test/evp_libctx_test.c

   1 /*
   2  * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11
  12  * These tests are setup to load null into the default library context.
  13  * Any tests are expected to use the created 'libctx' to find algorithms.
  14  * The framework runs the tests twice using the 'default' provider or
  15  * 'fips' provider as inputs.
  16  */
  17
  18 /*
  19  * DSA/DH low level APIs are deprecated for public use, but still ok for
  20  * internal use.
  21  */
  22 #include "internal/deprecated.h"
  23 #include <assert.h>
  24 #include <openssl/evp.h>
  25 #include <openssl/provider.h>
  26 #include <openssl/dsa.h>
  27 #include <openssl/dh.h>
  28 #include <openssl/safestack.h>
  29 #include <openssl/core_dispatch.h>
  30 #include <openssl/core_names.h>
  31 #include <openssl/x509.h>
  32 #include <openssl/encoder.h>
  33 #include "testutil.h"
  34 #include "internal/nelem.h"
  35 #include "crypto/bn_dh.h"   /* _bignum_ffdhe2048_p */
  36
  37 static OSSL_LIB_CTX *libctx = NULL;
  38 static OSSL_PROVIDER *nullprov = NULL;
  39 static OSSL_PROVIDER *libprov = NULL;
  40 static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
  41
  42 typedef enum OPTION_choice {
  43     OPT_ERR = -1,
  44     OPT_EOF = 0,
  45     OPT_CONFIG_FILE,
  46     OPT_PROVIDER_NAME,
  47     OPT_TEST_ENUM
  48 } OPTION_CHOICE;
  49
  50 const OPTIONS *test_get_options(void)
  51 {
  52     static const OPTIONS test_options[] = {
  53         OPT_TEST_OPTIONS_DEFAULT_USAGE,
  54         { "config", OPT_CONFIG_FILE, '<',
  55           "The configuration file to use for the libctx" },
  56         { "provider", OPT_PROVIDER_NAME, 's',
  57           "The provider to load (The default value is 'default')" },
  58         { NULL }
  59     };
  60     return test_options;
  61 }
  62
  63 #ifndef OPENSSL_NO_DH
  64 static const char *getname(int id)
  65 {
  66     const char *name[] = {"p", "q", "g" };
  67
  68     if (id >= 0 && id < 3)
  69         return name[id];
  70     return "?";
  71 }
  72 #endif
  73
  74 /*
  75  * We're using some DH specific values in this test, so we skip compilation if
  76  * we're in a no-dh build.
  77  */
  78 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
  79
  80 static int test_dsa_param_keygen(int tstid)
  81 {
  82     int ret = 0;
  83     int expected;
  84     EVP_PKEY_CTX *gen_ctx = NULL;
  85     EVP_PKEY *pkey_parm = NULL;
  86     EVP_PKEY *pkey = NULL, *dup_pk = NULL;
  87     DSA *dsa = NULL;
  88     int pind, qind, gind;
  89     BIGNUM *p = NULL, *q = NULL, *g = NULL;
  90
  91     /*
  92      * Just grab some fixed dh p, q, g values for testing,
  93      * these 'safe primes' should not be used normally for dsa *.
  94      */
  95     static const BIGNUM *bn[] = {
  96         &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
  97         &ossl_bignum_dh2048_256_g
  98     };
  99
 100     /*
 101      * These tests are using bad values for p, q, g by reusing the values.
 102      * A value of 0 uses p, 1 uses q and 2 uses g.
 103      * There are 27 different combinations, with only the 1 valid combination.
