2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
15 #include <openssl/evp.h>
16 #include <openssl/pem.h>
17 #include <openssl/err.h>
18 #include <openssl/provider.h>
19 #include <openssl/x509v3.h>
20 #include <openssl/pkcs12.h>
21 #include <openssl/kdf.h>
22 #include <openssl/params.h>
23 #include <openssl/core_names.h>
24 #include <openssl/fips_names.h>
25 #include <openssl/thread.h>
26 #include "internal/numbers.h"
27 #include "internal/nelem.h"
28 #include "crypto/evp.h"
31 typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
32 DEFINE_STACK_OF(EVP_TEST_BUFFER)
36 typedef struct evp_test_method_st EVP_TEST_METHOD;
38 /* Structure holding test information */
39 typedef struct evp_test_st {
40 STANZA s; /* Common test stanza */
42 int skip; /* Current test should be skipped */
43 const EVP_TEST_METHOD *meth; /* method for this test */
44 const char *err, *aux_err; /* Error string for test */
45 char *expected_err; /* Expected error value of test */
46 char *reason; /* Expected error reason string */
47 void *data; /* test specific data */
50 /* Test method structure */
51 struct evp_test_method_st {
52 /* Name of test as it appears in file */
54 /* Initialise test for "alg" */
55 int (*init) (EVP_TEST *t, const char *alg);
57 void (*cleanup) (EVP_TEST *t);
58 /* Test specific name value pair processing */
59 int (*parse) (EVP_TEST *t, const char *name, const char *value);
60 /* Run the test itself */
61 int (*run_test) (EVP_TEST *t);
64 /* Linked list of named keys. */
65 typedef struct key_list_st {
68 struct key_list_st *next;
71 typedef enum OPTION_choice {
81 static OSSL_PROVIDER *prov_null = NULL;
82 static OSSL_PROVIDER *libprov = NULL;
83 static OSSL_LIB_CTX *libctx = NULL;
85 /* List of public and private keys */
86 static KEY_LIST *private_keys;
87 static KEY_LIST *public_keys;
89 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
90 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
91 static int is_digest_disabled(const char *name);
92 static int is_pkey_disabled(const char *name);
93 static int is_mac_disabled(const char *name);
94 static int is_cipher_disabled(const char *name);
95 static int is_kdf_disabled(const char *name);
98 * Compare two memory regions for equality, returning zero if they differ.
99 * However, if there is expected to be an error and the actual error
100 * matches then the memory is expected to be different so handle this
101 * case without producing unnecessary test framework output.
103 static int memory_err_compare(EVP_TEST *t, const char *err,
104 const void *expected, size_t expected_len,
105 const void *got, size_t got_len)
109 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0)
110 r = !TEST_mem_ne(expected, expected_len, got, got_len);
112 r = TEST_mem_eq(expected, expected_len, got, got_len);
118 /* Option specific for evp test */
119 static int process_mode_in_place;
120 static const char *propquery = NULL;
122 static int evp_test_process_mode(char *mode)
124 if (strcmp(mode, "in_place") == 0)
126 else if (strcmp(mode, "both") == 0)
132 * Structure used to hold a list of blocks of memory to test
133 * calls to "update" like functions.
135 struct evp_test_buffer_st {
142 static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
145 OPENSSL_free(db->buf);
150 /* append buffer to a list */
151 static int evp_test_buffer_append(const char *value,
152 STACK_OF(EVP_TEST_BUFFER) **sk)
154 EVP_TEST_BUFFER *db = NULL;
156 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
159 if (!parse_bin(value, &db->buf, &db->buflen))
164 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
166 if (!sk_EVP_TEST_BUFFER_push(*sk, db))
172 evp_test_buffer_free(db);
176 /* replace last buffer in list with copies of itself */
177 static int evp_test_buffer_ncopy(const char *value,
178 STACK_OF(EVP_TEST_BUFFER) *sk)
181 unsigned char *tbuf, *p;
183 int ncopy = atoi(value);
188 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
190 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
192 tbuflen = db->buflen * ncopy;
193 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
195 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
196 memcpy(p, db->buf, db->buflen);
198 OPENSSL_free(db->buf);
200 db->buflen = tbuflen;
204 /* set repeat count for last buffer in list */
205 static int evp_test_buffer_set_count(const char *value,
206 STACK_OF(EVP_TEST_BUFFER) *sk)
209 int count = atoi(value);
214 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
217 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
218 if (db->count_set != 0)
221 db->count = (size_t)count;
226 /* call "fn" with each element of the list in turn */
227 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
229 const unsigned char *buf,
235 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
236 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
239 for (j = 0; j < tb->count; j++) {
240 if (fn(ctx, tb->buf, tb->buflen) <= 0)
248 * Unescape some sequences in string literals (only \n for now).
249 * Return an allocated buffer, set |out_len|. If |input_len|
250 * is zero, get an empty buffer but set length to zero.
252 static unsigned char* unescape(const char *input, size_t input_len,
255 unsigned char *ret, *p;
258 if (input_len == 0) {
260 return OPENSSL_zalloc(1);
263 /* Escaping is non-expanding; over-allocate original size for simplicity. */
264 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len)))
267 for (i = 0; i < input_len; i++) {
268 if (*input == '\\') {
269 if (i == input_len - 1 || *++input != 'n') {
270 TEST_error("Bad escape sequence in file");
290 * For a hex string "value" convert to a binary allocated buffer.
291 * Return 1 on success or 0 on failure.
293 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen)
297 /* Check for NULL literal */
298 if (strcmp(value, "NULL") == 0) {
304 /* Check for empty value */
305 if (*value == '\0') {
307 * Don't return NULL for zero length buffer. This is needed for
308 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key
309 * buffer even if the key length is 0, in order to detect key reset.
311 *buf = OPENSSL_malloc(1);
319 /* Check for string literal */
320 if (value[0] == '"') {
321 size_t vlen = strlen(++value);
323 if (vlen == 0 || value[vlen - 1] != '"')
326 *buf = unescape(value, vlen, buflen);
327 return *buf == NULL ? 0 : 1;
330 /* Otherwise assume as hex literal and convert it to binary buffer */
331 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
332 TEST_info("Can't convert %s", value);
333 TEST_openssl_errors();
336 /* Size of input buffer means we'll never overflow */
342 ** MESSAGE DIGEST TESTS
345 typedef struct digest_data_st {
346 /* Digest this test is for */
347 const EVP_MD *digest;
348 EVP_MD *fetched_digest;
349 /* Input to digest */
350 STACK_OF(EVP_TEST_BUFFER) *input;
351 /* Expected output */
352 unsigned char *output;
358 /* Size for variable output length but non-XOF */
362 static int digest_test_init(EVP_TEST *t, const char *alg)
365 const EVP_MD *digest;
366 EVP_MD *fetched_digest;
368 if (is_digest_disabled(alg)) {
369 TEST_info("skipping, '%s' is disabled", alg);
374 if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
375 && (digest = EVP_get_digestbyname(alg)) == NULL)
377 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
380 mdat->digest = digest;
381 mdat->fetched_digest = fetched_digest;
384 if (fetched_digest != NULL)
385 TEST_info("%s is fetched", alg);
389 static void digest_test_cleanup(EVP_TEST *t)
391 DIGEST_DATA *mdat = t->data;
393 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
394 OPENSSL_free(mdat->output);
395 EVP_MD_free(mdat->fetched_digest);
398 static int digest_test_parse(EVP_TEST *t,
399 const char *keyword, const char *value)
401 DIGEST_DATA *mdata = t->data;
403 if (strcmp(keyword, "Input") == 0)
404 return evp_test_buffer_append(value, &mdata->input);
405 if (strcmp(keyword, "Output") == 0)
406 return parse_bin(value, &mdata->output, &mdata->output_len);
407 if (strcmp(keyword, "Count") == 0)
408 return evp_test_buffer_set_count(value, mdata->input);
409 if (strcmp(keyword, "Ncopy") == 0)
410 return evp_test_buffer_ncopy(value, mdata->input);
411 if (strcmp(keyword, "Padding") == 0)
412 return (mdata->pad_type = atoi(value)) > 0;
413 if (strcmp(keyword, "XOF") == 0)
414 return (mdata->xof = atoi(value)) > 0;
415 if (strcmp(keyword, "OutputSize") == 0) {
421 mdata->digest_size = sz;
427 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
429 return EVP_DigestUpdate(ctx, buf, buflen);
432 static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx)
434 char dont[] = "touch";
438 if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) {
439 EVP_MD_CTX_free(mctx);
440 t->err = "DIGESTFINALXOF_ERROR";
443 if (!TEST_str_eq(dont, "touch")) {
444 EVP_MD_CTX_free(mctx);
445 t->err = "DIGESTFINALXOF_ERROR";
448 EVP_MD_CTX_free(mctx);
452 static int digest_test_run(EVP_TEST *t)
454 DIGEST_DATA *expected = t->data;
455 EVP_TEST_BUFFER *inbuf;
457 unsigned char *got = NULL;
458 unsigned int got_len;
461 OSSL_PARAM params[4], *p = ¶ms[0];
463 t->err = "TEST_FAILURE";
464 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
467 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ?
