2 * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/evp.h>
15 #include <openssl/pem.h>
16 #include <openssl/err.h>
17 #include <openssl/x509v3.h>
18 #include <openssl/pkcs12.h>
19 #include <openssl/kdf.h>
20 #include "internal/numbers.h"
24 static const char *current_test_file = "???";
27 * Remove spaces from beginning and end of a string
29 static void remove_space(char **pval)
31 unsigned char *p = (unsigned char *)*pval, *beginning;
36 *pval = (char *)(beginning = p);
38 p = p + strlen(*pval) - 1;
40 /* Remove trailing space */
41 while (p >= beginning && isspace(*p))
46 * Given a line of the form:
47 * name = value # comment
48 * extract name and value. NB: modifies |linebuf|.
50 static int parse_line(char **pkw, char **pval, char *linebuf)
52 char *p = linebuf + strlen(linebuf) - 1;
55 TEST_error("FATAL: missing EOL");
60 p = strchr(linebuf, '#');
65 if ((p = strchr(linebuf, '=')) == NULL)
77 * Unescape some escape sequences in string literals.
78 * Return the result in a newly allocated buffer.
79 * Currently only supports '\n'.
80 * If the input length is 0, returns a valid 1-byte buffer, but sets
83 static unsigned char* unescape(const char *input, size_t input_len,
86 unsigned char *ret, *p;
91 return OPENSSL_zalloc(1);
94 /* Escaping is non-expanding; over-allocate original size for simplicity. */
95 ret = p = OPENSSL_malloc(input_len);
99 for (i = 0; i < input_len; i++) {
100 if (input[i] == '\\') {
101 if (i == input_len - 1 || input[i+1] != 'n')
118 /* For a hex string "value" convert to a binary allocated buffer */
119 static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
125 /* Check for empty value */
128 * Don't return NULL for zero length buffer.
129 * This is needed for some tests with empty keys: HMAC_Init_ex() expects
130 * a non-NULL key buffer even if the key length is 0, in order to detect
133 *buf = OPENSSL_malloc(1);
141 /* Check for NULL literal */
142 if (strcmp(value, "NULL") == 0) {
148 /* Check for string literal */
149 if (value[0] == '"') {
152 vlen = strlen(value);
153 if (value[vlen - 1] != '"')
156 *buf = unescape(value, vlen, buflen);
162 /* Otherwise assume as hex literal and convert it to binary buffer */
163 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
164 TEST_info("Cannot convert %s", value);
165 ERR_print_errors(bio_err);
168 /* Size of input buffer means we'll never overflow */
174 * Structure used to hold a list of blocks of memory to test
175 * calls to "update" like functions.
178 struct evp_test_buffer_st {
185 static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
188 OPENSSL_free(db->buf);
193 /* append buffer to a list */
195 static int evp_test_buffer_append(const char *value,
196 STACK_OF(EVP_TEST_BUFFER) **sk)
198 EVP_TEST_BUFFER *db = NULL;
200 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
203 if (!test_bin(value, &db->buf, &db->buflen))
208 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
211 if (!sk_EVP_TEST_BUFFER_push(*sk, db))
217 evp_test_buffer_free(db);
223 * replace last buffer in list with copies of itself
225 static int evp_test_buffer_ncopy(const char *value,
226 STACK_OF(EVP_TEST_BUFFER) *sk)
229 unsigned char *tbuf, *p;
231 int ncopy = atoi(value);
236 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
238 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
240 tbuflen = db->buflen * ncopy;
241 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
243 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
244 memcpy(p, db->buf, db->buflen);
246 OPENSSL_free(db->buf);
248 db->buflen = tbuflen;
252 /* set repeat count for last buffer in list */
253 static int evp_test_buffer_set_count(const char *value,
254 STACK_OF(EVP_TEST_BUFFER) *sk)
257 int count = atoi(value);
262 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
265 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
269 db->count = (size_t)count;
275 * call "fn" with each element of the list in turn
277 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
279 const unsigned char *buf,
285 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
286 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
289 for (j = 0; j < tb->count; j++) {
290 if (fn(ctx, tb->buf, tb->buflen) <= 0)
297 #ifndef OPENSSL_NO_SCRYPT
298 /* Currently only used by scrypt tests */
299 /* Parse unsigned decimal 64 bit integer value */
300 static int test_uint64(const char *value, uint64_t *pr)
302 const char *p = value;
304 if (!TEST_true(*p)) {
305 TEST_info("Invalid empty integer value");
310 if (*pr > UINT64_MAX / 10) {
311 TEST_error("Integer overflow in string %s", value);
315 if (!TEST_true(isdigit(*p))) {
316 TEST_error("Invalid character in string %s", value);
325 static int compare_mem(unsigned char *expected, size_t expected_len,
326 unsigned char *got, size_t got_len)
328 if (!TEST_mem_eq(expected, expected_len, got, got_len))
334 typedef struct evp_test_method_st EVP_TEST_METHOD;
336 /* Structure holding test information */
337 typedef struct evp_test_st {
338 /* file being read */
340 /* temp memory BIO for reading in keys */
342 /* method for this test */
343 const EVP_TEST_METHOD *meth;
344 /* current line being processed */
346 /* start line of current test */
347 unsigned int start_line;
348 /* Error string for test */
349 const char *err, *aux_err;
350 /* Expected error value of test */
352 /* Expected error function string */
354 /* Expected error reason string */
356 /* Number of tests */
360 /* Number of tests skipped */
362 /* test specific data */
364 /* Current test should be skipped */
369 * Linked list of named keys.
