From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 10 Dec 2016 13:59:29 +0000 (+0000)
Subject: Additional error tests in evp_test.c
X-Git-Tag: OpenSSL_1_1_1-pre1~2861
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=cce65266299e2e89303a90c131e8171225a1bf88

Additional error tests in evp_test.c

Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/test/evp_test.c b/test/evp_test.c
index 907e083c9f..9dfd4a1719 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -354,8 +354,7 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth)
             t->nskip++;
         } else {
             /* run the test */
-            t->err = NULL;
-            if (t->meth->run_test(t) != 1) {
+            if (t->err == NULL && t->meth->run_test(t) != 1) {
                 fprintf(stderr, "%s test error line %d\n",
                         t->meth->name, t->start_line);
                 return 0;
@@ -567,6 +566,7 @@ int main(int argc, char **argv)
         return 1;
     }
     t.in = in;
+    t.err = NULL;
     while (BIO_gets(in, buf, sizeof(buf))) {
         t.line++;
         if (!process_test(&t, buf, 0))
@@ -1234,7 +1234,7 @@ static int pkey_test_init(struct evp_test *t, const char *name,
     if (!kdata->ctx)
         return 0;
     if (keyopinit(kdata->ctx) <= 0)
-        return 0;
+        t->err = "KEYOP_INIT_ERROR";
     return 1;
 }
 
@@ -1260,11 +1260,21 @@ static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx,
     if (p != NULL)
         *p++ = 0;
     rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
-    if (p != NULL && rv <= 0 && rv != -2) {
-        /* If p has an OID assume disabled algorithm */
-        if (OBJ_sn2nid(p) != NID_undef || OBJ_ln2nid(p) != NID_undef) {
+    if (rv == -2) {
+        t->err = "PKEY_CTRL_INVALID";
+        rv = 1;
+    } else if (p != NULL && rv <= 0) {
+        /* If p has an OID and lookup fails assume disabled algorithm */
+        int nid = OBJ_sn2nid(p);
+        if (nid == NID_undef)
+             nid = OBJ_ln2nid(p);
+        if ((nid != NID_undef) && EVP_get_digestbynid(nid) == NULL &&
+            EVP_get_cipherbynid(nid) == NULL) {
             t->skip = 1;
             rv = 1;
+        } else {
+            t->err = "PKEY_CTRL_ERROR";
+            rv = 1;
         }
     }
     OPENSSL_free(tmpval);
diff --git a/test/evptests.txt b/test/evptests.txt
index 32abf7ffe6..9f33466583 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2770,6 +2770,15 @@ Ctrl = digest:SHA1
 Input = "0123456789ABCDEF1234"
 Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
 
+# Illegal RSA key derivation
+Derive = RSA-2048
+Result = KEYOP_INIT_ERROR
+
+# Invalid ctrl
+Sign = RSA-2048
+Ctrl = rsa_mgf1_md:sha1
+Result = PKEY_CTRL_INVALID
+
 # EC tests
 
 Verify = P-256
@@ -3694,3 +3703,11 @@ SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
 Derive=Bob-25519
 PeerKey=Alice-25519-PUBLIC
 SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
+
+# Illegal sign/verify operations with X25519 key
+
+Sign=Alice-25519
+Result = KEYOP_INIT_ERROR
+
+Verify=Alice-25519
+Result = KEYOP_INIT_ERROR