evp_test.c 55.2 KB
Newer Older
B
Ben Laurie 已提交
1
/*
R
Rich Salz 已提交
2
 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
B
Ben Laurie 已提交
3
 *
R
Rich Salz 已提交
4 5 6 7
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
B
Ben Laurie 已提交
8 9 10 11
 */

#include <stdio.h>
#include <string.h>
12 13
#include <stdlib.h>
#include <ctype.h>
B
Ben Laurie 已提交
14
#include <openssl/evp.h>
15
#include <openssl/pem.h>
16
#include <openssl/err.h>
17
#include <openssl/x509v3.h>
D
Dr. Stephen Henson 已提交
18
#include <openssl/pkcs12.h>
19
#include <openssl/kdf.h>
D
Dr. Stephen Henson 已提交
20
#include "internal/numbers.h"
B
Ben Laurie 已提交
21

22 23 24
/* Remove spaces from beginning and end of a string */

static void remove_space(char **pval)
25
{
26
    unsigned char *p = (unsigned char *)*pval;
27

28 29 30 31 32 33 34 35 36 37
    while (isspace(*p))
        p++;

    *pval = (char *)p;

    p = p + strlen(*pval) - 1;

    /* Remove trailing space */
    while (isspace(*p))
        *p-- = 0;
38
}
B
Ben Laurie 已提交
39

40 41 42 43 44 45 46
/*
 * Given a line of the form:
 *      name = value # comment
 * extract name and value. NB: modifies passed buffer.
 */

static int parse_line(char **pkw, char **pval, char *linebuf)
47
{
48
    char *p;
B
Ben Laurie 已提交
49

50
    p = linebuf + strlen(linebuf) - 1;
51

52 53 54
    if (*p != '\n') {
        fprintf(stderr, "FATAL: missing EOL\n");
        exit(1);
B
Ben Laurie 已提交
55 56
    }

57
    /* Look for # */
58

59
    p = strchr(linebuf, '#');
60

61 62
    if (p)
        *p = '\0';
63

64 65
    /* Look for = sign */
    p = strchr(linebuf, '=');
66

67 68 69
    /* If no '=' exit */
    if (!p)
        return 0;
70

71
    *p++ = '\0';
72

73 74
    *pkw = linebuf;
    *pval = p;
75

76 77 78 79 80
    /* Remove spaces from keyword and value */
    remove_space(pkw);
    remove_space(pval);

    return 1;
81
}
B
Ben Laurie 已提交
82

E
Emilia Kasper 已提交
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
/*
 * Unescape some escape sequences in string literals.
 * Return the result in a newly allocated buffer.
 * Currently only supports '\n'.
 * If the input length is 0, returns a valid 1-byte buffer, but sets
 * the length to 0.
 */
static unsigned char* unescape(const char *input, size_t input_len,
                               size_t *out_len)
{
    unsigned char *ret, *p;
    size_t i;
    if (input_len == 0) {
        *out_len = 0;
        return OPENSSL_zalloc(1);
    }

    /* Escaping is non-expanding; over-allocate original size for simplicity. */
    ret = p = OPENSSL_malloc(input_len);
    if (ret == NULL)
        return NULL;

    for (i = 0; i < input_len; i++) {
        if (input[i] == '\\') {
            if (i == input_len - 1 || input[i+1] != 'n')
                goto err;
            *p++ = '\n';
            i++;
        } else {
            *p++ = input[i];
        }
    }

    *out_len = p - ret;
    return ret;

 err:
    OPENSSL_free(ret);
    return NULL;
}

124 125
/* For a hex string "value" convert to a binary allocated buffer */
static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
126
{
127
    long len;
D
Dr. Stephen Henson 已提交
128 129

    *buflen = 0;
130
    if (!*value) {
E
Emilia Kasper 已提交
131 132 133 134 135 136
        /*
         * Don't return NULL for zero length buffer.
         * This is needed for some tests with empty keys: HMAC_Init_ex() expects
         * a non-NULL key buffer even if the key length is 0, in order to detect
         * key reset.
         */
137 138 139 140 141 142 143
        *buf = OPENSSL_malloc(1);
        if (!*buf)
            return 0;
        **buf = 0;
        *buflen = 0;
        return 1;
    }
D
Dr. Stephen Henson 已提交
144 145 146 147 148 149 150 151
    /* Check for string literal */
    if (value[0] == '"') {
        size_t vlen;
        value++;
        vlen = strlen(value);
        if (value[vlen - 1] != '"')
            return 0;
        vlen--;
E
Emilia Kasper 已提交
152 153 154
        *buf = unescape(value, vlen, buflen);
        if (*buf == NULL)
            return 0;
D
Dr. Stephen Henson 已提交
155 156
        return 1;
    }
E
Emilia Kasper 已提交
157

158
    *buf = OPENSSL_hexstr2buf(value, &len);
159 160 161 162 163 164 165 166
    if (!*buf) {
        fprintf(stderr, "Value=%s\n", value);
        ERR_print_errors_fp(stderr);
        return -1;
    }
    /* Size of input buffer means we'll never overflow */
    *buflen = len;
    return 1;
167
}
M
Matt Caswell 已提交
168 169
#ifndef OPENSSL_NO_SCRYPT
/* Currently only used by scrypt tests */
D
Dr. Stephen Henson 已提交
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
/* Parse unsigned decimal 64 bit integer value */
static int test_uint64(const char *value, uint64_t *pr)
{
    const char *p = value;
    if (!*p) {
        fprintf(stderr, "Invalid empty integer value\n");
        return -1;
    }
    *pr = 0;
    while (*p) {
        if (*pr > UINT64_MAX/10) {
            fprintf(stderr, "Integer string overflow value=%s\n", value);
            return -1;
        }
        *pr *= 10;
        if (*p < '0' || *p > '9') {
            fprintf(stderr, "Invalid integer string value=%s\n", value);
            return -1;
        }
        *pr += *p - '0';
        p++;
    }
    return 1;
}
M
Matt Caswell 已提交
194
#endif
195

196 197
/* Structure holding test information */
struct evp_test {
198
    /* file being read */
199
    BIO *in;
200 201
    /* temp memory BIO for reading in keys */
    BIO *key;
202 203 204
    /* List of public and private keys */
    struct key_list *private;
    struct key_list *public;
205 206 207 208 209 210 211
    /* method for this test */
    const struct evp_test_method *meth;
    /* current line being processed */
    unsigned int line;
    /* start line of current test */
    unsigned int start_line;
    /* Error string for test */
212
    const char *err, *aux_err;
213 214
    /* Expected error value of test */
    char *expected_err;
215 216 217 218
    /* Expected error function string */
    char *func;
    /* Expected error reason string */
    char *reason;
219 220 221 222
    /* Number of tests */
    int ntests;
    /* Error count */
    int errors;
D
Dr. Stephen Henson 已提交
223 224
    /* Number of tests skipped */
    int nskip;
D
Dr. Stephen Henson 已提交
225
    /* If output mismatch expected and got value */
E
Emilia Kasper 已提交
226 227
    unsigned char *out_received;
    size_t out_received_len;
D
Dr. Stephen Henson 已提交
228
    unsigned char *out_expected;
E
Emilia Kasper 已提交
229
    size_t out_expected_len;
230 231
    /* test specific data */
    void *data;
D
Dr. Stephen Henson 已提交
232 233
    /* Current test should be skipped */
    int skip;
234
};
235 236 237 238 239 240 241

struct key_list {
    char *name;
    EVP_PKEY *key;
    struct key_list *next;
};

242 243 244 245 246 247 248 249 250 251 252 253 254 255 256
/* Test method structure */
struct evp_test_method {
    /* Name of test as it appears in file */
    const char *name;
    /* Initialise test for "alg" */
    int (*init) (struct evp_test * t, const char *alg);
    /* Clean up method */
    void (*cleanup) (struct evp_test * t);
    /* Test specific name value pair processing */
    int (*parse) (struct evp_test * t, const char *name, const char *value);
    /* Run the test itself */
    int (*run_test) (struct evp_test * t);
};

static const struct evp_test_method digest_test_method, cipher_test_method;
257
static const struct evp_test_method mac_test_method;
258 259 260
static const struct evp_test_method psign_test_method, pverify_test_method;
static const struct evp_test_method pdecrypt_test_method;
static const struct evp_test_method pverify_recover_test_method;
261
static const struct evp_test_method pderive_test_method;
D
Dr. Stephen Henson 已提交
262
static const struct evp_test_method pbe_test_method;
E
Emilia Kasper 已提交
263
static const struct evp_test_method encode_test_method;
264
static const struct evp_test_method kdf_test_method;
265 266 267 268

static const struct evp_test_method *evp_test_list[] = {
    &digest_test_method,
    &cipher_test_method,
D
Dr. Stephen Henson 已提交
269
    &mac_test_method,
270 271 272 273
    &psign_test_method,
    &pverify_test_method,
    &pdecrypt_test_method,
    &pverify_recover_test_method,
274
    &pderive_test_method,
D
Dr. Stephen Henson 已提交
275
    &pbe_test_method,
E
Emilia Kasper 已提交
276
    &encode_test_method,
277
    &kdf_test_method,
D
Dr. Stephen Henson 已提交
278
    NULL
279 280 281
};

static const struct evp_test_method *evp_find_test(const char *name)
282
{
283
    const struct evp_test_method **tt;
R
Rich Salz 已提交
284

