]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_libctx_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix some conversion from size_t to const int errors
[thirdparty/openssl.git] / test / evp_libctx_test.c
CommitLineData
63794b04 1/*
0c679f55 2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
63794b04
SL		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18/*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22#include "internal/deprecated.h"
6c9bc258 23#include <assert.h>
bc431587 24#include <string.h>
63794b04
SL		 25#include <openssl/evp.h>
26#include <openssl/provider.h>
27#include <openssl/dsa.h>
fcdd228b 28#include <openssl/dh.h>
90409da6 29#include <openssl/safestack.h>
f49d4860 30#include <openssl/core_dispatch.h>
80f4fd18 31#include <openssl/core_names.h>
116d2510 32#include <openssl/x509.h>
f49d4860 33#include <openssl/encoder.h>
63794b04
SL		 34#include "testutil.h"
35#include "internal/nelem.h"
90409da6 36#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
90409da6 37
b4250010 38static OSSL_LIB_CTX *libctx = NULL;
63794b04
SL		 39static OSSL_PROVIDER *nullprov = NULL;
40static OSSL_PROVIDER *libprov = NULL;
6c9bc258 41static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
18f2091a
VD		 42static int is_fips = 0;
43static int is_fips_lt_3_5 = 0;
63794b04
SL		 44
45typedef enum OPTION_choice {
46 OPT_ERR = -1,
47 OPT_EOF = 0,
48 OPT_CONFIG_FILE,
49 OPT_PROVIDER_NAME,
50 OPT_TEST_ENUM
51} OPTION_CHOICE;
52
53const OPTIONS *test_get_options(void)
54{
55 static const OPTIONS test_options[] = {
56 OPT_TEST_OPTIONS_DEFAULT_USAGE,
57 { "config", OPT_CONFIG_FILE, '<',
58 "The configuration file to use for the libctx" },
59 { "provider", OPT_PROVIDER_NAME, 's',
169eca60 60 "The provider to load (The default value is 'default')" },
63794b04
SL		 61 { NULL }
62 };
63 return test_options;
64}
65
fcdd228b 66#ifndef OPENSSL_NO_DH
63794b04
SL		 67static const char *getname(int id)
68{
69 const char *name[] = {"p", "q", "g" };
70
71 if (id >= 0 && id < 3)
72 return name[id];
73 return "?";
74}
75#endif
76
6f22bcd6
NH		 77static int test_evp_cipher_api_safety(void)
78{
79 int ret = 0;
80 EVP_CIPHER_CTX *ctx = NULL;
81
82 ctx = EVP_CIPHER_CTX_new();
83
84 if (!TEST_ptr(ctx))
85 goto err;
86
87 /*
88 * Ensure that EVP_CIPHER_get_block_size returns 0
f7241edd 89 * if we haven't initialized the cipher in this context
6f22bcd6
NH		 90 */
91 if (!TEST_int_eq(EVP_CIPHER_CTX_get_block_size(ctx), 0))
92 goto err_free;
93
94 /*
95 * Ensure that EVP_CIPHER_get_iv_length returns 0
f7241edd 96 * if we haven't initialized the cipher in this context
6f22bcd6
NH		 97 */
98 if (!TEST_int_eq(EVP_CIPHER_CTX_get_iv_length(ctx), 0))
99 goto err_free;
100
101 ret = 1;
102err_free:
103 EVP_CIPHER_CTX_free(ctx);
104err:
105 return ret;
106}
107
fcdd228b
MC		 108/*
109 * We're using some DH specific values in this test, so we skip compilation if
110 * we're in a no-dh build.
111 */
112#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 113
114static int test_dsa_param_keygen(int tstid)
115{
116 int ret = 0;
117 int expected;
118 EVP_PKEY_CTX *gen_ctx = NULL;
119 EVP_PKEY *pkey_parm = NULL;
2145ba5e 120 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
63794b04
SL		 121 DSA *dsa = NULL;
122 int pind, qind, gind;
123 BIGNUM *p = NULL, *q = NULL, *g = NULL;
124
125 /*
126 * Just grab some fixed dh p, q, g values for testing,
127 * these 'safe primes' should not be used normally for dsa *.
128 */
129 static const BIGNUM *bn[] = {
94553e85
SL		 130 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
131 &ossl_bignum_dh2048_256_g
63794b04
SL		 132 };
133
134 /*
135 * These tests are using bad values for p, q, g by reusing the values.
