2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
28 #include <openssl/core_dispatch.h>
29 #include <openssl/core_names.h>
30 #include <openssl/x509.h>
31 #include <openssl/encoder.h>
33 #include "internal/nelem.h"
34 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35 #include "../e_os.h" /* strcasecmp */
37 static OSSL_LIB_CTX *libctx = NULL;
38 static OSSL_PROVIDER *nullprov = NULL;
39 static OSSL_PROVIDER *libprov = NULL;
40 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
42 typedef enum OPTION_choice {
50 const OPTIONS *test_get_options(void)
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { "provider", OPT_PROVIDER_NAME, 's',
57 "The provider to load (The default value is 'default'" },
64 static const char *getname(int id)
66 const char *name[] = {"p", "q", "g" };
68 if (id >= 0 && id < 3)
75 * We're using some DH specific values in this test, so we skip compilation if
76 * we're in a no-dh build.
78 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
80 static int test_dsa_param_keygen(int tstid)
84 EVP_PKEY_CTX *gen_ctx = NULL;
85 EVP_PKEY *pkey_parm = NULL;
86 EVP_PKEY *pkey = NULL;
89 BIGNUM *p = NULL, *q = NULL, *g = NULL;
92 * Just grab some fixed dh p, q, g values for testing,
93 * these 'safe primes' should not be used normally for dsa *.
95 static const BIGNUM *bn[] = {
96 &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
100 * These tests are using bad values for p, q, g by reusing the values.
101 * A value of 0 uses p, 1 uses q and 2 uses g.
102 * There are 27 different combinations, with only the 1 valid combination.
105 qind = (tstid / 3) % 3;
107 expected = (pind == 0 && qind == 1 && gind == 2);
109 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
110 getname(qind), getname(gind));
112 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
113 || !TEST_ptr(dsa = DSA_new())
114 || !TEST_ptr(p = BN_dup(bn[pind]))
115 || !TEST_ptr(q = BN_dup(bn[qind]))
116 || !TEST_ptr(g = BN_dup(bn[gind]))
117 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
121 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
125 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
126 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
127 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
132 EVP_PKEY_CTX_free(gen_ctx);
133 EVP_PKEY_free(pkey_parm);
140 #endif /* OPENSSL_NO_DSA */
142 #ifndef OPENSSL_NO_DH
143 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
147 EVP_PKEY_CTX *gen_ctx = NULL;
148 EVP_PKEY *pkey_parm = NULL;
149 EVP_PKEY *pkey = NULL;
151 int pind, qind, gind;
152 BIGNUM *p = NULL, *q = NULL, *g = NULL;
155 * These tests are using bad values for p, q, g by reusing the values.
156 * A value of 0 uses p, 1 uses q and 2 uses g.
157 * There are 27 different combinations, with only the 1 valid combination.
