From: Richard Levitte Date: Tue, 30 Jul 2019 20:52:07 +0000 (+0200) Subject: Adapt the MAC tests, and tests for other things that use EVP_MAC X-Git-Tag: openssl-3.0.0-alpha1~1592 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=25446a66b69a28c85d178e4454d2caed75d75293;p=oweals%2Fopenssl.git Adapt the MAC tests, and tests for other things that use EVP_MAC Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/8877) --- diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index e7c1381a6a..b3d1648c0d 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -260,7 +260,6 @@ static int test_kdf_ss_hmac(void) { int ret; EVP_KDF_CTX *kctx; - const EVP_MAC *mac; unsigned char out[16]; static const unsigned char z[] = { 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 @@ -279,8 +278,7 @@ static int test_kdf_ss_hmac(void) ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_ptr(mac = EVP_get_macbyname("HMAC")) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "HMAC"), 0) && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, @@ -299,7 +297,6 @@ static int test_kdf_ss_kmac(void) int ret; EVP_KDF_CTX *kctx; unsigned char out[64]; - const EVP_MAC *mac; static const unsigned char z[] = { 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 }; @@ -320,8 +317,7 @@ static int test_kdf_ss_kmac(void) ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_ptr(mac = EVP_get_macbyname("KMAC128")) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "KMAC128"), 0) && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, diff --git a/test/evp_test.c b/test/evp_test.c index 2ae2c023a2..029738f296 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -18,7 +18,10 @@ #include #include #include +#include +#include #include "internal/numbers.h" +#include "internal/nelem.h" #include "testutil.h" #include "evp_test.h" @@ -865,7 +868,7 @@ static const EVP_TEST_METHOD cipher_test_method = { typedef struct mac_data_st { /* MAC type in one form or another */ - const EVP_MAC *mac; /* for mac_test_run_mac */ + EVP_MAC *mac; /* for mac_test_run_mac */ int type; /* for mac_test_run_pkey */ /* Algorithm string for this MAC */ char *alg; @@ -892,11 +895,11 @@ typedef struct mac_data_st { static int mac_test_init(EVP_TEST *t, const char *alg) { - const EVP_MAC *mac = NULL; + EVP_MAC *mac = NULL; int type = NID_undef; MAC_DATA *mdat; - if ((mac = EVP_get_macbyname(alg)) == NULL) { + if ((mac = EVP_MAC_fetch(NULL, alg, NULL)) == NULL) { /* * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running @@ -964,6 +967,7 @@ static void mac_test_cleanup(EVP_TEST *t) { MAC_DATA *mdat = t->data; + EVP_MAC_free(mdat->mac); sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free); OPENSSL_free(mdat->alg); OPENSSL_free(mdat->key); @@ -1114,11 +1118,14 @@ static int mac_test_run_mac(EVP_TEST *t) { MAC_DATA *expected = t->data; EVP_MAC_CTX *ctx = NULL; - const void *algo = NULL; - int algo_ctrl = 0; unsigned char *got = NULL; size_t got_len; - int rv, i; + int i; + OSSL_PARAM params[21]; + size_t params_n = 0; + size_t params_n_allocstart = 0; + const OSSL_PARAM *defined_params = + EVP_MAC_CTX_settable_params(expected->mac); if (expected->alg == NULL) TEST_info("Trying the EVP_MAC %s test", EVP_MAC_name(expected->mac)); @@ -1134,97 +1141,74 @@ static int mac_test_run_mac(EVP_TEST *t) } #endif - if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { - t->err = "MAC_CREATE_ERROR"; - goto err; - } + if (expected->alg != NULL) + params[params_n++] = + OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ALGORITHM, + expected->alg, + strlen(expected->alg) + 1); + if (expected->key != NULL) + params[params_n++] = + OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + expected->key, + expected->key_len); + if (expected->custom != NULL) + params[params_n++] = + OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, + expected->custom, + expected->custom_len); + if (expected->salt != NULL) + params[params_n++] = + OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT, + expected->salt, + expected->salt_len); + if (expected->iv != NULL) + params[params_n++] = + OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, + expected->iv, + expected->iv_len); - if (expected->alg != NULL - && ((algo_ctrl = EVP_MAC_CTRL_SET_CIPHER, - algo = EVP_get_cipherbyname(expected->alg)) == NULL - && (algo_ctrl = EVP_MAC_CTRL_SET_MD, - algo = EVP_get_digestbyname(expected->alg)) == NULL)) { - t->err = "MAC_BAD_ALGORITHM"; + /* + * Unknown controls. They must match parameters that the MAC recognises + */ + if (params_n + sk_OPENSSL_STRING_num(expected->controls) + >= OSSL_NELEM(params)) { + t->err = "MAC_TOO_MANY_PARAMETERS"; goto