int test_main(int argc, char **argv)
{
if (argc != 4) {
TEST_error("Unexpected number of arguments");
return EXIT_FAILURE;
}
if (strcmp(argv[1], "-crypto_first") == 0) {
test_type = CRYPTO_FIRST;
} else if (strcmp(argv[1], "-ssl_first") == 0) {
test_type = SSL_FIRST;
} else if (strcmp(argv[1], "-just_crypto") == 0) {
test_type = JUST_CRYPTO;
} else {
TEST_error("Unrecognised argument");
return EXIT_FAILURE;
}
path_crypto = argv[2];
path_ssl = argv[3];
#if defined(DSO_DLFCN) || defined(DSO_WIN32)
ADD_TEST(test_lib);
#endif
return run_tests(argv[0]);
}
static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
if (!TEST_int_eq(result->client_alert_sent,
result->client_alert_received)) {
TEST_info("Client sent alert %s but server received %s.",
print_alert(result->client_alert_sent),
print_alert(result->client_alert_received));
/*
* We can't bail here because the peer doesn't always get far enough
* to process a received alert. Specifically, in protocol version
* negotiation tests, we have the following scenario.
* Client supports TLS v1.2 only; Server supports TLS v1.1.
* Client proposes TLS v1.2; server responds with 1.1;
* Client now sends a protocol alert, using TLS v1.2 in the header.
* The server, however, rejects the alert because of version mismatch
* in the record layer; therefore, the server appears to never
* receive the alert.
*/
/* return 0; */
}
if (!TEST_int_eq(result->server_alert_sent,
result->server_alert_received)) {
TEST_info("Server sent alert %s but client received %s.",
print_alert(result->server_alert_sent),
print_alert(result->server_alert_received));
/* return 0; */
}
/* Tolerate an alert if one wasn't explicitly specified in the test. */
if (test_ctx->expected_client_alert
/*
* The info callback alert value is computed as
* (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
* where the low byte is the alert code and the high byte is other stuff.
*/
&& (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
TEST_error("ClientAlert mismatch: expected %s, got %s.",
print_alert(test_ctx->expected_client_alert),
print_alert(result->client_alert_sent));
return 0;
}
if (test_ctx->expected_server_alert
&& (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
TEST_error("ServerAlert mismatch: expected %s, got %s.",
print_alert(test_ctx->expected_server_alert),
print_alert(result->server_alert_sent));
return 0;
}
if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1))
return 0;
if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1))
return 0;
return 1;
}
/*
* Usage: d2i_test <type> <file>, e.g.
* d2i_test generalname bad_generalname.der
*/
int test_main(int argc, char *argv[])
{
const char *test_type_name;
const char *expected_error_string;
size_t i;
static error_enum expected_errors[] = {
{"OK", ASN1_OK},
{"BIO", ASN1_BIO},
{"decode", ASN1_DECODE},
{"encode", ASN1_ENCODE},
{"compare", ASN1_COMPARE}
};
if (!TEST_int_eq(argc, 4)) {
fprintf(stderr, "Usage: d2i_test item_name expected_error file.der\n");
return 1;
}
test_type_name = argv[1];
expected_error_string = argv[2];
test_file = argv[3];
item_type = ASN1_ITEM_lookup(test_type_name);
if (item_type == NULL) {
TEST_error("Unknown type %s\n", test_type_name);
fprintf(stderr, "Supported types:\n");
for (i = 0;; i++) {
const ASN1_ITEM *it = ASN1_ITEM_get(i);
if (it == NULL)
break;
fprintf(stderr, "\t%s\n", it->sname);
}
return 1;
}
for (i = 0; i < OSSL_NELEM(expected_errors); i++) {
if (strcmp(expected_errors[i].str, expected_error_string) == 0) {
expected_error = expected_errors[i].code;
break;
}
}
if (expected_error == ASN1_UNKNOWN) {
TEST_error("Unknown expected error %s\n", expected_error_string);
return 1;
}
ADD_TEST(test_bad_asn1);
return run_tests(argv[0]);
}
static int test_fatalerr(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *sssl = NULL, *cssl = NULL;
const char *msg = "Dummy";
BIO *wbio = NULL;
int ret = 0, len;
char buf[80];
unsigned char dummyrec[] = {
0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'
};
if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(), &sctx, &cctx,
cert, privkey)))
goto err;
/*
* Deliberately set the cipher lists for client and server to be different
* to force a handshake failure.
