1 /* 2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 12 * These tests are setup to load null into the default library context. 13 * Any tests are expected to use the created 'libctx' to find algorithms. 14 * The framework runs the tests twice using the 'default' provider or 15 * 'fips' provider as inputs. 16 */ 17 18 /* 19 * DSA/DH low level APIs are deprecated for public use, but still ok for 20 * internal use. 21 */ 22 #include "internal/deprecated.h" 23 #include <assert.h> 24 #include <string.h> 25 #include <openssl/evp.h> 26 #include <openssl/provider.h> 27 #include <openssl/dsa.h> 28 #include <openssl/dh.h> 29 #include <openssl/safestack.h> 30 #include <openssl/core_dispatch.h> 31 #include <openssl/core_names.h> 32 #include <openssl/x509.h> 33 #include <openssl/encoder.h> 34 #include "testutil.h" 35 #include "internal/nelem.h" 36 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ 37 38 static OSSL_LIB_CTX *libctx = NULL; 39 static OSSL_PROVIDER *nullprov = NULL; 40 static OSSL_PROVIDER *libprov = NULL; 41 static STACK_OF(OPENSSL_STRING) *cipher_names = NULL; 42 static int is_fips = 0; 43 static int is_fips_lt_3_5 = 0; 44 45 typedef enum OPTION_choice { 46 OPT_ERR = -1, 47 OPT_EOF = 0, 48 OPT_CONFIG_FILE, 49 OPT_PROVIDER_NAME, 50 OPT_TEST_ENUM 51 } OPTION_CHOICE; 52 53 const OPTIONS *test_get_options(void) 54 { 55 static const OPTIONS test_options[] = { 56 OPT_TEST_OPTIONS_DEFAULT_USAGE, 57 { "config", OPT_CONFIG_FILE, '<', 58 "The configuration file to use for the libctx" }, 59 { "provider", OPT_PROVIDER_NAME, 's', 60 "The provider to load (The default value is 'default')" }, 61 { NULL } 62 }; 63 return test_options; 64 } 65 66 #ifndef OPENSSL_NO_DH 67 static const char *getname(int id) 68 { 69 const char *name[] = { "p", "q", "g" }; 70 71 if (id >= 0 && id < 3) 72 return name[id]; 73 return "?"; 74 } 75 #endif 76 77 static int test_evp_cipher_api_safety(void) 78 { 79 int ret = 0; 80 EVP_CIPHER_CTX *ctx = NULL; 81 82 ctx = EVP_CIPHER_CTX_new(); 83 84 if (!TEST_ptr(ctx)) 85 goto err; 86 87 /* 88 * Ensure that EVP_CIPHER_get_block_size returns 0 89 * if we haven't initialized the cipher in this context 90 */ 91 if (!TEST_int_eq(EVP_CIPHER_CTX_get_block_size(ctx), 0)) 92 goto err_free; 93 94 /* 95 * Ensure that EVP_CIPHER_get_iv_length returns 0 96 * if we haven't initialized the cipher in this context 97 */ 98 if (!TEST_int_eq(EVP_CIPHER_CTX_get_iv_length(ctx), 0)) 99 goto err_free; 100 101 ret = 1; 102 err_free: 103 EVP_CIPHER_CTX_free(ctx); 104 err: 105 return ret; 106 } 107 108 /* 109 * We're using some DH specific values in this test, so we skip compilation if 110 * we're in a no-dh build. 111 */ 112 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) 113 114 static int test_dsa_param_keygen(int tstid) 115 { 116 int ret = 0; 117 int expected; 118 EVP_PKEY_CTX *gen_ctx = NULL; 119 EVP_PKEY *pkey_parm = NULL; 120 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 121 DSA *dsa = NULL; 122 int pind, qind, gind; 123 BIGNUM *p = NULL, *q = NULL, *g = NULL; 124 125 /* 126 * Just grab some fixed dh p, q, g values for testing, 127 * these 'safe primes' should not be used normally for dsa *. 128 */ 129 static const BIGNUM *bn[] = { 130 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q, 131 &ossl_bignum_dh2048_256_g 132 }; 133 134 /* 135 * These tests are using bad values for p, q, g by reusing the values. 136 * A value of 0 uses p, 1 uses q and 2 uses g. 137 * There are 27 different combinations, with only the 1 valid combination. 