2592 if (rv == -2) { 2593 t->err = "PKEY_CTRL_INVALID"; 2594 rv = 1; 2595 } else if (p != NULL && rv <= 0) { 2596 if (is_digest_disabled(p) || is_cipher_disabled(p)) { 2597 TEST_info("skipping, '%s' is disabled", p); 2598 t->skip = 1; 2599 rv = 1; 2600 } else { 2601 t->err = "PKEY_CTRL_ERROR"; 2602 rv = 1; 2603 } 2604 } 2605 OPENSSL_free(tmpval); 2606 return rv > 0; 2607 } 2608 2609 static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls, 2610 const char *value) 2611 { 2612 char *p; 2613 2614 if (controls == NULL) 2615 return 0; 2616 2617 p = strchr(value, ':'); 2618 if (p == NULL) 2619 return 0; 2620 p++; 2621 if (is_digest_disabled(p) || is_cipher_disabled(p)) { 2622 TEST_info("skipping, '%s' is disabled", p); 2623 t->skip = 1; 2624 return 1; 2625 } 2626 2627 return ctrladd(controls, value) > 0; 2628 } 2629 2630 static int pkey_test_parse(EVP_TEST *t, 2631 const char *keyword, const char *value) 2632 { 2633 PKEY_DATA *kdata = t->data; 2634 if (strcmp(keyword, "Input") == 0) 2635 return parse_bin(value, &kdata->input, &kdata->input_len); 2636 if (strcmp(keyword, "Output") == 0) 2637 return parse_bin(value, &kdata->output, &kdata->output_len); 2638 if (strcmp(keyword, "CtrlInit") == 0) 2639 return ctrladd(kdata->init_controls, value); 2640 if (strcmp(keyword, "Ctrl") == 0) 2641 return pkey_add_control(t, kdata->controls, value); 2642 return 0; 2643 } 2644 2645 static int pkey_test_run_init(EVP_TEST *t) 2646 { 2647 PKEY_DATA *data = t->data; 2648 int i, ret = 0; 2649 OSSL_PARAM params[5] = { 2650 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, 2651 OSSL_PARAM_END, OSSL_PARAM_END 2652 }; 2653 OSSL_PARAM *p = NULL; 2654 size_t params_n = 0, params_n_allocstart = 0; 2655 2656 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) { 2657 if (!ctrl2params(t, data->init_controls, 2658 NULL, 2659 params, OSSL_NELEM(params), ¶ms_n)) 2660 goto err; 2661 p = params; 2662 } 2663 if (data->keyopinit != NULL) { 2664 if (data->keyopinit(data->ctx, p) <= 0) { 2665 t->err = "KEYOP_INIT_ERROR"; 2666 goto err; 2667 } 2668 } else if (data->keyopinit_ex2 != NULL) { 2669 if (data->keyopinit_ex2(data->ctx, data->sigalgo, p) <= 0) { 2670 t->err = "KEYOP_INIT_ERROR"; 2671 goto err; 2672 } 2673 } else { 2674 t->err = "KEYOP_INIT_ERROR"; 2675 goto err; 2676 } 2677 2678 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) { 2679 char *value = sk_OPENSSL_STRING_value(data->controls, i); 2680 2681 if (!pkey_test_ctrl(t, data->ctx, value) || t->err != NULL) 2682 goto err; 2683 } 2684 ret = 1; 2685 err: 2686 ctrl2params_free(params, params_n, params_n_allocstart); 2687 return ret; 2688 } 2689 2690 static int pkey_test_run(EVP_TEST *t) 2691 { 2692 PKEY_DATA *expected = t->data; 2693 unsigned char *got = NULL; 2694 size_t got_len; 2695 EVP_PKEY_CTX *copy = NULL; 2696 2697 if (!pkey_test_run_init(t)) 2698 goto err; 2699 2700 /* Make a copy of the EVP_PKEY context, for repeat use further down */ 2701 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { 2702 t->err = "INTERNAL_ERROR"; 2703 goto err; 2704 } 2705 2706 if (expected->keyop(expected->ctx, NULL, &got_len, 2707 expected->input, expected->input_len) <= 0 2708 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { 2709 t->err = "KEYOP_LENGTH_ERROR"; 2710 goto err; 2711 } 2712 if (expected->keyop(expected->ctx, got, &got_len, 2713 expected->input, expected->input_len) <= 0) { 2714 t->err = "KEYOP_ERROR"; 2715 goto err; 2716 } 2717 2718 if (!memory_err_compare(t, "KEYOP_MISMATCH", 2719 expected->output, expected->output_len, 2720 got, got_len)) 2721 goto err; 2722 2723 t->err = NULL; 2724 OPENSSL_free(got); 2725 got = NULL; 2726 2727 /* Repeat the test on the EVP_PKEY context copy. */ 2728 if (expected->keyop(copy, NULL, &got_len, expected->input, 2729 expected->input_len) <= 0 2730 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { 2731 t->err = "KEYOP_LENGTH_ERROR"; 2732 goto err; 2733 } 2734 if (expected->keyop(copy, got, &got_len, expected->input, 2735 expected->input_len) <= 0) { 2736 t->err = "KEYOP_ERROR"; 2737 goto err; 2738 } 2739 if (!memory_err_compare(t, "KEYOP_MISMATCH", 2740 expected->output, expected->output_len, 2741 got, got_len)) 2742 goto err; 2743 2744 if (pkey_check_fips_approved(expected->ctx, t) <= 0) 2745 goto err; 2746 2747 err: 2748 OPENSSL_free(got); 2749 EVP_PKEY_CTX_free(copy); 2750 return 1; 2751 } 2752 2753 static int pkey_fromdata_test_init(EVP_TEST *t, const char *name) 2754 { 2755 PKEY_DATA *kdata = NULL; 2756 2757 if (is_pkey_disabled(name)) { 2758 TEST_info("skipping, '%s' is disabled", name); 2759 t->skip = 1; 2760 return 1; 2761 } 2762 2763 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 2764 return 0; 2765 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, ""); 2766 if (kdata->ctx == NULL) 2767 goto err; 2768 if (EVP_PKEY_fromdata_init(kdata->ctx) <= 0) 2769 goto err; 2770 kdata->controls = sk_OPENSSL_STRING_new_null(); 2771 if (kdata->controls == NULL) 2772 goto err; 2773 t->data = kdata; 2774 return 1; 2775 err: 2776 EVP_PKEY_CTX_free(kdata->ctx); 2777 OPENSSL_free(kdata); 2778 return 0; 2779 } 2780 2781 static void pkey_fromdata_test_cleanup(EVP_TEST *t) 2782 { 2783 PKEY_DATA *kdata = t->data; 2784 2785 ctrlfree(kdata->controls); 2786 EVP_PKEY_CTX_free(kdata->ctx); 2787 } 2788 2789 static int pkey_fromdata_test_parse(EVP_TEST *t, 2790 const char *keyword, const char *value) 2791 { 2792 PKEY_DATA *kdata = t->data; 2793 2794 if (strcmp(keyword, "Ctrl") == 0) 2795 return pkey_add_control(t, kdata->controls, value); 2796 return 0; 2797 } 2798 2799 static int pkey_fromdata_test_run(EVP_TEST *t) 2800 { 2801 EVP_PKEY *key = NULL; 2802 PKEY_DATA *kdata = t->data; 2803 int ret = 0; 2804 static const OSSL_PARAM key_settable_ctx_params[] = { 2805 OSSL_PARAM_octet_string("priv", NULL, 0), 2806 OSSL_PARAM_octet_string("pub", NULL, 0), 2807 OSSL_PARAM_END 2808 }; 2809 OSSL_PARAM params[5] = { 2810 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, 2811 OSSL_PARAM_END, OSSL_PARAM_END 2812 }; 2813 OSSL_PARAM *p = NULL; 2814 size_t params_n = 0, params_n_allocstart = 0; 2815 2816 if (sk_OPENSSL_STRING_num(kdata->controls) > 0) { 2817 if (!ctrl2params(t, kdata->controls, key_settable_ctx_params, 2818 params, OSSL_NELEM(params), ¶ms_n)) 2819 goto err; 2820 p = params; 2821 } 2822 2823 ret = 1; 2824 if (EVP_PKEY_fromdata(kdata->ctx, &key, EVP_PKEY_KEYPAIR, p) <= 0) { 2825 t->err = "KEY_FROMDATA_ERROR"; 2826 goto err; 2827 } 2828 err: 2829 ctrl2params_free(params, params_n, params_n_allocstart); 2830 EVP_PKEY_free(key); 2831 return ret; 2832 } 2833 2834 static const EVP_TEST_METHOD pkey_fromdata_test_method = { 2835 "KeyFromData", 2836 pkey_fromdata_test_init, 2837 pkey_fromdata_test_cleanup, 2838 pkey_fromdata_test_parse, 2839 pkey_fromdata_test_run 2840 }; 2841 2842 /* 2843 * "Sign" implies EVP_PKEY_sign_init_ex2() if the argument is a colon-separated 2844 * pair, {algorithm}:{key}. If not, it implies EVP_PKEY_sign_init_ex() 2845 */ 2846 static int sign_test_init(EVP_TEST *t, const char *name) 2847 { 2848 if (strchr(name, ':') != NULL) 2849 return pkey_test_init_ex2(t, name, 0, 2850 EVP_PKEY_sign_init_ex2, EVP_PKEY_sign); 2851 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init_ex, EVP_PKEY_sign); 2852 } 2853 2854 static const EVP_TEST_METHOD psign_test_method = { 2855 "Sign", 2856 sign_test_init, 2857 pkey_test_cleanup, 2858 pkey_test_parse, 2859 pkey_test_run 2860 }; 2861 2862 /* 2863 * "Sign-Message" is like "Sign", but uses EVP_PKEY_sign_message_init() 2864 * The argument must be a colon separated pair, {algorithm}:{key} 2865 */ 2866 static int sign_test_message_init(EVP_TEST *t, const char *name) 2867 { 2868 return pkey_test_init_ex2(t, name, 0, 2869 EVP_PKEY_sign_message_init, EVP_PKEY_sign); 2870 } 2871 2872 static const EVP_TEST_METHOD psign_message_test_method = { 2873 "Sign-Message", 2874 sign_test_message_init, 2875 pkey_test_cleanup, 2876 pkey_test_parse, 2877 pkey_test_run 2878 }; 2879 2880 /* 2881 * "VerifyRecover" implies EVP_PKEY_verify_recover_init_ex2() if the argument is a 2882 * colon-separated pair, {algorithm}:{key}. 2883 * If not, it implies EVP_PKEY_verify_recover_init_ex() 2884 */ 2885 static int verify_recover_test_init(EVP_TEST *t, const char *name) 2886 { 2887 if (strchr(name, ':') != NULL) 2888 return pkey_test_init_ex2(t, name, 1, 2889 EVP_PKEY_verify_recover_init_ex2, 2890 EVP_PKEY_verify_recover); 2891 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init_ex, 2892 EVP_PKEY_verify_recover); 2893 } 2894 2895 static const EVP_TEST_METHOD pverify_recover_test_method = { 2896 "VerifyRecover", 2897 verify_recover_test_init, 2898 pkey_test_cleanup, 2899 pkey_test_parse, 2900 pkey_test_run 2901 }; 2902 2903 static int decrypt_test_init(EVP_TEST *t, const char *name) 2904 { 2905 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init_ex, 2906 EVP_PKEY_decrypt); 2907 } 2908 2909 static const EVP_TEST_METHOD pdecrypt_test_method = { 2910 "Decrypt", 2911 decrypt_test_init, 2912 pkey_test_cleanup, 2913 pkey_test_parse, 2914 pkey_test_run 2915 }; 2916 2917 /* 2918 * "Verify" implies EVP_PKEY_verify_init_ex2() if the argument is a 2919 * colon-separated pair, {algorithm}:{key}. 