2 * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/evp.h>
15 #include <openssl/pem.h>
16 #include <openssl/err.h>
17 #include <openssl/x509v3.h>
18 #include <openssl/pkcs12.h>
19 #include <openssl/kdf.h>
20 #include "internal/numbers.h"
24 static const char *current_test_file = "???";
27 * Remove spaces from beginning and end of a string
29 static void remove_space(char **pval)
31 unsigned char *p = (unsigned char *)*pval, *beginning;
36 *pval = (char *)(beginning = p);
38 p = p + strlen(*pval) - 1;
40 /* Remove trailing space */
41 while (p >= beginning && isspace(*p))
46 * Given a line of the form:
47 * name = value # comment
48 * extract name and value. NB: modifies |linebuf|.
50 static int parse_line(char **pkw, char **pval, char *linebuf)
52 char *p = linebuf + strlen(linebuf) - 1;
55 TEST_error("FATAL: missing EOL");
60 p = strchr(linebuf, '#');
65 if ((p = strchr(linebuf, '=')) == NULL)
77 * Unescape some escape sequences in string literals.
78 * Return the result in a newly allocated buffer.
79 * Currently only supports '\n'.
80 * If the input length is 0, returns a valid 1-byte buffer, but sets
83 static unsigned char* unescape(const char *input, size_t input_len,
86 unsigned char *ret, *p;
91 return OPENSSL_zalloc(1);
94 /* Escaping is non-expanding; over-allocate original size for simplicity. */
95 ret = p = OPENSSL_malloc(input_len);
99 for (i = 0; i < input_len; i++) {
100 if (input[i] == '\\') {
101 if (i == input_len - 1 || input[i+1] != 'n')
118 /* For a hex string "value" convert to a binary allocated buffer */
119 static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
125 /* Check for empty value */
128 * Don't return NULL for zero length buffer.
129 * This is needed for some tests with empty keys: HMAC_Init_ex() expects
130 * a non-NULL key buffer even if the key length is 0, in order to detect
133 *buf = OPENSSL_malloc(1);
141 /* Check for NULL literal */
142 if (strcmp(value, "NULL") == 0) {
148 /* Check for string literal */
149 if (value[0] == '"') {
152 vlen = strlen(value);
153 if (value[vlen - 1] != '"')
156 *buf = unescape(value, vlen, buflen);
162 /* Otherwise assume as hex literal and convert it to binary buffer */
163 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) {
164 TEST_info("Cannot convert %s", value);
165 ERR_print_errors(bio_err);
168 /* Size of input buffer means we'll never overflow */
174 * Structure used to hold a list of blocks of memory to test
175 * calls to "update" like functions.
178 struct evp_test_buffer_st {
185 static void evp_test_buffer_free(EVP_TEST_BUFFER *db)
188 OPENSSL_free(db->buf);
193 /* append buffer to a list */
195 static int evp_test_buffer_append(const char *value,
196 STACK_OF(EVP_TEST_BUFFER) **sk)
198 EVP_TEST_BUFFER *db = NULL;
200 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db))))
203 if (!test_bin(value, &db->buf, &db->buflen))
208 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null()))
211 if (!sk_EVP_TEST_BUFFER_push(*sk, db))
217 evp_test_buffer_free(db);
223 * replace last buffer in list with copies of itself
225 static int evp_test_buffer_ncopy(const char *value,
226 STACK_OF(EVP_TEST_BUFFER) *sk)
229 unsigned char *tbuf, *p;
231 int ncopy = atoi(value);
236 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
238 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
240 tbuflen = db->buflen * ncopy;
241 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen)))
243 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen)
244 memcpy(p, db->buf, db->buflen);
246 OPENSSL_free(db->buf);
248 db->buflen = tbuflen;
252 /* set repeat count for last buffer in list */
253 static int evp_test_buffer_set_count(const char *value,
254 STACK_OF(EVP_TEST_BUFFER) *sk)
257 int count = atoi(value);
262 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0)
265 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1);
269 db->count = (size_t)count;
275 * call "fn" with each element of the list in turn
277 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk,
279 const unsigned char *buf,
285 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) {
286 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i);
289 for (j = 0; j < tb->count; j++) {
290 if (fn(ctx, tb->buf, tb->buflen) <= 0)
297 #ifndef OPENSSL_NO_SCRYPT
298 /* Currently only used by scrypt tests */
299 /* Parse unsigned decimal 64 bit integer value */
300 static int test_uint64(const char *value, uint64_t *pr)
302 const char *p = value;
304 if (!TEST_true(*p)) {
305 TEST_info("Invalid empty integer value");
310 if (*pr > UINT64_MAX / 10) {
311 TEST_error("Integer overflow in string %s", value);
315 if (!TEST_true(isdigit(*p))) {
316 TEST_error("Invalid character in string %s", value);
325 static int compare_mem(unsigned char *expected, size_t expected_len,
326 unsigned char *got, size_t got_len)
328 if (!TEST_mem_eq(expected, expected_len, got, got_len))
334 typedef struct evp_test_method_st EVP_TEST_METHOD;
336 /* Structure holding test information */
337 typedef struct evp_test_st {
338 /* file being read */
340 /* temp memory BIO for reading in keys */
342 /* method for this test */
343 const EVP_TEST_METHOD *meth;
344 /* current line being processed */
346 /* start line of current test */
347 unsigned int start_line;
348 /* Error string for test */
349 const char *err, *aux_err;
350 /* Expected error value of test */
352 /* Expected error function string */
354 /* Expected error reason string */
356 /* Number of tests */
360 /* Number of tests skipped */
362 /* test specific data */
364 /* Current test should be skipped */
369 * Linked list of named keys.
371 typedef struct key_list_st {
374 struct key_list_st *next;
377 /* List of public and private keys */
378 static KEY_LIST *private_keys;
379 static KEY_LIST *public_keys;
382 * Test method structure
384 struct evp_test_method_st {
385 /* Name of test as it appears in file */
387 /* Initialise test for "alg" */
388 int (*init) (EVP_TEST * t, const char *alg);
389 /* Clean up method */
390 void (*cleanup) (EVP_TEST * t);
391 /* Test specific name value pair processing */
392 int (*parse) (EVP_TEST * t, const char *name, const char *value);
393 /* Run the test itself */
394 int (*run_test) (EVP_TEST * t);
397 static const EVP_TEST_METHOD digest_test_method, cipher_test_method;
398 static const EVP_TEST_METHOD mac_test_method;
399 static const EVP_TEST_METHOD psign_test_method, pverify_test_method;
400 static const EVP_TEST_METHOD pdecrypt_test_method;
401 static const EVP_TEST_METHOD pverify_recover_test_method;
402 static const EVP_TEST_METHOD pderive_test_method;
403 static const EVP_TEST_METHOD pbe_test_method;
404 static const EVP_TEST_METHOD encode_test_method;
405 static const EVP_TEST_METHOD kdf_test_method;
406 static const EVP_TEST_METHOD keypair_test_method;
407 static const EVP_TEST_METHOD digestsign_test_method;
408 static const EVP_TEST_METHOD digestverify_test_method;
409 static const EVP_TEST_METHOD oneshot_digestsign_test_method;
410 static const EVP_TEST_METHOD oneshot_digestverify_test_method;
412 static const EVP_TEST_METHOD *evp_test_list[] = {
417 &pverify_test_method,
418 &pdecrypt_test_method,
419 &pverify_recover_test_method,
420 &pderive_test_method,
424 &keypair_test_method,
425 &digestsign_test_method,
426 &digestverify_test_method,
427 &oneshot_digestsign_test_method,
428 &oneshot_digestverify_test_method,
432 static const EVP_TEST_METHOD *evp_find_test(const char *name)
434 const EVP_TEST_METHOD **tt;
436 for (tt = evp_test_list; *tt; tt++) {
437 if (strcmp(name, (*tt)->name) == 0)
443 static void clear_test(EVP_TEST *t)
445 OPENSSL_free(t->expected_err);
446 t->expected_err = NULL;
447 OPENSSL_free(t->func);
449 OPENSSL_free(t->reason);
456 * Check for errors in the test structure; return 1 if okay, else 0.
