evp_test.c@ 108358

最後變更在這個檔案從108358是 108206,由 vboxsync 提交於 5 週前
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 126.8 KB

行
1	/*
2	* Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
11	#include <stdio.h>
12	#include <string.h>
13	#include <stdlib.h>
14	#include <ctype.h>
15	#include <openssl/evp.h>
16	#include <openssl/pem.h>
17	#include <openssl/err.h>
18	#include <openssl/provider.h>
19	#include <openssl/x509v3.h>
20	#include <openssl/pkcs12.h>
21	#include <openssl/kdf.h>
22	#include <openssl/params.h>
23	#include <openssl/core_names.h>
24	#include <openssl/fips_names.h>
25	#include <openssl/thread.h>
26	#include "internal/numbers.h"
27	#include "internal/nelem.h"
28	#include "crypto/evp.h"
29	#include "testutil.h"
30
31	typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
32	DEFINE_STACK_OF(EVP_TEST_BUFFER)
33
34	#define AAD_NUM 4
35
36	typedef struct evp_test_method_st EVP_TEST_METHOD;
37
38	/* Structure holding test information */
39	typedef struct evp_test_st {
40	STANZA s; /* Common test stanza */
41	char *name;
42	int skip; /* Current test should be skipped */
43	const EVP_TEST_METHOD meth; / method for this test */
44	const char err, aux_err; /* Error string for test */
45	char expected_err; / Expected error value of test */
46	char reason; / Expected error reason string */
47	void data; / test specific data */
48	} EVP_TEST;
49
50	/* Test method structure */
51	struct evp_test_method_st {
52	/* Name of test as it appears in file */
53	const char *name;
54	/* Initialise test for "alg" */
55	int (init) (EVP_TEST t, const char *alg);
56	/* Clean up method */
57	void (cleanup) (EVP_TEST t);
58	/* Test specific name value pair processing */
59	int (parse) (EVP_TEST t, const char name, const char value);
60	/* Run the test itself */
61	int (run_test) (EVP_TEST t);
62	};
63
64	/* Linked list of named keys. */
65	typedef struct key_list_st {
66	char *name;
67	EVP_PKEY *key;
68	struct key_list_st *next;
69	} KEY_LIST;
70
71	typedef enum OPTION_choice {
72	OPT_ERR = -1,
73	OPT_EOF = 0,
74	OPT_CONFIG_FILE,
75	OPT_IN_PLACE,
76	OPT_PROVIDER_NAME,
77	OPT_PROV_PROPQUERY,
78	OPT_TEST_ENUM
79	} OPTION_CHOICE;
80
81	static OSSL_PROVIDER *prov_null = NULL;
82	static OSSL_PROVIDER *libprov = NULL;
83	static OSSL_LIB_CTX *libctx = NULL;
84
85	/* List of public and private keys */
86	static KEY_LIST *private_keys;
87	static KEY_LIST *public_keys;
88
89	static int find_key(EVP_PKEY *ppk, const char name, KEY_LIST *lst);
90	static int parse_bin(const char value, unsigned char buf, size_t buflen);
91	static int is_digest_disabled(const char *name);
92	static int is_pkey_disabled(const char *name);
93	static int is_mac_disabled(const char *name);
94	static int is_cipher_disabled(const char *name);
95	static int is_kdf_disabled(const char *name);
96
97	/*
98	* Compare two memory regions for equality, returning zero if they differ.
99	* However, if there is expected to be an error and the actual error
100	* matches then the memory is expected to be different so handle this
101	* case without producing unnecessary test framework output.
102	*/
103	static int memory_err_compare(EVP_TEST t, const char err,
104	const void *expected, size_t expected_len,
105	const void *got, size_t got_len)
106	{
107	int r;
108
109	if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
110	r = !TEST_mem_ne(expected, expected_len, got, got_len);
111	else
112	r = TEST_mem_eq(expected, expected_len, got, got_len);
113	if (!r)
114	t->err = err;
115	return r;
116	}
117
118	/* Option specific for evp test */
119	static int process_mode_in_place;
120	static const char *propquery = NULL;
121
122	static int evp_test_process_mode(char *mode)
123	{
124	if (strcmp(mode, "in_place") == 0)
125	return 1;
126	else if (strcmp(mode, "both") == 0)
127	return 0;
128	return -1;
129	}
130
131	/*
132	* Structure used to hold a list of blocks of memory to test
133	* calls to "update" like functions.
134	*/
135	struct evp_test_buffer_st {
136	unsigned char *buf;
137	size_t buflen;
138	size_t count;
139	int count_set;
140	};
141
142	static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
143	{
144	if (db != NULL) {
145	OPENSSL_free(db->buf);
146	OPENSSL_free(db);
147	}
148	}
149
150	/* append buffer to a list */
151	static int evp_test_buffer_append(const char *value,
152	STACK_OF(EVP_TEST_BUFFER) **sk)
153	{
154	EVP_TEST_BUFFER *db = NULL;
155
156	if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
157	goto err;
158
159	if (!parse_bin(value, &db->buf, &db->buflen))
160	goto err;
161	db->count = 1;
162	db->count_set = 0;
163
164	if (sk == NULL && !TEST_ptr(sk = sk_EVP_TEST_BUFFER_new_null()))
165	goto err;
166	if (!sk_EVP_TEST_BUFFER_push(*sk, db))
167	goto err;
168
169	return 1;
170
171	err:
172	evp_test_buffer_free(db);
173	return 0;
174	}
175
176	/* replace last buffer in list with copies of itself */
177	static int evp_test_buffer_ncopy(const char *value,
178	STACK_OF(EVP_TEST_BUFFER) *sk)
179	{
180	EVP_TEST_BUFFER *db;
181	unsigned char tbuf, p;
182	size_t tbuflen;
183	int ncopy = atoi(value);
184	int i;
185
186	if (ncopy <= 0)
187	return 0;
188	if (sk == NULL \|\| sk_EVP_TEST_BUFFER_num(sk) == 0)
189	return 0;
190	db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
191
192	tbuflen = db->buflen * ncopy;
193	if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
194	return 0;
195	for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
196	memcpy(p, db->buf, db->buflen);
197
198	OPENSSL_free(db->buf);
199	db->buf = tbuf;
200	db->buflen = tbuflen;
201	return 1;
202	}
203
204	/* set repeat count for last buffer in list */
205	static int evp_test_buffer_set_count(const char *value,
206	STACK_OF(EVP_TEST_BUFFER) *sk)
207	{
208	EVP_TEST_BUFFER *db;
209	int count = atoi(value);
210
211	if (count <= 0)
212	return 0;
213
214	if (sk == NULL \|\| sk_EVP_TEST_BUFFER_num(sk) == 0)
215	return 0;
216
217	db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
218	if (db->count_set != 0)
219	return 0;
220
221	db->count = (size_t)count;
222	db->count_set = 1;
223	return 1;
224	}
225
226	/* call "fn" with each element of the list in turn */
227	static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
228	int (fn)(void ctx,
229	const unsigned char *buf,
230	size_t buflen),
231	void *ctx)
232	{
233	int i;
234
235	for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
236	EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
237	size_t j;
238
239	for (j = 0; j < tb->count; j++) {
240	if (fn(ctx, tb->buf, tb->buflen) <= 0)
241	return 0;
242	}
243	}
244	return 1;
245	}
246
247	/*
248	* Unescape some sequences in string literals (only \n for now).
249	* Return an allocated buffer, set \|out_len\|. If \|input_len\|
250	* is zero, get an empty buffer but set length to zero.
251	*/
252	static unsigned char* unescape(const char *input, size_t input_len,
253	size_t *out_len)
254	{
255	unsigned char ret, p;
256	size_t i;
257
258	if (input_len == 0) {
259	*out_len = 0;
260	return OPENSSL_zalloc(1);
261	}
262
263	/* Escaping is non-expanding; over-allocate original size for simplicity. */
264	if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
265	return NULL;
266
267	for (i = 0; i < input_len; i++) {
268	if (*input == '\\') {
269	if (i == input_len - 1 \|\| *++input != 'n') {
270	TEST_error("Bad escape sequence in file");
271	goto err;
272	}
273	*p++ = '\n';
274	i++;
275	input++;
276	} else {
277	p++ = input++;
278	}
279	}
280
281	*out_len = p - ret;
282	return ret;
283
284	err:
285	OPENSSL_free(ret);
286	return NULL;
287	}
288
289	/*
290	* For a hex string "value" convert to a binary allocated buffer.
291	* Return 1 on success or 0 on failure.
292	*/
293	static int parse_bin(const char value, unsigned char buf, size_t buflen)
294	{
295	long len;
296
297	/* Check for NULL literal */
298	if (strcmp(value, "NULL") == 0) {
299	*buf = NULL;
300	*buflen = 0;
301	return 1;
302	}
303
304	/* Check for empty value */
305	if (*value == '\0') {
306	/*
307	* Don't return NULL for zero length buffer. This is needed for
308	* some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
309	* buffer even if the key length is 0, in order to detect key reset.
310	*/
311	*buf = OPENSSL_malloc(1);
312	if (*buf == NULL)
313	return 0;
314	**buf = 0;
315	*buflen = 0;
316	return 1;
317	}
318
319	/* Check for string literal */
320	if (value[0] == '"') {
321	size_t vlen = strlen(++value);
322
323	if (vlen == 0 \|\| value[vlen - 1] != '"')
324	return 0;
325	vlen--;
326	*buf = unescape(value, vlen, buflen);
327	return *buf == NULL ? 0 : 1;
328	}
329
330	/* Otherwise assume as hex literal and convert it to binary buffer */
331	if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
332	TEST_info("Can't convert %s", value);
333	TEST_openssl_errors();
334	return -1;
335	}
336	/* Size of input buffer means we'll never overflow */
337	*buflen = len;
338	return 1;
339	}
340
341	/**
342	** MESSAGE DIGEST TESTS
343	**/
344
345	typedef struct digest_data_st {
346	/* Digest this test is for */
347	const EVP_MD *digest;
348	EVP_MD *fetched_digest;
349	/* Input to digest */
350	STACK_OF(EVP_TEST_BUFFER) *input;
351	/* Expected output */
352	unsigned char *output;
353	size_t output_len;
354	/* Padding type */
355	int pad_type;
356	/* XOF mode? */
357	int xof;
358	/* Size for variable output length but non-XOF */
359	size_t digest_size;
360	} DIGEST_DATA;
361
362	static int digest_test_init(EVP_TEST t, const char alg)
363	{
364	DIGEST_DATA *mdat;
365	const EVP_MD *digest;
366	EVP_MD *fetched_digest;
367
368	if (is_digest_disabled(alg)) {
369	TEST_info("skipping, '%s' is disabled", alg);
370	t->skip = 1;
371	return 1;
372	}
373
374	if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
375	&& (digest = EVP_get_digestbyname(alg)) == NULL)
376	return 0;
377	if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
378	return 0;
379	t->data = mdat;
380	mdat->digest = digest;
381	mdat->fetched_digest = fetched_digest;
382	mdat->pad_type = 0;
383	mdat->xof = 0;
384	if (fetched_digest != NULL)
385	TEST_info("%s is fetched", alg);
386	return 1;
387	}
388
389	static void digest_test_cleanup(EVP_TEST *t)
390	{
391	DIGEST_DATA *mdat = t->data;
392
393	sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
394	OPENSSL_free(mdat->output);
395	EVP_MD_free(mdat->fetched_digest);
396	}
397
398	static int digest_test_parse(EVP_TEST *t,
399	const char keyword, const char value)
400	{
401	DIGEST_DATA *mdata = t->data;
402
403	if (strcmp(keyword, "Input") == 0)
404	return evp_test_buffer_append(value, &mdata->input);
405	if (strcmp(keyword, "Output") == 0)
406	return parse_bin(value, &mdata->output, &mdata->output_len);
407	if (strcmp(keyword, "Count") == 0)
408	return evp_test_buffer_set_count(value, mdata->input);
409	if (strcmp(keyword, "Ncopy") == 0)
410	return evp_test_buffer_ncopy(value, mdata->input);
411	if (strcmp(keyword, "Padding") == 0)
412	return (mdata->pad_type = atoi(value)) > 0;
413	if (strcmp(keyword, "XOF") == 0)
414	return (mdata->xof = atoi(value)) > 0;
415	if (strcmp(keyword, "OutputSize") == 0) {
416	int sz;
417
418	sz = atoi(value);
419	if (sz < 0)
420	return -1;
421	mdata->digest_size = sz;
422	return 1;
423	}
424	return 0;
425	}
426
427	static int digest_update_fn(void ctx, const unsigned char buf, size_t buflen)
428	{
429	return EVP_DigestUpdate(ctx, buf, buflen);
430	}
431
432	static int test_duplicate_md_ctx(EVP_TEST t, EVP_MD_CTX mctx)
433	{
434	char dont[] = "touch";
435
436	if (!TEST_ptr(mctx))
437	return 0;
438	if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) {
439	EVP_MD_CTX_free(mctx);
440	t->err = "DIGESTFINALXOF_ERROR";
441	return 0;
442	}
443	if (!TEST_str_eq(dont, "touch")) {
444	EVP_MD_CTX_free(mctx);
445	t->err = "DIGESTFINALXOF_ERROR";
446	return 0;
447	}
448	EVP_MD_CTX_free(mctx);
449	return 1;
450	}
451
452	static int digest_test_run(EVP_TEST *t)
453	{
454	DIGEST_DATA *expected = t->data;
455	EVP_TEST_BUFFER *inbuf;
456	EVP_MD_CTX *mctx;
457	unsigned char *got = NULL;
458	unsigned int got_len;
459	size_t size = 0;
460	int xof = 0;
461	OSSL_PARAM params[4], *p = &params[0];
462
463	t->err = "TEST_FAILURE";
464	if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
465	goto err;
466
467	got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
468	expected->output_len : EVP_MAX_MD_SIZE);
469	if (!TEST_ptr(got))
470	goto err;
471
472	if (expected->xof > 0) {
473	xof \|= 1;
474	*p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
475	&expected->output_len);
476	}
477	if (expected->digest_size > 0) {
478	*p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE,
479	&expected->digest_size);
480	}
481	if (expected->pad_type > 0)
482	*p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
483	&expected->pad_type);
484	*p++ = OSSL_PARAM_construct_end();
485
486	if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) {
487	t->err = "DIGESTINIT_ERROR";
488	goto err;
489	}
490
491	if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
492	t->err = "DIGESTUPDATE_ERROR";
493	goto err;
494	}
495
496	xof \|= (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0;
497	if (xof) {
498	EVP_MD_CTX *mctx_cpy;
499
500	if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
501	goto err;
502	}
503	if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) {
504	EVP_MD_CTX_free(mctx_cpy);
505	goto err;
506	} else if (!test_duplicate_md_ctx(t, mctx_cpy)) {
507	goto err;
508	}
509
510	if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx)))
511	goto err;
512
513	got_len = expected->output_len;
514	if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
515	t->err = "DIGESTFINALXOF_ERROR";
516	goto err;
517	}
518	} else {
519	if (!EVP_DigestFinal(mctx, got, &got_len)) {
520	t->err = "DIGESTFINAL_ERROR";
521	goto err;
522	}
523	}
524	if (!TEST_int_eq(expected->output_len, got_len)) {
525	t->err = "DIGEST_LENGTH_MISMATCH";
526	goto err;
527	}
528	if (!memory_err_compare(t, "DIGEST_MISMATCH",
529	expected->output, expected->output_len,
530	got, got_len))
531	goto err;
532
533	t->err = NULL;
534
535	/* Test the EVP_Q_digest interface as well */
536	if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
537	&& !xof
538	/* This should never fail but we need the returned pointer now */
539	&& !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
540	&& !inbuf->count_set) {
541	OPENSSL_cleanse(got, got_len);
542	if (!TEST_true(EVP_Q_digest(libctx,
543	EVP_MD_get0_name(expected->fetched_digest),
544	NULL, inbuf->buf, inbuf->buflen,
545	got, &size))
546	\|\| !TEST_mem_eq(got, size,
547	expected->output, expected->output_len)) {
548	t->err = "EVP_Q_digest failed";
549	goto err;
550	}
551	}
552
553	err:
554	OPENSSL_free(got);
555	EVP_MD_CTX_free(mctx);
556	return 1;
557	}
558
559	static const EVP_TEST_METHOD digest_test_method = {
560	"Digest",
561	digest_test_init,
562	digest_test_cleanup,
563	digest_test_parse,
564	digest_test_run
565	};
566
567	/**
568	*** CIPHER TESTS
569	**/
570
571	typedef struct cipher_data_st {
572	const EVP_CIPHER *cipher;
573	EVP_CIPHER *fetched_cipher;
574	int enc;
575	/* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
576	int aead;
577	unsigned char *key;
578	size_t key_len;
579	size_t key_bits; /* Used by RC2 */
580	unsigned char *iv;
581	unsigned char next_iv; / Expected IV state after operation */
582	unsigned int rounds;
583	size_t iv_len;
584	unsigned char *plaintext;
585	size_t plaintext_len;
586	unsigned char *ciphertext;
587	size_t ciphertext_len;
588	/* AEAD ciphers only */
589	unsigned char *aad[AAD_NUM];
590	size_t aad_len[AAD_NUM];
591	int tls_aad;
592	int tls_version;
593	unsigned char *tag;
594	const char *cts_mode;
595	size_t tag_len;
596	int tag_late;
597	unsigned char *mac_key;
598	size_t mac_key_len;
599	const char *xts_standard;
600	} CIPHER_DATA;
601
602	static int cipher_test_init(EVP_TEST t, const char alg)
603	{
604	const EVP_CIPHER *cipher;
605	EVP_CIPHER *fetched_cipher;
606	CIPHER_DATA *cdat;
607	int m;
608
609	if (is_cipher_disabled(alg)) {
610	t->skip = 1;
611	TEST_info("skipping, '%s' is disabled", alg);
612	return 1;
613	}
614
615	ERR_set_mark();
616	if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL
617	&& (cipher = EVP_get_cipherbyname(alg)) == NULL) {
618	/* a stitched cipher might not be available */
619	if (strstr(alg, "HMAC") != NULL) {
620	ERR_pop_to_mark();
621	t->skip = 1;
622	TEST_info("skipping, '%s' is not available", alg);
623	return 1;
624	}
625	ERR_clear_last_mark();
626	return 0;
627	}
628	ERR_clear_last_mark();
629
630	if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
631	return 0;
632
633	cdat->cipher = cipher;
634	cdat->fetched_cipher = fetched_cipher;
635	cdat->enc = -1;
636	m = EVP_CIPHER_get_mode(cipher);
637	if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
638	cdat->aead = m != 0 ? m : -1;
639	else
640	cdat->aead = 0;
641
642	t->data = cdat;
643	if (fetched_cipher != NULL)
644	TEST_info("%s is fetched", alg);
645	return 1;
646	}
647
648	static void cipher_test_cleanup(EVP_TEST *t)
649	{
650	int i;
651	CIPHER_DATA *cdat = t->data;
652
653	OPENSSL_free(cdat->key);
654	OPENSSL_free(cdat->iv);
655	OPENSSL_free(cdat->next_iv);
656	OPENSSL_free(cdat->ciphertext);
657	OPENSSL_free(cdat->plaintext);
658	for (i = 0; i < AAD_NUM; i++)
659	OPENSSL_free(cdat->aad[i]);
660	OPENSSL_free(cdat->tag);
661	OPENSSL_free(cdat->mac_key);
662	EVP_CIPHER_free(cdat->fetched_cipher);
663	}
664
665	static int cipher_test_parse(EVP_TEST t, const char keyword,
666	const char *value)
667	{
668	CIPHER_DATA *cdat = t->data;
669	int i;
