test/evp_libctx_test.c

   1 /*
   2  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11
  12  * These tests are setup to load null into the default library context.
  13  * Any tests are expected to use the created 'libctx' to find algorithms.
  14  * The framework runs the tests twice using the 'default' provider or
  15  * 'fips' provider as inputs.
  16  */
  17
  18 /*
  19  * DSA/DH low level APIs are deprecated for public use, but still ok for
  20  * internal use.
  21  */
  22 #include "internal/deprecated.h"
  23 #include <assert.h>
  24 #include <openssl/evp.h>
  25 #include <openssl/provider.h>
  26 #include <openssl/dsa.h>
  27 #include <openssl/dh.h>
  28 #include <openssl/safestack.h>
  29 #include <openssl/core_dispatch.h>
  30 #include <openssl/core_names.h>
  31 #include <openssl/x509.h>
  32 #include <openssl/encoder.h>
  33 #include "testutil.h"
  34 #include "internal/nelem.h"
  35 #include "crypto/bn_dh.h"   /* _bignum_ffdhe2048_p */
  36 #include "../e_os.h"        /* strcasecmp */
  37
  38 static OSSL_LIB_CTX *libctx = NULL;
  39 static OSSL_PROVIDER *nullprov = NULL;
  40 static OSSL_PROVIDER *libprov = NULL;
  41 static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
  42
  43 typedef enum OPTION_choice {
  44     OPT_ERR = -1,
  45     OPT_EOF = 0,
  46     OPT_CONFIG_FILE,
  47     OPT_PROVIDER_NAME,
  48     OPT_TEST_ENUM
  49 } OPTION_CHOICE;
  50
  51 const OPTIONS *test_get_options(void)
  52 {
  53     static const OPTIONS test_options[] = {
  54         OPT_TEST_OPTIONS_DEFAULT_USAGE,
  55         { "config", OPT_CONFIG_FILE, '<',
  56           "The configuration file to use for the libctx" },
  57         { "provider", OPT_PROVIDER_NAME, 's',
  58           "The provider to load (The default value is 'default')" },
  59         { NULL }
  60     };
  61     return test_options;
  62 }
  63
  64 #ifndef OPENSSL_NO_DH
  65 static const char *getname(int id)
  66 {
  67     const char *name[] = {"p", "q", "g" };
  68
  69     if (id >= 0 && id < 3)
  70         return name[id];
  71     return "?";
  72 }
  73 #endif
  74
  75 /*
  76  * We're using some DH specific values in this test, so we skip compilation if
  77  * we're in a no-dh build.
  78  */
  79 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
  80
  81 static int test_dsa_param_keygen(int tstid)
  82 {
  83     int ret = 0;
  84     int expected;
  85     EVP_PKEY_CTX *gen_ctx = NULL;
  86     EVP_PKEY *pkey_parm = NULL;
  87     EVP_PKEY *pkey = NULL, *dup_pk = NULL;
  88     DSA *dsa = NULL;
  89     int pind, qind, gind;
  90     BIGNUM *p = NULL, *q = NULL, *g = NULL;
  91
  92     /*
  93      * Just grab some fixed dh p, q, g values for testing,
  94      * these 'safe primes' should not be used normally for dsa *.
  95      */
  96     static const BIGNUM *bn[] = {
  97         &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
  98         &ossl_bignum_dh2048_256_g
  99     };
 100
 101     /*
 102      * These tests are using bad values for p, q, g by reusing the values.
 103      * A value of 0 uses p, 1 uses q and 2 uses g.
 104      * There are 27 different combinations, with only the 1 valid combination.