2920 * If not, it implies EVP_PKEY_verify_init_ex() 2921 */ 2922 static int verify_test_init(EVP_TEST *t, const char *name) 2923 { 2924 if (strchr(name, ':') != NULL) 2925 return pkey_test_init_ex2(t, name, 1, 2926 EVP_PKEY_verify_init_ex2, NULL); 2927 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init_ex, NULL); 2928 } 2929 2930 static int verify_test_run(EVP_TEST *t) 2931 { 2932 int ret = 1; 2933 PKEY_DATA *kdata = t->data; 2934 2935 if (!pkey_test_run_init(t)) 2936 goto err; 2937 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, 2938 kdata->input, kdata->input_len) <= 0) { 2939 t->err = "VERIFY_ERROR"; 2940 goto err; 2941 } 2942 if (!pkey_check_fips_approved(kdata->ctx, t)) 2943 ret = 0; 2944 err: 2945 return ret; 2946 } 2947 2948 static const EVP_TEST_METHOD pverify_test_method = { 2949 "Verify", 2950 verify_test_init, 2951 pkey_test_cleanup, 2952 pkey_test_parse, 2953 verify_test_run 2954 }; 2955 2956 /* 2957 * "Verify-Message" is like "Verify", but uses EVP_PKEY_verify_message_init() 2958 * The argument must be a colon separated pair, {algorithm}:{key} 2959 */ 2960 static int verify_message_test_init(EVP_TEST *t, const char *name) 2961 { 2962 return pkey_test_init_ex2(t, name, 0, 2963 EVP_PKEY_verify_message_init, NULL); 2964 } 2965 2966 static const EVP_TEST_METHOD pverify_message_test_method = { 2967 "Verify-Message", 2968 verify_message_test_init, 2969 pkey_test_cleanup, 2970 pkey_test_parse, 2971 verify_test_run 2972 }; 2973 2974 /* 2975 * "Verify-Message-Public" is like "Verify-Message", but uses a public key 2976 * instead of a private key. 2977 * The argument must be a colon separated pair, {algorithm}:{key} 2978 */ 2979 static int verify_message_public_test_init(EVP_TEST *t, const char *name) 2980 { 2981 return pkey_test_init_ex2(t, name, 1, 2982 EVP_PKEY_verify_message_init, NULL); 2983 } 2984 2985 static const EVP_TEST_METHOD pverify_message_public_test_method = { 2986 "Verify-Message-Public", 2987 verify_message_public_test_init, 2988 pkey_test_cleanup, 2989 pkey_test_parse, 2990 verify_test_run 2991 }; 2992 2993 static int pderive_test_init(EVP_TEST *t, const char *name) 2994 { 2995 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init_ex, 0); 2996 } 2997 2998 static int pderive_test_parse(EVP_TEST *t, 2999 const char *keyword, const char *value) 3000 { 3001 PKEY_DATA *kdata = t->data; 3002 int validate = 0; 3003 3004 if (strcmp(keyword, "PeerKeyValidate") == 0) 3005 validate = 1; 3006 3007 if (validate || strcmp(keyword, "PeerKey") == 0) { 3008 EVP_PKEY *peer = NULL; 3009 3010 kdata->validate = validate; 3011 if (find_key(&peer, value, public_keys) == 0) 3012 return -1; 3013 kdata->peer = peer; 3014 return 1; 3015 } 3016 if (strcmp(keyword, "SharedSecret") == 0) 3017 return parse_bin(value, &kdata->output, &kdata->output_len); 3018 if (strcmp(keyword, "Ctrl") == 0) 3019 return pkey_add_control(t, kdata->controls, value); 3020 if (strcmp(keyword, "CtrlInit") == 0) 3021 return ctrladd(kdata->init_controls, value); 3022 return 0; 3023 } 3024 3025 static int pderive_test_run(EVP_TEST *t) 3026 { 3027 EVP_PKEY_CTX *dctx = NULL; 3028 PKEY_DATA *expected = t->data; 3029 unsigned char *got = NULL; 3030 size_t got_len; 3031 int ret = 1; 3032 3033 if (!pkey_test_run_init(t)) 3034 goto err; 3035 3036 t->err = NULL; 3037 if (EVP_PKEY_derive_set_peer_ex(expected->ctx, expected->peer, 3038 expected->validate) <= 0) { 3039 t->err = "DERIVE_SET_PEER_ERROR"; 3040 goto err; 3041 } 3042 3043 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) { 3044 t->err = "DERIVE_ERROR"; 3045 goto err; 3046 } 3047 3048 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0 3049 || !TEST_size_t_ne(got_len, 0)) { 3050 t->err = "DERIVE_ERROR"; 3051 goto err; 3052 } 3053 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 3054 t->err = "DERIVE_ERROR"; 3055 goto err; 3056 } 3057 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) { 3058 t->err = "DERIVE_ERROR"; 3059 goto err; 3060 } 3061 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH", 3062 expected->output, expected->output_len, 3063 got, got_len)) 3064 goto err; 3065 3066 if (!pkey_check_fips_approved(dctx, t)) { 3067 ret = 0; 3068 goto err; 3069 } 3070 t->err = NULL; 3071 err: 3072 OPENSSL_free(got); 3073 EVP_PKEY_CTX_free(dctx); 3074 return ret; 3075 } 3076 3077 static const EVP_TEST_METHOD pderive_test_method = { 3078 "Derive", 3079 pderive_test_init, 3080 pkey_test_cleanup, 3081 pderive_test_parse, 3082 pderive_test_run 3083 }; 3084 3085 /** 3086 ** PBE TESTS 3087 **/ 3088 3089 typedef enum pbe_type_enum { 3090 PBE_TYPE_INVALID = 0, 3091 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12 3092 } PBE_TYPE; 3093 3094 typedef struct pbe_data_st { 3095 PBE_TYPE pbe_type; 3096 /* scrypt parameters */ 3097 uint64_t N, r, p, maxmem; 3098 /* PKCS#12 parameters */ 3099 int id, iter; 3100 const EVP_MD *md; 3101 /* password */ 3102 unsigned char *pass; 3103 size_t pass_len; 3104 /* salt */ 3105 unsigned char *salt; 3106 size_t salt_len; 3107 /* Expected output */ 3108 unsigned char *key; 3109 size_t key_len; 3110 } PBE_DATA; 3111 3112 #ifndef OPENSSL_NO_SCRYPT 3113 /* Parse unsigned decimal 64 bit integer value */ 3114 static int parse_uint64(const char *value, uint64_t *pr) 3115 { 3116 const char *p = value; 3117 3118 if (!TEST_true(*p)) { 3119 TEST_info("Invalid empty integer value"); 3120 return -1; 3121 } 3122 for (*pr = 0; *p; ) { 3123 if (*pr > UINT64_MAX / 10) { 3124 TEST_error("Integer overflow in string %s", value); 3125 return -1; 3126 } 3127 *pr *= 10; 3128 if (!TEST_true(isdigit((unsigned char)*p))) { 3129 TEST_error("Invalid character in string %s", value); 3130 return -1; 3131 } 3132 *pr += *p - '0'; 3133 p++; 3134 } 3135 return 1; 3136 } 3137 3138 static int scrypt_test_parse(EVP_TEST *t, 3139 const char *keyword, const char *value) 3140 { 3141 PBE_DATA *pdata = t->data; 3142 3143 if (strcmp(keyword, "N") == 0) 3144 return parse_uint64(value, &pdata->N); 3145 if (strcmp(keyword, "p") == 0) 3146 return parse_uint64(value, &pdata->p); 3147 if (strcmp(keyword, "r") == 0) 3148 return parse_uint64(value, &pdata->r); 3149 if (strcmp(keyword, "maxmem") == 0) 3150 return parse_uint64(value, &pdata->maxmem); 3151 return 0; 3152 } 3153 #endif 3154 3155 static int pbkdf2_test_parse(EVP_TEST *t, 3156 const char *keyword, const char *value) 3157 { 3158 PBE_DATA *pdata = t->data; 3159 3160 if (strcmp(keyword, "iter") == 0) { 3161 pdata->iter = atoi(value); 3162 if (pdata->iter <= 0) 3163 return -1; 3164 return 1; 3165 } 3166 if (strcmp(keyword, "MD") == 0) { 3167 pdata->md = EVP_get_digestbyname(value); 3168 if (pdata->md == NULL) 3169 return -1; 3170 return 1; 3171 } 3172 return 0; 3173 } 3174 3175 static int pkcs12_test_parse(EVP_TEST *t, 3176 const char *keyword, const char *value) 3177 { 3178 PBE_DATA *pdata = t->data; 3179 3180 if (strcmp(keyword, "id") == 0) { 3181 pdata->id = atoi(value); 3182 if (pdata->id <= 0) 3183 return -1; 3184 return 1; 3185 } 3186 return pbkdf2_test_parse(t, keyword, value); 3187 } 3188 3189 static int pbe_test_init(EVP_TEST *t, const char *alg) 3190 { 3191 PBE_DATA *pdat; 3192 PBE_TYPE pbe_type = PBE_TYPE_INVALID; 3193 3194 if (is_kdf_disabled(alg)) { 3195 TEST_info("skipping, '%s' is disabled", alg); 3196 t->skip = 1; 3197 return 1; 3198 } 3199 if (strcmp(alg, "scrypt") == 0) { 3200 pbe_type = PBE_TYPE_SCRYPT; 3201 } else if (strcmp(alg, "pbkdf2") == 0) { 3202 pbe_type = PBE_TYPE_PBKDF2; 3203 } else if (strcmp(alg, "pkcs12") == 0) { 3204 pbe_type = PBE_TYPE_PKCS12; 3205 } else { 3206 TEST_error("Unknown pbe algorithm %s", alg); 3207 return 0; 3208 } 3209 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat)))) 3210 return 0; 3211 pdat->pbe_type = pbe_type; 3212 t->data = pdat; 3213 return 1; 3214 } 3215 3216 static void pbe_test_cleanup(EVP_TEST *t) 3217 { 3218 PBE_DATA *pdat = t->data; 3219 3220 OPENSSL_free(pdat->pass); 3221 OPENSSL_free(pdat->salt); 3222 OPENSSL_free(pdat->key); 3223 } 3224 3225 static int pbe_test_parse(EVP_TEST *t, 3226 const char *keyword, const char *value) 3227 { 3228 PBE_DATA *pdata = t->data; 3229 3230 if (strcmp(keyword, "Password") == 0) 3231 return parse_bin(value, &pdata->pass, &pdata->pass_len); 3232 if (strcmp(keyword, "Salt") == 0) 3233 return parse_bin(value, &pdata->salt, &pdata->salt_len); 3234 if (strcmp(keyword, "Key") == 0) 3235 return parse_bin(value, &pdata->key, &pdata->key_len); 3236 if (pdata->pbe_type == PBE_TYPE_PBKDF2) 3237 return pbkdf2_test_parse(t, keyword, value); 3238 else if (pdata->pbe_type == PBE_TYPE_PKCS12) 3239 return pkcs12_test_parse(t, keyword, value); 3240 #ifndef OPENSSL_NO_SCRYPT 3241 else if (pdata->pbe_type == PBE_TYPE_SCRYPT) 3242 return scrypt_test_parse(t, keyword, value); 3243 #endif 3244 return 0; 3245 } 3246 3247 static int pbe_test_run(EVP_TEST *t) 3248 { 3249 PBE_DATA *expected = t->data; 3250 unsigned char *key; 3251 EVP_MD *fetched_digest = NULL; 3252 OSSL_LIB_CTX *save_libctx; 3253 3254 save_libctx = OSSL_LIB_CTX_set0_default(libctx); 3255 3256 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) { 3257 t->err = "INTERNAL_ERROR"; 3258 goto err; 3259 } 3260 if (expected->pbe_type == PBE_TYPE_PBKDF2) { 3261 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len, 3262 expected->salt, expected->salt_len, 3263 expected->iter, expected->md, 3264 expected->key_len, key) == 0) { 3265 t->err = "PBKDF2_ERROR"; 3266 goto err; 3267 } 3268 #ifndef OPENSSL_NO_SCRYPT 3269 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) { 3270 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len, 3271 expected->salt, expected->salt_len, 3272 expected->N, expected->r, expected->p, 3273 expected->maxmem, key, expected->key_len) == 0) { 3274 t->err = "SCRYPT_ERROR"; 3275 goto err; 3276 } 3277 #endif 3278 } else if (expected->pbe_type == PBE_TYPE_PKCS12) { 3279 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md), 3280 propquery); 3281 if (fetched_digest == NULL) { 3282 t->err = "PKCS12_ERROR"; 3283 goto err; 3284 } 3285 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len, 3286 expected->salt, expected->salt_len, 3287 expected->id, expected->iter, expected->key_len, 3288 key, fetched_digest) == 0) { 3289 t->err = "PKCS12_ERROR"; 3290 goto err; 3291 } 3292 } 3293 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len, 3294 key, expected->key_len)) 3295 goto err; 3296 3297 t->err = NULL; 3298 err: 3299 EVP_MD_free(fetched_digest); 3300 OPENSSL_free(key); 3301 OSSL_LIB_CTX_set0_default(save_libctx); 3302 return 1; 3303 } 3304 3305 static const EVP_TEST_METHOD pbe_test_method = { 3306 "PBE", 3307 pbe_test_init, 3308 pbe_test_cleanup, 3309 pbe_test_parse, 3310 pbe_test_run 3311 }; 3312 3313 3314 /** 3315 ** BASE64 TESTS 3316 **/ 3317 3318 typedef enum { 3319 BASE64_CANONICAL_ENCODING = 0, 3320 BASE64_VALID_ENCODING = 1, 3321 BASE64_INVALID_ENCODING = 2 3322 } base64_encoding_type; 3323 3324 typedef struct encode_data_st { 3325 /* Input to encoding */ 3326 unsigned char *input; 3327 size_t input_len; 3328 /* Expected output */ 3329 unsigned char *output; 3330 size_t output_len; 3331 base64_encoding_type encoding; 3332 } ENCODE_DATA; 3333 3334 static int encode_test_init(EVP_TEST *t, const char *encoding) 3335 { 3336 ENCODE_DATA *edata; 3337 3338 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata)))) 3339 return 0; 3340 if (strcmp(encoding, "canonical") == 0) { 3341 edata->encoding = BASE64_CANONICAL_ENCODING; 3342 } else if (strcmp(encoding, "valid") == 0) { 3343 edata->encoding = BASE64_VALID_ENCODING; 3344 } else if (strcmp(encoding, "invalid") == 0) { 3345 edata->encoding = BASE64_INVALID_ENCODING; 3346 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR"))) 3347 goto err; 3348 } else { 3349 TEST_error("Bad encoding: %s." 3350 " Should be one of {canonical, valid, invalid}", 3351 encoding); 3352 goto err; 3353 } 3354 t->data = edata; 3355 return 1; 3356 err: 3357 OPENSSL_free(edata); 3358 return 0; 3359 } 3360 3361 static void encode_test_cleanup(EVP_TEST *t) 3362 { 3363 ENCODE_DATA *edata = t->data; 3364 3365 OPENSSL_free(edata->input); 3366 OPENSSL_free(edata->output); 3367 memset(edata, 0, sizeof(*edata)); 3368 } 3369 3370 static int encode_test_parse(EVP_TEST *t, 3371 const char *keyword, const char *value) 3372 { 3373 ENCODE_DATA *edata = t->data; 3374 3375 if (strcmp(keyword, "Input") == 0) 3376 return parse_bin(value, &edata->input, &edata->input_len); 3377 if (strcmp(keyword, "Output") == 0) 3378 return parse_bin(value, &edata->output, &edata->output_len); 3379 return 0; 3380 } 3381 3382 static int encode_test_run(EVP_TEST *t) 3383 { 3384 ENCODE_DATA *expected = t->data; 3385 unsigned char *encode_out = NULL, *decode_out = NULL; 3386 int output_len, chunk_len; 3387 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL; 3388 size_t input_len, donelen, decode_length; 3389 3390 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) { 3391 t->err = "INTERNAL_ERROR"; 3392 goto err; 3393 } 3394 3395 if (expected->encoding == BASE64_CANONICAL_ENCODING) { 3396 3397 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new()) 3398 || !TEST_ptr(encode_out = 3399 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len)))) 3400 goto err; 3401 3402 EVP_EncodeInit(encode_ctx); 3403 3404 input_len = expected->input_len; 3405 donelen = 0; 3406 output_len = 0; 3407 do { 3408 size_t current_len = (size_t) data_chunk_size; 3409 3410 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) 3411 current_len = input_len; 3412 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, 3413 expected->input + donelen, 3414 current_len))) 3415 goto err; 3416 donelen += current_len; 3417 input_len -= current_len; 3418 output_len += chunk_len; 3419 } while (input_len > 0); 3420 3421 EVP_EncodeFinal(encode_ctx, encode_out + output_len, &chunk_len); 3422 output_len += chunk_len; 3423 3424 if (!memory_err_compare(t, "BAD_ENCODING", 3425 expected->output, expected->output_len, 3426 encode_out, output_len)) 3427 goto err; 3428 } 3429 3430 decode_length = EVP_DECODE_LENGTH(expected->output_len); 3431 if (!TEST_ptr(decode_out = OPENSSL_malloc(decode_length))) 3432 goto err; 3433 /* 3434 * Fill memory with non-zeros 3435 * to check that decoding does not place redundant zeros. 3436 */ 3437 memset(decode_out, 0xff, decode_length); 3438 3439 output_len = 0; 3440 EVP_DecodeInit(decode_ctx); 3441 3442 input_len = expected->output_len; 3443 donelen = 0; 3444 do { 3445 size_t current_len = (size_t) data_chunk_size; 3446 3447 if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) 3448 current_len = input_len; 3449 if (EVP_DecodeUpdate(decode_ctx, decode_out + output_len, &chunk_len, 3450 expected->output + donelen, current_len) < 0) { 3451 t->err = "DECODE_ERROR"; 3452 goto err; 3453 } 3454 donelen += current_len; 3455 input_len -= current_len; 3456 output_len += chunk_len; 3457 } while (input_len > 0); 3458 3459 if (EVP_DecodeFinal(decode_ctx, decode_out + output_len, &chunk_len) != 1) { 3460 t->err = "DECODE_ERROR"; 3461 goto err; 3462 } 3463 output_len += chunk_len; 3464 3465 if (expected->encoding != BASE64_INVALID_ENCODING 3466 && !memory_err_compare(t, "BAD_DECODING", 3467 expected->input, expected->input_len, 3468 decode_out, output_len)) { 3469 t->err = "BAD_DECODING"; 3470 goto err; 3471 } 3472 3473 for (; output_len < (int)decode_length; output_len++) { 3474 if (decode_out[output_len] != 0xff) { 3475 t->err = "BAD_DECODING"; 3476 goto err; 3477 } 3478 } 3479 3480 t->err = NULL; 3481 err: 3482 OPENSSL_free(encode_out); 3483 OPENSSL_free(decode_out); 3484 EVP_ENCODE_CTX_free(decode_ctx); 3485 EVP_ENCODE_CTX_free(encode_ctx); 3486 return 1; 3487 } 3488 3489 static const EVP_TEST_METHOD encode_test_method = { 3490 "Encoding", 3491 encode_test_init, 3492 encode_test_cleanup, 3493 encode_test_parse, 3494 encode_test_run, 3495 }; 3496 3497 3498 /** 3499 ** RAND TESTS 3500 **/ 3501 #define MAX_RAND_REPEATS 15 3502 3503 typedef struct rand_data_pass_st { 3504 unsigned char *entropy; 3505 unsigned char *reseed_entropy; 3506 unsigned char *nonce; 3507 unsigned char *pers; 3508 unsigned char *reseed_addin; 3509 unsigned char *addinA; 3510 unsigned char *addinB; 3511 unsigned char *pr_entropyA; 3512 unsigned char *pr_entropyB; 3513 unsigned char *output; 3514 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len, 3515 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len, 3516 reseed_addin_len; 3517 } RAND_DATA_PASS; 3518 3519 typedef struct rand_data_st { 3520 /* Context for this operation */ 3521 EVP_RAND_CTX *ctx; 3522 EVP_RAND_CTX *parent; 3523 int n; 3524 int prediction_resistance; 3525 int use_df; 3526 unsigned int generate_bits; 3527 char *cipher; 3528 char *digest; 3529 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 3530 3531 /* Expected output */ 3532 RAND_DATA_PASS data[MAX_RAND_REPEATS]; 3533 } RAND_DATA; 3534 3535 static int rand_test_init(EVP_TEST *t, const char *name) 3536 { 3537 RAND_DATA *rdata; 3538 EVP_RAND *rand; 3539 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3540 unsigned int strength = 256; 3541 3542 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata)))) 3543 return 0; 3544 3545 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */ 3546 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"); 3547 if (rand == NULL) 3548 goto err; 3549 rdata->parent = EVP_RAND_CTX_new(rand, NULL); 3550 EVP_RAND_free(rand); 3551 if (rdata->parent == NULL) 3552 goto err; 3553 3554 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); 3555 if (!EVP_RAND_CTX_set_params(rdata->parent, params)) 3556 goto err; 3557 3558 rand = EVP_RAND_fetch(libctx, name, propquery); 3559 if (rand == NULL) 3560 goto err; 3561 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent); 3562 EVP_RAND_free(rand); 3563 if (rdata->ctx == NULL) 3564 goto err; 3565 rdata->init_controls = sk_OPENSSL_STRING_new_null(); 3566 3567 rdata->n = -1; 3568 t->data = rdata; 3569 return 1; 3570 err: 3571 EVP_RAND_CTX_free(rdata->parent); 3572 OPENSSL_free(rdata); 3573 return 0; 3574 } 3575 3576 static void rand_test_cleanup(EVP_TEST *t) 3577 { 3578 RAND_DATA *rdata = t->data; 3579 int i; 3580 3581 ctrlfree(rdata->init_controls); 3582 OPENSSL_free(rdata->cipher); 3583 OPENSSL_free(rdata->digest); 3584 3585 for (i = 0; i <= rdata->n; i++) { 3586 OPENSSL_free(rdata->data[i].entropy); 3587 OPENSSL_free(rdata->data[i].reseed_entropy); 3588 OPENSSL_free(rdata->data[i].nonce); 3589 OPENSSL_free(rdata->data[i].pers); 3590 OPENSSL_free(rdata->data[i].reseed_addin); 3591 OPENSSL_free(rdata->data[i].addinA); 3592 OPENSSL_free(rdata->data[i].addinB); 3593 OPENSSL_free(rdata->data[i].pr_entropyA); 3594 OPENSSL_free(rdata->data[i].pr_entropyB); 3595 OPENSSL_free(rdata->data[i].output); 3596 } 3597 EVP_RAND_CTX_free(rdata->ctx); 3598 EVP_RAND_CTX_free(rdata->parent); 3599 } 3600 3601 static int rand_test_parse(EVP_TEST *t, 3602 const char *keyword, const char *value) 3603 { 3604 RAND_DATA *rdata = t->data; 3605 RAND_DATA_PASS *item; 3606 const char *p; 3607 int n; 3608 3609 if ((p = strchr(keyword, '.')) != NULL) { 3610 n = atoi(++p); 3611 if (n >= MAX_RAND_REPEATS) 3612 return 0; 3613 if (n > rdata->n) 3614 rdata->n = n; 3615 item = rdata->data + n; 3616 if (HAS_PREFIX(keyword, "Entropy.")) 3617 return parse_bin(value, &item->entropy, &item->entropy_len); 3618 if (HAS_PREFIX(keyword, "ReseedEntropy.")) 3619 return parse_bin(value, &item->reseed_entropy, 3620 &item->reseed_entropy_len); 3621 if (HAS_PREFIX(keyword, "Nonce.")) 3622 return parse_bin(value, &item->nonce, &item->nonce_len); 3623 if (HAS_PREFIX(keyword, "PersonalisationString.")) 3624 return parse_bin(value, &item->pers, &item->pers_len); 3625 if (HAS_PREFIX(keyword, "ReseedAdditionalInput.")) 3626 return parse_bin(value, &item->reseed_addin, 3627 &item->reseed_addin_len); 3628 if (HAS_PREFIX(keyword, "AdditionalInputA.")) 3629 return parse_bin(value, &item->addinA, &item->addinA_len); 3630 if (HAS_PREFIX(keyword, "AdditionalInputB.")) 3631 return parse_bin(value, &item->addinB, &item->addinB_len); 3632 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA.")) 3633 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len); 3634 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB.")) 3635 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len); 3636 if (HAS_PREFIX(keyword, "Output.")) 3637 return parse_bin(value, &item->output, &item->output_len); 3638 } else { 3639 if (strcmp(keyword, "Cipher") == 0) 3640 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value)); 3641 if (strcmp(keyword, "Digest") == 0) 3642 return TEST_ptr(rdata->digest = OPENSSL_strdup(value)); 3643 if (strcmp(keyword, "DerivationFunction") == 0) { 3644 rdata->use_df = atoi(value) != 0; 3645 return 1; 3646 } 3647 if (strcmp(keyword, "GenerateBits") == 0) { 3648 if ((n = atoi(value)) <= 0 || n % 8 != 0) 3649 return 0; 3650 rdata->generate_bits = (unsigned int)n; 3651 return 1; 3652 } 3653 if (strcmp(keyword, "PredictionResistance") == 0) { 3654 rdata->prediction_resistance = atoi(value) != 0; 3655 return 1; 3656 } 3657 if (strcmp(keyword, "CtrlInit") == 0) 3658 return ctrladd(rdata->init_controls, value); 3659 } 3660 return 0; 3661 } 3662 3663 static int rand_test_run(EVP_TEST *t) 3664 { 3665 RAND_DATA *expected = t->data; 3666 RAND_DATA_PASS *item; 3667 unsigned char *got; 3668 size_t got_len = expected->generate_bits / 8; 3669 OSSL_PARAM params[8], *p = params; 3670 int i = -1, ret = 0; 3671 unsigned int strength; 3672 unsigned char *z; 3673 size_t params_n = 0, params_allocated_n = 0; 3674 3675 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) 3676 return 0; 3677 3678 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) { 3679 if (!ctrl2params(t, expected->init_controls, 3680 NULL, 3681 params, OSSL_NELEM(params), ¶ms_n)) 3682 goto err; 3683 } 3684 p = params + params_n; 3685 3686 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df); 3687 if (expected->cipher != NULL) 3688 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, 3689 expected->cipher, 0); 3690 if (expected->digest != NULL) 3691 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, 3692 expected->digest, 0); 3693 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0); 3694 *p = OSSL_PARAM_construct_end(); 3695 if (!EVP_RAND_CTX_set_params(expected->ctx, params)) { 3696 if (t->expect_unapproved == 0) { 3697 t->err = "EVP_RAND_CTX_set_params"; 3698 ret = 1; 3699 } 3700 goto err; 3701 } 3702 ctrl2params_free(params, params_n, params_allocated_n); 3703 params_n = 0; 3704 3705 strength = EVP_RAND_get_strength(expected->ctx); 3706 for (i = 0; i <= expected->n; i++) { 3707 item = expected->data + i; 3708 3709 p = params; 3710 z = item->entropy != NULL ? item->entropy : (unsigned char *)""; 3711 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 3712 z, item->entropy_len); 3713 z = item->nonce != NULL ? item->nonce : (unsigned char *)""; 3714 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, 3715 z, item->nonce_len); 3716 *p = OSSL_PARAM_construct_end(); 3717 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength, 3718 0, NULL, 0, params))) 3719 goto err; 3720 3721 z = item->pers != NULL ? item->pers : (unsigned char *)""; 3722 if (!TEST_true(EVP_RAND_instantiate 3723 (expected->ctx, strength, 3724 expected->prediction_resistance, z, 3725 item->pers_len, NULL))) 3726 goto err; 3727 3728 if (item->reseed_entropy != NULL) { 3729 params[0] = OSSL_PARAM_construct_octet_string 3730 (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy, 3731 item->reseed_entropy_len); 3732 params[1] = OSSL_PARAM_construct_end(); 3733 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 3734 goto err; 3735 3736 if (!TEST_true(EVP_RAND_reseed 3737 (expected->ctx, expected->prediction_resistance, 3738 NULL, 0, item->reseed_addin, 3739 item->reseed_addin_len))) 3740 goto err; 3741 } 3742 if (item->pr_entropyA != NULL) { 3743 params[0] = OSSL_PARAM_construct_octet_string 3744 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA, 3745 item->pr_entropyA_len); 3746 params[1] = OSSL_PARAM_construct_end(); 3747 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 3748 goto err; 3749 } 3750 if (!TEST_true(EVP_RAND_generate 3751 (expected->ctx, got, got_len, 3752 strength, expected->prediction_resistance, 3753 item->addinA, item->addinA_len))) 3754 goto err; 3755 3756 if (item->pr_entropyB != NULL) { 3757 params[0] = OSSL_PARAM_construct_octet_string 3758 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB, 3759 item->pr_entropyB_len); 3760 params[1] = OSSL_PARAM_construct_end(); 3761 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) 3762 goto err; 3763 } 3764 if (!TEST_true(EVP_RAND_generate 3765 (expected->ctx, got, got_len, 3766 strength, expected->prediction_resistance, 3767 item->addinB, item->addinB_len))) 3768 goto err; 3769 if (!TEST_mem_eq(got, got_len, item->output, item->output_len)) 3770 goto err; 3771 if (!rand_check_fips_approved(expected->ctx, t)) 3772 goto err; 3773 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx)) 3774 || !TEST_true(EVP_RAND_uninstantiate(expected->parent)) 3775 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx)) 3776 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx), 3777 EVP_RAND_STATE_UNINITIALISED)) 3778 goto err; 3779 } 3780 t->err = NULL; 3781 ret = 1; 3782 3783 err: 3784 if (ret == 0 && i >= 0) 3785 TEST_info("Error in test case %d of %d\n", i, expected->n + 1); 3786 OPENSSL_free(got); 3787 ctrl2params_free(params, params_n, params_allocated_n); 3788 return ret; 3789 } 3790 3791 static const EVP_TEST_METHOD rand_test_method = { 3792 "RAND", 3793 rand_test_init, 3794 rand_test_cleanup, 3795 rand_test_parse, 3796 rand_test_run 3797 }; 3798 3799 /** 3800 ** KDF TESTS 3801 **/ 3802 typedef struct kdf_data_st { 3803 /* Context for this operation */ 3804 EVP_KDF_CTX *ctx; 3805 /* Expected output */ 3806 unsigned char *output; 3807 size_t output_len; 3808 OSSL_PARAM params[20]; 3809 OSSL_PARAM *p; 3810 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 3811 } KDF_DATA; 3812 3813 /* 3814 * Perform public key operation setup: lookup key, allocated ctx and call 3815 * the appropriate initialisation function 3816 */ 3817 static int kdf_test_init(EVP_TEST *t, const char *name) 3818 { 3819 KDF_DATA *kdata; 3820 EVP_KDF *kdf; 3821 3822 if (is_kdf_disabled(name)) { 3823 TEST_info("skipping, '%s' is disabled", name); 3824 t->skip = 1; 3825 return 1; 3826 } 3827 3828 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 3829 return 0; 3830 kdata->p = kdata->params; 3831 *kdata->p = OSSL_PARAM_construct_end(); 3832 3833 kdf = EVP_KDF_fetch(libctx, name, propquery); 3834 if (kdf == NULL) { 3835 OPENSSL_free(kdata); 3836 return 0; 3837 } 3838 kdata->ctx = EVP_KDF_CTX_new(kdf); 3839 EVP_KDF_free(kdf); 3840 if (kdata->ctx == NULL) { 3841 OPENSSL_free(kdata); 3842 return 0; 3843 } 3844 t->data = kdata; 3845 kdata->init_controls = sk_OPENSSL_STRING_new_null(); 3846 return 1; 3847 } 3848 3849 static void kdf_test_cleanup(EVP_TEST *t) 3850 { 3851 KDF_DATA *kdata = t->data; 3852 OSSL_PARAM *p; 3853 3854 ctrlfree(kdata->init_controls); 3855 for (p = kdata->params; p->key != NULL; p++) 3856 OPENSSL_free(p->data); 3857 OPENSSL_free(kdata->output); 3858 EVP_KDF_CTX_free(kdata->ctx); 3859 } 3860 3861 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, 3862 const char *value) 3863 { 3864 KDF_DATA *kdata = t->data; 3865 int rv; 3866 char *p, *name; 3867 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx)); 3868 3869 if (!TEST_ptr(name = OPENSSL_strdup(value))) 3870 return 0; 3871 p = strchr(name, ':'); 3872 if (p == NULL) 3873 p = ""; 3874 else 3875 *p++ = '\0'; 3876 3877 if (strcmp(name, "r") == 0 3878 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3879 TEST_info("skipping, setting 'r' is unsupported"); 3880 t->skip = 1; 3881 goto end; 3882 } 3883 3884 if (strcmp(name, "lanes") == 0 3885 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3886 TEST_info("skipping, setting 'lanes' is unsupported"); 3887 t->skip = 1; 3888 goto end; 3889 } 3890 3891 if (strcmp(name, "iter") == 0 3892 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3893 TEST_info("skipping, setting 'iter' is unsupported"); 3894 t->skip = 1; 3895 goto end; 3896 } 3897 3898 if (strcmp(name, "memcost") == 0 3899 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3900 TEST_info("skipping, setting 'memcost' is unsupported"); 3901 t->skip = 1; 3902 goto end; 3903 } 3904 3905 if (strcmp(name, "secret") == 0 3906 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3907 TEST_info("skipping, setting 'secret' is unsupported"); 3908 t->skip = 1; 3909 goto end; 3910 } 3911 3912 if (strcmp(name, "pass") == 0 3913 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3914 TEST_info("skipping, setting 'pass' is unsupported"); 3915 t->skip = 1; 3916 goto end; 3917 } 3918 3919 if (strcmp(name, "ad") == 0 3920 && OSSL_PARAM_locate_const(defs, name) == NULL) { 3921 TEST_info("skipping, setting 'ad' is unsupported"); 3922 t->skip = 1; 3923 goto end; 3924 } 3925 3926 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, 3927 strlen(p), NULL); 3928 *++kdata->p = OSSL_PARAM_construct_end(); 3929 if (!rv) { 3930 t->err = "KDF_PARAM_ERROR"; 3931 OPENSSL_free(name); 3932 return 0; 3933 } 3934 if (strcmp(name, "digest") == 0) { 3935 if (is_digest_disabled(p)) { 3936 TEST_info("skipping, '%s' is disabled", p); 3937 t->skip = 1; 3938 } 3939 goto end; 3940 } 3941 3942 if ((strcmp(name, "cipher") == 0 3943 || strcmp(name, "cekalg") == 0) 3944 && is_cipher_disabled(p)) { 3945 TEST_info("skipping, '%s' is disabled", p); 3946 t->skip = 1; 3947 goto end; 3948 } 3949 if ((strcmp(name, "mac") == 0) 3950 && is_mac_disabled(p)) { 3951 TEST_info("skipping, '%s' is disabled", p); 3952 t->skip = 1; 3953 } 3954 end: 3955 OPENSSL_free(name); 3956 return 1; 3957 } 3958 3959 static int kdf_test_parse(EVP_TEST *t, 3960 const char *keyword, const char *value) 3961 { 3962 KDF_DATA *kdata = t->data; 3963 3964 if (strcmp(keyword, "Output") == 0) 3965 return parse_bin(value, &kdata->output, &kdata->output_len); 3966 if (strcmp(keyword, "CtrlInit") == 0) 3967 return ctrladd(kdata->init_controls, value); 3968 if (HAS_PREFIX(keyword, "Ctrl")) 3969 return kdf_test_ctrl(t, kdata->ctx, value); 3970 return 0; 3971 } 3972 3973 static int kdf_test_run(EVP_TEST *t) 3974 { 3975 int ret = 1; 3976 KDF_DATA *expected = t->data; 3977 unsigned char *got = NULL; 3978 size_t got_len = expected->output_len; 3979 EVP_KDF_CTX *ctx; 3980 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 3981 size_t params_n = 0, params_allocated_n = 0; 3982 3983 if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) { 3984 if (!ctrl2params(t, expected->init_controls, 3985 NULL, 3986 params, OSSL_NELEM(params), ¶ms_n)) 3987 goto err; 3988 if (!EVP_KDF_CTX_set_params(expected->ctx, params)) { 3989 t->err = "KDF_CTRL_ERROR"; 3990 goto err; 3991 } 3992 } 3993 3994 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) { 3995 t->err = "KDF_CTRL_ERROR"; 3996 goto err; 3997 } 3998 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { 3999 t->err = "INTERNAL_ERROR"; 4000 goto err; 4001 } 4002 /* FIPS(3.0.0): can't dup KDF contexts #17572 */ 4003 if (fips_provider_version_gt(libctx, 3, 0, 0) 4004 && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) { 4005 EVP_KDF_CTX_free(expected->ctx); 4006 expected->ctx = ctx; 4007 } 4008 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) { 4009 t->err = "KDF_DERIVE_ERROR"; 4010 goto err; 4011 } 4012 if (!kdf_check_fips_approved(expected->ctx, t)) { 4013 ret = 0; 4014 goto err; 4015 } 4016 if (!memory_err_compare(t, "KDF_MISMATCH", 4017 expected->output, expected->output_len, 4018 got, got_len)) 4019 goto err; 4020 4021 t->err = NULL; 4022 4023 err: 4024 ctrl2params_free(params, params_n, params_allocated_n); 4025 OPENSSL_free(got); 4026 return ret; 4027 } 4028 4029 static const EVP_TEST_METHOD kdf_test_method = { 4030 "KDF", 4031 kdf_test_init, 4032 kdf_test_cleanup, 4033 kdf_test_parse, 4034 kdf_test_run 4035 }; 4036 4037 /** 4038 ** PKEY KDF TESTS 4039 **/ 4040 4041 typedef struct pkey_kdf_data_st { 4042 /* Context for this operation */ 4043 EVP_PKEY_CTX *ctx; 4044 /* Expected output */ 4045 unsigned char *output; 4046 size_t output_len; 4047 } PKEY_KDF_DATA; 4048 4049 /* 4050 * Perform public key operation setup: lookup key, allocated ctx and call 4051 * the appropriate initialisation function 4052 */ 4053 static int pkey_kdf_test_init(EVP_TEST *t, const char *name) 4054 { 4055 PKEY_KDF_DATA *kdata = NULL; 4056 4057 if (is_kdf_disabled(name)) { 4058 TEST_info("skipping, '%s' is disabled", name); 4059 t->skip = 1; 4060 return 1; 4061 } 4062 4063 