371 typedef struct key_list_st {
374 struct key_list_st *next;
377 /* List of public and private keys */
378 static KEY_LIST *private_keys;
379 static KEY_LIST *public_keys;
382 * Test method structure
384 struct evp_test_method_st {
385 /* Name of test as it appears in file */
387 /* Initialise test for "alg" */
388 int (*init) (EVP_TEST * t, const char *alg);
389 /* Clean up method */
390 void (*cleanup) (EVP_TEST * t);
391 /* Test specific name value pair processing */
392 int (*parse) (EVP_TEST * t, const char *name, const char *value);
393 /* Run the test itself */
394 int (*run_test) (EVP_TEST * t);
397 static const EVP_TEST_METHOD digest_test_method, cipher_test_method;
398 static const EVP_TEST_METHOD mac_test_method;
399 static const EVP_TEST_METHOD psign_test_method, pverify_test_method;
400 static const EVP_TEST_METHOD pdecrypt_test_method;
401 static const EVP_TEST_METHOD pverify_recover_test_method;
402 static const EVP_TEST_METHOD pderive_test_method;
403 static const EVP_TEST_METHOD pbe_test_method;
404 static const EVP_TEST_METHOD encode_test_method;
405 static const EVP_TEST_METHOD kdf_test_method;
406 static const EVP_TEST_METHOD keypair_test_method;
407 static const EVP_TEST_METHOD digestsign_test_method;
408 static const EVP_TEST_METHOD digestverify_test_method;
410 static const EVP_TEST_METHOD *evp_test_list[] = {
415 &pverify_test_method,
416 &pdecrypt_test_method,
417 &pverify_recover_test_method,
418 &pderive_test_method,
422 &keypair_test_method,
423 &digestsign_test_method,
424 &digestverify_test_method,
428 static const EVP_TEST_METHOD *evp_find_test(const char *name)
430 const EVP_TEST_METHOD **tt;
432 for (tt = evp_test_list; *tt; tt++) {
433 if (strcmp(name, (*tt)->name) == 0)
439 static void clear_test(EVP_TEST *t)
441 OPENSSL_free(t->expected_err);
442 t->expected_err = NULL;
443 OPENSSL_free(t->func);
445 OPENSSL_free(t->reason);
452 * Check for errors in the test structure; return 1 if okay, else 0.
454 static int check_test_error(EVP_TEST *t)
460 if (t->err == NULL && t->expected_err == NULL)
462 if (t->err != NULL && t->expected_err == NULL) {
463 if (t->aux_err != NULL) {
464 TEST_info("Above error from the test at %s:%d "
465 "(%s) unexpected error %s",
466 current_test_file, t->start_line, t->aux_err, t->err);
468 TEST_info("Above error from the test at %s:%d "
469 "unexpected error %s",
470 current_test_file, t->start_line, t->err);
475 if (t->err == NULL && t->expected_err != NULL) {
476 TEST_info("Test line %d: succeeded expecting %s",
477 t->start_line, t->expected_err);
481 if (strcmp(t->err, t->expected_err) != 0) {
482 TEST_info("Test line %d: expecting %s got %s",
483 t->start_line, t->expected_err, t->err);
487 if (t->func == NULL && t->reason == NULL)
490 if (t->func == NULL || t->reason == NULL) {
491 TEST_info("Test line %d: missing function or reason code",
496 err = ERR_peek_error();
498 TEST_info("Test line %d, expected error \"%s:%s\" not set",
499 t->start_line, t->func, t->reason);
503 func = ERR_func_error_string(err);
504 reason = ERR_reason_error_string(err);
505 if (func == NULL && reason == NULL) {
506 TEST_info("Test line %d: expected error \"%s:%s\","
507 " no strings available. Skipping...\n",
508 t->start_line, t->func, t->reason);
512 if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0)
515 TEST_info("Test line %d: expected error \"%s:%s\", got \"%s:%s\"",
516 t->start_line, t->func, t->reason, func, reason);
522 * Setup a new test, run any existing test. Log a message and return 0
525 static int run_and_get_next(EVP_TEST *t, const EVP_TEST_METHOD *tmeth)
527 /* If we already have a test set up run it */
531 /*TEST_info("Line %d skipped %s test", t->start_line, t->meth->name);
536 if (t->err == NULL && t->meth->run_test(t) != 1) {
537 TEST_info("Line %d error %s", t->start_line, t->meth->name);
540 if (!check_test_error(t)) {
541 test_openssl_errors();
547 if (t->data != NULL) {
549 OPENSSL_free(t->data);
558 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
560 for (; lst; lst = lst->next) {
561 if (strcmp(lst->name, name) == 0) {
570 static void free_key_list(KEY_LIST *lst)
572 while (lst != NULL) {
575 EVP_PKEY_free(lst->key);
576 OPENSSL_free(lst->name);
583 static int check_unsupported()
585 long err = ERR_peek_error();
587 if (ERR_GET_LIB(err) == ERR_LIB_EVP
588 && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) {
592 #ifndef OPENSSL_NO_EC
594 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
595 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
598 if (ERR_GET_LIB(err) == ERR_LIB_EC
599 && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) {
603 #endif /* OPENSSL_NO_EC */
608 static int read_key(EVP_TEST *t)
612 if (t->key == NULL) {
613 if (!TEST_ptr(t->key = BIO_new(BIO_s_mem())))
615 } else if (!TEST_int_gt(BIO_reset(t->key), 0)) {
619 /* Read to PEM end line and place content in memory BIO */
620 while (BIO_gets(t->in, tmpbuf, sizeof(tmpbuf))) {
622 if (!TEST_int_gt(BIO_puts(t->key, tmpbuf), 0))
624 if (strncmp(tmpbuf, "-----END", 8) == 0)
627 TEST_error("Can't find key end");
632 * Parse a line into the current test |t|. Return 0 on error.