285
    for (tt = evp_test_list; *tt; tt++) {
R
Rich Salz 已提交
286
        if (strcmp(name, (*tt)->name) == 0)
287 288 289
            return *tt;
    }
    return NULL;
290 291
}

D
Dr. Stephen Henson 已提交
292 293 294 295 296 297 298 299 300
static void hex_print(const char *name, const unsigned char *buf, size_t len)
{
    size_t i;
    fprintf(stderr, "%s ", name);
    for (i = 0; i < len; i++)
        fprintf(stderr, "%02X", buf[i]);
    fputs("\n", stderr);
}

D
Dr. Stephen Henson 已提交
301 302
static void free_expected(struct evp_test *t)
{
R
Rich Salz 已提交
303 304
    OPENSSL_free(t->expected_err);
    t->expected_err = NULL;
305 306 307 308
    OPENSSL_free(t->func);
    t->func = NULL;
    OPENSSL_free(t->reason);
    t->reason = NULL;
R
Rich Salz 已提交
309
    OPENSSL_free(t->out_expected);
E
Emilia Kasper 已提交
310
    OPENSSL_free(t->out_received);
R
Rich Salz 已提交
311
    t->out_expected = NULL;
E
Emilia Kasper 已提交
312 313 314 315 316
    t->out_received = NULL;
    t->out_expected_len = 0;
    t->out_received_len = 0;
    /* Literals. */
    t->err = NULL;
D
Dr. Stephen Henson 已提交
317 318
}

D
Dr. Stephen Henson 已提交
319 320
static void print_expected(struct evp_test *t)
{
E
Emilia Kasper 已提交
321
    if (t->out_expected == NULL && t->out_received == NULL)
D
Dr. Stephen Henson 已提交
322
        return;
E
Emilia Kasper 已提交
323 324
    hex_print("Expected:", t->out_expected, t->out_expected_len);
    hex_print("Got:     ", t->out_received, t->out_received_len);
D
Dr. Stephen Henson 已提交
325
    free_expected(t);
D
Dr. Stephen Henson 已提交
326 327
}

328
static int check_test_error(struct evp_test *t)
329
{
330 331 332
    unsigned long err;
    const char *func;
    const char *reason;
333 334 335
    if (!t->err && !t->expected_err)
        return 1;
    if (t->err && !t->expected_err) {
336 337 338 339 340 341 342
        if (t->aux_err != NULL) {
            fprintf(stderr, "Test line %d(%s): unexpected error %s\n",
                    t->start_line, t->aux_err, t->err);
        } else {
            fprintf(stderr, "Test line %d: unexpected error %s\n",
                    t->start_line, t->err);
        }
D
Dr. Stephen Henson 已提交
343
        print_expected(t);
344
        return 0;
345
    }
346 347 348 349 350
    if (!t->err && t->expected_err) {
        fprintf(stderr, "Test line %d: succeeded expecting %s\n",
                t->start_line, t->expected_err);
        return 0;
    }
351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376

    if (strcmp(t->err, t->expected_err) != 0) {
        fprintf(stderr, "Test line %d: expecting %s got %s\n",
                t->start_line, t->expected_err, t->err);
        return 0;
    }

    if (t->func == NULL && t->reason == NULL)
        return 1;

    if (t->func == NULL || t->reason == NULL) {
        fprintf(stderr, "Test line %d: missing function or reason code\n",
                t->start_line);
        return 0;
    }

    err = ERR_peek_error();
    if (err == 0) {
        fprintf(stderr, "Test line %d, expected error \"%s:%s\" not set\n",
                t->start_line, t->func, t->reason);
        return 0;
    }

    func = ERR_func_error_string(err);
    reason = ERR_reason_error_string(err);

377 378 379 380 381 382
    if (func == NULL && reason == NULL) {
        fprintf(stderr, "Test line %d: expected error \"%s:%s\", no strings available.  Skipping...\n",
                t->start_line, t->func, t->reason);
        return 1;
    }

383
    if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0)
384
        return 1;
D
 
Dr. Stephen Henson 已提交
385

386 387 388
    fprintf(stderr, "Test line %d: expected error \"%s:%s\", got \"%s:%s\"\n",
            t->start_line, t->func, t->reason, func, reason);

389 390
    return 0;
}
391

392
/* Setup a new test, run any existing test */
393

394 395 396 397 398
static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth)
{
    /* If we already have a test set up run it */
    if (t->meth) {
        t->ntests++;
D
Dr. Stephen Henson 已提交
399 400
        if (t->skip) {
            t->nskip++;
401 402
        } else {
            /* run the test */
403
            if (t->err == NULL && t->meth->run_test(t) != 1) {
404 405 406 407 408 409 410 411 412
                fprintf(stderr, "%s test error line %d\n",
                        t->meth->name, t->start_line);
                return 0;
            }
            if (!check_test_error(t)) {
                if (t->err)
                    ERR_print_errors_fp(stderr);
                t->errors++;
            }
413
        }
414
        /* clean it up */
415
        ERR_clear_error();
416 417 418 419 420
        if (t->data != NULL) {
            t->meth->cleanup(t);
            OPENSSL_free(t->data);
            t->data = NULL;
        }
R
Rich Salz 已提交
421 422
        OPENSSL_free(t->expected_err);
        t->expected_err = NULL;
D
Dr. Stephen Henson 已提交
423
        free_expected(t);
424 425 426 427
    }
    t->meth = tmeth;
    return 1;
}
428

D
Dr. Stephen Henson 已提交
429
static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst)
430 431
{
    for (; lst; lst = lst->next) {
R
Rich Salz 已提交
432
        if (strcmp(lst->name, name) == 0) {
D
Dr. Stephen Henson 已提交
433 434 435 436
            if (ppk)
                *ppk = lst->key;
            return 1;
        }
437
    }
D
Dr. Stephen Henson 已提交
438
    return 0;
439 440 441 442
}

static void free_key_list(struct key_list *lst)
{
443
    while (lst != NULL) {
D
Dr. Stephen Henson 已提交
444
        struct key_list *ltmp;
445 446
        EVP_PKEY_free(lst->key);
        OPENSSL_free(lst->name);
D
Dr. Stephen Henson 已提交
447 448 449
        ltmp = lst->next;
        OPENSSL_free(lst);
        lst = ltmp;
450 451 452
    }
}

D
Dr. Stephen Henson 已提交
453 454 455 456
static int check_unsupported()
{
    long err = ERR_peek_error();
    if (ERR_GET_LIB(err) == ERR_LIB_EVP
D
Dr. Stephen Henson 已提交
457
        && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) {
D
Dr. Stephen Henson 已提交
458 459 460 461 462 463
        ERR_clear_error();
        return 1;
    }
    return 0;
}

464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489

static int read_key(struct evp_test *t)
{
    char tmpbuf[80];
    if (t->key == NULL)
        t->key = BIO_new(BIO_s_mem());
    else if (BIO_reset(t->key) <= 0)
        return 0;
    if (t->key == NULL) {
        fprintf(stderr, "Error allocating key memory BIO\n");
        return 0;
    }
    /* Read to PEM end line and place content in memory BIO */
    while (BIO_gets(t->in, tmpbuf, sizeof(tmpbuf))) {
        t->line++;
        if (BIO_puts(t->key, tmpbuf) <= 0) {
            fprintf(stderr, "Error writing to key memory BIO\n");
            return 0;
        }
        if (strncmp(tmpbuf, "-----END", 8) == 0)
            return 1;
    }
    fprintf(stderr, "Can't find key end\n");
    return 0;
}