136 * A value of 0 uses p, 1 uses q and 2 uses g.
137 * There are 27 different combinations, with only the 1 valid combination.
138 */
139 pind = tstid / 9;
140 qind = (tstid / 3) % 3;
141 gind = tstid % 3;
142 expected = (pind == 0 && qind == 1 && gind == 2);
143
144 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
145 getname(qind), getname(gind));
146
147 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
148 || !TEST_ptr(dsa = DSA_new())
149 || !TEST_ptr(p = BN_dup(bn[pind]))
150 || !TEST_ptr(q = BN_dup(bn[qind]))
151 || !TEST_ptr(g = BN_dup(bn[gind]))
152 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
153 goto err;
154 p = q = g = NULL;
155
156 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
157 goto err;
158 dsa = NULL;
159
160 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
161 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
162 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
163 goto err;
2145ba5e
TM		 164
165 if (expected) {
166 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
167 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
168 goto err;
169 }
170
63794b04
SL		 171 ret = 1;
172err:
173 EVP_PKEY_free(pkey);
2145ba5e 174 EVP_PKEY_free(dup_pk);
63794b04
SL		 175 EVP_PKEY_CTX_free(gen_ctx);
176 EVP_PKEY_free(pkey_parm);
177 DSA_free(dsa);
178 BN_free(g);
179 BN_free(q);
180 BN_free(p);
181 return ret;
182}
183#endif /* OPENSSL_NO_DSA */
184
185#ifndef OPENSSL_NO_DH
186static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
187{
188 int ret = 0;
189 int expected;
190 EVP_PKEY_CTX *gen_ctx = NULL;
191 EVP_PKEY *pkey_parm = NULL;
2145ba5e 192 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
63794b04
SL		 193 DH *dh = NULL;
194 int pind, qind, gind;
195 BIGNUM *p = NULL, *q = NULL, *g = NULL;
196
197 /*
198 * These tests are using bad values for p, q, g by reusing the values.
199 * A value of 0 uses p, 1 uses q and 2 uses g.
200 * There are 27 different combinations, with only the 1 valid combination.
201 */
202 pind = tstid / 9;
203 qind = (tstid / 3) % 3;
204 gind = tstid % 3;
205 expected = (pind == 0 && qind == 1 && gind == 2);
206
207 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
208 getname(qind), getname(gind));
209
210 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
211 || !TEST_ptr(dh = DH_new())
212 || !TEST_ptr(p = BN_dup(bn[pind]))
213 || !TEST_ptr(q = BN_dup(bn[qind]))
214 || !TEST_ptr(g = BN_dup(bn[gind]))
215 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
216 goto err;
217 p = q = g = NULL;
218
219 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
220 goto err;
221 dh = NULL;
222
223 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
224 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
225 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
226 goto err;
2145ba5e
TM		 227
228 if (expected) {
229 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
230 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
231 goto err;
232 }
233
63794b04
SL		 234 ret = 1;
235err:
236 EVP_PKEY_free(pkey);
2145ba5e 237 EVP_PKEY_free(dup_pk);
63794b04
SL		 238 EVP_PKEY_CTX_free(gen_ctx);
239 EVP_PKEY_free(pkey_parm);
240 DH_free(dh);
241 BN_free(g);
242 BN_free(q);
243 BN_free(p);
244 return ret;
245}
246
247/*
248 * Note that we get the fips186-4 path being run for most of these cases since
249 * the internal code will detect that the p, q, g does not match a safe prime
250 * group (Except for when tstid = 5, which sets the correct p, q, g)
251 */
252static int test_dh_safeprime_param_keygen(int tstid)
253{
254 static const BIGNUM *bn[] = {
94553e85
SL		 255 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
256 &ossl_bignum_const_2
63794b04
SL		 257 };
258 return do_dh_param_keygen(tstid, bn);
259}
116d2510
SL		 260
261static int dhx_cert_load(void)
262{
263 int ret = 0;
264 X509 *cert = NULL;
265 BIO *bio = NULL;
266
267 static const unsigned char dhx_cert[] = {
268 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
269 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
270 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
271 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
272 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
273 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
274 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
275 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
276 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
277 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
278 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
279 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
280 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
281 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
282 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
283 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
284 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
285 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
286 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
287 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
288 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
289 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
290 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
291 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
292 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
293 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
294 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
295 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
296 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
297 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
298 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
299 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
300 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
301 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
