1*e0c4386eSCy Schubert /*
2*e0c4386eSCy Schubert * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert *
4*e0c4386eSCy Schubert * Licensed under the Apache License 2.0 (the "License"). You may not use
5*e0c4386eSCy Schubert * this file except in compliance with the License. You can obtain a copy
6*e0c4386eSCy Schubert * in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert * https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert */
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubert /*
11*e0c4386eSCy Schubert
12*e0c4386eSCy Schubert * These tests are setup to load null into the default library context.
13*e0c4386eSCy Schubert * Any tests are expected to use the created 'libctx' to find algorithms.
14*e0c4386eSCy Schubert * The framework runs the tests twice using the 'default' provider or
15*e0c4386eSCy Schubert * 'fips' provider as inputs.
16*e0c4386eSCy Schubert */
17*e0c4386eSCy Schubert
18*e0c4386eSCy Schubert /*
19*e0c4386eSCy Schubert * DSA/DH low level APIs are deprecated for public use, but still ok for
20*e0c4386eSCy Schubert * internal use.
21*e0c4386eSCy Schubert */
22*e0c4386eSCy Schubert #include "internal/deprecated.h"
23*e0c4386eSCy Schubert #include <assert.h>
24*e0c4386eSCy Schubert #include <openssl/evp.h>
25*e0c4386eSCy Schubert #include <openssl/provider.h>
26*e0c4386eSCy Schubert #include <openssl/dsa.h>
27*e0c4386eSCy Schubert #include <openssl/dh.h>
28*e0c4386eSCy Schubert #include <openssl/safestack.h>
29*e0c4386eSCy Schubert #include <openssl/core_dispatch.h>
30*e0c4386eSCy Schubert #include <openssl/core_names.h>
31*e0c4386eSCy Schubert #include <openssl/x509.h>
32*e0c4386eSCy Schubert #include <openssl/encoder.h>
33*e0c4386eSCy Schubert #include "testutil.h"
34*e0c4386eSCy Schubert #include "internal/nelem.h"
35*e0c4386eSCy Schubert #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
36*e0c4386eSCy Schubert
37*e0c4386eSCy Schubert static OSSL_LIB_CTX *libctx = NULL;
38*e0c4386eSCy Schubert static OSSL_PROVIDER *nullprov = NULL;
39*e0c4386eSCy Schubert static OSSL_PROVIDER *libprov = NULL;
40*e0c4386eSCy Schubert static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
41*e0c4386eSCy Schubert
42*e0c4386eSCy Schubert typedef enum OPTION_choice {
43*e0c4386eSCy Schubert OPT_ERR = -1,
44*e0c4386eSCy Schubert OPT_EOF = 0,
45*e0c4386eSCy Schubert OPT_CONFIG_FILE,
46*e0c4386eSCy Schubert OPT_PROVIDER_NAME,
47*e0c4386eSCy Schubert OPT_TEST_ENUM
48*e0c4386eSCy Schubert } OPTION_CHOICE;
49*e0c4386eSCy Schubert
test_get_options(void)50*e0c4386eSCy Schubert const OPTIONS *test_get_options(void)
51*e0c4386eSCy Schubert {
52*e0c4386eSCy Schubert static const OPTIONS test_options[] = {
53*e0c4386eSCy Schubert OPT_TEST_OPTIONS_DEFAULT_USAGE,
54*e0c4386eSCy Schubert { "config", OPT_CONFIG_FILE, '<',
55*e0c4386eSCy Schubert "The configuration file to use for the libctx" },
56*e0c4386eSCy Schubert { "provider", OPT_PROVIDER_NAME, 's',
57*e0c4386eSCy Schubert "The provider to load (The default value is 'default')" },
58*e0c4386eSCy Schubert { NULL }
59*e0c4386eSCy Schubert };
60*e0c4386eSCy Schubert return test_options;
61*e0c4386eSCy Schubert }
62*e0c4386eSCy Schubert
63*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
getname(int id)64*e0c4386eSCy Schubert static const char *getname(int id)
65*e0c4386eSCy Schubert {
66*e0c4386eSCy Schubert const char *name[] = {"p", "q", "g" };
67*e0c4386eSCy Schubert
68*e0c4386eSCy Schubert if (id >= 0 && id < 3)
69*e0c4386eSCy Schubert return name[id];
70*e0c4386eSCy Schubert return "?";
71*e0c4386eSCy Schubert }
72*e0c4386eSCy Schubert #endif
73*e0c4386eSCy Schubert
74*e0c4386eSCy Schubert /*
75*e0c4386eSCy Schubert * We're using some DH specific values in this test, so we skip compilation if
76*e0c4386eSCy Schubert * we're in a no-dh build.
77*e0c4386eSCy Schubert */
78*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
79*e0c4386eSCy Schubert
test_dsa_param_keygen(int tstid)80*e0c4386eSCy Schubert static int test_dsa_param_keygen(int tstid)
81*e0c4386eSCy Schubert {
82*e0c4386eSCy Schubert int ret = 0;
83*e0c4386eSCy Schubert int expected;
84*e0c4386eSCy Schubert EVP_PKEY_CTX *gen_ctx = NULL;
85*e0c4386eSCy Schubert EVP_PKEY *pkey_parm = NULL;
86*e0c4386eSCy Schubert EVP_PKEY *pkey = NULL, *dup_pk = NULL;
87*e0c4386eSCy Schubert DSA *dsa = NULL;
88*e0c4386eSCy Schubert int pind, qind, gind;
89*e0c4386eSCy Schubert BIGNUM *p = NULL, *q = NULL, *g = NULL;
90*e0c4386eSCy Schubert
91*e0c4386eSCy Schubert /*
92*e0c4386eSCy Schubert * Just grab some fixed dh p, q, g values for testing,
93*e0c4386eSCy Schubert * these 'safe primes' should not be used normally for dsa *.
