[thirdparty/openssl.git] / test / evp_libctx_test.c

/*
 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*

 * These tests are setup to load null into the default library context.
 * Any tests are expected to use the created 'libctx' to find algorithms.
 * The framework runs the tests twice using the 'default' provider or
 * 'fips' provider as inputs.
 */

/*
 * DSA/DH low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"
#include <openssl/evp.h>
#include <openssl/provider.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/safestack.h>
#include <openssl/x509.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "crypto/bn_dh.h"   /* _bignum_ffdhe2048_p */
#include "../e_os.h"        /* strcasecmp */

static OPENSSL_CTX *libctx = NULL;
static OSSL_PROVIDER *nullprov = NULL;
static OSSL_PROVIDER *libprov = NULL;
static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;

typedef enum OPTION_choice {
    OPT_ERR = -1,
    OPT_EOF = 0,
    OPT_CONFIG_FILE,
    OPT_PROVIDER_NAME,
    OPT_TEST_ENUM
} OPTION_CHOICE;

const OPTIONS *test_get_options(void)
{
    static const OPTIONS test_options[] = {
        OPT_TEST_OPTIONS_DEFAULT_USAGE,
        { "config", OPT_CONFIG_FILE, '<',
          "The configuration file to use for the libctx" },
        { "provider", OPT_PROVIDER_NAME, 's',
          "The provider to load (The default value is 'default'" },
        { NULL }
    };
    return test_options;
}

#ifndef OPENSSL_NO_DH
static const char *getname(int id)
{
    const char *name[] = {"p", "q", "g" };

    if (id >= 0 && id < 3)
        return name[id];
    return "?";
}
#endif

/*
 * We're using some DH specific values in this test, so we skip compilation if
 * we're in a no-dh build.
 */
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)

static int test_dsa_param_keygen(int tstid)
{
    int ret = 0;
    int expected;
    EVP_PKEY_CTX *gen_ctx = NULL;
    EVP_PKEY *pkey_parm = NULL;
    EVP_PKEY *pkey = NULL;
    DSA *dsa = NULL;
    int pind, qind, gind;
    BIGNUM *p = NULL, *q = NULL, *g = NULL;

    /*
     * Just grab some fixed dh p, q, g values for testing,
     * these 'safe primes' should not be used normally for dsa *.
     */
    static const BIGNUM *bn[] = {
        &_bignum_dh2048_256_p,  &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
    };

    /*
     * These tests are using bad values for p, q, g by reusing the values.
     * A value of 0 uses p, 1 uses q and 2 uses g.
     * There are 27 different combinations, with only the 1 valid combination.
     */
    pind = tstid / 9;
    qind = (tstid / 3) % 3;
    gind = tstid % 3;
    expected  = (pind == 0 && qind == 1 && gind == 2);

    TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
              getname(qind), getname(gind));

    if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
        || !TEST_ptr(dsa = DSA_new())
        || !TEST_ptr(p = BN_dup(bn[pind]))
        || !TEST_ptr(q = BN_dup(bn[qind]))
        || !TEST_ptr(g = BN_dup(bn[gind]))
        || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
        goto err;
    p = q = g = NULL;

    if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
        goto err;
    dsa = NULL;

    if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
        || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
        || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
        goto err;
    ret = 1;
err:
    EVP_PKEY_free(pkey);
    EVP_PKEY_CTX_free(gen_ctx);
    EVP_PKEY_free(pkey_parm);
    DSA_free(dsa);
    BN_free(g);
    BN_free(q);
    BN_free(p);
    return ret;
}
#endif /* OPENSSL_NO_DSA */

#ifndef OPENSSL_NO_DH
static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
{
    int ret = 0;
    int expected;
    EVP_PKEY_CTX *gen_ctx = NULL;
    EVP_PKEY *pkey_parm = NULL;
    EVP_PKEY *pkey = NULL;
    DH *dh = NULL;
    int pind, qind, gind;
    BIGNUM *p = NULL, *q = NULL, *g = NULL;

    /*
     * These tests are using bad values for p, q, g by reusing the values.
     * A value of 0 uses p, 1 uses q and 2 uses g.
     * There are 27 different combinations, with only the 1 valid combination.
     */
    pind = tstid / 9;
    qind = (tstid / 3) % 3;
    gind = tstid % 3;
    expected  = (pind == 0 && qind == 1 && gind == 2);

    TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
              getname(qind), getname(gind));

    if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
        || !TEST_ptr(dh = DH_new())
        || !TEST_ptr(p = BN_dup(bn[pind]))
        || !TEST_ptr(q = BN_dup(bn[qind]))
        || !TEST_ptr(g = BN_dup(bn[gind]))
        || !TEST_true(DH_set0_pqg(dh, p, q, g)))
        goto err;
    p = q = g = NULL;

    if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
        goto err;
    dh = NULL;

    if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
        || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
        || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
        goto err;
    ret = 1;
err:
    EVP_PKEY_free(pkey);
    EVP_PKEY_CTX_free(gen_ctx);
    EVP_PKEY_free(pkey_parm);
    DH_free(dh);
    BN_free(g);
    BN_free(q);
    BN_free(p);
    return ret;
}

/*
 * Note that we get the fips186-4 path being run for most of these cases since
 * the internal code will detect that the p, q, g does not match a safe prime
 * group (Except for when tstid = 5, which sets the correct p, q, g)
 */
static int test_dh_safeprime_param_keygen(int tstid)
{
    static const BIGNUM *bn[] = {
        &_bignum_ffdhe2048_p,  &_bignum_ffdhe2048_q, &_bignum_const_2
    };
    return do_dh_param_keygen(tstid, bn);
}

static int dhx_cert_load(void)
{
    int ret = 0;
    X509 *cert = NULL;
    BIO *bio = NULL;

    static const unsigned char dhx_cert[] = {
        0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
        0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
        0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
        0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
        0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
        0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
        0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
        0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
        0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
        0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
        0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
        0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
        0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
        0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
        0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
        0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
        0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
        0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
        0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
        0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
        0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
        0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
        0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
        0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
        0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
        0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
        0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
        0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
        0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
        0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
        0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
        0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
        0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
        0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
        0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
        0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
        0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
        0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
        0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
        0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
        0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
        0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
        0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
        0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
        0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
        0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
        0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
        0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
        0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
        0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
        0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
        0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
        0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
        0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
        0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
        0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
        0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
        0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
        0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
        0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
        0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
        0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
        0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
        0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
        0x0e,0x6a,0xb1
    };

    if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
        || !TEST_ptr(cert = X509_new_with_libctx(libctx, NULL))
        || !TEST_ptr(d2i_X509_bio(bio, &cert)))
        goto err;
    ret = 1;
err:
    X509_free(cert);
    BIO_free(bio);
    return ret;
}

#endif /* OPENSSL_NO_DH */

static int test_cipher_reinit(int test_id)
{
    int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
    EVP_CIPHER *cipher = NULL;
    EVP_CIPHER_CTX *ctx = NULL;
    unsigned char out1[256];
    unsigned char out2[256];
    unsigned char in[16] = {
        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
        0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
    };
    unsigned char key[64] = {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    };
    unsigned char iv[16] = {
        0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
        0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
    };
    const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);

    if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
        goto err;

    TEST_note("Fetching %s\n", name);
    if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
        goto err;

    /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
    ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);

    /* DES3-WRAP uses random every update - so it will give a different value */
    diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");

    if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
        || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
        || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
        || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
                        ccm ? 0 : 1))
        goto err;

    if (ccm == 0) {
        if (diff) {
            if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
                goto err;
        } else {
            if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
                goto err;
        }
    }
    ret = 1;
err:
    EVP_CIPHER_free(cipher);
    EVP_CIPHER_CTX_free(ctx);
    return ret;
}

/*
 * This test only uses a partial block (half the block size) of input for each
 * EVP_EncryptUpdate() in order to test that the second init/update is not using
 * a leftover buffer from the first init/update.
 * Note: some ciphers don't need a full block to produce output.
 */
static int test_cipher_reinit_partialupdate(int test_id)
{
    int ret = 0, out1_len = 0, out2_len = 0, in_len;
    EVP_CIPHER *cipher = NULL;
    EVP_CIPHER_CTX *ctx = NULL;
    unsigned char out1[256];
    unsigned char out2[256];
    static const unsigned char in[32] = {
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
        0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    };
    static const unsigned char key[64] = {
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
        0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    };
    static const unsigned char iv[16] = {
        0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
        0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
    };
    const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);

    if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
        goto err;

