From 25446a66b69a28c85d178e4454d2caed75d75293 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Tue, 30 Jul 2019 22:52:07 +0200
Subject: [PATCH] Adapt the MAC tests, and tests for other things that use
 EVP_MAC

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
---
 test/evp_kdf_test.c                      |   8 +-
 test/evp_test.c                          | 159 +++++++++++------------
 test/recipes/30-test_evp_data/evpmac.txt |   8 +-
 3 files changed, 79 insertions(+), 96 deletions(-)

diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index e7c1381a6a..b3d1648c0d 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -260,7 +260,6 @@ static int test_kdf_ss_hmac(void)
 {
     int ret;
     EVP_KDF_CTX *kctx;
-    const EVP_MAC *mac;
     unsigned char out[16];
     static const unsigned char z[] = {
         0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
@@ -279,8 +278,7 @@ static int test_kdf_ss_hmac(void)
 
     ret =
         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
-        && TEST_ptr(mac = EVP_get_macbyname("HMAC"))
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
+        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "HMAC"), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD,  EVP_sha256()), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
@@ -299,7 +297,6 @@ static int test_kdf_ss_kmac(void)
     int ret;
     EVP_KDF_CTX *kctx;
     unsigned char out[64];
-    const EVP_MAC *mac;
     static const unsigned char z[] = {
         0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
     };
@@ -320,8 +317,7 @@ static int test_kdf_ss_kmac(void)
 
     ret =
         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
-        && TEST_ptr(mac = EVP_get_macbyname("KMAC128"))
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
+        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "KMAC128"), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z,
                                     sizeof(z)), 0)
         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
diff --git a/test/evp_test.c b/test/evp_test.c
index 2ae2c023a2..029738f296 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -18,7 +18,10 @@
 #include <openssl/x509v3.h>
 #include <openssl/pkcs12.h>
 #include <openssl/kdf.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
 #include "internal/numbers.h"
+#include "internal/nelem.h"
 #include "testutil.h"
 #include "evp_test.h"
 
@@ -865,7 +868,7 @@ static const EVP_TEST_METHOD cipher_test_method = {
 
 typedef struct mac_data_st {
     /* MAC type in one form or another */
-    const EVP_MAC *mac;          /* for mac_test_run_mac */
+    EVP_MAC *mac;                /* for mac_test_run_mac */
     int type;                    /* for mac_test_run_pkey */
     /* Algorithm string for this MAC */
     char *alg;
@@ -892,11 +895,11 @@ typedef struct mac_data_st {
 
 static int mac_test_init(EVP_TEST *t, const char *alg)
 {
-    const EVP_MAC *mac = NULL;
+    EVP_MAC *mac = NULL;
     int type = NID_undef;
     MAC_DATA *mdat;
 
-    if ((mac = EVP_get_macbyname(alg)) == NULL) {
+    if ((mac = EVP_MAC_fetch(NULL, alg, NULL)) == NULL) {
         /*
          * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
          * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
@@ -964,6 +967,7 @@ static void mac_test_cleanup(EVP_TEST *t)
 {
     MAC_DATA *mdat = t->data;
 
+    EVP_MAC_free(mdat->mac);
     sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
     OPENSSL_free(mdat->alg);
     OPENSSL_free(mdat->key);
@@ -1114,11 +1118,14 @@ static int mac_test_run_mac(EVP_TEST *t)
 {
     MAC_DATA *expected = t->data;
     EVP_MAC_CTX *ctx = NULL;
-    const void *algo = NULL;
-    int algo_ctrl = 0;
     unsigned char *got = NULL;
     size_t got_len;
-    int rv, i;
+    int i;
+    OSSL_PARAM params[21];
+    size_t params_n = 0;
+    size_t params_n_allocstart = 0;
+    const OSSL_PARAM *defined_params =
+        EVP_MAC_CTX_settable_params(expected->mac);
 
     if (expected->alg == NULL)
         TEST_info("Trying the EVP_MAC %s test", EVP_MAC_name(expected->mac));
@@ -1134,97 +1141,74 @@ static int mac_test_run_mac(EVP_TEST *t)
     }
 #endif
 
