test/evp_libctx_test.c

   1 /*
   2  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11
  12  * These tests are setup to load null into the default library context.
  13  * Any tests are expected to use the created 'libctx' to find algorithms.
  14  * The framework runs the tests twice using the 'default' provider or
  15  * 'fips' provider as inputs.
  16  */
  17
  18 /*
  19  * DSA/DH low level APIs are deprecated for public use, but still ok for
  20  * internal use.
  21  */
  22 #include "internal/deprecated.h"
  23 #include <openssl/evp.h>
  24 #include <openssl/provider.h>
  25 #include <openssl/dsa.h>
  26 #include <openssl/dh.h>
  27 #include <openssl/safestack.h>
  28 #include <openssl/core_dispatch.h>
  29 #include <openssl/core_names.h>
  30 #include <openssl/x509.h>
  31 #include <openssl/encoder.h>
  32 #include "testutil.h"
  33 #include "internal/nelem.h"
  34 #include "crypto/bn_dh.h"   /* _bignum_ffdhe2048_p */
  35 #include "../e_os.h"        /* strcasecmp */
  36
  37 static OSSL_LIB_CTX *libctx = NULL;
  38 static OSSL_PROVIDER *nullprov = NULL;
  39 static OSSL_PROVIDER *libprov = NULL;
  40 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
  41
  42 typedef enum OPTION_choice {
  43     OPT_ERR = -1,
  44     OPT_EOF = 0,
  45     OPT_CONFIG_FILE,
  46     OPT_PROVIDER_NAME,
  47     OPT_TEST_ENUM
  48 } OPTION_CHOICE;
  49
  50 const OPTIONS *test_get_options(void)
  51 {
  52     static const OPTIONS test_options[] = {
  53         OPT_TEST_OPTIONS_DEFAULT_USAGE,
  54         { "config", OPT_CONFIG_FILE, '<',
  55           "The configuration file to use for the libctx" },
  56         { "provider", OPT_PROVIDER_NAME, 's',
  57           "The provider to load (The default value is 'default'" },
  58         { NULL }
  59     };
  60     return test_options;
  61 }
  62
  63 #ifndef OPENSSL_NO_DH
  64 static const char *getname(int id)
  65 {
  66     const char *name[] = {"p", "q", "g" };
  67
  68     if (id >= 0 && id < 3)
  69         return name[id];
  70     return "?";
  71 }
  72 #endif
  73
  74 /*
  75  * We're using some DH specific values in this test, so we skip compilation if
  76  * we're in a no-dh build.
  77  */
  78 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
  79
  80 static int test_dsa_param_keygen(int tstid)
  81 {
  82     int ret = 0;
  83     int expected;
  84     EVP_PKEY_CTX *gen_ctx = NULL;
  85     EVP_PKEY *pkey_parm = NULL;
  86     EVP_PKEY *pkey = NULL;
  87     DSA *dsa = NULL;
  88     int pind, qind, gind;
  89     BIGNUM *p = NULL, *q = NULL, *g = NULL;
  90
  91     /*
  92      * Just grab some fixed dh p, q, g values for testing,
  93      * these 'safe primes' should not be used normally for dsa *.
  94      */
  95     static const BIGNUM *bn[] = {
  96         &_bignum_dh2048_256_p,  &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
  97     };
  98
  99     /*
 100      * These tests are using bad values for p, q, g by reusing the values.
 101      * A value of 0 uses p, 1 uses q and 2 uses g.
 102      * There are 27 different combinations, with only the 1 valid combination.
