1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18 /*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22 #include "internal/deprecated.h"
23 #include <assert.h>
24 #include <string.h>
25 #include <openssl/evp.h>
26 #include <openssl/provider.h>
27 #include <openssl/dsa.h>
28 #include <openssl/dh.h>
29 #include <openssl/safestack.h>
30 #include <openssl/core_dispatch.h>
31 #include <openssl/core_names.h>
32 #include <openssl/x509.h>
33 #include <openssl/encoder.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
37
38 static OSSL_LIB_CTX *libctx = NULL;
39 static OSSL_PROVIDER *nullprov = NULL;
40 static OSSL_PROVIDER *libprov = NULL;
41 static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
42
43 typedef enum OPTION_choice {
44 OPT_ERR = -1,
45 OPT_EOF = 0,
46 OPT_CONFIG_FILE,
47 OPT_PROVIDER_NAME,
48 OPT_TEST_ENUM
49 } OPTION_CHOICE;
50
test_get_options(void)51 const OPTIONS *test_get_options(void)
52 {
53 static const OPTIONS test_options[] = {
54 OPT_TEST_OPTIONS_DEFAULT_USAGE,
55 { "config", OPT_CONFIG_FILE, '<',
56 "The configuration file to use for the libctx" },
57 { "provider", OPT_PROVIDER_NAME, 's',
58 "The provider to load (The default value is 'default')" },
59 { NULL }
60 };
61 return test_options;
62 }
63
64 #ifndef OPENSSL_NO_DH
getname(int id)65 static const char *getname(int id)
66 {
67 const char *name[] = {"p", "q", "g" };
68
69 if (id >= 0 && id < 3)
70 return name[id];
71 return "?";
72 }
73 #endif
74
test_evp_cipher_api_safety(void)75 static int test_evp_cipher_api_safety(void)
76 {
77 int ret = 0;
78 EVP_CIPHER_CTX *ctx = NULL;
79
80 ctx = EVP_CIPHER_CTX_new();
81
82 if (!TEST_ptr(ctx))
83 goto err;
84
85 /*
86 * Ensure that EVP_CIPHER_get_block_size returns 0
87 * if we haven't initialized the cipher in this context
88 */
89 if (!TEST_int_eq(EVP_CIPHER_CTX_get_block_size(ctx), 0))
90 goto err_free;
91
92 /*
93 * Ensure that EVP_CIPHER_get_iv_length returns 0
94 * if we haven't initialized the cipher in this context
95 */
96 if (!TEST_int_eq(EVP_CIPHER_CTX_get_iv_length(ctx), 0))
97 goto err_free;
98
99 ret = 1;
100 err_free:
101 EVP_CIPHER_CTX_free(ctx);
102 err:
103 return ret;
104 }
105
106 /*
107 * We're using some DH specific values in this test, so we skip compilation if
108 * we're in a no-dh build.
109 */
110 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
111
test_dsa_param_keygen(int tstid)112 static int test_dsa_param_keygen(int tstid)
113 {
114 int ret = 0;
115 int expected;
116 EVP_PKEY_CTX *gen_ctx = NULL;
117 EVP_PKEY *pkey_parm = NULL;
118 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
119 DSA *dsa = NULL;
120 int pind, qind, gind;
121 BIGNUM *p = NULL, *q = NULL, *g = NULL;
122
123 /*
124 * Just grab some fixed dh p, q, g values for testing,
125 * these 'safe primes' should not be used normally for dsa *.
126 */
127 static const BIGNUM *bn[] = {
128 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
129 &ossl_bignum_dh2048_256_g
130 };
131
132 /*
133 * These tests are using bad values for p, q, g by reusing the values.
134 * A value of 0 uses p, 1 uses q and 2 uses g.
135 * There are 27 different combinations, with only the 1 valid combination.
136 */
137 pind = tstid / 9;
138 qind = (tstid / 3) % 3;
139 gind = tstid % 3;
140 expected = (pind == 0 && qind == 1 && gind == 2);
141
142 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
143 getname(qind), getname(gind));
144
145 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
146 || !TEST_ptr(dsa = DSA_new())
147 || !TEST_ptr(p = BN_dup(bn[pind]))
148 || !TEST_ptr(q = BN_dup(bn[qind]))
149 || !TEST_ptr(g = BN_dup(bn[gind]))
150 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
151 goto err;
152 p = q = g = NULL;
153
154 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
155 goto err;
156 dsa = NULL;
157
158 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
159 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
160 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
161 goto err;
162
163 if (expected) {
164 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
165 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
166 goto err;
167 }
168
169 ret = 1;
170 err:
171 EVP_PKEY_free(pkey);
172 EVP_PKEY_free(dup_pk);
173 EVP_PKEY_CTX_free(gen_ctx);
174 EVP_PKEY_free(pkey_parm);
175 DSA_free(dsa);
176 BN_free(g);
177 BN_free(q);
178 BN_free(p);
179 return ret;
180 }
181 #endif /* OPENSSL_NO_DSA */
182
183 #ifndef OPENSSL_NO_DH
do_dh_param_keygen(int tstid,const BIGNUM ** bn)184 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
185 {
186 int ret = 0;
187 int expected;
188 EVP_PKEY_CTX *gen_ctx = NULL;
189 EVP_PKEY *pkey_parm = NULL;
190 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
191 DH *dh = NULL;
192 int pind, qind, gind;
193 BIGNUM *p = NULL, *q = NULL, *g = NULL;
194
195 /*
196 * These tests are using bad values for p, q, g by reusing the values.