 104      */
 105     pind = tstid / 9;
 106     qind = (tstid / 3) % 3;
 107     gind = tstid % 3;
 108     expected  = (pind == 0 && qind == 1 && gind == 2);
 109
 110     TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
 111               getname(qind), getname(gind));
 112
 113     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 114         || !TEST_ptr(dsa = DSA_new())
 115         || !TEST_ptr(p = BN_dup(bn[pind]))
 116         || !TEST_ptr(q = BN_dup(bn[qind]))
 117         || !TEST_ptr(g = BN_dup(bn[gind]))
 118         || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
 119         goto err;
 120     p = q = g = NULL;
 121
 122     if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
 123         goto err;
 124     dsa = NULL;
 125
 126     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 127         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 128         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 129         goto err;
 130
 131     if (expected) {
 132         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
 133             || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
 134             goto err;
 135     }
 136
 137     ret = 1;
 138 err:
 139     EVP_PKEY_free(pkey);
 140     EVP_PKEY_free(dup_pk);
 141     EVP_PKEY_CTX_free(gen_ctx);
 142     EVP_PKEY_free(pkey_parm);
 143     DSA_free(dsa);
 144     BN_free(g);
 145     BN_free(q);
 146     BN_free(p);
 147     return ret;
 148 }
 149 #endif /* OPENSSL_NO_DSA */
 150
 151 #ifndef OPENSSL_NO_DH
 152 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
 153 {
 154     int ret = 0;
 155     int expected;
 156     EVP_PKEY_CTX *gen_ctx = NULL;
 157     EVP_PKEY *pkey_parm = NULL;
 158     EVP_PKEY *pkey = NULL, *dup_pk = NULL;
 159     DH *dh = NULL;
 160     int pind, qind, gind;
 161     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 162
 163     /*
 164      * These tests are using bad values for p, q, g by reusing the values.
 165      * A value of 0 uses p, 1 uses q and 2 uses g.
 166      * There are 27 different combinations, with only the 1 valid combination.
 167      */
 168     pind = tstid / 9;
 169     qind = (tstid / 3) % 3;
 170     gind = tstid % 3;
 171     expected  = (pind == 0 && qind == 1 && gind == 2);
 172
 173     TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
 174               getname(qind), getname(gind));
 175
 176     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 177         || !TEST_ptr(dh = DH_new())
 178         || !TEST_ptr(p = BN_dup(bn[pind]))
 179         || !TEST_ptr(q = BN_dup(bn[qind]))
 180         || !TEST_ptr(g = BN_dup(bn[gind]))
 181         || !TEST_true(DH_set0_pqg(dh, p, q, g)))
 182         goto err;
 183     p = q = g = NULL;
 184
 185     if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
 186         goto err;
 187     dh = NULL;
 188
 189     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 190         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 191         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 192         goto err;
 193
 194     if (expected) {
 195         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
 196             || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
 197             goto err;
 198     }
 199
 200     ret = 1;
 201 err:
 202     EVP_PKEY_free(pkey);
 203     EVP_PKEY_free(dup_pk);
 204     EVP_PKEY_CTX_free(gen_ctx);
 205     EVP_PKEY_free(pkey_parm);
 206     DH_free(dh);
 207     BN_free(g);
 208     BN_free(q);
 209     BN_free(p);
 210     return ret;
 211 }
 212
 213 /*
 214  * Note that we get the fips186-4 path being run for most of these cases since
 215  * the internal code will detect that the p, q, g does not match a safe prime
 216  * group (Except for when tstid = 5, which sets the correct p, q, g)
 217  */
 218 static int test_dh_safeprime_param_keygen(int tstid)
 219 {
 220     static const BIGNUM *bn[] = {
 221         &ossl_bignum_ffdhe2048_p,  &ossl_bignum_ffdhe2048_q,
 222         &ossl_bignum_const_2
 223     };
 224     return do_dh_param_keygen(tstid, bn);
 225 }
 226
 227 static int dhx_cert_load(void)
 228 {
 229     int ret = 0;
 230     X509 *cert = NULL;
 231     BIO *bio = NULL;
 232
 233     static const unsigned char dhx_cert[] = {
 234         0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
 235         0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
 236         0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
 237         0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
 238         0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
 239         0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
 240         0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
 241         0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
 242         0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
 243         0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
 244         0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
 245         0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
 246         0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
 247         0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
 248         0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
 249         0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
 250         0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
 251         0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
 252         0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
 253         0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
 254         0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
 255         0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
 256         0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
 257         0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
 258         0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
 259         0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
 260         0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
 261         0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
 262         0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
 263         0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
 264         0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
 265         0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
 266         0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
 267         0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
 268         0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
 269         0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
 270         0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
 271         0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
 272         0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