 103      */
 104     pind = tstid / 9;
 105     qind = (tstid / 3) % 3;
 106     gind = tstid % 3;
 107     expected  = (pind == 0 && qind == 1 && gind == 2);
 108
 109     TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
 110               getname(qind), getname(gind));
 111
 112     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 113         || !TEST_ptr(dsa = DSA_new())
 114         || !TEST_ptr(p = BN_dup(bn[pind]))
 115         || !TEST_ptr(q = BN_dup(bn[qind]))
 116         || !TEST_ptr(g = BN_dup(bn[gind]))
 117         || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
 118         goto err;
 119     p = q = g = NULL;
 120
 121     if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
 122         goto err;
 123     dsa = NULL;
 124
 125     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 126         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 127         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 128         goto err;
 129     ret = 1;
 130 err:
 131     EVP_PKEY_free(pkey);
 132     EVP_PKEY_CTX_free(gen_ctx);
 133     EVP_PKEY_free(pkey_parm);
 134     DSA_free(dsa);
 135     BN_free(g);
 136     BN_free(q);
 137     BN_free(p);
 138     return ret;
 139 }
 140 #endif /* OPENSSL_NO_DSA */
 141
 142 #ifndef OPENSSL_NO_DH
 143 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
 144 {
 145     int ret = 0;
 146     int expected;
 147     EVP_PKEY_CTX *gen_ctx = NULL;
 148     EVP_PKEY *pkey_parm = NULL;
 149     EVP_PKEY *pkey = NULL;
 150     DH *dh = NULL;
 151     int pind, qind, gind;
 152     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 153
 154     /*
 155      * These tests are using bad values for p, q, g by reusing the values.
 156      * A value of 0 uses p, 1 uses q and 2 uses g.
 157      * There are 27 different combinations, with only the 1 valid combination.
 158      */
 159     pind = tstid / 9;
 160     qind = (tstid / 3) % 3;
 161     gind = tstid % 3;
 162     expected  = (pind == 0 && qind == 1 && gind == 2);
 163
 164     TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
 165               getname(qind), getname(gind));
 166
 167     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 168         || !TEST_ptr(dh = DH_new())
 169         || !TEST_ptr(p = BN_dup(bn[pind]))
 170         || !TEST_ptr(q = BN_dup(bn[qind]))
 171         || !TEST_ptr(g = BN_dup(bn[gind]))
 172         || !TEST_true(DH_set0_pqg(dh, p, q, g)))
 173         goto err;
 174     p = q = g = NULL;
 175
 176     if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
 177         goto err;
 178     dh = NULL;
 179
 180     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 181         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 182         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 183         goto err;
 184     ret = 1;
 185 err:
 186     EVP_PKEY_free(pkey);
 187     EVP_PKEY_CTX_free(gen_ctx);
 188     EVP_PKEY_free(pkey_parm);
 189     DH_free(dh);
 190     BN_free(g);
 191     BN_free(q);
 192     BN_free(p);
 193     return ret;
 194 }
 195
 196 /*
 197  * Note that we get the fips186-4 path being run for most of these cases since
 198  * the internal code will detect that the p, q, g does not match a safe prime
 199  * group (Except for when tstid = 5, which sets the correct p, q, g)
 200  */
 201 static int test_dh_safeprime_param_keygen(int tstid)
 202 {
 203     static const BIGNUM *bn[] = {
 204         &_bignum_ffdhe2048_p,  &_bignum_ffdhe2048_q, &_bignum_const_2
 205     };
 206     return do_dh_param_keygen(tstid, bn);
 207 }
 208
 209 static int dhx_cert_load(void)
 210 {
 211     int ret = 0;
 212     X509 *cert = NULL;
 213     BIO *bio = NULL;
 214
 215     static const unsigned char dhx_cert[] = {
 216         0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
 217         0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
 218         0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
 219         0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
 220         0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
 221         0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
 222         0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
 223         0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
 224         0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
 225         0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
 226         0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
 227         0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
 228         0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
 229         0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
 230         0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
 231         0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
 232         0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
 233         0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
 234         0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
 235         0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
 236         0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
 237         0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
 238         0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
 239         0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
 240         0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
 241         0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
 242         0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
 243         0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
 244         0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
 245         0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
 246         0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
 247         0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
 248         0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
 249         0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
 250         0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
 251         0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
 252         0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