490 491
static int process_test(struct evp_test *t, char *buf, int verbose)
{
492
    char *keyword = NULL, *value = NULL;
D
Dr. Stephen Henson 已提交
493
    int rv = 0, add_key = 0;
494
    struct key_list **lst = NULL, *key = NULL;
495
    EVP_PKEY *pk = NULL;
496
    const struct evp_test_method *tmeth = NULL;
497 498 499 500
    if (verbose)
        fputs(buf, stdout);
    if (!parse_line(&keyword, &value, buf))
        return 1;
R
Rich Salz 已提交
501
    if (strcmp(keyword, "PrivateKey") == 0) {
502 503 504
        if (!read_key(t))
            return 0;
        pk = PEM_read_bio_PrivateKey(t->key, NULL, 0, NULL);
D
Dr. Stephen Henson 已提交
505
        if (pk == NULL && !check_unsupported()) {
506 507 508 509 510
            fprintf(stderr, "Error reading private key %s\n", value);
            ERR_print_errors_fp(stderr);
            return 0;
        }
        lst = &t->private;
D
Dr. Stephen Henson 已提交
511
        add_key = 1;
512
    }
R
Rich Salz 已提交
513
    if (strcmp(keyword, "PublicKey") == 0) {
514 515 516
        if (!read_key(t))
            return 0;
        pk = PEM_read_bio_PUBKEY(t->key, NULL, 0, NULL);
D
Dr. Stephen Henson 已提交
517
        if (pk == NULL && !check_unsupported()) {
518 519 520 521 522
            fprintf(stderr, "Error reading public key %s\n", value);
            ERR_print_errors_fp(stderr);
            return 0;
        }
        lst = &t->public;
D
Dr. Stephen Henson 已提交
523
        add_key = 1;
524 525
    }
    /* If we have a key add to list */
D
Dr. Stephen Henson 已提交
526 527
    if (add_key) {
        if (find_key(NULL, value, *lst)) {
528 529 530
            fprintf(stderr, "Duplicate key %s\n", value);
            return 0;
        }
R
Rich Salz 已提交
531
        key = OPENSSL_malloc(sizeof(*key));
532 533
        if (!key)
            return 0;
R
Rich Salz 已提交
534
        key->name = OPENSSL_strdup(value);
535 536 537
        key->key = pk;
        key->next = *lst;
        *lst = key;
538
        return 1;
539 540
    }

541 542 543 544 545 546
    /* See if keyword corresponds to a test start */
    tmeth = evp_find_test(keyword);
    if (tmeth) {
        if (!setup_test(t, tmeth))
            return 0;
        t->start_line = t->line;
D
Dr. Stephen Henson 已提交
547
        t->skip = 0;
548 549 550
        if (!tmeth->init(t, value)) {
            fprintf(stderr, "Unknown %s: %s\n", keyword, value);
            return 0;
551
        }
552
        return 1;
D
Dr. Stephen Henson 已提交
553 554
    } else if (t->skip) {
        return 1;
R
Rich Salz 已提交
555
    } else if (strcmp(keyword, "Result") == 0) {
556 557 558
        if (t->expected_err) {
            fprintf(stderr, "Line %d: multiple result lines\n", t->line);
            return 0;
559
        }
R
Rich Salz 已提交
560
        t->expected_err = OPENSSL_strdup(value);
561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577
        if (t->expected_err == NULL)
            return 0;
    } else if (strcmp(keyword, "Function") == 0) {
        if (t->func != NULL) {
            fprintf(stderr, "Line %d: multiple function lines\n", t->line);
            return 0;
        }
        t->func = OPENSSL_strdup(value);
        if (t->func == NULL)
            return 0;
    } else if (strcmp(keyword, "Reason") == 0) {
        if (t->reason != NULL) {
            fprintf(stderr, "Line %d: multiple reason lines\n", t->line);
            return 0;
        }
        t->reason = OPENSSL_strdup(value);
        if (t->reason == NULL)
578 579 580 581 582 583 584 585 586 587 588 589 590 591 592
            return 0;
    } else {
        /* Must be test specific line: try to parse it */
        if (t->meth)
            rv = t->meth->parse(t, keyword, value);

        if (rv == 0)
            fprintf(stderr, "line %d: unexpected keyword %s\n",
                    t->line, keyword);

        if (rv < 0)
            fprintf(stderr, "line %d: error processing keyword %s\n",
                    t->line, keyword);
        if (rv <= 0)
            return 0;
593
    }
594 595
    return 1;
}
596

E
Emilia Kasper 已提交
597 598 599 600 601
static int check_var_length_output(struct evp_test *t,
                                   const unsigned char *expected,
                                   size_t expected_len,
                                   const unsigned char *received,
                                   size_t received_len)
D
Dr. Stephen Henson 已提交
602
{
E
Emilia Kasper 已提交
603 604
    if (expected_len == received_len &&
        memcmp(expected, received, expected_len) == 0) {
D
Dr. Stephen Henson 已提交
605
        return 0;
E
Emilia Kasper 已提交
606 607 608
    }

    /* The result printing code expects a non-NULL buffer. */
R
Rich Salz 已提交
609
    t->out_expected = OPENSSL_memdup(expected, expected_len ? expected_len : 1);
E
Emilia Kasper 已提交
610
    t->out_expected_len = expected_len;
R
Rich Salz 已提交
611
    t->out_received = OPENSSL_memdup(received, received_len ? received_len : 1);
E
Emilia Kasper 已提交
612 613
    t->out_received_len = received_len;
    if (t->out_expected == NULL || t->out_received == NULL) {
D
Dr. Stephen Henson 已提交
614 615 616 617 618 619
        fprintf(stderr, "Memory allocation error!\n");
        exit(1);
    }
    return 1;
}

E
Emilia Kasper 已提交
620 621 622 623 624 625 626 627
static int check_output(struct evp_test *t,
                        const unsigned char *expected,
                        const unsigned char *received,
                        size_t len)
{
    return check_var_length_output(t, expected, len, received, len);
}

628 629
int main(int argc, char **argv)
{
630
    BIO *in = NULL;
631 632
    char buf[10240];
    struct evp_test t;
633

D
Dr. Stephen Henson 已提交
634 635 636 637 638
    if (argc != 2) {
        fprintf(stderr, "usage: evp_test testfile.txt\n");
        return 1;
    }

639 640
    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

D
Dr. Stephen Henson 已提交
641
    memset(&t, 0, sizeof(t));
642
    t.start_line = -1;
643
    in = BIO_new_file(argv[1], "r");
R
Rich Salz 已提交
644 645 646 647
    if (in == NULL) {
        fprintf(stderr, "Can't open %s for reading\n", argv[1]);
        return 1;
    }
648
    t.in = in;
649
    t.err = NULL;
650
    while (BIO_gets(in, buf, sizeof(buf))) {
651 652 653 654 655 656 657
        t.line++;
        if (!process_test(&t, buf, 0))
            exit(1);
    }
    /* Run any final test we have */
    if (!setup_test(&t, NULL))
        exit(1);
D
Dr. Stephen Henson 已提交
658 659
    fprintf(stderr, "%d tests completed with %d errors, %d skipped\n",
            t.ntests, t.errors, t.nskip);
660 661
    free_key_list(t.public);
    free_key_list(t.private);
662
    BIO_free(t.key);
663
    BIO_free(in);
664

665
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
666 667
    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
        return 1;
R
Rich Salz 已提交
668
#endif
669 670
    if (t.errors)
        return 1;
671
    return 0;
672 673
}

674
static void test_free(void *d)
675
{
R
Rich Salz 已提交
676
    OPENSSL_free(d);
677
}
B
Ben Laurie 已提交
678

679
/* Message digest tests */
B
Ben Laurie 已提交
680

681 682 683 684 685 686
struct digest_data {
    /* Digest this test is for */
    const EVP_MD *digest;
    /* Input to digest */
    unsigned char *input;
    size_t input_len;
687 688
    /* Repeat count for input */
    size_t nrpt;
689 690 691 692
    /* Expected output */
    unsigned char *output;
    size_t output_len;
};
B
Ben Laurie 已提交
693

694 695 696
static int digest_test_init(struct evp_test *t, const char *alg)
{
    const EVP_MD *digest;
A
Alessandro Ghedini 已提交
697
    struct digest_data *mdat;
698
    digest = EVP_get_digestbyname(alg);
699 700 701 702 703 704
    if (!digest) {
        /* If alg has an OID assume disabled algorithm */
        if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
            t->skip = 1;
            return 1;
        }
705
        return 0;
706
    }
R
Rich Salz 已提交
707
    mdat = OPENSSL_malloc(sizeof(*mdat));
708 709 710
    mdat->digest = digest;
    mdat->input = NULL;
    mdat->output = NULL;
711
    mdat->nrpt = 1;
712
    t->data = mdat;
B
Ben Laurie 已提交
713
    return 1;
714
}
B
Ben Laurie 已提交
715

