2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
28 #include <openssl/core_dispatch.h>
29 #include <openssl/core_names.h>
30 #include <openssl/x509.h>
31 #include <openssl/encoder.h>
33 #include "internal/nelem.h"
34 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35 #include "../e_os.h" /* strcasecmp */
37 static OSSL_LIB_CTX *libctx = NULL;
38 static OSSL_PROVIDER *nullprov = NULL;
39 static OSSL_PROVIDER *libprov = NULL;
40 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
42 typedef enum OPTION_choice {
50 const OPTIONS *test_get_options(void)
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { "provider", OPT_PROVIDER_NAME, 's',
57 "The provider to load (The default value is 'default'" },
64 static const char *getname(int id)
66 const char *name[] = {"p", "q", "g" };
68 if (id >= 0 && id < 3)
75 * We're using some DH specific values in this test, so we skip compilation if
76 * we're in a no-dh build.
78 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
80 static int test_dsa_param_keygen(int tstid)
84 EVP_PKEY_CTX *gen_ctx = NULL;
85 EVP_PKEY *pkey_parm = NULL;
86 EVP_PKEY *pkey = NULL;
89 BIGNUM *p = NULL, *q = NULL, *g = NULL;
92 * Just grab some fixed dh p, q, g values for testing,
93 * these 'safe primes' should not be used normally for dsa *.
95 static const BIGNUM *bn[] = {
96 &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
100 * These tests are using bad values for p, q, g by reusing the values.
101 * A value of 0 uses p, 1 uses q and 2 uses g.
102 * There are 27 different combinations, with only the 1 valid combination.
105 qind = (tstid / 3) % 3;
107 expected = (pind == 0 && qind == 1 && gind == 2);
109 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
110 getname(qind), getname(gind));
112 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
113 || !TEST_ptr(dsa = DSA_new())
114 || !TEST_ptr(p = BN_dup(bn[pind]))
115 || !TEST_ptr(q = BN_dup(bn[qind]))
116 || !TEST_ptr(g = BN_dup(bn[gind]))
117 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
121 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
125 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
126 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
127 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
132 EVP_PKEY_CTX_free(gen_ctx);
133 EVP_PKEY_free(pkey_parm);
140 #endif /* OPENSSL_NO_DSA */
142 #ifndef OPENSSL_NO_DH
143 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
147 EVP_PKEY_CTX *gen_ctx = NULL;
148 EVP_PKEY *pkey_parm = NULL;
149 EVP_PKEY *pkey = NULL;
151 int pind, qind, gind;
152 BIGNUM *p = NULL, *q = NULL, *g = NULL;
155 * These tests are using bad values for p, q, g by reusing the values.
156 * A value of 0 uses p, 1 uses q and 2 uses g.
157 * There are 27 different combinations, with only the 1 valid combination.
160 qind = (tstid / 3) % 3;
162 expected = (pind == 0 && qind == 1 && gind == 2);
164 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
165 getname(qind), getname(gind));
167 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
168 || !TEST_ptr(dh = DH_new())
169 || !TEST_ptr(p = BN_dup(bn[pind]))
170 || !TEST_ptr(q = BN_dup(bn[qind]))
171 || !TEST_ptr(g = BN_dup(bn[gind]))
172 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
176 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
180 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
181 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
182 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
187 EVP_PKEY_CTX_free(gen_ctx);
188 EVP_PKEY_free(pkey_parm);
197 * Note that we get the fips186-4 path being run for most of these cases since
198 * the internal code will detect that the p, q, g does not match a safe prime
199 * group (Except for when tstid = 5, which sets the correct p, q, g)
201 static int test_dh_safeprime_param_keygen(int tstid)
203 static const BIGNUM *bn[] = {
204 &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
206 return do_dh_param_keygen(tstid, bn);
209 static int dhx_cert_load(void)
215 static const unsigned char dhx_cert[] = {
216 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
217 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
218 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
219 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
220 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
221 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
222 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
223 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
224 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
225 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
226 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
227 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
228 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
229 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
230 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
231 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
232 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
233 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
234 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
235 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
236 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
237 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
238 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
239 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
240 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
241 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
242 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
243 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
244 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
245 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
246 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
247 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
248 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
249 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
250 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
251 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
252 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
253 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
254 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
255 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
256 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
257 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
258 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
259 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
260 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