468 expected->output_len : EVP_MAX_MD_SIZE);
472 if (expected->xof > 0) {
474 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN,
475 &expected->output_len);
477 if (expected->digest_size > 0) {
478 *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE,
479 &expected->digest_size);
481 if (expected->pad_type > 0)
482 *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE,
483 &expected->pad_type);
484 *p++ = OSSL_PARAM_construct_end();
486 if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) {
487 t->err = "DIGESTINIT_ERROR";
491 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) {
492 t->err = "DIGESTUPDATE_ERROR";
496 xof |= (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0;
498 EVP_MD_CTX *mctx_cpy;
500 if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
503 if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) {
504 EVP_MD_CTX_free(mctx_cpy);
506 } else if (!test_duplicate_md_ctx(t, mctx_cpy)) {
510 if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx)))
513 got_len = expected->output_len;
514 if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
515 t->err = "DIGESTFINALXOF_ERROR";
519 if (!EVP_DigestFinal(mctx, got, &got_len)) {
520 t->err = "DIGESTFINAL_ERROR";
524 if (!TEST_int_eq(expected->output_len, got_len)) {
525 t->err = "DIGEST_LENGTH_MISMATCH";
528 if (!memory_err_compare(t, "DIGEST_MISMATCH",
529 expected->output, expected->output_len,
535 /* Test the EVP_Q_digest interface as well */
536 if (sk_EVP_TEST_BUFFER_num(expected->input) == 1
538 /* This should never fail but we need the returned pointer now */
539 && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0))
540 && !inbuf->count_set) {
541 OPENSSL_cleanse(got, got_len);
542 if (!TEST_true(EVP_Q_digest(libctx,
543 EVP_MD_get0_name(expected->fetched_digest),
544 NULL, inbuf->buf, inbuf->buflen,
546 || !TEST_mem_eq(got, size,
547 expected->output, expected->output_len)) {
548 t->err = "EVP_Q_digest failed";
555 EVP_MD_CTX_free(mctx);
559 static const EVP_TEST_METHOD digest_test_method = {
571 typedef struct cipher_data_st {
572 const EVP_CIPHER *cipher;
573 EVP_CIPHER *fetched_cipher;
575 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
579 size_t key_bits; /* Used by RC2 */
581 unsigned char *next_iv; /* Expected IV state after operation */
584 unsigned char *plaintext;
585 size_t plaintext_len;
586 unsigned char *ciphertext;
587 size_t ciphertext_len;
588 /* AEAD ciphers only */
589 unsigned char *aad[AAD_NUM];
590 size_t aad_len[AAD_NUM];
594 const char *cts_mode;
597 unsigned char *mac_key;
599 const char *xts_standard;
602 static int cipher_test_init(EVP_TEST *t, const char *alg)
604 const EVP_CIPHER *cipher;
605 EVP_CIPHER *fetched_cipher;
609 if (is_cipher_disabled(alg)) {
611 TEST_info("skipping, '%s' is disabled", alg);
616 if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL
617 && (cipher = EVP_get_cipherbyname(alg)) == NULL) {
618 /* a stitched cipher might not be available */
619 if (strstr(alg, "HMAC") != NULL) {
622 TEST_info("skipping, '%s' is not available", alg);
625 ERR_clear_last_mark();
628 ERR_clear_last_mark();
630 if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat))))
633 cdat->cipher = cipher;
634 cdat->fetched_cipher = fetched_cipher;
636 m = EVP_CIPHER_get_mode(cipher);
637 if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
638 cdat->aead = m != 0 ? m : -1;
643 if (fetched_cipher != NULL)
644 TEST_info("%s is fetched", alg);
648 static void cipher_test_cleanup(EVP_TEST *t)
651 CIPHER_DATA *cdat = t->data;
653 OPENSSL_free(cdat->key);
654 OPENSSL_free(cdat->iv);
655 OPENSSL_free(cdat->next_iv);
656 OPENSSL_free(cdat->ciphertext);
657 OPENSSL_free(cdat->plaintext);
658 for (i = 0; i < AAD_NUM; i++)
659 OPENSSL_free(cdat->aad[i]);
660 OPENSSL_free(cdat->tag);
661 OPENSSL_free(cdat->mac_key);
662 EVP_CIPHER_free(cdat->fetched_cipher);
665 static int cipher_test_parse(EVP_TEST *t, const char *keyword,
668 CIPHER_DATA *cdat = t->data;
671 if (strcmp(keyword, "Key") == 0)
672 return parse_bin(value, &cdat->key, &cdat->key_len);
673 if (strcmp(keyword, "Rounds") == 0) {
677 cdat->rounds = (unsigned int)i;
680 if (strcmp(keyword, "IV") == 0)
681 return parse_bin(value, &cdat->iv, &cdat->iv_len);
682 if (strcmp(keyword, "NextIV") == 0)
683 return parse_bin(value, &cdat->next_iv, &cdat->iv_len);
684 if (strcmp(keyword, "Plaintext") == 0)
685 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
686 if (strcmp(keyword, "Ciphertext") == 0)
687 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
688 if (strcmp(keyword, "KeyBits") == 0) {
692 cdat->key_bits = (size_t)i;
698 if (strcmp(keyword, "TLSAAD") == 0)
699 cdat->tls_aad = tls_aad = 1;
700 if (strcmp(keyword, "AAD") == 0 || tls_aad) {
701 for (i = 0; i < AAD_NUM; i++) {
702 if (cdat->aad[i] == NULL)
703 return parse_bin(value, &cdat->aad[i], &cdat->aad_len[i]);
707 if (strcmp(keyword, "Tag") == 0)
708 return parse_bin(value, &cdat->tag, &cdat->tag_len);
709 if (strcmp(keyword, "SetTagLate") == 0) {
710 if (strcmp(value, "TRUE") == 0)
712 else if (strcmp(value, "FALSE") == 0)
718 if (strcmp(keyword, "MACKey") == 0)
719 return parse_bin(value, &cdat->mac_key, &cdat->mac_key_len);
720 if (strcmp(keyword, "TLSVersion") == 0) {
723 cdat->tls_version = (int)strtol(value, &endptr, 0);
724 return value[0] != '\0' && endptr[0] == '\0';
728 if (strcmp(keyword, "Operation") == 0) {
729 if (strcmp(value, "ENCRYPT") == 0)
731 else if (strcmp(value, "DECRYPT") == 0)
737 if (strcmp(keyword, "CTSMode") == 0) {
738 cdat->cts_mode = value;
741 if (strcmp(keyword, "XTSStandard") == 0) {
742 cdat->xts_standard = value;
748 static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
749 size_t inp_misalign, int frag, int in_place)
751 CIPHER_DATA *expected = t->data;
752 unsigned char *in, *expected_out, *tmp = NULL;
753 size_t in_len, out_len, donelen = 0;
754 int ok = 0, tmplen, chunklen, tmpflen, i;
755 EVP_CIPHER_CTX *ctx_base = NULL;
756 EVP_CIPHER_CTX *ctx = NULL, *duped;
757 int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0);
759 t->err = "TEST_FAILURE";
760 if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
762 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
764 EVP_CIPHER_CTX_set_flags(ctx_base, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
766 in = expected->plaintext;
767 in_len = expected->plaintext_len;
768 expected_out = expected->ciphertext;
769 out_len = expected->ciphertext_len;
771 in = expected->ciphertext;
772 in_len = expected->ciphertext_len;
773 expected_out = expected->plaintext;
774 out_len = expected->plaintext_len;
777 /* Exercise in-place encryption */
778 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
781 in = memcpy(tmp + out_misalign, in, in_len);
783 inp_misalign += 16 - ((out_misalign + in_len) & 15);
785 * 'tmp' will store both output and copy of input. We make the copy
786 * of input to specifically aligned part of 'tmp'. So we just
787 * figured out how much padding would ensure the required alignment,
788 * now we allocate extended buffer and finally copy the input just
789 * past inp_misalign in expression below. Output will be written
790 * past out_misalign...
792 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
793 inp_misalign + in_len);
796 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
797 inp_misalign, in, in_len);
799 if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) {
800 t->err = "CIPHERINIT_ERROR";
803 if (expected->cts_mode != NULL) {
804 OSSL_PARAM params[2];
806 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
807 (char *)expected->cts_mode,
809 params[1] = OSSL_PARAM_construct_end();
810 if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) {
811 t->err = "INVALID_CTS_MODE";
816 if (expected->aead) {
817 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN,
818 expected->iv_len, 0) <= 0) {
819 t->err = "INVALID_IV_LENGTH";
822 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
823 t->err = "INVALID_IV_LENGTH";
827 if (expected->aead && !expected->tls_aad) {
830 * If encrypting or OCB just set tag length initially, otherwise
831 * set tag length and value.
833 if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) {
834 t->err = "TAG_LENGTH_SET_ERROR";
837 t->err = "TAG_SET_ERROR";
840 if (tag || expected->aead != EVP_CIPH_GCM_MODE) {
841 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG,
842 expected->tag_len, tag) <= 0)
847 if (expected->rounds > 0) {
848 int rounds = (int)expected->rounds;
850 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) {
851 t->err = "INVALID_ROUNDS";
856 if (!EVP_CIPHER_CTX_set_key_length(ctx_base, expected->key_len)) {
857 t->err = "INVALID_KEY_LENGTH";
860 if (expected->key_bits > 0) {
861 int bits = (int)expected->key_bits;
863 if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL) <= 0) {
864 t->err = "INVALID KEY BITS";
868 if (!EVP_CipherInit_ex(ctx_base, NULL, NULL, expected->key, expected->iv, -1)) {
869 t->err = "KEY_SET_ERROR";
873 /* Check that we get the same IV back */
874 if (expected->iv != NULL) {
875 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
876 unsigned char iv[128];
877 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
878 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
879 && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
880 expected->iv_len))) {
881 t->err = "INVALID_IV";
886 /* Test that the cipher dup functions correctly if it is supported */
888 if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
889 if (fips_dupctx_supported) {
890 TEST_info("Doing a copy of Cipher %s Fails!\n",
891 EVP_CIPHER_get0_name(expected->cipher));
892 ERR_print_errors_fp(stderr);
895 TEST_info("Allowing copy fail as an old fips provider is in use.");
897 EVP_CIPHER_CTX_free(ctx);
900 EVP_CIPHER_CTX_free(ctx_base);
903 /* Likewise for dup */
904 duped = EVP_CIPHER_CTX_dup(ctx);
906 EVP_CIPHER_CTX_free(ctx);
909 if (fips_dupctx_supported) {
910 TEST_info("Doing a dup of Cipher %s Fails!\n",
911 EVP_CIPHER_get0_name(expected->cipher));
912 ERR_print_errors_fp(stderr);
915 TEST_info("Allowing dup fail as an old fips provider is in use.");
920 if (expected->mac_key != NULL
921 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
922 (int)expected->mac_key_len,
923 (void *)expected->mac_key) <= 0) {
924 t->err = "SET_MAC_KEY_ERROR";
928 if (expected->tls_version) {
929 OSSL_PARAM params[2];
931 params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
932 &expected->tls_version);
933 params[1] = OSSL_PARAM_construct_end();
934 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
935 t->err = "SET_TLS_VERSION_ERROR";
940 if (expected->aead == EVP_CIPH_CCM_MODE) {
941 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
942 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
946 if (expected->aad[0] != NULL && !expected->tls_aad) {
947 t->err = "AAD_SET_ERROR";
949 for (i = 0; expected->aad[i] != NULL; i++) {
950 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i],
951 expected->aad_len[i]))
956 * Supply the AAD in chunks less than the block size where possible
958 for (i = 0; expected->aad[i] != NULL; i++) {
959 if (expected->aad_len[i] > 0) {
960 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1))
964 if (expected->aad_len[i] > 2) {
965 if (!EVP_CipherUpdate(ctx, NULL, &chunklen,
966 expected->aad[i] + donelen,
967 expected->aad_len[i] - 2))
969 donelen += expected->aad_len[i] - 2;
971 if (expected->aad_len[i] > 1
972 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
973 expected->aad[i] + donelen, 1))
979 if (expected->tls_aad) {
980 OSSL_PARAM params[2];
983 /* duplicate the aad as the implementation might modify it */
984 if ((tls_aad = OPENSSL_memdup(expected->aad[0],
985 expected->aad_len[0])) == NULL)
987 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
989 expected->aad_len[0]);
990 params[1] = OSSL_PARAM_construct_end();
991 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
992 OPENSSL_free(tls_aad);
993 t->err = "TLS1_AAD_ERROR";
996 OPENSSL_free(tls_aad);
997 } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE
998 || expected->tag_late)) {
999 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1000 expected->tag_len, expected->tag) <= 0) {
1001 t->err = "TAG_SET_ERROR";
1005 if (expected->xts_standard != NULL) {
1006 OSSL_PARAM params[2];
1009 OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD,
1010 (char *)expected->xts_standard, 0);
1011 params[1] = OSSL_PARAM_construct_end();
1012 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
1013 t->err = "SET_XTS_STANDARD_ERROR";
1017 EVP_CIPHER_CTX_set_padding(ctx, 0);
1018 t->err = "CIPHERUPDATE_ERROR";
1021 /* We supply the data all in one go */
1022 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
1025 /* Supply the data in chunks less than the block size where possible */
1027 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
1034 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1042 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1048 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
1049 t->err = "CIPHERFINAL_ERROR";
1052 if (!enc && expected->tls_aad) {
1053 if (expected->tls_version >= TLS1_1_VERSION
1054 && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1")
1055 || EVP_CIPHER_is_a(expected->cipher, "AES-256-CBC-HMAC-SHA1"))) {
1056 tmplen -= expected->iv_len;
1057 expected_out += expected->iv_len;
1058 out_misalign += expected->iv_len;
1060 if ((int)out_len > tmplen + tmpflen)
1061 out_len = tmplen + tmpflen;
1063 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len,
1064 tmp + out_misalign, tmplen + tmpflen))
1066 if (enc && expected->aead && !expected->tls_aad) {
1067 unsigned char rtag[16];
1069 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
1070 t->err = "TAG_LENGTH_INTERNAL_ERROR";
1073 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1074 expected->tag_len, rtag) <= 0) {
1075 t->err = "TAG_RETRIEVE_ERROR";
1078 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH",
1079 expected->tag, expected->tag_len,
1080 rtag, expected->tag_len))
1083 /* Check the updated IV */
1084 if (expected->next_iv != NULL) {
1085 /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
1086 unsigned char iv[128];
1087 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
1088 || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
1089 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
1090 expected->iv_len))) {
1091 t->err = "INVALID_NEXT_IV";
1100 if (ctx != ctx_base)
1101 EVP_CIPHER_CTX_free(ctx_base);
1102 EVP_CIPHER_CTX_free(ctx);
1107 * XTS, SIV, CCM, stitched ciphers and Wrap modes have special
1108 * requirements about input lengths so we don't fragment for those
1110 static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat)
1112 return (cdat->aead == EVP_CIPH_CCM_MODE
1113 || cdat->aead == EVP_CIPH_CBC_MODE
1114 || (cdat->aead == -1
1115 && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER)
1116 || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
1117 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
1118 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE
1119 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
1120 || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1;
1123 static int cipher_test_run(EVP_TEST *t)
1125 CIPHER_DATA *cdat = t->data;
1126 int rv, frag, fragmax, in_place;
1127 size_t out_misalign, inp_misalign;
1129 TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
1134 if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) {
1135 /* IV is optional and usually omitted in wrap mode */
1136 if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
1141 if (cdat->aead && cdat->tag == NULL && !cdat->tls_aad) {
1146 fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1;
1147 for (in_place = 1; in_place >= 0; in_place--) {
1148 static char aux_err[64];
1150 t->aux_err = aux_err;
1151 /* Test only in-place data processing */
1152 if (process_mode_in_place == 1 && in_place == 0)
1155 for (frag = 0; frag <= fragmax; frag++) {
1156 for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
1157 for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) {
1158 /* Skip input misalign tests for in-place processing */
1159 if (inp_misalign == 1 && in_place == 1)
1161 if (in_place == 1) {
1162 BIO_snprintf(aux_err, sizeof(aux_err),
1163 "%s in-place, %sfragmented",
1164 out_misalign ? "misaligned" : "aligned",
1165 frag ? "" : "not ");
1167 BIO_snprintf(aux_err, sizeof(aux_err),
1168 "%s output and %s input, %sfragmented",
1169 out_misalign ? "misaligned" : "aligned",
1170 inp_misalign ? "misaligned" : "aligned",
1171 frag ? "" : "not ");
1174 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign,
1176 /* Not fatal errors: return */
1183 if (cdat->enc != 1) {
1184 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign,
1186 /* Not fatal errors: return */
1202 static const EVP_TEST_METHOD cipher_test_method = {
1205 cipher_test_cleanup,
1215 typedef struct mac_data_st {
1216 /* MAC type in one form or another */
1218 EVP_MAC *mac; /* for mac_test_run_mac */
1219 int type; /* for mac_test_run_pkey */
1220 /* Algorithm string for this MAC */
1229 unsigned char *input;
1231 /* Expected output */
1232 unsigned char *output;
1234 unsigned char *custom;
1236 /* MAC salt (blake2) */
1237 unsigned char *salt;
1241 /* Reinitialization fails */
1243 /* Collection of controls */
1244 STACK_OF(OPENSSL_STRING) *controls;
1251 static int mac_test_init(EVP_TEST *t, const char *alg)
1253 EVP_MAC *mac = NULL;
1254 int type = NID_undef;
1257 if (is_mac_disabled(alg)) {
1258 TEST_info("skipping, '%s' is disabled", alg);
1262 if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) {
1264 * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
1265 * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
1266 * the EVP_PKEY method.