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 4064 return 0; 4065 4066 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery); 4067 if (kdata->ctx == NULL 4068 || EVP_PKEY_derive_init(kdata->ctx) <= 0) 4069 goto err; 4070 4071 t->data = kdata; 4072 return 1; 4073 err: 4074 EVP_PKEY_CTX_free(kdata->ctx); 4075 OPENSSL_free(kdata); 4076 return 0; 4077 } 4078 4079 static void pkey_kdf_test_cleanup(EVP_TEST *t) 4080 { 4081 PKEY_KDF_DATA *kdata = t->data; 4082 4083 OPENSSL_free(kdata->output); 4084 EVP_PKEY_CTX_free(kdata->ctx); 4085 } 4086 4087 static int pkey_kdf_test_parse(EVP_TEST *t, 4088 const char *keyword, const char *value) 4089 { 4090 PKEY_KDF_DATA *kdata = t->data; 4091 4092 if (strcmp(keyword, "Output") == 0) 4093 return parse_bin(value, &kdata->output, &kdata->output_len); 4094 if (HAS_PREFIX(keyword, "Ctrl")) 4095 return pkey_test_ctrl(t, kdata->ctx, value); 4096 return 0; 4097 } 4098 4099 static int pkey_kdf_test_run(EVP_TEST *t) 4100 { 4101 int ret = 1; 4102 PKEY_KDF_DATA *expected = t->data; 4103 unsigned char *got = NULL; 4104 size_t got_len = 0; 4105 4106 if (fips_provider_version_eq(libctx, 3, 0, 0)) { 4107 /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */ 4108 got_len = expected->output_len; 4109 } else { 4110 /* Find out the KDF output size */ 4111 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { 4112 t->err = "INTERNAL_ERROR"; 4113 goto err; 4114 } 4115 4116 /* 4117 * We may get an absurd output size, which signals that anything goes. 4118 * If not, we specify a too big buffer for the output, to test that 4119 * EVP_PKEY_derive() can cope with it. 4120 */ 4121 if (got_len == SIZE_MAX || got_len == 0) 4122 got_len = expected->output_len; 4123 else 4124 got_len = expected->output_len * 2; 4125 } 4126 4127 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { 4128 t->err = "INTERNAL_ERROR"; 4129 goto err; 4130 } 4131 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { 4132 t->err = "KDF_DERIVE_ERROR"; 4133 goto err; 4134 } 4135 if (!pkey_check_fips_approved(expected->ctx, t)) { 4136 ret = 0; 4137 goto err; 4138 } 4139 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) { 4140 t->err = "KDF_MISMATCH"; 4141 goto err; 4142 } 4143 t->err = NULL; 4144 4145 err: 4146 OPENSSL_free(got); 4147 return ret; 4148 } 4149 4150 static const EVP_TEST_METHOD pkey_kdf_test_method = { 4151 "PKEYKDF", 4152 pkey_kdf_test_init, 4153 pkey_kdf_test_cleanup, 4154 pkey_kdf_test_parse, 4155 pkey_kdf_test_run 4156 }; 4157 4158 /** 4159 ** KEYPAIR TESTS 4160 **/ 4161 4162 typedef struct keypair_test_data_st { 4163 EVP_PKEY *privk; 4164 EVP_PKEY *pubk; 4165 } KEYPAIR_TEST_DATA; 4166 4167 static int keypair_test_init(EVP_TEST *t, const char *pair) 4168 { 4169 KEYPAIR_TEST_DATA *data; 4170 int rv = 0; 4171 EVP_PKEY *pk = NULL, *pubk = NULL; 4172 char *pub, *priv = NULL; 4173 4174 /* Split private and public names. */ 4175 if (!TEST_ptr(priv = OPENSSL_strdup(pair)) 4176 || !TEST_ptr(pub = strchr(priv, ':'))) { 4177 t->err = "PARSING_ERROR"; 4178 goto end; 4179 } 4180 *pub++ = '\0'; 4181 4182 if (!TEST_true(find_key(&pk, priv, private_keys))) { 4183 TEST_info("Can't find private key: %s", priv); 4184 t->err = "MISSING_PRIVATE_KEY"; 4185 goto end; 4186 } 4187 if (!TEST_true(find_key(&pubk, pub, public_keys))) { 4188 TEST_info("Can't find public key: %s", pub); 4189 t->err = "MISSING_PUBLIC_KEY"; 4190 goto end; 4191 } 4192 4193 if (pk == NULL && pubk == NULL) { 4194 /* Both keys are listed but unsupported: skip this test */ 4195 t->skip = 1; 4196 rv = 1; 4197 goto end; 4198 } 4199 4200 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) 4201 goto end; 4202 data->privk = pk; 4203 data->pubk = pubk; 4204 t->data = data; 4205 rv = 1; 4206 t->err = NULL; 4207 4208 end: 4209 OPENSSL_free(priv); 4210 return rv; 4211 } 4212 4213 static void keypair_test_cleanup(EVP_TEST *t) 4214 { 4215 OPENSSL_free(t->data); 4216 t->data = NULL; 4217 } 4218 4219 /* 4220 * For tests that do not accept any custom keywords. 4221 */ 4222 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value) 4223 { 4224 return 0; 4225 } 4226 4227 static int keypair_test_run(EVP_TEST *t) 4228 { 4229 int rv = 0; 4230 const KEYPAIR_TEST_DATA *pair = t->data; 4231 4232 if (pair->privk == NULL || pair->pubk == NULL) { 4233 /* 4234 * this can only happen if only one of the keys is not set 4235 * which means that one of them was unsupported while the 4236 * other isn't: hence a key type mismatch. 4237 */ 4238 t->err = "KEYPAIR_TYPE_MISMATCH"; 4239 rv = 1; 4240 goto end; 4241 } 4242 4243 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) { 4244 if (0 == rv) { 4245 t->err = "KEYPAIR_MISMATCH"; 4246 } else if (-1 == rv) { 4247 t->err = "KEYPAIR_TYPE_MISMATCH"; 4248 } else if (-2 == rv) { 4249 t->err = "UNSUPPORTED_KEY_COMPARISON"; 4250 } else { 4251 TEST_error("Unexpected error in key comparison"); 4252 rv = 0; 4253 goto end; 4254 } 4255 rv = 1; 4256 goto end; 4257 } 4258 4259 rv = 1; 4260 t->err = NULL; 4261 4262 end: 4263 return rv; 4264 } 4265 4266 static const EVP_TEST_METHOD keypair_test_method = { 4267 "PrivPubKeyPair", 4268 keypair_test_init, 4269 keypair_test_cleanup, 4270 void_test_parse, 4271 keypair_test_run 4272 }; 4273 4274 /** 4275 ** KEYGEN TEST 4276 **/ 4277 4278 typedef struct keygen_test_data_st { 4279 char *keyname; /* Key name to store key or NULL */ 4280 char *paramname; 4281 char *alg; 4282 STACK_OF(OPENSSL_STRING) *in_controls; /* Collection of controls */ 4283 STACK_OF(OPENSSL_STRING) *out_controls; 4284 } KEYGEN_TEST_DATA; 4285 4286 static int keygen_test_init(EVP_TEST *t, const char *alg) 4287 { 4288 KEYGEN_TEST_DATA *data; 4289 4290 if (is_pkey_disabled(alg)) { 4291 t->skip = 1; 4292 return 1; 4293 } 4294 4295 if (!TEST_ptr(data = OPENSSL_zalloc(sizeof(*data)))) 4296 return 0; 4297 data->keyname = NULL; 4298 data->paramname = NULL; 4299 data->in_controls = sk_OPENSSL_STRING_new_null(); 4300 data->out_controls = sk_OPENSSL_STRING_new_null(); 4301 data->alg = OPENSSL_strdup(alg); 4302 t->data = data; 4303 t->err = NULL; 4304 return 1; 4305 } 4306 4307 static void keygen_test_cleanup(EVP_TEST *t) 4308 { 4309 KEYGEN_TEST_DATA *keygen = t->data; 4310 4311 ctrlfree(keygen->in_controls); 4312 ctrlfree(keygen->out_controls); 4313 OPENSSL_free(keygen->alg); 4314 OPENSSL_free(keygen->keyname); 4315 OPENSSL_free(keygen->paramname); 4316 OPENSSL_free(t->data); 4317 t->data = NULL; 4318 } 4319 4320 static int keygen_test_parse(EVP_TEST *t, 4321 const char *keyword, const char *value) 4322 { 4323 KEYGEN_TEST_DATA *keygen = t->data; 4324 4325 if (strcmp(keyword, "KeyName") == 0) 4326 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value)); 4327 if (strcmp(keyword, "KeyParam") == 0) 4328 return TEST_ptr(keygen->paramname = OPENSSL_strdup(value)); 4329 if (strcmp(keyword, "Ctrl") == 0) 4330 return ctrladd(keygen->in_controls, value); 4331 if (strcmp(keyword, "CtrlOut") == 0) 4332 return ctrladd(keygen->out_controls, value); 4333 return 0; 4334 } 4335 4336 /* Iterate thru the key's expected values */ 4337 static int check_pkey_expected_values(EVP_TEST *t, const EVP_PKEY *pkey, 4338 STACK_OF(OPENSSL_STRING) *out_controls) 4339 { 4340 int ret = 0; 4341 OSSL_PARAM out_params[4], *p; 4342 size_t out_params_n = 0, len; 4343 4344 if (sk_OPENSSL_STRING_num(out_controls) > 0) { 4345 4346 if (!ctrl2params(t, out_controls, 4347 EVP_PKEY_gettable_params(pkey), 4348 out_params, OSSL_NELEM(out_params), &out_params_n)) 4349 goto err; 4350 for (p = out_params; p->key != NULL; ++p) { 4351 if (p->data_type == OSSL_PARAM_OCTET_STRING) { 4352 uint8_t *data = OPENSSL_malloc(p->data_size); 4353 4354 if (data == NULL) 4355 goto err; 4356 ret = EVP_PKEY_get_octet_string_param(pkey, p->key, data, 4357 p->data_size, &len) 4358 && len == p->data_size 4359 && (TEST_mem_eq(p->data, len, data, len) == 1); 4360 OPENSSL_free(data); 4361 if (ret == 0) { 4362 TEST_error("Expected %s value is incorrect", p->key); 4363 goto err; 4364 } 4365 } 4366 } 4367 } 4368 ret = 1; 4369 err: 4370 ctrl2params_free(out_params, out_params_n, 0); 4371 return ret; 4372 } 4373 4374 static int keygen_test_run(EVP_TEST *t) 4375 { 4376 KEYGEN_TEST_DATA *keygen = t->data; 4377 EVP_PKEY *pkey = NULL, *keyparams = NULL; 4378 EVP_PKEY_CTX *genctx = NULL; /* Keygen context to use */ 4379 int rv = 1; 4380 OSSL_PARAM_BLD *bld = NULL; 4381 OSSL_PARAM *params = NULL; 4382 size_t params_n = 0; 4383 int key_free = 1; 4384 4385 if (keygen->paramname != NULL) { 4386 rv = find_key(&keyparams, keygen->paramname, public_keys); 4387 if (rv == 0 || keyparams == NULL) { 4388 TEST_info("skipping, key '%s' is disabled", keygen->paramname); 4389 t->skip = 1; 4390 return 1; 4391 } 4392 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_pkey(libctx, keyparams, 4393 propquery))) 4394 goto err; 4395 4396 } else { 4397 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, keygen->alg, 4398 propquery))) 4399 goto err; 4400 } 4401 4402 if (EVP_PKEY_keygen_init(genctx) <= 0) { 4403 t->err = "KEYGEN_INIT_ERROR"; 4404 goto err; 4405 } 4406 4407 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) { 4408 if ((params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4)) == NULL) 4409 goto err; 4410 if (!ctrl2params(t, keygen->in_controls, 4411 EVP_PKEY_CTX_settable_params(genctx), 4412 params, 4, ¶ms_n)) 4413 goto err; 4414 if (!EVP_PKEY_CTX_set_params(genctx, params)) { 4415 t->err = "PKEY_CTRL_ERROR"; 4416 goto err; 4417 } 4418 } 4419 4420 if (EVP_PKEY_keygen(genctx, &pkey) <= 0) { 4421 t->err = "KEYGEN_GENERATE_ERROR"; 4422 goto err; 4423 } 4424 4425 if (!pkey_check_fips_approved(genctx, t)) { 4426 rv = 0; 4427 goto err; 4428 } 4429 4430 if (!evp_pkey_is_provided(pkey)) { 4431 TEST_info("Warning: legacy key generated %s", keygen->keyname); 4432 goto err; 4433 } 4434 4435 if (!check_pkey_expected_values(t, pkey, keygen->out_controls)) { 4436 t->err = "KEYGEN_PKEY_MISMATCH_ERROR"; 4437 goto err; 4438 } 4439 4440 if (keygen->keyname != NULL) { 4441 KEY_LIST *key; 4442 4443 rv = 0; 4444 if (find_key(NULL, keygen->keyname, private_keys)) { 4445 TEST_info("Duplicate key %s", keygen->keyname); 4446 goto err; 4447 } 4448 4449 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 4450 goto err; 4451 key->name = keygen->keyname; 4452 keygen->keyname = NULL; 4453 key->key = pkey; 4454 key->next = private_keys; 4455 private_keys = key; 4456 rv = 1; 4457 key_free = 0; 4458 } 4459 4460 t->err = NULL; 4461 err: 4462 if (key_free) { 4463 EVP_PKEY_free(pkey); 4464 pkey = NULL; 4465 } 4466 EVP_PKEY_CTX_free(genctx); 4467 if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) 4468 ctrl2params_free(params, params_n, 0); 4469 OSSL_PARAM_free(params); 4470 OSSL_PARAM_BLD_free(bld); 4471 return rv; 4472 } 4473 4474 static const EVP_TEST_METHOD keygen_test_method = { 4475 "KeyGen", 4476 keygen_test_init, 4477 keygen_test_cleanup, 4478 keygen_test_parse, 4479 keygen_test_run, 4480 }; 4481 4482 /** 4483 ** DIGEST SIGN+VERIFY TESTS 4484 **/ 4485 4486 typedef struct { 4487 int is_verify; /* Set to 1 if verifying */ 4488 int is_oneshot; /* Set to 1 for one shot operation */ 4489 const EVP_MD *md; /* Digest to use */ 4490 EVP_MD_CTX *ctx; /* Digest context */ 4491 EVP_PKEY_CTX *pctx; 4492 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */ 4493 unsigned char *osin; /* Input data if one shot */ 4494 size_t osin_len; /* Input length data if one shot */ 4495 unsigned char *output; /* Expected output */ 4496 size_t output_len; /* Expected output length */ 4497 int deterministic_noncetype; 4498 EVP_PKEY *key; 4499 STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ 4500 STACK_OF(OPENSSL_STRING) *controls; /* Collection of controls */ 4501 } DIGESTSIGN_DATA; 4502 4503 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, 4504 int is_oneshot) 4505 { 4506 const EVP_MD *md = NULL; 4507 DIGESTSIGN_DATA *mdat; 4508 4509 if (strcmp(alg, "NULL") != 0) { 4510 if (is_digest_disabled(alg)) { 4511 t->skip = 1; 4512 return 1; 4513 } 4514 md = EVP_get_digestbyname(alg); 4515 if (md == NULL) 4516 return 0; 4517 } 4518 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 4519 return 0; 4520 mdat->init_controls = sk_OPENSSL_STRING_new_null(); 4521 mdat->controls = sk_OPENSSL_STRING_new_null(); 4522 mdat->md = md; 4523 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) { 4524 OPENSSL_free(mdat); 4525 return 0; 4526 } 4527 mdat->is_verify = is_verify; 4528 mdat->is_oneshot = is_oneshot; 4529 t->data = mdat; 4530 return 1; 4531 } 4532 4533 static int digestsign_test_init(EVP_TEST *t, const char *alg) 4534 { 4535 return digestsigver_test_init(t, alg, 0, 0); 4536 } 4537 4538 static void digestsigver_test_cleanup(EVP_TEST *t) 4539 { 4540 DIGESTSIGN_DATA *mdata = t->data; 4541 4542 ctrlfree(mdata->init_controls); 4543 ctrlfree(mdata->controls); 4544 EVP_MD_CTX_free(mdata->ctx); 4545 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free); 4546 OPENSSL_free(mdata->osin); 4547 OPENSSL_free(mdata->output); 4548 OPENSSL_free(mdata); 4549 t->data = NULL; 4550 } 4551 4552 static int digestsigver_test_parse(EVP_TEST *t, 4553 const char *keyword, const char *value) 4554 { 4555 DIGESTSIGN_DATA *mdata = t->data; 4556 4557 if (strcmp(keyword, "Key") == 0) { 4558 EVP_PKEY *pkey = NULL; 4559 int rv = 0; 4560 4561 if (mdata->is_verify) 4562 rv = find_key(&pkey, value, public_keys); 4563 if (rv == 0) 4564 rv = find_key(&pkey, value, private_keys); 4565 if (rv == 0 || pkey == NULL) { 4566 t->skip = 1; 4567 return 1; 4568 } 4569 mdata->key = pkey; 4570 return 1; 4571 } 4572 4573 if (strcmp(keyword, "Input") == 0) { 4574 if (mdata->is_oneshot) 4575 return parse_bin(value, &mdata->osin, &mdata->osin_len); 4576 return evp_test_buffer_append(value, data_chunk_size, &mdata->input); 4577 } 4578 if (strcmp(keyword, "Output") == 0) 4579 return parse_bin(value, &mdata->output, &mdata->output_len); 4580 4581 if (!mdata->is_oneshot && data_chunk_size == 0) { 4582 if (strcmp(keyword, "Count") == 0) 4583 return evp_test_buffer_set_count(value, mdata->input); 4584 if (strcmp(keyword, "Ncopy") == 0) 4585 return evp_test_buffer_ncopy(value, mdata->input); 4586 } 4587 if (strcmp(keyword, "Ctrl") == 0) 4588 return pkey_add_control(t, mdata->controls, value); 4589 if (strcmp(keyword, "CtrlInit") == 0) 4590 return ctrladd(mdata->init_controls, value); 4591 if (strcmp(keyword, "NonceType") == 0) { 4592 if (strcmp(value, "deterministic") == 0) 4593 mdata->deterministic_noncetype = 1; 4594 return 1; 4595 } 4596 return 0; 4597 } 4598 4599 static int check_deterministic_noncetype(EVP_TEST *t, 4600 DIGESTSIGN_DATA *mdata) 4601 { 4602 if (mdata->deterministic_noncetype == 1) { 4603 OSSL_PARAM params[2]; 4604 unsigned int nonce_type = 1; 4605 4606 params[0] = 4607 OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, 4608 &nonce_type); 4609 params[1] = OSSL_PARAM_construct_end(); 4610 if (!EVP_PKEY_CTX_set_params(mdata->pctx, params)) 4611 t->err = "EVP_PKEY_CTX_set_params_ERROR"; 4612 else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params)) 4613 t->err = "EVP_PKEY_CTX_get_params_ERROR"; 4614 else if (!OSSL_PARAM_modified(¶ms[0])) 4615 t->err = "nonce_type_not_modified_ERROR"; 4616 else if (nonce_type != 1) 4617 t->err = "nonce_type_value_ERROR"; 4618 } 4619 return t->err == NULL; 4620 } 4621 4622 static int signverify_init(EVP_TEST *t, DIGESTSIGN_DATA *data) 4623 { 4624 const char *name = data->md == NULL ? NULL : EVP_MD_get0_name(data->md); 4625 OSSL_PARAM params[5]; 4626 OSSL_PARAM *p = NULL; 4627 int i, ret = 0; 4628 size_t params_n = 0, params_allocated_n = 0; 4629 4630 if (sk_OPENSSL_STRING_num(data->init_controls) > 0) { 4631 if (!ctrl2params(t, data->init_controls, 4632 NULL, 4633 params, OSSL_NELEM(params), ¶ms_n)) 4634 goto err; 4635 p = params; 4636 } 4637 4638 if (data->is_verify) { 4639 if (!EVP_DigestVerifyInit_ex(data->ctx, &data->pctx, name, libctx, 4640 NULL, data->key, p)) { 4641 t->err = "DIGESTVERIFYINIT_ERROR"; 4642 goto err; 4643 } 4644 } else { 4645 if (!EVP_DigestSignInit_ex(data->ctx, &data->pctx, name, libctx, NULL, 4646 data->key, p)) { 4647 t->err = "DIGESTSIGNINIT_ERROR"; 4648 goto err; 4649 } 4650 } 4651 4652 for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) { 4653 char *value = sk_OPENSSL_STRING_value(data->controls, i); 4654 4655 if (!pkey_test_ctrl(t, data->pctx, value) || t->err != NULL) 4656 goto err; 4657 } 4658 ret = 1; 4659 err: 4660 ctrl2params_free(params, params_n, params_allocated_n); 4661 return ret; 4662 } 4663 4664 static int digestsign_update_fn(void *ctx, const unsigned char *buf, 4665 size_t buflen) 4666 { 4667 return EVP_DigestSignUpdate(ctx, buf, buflen); 4668 } 4669 4670 static int digestsign_test_run(EVP_TEST *t) 4671 { 4672 int i; 4673 DIGESTSIGN_DATA *expected = t->data; 4674 unsigned char *got = NULL; 4675 size_t got_len; 4676 4677 if (!signverify_init(t, expected)) 4678 goto err; 4679 if (!check_deterministic_noncetype(t, expected)) 4680 goto err; 4681 4682 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) { 4683 char *value = sk_OPENSSL_STRING_value(expected->controls, i); 4684 if (!pkey_test_ctrl(t, expected->pctx, value) || t->err != NULL) 4685 return 0; 4686 } 4687 4688 if (!evp_test_buffer_do(expected->input, digestsign_update_fn, 4689 expected->ctx)) { 4690 t->err = "DIGESTUPDATE_ERROR"; 4691 goto err; 4692 } 4693 4694 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) { 4695 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 4696 goto err; 4697 } 4698 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 4699 t->err = "MALLOC_FAILURE"; 4700 goto err; 4701 } 4702 got_len *= 2; 4703 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) { 4704 t->err = "DIGESTSIGNFINAL_ERROR"; 4705 goto err; 4706 } 4707 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 4708 expected->output, expected->output_len, 4709 got, got_len)) 4710 goto err; 4711 4712 t->err = NULL; 4713 err: 4714 OPENSSL_free(got); 4715 return 1; 4716 } 4717 4718 static const EVP_TEST_METHOD digestsign_test_method = { 4719 "DigestSign", 4720 digestsign_test_init, 4721 digestsigver_test_cleanup, 4722 digestsigver_test_parse, 4723 digestsign_test_run 4724 }; 4725 4726 static int digestverify_test_init(EVP_TEST *t, const char *alg) 4727 { 4728 return digestsigver_test_init(t, alg, 1, 0); 4729 } 4730 4731 static int digestverify_update_fn(void *ctx, const unsigned char *buf, 4732 size_t buflen) 4733 { 4734 return EVP_DigestVerifyUpdate(ctx, buf, buflen); 4735 } 4736 4737 static int digestverify_test_run(EVP_TEST *t) 4738 { 4739 DIGESTSIGN_DATA *mdata = t->data; 4740 4741 if (!signverify_init(t, mdata)) 4742 return 1; 4743 4744 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) { 4745 t->err = "DIGESTUPDATE_ERROR"; 4746 return 1; 4747 } 4748 4749 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output, 4750 mdata->output_len) <= 0) 4751 t->err = "VERIFY_ERROR"; 4752 return 1; 4753 } 4754 4755 static const EVP_TEST_METHOD digestverify_test_method = { 4756 "DigestVerify", 4757 digestverify_test_init, 4758 digestsigver_test_cleanup, 4759 digestsigver_test_parse, 4760 digestverify_test_run 4761 }; 4762 4763 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg) 4764 { 4765 return digestsigver_test_init(t, alg, 0, 1); 4766 } 4767 4768 static int oneshot_digestsign_test_run(EVP_TEST *t) 4769 { 4770 DIGESTSIGN_DATA *expected = t->data; 4771 unsigned char *got = NULL; 4772 size_t got_len; 4773 4774 if (!signverify_init(t, expected)) 4775 goto err; 4776 4777 if (!EVP_DigestSign(expected->ctx, NULL, &got_len, 4778 expected->osin, expected->osin_len)) { 4779 t->err = "DIGESTSIGN_LENGTH_ERROR"; 4780 goto err; 4781 } 4782 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 4783 t->err = "MALLOC_FAILURE"; 4784 goto err; 4785 } 4786 got_len *= 2; 4787 if (!EVP_DigestSign(expected->ctx, got, &got_len, 4788 expected->osin, expected->osin_len)) { 4789 t->err = "DIGESTSIGN_ERROR"; 4790 goto err; 4791 } 4792 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 4793 expected->output, expected->output_len, 4794 got, got_len)) 4795 goto err; 4796 4797 t->err = NULL; 4798 err: 4799 OPENSSL_free(got); 4800 return 1; 4801 } 4802 4803 static const EVP_TEST_METHOD oneshot_digestsign_test_method = { 4804 "OneShotDigestSign", 4805 oneshot_digestsign_test_init, 4806 digestsigver_test_cleanup, 4807 digestsigver_test_parse, 4808 oneshot_digestsign_test_run 4809 }; 4810 4811 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg) 4812 { 4813 return digestsigver_test_init(t, alg, 1, 1); 4814 } 4815 4816 static int oneshot_digestverify_test_run(EVP_TEST *t) 4817 { 4818 DIGESTSIGN_DATA *mdata = t->data; 4819 4820 if (!signverify_init(t, mdata)) 4821 return 1; 4822 4823 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len, 4824 mdata->osin, mdata->osin_len) <= 0) 4825 t->err = "VERIFY_ERROR"; 4826 return 1; 4827 } 4828 4829 static const EVP_TEST_METHOD oneshot_digestverify_test_method = { 4830 "OneShotDigestVerify", 4831 oneshot_digestverify_test_init, 