302 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
303 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
304 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
305 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
306 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
307 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
308 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
309 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
310 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
311 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
312 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
313 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
314 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
315 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
316 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
317 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
318 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
319 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
320 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
321 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
322 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
323 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
324 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
325 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
326 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
327 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
328 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
329 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
330 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
331 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
332 0x0e,0x6a,0xb1
333 };
334
335 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
d8652be0 336 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
116d2510
SL		 337 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
338 goto err;
339 ret = 1;
340err:
341 X509_free(cert);
342 BIO_free(bio);
343 return ret;
344}
345
63794b04
SL		 346#endif /* OPENSSL_NO_DH */
347
90409da6
SL		 348static int test_cipher_reinit(int test_id)
349{
b8c09a89 350 int ret = 0, diff, ccm, siv, no_null_key;
8bc5b0a5 351 int out1_len = 0, out2_len = 0, out3_len = 0;
90409da6
SL		 352 EVP_CIPHER *cipher = NULL;
353 EVP_CIPHER_CTX *ctx = NULL;
354 unsigned char out1[256];
355 unsigned char out2[256];
8bc5b0a5 356 unsigned char out3[256];
90409da6
SL		 357 unsigned char in[16] = {
358 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
359 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
360 };
361 unsigned char key[64] = {
362 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
363 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
364 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
365 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
366 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
367 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
368 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
369 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
370 };
b6a5e801
RR		 371 unsigned char iv[48] = {
372 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
373 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
374 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
375 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
90409da6
SL		 376 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
377 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
378 };
6c9bc258 379 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
90409da6
SL		 380
381 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
382 goto err;
383
384 TEST_note("Fetching %s\n", name);
385 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
386 goto err;
387
388 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
ed576acd 389 ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
90409da6 390
8bc5b0a5 391 /* siv cannot be called with NULL key as the iv is irrelevant */
ed576acd 392 siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
8bc5b0a5 393
b8c09a89
JS		 394 /*
395 * Skip init call with a null key for RC4 as the stream cipher does not
396 * handle reinit (1.1.1 behaviour).
397 */
398 no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
399 || EVP_CIPHER_is_a(cipher, "RC4-40")
400 || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
401
90409da6
SL		 402 /* DES3-WRAP uses random every update - so it will give a different value */
403 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
90409da6
SL		 404 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
405 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
406 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
407 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
8bc5b0a5 408 ccm ? 0 : 1)
b8c09a89
JS		 409 || (!no_null_key
410 && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
8bc5b0a5 411 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
b8c09a89 412 ccm || siv ? 0 : 1))))
90409da6
SL		 413 goto err;
414
415 if (ccm == 0) {
416 if (diff) {
8bc5b0a5
TM		 417 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
418 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
419 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
90409da6
SL		 420 goto err;
421 } else {
8bc5b0a5 422 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
b8c09a89 423 || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
90409da6
SL		 424 goto err;
425 }
426 }
427 ret = 1;
428err:
429 EVP_CIPHER_free(cipher);
430 EVP_CIPHER_CTX_free(ctx);
431 return ret;
432}
433
914f97ee
SL		 434/*
435 * This test only uses a partial block (half the block size) of input for each
436 * EVP_EncryptUpdate() in order to test that the second init/update is not using
437 * a leftover buffer from the first init/update.
438 * Note: some ciphers don't need a full block to produce output.