138 */ 139 pind = tstid / 9; 140 qind = (tstid / 3) % 3; 141 gind = tstid % 3; 142 expected = (pind == 0 && qind == 1 && gind == 2); 143 144 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind), 145 getname(qind), getname(gind)); 146 147 if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) 148 || !TEST_ptr(dsa = DSA_new()) 149 || !TEST_ptr(p = BN_dup(bn[pind])) 150 || !TEST_ptr(q = BN_dup(bn[qind])) 151 || !TEST_ptr(g = BN_dup(bn[gind])) 152 || !TEST_true(DSA_set0_pqg(dsa, p, q, g))) 153 goto err; 154 p = q = g = NULL; 155 156 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa))) 157 goto err; 158 dsa = NULL; 159 160 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) 161 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) 162 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) 163 goto err; 164 165 if (expected) { 166 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)) 167 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1)) 168 goto err; 169 } 170 171 ret = 1; 172 err: 173 EVP_PKEY_free(pkey); 174 EVP_PKEY_free(dup_pk); 175 EVP_PKEY_CTX_free(gen_ctx); 176 EVP_PKEY_free(pkey_parm); 177 DSA_free(dsa); 178 BN_free(g); 179 BN_free(q); 180 BN_free(p); 181 return ret; 182 } 183 #endif /* OPENSSL_NO_DSA */ 184 185 #ifndef OPENSSL_NO_DH 186 static int do_dh_param_keygen(int tstid, const BIGNUM **bn) 187 { 188 int ret = 0; 189 int expected; 190 EVP_PKEY_CTX *gen_ctx = NULL; 191 EVP_PKEY *pkey_parm = NULL; 192 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 193 DH *dh = NULL; 194 int pind, qind, gind; 195 BIGNUM *p = NULL, *q = NULL, *g = NULL; 196 197 /* 198 * These tests are using bad values for p, q, g by reusing the values. 199 * A value of 0 uses p, 1 uses q and 2 uses g. 200 * There are 27 different combinations, with only the 1 valid combination. 201 */ 202 pind = tstid / 9; 203 qind = (tstid / 3) % 3; 204 gind = tstid % 3; 205 expected = (pind == 0 && qind == 1 && gind == 2); 206 207 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind), 208 getname(qind), getname(gind)); 209 210 if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) 211 || !TEST_ptr(dh = DH_new()) 212 || !TEST_ptr(p = BN_dup(bn[pind])) 213 || !TEST_ptr(q = BN_dup(bn[qind])) 214 || !TEST_ptr(g = BN_dup(bn[gind])) 215 || !TEST_true(DH_set0_pqg(dh, p, q, g))) 216 goto err; 217 p = q = g = NULL; 218 219 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh))) 220 goto err; 221 dh = NULL; 222 223 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) 224 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) 225 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) 226 goto err; 227 228 if (expected) { 229 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)) 230 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1)) 231 goto err; 232 } 233 234 ret = 1; 235 err: 236 EVP_PKEY_free(pkey); 237 EVP_PKEY_free(dup_pk); 238 EVP_PKEY_CTX_free(gen_ctx); 239 EVP_PKEY_free(pkey_parm); 240 DH_free(dh); 241 BN_free(g); 242 BN_free(q); 243 BN_free(p); 244 return ret; 245 } 246 247 /* 248 * Note that we get the fips186-4 path being run for most of these cases since 249 * the internal code will detect that the p, q, g does not match a safe prime 250 * group (Except for when tstid = 5, which sets the correct p, q, g) 251 */ 252 static int test_dh_safeprime_param_keygen(int tstid) 253 { 254 static const BIGNUM *bn[] = { 255 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q, 256 &ossl_bignum_const_2 257 }; 258 return do_dh_param_keygen(tstid, bn); 259 } 260 261 static int dhx_cert_load(void) 262 { 263 int ret = 0; 264 X509 *cert = NULL; 265 BIO *bio = NULL; 266 267 static const unsigned char dhx_cert[] = { 268 0x30, 0x82, 0x03, 0xff, 0x30, 0x82, 0x02, 0xe7, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 269 0xdb, 0xf5, 0x4d, 0x22, 0xa0, 0x7a, 0x67, 0xa6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 270 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 271 0x04, 0x06, 0x13, 0x02, 0x55, 0x4b, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 272 0x0d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x1d, 273 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x2f, 274 0x4d, 0x49, 0x4d, 0x45, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 275 0x0d, 0x31, 0x33, 0x30, 0x38, 0x30, 0x32, 0x31, 0x34, 0x34, 0x39, 0x32, 0x39, 0x5a, 0x17, 0x0d, 276 0x32, 0x33, 0x30, 0x36, 0x31, 0x31, 0x31, 0x34, 0x34, 0x39, 0x32, 0x39, 0x5a, 0x30, 0x44, 0x31, 277 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x4b, 