634 static int parse_test_line(EVP_TEST *t, char *buf)
636 char *keyword = NULL, *value = NULL;
638 KEY_LIST **lst = NULL, *key = NULL;
640 const EVP_TEST_METHOD *tmeth = NULL;
642 if (!parse_line(&keyword, &value, buf))
644 if (strcmp(keyword, "PrivateKey") == 0) {
647 pk = PEM_read_bio_PrivateKey(t->key, NULL, 0, NULL);
648 if (pk == NULL && !check_unsupported()) {
649 TEST_info("Error reading private key %s", value);
650 ERR_print_errors_fp(stderr);
656 if (strcmp(keyword, "PublicKey") == 0) {
659 pk = PEM_read_bio_PUBKEY(t->key, NULL, 0, NULL);
660 if (pk == NULL && !check_unsupported()) {
661 TEST_info("Error reading public key %s", value);
662 ERR_print_errors_fp(stderr);
668 /* If we have a key add to list */
670 if (find_key(NULL, value, *lst)) {
671 TEST_info("Duplicate key %s", value);
674 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))
675 || !TEST_ptr(key->name = OPENSSL_strdup(value)))
683 /* See if keyword corresponds to a test start */
684 if ((tmeth = evp_find_test(keyword)) != NULL) {
685 if (!run_and_get_next(t, tmeth))
687 t->start_line = t->line;
689 if (!tmeth->init(t, value)) {
690 TEST_info("Unknown %s: %s", keyword, value);
697 if (strcmp(keyword, "Title") == 0) {
698 TEST_info("Starting %s tests", value);
699 set_test_title(value);
700 } else if (strcmp(keyword, "Result") == 0) {
701 if (t->expected_err != NULL) {
702 TEST_info("Line %d: multiple result lines", t->line);
705 if (!TEST_ptr(t->expected_err = OPENSSL_strdup(value)))
707 } else if (strcmp(keyword, "Function") == 0) {
708 if (t->func != NULL) {
709 TEST_info("Line %d: multiple function lines\n", t->line);
712 if (!TEST_ptr(t->func = OPENSSL_strdup(value)))
714 } else if (strcmp(keyword, "Reason") == 0) {
715 if (t->reason != NULL) {
716 TEST_info("Line %d: multiple reason lines", t->line);
719 if (!TEST_ptr(t->reason = OPENSSL_strdup(value)))
722 /* Must be test specific line: try to parse it */
723 int rv = t->meth == NULL ? 0 : t->meth->parse(t, keyword, value);
726 TEST_info("Line %d: unknown keyword %s", t->line, keyword);
730 TEST_info("Line %d: error processing keyword %s\n",
738 /* Message digest tests */
740 typedef struct digest_data_st {
741 /* Digest this test is for */
742 const EVP_MD *digest;
743 /* Input to digest */
744 STACK_OF(EVP_TEST_BUFFER) *input;
745 /* Expected output */
746 unsigned char *output;
750 static int digest_test_init(EVP_TEST *t, const char *alg)
752 const EVP_MD *digest;
755 digest = EVP_get_digestbyname(alg);
757 /* If alg has an OID assume disabled algorithm */
758 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
764 mdat = OPENSSL_zalloc(sizeof(*mdat));
765 mdat->digest = digest;
770 static void digest_test_cleanup(EVP_TEST *t)
772 DIGEST_DATA *mdat = t->data;
774 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
775 OPENSSL_free(mdat->output);
778 static int digest_test_parse(EVP_TEST *t,
779 const char *keyword, const char *value)
781 DIGEST_DATA *mdata = t->data;
783 if (strcmp(keyword, "Input") == 0)
784 return evp_test_buffer_append(value, &mdata->input);
785 if (strcmp(keyword, "Output") == 0)
786 return test_bin(value, &mdata->output, &mdata->output_len);
787 if (strcmp(keyword, "Count") == 0)
788 return evp_test_buffer_set_count(value, mdata->input);
789 if (strcmp(keyword, "Ncopy") == 0)
790 return evp_test_buffer_ncopy(value, mdata->input);
794 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
796 return EVP_DigestUpdate(ctx, buf, buflen);
799 static int digest_test_run(EVP_TEST *t)
801 DIGEST_DATA *mdata = t->data;
803 unsigned char md[EVP_MAX_MD_SIZE];
806 t->err = "TEST_FAILURE";
807 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
810 if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL)) {
811 t->err = "DIGESTINIT_ERROR";
814 if (!evp_test_buffer_do(mdata->input, digest_update_fn, mctx)) {
815 t->err = "DIGESTUPDATE_ERROR";
819 if (!EVP_DigestFinal(mctx, md, &md_len)) {
820 t->err = "DIGESTFINAL_ERROR";
823 if (md_len != mdata->output_len) {
824 t->err = "DIGEST_LENGTH_MISMATCH";
827 if (!compare_mem(mdata->output, mdata->output_len, md, md_len)) {
828 t->err = "DIGEST_MISMATCH";
834 EVP_MD_CTX_free(mctx);
838 static const EVP_TEST_METHOD digest_test_method = {
847 typedef struct cipher_data_st {
848 const EVP_CIPHER *cipher;
850 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
856 unsigned char *plaintext;
857 size_t plaintext_len;
858 unsigned char *ciphertext;
859 size_t ciphertext_len;
867 static int cipher_test_init(EVP_TEST *t, const char *alg)
869 const EVP_CIPHER *cipher;
870 CIPHER_DATA *cdat = t->data;
872 cipher = EVP_get_cipherbyname(alg);
874 /* If alg has an OID assume disabled algorithm */
875 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
881 cdat = OPENSSL_malloc(sizeof(*cdat));
882 cdat->cipher = cipher;
886 cdat->ciphertext = NULL;
887 cdat->plaintext = NULL;
891 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE
892 || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE
893 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
894 cdat->aead = EVP_CIPHER_mode(cipher);
895 else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
903 static void cipher_test_cleanup(EVP_TEST *t)
905 CIPHER_DATA *cdat = t->data;
907 OPENSSL_free(cdat->key);
908 OPENSSL_free(cdat->iv);
909 OPENSSL_free(cdat->ciphertext);
910 OPENSSL_free(cdat->plaintext);
911 OPENSSL_free(cdat->aad);
912 OPENSSL_free(cdat->tag);
915 static int cipher_test_parse(EVP_TEST *t, const char *keyword,
918 CIPHER_DATA *cdat = t->data;
920 if (strcmp(keyword, "Key") == 0)
921 return test_bin(value, &cdat->key, &cdat->key_len);
922 if (strcmp(keyword, "IV") == 0)
923 return test_bin(value, &cdat->iv, &cdat->iv_len);
924 if (strcmp(keyword, "Plaintext") == 0)
925 return test_bin(value, &cdat->plaintext, &cdat->plaintext_len);
926 if (strcmp(keyword, "Ciphertext") == 0)
927 return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
929 if (strcmp(keyword, "AAD") == 0)
930 return test_bin(value, &cdat->aad, &cdat->aad_len);
931 if (strcmp(keyword, "Tag") == 0)
932 return test_bin(value, &cdat->tag, &cdat->tag_len);
935 if (strcmp(keyword, "Operation") == 0) {
936 if (strcmp(value, "ENCRYPT") == 0)
938 else if (strcmp(value, "DECRYPT") == 0)
947 static int cipher_test_enc(EVP_TEST *t, int enc,
948 size_t out_misalign, size_t inp_misalign, int frag)
950 CIPHER_DATA *cdat = t->data;
951 unsigned char *in, *out, *tmp = NULL;
952 size_t in_len, out_len, donelen = 0;
953 int ok = 0, tmplen, chunklen, tmpflen;
954 EVP_CIPHER_CTX *ctx = NULL;
956 t->err = "TEST_FAILURE";
957 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
959 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
961 in = cdat->plaintext;
962 in_len = cdat->plaintext_len;
963 out = cdat->ciphertext;
964 out_len = cdat->ciphertext_len;
966 in = cdat->ciphertext;
967 in_len = cdat->ciphertext_len;
968 out = cdat->plaintext;
969 out_len = cdat->plaintext_len;
971 if (inp_misalign == (size_t)-1) {
973 * Exercise in-place encryption
975 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
978 in = memcpy(tmp + out_misalign, in, in_len);
980 inp_misalign += 16 - ((out_misalign + in_len) & 15);
982 * 'tmp' will store both output and copy of input. We make the copy
983 * of input to specifically aligned part of 'tmp'. So we just
984 * figured out how much padding would ensure the required alignment,
985 * now we allocate extended buffer and finally copy the input just
986 * past inp_misalign in expression below. Output will be written
987 * past out_misalign...