-    if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
-        t->err = "MAC_CREATE_ERROR";
-        goto err;
-    }
+    if (expected->alg != NULL)
+        params[params_n++] =
+            OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ALGORITHM,
+                                             expected->alg,
+                                             strlen(expected->alg) + 1);
+    if (expected->key != NULL)
+        params[params_n++] =
+            OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
+                                              expected->key,
+                                              expected->key_len);
+    if (expected->custom != NULL)
+        params[params_n++] =
+            OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
+                                              expected->custom,
+                                              expected->custom_len);
+    if (expected->salt != NULL)
+        params[params_n++] =
+            OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
+                                              expected->salt,
+                                              expected->salt_len);
+    if (expected->iv != NULL)
+        params[params_n++] =
+            OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
+                                              expected->iv,
+                                              expected->iv_len);
 
-    if (expected->alg != NULL
-        && ((algo_ctrl = EVP_MAC_CTRL_SET_CIPHER,
-             algo = EVP_get_cipherbyname(expected->alg)) == NULL
-            && (algo_ctrl = EVP_MAC_CTRL_SET_MD,
-                algo = EVP_get_digestbyname(expected->alg)) == NULL)) {
-        t->err = "MAC_BAD_ALGORITHM";
+    /*
+     * Unknown controls.  They must match parameters that the MAC recognises
+     */
+    if (params_n + sk_OPENSSL_STRING_num(expected->controls)
+        >= OSSL_NELEM(params)) {
+        t->err = "MAC_TOO_MANY_PARAMETERS";
         goto err;
     }
+    params_n_allocstart = params_n;
+    for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
+        char *tmpkey, *tmpval;
+        char *value = sk_OPENSSL_STRING_value(expected->controls, i);
 
-
-    if (algo_ctrl != 0) {
-        rv = EVP_MAC_ctrl(ctx, algo_ctrl, algo);
-        if (rv == -2) {
-            t->err = "MAC_CTRL_INVALID";
-            goto err;
-        } else if (rv <= 0) {
-            t->err = "MAC_CTRL_ERROR";
+        if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
+            t->err = "MAC_PARAM_ERROR";
             goto err;
         }
-    }
-
-    rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_KEY,
-                      expected->key, expected->key_len);
-    if (rv == -2) {
-        t->err = "MAC_CTRL_INVALID";
-        goto err;
-    } else if (rv <= 0) {
-        t->err = "MAC_CTRL_ERROR";
-        goto err;
-    }
-    if (expected->custom != NULL) {
-        rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_CUSTOM,
-                          expected->custom, expected->custom_len);
-        if (rv == -2) {
-            t->err = "MAC_CTRL_INVALID";
-            goto err;
-        } else if (rv <= 0) {
-            t->err = "MAC_CTRL_ERROR";
+        tmpval = strchr(tmpkey, ':');
+        if (tmpval != NULL)
+            *tmpval++ = '\0';
+
+        if (!OSSL_PARAM_allocate_from_text(&params[params_n], defined_params,
+                                           tmpkey, tmpval,
+                                           strlen(tmpval))) {
+            OPENSSL_free(tmpkey);
+            t->err = "MAC_PARAM_ERROR";
             goto err;
         }
-    }
+        params_n++;
 
-    if (expected->salt != NULL) {
-        rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_SALT,
-                          expected->salt, expected->salt_len);
-        if (rv == -2) {
-            t->err = "MAC_CTRL_INVALID";
-            goto err;
-        } else if (rv <= 0) {
-            t->err = "MAC_CTRL_ERROR";
-            goto err;
-        }
+        OPENSSL_free(tmpkey);
     }
+    params[params_n] = OSSL_PARAM_construct_end();
 
-    if (expected->iv != NULL) {
-        rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_IV,
-                          expected->iv, expected->iv_len);
-        if (rv == -2) {
-            t->err = "MAC_CTRL_INVALID";
-            goto err;
-        } else if (rv <= 0) {
-            t->err = "MAC_CTRL_ERROR";
-            goto err;
-        }
+    if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
+        t->err = "MAC_CREATE_ERROR";
+        goto err;
     }
 