458 static int check_test_error(EVP_TEST *t)
464 if (t->err == NULL && t->expected_err == NULL)
466 if (t->err != NULL && t->expected_err == NULL) {
467 if (t->aux_err != NULL) {
468 TEST_info("Above error from the test at %s:%d "
469 "(%s) unexpected error %s",
470 current_test_file, t->start_line, t->aux_err, t->err);
472 TEST_info("Above error from the test at %s:%d "
473 "unexpected error %s",
474 current_test_file, t->start_line, t->err);
479 if (t->err == NULL && t->expected_err != NULL) {
480 TEST_info("Test line %d: succeeded expecting %s",
481 t->start_line, t->expected_err);
485 if (strcmp(t->err, t->expected_err) != 0) {
486 TEST_info("Test line %d: expecting %s got %s",
487 t->start_line, t->expected_err, t->err);
491 if (t->func == NULL && t->reason == NULL)
494 if (t->func == NULL || t->reason == NULL) {
495 TEST_info("Test line %d: missing function or reason code",
500 err = ERR_peek_error();
502 TEST_info("Test line %d, expected error \"%s:%s\" not set",
503 t->start_line, t->func, t->reason);
507 func = ERR_func_error_string(err);
508 reason = ERR_reason_error_string(err);
509 if (func == NULL && reason == NULL) {
510 TEST_info("Test line %d: expected error \"%s:%s\","
511 " no strings available. Skipping...\n",
512 t->start_line, t->func, t->reason);
516 if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0)
519 TEST_info("Test line %d: expected error \"%s:%s\", got \"%s:%s\"",
520 t->start_line, t->func, t->reason, func, reason);
526 * Setup a new test, run any existing test. Log a message and return 0
529 static int run_and_get_next(EVP_TEST *t, const EVP_TEST_METHOD *tmeth)
531 /* If we already have a test set up run it */
535 /*TEST_info("Line %d skipped %s test", t->start_line, t->meth->name);
540 if (t->err == NULL && t->meth->run_test(t) != 1) {
541 TEST_info("Line %d error %s", t->start_line, t->meth->name);
544 if (!check_test_error(t)) {
545 test_openssl_errors();
551 if (t->data != NULL) {
553 OPENSSL_free(t->data);
562 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst)
564 for (; lst; lst = lst->next) {
565 if (strcmp(lst->name, name) == 0) {
574 static void free_key_list(KEY_LIST *lst)
576 while (lst != NULL) {
579 EVP_PKEY_free(lst->key);
580 OPENSSL_free(lst->name);
587 static int check_unsupported()
589 long err = ERR_peek_error();
591 if (ERR_GET_LIB(err) == ERR_LIB_EVP
592 && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) {
596 #ifndef OPENSSL_NO_EC
598 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an
599 * hint to an unsupported algorithm/curve (e.g. if binary EC support is
602 if (ERR_GET_LIB(err) == ERR_LIB_EC
603 && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) {
607 #endif /* OPENSSL_NO_EC */
612 static int read_key(EVP_TEST *t)
616 if (t->key == NULL) {
617 if (!TEST_ptr(t->key = BIO_new(BIO_s_mem())))
619 } else if (!TEST_int_gt(BIO_reset(t->key), 0)) {
623 /* Read to PEM end line and place content in memory BIO */
624 while (BIO_gets(t->in, tmpbuf, sizeof(tmpbuf))) {
626 if (!TEST_int_gt(BIO_puts(t->key, tmpbuf), 0))
628 if (strncmp(tmpbuf, "-----END", 8) == 0)
631 TEST_error("Can't find key end");
636 * Parse a line into the current test |t|. Return 0 on error.
638 static int parse_test_line(EVP_TEST *t, char *buf)
640 char *keyword = NULL, *value = NULL;
642 KEY_LIST **lst = NULL, *key = NULL;
644 const EVP_TEST_METHOD *tmeth = NULL;
646 if (!parse_line(&keyword, &value, buf))
648 if (strcmp(keyword, "PrivateKey") == 0) {
651 pk = PEM_read_bio_PrivateKey(t->key, NULL, 0, NULL);
652 if (pk == NULL && !check_unsupported()) {
653 TEST_info("Error reading private key %s", value);
654 ERR_print_errors_fp(stderr);
660 if (strcmp(keyword, "PublicKey") == 0) {
663 pk = PEM_read_bio_PUBKEY(t->key, NULL, 0, NULL);
664 if (pk == NULL && !check_unsupported()) {
665 TEST_info("Error reading public key %s", value);
666 ERR_print_errors_fp(stderr);
672 /* If we have a key add to list */
674 if (find_key(NULL, value, *lst)) {
675 TEST_info("Duplicate key %s", value);
678 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))
679 || !TEST_ptr(key->name = OPENSSL_strdup(value)))
687 /* See if keyword corresponds to a test start */
688 if ((tmeth = evp_find_test(keyword)) != NULL) {
689 if (!run_and_get_next(t, tmeth))
691 t->start_line = t->line;
693 if (!tmeth->init(t, value)) {
694 TEST_info("Unknown %s: %s", keyword, value);
701 if (strcmp(keyword, "Title") == 0) {
702 TEST_info("Starting %s tests", value);
703 set_test_title(value);
704 } else if (strcmp(keyword, "Result") == 0) {
705 if (t->expected_err != NULL) {
706 TEST_info("Line %d: multiple result lines", t->line);
709 if (!TEST_ptr(t->expected_err = OPENSSL_strdup(value)))
711 } else if (strcmp(keyword, "Function") == 0) {
712 if (t->func != NULL) {
713 TEST_info("Line %d: multiple function lines\n", t->line);
716 if (!TEST_ptr(t->func = OPENSSL_strdup(value)))
718 } else if (strcmp(keyword, "Reason") == 0) {
719 if (t->reason != NULL) {
720 TEST_info("Line %d: multiple reason lines", t->line);
723 if (!TEST_ptr(t->reason = OPENSSL_strdup(value)))
726 /* Must be test specific line: try to parse it */
727 int rv = t->meth == NULL ? 0 : t->meth->parse(t, keyword, value);
730 TEST_info("Line %d: unknown keyword %s", t->line, keyword);
734 TEST_info("Line %d: error processing keyword %s\n",
742 /* Message digest tests */
744 typedef struct digest_data_st {
745 /* Digest this test is for */
746 const EVP_MD *digest;
747 /* Input to digest */
748 STACK_OF(EVP_TEST_BUFFER) *input;
749 /* Expected output */
750 unsigned char *output;
754 static int digest_test_init(EVP_TEST *t, const char *alg)
756 const EVP_MD *digest;