 105      */
 106     pind = tstid / 9;
 107     qind = (tstid / 3) % 3;
 108     gind = tstid % 3;
 109     expected  = (pind == 0 && qind == 1 && gind == 2);
 110
 111     TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
 112               getname(qind), getname(gind));
 113
 114     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 115         || !TEST_ptr(dsa = DSA_new())
 116         || !TEST_ptr(p = BN_dup(bn[pind]))
 117         || !TEST_ptr(q = BN_dup(bn[qind]))
 118         || !TEST_ptr(g = BN_dup(bn[gind]))
 119         || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
 120         goto err;
 121     p = q = g = NULL;
 122
 123     if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
 124         goto err;
 125     dsa = NULL;
 126
 127     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 128         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 129         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 130         goto err;
 131
 132     if (expected) {
 133         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
 134             || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
 135             goto err;
 136     }
 137
 138     ret = 1;
 139 err:
 140     EVP_PKEY_free(pkey);
 141     EVP_PKEY_free(dup_pk);
 142     EVP_PKEY_CTX_free(gen_ctx);
 143     EVP_PKEY_free(pkey_parm);
 144     DSA_free(dsa);
 145     BN_free(g);
 146     BN_free(q);
 147     BN_free(p);
 148     return ret;
 149 }
 150 #endif /* OPENSSL_NO_DSA */
 151
 152 #ifndef OPENSSL_NO_DH
 153 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
 154 {
 155     int ret = 0;
 156     int expected;
 157     EVP_PKEY_CTX *gen_ctx = NULL;
 158     EVP_PKEY *pkey_parm = NULL;
 159     EVP_PKEY *pkey = NULL, *dup_pk = NULL;
 160     DH *dh = NULL;
 161     int pind, qind, gind;
 162     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 163
 164     /*
 165      * These tests are using bad values for p, q, g by reusing the values.
 166      * A value of 0 uses p, 1 uses q and 2 uses g.
 167      * There are 27 different combinations, with only the 1 valid combination.
 168      */
 169     pind = tstid / 9;
 170     qind = (tstid / 3) % 3;
 171     gind = tstid % 3;
 172     expected  = (pind == 0 && qind == 1 && gind == 2);
 173
 174     TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
 175               getname(qind), getname(gind));
 176
 177     if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
 178         || !TEST_ptr(dh = DH_new())
 179         || !TEST_ptr(p = BN_dup(bn[pind]))
 180         || !TEST_ptr(q = BN_dup(bn[qind]))
 181         || !TEST_ptr(g = BN_dup(bn[gind]))
 182         || !TEST_true(DH_set0_pqg(dh, p, q, g)))
 183         goto err;
 184     p = q = g = NULL;
 185
 186     if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
 187         goto err;
 188     dh = NULL;
 189
 190     if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
 191         || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
 192         || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
 193         goto err;
 194
 195     if (expected) {
 196         if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
 197             || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
 198             goto err;
 199     }
 200
 201     ret = 1;
 202 err:
 203     EVP_PKEY_free(pkey);
 204     EVP_PKEY_free(dup_pk);
 205     EVP_PKEY_CTX_free(gen_ctx);
 206     EVP_PKEY_free(pkey_parm);
 207     DH_free(dh);
 208     BN_free(g);
 209     BN_free(q);
 210     BN_free(p);
 211     return ret;
 212 }
 213
 214 /*
 215  * Note that we get the fips186-4 path being run for most of these cases since
 216  * the internal code will detect that the p, q, g does not match a safe prime
 217  * group (Except for when tstid = 5, which sets the correct p, q, g)
 218  */
 219 static int test_dh_safeprime_param_keygen(int tstid)
 220 {
 221     static const BIGNUM *bn[] = {
 222         &ossl_bignum_ffdhe2048_p,  &ossl_bignum_ffdhe2048_q,
 223         &ossl_bignum_const_2
 224     };
 225     return do_dh_param_keygen(tstid, bn);
 226 }
 227
 228 static int dhx_cert_load(void)
 229 {
 230     int ret = 0;
 231     X509 *cert = NULL;
 232     BIO *bio = NULL;
 233
 234     static const unsigned char dhx_cert[] = {
 235         0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
 236         0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
 237         0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
 238         0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
 239         0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
 240         0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
 241         0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
 242         0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
 243         0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
 244         0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
 245         0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
 246         0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
 247         0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
 248         0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
 249         0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
 250         0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
 251         0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
 252         0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
 253         0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
 254         0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
 255         0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
 256         0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
 257         0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
 258         0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
 259         0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
 260         0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
 261         0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
 262         0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
 263         0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
 264         0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
 265         0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
 266         0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
 267         0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
 268         0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
 269         0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
 270         0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
 271         0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
 272         0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
 273         0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