 253         0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
 254         0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
 255         0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
 256         0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
 257         0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
 258         0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
 259         0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
 260         0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
 261         0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
 262         0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
 263         0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
 264         0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
 265         0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
 266         0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
 267         0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
 268         0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
 269         0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
 270         0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
 271         0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
 272         0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
 273         0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
 274         0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
 275         0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
 276         0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
 277         0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
 278         0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
 279         0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
 280         0x0e,0x6a,0xb1
 281     };
 282
 283     if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
 284         || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
 285         || !TEST_ptr(d2i_X509_bio(bio, &cert)))
 286         goto err;
 287     ret = 1;
 288 err:
 289     X509_free(cert);
 290     BIO_free(bio);
 291     return ret;
 292 }
 293
 294 #endif /* OPENSSL_NO_DH */
 295
 296 static int test_cipher_reinit(int test_id)
 297 {
 298     int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
 299     EVP_CIPHER *cipher = NULL;
 300     EVP_CIPHER_CTX *ctx = NULL;
 301     unsigned char out1[256];
 302     unsigned char out2[256];
 303     unsigned char in[16] = {
 304         0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 305         0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
 306     };
 307     unsigned char key[64] = {
 308         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 309         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 310         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 311         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 312         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 313         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 314         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 315         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 316     };
 317     unsigned char iv[16] = {
 318         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 319         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 320     };
 321     const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
 322
 323     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 324         goto err;
 325
 326     TEST_note("Fetching %s\n", name);
 327     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 328         goto err;
 329
 330     /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
 331     ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
 332
 333     /* DES3-WRAP uses random every update - so it will give a different value */
 334     diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
 335
 336     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 337         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
 338         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 339         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
 340                         ccm ? 0 : 1))
 341         goto err;
 342
 343     if (ccm == 0) {
 344         if (diff) {
 345             if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
 346                 goto err;
 347         } else {
 348             if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
 349                 goto err;
 350         }
 351     }
 352     ret = 1;
 353 err:
 354     EVP_CIPHER_free(cipher);
 355     EVP_CIPHER_CTX_free(ctx);
 356     return ret;
 357 }
 358
 359 /*
 360  * This test only uses a partial block (half the block size) of input for each
 361  * EVP_EncryptUpdate() in order to test that the second init/update is not using
 362  * a leftover buffer from the first init/update.
 363  * Note: some ciphers don't need a full block to produce output.
 364  */
 365 static int test_cipher_reinit_partialupdate(int test_id)
 366 {
 367     int ret = 0, out1_len = 0, out2_len = 0, in_len;
 368     EVP_CIPHER *cipher = NULL;
 369     EVP_CIPHER_CTX *ctx = NULL;
 370     unsigned char out1[256];
 371     unsigned char out2[256];
 372     static const unsigned char in[32] = {
 373         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 374         0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
 375         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 376         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 377     };
 378     static const unsigned char key[64] = {
 379         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 380         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 381         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 382         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 383         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 384         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 385         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 386         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 387     };
