test/evp_libctx_test.c

   1 /*
   2  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11
  12  * These tests are setup to load null into the default library context.
  13  * Any tests are expected to use the created 'libctx' to find algorithms.
  14  * The framework runs the tests twice using the 'default' provider or
  15  * 'fips' provider as inputs.
  16  */
  17
  18 /*
  19  * DSA/DH low level APIs are deprecated for public use, but still ok for
  20  * internal use.
  21  */
  22 #include "internal/deprecated.h"
  23 #include <openssl/evp.h>
  24 #include <openssl/provider.h>
  25 #include <openssl/dsa.h>
  26 #include <openssl/dh.h>
  27 #include <openssl/safestack.h>
  28 #include <openssl/core_names.h>
  29 #include <openssl/x509.h>
  30 #include "testutil.h"
  31 #include "internal/nelem.h"
  32 #include "crypto/bn_dh.h"   /* _bignum_ffdhe2048_p */
  33 #include "../e_os.h"        /* strcasecmp */
  34
  35 static OPENSSL_CTX *libctx = NULL;
  36 static OSSL_PROVIDER *nullprov = NULL;
  37 static OSSL_PROVIDER *libprov = NULL;
  38 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
  39
  40 typedef enum OPTION_choice {
  41     OPT_ERR = -1,
  42     OPT_EOF = 0,
  43     OPT_CONFIG_FILE,
  44     OPT_PROVIDER_NAME,
  45     OPT_TEST_ENUM
  46 } OPTION_CHOICE;
  47
  48 const OPTIONS *test_get_options(void)
  49 {
  50     static const OPTIONS test_options[] = {
  51         OPT_TEST_OPTIONS_DEFAULT_USAGE,
  52         { "config", OPT_CONFIG_FILE, '<',
  53           "The configuration file to use for the libctx" },
  54         { "provider", OPT_PROVIDER_NAME, 's',
  55           "The provider to load (The default value is 'default'" },
  56         { NULL }
  57     };
  58     return test_options;
  59 }
  60
  61 #ifndef OPENSSL_NO_DH
  62 static const char *getname(int id)
  63 {
  64     const char *name[] = {"p", "q", "g" };
  65
  66     if (id >= 0 && id < 3)
  67         return name[id];
  68     return "?";
  69 }
  70 #endif
  71
  72 /*
  73  * We're using some DH specific values in this test, so we skip compilation if
  74  * we're in a no-dh build.
  75  */
  76 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
  77
  78 static int test_dsa_param_keygen(int tstid)
  79 {
  80     int ret = 0;
  81     int expected;
  82     EVP_PKEY_CTX *gen_ctx = NULL;
  83     EVP_PKEY *pkey_parm = NULL;
  84     EVP_PKEY *pkey = NULL;
  85     DSA *dsa = NULL;
  86     int pind, qind, gind;
  87     BIGNUM *p = NULL, *q = NULL, *g = NULL;
  88
  89     /*
  90      * Just grab some fixed dh p, q, g values for testing,
  91      * these 'safe primes' should not be used normally for dsa *.
  92      */
  93     static const BIGNUM *bn[] = {
  94         &_bignum_dh2048_256_p,  &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
  95     };
  96
  97     /*
  98      * These tests are using bad values for p, q, g by reusing the values.
  99      * A value of 0 uses p, 1 uses q and 2 uses g.
 100      * There are 27 different combinations, with only the 1 valid combination.
 101      */
 102     pind = tstid / 9;
 103     qind = (tstid / 3) % 3;
 104     gind = tstid % 3;
 105     expected  = (pind == 0 && qind == 1 && gind == 2);
 106
 107     TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
 108               getname(qind), getname(gind));
 109
 110     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 111         || !TEST_ptr(dsa = DSA_new())
 112         || !TEST_ptr(p = BN_dup(bn[pind]))
 113         || !TEST_ptr(q = BN_dup(bn[qind]))
 114         || !TEST_ptr(g = BN_dup(bn[gind]))
 115         || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
 116         goto err;
 117     p = q = g = NULL;
 118
 119     if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
 120         goto err;
 121     dsa = NULL;
 122
 123     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 124         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 125         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 126         goto err;
 127     ret = 1;
 128 err:
 129     EVP_PKEY_free(pkey);
 130     EVP_PKEY_CTX_free(gen_ctx);
 131     EVP_PKEY_free(pkey_parm);
 132     DSA_free(dsa);
 133     BN_free(g);
 134     BN_free(q);
 135     BN_free(p);
 136     return ret;
 137 }
 138 #endif /* OPENSSL_NO_DSA */
 139
 140 #ifndef OPENSSL_NO_DH
 141 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
 142 {
 143     int ret = 0;
 144     int expected;
 145     EVP_PKEY_CTX *gen_ctx = NULL;
 146     EVP_PKEY *pkey_parm = NULL;
 147     EVP_PKEY *pkey = NULL;
 148     DH *dh = NULL;
 149     int pind, qind, gind;
 150     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 151
 152     /*
 153      * These tests are using bad values for p, q, g by reusing the values.
 154      * A value of 0 uses p, 1 uses q and 2 uses g.
 155      * There are 27 different combinations, with only the 1 valid combination.
 156      */
 157     pind = tstid / 9;
 158     qind = (tstid / 3) % 3;
 159     gind = tstid % 3;
 160     expected  = (pind == 0 && qind == 1 && gind == 2);
 161
 162     TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
 163               getname(qind), getname(gind));
 164
 165     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 166         || !TEST_ptr(dh = DH_new())
 167         || !TEST_ptr(p = BN_dup(bn[pind]))
 168         || !TEST_ptr(q = BN_dup(bn[qind]))
 169         || !TEST_ptr(g = BN_dup(bn[gind]))
 170         || !TEST_true(DH_set0_pqg(dh, p, q, g)))
 171         goto err;
 172     p = q = g = NULL;
 173
 174     if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
 175         goto err;
 176     dh = NULL;
 177
 178     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 179         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 180         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 181         goto err;
 182     ret = 1;
 183 err:
 184     EVP_PKEY_free(pkey);
 185     EVP_PKEY_CTX_free(gen_ctx);
 186     EVP_PKEY_free(pkey_parm);
 187     DH_free(dh);
 188     BN_free(g);
 189     BN_free(q);
 190     BN_free(p);
 191     return ret;
 192 }
 193
 194 /*
 195  * Note that we get the fips186-4 path being run for most of these cases since
 196  * the internal code will detect that the p, q, g does not match a safe prime
 197  * group (Except for when tstid = 5, which sets the correct p, q, g)
 198  */
 199 static int test_dh_safeprime_param_keygen(int tstid)
 200 {
 201     static const BIGNUM *bn[] = {
 202         &_bignum_ffdhe2048_p,  &_bignum_ffdhe2048_q, &_bignum_const_2
 203     };
 204     return do_dh_param_keygen(tstid, bn);
 205 }
 206
 207 static int dhx_cert_load(void)
 208 {
 209     int ret = 0;
 210     X509 *cert = NULL;
 211     BIO *bio = NULL;
 212
 213     static const unsigned char dhx_cert[] = {
 214         0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
 215         0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
 216         0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
 217         0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
 218         0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
 219         0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
 220         0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
 221         0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
 222         0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
 223         0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
 224         0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
 225         0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
 226         0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
 227         0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
 228         0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
 229         0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
 230         0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
 231         0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
 232         0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
 233         0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
 234         0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
 235         0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
 236         0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
 237         0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
 238         0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
 239         0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
 240         0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
 241         0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
 242         0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
 243         0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
 244         0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
 245         0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
 246         0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
 247         0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
 248         0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
 249         0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
 250         0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
 251         0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
 252         0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
 253         0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
 254         0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
 255         0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
 256         0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
 257         0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
 258         0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
 259         0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
 260         0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
 261         0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
 262         0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
 263         0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
 264         0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
 265         0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
 266         0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
 267         0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
 268         0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
 269         0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
 270         0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
 271         0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
 272         0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
 273         0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
 274         0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
 275         0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
 276         0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
 277         0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
 278         0x0e,0x6a,0xb1
 279     };
 280
 281     if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
 282         || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
 283         || !TEST_ptr(d2i_X509_bio(bio, &cert)))
 284         goto err;
 285     ret = 1;
 286 err:
 287     X509_free(cert);
 288     BIO_free(bio);
 289     return ret;
 290 }
 291
 292 #endif /* OPENSSL_NO_DH */
 293
 294 static int test_cipher_reinit(int test_id)
 295 {
 296     int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
 297     EVP_CIPHER *cipher = NULL;
 298     EVP_CIPHER_CTX *ctx = NULL;
 299     unsigned char out1[256];
 300     unsigned char out2[256];
 301     unsigned char in[16] = {
 302         0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 303         0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
 304     };
 305     unsigned char key[64] = {
 306         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 307         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 308         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 309         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 310         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 311         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 312         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 313         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 314     };
 315     unsigned char iv[16] = {
 316         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 317         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 318     };
 319     const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
 320
 321     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 322         goto err;
 323
 324     TEST_note("Fetching %s\n", name);
 325     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 326         goto err;
 327
 328     /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
 329     ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
 330
 331     /* DES3-WRAP uses random every update - so it will give a different value */
 332     diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
 333
 334     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 335         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
 336         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 337         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
 338                         ccm ? 0 : 1))
 339         goto err;
 340
 341     if (ccm == 0) {
 342         if (diff) {
 343             if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
 344                 goto err;
 345         } else {
 346             if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
 347                 goto err;
 348         }
 349     }
 350     ret = 1;
 351 err:
 352     EVP_CIPHER_free(cipher);
 353     EVP_CIPHER_CTX_free(ctx);
 354     return ret;
 355 }
 356
 357 /*
 358  * This test only uses a partial block (half the block size) of input for each
 359  * EVP_EncryptUpdate() in order to test that the second init/update is not using
 360  * a leftover buffer from the first init/update.
 361  * Note: some ciphers don't need a full block to produce output.
 362  */
 363 static int test_cipher_reinit_partialupdate(int test_id)
 364 {
 365     int ret = 0, out1_len = 0, out2_len = 0, in_len;
 366     EVP_CIPHER *cipher = NULL;
 367     EVP_CIPHER_CTX *ctx = NULL;
 368     unsigned char out1[256];
 369     unsigned char out2[256];
 370     static const unsigned char in[32] = {
 371         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 372         0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
 373         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 374         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 375     };
 376     static const unsigned char key[64] = {
 377         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 378         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 379         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 380         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 381         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 382         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 383         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 384         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 385     };
 386     static const unsigned char iv[16] = {
 387         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 388         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 389     };
 390     const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
 391
 392     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 393         goto err;
 394
 395     TEST_note("Fetching %s\n", name);
 396     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 397         goto err;
 398
 399     in_len = EVP_CIPHER_block_size(cipher) / 2;
 400
 401     /* skip any ciphers that don't allow partial updates */
 402     if (((EVP_CIPHER_flags(cipher)
 403           & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
 404         || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
 405         || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
 406         || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
 407         ret = 1;
 408         goto err;
 409     }
 410
 411     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 412         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
 413         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 414         || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
 415         goto err;
 416
 417     /* DES3-WRAP uses random every update - so it will give a different value */
 418     if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
 419         if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
 420             goto err;
 421     } else {
 422         if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
 423             goto err;
 424     }
 425     ret = 1;
 426 err:
 427     EVP_CIPHER_free(cipher);
 428     EVP_CIPHER_CTX_free(ctx);
 429     return ret;
 430 }
 431
 432
 433 static int name_cmp(const char * const *a, const char * const *b)
 434 {
 435     return strcasecmp(*a, *b);
 436 }
 437
 438 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
 439 {
 440     STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
 441
 442     sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
 443 }
 444
 445 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 446 {
 447     int ret = 0;
 448     EVP_PKEY_CTX *keygen_ctx = NULL;
 449     unsigned char *pub_der = NULL;
 450     const unsigned char *pp = NULL;
 451     long len = 0;
 452
 453     if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
 454         || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
 455         || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
 456         || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
 457         || !TEST_int_gt(len = i2d_PublicKey(*priv, &pub_der), 0))
 458         goto err;
 459     pp = pub_der;
 460     if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
 461         goto err;
 462     ret = 1;
 463 err:
 464     OPENSSL_free(pub_der);
 465     EVP_PKEY_CTX_free(keygen_ctx);
 466     return ret;
 467 }
 468
 469 static int kem_rsa_gen_recover(void)
 470 {
 471     int ret = 0;
 472     EVP_PKEY *pub = NULL;
 473     EVP_PKEY *priv = NULL;
 474     EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
 475     unsigned char secret[256] = { 0, };
 476     unsigned char ct[256] = { 0, };
 477     unsigned char unwrap[256] = { 0, };
 478     size_t ctlen = 0, unwraplen = 0, secretlen = 0;
 479
 480     ret = TEST_true(rsa_keygen(2048, &pub, &priv))
 481           && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 482           && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
 483           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
 484           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
 485                                               &secretlen), 1)
 486           && TEST_int_eq(ctlen, secretlen)
 487           && TEST_int_eq(ctlen, 2048 / 8)
 488           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
 489                                               &secretlen), 1)
 490           && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 491           && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
 492           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
 493           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
 494                                               ct, ctlen), 1)
 495           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
 496                                               ct, ctlen), 1)
 497           && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
 498     EVP_PKEY_free(pub);
 499     EVP_PKEY_free(priv);
 500     EVP_PKEY_CTX_free(rctx);
 501     EVP_PKEY_CTX_free(sctx);
 502     return ret;
 503 }
 504
 505 static int kem_rsa_params(void)
 506 {
 507     int ret = 0;
 508     EVP_PKEY *pub = NULL;
 509     EVP_PKEY *priv = NULL;
 510     EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
 511     unsigned char secret[256] = { 0, };
 512     unsigned char ct[256] = { 0, };
 513     size_t ctlen = 0, secretlen = 0;
 514
 515     ret = TEST_true(rsa_keygen(2048, &pub, &priv))
 516           && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 517           && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 518           /* Test setting kem op before the init fails */
 519           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
 520           /* Test NULL ctx passed */
 521           && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
 522           && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
 523           && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
 524           && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
 525           /* Test Invalid operation */
 526           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
 527           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
 528           /* Wrong key component - no secret should be returned on failure */
 529           && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
 530           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 531           && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
 532                                               sizeof(ct)), 0)
 533           && TEST_uchar_eq(secret[0], 0)
 534           /* Test encapsulate fails if the mode is not set */
 535           && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
 536           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
 537           /* Test setting a bad kem ops fail */
 538           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
 539           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx,  NULL), 0)
 540           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  "RSASVE"), 0)
 541           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  NULL), 0)
 542           /* Test secretlen is optional */
 543           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 544           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
 545           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 546           /* Test outlen is optional */
 547           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 548           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
 549           /* test that either len must be set if out is NULL */
 550           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
 551           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 552           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 553           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
 554           /* Secret buffer should be set if there is an output buffer */
 555           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
 556           /* Test that lengths are optional if ct is not NULL */
 557           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
 558           /* Pass if secret or secret length are not NULL */
 559           && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
 560           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
 561           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
 562           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
 563           && TEST_int_eq(secretlen, 256)
 564           /* Fail if passed NULL arguments */
 565           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
 566           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
 567           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
 568           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
 569
 570     EVP_PKEY_free(pub);
 571     EVP_PKEY_free(priv);
 572     EVP_PKEY_CTX_free(pubctx);
 573     EVP_PKEY_CTX_free(privctx);
 574     return ret;
 575 }
 576
 577 #ifndef OPENSSL_NO_DH
 578 static EVP_PKEY *gen_dh_key(void)
 579 {
 580     EVP_PKEY_CTX *gctx = NULL;
 581     EVP_PKEY *pkey = NULL;
 582     OSSL_PARAM params[2];
 583
 584     params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
 585     params[1] = OSSL_PARAM_construct_end();
 586
 587     if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
 588         || !TEST_true(EVP_PKEY_keygen_init(gctx))
 589         || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
 590         || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
 591         goto err;
 592 err:
 593     EVP_PKEY_CTX_free(gctx);
 594     return pkey;
 595 }
 596
 597 /* Fail if we try to use a dh key */
 598 static int kem_invalid_keytype(void)
 599 {
 600     int ret = 0;
 601     EVP_PKEY *key = NULL;
 602     EVP_PKEY_CTX *sctx = NULL;
 603
 604     if (!TEST_ptr(key = gen_dh_key()))
 605         goto done;
 606
 607     if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
 608         goto done;
 609     if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
 610         goto done;
 611
 612     ret = 1;
 613 done:
 614     EVP_PKEY_free(key);
 615     EVP_PKEY_CTX_free(sctx);
 616     return ret;
 617 }
 618 #endif /* OPENSSL_NO_DH */
 619
 620 int setup_tests(void)
 621 {
 622     const char *prov_name = "default";
 623     char *config_file = NULL;
 624     OPTION_CHOICE o;
 625
 626     while ((o = opt_next()) != OPT_EOF) {
 627         switch (o) {
 628         case OPT_PROVIDER_NAME:
 629             prov_name = opt_arg();
 630             break;
 631         case OPT_CONFIG_FILE:
 632             config_file = opt_arg();
 633             break;
 634         case OPT_TEST_CASES:
 635            break;
 636         default:
 637         case OPT_ERR:
 638             return 0;
 639         }
 640     }
 641
 642     nullprov = OSSL_PROVIDER_load(NULL, "null");
 643     if (!TEST_ptr(nullprov))
 644         return 0;
 645
 646     libctx = OPENSSL_CTX_new();
 647     if (!TEST_ptr(libctx))
 648         return 0;
 649     if (config_file != NULL
 650         && !TEST_true(OPENSSL_CTX_load_config(libctx, config_file)))
 651         return 0;
 652
 653     libprov = OSSL_PROVIDER_load(libctx, prov_name);
 654     if (!TEST_ptr(libprov))
 655         return 0;
 656
 657 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
 658     ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
 659 #endif
 660 #ifndef OPENSSL_NO_DH
 661     ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
 662     ADD_TEST(dhx_cert_load);
 663 #endif
 664
 665     if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
 666         return 0;
 667     EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
 668
 669     ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
 670     ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
 671                   sk_OPENSSL_CSTRING_num(cipher_names));
 672     ADD_TEST(kem_rsa_gen_recover);
 673     ADD_TEST(kem_rsa_params);
 674 #ifndef OPENSSL_NO_DH
 675     ADD_TEST(kem_invalid_keytype);
 676 #endif
 677     return 1;
 678 }
 679
 680 void cleanup_tests(void)
 681 {
 682     sk_OPENSSL_CSTRING_free(cipher_names);
 683     OSSL_PROVIDER_unload(libprov);
 684     OPENSSL_CTX_free(libctx);
 685     OSSL_PROVIDER_unload(nullprov);
 686 }