759 digest = EVP_get_digestbyname(alg);
761 /* If alg has an OID assume disabled algorithm */
762 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
768 mdat = OPENSSL_zalloc(sizeof(*mdat));
769 mdat->digest = digest;
774 static void digest_test_cleanup(EVP_TEST *t)
776 DIGEST_DATA *mdat = t->data;
778 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free);
779 OPENSSL_free(mdat->output);
782 static int digest_test_parse(EVP_TEST *t,
783 const char *keyword, const char *value)
785 DIGEST_DATA *mdata = t->data;
787 if (strcmp(keyword, "Input") == 0)
788 return evp_test_buffer_append(value, &mdata->input);
789 if (strcmp(keyword, "Output") == 0)
790 return test_bin(value, &mdata->output, &mdata->output_len);
791 if (strcmp(keyword, "Count") == 0)
792 return evp_test_buffer_set_count(value, mdata->input);
793 if (strcmp(keyword, "Ncopy") == 0)
794 return evp_test_buffer_ncopy(value, mdata->input);
798 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen)
800 return EVP_DigestUpdate(ctx, buf, buflen);
803 static int digest_test_run(EVP_TEST *t)
805 DIGEST_DATA *mdata = t->data;
807 unsigned char md[EVP_MAX_MD_SIZE];
810 t->err = "TEST_FAILURE";
811 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
814 if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL)) {
815 t->err = "DIGESTINIT_ERROR";
818 if (!evp_test_buffer_do(mdata->input, digest_update_fn, mctx)) {
819 t->err = "DIGESTUPDATE_ERROR";
823 if (!EVP_DigestFinal(mctx, md, &md_len)) {
824 t->err = "DIGESTFINAL_ERROR";
827 if (md_len != mdata->output_len) {
828 t->err = "DIGEST_LENGTH_MISMATCH";
831 if (!compare_mem(mdata->output, mdata->output_len, md, md_len)) {
832 t->err = "DIGEST_MISMATCH";
838 EVP_MD_CTX_free(mctx);
842 static const EVP_TEST_METHOD digest_test_method = {
851 typedef struct cipher_data_st {
852 const EVP_CIPHER *cipher;
854 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
860 unsigned char *plaintext;
861 size_t plaintext_len;
862 unsigned char *ciphertext;
863 size_t ciphertext_len;
871 static int cipher_test_init(EVP_TEST *t, const char *alg)
873 const EVP_CIPHER *cipher;
874 CIPHER_DATA *cdat = t->data;
876 cipher = EVP_get_cipherbyname(alg);
878 /* If alg has an OID assume disabled algorithm */
879 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
885 cdat = OPENSSL_malloc(sizeof(*cdat));
886 cdat->cipher = cipher;
890 cdat->ciphertext = NULL;
891 cdat->plaintext = NULL;
895 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE
896 || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE
897 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
898 cdat->aead = EVP_CIPHER_mode(cipher);
899 else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
907 static void cipher_test_cleanup(EVP_TEST *t)
909 CIPHER_DATA *cdat = t->data;
911 OPENSSL_free(cdat->key);
912 OPENSSL_free(cdat->iv);
913 OPENSSL_free(cdat->ciphertext);
914 OPENSSL_free(cdat->plaintext);
915 OPENSSL_free(cdat->aad);
916 OPENSSL_free(cdat->tag);
919 static int cipher_test_parse(EVP_TEST *t, const char *keyword,
922 CIPHER_DATA *cdat = t->data;
924 if (strcmp(keyword, "Key") == 0)
925 return test_bin(value, &cdat->key, &cdat->key_len);
926 if (strcmp(keyword, "IV") == 0)
927 return test_bin(value, &cdat->iv, &cdat->iv_len);
928 if (strcmp(keyword, "Plaintext") == 0)
929 return test_bin(value, &cdat->plaintext, &cdat->plaintext_len);
930 if (strcmp(keyword, "Ciphertext") == 0)
931 return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
933 if (strcmp(keyword, "AAD") == 0)
934 return test_bin(value, &cdat->aad, &cdat->aad_len);
935 if (strcmp(keyword, "Tag") == 0)
936 return test_bin(value, &cdat->tag, &cdat->tag_len);
939 if (strcmp(keyword, "Operation") == 0) {
940 if (strcmp(value, "ENCRYPT") == 0)
942 else if (strcmp(value, "DECRYPT") == 0)
951 static int cipher_test_enc(EVP_TEST *t, int enc,
952 size_t out_misalign, size_t inp_misalign, int frag)
954 CIPHER_DATA *cdat = t->data;
955 unsigned char *in, *out, *tmp = NULL;
956 size_t in_len, out_len, donelen = 0;
957 int ok = 0, tmplen, chunklen, tmpflen;
958 EVP_CIPHER_CTX *ctx = NULL;
960 t->err = "TEST_FAILURE";
961 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
963 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
965 in = cdat->plaintext;
966 in_len = cdat->plaintext_len;
967 out = cdat->ciphertext;
968 out_len = cdat->ciphertext_len;
970 in = cdat->ciphertext;
971 in_len = cdat->ciphertext_len;
972 out = cdat->plaintext;
973 out_len = cdat->plaintext_len;
975 if (inp_misalign == (size_t)-1) {
977 * Exercise in-place encryption
979 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
982 in = memcpy(tmp + out_misalign, in, in_len);
984 inp_misalign += 16 - ((out_misalign + in_len) & 15);
986 * 'tmp' will store both output and copy of input. We make the copy
987 * of input to specifically aligned part of 'tmp'. So we just
988 * figured out how much padding would ensure the required alignment,
989 * now we allocate extended buffer and finally copy the input just
990 * past inp_misalign in expression below. Output will be written
991 * past out_misalign...
993 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
994 inp_misalign + in_len);
997 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
998 inp_misalign, in, in_len);
1000 if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc)) {
1001 t->err = "CIPHERINIT_ERROR";
1006 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
1008 t->err = "INVALID_IV_LENGTH";
1011 } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) {
1012 t->err = "INVALID_IV_LENGTH";
1019 * If encrypting or OCB just set tag length initially, otherwise
1020 * set tag length and value.