*/
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL,
NULL)))
goto err;
wbio = SSL_get_wbio(cssl);
if (!TEST_ptr(wbio)) {
printf("Unexpected NULL bio received\n");
goto err;
}
/* Connection should fail */
if (!TEST_false(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE)))
goto err;
ERR_clear_error();
/* Inject a plaintext record from client to server */
if (!TEST_int_gt(BIO_write(wbio, dummyrec, sizeof(dummyrec)), 0))
goto err;
/* SSL_read()/SSL_write should fail because of a previous fatal error */
if (!TEST_int_le(len = SSL_read(sssl, buf, sizeof(buf - 1)), 0)) {
buf[len] = '\0';
TEST_error("Unexpected success reading data: %s\n", buf);
goto err;
}
if (!TEST_int_le(SSL_write(sssl, msg, strlen(msg)), 0))
goto err;
ret = 1;
err:
SSL_free(sssl);
SSL_free(cssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return ret;
}
/* Test of EVP_PKEY_ASN1_METHOD ordering */
static int test_asn1_meths(void)
{
int i;
int prev = -1;
int good = 1;
int pkey_id;
const EVP_PKEY_ASN1_METHOD *ameth;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
if (pkey_id < prev)
good = 0;
prev = pkey_id;
}
if (!good) {
TEST_error("EVP_PKEY_ASN1_METHOD table out of order");
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
const char *info;
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, &info, NULL, ameth);
if (info == NULL)
info = "<NO NAME>";
TEST_note("%d : %s : %s", pkey_id, OBJ_nid2ln(pkey_id), info);
}
}
return good;
}
/* Test of EVP_PKEY_METHOD ordering */
static int test_pkey_meths(void)
{
size_t i;
int prev = -1;
int good = 1;
int pkey_id;
const EVP_PKEY_METHOD *pmeth;
for (i = 0; i < EVP_PKEY_meth_get_count(); i++) {
pmeth = EVP_PKEY_meth_get0(i);
EVP_PKEY_meth_get0_info(&pkey_id, NULL, pmeth);
if (pkey_id < prev)
good = 0;
prev = pkey_id;
}
if (!good) {
TEST_error("EVP_PKEY_METHOD table out of order");
for (i = 0; i < EVP_PKEY_meth_get_count(); i++) {
pmeth = EVP_PKEY_meth_get0(i);
EVP_PKEY_meth_get0_info(&pkey_id, NULL, pmeth);
TEST_note("%d : %s", pkey_id, OBJ_nid2ln(pkey_id));
}
}
return good;
}
/*
* Stress test the curve. If the '-num' argument is given, runs the loop
* |num| times and prints the resulting X-coordinate. Otherwise runs the test
* the default number of times and compares against the expected result.
*/
int setup_tests(void)
{
const char *p;
if (!atoi64(NUM_REPEATS, &num_repeats)) {
TEST_error("Cannot parse " NUM_REPEATS);
return 0;
}
/*
* TODO(openssl-team): code under test/ should be able to reuse the option
* parsing framework currently in apps/.
*/
p = test_get_option_argument("-num");
if (p != NULL) {
if (!atoi64(p, &num_repeats)
|| num_repeats < 0)
return 0;
print_mode = 1;
}
#ifndef OPENSSL_NO_EC
ADD_TEST(test_curve);
#endif
return 1;
}
/*
* Stress test the curve. If the '-num' argument is given, runs the loop
* |num| times and prints the resulting X-coordinate. Otherwise runs the test
* the default number of times and compares against the expected result.
*/
int setup_tests(void)
{
OPTION_CHOICE o;
if (!opt_imax(NUM_REPEATS, &num_repeats)) {
TEST_error("Cannot parse " NUM_REPEATS);
return 0;
}
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_NUM_REPEATS:
if (!opt_imax(opt_arg(), &num_repeats)
|| num_repeats < 0)
return 0;
print_mode = 1;
break;
case OPT_TEST_CASES:
break;
default:
case OPT_ERR:
return 0;
}
}
#ifndef OPENSSL_NO_EC
ADD_TEST(test_curve);
#endif
return 1;
}
static int test_sanity_range(void)
{
/* This isn't possible to check using the framework functions */
if (SIZE_MAX < INT_MAX) {
TEST_error("int must not be wider than size_t");
return 0;
}
return 1;
}
static int check_nid(const char *name, int expected_nid, int nid)
{
if (expected_nid == 0 || expected_nid == nid)
return 1;
TEST_error("%s type mismatch, %s vs %s\n",
name, OBJ_nid2ln(expected_nid),
nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
return 0;
}
static int test_secret(SSL *s, unsigned char *prk,
const unsigned char *label, size_t labellen,
const unsigned char *ref_secret,
const unsigned char *ref_key, const unsigned char *ref_iv)
{
size_t hashsize;
unsigned char gensecret[EVP_MAX_MD_SIZE];
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char key[KEYLEN];
unsigned char iv[IVLEN];
const EVP_MD *md = ssl_handshake_md(s);
if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
TEST_error("Failed to get hash");
return 0;
}
if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
gensecret, hashsize)) {
TEST_error("Secret generation failed");
return 0;
}
if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
return 0;
if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
TEST_error("Key generation failed");
return 0;
}
if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
return 0;
if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
TEST_error("IV generation failed");
return 0;
}
if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
return 0;
return 1;
}
/*
* Test that r == 0 in test_exp_mod_zero(). Returns one on success,
* returns zero and prints debug output otherwise.