94*e0c4386eSCy Schubert */
95*e0c4386eSCy Schubert static const BIGNUM *bn[] = {
96*e0c4386eSCy Schubert &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
97*e0c4386eSCy Schubert &ossl_bignum_dh2048_256_g
98*e0c4386eSCy Schubert };
99*e0c4386eSCy Schubert
100*e0c4386eSCy Schubert /*
101*e0c4386eSCy Schubert * These tests are using bad values for p, q, g by reusing the values.
102*e0c4386eSCy Schubert * A value of 0 uses p, 1 uses q and 2 uses g.
103*e0c4386eSCy Schubert * There are 27 different combinations, with only the 1 valid combination.
104*e0c4386eSCy Schubert */
105*e0c4386eSCy Schubert pind = tstid / 9;
106*e0c4386eSCy Schubert qind = (tstid / 3) % 3;
107*e0c4386eSCy Schubert gind = tstid % 3;
108*e0c4386eSCy Schubert expected = (pind == 0 && qind == 1 && gind == 2);
109*e0c4386eSCy Schubert
110*e0c4386eSCy Schubert TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
111*e0c4386eSCy Schubert getname(qind), getname(gind));
112*e0c4386eSCy Schubert
113*e0c4386eSCy Schubert if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
114*e0c4386eSCy Schubert || !TEST_ptr(dsa = DSA_new())
115*e0c4386eSCy Schubert || !TEST_ptr(p = BN_dup(bn[pind]))
116*e0c4386eSCy Schubert || !TEST_ptr(q = BN_dup(bn[qind]))
117*e0c4386eSCy Schubert || !TEST_ptr(g = BN_dup(bn[gind]))
118*e0c4386eSCy Schubert || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
119*e0c4386eSCy Schubert goto err;
120*e0c4386eSCy Schubert p = q = g = NULL;
121*e0c4386eSCy Schubert
122*e0c4386eSCy Schubert if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
123*e0c4386eSCy Schubert goto err;
124*e0c4386eSCy Schubert dsa = NULL;
125*e0c4386eSCy Schubert
126*e0c4386eSCy Schubert if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
127*e0c4386eSCy Schubert || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
128*e0c4386eSCy Schubert || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
129*e0c4386eSCy Schubert goto err;
130*e0c4386eSCy Schubert
131*e0c4386eSCy Schubert if (expected) {
132*e0c4386eSCy Schubert if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
133*e0c4386eSCy Schubert || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
134*e0c4386eSCy Schubert goto err;
135*e0c4386eSCy Schubert }
136*e0c4386eSCy Schubert
137*e0c4386eSCy Schubert ret = 1;
138*e0c4386eSCy Schubert err:
139*e0c4386eSCy Schubert EVP_PKEY_free(pkey);
140*e0c4386eSCy Schubert EVP_PKEY_free(dup_pk);
141*e0c4386eSCy Schubert EVP_PKEY_CTX_free(gen_ctx);
142*e0c4386eSCy Schubert EVP_PKEY_free(pkey_parm);
143*e0c4386eSCy Schubert DSA_free(dsa);
144*e0c4386eSCy Schubert BN_free(g);
145*e0c4386eSCy Schubert BN_free(q);
146*e0c4386eSCy Schubert BN_free(p);
147*e0c4386eSCy Schubert return ret;
148*e0c4386eSCy Schubert }
149*e0c4386eSCy Schubert #endif /* OPENSSL_NO_DSA */
150*e0c4386eSCy Schubert
151*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
do_dh_param_keygen(int tstid,const BIGNUM ** bn)152*e0c4386eSCy Schubert static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
153*e0c4386eSCy Schubert {
154*e0c4386eSCy Schubert int ret = 0;
155*e0c4386eSCy Schubert int expected;
156*e0c4386eSCy Schubert EVP_PKEY_CTX *gen_ctx = NULL;
157*e0c4386eSCy Schubert EVP_PKEY *pkey_parm = NULL;
158*e0c4386eSCy Schubert EVP_PKEY *pkey = NULL, *dup_pk = NULL;
159*e0c4386eSCy Schubert DH *dh = NULL;
160*e0c4386eSCy Schubert int pind, qind, gind;
161*e0c4386eSCy Schubert BIGNUM *p = NULL, *q = NULL, *g = NULL;
162*e0c4386eSCy Schubert
163*e0c4386eSCy Schubert /*
164*e0c4386eSCy Schubert * These tests are using bad values for p, q, g by reusing the values.
165*e0c4386eSCy Schubert * A value of 0 uses p, 1 uses q and 2 uses g.
166*e0c4386eSCy Schubert * There are 27 different combinations, with only the 1 valid combination.