0x31, 0x16, 0x30, 0x14, 278 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, 279 0x72, 0x6f, 0x75, 0x70, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x54, 280 0x65, 0x73, 0x74, 0x20, 0x53, 0x2f, 0x4d, 0x49, 0x4d, 0x45, 0x20, 0x45, 0x45, 0x20, 0x44, 0x48, 281 0x20, 0x23, 0x31, 0x30, 0x82, 0x01, 0xb6, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48, 282 0xce, 0x3e, 0x02, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xd4, 0x0c, 0x4a, 0x0c, 283 0x04, 0x72, 0x71, 0x19, 0xdf, 0x59, 0x19, 0xc5, 0xaf, 0x44, 0x7f, 0xca, 0x8e, 0x2b, 0xf0, 0x09, 284 0xf5, 0xd3, 0x25, 0xb1, 0x73, 0x16, 0x55, 0x89, 0xdf, 0xfd, 0x07, 0xaf, 0x19, 0xd3, 0x7f, 0xd0, 285 0x07, 0xa2, 0xfe, 0x3f, 0x5a, 0xf1, 0x01, 0xc6, 0xf8, 0x2b, 0xef, 0x4e, 0x6d, 0x03, 0x38, 0x42, 286 0xa1, 0x37, 0xd4, 0x14, 0xb4, 0x00, 0x4a, 0xb1, 0x86, 0x5a, 0x83, 0xce, 0xb9, 0x08, 0x0e, 0xc1, 287 0x99, 0x27, 0x47, 0x8d, 0x0b, 0x85, 0xa8, 0x82, 0xed, 0xcc, 0x0d, 0xb9, 0xb0, 0x32, 0x7e, 0xdf, 288 0xe8, 0xe4, 0xf6, 0xf6, 0xec, 0xb3, 0xee, 0x7a, 0x11, 0x34, 0x65, 0x97, 0xfc, 0x1a, 0xb0, 0x95, 289 0x4b, 0x19, 0xb9, 0xa6, 0x1c, 0xd9, 0x01, 0x32, 0xf7, 0x35, 0x7c, 0x2d, 0x5d, 0xfe, 0xc1, 0x85, 290 0x70, 0x49, 0xf8, 0xcc, 0x99, 0xd0, 0xbe, 0xf1, 0x5a, 0x78, 0xc8, 0x03, 0x02, 0x81, 0x80, 0x69, 291 0x00, 0xfd, 0x66, 0xf2, 0xfc, 0x15, 0x8b, 0x09, 0xb8, 0xdc, 0x4d, 0xea, 0xaa, 0x79, 0x55, 0xf9, 292 0xdf, 0x46, 0xa6, 0x2f, 0xca, 0x2d, 0x8f, 0x59, 0x2a, 0xad, 0x44, 0xa3, 0xc6, 0x18, 0x2f, 0x95, 293 0xb6, 0x16, 0x20, 0xe3, 0xd3, 0xd1, 0x8f, 0x03, 0xce, 0x71, 0x7c, 0xef, 0x3a, 0xc7, 0x44, 0x39, 294 0x0e, 0xe2, 0x1f, 0xd8, 0xd3, 0x89, 0x2b, 0xe7, 0x51, 0xdc, 0x12, 0x48, 0x4c, 0x18, 0x4d, 0x99, 295 0x12, 0x06, 0xe4, 0x17, 0x02, 0x03, 0x8c, 0x24, 0x05, 0x8e, 0xa6, 0x85, 0xf2, 0x69, 0x1b, 0xe1, 296 0x6a, 0xdc, 0xe2, 0x04, 0x3a, 0x01, 0x9d, 0x64, 0xbe, 0xfe, 0x45, 0xf9, 0x44, 0x18, 0x71, 0xbd, 297 0x2d, 0x3e, 0x7a, 0x6f, 0x72, 0x7d, 0x1a, 0x80, 0x42, 0x57, 0xae, 0x18, 0x6f, 0x91, 0xd6, 0x61, 298 0x03, 0x8a, 0x1c, 0x89, 0x73, 0xc7, 0x56, 0x41, 0x03, 0xd3, 0xf8, 0xed, 0x65, 0xe2, 0x85, 0x02, 299 0x15, 0x00, 0x89, 0x94, 0xab, 0x10, 0x67, 0x45, 0x41, 0xad, 0x63, 0xc6, 0x71, 0x40, 0x8d, 0x6b, 300 0x9e, 0x19, 0x5b, 0xa4, 0xc7, 0xf5, 0x03, 0x81, 0x84, 0x00, 0x02, 0x81, 0x80, 0x2f, 0x5b, 0xde, 301 0x72, 0x02, 0x36, 0x6b, 0x00, 0x5e, 0x24, 0x7f, 0x14, 0x2c, 0x18, 0x52, 0x42, 0x97, 0x4b, 0xdb, 302 0x6e, 0x15, 0x50, 0x3c, 0x45, 0x3e, 0x25, 0xf3, 0xb7, 0xc5, 0x6e, 0xe5, 0x52, 0xe7, 0xc4, 0xfb, 303 0xf4, 0xa5, 0xf0, 0x39, 0x12, 0x7f, 0xbc, 0x54, 0x1c, 0x93, 0xb9, 0x5e, 0xee, 0xe9, 0x14, 0xb0, 304 0xdf, 0xfe, 0xfc, 0x36, 0xe4, 0xf2, 0xaf, 0xfb, 0x13, 0xc8, 0xdf, 0x18, 0x94, 0x1d, 0x40, 0xb9, 305 0x71, 0xdd, 0x4c, 0x9c, 0xa7, 0x03, 0x52, 0x02, 0xb5, 0xed, 0x71, 0x80, 0x3e, 0x23, 0xda, 0x28, 306 0xe5, 0xab, 0xe7, 0x6f, 0xf2, 0x0a, 0x0e, 0x00, 0x5b, 0x7d, 0xc6, 0x4b, 0xd7, 0xc7, 0xb2, 0xc3, 307 0xba, 0x62, 0x7f, 0x70, 0x28, 0xa0, 0x9d, 0x71, 0x13, 0x70, 0xd1, 0x9f, 0x32, 0x2f, 0x3e, 0xd2, 308 0xcd, 0x1b, 0xa4, 0xc6, 0x72, 0xa0, 0x74, 0x5d, 0x71, 0xef, 0x03, 0x43, 0x6e, 0xa3, 0x60, 0x30, 309 0x5e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 310 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xe0, 0x30, 311 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x0b, 0x5a, 0x4d, 0x5f, 0x7d, 0x25, 312 0xc7, 0xf2, 0x9d, 0xc1, 0xaa, 0xb7, 0x63, 0x82, 0x2f, 0xfa, 0x8f, 0x32, 0xe7, 0xc0, 0x30, 0x1f, 313 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xdf, 0x7e, 0x5e, 0x88, 0x05, 314 0x24, 0x33, 0x08, 0xdd, 0x22, 0x81, 0x02, 0x97, 0xcc, 0x9a, 0xb7, 0xb1, 0x33, 0x27, 0x30, 0x30, 315 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 316 0x01, 0x01, 0x00, 0x5a, 0xf2, 0x63, 0xef, 0xd3, 0x16, 0xd7, 0xf5, 0xaa, 0xdd, 0x12, 0x00, 0x36, 317 0x00, 0x21, 0xa2, 0x7b, 0x08, 0xd6, 0x3b, 0x9f, 0x62, 0xac, 0x53, 0x1f, 0xed, 0x4c, 0xd1, 0x15, 318 0x34, 0x65, 0x71, 0xee, 0x96, 0x07, 0xa6, 0xef, 0xb2, 0xde, 0xd8, 0xbb, 0x35, 0x6e, 0x2c, 0xe2, 319 0xd1, 0x26, 0xef, 0x7e, 0x94, 0xe2, 0x88, 