*/
static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
const BIGNUM *a)
{
if (!BN_is_zero(r)) {
TEST_error("%s failed: a ** 0 mod 1 = r (should be 0)", method);
BN_print_var(a);
BN_print_var(r);
return 0;
}
return 1;
}
static int parse_boolean(const char *value, int *result)
{
if (strcasecmp(value, "Yes") == 0) {
*result = 1;
return 1;
}
else if (strcasecmp(value, "No") == 0) {
*result = 0;
return 1;
}
TEST_error("parse_boolean given: '%s'", value);
return 0;
}
static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn)
{
BIGNUM *tmp = NULL;
int r;
if (!TEST_true(BN_hex2bn(&tmp, hexbn)))
return 0;
if (BN_cmp(bn, tmp) != 0)
TEST_error("unexpected %s value", name);
r = TEST_BN_eq(bn, tmp);
BN_free(tmp);
return r;
}
static int check_message(const struct set_name_fn *fn, const char *op,
const char *nameincert, int match, const char *name)
{
char msg[1024];
if (match < 0)
return 1;
BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
fn->name, op, nameincert,
match ? "matches" : "does not match", name);
if (is_exception(msg))
return 1;
TEST_error("%s", msg);
return 0;
}
static int dsa_cb(int p, int n, BN_GENCB *arg)
{
static int ok = 0, num = 0;
if (p == 0)
num++;
if (p == 2)
ok++;
if (!ok && (p == 0) && (num > 1)) {
TEST_error("dsa_cb error");
return 0;
}
return 1;
}
static int test_kdf_hkdf(void)
{
int ret = 0;
EVP_PKEY_CTX *pctx;
unsigned char out[10];
size_t outlen = sizeof(out);
if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) {
TEST_error("EVP_PKEY_HKDF");
goto err;
}
if (EVP_PKEY_derive_init(pctx) <= 0) {
TEST_error("EVP_PKEY_derive_init");
goto err;
}
if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) {
TEST_error("EVP_PKEY_CTX_set_hkdf_md");
goto err;
}
if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_hkdf_salt");
goto err;
}
if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_hkdf_key");
goto err;
}
if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_hkdf_info");
goto err;
}
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
TEST_error("EVP_PKEY_derive");
goto err;
}
{
const unsigned char expected[sizeof(out)] = {
0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
};
if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
goto err;
}
}
ret = 1;
err:
EVP_PKEY_CTX_free(pctx);
return ret;
}
static int do_test_cert_table(int nid, uint32_t amask, size_t idx,
const char *idxname)
{
const SSL_CERT_LOOKUP *clu = &ssl_cert_info[idx];
if (clu->nid == nid && clu->amask == amask)
return 1;
TEST_error("Invalid table entry for certificate type %s, index %zu",
idxname, idx);
if (clu->nid != nid)
TEST_note("Expected %s, got %s\n", OBJ_nid2sn(nid),
OBJ_nid2sn(clu->nid));
if (clu->amask != amask)
TEST_note("Expected auth mask 0x%x, got 0x%x\n", amask, clu->amask);
return 0;
}
static int test_standard_exts(void)
{
size_t i;
int prev = -1, good = 1;
const X509V3_EXT_METHOD **tmp;
tmp = standard_exts;
for (i = 0; i < OSSL_NELEM(standard_exts); i++, tmp++) {
if ((*tmp)->ext_nid < prev)
good = 0;
prev = (*tmp)->ext_nid;
}
if (!good) {
tmp = standard_exts;
TEST_error("Extensions out of order!");
for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
TEST_note("%d : %s", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
}
return good;
}
static CT_TEST_FIXTURE set_up(const char *const test_case_name)
{
CT_TEST_FIXTURE fixture;
int ok = 0;
memset(&fixture, 0, sizeof(fixture));
fixture.test_case_name = test_case_name;
fixture.epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */
if (!TEST_ptr(fixture.ctlog_store = CTLOG_STORE_new())
|| !TEST_int_eq(
CTLOG_STORE_load_default_file(fixture.ctlog_store), 1))
goto end;
ok = 1;
end:
if (!ok) {
CTLOG_STORE_free(fixture.ctlog_store);
TEST_error("Failed to setup");
exit(EXIT_FAILURE);
}
return fixture;
}
static int test_kdf_tls1_prf(void)
{
int ret = 0;
EVP_PKEY_CTX *pctx;
unsigned char out[16];
size_t outlen = sizeof(out);
if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) {
TEST_error("EVP_PKEY_TLS1_PRF");
goto err;
}
if (EVP_PKEY_derive_init(pctx) <= 0) {
TEST_error("EVP_PKEY_derive_init");
goto err;
}
if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) {
TEST_error("EVP_PKEY_CTX_set_tls1_prf_md");
goto err;
}
if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret");
goto err;
}
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) {
TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
goto err;
}
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
TEST_error("EVP_PKEY_derive");
goto err;
}
{
const unsigned char expected[sizeof(out)] = {
0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
};
if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
goto err;
}
}
ret = 1;
err:
EVP_PKEY_CTX_free(pctx);
return ret;
}
static int sign_and_verify(int len)
{
/*
* Per FIPS 186-4, the hash is recommended to be the same length as q.