670
671	if (strcmp(keyword, "Key") == 0)
672	return parse_bin(value, &cdat->key, &cdat->key_len);
673	if (strcmp(keyword, "Rounds") == 0) {
674	i = atoi(value);
675	if (i < 0)
676	return -1;
677	cdat->rounds = (unsigned int)i;
678	return 1;
679	}
680	if (strcmp(keyword, "IV") == 0)
681	return parse_bin(value, &cdat->iv, &cdat->iv_len);
682	if (strcmp(keyword, "NextIV") == 0)
683	return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
684	if (strcmp(keyword, "Plaintext") == 0)
685	return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
686	if (strcmp(keyword, "Ciphertext") == 0)
687	return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
688	if (strcmp(keyword, "KeyBits") == 0) {
689	i = atoi(value);
690	if (i < 0)
691	return -1;
692	cdat->key_bits = (size_t)i;
693	return 1;
694	}
695	if (cdat->aead) {
696	int tls_aad = 0;
697
698	if (strcmp(keyword, "TLSAAD") == 0)
699	cdat->tls_aad = tls_aad = 1;
700	if (strcmp(keyword, "AAD") == 0 \|\| tls_aad) {
701	for (i = 0; i < AAD_NUM; i++) {
702	if (cdat->aad[i] == NULL)
703	return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
704	}
705	return -1;
706	}
707	if (strcmp(keyword, "Tag") == 0)
708	return parse_bin(value, &cdat->tag, &cdat->tag_len);
709	if (strcmp(keyword, "SetTagLate") == 0) {
710	if (strcmp(value, "TRUE") == 0)
711	cdat->tag_late = 1;
712	else if (strcmp(value, "FALSE") == 0)
713	cdat->tag_late = 0;
714	else
715	return -1;
716	return 1;
717	}
718	if (strcmp(keyword, "MACKey") == 0)
719	return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
720	if (strcmp(keyword, "TLSVersion") == 0) {
721	char *endptr;
722
723	cdat->tls_version = (int)strtol(value, &endptr, 0);
724	return value[0] != '\0' && endptr[0] == '\0';
725	}
726	}
727
728	if (strcmp(keyword, "Operation") == 0) {
729	if (strcmp(value, "ENCRYPT") == 0)
730	cdat->enc = 1;
731	else if (strcmp(value, "DECRYPT") == 0)
732	cdat->enc = 0;
733	else
734	return -1;
735	return 1;
736	}
737	if (strcmp(keyword, "CTSMode") == 0) {
738	cdat->cts_mode = value;
739	return 1;
740	}
741	if (strcmp(keyword, "XTSStandard") == 0) {
742	cdat->xts_standard = value;
743	return 1;
744	}
745	return 0;
746	}
747
748	static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
749	size_t inp_misalign, int frag, int in_place)
750	{
751	CIPHER_DATA *expected = t->data;
752	unsigned char in, expected_out, *tmp = NULL;
753	size_t in_len, out_len, donelen = 0;
754	int ok = 0, tmplen, chunklen, tmpflen, i;
755	EVP_CIPHER_CTX *ctx_base = NULL;
756	EVP_CIPHER_CTX ctx = NULL, duped;
757	int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0);
758
759	t->err = "TEST_FAILURE";
760	if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
761	goto err;
762	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
763	goto err;
764	EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
765	if (enc) {
766	in = expected->plaintext;
767	in_len = expected->plaintext_len;
768	expected_out = expected->ciphertext;
769	out_len = expected->ciphertext_len;
770	} else {
771	in = expected->ciphertext;
772	in_len = expected->ciphertext_len;
773	expected_out = expected->plaintext;
774	out_len = expected->plaintext_len;
775	}
776	if (in_place == 1) {
777	/* Exercise in-place encryption */
778	tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
779	if (!tmp)
780	goto err;
781	in = memcpy(tmp + out_misalign, in, in_len);
782	} else {
783	inp_misalign += 16 - ((out_misalign + in_len) & 15);
784	/*
785	* 'tmp' will store both output and copy of input. We make the copy
786	* of input to specifically aligned part of 'tmp'. So we just
787	* figured out how much padding would ensure the required alignment,
788	* now we allocate extended buffer and finally copy the input just
789	* past inp_misalign in expression below. Output will be written
790	* past out_misalign...
791	*/
792	tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
793	inp_misalign + in_len);
794	if (!tmp)
795	goto err;
796	in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
797	inp_misalign, in, in_len);
798	}
799	if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) {
800	t->err = "CIPHERINIT_ERROR";
801	goto err;
802	}
803	if (expected->cts_mode != NULL) {
804	OSSL_PARAM params[2];
805
806	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
807	(char *)expected->cts_mode,
808	0);
809	params[1] = OSSL_PARAM_construct_end();
810	if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
811	t->err = "INVALID_CTS_MODE";
812	goto err;
813	}
814	}
815	if (expected->iv) {
816	if (expected->aead) {
817	if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
818	expected->iv_len, 0) <= 0) {
819	t->err = "INVALID_IV_LENGTH";
820	goto err;
821	}
822	} else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
823	t->err = "INVALID_IV_LENGTH";
824	goto err;
825	}
826	}
827	if (expected->aead && !expected->tls_aad) {
828	unsigned char *tag;
829	/*
830	* If encrypting or OCB just set tag length initially, otherwise
831	* set tag length and value.
832	*/
833	if (enc \|\| expected->aead == EVP_CIPH_OCB_MODE \|\| expected->tag_late) {
834	t->err = "TAG_LENGTH_SET_ERROR";
835	tag = NULL;
836	} else {
837	t->err = "TAG_SET_ERROR";
838	tag = expected->tag;
839	}
840	if (tag \|\| expected->aead != EVP_CIPH_GCM_MODE) {
841	if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
842	expected->tag_len, tag) <= 0)
843	goto err;
844	}
845	}
846
847	if (expected->rounds > 0) {
848	int rounds = (int)expected->rounds;
849
850	if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
851	t->err = "INVALID_ROUNDS";
852	goto err;
853	}
854	}
855
856	if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
857	t->err = "INVALID_KEY_LENGTH";
858	goto err;
859	}
860	if (expected->key_bits > 0) {
861	int bits = (int)expected->key_bits;
862
863	if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
864	t->err = "INVALID KEY BITS";
865	goto err;
866	}
867	}
868	if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
869	t->err = "KEY_SET_ERROR";
870	goto err;
871	}
872
873	/* Check that we get the same IV back */
874	if (expected->iv != NULL) {
875	/* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
876	unsigned char iv[128];
877	if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
878	\|\| ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
879	&& !TEST_mem_eq(expected->iv, expected->iv_len, iv,
880	expected->iv_len))) {
881	t->err = "INVALID_IV";
882	goto err;
883	}
884	}
885
886	/* Test that the cipher dup functions correctly if it is supported */
887	ERR_set_mark();
888	if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
889	if (fips_dupctx_supported) {
890	TEST_info("Doing a copy of Cipher %s Fails!\n",
891	EVP_CIPHER_get0_name(expected->cipher));
892	ERR_print_errors_fp(stderr);
893	goto err;
894	} else {
895	TEST_info("Allowing copy fail as an old fips provider is in use.");
896	}
897	EVP_CIPHER_CTX_free(ctx);
898	ctx = ctx_base;
899	} else {
900	EVP_CIPHER_CTX_free(ctx_base);
901	ctx_base = NULL;
902	}
903	/* Likewise for dup */
904	duped = EVP_CIPHER_CTX_dup(ctx);
905	if (duped != NULL) {
906	EVP_CIPHER_CTX_free(ctx);
907	ctx = duped;
908	} else {
909	if (fips_dupctx_supported) {
910	TEST_info("Doing a dup of Cipher %s Fails!\n",
911	EVP_CIPHER_get0_name(expected->cipher));
912	ERR_print_errors_fp(stderr);
913	goto err;
914	} else {
915	TEST_info("Allowing dup fail as an old fips provider is in use.");
916	}
917	}
918	ERR_pop_to_mark();
919
920	if (expected->mac_key != NULL
921	&& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
922	(int)expected->mac_key_len,
923	(void *)expected->mac_key) <= 0) {
924	t->err = "SET_MAC_KEY_ERROR";
925	goto err;
926	}
927
928	if (expected->tls_version) {
929	OSSL_PARAM params[2];
930
931	params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
932	&expected->tls_version);
933	params[1] = OSSL_PARAM_construct_end();
934	if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
935	t->err = "SET_TLS_VERSION_ERROR";
936	goto err;
937	}
938	}
939
940	if (expected->aead == EVP_CIPH_CCM_MODE) {
941	if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
942	t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
943	goto err;
944	}
945	}
946	if (expected->aad[0] != NULL && !expected->tls_aad) {
947	t->err = "AAD_SET_ERROR";
948	if (!frag) {
949	for (i = 0; expected->aad[i] != NULL; i++) {
950	if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i],
951	expected->aad_len[i]))
952	goto err;
953	}
954	} else {
955	/*
956	* Supply the AAD in chunks less than the block size where possible
957	*/
958	for (i = 0; expected->aad[i] != NULL; i++) {
959	if (expected->aad_len[i] > 0) {
960	if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
961	goto err;
962	donelen++;
963	}
964	if (expected->aad_len[i] > 2) {
965	if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
966	expected->aad[i] + donelen,
967	expected->aad_len[i] - 2))
968	goto err;
969	donelen += expected->aad_len[i] - 2;
970	}
971	if (expected->aad_len[i] > 1
972	&& !EVP_CipherUpdate(ctx, NULL, &chunklen,
973	expected->aad[i] + donelen, 1))
974	goto err;
975	}
976	}
977	}
978
979	if (expected->tls_aad) {
980	OSSL_PARAM params[2];
981	char *tls_aad;
982
983	/* duplicate the aad as the implementation might modify it */
984	if ((tls_aad = OPENSSL_memdup(expected->aad[0],
985	expected->aad_len[0])) == NULL)
986	goto err;
987	params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
988	tls_aad,
989	expected->aad_len[0]);
990	params[1] = OSSL_PARAM_construct_end();
991	if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
992	OPENSSL_free(tls_aad);
993	t->err = "TLS1_AAD_ERROR";
994	goto err;
995	}
996	OPENSSL_free(tls_aad);
997	} else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
998	\|\| expected->tag_late)) {
999	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1000	expected->tag_len, expected->tag) <= 0) {
1001	t->err = "TAG_SET_ERROR";
1002	goto err;
1003	}
1004	}
1005	if (expected->xts_standard != NULL) {
1006	OSSL_PARAM params[2];
1007
1008	params[0] =
1009	OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD,
1010	(char *)expected->xts_standard, 0);
1011	params[1] = OSSL_PARAM_construct_end();
1012	if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1013	t->err = "SET_XTS_STANDARD_ERROR";
1014	goto err;
1015	}
1016	}
1017	EVP_CIPHER_CTX_set_padding(ctx, 0);
1018	t->err = "CIPHERUPDATE_ERROR";
1019	tmplen = 0;
1020	if (!frag) {
1021	/* We supply the data all in one go */
1022	if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
1023	goto err;
1024	} else {
1025	/* Supply the data in chunks less than the block size where possible */
1026	if (in_len > 0) {
1027	if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
1028	goto err;
1029	tmplen += chunklen;
1030	in++;
1031	in_len--;
1032	}
1033	if (in_len > 1) {
1034	if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1035	in, in_len - 1))
1036	goto err;
1037	tmplen += chunklen;
1038	in += in_len - 1;
1039	in_len = 1;
1040	}
1041	if (in_len > 0) {
1042	if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1043	in, 1))
1044	goto err;
1045	tmplen += chunklen;
1046	}
1047	}
1048	if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
1049	t->err = "CIPHERFINAL_ERROR";
1050	goto err;
1051	}
1052	if (!enc && expected->tls_aad) {
1053	if (expected->tls_version >= TLS1_1_VERSION
1054	&& (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
1055	\|\| EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
1056	tmplen -= expected->iv_len;
1057	expected_out += expected->iv_len;
1058	out_misalign += expected->iv_len;
1059	}
1060	if ((int)out_len > tmplen + tmpflen)
1061	out_len = tmplen + tmpflen;
1062	}
1063	if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
1064	tmp + out_misalign, tmplen + tmpflen))
1065	goto err;
1066	if (enc && expected->aead && !expected->tls_aad) {
1067	unsigned char rtag[16];
1068
1069	if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
1070	t->err = "TAG_LENGTH_INTERNAL_ERROR";
1071	goto err;
1072	}
1073	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1074	expected->tag_len, rtag) <= 0) {
1075	t->err = "TAG_RETRIEVE_ERROR";
1076	goto err;
1077	}
1078	if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
1079	expected->tag, expected->tag_len,
1080	rtag, expected->tag_len))
1081	goto err;
1082	}
1083	/* Check the updated IV */
1084	if (expected->next_iv != NULL) {
1085	/* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
1086	unsigned char iv[128];
1087	if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
1088	\|\| ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
1089	&& !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
1090	expected->iv_len))) {
1091	t->err = "INVALID_NEXT_IV";
1092	goto err;
1093	}
1094	}
1095
1096	t->err = NULL;
1097	ok = 1;
1098	err:
1099	OPENSSL_free(tmp);
1100	if (ctx != ctx_base)
1101	EVP_CIPHER_CTX_free(ctx_base);
1102	EVP_CIPHER_CTX_free(ctx);
1103	return ok;
1104	}
1105
1106	/*
1107	* XTS, SIV, CCM, stitched ciphers and Wrap modes have special
1108	* requirements about input lengths so we don't fragment for those
1109	*/
1110	static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat)
1111	{
1112	return (cdat->aead == EVP_CIPH_CCM_MODE
1113	\|\| cdat->aead == EVP_CIPH_CBC_MODE
1114	\|\| (cdat->aead == -1
1115	&& EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
1116	\|\| ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
1117	\|\| EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
1118	\|\| EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE
1119	\|\| EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
1120	\|\| EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1;
1121	}
1122
1123	static int cipher_test_run(EVP_TEST *t)
1124	{
1125	CIPHER_DATA *cdat = t->data;
1126	int rv, frag, fragmax, in_place;
1127	size_t out_misalign, inp_misalign;
1128
1129	TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
1130	if (!cdat->key) {
1131	t->err = "NO_KEY";
1132	return 0;
1133	}
1134	if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) {
1135	/* IV is optional and usually omitted in wrap mode */
1136	if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
1137	t->err = "NO_IV";
1138	return 0;
1139	}
1140	}
1141	if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
1142	t->err = "NO_TAG";
1143	return 0;
1144	}
1145
1146	fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1;
1147	for (in_place = 1; in_place >= 0; in_place--) {
1148	static char aux_err[64];
1149
1150	t->aux_err = aux_err;
1151	/* Test only in-place data processing */
1152	if (process_mode_in_place == 1 && in_place == 0)
1153	break;
1154
1155	for (frag = 0; frag <= fragmax; frag++) {
1156	for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
1157	for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) {
1158	/* Skip input misalign tests for in-place processing */
1159	if (inp_misalign == 1 && in_place == 1)
1160	break;
1161	if (in_place == 1) {
1162	BIO_snprintf(aux_err, sizeof(aux_err),
1163	"%s in-place, %sfragmented",
1164	out_misalign ? "misaligned" : "aligned",
1165	frag ? "" : "not ");
1166	} else {
1167	BIO_snprintf(aux_err, sizeof(aux_err),
1168	"%s output and %s input, %sfragmented",
1169	out_misalign ? "misaligned" : "aligned",
1170	inp_misalign ? "misaligned" : "aligned",
1171	frag ? "" : "not ");
1172	}
1173	if (cdat->enc) {
1174	rv = cipher_test_enc(t, 1, out_misalign, inp_misalign,
1175	frag, in_place);
1176	/* Not fatal errors: return */
1177	if (rv != 1) {
1178	if (rv < 0)
1179	return 0;
1180	return 1;
1181	}
1182	}
1183	if (cdat->enc != 1) {
1184	rv = cipher_test_enc(t, 0, out_misalign, inp_misalign,
1185	frag, in_place);
1186	/* Not fatal errors: return */
1187	if (rv != 1) {
1188	if (rv < 0)
1189	return 0;
1190	return 1;
1191	}
1192	}
1193	}
1194	}
1195	}
1196	}
1197	t->aux_err = NULL;
1198
1199	return 1;
1200	}
1201
1202	static const EVP_TEST_METHOD cipher_test_method = {
1203	"Cipher",
1204	cipher_test_init,
1205	cipher_test_cleanup,
1206	cipher_test_parse,
1207	cipher_test_run
1208	};
1209
1210
1211	/**
1212	** MAC TESTS
1213	**/
1214
1215	typedef struct mac_data_st {
1216	/* MAC type in one form or another */
1217	char *mac_name;
1218	EVP_MAC mac; / for mac_test_run_mac */
1219	int type; /* for mac_test_run_pkey */
1220	/* Algorithm string for this MAC */
1221	char *alg;
1222	/* MAC key */
1223	unsigned char *key;
1224	size_t key_len;
1225	/* MAC IV (GMAC) */
1226	unsigned char *iv;
1227	size_t iv_len;
1228	/* Input to MAC */
1229	unsigned char *input;
1230	size_t input_len;
1231	/* Expected output */
1232	unsigned char *output;
1233	size_t output_len;
1234	unsigned char *custom;
1235	size_t custom_len;
1236	/* MAC salt (blake2) */
1237	unsigned char *salt;
1238	size_t salt_len;
1239	/* XOF mode? */
1240	int xof;
1241	/* Reinitialization fails */
1242	int no_reinit;
1243	/* Collection of controls */
1244	STACK_OF(OPENSSL_STRING) *controls;
1245	/* Output size */
1246	int output_size;
1247	/* Block size */
1248	int block_size;
1249	} MAC_DATA;
1250
1251	static int mac_test_init(EVP_TEST t, const char alg)
1252	{
1253	EVP_MAC *mac = NULL;
1254	int type = NID_undef;
1255	MAC_DATA *mdat;
1256
1257	if (is_mac_disabled(alg)) {
1258	TEST_info("skipping, '%s' is disabled", alg);
1259	t->skip = 1;
1260	return 1;
1261	}
1262	if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) {
1263	/*
1264	* Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
1265	* For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
1266	* the EVP_PKEY method.