167*e0c4386eSCy Schubert */
168*e0c4386eSCy Schubert pind = tstid / 9;
169*e0c4386eSCy Schubert qind = (tstid / 3) % 3;
170*e0c4386eSCy Schubert gind = tstid % 3;
171*e0c4386eSCy Schubert expected = (pind == 0 && qind == 1 && gind == 2);
172*e0c4386eSCy Schubert
173*e0c4386eSCy Schubert TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
174*e0c4386eSCy Schubert getname(qind), getname(gind));
175*e0c4386eSCy Schubert
176*e0c4386eSCy Schubert if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
177*e0c4386eSCy Schubert || !TEST_ptr(dh = DH_new())
178*e0c4386eSCy Schubert || !TEST_ptr(p = BN_dup(bn[pind]))
179*e0c4386eSCy Schubert || !TEST_ptr(q = BN_dup(bn[qind]))
180*e0c4386eSCy Schubert || !TEST_ptr(g = BN_dup(bn[gind]))
181*e0c4386eSCy Schubert || !TEST_true(DH_set0_pqg(dh, p, q, g)))
182*e0c4386eSCy Schubert goto err;
183*e0c4386eSCy Schubert p = q = g = NULL;
184*e0c4386eSCy Schubert
185*e0c4386eSCy Schubert if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
186*e0c4386eSCy Schubert goto err;
187*e0c4386eSCy Schubert dh = NULL;
188*e0c4386eSCy Schubert
189*e0c4386eSCy Schubert if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
190*e0c4386eSCy Schubert || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
191*e0c4386eSCy Schubert || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
192*e0c4386eSCy Schubert goto err;
193*e0c4386eSCy Schubert
194*e0c4386eSCy Schubert if (expected) {
195*e0c4386eSCy Schubert if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
196*e0c4386eSCy Schubert || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
197*e0c4386eSCy Schubert goto err;
198*e0c4386eSCy Schubert }
199*e0c4386eSCy Schubert
200*e0c4386eSCy Schubert ret = 1;
201*e0c4386eSCy Schubert err:
202*e0c4386eSCy Schubert EVP_PKEY_free(pkey);
203*e0c4386eSCy Schubert EVP_PKEY_free(dup_pk);
204*e0c4386eSCy Schubert EVP_PKEY_CTX_free(gen_ctx);
205*e0c4386eSCy Schubert EVP_PKEY_free(pkey_parm);
206*e0c4386eSCy Schubert DH_free(dh);
207*e0c4386eSCy Schubert BN_free(g);
208*e0c4386eSCy Schubert BN_free(q);
209*e0c4386eSCy Schubert BN_free(p);
210*e0c4386eSCy Schubert return ret;
211*e0c4386eSCy Schubert }
212*e0c4386eSCy Schubert
213*e0c4386eSCy Schubert /*
214*e0c4386eSCy Schubert * Note that we get the fips186-4 path being run for most of these cases since
215*e0c4386eSCy Schubert * the internal code will detect that the p, q, g does not match a safe prime
216*e0c4386eSCy Schubert * group (Except for when tstid = 5, which sets the correct p, q, g)
217*e0c4386eSCy Schubert */
test_dh_safeprime_param_keygen(int tstid)218*e0c4386eSCy Schubert static int test_dh_safeprime_param_keygen(int tstid)
219*e0c4386eSCy Schubert {
220*e0c4386eSCy Schubert static const BIGNUM *bn[] = {
221*e0c4386eSCy Schubert &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
222*e0c4386eSCy Schubert &ossl_bignum_const_2
223*e0c4386eSCy Schubert };
224*e0c4386eSCy Schubert return do_dh_param_keygen(tstid, bn);
225*e0c4386eSCy Schubert }
226*e0c4386eSCy Schubert
dhx_cert_load(void)227*e0c4386eSCy Schubert static int dhx_cert_load(void)
228*e0c4386eSCy Schubert {
229*e0c4386eSCy Schubert int ret = 0;
230*e0c4386eSCy Schubert X509 *cert = NULL;
231*e0c4386eSCy Schubert BIO *bio = NULL;
232*e0c4386eSCy Schubert
233*e0c4386eSCy Schubert static const unsigned char dhx_cert[] = {
234*e0c4386eSCy Schubert 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
235*e0c4386eSCy Schubert 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
236*e0c4386eSCy Schubert 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
237*e0c4386eSCy Schubert 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
238*e0c4386eSCy Schubert 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
239*e0c4386eSCy Schubert 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
240*e0c4386eSCy Schubert 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
241*e0c4386eSCy Schubert 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
242*e0c4386eSCy Schubert 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
243*e0c4386eSCy Schubert 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
244*e0c4386eSCy Schubert 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
245*e0c4386eSCy Schubert 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
246*e0c4386eSCy Schubert 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
247*e0c4386eSCy Schubert 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
248*e0c4386eSCy Schubert 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
249*e0c4386eSCy Schubert 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
250*e0c4386eSCy Schubert 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
251*e0c4386eSCy Schubert 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
252*e0c4386eSCy Schubert 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
253*e0c4386eSCy Schubert 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
254*e0c4386eSCy Schubert 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
255*e0c4386eSCy Schubert 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
256*e0c4386eSCy Schubert 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
257*e0c4386eSCy Schubert 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
258*e0c4386eSCy Schubert 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
259*e0c4386eSCy Schubert 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
260*e0c4386eSCy Schubert 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
261*e0c4386eSCy Schubert 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
262*e0c4386eSCy Schubert 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
263*e0c4386eSCy Schubert 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
264*e0c4386eSCy Schubert 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
265*e0c4386eSCy Schubert 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