* If the hash is longer than q, the leftmost N bits are used; if the hash
* is shorter, then we left-pad (see appendix C.2.1).
*/
size_t sigLength;
int digestlen = BN_num_bytes(DSA_get0_q(dsakey));
int ok = 0;
unsigned char *dataToSign = OPENSSL_malloc(len);
unsigned char *paddedData = OPENSSL_malloc(digestlen);
unsigned char *signature = NULL;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
if (!TEST_ptr(dataToSign) ||
!TEST_ptr(paddedData) ||
!TEST_int_eq(RAND_bytes(dataToSign, len), 1))
goto end;
memset(paddedData, 0, digestlen);
if (len > digestlen)
memcpy(paddedData, dataToSign, digestlen);
else
memcpy(paddedData + digestlen - len, dataToSign, len);
if (!TEST_ptr(pkey = EVP_PKEY_new()))
goto end;
EVP_PKEY_set1_DSA(pkey, dsakey);
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
goto end;
if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1))
goto end;
if (EVP_PKEY_sign(ctx, NULL, &sigLength, dataToSign, len) != 1) {
TEST_error("Failed to get signature length, len=%d", len);
goto end;
}
if (!TEST_ptr(signature = OPENSSL_malloc(sigLength)))
goto end;
if (EVP_PKEY_sign(ctx, signature, &sigLength, dataToSign, len) != 1) {
TEST_error("Failed to sign, len=%d", len);
goto end;
}
/* Check that the signature is okay via the EVP interface */
if (!TEST_int_eq(EVP_PKEY_verify_init(ctx), 1))
goto end;
/* ... using the same data we just signed */
if (EVP_PKEY_verify(ctx, signature, sigLength, dataToSign, len) != 1) {
TEST_error("EVP verify with unpadded length %d failed\n", len);
goto end;
}
/* ... padding/truncating the data to the appropriate digest size */
if (EVP_PKEY_verify(ctx, signature, sigLength, paddedData, digestlen) != 1) {
TEST_error("EVP verify with length %d failed\n", len);
goto end;
}
/* Verify again using the raw DSA interface */
if (DSA_verify(0, dataToSign, len, signature, sigLength, dsakey) != 1) {
TEST_error("Verification with unpadded data failed, len=%d", len);
goto end;
}
if (DSA_verify(0, paddedData, digestlen, signature, sigLength, dsakey) != 1) {
TEST_error("verify with length %d failed\n", len);
goto end;
}
ok = 1;
end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
OPENSSL_free(signature);
OPENSSL_free(paddedData);
OPENSSL_free(dataToSign);
return ok;
}
static int test_x509_check_cert_pkey(void)
{
BIO *bio = NULL;
X509 *x509 = NULL;
X509_REQ *x509_req = NULL;
EVP_PKEY *pkey = NULL;
int ret = 0, type = 0, expected = 0, result = 0;
/*
* we check them first thus if fails we don't need to do
* those PEM parsing operations.
*/
if (strcmp(t, "cert") == 0) {
type = 1;
} else if (strcmp(t, "req") == 0) {
type = 2;
} else {
TEST_error("invalid 'type'");
goto failed;
}
if (strcmp(e, "ok") == 0) {
expected = 1;
} else if (strcmp(e, "failed") == 0) {
expected = 0;
} else {
TEST_error("invalid 'expected'");
goto failed;
}
/* process private key */
if (!TEST_ptr(bio = BIO_new_file(k, "r")))
goto failed;
if (!TEST_ptr(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)))
goto failed;
BIO_free(bio);
/* process cert or cert request, use the same local var */
if (!TEST_ptr(bio = BIO_new_file(c, "r")))
goto failed;
switch (type) {
case 1:
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (x509 == NULL) {
TEST_error("read PEM x509 failed");
goto failed;
}
result = X509_check_private_key(x509, pkey);
break;
case 2:
x509_req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL);
if (x509_req == NULL) {
TEST_error("read PEM x509 req failed");
goto failed;
}
result = X509_REQ_check_private_key(x509_req, pkey);
break;
default:
/* should never be here */
break;
}
if (!TEST_int_eq(result, expected)) {
TEST_error("check private key: expected: %d, got: %d", expected, result);
goto failed;
}
ret = 1;
failed:
BIO_free(bio);
X509_free(x509);
X509_REQ_free(x509_req);
EVP_PKEY_free(pkey);
return ret;
}
static int test_tls13_encryption(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0;
size_t ivlen, ctr;
/*
* Encrypted TLSv1.3 records always have an outer content type of
* application data, and a record version of TLSv1.2.