1268 size_t sz = strlen(alg);
1269 static const char epilogue[] = " by EVP_PKEY";
1271 if (sz >= sizeof(epilogue)
1272 && strcmp(alg + sz - (sizeof(epilogue) - 1), epilogue) == 0)
1273 sz -= sizeof(epilogue) - 1;
1275 if (strncmp(alg, "HMAC", sz) == 0)
1276 type = EVP_PKEY_HMAC;
1277 else if (strncmp(alg, "CMAC", sz) == 0)
1278 type = EVP_PKEY_CMAC;
1279 else if (strncmp(alg, "Poly1305", sz) == 0)
1280 type = EVP_PKEY_POLY1305;
1281 else if (strncmp(alg, "SipHash", sz) == 0)
1282 type = EVP_PKEY_SIPHASH;
1287 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
1291 if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) {
1297 if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) {
1298 OPENSSL_free(mdat->mac_name);
1303 mdat->output_size = mdat->block_size = -1;
1308 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
1309 static void openssl_free(char *m)
1314 static void mac_test_cleanup(EVP_TEST *t)
1316 MAC_DATA *mdat = t->data;
1318 EVP_MAC_free(mdat->mac);
1319 OPENSSL_free(mdat->mac_name);
1320 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
1321 OPENSSL_free(mdat->alg);
1322 OPENSSL_free(mdat->key);
1323 OPENSSL_free(mdat->iv);
1324 OPENSSL_free(mdat->custom);
1325 OPENSSL_free(mdat->salt);
1326 OPENSSL_free(mdat->input);
1327 OPENSSL_free(mdat->output);
1330 static int mac_test_parse(EVP_TEST *t,
1331 const char *keyword, const char *value)
1333 MAC_DATA *mdata = t->data;
1335 if (strcmp(keyword, "Key") == 0)
1336 return parse_bin(value, &mdata->key, &mdata->key_len);
1337 if (strcmp(keyword, "IV") == 0)
1338 return parse_bin(value, &mdata->iv, &mdata->iv_len);
1339 if (strcmp(keyword, "Custom") == 0)
1340 return parse_bin(value, &mdata->custom, &mdata->custom_len);
1341 if (strcmp(keyword, "Salt") == 0)
1342 return parse_bin(value, &mdata->salt, &mdata->salt_len);
1343 if (strcmp(keyword, "Algorithm") == 0) {
1344 mdata->alg = OPENSSL_strdup(value);
1345 if (mdata->alg == NULL)
1349 if (strcmp(keyword, "Input") == 0)
1350 return parse_bin(value, &mdata->input, &mdata->input_len);
1351 if (strcmp(keyword, "Output") == 0)
1352 return parse_bin(value, &mdata->output, &mdata->output_len);
1353 if (strcmp(keyword, "XOF") == 0)
1354 return mdata->xof = 1;
1355 if (strcmp(keyword, "NoReinit") == 0)
1356 return mdata->no_reinit = 1;
1357 if (strcmp(keyword, "Ctrl") == 0) {
1358 char *data = OPENSSL_strdup(value);
1362 return sk_OPENSSL_STRING_push(mdata->controls, data) != 0;
1364 if (strcmp(keyword, "OutputSize") == 0) {
1365 mdata->output_size = atoi(value);
1366 if (mdata->output_size < 0)
1370 if (strcmp(keyword, "BlockSize") == 0) {
1371 mdata->block_size = atoi(value);
1372 if (mdata->block_size < 0)
1379 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1385 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1387 p = strchr(tmpval, ':');
1390 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1393 t->err = "PKEY_CTRL_INVALID";
1395 t->err = "PKEY_CTRL_ERROR";
1398 OPENSSL_free(tmpval);
1402 static int mac_test_run_pkey(EVP_TEST *t)
1404 MAC_DATA *expected = t->data;
1405 EVP_MD_CTX *mctx = NULL;
1406 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1407 EVP_PKEY *key = NULL;
1408 const char *mdname = NULL;
1409 EVP_CIPHER *cipher = NULL;
1410 unsigned char *got = NULL;
1414 /* We don't do XOF mode via PKEY */
1418 if (expected->alg == NULL)
1419 TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
1421 TEST_info("Trying the EVP_PKEY %s test with %s",
1422 OBJ_nid2sn(expected->type), expected->alg);
1424 if (expected->type == EVP_PKEY_CMAC) {
1425 #ifdef OPENSSL_NO_DEPRECATED_3_0
1426 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1431 OSSL_LIB_CTX *tmpctx;
1433 if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
1434 TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
1439 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) {
1440 t->err = "MAC_KEY_CREATE_ERROR";
1443 tmpctx = OSSL_LIB_CTX_set0_default(libctx);
1444 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
1446 OSSL_LIB_CTX_set0_default(tmpctx);
1449 key = EVP_PKEY_new_raw_private_key_ex(libctx,
1450 OBJ_nid2sn(expected->type), NULL,
1451 expected->key, expected->key_len);
1454 t->err = "MAC_KEY_CREATE_ERROR";
1458 if (expected->type == EVP_PKEY_HMAC && expected->alg != NULL) {
1459 if (is_digest_disabled(expected->alg)) {
1460 TEST_info("skipping, HMAC '%s' is disabled", expected->alg);
1465 mdname = expected->alg;
1467 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1468 t->err = "INTERNAL_ERROR";
1471 if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key, NULL)) {
1472 t->err = "DIGESTSIGNINIT_ERROR";
1475 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
1476 if (!mac_test_ctrl_pkey(t, pctx,
1477 sk_OPENSSL_STRING_value(expected->controls,
1479 t->err = "EVPPKEYCTXCTRL_ERROR";
1482 if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) {
1483 t->err = "DIGESTSIGNUPDATE_ERROR";
1486 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) {
1487 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1490 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1491 t->err = "TEST_FAILURE";
1494 if (!EVP_DigestSignFinal(mctx, got, &got_len)
1495 || !memory_err_compare(t, "TEST_MAC_ERR",
1496 expected->output, expected->output_len,
1498 t->err = "TEST_MAC_ERR";
1503 EVP_CIPHER_free(cipher);
1504 EVP_MD_CTX_free(mctx);
1506 EVP_PKEY_CTX_free(genctx);
1511 static int mac_test_run_mac(EVP_TEST *t)
1513 MAC_DATA *expected = t->data;
1514 EVP_MAC_CTX *ctx = NULL;
1515 unsigned char *got = NULL;
1516 size_t got_len = 0, size = 0;
1517 size_t size_before_init = 0, size_after_init, size_val = 0;
1518 int i, block_size = -1, output_size = -1;
1519 OSSL_PARAM params[21], sizes[3], *psizes = sizes;
1520 size_t params_n = 0;
1521 size_t params_n_allocstart = 0;
1522 const OSSL_PARAM *defined_params =
1523 EVP_MAC_settable_ctx_params(expected->mac);
1527 if (expected->alg == NULL)
1528 TEST_info("Trying the EVP_MAC %s test", expected->mac_name);
1530 TEST_info("Trying the EVP_MAC %s test with %s",
1531 expected->mac_name, expected->alg);
1533 if (expected->alg != NULL) {
1537 * The underlying algorithm may be a cipher or a digest.
1538 * We don't know which it is, but we can ask the MAC what it
1539 * should be and bet on that.
1541 if (OSSL_PARAM_locate_const(defined_params,
1542 OSSL_MAC_PARAM_CIPHER) != NULL) {
1543 if (is_cipher_disabled(expected->alg))
1546 params[params_n++] =
1547 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
1549 } else if (OSSL_PARAM_locate_const(defined_params,
1550 OSSL_MAC_PARAM_DIGEST) != NULL) {
1551 if (is_digest_disabled(expected->alg))
1554 params[params_n++] =
1555 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1558 t->err = "MAC_BAD_PARAMS";
1562 TEST_info("skipping, algorithm '%s' is disabled", expected->alg);
1568 if (expected->custom != NULL)
1569 params[params_n++] =
1570 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
1572 expected->custom_len);
1573 if (expected->salt != NULL)
1574 params[params_n++] =
1575 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
1577 expected->salt_len);
1578 if (expected->iv != NULL)
1579 params[params_n++] =
1580 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1584 /* Unknown controls. They must match parameters that the MAC recognizes */
1585 if (params_n + sk_OPENSSL_STRING_num(expected->controls)
1586 >= OSSL_NELEM(params)) {
1587 t->err = "MAC_TOO_MANY_PARAMETERS";
1590 params_n_allocstart = params_n;
1591 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
1592 char *tmpkey, *tmpval;
1593 char *value = sk_OPENSSL_STRING_value(expected->controls, i);
1595 if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
1596 t->err = "MAC_PARAM_ERROR";
1599 tmpval = strchr(tmpkey, ':');
1604 || !OSSL_PARAM_allocate_from_text(¶ms[params_n],
1607 strlen(tmpval), NULL)) {
1608 OPENSSL_free(tmpkey);
1609 t->err = "MAC_PARAM_ERROR";
1614 if (strcmp(tmpkey, "size") == 0)
1615 size_val = (size_t)strtoul(tmpval, NULL, 0);
1617 OPENSSL_free(tmpkey);
1619 params[params_n] = OSSL_PARAM_construct_end();
1621 if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
1622 t->err = "MAC_CREATE_ERROR";
1625 if (fips_provider_version_gt(libctx, 3, 2, 0))
1626 size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
1627 if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
1628 t->err = "MAC_INIT_ERROR";
1631 size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
1632 if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
1633 t->err = "MAC SIZE not set";
1636 if (size_before_init != 0) {
1637 /* mac-size not modified by init params */
1638 if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
1639 t->err = "MAC SIZE check failed";
1642 /* mac-size modified by init params */
1643 if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
1644 t->err = "MAC SIZE check failed";
1648 if (expected->output_size >= 0)
1649 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
1651 if (expected->block_size >= 0)
1652 *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
1654 if (psizes != sizes) {
1655 *psizes = OSSL_PARAM_construct_end();
1656 if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
1657 t->err = "INTERNAL_ERROR";
1660 if (expected->output_size >= 0
1661 && !TEST_int_eq(output_size, expected->output_size)) {
1662 t->err = "TEST_FAILURE";
1665 if (expected->block_size >= 0
1666 && !TEST_int_eq(block_size, expected->block_size)) {
1667 t->err = "TEST_FAILURE";
1672 if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
1673 t->err = "MAC_UPDATE_ERROR";
1676 xof = expected->xof;
1678 if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
1679 t->err = "TEST_FAILURE";
1682 if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
1683 || !memory_err_compare(t, "TEST_MAC_ERR",
1684 expected->output, expected->output_len,
1685 got, expected->output_len)) {
1686 t->err = "MAC_FINAL_ERROR";
1690 if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
1691 t->err = "MAC_FINAL_LENGTH_ERROR";
1694 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
1695 t->err = "TEST_FAILURE";
1698 if (!EVP_MAC_final(ctx, got, &got_len, got_len)
1699 || !memory_err_compare(t, "TEST_MAC_ERR",
1700 expected->output, expected->output_len,
1702 t->err = "TEST_MAC_ERR";
1706 /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */
1707 if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) {
1708 OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1711 /* If the MAC uses IV, we have to set it again */
1712 if (expected->iv != NULL) {
1714 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
1717 ivparams[1] = OSSL_PARAM_construct_end();
1720 ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
1721 if (expected->no_reinit) {
1723 ERR_clear_last_mark();
1724 t->err = "MAC_REINIT_SHOULD_FAIL";
1728 ERR_clear_last_mark();
1733 ERR_clear_last_mark();
1734 t->err = "MAC_REINIT_ERROR";
1737 /* If reinitialization fails, it is unsupported by the algorithm */
1742 /* Test the EVP_Q_mac interface as well */
1744 OPENSSL_cleanse(got, got_len);
1745 if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL,
1746 expected->alg, params,
1747 expected->key, expected->key_len,
1748 expected->input, expected->input_len,
1749 got, got_len, &size))
1750 || !TEST_mem_eq(got, size,
1751 expected->output, expected->output_len)) {
1752 t->err = "EVP_Q_mac failed";
1757 while (params_n-- > params_n_allocstart) {
1758 OPENSSL_free(params[params_n].data);
1760 EVP_MAC_CTX_free(ctx);
1765 static int mac_test_run(EVP_TEST *t)
1767 MAC_DATA *expected = t->data;
1769 if (expected->mac != NULL)
1770 return mac_test_run_mac(t);
1771 return mac_test_run_pkey(t);
1774 static const EVP_TEST_METHOD mac_test_method = {
1785 ** These are all very similar and share much common code.