    TEST_note("Fetching %s\n", name);
    if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
        goto err;

    in_len = EVP_CIPHER_block_size(cipher) / 2;

    /* skip any ciphers that don't allow partial updates */
    if (((EVP_CIPHER_flags(cipher)
          & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
        || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
        || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
        || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
        ret = 1;
        goto err;
    }

    if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
        || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
        || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
        || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
        goto err;

    /* DES3-WRAP uses random every update - so it will give a different value */
    if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
        if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
            goto err;
    } else {
        if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
            goto err;
    }
    ret = 1;
err:
    EVP_CIPHER_free(cipher);
    EVP_CIPHER_CTX_free(ctx);
    return ret;
}


static int name_cmp(const char * const *a, const char * const *b)
{
    return strcasecmp(*a, *b);
}

static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
{
    STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;

    sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
}

int setup_tests(void)
{
    const char *prov_name = "default";
    char *config_file = NULL;
    OPTION_CHOICE o;

    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_PROVIDER_NAME:
            prov_name = opt_arg();
            break;
        case OPT_CONFIG_FILE:
            config_file = opt_arg();
            break;
        case OPT_TEST_CASES:
           break;
        default:
        case OPT_ERR:
            return 0;
        }
    }

    nullprov = OSSL_PROVIDER_load(NULL, "null");
    if (!TEST_ptr(nullprov))
        return 0;

    libctx = OPENSSL_CTX_new();

    if (!TEST_ptr(libctx))
        return 0;

    if (config_file != NULL) {
        if (!TEST_true(OPENSSL_CTX_load_config(libctx, config_file)))
            return 0;
    }

    libprov = OSSL_PROVIDER_load(libctx, prov_name);
    if (!TEST_ptr(libprov))
        return 0;

#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
    ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
#endif
#ifndef OPENSSL_NO_DH
    ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
    ADD_TEST(dhx_cert_load);
#endif

    if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
        return 0;
    EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);

    ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
    ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
                  sk_OPENSSL_CSTRING_num(cipher_names));
    return 1;
}