0x51, 0xa4, 0x6c, 0xaa, 0x27, 0x2a, 0xd3, 0xb6, 0xc2, 320 0xf7, 0xea, 0xc3, 0x0b, 0xa9, 0xb5, 0x28, 0x37, 0xa2, 0x63, 0x08, 0xe4, 0x88, 0xc0, 0x1b, 0x16, 321 0x1b, 0xca, 0xfd, 0x8a, 0x07, 0x32, 0x29, 0xa7, 0x53, 0xb5, 0x2d, 0x30, 0xe4, 0xf5, 0x16, 0xc3, 322 0xe3, 0xc2, 0x4c, 0x30, 0x5d, 0x35, 0x80, 0x1c, 0xa2, 0xdb, 0xe3, 0x4b, 0x51, 0x0d, 0x4c, 0x60, 323 0x5f, 0xb9, 0x46, 0xac, 0xa8, 0x46, 0xa7, 0x32, 0xa7, 0x9c, 0x76, 0xf8, 0xe9, 0xb5, 0x19, 0xe2, 324 0x0c, 0xe1, 0x0f, 0xc6, 0x46, 0xe2, 0x38, 0xa7, 0x87, 0x72, 0x6d, 0x6c, 0xbc, 0x88, 0x2f, 0x9d, 325 0x2d, 0xe5, 0xd0, 0x7d, 0x1e, 0xc7, 0x5d, 0xf8, 0x7e, 0xb4, 0x0b, 0xa6, 0xf9, 0x6c, 0xe3, 0x7c, 326 0xb2, 0x70, 0x6e, 0x75, 0x9b, 0x1e, 0x63, 0xe1, 0x4d, 0xb2, 0x81, 0xd3, 0x55, 0x38, 0x94, 0x1a, 327 0x7a, 0xfa, 0xbf, 0x01, 0x18, 0x70, 0x2d, 0x35, 0xd3, 0xe3, 0x10, 0x7a, 0x9a, 0xa7, 0x8f, 0xf3, 328 0xbd, 0x56, 0x55, 0x5e, 0xd8, 0xbd, 0x4e, 0x16, 0x76, 0xd0, 0x48, 0x4c, 0xf9, 0x51, 0x54, 0xdf, 329 0x2d, 0xb0, 0xc9, 0xaa, 0x5e, 0x42, 0x38, 0x50, 0xbf, 0x0f, 0xc0, 0xd9, 0x84, 0x44, 0x4b, 0x42, 330 0x24, 0xec, 0x14, 0xa3, 0xde, 0x11, 0xdf, 0x58, 0x7f, 0xc2, 0x4d, 0xb2, 0xd5, 0x42, 0x78, 0x6e, 331 0x52, 0x3e, 0xad, 0xc3, 0x5f, 0x04, 0xc4, 0xe6, 0x31, 0xaa, 0x81, 0x06, 0x8b, 0x13, 0x4b, 0x3c, 332 0x0e, 0x6a, 0xb1 333 }; 334 335 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert))) 336 || !TEST_ptr(cert = X509_new_ex(libctx, NULL)) 337 || !TEST_ptr(d2i_X509_bio(bio, &cert))) 338 goto err; 339 ret = 1; 340 err: 341 X509_free(cert); 342 BIO_free(bio); 343 return ret; 344 } 345 346 #endif /* OPENSSL_NO_DH */ 347 348 static int test_cipher_reinit(int test_id) 349 { 350 int ret = 0, diff, ccm, siv, no_null_key; 351 int out1_len = 0, out2_len = 0, out3_len = 0; 352 EVP_CIPHER *cipher = NULL; 353 EVP_CIPHER_CTX *ctx = NULL; 354 unsigned char out1[256]; 355 unsigned char out2[256]; 356 unsigned char out3[256]; 357 unsigned char in[16] = { 358 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 359 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 360 }; 361 unsigned char key[64] = { 362 0x00, 363 0x01, 364 0x02, 365 0x03, 366 0x04, 367 0x05, 368 0x06, 369 0x07, 370 0x08, 371 0x09, 372 0x0a, 373 0x0b, 374 0x0c, 375 0x0d, 376 0x0e, 377 0x0f, 378 0x01, 379 0x01, 380 0x02, 381 0x03, 382 0x04, 383 0x05, 384 0x06, 385 0x07, 386 0x08, 387 0x09, 388 0x0a, 389 0x0b, 390 0x0c, 391 0x0d, 392 0x0e, 393 0x0f, 394 0x02, 395 0x01, 396 0x02, 397 0x03, 398 0x04, 399 0x05, 400 0x06, 401 0x07, 402 0x08, 403 0x09, 404 0x0a, 405 0x0b, 406 0x0c, 407 0x0d, 408 0x0e, 409 0x0f, 410 0x03, 411 0x01, 412 0x02, 413 0x03, 414 0x04, 415 0x05, 416 0x06, 417 0x07, 418 0x08, 419 0x09, 420 0x0a, 421 0x0b, 422 0x0c, 423 0x0d, 424 0x0e, 425 0x0f, 426 }; 427 unsigned char iv[48] = { 428 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 429 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 430 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 431 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 432 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 433 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 434 }; 435 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id); 436 437 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 438 goto err; 439 440 TEST_note("Fetching %s\n", name); 441 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) 442 goto err; 443 444 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */ 445 ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE); 446 447 /* siv cannot be called with NULL key as the iv is irrelevant */ 448 siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE); 449 450 /* 451 * Skip init call with a null key for RC4 as the stream cipher does not 452 * handle reinit (1.1.1 behaviour). 