1788 typedef struct pkey_data_st {
1789 /* Context for this operation */
1791 /* Key operation to perform */
1792 int (*keyop) (EVP_PKEY_CTX *ctx,
1793 unsigned char *sig, size_t *siglen,
1794 const unsigned char *tbs, size_t tbslen);
1796 unsigned char *input;
1798 /* Expected output */
1799 unsigned char *output;
1804 * Perform public key operation setup: lookup key, allocated ctx and call
1805 * the appropriate initialisation function
1807 static int pkey_test_init(EVP_TEST *t, const char *name,
1809 int (*keyopinit) (EVP_PKEY_CTX *ctx),
1810 int (*keyop)(EVP_PKEY_CTX *ctx,
1811 unsigned char *sig, size_t *siglen,
1812 const unsigned char *tbs,
1816 EVP_PKEY *pkey = NULL;
1820 rv = find_key(&pkey, name, public_keys);
1822 rv = find_key(&pkey, name, private_keys);
1823 if (rv == 0 || pkey == NULL) {
1824 TEST_info("skipping, key '%s' is disabled", name);
1829 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) {
1830 EVP_PKEY_free(pkey);
1833 kdata->keyop = keyop;
1834 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) {
1835 EVP_PKEY_free(pkey);
1836 OPENSSL_free(kdata);
1839 if (keyopinit(kdata->ctx) <= 0)
1840 t->err = "KEYOP_INIT_ERROR";
1845 static void pkey_test_cleanup(EVP_TEST *t)
1847 PKEY_DATA *kdata = t->data;
1849 OPENSSL_free(kdata->input);
1850 OPENSSL_free(kdata->output);
1851 EVP_PKEY_CTX_free(kdata->ctx);
1854 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1860 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1862 p = strchr(tmpval, ':');
1865 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1868 t->err = "PKEY_CTRL_INVALID";
1870 } else if (p != NULL && rv <= 0) {
1871 if (is_digest_disabled(p) || is_cipher_disabled(p)) {
1872 TEST_info("skipping, '%s' is disabled", p);
1876 t->err = "PKEY_CTRL_ERROR";
1880 OPENSSL_free(tmpval);
1884 static int pkey_test_parse(EVP_TEST *t,
1885 const char *keyword, const char *value)
1887 PKEY_DATA *kdata = t->data;
1888 if (strcmp(keyword, "Input") == 0)
1889 return parse_bin(value, &kdata->input, &kdata->input_len);
1890 if (strcmp(keyword, "Output") == 0)
1891 return parse_bin(value, &kdata->output, &kdata->output_len);
1892 if (strcmp(keyword, "Ctrl") == 0)
1893 return pkey_test_ctrl(t, kdata->ctx, value);
1897 static int pkey_test_run(EVP_TEST *t)
1899 PKEY_DATA *expected = t->data;
1900 unsigned char *got = NULL;
1902 EVP_PKEY_CTX *copy = NULL;
1904 if (expected->keyop(expected->ctx, NULL, &got_len,
1905 expected->input, expected->input_len) <= 0
1906 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1907 t->err = "KEYOP_LENGTH_ERROR";
1910 if (expected->keyop(expected->ctx, got, &got_len,
1911 expected->input, expected->input_len) <= 0) {
1912 t->err = "KEYOP_ERROR";
1915 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1916 expected->output, expected->output_len,
1924 /* Repeat the test on a copy. */
1925 if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) {
1926 t->err = "INTERNAL_ERROR";
1929 if (expected->keyop(copy, NULL, &got_len, expected->input,
1930 expected->input_len) <= 0
1931 || !TEST_ptr(got = OPENSSL_malloc(got_len))) {
1932 t->err = "KEYOP_LENGTH_ERROR";
1935 if (expected->keyop(copy, got, &got_len, expected->input,
1936 expected->input_len) <= 0) {
1937 t->err = "KEYOP_ERROR";
1940 if (!memory_err_compare(t, "KEYOP_MISMATCH",
1941 expected->output, expected->output_len,
1947 EVP_PKEY_CTX_free(copy);
1951 static int sign_test_init(EVP_TEST *t, const char *name)
1953 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
1956 static const EVP_TEST_METHOD psign_test_method = {
1964 static int verify_recover_test_init(EVP_TEST *t, const char *name)
1966 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
1967 EVP_PKEY_verify_recover);
1970 static const EVP_TEST_METHOD pverify_recover_test_method = {
1972 verify_recover_test_init,
1978 static int decrypt_test_init(EVP_TEST *t, const char *name)
1980 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
1984 static const EVP_TEST_METHOD pdecrypt_test_method = {
1992 static int verify_test_init(EVP_TEST *t, const char *name)
1994 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
1997 static int verify_test_run(EVP_TEST *t)
1999 PKEY_DATA *kdata = t->data;
2001 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
2002 kdata->input, kdata->input_len) <= 0)
2003 t->err = "VERIFY_ERROR";
2007 static const EVP_TEST_METHOD pverify_test_method = {
2015 static int pderive_test_init(EVP_TEST *t, const char *name)
2017 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
2020 static int pderive_test_parse(EVP_TEST *t,
2021 const char *keyword, const char *value)
2023 PKEY_DATA *kdata = t->data;
2026 if (strcmp(keyword, "PeerKeyValidate") == 0)
2029 if (validate || strcmp(keyword, "PeerKey") == 0) {
2031 if (find_key(&peer, value, public_keys) == 0)
2033 if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) {
2034 t->err = "DERIVE_SET_PEER_ERROR";
2040 if (strcmp(keyword, "SharedSecret") == 0)
2041 return parse_bin(value, &kdata->output, &kdata->output_len);
2042 if (strcmp(keyword, "Ctrl") == 0)
2043 return pkey_test_ctrl(t, kdata->ctx, value);
2044 if (strcmp(keyword, "KDFType") == 0) {
2045 OSSL_PARAM params[2];
2047 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
2049 params[1] = OSSL_PARAM_construct_end();
2050 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2054 if (strcmp(keyword, "KDFDigest") == 0) {
2055 OSSL_PARAM params[2];
2057 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
2059 params[1] = OSSL_PARAM_construct_end();
2060 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2064 if (strcmp(keyword, "CEKAlg") == 0) {
2065 OSSL_PARAM params[2];
2067 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
2069 params[1] = OSSL_PARAM_construct_end();
2070 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2074 if (strcmp(keyword, "KDFOutlen") == 0) {
2075 OSSL_PARAM params[2];
2077 size_t outlen = (size_t)strtoul(value, &endptr, 0);
2079 if (endptr[0] != '\0')
2082 params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
2084 params[1] = OSSL_PARAM_construct_end();
2085 if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
2092 static int pderive_test_run(EVP_TEST *t)
2094 EVP_PKEY_CTX *dctx = NULL;
2095 PKEY_DATA *expected = t->data;
2096 unsigned char *got = NULL;
2099 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
2100 t->err = "DERIVE_ERROR";
2104 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
2105 || !TEST_size_t_ne(got_len, 0)) {
2106 t->err = "DERIVE_ERROR";
2109 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2110 t->err = "DERIVE_ERROR";
2113 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
2114 t->err = "DERIVE_ERROR";
2117 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH",
2118 expected->output, expected->output_len,
2125 EVP_PKEY_CTX_free(dctx);
2129 static const EVP_TEST_METHOD pderive_test_method = {
2142 typedef enum pbe_type_enum {
2143 PBE_TYPE_INVALID = 0,
2144 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12
2147 typedef struct pbe_data_st {
2149 /* scrypt parameters */
2150 uint64_t N, r, p, maxmem;
2151 /* PKCS#12 parameters */
2155 unsigned char *pass;
2158 unsigned char *salt;
2160 /* Expected output */
2165 #ifndef OPENSSL_NO_SCRYPT
2166 /* Parse unsigned decimal 64 bit integer value */
2167 static int parse_uint64(const char *value, uint64_t *pr)
2169 const char *p = value;
2171 if (!TEST_true(*p)) {
2172 TEST_info("Invalid empty integer value");
2175 for (*pr = 0; *p; ) {
2176 if (*pr > UINT64_MAX / 10) {
2177 TEST_error("Integer overflow in string %s", value);
2181 if (!TEST_true(isdigit((unsigned char)*p))) {
2182 TEST_error("Invalid character in string %s", value);
2191 static int scrypt_test_parse(EVP_TEST *t,
2192 const char *keyword, const char *value)
2194 PBE_DATA *pdata = t->data;
2196 if (strcmp(keyword, "N") == 0)
2197 return parse_uint64(value, &pdata->N);
2198 if (strcmp(keyword, "p") == 0)
2199 return parse_uint64(value, &pdata->p);
2200 if (strcmp(keyword, "r") == 0)
2201 return parse_uint64(value, &pdata->r);
2202 if (strcmp(keyword, "maxmem") == 0)
2203 return parse_uint64(value, &pdata->maxmem);
2208 static int pbkdf2_test_parse(EVP_TEST *t,
2209 const char *keyword, const char *value)
2211 PBE_DATA *pdata = t->data;
2213 if (strcmp(keyword, "iter") == 0) {
2214 pdata->iter = atoi(value);
2215 if (pdata->iter <= 0)
2219 if (strcmp(keyword, "MD") == 0) {
2220 pdata->md = EVP_get_digestbyname(value);
2221 if (pdata->md == NULL)
2228 static int pkcs12_test_parse(EVP_TEST *t,
2229 const char *keyword, const char *value)
2231 PBE_DATA *pdata = t->data;
2233 if (strcmp(keyword, "id") == 0) {
2234 pdata->id = atoi(value);
2239 return pbkdf2_test_parse(t, keyword, value);
2242 static int pbe_test_init(EVP_TEST *t, const char *alg)
2245 PBE_TYPE pbe_type = PBE_TYPE_INVALID;
2247 if (is_kdf_disabled(alg)) {
2248 TEST_info("skipping, '%s' is disabled", alg);
2252 if (strcmp(alg, "scrypt") == 0) {
2253 pbe_type = PBE_TYPE_SCRYPT;
2254 } else if (strcmp(alg, "pbkdf2") == 0) {
2255 pbe_type = PBE_TYPE_PBKDF2;
2256 } else if (strcmp(alg, "pkcs12") == 0) {
2257 pbe_type = PBE_TYPE_PKCS12;
2259 TEST_error("Unknown pbe algorithm %s", alg);
2262 if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
2264 pdat->pbe_type = pbe_type;
2269 static void pbe_test_cleanup(EVP_TEST *t)
2271 PBE_DATA *pdat = t->data;
2273 OPENSSL_free(pdat->pass);
2274 OPENSSL_free(pdat->salt);
2275 OPENSSL_free(pdat->key);
2278 static int pbe_test_parse(EVP_TEST *t,
2279 const char *keyword, const char *value)
2281 PBE_DATA *pdata = t->data;
2283 if (strcmp(keyword, "Password") == 0)
2284 return parse_bin(value, &pdata->pass, &pdata->pass_len);
2285 if (strcmp(keyword, "Salt") == 0)
2286 return parse_bin(value, &pdata->salt, &pdata->salt_len);
2287 if (strcmp(keyword, "Key") == 0)
2288 return parse_bin(value, &pdata->key, &pdata->key_len);
2289 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
2290 return pbkdf2_test_parse(t, keyword, value);
2291 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
2292 return pkcs12_test_parse(t, keyword, value);
2293 #ifndef OPENSSL_NO_SCRYPT
2294 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
2295 return scrypt_test_parse(t, keyword, value);
2300 static int pbe_test_run(EVP_TEST *t)
2302 PBE_DATA *expected = t->data;
2304 EVP_MD *fetched_digest = NULL;
2305 OSSL_LIB_CTX *save_libctx;
2307 save_libctx = OSSL_LIB_CTX_set0_default(libctx);
2309 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) {
2310 t->err = "INTERNAL_ERROR";
2313 if (expected->pbe_type == PBE_TYPE_PBKDF2) {
2314 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len,
2315 expected->salt, expected->salt_len,
2316 expected->iter, expected->md,
2317 expected->key_len, key) == 0) {
2318 t->err = "PBKDF2_ERROR";
2321 #ifndef OPENSSL_NO_SCRYPT
2322 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) {
2323 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len,
2324 expected->salt, expected->salt_len,
2325 expected->N, expected->r, expected->p,
2326 expected->maxmem, key, expected->key_len) == 0) {
2327 t->err = "SCRYPT_ERROR";
2331 } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
2332 fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
2334 if (fetched_digest == NULL) {
2335 t->err = "PKCS12_ERROR";
2338 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len,
2339 expected->salt, expected->salt_len,
2340 expected->id, expected->iter, expected->key_len,
2341 key, fetched_digest) == 0) {
2342 t->err = "PKCS12_ERROR";
2346 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len,
2347 key, expected->key_len))
2352 EVP_MD_free(fetched_digest);
2354 OSSL_LIB_CTX_set0_default(save_libctx);
2358 static const EVP_TEST_METHOD pbe_test_method = {
2372 BASE64_CANONICAL_ENCODING = 0,
2373 BASE64_VALID_ENCODING = 1,
2374 BASE64_INVALID_ENCODING = 2
2375 } base64_encoding_type;
2377 typedef struct encode_data_st {
2378 /* Input to encoding */
2379 unsigned char *input;
2381 /* Expected output */
2382 unsigned char *output;
2384 base64_encoding_type encoding;
2387 static int encode_test_init(EVP_TEST *t, const char *encoding)
2391 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata))))
2393 if (strcmp(encoding, "canonical") == 0) {
2394 edata->encoding = BASE64_CANONICAL_ENCODING;
2395 } else if (strcmp(encoding, "valid") == 0) {
2396 edata->encoding = BASE64_VALID_ENCODING;
2397 } else if (strcmp(encoding, "invalid") == 0) {
2398 edata->encoding = BASE64_INVALID_ENCODING;
2399 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR")))