1022 if (enc || cdat->aead == EVP_CIPH_OCB_MODE) {
1023 t->err = "TAG_LENGTH_SET_ERROR";
1026 t->err = "TAG_SET_ERROR";
1029 if (tag || cdat->aead != EVP_CIPH_GCM_MODE) {
1030 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1031 cdat->tag_len, tag))
1036 if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len)) {
1037 t->err = "INVALID_KEY_LENGTH";
1040 if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1)) {
1041 t->err = "KEY_SET_ERROR";
1045 if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) {
1046 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1047 cdat->tag_len, cdat->tag)) {
1048 t->err = "TAG_SET_ERROR";
1053 if (cdat->aead == EVP_CIPH_CCM_MODE) {
1054 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
1055 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
1060 t->err = "AAD_SET_ERROR";
1062 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad,
1067 * Supply the AAD in chunks less than the block size where possible
1069 if (cdat->aad_len > 0) {
1070 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, 1))
1074 if (cdat->aad_len > 2) {
1075 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad + donelen,
1078 donelen += cdat->aad_len - 2;
1080 if (cdat->aad_len > 1
1081 && !EVP_CipherUpdate(ctx, NULL, &chunklen,
1082 cdat->aad + donelen, 1))
1086 EVP_CIPHER_CTX_set_padding(ctx, 0);
1087 t->err = "CIPHERUPDATE_ERROR";
1090 /* We supply the data all in one go */
1091 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
1094 /* Supply the data in chunks less than the block size where possible */
1096 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1))
1103 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1111 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen,
1117 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) {
1118 t->err = "CIPHERFINAL_ERROR";
1121 if (!compare_mem(out, out_len, tmp + out_misalign, tmplen + tmpflen)) {
1122 t->err = "VALUE_MISMATCH";
1125 if (enc && cdat->aead) {
1126 unsigned char rtag[16];
1128 if (cdat->tag_len > sizeof(rtag)) {
1129 t->err = "TAG_LENGTH_INTERNAL_ERROR";
1132 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1133 cdat->tag_len, rtag)) {
1134 t->err = "TAG_RETRIEVE_ERROR";
1137 if (!compare_mem(cdat->tag, cdat->tag_len, rtag, cdat->tag_len)) {
1138 t->err = "TAG_VALUE_MISMATCH";
1146 EVP_CIPHER_CTX_free(ctx);
1150 static int cipher_test_run(EVP_TEST *t)
1152 CIPHER_DATA *cdat = t->data;
1154 size_t out_misalign, inp_misalign;
1160 if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
1161 /* IV is optional and usually omitted in wrap mode */
1162 if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
1167 if (cdat->aead && !cdat->tag) {
1171 for (out_misalign = 0; out_misalign <= 1;) {
1172 static char aux_err[64];
1173 t->aux_err = aux_err;
1174 for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
1175 if (inp_misalign == (size_t)-1) {
1176 /* kludge: inp_misalign == -1 means "exercise in-place" */
1177 BIO_snprintf(aux_err, sizeof(aux_err),
1178 "%s in-place, %sfragmented",
1179 out_misalign ? "misaligned" : "aligned",
1180 frag ? "" : "not ");
1182 BIO_snprintf(aux_err, sizeof(aux_err),
1183 "%s output and %s input, %sfragmented",
1184 out_misalign ? "misaligned" : "aligned",
1185 inp_misalign ? "misaligned" : "aligned",
1186 frag ? "" : "not ");
1189 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag);
1190 /* Not fatal errors: return */
1197 if (cdat->enc != 1) {
1198 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag);
1199 /* Not fatal errors: return */
1208 if (out_misalign == 1 && frag == 0) {
1210 * XTS, CCM and Wrap modes have special requirements about input
1211 * lengths so we don't fragment for those
1213 if (cdat->aead == EVP_CIPH_CCM_MODE
1214 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
1215 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
1228 static const EVP_TEST_METHOD cipher_test_method = {
1231 cipher_test_cleanup,
1236 typedef struct mac_data_st {
1239 /* Algorithm string for this MAC */
1245 unsigned char *input;
1247 /* Expected output */
1248 unsigned char *output;
1252 static int mac_test_init(EVP_TEST *t, const char *alg)
1257 if (strcmp(alg, "HMAC") == 0) {
1258 type = EVP_PKEY_HMAC;
1259 } else if (strcmp(alg, "CMAC") == 0) {
1260 #ifndef OPENSSL_NO_CMAC
1261 type = EVP_PKEY_CMAC;
1266 } else if (strcmp(alg, "Poly1305") == 0) {
1267 #ifndef OPENSSL_NO_POLY1305
1268 type = EVP_PKEY_POLY1305;
1273 } else if (strcmp(alg, "SipHash") == 0) {
1274 #ifndef OPENSSL_NO_SIPHASH
1275 type = EVP_PKEY_SIPHASH;
1283 mdat = OPENSSL_zalloc(sizeof(*mdat));
1289 static void mac_test_cleanup(EVP_TEST *t)
1291 MAC_DATA *mdat = t->data;
1293 OPENSSL_free(mdat->alg);
1294 OPENSSL_free(mdat->key);
1295 OPENSSL_free(mdat->input);
1296 OPENSSL_free(mdat->output);
1299 static int mac_test_parse(EVP_TEST *t,
1300 const char *keyword, const char *value)
1302 MAC_DATA *mdata = t->data;
1304 if (strcmp(keyword, "Key") == 0)
1305 return test_bin(value, &mdata->key, &mdata->key_len);
1306 if (strcmp(keyword, "Algorithm") == 0) {
1307 mdata->alg = OPENSSL_strdup(value);
1312 if (strcmp(keyword, "Input") == 0)
1313 return test_bin(value, &mdata->input, &mdata->input_len);
1314 if (strcmp(keyword, "Output") == 0)
1315 return test_bin(value, &mdata->output, &mdata->output_len);
1319 static int mac_test_run(EVP_TEST *t)
1321 MAC_DATA *mdata = t->data;
1322 EVP_MD_CTX *mctx = NULL;
1323 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
1324 EVP_PKEY *key = NULL;
1325 const EVP_MD *md = NULL;
1326 unsigned char *mac = NULL;
1329 #ifdef OPENSSL_NO_DES
1330 if (mdata->alg != NULL && strstr(mdata->alg, "DES") != NULL) {
1337 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL))) {
1338 t->err = "MAC_PKEY_CTX_ERROR";
1342 if (EVP_PKEY_keygen_init(genctx) <= 0) {
1343 t->err = "MAC_KEYGEN_INIT_ERROR";
1346 if (mdata->type == EVP_PKEY_CMAC
1347 && EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0) {
1348 t->err = "MAC_ALGORITHM_SET_ERROR";
1352 if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0) {
1353 t->err = "MAC_KEY_SET_ERROR";
1357 if (EVP_PKEY_keygen(genctx, &key) <= 0) {
1358 t->err = "MAC_KEY_GENERATE_ERROR";
1361 if (mdata->type == EVP_PKEY_HMAC) {
1362 if (!TEST_ptr(md = EVP_get_digestbyname(mdata->alg))) {
1363 t->err = "MAC_ALGORITHM_SET_ERROR";
1367 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) {
1368 t->err = "INTERNAL_ERROR";
1371 if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) {
1372 t->err = "DIGESTSIGNINIT_ERROR";
1376 if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len)) {
1377 t->err = "DIGESTSIGNUPDATE_ERROR";
1380 if (!EVP_DigestSignFinal(mctx, NULL, &mac_len)) {
1381 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
1384 if (!TEST_ptr(mac = OPENSSL_malloc(mac_len))) {
1385 t->err = "TEST_FAILURE";
1388 if (!EVP_DigestSignFinal(mctx, mac, &mac_len)
1389 || !compare_mem(mdata->output, mdata->output_len, mac, mac_len)) {
1390 t->err = "TEST_MAC_ERR";
1395 EVP_MD_CTX_free(mctx);
1397 EVP_PKEY_CTX_free(genctx);
1402 static const EVP_TEST_METHOD mac_test_method = {
1411 * Public key operations. These are all very similar and can share
1412 * a lot of common code.
