X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=test%2Fevp_test.c;h=6c9f4b8ece52b431d884a987c5ae26d1f019a47f;hb=769adcfe8b27d696d3e221427d82f365919917a8;hp=83d17494189864726c70a63565b7a1b57702635f;hpb=070c23325af4526c9a8532a60d63522c58d5554b;p=openssl.git diff --git a/test/evp_test.c b/test/evp_test.c index 83d1749418..6c9f4b8ece 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1,4 +1,3 @@ -/* evp_test.c */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -61,6 +60,7 @@ #include #include #include +#include #include "internal/numbers.h" /* Remove spaces from beginning and end of a string */ @@ -169,6 +169,8 @@ static unsigned char* unescape(const char *input, size_t input_len, static int test_bin(const char *value, unsigned char **buf, size_t *buflen) { long len; + + *buflen = 0; if (!*value) { /* * Don't return NULL for zero length buffer. @@ -291,8 +293,10 @@ static const struct evp_test_method mac_test_method; static const struct evp_test_method psign_test_method, pverify_test_method; static const struct evp_test_method pdecrypt_test_method; static const struct evp_test_method pverify_recover_test_method; +static const struct evp_test_method pderive_test_method; static const struct evp_test_method pbe_test_method; static const struct evp_test_method encode_test_method; +static const struct evp_test_method kdf_test_method; static const struct evp_test_method *evp_test_list[] = { &digest_test_method, @@ -302,8 +306,10 @@ static const struct evp_test_method *evp_test_list[] = { &pverify_test_method, &pdecrypt_test_method, &pverify_recover_test_method, + &pderive_test_method, &pbe_test_method, &encode_test_method, + &kdf_test_method, NULL }; @@ -487,7 +493,7 @@ static int process_test(struct evp_test *t, char *buf, int verbose) key = OPENSSL_malloc(sizeof(*key)); if (!key) return 0; - key->name = BUF_strdup(value); + key->name = OPENSSL_strdup(value); key->key = pk; key->next = *lst; *lst = key; @@ -521,7 +527,7 @@ static int process_test(struct evp_test *t, char *buf, int verbose) fprintf(stderr, "Line %d: multiple result lines\n", t->line); return 0; } - t->expected_err = BUF_strdup(value); + t->expected_err = OPENSSL_strdup(value); if (!t->expected_err) return 0; } else { @@ -554,9 +560,9 @@ static int check_var_length_output(struct evp_test *t, } /* The result printing code expects a non-NULL buffer. */ - t->out_expected = BUF_memdup(expected, expected_len ? expected_len : 1); + t->out_expected = OPENSSL_memdup(expected, expected_len ? expected_len : 1); t->out_expected_len = expected_len; - t->out_received = BUF_memdup(received, received_len ? received_len : 1); + t->out_received = OPENSSL_memdup(received, received_len ? received_len : 1); t->out_received_len = received_len; if (t->out_expected == NULL || t->out_received == NULL) { fprintf(stderr, "Memory allocation error!\n"); @@ -610,7 +616,9 @@ int main(int argc, char **argv) CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); +#ifndef OPENSSL_NO_CRYPTO_MDEBUG CRYPTO_mem_leaks_fp(stderr); +#endif if (t.errors) return 1; return 0; @@ -691,7 +699,7 @@ static int digest_test_run(struct evp_test *t) EVP_MD_CTX *mctx; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int md_len; - mctx = EVP_MD_CTX_create(); + mctx = EVP_MD_CTX_new(); if (!mctx) goto err; err = "DIGESTINIT_ERROR"; @@ -713,8 +721,7 @@ static int digest_test_run(struct evp_test *t) goto err; err = NULL; err: - if (mctx) - EVP_MD_CTX_destroy(mctx); + EVP_MD_CTX_free(mctx); t->err = err; return 1; } @@ -775,6 +782,8 @@ static int cipher_test_init(struct evp_test *t, const char *alg) || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) cdat->aead = EVP_CIPHER_mode(cipher); + else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) + cdat->aead = -1; else cdat->aead = 0; @@ -1051,7 +1060,7 @@ static int mac_test_parse(struct evp_test *t, if (strcmp(keyword, "Key") == 0) return test_bin(value, &mdata->key, &mdata->key_len); if (strcmp(keyword, "Algorithm") == 0) { - mdata->alg = BUF_strdup(value); + mdata->alg = OPENSSL_strdup(value); if (!mdata->alg) return 0; return 1; @@ -1101,7 +1110,7 @@ static int mac_test_run(struct evp_test *t) if (!md) goto err; } - mctx = EVP_MD_CTX_create(); + mctx = EVP_MD_CTX_new(); if (!mctx) goto err; err = "DIGESTSIGNINIT_ERROR"; @@ -1129,8 +1138,7 @@ static int mac_test_run(struct evp_test *t) goto err; err = NULL; err: - if (mctx) - EVP_MD_CTX_destroy(mctx); + EVP_MD_CTX_free(mctx); OPENSSL_free(mac); EVP_PKEY_CTX_free(genctx); EVP_PKEY_free(key); @@ -1220,6 +1228,22 @@ static void pkey_test_cleanup(struct evp_test *t) EVP_PKEY_CTX_free(kdata->ctx); } +static int pkey_test_ctrl(EVP_PKEY_CTX *pctx, const char *value) +{ + int rv; + char *p, *tmpval; + + tmpval = OPENSSL_strdup(value); + if (tmpval == NULL) + return 0; + p = strchr(tmpval, ':'); + if (p != NULL) + *p++ = 0; + rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); + OPENSSL_free(tmpval); + return rv > 0; +} + static int pkey_test_parse(struct evp_test *t, const char *keyword, const char *value) { @@ -1228,14 +1252,8 @@ static int pkey_test_parse(struct evp_test *t, return test_bin(value, &kdata->input, &kdata->input_len); if (strcmp(keyword, "Output") == 0) return test_bin(value, &kdata->output, &kdata->output_len); - if (strcmp(keyword, "Ctrl") == 0) { - char *p = strchr(value, ':'); - if (p) - *p++ = 0; - if (EVP_PKEY_CTX_ctrl_str(kdata->ctx, value, p) <= 0) - return 0; - return 1; - } + if (strcmp(keyword, "Ctrl") == 0) + return pkey_test_ctrl(kdata->ctx, value); return 0; } @@ -1333,6 +1351,69 @@ static const struct evp_test_method pverify_test_method = { verify_test_run }; + +static int pderive_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0); +} + +static int pderive_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pkey_data *kdata = t->data; + + if (strcmp(keyword, "PeerKey") == 0) { + EVP_PKEY *peer; + if (find_key(&peer, value, t->public) == 0) + return 0; + if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0) + return 0; + return 1; + } + if (strcmp(keyword, "SharedSecret") == 0) + return test_bin(value, &kdata->output, &kdata->output_len); + if (strcmp(keyword, "Ctrl") == 0) + return pkey_test_ctrl(kdata->ctx, value); + return 0; +} + +static int pderive_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + unsigned char *out = NULL; + size_t out_len; + const char *err = "INTERNAL_ERROR"; + + out_len = kdata->output_len; + out = OPENSSL_malloc(out_len); + if (!out) { + fprintf(stderr, "Error allocating output buffer!\n"); + exit(1); + } + err = "DERIVE_ERROR"; + if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) + goto err; + err = "SHARED_SECRET_LENGTH_MISMATCH"; + if (out_len != kdata->output_len) + goto err; + err = "SHARED_SECRET_MISMATCH"; + if (check_output(t, kdata->output, out, out_len)) + goto err; + err = NULL; + err: + OPENSSL_free(out); + t->err = err; + return 1; +} + +static const struct evp_test_method pderive_test_method = { + "Derive", + pderive_test_init, + pkey_test_cleanup, + pderive_test_parse, + pderive_test_run +}; + /* PBE tests */ #define PBE_TYPE_SCRYPT 1 @@ -1554,7 +1635,7 @@ static int encode_test_init(struct evp_test *t, const char *encoding) edata->encoding = BASE64_VALID_ENCODING; } else if (strcmp(encoding, "invalid") == 0) { edata->encoding = BASE64_INVALID_ENCODING; - t->expected_err = BUF_strdup("DECODE_ERROR"); + t->expected_err = OPENSSL_strdup("DECODE_ERROR"); if (t->expected_err == NULL) return 0; } else { @@ -1591,22 +1672,29 @@ static int encode_test_run(struct evp_test *t) unsigned char *encode_out = NULL, *decode_out = NULL; int output_len, chunk_len; const char *err = "INTERNAL_ERROR"; - EVP_ENCODE_CTX decode_ctx; + EVP_ENCODE_CTX *decode_ctx = EVP_ENCODE_CTX_new(); + + if (decode_ctx == NULL) + goto err; if (edata->encoding == BASE64_CANONICAL_ENCODING) { - EVP_ENCODE_CTX encode_ctx; + EVP_ENCODE_CTX *encode_ctx = EVP_ENCODE_CTX_new(); + if (encode_ctx == NULL) + goto err; encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len)); if (encode_out == NULL) goto