-    for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
-        char *p, *tmpval;
-        char *value = sk_OPENSSL_STRING_value(expected->controls, i);
-
-        if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) {
-            t->err = "MAC_CTRL_ERROR";
-            goto err;
-        }
-        p = strchr(tmpval, ':');
-        if (p != NULL)
-            *p++ = '\0';
-        rv = EVP_MAC_ctrl_str(ctx, tmpval, p);
-        OPENSSL_free(tmpval);
-        if (rv == -2) {
-            t->err = "MAC_CTRL_INVALID";
-            goto err;
-        } else if (rv <= 0) {
-            t->err = "MAC_CTRL_ERROR";
-            goto err;
-        }
+    if (!EVP_MAC_CTX_set_params(ctx, params)) {
+        t->err = "MAC_BAD_PARAMS";
+        goto err;
     }
     if (!EVP_MAC_init(ctx)) {
         t->err = "MAC_INIT_ERROR";
@@ -1234,7 +1218,7 @@ static int mac_test_run_mac(EVP_TEST *t)
         t->err = "MAC_UPDATE_ERROR";
         goto err;
     }
-    if (!EVP_MAC_final(ctx, NULL, &got_len)) {
+    if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
         t->err = "MAC_FINAL_LENGTH_ERROR";
         goto err;
     }
@@ -1242,7 +1226,7 @@ static int mac_test_run_mac(EVP_TEST *t)
         t->err = "TEST_FAILURE";
         goto err;
     }
-    if (!EVP_MAC_final(ctx, got, &got_len)
+    if (!EVP_MAC_final(ctx, got, &got_len, got_len)
         || !memory_err_compare(t, "TEST_MAC_ERR",
                                expected->output, expected->output_len,
                                got, got_len)) {
@@ -1251,6 +1235,9 @@ static int mac_test_run_mac(EVP_TEST *t)
     }
     t->err = NULL;
  err:
+    while (params_n-- > params_n_allocstart) {
+        OPENSSL_free(params[params_n].data);
+    }
     EVP_MAC_CTX_free(ctx);
     OPENSSL_free(got);
     return 1;
diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt
index ada1ae6767..5b24200673 100644
--- a/test/recipes/30-test_evp_data/evpmac.txt
+++ b/test/recipes/30-test_evp_data/evpmac.txt
@@ -157,7 +157,7 @@ Output = 5150d1772f50834a503e069a973fbd7c
 MAC = SipHash
 Ctrl = digestsize:13
 Key = 000102030405060708090A0B0C0D0E0F
-Result = MAC_CTRL_ERROR
+Result = MAC_BAD_PARAMS
 
 # SIPHASH - default values: 2,4 rounds, explicit 13-byte mac (invalid size)
 # by EVP_PKEY this time
@@ -325,7 +325,7 @@ Output = 233a6c732212f4813ec4c9f357e35297e59a652fd24155205f00363f7c54734ee1e8c73
 MAC = BLAKE2BMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
 Ctrl = outlen:128
-Result = MAC_CTRL_ERROR
+Result = MAC_BAD_PARAMS
 
 MAC = BLAKE2BMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
@@ -381,7 +381,7 @@ Output = e9f7704dfe5080a4aafe62a806f53ea7f98ffc24175164158f18ec5497b961f5
 MAC = BLAKE2SMAC
 Key = 000102030405060708090a0b0c0d0e0f
 Ctrl = outlen:64
-Result = MAC_CTRL_ERROR
+Result = MAC_BAD_PARAMS
 
 MAC = BLAKE2SMAC
 Key = 000102030405060708090a0b0c0d0e0f
@@ -595,7 +595,7 @@ MAC = HMAC
 Algorithm = SHAKE128
 Input = "Test that SHAKE128 fails"
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
-Result = MAC_CTRL_ERROR
+Result = MAC_BAD_PARAMS
 
 
 Title = CMAC tests (from FIPS module)
-- 
2.34.1