453 */ 454 no_null_key = EVP_CIPHER_is_a(cipher, "RC4") 455 || EVP_CIPHER_is_a(cipher, "RC4-40") 456 || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5"); 457 458 /* DES3-WRAP uses random every update - so it will give a different value */ 459 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP"); 460 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) 461 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in))) 462 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) 463 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)), 464 ccm ? 0 : 1) 465 || (!no_null_key 466 && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) 467 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)), 468 ccm || siv ? 0 : 1)))) 469 goto err; 470 471 if (ccm == 0) { 472 if (diff) { 473 if (!TEST_mem_ne(out1, out1_len, out2, out2_len) 474 || !TEST_mem_ne(out1, out1_len, out3, out3_len) 475 || !TEST_mem_ne(out2, out2_len, out3, out3_len)) 476 goto err; 477 } else { 478 if (!TEST_mem_eq(out1, out1_len, out2, out2_len) 479 || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len))) 480 goto err; 481 } 482 } 483 ret = 1; 484 err: 485 EVP_CIPHER_free(cipher); 486 EVP_CIPHER_CTX_free(ctx); 487 return ret; 488 } 489 490 /* 491 * This test only uses a partial block (half the block size) of input for each 492 * EVP_EncryptUpdate() in order to test that the second init/update is not using 493 * a leftover buffer from the first init/update. 494 * Note: some ciphers don't need a full block to produce output. 495 */ 496 static int test_cipher_reinit_partialupdate(int test_id) 497 { 498 int ret = 0, in_len; 499 int out1_len = 0, out2_len = 0, out3_len = 0; 500 EVP_CIPHER *cipher = NULL; 501 EVP_CIPHER_CTX *ctx = NULL; 502 unsigned char out1[256]; 503 unsigned char out2[256]; 504 unsigned char out3[256]; 505 static const unsigned char in[32] = { 506 0x08, 507 0x09, 508 0x0a, 509 0x0b, 510 0x0c, 511 0x0d, 512 0x0e, 513 0x0f, 514 0xba, 515 0xbe, 516 0xba, 517 0xbe, 518 0x00, 519 0x00, 520 0xba, 521 0xbe, 522 0x01, 523 0x01, 524 0x02, 525 0x03, 526 0x04, 527 0x05, 528 0x06, 529 0x07, 530 0x08, 531 0x09, 532 0x0a, 533 0x0b, 534 0x0c, 535 0x0d, 536 0x0e, 537 0x0f, 538 }; 539 static const unsigned char key[64] = { 540 0x00, 541 0x01, 542 0x02, 543 0x03, 544 0x04, 545 0x05, 546 0x06, 547 0x07, 548 0x08, 549 0x09, 550 0x0a, 551 0x0b, 552 0x0c, 553 0x0d, 554 0x0e, 555 0x0f, 556 0x01, 557 0x01, 558 0x02, 559 0x03, 560 0x04, 561 0x05, 562 0x06, 563 0x07, 564 0x08, 565 0x09, 566 0x0a, 567 0x0b, 568 0x0c, 569 0x0d, 570 0x0e, 571 0x0f, 572 0x02, 573 0x01, 574 0x02, 575 0x03, 576 0x04, 577 0x05, 578 0x06, 579 0x07, 580 0x08, 581 0x09, 582 0x0a, 583 0x0b, 584 0x0c, 585 0x0d, 586 0x0e, 587 0x0f, 588 0x03, 589 0x01, 590 0x02, 591 0x03, 592 0x04, 593 0x05, 594 0x06, 595 0x07, 596 0x08, 597 0x09, 598 0x0a, 599 0x0b, 600 0x0c, 601 0x0d, 602 0x0e, 603 0x0f, 604 }; 605 static const unsigned char iv[48] = { 606 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 607 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 608 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 609 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 610 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 611 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 612 }; 613 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id); 614 615 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 616 goto err; 617 618 TEST_note("Fetching %s\n", name); 619 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) 620 goto err; 621 622 in_len = EVP_CIPHER_get_block_size(cipher); 623 if (!TEST_int_gt(in_len, 0)) 624 goto err; 625 if (in_len > 1) 626 in_len /= 2; 627 628 /* skip any ciphers that don't allow partial updates */ 629 if (((EVP_CIPHER_get_flags(cipher) 630 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) 631 != 0) 632 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE 633 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE 634 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) { 635 ret = 1; 636 goto err; 637 } 638 639 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) 640 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len)) 641 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) 642 