989 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
990 inp_misalign + in_len);
993 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
994 inp_misalign, in, in_len);
996 if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc)) {
997 t->err = "CIPHERINIT_ERROR";
1002 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
1004 t->err = "INVALID_IV_LENGTH";
1007 } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) {
1008 t->err = "INVALID_IV_LENGTH";
1015 * If encrypting or OCB just set tag length initially, otherwise
1016 * set tag length and value.
1018 if (enc || cdat->aead == EVP_CIPH_OCB_MODE) {
1019 t->err = "TAG_LENGTH_SET_ERROR";
1022 t->err = "TAG_SET_ERROR";
1025 if (tag || cdat->aead != EVP_CIPH_GCM_MODE) {
1026 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1027 cdat->tag_len, tag))
1032 if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len)) {
1033 t->err = "INVALID_KEY_LENGTH";
1036 if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1)) {
1037 t->err = "KEY_SET_ERROR";
1041 if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) {
1042 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1043 cdat->tag_len, cdat->tag)) {
1044 t->err = "TAG_SET_ERROR";
1049 if (cdat->aead == EVP_CIPH_CCM_MODE) {
1050 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
1051 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
1056 t->err = "AAD_SET_ERROR";
1058 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad,
1063 * Supply the AAD in chunks less than the block size where possible
1065 if (cdat->aad_len > 0) {
1066 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, 1))
1070 if (cdat->aad_len > 2) {
1071 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad + donelen,
1074 donelen += cdat->aad_len - 2;
1076 if (cdat->aad_len > 1
1077 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
1078 cdat->aad + donelen, 1))
1082 EVP_CIPHER_CTX_set_padding(ctx, 0);
1083 t->err = "CIPHERUPDATE_ERROR";
1086 /* We supply the data all in one go */
1087 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
1090 /* Supply the data in chunks less than the block size where possible */
1092 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
1099 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1107 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1113 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
1114 t->err = "CIPHERFINAL_ERROR";
1117 if (!compare_mem(out, out_len, tmp + out_misalign, tmplen + tmpflen)) {
1118 t->err = "VALUE_MISMATCH";
1121 if (enc && cdat->aead) {
1122 unsigned char rtag[16];
1124 if (cdat->tag_len > sizeof(rtag)) {
1125 t->err = "TAG_LENGTH_INTERNAL_ERROR";
1128 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1129 cdat->tag_len, rtag)) {
1130 t->err = "TAG_RETRIEVE_ERROR";
1133 if (!compare_mem(cdat->tag, cdat->tag_len, rtag, cdat->tag_len)) {
1134 t->err = "TAG_VALUE_MISMATCH";
1142 EVP_CIPHER_CTX_free(ctx);
1146 static int cipher_test_run(EVP_TEST *t)
1148 CIPHER_DATA *cdat = t->data;
1150 size_t out_misalign, inp_misalign;
1156 if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
1157 /* IV is optional and usually omitted in wrap mode */
1158 if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
1163 if (cdat->aead && !cdat->tag) {
1167 for (out_misalign = 0; out_misalign <= 1;) {
1168 static char aux_err[64];
1169 t->aux_err = aux_err;
1170 for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
1171 if (inp_misalign == (size_t)-1) {
1172 /* kludge: inp_misalign == -1 means "exercise in-place" */
1173 BIO_snprintf(aux_err, sizeof(aux_err),
1174 "%s in-place, %sfragmented",
1175 out_misalign ? "misaligned" : "aligned",
1176 frag ? "" : "not ");
1178 BIO_snprintf(aux_err, sizeof(aux_err),
1179 "%s output and %s input, %sfragmented",
1180 out_misalign ? "misaligned" : "aligned",
1181 inp_misalign ? "misaligned" : "aligned",
1182 frag ? "" : "not ");
1185 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag);
1186 /* Not fatal errors: return */
1193 if (cdat->enc != 1) {
1194 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag);
1195 /* Not fatal errors: return */
1204 if (out_misalign == 1 && frag == 0) {
1206 * XTS, CCM and Wrap modes have special requirements about input
1207 * lengths so we don't fragment for those
1209 if (cdat->aead == EVP_CIPH_CCM_MODE
1210 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
1211 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
1224 static const EVP_TEST_METHOD cipher_test_method = {
1227 cipher_test_cleanup,
1232 typedef struct mac_data_st {
1235 /* Algorithm string for this MAC */
1241 unsigned char *input;
1243 /* Expected output */
1244 unsigned char *output;
1248 static int mac_test_init(EVP_TEST *t, const char *alg)
1253 if (strcmp(alg, "HMAC") == 0) {
1254 type = EVP_PKEY_HMAC;
1255 } else if (strcmp(alg, "CMAC") == 0) {
1256 #ifndef OPENSSL_NO_CMAC
1257 type = EVP_PKEY_CMAC;
1262 } else if (strcmp(alg, "Poly1305") == 0) {
1263 #ifndef OPENSSL_NO_POLY1305
1264 type = EVP_PKEY_POLY1305;
1269 } else if (strcmp(alg, "SipHash") == 0) {
1270 #ifndef OPENSSL_NO_SIPHASH
1271 type = EVP_PKEY_SIPHASH;
1279 mdat = OPENSSL_zalloc(sizeof(*mdat));
1285 static void mac_test_cleanup(EVP_TEST *t)
1287 MAC_DATA *mdat = t->data;
1289 OPENSSL_free(mdat->alg);
1290 OPENSSL_free(mdat->key);
1291 OPENSSL_free(mdat->input);
1292 OPENSSL_free(mdat->output);
1295 static int mac_test_parse(EVP_TEST *t,
1296 const char *keyword, const char *value)
1298 MAC_DATA *mdata = t->data;
1300 if (strcmp(keyword, "Key") == 0)
1301 return test_bin(value, &mdata->key, &mdata->key_len);
1302 if (strcmp(keyword, "Algorithm") == 0) {
1303 mdata->alg = OPENSSL_strdup(value);