439 */
440static int test_cipher_reinit_partialupdate(int test_id)
441{
8bc5b0a5
TM		 442 int ret = 0, in_len;
443 int out1_len = 0, out2_len = 0, out3_len = 0;
914f97ee
SL		 444 EVP_CIPHER *cipher = NULL;
445 EVP_CIPHER_CTX *ctx = NULL;
446 unsigned char out1[256];
447 unsigned char out2[256];
8bc5b0a5 448 unsigned char out3[256];
914f97ee
SL		 449 static const unsigned char in[32] = {
450 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
451 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
452 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
453 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
454 };
455 static const unsigned char key[64] = {
456 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
457 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
458 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
459 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
460 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
461 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
462 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
463 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
464 };
b6a5e801
RR		 465 static const unsigned char iv[48] = {
466 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
467 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
468 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
469 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
914f97ee
SL		 470 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
471 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
472 };
6c9bc258 473 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
914f97ee
SL		 474
475 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
476 goto err;
477
478 TEST_note("Fetching %s\n", name);
479 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
480 goto err;
481
6f22bcd6
NH		 482 in_len = EVP_CIPHER_get_block_size(cipher);
483 if (!TEST_int_gt(in_len, 0))
484 goto err;
485 if (in_len > 1)
486 in_len /= 2;
914f97ee
SL		 487
488 /* skip any ciphers that don't allow partial updates */
ed576acd 489 if (((EVP_CIPHER_get_flags(cipher)
86408fa8 490 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK |
24f32f14 491 EVP_CIPH_FLAG_ENC_THEN_MAC)) != 0)
ed576acd
TM		 492 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
493 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
494 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
914f97ee
SL		 495 ret = 1;
496 goto err;
497 }
498
499 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
500 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
501 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
502 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
503 goto err;
504
6f22bcd6
NH		 505 if (EVP_CIPHER_get_iv_length(cipher) != 0)
506 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
507 goto err;
8bc5b0a5 508
ed576acd 509 if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
8bc5b0a5
TM		 510 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
511 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
914f97ee 512 goto err;
8bc5b0a5 513
6f22bcd6
NH		 514 if (EVP_CIPHER_get_iv_length(cipher) != 0)
515 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
516 goto err;
914f97ee
SL		 517 }
518 ret = 1;
519err:
520 EVP_CIPHER_free(cipher);
521 EVP_CIPHER_CTX_free(ctx);
522 return ret;
523}
524
90409da6
SL		 525static int name_cmp(const char * const *a, const char * const *b)
526{
fba140c7 527 return OPENSSL_strcasecmp(*a, *b);
90409da6
SL		 528}
529
530static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
531{
6c9bc258 532 STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
ed576acd 533 const char *name = EVP_CIPHER_get0_name(cipher);
6c9bc258
TM		 534 char *namedup = NULL;
535
bc431587 536 /* Skip Triple-DES encryption operations in FIPS mode */
537 if (OSSL_PROVIDER_available(libctx, "fips")
538 && strncmp(name, "DES", 3) == 0)
539 return;
6c9bc258
TM		 540 assert(name != NULL);
541 /* the cipher will be freed after returning, strdup is needed */
542 if ((namedup = OPENSSL_strdup(name)) != NULL
543 && !sk_OPENSSL_STRING_push(names, namedup))
544 OPENSSL_free(namedup);
90409da6
SL		 545}
546
80f4fd18
SL		 547static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
548{
549 int ret = 0;
80f4fd18
SL		 550 unsigned char *pub_der = NULL;
551 const unsigned char *pp = NULL;
f49d4860
RL		 552 size_t len = 0;
553 OSSL_ENCODER_CTX *ectx = NULL;
80f4fd18 554
ccaa754b 555 if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)bits))
f49d4860 556 || !TEST_ptr(ectx =
fe75766c
TM		 557 OSSL_ENCODER_CTX_new_for_pkey(*priv,
558 EVP_PKEY_PUBLIC_KEY,
559 "DER", "type-specific",
560 NULL))
f49d4860 561 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
80f4fd18
SL		 562 goto err;
563 pp = pub_der;
a3af1c03 564 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, (long)len)))
80f4fd18
SL		 565 goto err;
566 ret = 1;
567err:
f49d4860 568 OSSL_ENCODER_CTX_free(ectx);
80f4fd18 569 OPENSSL_free(pub_der);
80f4fd18
SL		 570 return ret;
571}
572
573static int kem_rsa_gen_recover(void)
574{
575 int ret = 0;
576 EVP_PKEY *pub = NULL;
577 EVP_PKEY *priv = NULL;
d7b5f06e 578 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL;