 388     static const unsigned char iv[16] = {
 389         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 390         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 391     };
 392     const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
 393
 394     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 395         goto err;
 396
 397     TEST_note("Fetching %s\n", name);
 398     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 399         goto err;
 400
 401     in_len = EVP_CIPHER_block_size(cipher) / 2;
 402
 403     /* skip any ciphers that don't allow partial updates */
 404     if (((EVP_CIPHER_flags(cipher)
 405           & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
 406         || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
 407         || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
 408         || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
 409         ret = 1;
 410         goto err;
 411     }
 412
 413     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 414         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
 415         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 416         || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
 417         goto err;
 418
 419     /* DES3-WRAP uses random every update - so it will give a different value */
 420     if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
 421         if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
 422             goto err;
 423     } else {
 424         if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
 425             goto err;
 426     }
 427     ret = 1;
 428 err:
 429     EVP_CIPHER_free(cipher);
 430     EVP_CIPHER_CTX_free(ctx);
 431     return ret;
 432 }
 433
 434
 435 static int name_cmp(const char * const *a, const char * const *b)
 436 {
 437     return strcasecmp(*a, *b);
 438 }
 439
 440 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
 441 {
 442     STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
 443
 444     sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
 445 }
 446
 447 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 448 {
 449     int ret = 0;
 450     EVP_PKEY_CTX *keygen_ctx = NULL;
 451     unsigned char *pub_der = NULL;
 452     const unsigned char *pp = NULL;
 453     size_t len = 0;
 454     OSSL_ENCODER_CTX *ectx = NULL;
 455
 456     if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
 457         || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
 458         || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
 459         || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
 460         || !TEST_ptr(ectx =
 461                      OSSL_ENCODER_CTX_new_by_EVP_PKEY(*priv,
 462                                                       EVP_PKEY_PUBLIC_KEY,
 463                                                       "DER", "type-specific",
 464                                                       libctx, NULL))
 465         || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
 466         goto err;
 467     pp = pub_der;
 468     if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
 469         goto err;
 470     ret = 1;
 471 err:
 472     OSSL_ENCODER_CTX_free(ectx);
 473     OPENSSL_free(pub_der);
 474     EVP_PKEY_CTX_free(keygen_ctx);
 475     return ret;
 476 }
 477
 478 static int kem_rsa_gen_recover(void)
 479 {
 480     int ret = 0;
 481     EVP_PKEY *pub = NULL;
 482     EVP_PKEY *priv = NULL;
 483     EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
 484     unsigned char secret[256] = { 0, };
 485     unsigned char ct[256] = { 0, };
 486     unsigned char unwrap[256] = { 0, };
 487     size_t ctlen = 0, unwraplen = 0, secretlen = 0;
 488
 489     ret = TEST_true(rsa_keygen(2048, &pub, &priv))
 490           && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 491           && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
 492           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
 493           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
 494                                               &secretlen), 1)
 495           && TEST_int_eq(ctlen, secretlen)
 496           && TEST_int_eq(ctlen, 2048 / 8)
 497           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
 498                                               &secretlen), 1)
 499           && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 500           && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
 501           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
 502           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
 503                                               ct, ctlen), 1)
 504           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
 505                                               ct, ctlen), 1)
 506           && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
 507     EVP_PKEY_free(pub);
 508     EVP_PKEY_free(priv);
 509     EVP_PKEY_CTX_free(rctx);
 510     EVP_PKEY_CTX_free(sctx);
 511     return ret;
 512 }
 513
 514 static int kem_rsa_params(void)
 515 {
 516     int ret = 0;
 517     EVP_PKEY *pub = NULL;
 518     EVP_PKEY *priv = NULL;
 519     EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
 520     unsigned char secret[256] = { 0, };
 521     unsigned char ct[256] = { 0, };
 522     size_t ctlen = 0, secretlen = 0;
 523
 524     ret = TEST_true(rsa_keygen(2048, &pub, &priv))
 525           && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 526           && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 527           /* Test setting kem op before the init fails */
 528           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
 529           /* Test NULL ctx passed */
 530           && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
 531           && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
 532           && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
 533           && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
 534           /* Test Invalid operation */
 535           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
 536           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