err; - EVP_EncodeInit(&encode_ctx); - EVP_EncodeUpdate(&encode_ctx, encode_out, &chunk_len, + EVP_EncodeInit(encode_ctx); + EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, edata->input, edata->input_len); output_len = chunk_len; - EVP_EncodeFinal(&encode_ctx, encode_out + chunk_len, &chunk_len); + EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len); output_len += chunk_len; + EVP_ENCODE_CTX_free(encode_ctx); + if (check_var_length_output(t, edata->output, edata->output_len, encode_out, output_len)) { err = "BAD_ENCODING"; @@ -1618,15 +1706,15 @@ static int encode_test_run(struct evp_test *t) if (decode_out == NULL) goto err; - EVP_DecodeInit(&decode_ctx); - if (EVP_DecodeUpdate(&decode_ctx, decode_out, &chunk_len, edata->output, + EVP_DecodeInit(decode_ctx); + if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output, edata->output_len) < 0) { err = "DECODE_ERROR"; goto err; } output_len = chunk_len; - if (EVP_DecodeFinal(&decode_ctx, decode_out + chunk_len, &chunk_len) != 1) { + if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) { err = "DECODE_ERROR"; goto err; } @@ -1644,6 +1732,7 @@ static int encode_test_run(struct evp_test *t) t->err = err; OPENSSL_free(encode_out); OPENSSL_free(decode_out); + EVP_ENCODE_CTX_free(decode_ctx); return 1; } @@ -1654,3 +1743,115 @@ static const struct evp_test_method encode_test_method = { encode_test_parse, encode_test_run, }; + +/* + * KDF operations: initially just TLS1 PRF but can be adapted. + */ + +struct kdf_data { + /* Context for this operation */ + EVP_PKEY_CTX *ctx; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +/* + * Perform public key operation setup: lookup key, allocated ctx and call + * the appropriate initialisation function + */ +static int kdf_test_init(struct evp_test *t, const char *name) +{ + struct kdf_data *kdata; + + kdata = OPENSSL_malloc(sizeof(*kdata)); + if (kdata == NULL) + return 0; + kdata->ctx = NULL; + kdata->output = NULL; + t->data = kdata; + kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL); + if (kdata->ctx == NULL) + return 0; + if (EVP_PKEY_derive_init(kdata->ctx) <= 0) + return 0; + return 1; +} + +static void kdf_test_cleanup(struct evp_test *t) +{ + struct kdf_data *kdata = t->data; + OPENSSL_free(kdata->output); + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int kdf_ctrl(EVP_PKEY_CTX *ctx, int op, const char *value) +{ + unsigned char *buf = NULL; + size_t buf_len; + int rv = 0; + if (test_bin(value, &buf, &buf_len) == 0) + return 0; + if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, op, buf_len, buf) <= 0) + goto err; + rv = 1; + err: + OPENSSL_free(buf); + return rv; +} + +static int kdf_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct kdf_data *kdata = t->data; + if (strcmp(keyword, "Output") == 0) + return test_bin(value, &kdata->output, &kdata->output_len); + else if (strcmp(keyword, "MD") == 0) { + const EVP_MD *md = EVP_get_digestbyname(value); + if (md == NULL) + return 0; + if (EVP_PKEY_CTX_set_tls1_prf_md(kdata->ctx, md) <= 0) + return 0; + return 1; + } else if (strcmp(keyword, "Secret") == 0) { + return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SECRET, value); + } else if (strncmp("Seed", keyword, 4) == 0) { + return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SEED, value); + } + return 0; +} + +static int kdf_test_run(struct evp_test *t) +{ + struct kdf_data *kdata = t->data; + unsigned char *out = NULL; + size_t out_len = kdata->output_len; + const char *err = "INTERNAL_ERROR"; + out = OPENSSL_malloc(out_len); + if (!out) { + fprintf(stderr, "Error allocating output buffer!\n"); + exit(1); + } + err = "KDF_DERIVE_ERROR"; + if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) + goto err; + err = "KDF_LENGTH_MISMATCH"; + if (out_len != kdata->output_len) + goto err; + err = "KDF_MISMATCH"; + if (check_output(t, kdata->output, out, out_len)) + goto err; + err = NULL; + err: + OPENSSL_free(out); + t->err = err; + return 1; +} + +static const struct evp_test_method kdf_test_method = { + "KDF", + kdf_test_init, + kdf_test_cleanup, + kdf_test_parse, + kdf_test_run +};