void cleanup_tests(void)
{
    sk_OPENSSL_CSTRING_free(cipher_names);
    OSSL_PROVIDER_unload(libprov);
    OPENSSL_CTX_free(libctx);
    OSSL_PROVIDER_unload(nullprov);
}
Commit	Line	Data
63794b04 SL	1	/*
	2	* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	/*
	11
	12	* These tests are setup to load null into the default library context.
	13	* Any tests are expected to use the created 'libctx' to find algorithms.
	14	* The framework runs the tests twice using the 'default' provider or
	15	* 'fips' provider as inputs.
	16	*/
	17
	18	/*
	19	* DSA/DH low level APIs are deprecated for public use, but still ok for
	20	* internal use.
	21	*/
	22	#include "internal/deprecated.h"
	23	#include <openssl/evp.h>
	24	#include <openssl/provider.h>
	25	#include <openssl/dsa.h>
fcdd228b	26	#include <openssl/dh.h>
90409da6	27	#include <openssl/safestack.h>
116d2510	28	#include <openssl/x509.h>
63794b04 SL	29	#include "testutil.h"
63794b04 SL	30	#include "internal/nelem.h"
90409da6 SL	31	#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
	32	#include "../e_os.h" /* strcasecmp */
	33
63794b04 SL	34	static OPENSSL_CTX *libctx = NULL;
	35	static OSSL_PROVIDER *nullprov = NULL;
	36	static OSSL_PROVIDER *libprov = NULL;
90409da6	37	static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
63794b04 SL	38
	39	typedef enum OPTION_choice {
	40	OPT_ERR = -1,
	41	OPT_EOF = 0,
	42	OPT_CONFIG_FILE,
	43	OPT_PROVIDER_NAME,
	44	OPT_TEST_ENUM
	45	} OPTION_CHOICE;
	46
	47	const OPTIONS *test_get_options(void)
	48	{
	49	static const OPTIONS test_options[] = {
	50	OPT_TEST_OPTIONS_DEFAULT_USAGE,
	51	{ "config", OPT_CONFIG_FILE, '<',
	52	"The configuration file to use for the libctx" },
	53	{ "provider", OPT_PROVIDER_NAME, 's',
	54	"The provider to load (The default value is 'default'" },
	55	{ NULL }
	56	};
	57	return test_options;
	58	}
	59
fcdd228b	60	#ifndef OPENSSL_NO_DH
63794b04 SL	61	static const char *getname(int id)
	62	{
	63	const char *name[] = {"p", "q", "g" };
	64
	65	if (id >= 0 && id < 3)
	66	return name[id];
	67	return "?";
	68	}
	69	#endif
	70
fcdd228b MC	71	/*
	72	* We're using some DH specific values in this test, so we skip compilation if
	73	* we're in a no-dh build.
	74	*/
	75	#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04 SL	76
	77	static int test_dsa_param_keygen(int tstid)
	78	{
	79	int ret = 0;
	80	int expected;
	81	EVP_PKEY_CTX *gen_ctx = NULL;
	82	EVP_PKEY *pkey_parm = NULL;
	83	EVP_PKEY *pkey = NULL;
	84	DSA *dsa = NULL;
	85	int pind, qind, gind;
	86	BIGNUM p = NULL, q = NULL, *g = NULL;
	87
	88	/*
	89	* Just grab some fixed dh p, q, g values for testing,
	90	* these 'safe primes' should not be used normally for dsa *.
	91	*/
	92	static const BIGNUM *bn[] = {
	93	&_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
	94	};
	95
	96	/*
	97	* These tests are using bad values for p, q, g by reusing the values.
	98	* A value of 0 uses p, 1 uses q and 2 uses g.
	99	* There are 27 different combinations, with only the 1 valid combination.
	100	*/
	101	pind = tstid / 9;
	102	qind = (tstid / 3) % 3;
	103	gind = tstid % 3;
	104	expected = (pind == 0 && qind == 1 && gind == 2);
	105
	106	TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
	107	getname(qind), getname(gind));
	108
	109	if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
	110	\|\| !TEST_ptr(dsa = DSA_new())
	111	\|\| !TEST_ptr(p = BN_dup(bn[pind]))
	112	\|\| !TEST_ptr(q = BN_dup(bn[qind]))
	113	\|\| !TEST_ptr(g = BN_dup(bn[gind]))
	114	\|\| !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
	115	goto err;
	116	p = q = g = NULL;
	117
	118	if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
	119	goto err;
	120	dsa = NULL;
	121
	122	if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
	123	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
	124	\|\| !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
	125	goto err;
	126	ret = 1;
	127	err:
	128	EVP_PKEY_free(pkey);
	129	EVP_PKEY_CTX_free(gen_ctx);
	130	EVP_PKEY_free(pkey_parm);
	131	DSA_free(dsa);
	132	BN_free(g);
	133	BN_free(q);
	134	BN_free(p);
	135	return ret;
	136	}
	137	#endif /* OPENSSL_NO_DSA */
	138
	139	#ifndef OPENSSL_NO_DH
140	static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
141	{
142	int ret = 0;
143	int expected;
144	EVP_PKEY_CTX *gen_ctx = NULL;
145	EVP_PKEY *pkey_parm = NULL;
146	EVP_PKEY *pkey = NULL;
147	DH *dh = NULL;
148	int pind, qind, gind;
149	BIGNUM p = NULL, q = NULL, *g = NULL;
150
151	/*
152	* These tests are using bad values for p, q, g by reusing the values.
153	* A value of 0 uses p, 1 uses q and 2 uses g.
154	* There are 27 different combinations, with only the 1 valid combination.
155	*/
156	pind = tstid / 9;
157	qind = (tstid / 3) % 3;
158	gind = tstid % 3;
159	expected = (pind == 0 && qind == 1 && gind == 2);
160
161	TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
162	getname(qind), getname(gind));
163
164	if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
165	\|\| !TEST_ptr(dh = DH_new())
166	\|\| !TEST_ptr(p = BN_dup(bn[pind]))
167	\|\| !TEST_ptr(q = BN_dup(bn[qind]))
168	\|\| !TEST_ptr(g = BN_dup(bn[gind]))
169	\|\| !TEST_true(DH_set0_pqg(dh, p, q, g)))
170	goto err;
171	p = q = g = NULL;
172
173	if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
174	goto err;
175	dh = NULL;
176
177	if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
178	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
179	\|\| !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
180	goto err;
181	ret = 1;
182	err:
183	EVP_PKEY_free(pkey);
184	EVP_PKEY_CTX_free(gen_ctx);
185	EVP_PKEY_free(pkey_parm);
186	DH_free(dh);
187	BN_free(g);
188	BN_free(q);
189	BN_free(p);
190	return ret;
191	}
192
193	/*
194	* Note that we get the fips186-4 path being run for most of these cases since
195	* the internal code will detect that the p, q, g does not match a safe prime
196	* group (Except for when tstid = 5, which sets the correct p, q, g)
197	*/