716 717 718 719 720 721 722 723 724 725 726
static void digest_test_cleanup(struct evp_test *t)
{
    struct digest_data *mdat = t->data;
    test_free(mdat->input);
    test_free(mdat->output);
}

static int digest_test_parse(struct evp_test *t,
                             const char *keyword, const char *value)
{
    struct digest_data *mdata = t->data;
R
Rich Salz 已提交
727
    if (strcmp(keyword, "Input") == 0)
728
        return test_bin(value, &mdata->input, &mdata->input_len);
R
Rich Salz 已提交
729
    if (strcmp(keyword, "Output") == 0)
730
        return test_bin(value, &mdata->output, &mdata->output_len);
R
Rich Salz 已提交
731
    if (strcmp(keyword, "Count") == 0) {
732 733 734 735 736 737
        long nrpt = atoi(value);
        if (nrpt <= 0)
            return 0;
        mdata->nrpt = (size_t)nrpt;
        return 1;
    }
738 739 740 741
    return 0;
}

static int digest_test_run(struct evp_test *t)
742
{
743
    struct digest_data *mdata = t->data;
744
    size_t i;
745 746
    const char *err = "INTERNAL_ERROR";
    EVP_MD_CTX *mctx;
B
Ben Laurie 已提交
747
    unsigned char md[EVP_MAX_MD_SIZE];
748
    unsigned int md_len;
749
    mctx = EVP_MD_CTX_new();
750 751 752 753 754 755
    if (!mctx)
        goto err;
    err = "DIGESTINIT_ERROR";
    if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL))
        goto err;
    err = "DIGESTUPDATE_ERROR";
756 757 758 759
    for (i = 0; i < mdata->nrpt; i++) {
        if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len))
            goto err;
    }
760 761 762 763 764 765 766
    err = "DIGESTFINAL_ERROR";
    if (!EVP_DigestFinal(mctx, md, &md_len))
        goto err;
    err = "DIGEST_LENGTH_MISMATCH";
    if (md_len != mdata->output_len)
        goto err;
    err = "DIGEST_MISMATCH";
D
Dr. Stephen Henson 已提交
767
    if (check_output(t, mdata->output, md, md_len))
768 769 770
        goto err;
    err = NULL;
 err:
771
    EVP_MD_CTX_free(mctx);
772
    t->err = err;
D
Dr. Stephen Henson 已提交
773
    return 1;
774
}
B
Ben Laurie 已提交
775

776 777 778 779 780 781 782 783 784 785 786 787
static const struct evp_test_method digest_test_method = {
    "Digest",
    digest_test_init,
    digest_test_cleanup,
    digest_test_parse,
    digest_test_run
};

/* Cipher tests */
struct cipher_data {
    const EVP_CIPHER *cipher;
    int enc;
788
    /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809
    int aead;
    unsigned char *key;
    size_t key_len;
    unsigned char *iv;
    size_t iv_len;
    unsigned char *plaintext;
    size_t plaintext_len;
    unsigned char *ciphertext;
    size_t ciphertext_len;
    /* GCM, CCM only */
    unsigned char *aad;
    size_t aad_len;
    unsigned char *tag;
    size_t tag_len;
};

static int cipher_test_init(struct evp_test *t, const char *alg)
{
    const EVP_CIPHER *cipher;
    struct cipher_data *cdat = t->data;
    cipher = EVP_get_cipherbyname(alg);
810 811 812 813 814 815
    if (!cipher) {
        /* If alg has an OID assume disabled algorithm */
        if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
            t->skip = 1;
            return 1;
        }
816
        return 0;
817
    }
R
Rich Salz 已提交
818
    cdat = OPENSSL_malloc(sizeof(*cdat));
819 820 821 822 823 824 825 826 827 828
    cdat->cipher = cipher;
    cdat->enc = -1;
    cdat->key = NULL;
    cdat->iv = NULL;
    cdat->ciphertext = NULL;
    cdat->plaintext = NULL;
    cdat->aad = NULL;
    cdat->tag = NULL;
    t->data = cdat;
    if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE
829
        || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE
830 831
        || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
        cdat->aead = EVP_CIPHER_mode(cipher);
832 833
    else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
        cdat->aead = -1;
834 835
    else
        cdat->aead = 0;
B
Ben Laurie 已提交
836

837 838
    return 1;
}
B
Ben Laurie 已提交
839

840 841 842 843 844 845 846 847 848 849
static void cipher_test_cleanup(struct evp_test *t)
{
    struct cipher_data *cdat = t->data;
    test_free(cdat->key);
    test_free(cdat->iv);
    test_free(cdat->ciphertext);
    test_free(cdat->plaintext);
    test_free(cdat->aad);
    test_free(cdat->tag);
}
B
Ben Laurie 已提交
850

851 852 853 854
static int cipher_test_parse(struct evp_test *t, const char *keyword,
                             const char *value)
{
    struct cipher_data *cdat = t->data;
R
Rich Salz 已提交
855
    if (strcmp(keyword, "Key") == 0)
856
        return test_bin(value, &cdat->key, &cdat->key_len);
R
Rich Salz 已提交
857
    if (strcmp(keyword, "IV") == 0)
858
        return test_bin(value, &cdat->iv, &cdat->iv_len);
R
Rich Salz 已提交
859
    if (strcmp(keyword, "Plaintext") == 0)
860
        return test_bin(value, &cdat->plaintext, &cdat->plaintext_len);
R
Rich Salz 已提交
861
    if (strcmp(keyword, "Ciphertext") == 0)
862 863
        return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
    if (cdat->aead) {
R
Rich Salz 已提交
864
        if (strcmp(keyword, "AAD") == 0)
865
            return test_bin(value, &cdat->aad, &cdat->aad_len);
R
Rich Salz 已提交
866
        if (strcmp(keyword, "Tag") == 0)
867
            return test_bin(value, &cdat->tag, &cdat->tag_len);
868
    }
B
Ben Laurie 已提交
869

R
Rich Salz 已提交
870 871
    if (strcmp(keyword, "Operation") == 0) {
        if (strcmp(value, "ENCRYPT") == 0)
872
            cdat->enc = 1;
R
Rich Salz 已提交
873
        else if (strcmp(value, "DECRYPT") == 0)
874 875 876 877
            cdat->enc = 0;
        else
            return 0;
        return 1;
878
    }
879
    return 0;
880
}
B
Ben Laurie 已提交
881

882
static int cipher_test_enc(struct evp_test *t, int enc,
883
                           size_t out_misalign, size_t inp_misalign, int frag)
884
{
885 886
    struct cipher_data *cdat = t->data;
    unsigned char *in, *out, *tmp = NULL;
887 888
    size_t in_len, out_len, donelen = 0;
    int tmplen, chunklen, tmpflen;
889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905
    EVP_CIPHER_CTX *ctx = NULL;
    const char *err;
    err = "INTERNAL_ERROR";
    ctx = EVP_CIPHER_CTX_new();
    if (!ctx)
        goto err;
    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
    if (enc) {
        in = cdat->plaintext;
        in_len = cdat->plaintext_len;
        out = cdat->ciphertext;
        out_len = cdat->ciphertext_len;
    } else {
        in = cdat->ciphertext;
        in_len = cdat->ciphertext_len;
        out = cdat->plaintext;
        out_len = cdat->plaintext_len;
906
    }
907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931
    if (inp_misalign == (size_t)-1) {
        /*
         * Exercise in-place encryption
         */
        tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
        if (!tmp)
            goto err;
        in = memcpy(tmp + out_misalign, in, in_len);
    } else {
        inp_misalign += 16 - ((out_misalign + in_len) & 15);
        /*
         * 'tmp' will store both output and copy of input. We make the copy
         * of input to specifically aligned part of 'tmp'. So we just
         * figured out how much padding would ensure the required alignment,
         * now we allocate extended buffer and finally copy the input just
         * past inp_misalign in expression below. Output will be written
         * past out_misalign...
         */
        tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
                             inp_misalign + in_len);
        if (!tmp)
            goto err;
        in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
                    inp_misalign, in, in_len);
    }
932 933 934 935 936
    err = "CIPHERINIT_ERROR";
    if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc))
        goto err;
    err = "INVALID_IV_LENGTH";
    if (cdat->iv) {
937 938
        if (cdat->aead) {
            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
939 940 941 942
                                     cdat->iv_len, 0))
                goto err;
        } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
            goto err;
943
    }
944 945 946
    if (cdat->aead) {
        unsigned char *tag;
        /*
947 948
         * If encrypting or OCB just set tag length initially, otherwise
         * set tag length and value.
949
         */
950
        if (enc || cdat->aead == EVP_CIPH_OCB_MODE) {
951 952
            err = "TAG_LENGTH_SET_ERROR";
            tag = NULL;
953
        } else {
954 955
            err = "TAG_SET_ERROR";
            tag = cdat->tag;
956
        }
957 958
        if (tag || cdat->aead != EVP_CIPH_GCM_MODE) {
            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
D
Dr. Stephen Henson 已提交
959
                                     cdat->tag_len, tag))
960
                goto err;
961
        }
962
    }
963

964 965 966 967 968 969 970
    err = "INVALID_KEY_LENGTH";
    if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len))
        goto err;
    err = "KEY_SET_ERROR";
    if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1))
        goto err;

971 972 973
    if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) {
        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
                                 cdat->tag_len, cdat->tag)) {
D
Dr. Stephen Henson 已提交
974 975
            err = "TAG_SET_ERROR";
            goto err;
976 977 978
        }
    }