 273         0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
 274         0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
 275         0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
 276         0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
 277         0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
 278         0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
 279         0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
 280         0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
 281         0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
 282         0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
 283         0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
 284         0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
 285         0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
 286         0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
 287         0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
 288         0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
 289         0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
 290         0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
 291         0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
 292         0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
 293         0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
 294         0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
 295         0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
 296         0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
 297         0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
 298         0x0e,0x6a,0xb1
 299     };
 300
 301     if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
 302         || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
 303         || !TEST_ptr(d2i_X509_bio(bio, &cert)))
 304         goto err;
 305     ret = 1;
 306 err:
 307     X509_free(cert);
 308     BIO_free(bio);
 309     return ret;
 310 }
 311
 312 #endif /* OPENSSL_NO_DH */
 313
 314 static int test_cipher_reinit(int test_id)
 315 {
 316     int ret = 0, diff, ccm, siv, no_null_key;
 317     int out1_len = 0, out2_len = 0, out3_len = 0;
 318     EVP_CIPHER *cipher = NULL;
 319     EVP_CIPHER_CTX *ctx = NULL;
 320     unsigned char out1[256];
 321     unsigned char out2[256];
 322     unsigned char out3[256];
 323     unsigned char in[16] = {
 324         0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 325         0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
 326     };
 327     unsigned char key[64] = {
 328         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 329         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 330         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 331         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 332         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 333         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 334         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 335         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 336     };
 337     unsigned char iv[16] = {
 338         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 339         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 340     };
 341     const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
 342
 343     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 344         goto err;
 345
 346     TEST_note("Fetching %s\n", name);
 347     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 348         goto err;
 349
 350     /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
 351     ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
 352
 353     /* siv cannot be called with NULL key as the iv is irrelevant */
 354     siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
 355
 356     /*
 357      * Skip init call with a null key for RC4 as the stream cipher does not
 358      * handle reinit (1.1.1 behaviour).
 359      */
 360     no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
 361                   || EVP_CIPHER_is_a(cipher, "RC4-40")
 362                   || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
 363
 364     /* DES3-WRAP uses random every update - so it will give a different value */
 365     diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
 366
 367     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 368         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
 369         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 370         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
 371                         ccm ? 0 : 1)
 372         || (!no_null_key
 373         && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
 374         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
 375                         ccm || siv ? 0 : 1))))
 376         goto err;
 377
 378     if (ccm == 0) {
 379         if (diff) {
 380             if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
 381                 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
 382                 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
 383                 goto err;
 384         } else {
 385             if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
 386                 || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
 387                 goto err;
 388         }
 389     }
 390     ret = 1;
 391 err:
 392     EVP_CIPHER_free(cipher);
 393     EVP_CIPHER_CTX_free(ctx);
 394     return ret;
 395 }
 396
 397 /*
 398  * This test only uses a partial block (half the block size) of input for each
 399  * EVP_EncryptUpdate() in order to test that the second init/update is not using
 400  * a leftover buffer from the first init/update.
 401  * Note: some ciphers don't need a full block to produce output.
 402  */
 403 static int test_cipher_reinit_partialupdate(int test_id)
 404 {
 405     int ret = 0, in_len;
 406     int out1_len = 0, out2_len = 0, out3_len = 0;
 407     EVP_CIPHER *cipher = NULL;
 408     EVP_CIPHER_CTX *ctx = NULL;
 409     unsigned char out1[256];
 410     unsigned char out2[256];
 411     unsigned char out3[256];
 412     static const unsigned char in[32] = {
 413         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 414         0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
 415         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 416         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 417     };
 418     static const unsigned char key[64] = {
 419         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 420         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 421         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 422         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 423         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 424         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 425         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 426         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 427     };