*/
rec.data = NULL;
rec.type = SSL3_RT_APPLICATION_DATA;
rec.rec_version = TLS1_2_VERSION;
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx)) {
TEST_info("Failed creating SSL_CTX");
goto err;
}
s = SSL_new(ctx);
if (!TEST_ptr(s)) {
TEST_info("Failed creating SSL");
goto err;
}
s->enc_read_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_read_ctx))
goto err;
s->enc_write_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_write_ctx))
goto err;
s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES);
if (!TEST_ptr(s->s3->tmp.new_cipher)) {
TEST_info("Failed to find cipher");
goto err;
}
for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
/* Load the record */
ivlen = EVP_CIPHER_iv_length(ciph);
if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
RECORD_LAYER_get_read_sequence(&s->rlayer))) {
TEST_error("Failed loading key into EVP_CIPHER_CTX");
goto err;
}
/* Set up the read/write sequences */
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
memcpy(s->write_iv, s->read_iv, ivlen);
/* Load the key into the EVP_CIPHER_CTXs */
if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
|| EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0)
<= 0) {
TEST_error("Failed loading key into EVP_CIPHER_CTX\n");
goto err;
}
/* Encrypt it */
if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1), 1)) {
TEST_info("Failed to encrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 1))) {
TEST_info("Record %zu encryption test failed", ctr);
goto err;
}
/* Decrypt it */
if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0), 1)) {
TEST_info("Failed to decrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 0))) {
TEST_info("Record %zu decryption test failed", ctr);
goto err;
}
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
rec.data = NULL;
key = NULL;
iv = NULL;
seq = NULL;
}
TEST_note("PASS: %zu records tested", ctr);
ret = 1;
err:
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
SSL_free(s);
SSL_CTX_free(ctx);
return ret;
}
static int rfc5114_test(void)
{
int i;
DH *dhA = NULL;
DH *dhB = NULL;
unsigned char *Z1 = NULL;
unsigned char *Z2 = NULL;
const rfc5114_td *td = NULL;
BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
const BIGNUM *pub_key_tmp;
for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
td = rfctd + i;
/* Set up DH structures setting key components */
if (!TEST_ptr(dhA = td->get_param())
|| !TEST_ptr(dhB = td->get_param()))
goto bad_err;
if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL))
|| !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL))
|| !TEST_true(DH_set0_key(dhA, pub_key, priv_key)))
goto bad_err;
if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL))
|| !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL))
|| !TEST_true( DH_set0_key(dhB, pub_key, priv_key)))
goto bad_err;
priv_key = pub_key = NULL;
if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA))
|| !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB)))
goto err;
if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))
|| !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB))))
goto bad_err;
/*
* Work out shared secrets using both sides and compare with expected
* values.
*/
DH_get0_key(dhB, &pub_key_tmp, NULL);
if (!TEST_int_ne(DH_compute_key(Z1, pub_key_tmp, dhA), -1))
goto bad_err;
DH_get0_key(dhA, &pub_key_tmp, NULL);
if (!TEST_int_ne(DH_compute_key(Z2, pub_key_tmp, dhB), -1))
goto bad_err;
if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len)
|| !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len))
goto err;
DH_free(dhA);
dhA = NULL;
DH_free(dhB);
dhB = NULL;
OPENSSL_free(Z1);
Z1 = NULL;
OPENSSL_free(Z2);
Z2 = NULL;
}
/* Now i == OSSL_NELEM(rfctd) */
/* RFC5114 uses unsafe primes, so now test an invalid y value */
if (!TEST_ptr(dhA = DH_get_2048_224())
|| !TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))))
goto bad_err;
if (!TEST_ptr(bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
sizeof(dhtest_rfc5114_2048_224_bad_y),
NULL)))
goto bad_err;
if (!DH_generate_key(dhA))
goto bad_err;
if (DH_compute_key(Z1, bady, dhA) != -1) {
/*
* DH_compute_key should fail with -1. If we get here we unexpectedly
* allowed an invalid y value
*/
goto err;
}
/* We'll have a stale error on the queue from the above test so clear it */
ERR_clear_error();
BN_free(bady);
DH_free(dhA);
OPENSSL_free(Z1);
return 1;
bad_err:
BN_free(bady);
DH_free(dhA);
DH_free(dhB);
BN_free(pub_key);
BN_free(priv_key);
OPENSSL_free(Z1);
OPENSSL_free(Z2);
TEST_error("Initialisation error RFC5114 set %d\n", i + 1);
return 0;
err:
BN_free(bady);
DH_free(dhA);
DH_free(dhB);
OPENSSL_free(Z1);
OPENSSL_free(Z2);
TEST_error("Test failed RFC5114 set %d\n", i + 1);
return 0;