1308 if (strcmp(keyword, "Input") == 0)
1309 return test_bin(value, &mdata->input, &mdata->input_len);
1310 if (strcmp(keyword, "Output") == 0)
1311 return test_bin(value, &mdata->output, &mdata->output_len);
1315 static int mac_test_run(EVP_TEST *t)
1317 MAC_DATA *mdata = t->data;
1318 EVP_MD_CTX *mctx = NULL;
1319 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1320 EVP_PKEY *key = NULL;
1321 const EVP_MD *md = NULL;
1322 unsigned char *mac = NULL;
1325 #ifdef OPENSSL_NO_DES
1326 if (mdata->alg != NULL && strstr(mdata->alg, "DES") != NULL) {
1333 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL))) {
1334 t->err = "MAC_PKEY_CTX_ERROR";
1338 if (EVP_PKEY_keygen_init(genctx) <= 0) {
1339 t->err = "MAC_KEYGEN_INIT_ERROR";
1342 if (mdata->type == EVP_PKEY_CMAC
1343 && EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0) {
1344 t->err = "MAC_ALGORITHM_SET_ERROR";
1348 if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0) {
1349 t->err = "MAC_KEY_SET_ERROR";
1353 if (EVP_PKEY_keygen(genctx, &key) <= 0) {
1354 t->err = "MAC_KEY_GENERATE_ERROR";
1357 if (mdata->type == EVP_PKEY_HMAC) {
1358 if (!TEST_ptr(md = EVP_get_digestbyname(mdata->alg))) {
1359 t->err = "MAC_ALGORITHM_SET_ERROR";
1363 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1364 t->err = "INTERNAL_ERROR";
1367 if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) {
1368 t->err = "DIGESTSIGNINIT_ERROR";
1372 if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len)) {
1373 t->err = "DIGESTSIGNUPDATE_ERROR";
1376 if (!EVP_DigestSignFinal(mctx, NULL, &mac_len)) {
1377 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1380 if (!TEST_ptr(mac = OPENSSL_malloc(mac_len))) {
1381 t->err = "TEST_FAILURE";
1384 if (!EVP_DigestSignFinal(mctx, mac, &mac_len)
1385 || !compare_mem(mdata->output, mdata->output_len, mac, mac_len)) {
1386 t->err = "TEST_MAC_ERR";
1391 EVP_MD_CTX_free(mctx);
1393 EVP_PKEY_CTX_free(genctx);
1398 static const EVP_TEST_METHOD mac_test_method = {
1407 * Public key operations. These are all very similar and can share
1408 * a lot of common code.
1411 typedef struct pkey_data_st {
1412 /* Context for this operation */
1414 /* Key operation to perform */
1415 int (*keyop) (EVP_PKEY_CTX *ctx,
1416 unsigned char *sig, size_t *siglen,
1417 const unsigned char *tbs, size_t tbslen);
1419 unsigned char *input;
1421 /* Expected output */
1422 unsigned char *output;
1427 * Perform public key operation setup: lookup key, allocated ctx and call
1428 * the appropriate initialisation function
1430 static int pkey_test_init(EVP_TEST *t, const char *name,
1432 int (*keyopinit) (EVP_PKEY_CTX *ctx),
1433 int (*keyop) (EVP_PKEY_CTX *ctx,
1434 unsigned char *sig, size_t *siglen,
1435 const unsigned char *tbs,
1440 EVP_PKEY *pkey = NULL;
1444 rv = find_key(&pkey, name, public_keys);
1446 rv = find_key(&pkey, name, private_keys);
1447 if (rv == 0 || pkey == NULL) {
1452 if (!TEST_ptr(kdata = OPENSSL_malloc(sizeof(*kdata)))) {
1453 EVP_PKEY_free(pkey);
1457 kdata->input = NULL;
1458 kdata->output = NULL;
1459 kdata->keyop = keyop;
1461 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1463 if (keyopinit(kdata->ctx) <= 0)
1464 t->err = "KEYOP_INIT_ERROR";
1468 static void pkey_test_cleanup(EVP_TEST *t)
1470 PKEY_DATA *kdata = t->data;
1472 OPENSSL_free(kdata->input);
1473 OPENSSL_free(kdata->output);
1474 EVP_PKEY_CTX_free(kdata->ctx);
1477 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1483 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1485 p = strchr(tmpval, ':');
1488 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1490 t->err = "PKEY_CTRL_INVALID";
1492 } else if (p != NULL && rv <= 0) {
1493 /* If p has an OID and lookup fails assume disabled algorithm */
1494 int nid = OBJ_sn2nid(p);
1496 if (nid == NID_undef)
1497 nid = OBJ_ln2nid(p);
1498 if ((nid != NID_undef) && EVP_get_digestbynid(nid) == NULL &&
1499 EVP_get_cipherbynid(nid) == NULL) {
1503 t->err = "PKEY_CTRL_ERROR";
1507 OPENSSL_free(tmpval);
1511 static int pkey_test_parse(EVP_TEST *t,
1512 const char *keyword, const char *value)
1514 PKEY_DATA *kdata = t->data;
1515 if (strcmp(keyword, "Input") == 0)
1516 return test_bin(value, &kdata->input, &kdata->input_len);
1517 if (strcmp(keyword, "Output") == 0)
1518 return test_bin(value, &kdata->output, &kdata->output_len);
1519 if (strcmp(keyword, "Ctrl") == 0)
1520 return pkey_test_ctrl(t, kdata->ctx, value);
1524 static int pkey_test_run(EVP_TEST *t)
1526 PKEY_DATA *kdata = t->data;
1527 unsigned char *out = NULL;
1530 if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input,
1531 kdata->input_len) <= 0
1532 || !TEST_ptr(out = OPENSSL_malloc(out_len))) {
1533 t->err = "KEYOP_LENGTH_ERROR";
1536 if (kdata->keyop(kdata->ctx, out,
1537 &out_len, kdata->input, kdata->input_len) <= 0) {
1538 t->err = "KEYOP_ERROR";
1541 if (!compare_mem(kdata->output, kdata->output_len, out, out_len)) {
1542 t->err = "KEYOP_MISMATCH";
1551 static int sign_test_init(EVP_TEST *t, const char *name)
1553 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
1556 static const EVP_TEST_METHOD psign_test_method = {
1564 static int verify_recover_test_init(EVP_TEST *t, const char *name)
1566 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
1567 EVP_PKEY_verify_recover);
1570 static const EVP_TEST_METHOD pverify_recover_test_method = {
1572 verify_recover_test_init,
1578 static int decrypt_test_init(EVP_TEST *t, const char *name)
1580 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
1584 static const EVP_TEST_METHOD pdecrypt_test_method = {
1592 static int verify_test_init(EVP_TEST *t, const char *name)
1594 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