160 qind = (tstid / 3) % 3;
162 expected = (pind == 0 && qind == 1 && gind == 2);
164 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
165 getname(qind), getname(gind));
167 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
168 || !TEST_ptr(dh = DH_new())
169 || !TEST_ptr(p = BN_dup(bn[pind]))
170 || !TEST_ptr(q = BN_dup(bn[qind]))
171 || !TEST_ptr(g = BN_dup(bn[gind]))
172 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
176 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
180 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
181 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
182 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
187 EVP_PKEY_CTX_free(gen_ctx);
188 EVP_PKEY_free(pkey_parm);
197 * Note that we get the fips186-4 path being run for most of these cases since
198 * the internal code will detect that the p, q, g does not match a safe prime
199 * group (Except for when tstid = 5, which sets the correct p, q, g)
201 static int test_dh_safeprime_param_keygen(int tstid)
203 static const BIGNUM *bn[] = {
204 &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
206 return do_dh_param_keygen(tstid, bn);
209 static int dhx_cert_load(void)
215 static const unsigned char dhx_cert[] = {
216 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
217 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
218 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
219 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
220 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
221 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
222 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
223 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
224 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
225 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
226 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
227 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
228 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
229 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
230 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
231 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
232 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
233 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
234 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
235 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
236 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
237 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
238 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
239 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
240 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
241 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
242 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
243 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
244 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
245 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
246 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
247 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
248 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
249 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
250 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
251 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
252 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
253 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
254 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
255 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
256 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
257 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
258 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
259 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
260 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
261 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
262 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
263 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
264 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
265 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
266 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
267 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
268 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
269 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
270 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
271 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
272 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
273 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
274 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
275 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
276 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
277 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
278 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
279 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
283 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
284 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
285 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
294 #endif /* OPENSSL_NO_DH */
296 static int test_cipher_reinit(int test_id)
298 int ret = 0, diff, ccm, siv;
299 int out1_len = 0, out2_len = 0, out3_len = 0;
300 EVP_CIPHER *cipher = NULL;
301 EVP_CIPHER_CTX *ctx = NULL;
302 unsigned char out1[256];
303 unsigned char out2[256];
304 unsigned char out3[256];
305 unsigned char in[16] = {
306 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
307 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
309 unsigned char key[64] = {
310 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
311 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
312 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
314 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
316 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
317 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
319 unsigned char iv[16] = {
320 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
321 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
323 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
325 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
328 TEST_note("Fetching %s\n", name);
329 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
332 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
333 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
335 /* siv cannot be called with NULL key as the iv is irrelevant */
336 siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
338 /* DES3-WRAP uses random every update - so it will give a different value */
339 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
341 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
342 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
343 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
344 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
346 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
347 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
353 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
354 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
355 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
358 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
359 || (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
365 EVP_CIPHER_free(cipher);
366 EVP_CIPHER_CTX_free(ctx);
371 * This test only uses a partial block (half the block size) of input for each
372 * EVP_EncryptUpdate() in order to test that the second init/update is not using
373 * a leftover buffer from the first init/update.
374 * Note: some ciphers don't need a full block to produce output.
376 static int test_cipher_reinit_partialupdate(int test_id)
379 int out1_len = 0, out2_len = 0, out3_len = 0;
380 EVP_CIPHER *cipher = NULL;
381 EVP_CIPHER_CTX *ctx = NULL;
382 unsigned char out1[256];
383 unsigned char out2[256];
384 unsigned char out3[256];
385 static const unsigned char in[32] = {
386 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
387 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
388 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
389 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
391 static const unsigned char key[64] = {
392 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
393 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
394 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
395 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
396 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
397 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
398 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