979 980 981 982
    if (cdat->aead == EVP_CIPH_CCM_MODE) {
        if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
            err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
            goto err;
983 984
        }
    }
985
    if (cdat->aad) {
986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009
        err = "AAD_SET_ERROR";
        if (!frag) {
            if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad,
                                  cdat->aad_len))
                goto err;
        } else {
            /*
             * Supply the AAD in chunks less than the block size where possible
             */
            if (cdat->aad_len > 0) {
                if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, 1))
                    goto err;
                donelen++;
            }
            if (cdat->aad_len > 2) {
                if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad + donelen,
                                      cdat->aad_len - 2))
                    goto err;
                donelen += cdat->aad_len - 2;
            }
            if (cdat->aad_len > 1
                    && !EVP_CipherUpdate(ctx, NULL, &chunklen,
                                         cdat->aad + donelen, 1))
                goto err;
1010 1011 1012 1013
        }
    }
    EVP_CIPHER_CTX_set_padding(ctx, 0);
    err = "CIPHERUPDATE_ERROR";
1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024
    tmplen = 0;
    if (!frag) {
        /* We supply the data all in one go */
        if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
            goto err;
    } else {
        /* Supply the data in chunks less than the block size where possible */
        if (in_len > 0) {
            if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
                goto err;
            tmplen += chunklen;
1025 1026
            in++;
            in_len--;
1027
        }
1028
        if (in_len > 1) {
1029
            if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1030
                                  in, in_len - 1))
1031 1032
                goto err;
            tmplen += chunklen;
1033 1034
            in += in_len - 1;
            in_len = 1;
1035
        }
1036
        if (in_len > 0 ) {
1037
            if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1038
                                  in, 1))
1039 1040 1041 1042
                goto err;
            tmplen += chunklen;
        }
    }
1043 1044 1045 1046
    if (cdat->aead == EVP_CIPH_CCM_MODE)
        tmpflen = 0;
    else {
        err = "CIPHERFINAL_ERROR";
1047
        if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen))
1048 1049 1050 1051 1052 1053
            goto err;
    }
    err = "LENGTH_MISMATCH";
    if (out_len != (size_t)(tmplen + tmpflen))
        goto err;
    err = "VALUE_MISMATCH";
1054
    if (check_output(t, out, tmp + out_misalign, out_len))
1055 1056 1057 1058 1059 1060 1061
        goto err;
    if (enc && cdat->aead) {
        unsigned char rtag[16];
        if (cdat->tag_len > sizeof(rtag)) {
            err = "TAG_LENGTH_INTERNAL_ERROR";
            goto err;
        }
1062
        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1063 1064 1065 1066
                                 cdat->tag_len, rtag)) {
            err = "TAG_RETRIEVE_ERROR";
            goto err;
        }
D
Dr. Stephen Henson 已提交
1067
        if (check_output(t, cdat->tag, rtag, cdat->tag_len)) {
1068 1069 1070 1071 1072 1073
            err = "TAG_VALUE_MISMATCH";
            goto err;
        }
    }
    err = NULL;
 err:
R
Rich Salz 已提交
1074
    OPENSSL_free(tmp);
1075 1076 1077 1078
    EVP_CIPHER_CTX_free(ctx);
    t->err = err;
    return err ? 0 : 1;
}
B
Ben Laurie 已提交
1079

1080 1081 1082
static int cipher_test_run(struct evp_test *t)
{
    struct cipher_data *cdat = t->data;
1083
    int rv, frag = 0;
1084 1085
    size_t out_misalign, inp_misalign;

1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100
    if (!cdat->key) {
        t->err = "NO_KEY";
        return 0;
    }
    if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
        /* IV is optional and usually omitted in wrap mode */
        if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
            t->err = "NO_IV";
            return 0;
        }
    }
    if (cdat->aead && !cdat->tag) {
        t->err = "NO_TAG";
        return 0;
    }
1101
    for (out_misalign = 0; out_misalign <= 1;) {
1102 1103
        static char aux_err[64];
        t->aux_err = aux_err;
1104 1105 1106
        for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
            if (inp_misalign == (size_t)-1) {
                /* kludge: inp_misalign == -1 means "exercise in-place" */
1107 1108 1109 1110
                BIO_snprintf(aux_err, sizeof(aux_err),
                             "%s in-place, %sfragmented",
                             out_misalign ? "misaligned" : "aligned",
                             frag ? "" : "not ");
1111
            } else {
1112 1113
                BIO_snprintf(aux_err, sizeof(aux_err),
                             "%s output and %s input, %sfragmented",
1114
                             out_misalign ? "misaligned" : "aligned",
1115 1116
                             inp_misalign ? "misaligned" : "aligned",
                             frag ? "" : "not ");
1117
            }
1118
            if (cdat->enc) {
1119
                rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag);
1120 1121 1122 1123 1124 1125 1126 1127
                /* Not fatal errors: return */
                if (rv != 1) {
                    if (rv < 0)
                        return 0;
                    return 1;
                }
            }
            if (cdat->enc != 1) {
1128
                rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag);
1129 1130 1131 1132 1133 1134 1135
                /* Not fatal errors: return */
                if (rv != 1) {
                    if (rv < 0)
                        return 0;
                    return 1;
                }
            }
1136
        }
1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151

        if (out_misalign == 1 && frag == 0) {
            /*
             * XTS, CCM and Wrap modes have special requirements about input
             * lengths so we don't fragment for those
             */
            if (cdat->aead == EVP_CIPH_CCM_MODE
                    || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
                     || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
                break;
            out_misalign = 0;
            frag++;
        } else {
            out_misalign++;
        }
1152
    }
1153 1154
    t->aux_err = NULL;

1155
    return 1;
1156
}
1157 1158 1159 1160 1161 1162 1163 1164

static const struct evp_test_method cipher_test_method = {
    "Cipher",
    cipher_test_init,
    cipher_test_cleanup,
    cipher_test_parse,
    cipher_test_run
};
D
Dr. Stephen Henson 已提交
1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185

struct mac_data {
    /* MAC type */
    int type;
    /* Algorithm string for this MAC */
    char *alg;
    /* MAC key */
    unsigned char *key;
    size_t key_len;
    /* Input to MAC */
    unsigned char *input;
    size_t input_len;
    /* Expected output */
    unsigned char *output;
    size_t output_len;
};

static int mac_test_init(struct evp_test *t, const char *alg)
{
    int type;
    struct mac_data *mdat;
M
Matt Caswell 已提交
1186
    if (strcmp(alg, "HMAC") == 0) {
D
Dr. Stephen Henson 已提交
1187
        type = EVP_PKEY_HMAC;
M
Matt Caswell 已提交
1188 1189
    } else if (strcmp(alg, "CMAC") == 0) {
#ifndef OPENSSL_NO_CMAC
D
Dr. Stephen Henson 已提交
1190
        type = EVP_PKEY_CMAC;
M
Matt Caswell 已提交
1191 1192 1193
#else
        t->skip = 1;
        return 1;
1194 1195 1196 1197 1198 1199 1200
#endif
    } else if (strcmp(alg, "Poly1305") == 0) {
#ifndef OPENSSL_NO_POLY1305
        type = EVP_PKEY_POLY1305;
#else
        t->skip = 1;
        return 1;
M
Matt Caswell 已提交
1201 1202
#endif
    } else
D
Dr. Stephen Henson 已提交
1203 1204
        return 0;

R
Rich Salz 已提交
1205
    mdat = OPENSSL_malloc(sizeof(*mdat));
D
Dr. Stephen Henson 已提交
1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227
    mdat->type = type;
    mdat->alg = NULL;
    mdat->key = NULL;
    mdat->input = NULL;
    mdat->output = NULL;
    t->data = mdat;
    return 1;
}

static void mac_test_cleanup(struct evp_test *t)
{
    struct mac_data *mdat = t->data;
    test_free(mdat->alg);
    test_free(mdat->key);
    test_free(mdat->input);
    test_free(mdat->output);
}

static int mac_test_parse(struct evp_test *t,
                          const char *keyword, const char *value)
{
    struct mac_data *mdata = t->data;
R
Rich Salz 已提交
1228
    if (strcmp(keyword, "Key") == 0)
D
Dr. Stephen Henson 已提交
1229
        return test_bin(value, &mdata->key, &mdata->key_len);
R
Rich Salz 已提交
1230
    if (strcmp(keyword, "Algorithm") == 0) {
R
Rich Salz 已提交
1231
        mdata->alg = OPENSSL_strdup(value);
D
Dr. Stephen Henson 已提交
1232 1233 1234 1235
        if (!mdata->alg)
            return 0;
        return 1;
    }
R
Rich Salz 已提交
1236
    if (strcmp(keyword, "Input") == 0)
D
Dr. Stephen Henson 已提交
1237
        return test_bin(value, &mdata->input, &mdata->input_len);
R
Rich Salz 已提交
1238
    if (strcmp(keyword, "Output") == 0)
D
Dr. Stephen Henson 已提交
1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253
        return test_bin(value, &mdata->output, &mdata->output_len);
    return 0;
}

static int mac_test_run(struct evp_test *t)
{
    struct mac_data *mdata = t->data;
    const char *err = "INTERNAL_ERROR";
    EVP_MD_CTX *mctx = NULL;
    EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
    EVP_PKEY *key = NULL;
    const EVP_MD *md = NULL;
    unsigned char *mac = NULL;
    size_t mac_len;