1597 static int verify_test_run(EVP_TEST *t)
1599 PKEY_DATA *kdata = t->data;
1601 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
1602 kdata->input, kdata->input_len) <= 0)
1603 t->err = "VERIFY_ERROR";
1607 static const EVP_TEST_METHOD pverify_test_method = {
1616 static int pderive_test_init(EVP_TEST *t, const char *name)
1618 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
1621 static int pderive_test_parse(EVP_TEST *t,
1622 const char *keyword, const char *value)
1624 PKEY_DATA *kdata = t->data;
1626 if (strcmp(keyword, "PeerKey") == 0) {
1628 if (find_key(&peer, value, public_keys) == 0)
1630 if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
1634 if (strcmp(keyword, "SharedSecret") == 0)
1635 return test_bin(value, &kdata->output, &kdata->output_len);
1636 if (strcmp(keyword, "Ctrl") == 0)
1637 return pkey_test_ctrl(t, kdata->ctx, value);
1641 static int pderive_test_run(EVP_TEST *t)
1643 PKEY_DATA *kdata = t->data;
1644 unsigned char *out = NULL;
1647 out_len = kdata->output_len;
1648 if (!TEST_ptr(out = OPENSSL_malloc(out_len))) {
1649 t->err = "DERIVE_ERROR";
1652 if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) {
1653 t->err = "DERIVE_ERROR";
1656 if (!compare_mem(kdata->output, kdata->output_len, out, out_len)) {
1657 t->err = "SHARED_SECRET_MISMATCH";
1667 static const EVP_TEST_METHOD pderive_test_method = {
1677 #define PBE_TYPE_SCRYPT 1
1678 #define PBE_TYPE_PBKDF2 2
1679 #define PBE_TYPE_PKCS12 3
1681 typedef struct pbe_data_st {
1683 /* scrypt parameters */
1684 uint64_t N, r, p, maxmem;
1685 /* PKCS#12 parameters */
1689 unsigned char *pass;
1692 unsigned char *salt;
1694 /* Expected output */
1699 #ifndef OPENSSL_NO_SCRYPT
1700 static int scrypt_test_parse(EVP_TEST *t,
1701 const char *keyword, const char *value)
1703 PBE_DATA *pdata = t->data;
1705 if (strcmp(keyword, "N") == 0)
1706 return test_uint64(value, &pdata->N);
1707 if (strcmp(keyword, "p") == 0)
1708 return test_uint64(value, &pdata->p);
1709 if (strcmp(keyword, "r") == 0)
1710 return test_uint64(value, &pdata->r);
1711 if (strcmp(keyword, "maxmem") == 0)
1712 return test_uint64(value, &pdata->maxmem);
1717 static int pbkdf2_test_parse(EVP_TEST *t,
1718 const char *keyword, const char *value)
1720 PBE_DATA *pdata = t->data;
1722 if (strcmp(keyword, "iter") == 0) {
1723 pdata->iter = atoi(value);
1724 if (pdata->iter <= 0)
1728 if (strcmp(keyword, "MD") == 0) {
1729 pdata->md = EVP_get_digestbyname(value);
1730 if (pdata->md == NULL)
1737 static int pkcs12_test_parse(EVP_TEST *t,
1738 const char *keyword, const char *value)
1740 PBE_DATA *pdata = t->data;
1742 if (strcmp(keyword, "id") == 0) {
1743 pdata->id = atoi(value);
1748 return pbkdf2_test_parse(t, keyword, value);
1751 static int pbe_test_init(EVP_TEST *t, const char *alg)
1756 if (strcmp(alg, "scrypt") == 0) {
1757 #ifndef OPENSSL_NO_SCRYPT
1758 pbe_type = PBE_TYPE_SCRYPT;
1763 } else if (strcmp(alg, "pbkdf2") == 0) {
1764 pbe_type = PBE_TYPE_PBKDF2;
1765 } else if (strcmp(alg, "pkcs12") == 0) {
1766 pbe_type = PBE_TYPE_PKCS12;
1768 TEST_error("Unknown pbe algorithm %s", alg);
1770 pdat = OPENSSL_malloc(sizeof(*pdat));
1771 pdat->pbe_type = pbe_type;
1785 static void pbe_test_cleanup(EVP_TEST *t)
1787 PBE_DATA *pdat = t->data;
1789 OPENSSL_free(pdat->pass);
1790 OPENSSL_free(pdat->salt);
1791 OPENSSL_free(pdat->key);
1794 static int pbe_test_parse(EVP_TEST *t,
1795 const char *keyword, const char *value)
1797 PBE_DATA *pdata = t->data;
1799 if (strcmp(keyword, "Password") == 0)
1800 return test_bin(value, &pdata->pass, &pdata->pass_len);
1801 if (strcmp(keyword, "Salt") == 0)
1802 return test_bin(value, &pdata->salt, &pdata->salt_len);
1803 if (strcmp(keyword, "Key") == 0)
1804 return test_bin(value, &pdata->key, &pdata->key_len);
1805 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
1806 return pbkdf2_test_parse(t, keyword, value);
1807 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
1808 return pkcs12_test_parse(t, keyword, value);
1809 #ifndef OPENSSL_NO_SCRYPT
1810 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
1811 return scrypt_test_parse(t, keyword, value);
1816 static int pbe_test_run(EVP_TEST *t)
1818 PBE_DATA *pdata = t->data;
1821 if (!TEST_ptr(key = OPENSSL_malloc(pdata->key_len))) {
1822 t->err = "INTERNAL_ERROR";
1825 if (pdata->pbe_type == PBE_TYPE_PBKDF2) {
1826 if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len,
1827 pdata->salt, pdata->salt_len,
1828 pdata->iter, pdata->md,
1829 pdata->key_len, key) == 0) {
1830 t->err = "PBKDF2_ERROR";
1833 #ifndef OPENSSL_NO_SCRYPT
1834 } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {
1835 if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
1836 pdata->salt, pdata->salt_len,
1837 pdata->N, pdata->r, pdata->p, pdata->maxmem,
1838 key, pdata->key_len) == 0) {
1839 t->err = "SCRYPT_ERROR";
1843 } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {
1844 if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,
1845 pdata->salt, pdata->salt_len,
1846 pdata->id, pdata->iter, pdata->key_len,
1847 key, pdata->md) == 0) {
1848 t->err = "PKCS12_ERROR";
1852 if (!compare_mem(pdata->key, pdata->key_len, key, pdata->key_len)) {
1853 t->err = "KEY_MISMATCH";
1862 static const EVP_TEST_METHOD pbe_test_method = {
1873 BASE64_CANONICAL_ENCODING = 0,
1874 BASE64_VALID_ENCODING = 1,
1875 BASE64_INVALID_ENCODING = 2
1876 } base64_encoding_type;
1878 typedef struct encode_data_st {
1879 /* Input to encoding */
1880 unsigned char *input;
1882 /* Expected output */
1883 unsigned char *output;
1885 base64_encoding_type encoding;
1888 static int encode_test_init(EVP_TEST *t, const char *encoding)