 428     static const unsigned char iv[16] = {
 429         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 430         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 431     };
 432     const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
 433
 434     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 435         goto err;
 436
 437     TEST_note("Fetching %s\n", name);
 438     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 439         goto err;
 440
 441     in_len = EVP_CIPHER_get_block_size(cipher) / 2;
 442
 443     /* skip any ciphers that don't allow partial updates */
 444     if (((EVP_CIPHER_get_flags(cipher)
 445           & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
 446         || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
 447         || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
 448         || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
 449         ret = 1;
 450         goto err;
 451     }
 452
 453     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 454         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
 455         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 456         || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
 457         goto err;
 458
 459     if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
 460         goto err;
 461
 462     if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
 463         if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
 464             || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
 465             goto err;
 466
 467         if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
 468             goto err;
 469     }
 470     ret = 1;
 471 err:
 472     EVP_CIPHER_free(cipher);
 473     EVP_CIPHER_CTX_free(ctx);
 474     return ret;
 475 }
 476
 477
 478 static int name_cmp(const char * const *a, const char * const *b)
 479 {
 480     return OPENSSL_strcasecmp(*a, *b);
 481 }
 482
 483 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
 484 {
 485     STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
 486     const char *name = EVP_CIPHER_get0_name(cipher);
 487     char *namedup = NULL;
 488
 489     assert(name != NULL);
 490     /* the cipher will be freed after returning, strdup is needed */
 491     if ((namedup = OPENSSL_strdup(name)) != NULL
 492         && !sk_OPENSSL_STRING_push(names, namedup))
 493         OPENSSL_free(namedup);
 494 }
 495
 496 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 497 {
 498     int ret = 0;
 499     unsigned char *pub_der = NULL;
 500     const unsigned char *pp = NULL;
 501     size_t len = 0;
 502     OSSL_ENCODER_CTX *ectx = NULL;
 503
 504     if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
 505         || !TEST_ptr(ectx =
 506                      OSSL_ENCODER_CTX_new_for_pkey(*priv,
 507                                                    EVP_PKEY_PUBLIC_KEY,
 508                                                    "DER", "type-specific",
 509                                                    NULL))
 510         || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
 511         goto err;
 512     pp = pub_der;
 513     if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
 514         goto err;
 515     ret = 1;
 516 err:
 517     OSSL_ENCODER_CTX_free(ectx);
 518     OPENSSL_free(pub_der);
 519     return ret;
 520 }
 521
 522 static int kem_rsa_gen_recover(void)
 523 {
 524     int ret = 0;
 525     EVP_PKEY *pub = NULL;
 526     EVP_PKEY *priv = NULL;
 527     EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL;
 528     unsigned char secret[256] = { 0, };
 529     unsigned char ct[256] = { 0, };
 530     unsigned char unwrap[256] = { 0, };
 531     size_t ctlen = 0, unwraplen = 0, secretlen = 0;
 532     int bits = 2048;
 533
 534     ret = TEST_true(rsa_keygen(bits, &pub, &priv))
 535           && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 536           && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
 537           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
 538           && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
 539           && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
 540                                               &secretlen), 1)
 541           && TEST_int_eq(ctlen, secretlen)
 542           && TEST_int_eq(ctlen, bits / 8)
 543           && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
 544                                               &secretlen), 1)
 545           && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 546           && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
 547           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
 548           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
 549                                               ct, ctlen), 1)
 550           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
 551                                               ct, ctlen), 1)
 552           && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
 553     EVP_PKEY_free(pub);
 554     EVP_PKEY_free(priv);
 555     EVP_PKEY_CTX_free(rctx);
 556     EVP_PKEY_CTX_free(dctx);
 557     EVP_PKEY_CTX_free(sctx);
 558     return ret;
 559 }
 560
 561 #ifndef OPENSSL_NO_DES
 562 /*
 563  * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
 564  * For fips mode this code would produce an error if the flag is not set.
 565  */
 566 static int test_cipher_tdes_randkey(void)
 567 {
 568     int ret;
 569     EVP_CIPHER_CTX *ctx = NULL;
 570     EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL;
 571     unsigned char key[24] = { 0 };
 572
 573     ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
 574           && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
 575           && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
 576           && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
 577           && TEST_ptr(ctx = EVP_CIPHER_CTX_new())
 578           && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1))
 579           && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0);
 580
 581     EVP_CIPHER_CTX_free(ctx);
 582     EVP_CIPHER_free(tdes_cipher);
 583     EVP_CIPHER_free(aes_cipher);
 584     return ret;
 585 }
 586 #endif /* OPENSSL_NO_DES */
 587
 588 static int kem_rsa_params(void)
 589 {
 590     int ret = 0;
 591     EVP_PKEY *pub = NULL;
 592     EVP_PKEY *priv = NULL;
 593     EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
 594     unsigned char secret[256] = { 0, };
 595     unsigned char ct[256] = { 0, };
 596     size_t ctlen = 0, secretlen = 0;
 597
