X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fevp_test.c;h=e42254591fe1ae44ff1671fd0d0c6899df7dc15d;hp=91caa4fc251dce2b7d57628b978511fd6a085120;hb=83bd31da23c668388ff20722ed1fa062590c9860;hpb=7644a9aef8932ed4d1c3f25ed776c997702982be

diff --git a/test/evp_test.c b/test/evp_test.c
index 91caa4fc25..e42254591f 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1,4 +1,3 @@
-/* evp_test.c */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -61,6 +60,7 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 #include <openssl/pkcs12.h>
+#include <openssl/kdf.h>
 #include "internal/numbers.h"
 
 /* Remove spaces from beginning and end of a string */
@@ -169,6 +169,8 @@ static unsigned char* unescape(const char *input, size_t input_len,
 static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
 {
     long len;
+
+    *buflen = 0;
     if (!*value) {
         /*
          * Don't return NULL for zero length buffer.
@@ -207,6 +209,8 @@ static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
     *buflen = len;
     return 1;
 }
+#ifndef OPENSSL_NO_SCRYPT
+/* Currently only used by scrypt tests */
 /* Parse unsigned decimal 64 bit integer value */
 static int test_uint64(const char *value, uint64_t *pr)
 {
@@ -231,6 +235,7 @@ static int test_uint64(const char *value, uint64_t *pr)
     }
     return 1;
 }
+#endif
 
 /* Structure holding test information */
 struct evp_test {
@@ -291,8 +296,10 @@ static const struct evp_test_method mac_test_method;
 static const struct evp_test_method psign_test_method, pverify_test_method;
 static const struct evp_test_method pdecrypt_test_method;
 static const struct evp_test_method pverify_recover_test_method;
+static const struct evp_test_method pderive_test_method;
 static const struct evp_test_method pbe_test_method;
 static const struct evp_test_method encode_test_method;
+static const struct evp_test_method kdf_test_method;
 
 static const struct evp_test_method *evp_test_list[] = {
     &digest_test_method,
@@ -302,8 +309,10 @@ static const struct evp_test_method *evp_test_list[] = {
     &pverify_test_method,
     &pdecrypt_test_method,
     &pverify_recover_test_method,
+    &pderive_test_method,
     &pbe_test_method,
     &encode_test_method,
+    &kdf_test_method,
     NULL
 };
 
@@ -586,9 +595,6 @@ int main(int argc, char **argv)
 
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-    ERR_load_crypto_strings();
-    OpenSSL_add_all_algorithms();
-
     memset(&t, 0, sizeof(t));
     t.start_line = -1;
     in = fopen(argv[1], "r");
@@ -606,12 +612,10 @@ int main(int argc, char **argv)
     free_key_list(t.public);
     free_key_list(t.private);
     fclose(in);
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_mem_leaks_fp(stderr);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks_fp(stderr) <= 0)
+        return 1;
 #endif
     if (t.errors)
         return 1;
@@ -1021,11 +1025,16 @@ static int mac_test_init(struct evp_test *t, const char *alg)
 {
     int type;
     struct mac_data *mdat;
-    if (strcmp(alg, "HMAC") == 0)
+    if (strcmp(alg, "HMAC") == 0) {
         type = EVP_PKEY_HMAC;
-    else if (strcmp(alg, "CMAC") == 0)
+    } else if (strcmp(alg, "CMAC") == 0) {
+#ifndef OPENSSL_NO_CMAC
         type = EVP_PKEY_CMAC;
-    else
+#else
+        t->skip = 1;
+        return 1;
+#endif
+    } else
         return 0;
 
     mdat = OPENSSL_malloc(sizeof(*mdat));
@@ -1077,6 +1086,14 @@ static int mac_test_run(struct evp_test *t)
     unsigned char *mac = NULL;
     size_t mac_len;
 
+#ifdef OPENSSL_NO_DES
+    if (strstr(mdata->alg, "DES") != NULL) {
+        /* Skip DES */
+        err = NULL;
+        goto err;
+    }
+#endif
+
     err = "MAC_PKEY_CTX_ERROR";
     genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL);
     if (!genctx)
@@ -1222,6 +1239,22 @@ static void pkey_test_cleanup(struct evp_test *t)
     EVP_PKEY_CTX_free(kdata->ctx);
 }
 
+static int pkey_test_ctrl(EVP_PKEY_CTX *pctx, const char *value)
+{
+    int rv;
+    char *p, *tmpval;
+
+    tmpval = OPENSSL_strdup(value);
+    if (tmpval == NULL)
+        return 0;
+    p = strchr(tmpval, ':');
+    if (p != NULL)
+        *p++ = 0;
+    rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+    OPENSSL_free(tmpval);
+    return rv > 0;
+}
+
 static int pkey_test_parse(struct evp_test *t,
                            const char *keyword, const char *value)
 {
@@ -1230,14 +1263,8 @@ static int pkey_test_parse(struct evp_test *t,
         return test_bin(value, &kdata->input, &kdata->input_len);
     if (strcmp(keyword, "Output") == 0)
         return test_bin(value, &kdata->output, &kdata->output_len);
-    if (strcmp(keyword, "Ctrl") == 0) {
-        char *p = strchr(value, ':');
-        if (p)
-            *p++ = 0;
-        if (EVP_PKEY_CTX_ctrl_str(kdata->ctx, value, p) <= 0)
-            return 0;
-        return 1;
-    }
+    if (strcmp(keyword, "Ctrl") == 0)
+        return pkey_test_ctrl(kdata->ctx, value);
     return 0;
 }
 
@@ -1335,6 +1362,69 @@ static const struct evp_test_method pverify_test_method = {
     verify_test_run
 };
 