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len))) 643 goto err; 644 645 if (EVP_CIPHER_get_iv_length(cipher) != 0) 646 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) 647 goto err; 648 649 if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) { 650 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) 651 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len))) 652 goto err; 653 654 if (EVP_CIPHER_get_iv_length(cipher) != 0) 655 if (!TEST_mem_eq(out1, out1_len, out3, out3_len)) 656 goto err; 657 } 658 ret = 1; 659 err: 660 EVP_CIPHER_free(cipher); 661 EVP_CIPHER_CTX_free(ctx); 662 return ret; 663 } 664 665 static int name_cmp(const char *const *a, const char *const *b) 666 { 667 return OPENSSL_strcasecmp(*a, *b); 668 } 669 670 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) 671 { 672 STACK_OF(OPENSSL_STRING) *names = cipher_names_list; 673 const char *name = EVP_CIPHER_get0_name(cipher); 674 char *namedup = NULL; 675 676 /* Skip Triple-DES encryption operations in FIPS mode */ 677 if (OSSL_PROVIDER_available(libctx, "fips") 678 && strncmp(name, "DES", 3) == 0) 679 return; 680 assert(name != NULL); 681 /* the cipher will be freed after returning, strdup is needed */ 682 if ((namedup = OPENSSL_strdup(name)) != NULL 683 && !sk_OPENSSL_STRING_push(names, namedup)) 684 OPENSSL_free(namedup); 685 } 686 687 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv) 688 { 689 int ret = 0; 690 unsigned char *pub_der = NULL; 691 const unsigned char *pp = NULL; 692 size_t len = 0; 693 OSSL_ENCODER_CTX *ectx = NULL; 694 695 if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)bits)) 696 || !TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(*priv, 697 EVP_PKEY_PUBLIC_KEY, 698 "DER", "type-specific", 699 NULL)) 700 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len))) 701 goto err; 702 pp = pub_der; 703 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len))) 704 goto err; 705 ret = 1; 706 err: 707 OSSL_ENCODER_CTX_free(ectx); 708 OPENSSL_free(pub_der); 709 return ret; 710 } 711 712 static int kem_rsa_gen_recover(void) 713 { 714 int ret = 0; 715 EVP_PKEY *pub = NULL; 716 EVP_PKEY *priv = NULL; 717 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL; 718 unsigned char secret[256] = { 719 0, 720 }; 721 unsigned char ct[256] = { 722 0, 723 }; 724 unsigned char unwrap[256] = { 725 0, 726 }; 727 size_t ctlen = 0, unwraplen = 0, secretlen = 0; 728 int bits = 2048; 729 730 ret = TEST_true(rsa_keygen(bits, &pub, &priv)) 731 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) 732 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1) 733 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) 734 && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx)) 735 /* Test that providing a NULL wrappedlen fails */ 736 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, NULL, NULL, NULL), 0) 737 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL, 738 &secretlen), 739 1) 740 && TEST_int_eq(ctlen, secretlen) 741 && TEST_int_eq(ctlen, bits / 8) 742 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, 743 &secretlen), 744 1) 745 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) 746 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1) 747 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1) 748 /* Test that providing a NULL unwrappedlen fails */ 749 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, NULL, ct, ctlen), 0) 750 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen, 751 ct, ctlen), 752 1) 753 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, 754 ct, ctlen), 755 1) 756 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen); 757 758 /* Test that providing a too short unwrapped/ctlen fails */ 759 if (fips_provider_version_match(libctx, ">=3.4.0")) { 760 ctlen = 1; 761 if (!TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, 762 &secretlen), 763 0)) 764 ret = 0; 765 unwraplen = 1; 766 if (!TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, ct, 767 ctlen), 768 0)) 769 ret = 0; 770 } 771 772 EVP_PKEY_free(pub); 773 EVP_PKEY_free(priv); 774 EVP_PKEY_CTX_free(rctx); 775 EVP_PKEY_CTX_free(dctx); 776 EVP_PKEY_CTX_free(sctx); 777 return ret; 778 } 779 780 #ifndef OPENSSL_NO_DES 781 /* 782 * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly 783 * For fips mode this code would produce an error if the flag is not set. 784 */ 785 static int test_cipher_tdes_randkey(void) 786 { 787 int ret; 788 EVP_CIPHER_CTX *ctx = NULL; 789 EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL; 790 unsigned char key[24] = { 0 }; 791 OSSL_PARAM params[2]; 792 int check = 0; 793 794 params[0] = OSSL_PARAM_construct_int("encrypt-check", &check); 795 params[1] = OSSL_PARAM_construct_end(); 796 ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL)) 797 && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0) 798 && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL)) 799 && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0) 800 && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 801 && TEST_true(EVP_CipherInit_ex2(ctx, tdes_cipher, NULL, NULL, 1, 802 params)) 803 && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0); 804 805 EVP_CIPHER_CTX_free(ctx); 806 EVP_CIPHER_free(tdes_cipher); 807 EVP_CIPHER_free(aes_cipher); 808 return ret; 809 } 810 #endif /* OPENSSL_NO_DES */ 811 812 static int kem_rsa_params(void) 813 { 814 int ret = 0; 815 EVP_PKEY *pub = NULL; 816 EVP_PKEY *priv = NULL; 817 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL; 818 unsigned char secret[256] = { 819 0, 820 }; 821 unsigned char ct[256] = { 822 0, 823 }; 824 size_t ctlen = 0, secretlen = 0; 825 826 ret = TEST_true(rsa_keygen(2048, &pub, &priv)) 827 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) 828 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) 829 /* Test setting kem op before the init fails */ 830 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2) 831 /* Test NULL ctx passed */ 832 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0) 833 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0) 834 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0) 835 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0) 836 /* Test Invalid operation */ 837 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1) 838 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0) 839 /* Wrong key component - no secret should be returned on failure */ 840 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1) 841 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) 842 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct, 843 sizeof(ct)), 844 0) 845 && TEST_uchar_eq(secret[0], 0) 846 /* Unless older FIPS, test encapsulate succeeds even if the mode is not set */ 847 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1) 848 && (is_fips_lt_3_5 || (TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1) && TEST_true(ctlen <= sizeof(ct)) && TEST_true(secretlen <= sizeof(secret)) && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), 1))) 849 /* Test setting a bad kem ops fail */ 850 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0) 851 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0) 852 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0) 853 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0) 854 /* Test secretlen is optional */ 855 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) 856 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) 857 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1) 858 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) 859 /* Test outlen is optional */ 860 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) 861 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1) 862 /* test that either len must be set if out is NULL */ 863 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0) 864 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) 865 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) 866 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1) 