197 * A value of 0 uses p, 1 uses q and 2 uses g.
198 * There are 27 different combinations, with only the 1 valid combination.
199 */
200 pind = tstid / 9;
201 qind = (tstid / 3) % 3;
202 gind = tstid % 3;
203 expected = (pind == 0 && qind == 1 && gind == 2);
204
205 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
206 getname(qind), getname(gind));
207
208 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
209 || !TEST_ptr(dh = DH_new())
210 || !TEST_ptr(p = BN_dup(bn[pind]))
211 || !TEST_ptr(q = BN_dup(bn[qind]))
212 || !TEST_ptr(g = BN_dup(bn[gind]))
213 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
214 goto err;
215 p = q = g = NULL;
216
217 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
218 goto err;
219 dh = NULL;
220
221 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
222 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
223 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
224 goto err;
225
226 if (expected) {
227 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
228 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
229 goto err;
230 }
231
232 ret = 1;
233 err:
234 EVP_PKEY_free(pkey);
235 EVP_PKEY_free(dup_pk);
236 EVP_PKEY_CTX_free(gen_ctx);
237 EVP_PKEY_free(pkey_parm);
238 DH_free(dh);
239 BN_free(g);
240 BN_free(q);
241 BN_free(p);
242 return ret;
243 }
244
245 /*
246 * Note that we get the fips186-4 path being run for most of these cases since
247 * the internal code will detect that the p, q, g does not match a safe prime
248 * group (Except for when tstid = 5, which sets the correct p, q, g)
249 */
test_dh_safeprime_param_keygen(int tstid)250 static int test_dh_safeprime_param_keygen(int tstid)
251 {
252 static const BIGNUM *bn[] = {
253 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
254 &ossl_bignum_const_2
255 };
256 return do_dh_param_keygen(tstid, bn);
257 }
258
dhx_cert_load(void)259 static int dhx_cert_load(void)
260 {
261 int ret = 0;
262 X509 *cert = NULL;
263 BIO *bio = NULL;
264
265 static const unsigned char dhx_cert[] = {
266 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
267 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
268 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
269 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
270 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
271 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
272 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
273 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
274 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
275 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
276 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
277 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
278 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
279 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
280 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
281 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
282 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
283 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
284 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
285 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
286 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
287 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
288 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
289 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
290 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
291 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
292 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
293 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
294 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
295 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
296 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
297 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
298 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
299 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
300 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
301 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
302 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
303 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
304 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
305 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
306 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
307 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
308 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
309 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
310 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
311 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
312 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
313 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
314 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
315 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
316 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
317 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
318 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
319 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
320 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
321 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
322 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
323 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
324 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
325 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
326 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
327 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
328 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
329 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
330 0x0e,0x6a,0xb1
331 };
332
333 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
334 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
335 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
336 goto err;
337 ret = 1;
338 err:
339 X509_free(cert);
340 BIO_free(bio);
341 return ret;
342 }
343
344 #endif /* OPENSSL_NO_DH */
345
test_cipher_reinit(int test_id)346 static int test_cipher_reinit(int test_id)
347 {
348 int ret = 0, diff, ccm, siv, no_null_key;
349 int out1_len = 0, out2_len = 0, out3_len = 0;
350 EVP_CIPHER *cipher = NULL;
351 EVP_CIPHER_CTX *ctx = NULL;
352 unsigned char out1[256];
353 unsigned char out2[256];
354 unsigned char out3[256];
355 unsigned char in[16] = {
356 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
357 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
358 };
359 unsigned char key[64] = {
360 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
361 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
362 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
363 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
364 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
365 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
366 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
367 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
368 };
369 unsigned char iv[48] = {
370 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
371 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
372 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
373 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
374 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
375 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
376 };
377 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
378
379 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
380 goto err;
381
382 TEST_note("Fetching %s\n", name);
383 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
384 goto err;
385
386 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
387 ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
388
389 /* siv cannot be called with NULL key as the iv is irrelevant */
390 siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
391
392 /*
393 * Skip init call with a null key for RC4 as the stream cipher does not
394 * handle reinit (1.1.1 behaviour).
395 */
396 no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
397 || EVP_CIPHER_is_a(cipher, "RC4-40")
398 || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
399
400 /* DES3-WRAP uses random every update - so it will give a different value */
401 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
402 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
403 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
404 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
405 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
406 ccm ? 0 : 1)
407 || (!no_null_key
408 && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
409 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
410 ccm || siv ? 0 : 1))))
411 goto err;
412
413 if (ccm == 0) {
414 if (diff) {
415 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
416 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
417 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
418 goto err;
419 } else {
420 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
421 || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
422 goto err;
423 }
424 }
425 ret = 1;
426 err:
427 EVP_CIPHER_free(cipher);
428 EVP_CIPHER_CTX_free(ctx);
429 return ret;
430 }
431
432 /*
433 * This test only uses a partial block (half the block size) of input for each
434 * EVP_EncryptUpdate() in order to test that the second init/update is not using
435 * a leftover buffer from the first init/update.