 537           /* Wrong key component - no secret should be returned on failure */
 538           && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
 539           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 540           && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
 541                                               sizeof(ct)), 0)
 542           && TEST_uchar_eq(secret[0], 0)
 543           /* Test encapsulate fails if the mode is not set */
 544           && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
 545           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
 546           /* Test setting a bad kem ops fail */
 547           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
 548           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx,  NULL), 0)
 549           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  "RSASVE"), 0)
 550           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  NULL), 0)
 551           /* Test secretlen is optional */
 552           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 553           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
 554           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 555           /* Test outlen is optional */
 556           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 557           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
 558           /* test that either len must be set if out is NULL */
 559           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
 560           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 561           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 562           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
 563           /* Secret buffer should be set if there is an output buffer */
 564           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
 565           /* Test that lengths are optional if ct is not NULL */
 566           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
 567           /* Pass if secret or secret length are not NULL */
 568           && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
 569           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
 570           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
 571           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
 572           && TEST_int_eq(secretlen, 256)
 573           /* Fail if passed NULL arguments */
 574           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
 575           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
 576           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
 577           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
 578
 579     EVP_PKEY_free(pub);
 580     EVP_PKEY_free(priv);
 581     EVP_PKEY_CTX_free(pubctx);
 582     EVP_PKEY_CTX_free(privctx);
 583     return ret;
 584 }
 585
 586 #ifndef OPENSSL_NO_DH
 587 static EVP_PKEY *gen_dh_key(void)
 588 {
 589     EVP_PKEY_CTX *gctx = NULL;
 590     EVP_PKEY *pkey = NULL;
 591     OSSL_PARAM params[2];
 592
 593     params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
 594     params[1] = OSSL_PARAM_construct_end();
 595
 596     if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
 597         || !TEST_true(EVP_PKEY_keygen_init(gctx))
 598         || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
 599         || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
 600         goto err;
 601 err:
 602     EVP_PKEY_CTX_free(gctx);
 603     return pkey;
 604 }
 605
 606 /* Fail if we try to use a dh key */
 607 static int kem_invalid_keytype(void)
 608 {
 609     int ret = 0;
 610     EVP_PKEY *key = NULL;
 611     EVP_PKEY_CTX *sctx = NULL;
 612
 613     if (!TEST_ptr(key = gen_dh_key()))
 614         goto done;
 615
 616     if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
 617         goto done;
 618     if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
 619         goto done;
 620
 621     ret = 1;
 622 done:
 623     EVP_PKEY_free(key);
 624     EVP_PKEY_CTX_free(sctx);
 625     return ret;
 626 }
 627 #endif /* OPENSSL_NO_DH */
 628
 629 int setup_tests(void)
 630 {
 631     const char *prov_name = "default";
 632     char *config_file = NULL;
 633     OPTION_CHOICE o;
 634
 635     while ((o = opt_next()) != OPT_EOF) {
 636         switch (o) {
 637         case OPT_PROVIDER_NAME:
 638             prov_name = opt_arg();
 639             break;
 640         case OPT_CONFIG_FILE:
 641             config_file = opt_arg();
 642             break;
 643         case OPT_TEST_CASES:
 644            break;
 645         default:
 646         case OPT_ERR:
 647             return 0;
 648         }
 649     }
 650
 651     nullprov = OSSL_PROVIDER_load(NULL, "null");
 652     if (!TEST_ptr(nullprov))
 653         return 0;
 654
 655     libctx = OSSL_LIB_CTX_new();
 656     if (!TEST_ptr(libctx))
 657         return 0;
 658     if (config_file != NULL
 659         && !TEST_true(OSSL_LIB_CTX_load_config(libctx, config_file)))
 660         return 0;
 661
 662     libprov = OSSL_PROVIDER_load(libctx, prov_name);
 663     if (!TEST_ptr(libprov))
 664         return 0;
 665
 666 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
 667     ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
 668 #endif
 669 #ifndef OPENSSL_NO_DH
 670     ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
 671     ADD_TEST(dhx_cert_load);
 672 #endif
 673
 674     if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
 675         return 0;
 676     EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
 677
 678     ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
 679     ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
 680                   sk_OPENSSL_CSTRING_num(cipher_names));
 681     ADD_TEST(kem_rsa_gen_recover);
 682     ADD_TEST(kem_rsa_params);
 683 #ifndef OPENSSL_NO_DH
 684     ADD_TEST(kem_invalid_keytype);
 685 #endif
 686     return 1;
 687 }
 688
 689 void cleanup_tests(void)
 690 {
 691     sk_OPENSSL_CSTRING_free(cipher_names);
 692     OSSL_PROVIDER_unload(libprov);
 693     OSSL_LIB_CTX_free(libctx);
 694     OSSL_PROVIDER_unload(nullprov);
 695 }