266*e0c4386eSCy Schubert 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
267*e0c4386eSCy Schubert 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
268*e0c4386eSCy Schubert 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
269*e0c4386eSCy Schubert 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
270*e0c4386eSCy Schubert 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
271*e0c4386eSCy Schubert 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
272*e0c4386eSCy Schubert 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
273*e0c4386eSCy Schubert 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
274*e0c4386eSCy Schubert 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
275*e0c4386eSCy Schubert 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
276*e0c4386eSCy Schubert 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
277*e0c4386eSCy Schubert 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
278*e0c4386eSCy Schubert 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
279*e0c4386eSCy Schubert 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
280*e0c4386eSCy Schubert 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
281*e0c4386eSCy Schubert 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
282*e0c4386eSCy Schubert 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
283*e0c4386eSCy Schubert 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
284*e0c4386eSCy Schubert 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
285*e0c4386eSCy Schubert 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
286*e0c4386eSCy Schubert 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
287*e0c4386eSCy Schubert 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
288*e0c4386eSCy Schubert 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
289*e0c4386eSCy Schubert 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
290*e0c4386eSCy Schubert 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
291*e0c4386eSCy Schubert 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
292*e0c4386eSCy Schubert 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
293*e0c4386eSCy Schubert 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
294*e0c4386eSCy Schubert 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
295*e0c4386eSCy Schubert 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
296*e0c4386eSCy Schubert 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
297*e0c4386eSCy Schubert 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
298*e0c4386eSCy Schubert 0x0e,0x6a,0xb1
299*e0c4386eSCy Schubert };
300*e0c4386eSCy Schubert
301*e0c4386eSCy Schubert if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
302*e0c4386eSCy Schubert || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
303*e0c4386eSCy Schubert || !TEST_ptr(d2i_X509_bio(bio, &cert)))
304*e0c4386eSCy Schubert goto err;
305*e0c4386eSCy Schubert ret = 1;
306*e0c4386eSCy Schubert err:
307*e0c4386eSCy Schubert X509_free(cert);
308*e0c4386eSCy Schubert BIO_free(bio);
309*e0c4386eSCy Schubert return ret;
310*e0c4386eSCy Schubert }
311*e0c4386eSCy Schubert
312*e0c4386eSCy Schubert #endif /* OPENSSL_NO_DH */
313*e0c4386eSCy Schubert
test_cipher_reinit(int test_id)314*e0c4386eSCy Schubert static int test_cipher_reinit(int test_id)
315*e0c4386eSCy Schubert {
316*e0c4386eSCy Schubert int ret = 0, diff, ccm, siv, no_null_key;
317*e0c4386eSCy Schubert int out1_len = 0, out2_len = 0, out3_len = 0;
318*e0c4386eSCy Schubert EVP_CIPHER *cipher = NULL;
319*e0c4386eSCy Schubert EVP_CIPHER_CTX *ctx = NULL;
320*e0c4386eSCy Schubert unsigned char out1[256];
321*e0c4386eSCy Schubert unsigned char out2[256];
322*e0c4386eSCy Schubert unsigned char out3[256];
323*e0c4386eSCy Schubert unsigned char in[16] = {
324*e0c4386eSCy Schubert 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
325*e0c4386eSCy Schubert 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
326*e0c4386eSCy Schubert };
327*e0c4386eSCy Schubert unsigned char key[64] = {
328*e0c4386eSCy Schubert 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
329*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
330*e0c4386eSCy Schubert 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
331*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
332*e0c4386eSCy Schubert 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
333*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
334*e0c4386eSCy Schubert 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
335*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
336*e0c4386eSCy Schubert };
337*e0c4386eSCy Schubert unsigned char iv[16] = {
338*e0c4386eSCy Schubert 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
339*e0c4386eSCy Schubert 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
340*e0c4386eSCy Schubert };
341*e0c4386eSCy Schubert const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
342*e0c4386eSCy Schubert
343*e0c4386eSCy Schubert if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
344*e0c4386eSCy Schubert goto err;
345*e0c4386eSCy Schubert
346*e0c4386eSCy Schubert TEST_note("Fetching %s\n", name);
347*e0c4386eSCy Schubert if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
348*e0c4386eSCy Schubert goto err;
349*e0c4386eSCy Schubert
350*e0c4386eSCy Schubert /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
351*e0c4386eSCy Schubert ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
352*e0c4386eSCy Schubert
353*e0c4386eSCy Schubert /* siv cannot be called with NULL key as the iv is irrelevant */
354*e0c4386eSCy Schubert siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
355*e0c4386eSCy Schubert
356*e0c4386eSCy Schubert /*
357*e0c4386eSCy Schubert * Skip init call with a null key for RC4 as the stream cipher does not
358*e0c4386eSCy Schubert * handle reinit (1.1.1 behaviour).