80f4fd18
SL		 579 unsigned char secret[256] = { 0, };
580 unsigned char ct[256] = { 0, };
581 unsigned char unwrap[256] = { 0, };
582 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
91f2b15f 583 int bits = 2048;
80f4fd18 584
91f2b15f 585 ret = TEST_true(rsa_keygen(bits, &pub, &priv))
80f4fd18 586 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
af6171b3 587 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
80f4fd18 588 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
d7b5f06e 589 && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
796b2caa
NH		 590 /* Test that providing a NULL wrappedlen fails */
591 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, NULL, NULL, NULL), 0)
d7b5f06e 592 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
80f4fd18 593 &secretlen), 1)
a3af1c03
TM		 594 && TEST_size_t_eq(ctlen, secretlen)
595 && TEST_size_t_eq(ctlen, bits / 8)
d7b5f06e 596 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
80f4fd18
SL		 597 &secretlen), 1)
598 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
af6171b3 599 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
80f4fd18 600 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
796b2caa
NH		 601 /* Test that providing a NULL unwrappedlen fails */
602 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, NULL, ct, ctlen), 0)
80f4fd18
SL		 603 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
604 ct, ctlen), 1)
605 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
606 ct, ctlen), 1)
607 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
796b2caa
NH		 608
609 /* Test that providing a too short unwrapped/ctlen fails */
73e720c3
P		 610 if (fips_provider_version_match(libctx, ">=3.4.0")) {
611 ctlen = 1;
612 if (!TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
613 &secretlen), 0))
614 ret = 0;
615 unwraplen = 1;
616 if (!TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, ct,
617 ctlen), 0))
618 ret = 0;
619 }
796b2caa 620
80f4fd18
SL		 621 EVP_PKEY_free(pub);
622 EVP_PKEY_free(priv);
623 EVP_PKEY_CTX_free(rctx);
d7b5f06e 624 EVP_PKEY_CTX_free(dctx);
80f4fd18
SL		 625 EVP_PKEY_CTX_free(sctx);
626 return ret;
627}
628
f41fd10d
SL		 629#ifndef OPENSSL_NO_DES
630/*
631 * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
632 * For fips mode this code would produce an error if the flag is not set.
633 */
634static int test_cipher_tdes_randkey(void)
635{
636 int ret;
637 EVP_CIPHER_CTX *ctx = NULL;
638 EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL;
639 unsigned char key[24] = { 0 };
bc431587 640 OSSL_PARAM params[2];
641 int check = 0;
f41fd10d 642
bc431587 643 params[0] = OSSL_PARAM_construct_int("encrypt-check", &check);
644 params[1] = OSSL_PARAM_construct_end();
f41fd10d
SL		 645 ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
646 && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
647 && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
648 && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
649 && TEST_ptr(ctx = EVP_CIPHER_CTX_new())
bc431587 650 && TEST_true(EVP_CipherInit_ex2(ctx, tdes_cipher, NULL, NULL, 1,
651 params))
f15e3f3a 652 && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0);
f41fd10d
SL		 653
654 EVP_CIPHER_CTX_free(ctx);
655 EVP_CIPHER_free(tdes_cipher);
656 EVP_CIPHER_free(aes_cipher);
657 return ret;
658}
659#endif /* OPENSSL_NO_DES */
660
80f4fd18
SL		 661static int kem_rsa_params(void)
662{
663 int ret = 0;
664 EVP_PKEY *pub = NULL;
665 EVP_PKEY *priv = NULL;
666 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
667 unsigned char secret[256] = { 0, };
668 unsigned char ct[256] = { 0, };
669 size_t ctlen = 0, secretlen = 0;
670
671 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
796b2caa
NH		 672 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
673 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
674 /* Test setting kem op before the init fails */
675 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
676 /* Test NULL ctx passed */
677 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
678 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
679 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
680 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
681 /* Test Invalid operation */
682 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
683 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
684 /* Wrong key component - no secret should be returned on failure */
685 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
686 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
687 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
688 sizeof(ct)), 0)
689 && TEST_uchar_eq(secret[0], 0)
18f2091a 690 /* Unless older FIPS, test encapsulate succeeds even if the mode is not set */
796b2caa 691 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
18f2091a
VD		 692 && (is_fips_lt_3_5 ||
693 (TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
694 && TEST_true(ctlen <= sizeof(ct))
695 && TEST_true(secretlen <= sizeof(secret))
696 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), 1)))
796b2caa
NH		 697 /* Test setting a bad kem ops fail */
698 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