261 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
262 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
263 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
264 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
265 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
266 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
267 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
268 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
269 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
270 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
271 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
272 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
273 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
274 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
275 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
276 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
277 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
278 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
279 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
283 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
284 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
285 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
294 #endif /* OPENSSL_NO_DH */
296 static int test_cipher_reinit(int test_id)
298 int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
299 EVP_CIPHER *cipher = NULL;
300 EVP_CIPHER_CTX *ctx = NULL;
301 unsigned char out1[256];
302 unsigned char out2[256];
303 unsigned char in[16] = {
304 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
305 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
307 unsigned char key[64] = {
308 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
309 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
310 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
311 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
312 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
314 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
317 unsigned char iv[16] = {
318 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
319 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
321 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
323 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
326 TEST_note("Fetching %s\n", name);
327 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
330 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
331 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
333 /* DES3-WRAP uses random every update - so it will give a different value */
334 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
336 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
337 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
338 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
339 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
345 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
348 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
354 EVP_CIPHER_free(cipher);
355 EVP_CIPHER_CTX_free(ctx);
360 * This test only uses a partial block (half the block size) of input for each
361 * EVP_EncryptUpdate() in order to test that the second init/update is not using
362 * a leftover buffer from the first init/update.
363 * Note: some ciphers don't need a full block to produce output.
365 static int test_cipher_reinit_partialupdate(int test_id)
367 int ret = 0, out1_len = 0, out2_len = 0, in_len;
368 EVP_CIPHER *cipher = NULL;
369 EVP_CIPHER_CTX *ctx = NULL;
370 unsigned char out1[256];
371 unsigned char out2[256];
372 static const unsigned char in[32] = {
373 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
374 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
375 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
376 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
378 static const unsigned char key[64] = {
379 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
380 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
381 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
382 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
383 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
384 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
385 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
386 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
388 static const unsigned char iv[16] = {
389 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
390 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
392 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
394 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
397 TEST_note("Fetching %s\n", name);
398 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
401 in_len = EVP_CIPHER_block_size(cipher) / 2;
403 /* skip any ciphers that don't allow partial updates */
404 if (((EVP_CIPHER_flags(cipher)
405 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
406 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
407 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
408 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
413 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
414 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
415 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
416 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
419 /* DES3-WRAP uses random every update - so it will give a different value */
420 if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
421 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
424 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
429 EVP_CIPHER_free(cipher);
430 EVP_CIPHER_CTX_free(ctx);
435 static int name_cmp(const char * const *a, const char * const *b)
437 return strcasecmp(*a, *b);
440 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
442 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
444 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
447 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
450 EVP_PKEY_CTX *keygen_ctx = NULL;
451 unsigned char *pub_der = NULL;
452 const unsigned char *pp = NULL;
454 OSSL_ENCODER_CTX *ectx = NULL;
456 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
457 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
458 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
459 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
461 OSSL_ENCODER_CTX_new_by_EVP_PKEY(*priv,
463 "DER", "type-specific",
465 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
468 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
472 OSSL_ENCODER_CTX_free(ectx);
473 OPENSSL_free(pub_der);