198	static int test_dh_safeprime_param_keygen(int tstid)
199	{
200	static const BIGNUM *bn[] = {
201	&_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
202	};
203	return do_dh_param_keygen(tstid, bn);
204	}
116d2510 SL	205
	206	static int dhx_cert_load(void)
	207	{
	208	int ret = 0;
	209	X509 *cert = NULL;
	210	BIO *bio = NULL;
	211
	212	static const unsigned char dhx_cert[] = {
	213	0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
	214	0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
	215	0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
	216	0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
	217	0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
	218	0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
	219	0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
	220	0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
	221	0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
	222	0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
	223	0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
	224	0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
	225	0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
	226	0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
	227	0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
	228	0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
	229	0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
	230	0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
	231	0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
	232	0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
	233	0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
	234	0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
	235	0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
	236	0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
	237	0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
	238	0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
	239	0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
	240	0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
	241	0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
	242	0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
	243	0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
	244	0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
	245	0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
	246	0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
	247	0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
	248	0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
	249	0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
	250	0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
	251	0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
	252	0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
	253	0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
	254	0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
	255	0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
	256	0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
	257	0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
	258	0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
	259	0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
	260	0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
	261	0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
	262	0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
	263	0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
	264	0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
	265	0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
	266	0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
	267	0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
	268	0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
269	0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
270	0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
271	0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
272	0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
273	0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
274	0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
275	0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
276	0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
277	0x0e,0x6a,0xb1
278	};
279
280	if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
281	\|\| !TEST_ptr(cert = X509_new_with_libctx(libctx, NULL))
282	\|\| !TEST_ptr(d2i_X509_bio(bio, &cert)))
283	goto err;
284	ret = 1;
285	err:
286	X509_free(cert);
287	BIO_free(bio);
288	return ret;
289	}
290
63794b04 SL	291	#endif /* OPENSSL_NO_DH */
63794b04 SL	292
90409da6 SL	293	static int test_cipher_reinit(int test_id)
	294	{
	295	int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
	296	EVP_CIPHER *cipher = NULL;
	297	EVP_CIPHER_CTX *ctx = NULL;
	298	unsigned char out1[256];
	299	unsigned char out2[256];
	300	unsigned char in[16] = {
	301	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	302	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
	303	};
	304	unsigned char key[64] = {
	305	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	306	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	307	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	308	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	309	0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	310	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	311	0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	312	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	313	};
	314	unsigned char iv[16] = {
	315	0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
	316	0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
	317	};
	318	const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
	319
	320	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
	321	goto err;
	322
	323	TEST_note("Fetching %s\n", name);
	324	if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
	325	goto err;
	326