699 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
700 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
701 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
702 /* Test secretlen is optional */
703 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
704 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
705 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
706 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
707 /* Test outlen is optional */
708 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
709 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
710 /* test that either len must be set if out is NULL */
711 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
712 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
713 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
714 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
715 /* Secret buffer should be set if there is an output buffer */
716 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
717 /* Test that lengths are optional if ct is not NULL */
718 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
719 /* Pass if secret or secret length are not NULL */
720 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
721 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
722 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
723 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
a3af1c03 724 && TEST_size_t_eq(secretlen, 256)
796b2caa
NH		 725 /* Fail if passed NULL arguments */
726 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
727 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
728 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
729 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
80f4fd18
SL		 730
731 EVP_PKEY_free(pub);
732 EVP_PKEY_free(priv);
733 EVP_PKEY_CTX_free(pubctx);
734 EVP_PKEY_CTX_free(privctx);
735 return ret;
736}
737
738#ifndef OPENSSL_NO_DH
739static EVP_PKEY *gen_dh_key(void)
740{
741 EVP_PKEY_CTX *gctx = NULL;
742 EVP_PKEY *pkey = NULL;
743 OSSL_PARAM params[2];
744
745 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
746 params[1] = OSSL_PARAM_construct_end();
747
748 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
bf4ceede 749 || !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0)
80f4fd18
SL		 750 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
751 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
752 goto err;
753err:
754 EVP_PKEY_CTX_free(gctx);
755 return pkey;
756}
757
758/* Fail if we try to use a dh key */
759static int kem_invalid_keytype(void)
760{
761 int ret = 0;
762 EVP_PKEY *key = NULL;
763 EVP_PKEY_CTX *sctx = NULL;
764
765 if (!TEST_ptr(key = gen_dh_key()))
766 goto done;
767
768 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
769 goto done;
af6171b3 770 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
80f4fd18
SL		 771 goto done;
772
773 ret = 1;
774done:
775 EVP_PKEY_free(key);
776 EVP_PKEY_CTX_free(sctx);
777 return ret;
778}
779#endif /* OPENSSL_NO_DH */
780
63794b04
SL		 781int setup_tests(void)
782{
783 const char *prov_name = "default";
784 char *config_file = NULL;
785 OPTION_CHOICE o;
786
787 while ((o = opt_next()) != OPT_EOF) {
788 switch (o) {
789 case OPT_PROVIDER_NAME:
790 prov_name = opt_arg();
791 break;
792 case OPT_CONFIG_FILE:
793 config_file = opt_arg();
794 break;
795 case OPT_TEST_CASES:
796 break;
797 default:
798 case OPT_ERR:
799 return 0;
800 }
801 }
802
bca7ad6e 803 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
63794b04
SL		 804 return 0;
805
6f22bcd6
NH		 806 ADD_TEST(test_evp_cipher_api_safety);
807
18f2091a
VD		 808 if (strcmp(prov_name, "fips") == 0)
809 is_fips = 1;
810
811 is_fips_lt_3_5 = is_fips && fips_provider_version_lt(libctx, 3, 5, 0);
812
fcdd228b 813#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
18f2091a 814 if (!is_fips || fips_provider_version_lt(libctx, 3, 4, 0))
f98e49b3 815 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
63794b04
SL		 816#endif
817#ifndef OPENSSL_NO_DH
818 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
116d2510 819 ADD_TEST(dhx_cert_load);
63794b04 820#endif
90409da6 821
6c9bc258 822 if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
90409da6
SL		 823 return 0;
824 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
825
6c9bc258 826 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
914f97ee 827 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
6c9bc258 828 sk_OPENSSL_STRING_num(cipher_names));
80f4fd18
SL		 829 ADD_TEST(kem_rsa_gen_recover);
830 ADD_TEST(kem_rsa_params);
831#ifndef OPENSSL_NO_DH
832 ADD_TEST(kem_invalid_keytype);
f41fd10d
SL		 833#endif
834#ifndef OPENSSL_NO_DES
ccc860a7 835 ADD_TEST(test_cipher_tdes_randkey);
80f4fd18 836#endif
63794b04
SL		 837 return 1;
838}
839
6c9bc258
TM		 840/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
841static void string_free(char *m)
842{
843 OPENSSL_free(m);
844}
845
63794b04
SL		 846void cleanup_tests(void)
847{
6c9bc258 848 sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
63794b04 849 OSSL_PROVIDER_unload(libprov);
b4250010 850 OSSL_LIB_CTX_free(libctx);
63794b04
SL		 851 OSSL_PROVIDER_unload(nullprov);
852}
Mirror of https://github.com/openssl/openssl.git