2402 TEST_error("Bad encoding: %s."
2403 " Should be one of {canonical, valid, invalid}",
2410 OPENSSL_free(edata);
2414 static void encode_test_cleanup(EVP_TEST *t)
2416 ENCODE_DATA *edata = t->data;
2418 OPENSSL_free(edata->input);
2419 OPENSSL_free(edata->output);
2420 memset(edata, 0, sizeof(*edata));
2423 static int encode_test_parse(EVP_TEST *t,
2424 const char *keyword, const char *value)
2426 ENCODE_DATA *edata = t->data;
2428 if (strcmp(keyword, "Input") == 0)
2429 return parse_bin(value, &edata->input, &edata->input_len);
2430 if (strcmp(keyword, "Output") == 0)
2431 return parse_bin(value, &edata->output, &edata->output_len);
2435 static int encode_test_run(EVP_TEST *t)
2437 ENCODE_DATA *expected = t->data;
2438 unsigned char *encode_out = NULL, *decode_out = NULL;
2439 int output_len, chunk_len;
2440 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL;
2442 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
2443 t->err = "INTERNAL_ERROR";
2447 if (expected->encoding == BASE64_CANONICAL_ENCODING) {
2449 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
2450 || !TEST_ptr(encode_out =
2451 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len))))
2454 EVP_EncodeInit(encode_ctx);
2455 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
2456 expected->input, expected->input_len)))
2459 output_len = chunk_len;
2461 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
2462 output_len += chunk_len;
2464 if (!memory_err_compare(t, "BAD_ENCODING",
2465 expected->output, expected->output_len,
2466 encode_out, output_len))
2470 if (!TEST_ptr(decode_out =
2471 OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len))))
2474 EVP_DecodeInit(decode_ctx);
2475 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output,
2476 expected->output_len) < 0) {
2477 t->err = "DECODE_ERROR";
2480 output_len = chunk_len;
2482 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
2483 t->err = "DECODE_ERROR";
2486 output_len += chunk_len;
2488 if (expected->encoding != BASE64_INVALID_ENCODING
2489 && !memory_err_compare(t, "BAD_DECODING",
2490 expected->input, expected->input_len,
2491 decode_out, output_len)) {
2492 t->err = "BAD_DECODING";
2498 OPENSSL_free(encode_out);
2499 OPENSSL_free(decode_out);
2500 EVP_ENCODE_CTX_free(decode_ctx);
2501 EVP_ENCODE_CTX_free(encode_ctx);
2505 static const EVP_TEST_METHOD encode_test_method = {
2508 encode_test_cleanup,
2517 #define MAX_RAND_REPEATS 15
2519 typedef struct rand_data_pass_st {
2520 unsigned char *entropy;
2521 unsigned char *reseed_entropy;
2522 unsigned char *nonce;
2523 unsigned char *pers;
2524 unsigned char *reseed_addin;
2525 unsigned char *addinA;
2526 unsigned char *addinB;
2527 unsigned char *pr_entropyA;
2528 unsigned char *pr_entropyB;
2529 unsigned char *output;
2530 size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len,
2531 pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len,
2535 typedef struct rand_data_st {
2536 /* Context for this operation */
2538 EVP_RAND_CTX *parent;
2540 int prediction_resistance;
2542 unsigned int generate_bits;
2546 /* Expected output */
2547 RAND_DATA_PASS data[MAX_RAND_REPEATS];
2550 static int rand_test_init(EVP_TEST *t, const char *name)
2554 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2555 unsigned int strength = 256;
2557 if (!TEST_ptr(rdata = OPENSSL_zalloc(sizeof(*rdata))))
2560 /* TEST-RAND is available in the FIPS provider but not with "fips=yes" */
2561 rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips");
2564 rdata->parent = EVP_RAND_CTX_new(rand, NULL);
2565 EVP_RAND_free(rand);
2566 if (rdata->parent == NULL)
2569 *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
2570 if (!EVP_RAND_CTX_set_params(rdata->parent, params))
2573 rand = EVP_RAND_fetch(libctx, name, propquery);
2576 rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent);
2577 EVP_RAND_free(rand);
2578 if (rdata->ctx == NULL)
2585 EVP_RAND_CTX_free(rdata->parent);
2586 OPENSSL_free(rdata);
2590 static void rand_test_cleanup(EVP_TEST *t)
2592 RAND_DATA *rdata = t->data;
2595 OPENSSL_free(rdata->cipher);
2596 OPENSSL_free(rdata->digest);
2598 for (i = 0; i <= rdata->n; i++) {
2599 OPENSSL_free(rdata->data[i].entropy);
2600 OPENSSL_free(rdata->data[i].reseed_entropy);
2601 OPENSSL_free(rdata->data[i].nonce);
2602 OPENSSL_free(rdata->data[i].pers);
2603 OPENSSL_free(rdata->data[i].reseed_addin);
2604 OPENSSL_free(rdata->data[i].addinA);
2605 OPENSSL_free(rdata->data[i].addinB);
2606 OPENSSL_free(rdata->data[i].pr_entropyA);
2607 OPENSSL_free(rdata->data[i].pr_entropyB);
2608 OPENSSL_free(rdata->data[i].output);
2610 EVP_RAND_CTX_free(rdata->ctx);
2611 EVP_RAND_CTX_free(rdata->parent);
2614 static int rand_test_parse(EVP_TEST *t,
2615 const char *keyword, const char *value)
2617 RAND_DATA *rdata = t->data;
2618 RAND_DATA_PASS *item;
2622 if ((p = strchr(keyword, '.')) != NULL) {
2624 if (n >= MAX_RAND_REPEATS)
2628 item = rdata->data + n;
2629 if (HAS_PREFIX(keyword, "Entropy."))
2630 return parse_bin(value, &item->entropy, &item->entropy_len);
2631 if (HAS_PREFIX(keyword, "ReseedEntropy."))
2632 return parse_bin(value, &item->reseed_entropy,
2633 &item->reseed_entropy_len);
2634 if (HAS_PREFIX(keyword, "Nonce."))
2635 return parse_bin(value, &item->nonce, &item->nonce_len);
2636 if (HAS_PREFIX(keyword, "PersonalisationString."))
2637 return parse_bin(value, &item->pers, &item->pers_len);
2638 if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
2639 return parse_bin(value, &item->reseed_addin,
2640 &item->reseed_addin_len);
2641 if (HAS_PREFIX(keyword, "AdditionalInputA."))
2642 return parse_bin(value, &item->addinA, &item->addinA_len);
2643 if (HAS_PREFIX(keyword, "AdditionalInputB."))
2644 return parse_bin(value, &item->addinB, &item->addinB_len);
2645 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
2646 return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
2647 if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
2648 return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
2649 if (HAS_PREFIX(keyword, "Output."))