 598     ret = TEST_true(rsa_keygen(2048, &pub, &priv))
 599           && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 600           && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 601           /* Test setting kem op before the init fails */
 602           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
 603           /* Test NULL ctx passed */
 604           && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
 605           && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
 606           && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
 607           && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
 608           /* Test Invalid operation */
 609           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
 610           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
 611           /* Wrong key component - no secret should be returned on failure */
 612           && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
 613           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 614           && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
 615                                               sizeof(ct)), 0)
 616           && TEST_uchar_eq(secret[0], 0)
 617           /* Test encapsulate fails if the mode is not set */
 618           && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
 619           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
 620           /* Test setting a bad kem ops fail */
 621           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
 622           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx,  NULL), 0)
 623           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  "RSASVE"), 0)
 624           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  NULL), 0)
 625           /* Test secretlen is optional */
 626           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 627           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
 628           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 629           /* Test outlen is optional */
 630           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 631           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
 632           /* test that either len must be set if out is NULL */
 633           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
 634           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 635           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 636           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
 637           /* Secret buffer should be set if there is an output buffer */
 638           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
 639           /* Test that lengths are optional if ct is not NULL */
 640           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
 641           /* Pass if secret or secret length are not NULL */
 642           && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
 643           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
 644           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
 645           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
 646           && TEST_int_eq(secretlen, 256)
 647           /* Fail if passed NULL arguments */
 648           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
 649           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
 650           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
 651           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
 652
 653     EVP_PKEY_free(pub);
 654     EVP_PKEY_free(priv);
 655     EVP_PKEY_CTX_free(pubctx);
 656     EVP_PKEY_CTX_free(privctx);
 657     return ret;
 658 }
 659
 660 #ifndef OPENSSL_NO_DH
 661 static EVP_PKEY *gen_dh_key(void)
 662 {
 663     EVP_PKEY_CTX *gctx = NULL;
 664     EVP_PKEY *pkey = NULL;
 665     OSSL_PARAM params[2];
 666
 667     params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
 668     params[1] = OSSL_PARAM_construct_end();
 669
 670     if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
 671         || !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0)
 672         || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
 673         || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
 674         goto err;
 675 err:
 676     EVP_PKEY_CTX_free(gctx);
 677     return pkey;
 678 }
 679
 680 /* Fail if we try to use a dh key */
 681 static int kem_invalid_keytype(void)
 682 {
 683     int ret = 0;
 684     EVP_PKEY *key = NULL;
 685     EVP_PKEY_CTX *sctx = NULL;
 686
 687     if (!TEST_ptr(key = gen_dh_key()))
 688         goto done;
 689
 690     if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
 691         goto done;
 692     if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
 693         goto done;
 694
 695     ret = 1;
 696 done:
 697     EVP_PKEY_free(key);
 698     EVP_PKEY_CTX_free(sctx);
 699     return ret;
 700 }
 701 #endif /* OPENSSL_NO_DH */
 702
 703 int setup_tests(void)
 704 {
 705     const char *prov_name = "default";
 706     char *config_file = NULL;
 707     OPTION_CHOICE o;
 708
 709     while ((o = opt_next()) != OPT_EOF) {
 710         switch (o) {
 711         case OPT_PROVIDER_NAME:
 712             prov_name = opt_arg();
 713             break;
 714         case OPT_CONFIG_FILE:
 715             config_file = opt_arg();
 716             break;
 717         case OPT_TEST_CASES:
 718            break;
 719         default:
 720         case OPT_ERR:
 721             return 0;
 722         }
 723     }
 724
 725     if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
 726         return 0;
 727
 728 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
 729     ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
 730 #endif
 731 #ifndef OPENSSL_NO_DH
 732     ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
 733     ADD_TEST(dhx_cert_load);
 734 #endif
 735
 736     if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
 737         return 0;
 738     EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
 739
 740     ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
 741     ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
 742                   sk_OPENSSL_STRING_num(cipher_names));
 743     ADD_TEST(kem_rsa_gen_recover);
 744     ADD_TEST(kem_rsa_params);
 745 #ifndef OPENSSL_NO_DH
 746     ADD_TEST(kem_invalid_keytype);
 747 #endif
 748 #ifndef OPENSSL_NO_DES
 749     ADD_TEST(test_cipher_tdes_randkey);
 750 #endif
 751     return 1;
 752 }
 753
 754 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
 755 static void string_free(char *m)
 756 {
 757     OPENSSL_free(m);
 758 }
 759
 760 void cleanup_tests(void)
 761 {
 762     sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
 763     OSSL_PROVIDER_unload(libprov);
 764     OSSL_LIB_CTX_free(libctx);
 765     OSSL_PROVIDER_unload(nullprov);
 766 }