err; } + params_n_allocstart = params_n; + for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) { + char *tmpkey, *tmpval; + char *value = sk_OPENSSL_STRING_value(expected->controls, i); - - if (algo_ctrl != 0) { - rv = EVP_MAC_ctrl(ctx, algo_ctrl, algo); - if (rv == -2) { - t->err = "MAC_CTRL_INVALID"; - goto err; - } else if (rv <= 0) { - t->err = "MAC_CTRL_ERROR"; + if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) { + t->err = "MAC_PARAM_ERROR"; goto err; } - } - - rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_KEY, - expected->key, expected->key_len); - if (rv == -2) { - t->err = "MAC_CTRL_INVALID"; - goto err; - } else if (rv <= 0) { - t->err = "MAC_CTRL_ERROR"; - goto err; - } - if (expected->custom != NULL) { - rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_CUSTOM, - expected->custom, expected->custom_len); - if (rv == -2) { - t->err = "MAC_CTRL_INVALID"; - goto err; - } else if (rv <= 0) { - t->err = "MAC_CTRL_ERROR"; + tmpval = strchr(tmpkey, ':'); + if (tmpval != NULL) + *tmpval++ = '\0'; + + if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], defined_params, + tmpkey, tmpval, + strlen(tmpval))) { + OPENSSL_free(tmpkey); + t->err = "MAC_PARAM_ERROR"; goto err; } - } + params_n++; - if (expected->salt != NULL) { - rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_SALT, - expected->salt, expected->salt_len); - if (rv == -2) { - t->err = "MAC_CTRL_INVALID"; - goto err; - } else if (rv <= 0) { - t->err = "MAC_CTRL_ERROR"; - goto err; - } + OPENSSL_free(tmpkey); } + params[params_n] = OSSL_PARAM_construct_end(); - if (expected->iv != NULL) { - rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_IV, - expected->iv, expected->iv_len); - if (rv == -2) { - t->err = "MAC_CTRL_INVALID"; - goto err; - } else if (rv <= 0) { - t->err = "MAC_CTRL_ERROR"; - goto err; - } + if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { + t->err = "MAC_CREATE_ERROR"; + goto err; } - for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) { - char *p, *tmpval; - char *value = sk_OPENSSL_STRING_value(expected->controls, i); - - if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) { - t->err = "MAC_CTRL_ERROR"; - goto err; - } - p = strchr(tmpval, ':'); - if (p != NULL) - *p++ = '\0'; - rv = EVP_MAC_ctrl_str(ctx, tmpval, p); - OPENSSL_free(tmpval); - if (rv == -2) { - t->err = "MAC_CTRL_INVALID"; - goto err; - } else if (rv <= 0) { - t->err = "MAC_CTRL_ERROR"; - goto err; - } + if (!EVP_MAC_CTX_set_params(ctx, params)) { + t->err = "MAC_BAD_PARAMS"; + goto err; } if (!EVP_MAC_init(ctx)) { t->err = "MAC_INIT_ERROR"; @@ -1234,7 +1218,7 @@ static int mac_test_run_mac(EVP_TEST *t) t->err = "MAC_UPDATE_ERROR"; goto err; } - if (!EVP_MAC_final(ctx, NULL, &got_len)) { + if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) { t->err = "MAC_FINAL_LENGTH_ERROR"; goto err; } @@ -1242,7 +1226,7 @@ static int mac_test_run_mac(EVP_TEST *t) t->err = "TEST_FAILURE"; goto err; } - if (!EVP_MAC_final(ctx, got, &got_len) + if (!EVP_MAC_final(ctx, got, &got_len, got_len) || !memory_err_compare(t, "TEST_MAC_ERR", expected->output, expected->output_len, got, got_len)) { @@ -1251,6 +1235,9 @@ static int mac_test_run_mac(EVP_TEST *t) } t->err = NULL; err: + while (params_n-- > params_n_allocstart) { + OPENSSL_free(params[params_n].data); + } EVP_MAC_CTX_free(ctx); OPENSSL_free(got); return 1; diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt index ada1ae6767..5b24200673 100644 --- a/test/recipes/30-test_evp_data/evpmac.txt +++ b/test/recipes/30-test_evp_data/evpmac.txt @@ -157,7 +157,7 @@ Output = 5150d1772f50834a503e069a973fbd7c MAC = SipHash Ctrl = digestsize:13 Key = 000102030405060708090A0B0C0D0E0F -Result = MAC_CTRL_ERROR +Result = MAC_BAD_PARAMS # SIPHASH - default values: 2,4 rounds, explicit 13-byte mac (invalid size) # by EVP_PKEY this time @@ -325,7 +325,7 @@ Output = 233a6c732212f4813ec4c9f357e35297e59a652fd24155205f00363f7c54734ee1e8c73 MAC = BLAKE2BMAC Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f Ctrl = outlen:128 -Result = MAC_CTRL_ERROR +Result = MAC_BAD_PARAMS MAC = BLAKE2BMAC Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f @@ -381,7 +381,7 @@ Output = e9f7704dfe5080a4aafe62a806f53ea7f98ffc24175164158f18ec5497b961f5 MAC = BLAKE2SMAC Key = 000102030405060708090a0b0c0d0e0f Ctrl = outlen:64 -Result = MAC_CTRL_ERROR +Result = MAC_BAD_PARAMS MAC = BLAKE2SMAC Key = 000102030405060708090a0b0c0d0e0f @@ -595,7 +595,7 @@ MAC = HMAC Algorithm = SHAKE128 Input = "Test that SHAKE128 fails" Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f -Result = MAC_CTRL_ERROR +Result = MAC_BAD_PARAMS Title = CMAC tests (from FIPS module)