2650 return parse_bin(value, &item->output, &item->output_len);
2652 if (strcmp(keyword, "Cipher") == 0)
2653 return TEST_ptr(rdata->cipher = OPENSSL_strdup(value));
2654 if (strcmp(keyword, "Digest") == 0)
2655 return TEST_ptr(rdata->digest = OPENSSL_strdup(value));
2656 if (strcmp(keyword, "DerivationFunction") == 0) {
2657 rdata->use_df = atoi(value) != 0;
2660 if (strcmp(keyword, "GenerateBits") == 0) {
2661 if ((n = atoi(value)) <= 0 || n % 8 != 0)
2663 rdata->generate_bits = (unsigned int)n;
2666 if (strcmp(keyword, "PredictionResistance") == 0) {
2667 rdata->prediction_resistance = atoi(value) != 0;
2674 static int rand_test_run(EVP_TEST *t)
2676 RAND_DATA *expected = t->data;
2677 RAND_DATA_PASS *item;
2679 size_t got_len = expected->generate_bits / 8;
2680 OSSL_PARAM params[5], *p = params;
2681 int i = -1, ret = 0;
2682 unsigned int strength;
2685 if (!TEST_ptr(got = OPENSSL_malloc(got_len)))
2688 *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df);
2689 if (expected->cipher != NULL)
2690 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
2691 expected->cipher, 0);
2692 if (expected->digest != NULL)
2693 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST,
2694 expected->digest, 0);
2695 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
2696 *p = OSSL_PARAM_construct_end();
2697 if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
2700 strength = EVP_RAND_get_strength(expected->ctx);
2701 for (i = 0; i <= expected->n; i++) {
2702 item = expected->data + i;
2705 z = item->entropy != NULL ? item->entropy : (unsigned char *)"";
2706 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2707 z, item->entropy_len);
2708 z = item->nonce != NULL ? item->nonce : (unsigned char *)"";
2709 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
2710 z, item->nonce_len);
2711 *p = OSSL_PARAM_construct_end();
2712 if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength,
2713 0, NULL, 0, params)))
2716 z = item->pers != NULL ? item->pers : (unsigned char *)"";
2717 if (!TEST_true(EVP_RAND_instantiate
2718 (expected->ctx, strength,
2719 expected->prediction_resistance, z,
2720 item->pers_len, NULL)))
2723 if (item->reseed_entropy != NULL) {
2724 params[0] = OSSL_PARAM_construct_octet_string
2725 (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy,
2726 item->reseed_entropy_len);
2727 params[1] = OSSL_PARAM_construct_end();
2728 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2731 if (!TEST_true(EVP_RAND_reseed
2732 (expected->ctx, expected->prediction_resistance,
2733 NULL, 0, item->reseed_addin,
2734 item->reseed_addin_len)))
2737 if (item->pr_entropyA != NULL) {
2738 params[0] = OSSL_PARAM_construct_octet_string
2739 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA,
2740 item->pr_entropyA_len);
2741 params[1] = OSSL_PARAM_construct_end();
2742 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2745 if (!TEST_true(EVP_RAND_generate
2746 (expected->ctx, got, got_len,
2747 strength, expected->prediction_resistance,
2748 item->addinA, item->addinA_len)))
2751 if (item->pr_entropyB != NULL) {
2752 params[0] = OSSL_PARAM_construct_octet_string
2753 (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB,
2754 item->pr_entropyB_len);
2755 params[1] = OSSL_PARAM_construct_end();
2756 if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
2759 if (!TEST_true(EVP_RAND_generate
2760 (expected->ctx, got, got_len,
2761 strength, expected->prediction_resistance,
2762 item->addinB, item->addinB_len)))
2764 if (!TEST_mem_eq(got, got_len, item->output, item->output_len))
2766 if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
2767 || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
2768 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
2769 || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
2770 EVP_RAND_STATE_UNINITIALISED))
2777 if (ret == 0 && i >= 0)
2778 TEST_info("Error in test case %d of %d\n", i, expected->n + 1);
2783 static const EVP_TEST_METHOD rand_test_method = {
2795 typedef struct kdf_data_st {
2796 /* Context for this operation */
2798 /* Expected output */
2799 unsigned char *output;
2801 OSSL_PARAM params[20];
2806 * Perform public key operation setup: lookup key, allocated ctx and call
2807 * the appropriate initialisation function
2809 static int kdf_test_init(EVP_TEST *t, const char *name)
2814 if (is_kdf_disabled(name)) {
2815 TEST_info("skipping, '%s' is disabled", name);
2820 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
2822 kdata->p = kdata->params;
2823 *kdata->p = OSSL_PARAM_construct_end();
2825 kdf = EVP_KDF_fetch(libctx, name, propquery);
2827 OPENSSL_free(kdata);
2830 kdata->ctx = EVP_KDF_CTX_new(kdf);
2832 if (kdata->ctx == NULL) {
2833 OPENSSL_free(kdata);
2840 static void kdf_test_cleanup(EVP_TEST *t)
2842 KDF_DATA *kdata = t->data;
2845 for (p = kdata->params; p->key != NULL; p++)
2846 OPENSSL_free(p->data);
2847 OPENSSL_free(kdata->output);
2848 EVP_KDF_CTX_free(kdata->ctx);
2851 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
2854 KDF_DATA *kdata = t->data;
2857 const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
2859 if (!TEST_ptr(name = OPENSSL_strdup(value)))
2861 p = strchr(name, ':');
2867 if (strcmp(name, "r") == 0
2868 && OSSL_PARAM_locate_const(defs, name) == NULL) {
2869 TEST_info("skipping, setting 'r' is unsupported");
2874 if (strcmp(name, "lanes") == 0
2875 && OSSL_PARAM_locate_const(defs, name) == NULL) {
2876 TEST_info("skipping, setting 'lanes' is unsupported");
2881 if (strcmp(name, "iter") == 0
2882 && OSSL_PARAM_locate_const(defs, name) == NULL) {
2883 TEST_info("skipping, setting 'iter' is unsupported");
2888 if (strcmp(name, "memcost") == 0
2889 && OSSL_PARAM_locate_const(defs, name) == NULL) {
2890 TEST_info("skipping, setting 'memcost' is unsupported");
2895 if (strcmp(name, "secret") == 0
2896 && OSSL_PARAM_locate_const(defs, name) == NULL) {
2897 TEST_info("skipping, setting 'secret' is unsupported");
2902 if (strcmp(name, "pass") == 0
2903 && OSSL_PARAM_locate_const(defs, name) == NULL) {
2904 TEST_info("skipping, setting 'pass' is unsupported");
2909 if (strcmp(name, "ad") == 0
2910 && OSSL_PARAM_locate_const(defs, name) == NULL) {
2911 TEST_info("skipping, setting 'ad' is unsupported");
2916 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
2918 *++kdata->p = OSSL_PARAM_construct_end();
2920 t->err = "KDF_PARAM_ERROR";
2924 if (strcmp(name, "digest") == 0) {
2925 if (is_digest_disabled(p)) {
2926 TEST_info("skipping, '%s' is disabled", p);
2932 if ((strcmp(name, "cipher") == 0
2933 || strcmp(name, "cekalg") == 0)
2934 && is_cipher_disabled(p)) {
2935 TEST_info("skipping, '%s' is disabled", p);
2939 if ((strcmp(name, "mac") == 0)
2940 && is_mac_disabled(p)) {
2941 TEST_info("skipping, '%s' is disabled", p);
2949 static int kdf_test_parse(EVP_TEST *t,
2950 const char *keyword, const char *value)
2952 KDF_DATA *kdata = t->data;
2954 if (strcmp(keyword, "Output") == 0)
2955 return parse_bin(value, &kdata->output, &kdata->output_len);
2956 if (HAS_PREFIX(keyword, "Ctrl"))
2957 return kdf_test_ctrl(t, kdata->ctx, value);
2961 static int kdf_test_run(EVP_TEST *t)
2963 KDF_DATA *expected = t->data;
2964 unsigned char *got = NULL;
2965 size_t got_len = expected->output_len;
2968 if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
2969 t->err = "KDF_CTRL_ERROR";
2972 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
2973 t->err = "INTERNAL_ERROR";
2976 /* FIPS(3.0.0): can't dup KDF contexts #17572 */
2977 if (fips_provider_version_gt(libctx, 3, 0, 0)
2978 && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) {
2979 EVP_KDF_CTX_free(expected->ctx);
2980 expected->ctx = ctx;
2982 if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) {
2983 t->err = "KDF_DERIVE_ERROR";
2986 if (!memory_err_compare(t, "KDF_MISMATCH",
2987 expected->output, expected->output_len,
2998 static const EVP_TEST_METHOD kdf_test_method = {
3010 typedef struct pkey_kdf_data_st {
3011 /* Context for this operation */
3013 /* Expected output */
3014 unsigned char *output;
3019 * Perform public key operation setup: lookup key, allocated ctx and call
3020 * the appropriate initialisation function
3022 static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
3024 PKEY_KDF_DATA *kdata = NULL;
3026 if (is_kdf_disabled(name)) {
3027 TEST_info("skipping, '%s' is disabled", name);
3032 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
3035 kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery);
3036 if (kdata->ctx == NULL
3037 || EVP_PKEY_derive_init(kdata->ctx) <= 0)
3043 EVP_PKEY_CTX_free(kdata->ctx);
3044 OPENSSL_free(kdata);
3048 static void pkey_kdf_test_cleanup(EVP_TEST *t)
3050 PKEY_KDF_DATA *kdata = t->data;
3052 OPENSSL_free(kdata->output);
3053 EVP_PKEY_CTX_free(kdata->ctx);
3056 static int pkey_kdf_test_parse(EVP_TEST *t,
3057 const char *keyword, const char *value)
3059 PKEY_KDF_DATA *kdata = t->data;
3061 if (strcmp(keyword, "Output") == 0)
3062 return parse_bin(value, &kdata->output, &kdata->output_len);
3063 if (HAS_PREFIX(keyword, "Ctrl"))
3064 return pkey_test_ctrl(t, kdata->ctx, value);
3068 static int pkey_kdf_test_run(EVP_TEST *t)
3070 PKEY_KDF_DATA *expected = t->data;
3071 unsigned char *got = NULL;
3074 if (fips_provider_version_eq(libctx, 3, 0, 0)) {
3075 /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */
3076 got_len = expected->output_len;
3078 /* Find out the KDF output size */
3079 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
3080 t->err = "INTERNAL_ERROR";
3085 * We may get an absurd output size, which signals that anything goes.
3086 * If not, we specify a too big buffer for the output, to test that
3087 * EVP_PKEY_derive() can cope with it.
3089 if (got_len == SIZE_MAX || got_len == 0)
3090 got_len = expected->output_len;
3092 got_len = expected->output_len * 2;
3095 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
3096 t->err = "INTERNAL_ERROR";
3099 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
3100 t->err = "KDF_DERIVE_ERROR";
3103 if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
3104 t->err = "KDF_MISMATCH";
3114 static const EVP_TEST_METHOD pkey_kdf_test_method = {
3117 pkey_kdf_test_cleanup,
3118 pkey_kdf_test_parse,
3126 typedef struct keypair_test_data_st {
3129 } KEYPAIR_TEST_DATA;
3131 static int keypair_test_init(EVP_TEST *t, const char *pair)
3133 KEYPAIR_TEST_DATA *data;
3135 EVP_PKEY *pk = NULL, *pubk = NULL;
3136 char *pub, *priv = NULL;
3138 /* Split private and public names. */
3139 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
3140 || !TEST_ptr(pub = strchr(priv, ':'))) {
3141 t->err = "PARSING_ERROR";
3146 if (!TEST_true(find_key(&pk, priv, private_keys))) {
3147 TEST_info("Can't find private key: %s", priv);
3148 t->err = "MISSING_PRIVATE_KEY";
3151 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
3152 TEST_info("Can't find public key: %s", pub);
3153 t->err = "MISSING_PUBLIC_KEY";
3157 if (pk == NULL && pubk == NULL) {
3158 /* Both keys are listed but unsupported: skip this test */
3164 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
3177 static void keypair_test_cleanup(EVP_TEST *t)
3179 OPENSSL_free(t->data);
3184 * For tests that do not accept any custom keywords.
3186 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
3191 static int keypair_test_run(EVP_TEST *t)
3194 const KEYPAIR_TEST_DATA *pair = t->data;
3196 if (pair->privk == NULL || pair->pubk == NULL) {
3198 * this can only happen if only one of the keys is not set
3199 * which means that one of them was unsupported while the
3200 * other isn't: hence a key type mismatch.