M
Matt Caswell 已提交
1254
#ifdef OPENSSL_NO_DES
1255
    if (mdata->alg != NULL && strstr(mdata->alg, "DES") != NULL) {
M
Matt Caswell 已提交
1256 1257 1258 1259 1260 1261
        /* Skip DES */
        err = NULL;
        goto err;
    }
#endif

D
Dr. Stephen Henson 已提交
1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288
    err = "MAC_PKEY_CTX_ERROR";
    genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL);
    if (!genctx)
        goto err;

    err = "MAC_KEYGEN_INIT_ERROR";
    if (EVP_PKEY_keygen_init(genctx) <= 0)
        goto err;
    if (mdata->type == EVP_PKEY_CMAC) {
        err = "MAC_ALGORITHM_SET_ERROR";
        if (EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0)
            goto err;
    }

    err = "MAC_KEY_SET_ERROR";
    if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0)
        goto err;

    err = "MAC_KEY_GENERATE_ERROR";
    if (EVP_PKEY_keygen(genctx, &key) <= 0)
        goto err;
    if (mdata->type == EVP_PKEY_HMAC) {
        err = "MAC_ALGORITHM_SET_ERROR";
        md = EVP_get_digestbyname(mdata->alg);
        if (!md)
            goto err;
    }
1289
    mctx = EVP_MD_CTX_new();
D
Dr. Stephen Henson 已提交
1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316
    if (!mctx)
        goto err;
    err = "DIGESTSIGNINIT_ERROR";
    if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key))
        goto err;

    err = "DIGESTSIGNUPDATE_ERROR";
    if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len))
        goto err;
    err = "DIGESTSIGNFINAL_LENGTH_ERROR";
    if (!EVP_DigestSignFinal(mctx, NULL, &mac_len))
        goto err;
    mac = OPENSSL_malloc(mac_len);
    if (!mac) {
        fprintf(stderr, "Error allocating mac buffer!\n");
        exit(1);
    }
    if (!EVP_DigestSignFinal(mctx, mac, &mac_len))
        goto err;
    err = "MAC_LENGTH_MISMATCH";
    if (mac_len != mdata->output_len)
        goto err;
    err = "MAC_MISMATCH";
    if (check_output(t, mdata->output, mac, mac_len))
        goto err;
    err = NULL;
 err:
1317
    EVP_MD_CTX_free(mctx);
R
Rich Salz 已提交
1318
    OPENSSL_free(mac);
R
Rich Salz 已提交
1319 1320
    EVP_PKEY_CTX_free(genctx);
    EVP_PKEY_free(key);
D
Dr. Stephen Henson 已提交
1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331
    t->err = err;
    return 1;
}

static const struct evp_test_method mac_test_method = {
    "MAC",
    mac_test_init,
    mac_test_cleanup,
    mac_test_parse,
    mac_test_run
};
1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367

/*
 * Public key operations. These are all very similar and can share
 * a lot of common code.
 */

struct pkey_data {
    /* Context for this operation */
    EVP_PKEY_CTX *ctx;
    /* Key operation to perform */
    int (*keyop) (EVP_PKEY_CTX *ctx,
                  unsigned char *sig, size_t *siglen,
                  const unsigned char *tbs, size_t tbslen);
    /* Input to MAC */
    unsigned char *input;
    size_t input_len;
    /* Expected output */
    unsigned char *output;
    size_t output_len;
};

/*
 * Perform public key operation setup: lookup key, allocated ctx and call
 * the appropriate initialisation function
 */
static int pkey_test_init(struct evp_test *t, const char *name,
                          int use_public,
                          int (*keyopinit) (EVP_PKEY_CTX *ctx),
                          int (*keyop) (EVP_PKEY_CTX *ctx,
                                        unsigned char *sig, size_t *siglen,
                                        const unsigned char *tbs,
                                        size_t tbslen)
    )
{
    struct pkey_data *kdata;
    EVP_PKEY *pkey = NULL;
D
Dr. Stephen Henson 已提交
1368 1369 1370 1371 1372
    int rv = 0;
    if (use_public)
        rv = find_key(&pkey, name, t->public);
    if (!rv)
        rv = find_key(&pkey, name, t->private);
1373
    if (!rv || pkey == NULL) {
D
Dr. Stephen Henson 已提交
1374 1375 1376 1377
        t->skip = 1;
        return 1;
    }

R
Rich Salz 已提交
1378
    kdata = OPENSSL_malloc(sizeof(*kdata));
D
Dr. Stephen Henson 已提交
1379 1380
    if (!kdata) {
        EVP_PKEY_free(pkey);
1381
        return 0;
D
Dr. Stephen Henson 已提交
1382
    }
1383 1384 1385 1386 1387 1388 1389 1390 1391
    kdata->ctx = NULL;
    kdata->input = NULL;
    kdata->output = NULL;
    kdata->keyop = keyop;
    t->data = kdata;
    kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL);
    if (!kdata->ctx)
        return 0;
    if (keyopinit(kdata->ctx) <= 0)
1392
        t->err = "KEYOP_INIT_ERROR";
1393 1394 1395 1396 1397 1398
    return 1;
}

static void pkey_test_cleanup(struct evp_test *t)
{
    struct pkey_data *kdata = t->data;
R
Rich Salz 已提交
1399 1400 1401

    OPENSSL_free(kdata->input);
    OPENSSL_free(kdata->output);
R
Rich Salz 已提交
1402
    EVP_PKEY_CTX_free(kdata->ctx);
1403 1404
}

1405 1406
static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx,
                          const char *value)
1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417
{
    int rv;
    char *p, *tmpval;

    tmpval = OPENSSL_strdup(value);
    if (tmpval == NULL)
        return 0;
    p = strchr(tmpval, ':');
    if (p != NULL)
        *p++ = 0;
    rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1418 1419 1420 1421 1422 1423 1424 1425 1426 1427
    if (rv == -2) {
        t->err = "PKEY_CTRL_INVALID";
        rv = 1;
    } else if (p != NULL && rv <= 0) {
        /* If p has an OID and lookup fails assume disabled algorithm */
        int nid = OBJ_sn2nid(p);
        if (nid == NID_undef)
             nid = OBJ_ln2nid(p);
        if ((nid != NID_undef) && EVP_get_digestbynid(nid) == NULL &&
            EVP_get_cipherbynid(nid) == NULL) {
1428 1429
            t->skip = 1;
            rv = 1;
1430 1431 1432
        } else {
            t->err = "PKEY_CTRL_ERROR";
            rv = 1;
1433 1434
        }
    }
1435 1436 1437 1438
    OPENSSL_free(tmpval);
    return rv > 0;
}

1439 1440 1441 1442
static int pkey_test_parse(struct evp_test *t,
                           const char *keyword, const char *value)
{
    struct pkey_data *kdata = t->data;
R
Rich Salz 已提交
1443
    if (strcmp(keyword, "Input") == 0)
1444
        return test_bin(value, &kdata->input, &kdata->input_len);
R
Rich Salz 已提交
1445
    if (strcmp(keyword, "Output") == 0)
1446
        return test_bin(value, &kdata->output, &kdata->output_len);
1447
    if (strcmp(keyword, "Ctrl") == 0)
1448
        return pkey_test_ctrl(t, kdata->ctx, value);
1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477
    return 0;
}

static int pkey_test_run(struct evp_test *t)
{
    struct pkey_data *kdata = t->data;
    unsigned char *out = NULL;
    size_t out_len;
    const char *err = "KEYOP_LENGTH_ERROR";
    if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input,
                     kdata->input_len) <= 0)
        goto err;
    out = OPENSSL_malloc(out_len);
    if (!out) {
        fprintf(stderr, "Error allocating output buffer!\n");
        exit(1);
    }
    err = "KEYOP_ERROR";
    if (kdata->keyop
        (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0)
        goto err;
    err = "KEYOP_LENGTH_MISMATCH";
    if (out_len != kdata->output_len)
        goto err;
    err = "KEYOP_MISMATCH";
    if (check_output(t, kdata->output, out, out_len))
        goto err;
    err = NULL;
 err:
R
Rich Salz 已提交
1478
    OPENSSL_free(out);
1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544
    t->err = err;
    return 1;
}

static int sign_test_init(struct evp_test *t, const char *name)
{
    return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
}

static const struct evp_test_method psign_test_method = {
    "Sign",
    sign_test_init,
    pkey_test_cleanup,
    pkey_test_parse,
    pkey_test_run
};

static int verify_recover_test_init(struct evp_test *t, const char *name)
{
    return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
                          EVP_PKEY_verify_recover);
}

static const struct evp_test_method pverify_recover_test_method = {
    "VerifyRecover",
    verify_recover_test_init,
    pkey_test_cleanup,
    pkey_test_parse,
    pkey_test_run
};

static int decrypt_test_init(struct evp_test *t, const char *name)
{
    return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
                          EVP_PKEY_decrypt);
}

static const struct evp_test_method pdecrypt_test_method = {
    "Decrypt",
    decrypt_test_init,
    pkey_test_cleanup,
    pkey_test_parse,
    pkey_test_run
};

static int verify_test_init(struct evp_test *t, const char *name)
{
    return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
}

static int verify_test_run(struct evp_test *t)
{
    struct pkey_data *kdata = t->data;
    if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
                        kdata->input, kdata->input_len) <= 0)
        t->err = "VERIFY_ERROR";
    return 1;
}

static const struct evp_test_method pverify_test_method = {
    "Verify",
    verify_test_init,
    pkey_test_cleanup,
    pkey_test_parse,
    verify_test_run
};
D
Dr. Stephen Henson 已提交
1545