1415 typedef struct pkey_data_st {
1416 /* Context for this operation */
1418 /* Key operation to perform */
1419 int (*keyop) (EVP_PKEY_CTX *ctx,
1420 unsigned char *sig, size_t *siglen,
1421 const unsigned char *tbs, size_t tbslen);
1423 unsigned char *input;
1425 /* Expected output */
1426 unsigned char *output;
1431 * Perform public key operation setup: lookup key, allocated ctx and call
1432 * the appropriate initialisation function
1434 static int pkey_test_init(EVP_TEST *t, const char *name,
1436 int (*keyopinit) (EVP_PKEY_CTX *ctx),
1437 int (*keyop) (EVP_PKEY_CTX *ctx,
1438 unsigned char *sig, size_t *siglen,
1439 const unsigned char *tbs,
1444 EVP_PKEY *pkey = NULL;
1448 rv = find_key(&pkey, name, public_keys);
1450 rv = find_key(&pkey, name, private_keys);
1451 if (rv == 0 || pkey == NULL) {
1456 if (!TEST_ptr(kdata = OPENSSL_malloc(sizeof(*kdata)))) {
1457 EVP_PKEY_free(pkey);
1461 kdata->input = NULL;
1462 kdata->output = NULL;
1463 kdata->keyop = keyop;
1465 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1467 if (keyopinit(kdata->ctx) <= 0)
1468 t->err = "KEYOP_INIT_ERROR";
1472 static void pkey_test_cleanup(EVP_TEST *t)
1474 PKEY_DATA *kdata = t->data;
1476 OPENSSL_free(kdata->input);
1477 OPENSSL_free(kdata->output);
1478 EVP_PKEY_CTX_free(kdata->ctx);
1481 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
1487 if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
1489 p = strchr(tmpval, ':');
1492 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
1494 t->err = "PKEY_CTRL_INVALID";
1496 } else if (p != NULL && rv <= 0) {
1497 /* If p has an OID and lookup fails assume disabled algorithm */
1498 int nid = OBJ_sn2nid(p);
1500 if (nid == NID_undef)
1501 nid = OBJ_ln2nid(p);
1502 if ((nid != NID_undef) && EVP_get_digestbynid(nid) == NULL &&
1503 EVP_get_cipherbynid(nid) == NULL) {
1507 t->err = "PKEY_CTRL_ERROR";
1511 OPENSSL_free(tmpval);
1515 static int pkey_test_parse(EVP_TEST *t,
1516 const char *keyword, const char *value)
1518 PKEY_DATA *kdata = t->data;
1519 if (strcmp(keyword, "Input") == 0)
1520 return test_bin(value, &kdata->input, &kdata->input_len);
1521 if (strcmp(keyword, "Output") == 0)
1522 return test_bin(value, &kdata->output, &kdata->output_len);
1523 if (strcmp(keyword, "Ctrl") == 0)
1524 return pkey_test_ctrl(t, kdata->ctx, value);
1528 static int pkey_test_run(EVP_TEST *t)
1530 PKEY_DATA *kdata = t->data;
1531 unsigned char *out = NULL;
1534 if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input,
1535 kdata->input_len) <= 0
1536 || !TEST_ptr(out = OPENSSL_malloc(out_len))) {
1537 t->err = "KEYOP_LENGTH_ERROR";
1540 if (kdata->keyop(kdata->ctx, out,
1541 &out_len, kdata->input, kdata->input_len) <= 0) {
1542 t->err = "KEYOP_ERROR";
1545 if (!compare_mem(kdata->output, kdata->output_len, out, out_len)) {
1546 t->err = "KEYOP_MISMATCH";
1555 static int sign_test_init(EVP_TEST *t, const char *name)
1557 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
1560 static const EVP_TEST_METHOD psign_test_method = {
1568 static int verify_recover_test_init(EVP_TEST *t, const char *name)
1570 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
1571 EVP_PKEY_verify_recover);
1574 static const EVP_TEST_METHOD pverify_recover_test_method = {
1576 verify_recover_test_init,
1582 static int decrypt_test_init(EVP_TEST *t, const char *name)
1584 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
1588 static const EVP_TEST_METHOD pdecrypt_test_method = {
1596 static int verify_test_init(EVP_TEST *t, const char *name)
1598 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
1601 static int verify_test_run(EVP_TEST *t)
1603 PKEY_DATA *kdata = t->data;
1605 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
1606 kdata->input, kdata->input_len) <= 0)
1607 t->err = "VERIFY_ERROR";
1611 static const EVP_TEST_METHOD pverify_test_method = {
1620 static int pderive_test_init(EVP_TEST *t, const char *name)
1622 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0);
1625 static int pderive_test_parse(EVP_TEST *t,
1626 const char *keyword, const char *value)
1628 PKEY_DATA *kdata = t->data;
1630 if (strcmp(keyword, "PeerKey") == 0) {
1632 if (find_key(&peer, value, public_keys) == 0)
1634 if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
1638 if (strcmp(keyword, "SharedSecret") == 0)
1639 return test_bin(value, &kdata->output, &kdata->output_len);
1640 if (strcmp(keyword, "Ctrl") == 0)
1641 return pkey_test_ctrl(t, kdata->ctx, value);
1645 static int pderive_test_run(EVP_TEST *t)
1647 PKEY_DATA *kdata = t->data;
1648 unsigned char *out = NULL;
1651 out_len = kdata->output_len;
1652 if (!TEST_ptr(out = OPENSSL_malloc(out_len))) {
1653 t->err = "DERIVE_ERROR";
1656 if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) {
1657 t->err = "DERIVE_ERROR";
1660 if (!compare_mem(kdata->output, kdata->output_len, out, out_len)) {
1661 t->err = "SHARED_SECRET_MISMATCH";
1671 static const EVP_TEST_METHOD pderive_test_method = {