474 EVP_PKEY_CTX_free(keygen_ctx);
478 static int kem_rsa_gen_recover(void)
481 EVP_PKEY *pub = NULL;
482 EVP_PKEY *priv = NULL;
483 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
484 unsigned char secret[256] = { 0, };
485 unsigned char ct[256] = { 0, };
486 unsigned char unwrap[256] = { 0, };
487 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
489 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
490 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
491 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
492 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
493 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
495 && TEST_int_eq(ctlen, secretlen)
496 && TEST_int_eq(ctlen, 2048 / 8)
497 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
499 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
500 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
501 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
502 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
504 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
506 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
509 EVP_PKEY_CTX_free(rctx);
510 EVP_PKEY_CTX_free(sctx);
514 static int kem_rsa_params(void)
517 EVP_PKEY *pub = NULL;
518 EVP_PKEY *priv = NULL;
519 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
520 unsigned char secret[256] = { 0, };
521 unsigned char ct[256] = { 0, };
522 size_t ctlen = 0, secretlen = 0;
524 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
525 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
526 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
527 /* Test setting kem op before the init fails */
528 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
529 /* Test NULL ctx passed */
530 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
531 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
532 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
533 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
534 /* Test Invalid operation */
535 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
536 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
537 /* Wrong key component - no secret should be returned on failure */
538 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
539 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
540 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
542 && TEST_uchar_eq(secret[0], 0)
543 /* Test encapsulate fails if the mode is not set */
544 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
545 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
546 /* Test setting a bad kem ops fail */
547 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
548 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
549 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
550 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
551 /* Test secretlen is optional */
552 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
553 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
554 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
555 /* Test outlen is optional */
556 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
557 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
558 /* test that either len must be set if out is NULL */
559 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
560 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
561 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
562 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
563 /* Secret buffer should be set if there is an output buffer */
564 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
565 /* Test that lengths are optional if ct is not NULL */
566 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
567 /* Pass if secret or secret length are not NULL */
568 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
569 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
570 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
571 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
572 && TEST_int_eq(secretlen, 256)
573 /* Fail if passed NULL arguments */
574 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
575 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
576 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
577 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
581 EVP_PKEY_CTX_free(pubctx);
582 EVP_PKEY_CTX_free(privctx);
586 #ifndef OPENSSL_NO_DH
587 static EVP_PKEY *gen_dh_key(void)
589 EVP_PKEY_CTX *gctx = NULL;
590 EVP_PKEY *pkey = NULL;
591 OSSL_PARAM params[2];
593 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
594 params[1] = OSSL_PARAM_construct_end();
596 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
597 || !TEST_true(EVP_PKEY_keygen_init(gctx))
598 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
599 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
602 EVP_PKEY_CTX_free(gctx);
606 /* Fail if we try to use a dh key */
607 static int kem_invalid_keytype(void)
610 EVP_PKEY *key = NULL;
611 EVP_PKEY_CTX *sctx = NULL;
613 if (!TEST_ptr(key = gen_dh_key()))
616 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
618 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
624 EVP_PKEY_CTX_free(sctx);
627 #endif /* OPENSSL_NO_DH */
629 int setup_tests(void)
631 const char *prov_name = "default";
632 char *config_file = NULL;
635 while ((o = opt_next()) != OPT_EOF) {
637 case OPT_PROVIDER_NAME:
638 prov_name = opt_arg();
640 case OPT_CONFIG_FILE:
641 config_file = opt_arg();
651 nullprov = OSSL_PROVIDER_load(NULL, "null");
652 if (!TEST_ptr(nullprov))
655 libctx = OSSL_LIB_CTX_new();
656 if (!TEST_ptr(libctx))
658 if (config_file != NULL
659 && !TEST_true(OSSL_LIB_CTX_load_config(libctx, config_file)))
662 libprov = OSSL_PROVIDER_load(libctx, prov_name);
663 if (!TEST_ptr(libprov))
666 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
667 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
669 #ifndef OPENSSL_NO_DH
670 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
671 ADD_TEST(dhx_cert_load);
674 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
676 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
678 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
679 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
680 sk_OPENSSL_CSTRING_num(cipher_names));
681 ADD_TEST(kem_rsa_gen_recover);
682 ADD_TEST(kem_rsa_params);
683 #ifndef OPENSSL_NO_DH
684 ADD_TEST(kem_invalid_keytype);
689 void cleanup_tests(void)
691 sk_OPENSSL_CSTRING_free(cipher_names);
692 OSSL_PROVIDER_unload(libprov);
693 OSSL_LIB_CTX_free(libctx);
694 OSSL_PROVIDER_unload(nullprov);