1267	*/
1268	size_t sz = strlen(alg);
1269	static const char epilogue[] = " by EVP_PKEY";
1270
1271	if (sz >= sizeof(epilogue)
1272	&& strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
1273	sz -= sizeof(epilogue) - 1;
1274
1275	if (strncmp(alg, "HMAC", sz) == 0)
1276	type = EVP_PKEY_HMAC;
1277	else if (strncmp(alg, "CMAC", sz) == 0)
1278	type = EVP_PKEY_CMAC;
1279	else if (strncmp(alg, "Poly1305", sz) == 0)
1280	type = EVP_PKEY_POLY1305;
1281	else if (strncmp(alg, "SipHash", sz) == 0)
1282	type = EVP_PKEY_SIPHASH;
1283	else
1284	return 0;
1285	}
1286
1287	if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
1288	return 0;
1289
1290	mdat->type = type;
1291	if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
1292	OPENSSL_free(mdat);
1293	return 0;
1294	}
1295
1296	mdat->mac = mac;
1297	if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
1298	OPENSSL_free(mdat->mac_name);
1299	OPENSSL_free(mdat);
1300	return 0;
1301	}
1302
1303	mdat->output_size = mdat->block_size = -1;
1304	t->data = mdat;
1305	return 1;
1306	}
1307
1308	/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
1309	static void openssl_free(char *m)
1310	{
1311	OPENSSL_free(m);
1312	}
1313
1314	static void mac_test_cleanup(EVP_TEST *t)
1315	{
1316	MAC_DATA *mdat = t->data;
1317
1318	EVP_MAC_free(mdat->mac);
1319	OPENSSL_free(mdat->mac_name);
1320	sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
1321	OPENSSL_free(mdat->alg);
1322	OPENSSL_free(mdat->key);
1323	OPENSSL_free(mdat->iv);
1324	OPENSSL_free(mdat->custom);
1325	OPENSSL_free(mdat->salt);
1326	OPENSSL_free(mdat->input);
1327	OPENSSL_free(mdat->output);
1328	}
1329
1330	static int mac_test_parse(EVP_TEST *t,
1331	const char keyword, const char value)
1332	{
1333	MAC_DATA *mdata = t->data;
1334
1335	if (strcmp(keyword, "Key") == 0)
1336	return parse_bin(value, &mdata->key, &mdata->key_len);
1337	if (strcmp(keyword, "IV") == 0)
1338	return parse_bin(value, &mdata->iv, &mdata->iv_len);
1339	if (strcmp(keyword, "Custom") == 0)
1340	return parse_bin(value, &mdata->custom, &mdata->custom_len);
1341	if (strcmp(keyword, "Salt") == 0)
1342	return parse_bin(value, &mdata->salt, &mdata->salt_len);
1343	if (strcmp(keyword, "Algorithm") == 0) {
1344	mdata->alg = OPENSSL_strdup(value);
1345	if (mdata->alg == NULL)
1346	return -1;
1347	return 1;
1348	}
1349	if (strcmp(keyword, "Input") == 0)
1350	return parse_bin(value, &mdata->input, &mdata->input_len);
1351	if (strcmp(keyword, "Output") == 0)
1352	return parse_bin(value, &mdata->output, &mdata->output_len);
1353	if (strcmp(keyword, "XOF") == 0)
1354	return mdata->xof = 1;
1355	if (strcmp(keyword, "NoReinit") == 0)
1356	return mdata->no_reinit = 1;
1357	if (strcmp(keyword, "Ctrl") == 0) {
1358	char *data = OPENSSL_strdup(value);
1359
1360	if (data == NULL)
1361	return -1;
1362	return sk_OPENSSL_STRING_push(mdata->controls, data) != 0;
1363	}
1364	if (strcmp(keyword, "OutputSize") == 0) {
1365	mdata->output_size = atoi(value);
1366	if (mdata->output_size < 0)
1367	return -1;
1368	return 1;
1369	}
1370	if (strcmp(keyword, "BlockSize") == 0) {
1371	mdata->block_size = atoi(value);
1372	if (mdata->block_size < 0)
1373	return -1;
1374	return 1;
1375	}
1376	return 0;
1377	}
1378
1379	static int mac_test_ctrl_pkey(EVP_TEST t, EVP_PKEY_CTX pctx,
1380	const char *value)
1381	{
1382	int rv = 0;
1383	char p, tmpval;
1384
1385	if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1386	return 0;
1387	p = strchr(tmpval, ':');
1388	if (p != NULL) {
1389	*p++ = '\0';
1390	rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1391	}
1392	if (rv == -2)
1393	t->err = "PKEY_CTRL_INVALID";
1394	else if (rv <= 0)
1395	t->err = "PKEY_CTRL_ERROR";
1396	else
1397	rv = 1;
1398	OPENSSL_free(tmpval);
1399	return rv > 0;
1400	}
1401
1402	static int mac_test_run_pkey(EVP_TEST *t)
1403	{
1404	MAC_DATA *expected = t->data;
1405	EVP_MD_CTX *mctx = NULL;
1406	EVP_PKEY_CTX pctx = NULL, genctx = NULL;
1407	EVP_PKEY *key = NULL;
1408	const char *mdname = NULL;
1409	EVP_CIPHER *cipher = NULL;
1410	unsigned char *got = NULL;
1411	size_t got_len;
1412	int i;
1413
1414	/* We don't do XOF mode via PKEY */
1415	if (expected->xof)
1416	return 1;
1417
1418	if (expected->alg == NULL)
1419	TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1420	else
1421	TEST_info("Trying the EVP_PKEY %s test with %s",
1422	OBJ_nid2sn(expected->type), expected->alg);
1423
1424	if (expected->type == EVP_PKEY_CMAC) {
1425	#ifdef OPENSSL_NO_DEPRECATED_3_0
1426	TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1427	t->skip = 1;
1428	t->err = NULL;
1429	goto err;
1430	#else
1431	OSSL_LIB_CTX *tmpctx;
1432
1433	if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
1434	TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1435	t->skip = 1;
1436	t->err = NULL;
1437	goto err;
1438	}
1439	if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) {
1440	t->err = "MAC_KEY_CREATE_ERROR";
1441	goto err;
1442	}
1443	tmpctx = OSSL_LIB_CTX_set0_default(libctx);
1444	key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1445	cipher);
1446	OSSL_LIB_CTX_set0_default(tmpctx);
1447	#endif
1448	} else {
1449	key = EVP_PKEY_new_raw_private_key_ex(libctx,
1450	OBJ_nid2sn(expected->type), NULL,
1451	expected->key, expected->key_len);
1452	}
1453	if (key == NULL) {
1454	t->err = "MAC_KEY_CREATE_ERROR";
1455	goto err;
1456	}
1457
1458	if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
1459	if (is_digest_disabled(expected->alg)) {
1460	TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
1461	t->skip = 1;
1462	t->err = NULL;
1463	goto err;
1464	}
1465	mdname = expected->alg;
1466	}
1467	if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1468	t->err = "INTERNAL_ERROR";
1469	goto err;
1470	}
1471	if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
1472	t->err = "DIGESTSIGNINIT_ERROR";
1473	goto err;
1474	}
1475	for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
1476	if (!mac_test_ctrl_pkey(t, pctx,
1477	sk_OPENSSL_STRING_value(expected->controls,
1478	i))) {
1479	t->err = "EVPPKEYCTXCTRL_ERROR";
1480	goto err;
1481	}
1482	if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
1483	t->err = "DIGESTSIGNUPDATE_ERROR";
1484	goto err;
1485	}
1486	if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
1487	t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1488	goto err;
1489	}
1490	if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1491	t->err = "TEST_FAILURE";
1492	goto err;
1493	}
1494	if (!EVP_DigestSignFinal(mctx, got, &got_len)
1495	\|\| !memory_err_compare(t, "TEST_MAC_ERR",
1496	expected->output, expected->output_len,
1497	got, got_len)) {
1498	t->err = "TEST_MAC_ERR";
1499	goto err;
1500	}
1501	t->err = NULL;
1502	err:
1503	EVP_CIPHER_free(cipher);
1504	EVP_MD_CTX_free(mctx);
1505	OPENSSL_free(got);
1506	EVP_PKEY_CTX_free(genctx);
1507	EVP_PKEY_free(key);
1508	return 1;
1509	}
1510
1511	static int mac_test_run_mac(EVP_TEST *t)
1512	{
1513	MAC_DATA *expected = t->data;
1514	EVP_MAC_CTX *ctx = NULL;
1515	unsigned char *got = NULL;
1516	size_t got_len = 0, size = 0;
1517	size_t size_before_init = 0, size_after_init, size_val = 0;
1518	int i, block_size = -1, output_size = -1;
1519	OSSL_PARAM params[21], sizes[3], *psizes = sizes;
1520	size_t params_n = 0;
1521	size_t params_n_allocstart = 0;
1522	const OSSL_PARAM *defined_params =
1523	EVP_MAC_settable_ctx_params(expected->mac);
1524	int xof;
1525	int reinit = 1;
1526
1527	if (expected->alg == NULL)
1528	TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
1529	else
1530	TEST_info("Trying the EVP_MAC %s test with %s",
1531	expected->mac_name, expected->alg);
1532
1533	if (expected->alg != NULL) {
1534	int skip = 0;
1535
1536	/*
1537	* The underlying algorithm may be a cipher or a digest.
1538	* We don't know which it is, but we can ask the MAC what it
1539	* should be and bet on that.
1540	*/
1541	if (OSSL_PARAM_locate_const(defined_params,
1542	OSSL_MAC_PARAM_CIPHER) != NULL) {
1543	if (is_cipher_disabled(expected->alg))
1544	skip = 1;
1545	else
1546	params[params_n++] =
1547	OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
1548	expected->alg, 0);
1549	} else if (OSSL_PARAM_locate_const(defined_params,
1550	OSSL_MAC_PARAM_DIGEST) != NULL) {
1551	if (is_digest_disabled(expected->alg))
1552	skip = 1;
1553	else
1554	params[params_n++] =
1555	OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1556	expected->alg, 0);
1557	} else {
1558	t->err = "MAC_BAD_PARAMS";
1559	goto err;
1560	}
1561	if (skip) {
1562	TEST_info("skipping, algorithm '%s' is disabled", expected->alg);
1563	t->skip = 1;
1564	t->err = NULL;
1565	goto err;
1566	}
1567	}
1568	if (expected->custom != NULL)
1569	params[params_n++] =
1570	OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1571	expected->custom,
1572	expected->custom_len);
1573	if (expected->salt != NULL)
1574	params[params_n++] =
1575	OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1576	expected->salt,
1577	expected->salt_len);
1578	if (expected->iv != NULL)
1579	params[params_n++] =
1580	OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1581	expected->iv,
1582	expected->iv_len);
1583
1584	/* Unknown controls. They must match parameters that the MAC recognizes */
1585	if (params_n + sk_OPENSSL_STRING_num(expected->controls)
1586	>= OSSL_NELEM(params)) {
1587	t->err = "MAC_TOO_MANY_PARAMETERS";
1588	goto err;
1589	}
1590	params_n_allocstart = params_n;
1591	for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
1592	char tmpkey, tmpval;
1593	char *value = sk_OPENSSL_STRING_value(expected->controls, i);
1594
1595	if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
1596	t->err = "MAC_PARAM_ERROR";
1597	goto err;
1598	}
1599	tmpval = strchr(tmpkey, ':');
1600	if (tmpval != NULL)
1601	*tmpval++ = '\0';
1602
1603	if (tmpval == NULL
1604	\|\| !OSSL_PARAM_allocate_from_text(&params[params_n],
1605	defined_params,
1606	tmpkey, tmpval,
1607	strlen(tmpval), NULL)) {
1608	OPENSSL_free(tmpkey);
1609	t->err = "MAC_PARAM_ERROR";
1610	goto err;
1611	}
1612	params_n++;
1613
1614	if (strcmp(tmpkey, "size") == 0)
1615	size_val = (size_t)strtoul(tmpval, NULL, 0);
1616
1617	OPENSSL_free(tmpkey);
1618	}
1619	params[params_n] = OSSL_PARAM_construct_end();
1620
1621	if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
1622	t->err = "MAC_CREATE_ERROR";
1623	goto err;
1624	}
1625	if (fips_provider_version_gt(libctx, 3, 2, 0))
1626	size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
1627	if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
1628	t->err = "MAC_INIT_ERROR";
1629	goto err;
1630	}
1631	size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
1632	if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
1633	t->err = "MAC SIZE not set";
1634	goto err;
1635	}
1636	if (size_before_init != 0) {
1637	/* mac-size not modified by init params */
1638	if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
1639	t->err = "MAC SIZE check failed";
1640	goto err;
1641	}
1642	/* mac-size modified by init params */
1643	if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
1644	t->err = "MAC SIZE check failed";
1645	goto err;
1646	}
1647	}
1648	if (expected->output_size >= 0)
1649	*psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
1650	&output_size);
1651	if (expected->block_size >= 0)
1652	*psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
1653	&block_size);
1654	if (psizes != sizes) {
1655	*psizes = OSSL_PARAM_construct_end();
1656	if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
1657	t->err = "INTERNAL_ERROR";
1658	goto err;
1659	}
1660	if (expected->output_size >= 0
1661	&& !TEST_int_eq(output_size, expected->output_size)) {
1662	t->err = "TEST_FAILURE";
1663	goto err;
1664	}
1665	if (expected->block_size >= 0
1666	&& !TEST_int_eq(block_size, expected->block_size)) {
1667	t->err = "TEST_FAILURE";
1668	goto err;
1669	}
1670	}
1671	retry:
1672	if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
1673	t->err = "MAC_UPDATE_ERROR";
1674	goto err;
1675	}
1676	xof = expected->xof;
1677	if (xof) {
1678	if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
1679	t->err = "TEST_FAILURE";
1680	goto err;
1681	}
1682	if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
1683	\|\| !memory_err_compare(t, "TEST_MAC_ERR",
1684	expected->output, expected->output_len,
1685	got, expected->output_len)) {
1686	t->err = "MAC_FINAL_ERROR";
1687	goto err;
1688	}
1689	} else {
1690	if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
1691	t->err = "MAC_FINAL_LENGTH_ERROR";
1692	goto err;
1693	}
1694	if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1695	t->err = "TEST_FAILURE";
1696	goto err;
1697	}
1698	if (!EVP_MAC_final(ctx, got, &got_len, got_len)
1699	\|\| !memory_err_compare(t, "TEST_MAC_ERR",
1700	expected->output, expected->output_len,
1701	got, got_len)) {
1702	t->err = "TEST_MAC_ERR";
1703	goto err;
1704	}
1705	}
1706	/* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */
1707	if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) {
1708	OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1709	int ret;
1710
1711	/* If the MAC uses IV, we have to set it again */
1712	if (expected->iv != NULL) {
1713	ivparams[0] =
1714	OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1715	expected->iv,
1716	expected->iv_len);
1717	ivparams[1] = OSSL_PARAM_construct_end();
1718	}
1719	ERR_set_mark();
1720	ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
1721	if (expected->no_reinit) {
1722	if (ret) {
1723	ERR_clear_last_mark();
1724	t->err = "MAC_REINIT_SHOULD_FAIL";
1725	goto err;
1726	}
1727	} else if (ret) {
1728	ERR_clear_last_mark();
1729	OPENSSL_free(got);
1730	got = NULL;
1731	goto retry;
1732	} else {
1733	ERR_clear_last_mark();
1734	t->err = "MAC_REINIT_ERROR";
1735	goto err;
1736	}
1737	/* If reinitialization fails, it is unsupported by the algorithm */
1738	ERR_pop_to_mark();
1739	}
1740	t->err = NULL;
1741
1742	/* Test the EVP_Q_mac interface as well */
1743	if (!xof) {
1744	OPENSSL_cleanse(got, got_len);
1745	if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
1746	expected->alg, params,
1747	expected->key, expected->key_len,
1748	expected->input, expected->input_len,
1749	got, got_len, &size))
1750	\|\| !TEST_mem_eq(got, size,
1751	expected->output, expected->output_len)) {
1752	t->err = "EVP_Q_mac failed";
1753	goto err;
1754	}
1755	}
1756	err:
1757	while (params_n-- > params_n_allocstart) {
1758	OPENSSL_free(params[params_n].data);
1759	}
1760	EVP_MAC_CTX_free(ctx);
1761	OPENSSL_free(got);
1762	return 1;
1763	}
1764
1765	static int mac_test_run(EVP_TEST *t)
1766	{
1767	MAC_DATA *expected = t->data;
1768
1769	if (expected->mac != NULL)
1770	return mac_test_run_mac(t);
1771	return mac_test_run_pkey(t);
1772	}
1773
1774	static const EVP_TEST_METHOD mac_test_method = {
1775	"MAC",
1776	mac_test_init,
1777	mac_test_cleanup,
1778	mac_test_parse,
1779	mac_test_run
1780	};
1781
1782
1783	/**
1784	** PUBLIC KEY TESTS
1785	** These are all very similar and share much common code.