}
static int test_table(struct testdata *tbl, int idx)
{
int error = 0;
ASN1_TIME atime;
ASN1_TIME *ptime;
struct testdata *td = &tbl[idx];
int day, sec;
atime.data = (unsigned char*)td->data;
atime.length = strlen((char*)atime.data);
atime.type = td->type;
atime.flags = 0;
if (!TEST_int_eq(ASN1_TIME_check(&atime), td->check_result)) {
TEST_info("ASN1_TIME_check(%s) unexpected result", atime.data);
error = 1;
}
if (td->check_result == 0)
return 1;
if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, td->t), 0)) {
TEST_info("ASN1_TIME_cmp_time_t(%s vs %ld) compare failed", atime.data, (long)td->t);
error = 1;
}
if (!TEST_true(ASN1_TIME_diff(&day, &sec, &atime, &atime))) {
TEST_info("ASN1_TIME_diff(%s) to self failed", atime.data);
error = 1;
}
if (!TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) {
TEST_info("ASN1_TIME_diff(%s) to self not equal", atime.data);
error = 1;
}
if (!TEST_true(ASN1_TIME_diff(&day, &sec, >ime, &atime))) {
TEST_info("ASN1_TIME_diff(%s) to baseline failed", atime.data);
error = 1;
} else if (!((td->cmp_result == 0 && TEST_true((day == 0 && sec == 0))) ||
(td->cmp_result == -1 && TEST_true((day < 0 || sec < 0))) ||
(td->cmp_result == 1 && TEST_true((day > 0 || sec > 0))))) {
TEST_info("ASN1_TIME_diff(%s) to baseline bad comparison", atime.data);
error = 1;
}
if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, gtime_t), td->cmp_result)) {
TEST_info("ASN1_TIME_cmp_time_t(%s) to baseline bad comparison", atime.data);
error = 1;
}
ptime = ASN1_TIME_set(NULL, td->t);
if (!TEST_ptr(ptime)) {
TEST_info("ASN1_TIME_set(%ld) failed", (long)td->t);
error = 1;
} else {
int local_error = 0;
if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) {
TEST_info("ASN1_TIME_set(%ld) compare failed (%s->%s)",
(long)td->t, td->data, ptime->data);
local_error = error = 1;
}
if (!TEST_int_eq(ptime->type, td->expected_type)) {
TEST_info("ASN1_TIME_set(%ld) unexpected type", (long)td->t);
local_error = error = 1;
}
if (local_error)
TEST_info("ASN1_TIME_set() = %*s", ptime->length, ptime->data);
ASN1_TIME_free(ptime);
}
ptime = ASN1_TIME_new();
if (!TEST_ptr(ptime)) {
TEST_info("ASN1_TIME_new() failed");
error = 1;
} else {
int local_error = 0;
if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) {
TEST_info("ASN1_TIME_set_string_gmt(%s) failed", td->data);
local_error = error = 1;
}
if (!TEST_int_eq(ASN1_TIME_normalize(ptime), td->check_result)) {
TEST_info("ASN1_TIME_normalize(%s) failed", td->data);
local_error = error = 1;
}
if (!TEST_int_eq(ptime->type, td->expected_type)) {
TEST_info("ASN1_TIME_set_string_gmt(%s) unexpected type", td->data);
local_error = error = 1;
}
day = sec = 0;
if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) {
TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string_gmt() failed", day, sec, td->data);
local_error = error = 1;
}
if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) {
TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string_gnt() to baseline bad comparison", td->data);
local_error = error = 1;
}
if (local_error)
TEST_info("ASN1_TIME_set_string_gmt() = %*s", ptime->length, ptime->data);
ASN1_TIME_free(ptime);
}
ptime = ASN1_TIME_new();
if (!TEST_ptr(ptime)) {
TEST_info("ASN1_TIME_new() failed");
error = 1;
} else {
int local_error = 0;
if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) {
TEST_info("ASN1_TIME_set_string(%s) failed", td->data);
local_error = error = 1;
}
day = sec = 0;
if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) {
TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string() failed", day, sec, td->data);
local_error = error = 1;
}
if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) {
TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string() to baseline bad comparison", td->data);
local_error = error = 1;
}
if (local_error)
TEST_info("ASN1_TIME_set_string() = %*s", ptime->length, ptime->data);
ASN1_TIME_free(ptime);
}
if (td->type == V_ASN1_UTCTIME) {
ptime = ASN1_TIME_to_generalizedtime(&atime, NULL);
if (td->convert_result == 1 && !TEST_ptr(ptime)) {
TEST_info("ASN1_TIME_to_generalizedtime(%s) failed", atime.data);
error = 1;
} else if (td->convert_result == 0 && !TEST_ptr_null(ptime)) {
TEST_info("ASN1_TIME_to_generalizedtime(%s) should have failed", atime.data);
error = 1;
}
if (ptime != NULL && !TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) {
TEST_info("ASN1_TIME_to_generalizedtime(%s->%s) bad result", atime.data, ptime->data);
error = 1;
}
ASN1_TIME_free(ptime);
}
/* else cannot simply convert GENERALIZEDTIME to UTCTIME */
if (error)
TEST_error("atime=%s", atime.data);
return !error;
}
/*
* test_mod_exp_zero tests that x**0 mod 1 == 0. It returns zero on success.