359*e0c4386eSCy Schubert */
360*e0c4386eSCy Schubert no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
361*e0c4386eSCy Schubert || EVP_CIPHER_is_a(cipher, "RC4-40")
362*e0c4386eSCy Schubert || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
363*e0c4386eSCy Schubert
364*e0c4386eSCy Schubert /* DES3-WRAP uses random every update - so it will give a different value */
365*e0c4386eSCy Schubert diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
366*e0c4386eSCy Schubert
367*e0c4386eSCy Schubert if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
368*e0c4386eSCy Schubert || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
369*e0c4386eSCy Schubert || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
370*e0c4386eSCy Schubert || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
371*e0c4386eSCy Schubert ccm ? 0 : 1)
372*e0c4386eSCy Schubert || (!no_null_key
373*e0c4386eSCy Schubert && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
374*e0c4386eSCy Schubert || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
375*e0c4386eSCy Schubert ccm || siv ? 0 : 1))))
376*e0c4386eSCy Schubert goto err;
377*e0c4386eSCy Schubert
378*e0c4386eSCy Schubert if (ccm == 0) {
379*e0c4386eSCy Schubert if (diff) {
380*e0c4386eSCy Schubert if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
381*e0c4386eSCy Schubert || !TEST_mem_ne(out1, out1_len, out3, out3_len)
382*e0c4386eSCy Schubert || !TEST_mem_ne(out2, out2_len, out3, out3_len))
383*e0c4386eSCy Schubert goto err;
384*e0c4386eSCy Schubert } else {
385*e0c4386eSCy Schubert if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
386*e0c4386eSCy Schubert || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
387*e0c4386eSCy Schubert goto err;
388*e0c4386eSCy Schubert }
389*e0c4386eSCy Schubert }
390*e0c4386eSCy Schubert ret = 1;
391*e0c4386eSCy Schubert err:
392*e0c4386eSCy Schubert EVP_CIPHER_free(cipher);
393*e0c4386eSCy Schubert EVP_CIPHER_CTX_free(ctx);
394*e0c4386eSCy Schubert return ret;
395*e0c4386eSCy Schubert }
396*e0c4386eSCy Schubert
397*e0c4386eSCy Schubert /*
398*e0c4386eSCy Schubert * This test only uses a partial block (half the block size) of input for each
399*e0c4386eSCy Schubert * EVP_EncryptUpdate() in order to test that the second init/update is not using
400*e0c4386eSCy Schubert * a leftover buffer from the first init/update.
401*e0c4386eSCy Schubert * Note: some ciphers don't need a full block to produce output.
402*e0c4386eSCy Schubert */
test_cipher_reinit_partialupdate(int test_id)403*e0c4386eSCy Schubert static int test_cipher_reinit_partialupdate(int test_id)
404*e0c4386eSCy Schubert {
405*e0c4386eSCy Schubert int ret = 0, in_len;
406*e0c4386eSCy Schubert int out1_len = 0, out2_len = 0, out3_len = 0;
407*e0c4386eSCy Schubert EVP_CIPHER *cipher = NULL;
408*e0c4386eSCy Schubert EVP_CIPHER_CTX *ctx = NULL;
409*e0c4386eSCy Schubert unsigned char out1[256];
410*e0c4386eSCy Schubert unsigned char out2[256];
411*e0c4386eSCy Schubert unsigned char out3[256];
412*e0c4386eSCy Schubert static const unsigned char in[32] = {
413*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
414*e0c4386eSCy Schubert 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
415*e0c4386eSCy Schubert 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
416*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
417*e0c4386eSCy Schubert };
418*e0c4386eSCy Schubert static const unsigned char key[64] = {
419*e0c4386eSCy Schubert 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
420*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
421*e0c4386eSCy Schubert 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
422*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
423*e0c4386eSCy Schubert 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
424*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
425*e0c4386eSCy Schubert 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
426*e0c4386eSCy Schubert 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
427*e0c4386eSCy Schubert };
428*e0c4386eSCy Schubert static const unsigned char iv[16] = {
429*e0c4386eSCy Schubert 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
430*e0c4386eSCy Schubert 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
431*e0c4386eSCy Schubert };
432*e0c4386eSCy Schubert const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
433*e0c4386eSCy Schubert
434*e0c4386eSCy Schubert if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
435*e0c4386eSCy Schubert goto err;
436*e0c4386eSCy Schubert
437*e0c4386eSCy Schubert TEST_note("Fetching %s\n", name);
438*e0c4386eSCy Schubert if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
439*e0c4386eSCy Schubert goto err;
440*e0c4386eSCy Schubert
441*e0c4386eSCy Schubert in_len = EVP_CIPHER_get_block_size(cipher) / 2;
442*e0c4386eSCy Schubert
443*e0c4386eSCy Schubert /* skip any ciphers that don't allow partial updates */
444*e0c4386eSCy Schubert if (((EVP_CIPHER_get_flags(cipher)
445*e0c4386eSCy Schubert & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
446*e0c4386eSCy Schubert || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
447*e0c4386eSCy Schubert || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
448*e0c4386eSCy Schubert || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
449*e0c4386eSCy Schubert ret = 1;
450*e0c4386eSCy Schubert goto err;
451*e0c4386eSCy Schubert }
452*e0c4386eSCy Schubert
453*e0c4386eSCy Schubert if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
454*e0c4386eSCy Schubert || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
455*e0c4386eSCy Schubert || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
456*e0c4386eSCy Schubert || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