1786	**/
1787
1788	typedef struct pkey_data_st {
1789	/* Context for this operation */
1790	EVP_PKEY_CTX *ctx;
1791	/* Key operation to perform */
1792	int (keyop) (EVP_PKEY_CTX ctx,
1793	unsigned char sig, size_t siglen,
1794	const unsigned char *tbs, size_t tbslen);
1795	/* Input to MAC */
1796	unsigned char *input;
1797	size_t input_len;
1798	/* Expected output */
1799	unsigned char *output;
1800	size_t output_len;
1801	} PKEY_DATA;
1802
1803	/*
1804	* Perform public key operation setup: lookup key, allocated ctx and call
1805	* the appropriate initialisation function
1806	*/
1807	static int pkey_test_init(EVP_TEST t, const char name,
1808	int use_public,
1809	int (keyopinit) (EVP_PKEY_CTX ctx),
1810	int (keyop)(EVP_PKEY_CTX ctx,
1811	unsigned char sig, size_t siglen,
1812	const unsigned char *tbs,
1813	size_t tbslen))
1814	{
1815	PKEY_DATA *kdata;
1816	EVP_PKEY *pkey = NULL;
1817	int rv = 0;
1818
1819	if (use_public)
1820	rv = find_key(&pkey, name, public_keys);
1821	if (rv == 0)
1822	rv = find_key(&pkey, name, private_keys);
1823	if (rv == 0 \|\| pkey == NULL) {
1824	TEST_info("skipping, key '%s' is disabled", name);
1825	t->skip = 1;
1826	return 1;
1827	}
1828
1829	if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
1830	EVP_PKEY_free(pkey);
1831	return 0;
1832	}
1833	kdata->keyop = keyop;
1834	if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) {
1835	EVP_PKEY_free(pkey);
1836	OPENSSL_free(kdata);
1837	return 0;
1838	}
1839	if (keyopinit(kdata->ctx) <= 0)
1840	t->err = "KEYOP_INIT_ERROR";
1841	t->data = kdata;
1842	return 1;
1843	}
1844
1845	static void pkey_test_cleanup(EVP_TEST *t)
1846	{
1847	PKEY_DATA *kdata = t->data;
1848
1849	OPENSSL_free(kdata->input);
1850	OPENSSL_free(kdata->output);
1851	EVP_PKEY_CTX_free(kdata->ctx);
1852	}
1853
1854	static int pkey_test_ctrl(EVP_TEST t, EVP_PKEY_CTX pctx,
1855	const char *value)
1856	{
1857	int rv = 0;
1858	char p, tmpval;
1859
1860	if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1861	return 0;
1862	p = strchr(tmpval, ':');
1863	if (p != NULL) {
1864	*p++ = '\0';
1865	rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1866	}
1867	if (rv == -2) {
1868	t->err = "PKEY_CTRL_INVALID";
1869	rv = 1;
1870	} else if (p != NULL && rv <= 0) {
1871	if (is_digest_disabled(p) \|\| is_cipher_disabled(p)) {
1872	TEST_info("skipping, '%s' is disabled", p);
1873	t->skip = 1;
1874	rv = 1;
1875	} else {
1876	t->err = "PKEY_CTRL_ERROR";
1877	rv = 1;
1878	}
1879	}
1880	OPENSSL_free(tmpval);
1881	return rv > 0;
1882	}
1883
1884	static int pkey_test_parse(EVP_TEST *t,
1885	const char keyword, const char value)
1886	{
1887	PKEY_DATA *kdata = t->data;
1888	if (strcmp(keyword, "Input") == 0)
1889	return parse_bin(value, &kdata->input, &kdata->input_len);
1890	if (strcmp(keyword, "Output") == 0)
1891	return parse_bin(value, &kdata->output, &kdata->output_len);
1892	if (strcmp(keyword, "Ctrl") == 0)
1893	return pkey_test_ctrl(t, kdata->ctx, value);
1894	return 0;
1895	}
1896
1897	static int pkey_test_run(EVP_TEST *t)
1898	{
1899	PKEY_DATA *expected = t->data;
1900	unsigned char *got = NULL;
1901	size_t got_len;
1902	EVP_PKEY_CTX *copy = NULL;
1903
1904	if (expected->keyop(expected->ctx, NULL, &got_len,
1905	expected->input, expected->input_len) <= 0
1906	\|\| !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1907	t->err = "KEYOP_LENGTH_ERROR";
1908	goto err;
1909	}
1910	if (expected->keyop(expected->ctx, got, &got_len,
1911	expected->input, expected->input_len) <= 0) {
1912	t->err = "KEYOP_ERROR";
1913	goto err;
1914	}
1915	if (!memory_err_compare(t, "KEYOP_MISMATCH",
1916	expected->output, expected->output_len,
1917	got, got_len))
1918	goto err;
1919
1920	t->err = NULL;
1921	OPENSSL_free(got);
1922	got = NULL;
1923
1924	/* Repeat the test on a copy. */
1925	if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
1926	t->err = "INTERNAL_ERROR";
1927	goto err;
1928	}
1929	if (expected->keyop(copy, NULL, &got_len, expected->input,
1930	expected->input_len) <= 0
1931	\|\| !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1932	t->err = "KEYOP_LENGTH_ERROR";
1933	goto err;
1934	}
1935	if (expected->keyop(copy, got, &got_len, expected->input,
1936	expected->input_len) <= 0) {
1937	t->err = "KEYOP_ERROR";
1938	goto err;
1939	}
1940	if (!memory_err_compare(t, "KEYOP_MISMATCH",
1941	expected->output, expected->output_len,
1942	got, got_len))
1943	goto err;
1944
1945	err:
1946	OPENSSL_free(got);
1947	EVP_PKEY_CTX_free(copy);
1948	return 1;
1949	}
1950
1951	static int sign_test_init(EVP_TEST t, const char name)
1952	{
1953	return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
1954	}
1955
1956	static const EVP_TEST_METHOD psign_test_method = {
1957	"Sign",
1958	sign_test_init,
1959	pkey_test_cleanup,
1960	pkey_test_parse,
1961	pkey_test_run
1962	};
1963
1964	static int verify_recover_test_init(EVP_TEST t, const char name)
1965	{
1966	return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
1967	EVP_PKEY_verify_recover);
1968	}
1969
1970	static const EVP_TEST_METHOD pverify_recover_test_method = {
1971	"VerifyRecover",
1972	verify_recover_test_init,
1973	pkey_test_cleanup,
1974	pkey_test_parse,
1975	pkey_test_run
1976	};
1977
1978	static int decrypt_test_init(EVP_TEST t, const char name)
1979	{
1980	return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
1981	EVP_PKEY_decrypt);
1982	}
1983
1984	static const EVP_TEST_METHOD pdecrypt_test_method = {
1985	"Decrypt",
1986	decrypt_test_init,
1987	pkey_test_cleanup,
1988	pkey_test_parse,
1989	pkey_test_run
1990	};
1991
1992	static int verify_test_init(EVP_TEST t, const char name)
1993	{
1994	return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
1995	}
1996
1997	static int verify_test_run(EVP_TEST *t)
1998	{
1999	PKEY_DATA *kdata = t->data;
2000
2001	if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
2002	kdata->input, kdata->input_len) <= 0)
2003	t->err = "VERIFY_ERROR";
2004	return 1;
2005	}
2006
2007	static const EVP_TEST_METHOD pverify_test_method = {
2008	"Verify",
2009	verify_test_init,
2010	pkey_test_cleanup,
2011	pkey_test_parse,
2012	verify_test_run
2013	};
2014
2015	static int pderive_test_init(EVP_TEST t, const char name)
2016	{
2017	return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
2018	}
2019
2020	static int pderive_test_parse(EVP_TEST *t,
2021	const char keyword, const char value)
2022	{
2023	PKEY_DATA *kdata = t->data;
2024	int validate = 0;
2025
2026	if (strcmp(keyword, "PeerKeyValidate") == 0)
2027	validate = 1;
2028
2029	if (validate \|\| strcmp(keyword, "PeerKey") == 0) {
2030	EVP_PKEY *peer;
2031	if (find_key(&peer, value, public_keys) == 0)
2032	return -1;
2033	if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) {
2034	t->err = "DERIVE_SET_PEER_ERROR";
2035	return 1;
2036	}
2037	t->err = NULL;
2038	return 1;
2039	}
2040	if (strcmp(keyword, "SharedSecret") == 0)
2041	return parse_bin(value, &kdata->output, &kdata->output_len);
2042	if (strcmp(keyword, "Ctrl") == 0)
2043	return pkey_test_ctrl(t, kdata->ctx, value);
2044	if (strcmp(keyword, "KDFType") == 0) {
2045	OSSL_PARAM params[2];
2046
2047	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
2048	(char *)value, 0);
2049	params[1] = OSSL_PARAM_construct_end();
2050	if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2051	return -1;
2052	return 1;
2053	}
2054	if (strcmp(keyword, "KDFDigest") == 0) {
2055	OSSL_PARAM params[2];
2056
2057	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
2058	(char *)value, 0);
2059	params[1] = OSSL_PARAM_construct_end();
2060	if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2061	return -1;
2062	return 1;
2063	}
2064	if (strcmp(keyword, "CEKAlg") == 0) {
2065	OSSL_PARAM params[2];
2066
2067	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
2068	(char *)value, 0);
2069	params[1] = OSSL_PARAM_construct_end();
2070	if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2071	return -1;
2072	return 1;
2073	}
2074	if (strcmp(keyword, "KDFOutlen") == 0) {
2075	OSSL_PARAM params[2];
2076	char *endptr;
2077	size_t outlen = (size_t)strtoul(value, &endptr, 0);
2078
2079	if (endptr[0] != '\0')
2080	return -1;
2081
2082	params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
2083	&outlen);
2084	params[1] = OSSL_PARAM_construct_end();
2085	if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2086	return -1;
2087	return 1;
2088	}
2089	return 0;
2090	}
2091
2092	static int pderive_test_run(EVP_TEST *t)
2093	{
2094	EVP_PKEY_CTX *dctx = NULL;
2095	PKEY_DATA *expected = t->data;
2096	unsigned char *got = NULL;
2097	size_t got_len;
2098
2099	if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
2100	t->err = "DERIVE_ERROR";
2101	goto err;
2102	}
2103
2104	if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
2105	\|\| !TEST_size_t_ne(got_len, 0)) {
2106	t->err = "DERIVE_ERROR";
2107	goto err;
2108	}
2109	if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2110	t->err = "DERIVE_ERROR";
2111	goto err;
2112	}
2113	if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
2114	t->err = "DERIVE_ERROR";
2115	goto err;
2116	}
2117	if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
2118	expected->output, expected->output_len,
2119	got, got_len))
2120	goto err;
2121
2122	t->err = NULL;
2123	err:
2124	OPENSSL_free(got);
2125	EVP_PKEY_CTX_free(dctx);
2126	return 1;
2127	}
2128
2129	static const EVP_TEST_METHOD pderive_test_method = {
2130	"Derive",
2131	pderive_test_init,
2132	pkey_test_cleanup,
2133	pderive_test_parse,
2134	pderive_test_run
2135	};
2136
2137
2138	/**
2139	** PBE TESTS
2140	**/
2141
2142	typedef enum pbe_type_enum {
2143	PBE_TYPE_INVALID = 0,
2144	PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
2145	} PBE_TYPE;
2146
2147	typedef struct pbe_data_st {
2148	PBE_TYPE pbe_type;
2149	/* scrypt parameters */
2150	uint64_t N, r, p, maxmem;
2151	/* PKCS#12 parameters */
2152	int id, iter;
2153	const EVP_MD *md;
2154	/* password */
2155	unsigned char *pass;
2156	size_t pass_len;
2157	/* salt */
2158	unsigned char *salt;
2159	size_t salt_len;
2160	/* Expected output */
2161	unsigned char *key;
2162	size_t key_len;
2163	} PBE_DATA;
2164
2165	#ifndef OPENSSL_NO_SCRYPT
2166	/* Parse unsigned decimal 64 bit integer value */
2167	static int parse_uint64(const char value, uint64_t pr)
2168	{
2169	const char *p = value;
2170
2171	if (!TEST_true(*p)) {
2172	TEST_info("Invalid empty integer value");
2173	return -1;
2174	}
2175	for (pr = 0; p; ) {
2176	if (*pr > UINT64_MAX / 10) {
2177	TEST_error("Integer overflow in string %s", value);
2178	return -1;
2179	}
2180	pr = 10;
2181	if (!TEST_true(isdigit((unsigned char)*p))) {
2182	TEST_error("Invalid character in string %s", value);
2183	return -1;
2184	}
2185	pr += p - '0';
2186	p++;
2187	}
2188	return 1;
2189	}
2190
2191	static int scrypt_test_parse(EVP_TEST *t,
2192	const char keyword, const char value)
2193	{
2194	PBE_DATA *pdata = t->data;
2195
2196	if (strcmp(keyword, "N") == 0)
2197	return parse_uint64(value, &pdata->N);
2198	if (strcmp(keyword, "p") == 0)
2199	return parse_uint64(value, &pdata->p);
2200	if (strcmp(keyword, "r") == 0)
2201	return parse_uint64(value, &pdata->r);
2202	if (strcmp(keyword, "maxmem") == 0)
2203	return parse_uint64(value, &pdata->maxmem);
2204	return 0;
2205	}
2206	#endif
2207
2208	static int pbkdf2_test_parse(EVP_TEST *t,
2209	const char keyword, const char value)
2210	{
2211	PBE_DATA *pdata = t->data;
2212
2213	if (strcmp(keyword, "iter") == 0) {
2214	pdata->iter = atoi(value);
2215	if (pdata->iter <= 0)
2216	return -1;
2217	return 1;
2218	}
2219	if (strcmp(keyword, "MD") == 0) {
2220	pdata->md = EVP_get_digestbyname(value);
2221	if (pdata->md == NULL)
2222	return -1;
2223	return 1;
2224	}
2225	return 0;
2226	}
2227
2228	static int pkcs12_test_parse(EVP_TEST *t,
2229	const char keyword, const char value)
2230	{
2231	PBE_DATA *pdata = t->data;
2232
2233	if (strcmp(keyword, "id") == 0) {
2234	pdata->id = atoi(value);
2235	if (pdata->id <= 0)
2236	return -1;
2237	return 1;
2238	}
2239	return pbkdf2_test_parse(t, keyword, value);
2240	}
2241
2242	static int pbe_test_init(EVP_TEST t, const char alg)
2243	{
2244	PBE_DATA *pdat;
2245	PBE_TYPE pbe_type = PBE_TYPE_INVALID;
2246
2247	if (is_kdf_disabled(alg)) {
2248	TEST_info("skipping, '%s' is disabled", alg);
2249	t->skip = 1;
2250	return 1;
2251	}
2252	if (strcmp(alg, "scrypt") == 0) {
2253	pbe_type = PBE_TYPE_SCRYPT;
2254	} else if (strcmp(alg, "pbkdf2") == 0) {
2255	pbe_type = PBE_TYPE_PBKDF2;
2256	} else if (strcmp(alg, "pkcs12") == 0) {
2257	pbe_type = PBE_TYPE_PKCS12;
2258	} else {
2259	TEST_error("Unknown pbe algorithm %s", alg);
2260	return 0;
2261	}
2262	if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
2263	return 0;
2264	pdat->pbe_type = pbe_type;
2265	t->data = pdat;
2266	return 1;
2267	}
2268
2269	static void pbe_test_cleanup(EVP_TEST *t)
2270	{
2271	PBE_DATA *pdat = t->data;
2272
2273	OPENSSL_free(pdat->pass);
2274	OPENSSL_free(pdat->salt);
2275	OPENSSL_free(pdat->key);
2276	}
2277
2278	static int pbe_test_parse(EVP_TEST *t,
2279	const char keyword, const char value)
2280	{
2281	PBE_DATA *pdata = t->data;
2282
2283	if (strcmp(keyword, "Password") == 0)
2284	return parse_bin(value, &pdata->pass, &pdata->pass_len);
2285	if (strcmp(keyword, "Salt") == 0)
2286	return parse_bin(value, &pdata->salt, &pdata->salt_len);
2287	if (strcmp(keyword, "Key") == 0)
2288	return parse_bin(value, &pdata->key, &pdata->key_len);
2289	if (pdata->pbe_type == PBE_TYPE_PBKDF2)
2290	return pbkdf2_test_parse(t, keyword, value);
2291	else if (pdata->pbe_type == PBE_TYPE_PKCS12)
2292	return pkcs12_test_parse(t, keyword, value);
2293	#ifndef OPENSSL_NO_SCRYPT
2294	else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
2295	return scrypt_test_parse(t, keyword, value);
2296	#endif
2297	return 0;
2298	}
2299
2300	static int pbe_test_run(EVP_TEST *t)
2301	{
2302	PBE_DATA *expected = t->data;
2303	unsigned char *key;
2304	EVP_MD *fetched_digest = NULL;
2305	OSSL_LIB_CTX *save_libctx;
2306
2307	save_libctx = OSSL_LIB_CTX_set0_default(libctx);
2308
2309	if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
2310	t->err = "INTERNAL_ERROR";
2311	goto err;
2312	}
2313	if (expected->pbe_type == PBE_TYPE_PBKDF2) {
2314	if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
2315	expected->salt, expected->salt_len,
2316	expected->iter, expected->md,
2317	expected->key_len, key) == 0) {
2318	t->err = "PBKDF2_ERROR";
2319	goto err;
2320	}
2321	#ifndef OPENSSL_NO_SCRYPT
2322	} else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
2323	if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
2324	expected->salt, expected->salt_len,
2325	expected->N, expected->r, expected->p,
2326	expected->maxmem, key, expected->key_len) == 0) {
2327	t->err = "SCRYPT_ERROR";
2328	goto err;
2329	}
2330	#endif
2331	} else if (expected->pbe_type == PBE_TYPE_PKCS12) {
2332	fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
2333	propquery);
2334	if (fetched_digest == NULL) {
2335	t->err = "PKCS12_ERROR";
2336	goto err;
2337	}
2338	if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
2339	expected->salt, expected->salt_len,
2340	expected->id, expected->iter, expected->key_len,
2341	key, fetched_digest) == 0) {
2342	t->err = "PKCS12_ERROR";
2343	goto err;
2344	}
2345	}
2346	if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
2347	key, expected->key_len))
2348	goto err;
2349
2350	t->err = NULL;
2351	err:
2352	EVP_MD_free(fetched_digest);
2353	OPENSSL_free(key);
2354	OSSL_LIB_CTX_set0_default(save_libctx);
2355	return 1;
2356	}
2357
2358	static const EVP_TEST_METHOD pbe_test_method = {
2359	"PBE",
2360	pbe_test_init,
2361	pbe_test_cleanup,
2362	pbe_test_parse,
2363	pbe_test_run
2364	};
2365
2366
2367	/**
2368	** BASE64 TESTS
2369	**/
2370
2371	typedef enum {
2372	BASE64_CANONICAL_ENCODING = 0,
2373	BASE64_VALID_ENCODING = 1,
2374	BASE64_INVALID_ENCODING = 2
2375	} base64_encoding_type;
2376
2377	typedef struct encode_data_st {
2378	/* Input to encoding */
2379	unsigned char *input;
2380	size_t input_len;
2381	/* Expected output */
2382	unsigned char *output;
2383	size_t output_len;
2384	base64_encoding_type encoding;
2385	} ENCODE_DATA;
2386
2387	static int encode_test_init(EVP_TEST t, const char encoding)
2388	{
2389	ENCODE_DATA *edata;
2390
2391	if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
2392	return 0;
2393	if (strcmp(encoding, "canonical") == 0) {
2394	edata->encoding = BASE64_CANONICAL_ENCODING;
2395	} else if (strcmp(encoding, "valid") == 0) {
2396	edata->encoding = BASE64_VALID_ENCODING;
2397	} else if (strcmp(encoding, "invalid") == 0) {
2398	edata->encoding = BASE64_INVALID_ENCODING;
2399	if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
2400	goto err;