1681 #define PBE_TYPE_SCRYPT 1
1682 #define PBE_TYPE_PBKDF2 2
1683 #define PBE_TYPE_PKCS12 3
1685 typedef struct pbe_data_st {
1687 /* scrypt parameters */
1688 uint64_t N, r, p, maxmem;
1689 /* PKCS#12 parameters */
1693 unsigned char *pass;
1696 unsigned char *salt;
1698 /* Expected output */
1703 #ifndef OPENSSL_NO_SCRYPT
1704 static int scrypt_test_parse(EVP_TEST *t,
1705 const char *keyword, const char *value)
1707 PBE_DATA *pdata = t->data;
1709 if (strcmp(keyword, "N") == 0)
1710 return test_uint64(value, &pdata->N);
1711 if (strcmp(keyword, "p") == 0)
1712 return test_uint64(value, &pdata->p);
1713 if (strcmp(keyword, "r") == 0)
1714 return test_uint64(value, &pdata->r);
1715 if (strcmp(keyword, "maxmem") == 0)
1716 return test_uint64(value, &pdata->maxmem);
1721 static int pbkdf2_test_parse(EVP_TEST *t,
1722 const char *keyword, const char *value)
1724 PBE_DATA *pdata = t->data;
1726 if (strcmp(keyword, "iter") == 0) {
1727 pdata->iter = atoi(value);
1728 if (pdata->iter <= 0)
1732 if (strcmp(keyword, "MD") == 0) {
1733 pdata->md = EVP_get_digestbyname(value);
1734 if (pdata->md == NULL)
1741 static int pkcs12_test_parse(EVP_TEST *t,
1742 const char *keyword, const char *value)
1744 PBE_DATA *pdata = t->data;
1746 if (strcmp(keyword, "id") == 0) {
1747 pdata->id = atoi(value);
1752 return pbkdf2_test_parse(t, keyword, value);
1755 static int pbe_test_init(EVP_TEST *t, const char *alg)
1760 if (strcmp(alg, "scrypt") == 0) {
1761 #ifndef OPENSSL_NO_SCRYPT
1762 pbe_type = PBE_TYPE_SCRYPT;
1767 } else if (strcmp(alg, "pbkdf2") == 0) {
1768 pbe_type = PBE_TYPE_PBKDF2;
1769 } else if (strcmp(alg, "pkcs12") == 0) {
1770 pbe_type = PBE_TYPE_PKCS12;
1772 TEST_error("Unknown pbe algorithm %s", alg);
1774 pdat = OPENSSL_malloc(sizeof(*pdat));
1775 pdat->pbe_type = pbe_type;
1789 static void pbe_test_cleanup(EVP_TEST *t)
1791 PBE_DATA *pdat = t->data;
1793 OPENSSL_free(pdat->pass);
1794 OPENSSL_free(pdat->salt);
1795 OPENSSL_free(pdat->key);
1798 static int pbe_test_parse(EVP_TEST *t,
1799 const char *keyword, const char *value)
1801 PBE_DATA *pdata = t->data;
1803 if (strcmp(keyword, "Password") == 0)
1804 return test_bin(value, &pdata->pass, &pdata->pass_len);
1805 if (strcmp(keyword, "Salt") == 0)
1806 return test_bin(value, &pdata->salt, &pdata->salt_len);
1807 if (strcmp(keyword, "Key") == 0)
1808 return test_bin(value, &pdata->key, &pdata->key_len);
1809 if (pdata->pbe_type == PBE_TYPE_PBKDF2)
1810 return pbkdf2_test_parse(t, keyword, value);
1811 else if (pdata->pbe_type == PBE_TYPE_PKCS12)
1812 return pkcs12_test_parse(t, keyword, value);
1813 #ifndef OPENSSL_NO_SCRYPT
1814 else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
1815 return scrypt_test_parse(t, keyword, value);
1820 static int pbe_test_run(EVP_TEST *t)
1822 PBE_DATA *pdata = t->data;
1825 if (!TEST_ptr(key = OPENSSL_malloc(pdata->key_len))) {
1826 t->err = "INTERNAL_ERROR";
1829 if (pdata->pbe_type == PBE_TYPE_PBKDF2) {
1830 if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len,
1831 pdata->salt, pdata->salt_len,
1832 pdata->iter, pdata->md,
1833 pdata->key_len, key) == 0) {
1834 t->err = "PBKDF2_ERROR";
1837 #ifndef OPENSSL_NO_SCRYPT
1838 } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {
1839 if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
1840 pdata->salt, pdata->salt_len,
1841 pdata->N, pdata->r, pdata->p, pdata->maxmem,
1842 key, pdata->key_len) == 0) {
1843 t->err = "SCRYPT_ERROR";
1847 } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {
1848 if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,
1849 pdata->salt, pdata->salt_len,
1850 pdata->id, pdata->iter, pdata->key_len,
1851 key, pdata->md) == 0) {
1852 t->err = "PKCS12_ERROR";
1856 if (!compare_mem(pdata->key, pdata->key_len, key, pdata->key_len)) {
1857 t->err = "KEY_MISMATCH";
1866 static const EVP_TEST_METHOD pbe_test_method = {
1877 BASE64_CANONICAL_ENCODING = 0,
1878 BASE64_VALID_ENCODING = 1,
1879 BASE64_INVALID_ENCODING = 2
1880 } base64_encoding_type;
1882 typedef struct encode_data_st {
1883 /* Input to encoding */
1884 unsigned char *input;
1886 /* Expected output */
1887 unsigned char *output;
1889 base64_encoding_type encoding;
1892 static int encode_test_init(EVP_TEST *t, const char *encoding)
1894 ENCODE_DATA *edata = OPENSSL_zalloc(sizeof(*edata));
1896 if (strcmp(encoding, "canonical") == 0) {
1897 edata->encoding = BASE64_CANONICAL_ENCODING;
1898 } else if (strcmp(encoding, "valid") == 0) {
1899 edata->encoding = BASE64_VALID_ENCODING;
1900 } else if (strcmp(encoding, "invalid") == 0) {
1901 edata->encoding = BASE64_INVALID_ENCODING;
1902 t->expected_err = OPENSSL_strdup("DECODE_ERROR");
1903 if (t->expected_err == NULL)
1906 TEST_info("Bad encoding: %s. Should be one of "
1907 "{canonical, valid, invalid}", encoding);
1914 static void encode_test_cleanup(EVP_TEST *t)
1916 ENCODE_DATA *edata = t->data;
1918 OPENSSL_free(edata->input);
1919 OPENSSL_free(edata->output);
1920 memset(edata, 0, sizeof(*edata));