457*e0c4386eSCy Schubert goto err;
458*e0c4386eSCy Schubert
459*e0c4386eSCy Schubert if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
460*e0c4386eSCy Schubert goto err;
461*e0c4386eSCy Schubert
462*e0c4386eSCy Schubert if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
463*e0c4386eSCy Schubert if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
464*e0c4386eSCy Schubert || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
465*e0c4386eSCy Schubert goto err;
466*e0c4386eSCy Schubert
467*e0c4386eSCy Schubert if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
468*e0c4386eSCy Schubert goto err;
469*e0c4386eSCy Schubert }
470*e0c4386eSCy Schubert ret = 1;
471*e0c4386eSCy Schubert err:
472*e0c4386eSCy Schubert EVP_CIPHER_free(cipher);
473*e0c4386eSCy Schubert EVP_CIPHER_CTX_free(ctx);
474*e0c4386eSCy Schubert return ret;
475*e0c4386eSCy Schubert }
476*e0c4386eSCy Schubert
477*e0c4386eSCy Schubert
name_cmp(const char * const * a,const char * const * b)478*e0c4386eSCy Schubert static int name_cmp(const char * const *a, const char * const *b)
479*e0c4386eSCy Schubert {
480*e0c4386eSCy Schubert return OPENSSL_strcasecmp(*a, *b);
481*e0c4386eSCy Schubert }
482*e0c4386eSCy Schubert
collect_cipher_names(EVP_CIPHER * cipher,void * cipher_names_list)483*e0c4386eSCy Schubert static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
484*e0c4386eSCy Schubert {
485*e0c4386eSCy Schubert STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
486*e0c4386eSCy Schubert const char *name = EVP_CIPHER_get0_name(cipher);
487*e0c4386eSCy Schubert char *namedup = NULL;
488*e0c4386eSCy Schubert
489*e0c4386eSCy Schubert assert(name != NULL);
490*e0c4386eSCy Schubert /* the cipher will be freed after returning, strdup is needed */
491*e0c4386eSCy Schubert if ((namedup = OPENSSL_strdup(name)) != NULL
492*e0c4386eSCy Schubert && !sk_OPENSSL_STRING_push(names, namedup))
493*e0c4386eSCy Schubert OPENSSL_free(namedup);
494*e0c4386eSCy Schubert }
495*e0c4386eSCy Schubert
rsa_keygen(int bits,EVP_PKEY ** pub,EVP_PKEY ** priv)496*e0c4386eSCy Schubert static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
497*e0c4386eSCy Schubert {
498*e0c4386eSCy Schubert int ret = 0;
499*e0c4386eSCy Schubert unsigned char *pub_der = NULL;
500*e0c4386eSCy Schubert const unsigned char *pp = NULL;
501*e0c4386eSCy Schubert size_t len = 0;
502*e0c4386eSCy Schubert OSSL_ENCODER_CTX *ectx = NULL;
503*e0c4386eSCy Schubert
504*e0c4386eSCy Schubert if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
505*e0c4386eSCy Schubert || !TEST_ptr(ectx =
506*e0c4386eSCy Schubert OSSL_ENCODER_CTX_new_for_pkey(*priv,
507*e0c4386eSCy Schubert EVP_PKEY_PUBLIC_KEY,
508*e0c4386eSCy Schubert "DER", "type-specific",
509*e0c4386eSCy Schubert NULL))
510*e0c4386eSCy Schubert || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
511*e0c4386eSCy Schubert goto err;
512*e0c4386eSCy Schubert pp = pub_der;
513*e0c4386eSCy Schubert if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
514*e0c4386eSCy Schubert goto err;
515*e0c4386eSCy Schubert ret = 1;
516*e0c4386eSCy Schubert err:
517*e0c4386eSCy Schubert OSSL_ENCODER_CTX_free(ectx);
518*e0c4386eSCy Schubert OPENSSL_free(pub_der);
519*e0c4386eSCy Schubert return ret;
520*e0c4386eSCy Schubert }
521*e0c4386eSCy Schubert
kem_rsa_gen_recover(void)522*e0c4386eSCy Schubert static int kem_rsa_gen_recover(void)
523*e0c4386eSCy Schubert {
524*e0c4386eSCy Schubert int ret = 0;
525*e0c4386eSCy Schubert EVP_PKEY *pub = NULL;
526*e0c4386eSCy Schubert EVP_PKEY *priv = NULL;
527*e0c4386eSCy Schubert EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL;
528*e0c4386eSCy Schubert unsigned char secret[256] = { 0, };
529*e0c4386eSCy Schubert unsigned char ct[256] = { 0, };
530*e0c4386eSCy Schubert unsigned char unwrap[256] = { 0, };
531*e0c4386eSCy Schubert size_t ctlen = 0, unwraplen = 0, secretlen = 0;
532*e0c4386eSCy Schubert int bits = 2048;
533*e0c4386eSCy Schubert
534*e0c4386eSCy Schubert ret = TEST_true(rsa_keygen(bits, &pub, &priv))
535*e0c4386eSCy Schubert && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
536*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
537*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
538*e0c4386eSCy Schubert && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
539*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
540*e0c4386eSCy Schubert &secretlen), 1)
541*e0c4386eSCy Schubert && TEST_int_eq(ctlen, secretlen)
542*e0c4386eSCy Schubert && TEST_int_eq(ctlen, bits / 8)
543*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
544*e0c4386eSCy Schubert &secretlen), 1)
545*e0c4386eSCy Schubert && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
546*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
547*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
548*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
549*e0c4386eSCy Schubert ct, ctlen), 1)
550*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
551*e0c4386eSCy Schubert ct, ctlen), 1)
552*e0c4386eSCy Schubert && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
553*e0c4386eSCy Schubert EVP_PKEY_free(pub);
554*e0c4386eSCy Schubert EVP_PKEY_free(priv);
555*e0c4386eSCy Schubert EVP_PKEY_CTX_free(rctx);
556*e0c4386eSCy Schubert EVP_PKEY_CTX_free(dctx);
557*e0c4386eSCy Schubert EVP_PKEY_CTX_free(sctx);
558*e0c4386eSCy Schubert return ret;
559*e0c4386eSCy Schubert }
560*e0c4386eSCy Schubert
561*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DES
562*e0c4386eSCy Schubert /*
563*e0c4386eSCy Schubert * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
564*e0c4386eSCy Schubert * For fips mode this code would produce an error if the flag is not set.