2401	} else {
2402	TEST_error("Bad encoding: %s."
2403	" Should be one of {canonical, valid, invalid}",
2404	encoding);
2405	goto err;
2406	}
2407	t->data = edata;
2408	return 1;
2409	err:
2410	OPENSSL_free(edata);
2411	return 0;
2412	}
2413
2414	static void encode_test_cleanup(EVP_TEST *t)
2415	{
2416	ENCODE_DATA *edata = t->data;
2417
2418	OPENSSL_free(edata->input);
2419	OPENSSL_free(edata->output);
2420	memset(edata, 0, sizeof(*edata));
2421	}
2422
2423	static int encode_test_parse(EVP_TEST *t,
2424	const char keyword, const char value)
2425	{
2426	ENCODE_DATA *edata = t->data;
2427
2428	if (strcmp(keyword, "Input") == 0)
2429	return parse_bin(value, &edata->input, &edata->input_len);
2430	if (strcmp(keyword, "Output") == 0)
2431	return parse_bin(value, &edata->output, &edata->output_len);
2432	return 0;
2433	}
2434
2435	static int encode_test_run(EVP_TEST *t)
2436	{
2437	ENCODE_DATA *expected = t->data;
2438	unsigned char encode_out = NULL, decode_out = NULL;
2439	int output_len, chunk_len;
2440	EVP_ENCODE_CTX decode_ctx = NULL, encode_ctx = NULL;
2441
2442	if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
2443	t->err = "INTERNAL_ERROR";
2444	goto err;
2445	}
2446
2447	if (expected->encoding == BASE64_CANONICAL_ENCODING) {
2448
2449	if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
2450	\|\| !TEST_ptr(encode_out =
2451	OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
2452	goto err;
2453
2454	EVP_EncodeInit(encode_ctx);
2455	if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
2456	expected->input, expected->input_len)))
2457	goto err;
2458
2459	output_len = chunk_len;
2460
2461	EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
2462	output_len += chunk_len;
2463
2464	if (!memory_err_compare(t, "BAD_ENCODING",
2465	expected->output, expected->output_len,
2466	encode_out, output_len))
2467	goto err;
2468	}
2469
2470	if (!TEST_ptr(decode_out =
2471	OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
2472	goto err;
2473
2474	EVP_DecodeInit(decode_ctx);
2475	if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output,
2476	expected->output_len) < 0) {
2477	t->err = "DECODE_ERROR";
2478	goto err;
2479	}
2480	output_len = chunk_len;
2481
2482	if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
2483	t->err = "DECODE_ERROR";
2484	goto err;
2485	}
2486	output_len += chunk_len;
2487
2488	if (expected->encoding != BASE64_INVALID_ENCODING
2489	&& !memory_err_compare(t, "BAD_DECODING",
2490	expected->input, expected->input_len,
2491	decode_out, output_len)) {
2492	t->err = "BAD_DECODING";
2493	goto err;
2494	}
2495
2496	t->err = NULL;
2497	err:
2498	OPENSSL_free(encode_out);
2499	OPENSSL_free(decode_out);
2500	EVP_ENCODE_CTX_free(decode_ctx);
2501	EVP_ENCODE_CTX_free(encode_ctx);
2502	return 1;
2503	}
2504
2505	static const EVP_TEST_METHOD encode_test_method = {
2506	"Encoding",
2507	encode_test_init,
2508	encode_test_cleanup,
2509	encode_test_parse,
2510	encode_test_run,
2511	};
2512
2513
2514	/**
2515	** RAND TESTS
2516	**/
2517	#define MAX_RAND_REPEATS 15
2518
2519	typedef struct rand_data_pass_st {
2520	unsigned char *entropy;
2521	unsigned char *reseed_entropy;
2522	unsigned char *nonce;
2523	unsigned char *pers;
2524	unsigned char *reseed_addin;
2525	unsigned char *addinA;
2526	unsigned char *addinB;
2527	unsigned char *pr_entropyA;
2528	unsigned char *pr_entropyB;
2529	unsigned char *output;
2530	size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
2531	pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
2532	reseed_addin_len;
2533	} RAND_DATA_PASS;
2534
2535	typedef struct rand_data_st {
2536	/* Context for this operation */
2537	EVP_RAND_CTX *ctx;
2538	EVP_RAND_CTX *parent;
2539	int n;
2540	int prediction_resistance;
2541	int use_df;
2542	unsigned int generate_bits;
2543	char *cipher;
2544	char *digest;
2545
2546	/* Expected output */
2547	RAND_DATA_PASS data[MAX_RAND_REPEATS];
2548	} RAND_DATA;
2549
2550	static int rand_test_init(EVP_TEST t, const char name)
2551	{
2552	RAND_DATA *rdata;
2553	EVP_RAND *rand;
2554	OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2555	unsigned int strength = 256;
2556
2557	if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
2558	return 0;
2559
2560	/* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
2561	rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
2562	if (rand == NULL)
2563	goto err;
2564	rdata->parent = EVP_RAND_CTX_new(rand, NULL);
2565	EVP_RAND_free(rand);
2566	if (rdata->parent == NULL)
2567	goto err;
2568
2569	*params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
2570	if (!EVP_RAND_CTX_set_params(rdata->parent, params))
2571	goto err;
2572
2573	rand = EVP_RAND_fetch(libctx, name, propquery);
2574	if (rand == NULL)
2575	goto err;
2576	rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
2577	EVP_RAND_free(rand);
2578	if (rdata->ctx == NULL)
2579	goto err;
2580
2581	rdata->n = -1;
2582	t->data = rdata;
2583	return 1;
2584	err:
2585	EVP_RAND_CTX_free(rdata->parent);
2586	OPENSSL_free(rdata);
2587	return 0;
2588	}
2589
2590	static void rand_test_cleanup(EVP_TEST *t)
2591	{
2592	RAND_DATA *rdata = t->data;
2593	int i;
2594
2595	OPENSSL_free(rdata->cipher);
2596	OPENSSL_free(rdata->digest);
2597
2598	for (i = 0; i <= rdata->n; i++) {
2599	OPENSSL_free(rdata->data[i].entropy);
2600	OPENSSL_free(rdata->data[i].reseed_entropy);
2601	OPENSSL_free(rdata->data[i].nonce);
2602	OPENSSL_free(rdata->data[i].pers);
2603	OPENSSL_free(rdata->data[i].reseed_addin);
2604	OPENSSL_free(rdata->data[i].addinA);
2605	OPENSSL_free(rdata->data[i].addinB);
2606	OPENSSL_free(rdata->data[i].pr_entropyA);
2607	OPENSSL_free(rdata->data[i].pr_entropyB);
2608	OPENSSL_free(rdata->data[i].output);
2609	}
2610	EVP_RAND_CTX_free(rdata->ctx);
2611	EVP_RAND_CTX_free(rdata->parent);
2612	}
2613
2614	static int rand_test_parse(EVP_TEST *t,
2615	const char keyword, const char value)
2616	{
2617	RAND_DATA *rdata = t->data;
2618	RAND_DATA_PASS *item;
2619	const char *p;
2620	int n;
2621
2622	if ((p = strchr(keyword, '.')) != NULL) {
2623	n = atoi(++p);
2624	if (n >= MAX_RAND_REPEATS)
2625	return 0;
2626	if (n > rdata->n)
2627	rdata->n = n;
2628	item = rdata->data + n;
2629	if (HAS_PREFIX(keyword, "Entropy."))
2630	return parse_bin(value, &item->entropy, &item->entropy_len);
2631	if (HAS_PREFIX(keyword, "ReseedEntropy."))
2632	return parse_bin(value, &item->reseed_entropy,
2633	&item->reseed_entropy_len);
2634	if (HAS_PREFIX(keyword, "Nonce."))
2635	return parse_bin(value, &item->nonce, &item->nonce_len);
2636	if (HAS_PREFIX(keyword, "PersonalisationString."))
2637	return parse_bin(value, &item->pers, &item->pers_len);
2638	if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
2639	return parse_bin(value, &item->reseed_addin,
2640	&item->reseed_addin_len);
2641	if (HAS_PREFIX(keyword, "AdditionalInputA."))
2642	return parse_bin(value, &item->addinA, &item->addinA_len);
2643	if (HAS_PREFIX(keyword, "AdditionalInputB."))
2644	return parse_bin(value, &item->addinB, &item->addinB_len);
2645	if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
2646	return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
2647	if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
2648	return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
2649	if (HAS_PREFIX(keyword, "Output."))