1923 static int encode_test_parse(EVP_TEST *t,
1924 const char *keyword, const char *value)
1926 ENCODE_DATA *edata = t->data;
1927 if (strcmp(keyword, "Input") == 0)
1928 return test_bin(value, &edata->input, &edata->input_len);
1929 if (strcmp(keyword, "Output") == 0)
1930 return test_bin(value, &edata->output, &edata->output_len);
1934 static int encode_test_run(EVP_TEST *t)
1936 ENCODE_DATA *edata = t->data;
1937 unsigned char *encode_out = NULL, *decode_out = NULL;
1938 int output_len, chunk_len;
1939 EVP_ENCODE_CTX *decode_ctx;
1941 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) {
1942 t->err = "INTERNAL_ERROR";
1946 if (edata->encoding == BASE64_CANONICAL_ENCODING) {
1947 EVP_ENCODE_CTX *encode_ctx;
1949 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new())
1950 || !TEST_ptr(encode_out =
1951 OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len))))
1954 EVP_EncodeInit(encode_ctx);
1955 EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
1956 edata->input, edata->input_len);
1957 output_len = chunk_len;
1959 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
1960 output_len += chunk_len;
1962 EVP_ENCODE_CTX_free(encode_ctx);
1964 if (!compare_mem(edata->output, edata->output_len,
1965 encode_out, output_len)) {
1966 t->err = "BAD_ENCODING";
1971 if (!TEST_ptr(decode_out =
1972 OPENSSL_malloc(EVP_DECODE_LENGTH(edata->output_len))))
1975 EVP_DecodeInit(decode_ctx);
1976 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output,
1977 edata->output_len) < 0) {
1978 t->err = "DECODE_ERROR";
1981 output_len = chunk_len;
1983 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
1984 t->err = "DECODE_ERROR";
1987 output_len += chunk_len;
1989 if (edata->encoding != BASE64_INVALID_ENCODING
1990 && !compare_mem(edata->input, edata->input_len,
1991 decode_out, output_len)) {
1992 t->err = "BAD_DECODING";
1998 OPENSSL_free(encode_out);
1999 OPENSSL_free(decode_out);
2000 EVP_ENCODE_CTX_free(decode_ctx);
2004 static const EVP_TEST_METHOD encode_test_method = {
2007 encode_test_cleanup,
2012 /* KDF operations */
2014 typedef struct kdf_data_st {
2015 /* Context for this operation */
2017 /* Expected output */
2018 unsigned char *output;
2023 * Perform public key operation setup: lookup key, allocated ctx and call
2024 * the appropriate initialisation function
2026 static int kdf_test_init(EVP_TEST *t, const char *name)
2030 kdata = OPENSSL_malloc(sizeof(*kdata));
2034 kdata->output = NULL;
2036 kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL);
2037 if (kdata->ctx == NULL)
2039 if (EVP_PKEY_derive_init(kdata->ctx) <= 0)
2044 static void kdf_test_cleanup(EVP_TEST *t)
2046 KDF_DATA *kdata = t->data;
2047 OPENSSL_free(kdata->output);
2048 EVP_PKEY_CTX_free(kdata->ctx);
2051 static int kdf_test_parse(EVP_TEST *t,
2052 const char *keyword, const char *value)
2054 KDF_DATA *kdata = t->data;
2056 if (strcmp(keyword, "Output") == 0)
2057 return test_bin(value, &kdata->output, &kdata->output_len);
2058 if (strncmp(keyword, "Ctrl", 4) == 0)
2059 return pkey_test_ctrl(t, kdata->ctx, value);
2063 static int kdf_test_run(EVP_TEST *t)
2065 KDF_DATA *kdata = t->data;
2066 unsigned char *out = NULL;
2067 size_t out_len = kdata->output_len;
2069 if (!TEST_ptr(out = OPENSSL_malloc(out_len))) {
2070 t->err = "INTERNAL_ERROR";
2073 if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) {
2074 t->err = "KDF_DERIVE_ERROR";
2077 if (!compare_mem(kdata->output, kdata->output_len, out, out_len)) {
2078 t->err = "KDF_MISMATCH";
2088 static const EVP_TEST_METHOD kdf_test_method = {
2096 typedef struct keypair_test_buffer_st {
2099 } KEYPAIR_TEST_DATA;
2101 static int keypair_test_init(EVP_TEST *t, const char *pair)
2104 EVP_PKEY *pk = NULL, *pubk = NULL;
2105 char *pub, *priv = NULL;
2106 KEYPAIR_TEST_DATA *data;
2108 if (!TEST_ptr(priv = OPENSSL_strdup(pair))
2109 || !TEST_ptr(pub = strchr(priv, ':'))) {
2110 t->err = "PARSING_ERROR";
2113 *pub++ = 0; /* split priv and pub strings */
2115 if (!TEST_true(find_key(&pk, priv, private_keys))) {
2116 TEST_info("Cannot find private key: %s", priv);
2117 t->err = "MISSING_PRIVATE_KEY";
2120 if (!TEST_true(find_key(&pubk, pub, public_keys))) {
2121 TEST_info("Cannot find public key: %s", pub);
2122 t->err = "MISSING_PUBLIC_KEY";
2126 if (pk == NULL && pubk == NULL) {
2127 /* Both keys are listed but unsupported: skip this test */
2133 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data))))
2147 static void keypair_test_cleanup(EVP_TEST *t)
2149 OPENSSL_free(t->data);
2153 /* For test that do not accept any custom keyword:
2154 * return 0 if called
2156 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value)
2161 static int keypair_test_run(EVP_TEST *t)
2164 const KEYPAIR_TEST_DATA *pair = t->data;
2166 if (pair->privk == NULL || pair->pubk == NULL) {
2168 * this can only happen if only one of the keys is not set
2169 * which means that one of them was unsupported while the
2170 * other isn't: hence a key type mismatch.