399 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
401 static const unsigned char iv[16] = {
402 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
403 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
405 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
407 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
410 TEST_note("Fetching %s\n", name);
411 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
414 in_len = EVP_CIPHER_block_size(cipher) / 2;
416 /* skip any ciphers that don't allow partial updates */
417 if (((EVP_CIPHER_flags(cipher)
418 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
419 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
420 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
421 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
426 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
427 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
428 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
429 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
432 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
435 if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) {
436 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
437 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
440 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
445 EVP_CIPHER_free(cipher);
446 EVP_CIPHER_CTX_free(ctx);
451 static int name_cmp(const char * const *a, const char * const *b)
453 return strcasecmp(*a, *b);
456 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
458 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
460 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
463 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
466 EVP_PKEY_CTX *keygen_ctx = NULL;
467 unsigned char *pub_der = NULL;
468 const unsigned char *pp = NULL;
470 OSSL_ENCODER_CTX *ectx = NULL;
472 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
473 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
474 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
475 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
477 OSSL_ENCODER_CTX_new_by_EVP_PKEY(*priv,
479 "DER", "type-specific",
481 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
484 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
488 OSSL_ENCODER_CTX_free(ectx);
489 OPENSSL_free(pub_der);
490 EVP_PKEY_CTX_free(keygen_ctx);
494 static int kem_rsa_gen_recover(void)
497 EVP_PKEY *pub = NULL;
498 EVP_PKEY *priv = NULL;
499 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
500 unsigned char secret[256] = { 0, };
501 unsigned char ct[256] = { 0, };
502 unsigned char unwrap[256] = { 0, };
503 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
505 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
506 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
507 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
508 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
509 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
511 && TEST_int_eq(ctlen, secretlen)
512 && TEST_int_eq(ctlen, 2048 / 8)
513 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
515 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
516 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
517 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
518 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
520 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
522 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
525 EVP_PKEY_CTX_free(rctx);
526 EVP_PKEY_CTX_free(sctx);
530 static int kem_rsa_params(void)
533 EVP_PKEY *pub = NULL;
534 EVP_PKEY *priv = NULL;
535 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
536 unsigned char secret[256] = { 0, };
537 unsigned char ct[256] = { 0, };
538 size_t ctlen = 0, secretlen = 0;
540 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
541 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
542 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
543 /* Test setting kem op before the init fails */
544 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
545 /* Test NULL ctx passed */
546 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
547 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
548 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
549 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
550 /* Test Invalid operation */
551 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
552 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
553 /* Wrong key component - no secret should be returned on failure */
554 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
555 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
556 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
558 && TEST_uchar_eq(secret[0], 0)
559 /* Test encapsulate fails if the mode is not set */
560 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
561 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
562 /* Test setting a bad kem ops fail */
563 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
564 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
565 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
566 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
567 /* Test secretlen is optional */
568 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
569 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
570 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
571 /* Test outlen is optional */
572 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
573 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
574 /* test that either len must be set if out is NULL */
575 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
576 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
577 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
578 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
579 /* Secret buffer should be set if there is an output buffer */
580 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
581 /* Test that lengths are optional if ct is not NULL */
582 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
583 /* Pass if secret or secret length are not NULL */
584 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
585 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
586 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
587 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
588 && TEST_int_eq(secretlen, 256)
589 /* Fail if passed NULL arguments */
590 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
591 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
592 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
593 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
597 EVP_PKEY_CTX_free(pubctx);
598 EVP_PKEY_CTX_free(privctx);
602 #ifndef OPENSSL_NO_DH
603 static EVP_PKEY *gen_dh_key(void)
605 EVP_PKEY_CTX *gctx = NULL;
606 EVP_PKEY *pkey = NULL;
607 OSSL_PARAM params[2];
609 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
610 params[1] = OSSL_PARAM_construct_end();
612 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
613 || !TEST_true(EVP_PKEY_keygen_init(gctx))
614 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
615 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
618 EVP_PKEY_CTX_free(gctx);
622 /* Fail if we try to use a dh key */
623 static int kem_invalid_keytype(void)
626 EVP_PKEY *key = NULL;
627 EVP_PKEY_CTX *sctx = NULL;
629 if (!TEST_ptr(key = gen_dh_key()))
632 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
634 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
640 EVP_PKEY_CTX_free(sctx);
643 #endif /* OPENSSL_NO_DH */
645 int setup_tests(void)
647 const char *prov_name = "default";
648 char *config_file = NULL;
651 while ((o = opt_next()) != OPT_EOF) {
653 case OPT_PROVIDER_NAME:
654 prov_name = opt_arg();
656 case OPT_CONFIG_FILE:
657 config_file = opt_arg();
667 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
670 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
671 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
673 #ifndef OPENSSL_NO_DH
674 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
675 ADD_TEST(dhx_cert_load);
678 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
680 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
682 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
683 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
684 sk_OPENSSL_CSTRING_num(cipher_names));
685 ADD_TEST(kem_rsa_gen_recover);
686 ADD_TEST(kem_rsa_params);
687 #ifndef OPENSSL_NO_DH
688 ADD_TEST(kem_invalid_keytype);
693 void cleanup_tests(void)
695 sk_OPENSSL_CSTRING_free(cipher_names);
696 OSSL_PROVIDER_unload(libprov);
697 OSSL_LIB_CTX_free(libctx);
698 OSSL_PROVIDER_unload(nullprov);