2650	return parse_bin(value, &item->output, &item->output_len);
2651	} else {
2652	if (strcmp(keyword, "Cipher") == 0)
2653	return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
2654	if (strcmp(keyword, "Digest") == 0)
2655	return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
2656	if (strcmp(keyword, "DerivationFunction") == 0) {
2657	rdata->use_df = atoi(value) != 0;
2658	return 1;
2659	}
2660	if (strcmp(keyword, "GenerateBits") == 0) {
2661	if ((n = atoi(value)) <= 0 \|\| n % 8 != 0)
2662	return 0;
2663	rdata->generate_bits = (unsigned int)n;
2664	return 1;
2665	}
2666	if (strcmp(keyword, "PredictionResistance") == 0) {
2667	rdata->prediction_resistance = atoi(value) != 0;
2668	return 1;
2669	}
2670	}
2671	return 0;
2672	}
2673
2674	static int rand_test_run(EVP_TEST *t)
2675	{
2676	RAND_DATA *expected = t->data;
2677	RAND_DATA_PASS *item;
2678	unsigned char *got;
2679	size_t got_len = expected->generate_bits / 8;
2680	OSSL_PARAM params[5], *p = params;
2681	int i = -1, ret = 0;
2682	unsigned int strength;
2683	unsigned char *z;
2684
2685	if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
2686	return 0;
2687
2688	*p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
2689	if (expected->cipher != NULL)
2690	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
2691	expected->cipher, 0);
2692	if (expected->digest != NULL)
2693	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
2694	expected->digest, 0);
2695	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
2696	*p = OSSL_PARAM_construct_end();
2697	if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
2698	goto err;
2699
2700	strength = EVP_RAND_get_strength(expected->ctx);
2701	for (i = 0; i <= expected->n; i++) {
2702	item = expected->data + i;
2703
2704	p = params;
2705	z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
2706	*p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2707	z, item->entropy_len);
2708	z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
2709	*p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
2710	z, item->nonce_len);
2711	*p = OSSL_PARAM_construct_end();
2712	if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
2713	0, NULL, 0, params)))
2714	goto err;
2715
2716	z = item->pers != NULL ? item->pers : (unsigned char *)"";
2717	if (!TEST_true(EVP_RAND_instantiate
2718	(expected->ctx, strength,
2719	expected->prediction_resistance, z,
2720	item->pers_len, NULL)))
2721	goto err;
2722
2723	if (item->reseed_entropy != NULL) {
2724	params[0] = OSSL_PARAM_construct_octet_string
2725	(OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
2726	item->reseed_entropy_len);
2727	params[1] = OSSL_PARAM_construct_end();
2728	if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2729	goto err;
2730
2731	if (!TEST_true(EVP_RAND_reseed
2732	(expected->ctx, expected->prediction_resistance,
2733	NULL, 0, item->reseed_addin,
2734	item->reseed_addin_len)))
2735	goto err;
2736	}
2737	if (item->pr_entropyA != NULL) {
2738	params[0] = OSSL_PARAM_construct_octet_string
2739	(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
2740	item->pr_entropyA_len);
2741	params[1] = OSSL_PARAM_construct_end();
2742	if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2743	goto err;
2744	}
2745	if (!TEST_true(EVP_RAND_generate
2746	(expected->ctx, got, got_len,
2747	strength, expected->prediction_resistance,
2748	item->addinA, item->addinA_len)))
2749	goto err;
2750
2751	if (item->pr_entropyB != NULL) {
2752	params[0] = OSSL_PARAM_construct_octet_string
2753	(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
2754	item->pr_entropyB_len);
2755	params[1] = OSSL_PARAM_construct_end();
2756	if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2757	goto err;
2758	}
2759	if (!TEST_true(EVP_RAND_generate
2760	(expected->ctx, got, got_len,
2761	strength, expected->prediction_resistance,
2762	item->addinB, item->addinB_len)))
2763	goto err;
2764	if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
2765	goto err;
2766	if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
2767	\|\| !TEST_true(EVP_RAND_uninstantiate(expected->parent))
2768	\|\| !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
2769	\|\| !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
2770	EVP_RAND_STATE_UNINITIALISED))
2771	goto err;
2772	}
2773	t->err = NULL;
2774	ret = 1;
2775
2776	err:
2777	if (ret == 0 && i >= 0)
2778	TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
2779	OPENSSL_free(got);
2780	return ret;
2781	}
2782
2783	static const EVP_TEST_METHOD rand_test_method = {
2784	"RAND",
2785	rand_test_init,
2786	rand_test_cleanup,
2787	rand_test_parse,
2788	rand_test_run
2789	};
2790
2791
2792	/**
2793	** KDF TESTS
2794	**/
2795	typedef struct kdf_data_st {
2796	/* Context for this operation */
2797	EVP_KDF_CTX *ctx;
2798	/* Expected output */
2799	unsigned char *output;
2800	size_t output_len;
2801	OSSL_PARAM params[20];
2802	OSSL_PARAM *p;
2803	} KDF_DATA;
2804
2805	/*
2806	* Perform public key operation setup: lookup key, allocated ctx and call
2807	* the appropriate initialisation function
2808	*/
2809	static int kdf_test_init(EVP_TEST t, const char name)
2810	{
2811	KDF_DATA *kdata;
2812	EVP_KDF *kdf;
2813
2814	if (is_kdf_disabled(name)) {
2815	TEST_info("skipping, '%s' is disabled", name);
2816	t->skip = 1;
2817	return 1;
2818	}
2819
2820	if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2821	return 0;
2822	kdata->p = kdata->params;
2823	*kdata->p = OSSL_PARAM_construct_end();
2824
2825	kdf = EVP_KDF_fetch(libctx, name, propquery);
2826	if (kdf == NULL) {
2827	OPENSSL_free(kdata);
2828	return 0;
2829	}
2830	kdata->ctx = EVP_KDF_CTX_new(kdf);
2831	EVP_KDF_free(kdf);
2832	if (kdata->ctx == NULL) {
2833	OPENSSL_free(kdata);
2834	return 0;
2835	}
2836	t->data = kdata;
2837	return 1;
2838	}
2839
2840	static void kdf_test_cleanup(EVP_TEST *t)
2841	{
2842	KDF_DATA *kdata = t->data;
2843	OSSL_PARAM *p;
2844
2845	for (p = kdata->params; p->key != NULL; p++)
2846	OPENSSL_free(p->data);
2847	OPENSSL_free(kdata->output);
2848	EVP_KDF_CTX_free(kdata->ctx);
2849	}
2850
2851	static int kdf_test_ctrl(EVP_TEST t, EVP_KDF_CTX kctx,
2852	const char *value)
2853	{
2854	KDF_DATA *kdata = t->data;
2855	int rv;
2856	char p, name;
2857	const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
2858
2859	if (!TEST_ptr(name = OPENSSL_strdup(value)))
2860	return 0;
2861	p = strchr(name, ':');
2862	if (p == NULL)
2863	p = "";
2864	else
2865	*p++ = '\0';
2866
2867	if (strcmp(name, "r") == 0
2868	&& OSSL_PARAM_locate_const(defs, name) == NULL) {
2869	TEST_info("skipping, setting 'r' is unsupported");
2870	t->skip = 1;
2871	goto end;
2872	}
2873
2874	if (strcmp(name, "lanes") == 0
2875	&& OSSL_PARAM_locate_const(defs, name) == NULL) {
2876	TEST_info("skipping, setting 'lanes' is unsupported");
2877	t->skip = 1;
2878	goto end;
2879	}
2880
2881	if (strcmp(name, "iter") == 0
2882	&& OSSL_PARAM_locate_const(defs, name) == NULL) {
2883	TEST_info("skipping, setting 'iter' is unsupported");
2884	t->skip = 1;
2885	goto end;
2886	}
2887
2888	if (strcmp(name, "memcost") == 0
2889	&& OSSL_PARAM_locate_const(defs, name) == NULL) {
2890	TEST_info("skipping, setting 'memcost' is unsupported");
2891	t->skip = 1;
2892	goto end;
2893	}
2894
2895	if (strcmp(name, "secret") == 0
2896	&& OSSL_PARAM_locate_const(defs, name) == NULL) {
2897	TEST_info("skipping, setting 'secret' is unsupported");
2898	t->skip = 1;
2899	goto end;
2900	}
2901
2902	if (strcmp(name, "pass") == 0
2903	&& OSSL_PARAM_locate_const(defs, name) == NULL) {
2904	TEST_info("skipping, setting 'pass' is unsupported");
2905	t->skip = 1;
2906	goto end;
2907	}
2908
2909	if (strcmp(name, "ad") == 0
2910	&& OSSL_PARAM_locate_const(defs, name) == NULL) {
2911	TEST_info("skipping, setting 'ad' is unsupported");
2912	t->skip = 1;
2913	goto end;
2914	}
2915
2916	rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
2917	strlen(p), NULL);
2918	*++kdata->p = OSSL_PARAM_construct_end();
2919	if (!rv) {
2920	t->err = "KDF_PARAM_ERROR";
2921	OPENSSL_free(name);
2922	return 0;
2923	}
2924	if (strcmp(name, "digest") == 0) {
2925	if (is_digest_disabled(p)) {
2926	TEST_info("skipping, '%s' is disabled", p);
2927	t->skip = 1;
2928	}
2929	goto end;
2930	}
2931
2932	if ((strcmp(name, "cipher") == 0
2933	\|\| strcmp(name, "cekalg") == 0)
2934	&& is_cipher_disabled(p)) {
2935	TEST_info("skipping, '%s' is disabled", p);
2936	t->skip = 1;
2937	goto end;
2938	}
2939	if ((strcmp(name, "mac") == 0)
2940	&& is_mac_disabled(p)) {
2941	TEST_info("skipping, '%s' is disabled", p);
2942	t->skip = 1;
2943	}
2944	end:
2945	OPENSSL_free(name);
2946	return 1;
2947	}
2948
2949	static int kdf_test_parse(EVP_TEST *t,
2950	const char keyword, const char value)
2951	{
2952	KDF_DATA *kdata = t->data;
2953
2954	if (strcmp(keyword, "Output") == 0)
2955	return parse_bin(value, &kdata->output, &kdata->output_len);
2956	if (HAS_PREFIX(keyword, "Ctrl"))
2957	return kdf_test_ctrl(t, kdata->ctx, value);
2958	return 0;
2959	}
2960
2961	static int kdf_test_run(EVP_TEST *t)
2962	{
2963	KDF_DATA *expected = t->data;
2964	unsigned char *got = NULL;
2965	size_t got_len = expected->output_len;
2966	EVP_KDF_CTX *ctx;
2967
2968	if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
2969	t->err = "KDF_CTRL_ERROR";
2970	return 1;
2971	}
2972	if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
2973	t->err = "INTERNAL_ERROR";
2974	goto err;
2975	}
2976	/* FIPS(3.0.0): can't dup KDF contexts #17572 */
2977	if (fips_provider_version_gt(libctx, 3, 0, 0)
2978	&& (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) {
2979	EVP_KDF_CTX_free(expected->ctx);
2980	expected->ctx = ctx;
2981	}
2982	if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
2983	t->err = "KDF_DERIVE_ERROR";
2984	goto err;
2985	}
2986	if (!memory_err_compare(t, "KDF_MISMATCH",
2987	expected->output, expected->output_len,
2988	got, got_len))
2989	goto err;
2990
2991	t->err = NULL;
2992
2993	err:
2994	OPENSSL_free(got);
2995	return 1;
2996	}
2997
2998	static const EVP_TEST_METHOD kdf_test_method = {
2999	"KDF",
3000	kdf_test_init,
3001	kdf_test_cleanup,
3002	kdf_test_parse,
3003	kdf_test_run
3004	};
3005
3006	/**
3007	** PKEY KDF TESTS
3008	**/
3009
3010	typedef struct pkey_kdf_data_st {
3011	/* Context for this operation */
3012	EVP_PKEY_CTX *ctx;
3013	/* Expected output */
3014	unsigned char *output;
3015	size_t output_len;
3016	} PKEY_KDF_DATA;
3017
3018	/*
3019	* Perform public key operation setup: lookup key, allocated ctx and call
3020	* the appropriate initialisation function
3021	*/
3022	static int pkey_kdf_test_init(EVP_TEST t, const char name)
3023	{
3024	PKEY_KDF_DATA *kdata = NULL;
3025
3026	if (is_kdf_disabled(name)) {
3027	TEST_info("skipping, '%s' is disabled", name);
3028	t->skip = 1;
3029	return 1;
3030	}
3031
3032	if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
3033	return 0;
3034
3035	kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery);
3036	if (kdata->ctx == NULL
3037	\|\| EVP_PKEY_derive_init(kdata->ctx) <= 0)
3038	goto err;
3039
3040	t->data = kdata;
3041	return 1;
3042	err:
3043	EVP_PKEY_CTX_free(kdata->ctx);
3044	OPENSSL_free(kdata);
3045	return 0;
3046	}
3047
3048	static void pkey_kdf_test_cleanup(EVP_TEST *t)
3049	{
3050	PKEY_KDF_DATA *kdata = t->data;
3051
3052	OPENSSL_free(kdata->output);
3053	EVP_PKEY_CTX_free(kdata->ctx);
3054	}
3055
3056	static int pkey_kdf_test_parse(EVP_TEST *t,
3057	const char keyword, const char value)
3058	{
3059	PKEY_KDF_DATA *kdata = t->data;
3060
3061	if (strcmp(keyword, "Output") == 0)
3062	return parse_bin(value, &kdata->output, &kdata->output_len);
3063	if (HAS_PREFIX(keyword, "Ctrl"))
3064	return pkey_test_ctrl(t, kdata->ctx, value);
3065	return 0;
3066	}
3067
3068	static int pkey_kdf_test_run(EVP_TEST *t)
3069	{
3070	PKEY_KDF_DATA *expected = t->data;
3071	unsigned char *got = NULL;
3072	size_t got_len = 0;
3073
3074	if (fips_provider_version_eq(libctx, 3, 0, 0)) {
3075	/* FIPS(3.0.0): can't deal with oversized output buffers #18533 */
3076	got_len = expected->output_len;
3077	} else {
3078	/* Find out the KDF output size */
3079	if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
3080	t->err = "INTERNAL_ERROR";
3081	goto err;
3082	}
3083
3084	/*
3085	* We may get an absurd output size, which signals that anything goes.
3086	* If not, we specify a too big buffer for the output, to test that
3087	* EVP_PKEY_derive() can cope with it.
3088	*/
3089	if (got_len == SIZE_MAX \|\| got_len == 0)
3090	got_len = expected->output_len;
3091	else
3092	got_len = expected->output_len * 2;
3093	}
3094
3095	if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
3096	t->err = "INTERNAL_ERROR";
3097	goto err;
3098	}
3099	if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
3100	t->err = "KDF_DERIVE_ERROR";
3101	goto err;
3102	}
3103	if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
3104	t->err = "KDF_MISMATCH";
3105	goto err;
3106	}
3107	t->err = NULL;
3108
3109	err:
3110	OPENSSL_free(got);
3111	return 1;
3112	}
3113
3114	static const EVP_TEST_METHOD pkey_kdf_test_method = {
3115	"PKEYKDF",
3116	pkey_kdf_test_init,
3117	pkey_kdf_test_cleanup,
3118	pkey_kdf_test_parse,
3119	pkey_kdf_test_run
3120	};
3121
3122	/**
3123	** KEYPAIR TESTS
3124	**/
3125
3126	typedef struct keypair_test_data_st {
3127	EVP_PKEY *privk;
3128	EVP_PKEY *pubk;
3129	} KEYPAIR_TEST_DATA;
3130
3131	static int keypair_test_init(EVP_TEST t, const char pair)
3132	{
3133	KEYPAIR_TEST_DATA *data;
3134	int rv = 0;
3135	EVP_PKEY pk = NULL, pubk = NULL;
3136	char pub, priv = NULL;
3137
3138	/* Split private and public names. */
3139	if (!TEST_ptr(priv = OPENSSL_strdup(pair))
3140	\|\| !TEST_ptr(pub = strchr(priv, ':'))) {
3141	t->err = "PARSING_ERROR";
3142	goto end;
3143	}
3144	*pub++ = '\0';
3145
3146	if (!TEST_true(find_key(&pk, priv, private_keys))) {
3147	TEST_info("Can't find private key: %s", priv);
3148	t->err = "MISSING_PRIVATE_KEY";
3149	goto end;
3150	}
3151	if (!TEST_true(find_key(&pubk, pub, public_keys))) {
3152	TEST_info("Can't find public key: %s", pub);
3153	t->err = "MISSING_PUBLIC_KEY";
3154	goto end;
3155	}
3156
3157	if (pk == NULL && pubk == NULL) {
3158	/* Both keys are listed but unsupported: skip this test */
3159	t->skip = 1;
3160	rv = 1;
3161	goto end;
3162	}
3163
3164	if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
3165	goto end;
3166	data->privk = pk;
3167	data->pubk = pubk;
3168	t->data = data;
3169	rv = 1;
3170	t->err = NULL;
3171
3172	end:
3173	OPENSSL_free(priv);
3174	return rv;
3175	}
3176
3177	static void keypair_test_cleanup(EVP_TEST *t)
3178	{
3179	OPENSSL_free(t->data);
3180	t->data = NULL;
3181	}
3182
3183	/*
3184	* For tests that do not accept any custom keywords.
3185	*/
3186	static int void_test_parse(EVP_TEST t, const char keyword, const char *value)
3187	{
3188	return 0;
3189	}
3190
3191	static int keypair_test_run(EVP_TEST *t)
3192	{
3193	int rv = 0;
3194	const KEYPAIR_TEST_DATA *pair = t->data;
3195
3196	if (pair->privk == NULL \|\| pair->pubk == NULL) {
3197	/*
3198	* this can only happen if only one of the keys is not set
3199	* which means that one of them was unsupported while the
3200	* other isn't: hence a key type mismatch.