*/
static int test_mod_exp_zero(void)
{
BIGNUM *a = NULL, *p = NULL, *m = NULL;
BIGNUM *r = NULL;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
int ret = 1, failed = 0;
if (!TEST_ptr(m = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(r = BN_new()))
goto err;
BN_one(m);
BN_one(a);
BN_zero(p);
if (!TEST_true(BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)))
goto err;
if (!TEST_true(BN_mod_exp(r, a, p, m, ctx)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_recp(r, a, p, m, ctx)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_recp", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_simple(r, a, p, m, ctx)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_simple", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_mont(r, a, p, m, ctx, NULL)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
failed = 1;
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
*/
if (!TEST_true(BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL)))
goto err;
if (!TEST_BN_eq_zero(r)) {
TEST_error("BN_mod_exp_mont_word failed: "
"1 ** 0 mod 1 = r (should be 0)");
BN_print_var(r);
goto err;
}
ret = !failed;
err:
BN_free(r);
BN_free(a);
BN_free(p);
BN_free(m);
BN_CTX_free(ctx);
return ret;
}
static int test_tls13ccs(int tst)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *sssl = NULL, *cssl = NULL;
int ret = 0;
const char msg[] = "Dummy data";
char buf[80];
size_t written, readbytes;
SSL_SESSION *sess = NULL;
chseen = shseen = sccsseen = ccsaftersh = ccsbeforesh = 0;
sappdataseen = cappdataseen = badccs = badvers = badsessid = 0;
chsessidlen = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(sctx,
SSL3_RT_MAX_PLAIN_LENGTH)))
goto err;
/*
* Test 0: Simple Handshake
* Test 1: Simple Handshake, client middlebox compat mode disabled
* Test 2: Simple Handshake, server middlebox compat mode disabled
* Test 3: HRR Handshake
* Test 4: HRR Handshake, client middlebox compat mode disabled
* Test 5: HRR Handshake, server middlebox compat mode disabled
* Test 6: Early data handshake
* Test 7: Early data handshake, client middlebox compat mode disabled
* Test 8: Early data handshake, server middlebox compat mode disabled
* Test 9: Early data then HRR
* Test 10: Early data then HRR, client middlebox compat mode disabled
* Test 11: Early data then HRR, server middlebox compat mode disabled
*/
switch (tst) {
case 0:
case 3:
case 6:
case 9:
break;
case 1:
case 4:
case 7:
case 10:
SSL_CTX_clear_options(cctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
break;
case 2:
case 5:
case 8:
case 11:
SSL_CTX_clear_options(sctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
break;
default:
TEST_error("Invalid test value");
goto err;
}
if (tst >= 6) {
/* Get a session suitable for early_data */
if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE)))
goto err;
sess = SSL_get1_session(cssl);
if (!TEST_ptr(sess))
goto err;
SSL_shutdown(cssl);
SSL_shutdown(sssl);
SSL_free(sssl);
SSL_free(cssl);
sssl = cssl = NULL;
}
if ((tst >= 3 && tst <= 5) || tst >= 9) {
/* HRR handshake */
if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "P-256")))
goto err;
}
s_to_c_fbio = BIO_new(bio_f_watchccs_filter());
c_to_s_fbio = BIO_new(bio_f_watchccs_filter());
if (!TEST_ptr(s_to_c_fbio)
|| !TEST_ptr(c_to_s_fbio)) {
BIO_free(s_to_c_fbio);
BIO_free(c_to_s_fbio);
goto err;
}
/* BIOs get freed on error */
if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, s_to_c_fbio,
c_to_s_fbio)))
goto err;
if (tst >= 6) {
/* Early data */
if (!TEST_true(SSL_set_session(cssl, sess))
|| !TEST_true(SSL_write_early_data(cssl, msg, strlen(msg),
&written))
|| (tst <= 8
&& !TEST_int_eq(SSL_read_early_data(sssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_SUCCESS)))
goto err;
if (tst <= 8) {
if (!TEST_int_gt(SSL_connect(cssl), 0))
goto err;
} else {
if (!TEST_int_le(SSL_connect(cssl), 0))
goto err;
}
if (!TEST_int_eq(SSL_read_early_data(sssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_FINISH))
goto err;
}
/* Perform handshake (or complete it if doing early data ) */
if (!TEST_true(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE)))
goto err;
/*
* Check there were no unexpected CCS messages, all record versions
* were as expected, and that the session ids were reflected by the server
* correctly.