1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566

static int pderive_test_init(struct evp_test *t, const char *name)
{
    return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
}

static int pderive_test_parse(struct evp_test *t,
                              const char *keyword, const char *value)
{
    struct pkey_data *kdata = t->data;

    if (strcmp(keyword, "PeerKey") == 0) {
        EVP_PKEY *peer;
        if (find_key(&peer, value, t->public) == 0)
            return 0;
        if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
            return 0;
        return 1;
    }
    if (strcmp(keyword, "SharedSecret") == 0)
        return test_bin(value, &kdata->output, &kdata->output_len);
1567
    if (strcmp(keyword, "Ctrl") == 0)
1568
        return pkey_test_ctrl(t, kdata->ctx, value);
1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608
    return 0;
}

static int pderive_test_run(struct evp_test *t)
{
    struct pkey_data *kdata = t->data;
    unsigned char *out = NULL;
    size_t out_len;
    const char *err = "INTERNAL_ERROR";

    out_len = kdata->output_len;
    out = OPENSSL_malloc(out_len);
    if (!out) {
        fprintf(stderr, "Error allocating output buffer!\n");
        exit(1);
    }
    err = "DERIVE_ERROR";
    if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
        goto err;
    err = "SHARED_SECRET_LENGTH_MISMATCH";
    if (out_len != kdata->output_len)
        goto err;
    err = "SHARED_SECRET_MISMATCH";
    if (check_output(t, kdata->output, out, out_len))
        goto err;
    err = NULL;
 err:
    OPENSSL_free(out);
    t->err = err;
    return 1;
}

static const struct evp_test_method pderive_test_method = {
    "Derive",
    pderive_test_init,
    pkey_test_cleanup,
    pderive_test_parse,
    pderive_test_run
};

D
Dr. Stephen Henson 已提交
1609 1610 1611
/* PBE tests */

#define PBE_TYPE_SCRYPT 1
D
Dr. Stephen Henson 已提交
1612 1613
#define PBE_TYPE_PBKDF2 2
#define PBE_TYPE_PKCS12 3
D
Dr. Stephen Henson 已提交
1614 1615 1616 1617 1618 1619 1620 1621

struct pbe_data {

    int pbe_type;

    /* scrypt parameters */
    uint64_t N, r, p, maxmem;

D
Dr. Stephen Henson 已提交
1622 1623 1624 1625
    /* PKCS#12 parameters */
    int id, iter;
    const EVP_MD *md;

D
Dr. Stephen Henson 已提交
1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638
    /* password */
    unsigned char *pass;
    size_t pass_len;

    /* salt */
    unsigned char *salt;
    size_t salt_len;

    /* Expected output */
    unsigned char *key;
    size_t key_len;
};

R
Rich Salz 已提交
1639
#ifndef OPENSSL_NO_SCRYPT
D
Dr. Stephen Henson 已提交
1640 1641 1642 1643
static int scrypt_test_parse(struct evp_test *t,
                             const char *keyword, const char *value)
{
    struct pbe_data *pdata = t->data;
D
Dr. Stephen Henson 已提交
1644

D
Dr. Stephen Henson 已提交
1645 1646 1647 1648 1649 1650 1651 1652 1653 1654
    if (strcmp(keyword, "N") == 0)
        return test_uint64(value, &pdata->N);
    if (strcmp(keyword, "p") == 0)
        return test_uint64(value, &pdata->p);
    if (strcmp(keyword, "r") == 0)
        return test_uint64(value, &pdata->r);
    if (strcmp(keyword, "maxmem") == 0)
        return test_uint64(value, &pdata->maxmem);
    return 0;
}
R
Rich Salz 已提交
1655
#endif
D
Dr. Stephen Henson 已提交
1656

D
Dr. Stephen Henson 已提交
1657 1658
static int pbkdf2_test_parse(struct evp_test *t,
                             const char *keyword, const char *value)
D
Dr. Stephen Henson 已提交
1659 1660
{
    struct pbe_data *pdata = t->data;
D
Dr. Stephen Henson 已提交
1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688

    if (strcmp(keyword, "iter") == 0) {
        pdata->iter = atoi(value);
        if (pdata->iter <= 0)
            return 0;
        return 1;
    }
    if (strcmp(keyword, "MD") == 0) {
        pdata->md = EVP_get_digestbyname(value);
        if (pdata->md == NULL)
            return 0;
        return 1;
    }
    return 0;
}

static int pkcs12_test_parse(struct evp_test *t,
                             const char *keyword, const char *value)
{
    struct pbe_data *pdata = t->data;

    if (strcmp(keyword, "id") == 0) {
        pdata->id = atoi(value);
        if (pdata->id <= 0)
            return 0;
        return 1;
    }
    return pbkdf2_test_parse(t, keyword, value);
D
Dr. Stephen Henson 已提交
1689 1690 1691 1692 1693 1694
}

static int pbe_test_init(struct evp_test *t, const char *alg)
{
    struct pbe_data *pdat;
    int pbe_type = 0;
D
Dr. Stephen Henson 已提交
1695

M
Matt Caswell 已提交
1696
    if (strcmp(alg, "scrypt") == 0) {
R
Rich Salz 已提交
1697
#ifndef OPENSSL_NO_SCRYPT
D
Dr. Stephen Henson 已提交
1698
        pbe_type = PBE_TYPE_SCRYPT;
M
Matt Caswell 已提交
1699 1700 1701
#else
        t->skip = 1;
        return 1;
R
Rich Salz 已提交
1702
#endif
M
Matt Caswell 已提交
1703
    } else if (strcmp(alg, "pbkdf2") == 0) {
D
Dr. Stephen Henson 已提交
1704
        pbe_type = PBE_TYPE_PBKDF2;
M
Matt Caswell 已提交
1705
    } else if (strcmp(alg, "pkcs12") == 0) {
D
Dr. Stephen Henson 已提交
1706
        pbe_type = PBE_TYPE_PKCS12;
M
Matt Caswell 已提交
1707
    } else {
D
Dr. Stephen Henson 已提交
1708
        fprintf(stderr, "Unknown pbe algorithm %s\n", alg);
M
Matt Caswell 已提交
1709
    }
D
Dr. Stephen Henson 已提交
1710 1711 1712 1713 1714 1715 1716 1717
    pdat = OPENSSL_malloc(sizeof(*pdat));
    pdat->pbe_type = pbe_type;
    pdat->pass = NULL;
    pdat->salt = NULL;
    pdat->N = 0;
    pdat->r = 0;
    pdat->p = 0;
    pdat->maxmem = 0;
D
Dr. Stephen Henson 已提交
1718 1719 1720
    pdat->id = 0;
    pdat->iter = 0;
    pdat->md = NULL;
D
Dr. Stephen Henson 已提交
1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736
    t->data = pdat;
    return 1;
}

static void pbe_test_cleanup(struct evp_test *t)
{
    struct pbe_data *pdat = t->data;
    test_free(pdat->pass);
    test_free(pdat->salt);
    test_free(pdat->key);
}

static int pbe_test_parse(struct evp_test *t,
                             const char *keyword, const char *value)
{
    struct pbe_data *pdata = t->data;
D
Dr. Stephen Henson 已提交
1737