867 /* Secret buffer should be set if there is an output buffer */ 868 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0) 869 /* Test that lengths are optional if ct is not NULL */ 870 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1) 871 /* Pass if secret or secret length are not NULL */ 872 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1) 873 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1) 874 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1) 875 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1) 876 && TEST_int_eq(secretlen, 256) 877 /* Fail if passed NULL arguments */ 878 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0) 879 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0) 880 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0) 881 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0); 882 883 EVP_PKEY_free(pub); 884 EVP_PKEY_free(priv); 885 EVP_PKEY_CTX_free(pubctx); 886 EVP_PKEY_CTX_free(privctx); 887 return ret; 888 } 889 890 #ifndef OPENSSL_NO_DH 891 static EVP_PKEY *gen_dh_key(void) 892 { 893 EVP_PKEY_CTX *gctx = NULL; 894 EVP_PKEY *pkey = NULL; 895 OSSL_PARAM params[2]; 896 897 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); 898 params[1] = OSSL_PARAM_construct_end(); 899 900 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 901 || !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0) 902 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) 903 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey))) 904 goto err; 905 err: 906 EVP_PKEY_CTX_free(gctx); 907 return pkey; 908 } 909 910 /* Fail if we try to use a dh key */ 911 static int kem_invalid_keytype(void) 912 { 913 int ret = 0; 914 EVP_PKEY *key = NULL; 915 EVP_PKEY_CTX *sctx = NULL; 916 917 if (!TEST_ptr(key = gen_dh_key())) 918 goto done; 919 920 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL))) 921 goto done; 922 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2)) 923 goto done; 924 925 ret = 1; 926 done: 927 EVP_PKEY_free(key); 928 EVP_PKEY_CTX_free(sctx); 929 return ret; 930 } 931 #endif /* OPENSSL_NO_DH */ 932 933 int setup_tests(void) 934 { 935 const char *prov_name = "default"; 936 char *config_file = NULL; 937 OPTION_CHOICE o; 938 939 while ((o = opt_next()) != OPT_EOF) { 940 switch (o) { 941 case OPT_PROVIDER_NAME: 942 prov_name = opt_arg(); 943 break; 944 case OPT_CONFIG_FILE: 945 config_file = opt_arg(); 946 break; 947 case OPT_TEST_CASES: 948 break; 949 default: 950 case OPT_ERR: 951 return 0; 952 } 953 } 954 955 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) 956 return 0; 957 958 ADD_TEST(test_evp_cipher_api_safety); 959 960 if (strcmp(prov_name, "fips") == 0) 961 is_fips = 1; 962 963 is_fips_lt_3_5 = is_fips && fips_provider_version_lt(libctx, 3, 5, 0); 964 965 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) 966 if (!is_fips || fips_provider_version_lt(libctx, 3, 4, 0)) 967 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); 968 #endif 969 #ifndef OPENSSL_NO_DH 970 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); 971 ADD_TEST(dhx_cert_load); 972 #endif 973 974 if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp))) 975 return 0; 976 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names); 977 978 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names)); 979 ADD_ALL_TESTS(test_cipher_reinit_partialupdate, 980 sk_OPENSSL_STRING_num(cipher_names)); 981 ADD_TEST(kem_rsa_gen_recover); 982 ADD_TEST(kem_rsa_params); 983 #ifndef OPENSSL_NO_DH 984 ADD_TEST(kem_invalid_keytype); 985 #endif 986 #ifndef OPENSSL_NO_DES 987 ADD_TEST(test_cipher_tdes_randkey); 988 #endif 989 return 1; 990 } 991 992 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ 993 static void string_free(char *m) 994 { 995 OPENSSL_free(m); 996 } 997 998 void cleanup_tests(void) 999 { 1000 sk_OPENSSL_STRING_pop_free(cipher_names, string_free); 1001 OSSL_PROVIDER_unload(libprov); 1002 OSSL_LIB_CTX_free(libctx); 1003 OSSL_PROVIDER_unload(nullprov); 1004 } 1005