1890 ENCODE_DATA *edata = OPENSSL_zalloc(sizeof(*edata));
1892 if (strcmp(encoding, "canonical") == 0) {
1893 edata->encoding = BASE64_CANONICAL_ENCODING;
1894 } else if (strcmp(encoding, "valid") == 0) {
1895 edata->encoding = BASE64_VALID_ENCODING;
1896 } else if (strcmp(encoding, "invalid") == 0) {
1897 edata->encoding = BASE64_INVALID_ENCODING;
1898 t->expected_err = OPENSSL_strdup("DECODE_ERROR");
1899 if (t->expected_err == NULL)
1902 TEST_info("Bad encoding: %s. Should be one of "
1903 "{canonical, valid, invalid}", encoding);
1910 static void encode_test_cleanup(EVP_TEST *t)
1912 ENCODE_DATA *edata = t->data;
1914 OPENSSL_free(edata->input);
1915 OPENSSL_free(edata->output);
1916 memset(edata, 0, sizeof(*edata));
1919 static int encode_test_parse(EVP_TEST *t,
1920 const char *keyword, const char *value)
1922 ENCODE_DATA *edata = t->data;
1923 if (strcmp(keyword, "Input") == 0)
1924 return test_bin(value, &edata->input, &edata->input_len);
1925 if (strcmp(keyword, "Output") == 0)
1926 return test_bin(value, &edata->output, &edata->output_len);
1930 static int encode_test_run(EVP_TEST *t)
1932 ENCODE_DATA *edata = t->data;
1933 unsigned char *encode_out = NULL, *decode_out = NULL;
1934 int output_len, chunk_len;
1935 EVP_ENCODE_CTX *decode_ctx;
1937 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
1938 t->err = "INTERNAL_ERROR";
1942 if (edata->encoding == BASE64_CANONICAL_ENCODING) {
1943 EVP_ENCODE_CTX *encode_ctx;
1945 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
1946 || !TEST_ptr(encode_out =
1947 OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len))))
1950 EVP_EncodeInit(encode_ctx);
1951 EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
1952 edata->input, edata->input_len);
1953 output_len = chunk_len;
1955 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
1956 output_len += chunk_len;
1958 EVP_ENCODE_CTX_free(encode_ctx);
1960 if (!compare_mem(edata->output, edata->output_len,
1961 encode_out, output_len)) {
1962 t->err = "BAD_ENCODING";
1967 if (!TEST_ptr(decode_out =
1968 OPENSSL_malloc(EVP_DECODE_LENGTH(edata->output_len))))
1971 EVP_DecodeInit(decode_ctx);
1972 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output,
1973 edata->output_len) < 0) {
1974 t->err = "DECODE_ERROR";
1977 output_len = chunk_len;
1979 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
1980 t->err = "DECODE_ERROR";
1983 output_len += chunk_len;
1985 if (edata->encoding != BASE64_INVALID_ENCODING
1986 && !compare_mem(edata->input, edata->input_len,
1987 decode_out, output_len)) {
1988 t->err = "BAD_DECODING";
1994 OPENSSL_free(encode_out);
1995 OPENSSL_free(decode_out);
1996 EVP_ENCODE_CTX_free(decode_ctx);
2000 static const EVP_TEST_METHOD encode_test_method = {
2003 encode_test_cleanup,
2008 /* KDF operations */
2010 typedef struct kdf_data_st {
2011 /* Context for this operation */
2013 /* Expected output */
2014 unsigned char *output;
2019 * Perform public key operation setup: lookup key, allocated ctx and call
2020 * the appropriate initialisation function
2022 static int kdf_test_init(EVP_TEST *t, const char *name)
2026 kdata = OPENSSL_malloc(sizeof(*kdata));
2030 kdata->output = NULL;
2032 kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL);
2033 if (kdata->ctx == NULL)
2035 if (EVP_PKEY_derive_init(kdata->ctx) <= 0)
2040 static void kdf_test_cleanup(EVP_TEST *t)
2042 KDF_DATA *kdata = t->data;
2043 OPENSSL_free(kdata->output);
2044 EVP_PKEY_CTX_free(kdata->ctx);
2047 static int kdf_test_parse(EVP_TEST *t,
2048 const char *keyword, const char *value)
2050 KDF_DATA *kdata = t->data;
2052 if (strcmp(keyword, "Output") == 0)
2053 return test_bin(value, &kdata->output, &kdata->output_len);
2054 if (strncmp(keyword, "Ctrl", 4) == 0)
2055 return pkey_test_ctrl(t, kdata->ctx, value);
2059 static int kdf_test_run(EVP_TEST *t)
2061 KDF_DATA *kdata = t->data;
2062 unsigned char *out = NULL;
2063 size_t out_len = kdata->output_len;
2065 if (!TEST_ptr(out = OPENSSL_malloc(out_len))) {
2066 t->err = "INTERNAL_ERROR";
2069 if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) {
2070 t->err = "KDF_DERIVE_ERROR";
2073 if (!compare_mem(kdata->output, kdata->output_len, out, out_len)) {
2074 t->err = "KDF_MISMATCH";
2084 static const EVP_TEST_METHOD kdf_test_method = {
2092 typedef struct keypair_test_buffer_st {
2095 } KEYPAIR_TEST_DATA;
2097 static int keypair_test_init(EVP_TEST *t, const char *pair)
2100 EVP_PKEY *pk = NULL, *pubk = NULL;
2101 char *pub, *priv = NULL;
2102 KEYPAIR_TEST_DATA *data;
2104 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
2105 || !TEST_ptr(pub = strchr(priv, ':'))) {
2106 t->err = "PARSING_ERROR";
2109 *pub++ = 0; /* split priv and pub strings */
2111 if (!TEST_true(find_key(&pk, priv, private_keys))) {
2112 TEST_info("Cannot find private key: %s", priv);
2113 t->err = "MISSING_PRIVATE_KEY";
2116 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
2117 TEST_info("Cannot find public key: %s", pub);
2118 t->err = "MISSING_PUBLIC_KEY";
2122 if (pk == NULL && pubk == NULL) {
2123 /* Both keys are listed but unsupported: skip this test */
2129 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
2143 static void keypair_test_cleanup(EVP_TEST *t)
2145 OPENSSL_free(t->data);
2149 /* For test that do not accept any custom keyword:
2150 * return 0 if called
2152 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
2157 static int keypair_test_run(EVP_TEST *t)
2160 const KEYPAIR_TEST_DATA *pair = t->data;
2162 if (pair->privk == NULL || pair->pubk == NULL) {
2164 * this can only happen if only one of the keys is not set
2165 * which means that one of them was unsupported while the
2166 * other isn't: hence a key type mismatch.