 274         0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
 275         0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
 276         0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
 277         0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
 278         0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
 279         0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
 280         0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
 281         0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
 282         0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
 283         0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
 284         0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
 285         0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
 286         0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
 287         0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
 288         0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
 289         0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
 290         0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
 291         0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
 292         0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
 293         0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
 294         0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
 295         0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
 296         0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
 297         0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
 298         0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
 299         0x0e,0x6a,0xb1
 300     };
 301
 302     if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
 303         || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
 304         || !TEST_ptr(d2i_X509_bio(bio, &cert)))
 305         goto err;
 306     ret = 1;
 307 err:
 308     X509_free(cert);
 309     BIO_free(bio);
 310     return ret;
 311 }
 312
 313 #endif /* OPENSSL_NO_DH */
 314
 315 static int test_cipher_reinit(int test_id)
 316 {
 317     int ret = 0, diff, ccm, siv, no_null_key;
 318     int out1_len = 0, out2_len = 0, out3_len = 0;
 319     EVP_CIPHER *cipher = NULL;
 320     EVP_CIPHER_CTX *ctx = NULL;
 321     unsigned char out1[256];
 322     unsigned char out2[256];
 323     unsigned char out3[256];
 324     unsigned char in[16] = {
 325         0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 326         0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
 327     };
 328     unsigned char key[64] = {
 329         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 330         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 331         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 332         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 333         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 334         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 335         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 336         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 337     };
 338     unsigned char iv[16] = {
 339         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 340         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 341     };
 342     const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
 343
 344     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 345         goto err;
 346
 347     TEST_note("Fetching %s\n", name);
 348     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 349         goto err;
 350
 351     /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
 352     ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
 353
 354     /* siv cannot be called with NULL key as the iv is irrelevant */
 355     siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
 356
 357     /*
 358      * Skip init call with a null key for RC4 as the stream cipher does not
 359      * handle reinit (1.1.1 behaviour).
 360      */
 361     no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
 362                   || EVP_CIPHER_is_a(cipher, "RC4-40")
 363                   || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
 364
 365     /* DES3-WRAP uses random every update - so it will give a different value */
 366     diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
 367
 368     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 369         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
 370         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 371         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
 372                         ccm ? 0 : 1)
 373         || (!no_null_key
 374         && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
 375         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
 376                         ccm || siv ? 0 : 1))))
 377         goto err;
 378
 379     if (ccm == 0) {
 380         if (diff) {
 381             if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
 382                 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
 383                 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
 384                 goto err;
 385         } else {
 386             if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
 387                 || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
 388                 goto err;
 389         }
 390     }
 391     ret = 1;
 392 err:
 393     EVP_CIPHER_free(cipher);
 394     EVP_CIPHER_CTX_free(ctx);
 395     return ret;
 396 }
 397
 398 /*
 399  * This test only uses a partial block (half the block size) of input for each
 400  * EVP_EncryptUpdate() in order to test that the second init/update is not using
 401  * a leftover buffer from the first init/update.
 402  * Note: some ciphers don't need a full block to produce output.
 403  */
 404 static int test_cipher_reinit_partialupdate(int test_id)
 405 {
 406     int ret = 0, in_len;
 407     int out1_len = 0, out2_len = 0, out3_len = 0;
 408     EVP_CIPHER *cipher = NULL;
 409     EVP_CIPHER_CTX *ctx = NULL;
 410     unsigned char out1[256];
 411     unsigned char out2[256];
 412     unsigned char out3[256];
 413     static const unsigned char in[32] = {
 414         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 415         0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
 416         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 417         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 418     };
 419     static const unsigned char key[64] = {
 420         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 421         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 422         0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 423         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 424         0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 425         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 426         0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 427         0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 428     };
 429     static const unsigned char iv[16] = {
 430         0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
 431         0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
 432     };
 433     const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
 434
 435     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
 436         goto err;
 437
 438     TEST_note("Fetching %s\n", name);
 439     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
 440         goto err;
 441
 442     in_len = EVP_CIPHER_get_block_size(cipher) / 2;
 443
 444     /* skip any ciphers that don't allow partial updates */
 445     if (((EVP_CIPHER_get_flags(cipher)
 446           & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
 447         || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
 448         || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
 449         || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
 450         ret = 1;
 451         goto err;
 452     }
 453
 454     if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
 455         || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
 456         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 457         || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
 458         goto err;
 459
 460     if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
 461         goto err;
 462
 463     if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
 464         if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
 465             || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
 466             goto err;
 467
 468         if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
 469             goto err;
 470     }
 471     ret = 1;
 472 err:
 473     EVP_CIPHER_free(cipher);
 474     EVP_CIPHER_CTX_free(ctx);
 475     return ret;
 476 }
 477
 478
 479 static int name_cmp(const char * const *a, const char * const *b)
 480 {
 481     return strcasecmp(*a, *b);
 482 }
 483
 484 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
 485 {
 486     STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
 487     const char *name = EVP_CIPHER_get0_name(cipher);
 488     char *namedup = NULL;
 489
 490     assert(name != NULL);
 491     /* the cipher will be freed after returning, strdup is needed */
 492     if ((namedup = OPENSSL_strdup(name)) != NULL
 493         && !sk_OPENSSL_STRING_push(names, namedup))
 494         OPENSSL_free(namedup);
 495 }
 496
 497 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 498 {
 499     int ret = 0;
 500     unsigned char *pub_der = NULL;
 501     const unsigned char *pp = NULL;
 502     size_t len = 0;
 503     OSSL_ENCODER_CTX *ectx = NULL;
 504
 505     if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
 506         || !TEST_ptr(ectx =
 507                      OSSL_ENCODER_CTX_new_for_pkey(*priv,
 508                                                    EVP_PKEY_PUBLIC_KEY,
 509                                                    "DER", "type-specific",
 510                                                    NULL))
 511         || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
 512         goto err;
 513     pp = pub_der;
 514     if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
 515         goto err;
 516     ret = 1;
 517 err:
 518     OSSL_ENCODER_CTX_free(ectx);
 519     OPENSSL_free(pub_der);
 520     return ret;
 521 }
 522
 523 static int kem_rsa_gen_recover(void)
 524 {
 525     int ret = 0;
 526     EVP_PKEY *pub = NULL;
 527     EVP_PKEY *priv = NULL;
 528     EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
 529     unsigned char secret[256] = { 0, };
 530     unsigned char ct[256] = { 0, };
 531     unsigned char unwrap[256] = { 0, };
 532     size_t ctlen = 0, unwraplen = 0, secretlen = 0;
 533     int bits = 2048;
 534
 535     ret = TEST_true(rsa_keygen(bits, &pub, &priv))
 536           && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 537           && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
 538           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
 539           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
 540                                               &secretlen), 1)
 541           && TEST_int_eq(ctlen, secretlen)
 542           && TEST_int_eq(ctlen, bits / 8)
 543           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
 544                                               &secretlen), 1)
 545           && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 546           && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
 547           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
 548           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
 549                                               ct, ctlen), 1)
 550           && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
 551                                               ct, ctlen), 1)
 552           && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
 553     EVP_PKEY_free(pub);
 554     EVP_PKEY_free(priv);
 555     EVP_PKEY_CTX_free(rctx);
 556     EVP_PKEY_CTX_free(sctx);
 557     return ret;
 558 }
 559
 560 #ifndef OPENSSL_NO_DES
 561 /*
 562  * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
 563  * For fips mode this code would produce an error if the flag is not set.
 564  */
 565 static int test_cipher_tdes_randkey(void)
 566 {
 567     int ret;
 568     EVP_CIPHER_CTX *ctx = NULL;
 569     EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL;
 570     unsigned char key[24] = { 0 };
 571
 572     ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
 573           && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
 574           && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
 575           && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
 576           && TEST_ptr(ctx = EVP_CIPHER_CTX_new())
 577           && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1))
 578           && TEST_true(EVP_CIPHER_CTX_rand_key(ctx, key));
 579
 580     EVP_CIPHER_CTX_free(ctx);
 581     EVP_CIPHER_free(tdes_cipher);
 582     EVP_CIPHER_free(aes_cipher);
 583     return ret;
 584 }
 585 #endif /* OPENSSL_NO_DES */
 586
 587 static int kem_rsa_params(void)
 588 {
 589     int ret = 0;
 590     EVP_PKEY *pub = NULL;
 591     EVP_PKEY *priv = NULL;
 592     EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
 593     unsigned char secret[256] = { 0, };
 594     unsigned char ct[256] = { 0, };
 595     size_t ctlen = 0, secretlen = 0;
 596
 597     ret = TEST_true(rsa_keygen(2048, &pub, &priv))