3201	*/
3202	t->err = "KEYPAIR_TYPE_MISMATCH";
3203	rv = 1;
3204	goto end;
3205	}
3206
3207	if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) {
3208	if (0 == rv) {
3209	t->err = "KEYPAIR_MISMATCH";
3210	} else if (-1 == rv) {
3211	t->err = "KEYPAIR_TYPE_MISMATCH";
3212	} else if (-2 == rv) {
3213	t->err = "UNSUPPORTED_KEY_COMPARISON";
3214	} else {
3215	TEST_error("Unexpected error in key comparison");
3216	rv = 0;
3217	goto end;
3218	}
3219	rv = 1;
3220	goto end;
3221	}
3222
3223	rv = 1;
3224	t->err = NULL;
3225
3226	end:
3227	return rv;
3228	}
3229
3230	static const EVP_TEST_METHOD keypair_test_method = {
3231	"PrivPubKeyPair",
3232	keypair_test_init,
3233	keypair_test_cleanup,
3234	void_test_parse,
3235	keypair_test_run
3236	};
3237
3238	/**
3239	** KEYGEN TEST
3240	**/
3241
3242	typedef struct keygen_test_data_st {
3243	EVP_PKEY_CTX genctx; / Keygen context to use */
3244	char keyname; / Key name to store key or NULL */
3245	} KEYGEN_TEST_DATA;
3246
3247	static int keygen_test_init(EVP_TEST t, const char alg)
3248	{
3249	KEYGEN_TEST_DATA *data;
3250	EVP_PKEY_CTX *genctx;
3251	int nid = OBJ_sn2nid(alg);
3252
3253	if (nid == NID_undef) {
3254	nid = OBJ_ln2nid(alg);
3255	if (nid == NID_undef)
3256	return 0;
3257	}
3258
3259	if (is_pkey_disabled(alg)) {
3260	t->skip = 1;
3261	return 1;
3262	}
3263	if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, propquery)))
3264	goto err;
3265
3266	if (EVP_PKEY_keygen_init(genctx) <= 0) {
3267	t->err = "KEYGEN_INIT_ERROR";
3268	goto err;
3269	}
3270
3271	if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
3272	goto err;
3273	data->genctx = genctx;
3274	data->keyname = NULL;
3275	t->data = data;
3276	t->err = NULL;
3277	return 1;
3278
3279	err:
3280	EVP_PKEY_CTX_free(genctx);
3281	return 0;
3282	}
3283
3284	static void keygen_test_cleanup(EVP_TEST *t)
3285	{
3286	KEYGEN_TEST_DATA *keygen = t->data;
3287
3288	EVP_PKEY_CTX_free(keygen->genctx);
3289	OPENSSL_free(keygen->keyname);
3290	OPENSSL_free(t->data);
3291	t->data = NULL;
3292	}
3293
3294	static int keygen_test_parse(EVP_TEST *t,
3295	const char keyword, const char value)
3296	{
3297	KEYGEN_TEST_DATA *keygen = t->data;
3298
3299	if (strcmp(keyword, "KeyName") == 0)
3300	return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
3301	if (strcmp(keyword, "Ctrl") == 0)
3302	return pkey_test_ctrl(t, keygen->genctx, value);
3303	return 0;
3304	}
3305
3306	static int keygen_test_run(EVP_TEST *t)
3307	{
3308	KEYGEN_TEST_DATA *keygen = t->data;
3309	EVP_PKEY *pkey = NULL;
3310	int rv = 1;
3311
3312	if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
3313	t->err = "KEYGEN_GENERATE_ERROR";
3314	goto err;
3315	}
3316
3317	if (!evp_pkey_is_provided(pkey)) {
3318	TEST_info("Warning: legacy key generated %s", keygen->keyname);
3319	goto err;
3320	}
3321	if (keygen->keyname != NULL) {
3322	KEY_LIST *key;
3323
3324	rv = 0;
3325	if (find_key(NULL, keygen->keyname, private_keys)) {
3326	TEST_info("Duplicate key %s", keygen->keyname);
3327	goto err;
3328	}
3329
3330	if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
3331	goto err;
3332	key->name = keygen->keyname;
3333	keygen->keyname = NULL;
3334	key->key = pkey;
3335	key->next = private_keys;
3336	private_keys = key;
3337	rv = 1;
3338	} else {
3339	EVP_PKEY_free(pkey);
3340	}
3341
3342	t->err = NULL;
3343
3344	err:
3345	return rv;
3346	}
3347
3348	static const EVP_TEST_METHOD keygen_test_method = {
3349	"KeyGen",
3350	keygen_test_init,
3351	keygen_test_cleanup,
3352	keygen_test_parse,
3353	keygen_test_run,
3354	};
3355
3356	/**
3357	** DIGEST SIGN+VERIFY TESTS
3358	**/
3359
3360	typedef struct {
3361	int is_verify; /* Set to 1 if verifying */
3362	int is_oneshot; /* Set to 1 for one shot operation */
3363	const EVP_MD md; / Digest to use */
3364	EVP_MD_CTX ctx; / Digest context */
3365	EVP_PKEY_CTX *pctx;
3366	STACK_OF(EVP_TEST_BUFFER) input; / Input data: streaming */
3367	unsigned char osin; / Input data if one shot */
3368	size_t osin_len; /* Input length data if one shot */
3369	unsigned char output; / Expected output */
3370	size_t output_len; /* Expected output length */
3371	const char *nonce_type;
3372	} DIGESTSIGN_DATA;
3373
3374	static int digestsigver_test_init(EVP_TEST t, const char alg, int is_verify,
3375	int is_oneshot)
3376	{
3377	const EVP_MD *md = NULL;
3378	DIGESTSIGN_DATA *mdat;
3379
3380	if (strcmp(alg, "NULL") != 0) {
3381	if (is_digest_disabled(alg)) {
3382	t->skip = 1;
3383	return 1;
3384	}
3385	md = EVP_get_digestbyname(alg);
3386	if (md == NULL)
3387	return 0;
3388	}
3389	if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
3390	return 0;
3391	mdat->md = md;
3392	if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
3393	OPENSSL_free(mdat);
3394	return 0;
3395	}
3396	mdat->is_verify = is_verify;
3397	mdat->is_oneshot = is_oneshot;
3398	t->data = mdat;
3399	return 1;
3400	}
3401
3402	static int digestsign_test_init(EVP_TEST t, const char alg)
3403	{
3404	return digestsigver_test_init(t, alg, 0, 0);
3405	}
3406
3407	static void digestsigver_test_cleanup(EVP_TEST *t)
3408	{
3409	DIGESTSIGN_DATA *mdata = t->data;
3410
3411	EVP_MD_CTX_free(mdata->ctx);
3412	sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
3413	OPENSSL_free(mdata->osin);
3414	OPENSSL_free(mdata->output);
3415	OPENSSL_free(mdata);
3416	t->data = NULL;
3417	}
3418
3419	static int digestsigver_test_parse(EVP_TEST *t,
3420	const char keyword, const char value)
3421	{
3422	DIGESTSIGN_DATA *mdata = t->data;
3423
3424	if (strcmp(keyword, "Key") == 0) {
3425	EVP_PKEY *pkey = NULL;
3426	int rv = 0;
3427	const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md);
3428
3429	if (mdata->is_verify)
3430	rv = find_key(&pkey, value, public_keys);
3431	if (rv == 0)
3432	rv = find_key(&pkey, value, private_keys);
3433	if (rv == 0 \|\| pkey == NULL) {
3434	t->skip = 1;
3435	return 1;
3436	}
3437	if (mdata->is_verify) {
3438	if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
3439	NULL, pkey, NULL))
3440	t->err = "DIGESTVERIFYINIT_ERROR";
3441	return 1;
3442	}
3443	if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
3444	pkey, NULL))
3445	t->err = "DIGESTSIGNINIT_ERROR";
3446	return 1;
3447	}
3448
3449	if (strcmp(keyword, "Input") == 0) {
3450	if (mdata->is_oneshot)
3451	return parse_bin(value, &mdata->osin, &mdata->osin_len);
3452	return evp_test_buffer_append(value, &mdata->input);
3453	}
3454	if (strcmp(keyword, "Output") == 0)
3455	return parse_bin(value, &mdata->output, &mdata->output_len);
3456
3457	if (!mdata->is_oneshot) {
3458	if (strcmp(keyword, "Count") == 0)
3459	return evp_test_buffer_set_count(value, mdata->input);
3460	if (strcmp(keyword, "Ncopy") == 0)
3461	return evp_test_buffer_ncopy(value, mdata->input);
3462	}
3463	if (strcmp(keyword, "Ctrl") == 0) {
3464	if (mdata->pctx == NULL)
3465	return -1;
3466	return pkey_test_ctrl(t, mdata->pctx, value);
3467	}
3468	if (strcmp(keyword, "NonceType") == 0) {
3469	if (strcmp(value, "deterministic") == 0) {
3470	OSSL_PARAM params[2];
3471	unsigned int nonce_type = 1;
3472
3473	params[0] =
3474	OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE,
3475	&nonce_type);
3476	params[1] = OSSL_PARAM_construct_end();
3477	if (!EVP_PKEY_CTX_set_params(mdata->pctx, params))
3478	t->err = "EVP_PKEY_CTX_set_params_ERROR";
3479	else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params))
3480	t->err = "EVP_PKEY_CTX_get_params_ERROR";
3481	else if (!OSSL_PARAM_modified(&params[0]))
3482	t->err = "nonce_type_not_modified_ERROR";
3483	else if (nonce_type != 1)
3484	t->err = "nonce_type_value_ERROR";
3485	}
3486	return 1;
3487	}
3488	return 0;
3489	}
3490
3491	static int digestsign_update_fn(void ctx, const unsigned char buf,
3492	size_t buflen)
3493	{
3494	return EVP_DigestSignUpdate(ctx, buf, buflen);
3495	}
3496
3497	static int digestsign_test_run(EVP_TEST *t)
3498	{
3499	DIGESTSIGN_DATA *expected = t->data;
3500	unsigned char *got = NULL;
3501	size_t got_len;
3502
3503	if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
3504	expected->ctx)) {
3505	t->err = "DIGESTUPDATE_ERROR";
3506	goto err;
3507	}
3508
3509	if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
3510	t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
3511	goto err;
3512	}
3513	if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3514	t->err = "MALLOC_FAILURE";
3515	goto err;
3516	}
3517	got_len *= 2;
3518	if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
3519	t->err = "DIGESTSIGNFINAL_ERROR";
3520	goto err;
3521	}
3522	if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3523	expected->output, expected->output_len,
3524	got, got_len))
3525	goto err;
3526
3527	t->err = NULL;
3528	err:
3529	OPENSSL_free(got);
3530	return 1;
3531	}
3532
3533	static const EVP_TEST_METHOD digestsign_test_method = {
3534	"DigestSign",
3535	digestsign_test_init,
3536	digestsigver_test_cleanup,
3537	digestsigver_test_parse,
3538	digestsign_test_run
3539	};
3540
3541	static int digestverify_test_init(EVP_TEST t, const char alg)
3542	{
3543	return digestsigver_test_init(t, alg, 1, 0);
3544	}
3545
3546	static int digestverify_update_fn(void ctx, const unsigned char buf,
3547	size_t buflen)
3548	{
3549	return EVP_DigestVerifyUpdate(ctx, buf, buflen);
3550	}
3551
3552	static int digestverify_test_run(EVP_TEST *t)
3553	{
3554	DIGESTSIGN_DATA *mdata = t->data;
3555
3556	if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
3557	t->err = "DIGESTUPDATE_ERROR";
3558	return 1;
3559	}
3560
3561	if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
3562	mdata->output_len) <= 0)
3563	t->err = "VERIFY_ERROR";
3564	return 1;
3565	}
3566
3567	static const EVP_TEST_METHOD digestverify_test_method = {
3568	"DigestVerify",
3569	digestverify_test_init,
3570	digestsigver_test_cleanup,
3571	digestsigver_test_parse,
3572	digestverify_test_run
3573	};
3574
3575	static int oneshot_digestsign_test_init(EVP_TEST t, const char alg)
3576	{
3577	return digestsigver_test_init(t, alg, 0, 1);
3578	}
3579
3580	static int oneshot_digestsign_test_run(EVP_TEST *t)
3581	{
3582	DIGESTSIGN_DATA *expected = t->data;
3583	unsigned char *got = NULL;
3584	size_t got_len;
3585
3586	if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
3587	expected->osin, expected->osin_len)) {
3588	t->err = "DIGESTSIGN_LENGTH_ERROR";
3589	goto err;
3590	}
3591	if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3592	t->err = "MALLOC_FAILURE";
3593	goto err;
3594	}
3595	got_len *= 2;
3596	if (!EVP_DigestSign(expected->ctx, got, &got_len,
3597	expected->osin, expected->osin_len)) {
3598	t->err = "DIGESTSIGN_ERROR";
3599	goto err;
3600	}
3601	if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3602	expected->output, expected->output_len,
3603	got, got_len))
3604	goto err;
3605
3606	t->err = NULL;
3607	err:
3608	OPENSSL_free(got);
3609	return 1;
3610	}
3611
3612	static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
3613	"OneShotDigestSign",
3614	oneshot_digestsign_test_init,
3615	digestsigver_test_cleanup,
3616	digestsigver_test_parse,
3617	oneshot_digestsign_test_run
3618	};
3619
3620	static int oneshot_digestverify_test_init(EVP_TEST t, const char alg)
3621	{
3622	return digestsigver_test_init(t, alg, 1, 1);
3623	}
3624
3625	static int oneshot_digestverify_test_run(EVP_TEST *t)
3626	{
3627	DIGESTSIGN_DATA *mdata = t->data;
3628
3629	if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
3630	mdata->osin, mdata->osin_len) <= 0)
3631	t->err = "VERIFY_ERROR";
3632	return 1;
3633	}
3634
3635	static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
3636	"OneShotDigestVerify",
3637	oneshot_digestverify_test_init,
3638	digestsigver_test_cleanup,
3639	digestsigver_test_parse,
3640	oneshot_digestverify_test_run
3641	};
3642
3643
3644	/**
3645	** PARSING AND DISPATCH
3646	**/
3647
3648	static const EVP_TEST_METHOD *evp_test_list[] = {
3649	&rand_test_method,
3650	&cipher_test_method,
3651	&digest_test_method,
3652	&digestsign_test_method,
3653	&digestverify_test_method,
3654	&encode_test_method,
3655	&kdf_test_method,
3656	&pkey_kdf_test_method,
3657	&keypair_test_method,
3658	&keygen_test_method,
3659	&mac_test_method,
3660	&oneshot_digestsign_test_method,
3661	&oneshot_digestverify_test_method,
3662	&pbe_test_method,
3663	&pdecrypt_test_method,
3664	&pderive_test_method,
3665	&psign_test_method,
3666	&pverify_recover_test_method,
3667	&pverify_test_method,
3668	NULL
3669	};
3670
3671	static const EVP_TEST_METHOD find_test(const char name)
3672	{
3673	const EVP_TEST_METHOD **tt;
3674
3675	for (tt = evp_test_list; *tt; tt++) {
3676	if (strcmp(name, (*tt)->name) == 0)
3677	return *tt;
3678	}
3679	return NULL;
3680	}
3681
3682	static void clear_test(EVP_TEST *t)
3683	{
3684	test_clearstanza(&t->s);
3685	ERR_clear_error();
3686	if (t->data != NULL) {
3687	if (t->meth != NULL)
3688	t->meth->cleanup(t);
3689	OPENSSL_free(t->data);
3690	t->data = NULL;
3691	}
3692	OPENSSL_free(t->expected_err);
3693	t->expected_err = NULL;
3694	OPENSSL_free(t->reason);
3695	t->reason = NULL;
3696
3697	/* Text literal. */
3698	t->err = NULL;
3699	t->skip = 0;
3700	t->meth = NULL;
3701
3702	#if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
3703	OSSL_set_max_threads(libctx, 0);
3704	#endif
3705	}
3706
3707	/* Check for errors in the test structure; return 1 if okay, else 0. */
3708	static int check_test_error(EVP_TEST *t)
3709	{
3710	unsigned long err;
3711	const char *reason;
3712
3713	if (t->err == NULL && t->expected_err == NULL)
3714	return 1;
3715	if (t->err != NULL && t->expected_err == NULL) {
3716	if (t->aux_err != NULL) {
3717	TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
3718	t->s.test_file, t->s.start, t->aux_err, t->err);
3719	} else {
3720	TEST_info("%s:%d: Source of above error; unexpected error %s",
3721	t->s.test_file, t->s.start, t->err);
3722	}
3723	return 0;
3724	}
3725	if (t->err == NULL && t->expected_err != NULL) {
3726	TEST_info("%s:%d: Succeeded but was expecting %s",
3727	t->s.test_file, t->s.start, t->expected_err);
3728	return 0;
3729	}
3730
3731	if (strcmp(t->err, t->expected_err) != 0) {
3732	TEST_info("%s:%d: Expected %s got %s",
3733	t->s.test_file, t->s.start, t->expected_err, t->err);
3734	return 0;
3735	}
3736
3737	if (t->reason == NULL)
3738	return 1;
3739
3740	if (t->reason == NULL) {
3741	TEST_info("%s:%d: Test is missing function or reason code",
3742	t->s.test_file, t->s.start);
3743	return 0;
3744	}
3745
3746	err = ERR_peek_error();
3747	if (err == 0) {
3748	TEST_info("%s:%d: Expected error \"%s\" not set",
3749	t->s.test_file, t->s.start, t->reason);
3750	return 0;
3751	}
3752
3753	reason = ERR_reason_error_string(err);
3754	if (reason == NULL) {
3755	TEST_info("%s:%d: Expected error \"%s\", no strings available."
3756	" Assuming ok.",
3757	t->s.test_file, t->s.start, t->reason);
3758	return 1;
3759	}
3760
3761	if (strcmp(reason, t->reason) == 0)
3762	return 1;
3763
3764	TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
3765	t->s.test_file, t->s.start, t->reason, reason);
3766
3767	return 0;
3768	}
3769
3770	/* Run a parsed test. Log a message and return 0 on error. */
3771	static int run_test(EVP_TEST *t)
3772	{
3773	if (t->meth == NULL)
3774	return 1;
3775	t->s.numtests++;
3776	if (t->skip) {
3777	t->s.numskip++;
3778	} else {
3779	/* run the test */
3780	if (t->err == NULL && t->meth->run_test(t) != 1) {
3781	TEST_info("%s:%d %s error",
3782	t->s.test_file, t->s.start, t->meth->name);
3783	return 0;
3784	}
3785	if (!check_test_error(t)) {
3786	TEST_openssl_errors();
3787	t->s.errors++;
3788	}
3789	}
3790
3791	/* clean it up */
3792	return 1;
3793	}
3794
3795	static int find_key(EVP_PKEY *ppk, const char name, KEY_LIST *lst)
3796	{
3797	for (; lst != NULL; lst = lst->next) {
3798	if (strcmp(lst->name, name) == 0) {
3799	if (ppk != NULL)
3800	*ppk = lst->key;
3801	return 1;
3802	}
3803	}
3804	return 0;
3805	}
3806
3807	static void free_key_list(KEY_LIST *lst)
3808	{
3809	while (lst != NULL) {
3810	KEY_LIST *next = lst->next;
3811
3812	EVP_PKEY_free(lst->key);
3813	OPENSSL_free(lst->name);
3814	OPENSSL_free(lst);
3815	lst = next;
3816	}
3817	}
3818
3819	/*
3820	* Is the key type an unsupported algorithm?
3821	*/
3822	static int key_unsupported(void)
3823	{
3824	long err = ERR_peek_last_error();
3825	int lib = ERR_GET_LIB(err);
3826	long reason = ERR_GET_REASON(err);
3827
3828	if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
3829	\|\| (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
3830	\|\| reason == ERR_R_UNSUPPORTED) {
3831	ERR_clear_error();
3832	return 1;
3833	}
3834	#ifndef OPENSSL_NO_EC
3835	/*
3836	* If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
3837	* hint to an unsupported algorithm/curve (e.g. if binary EC support is
3838	* disabled).
3839	*/
3840	if (lib == ERR_LIB_EC
3841	&& (reason == EC_R_UNKNOWN_GROUP
3842	\|\| reason == EC_R_INVALID_CURVE)) {
3843	ERR_clear_error();
3844	return 1;
3845	}
3846	#endif /* OPENSSL_NO_EC */
3847	return 0;
3848	}
3849
3850	/* NULL out the value from \|pp\| but return it. This "steals" a pointer. */
3851	static char take_value(PAIR pp)
3852	{
3853	char *p = pp->value;
3854
3855	pp->value = NULL;
3856	return p;
3857	}
3858
3859	#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
3860	static int securitycheck_enabled(void)
3861	{
3862	static int enabled = -1;
3863
3864	if (enabled == -1) {
3865	if (OSSL_PROVIDER_available(libctx, "fips")) {
3866	OSSL_PARAM params[2];
3867	OSSL_PROVIDER *prov = NULL;
3868	int check = 1;
3869
3870	prov = OSSL_PROVIDER_load(libctx, "fips");
3871	if (prov != NULL) {
3872	params[0] =
3873	OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
3874	&check);
3875	params[1] = OSSL_PARAM_construct_end();
3876	OSSL_PROVIDER_get_params(prov, params);
3877	OSSL_PROVIDER_unload(prov);
3878	}
3879	enabled = check;
3880	return enabled;
3881	}
3882	enabled = 0;
3883	}
3884	return enabled;
3885	}
3886	#endif
3887
3888	/*
3889	* Return 1 if one of the providers named in the string is available.