2168 t->err = "KEYPAIR_TYPE_MISMATCH";
2173 if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) {
2175 t->err = "KEYPAIR_MISMATCH";
2176 } else if ( -1 == rv ) {
2177 t->err = "KEYPAIR_TYPE_MISMATCH";
2178 } else if ( -2 == rv ) {
2179 t->err = "UNSUPPORTED_KEY_COMPARISON";
2181 TEST_error("Unexpected error in key comparison");
2196 static const EVP_TEST_METHOD keypair_test_method = {
2199 keypair_test_cleanup,
2208 /* Digest context */
2212 STACK_OF(EVP_TEST_BUFFER) *input;
2213 /* Expected output */
2214 unsigned char *output;
2218 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify)
2220 const EVP_MD *md = NULL;
2221 DIGESTSIGN_DATA *mdat;
2223 if (strcmp(alg, "NULL") != 0) {
2224 if ((md = EVP_get_digestbyname(alg)) == NULL) {
2225 /* If alg has an OID assume disabled algorithm */
2226 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
2233 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
2236 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
2240 mdat->is_verify = is_verify;
2245 static int digestsign_test_init(EVP_TEST *t, const char *alg)
2247 return digestsigver_test_init(t, alg, 0);
2250 static void digestsigver_test_cleanup(EVP_TEST *t)
2252 DIGESTSIGN_DATA *mdata = t->data;
2254 EVP_MD_CTX_free(mdata->ctx);
2255 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
2256 OPENSSL_free(mdata->output);
2257 OPENSSL_free(mdata);
2261 static int digestsigver_test_parse(EVP_TEST *t,
2262 const char *keyword, const char *value)
2264 DIGESTSIGN_DATA *mdata = t->data;
2266 if (strcmp(keyword, "Key") == 0) {
2267 EVP_PKEY *pkey = NULL;
2270 if (mdata->is_verify)
2271 rv = find_key(&pkey, value, public_keys);
2273 rv = find_key(&pkey, value, private_keys);
2274 if (rv == 0 || pkey == NULL) {
2278 if (mdata->is_verify) {
2279 if (!EVP_DigestVerifyInit(mdata->ctx, &mdata->pctx, mdata->md,
2281 t->err = "DIGESTVERIFYINIT_ERROR";
2284 if (!EVP_DigestSignInit(mdata->ctx, &mdata->pctx, mdata->md, NULL,
2286 t->err = "DIGESTSIGNINIT_ERROR";
2290 if (strcmp(keyword, "Input") == 0)
2291 return evp_test_buffer_append(value, &mdata->input);
2292 if (strcmp(keyword, "Output") == 0)
2293 return test_bin(value, &mdata->output, &mdata->output_len);
2294 if (strcmp(keyword, "Count") == 0)
2295 return evp_test_buffer_set_count(value, mdata->input);
2296 if (strcmp(keyword, "Ncopy") == 0)
2297 return evp_test_buffer_ncopy(value, mdata->input);
2298 if (strcmp(keyword, "Ctrl") == 0) {
2299 if (mdata->pctx == NULL)
2301 return pkey_test_ctrl(t, mdata->pctx, value);
2306 static int digestsign_update_fn(void *ctx, const unsigned char *buf,
2309 return EVP_DigestSignUpdate(ctx, buf, buflen);
2312 static int digestsign_test_run(EVP_TEST *t)
2314 DIGESTSIGN_DATA *mdata = t->data;
2315 unsigned char *buf = NULL;
2318 if (!evp_test_buffer_do(mdata->input, digestsign_update_fn, mdata->ctx)) {
2319 t->err = "DIGESTUPDATE_ERROR";
2323 if (!EVP_DigestSignFinal(mdata->ctx, NULL, &buflen)) {
2324 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
2327 if (!TEST_ptr(buf = OPENSSL_malloc(buflen))) {
2328 t->err = "MALLOC_FAILURE";
2331 if (!EVP_DigestSignFinal(mdata->ctx, buf, &buflen)) {
2332 t->err = "DIGESTSIGNFINAL_ERROR";
2335 if (!compare_mem(mdata->output, mdata->output_len, buf, buflen)) {
2336 t->err = "SIGNATURE_MISMATCH";
2345 static const EVP_TEST_METHOD digestsign_test_method = {
2347 digestsign_test_init,
2348 digestsigver_test_cleanup,
2349 digestsigver_test_parse,
2353 static int digestverify_test_init(EVP_TEST *t, const char *alg)
2355 return digestsigver_test_init(t, alg, 1);
2358 static int digestverify_update_fn(void *ctx, const unsigned char *buf,
2361 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
2364 static int digestverify_test_run(EVP_TEST *t)
2366 DIGESTSIGN_DATA *mdata = t->data;
2368 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
2369 t->err = "DIGESTUPDATE_ERROR";
2373 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
2374 mdata->output_len) <= 0)
2375 t->err = "VERIFY_ERROR";
2379 static const EVP_TEST_METHOD digestverify_test_method = {
2381 digestverify_test_init,
2382 digestsigver_test_cleanup,
2383 digestsigver_test_parse,
2384 digestverify_test_run
2387 static int do_test_file(const char *testfile)
2393 set_test_title(testfile);
2394 current_test_file = testfile;
2395 if (!TEST_ptr(in = BIO_new_file(testfile, "rb")))
2397 memset(&t, 0, sizeof(t));
2401 while (BIO_gets(in, buf, sizeof(buf))) {
2403 if (!TEST_true(parse_test_line(&t, buf)))
2406 /* Run any final test we have */
2407 if (!run_and_get_next(&t, NULL))
2410 TEST_info("Completed %d tests with %d errors and %d skipped",
2411 t.ntests, t.errors, t.nskip);
2412 free_key_list(public_keys);
2413 free_key_list(private_keys);
2416 return t.errors == 0;
2419 static char * const *testfiles;
2421 static int run_file_tests(int i)
2423 return do_test_file(testfiles[i]);
2426 int test_main(int argc, char *argv[])
2429 TEST_error("Usage: %s file...", argv[0]);
2432 testfiles = &argv[1];
2434 ADD_ALL_TESTS(run_file_tests, argc - 1);
2436 return run_tests(argv[0]);