3202 t->err = "KEYPAIR_TYPE_MISMATCH";
3207 if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) {
3209 t->err = "KEYPAIR_MISMATCH";
3210 } else if (-1 == rv) {
3211 t->err = "KEYPAIR_TYPE_MISMATCH";
3212 } else if (-2 == rv) {
3213 t->err = "UNSUPPORTED_KEY_COMPARISON";
3215 TEST_error("Unexpected error in key comparison");
3230 static const EVP_TEST_METHOD keypair_test_method = {
3233 keypair_test_cleanup,
3242 typedef struct keygen_test_data_st {
3243 EVP_PKEY_CTX *genctx; /* Keygen context to use */
3244 char *keyname; /* Key name to store key or NULL */
3247 static int keygen_test_init(EVP_TEST *t, const char *alg)
3249 KEYGEN_TEST_DATA *data;
3250 EVP_PKEY_CTX *genctx;
3251 int nid = OBJ_sn2nid(alg);
3253 if (nid == NID_undef) {
3254 nid = OBJ_ln2nid(alg);
3255 if (nid == NID_undef)
3259 if (is_pkey_disabled(alg)) {
3263 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, propquery)))
3266 if (EVP_PKEY_keygen_init(genctx) <= 0) {
3267 t->err = "KEYGEN_INIT_ERROR";
3271 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
3273 data->genctx = genctx;
3274 data->keyname = NULL;
3280 EVP_PKEY_CTX_free(genctx);
3284 static void keygen_test_cleanup(EVP_TEST *t)
3286 KEYGEN_TEST_DATA *keygen = t->data;
3288 EVP_PKEY_CTX_free(keygen->genctx);
3289 OPENSSL_free(keygen->keyname);
3290 OPENSSL_free(t->data);
3294 static int keygen_test_parse(EVP_TEST *t,
3295 const char *keyword, const char *value)
3297 KEYGEN_TEST_DATA *keygen = t->data;
3299 if (strcmp(keyword, "KeyName") == 0)
3300 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value));
3301 if (strcmp(keyword, "Ctrl") == 0)
3302 return pkey_test_ctrl(t, keygen->genctx, value);
3306 static int keygen_test_run(EVP_TEST *t)
3308 KEYGEN_TEST_DATA *keygen = t->data;
3309 EVP_PKEY *pkey = NULL;
3312 if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
3313 t->err = "KEYGEN_GENERATE_ERROR";
3317 if (!evp_pkey_is_provided(pkey)) {
3318 TEST_info("Warning: legacy key generated %s", keygen->keyname);
3321 if (keygen->keyname != NULL) {
3325 if (find_key(NULL, keygen->keyname, private_keys)) {
3326 TEST_info("Duplicate key %s", keygen->keyname);
3330 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
3332 key->name = keygen->keyname;
3333 keygen->keyname = NULL;
3335 key->next = private_keys;
3339 EVP_PKEY_free(pkey);
3348 static const EVP_TEST_METHOD keygen_test_method = {
3351 keygen_test_cleanup,
3357 ** DIGEST SIGN+VERIFY TESTS
3361 int is_verify; /* Set to 1 if verifying */
3362 int is_oneshot; /* Set to 1 for one shot operation */
3363 const EVP_MD *md; /* Digest to use */
3364 EVP_MD_CTX *ctx; /* Digest context */
3366 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
3367 unsigned char *osin; /* Input data if one shot */
3368 size_t osin_len; /* Input length data if one shot */
3369 unsigned char *output; /* Expected output */
3370 size_t output_len; /* Expected output length */
3371 const char *nonce_type;
3374 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
3377 const EVP_MD *md = NULL;
3378 DIGESTSIGN_DATA *mdat;
3380 if (strcmp(alg, "NULL") != 0) {
3381 if (is_digest_disabled(alg)) {
3385 md = EVP_get_digestbyname(alg);
3389 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
3392 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
3396 mdat->is_verify = is_verify;
3397 mdat->is_oneshot = is_oneshot;
3402 static int digestsign_test_init(EVP_TEST *t, const char *alg)
3404 return digestsigver_test_init(t, alg, 0, 0);
3407 static void digestsigver_test_cleanup(EVP_TEST *t)
3409 DIGESTSIGN_DATA *mdata = t->data;
3411 EVP_MD_CTX_free(mdata->ctx);
3412 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
3413 OPENSSL_free(mdata->osin);
3414 OPENSSL_free(mdata->output);
3415 OPENSSL_free(mdata);
3419 static int digestsigver_test_parse(EVP_TEST *t,
3420 const char *keyword, const char *value)
3422 DIGESTSIGN_DATA *mdata = t->data;
3424 if (strcmp(keyword, "Key") == 0) {
3425 EVP_PKEY *pkey = NULL;
3427 const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md);
3429 if (mdata->is_verify)
3430 rv = find_key(&pkey, value, public_keys);
3432 rv = find_key(&pkey, value, private_keys);
3433 if (rv == 0 || pkey == NULL) {
3437 if (mdata->is_verify) {
3438 if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
3440 t->err = "DIGESTVERIFYINIT_ERROR";
3443 if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
3445 t->err = "DIGESTSIGNINIT_ERROR";
3449 if (strcmp(keyword, "Input") == 0) {
3450 if (mdata->is_oneshot)
3451 return parse_bin(value, &mdata->osin, &mdata->osin_len);
3452 return evp_test_buffer_append(value, &mdata->input);
3454 if (strcmp(keyword, "Output") == 0)
3455 return parse_bin(value, &mdata->output, &mdata->output_len);
3457 if (!mdata->is_oneshot) {
3458 if (strcmp(keyword, "Count") == 0)
3459 return evp_test_buffer_set_count(value, mdata->input);
3460 if (strcmp(keyword, "Ncopy") == 0)
3461 return evp_test_buffer_ncopy(value, mdata->input);
3463 if (strcmp(keyword, "Ctrl") == 0) {
3464 if (mdata->pctx == NULL)
3466 return pkey_test_ctrl(t, mdata->pctx, value);
3468 if (strcmp(keyword, "NonceType") == 0) {
3469 if (strcmp(value, "deterministic") == 0) {
3470 OSSL_PARAM params[2];
3471 unsigned int nonce_type = 1;
3474 OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE,
3476 params[1] = OSSL_PARAM_construct_end();
3477 if (!EVP_PKEY_CTX_set_params(mdata->pctx, params))
3478 t->err = "EVP_PKEY_CTX_set_params_ERROR";
3479 else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params))
3480 t->err = "EVP_PKEY_CTX_get_params_ERROR";
3481 else if (!OSSL_PARAM_modified(¶ms[0]))
3482 t->err = "nonce_type_not_modified_ERROR";
3483 else if (nonce_type != 1)
3484 t->err = "nonce_type_value_ERROR";
3491 static int digestsign_update_fn(void *ctx, const unsigned char *buf,
3494 return EVP_DigestSignUpdate(ctx, buf, buflen);
3497 static int digestsign_test_run(EVP_TEST *t)
3499 DIGESTSIGN_DATA *expected = t->data;
3500 unsigned char *got = NULL;
3503 if (!evp_test_buffer_do(expected->input, digestsign_update_fn,
3505 t->err = "DIGESTUPDATE_ERROR";
3509 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) {
3510 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
3513 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3514 t->err = "MALLOC_FAILURE";
3518 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) {
3519 t->err = "DIGESTSIGNFINAL_ERROR";
3522 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3523 expected->output, expected->output_len,
3533 static const EVP_TEST_METHOD digestsign_test_method = {
3535 digestsign_test_init,
3536 digestsigver_test_cleanup,
3537 digestsigver_test_parse,
3541 static int digestverify_test_init(EVP_TEST *t, const char *alg)
3543 return digestsigver_test_init(t, alg, 1, 0);
3546 static int digestverify_update_fn(void *ctx, const unsigned char *buf,
3549 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
3552 static int digestverify_test_run(EVP_TEST *t)
3554 DIGESTSIGN_DATA *mdata = t->data;
3556 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
3557 t->err = "DIGESTUPDATE_ERROR";
3561 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
3562 mdata->output_len) <= 0)
3563 t->err = "VERIFY_ERROR";
3567 static const EVP_TEST_METHOD digestverify_test_method = {
3569 digestverify_test_init,
3570 digestsigver_test_cleanup,
3571 digestsigver_test_parse,
3572 digestverify_test_run
3575 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
3577 return digestsigver_test_init(t, alg, 0, 1);
3580 static int oneshot_digestsign_test_run(EVP_TEST *t)
3582 DIGESTSIGN_DATA *expected = t->data;
3583 unsigned char *got = NULL;
3586 if (!EVP_DigestSign(expected->ctx, NULL, &got_len,
3587 expected->osin, expected->osin_len)) {
3588 t->err = "DIGESTSIGN_LENGTH_ERROR";
3591 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
3592 t->err = "MALLOC_FAILURE";
3596 if (!EVP_DigestSign(expected->ctx, got, &got_len,
3597 expected->osin, expected->osin_len)) {
3598 t->err = "DIGESTSIGN_ERROR";
3601 if (!memory_err_compare(t, "SIGNATURE_MISMATCH",
3602 expected->output, expected->output_len,
3612 static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
3613 "OneShotDigestSign",
3614 oneshot_digestsign_test_init,
3615 digestsigver_test_cleanup,
3616 digestsigver_test_parse,
3617 oneshot_digestsign_test_run
3620 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
3622 return digestsigver_test_init(t, alg, 1, 1);
3625 static int oneshot_digestverify_test_run(EVP_TEST *t)
3627 DIGESTSIGN_DATA *mdata = t->data;
3629 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
3630 mdata->osin, mdata->osin_len) <= 0)
3631 t->err = "VERIFY_ERROR";
3635 static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
3636 "OneShotDigestVerify",
3637 oneshot_digestverify_test_init,
3638 digestsigver_test_cleanup,
3639 digestsigver_test_parse,
3640 oneshot_digestverify_test_run
3645 ** PARSING AND DISPATCH
3648 static const EVP_TEST_METHOD *evp_test_list[] = {
3650 &cipher_test_method,
3651 &digest_test_method,
3652 &digestsign_test_method,
3653 &digestverify_test_method,
3654 &encode_test_method,
3656 &pkey_kdf_test_method,
3657 &keypair_test_method,
3658 &keygen_test_method,
3660 &oneshot_digestsign_test_method,
3661 &oneshot_digestverify_test_method,
3663 &pdecrypt_test_method,
3664 &pderive_test_method,
3666 &pverify_recover_test_method,
3667 &pverify_test_method,
3671 static const EVP_TEST_METHOD *find_test(const char *name)
3673 const EVP_TEST_METHOD **tt;
3675 for (tt = evp_test_list; *tt; tt++) {
3676 if (strcmp(name, (*tt)->name) == 0)
3682 static void clear_test(EVP_TEST *t)
3684 test_clearstanza(&t->s);
3686 if (t->data != NULL) {
3687 if (t->meth != NULL)
3688 t->meth->cleanup(t);
3689 OPENSSL_free(t->data);
3692 OPENSSL_free(t->expected_err);
3693 t->expected_err = NULL;
3694 OPENSSL_free(t->reason);
3702 #if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL)
3703 OSSL_set_max_threads(libctx, 0);
3707 /* Check for errors in the test structure; return 1 if okay, else 0. */
3708 static int check_test_error(EVP_TEST *t)
3713 if (t->err == NULL && t->expected_err == NULL)
3715 if (t->err != NULL && t->expected_err == NULL) {
3716 if (t->aux_err != NULL) {
3717 TEST_info("%s:%d: Source of above error (%s); unexpected error %s",
3718 t->s.test_file, t->s.start, t->aux_err, t->err);
3720 TEST_info("%s:%d: Source of above error; unexpected error %s",
3721 t->s.test_file, t->s.start, t->err);
3725 if (t->err == NULL && t->expected_err != NULL) {
3726 TEST_info("%s:%d: Succeeded but was expecting %s",
3727 t->s.test_file, t->s.start, t->expected_err);
3731 if (strcmp(t->err, t->expected_err) != 0) {
3732 TEST_info("%s:%d: Expected %s got %s",
3733 t->s.test_file, t->s.start, t->expected_err, t->err);
3737 if (t->reason == NULL)
3740 if (t->reason == NULL) {
3741 TEST_info("%s:%d: Test is missing function or reason code",
3742 t->s.test_file, t->s.start);
3746 err = ERR_peek_error();
3748 TEST_info("%s:%d: Expected error \"%s\" not set",
3749 t->s.test_file, t->s.start, t->reason);
3753 reason = ERR_reason_error_string(err);
3754 if (reason == NULL) {
3755 TEST_info("%s:%d: Expected error \"%s\", no strings available."
3757 t->s.test_file, t->s.start, t->reason);
3761 if (strcmp(reason, t->reason) == 0)
3764 TEST_info("%s:%d: Expected error \"%s\", got \"%s\"",
3765 t->s.test_file, t->s.start, t->reason, reason);
3770 /* Run a parsed test. Log a message and return 0 on error. */
3771 static int run_test(EVP_TEST *t)
3773 if (t->meth == NULL)
3780 if (t->err == NULL && t->meth->run_test(t) != 1) {
3781 TEST_info("%s:%d %s error",
3782 t->s.test_file, t->s.start, t->meth->name);
3785 if (!check_test_error(t)) {
3786 TEST_openssl_errors();
3795 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
3797 for (; lst != NULL; lst = lst->next) {
3798 if (strcmp(lst->name, name) == 0) {
3807 static void free_key_list(KEY_LIST *lst)
3809 while (lst != NULL) {
3810 KEY_LIST *next = lst->next;
3812 EVP_PKEY_free(lst->key);
3813 OPENSSL_free(lst->name);
3820 * Is the key type an unsupported algorithm?
3822 static int key_unsupported(void)
3824 long err = ERR_peek_last_error();
3825 int lib = ERR_GET_LIB(err);
3826 long reason = ERR_GET_REASON(err);
3828 if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM)
3829 || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR)
3830 || reason == ERR_R_UNSUPPORTED) {
3834 #ifndef OPENSSL_NO_EC
3836 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
3837 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
3840 if (lib == ERR_LIB_EC
3841 && (reason == EC_R_UNKNOWN_GROUP
3842 || reason == EC_R_INVALID_CURVE)) {
3846 #endif /* OPENSSL_NO_EC */
3850 /* NULL out the value from |pp| but return it. This "steals" a pointer. */
3851 static char *take_value(PAIR *pp)
3853 char *p = pp->value;
3859 #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
3860 static int securitycheck_enabled(void)
3862 static int enabled = -1;
3864 if (enabled == -1) {
3865 if (OSSL_PROVIDER_available(libctx, "fips")) {
3866 OSSL_PARAM params[2];
3867 OSSL_PROVIDER *prov = NULL;
3870 prov = OSSL_PROVIDER_load(libctx, "fips");
3873 OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS,
3875 params[1] = OSSL_PARAM_construct_end();
3876 OSSL_PROVIDER_get_params(prov, params);
3877 OSSL_PROVIDER_unload(prov);
3889 * Return 1 if one of the providers named in the string is available.