4832 digestsigver_test_cleanup, 4833 digestsigver_test_parse, 4834 oneshot_digestverify_test_run 4835 }; 4836 4837 4838 /** 4839 ** PARSING AND DISPATCH 4840 **/ 4841 4842 static const EVP_TEST_METHOD *evp_test_list[] = { 4843 &rand_test_method, 4844 &cipher_test_method, 4845 &digest_test_method, 4846 &digestsign_test_method, 4847 &digestverify_test_method, 4848 &encode_test_method, 4849 &kdf_test_method, 4850 &pkey_kdf_test_method, 4851 &keypair_test_method, 4852 &keygen_test_method, 4853 &mac_test_method, 4854 &oneshot_digestsign_test_method, 4855 &oneshot_digestverify_test_method, 4856 &pbe_test_method, 4857 &pdecrypt_test_method, 4858 &pderive_test_method, 4859 &psign_test_method, 4860 &psign_message_test_method, 4861 &pverify_recover_test_method, 4862 &pverify_test_method, 4863 &pverify_message_test_method, 4864 &pverify_message_public_test_method, 4865 &pkey_kem_test_method, 4866 &pkey_fromdata_test_method, 4867 NULL 4868 }; 4869 4870 static const EVP_TEST_METHOD *find_test(const char *name) 4871 { 4872 const EVP_TEST_METHOD **tt; 4873 4874 for (tt = evp_test_list; *tt; tt++) { 4875 if (strcmp(name, (*tt)->name) == 0) 4876 return *tt; 4877 } 4878 return NULL; 4879 } 4880 4881 static void clear_test(EVP_TEST *t) 4882 { 4883 test_clearstanza(&t->s); 4884 ERR_clear_error(); 4885 if (t->data != NULL) { 4886 if (t->meth != NULL) 4887 t->meth->cleanup(t); 4888 OPENSSL_free(t->data); 4889 t->data = NULL; 4890 } 4891 OPENSSL_free(t->expected_err); 4892 t->expected_err = NULL; 4893 OPENSSL_free(t->reason); 4894 t->reason = NULL; 4895 4896 /* Text literal. */ 4897 t->err = NULL; 4898 t->skip = 0; 4899 t->meth = NULL; 4900 t->expect_unapproved = 0; 4901 4902 #if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL) 4903 OSSL_set_max_threads(libctx, 0); 4904 #endif 4905 } 4906 4907 /* Check for errors in the test structure; return 1 if okay, else 0. */ 4908 static int check_test_error(EVP_TEST *t) 4909 { 4910 unsigned long err; 4911 const char *reason; 4912 4913 if (t->err == NULL && t->expected_err == NULL) 4914 return 1; 4915 if (t->err != NULL && t->expected_err == NULL) { 4916 if (t->aux_err != NULL) { 4917 TEST_info("%s:%d: Source of above error (%s); unexpected error %s", 4918 t->s.test_file, t->s.start, t->aux_err, t->err); 4919 } else { 4920 TEST_info("%s:%d: Source of above error; unexpected error %s", 4921 t->s.test_file, t->s.start, t->err); 4922 } 4923 return 0; 4924 } 4925 if (t->err == NULL && t->expected_err != NULL) { 4926 TEST_info("%s:%d: Succeeded but was expecting %s", 4927 t->s.test_file, t->s.start, t->expected_err); 4928 return 0; 4929 } 4930 4931 if (strcmp(t->err, t->expected_err) != 0) { 4932 TEST_info("%s:%d: Expected %s got %s", 4933 t->s.test_file, t->s.start, t->expected_err, t->err); 4934 return 0; 4935 } 4936 4937 if (t->reason == NULL) 4938 return 1; 4939 4940 if (t->reason == NULL) { 4941 TEST_info("%s:%d: Test is missing function or reason code", 4942 t->s.test_file, t->s.start); 4943 return 0; 4944 } 4945 4946 err = ERR_peek_error(); 4947 if (err == 0) { 4948 TEST_info("%s:%d: Expected error \"%s\" not set", 4949 t->s.test_file, t->s.start, t->reason); 4950 return 0; 4951 } 4952 4953 reason = ERR_reason_error_string(err); 4954 if (reason == NULL) { 4955 TEST_info("%s:%d: Expected error \"%s\", no strings available." 4956 " Assuming ok.", 4957 t->s.test_file, t->s.start, t->reason); 4958 return 1; 4959 } 4960 4961 if (strcmp(reason, t->reason) == 0) 4962 return 1; 4963 4964 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"", 4965 t->s.test_file, t->s.start, t->reason, reason); 4966 4967 return 0; 4968 } 4969 4970 /* Run a parsed test. Log a message and return 0 on error. */ 4971 static int run_test(EVP_TEST *t) 4972 { 4973 if (t->meth == NULL) 4974 return 1; 4975 t->s.numtests++; 4976 if (t->skip) { 4977 t->s.numskip++; 4978 } else { 4979 /* run the test */ 4980 if (t->err == NULL && t->meth->run_test(t) != 1) { 4981 TEST_info("%s:%d %s error", 4982 t->s.test_file, t->s.start, t->meth->name); 4983 return 0; 4984 } 4985 if (!check_test_error(t)) { 4986 TEST_openssl_errors(); 4987 t->s.errors++; 4988 } 4989 } 4990 4991 /* clean it up */ 4992 return 1; 4993 } 4994 4995 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst) 4996 { 4997 for (; lst != NULL; lst = lst->next) { 4998 if (strcmp(lst->name, name) == 0) { 4999 if (ppk != NULL) 5000 *ppk = lst->key; 5001 return 1; 5002 } 5003 } 5004 return 0; 5005 } 5006 5007 static void free_key_list(KEY_LIST *lst) 5008 { 5009 while (lst != NULL) { 5010 KEY_LIST *next = lst->next; 5011 5012 EVP_PKEY_free(lst->key); 5013 OPENSSL_free(lst->name); 5014 OPENSSL_free(lst); 5015 lst = next; 5016 } 5017 } 5018 5019 /* 5020 * Is the key type an unsupported algorithm? 5021 */ 5022 static int key_unsupported(void) 5023 { 5024 long err = ERR_peek_last_error(); 5025 int lib = ERR_GET_LIB(err); 5026 long reason = ERR_GET_REASON(err); 5027 5028 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM) 5029 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR) 5030 || reason == ERR_R_UNSUPPORTED) { 5031 ERR_clear_error(); 5032 return 1; 5033 } 5034 #ifndef OPENSSL_NO_EC 5035 /* 5036 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an 5037 * hint to an unsupported algorithm/curve (e.g. if binary EC support is 5038 * disabled). 5039 */ 5040 if (lib == ERR_LIB_EC 5041 && (reason == EC_R_UNKNOWN_GROUP 5042 || reason == EC_R_INVALID_CURVE)) { 5043 ERR_clear_error(); 5044 return 1; 5045 } 5046 #endif /* OPENSSL_NO_EC */ 5047 return 0; 5048 } 5049 5050 /* NULL out the value from |pp| but return it. This "steals" a pointer. */ 5051 static char *take_value(PAIR *pp) 5052 { 5053 char *p = pp->value; 5054 5055 pp->value = NULL; 5056 return p; 5057 } 5058 5059 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) 5060 static int securitycheck_enabled(void) 5061 { 5062 static int enabled = -1; 5063 5064 if (enabled == -1) { 5065 if (OSSL_PROVIDER_available(libctx, "fips")) { 5066 OSSL_PARAM params[2]; 5067 OSSL_PROVIDER *prov = NULL; 5068 int check = 1; 5069 5070 prov = OSSL_PROVIDER_load(libctx, "fips"); 5071 if (prov != NULL) { 5072 params[0] = 5073 OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS, 5074 &check); 5075 params[1] = OSSL_PARAM_construct_end(); 5076 OSSL_PROVIDER_get_params(prov, params); 5077 OSSL_PROVIDER_unload(prov); 5078 } 5079 enabled = check; 5080 return enabled; 5081 } 5082 enabled = 0; 5083 } 5084 return enabled; 5085 } 5086 #endif 5087 5088 /* 5089 * Return 1 if one of the providers named in the string is available. 5090 * The provider names are separated with whitespace. 5091 * NOTE: destructive function, it inserts '\0' after each provider name. 5092 */ 5093 static int prov_available(char *providers) 5094 { 5095 char *p; 5096 int more = 1; 5097 5098 while (more) { 5099 for (; isspace((unsigned char)(*providers)); providers++) 5100 continue; 5101 if (*providers == '\0') 5102 break; /* End of the road */ 5103 for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++) 5104 continue; 5105 if (*p == '\0') 5106 more = 0; 5107 else 5108 *p = '\0'; 5109 if (OSSL_PROVIDER_available(libctx, providers)) 5110 return 1; /* Found one */ 5111 } 5112 return 0; 5113 } 5114 5115 /* Read and parse one test. Return 0 if failure, 1 if okay. */ 5116 static int parse(EVP_TEST *t) 5117 { 5118 KEY_LIST *key, **klist; 5119 EVP_PKEY *pkey; 5120 PAIR *pp; 5121 int i, j, skipped = 0; 5122 5123 fips_indicator_callback_unapproved_count = 0; 5124 top: 5125 do { 5126 if (BIO_eof(t->s.fp)) 5127 return EOF; 5128 clear_test(t); 5129 if (!test_readstanza(&t->s)) 5130 return 0; 5131 } while (t->s.numpairs == 0); 5132 pp = &t->s.pairs[0]; 5133 5134 /* Are we adding a key? */ 5135 klist = NULL; 5136 pkey = NULL; 5137 start: 5138 if (strcmp(pp->key, "PrivateKey") == 0) { 5139 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL); 5140 if (pkey == NULL && !key_unsupported()) { 5141 EVP_PKEY_free(pkey); 5142 TEST_info("Can't read private key %s", pp->value); 5143 TEST_openssl_errors(); 5144 return 0; 5145 } 5146 klist = &private_keys; 5147 } else if (strcmp(pp->key, "PublicKey") == 0) { 5148 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL); 5149 if (pkey == NULL && !key_unsupported()) { 5150 EVP_PKEY_free(pkey); 5151 TEST_info("Can't read public key %s", pp->value); 5152 TEST_openssl_errors(); 5153 return 0; 5154 } 5155 klist = &public_keys; 5156 } else if (strcmp(pp->key, "ParamKey") == 0) { 5157 pkey = PEM_read_bio_Parameters_ex(t->s.key, NULL, libctx, NULL); 5158 if (pkey == NULL && !key_unsupported()) { 5159 EVP_PKEY_free(pkey); 5160 TEST_info("Can't read params key %s", pp->value); 5161 TEST_openssl_errors(); 5162 return 0; 5163 } 5164 klist = &public_keys; 5165 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0 5166 || strcmp(pp->key, "PublicKeyRaw") == 0) { 5167 char *strnid = NULL, *keydata = NULL; 5168 unsigned char *keybin; 5169 size_t keylen; 5170 int nid; 5171 5172 if (strcmp(pp->key, "PrivateKeyRaw") == 0) 5173 klist = &private_keys; 5174 else 5175 klist = &public_keys; 5176 5177 strnid = strchr(pp->value, ':'); 5178 if (strnid != NULL) { 5179 *strnid++ = '\0'; 5180 keydata = strchr(strnid, ':'); 5181 if (keydata != NULL) 5182 *keydata++ = '\0'; 5183 } 5184 if (keydata == NULL) { 5185 TEST_info("Failed to parse %s value", pp->key); 5186 return 0; 5187 } 5188 5189 nid = OBJ_txt2nid(strnid); 5190 if (nid == NID_undef) { 5191 TEST_info("Unrecognised algorithm NID"); 5192 return 0; 5193 } 5194 if (!parse_bin(keydata, &keybin, &keylen)) { 5195 TEST_info("Failed to create binary key"); 5196 return 0; 5197 } 5198 if (klist == &private_keys) 5199 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin, 5200 keylen); 5201 else 5202 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin, 5203 keylen); 5204 if (pkey == NULL && !key_unsupported()) { 5205 TEST_info("Can't read %s data", pp->key); 5206 OPENSSL_free(keybin); 5207 TEST_openssl_errors(); 5208 return 0; 5209 } 5210 OPENSSL_free(keybin); 5211 } else if (strcmp(pp->key, "Availablein") == 0) { 5212 if (!prov_available(pp->value)) { 5213 TEST_info("skipping, '%s' provider not available: %s:%d", 5214 pp->value, t->s.test_file, t->s.start); 5215 t->skip = 1; 5216 return 0; 5217 } 5218 skipped++; 5219 pp++; 5220 goto start; 5221 } else if (strcmp(pp->key, "FIPSversion") == 0) { 5222 if (prov_available("fips")) { 5223 j = fips_provider_version_match(libctx, pp->value); 5224 if (j < 0) { 5225 TEST_info("Line %d: error matching FIPS versions\n", t->s.curr); 5226 return 0; 5227 } else if (j == 0) { 5228 TEST_info("skipping, FIPS provider incompatible version: %s:%d", 5229 t->s.test_file, t->s.start); 5230 t->skip = 1; 5231 return 0; 5232 } 5233 } 5234 skipped++; 5235 pp++; 5236 goto start; 5237 } 5238 5239 /* If we have a key add to list */ 5240 if (klist != NULL) { 5241 if (find_key(NULL, pp->value, *klist)) { 5242 TEST_info("Duplicate key %s", pp->value); 5243 return 0; 5244 } 5245 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 5246 return 0; 5247 key->name = take_value(pp); 5248 key->key = pkey; 5249 key->next = *klist; 5250 *klist = key; 5251 5252 /* Go back and start a new stanza. */ 5253 if ((t->s.numpairs - skipped) != 1) 5254 TEST_info("Line %d: missing blank line\n", t->s.curr); 5255 goto top; 5256 } 5257 5258 /* Find the test, based on first keyword. */ 5259 if (!TEST_ptr(t->meth = find_test(pp->key))) 5260 return 0; 5261 if (!t->meth->init(t, pp->value)) { 5262 TEST_error("unknown %s: %s\n", pp->key, pp->value); 5263 return 0; 5264 } 5265 if (t->skip == 1) { 5266 /* TEST_info("skipping %s %s", pp->key, pp->value); */ 5267 return 0; 5268 } 5269 5270 for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) { 5271 if (strcmp(pp->key, "Securitycheck") == 0) { 5272 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS) 5273 #else 5274 if (!securitycheck_enabled()) 5275 #endif 5276 { 5277 TEST_info("skipping, Securitycheck is disabled: %s:%d", 5278 t->s.test_file, t->s.start); 5279 t->skip = 1; 5280 return 0; 5281 } 5282 } else if (strcmp(pp->key, "Availablein") == 0) { 5283 TEST_info("Line %d: 'Availablein' should be the first option", 5284 t->s.curr); 5285 return 0; 5286 } else if (strcmp(pp->key, "Result") == 0) { 5287 if (t->expected_err != NULL) { 5288 TEST_info("Line %d: multiple result lines", t->s.curr); 5289 return 0; 5290 } 5291 t->expected_err = take_value(pp); 5292 } else if (strcmp(pp->key, "Function") == 0) { 5293 /* Ignore old line. */ 5294 } else if (strcmp(pp->key, "Reason") == 0) { 5295 if (t->reason != NULL) { 5296 TEST_info("Line %d: multiple reason lines", t->s.curr); 5297 return 0; 5298 } 5299 t->reason = take_value(pp); 5300 } else if (strcmp(pp->key, "Threads") == 0) { 5301 if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) { 5302 TEST_info("skipping, '%s' threads not available: %s:%d", 5303 pp->value, t->s.test_file, t->s.start); 5304 t->skip = 1; 5305 } 5306 } else if (strcmp(pp->key, "Unapproved") == 0) { 5307 t->expect_unapproved = 1; 5308 } else if (strcmp(pp->key, "Extended-Test") == 0) { 5309 if (!extended_tests) { 5310 TEST_info("skipping extended test: %s:%d", 5311 t->s.test_file, t->s.start); 5312 t->skip = 1; 5313 } 5314 } else { 5315 /* Must be test specific line: try to parse it */ 5316 int rv = t->meth->parse(t, pp->key, pp->value); 5317 5318 if (rv == 0) { 5319 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key); 5320 return 0; 5321 } 5322 if (rv < 0) { 5323 TEST_info("Line %d: error processing keyword %s = %s\n", 5324 t->s.curr, pp->key, pp->value); 5325 return 0; 5326 } 5327 if (t->skip) 5328 return 0; 5329 } 5330 } 5331 5332 return 1; 5333 } 5334 5335 static int run_file_tests(int i) 5336 { 5337 EVP_TEST *t; 5338 const char *testfile = test_get_argument(i); 5339 int c; 5340 5341 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t)))) 5342 return 0; 5343 if (!test_start_file(&t->s, testfile)) { 5344 OPENSSL_free(t); 5345 return 0; 5346 } 5347 5348 OSSL_INDICATOR_set_callback(libctx, fips_indicator_cb); 5349 while (!BIO_eof(t->s.fp)) { 5350 c = parse(t); 5351 if (t->skip) { 5352 t->s.numskip++; 5353 continue; 5354 } 5355 if (c == 0 || !run_test(t)) { 5356 t->s.errors++; 5357 break; 5358 } 5359 } 5360 test_end_file(&t->s); 5361 clear_test(t); 5362 5363 free_key_list(public_keys); 5364 public_keys = NULL; 5365 free_key_list(private_keys); 5366 private_keys = NULL; 5367 BIO_free(t->s.key); 5368 c = t->s.errors; 5369 OPENSSL_free(t); 5370 return c == 0; 5371 } 5372 5373 const OPTIONS *test_get_options(void) 5374 { 5375 static const OPTIONS test_options[] = { 5376 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), 5377 { "config", OPT_CONFIG_FILE, '<', 5378 "The configuration file to use for the libctx" }, 5379 { "process", OPT_IN_PLACE, 's', 5380 "Mode for data processing by cipher tests [in_place/both], both by default"}, 5381 { "provider", OPT_PROVIDER_NAME, 's', 5382 "The provider to load (when no configuration file, the default value is 'default')" }, 5383 { "propquery", OPT_PROV_PROPQUERY, 's', 5384 "Property query used when fetching algorithms" }, 5385 { "chunk", OPT_DATA_CHUNK, 'N', "Size of data chunks to be processed, 0 for default size"}, 5386 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" }, 5387 { NULL } 5388 }; 5389 return test_options; 5390 } 5391 5392 int setup_tests(void) 5393 { 5394 size_t n; 5395 char *config_file = NULL; 5396 char *provider_name = NULL; 5397 5398 OPTION_CHOICE o; 5399 5400 extended_tests = getenv("EVP_TEST_EXTENDED") != NULL; 5401 5402 while ((o = opt_next()) != OPT_EOF) { 5403 switch (o) { 5404 case OPT_CONFIG_FILE: 5405 config_file = opt_arg(); 5406 break; 5407 case OPT_IN_PLACE: 5408 if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1) 5409 case OPT_DATA_CHUNK: 5410 if (!opt_int(opt_arg(), &data_chunk_size)) 5411 return 0; 5412 break; 5413 case OPT_PROVIDER_NAME: 5414 provider_name = opt_arg(); 5415 break; 5416 case OPT_PROV_PROPQUERY: 5417 propquery = opt_arg(); 5418 break; 5419 case OPT_TEST_CASES: 5420 break; 5421 default: 5422 case OPT_ERR: 5423 return 0; 5424 } 5425 } 5426 5427 /* 5428 * Load the provider via configuration into the created library context. 5429 * Load the 'null' provider into the default library context to ensure that 5430 * the tests do not fallback to using the default provider. 5431 */ 5432 if (config_file == NULL && provider_name == NULL) 5433 provider_name = "default"; 5434 if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name)) 5435 return 0; 5436 5437 n = test_get_argument_count(); 5438 if (n == 0) 5439 return 0; 5440 5441 ADD_ALL_TESTS(run_file_tests, n); 5442 return 1; 5443 } 5444 5445 void cleanup_tests(void) 5446 { 5447 OSSL_PROVIDER_unload(libprov); 5448 OSSL_PROVIDER_unload(prov_null); 5449 OSSL_LIB_CTX_free(libctx); 5450 } 5451 5452 static int is_digest_disabled(const char *name) 5453 { 5454 #ifdef OPENSSL_NO_BLAKE2 5455 if (HAS_CASE_PREFIX(name, "BLAKE")) 5456 return 1; 5457 #endif 5458 #ifdef OPENSSL_NO_MD2 5459 if (OPENSSL_strcasecmp(name, "MD2") == 0) 5460 return 1; 5461 #endif 5462 #ifdef OPENSSL_NO_MDC2 5463 if (OPENSSL_strcasecmp(name, "MDC2") == 0) 5464 return 1; 5465 #endif 5466 #ifdef OPENSSL_NO_MD4 5467 if (OPENSSL_strcasecmp(name, "MD4") == 0) 5468 return 1; 5469 #endif 5470 #ifdef OPENSSL_NO_MD5 5471 if (OPENSSL_strcasecmp(name, "MD5") == 0) 5472 return 1; 5473 #endif 5474 #ifdef OPENSSL_NO_RMD160 5475 if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0) 5476 return 1; 5477 #endif 5478 #ifdef OPENSSL_NO_SM3 5479 if (OPENSSL_strcasecmp(name, "SM3") == 0) 5480 return 1; 5481 #endif 5482 #ifdef OPENSSL_NO_WHIRLPOOL 5483 if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0) 5484 return 1; 5485 #endif 5486 return 0; 5487 } 5488 5489 static int is_pkey_disabled(const char *name) 5490 { 5491 #ifdef OPENSSL_NO_EC 5492 if (HAS_CASE_PREFIX(name, "EC")) 5493 return 1; 5494 #endif 5495 #ifdef OPENSSL_NO_DH 5496 if (HAS_CASE_PREFIX(name, "DH")) 5497 return 1; 5498 #endif 5499 #ifdef OPENSSL_NO_DSA 5500 if (HAS_CASE_PREFIX(name, "DSA")) 5501 return 1; 5502 #endif 5503 #ifdef OPENSSL_NO_SM2 5504 if (HAS_CASE_PREFIX(name, "SM2")) 5505 return 1; 5506 #endif 5507 5508 /* For sigalgs we use, we also check for digest suffixes */ 5509 #ifdef OPENSSL_NO_RMD160 5510 if (HAS_CASE_SUFFIX(name, "-RIPEMD160")) 5511 return 1; 5512 #endif 5513 #ifdef OPENSSL_NO_SM3 5514 if (HAS_CASE_SUFFIX(name, "-SM3")) 5515 return 1; 5516 #endif 5517 #ifdef OPENSSL_NO_ML_DSA 5518 if (HAS_CASE_PREFIX(name, "ML-DSA")) 5519 return 1; 5520 #endif 5521 return 0; 5522 } 5523 5524 static int is_mac_disabled(const char *name) 5525 { 5526 #ifdef OPENSSL_NO_BLAKE2 5527 if (HAS_CASE_PREFIX(name, "BLAKE2BMAC") 5528 || HAS_CASE_PREFIX(name, "BLAKE2SMAC")) 5529 return 1; 5530 #endif 5531 #ifdef OPENSSL_NO_CMAC 5532 if (HAS_CASE_PREFIX(name, "CMAC")) 5533 return 1; 5534 #endif 5535 #ifdef OPENSSL_NO_POLY1305 5536 if (HAS_CASE_PREFIX(name, "Poly1305")) 5537 return 1; 5538 #endif 5539 #ifdef OPENSSL_NO_SIPHASH 5540 if (HAS_CASE_PREFIX(name, "SipHash")) 5541 return 1; 5542 #endif 5543 return 0; 5544 } 5545 static int is_kdf_disabled(const char *name) 5546 { 5547 #ifdef OPENSSL_NO_SCRYPT 5548 if (HAS_CASE_SUFFIX(name, "SCRYPT")) 5549 return 1; 5550 #endif 5551 #ifdef OPENSSL_NO_ARGON2 5552 if (HAS_CASE_SUFFIX(name, "ARGON2")) 5553 return 1; 5554 #endif 5555 return 0; 5556 } 5557 5558 static int is_cipher_disabled(const char *name) 5559 { 5560 #ifdef OPENSSL_NO_ARIA 5561 if (HAS_CASE_PREFIX(name, "ARIA")) 5562 return 1; 5563 #endif 5564 #ifdef OPENSSL_NO_BF 5565 if (HAS_CASE_PREFIX(name, "BF")) 5566 return 1; 5567 #endif 5568 #ifdef OPENSSL_NO_CAMELLIA 5569 if (HAS_CASE_PREFIX(name, "CAMELLIA")) 5570 return 1; 5571 #endif 5572 #ifdef OPENSSL_NO_CAST 5573 if (HAS_CASE_PREFIX(name, "CAST")) 5574 return 1; 5575 #endif 5576 #ifdef OPENSSL_NO_CHACHA 5577 if (HAS_CASE_PREFIX(name, "CHACHA")) 5578 return 1; 5579 #endif 5580 #ifdef OPENSSL_NO_POLY1305 5581 if (HAS_CASE_SUFFIX(name, "Poly1305")) 5582 return 1; 5583 #endif 5584 #ifdef OPENSSL_NO_DES 5585 if (HAS_CASE_PREFIX(name, "DES")) 5586 return 1; 5587 if (HAS_CASE_SUFFIX(name, "3DESwrap")) 5588 return 1; 5589 #endif 5590 #ifdef OPENSSL_NO_OCB 5591 if (HAS_CASE_SUFFIX(name, "OCB")) 5592 return 1; 5593 #endif 5594 #ifdef OPENSSL_NO_IDEA 5595 if (HAS_CASE_PREFIX(name, "IDEA")) 5596 return 1; 5597 #endif 5598 #ifdef OPENSSL_NO_RC2 5599 if (HAS_CASE_PREFIX(name, "RC2")) 5600 return 1; 5601 #endif 5602 #ifdef OPENSSL_NO_RC4 5603 if (HAS_CASE_PREFIX(name, "RC4")) 5604 return 1; 5605 #endif 5606 #ifdef OPENSSL_NO_RC5 5607 if (HAS_CASE_PREFIX(name, "RC5")) 5608 return 1; 5609 #endif 5610 #ifdef OPENSSL_NO_SEED 5611 if (HAS_CASE_PREFIX(name, "SEED")) 5612 return 1; 5613 #endif 5614 #ifdef OPENSSL_NO_SIV 5615 if (HAS_CASE_SUFFIX(name, "SIV")) 5616 return 1; 5617 #endif 5618 #ifdef OPENSSL_NO_SM4 5619 if (HAS_CASE_PREFIX(name, "SM4")) 5620 return 1; 5621 #endif 5622 return 0; 5623 } 5624