 598           && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
 599           && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
 600           /* Test setting kem op before the init fails */
 601           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
 602           /* Test NULL ctx passed */
 603           && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
 604           && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
 605           && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
 606           && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
 607           /* Test Invalid operation */
 608           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
 609           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
 610           /* Wrong key component - no secret should be returned on failure */
 611           && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
 612           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 613           && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
 614                                               sizeof(ct)), 0)
 615           && TEST_uchar_eq(secret[0], 0)
 616           /* Test encapsulate fails if the mode is not set */
 617           && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
 618           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
 619           /* Test setting a bad kem ops fail */
 620           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
 621           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx,  NULL), 0)
 622           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  "RSASVE"), 0)
 623           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL,  NULL), 0)
 624           /* Test secretlen is optional */
 625           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
 626           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
 627           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 628           /* Test outlen is optional */
 629           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 630           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
 631           /* test that either len must be set if out is NULL */
 632           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
 633           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
 634           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
 635           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
 636           /* Secret buffer should be set if there is an output buffer */
 637           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
 638           /* Test that lengths are optional if ct is not NULL */
 639           && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
 640           /* Pass if secret or secret length are not NULL */
 641           && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
 642           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
 643           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
 644           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
 645           && TEST_int_eq(secretlen, 256)
 646           /* Fail if passed NULL arguments */
 647           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
 648           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
 649           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
 650           && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
 651
 652     EVP_PKEY_free(pub);
 653     EVP_PKEY_free(priv);
 654     EVP_PKEY_CTX_free(pubctx);
 655     EVP_PKEY_CTX_free(privctx);
 656     return ret;
 657 }
 658
 659 #ifndef OPENSSL_NO_DH
 660 static EVP_PKEY *gen_dh_key(void)
 661 {
 662     EVP_PKEY_CTX *gctx = NULL;
 663     EVP_PKEY *pkey = NULL;
 664     OSSL_PARAM params[2];
 665
 666     params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
 667     params[1] = OSSL_PARAM_construct_end();
 668
 669     if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
 670         || !TEST_true(EVP_PKEY_keygen_init(gctx))
 671         || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
 672         || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
 673         goto err;
 674 err:
 675     EVP_PKEY_CTX_free(gctx);
 676     return pkey;
 677 }
 678
 679 /* Fail if we try to use a dh key */
 680 static int kem_invalid_keytype(void)
 681 {
 682     int ret = 0;
 683     EVP_PKEY *key = NULL;
 684     EVP_PKEY_CTX *sctx = NULL;
 685
 686     if (!TEST_ptr(key = gen_dh_key()))
 687         goto done;
 688
 689     if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
 690         goto done;
 691     if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
 692         goto done;
 693
 694     ret = 1;
 695 done:
 696     EVP_PKEY_free(key);
 697     EVP_PKEY_CTX_free(sctx);
 698     return ret;
 699 }
 700 #endif /* OPENSSL_NO_DH */
 701
 702 int setup_tests(void)
 703 {
 704     const char *prov_name = "default";
 705     char *config_file = NULL;
 706     OPTION_CHOICE o;
 707
 708     while ((o = opt_next()) != OPT_EOF) {
 709         switch (o) {
 710         case OPT_PROVIDER_NAME:
 711             prov_name = opt_arg();
 712             break;
 713         case OPT_CONFIG_FILE:
 714             config_file = opt_arg();
 715             break;
 716         case OPT_TEST_CASES:
 717            break;
 718         default:
 719         case OPT_ERR:
 720             return 0;
 721         }
 722     }
 723
 724     if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
 725         return 0;
 726
 727 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
 728     ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
 729 #endif
 730 #ifndef OPENSSL_NO_DH
 731     ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
 732     ADD_TEST(dhx_cert_load);
 733 #endif
 734
 735     if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
 736         return 0;
 737     EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
 738
 739     ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
 740     ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
 741                   sk_OPENSSL_STRING_num(cipher_names));
 742     ADD_TEST(kem_rsa_gen_recover);
 743     ADD_TEST(kem_rsa_params);
 744 #ifndef OPENSSL_NO_DH
 745     ADD_TEST(kem_invalid_keytype);
 746 #endif
 747 #ifndef OPENSSL_NO_DES
 748     ADD_TEST(test_cipher_tdes_randkey);
 749 #endif
 750     return 1;
 751 }
 752
 753 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
 754 static void string_free(char *m)
 755 {
 756     OPENSSL_free(m);
 757 }
 758
 759 void cleanup_tests(void)
 760 {
 761     sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
 762     OSSL_PROVIDER_unload(libprov);
 763     OSSL_LIB_CTX_free(libctx);
 764     OSSL_PROVIDER_unload(nullprov);
 765 }