+
+static int pderive_test_init(struct evp_test *t, const char *name)
+{
+    return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
+}
+
+static int pderive_test_parse(struct evp_test *t,
+                              const char *keyword, const char *value)
+{
+    struct pkey_data *kdata = t->data;
+
+    if (strcmp(keyword, "PeerKey") == 0) {
+        EVP_PKEY *peer;
+        if (find_key(&peer, value, t->public) == 0)
+            return 0;
+        if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
+            return 0;
+        return 1;
+    }
+    if (strcmp(keyword, "SharedSecret") == 0)
+        return test_bin(value, &kdata->output, &kdata->output_len);
+    if (strcmp(keyword, "Ctrl") == 0)
+        return pkey_test_ctrl(kdata->ctx, value);
+    return 0;
+}
+
+static int pderive_test_run(struct evp_test *t)
+{
+    struct pkey_data *kdata = t->data;
+    unsigned char *out = NULL;
+    size_t out_len;
+    const char *err = "INTERNAL_ERROR";
+
+    out_len = kdata->output_len;
+    out = OPENSSL_malloc(out_len);
+    if (!out) {
+        fprintf(stderr, "Error allocating output buffer!\n");
+        exit(1);
+    }
+    err = "DERIVE_ERROR";
+    if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
+        goto err;
+    err = "SHARED_SECRET_LENGTH_MISMATCH";
+    if (out_len != kdata->output_len)
+        goto err;
+    err = "SHARED_SECRET_MISMATCH";
+    if (check_output(t, kdata->output, out, out_len))
+        goto err;
+    err = NULL;
+ err:
+    OPENSSL_free(out);
+    t->err = err;
+    return 1;
+}
+
+static const struct evp_test_method pderive_test_method = {
+    "Derive",
+    pderive_test_init,
+    pkey_test_cleanup,
+    pderive_test_parse,
+    pderive_test_run
+};
+
 /* PBE tests */
 
 #define PBE_TYPE_SCRYPT 1
@@ -1422,16 +1512,20 @@ static int pbe_test_init(struct evp_test *t, const char *alg)
     struct pbe_data *pdat;
     int pbe_type = 0;
 
+    if (strcmp(alg, "scrypt") == 0) {
 #ifndef OPENSSL_NO_SCRYPT
-    if (strcmp(alg, "scrypt") == 0)
         pbe_type = PBE_TYPE_SCRYPT;
+#else
+        t->skip = 1;
+        return 1;
 #endif
-    else if (strcmp(alg, "pbkdf2") == 0)
+    } else if (strcmp(alg, "pbkdf2") == 0) {
         pbe_type = PBE_TYPE_PBKDF2;
-    else if (strcmp(alg, "pkcs12") == 0)
+    } else if (strcmp(alg, "pkcs12") == 0) {
         pbe_type = PBE_TYPE_PKCS12;
-    else
+    } else {
         fprintf(stderr, "Unknown pbe algorithm %s\n", alg);
+    }
     pdat = OPENSSL_malloc(sizeof(*pdat));
     pdat->pbe_type = pbe_type;
     pdat->pass = NULL;
@@ -1664,3 +1758,88 @@ static const struct evp_test_method encode_test_method = {
     encode_test_parse,
     encode_test_run,
 };
+
+/* KDF operations */
+
+struct kdf_data {
+    /* Context for this operation */
+    EVP_PKEY_CTX *ctx;
+    /* Expected output */
+    unsigned char *output;
+    size_t output_len;
+};
+
+/*
+ * Perform public key operation setup: lookup key, allocated ctx and call
+ * the appropriate initialisation function
+ */
+static int kdf_test_init(struct evp_test *t, const char *name)
+{
+    struct kdf_data *kdata;
+
+    kdata = OPENSSL_malloc(sizeof(*kdata));
+    if (kdata == NULL)
+        return 0;
+    kdata->ctx = NULL;
+    kdata->output = NULL;
+    t->data = kdata;
+    kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL);
+    if (kdata->ctx == NULL)
+        return 0;
+    if (EVP_PKEY_derive_init(kdata->ctx) <= 0)
+        return 0;
+    return 1;
+}
+
+static void kdf_test_cleanup(struct evp_test *t)
+{
+    struct kdf_data *kdata = t->data;
+    OPENSSL_free(kdata->output);
+    EVP_PKEY_CTX_free(kdata->ctx);
+}
+
+static int kdf_test_parse(struct evp_test *t,
+                          const char *keyword, const char *value)
+{
+    struct kdf_data *kdata = t->data;
+    if (strcmp(keyword, "Output") == 0)
+        return test_bin(value, &kdata->output, &kdata->output_len);
+    if (strncmp(keyword, "Ctrl", 4) == 0)
+        return pkey_test_ctrl(kdata->ctx, value);
+    return 0;
+}
+
+static int kdf_test_run(struct evp_test *t)
+{
+    struct kdf_data *kdata = t->data;
+    unsigned char *out = NULL;
+    size_t out_len = kdata->output_len;
+    const char *err = "INTERNAL_ERROR";
+    out = OPENSSL_malloc(out_len);
+    if (!out) {
+        fprintf(stderr, "Error allocating output buffer!\n");
+        exit(1);
+    }
+    err = "KDF_DERIVE_ERROR";
+    if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
+        goto err;
+    err = "KDF_LENGTH_MISMATCH";
+    if (out_len != kdata->output_len)
+        goto err;
+    err = "KDF_MISMATCH";
+    if (check_output(t, kdata->output, out, out_len))
+        goto err;
+    err = NULL;
+ err:
+    OPENSSL_free(out);
+    t->err = err;
+    return 1;
+}
+
+static const struct evp_test_method kdf_test_method = {
+    "KDF",
+    kdf_test_init,
+    kdf_test_cleanup,
+    kdf_test_parse,
+    kdf_test_run
+};