3890	* The provider names are separated with whitespace.
3891	* NOTE: destructive function, it inserts '\0' after each provider name.
3892	*/
3893	static int prov_available(char *providers)
3894	{
3895	char *p;
3896	int more = 1;
3897
3898	while (more) {
3899	for (; isspace((unsigned char)(*providers)); providers++)
3900	continue;
3901	if (*providers == '\0')
3902	break; /* End of the road */
3903	for (p = providers; p != '\0' && !isspace((unsigned char)(p)); p++)
3904	continue;
3905	if (*p == '\0')
3906	more = 0;
3907	else
3908	*p = '\0';
3909	if (OSSL_PROVIDER_available(libctx, providers))
3910	return 1; /* Found one */
3911	}
3912	return 0;
3913	}
3914
3915	/* Read and parse one test. Return 0 if failure, 1 if okay. */
3916	static int parse(EVP_TEST *t)
3917	{
3918	KEY_LIST key, *klist;
3919	EVP_PKEY *pkey;
3920	PAIR *pp;
3921	int i, j, skipped = 0;
3922
3923	top:
3924	do {
3925	if (BIO_eof(t->s.fp))
3926	return EOF;
3927	clear_test(t);
3928	if (!test_readstanza(&t->s))
3929	return 0;
3930	} while (t->s.numpairs == 0);
3931	pp = &t->s.pairs[0];
3932
3933	/* Are we adding a key? */
3934	klist = NULL;
3935	pkey = NULL;
3936	start:
3937	if (strcmp(pp->key, "PrivateKey") == 0) {
3938	pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3939	if (pkey == NULL && !key_unsupported()) {
3940	EVP_PKEY_free(pkey);
3941	TEST_info("Can't read private key %s", pp->value);
3942	TEST_openssl_errors();
3943	return 0;
3944	}
3945	klist = &private_keys;
3946	} else if (strcmp(pp->key, "PublicKey") == 0) {
3947	pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3948	if (pkey == NULL && !key_unsupported()) {
3949	EVP_PKEY_free(pkey);
3950	TEST_info("Can't read public key %s", pp->value);
3951	TEST_openssl_errors();
3952	return 0;
3953	}
3954	klist = &public_keys;
3955	} else if (strcmp(pp->key, "PrivateKeyRaw") == 0
3956	\|\| strcmp(pp->key, "PublicKeyRaw") == 0) {
3957	char strnid = NULL, keydata = NULL;
3958	unsigned char *keybin;
3959	size_t keylen;
3960	int nid;
3961
3962	if (strcmp(pp->key, "PrivateKeyRaw") == 0)
3963	klist = &private_keys;
3964	else
3965	klist = &public_keys;
3966
3967	strnid = strchr(pp->value, ':');
3968	if (strnid != NULL) {
3969	*strnid++ = '\0';
3970	keydata = strchr(strnid, ':');
3971	if (keydata != NULL)
3972	*keydata++ = '\0';
3973	}
3974	if (keydata == NULL) {
3975	TEST_info("Failed to parse %s value", pp->key);
3976	return 0;
3977	}
3978
3979	nid = OBJ_txt2nid(strnid);
3980	if (nid == NID_undef) {
3981	TEST_info("Unrecognised algorithm NID");
3982	return 0;
3983	}
3984	if (!parse_bin(keydata, &keybin, &keylen)) {
3985	TEST_info("Failed to create binary key");
3986	return 0;
3987	}
3988	if (klist == &private_keys)
3989	pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
3990	keylen);
3991	else
3992	pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
3993	keylen);
3994	if (pkey == NULL && !key_unsupported()) {
3995	TEST_info("Can't read %s data", pp->key);
3996	OPENSSL_free(keybin);
3997	TEST_openssl_errors();
3998	return 0;
3999	}
4000	OPENSSL_free(keybin);
4001	} else if (strcmp(pp->key, "Availablein") == 0) {
4002	if (!prov_available(pp->value)) {
4003	TEST_info("skipping, '%s' provider not available: %s:%d",
4004	pp->value, t->s.test_file, t->s.start);
4005	t->skip = 1;
4006	return 0;
4007	}
4008	skipped++;
4009	pp++;
4010	goto start;
4011	} else if (strcmp(pp->key, "FIPSversion") == 0) {
4012	if (prov_available("fips")) {
4013	j = fips_provider_version_match(libctx, pp->value);
4014	if (j < 0) {
4015	TEST_info("Line %d: error matching FIPS versions\n", t->s.curr);
4016	return 0;
4017	} else if (j == 0) {
4018	TEST_info("skipping, FIPS provider incompatible version: %s:%d",
4019	t->s.test_file, t->s.start);
4020	t->skip = 1;
4021	return 0;
4022	}
4023	}
4024	skipped++;
4025	pp++;
4026	goto start;
4027	}
4028
4029	/* If we have a key add to list */
4030	if (klist != NULL) {
4031	if (find_key(NULL, pp->value, *klist)) {
4032	TEST_info("Duplicate key %s", pp->value);
4033	return 0;
4034	}
4035	if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
4036	return 0;
4037	key->name = take_value(pp);
4038	key->key = pkey;
4039	key->next = *klist;
4040	*klist = key;
4041
4042	/* Go back and start a new stanza. */
4043	if ((t->s.numpairs - skipped) != 1)
4044	TEST_info("Line %d: missing blank line\n", t->s.curr);
4045	goto top;
4046	}
4047
4048	/* Find the test, based on first keyword. */
4049	if (!TEST_ptr(t->meth = find_test(pp->key)))
4050	return 0;
4051	if (!t->meth->init(t, pp->value)) {
4052	TEST_error("unknown %s: %s\n", pp->key, pp->value);
4053	return 0;
4054	}
4055	if (t->skip == 1) {
4056	/* TEST_info("skipping %s %s", pp->key, pp->value); */
4057	return 0;
4058	}
4059
4060	for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) {
4061	if (strcmp(pp->key, "Securitycheck") == 0) {
4062	#if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
4063	#else
4064	if (!securitycheck_enabled())
4065	#endif
4066	{
4067	TEST_info("skipping, Securitycheck is disabled: %s:%d",
4068	t->s.test_file, t->s.start);
4069	t->skip = 1;
4070	return 0;
4071	}
4072	} else if (strcmp(pp->key, "Availablein") == 0) {
4073	TEST_info("Line %d: 'Availablein' should be the first option",
4074	t->s.curr);
4075	return 0;
4076	} else if (strcmp(pp->key, "Result") == 0) {
4077	if (t->expected_err != NULL) {
4078	TEST_info("Line %d: multiple result lines", t->s.curr);
4079	return 0;
4080	}
4081	t->expected_err = take_value(pp);
4082	} else if (strcmp(pp->key, "Function") == 0) {
4083	/* Ignore old line. */
4084	} else if (strcmp(pp->key, "Reason") == 0) {
4085	if (t->reason != NULL) {
4086	TEST_info("Line %d: multiple reason lines", t->s.curr);
4087	return 0;
4088	}
4089	t->reason = take_value(pp);
4090	} else if (strcmp(pp->key, "Threads") == 0) {
4091	if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) {
4092	TEST_info("skipping, '%s' threads not available: %s:%d",
4093	pp->value, t->s.test_file, t->s.start);
4094	t->skip = 1;
4095	}
4096	} else {
4097	/* Must be test specific line: try to parse it */
4098	int rv = t->meth->parse(t, pp->key, pp->value);
4099
4100	if (rv == 0) {
4101	TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
4102	return 0;
4103	}
4104	if (rv < 0) {
4105	TEST_info("Line %d: error processing keyword %s = %s\n",
4106	t->s.curr, pp->key, pp->value);
4107	return 0;
4108	}
4109	if (t->skip)
4110	return 0;
4111	}
4112	}
4113
4114	return 1;
4115	}
4116
4117	static int run_file_tests(int i)
4118	{
4119	EVP_TEST *t;
4120	const char *testfile = test_get_argument(i);
4121	int c;
4122
4123	if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
4124	return 0;
4125	if (!test_start_file(&t->s, testfile)) {
4126	OPENSSL_free(t);
4127	return 0;
4128	}
4129
4130	while (!BIO_eof(t->s.fp)) {
4131	c = parse(t);
4132	if (t->skip) {
4133	t->s.numskip++;
4134	continue;
4135	}
4136	if (c == 0 \|\| !run_test(t)) {
4137	t->s.errors++;
4138	break;
4139	}
4140	}
4141	test_end_file(&t->s);
4142	clear_test(t);
4143
4144	free_key_list(public_keys);
4145	free_key_list(private_keys);
4146	BIO_free(t->s.key);
4147	c = t->s.errors;
4148	OPENSSL_free(t);
4149	return c == 0;
4150	}
4151
4152	const OPTIONS *test_get_options(void)
4153	{
4154	static const OPTIONS test_options[] = {
4155	OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
4156	{ "config", OPT_CONFIG_FILE, '<',
4157	"The configuration file to use for the libctx" },
4158	{ "process", OPT_IN_PLACE, 's',
4159	"Mode for data processing by cipher tests [in_place/both], both by default"},
4160	{ "provider", OPT_PROVIDER_NAME, 's',
4161	"The provider to load (when no configuration file, the default value is 'default')" },
4162	{ "propquery", OPT_PROV_PROPQUERY, 's',
4163	"Property query used when fetching algorithms" },
4164	{ OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
4165	{ NULL }
4166	};
4167	return test_options;
4168	}
4169
4170	int setup_tests(void)
4171	{
4172	size_t n;
4173	char *config_file = NULL;
4174	char *provider_name = NULL;
4175
4176	OPTION_CHOICE o;
4177
4178	while ((o = opt_next()) != OPT_EOF) {
4179	switch (o) {
4180	case OPT_CONFIG_FILE:
4181	config_file = opt_arg();
4182	break;
4183	case OPT_IN_PLACE:
4184	if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1)
4185	return 0;
4186	break;
4187	case OPT_PROVIDER_NAME:
4188	provider_name = opt_arg();
4189	break;
4190	case OPT_PROV_PROPQUERY:
4191	propquery = opt_arg();
4192	break;
4193	case OPT_TEST_CASES:
4194	break;
4195	default:
4196	case OPT_ERR:
4197	return 0;
4198	}
4199	}
4200
4201	/*
4202	* Load the provider via configuration into the created library context.
4203	* Load the 'null' provider into the default library context to ensure that
4204	* the tests do not fallback to using the default provider.
4205	*/
4206	if (config_file == NULL && provider_name == NULL)
4207	provider_name = "default";
4208	if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name))
4209	return 0;
4210
4211	n = test_get_argument_count();
4212	if (n == 0)
4213	return 0;
4214
4215	ADD_ALL_TESTS(run_file_tests, n);
4216	return 1;
4217	}
4218
4219	void cleanup_tests(void)
4220	{
4221	OSSL_PROVIDER_unload(libprov);
4222	OSSL_PROVIDER_unload(prov_null);
4223	OSSL_LIB_CTX_free(libctx);
4224	}
4225
4226	static int is_digest_disabled(const char *name)
4227	{
4228	#ifdef OPENSSL_NO_BLAKE2
4229	if (HAS_CASE_PREFIX(name, "BLAKE"))
4230	return 1;
4231	#endif
4232	#ifdef OPENSSL_NO_MD2
4233	if (OPENSSL_strcasecmp(name, "MD2") == 0)
4234	return 1;
4235	#endif
4236	#ifdef OPENSSL_NO_MDC2
4237	if (OPENSSL_strcasecmp(name, "MDC2") == 0)
4238	return 1;
4239	#endif
4240	#ifdef OPENSSL_NO_MD4
4241	if (OPENSSL_strcasecmp(name, "MD4") == 0)
4242	return 1;
4243	#endif
4244	#ifdef OPENSSL_NO_MD5
4245	if (OPENSSL_strcasecmp(name, "MD5") == 0)
4246	return 1;
4247	#endif
4248	#ifdef OPENSSL_NO_RMD160
4249	if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
4250	return 1;
4251	#endif
4252	#ifdef OPENSSL_NO_SM3
4253	if (OPENSSL_strcasecmp(name, "SM3") == 0)
4254	return 1;
4255	#endif
4256	#ifdef OPENSSL_NO_WHIRLPOOL
4257	if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
4258	return 1;
4259	#endif
4260	return 0;
4261	}
4262
4263	static int is_pkey_disabled(const char *name)
4264	{
4265	#ifdef OPENSSL_NO_EC
4266	if (HAS_CASE_PREFIX(name, "EC"))
4267	return 1;
4268	#endif
4269	#ifdef OPENSSL_NO_DH
4270	if (HAS_CASE_PREFIX(name, "DH"))
4271	return 1;
4272	#endif
4273	#ifdef OPENSSL_NO_DSA
4274	if (HAS_CASE_PREFIX(name, "DSA"))
4275	return 1;
4276	#endif
4277	return 0;
4278	}
4279
4280	static int is_mac_disabled(const char *name)
4281	{
4282	#ifdef OPENSSL_NO_BLAKE2
4283	if (HAS_CASE_PREFIX(name, "BLAKE2BMAC")
4284	\|\| HAS_CASE_PREFIX(name, "BLAKE2SMAC"))
4285	return 1;
4286	#endif
4287	#ifdef OPENSSL_NO_CMAC
4288	if (HAS_CASE_PREFIX(name, "CMAC"))
4289	return 1;
4290	#endif
4291	#ifdef OPENSSL_NO_POLY1305
4292	if (HAS_CASE_PREFIX(name, "Poly1305"))
4293	return 1;
4294	#endif
4295	#ifdef OPENSSL_NO_SIPHASH
4296	if (HAS_CASE_PREFIX(name, "SipHash"))
4297	return 1;
4298	#endif
4299	return 0;
4300	}
4301	static int is_kdf_disabled(const char *name)
4302	{
4303	#ifdef OPENSSL_NO_SCRYPT
4304	if (HAS_CASE_SUFFIX(name, "SCRYPT"))
4305	return 1;
4306	#endif
4307	#ifdef OPENSSL_NO_ARGON2
4308	if (HAS_CASE_SUFFIX(name, "ARGON2"))
4309	return 1;
4310	#endif
4311	return 0;
4312	}
4313
4314	static int is_cipher_disabled(const char *name)
4315	{
4316	#ifdef OPENSSL_NO_ARIA
4317	if (HAS_CASE_PREFIX(name, "ARIA"))
4318	return 1;
4319	#endif
4320	#ifdef OPENSSL_NO_BF
4321	if (HAS_CASE_PREFIX(name, "BF"))
4322	return 1;
4323	#endif
4324	#ifdef OPENSSL_NO_CAMELLIA
4325	if (HAS_CASE_PREFIX(name, "CAMELLIA"))
4326	return 1;
4327	#endif
4328	#ifdef OPENSSL_NO_CAST
4329	if (HAS_CASE_PREFIX(name, "CAST"))
4330	return 1;
4331	#endif
4332	#ifdef OPENSSL_NO_CHACHA
4333	if (HAS_CASE_PREFIX(name, "CHACHA"))
4334	return 1;
4335	#endif
4336	#ifdef OPENSSL_NO_POLY1305
4337	if (HAS_CASE_SUFFIX(name, "Poly1305"))
4338	return 1;
4339	#endif
4340	#ifdef OPENSSL_NO_DES
4341	if (HAS_CASE_PREFIX(name, "DES"))
4342	return 1;
4343	if (HAS_CASE_SUFFIX(name, "3DESwrap"))
4344	return 1;
4345	#endif
4346	#ifdef OPENSSL_NO_OCB
4347	if (HAS_CASE_SUFFIX(name, "OCB"))
4348	return 1;
4349	#endif
4350	#ifdef OPENSSL_NO_IDEA
4351	if (HAS_CASE_PREFIX(name, "IDEA"))
4352	return 1;
4353	#endif
4354	#ifdef OPENSSL_NO_RC2
4355	if (HAS_CASE_PREFIX(name, "RC2"))
4356	return 1;
4357	#endif
4358	#ifdef OPENSSL_NO_RC4
4359	if (HAS_CASE_PREFIX(name, "RC4"))
4360	return 1;
4361	#endif
4362	#ifdef OPENSSL_NO_RC5
4363	if (HAS_CASE_PREFIX(name, "RC5"))
4364	return 1;
4365	#endif
4366	#ifdef OPENSSL_NO_SEED
4367	if (HAS_CASE_PREFIX(name, "SEED"))
4368	return 1;
4369	#endif
4370	#ifdef OPENSSL_NO_SIV
4371	if (HAS_CASE_SUFFIX(name, "SIV"))
4372	return 1;
4373	#endif
4374	#ifdef OPENSSL_NO_SM4
4375	if (HAS_CASE_PREFIX(name, "SM4"))
4376	return 1;
4377	#endif
4378	return 0;
4379	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.3.2/test/evp_test.c@ 108358

以其他格式下載: