2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
22 #include "internal/deprecated.h"
24 #include <openssl/evp.h>
25 #include <openssl/provider.h>
26 #include <openssl/dsa.h>
27 #include <openssl/dh.h>
28 #include <openssl/safestack.h>
29 #include <openssl/core_dispatch.h>
30 #include <openssl/core_names.h>
31 #include <openssl/x509.h>
32 #include <openssl/encoder.h>
34 #include "internal/nelem.h"
35 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
36 #include "../e_os.h" /* strcasecmp */
38 static OSSL_LIB_CTX *libctx = NULL;
39 static OSSL_PROVIDER *nullprov = NULL;
40 static OSSL_PROVIDER *libprov = NULL;
41 static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
43 typedef enum OPTION_choice {
51 const OPTIONS *test_get_options(void)
53 static const OPTIONS test_options[] = {
54 OPT_TEST_OPTIONS_DEFAULT_USAGE,
55 { "config", OPT_CONFIG_FILE, '<',
56 "The configuration file to use for the libctx" },
57 { "provider", OPT_PROVIDER_NAME, 's',
58 "The provider to load (The default value is 'default'" },
65 static const char *getname(int id)
67 const char *name[] = {"p", "q", "g" };
69 if (id >= 0 && id < 3)
76 * We're using some DH specific values in this test, so we skip compilation if
77 * we're in a no-dh build.
79 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
81 static int test_dsa_param_keygen(int tstid)
85 EVP_PKEY_CTX *gen_ctx = NULL;
86 EVP_PKEY *pkey_parm = NULL;
87 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
90 BIGNUM *p = NULL, *q = NULL, *g = NULL;
93 * Just grab some fixed dh p, q, g values for testing,
94 * these 'safe primes' should not be used normally for dsa *.
96 static const BIGNUM *bn[] = {
97 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
98 &ossl_bignum_dh2048_256_g
102 * These tests are using bad values for p, q, g by reusing the values.
103 * A value of 0 uses p, 1 uses q and 2 uses g.
104 * There are 27 different combinations, with only the 1 valid combination.
107 qind = (tstid / 3) % 3;
109 expected = (pind == 0 && qind == 1 && gind == 2);
111 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
112 getname(qind), getname(gind));
114 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
115 || !TEST_ptr(dsa = DSA_new())
116 || !TEST_ptr(p = BN_dup(bn[pind]))
117 || !TEST_ptr(q = BN_dup(bn[qind]))
118 || !TEST_ptr(g = BN_dup(bn[gind]))
119 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
123 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
127 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
128 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
129 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
133 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
134 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
141 EVP_PKEY_free(dup_pk);
142 EVP_PKEY_CTX_free(gen_ctx);
143 EVP_PKEY_free(pkey_parm);
150 #endif /* OPENSSL_NO_DSA */
152 #ifndef OPENSSL_NO_DH
153 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
157 EVP_PKEY_CTX *gen_ctx = NULL;
158 EVP_PKEY *pkey_parm = NULL;
159 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
161 int pind, qind, gind;
162 BIGNUM *p = NULL, *q = NULL, *g = NULL;
165 * These tests are using bad values for p, q, g by reusing the values.
166 * A value of 0 uses p, 1 uses q and 2 uses g.
167 * There are 27 different combinations, with only the 1 valid combination.
170 qind = (tstid / 3) % 3;
172 expected = (pind == 0 && qind == 1 && gind == 2);
174 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
175 getname(qind), getname(gind));
177 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
178 || !TEST_ptr(dh = DH_new())
179 || !TEST_ptr(p = BN_dup(bn[pind]))
180 || !TEST_ptr(q = BN_dup(bn[qind]))
181 || !TEST_ptr(g = BN_dup(bn[gind]))
182 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
186 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
190 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
191 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
192 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
196 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
197 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
204 EVP_PKEY_free(dup_pk);
205 EVP_PKEY_CTX_free(gen_ctx);
206 EVP_PKEY_free(pkey_parm);
215 * Note that we get the fips186-4 path being run for most of these cases since
216 * the internal code will detect that the p, q, g does not match a safe prime
217 * group (Except for when tstid = 5, which sets the correct p, q, g)
219 static int test_dh_safeprime_param_keygen(int tstid)
221 static const BIGNUM *bn[] = {
222 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
225 return do_dh_param_keygen(tstid, bn);
228 static int dhx_cert_load(void)
234 static const unsigned char dhx_cert[] = {
235 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
236 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
237 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
238 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
239 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
240 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
241 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
242 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
243 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
244 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
245 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
246 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
247 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
248 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
249 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
250 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
251 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
252 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
253 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
254 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
255 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
256 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
257 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
258 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
259 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
260 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
261 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
262 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
263 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
264 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
265 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
266 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
267 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
268 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
269 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
270 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
271 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
272 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
273 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
274 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
275 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
276 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
277 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
278 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
279 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
280 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
281 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
282 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
283 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
284 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
285 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
286 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
287 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
288 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
289 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
290 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
291 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
292 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
293 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
294 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
295 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
296 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
297 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
298 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
302 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
303 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
304 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
313 #endif /* OPENSSL_NO_DH */
315 static int test_cipher_reinit(int test_id)
317 int ret = 0, diff, ccm, siv;
318 int out1_len = 0, out2_len = 0, out3_len = 0;
319 EVP_CIPHER *cipher = NULL;
320 EVP_CIPHER_CTX *ctx = NULL;
321 unsigned char out1[256];
322 unsigned char out2[256];
323 unsigned char out3[256];
324 unsigned char in[16] = {
325 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
326 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
328 unsigned char key[64] = {
329 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
330 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
331 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
332 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
333 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
334 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
335 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
336 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
338 unsigned char iv[16] = {
339 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
340 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
342 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
344 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
347 TEST_note("Fetching %s\n", name);
348 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
351 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
352 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
354 /* siv cannot be called with NULL key as the iv is irrelevant */
355 siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
357 /* DES3-WRAP uses random every update - so it will give a different value */
358 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
360 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
361 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
362 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
363 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
365 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
366 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
372 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
373 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
374 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
377 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
378 || (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
384 EVP_CIPHER_free(cipher);
385 EVP_CIPHER_CTX_free(ctx);
390 * This test only uses a partial block (half the block size) of input for each
391 * EVP_EncryptUpdate() in order to test that the second init/update is not using
392 * a leftover buffer from the first init/update.
393 * Note: some ciphers don't need a full block to produce output.
395 static int test_cipher_reinit_partialupdate(int test_id)
398 int out1_len = 0, out2_len = 0, out3_len = 0;
399 EVP_CIPHER *cipher = NULL;
400 EVP_CIPHER_CTX *ctx = NULL;
401 unsigned char out1[256];
402 unsigned char out2[256];
403 unsigned char out3[256];
404 static const unsigned char in[32] = {
405 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
406 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
407 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
408 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
410 static const unsigned char key[64] = {
411 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
412 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
413 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
414 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
415 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
416 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
417 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
418 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
420 static const unsigned char iv[16] = {
421 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
422 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
424 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
426 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
429 TEST_note("Fetching %s\n", name);
430 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
433 in_len = EVP_CIPHER_block_size(cipher) / 2;
435 /* skip any ciphers that don't allow partial updates */
436 if (((EVP_CIPHER_flags(cipher)
437 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
438 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
439 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
440 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
445 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
446 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
447 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
448 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
451 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
454 if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) {
455 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
456 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
459 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
464 EVP_CIPHER_free(cipher);
465 EVP_CIPHER_CTX_free(ctx);
470 static int name_cmp(const char * const *a, const char * const *b)
472 return strcasecmp(*a, *b);
475 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
477 STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
478 const char *name = EVP_CIPHER_name(cipher);
479 char *namedup = NULL;
481 assert(name != NULL);
482 /* the cipher will be freed after returning, strdup is needed */
483 if ((namedup = OPENSSL_strdup(name)) != NULL
484 && !sk_OPENSSL_STRING_push(names, namedup))
485 OPENSSL_free(namedup);
488 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
491 unsigned char *pub_der = NULL;
492 const unsigned char *pp = NULL;
494 OSSL_ENCODER_CTX *ectx = NULL;
496 if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
498 OSSL_ENCODER_CTX_new_for_pkey(*priv,
500 "DER", "type-specific",
502 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
505 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
509 OSSL_ENCODER_CTX_free(ectx);
510 OPENSSL_free(pub_der);
514 static int kem_rsa_gen_recover(void)
517 EVP_PKEY *pub = NULL;
518 EVP_PKEY *priv = NULL;
519 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
520 unsigned char secret[256] = { 0, };
521 unsigned char ct[256] = { 0, };
522 unsigned char unwrap[256] = { 0, };
523 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
525 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
526 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
527 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
528 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
529 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
531 && TEST_int_eq(ctlen, secretlen)
532 && TEST_int_eq(ctlen, 2048 / 8)
533 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
535 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
536 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
537 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
538 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
540 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
542 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
545 EVP_PKEY_CTX_free(rctx);
546 EVP_PKEY_CTX_free(sctx);
550 static int kem_rsa_params(void)
553 EVP_PKEY *pub = NULL;
554 EVP_PKEY *priv = NULL;
555 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
556 unsigned char secret[256] = { 0, };
557 unsigned char ct[256] = { 0, };
558 size_t ctlen = 0, secretlen = 0;
560 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
561 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
562 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
563 /* Test setting kem op before the init fails */
564 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
565 /* Test NULL ctx passed */
566 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
567 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
568 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
569 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
570 /* Test Invalid operation */
571 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
572 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
573 /* Wrong key component - no secret should be returned on failure */
574 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
575 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
576 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
578 && TEST_uchar_eq(secret[0], 0)
579 /* Test encapsulate fails if the mode is not set */
580 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
581 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
582 /* Test setting a bad kem ops fail */
583 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
584 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
585 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
586 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
587 /* Test secretlen is optional */
588 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
589 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
590 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
591 /* Test outlen is optional */
592 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
593 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
594 /* test that either len must be set if out is NULL */
595 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
596 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
597 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
598 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
599 /* Secret buffer should be set if there is an output buffer */
600 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
601 /* Test that lengths are optional if ct is not NULL */
602 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
603 /* Pass if secret or secret length are not NULL */
604 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
605 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
606 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
607 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
608 && TEST_int_eq(secretlen, 256)
609 /* Fail if passed NULL arguments */
610 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
611 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
612 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
613 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
617 EVP_PKEY_CTX_free(pubctx);
618 EVP_PKEY_CTX_free(privctx);
622 #ifndef OPENSSL_NO_DH
623 static EVP_PKEY *gen_dh_key(void)
625 EVP_PKEY_CTX *gctx = NULL;
626 EVP_PKEY *pkey = NULL;
627 OSSL_PARAM params[2];
629 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
630 params[1] = OSSL_PARAM_construct_end();
632 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
633 || !TEST_true(EVP_PKEY_keygen_init(gctx))
634 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
635 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
638 EVP_PKEY_CTX_free(gctx);
642 /* Fail if we try to use a dh key */
643 static int kem_invalid_keytype(void)
646 EVP_PKEY *key = NULL;
647 EVP_PKEY_CTX *sctx = NULL;
649 if (!TEST_ptr(key = gen_dh_key()))
652 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
654 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
660 EVP_PKEY_CTX_free(sctx);
663 #endif /* OPENSSL_NO_DH */
665 int setup_tests(void)
667 const char *prov_name = "default";
668 char *config_file = NULL;
671 while ((o = opt_next()) != OPT_EOF) {
673 case OPT_PROVIDER_NAME:
674 prov_name = opt_arg();
676 case OPT_CONFIG_FILE:
677 config_file = opt_arg();
687 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
690 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
691 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
693 #ifndef OPENSSL_NO_DH
694 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
695 ADD_TEST(dhx_cert_load);
698 if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
700 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
702 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
703 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
704 sk_OPENSSL_STRING_num(cipher_names));
705 ADD_TEST(kem_rsa_gen_recover);
706 ADD_TEST(kem_rsa_params);
707 #ifndef OPENSSL_NO_DH
708 ADD_TEST(kem_invalid_keytype);
713 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
714 static void string_free(char *m)
719 void cleanup_tests(void)
721 sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
722 OSSL_PROVIDER_unload(libprov);
723 OSSL_LIB_CTX_free(libctx);
724 OSSL_PROVIDER_unload(nullprov);