565*e0c4386eSCy Schubert */
test_cipher_tdes_randkey(void)566*e0c4386eSCy Schubert static int test_cipher_tdes_randkey(void)
567*e0c4386eSCy Schubert {
568*e0c4386eSCy Schubert int ret;
569*e0c4386eSCy Schubert EVP_CIPHER_CTX *ctx = NULL;
570*e0c4386eSCy Schubert EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL;
571*e0c4386eSCy Schubert unsigned char key[24] = { 0 };
572*e0c4386eSCy Schubert
573*e0c4386eSCy Schubert ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
574*e0c4386eSCy Schubert && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
575*e0c4386eSCy Schubert && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
576*e0c4386eSCy Schubert && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
577*e0c4386eSCy Schubert && TEST_ptr(ctx = EVP_CIPHER_CTX_new())
578*e0c4386eSCy Schubert && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1))
579*e0c4386eSCy Schubert && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0);
580*e0c4386eSCy Schubert
581*e0c4386eSCy Schubert EVP_CIPHER_CTX_free(ctx);
582*e0c4386eSCy Schubert EVP_CIPHER_free(tdes_cipher);
583*e0c4386eSCy Schubert EVP_CIPHER_free(aes_cipher);
584*e0c4386eSCy Schubert return ret;
585*e0c4386eSCy Schubert }
586*e0c4386eSCy Schubert #endif /* OPENSSL_NO_DES */
587*e0c4386eSCy Schubert
kem_rsa_params(void)588*e0c4386eSCy Schubert static int kem_rsa_params(void)
589*e0c4386eSCy Schubert {
590*e0c4386eSCy Schubert int ret = 0;
591*e0c4386eSCy Schubert EVP_PKEY *pub = NULL;
592*e0c4386eSCy Schubert EVP_PKEY *priv = NULL;
593*e0c4386eSCy Schubert EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
594*e0c4386eSCy Schubert unsigned char secret[256] = { 0, };
595*e0c4386eSCy Schubert unsigned char ct[256] = { 0, };
596*e0c4386eSCy Schubert size_t ctlen = 0, secretlen = 0;
597*e0c4386eSCy Schubert
598*e0c4386eSCy Schubert ret = TEST_true(rsa_keygen(2048, &pub, &priv))
599*e0c4386eSCy Schubert && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
600*e0c4386eSCy Schubert && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
601*e0c4386eSCy Schubert /* Test setting kem op before the init fails */
602*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
603*e0c4386eSCy Schubert /* Test NULL ctx passed */
604*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
605*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
606*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
607*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
608*e0c4386eSCy Schubert /* Test Invalid operation */
609*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
610*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
611*e0c4386eSCy Schubert /* Wrong key component - no secret should be returned on failure */
612*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
613*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
614*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
615*e0c4386eSCy Schubert sizeof(ct)), 0)
616*e0c4386eSCy Schubert && TEST_uchar_eq(secret[0], 0)
617*e0c4386eSCy Schubert /* Test encapsulate fails if the mode is not set */
618*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
619*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
620*e0c4386eSCy Schubert /* Test setting a bad kem ops fail */
621*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
622*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
623*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
624*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
625*e0c4386eSCy Schubert /* Test secretlen is optional */
626*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
627*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
628*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
629*e0c4386eSCy Schubert /* Test outlen is optional */
630*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
631*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
632*e0c4386eSCy Schubert /* test that either len must be set if out is NULL */
633*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
634*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
635*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
636*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
637*e0c4386eSCy Schubert /* Secret buffer should be set if there is an output buffer */
638*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
639*e0c4386eSCy Schubert /* Test that lengths are optional if ct is not NULL */
640*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
641*e0c4386eSCy Schubert /* Pass if secret or secret length are not NULL */
642*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
643*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
644*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
645*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
646*e0c4386eSCy Schubert && TEST_int_eq(secretlen, 256)
647*e0c4386eSCy Schubert /* Fail if passed NULL arguments */
648*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
649*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
650*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
651*e0c4386eSCy Schubert && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
652*e0c4386eSCy Schubert
653*e0c4386eSCy Schubert EVP_PKEY_free(pub);
654*e0c4386eSCy Schubert EVP_PKEY_free(priv);