	327	/* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
	328	ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
	329
	330	/* DES3-WRAP uses random every update - so it will give a different value */
	331	diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
	332
	333	if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
	334	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
	335	\|\| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
	336	\|\| !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
	337	ccm ? 0 : 1))
	338	goto err;
	339
	340	if (ccm == 0) {
	341	if (diff) {
	342	if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
	343	goto err;
	344	} else {
	345	if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
	346	goto err;
	347	}
	348	}
	349	ret = 1;
	350	err:
	351	EVP_CIPHER_free(cipher);
	352	EVP_CIPHER_CTX_free(ctx);
	353	return ret;
	354	}
	355
914f97ee SL	356	/*
	357	* This test only uses a partial block (half the block size) of input for each
	358	* EVP_EncryptUpdate() in order to test that the second init/update is not using
	359	* a leftover buffer from the first init/update.
	360	* Note: some ciphers don't need a full block to produce output.
	361	*/
	362	static int test_cipher_reinit_partialupdate(int test_id)
	363	{
	364	int ret = 0, out1_len = 0, out2_len = 0, in_len;
	365	EVP_CIPHER *cipher = NULL;
	366	EVP_CIPHER_CTX *ctx = NULL;
	367	unsigned char out1[256];
	368	unsigned char out2[256];
	369	static const unsigned char in[32] = {
	370	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	371	0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
	372	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	373	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	374	};
	375	static const unsigned char key[64] = {
	376	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	377	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	378	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	379	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	380	0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	381	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	382	0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
	383	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
	384	};
	385	static const unsigned char iv[16] = {
	386	0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
	387	0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
	388	};
	389	const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
	390
	391	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
	392	goto err;
	393
	394	TEST_note("Fetching %s\n", name);
	395	if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
	396	goto err;
	397
	398	in_len = EVP_CIPHER_block_size(cipher) / 2;
	399
	400	/* skip any ciphers that don't allow partial updates */
	401	if (((EVP_CIPHER_flags(cipher)
	402	& (EVP_CIPH_FLAG_CTS \| EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
	403	\|\| EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
	404	\|\| EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
	405	\|\| EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
	406	ret = 1;
	407	goto err;
	408	}
	409
	410	if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
	411	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
	412	\|\| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
	413	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
	414	goto err;
	415
	416	/* DES3-WRAP uses random every update - so it will give a different value */
	417	if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
	418	if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
	419	goto err;
420	} else {
421	if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
422	goto err;
423	}
424	ret = 1;
425	err:
426	EVP_CIPHER_free(cipher);
427	EVP_CIPHER_CTX_free(ctx);
428	return ret;
429	}
430
431
90409da6 SL	432	static int name_cmp(const char * const a, const char const *b)
	433	{
	434	return strcasecmp(a, b);
	435	}
	436
	437	static void collect_cipher_names(EVP_CIPHER cipher, void cipher_names_list)
	438	{
	439	STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
	440
	441	sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
	442	}
	443
63794b04 SL	444	int setup_tests(void)
	445	{
	446	const char *prov_name = "default";
	447	char *config_file = NULL;
	448	OPTION_CHOICE o;
	449
	450	while ((o = opt_next()) != OPT_EOF) {
	451	switch (o) {
	452	case OPT_PROVIDER_NAME:
	453	prov_name = opt_arg();
	454	break;
	455	case OPT_CONFIG_FILE:
	456	config_file = opt_arg();
	457	break;
	458	case OPT_TEST_CASES:
	459	break;
	460	default:
	461	case OPT_ERR:
	462	return 0;
	463	}
	464	}
	465
	466	nullprov = OSSL_PROVIDER_load(NULL, "null");
	467	if (!TEST_ptr(nullprov))
	468	return 0;
	469
	470	libctx = OPENSSL_CTX_new();
	471
	472	if (!TEST_ptr(libctx))
	473	return 0;
	474
	475	if (config_file != NULL) {
	476	if (!TEST_true(OPENSSL_CTX_load_config(libctx, config_file)))
	477	return 0;
	478	}
	479
	480	libprov = OSSL_PROVIDER_load(libctx, prov_name);
	481	if (!TEST_ptr(libprov))
	482	return 0;
	483
fcdd228b	484	#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04 SL	485	ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
	486	#endif
	487	#ifndef OPENSSL_NO_DH
	488	ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
116d2510	489	ADD_TEST(dhx_cert_load);
63794b04	490	#endif
90409da6 SL	491
	492	if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
	493	return 0;
	494	EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
	495
	496	ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
914f97ee SL	497	ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
914f97ee SL	498	sk_OPENSSL_CSTRING_num(cipher_names));
63794b04 SL	499	return 1;
	500	}
	501
	502	void cleanup_tests(void)
	503	{
90409da6	504	sk_OPENSSL_CSTRING_free(cipher_names);
63794b04 SL	505	OSSL_PROVIDER_unload(libprov);
	506	OPENSSL_CTX_free(libctx);
	507	OSSL_PROVIDER_unload(nullprov);
	508	}