3890 * The provider names are separated with whitespace.
3891 * NOTE: destructive function, it inserts '\0' after each provider name.
3893 static int prov_available(char *providers)
3899 for (; isspace((unsigned char)(*providers)); providers++)
3901 if (*providers == '\0')
3902 break; /* End of the road */
3903 for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++)
3909 if (OSSL_PROVIDER_available(libctx, providers))
3910 return 1; /* Found one */
3915 /* Read and parse one test. Return 0 if failure, 1 if okay. */
3916 static int parse(EVP_TEST *t)
3918 KEY_LIST *key, **klist;
3921 int i, j, skipped = 0;
3925 if (BIO_eof(t->s.fp))
3928 if (!test_readstanza(&t->s))
3930 } while (t->s.numpairs == 0);
3931 pp = &t->s.pairs[0];
3933 /* Are we adding a key? */
3937 if (strcmp(pp->key, "PrivateKey") == 0) {
3938 pkey = PEM_read_bio_PrivateKey_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3939 if (pkey == NULL && !key_unsupported()) {
3940 EVP_PKEY_free(pkey);
3941 TEST_info("Can't read private key %s", pp->value);
3942 TEST_openssl_errors();
3945 klist = &private_keys;
3946 } else if (strcmp(pp->key, "PublicKey") == 0) {
3947 pkey = PEM_read_bio_PUBKEY_ex(t->s.key, NULL, 0, NULL, libctx, NULL);
3948 if (pkey == NULL && !key_unsupported()) {
3949 EVP_PKEY_free(pkey);
3950 TEST_info("Can't read public key %s", pp->value);
3951 TEST_openssl_errors();
3954 klist = &public_keys;
3955 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0
3956 || strcmp(pp->key, "PublicKeyRaw") == 0) {
3957 char *strnid = NULL, *keydata = NULL;
3958 unsigned char *keybin;
3962 if (strcmp(pp->key, "PrivateKeyRaw") == 0)
3963 klist = &private_keys;
3965 klist = &public_keys;
3967 strnid = strchr(pp->value, ':');
3968 if (strnid != NULL) {
3970 keydata = strchr(strnid, ':');
3971 if (keydata != NULL)
3974 if (keydata == NULL) {
3975 TEST_info("Failed to parse %s value", pp->key);
3979 nid = OBJ_txt2nid(strnid);
3980 if (nid == NID_undef) {
3981 TEST_info("Unrecognised algorithm NID");
3984 if (!parse_bin(keydata, &keybin, &keylen)) {
3985 TEST_info("Failed to create binary key");
3988 if (klist == &private_keys)
3989 pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
3992 pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
3994 if (pkey == NULL && !key_unsupported()) {
3995 TEST_info("Can't read %s data", pp->key);
3996 OPENSSL_free(keybin);
3997 TEST_openssl_errors();
4000 OPENSSL_free(keybin);
4001 } else if (strcmp(pp->key, "Availablein") == 0) {
4002 if (!prov_available(pp->value)) {
4003 TEST_info("skipping, '%s' provider not available: %s:%d",
4004 pp->value, t->s.test_file, t->s.start);
4011 } else if (strcmp(pp->key, "FIPSversion") == 0) {
4012 if (prov_available("fips")) {
4013 j = fips_provider_version_match(libctx, pp->value);
4015 TEST_info("Line %d: error matching FIPS versions\n", t->s.curr);
4017 } else if (j == 0) {
4018 TEST_info("skipping, FIPS provider incompatible version: %s:%d",
4019 t->s.test_file, t->s.start);
4029 /* If we have a key add to list */
4030 if (klist != NULL) {
4031 if (find_key(NULL, pp->value, *klist)) {
4032 TEST_info("Duplicate key %s", pp->value);
4035 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key))))
4037 key->name = take_value(pp);
4042 /* Go back and start a new stanza. */
4043 if ((t->s.numpairs - skipped) != 1)
4044 TEST_info("Line %d: missing blank line\n", t->s.curr);
4048 /* Find the test, based on first keyword. */
4049 if (!TEST_ptr(t->meth = find_test(pp->key)))
4051 if (!t->meth->init(t, pp->value)) {
4052 TEST_error("unknown %s: %s\n", pp->key, pp->value);
4056 /* TEST_info("skipping %s %s", pp->key, pp->value); */
4060 for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) {
4061 if (strcmp(pp->key, "Securitycheck") == 0) {
4062 #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
4064 if (!securitycheck_enabled())
4067 TEST_info("skipping, Securitycheck is disabled: %s:%d",
4068 t->s.test_file, t->s.start);
4072 } else if (strcmp(pp->key, "Availablein") == 0) {
4073 TEST_info("Line %d: 'Availablein' should be the first option",
4076 } else if (strcmp(pp->key, "Result") == 0) {
4077 if (t->expected_err != NULL) {
4078 TEST_info("Line %d: multiple result lines", t->s.curr);
4081 t->expected_err = take_value(pp);
4082 } else if (strcmp(pp->key, "Function") == 0) {
4083 /* Ignore old line. */
4084 } else if (strcmp(pp->key, "Reason") == 0) {
4085 if (t->reason != NULL) {
4086 TEST_info("Line %d: multiple reason lines", t->s.curr);
4089 t->reason = take_value(pp);
4090 } else if (strcmp(pp->key, "Threads") == 0) {
4091 if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) {
4092 TEST_info("skipping, '%s' threads not available: %s:%d",
4093 pp->value, t->s.test_file, t->s.start);
4097 /* Must be test specific line: try to parse it */
4098 int rv = t->meth->parse(t, pp->key, pp->value);
4101 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key);
4105 TEST_info("Line %d: error processing keyword %s = %s\n",
4106 t->s.curr, pp->key, pp->value);
4117 static int run_file_tests(int i)
4120 const char *testfile = test_get_argument(i);
4123 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t))))
4125 if (!test_start_file(&t->s, testfile)) {
4130 while (!BIO_eof(t->s.fp)) {
4136 if (c == 0 || !run_test(t)) {
4141 test_end_file(&t->s);
4144 free_key_list(public_keys);
4145 free_key_list(private_keys);
4152 const OPTIONS *test_get_options(void)
4154 static const OPTIONS test_options[] = {
4155 OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
4156 { "config", OPT_CONFIG_FILE, '<',
4157 "The configuration file to use for the libctx" },
4158 { "process", OPT_IN_PLACE, 's',
4159 "Mode for data processing by cipher tests [in_place/both], both by default"},
4160 { "provider", OPT_PROVIDER_NAME, 's',
4161 "The provider to load (when no configuration file, the default value is 'default')" },
4162 { "propquery", OPT_PROV_PROPQUERY, 's',
4163 "Property query used when fetching algorithms" },
4164 { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" },
4167 return test_options;
4170 int setup_tests(void)
4173 char *config_file = NULL;
4174 char *provider_name = NULL;
4178 while ((o = opt_next()) != OPT_EOF) {
4180 case OPT_CONFIG_FILE:
4181 config_file = opt_arg();
4184 if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1)
4187 case OPT_PROVIDER_NAME:
4188 provider_name = opt_arg();
4190 case OPT_PROV_PROPQUERY:
4191 propquery = opt_arg();
4193 case OPT_TEST_CASES:
4202 * Load the provider via configuration into the created library context.
4203 * Load the 'null' provider into the default library context to ensure that
4204 * the tests do not fallback to using the default provider.
4206 if (config_file == NULL && provider_name == NULL)
4207 provider_name = "default";
4208 if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name))
4211 n = test_get_argument_count();
4215 ADD_ALL_TESTS(run_file_tests, n);
4219 void cleanup_tests(void)
4221 OSSL_PROVIDER_unload(libprov);
4222 OSSL_PROVIDER_unload(prov_null);
4223 OSSL_LIB_CTX_free(libctx);
4226 static int is_digest_disabled(const char *name)
4228 #ifdef OPENSSL_NO_BLAKE2
4229 if (HAS_CASE_PREFIX(name, "BLAKE"))
4232 #ifdef OPENSSL_NO_MD2
4233 if (OPENSSL_strcasecmp(name, "MD2") == 0)
4236 #ifdef OPENSSL_NO_MDC2
4237 if (OPENSSL_strcasecmp(name, "MDC2") == 0)
4240 #ifdef OPENSSL_NO_MD4
4241 if (OPENSSL_strcasecmp(name, "MD4") == 0)
4244 #ifdef OPENSSL_NO_MD5
4245 if (OPENSSL_strcasecmp(name, "MD5") == 0)
4248 #ifdef OPENSSL_NO_RMD160
4249 if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
4252 #ifdef OPENSSL_NO_SM3
4253 if (OPENSSL_strcasecmp(name, "SM3") == 0)
4256 #ifdef OPENSSL_NO_WHIRLPOOL
4257 if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
4263 static int is_pkey_disabled(const char *name)
4265 #ifdef OPENSSL_NO_EC
4266 if (HAS_CASE_PREFIX(name, "EC"))
4269 #ifdef OPENSSL_NO_DH
4270 if (HAS_CASE_PREFIX(name, "DH"))
4273 #ifdef OPENSSL_NO_DSA
4274 if (HAS_CASE_PREFIX(name, "DSA"))
4280 static int is_mac_disabled(const char *name)
4282 #ifdef OPENSSL_NO_BLAKE2
4283 if (HAS_CASE_PREFIX(name, "BLAKE2BMAC")
4284 || HAS_CASE_PREFIX(name, "BLAKE2SMAC"))
4287 #ifdef OPENSSL_NO_CMAC
4288 if (HAS_CASE_PREFIX(name, "CMAC"))
4291 #ifdef OPENSSL_NO_POLY1305
4292 if (HAS_CASE_PREFIX(name, "Poly1305"))
4295 #ifdef OPENSSL_NO_SIPHASH
4296 if (HAS_CASE_PREFIX(name, "SipHash"))
4301 static int is_kdf_disabled(const char *name)
4303 #ifdef OPENSSL_NO_SCRYPT
4304 if (HAS_CASE_SUFFIX(name, "SCRYPT"))
4307 #ifdef OPENSSL_NO_ARGON2
4308 if (HAS_CASE_SUFFIX(name, "ARGON2"))
4314 static int is_cipher_disabled(const char *name)
4316 #ifdef OPENSSL_NO_ARIA
4317 if (HAS_CASE_PREFIX(name, "ARIA"))
4320 #ifdef OPENSSL_NO_BF
4321 if (HAS_CASE_PREFIX(name, "BF"))
4324 #ifdef OPENSSL_NO_CAMELLIA
4325 if (HAS_CASE_PREFIX(name, "CAMELLIA"))
4328 #ifdef OPENSSL_NO_CAST
4329 if (HAS_CASE_PREFIX(name, "CAST"))
4332 #ifdef OPENSSL_NO_CHACHA
4333 if (HAS_CASE_PREFIX(name, "CHACHA"))
4336 #ifdef OPENSSL_NO_POLY1305
4337 if (HAS_CASE_SUFFIX(name, "Poly1305"))
4340 #ifdef OPENSSL_NO_DES
4341 if (HAS_CASE_PREFIX(name, "DES"))
4343 if (HAS_CASE_SUFFIX(name, "3DESwrap"))
4346 #ifdef OPENSSL_NO_OCB
4347 if (HAS_CASE_SUFFIX(name, "OCB"))
4350 #ifdef OPENSSL_NO_IDEA
4351 if (HAS_CASE_PREFIX(name, "IDEA"))
4354 #ifdef OPENSSL_NO_RC2
4355 if (HAS_CASE_PREFIX(name, "RC2"))
4358 #ifdef OPENSSL_NO_RC4
4359 if (HAS_CASE_PREFIX(name, "RC4"))
4362 #ifdef OPENSSL_NO_RC5
4363 if (HAS_CASE_PREFIX(name, "RC5"))
4366 #ifdef OPENSSL_NO_SEED
4367 if (HAS_CASE_PREFIX(name, "SEED"))
4370 #ifdef OPENSSL_NO_SIV
4371 if (HAS_CASE_SUFFIX(name, "SIV"))
4374 #ifdef OPENSSL_NO_SM4
4375 if (HAS_CASE_PREFIX(name, "SM4"))