2172 t->err = "KEYPAIR_TYPE_MISMATCH";
2177 if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) {
2179 t->err = "KEYPAIR_MISMATCH";
2180 } else if ( -1 == rv ) {
2181 t->err = "KEYPAIR_TYPE_MISMATCH";
2182 } else if ( -2 == rv ) {
2183 t->err = "UNSUPPORTED_KEY_COMPARISON";
2185 TEST_error("Unexpected error in key comparison");
2200 static const EVP_TEST_METHOD keypair_test_method = {
2203 keypair_test_cleanup,
2209 int is_verify; /* Set to 1 if verifying */
2210 int is_oneshot; /* Set to 1 for one shot operation */
2211 const EVP_MD *md; /* Digest to use */
2212 EVP_MD_CTX *ctx; /* Digest context */
2214 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */
2215 unsigned char *osin; /* Input data if one shot */
2216 size_t osin_len; /* Input length data if one shot */
2217 unsigned char *output; /* Expected output */
2218 size_t output_len; /* Expected output length */
2221 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify,
2224 const EVP_MD *md = NULL;
2225 DIGESTSIGN_DATA *mdat;
2227 if (strcmp(alg, "NULL") != 0) {
2228 if ((md = EVP_get_digestbyname(alg)) == NULL) {
2229 /* If alg has an OID assume disabled algorithm */
2230 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
2237 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
2240 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) {
2244 mdat->is_verify = is_verify;
2245 mdat->is_oneshot = is_oneshot;
2250 static int digestsign_test_init(EVP_TEST *t, const char *alg)
2252 return digestsigver_test_init(t, alg, 0, 0);
2255 static void digestsigver_test_cleanup(EVP_TEST *t)
2257 DIGESTSIGN_DATA *mdata = t->data;
2259 EVP_MD_CTX_free(mdata->ctx);
2260 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free);
2261 OPENSSL_free(mdata->osin);
2262 OPENSSL_free(mdata->output);
2263 OPENSSL_free(mdata);
2267 static int digestsigver_test_parse(EVP_TEST *t,
2268 const char *keyword, const char *value)
2270 DIGESTSIGN_DATA *mdata = t->data;
2272 if (strcmp(keyword, "Key") == 0) {
2273 EVP_PKEY *pkey = NULL;
2276 if (mdata->is_verify)
2277 rv = find_key(&pkey, value, public_keys);
2279 rv = find_key(&pkey, value, private_keys);
2280 if (rv == 0 || pkey == NULL) {
2284 if (mdata->is_verify) {
2285 if (!EVP_DigestVerifyInit(mdata->ctx, &mdata->pctx, mdata->md,
2287 t->err = "DIGESTVERIFYINIT_ERROR";
2290 if (!EVP_DigestSignInit(mdata->ctx, &mdata->pctx, mdata->md, NULL,
2292 t->err = "DIGESTSIGNINIT_ERROR";
2296 if (strcmp(keyword, "Input") == 0) {
2297 if (mdata->is_oneshot)
2298 return test_bin(value, &mdata->osin, &mdata->osin_len);
2299 return evp_test_buffer_append(value, &mdata->input);
2301 if (strcmp(keyword, "Output") == 0)
2302 return test_bin(value, &mdata->output, &mdata->output_len);
2304 if (!mdata->is_oneshot) {
2305 if (strcmp(keyword, "Count") == 0)
2306 return evp_test_buffer_set_count(value, mdata->input);
2307 if (strcmp(keyword, "Ncopy") == 0)
2308 return evp_test_buffer_ncopy(value, mdata->input);
2310 if (strcmp(keyword, "Ctrl") == 0) {
2311 if (mdata->pctx == NULL)
2313 return pkey_test_ctrl(t, mdata->pctx, value);
2318 static int digestsign_update_fn(void *ctx, const unsigned char *buf,
2321 return EVP_DigestSignUpdate(ctx, buf, buflen);
2324 static int digestsign_test_run(EVP_TEST *t)
2326 DIGESTSIGN_DATA *mdata = t->data;
2327 unsigned char *buf = NULL;
2330 if (!evp_test_buffer_do(mdata->input, digestsign_update_fn, mdata->ctx)) {
2331 t->err = "DIGESTUPDATE_ERROR";
2335 if (!EVP_DigestSignFinal(mdata->ctx, NULL, &buflen)) {
2336 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR";
2339 if (!TEST_ptr(buf = OPENSSL_malloc(buflen))) {
2340 t->err = "MALLOC_FAILURE";
2343 if (!EVP_DigestSignFinal(mdata->ctx, buf, &buflen)) {
2344 t->err = "DIGESTSIGNFINAL_ERROR";
2347 if (!compare_mem(mdata->output, mdata->output_len, buf, buflen)) {
2348 t->err = "SIGNATURE_MISMATCH";
2357 static const EVP_TEST_METHOD digestsign_test_method = {
2359 digestsign_test_init,
2360 digestsigver_test_cleanup,
2361 digestsigver_test_parse,
2365 static int digestverify_test_init(EVP_TEST *t, const char *alg)
2367 return digestsigver_test_init(t, alg, 1, 0);
2370 static int digestverify_update_fn(void *ctx, const unsigned char *buf,
2373 return EVP_DigestVerifyUpdate(ctx, buf, buflen);
2376 static int digestverify_test_run(EVP_TEST *t)
2378 DIGESTSIGN_DATA *mdata = t->data;
2380 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) {
2381 t->err = "DIGESTUPDATE_ERROR";
2385 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output,
2386 mdata->output_len) <= 0)
2387 t->err = "VERIFY_ERROR";
2391 static const EVP_TEST_METHOD digestverify_test_method = {
2393 digestverify_test_init,
2394 digestsigver_test_cleanup,
2395 digestsigver_test_parse,
2396 digestverify_test_run
2399 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg)
2401 return digestsigver_test_init(t, alg, 0, 1);
2404 static int oneshot_digestsign_test_run(EVP_TEST *t)
2406 DIGESTSIGN_DATA *mdata = t->data;
2407 unsigned char *buf = NULL;
2410 if (!EVP_DigestSign(mdata->ctx, NULL, &buflen, mdata->osin,
2412 t->err = "DIGESTSIGN_LENGTH_ERROR";
2415 if (!TEST_ptr(buf = OPENSSL_malloc(buflen))) {
2416 t->err = "MALLOC_FAILURE";
2419 if (!EVP_DigestSign(mdata->ctx, buf, &buflen, mdata->osin,
2421 t->err = "DIGESTSIGN_ERROR";
2424 if (!compare_mem(mdata->output, mdata->output_len, buf, buflen)) {
2425 t->err = "SIGNATURE_MISMATCH";
2434 static const EVP_TEST_METHOD oneshot_digestsign_test_method = {
2435 "OneShotDigestSign",
2436 oneshot_digestsign_test_init,
2437 digestsigver_test_cleanup,
2438 digestsigver_test_parse,
2439 oneshot_digestsign_test_run
2442 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg)
2444 return digestsigver_test_init(t, alg, 1, 1);
2447 static int oneshot_digestverify_test_run(EVP_TEST *t)
2449 DIGESTSIGN_DATA *mdata = t->data;
2451 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len,
2452 mdata->osin, mdata->osin_len) <= 0)
2453 t->err = "VERIFY_ERROR";
2457 static const EVP_TEST_METHOD oneshot_digestverify_test_method = {
2458 "OneShotDigestVerify",
2459 oneshot_digestverify_test_init,
2460 digestsigver_test_cleanup,
2461 digestsigver_test_parse,
2462 oneshot_digestverify_test_run
2465 static int do_test_file(const char *testfile)
2471 set_test_title(testfile);
2472 current_test_file = testfile;
2473 if (!TEST_ptr(in = BIO_new_file(testfile, "rb")))
2475 memset(&t, 0, sizeof(t));
2479 while (BIO_gets(in, buf, sizeof(buf))) {
2481 if (!TEST_true(parse_test_line(&t, buf)))
2484 /* Run any final test we have */
2485 if (!run_and_get_next(&t, NULL))
2488 TEST_info("Completed %d tests with %d errors and %d skipped",
2489 t.ntests, t.errors, t.nskip);
2490 free_key_list(public_keys);
2491 free_key_list(private_keys);
2494 return t.errors == 0;
2497 static char * const *testfiles;
2499 static int run_file_tests(int i)
2501 return do_test_file(testfiles[i]);
2504 int test_main(int argc, char *argv[])
2507 TEST_error("Usage: %s file...", argv[0]);
2510 testfiles = &argv[1];
2512 ADD_ALL_TESTS(run_file_tests, argc - 1);
2514 return run_tests(argv[0]);