655*e0c4386eSCy Schubert EVP_PKEY_CTX_free(pubctx);
656*e0c4386eSCy Schubert EVP_PKEY_CTX_free(privctx);
657*e0c4386eSCy Schubert return ret;
658*e0c4386eSCy Schubert }
659*e0c4386eSCy Schubert
660*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
gen_dh_key(void)661*e0c4386eSCy Schubert static EVP_PKEY *gen_dh_key(void)
662*e0c4386eSCy Schubert {
663*e0c4386eSCy Schubert EVP_PKEY_CTX *gctx = NULL;
664*e0c4386eSCy Schubert EVP_PKEY *pkey = NULL;
665*e0c4386eSCy Schubert OSSL_PARAM params[2];
666*e0c4386eSCy Schubert
667*e0c4386eSCy Schubert params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
668*e0c4386eSCy Schubert params[1] = OSSL_PARAM_construct_end();
669*e0c4386eSCy Schubert
670*e0c4386eSCy Schubert if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
671*e0c4386eSCy Schubert || !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0)
672*e0c4386eSCy Schubert || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
673*e0c4386eSCy Schubert || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
674*e0c4386eSCy Schubert goto err;
675*e0c4386eSCy Schubert err:
676*e0c4386eSCy Schubert EVP_PKEY_CTX_free(gctx);
677*e0c4386eSCy Schubert return pkey;
678*e0c4386eSCy Schubert }
679*e0c4386eSCy Schubert
680*e0c4386eSCy Schubert /* Fail if we try to use a dh key */
kem_invalid_keytype(void)681*e0c4386eSCy Schubert static int kem_invalid_keytype(void)
682*e0c4386eSCy Schubert {
683*e0c4386eSCy Schubert int ret = 0;
684*e0c4386eSCy Schubert EVP_PKEY *key = NULL;
685*e0c4386eSCy Schubert EVP_PKEY_CTX *sctx = NULL;
686*e0c4386eSCy Schubert
687*e0c4386eSCy Schubert if (!TEST_ptr(key = gen_dh_key()))
688*e0c4386eSCy Schubert goto done;
689*e0c4386eSCy Schubert
690*e0c4386eSCy Schubert if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
691*e0c4386eSCy Schubert goto done;
692*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
693*e0c4386eSCy Schubert goto done;
694*e0c4386eSCy Schubert
695*e0c4386eSCy Schubert ret = 1;
696*e0c4386eSCy Schubert done:
697*e0c4386eSCy Schubert EVP_PKEY_free(key);
698*e0c4386eSCy Schubert EVP_PKEY_CTX_free(sctx);
699*e0c4386eSCy Schubert return ret;
700*e0c4386eSCy Schubert }
701*e0c4386eSCy Schubert #endif /* OPENSSL_NO_DH */
702*e0c4386eSCy Schubert
setup_tests(void)703*e0c4386eSCy Schubert int setup_tests(void)
704*e0c4386eSCy Schubert {
705*e0c4386eSCy Schubert const char *prov_name = "default";
706*e0c4386eSCy Schubert char *config_file = NULL;
707*e0c4386eSCy Schubert OPTION_CHOICE o;
708*e0c4386eSCy Schubert
709*e0c4386eSCy Schubert while ((o = opt_next()) != OPT_EOF) {
710*e0c4386eSCy Schubert switch (o) {
711*e0c4386eSCy Schubert case OPT_PROVIDER_NAME:
712*e0c4386eSCy Schubert prov_name = opt_arg();
713*e0c4386eSCy Schubert break;
714*e0c4386eSCy Schubert case OPT_CONFIG_FILE:
715*e0c4386eSCy Schubert config_file = opt_arg();
716*e0c4386eSCy Schubert break;
717*e0c4386eSCy Schubert case OPT_TEST_CASES:
718*e0c4386eSCy Schubert break;
719*e0c4386eSCy Schubert default:
720*e0c4386eSCy Schubert case OPT_ERR:
721*e0c4386eSCy Schubert return 0;
722*e0c4386eSCy Schubert }
723*e0c4386eSCy Schubert }
724*e0c4386eSCy Schubert
725*e0c4386eSCy Schubert if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
726*e0c4386eSCy Schubert return 0;
727*e0c4386eSCy Schubert
728*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
729*e0c4386eSCy Schubert ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
730*e0c4386eSCy Schubert #endif
731*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
732*e0c4386eSCy Schubert ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
733*e0c4386eSCy Schubert ADD_TEST(dhx_cert_load);
734*e0c4386eSCy Schubert #endif
735*e0c4386eSCy Schubert
736*e0c4386eSCy Schubert if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
737*e0c4386eSCy Schubert return 0;
738*e0c4386eSCy Schubert EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
739*e0c4386eSCy Schubert
740*e0c4386eSCy Schubert ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
741*e0c4386eSCy Schubert ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
742*e0c4386eSCy Schubert sk_OPENSSL_STRING_num(cipher_names));
743*e0c4386eSCy Schubert ADD_TEST(kem_rsa_gen_recover);
744*e0c4386eSCy Schubert ADD_TEST(kem_rsa_params);
745*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DH
746*e0c4386eSCy Schubert ADD_TEST(kem_invalid_keytype);
747*e0c4386eSCy Schubert #endif
748*e0c4386eSCy Schubert #ifndef OPENSSL_NO_DES
749*e0c4386eSCy Schubert ADD_TEST(test_cipher_tdes_randkey);
750*e0c4386eSCy Schubert #endif
751*e0c4386eSCy Schubert return 1;
752*e0c4386eSCy Schubert }
753*e0c4386eSCy Schubert
754*e0c4386eSCy Schubert /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
string_free(char * m)755*e0c4386eSCy Schubert static void string_free(char *m)
756*e0c4386eSCy Schubert {
757*e0c4386eSCy Schubert OPENSSL_free(m);
758*e0c4386eSCy Schubert }
759*e0c4386eSCy Schubert
cleanup_tests(void)760*e0c4386eSCy Schubert void cleanup_tests(void)
761*e0c4386eSCy Schubert {
762*e0c4386eSCy Schubert sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
763*e0c4386eSCy Schubert OSSL_PROVIDER_unload(libprov);
764*e0c4386eSCy Schubert OSSL_LIB_CTX_free(libctx);
765*e0c4386eSCy Schubert OSSL_PROVIDER_unload(nullprov);
766*e0c4386eSCy Schubert }
767