D
Dr. Stephen Henson 已提交
1738 1739 1740 1741 1742 1743
    if (strcmp(keyword, "Password") == 0)
        return test_bin(value, &pdata->pass, &pdata->pass_len);
    if (strcmp(keyword, "Salt") == 0)
        return test_bin(value, &pdata->salt, &pdata->salt_len);
    if (strcmp(keyword, "Key") == 0)
        return test_bin(value, &pdata->key, &pdata->key_len);
R
Rich Salz 已提交
1744
    if (pdata->pbe_type == PBE_TYPE_PBKDF2)
D
Dr. Stephen Henson 已提交
1745 1746 1747
        return pbkdf2_test_parse(t, keyword, value);
    else if (pdata->pbe_type == PBE_TYPE_PKCS12)
        return pkcs12_test_parse(t, keyword, value);
R
Rich Salz 已提交
1748 1749 1750 1751
#ifndef OPENSSL_NO_SCRYPT
    else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
        return scrypt_test_parse(t, keyword, value);
#endif
D
Dr. Stephen Henson 已提交
1752 1753 1754 1755 1756 1757
    return 0;
}

static int pbe_test_run(struct evp_test *t)
{
    struct pbe_data *pdata = t->data;
D
Dr. Stephen Henson 已提交
1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770
    const char *err = "INTERNAL_ERROR";
    unsigned char *key;

    key = OPENSSL_malloc(pdata->key_len);
    if (!key)
        goto err;
    if (pdata->pbe_type == PBE_TYPE_PBKDF2) {
        err = "PBKDF2_ERROR";
        if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len,
                              pdata->salt, pdata->salt_len,
                              pdata->iter, pdata->md,
                              pdata->key_len, key) == 0)
            goto err;
R
Rich Salz 已提交
1771
#ifndef OPENSSL_NO_SCRYPT
D
Dr. Stephen Henson 已提交
1772 1773 1774 1775 1776 1777 1778
    } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {
        err = "SCRYPT_ERROR";
        if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
                           pdata->salt, pdata->salt_len,
                           pdata->N, pdata->r, pdata->p, pdata->maxmem,
                           key, pdata->key_len) == 0)
            goto err;
R
Rich Salz 已提交
1779
#endif
D
Dr. Stephen Henson 已提交
1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795
    } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {
        err = "PKCS12_ERROR";
        if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,
                               pdata->salt, pdata->salt_len,
                               pdata->id, pdata->iter, pdata->key_len,
                               key, pdata->md) == 0)
            goto err;
    }
    err = "KEY_MISMATCH";
    if (check_output(t, pdata->key, key, pdata->key_len))
        goto err;
    err = NULL;
    err:
    OPENSSL_free(key);
    t->err = err;
    return 1;
D
Dr. Stephen Henson 已提交
1796 1797 1798 1799 1800 1801 1802 1803 1804
}

static const struct evp_test_method pbe_test_method = {
    "PBE",
    pbe_test_init,
    pbe_test_cleanup,
    pbe_test_parse,
    pbe_test_run
};
E
Emilia Kasper 已提交
1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833

/* Base64 tests */

typedef enum {
    BASE64_CANONICAL_ENCODING = 0,
    BASE64_VALID_ENCODING = 1,
    BASE64_INVALID_ENCODING = 2
} base64_encoding_type;

struct encode_data {
    /* Input to encoding */
    unsigned char *input;
    size_t input_len;
    /* Expected output */
    unsigned char *output;
    size_t output_len;
    base64_encoding_type encoding;
};

static int encode_test_init(struct evp_test *t, const char *encoding)
{
    struct encode_data *edata = OPENSSL_zalloc(sizeof(*edata));

    if (strcmp(encoding, "canonical") == 0) {
        edata->encoding = BASE64_CANONICAL_ENCODING;
    } else if (strcmp(encoding, "valid") == 0) {
        edata->encoding = BASE64_VALID_ENCODING;
    } else if (strcmp(encoding, "invalid") == 0) {
        edata->encoding = BASE64_INVALID_ENCODING;
R
Rich Salz 已提交
1834
        t->expected_err = OPENSSL_strdup("DECODE_ERROR");
E
Emilia Kasper 已提交
1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870
        if (t->expected_err == NULL)
            return 0;
    } else {
        fprintf(stderr, "Bad encoding: %s. Should be one of "
                "{canonical, valid, invalid}\n", encoding);
        return 0;
    }
    t->data = edata;
    return 1;
}

static void encode_test_cleanup(struct evp_test *t)
{
    struct encode_data *edata = t->data;
    test_free(edata->input);
    test_free(edata->output);
    memset(edata, 0, sizeof(*edata));
}

static int encode_test_parse(struct evp_test *t,
                             const char *keyword, const char *value)
{
    struct encode_data *edata = t->data;
    if (strcmp(keyword, "Input") == 0)
        return test_bin(value, &edata->input, &edata->input_len);
    if (strcmp(keyword, "Output") == 0)
        return test_bin(value, &edata->output, &edata->output_len);
    return 0;
}

static int encode_test_run(struct evp_test *t)
{
    struct encode_data *edata = t->data;
    unsigned char *encode_out = NULL, *decode_out = NULL;
    int output_len, chunk_len;
    const char *err = "INTERNAL_ERROR";
1871 1872 1873 1874
    EVP_ENCODE_CTX *decode_ctx = EVP_ENCODE_CTX_new();

    if (decode_ctx == NULL)
        goto err;
E
Emilia Kasper 已提交
1875 1876

    if (edata->encoding == BASE64_CANONICAL_ENCODING) {
1877 1878 1879
        EVP_ENCODE_CTX *encode_ctx = EVP_ENCODE_CTX_new();
        if (encode_ctx == NULL)
            goto err;
E
Emilia Kasper 已提交
1880 1881 1882 1883
        encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len));
        if (encode_out == NULL)
            goto err;

1884 1885
        EVP_EncodeInit(encode_ctx);
        EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
E
Emilia Kasper 已提交
1886 1887 1888
                         edata->input, edata->input_len);
        output_len = chunk_len;

1889
        EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
E
Emilia Kasper 已提交
1890 1891
        output_len += chunk_len;

1892 1893
        EVP_ENCODE_CTX_free(encode_ctx);

E
Emilia Kasper 已提交
1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904
        if (check_var_length_output(t, edata->output, edata->output_len,
                                    encode_out, output_len)) {
            err = "BAD_ENCODING";
            goto err;
        }
    }

    decode_out = OPENSSL_malloc(EVP_DECODE_LENGTH(edata->output_len));
    if (decode_out == NULL)
        goto err;

1905 1906
    EVP_DecodeInit(decode_ctx);
    if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output,
E
Emilia Kasper 已提交
1907 1908 1909 1910 1911 1912
                         edata->output_len) < 0) {
        err = "DECODE_ERROR";
        goto err;
    }
    output_len = chunk_len;

1913
    if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
E
Emilia Kasper 已提交
1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930
        err = "DECODE_ERROR";
        goto err;
    }
    output_len += chunk_len;

    if (edata->encoding != BASE64_INVALID_ENCODING &&
        check_var_length_output(t, edata->input, edata->input_len,
                                decode_out, output_len)) {
        err = "BAD_DECODING";
        goto err;
    }

    err = NULL;
 err:
    t->err = err;
    OPENSSL_free(encode_out);
    OPENSSL_free(decode_out);
1931
    EVP_ENCODE_CTX_free(decode_ctx);
E
Emilia Kasper 已提交
1932 1933 1934 1935 1936 1937 1938 1939 1940 1941
    return 1;
}

static const struct evp_test_method encode_test_method = {
    "Encoding",
    encode_test_init,
    encode_test_cleanup,
    encode_test_parse,
    encode_test_run,
};
1942

1943
/* KDF operations */
1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987

struct kdf_data {
    /* Context for this operation */
    EVP_PKEY_CTX *ctx;
    /* Expected output */
    unsigned char *output;
    size_t output_len;
};

/*
 * Perform public key operation setup: lookup key, allocated ctx and call
 * the appropriate initialisation function
 */
static int kdf_test_init(struct evp_test *t, const char *name)
{
    struct kdf_data *kdata;

    kdata = OPENSSL_malloc(sizeof(*kdata));
    if (kdata == NULL)
        return 0;
    kdata->ctx = NULL;
    kdata->output = NULL;
    t->data = kdata;
    kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL);
    if (kdata->ctx == NULL)
        return 0;
    if (EVP_PKEY_derive_init(kdata->ctx) <= 0)
        return 0;
    return 1;
}

static void kdf_test_cleanup(struct evp_test *t)
{
    struct kdf_data *kdata = t->data;
    OPENSSL_free(kdata->output);
    EVP_PKEY_CTX_free(kdata->ctx);
}

static int kdf_test_parse(struct evp_test *t,
                          const char *keyword, const char *value)
{
    struct kdf_data *kdata = t->data;
    if (strcmp(keyword, "Output") == 0)
        return test_bin(value, &kdata->output, &kdata->output_len);
1988
    if (strncmp(keyword, "Ctrl", 4) == 0)
1989
        return pkey_test_ctrl(t, kdata->ctx, value);
1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
    return 0;
}

static int kdf_test_run(struct evp_test *t)
{
    struct kdf_data *kdata = t->data;
    unsigned char *out = NULL;
    size_t out_len = kdata->output_len;
    const char *err = "INTERNAL_ERROR";
    out = OPENSSL_malloc(out_len);
    if (!out) {
        fprintf(stderr, "Error allocating output buffer!\n");
        exit(1);
    }
    err = "KDF_DERIVE_ERROR";
    if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
        goto err;
    err = "KDF_LENGTH_MISMATCH";
    if (out_len != kdata->output_len)
        goto err;
    err = "KDF_MISMATCH";
    if (check_output(t, kdata->output, out, out_len))
        goto err;
    err = NULL;
 err:
    OPENSSL_free(out);
    t->err = err;
    return 1;
}

static const struct evp_test_method kdf_test_method = {
    "KDF",
    kdf_test_init,
    kdf_test_cleanup,
    kdf_test_parse,
    kdf_test_run
};