*/
if (!TEST_false(badccs) || !TEST_false(badvers) || !TEST_false(badsessid))
goto err;
switch (tst) {
case 0:
if (!TEST_true(sccsseen)
|| !TEST_true(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
case 1:
if (!TEST_true(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_eq(chsessidlen, 0))
goto err;
break;
case 2:
if (!TEST_false(sccsseen)
|| !TEST_true(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
case 3:
if (!TEST_true(sccsseen)
|| !TEST_true(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
case 4:
if (!TEST_true(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_eq(chsessidlen, 0))
goto err;
break;
case 5:
if (!TEST_false(sccsseen)
|| !TEST_true(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
case 6:
if (!TEST_true(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_true(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
case 7:
if (!TEST_true(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_eq(chsessidlen, 0))
goto err;
break;
case 8:
if (!TEST_false(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_true(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
case 9:
if (!TEST_true(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_true(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
case 10:
if (!TEST_true(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_false(ccsbeforesh)
|| !TEST_size_t_eq(chsessidlen, 0))
goto err;
break;
case 11:
if (!TEST_false(sccsseen)
|| !TEST_false(ccsaftersh)
|| !TEST_true(ccsbeforesh)
|| !TEST_size_t_gt(chsessidlen, 0))
goto err;
break;
default:
TEST_error("Invalid test value");
goto err;
}
ret = 1;
err:
SSL_SESSION_free(sess);
SSL_free(sssl);
SSL_free(cssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return ret;
}
static int test_kdf_scrypt(void)
{
int ret = 0;
EVP_PKEY_CTX *pctx;
unsigned char out[64];
size_t outlen = sizeof(out);
if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL)) == NULL) {
TEST_error("EVP_PKEY_SCRYPT");
goto err;
}
if (EVP_PKEY_derive_init(pctx) <= 0) {
TEST_error("EVP_PKEY_derive_init");
goto err;
}
if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_pbe_pass");
goto err;
}
if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_scrypt_salt");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
TEST_error("EVP_PKEY_CTX_set_scrypt_N");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
TEST_error("EVP_PKEY_CTX_set_scrypt_r");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
TEST_error("EVP_PKEY_CTX_set_scrypt_p");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 16) <= 0) {
TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
goto err;
}
if (EVP_PKEY_derive(pctx, out, &outlen) > 0) {
TEST_error("EVP_PKEY_derive should have failed");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 10 * 1024 * 1024) <= 0) {
TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
goto err;
}
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
TEST_error("EVP_PKEY_derive");
goto err;
}
{
const unsigned char expected[sizeof(out)] = {
0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
};
if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
goto err;
}
}
ret = 1;
err:
EVP_PKEY_CTX_free(pctx);
return ret;
}
static int test_intern(const TEST_PACKAGE *package)
{
unsigned int i;
size_t nelems;
int fail = 0;
if (package->skip)
return 1;
/* Do decode_custom checks */
nelems = package->encode_expectations_size
/ package->encode_expectations_elem_size;
OPENSSL_assert(nelems ==
sizeof(test_custom_data) / sizeof(test_custom_data[0]));
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encode_expectations_elem_size;
switch (do_encode_custom((EXPECTED *)&((unsigned char *)package
->encode_expectations)[pos],
&test_custom_data[i], package)) {
case -1:
TEST_error("Failed custom encode round trip %u of %s",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 0:
TEST_error("Custom encode round trip %u of %s mismatch",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 1:
break;
default:
OPENSSL_die("do_encode_custom() return unknown value",
__FILE__, __LINE__);
}
switch (do_decode_custom(&test_custom_data[i],
(EXPECTED *)&((unsigned char *)package
->encode_expectations)[pos],
package->encode_expectations_elem_size,
package)) {
case -1:
TEST_error("Failed custom decode round trip %u of %s",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 0:
TEST_error("Custom decode round trip %u of %s mismatch",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 1:
break;
default:
OPENSSL_die("do_decode_custom() return unknown value",
__FILE__, __LINE__);
}
}
/* Do enc_dec checks */
nelems = package->encdec_data_size / package->encdec_data_elem_size;
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encdec_data_elem_size;
switch (do_enc_dec((EXPECTED *)&((unsigned char *)package
->encdec_data)[pos],
package->encdec_data_elem_size,
package)) {
case -1:
TEST_error("Failed encode/decode round trip %u of %s",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 0:
TEST_error("Encode/decode round trip %u of %s mismatch",
i, package->name);
fail++;
break;
case 1:
break;
default:
OPENSSL_die("do_enc_dec() return unknown value",
__FILE__, __LINE__);
}
}
if (!do_print_item(package)) {
TEST_error("Printing of %s failed", package->name);
TEST_openssl_errors();
fail++;
}
return fail == 0;
}