436 * Note: some ciphers don't need a full block to produce output.
437 */
test_cipher_reinit_partialupdate(int test_id)438 static int test_cipher_reinit_partialupdate(int test_id)
439 {
440 int ret = 0, in_len;
441 int out1_len = 0, out2_len = 0, out3_len = 0;
442 EVP_CIPHER *cipher = NULL;
443 EVP_CIPHER_CTX *ctx = NULL;
444 unsigned char out1[256];
445 unsigned char out2[256];
446 unsigned char out3[256];
447 static const unsigned char in[32] = {
448 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
449 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
450 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
451 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
452 };
453 static const unsigned char key[64] = {
454 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
455 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
456 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
457 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
458 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
459 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
460 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
461 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
462 };
463 static const unsigned char iv[48] = {
464 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
465 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
466 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
467 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
468 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
469 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
470 };
471 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
472
473 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
474 goto err;
475
476 TEST_note("Fetching %s\n", name);
477 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
478 goto err;
479
480 in_len = EVP_CIPHER_get_block_size(cipher);
481 if (!TEST_int_gt(in_len, 0))
482 goto err;
483 if (in_len > 1)
484 in_len /= 2;
485
486 /* skip any ciphers that don't allow partial updates */
487 if (((EVP_CIPHER_get_flags(cipher)
488 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
489 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
490 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
491 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
492 ret = 1;
493 goto err;
494 }
495
496 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
497 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
498 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
499 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
500 goto err;
501
502 if (EVP_CIPHER_get_iv_length(cipher) != 0)
503 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
504 goto err;
505
506 if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
507 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
508 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
509 goto err;
510
511 if (EVP_CIPHER_get_iv_length(cipher) != 0)
512 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
513 goto err;
514 }
515 ret = 1;
516 err:
517 EVP_CIPHER_free(cipher);
518 EVP_CIPHER_CTX_free(ctx);
519 return ret;
520 }
521
name_cmp(const char * const * a,const char * const * b)522 static int name_cmp(const char * const *a, const char * const *b)
523 {
524 return OPENSSL_strcasecmp(*a, *b);
525 }
526
collect_cipher_names(EVP_CIPHER * cipher,void * cipher_names_list)527 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
528 {
529 STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
530 const char *name = EVP_CIPHER_get0_name(cipher);
531 char *namedup = NULL;
532
533 /* Skip Triple-DES encryption operations in FIPS mode */
534 if (OSSL_PROVIDER_available(libctx, "fips")
535 && strncmp(name, "DES", 3) == 0)
536 return;
537 assert(name != NULL);
538 /* the cipher will be freed after returning, strdup is needed */
539 if ((namedup = OPENSSL_strdup(name)) != NULL
540 && !sk_OPENSSL_STRING_push(names, namedup))
541 OPENSSL_free(namedup);
542 }
543
rsa_keygen(int bits,EVP_PKEY ** pub,EVP_PKEY ** priv)544 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
545 {
546 int ret = 0;
547 unsigned char *pub_der = NULL;
548 const unsigned char *pp = NULL;
549 size_t len = 0;
550 OSSL_ENCODER_CTX *ectx = NULL;
551
552 if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)bits))
553 || !TEST_ptr(ectx =
554 OSSL_ENCODER_CTX_new_for_pkey(*priv,
555 EVP_PKEY_PUBLIC_KEY,
556 "DER", "type-specific",
557 NULL))
558 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
559 goto err;
560 pp = pub_der;
561 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
562 goto err;
563 ret = 1;
564 err:
565 OSSL_ENCODER_CTX_free(ectx);
566 OPENSSL_free(pub_der);
567 return ret;
568 }
569
kem_rsa_gen_recover(void)570 static int kem_rsa_gen_recover(void)
571 {
572 int ret = 0;
573 EVP_PKEY *pub = NULL;
574 EVP_PKEY *priv = NULL;
575 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL;
576 unsigned char secret[256] = { 0, };
577 unsigned char ct[256] = { 0, };
578 unsigned char unwrap[256] = { 0, };
579 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
580 int bits = 2048;
581
582 ret = TEST_true(rsa_keygen(bits, &pub, &priv))
583 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
584 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
585 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
586 && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
587 /* Test that providing a NULL wrappedlen fails */
588 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, NULL, NULL, NULL), 0)
589 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
590 &secretlen), 1)
591 && TEST_int_eq(ctlen, secretlen)
592 && TEST_int_eq(ctlen, bits / 8)
593 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
594 &secretlen), 1)
595 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
596 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
597 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
598 /* Test that providing a NULL unwrappedlen fails */
599 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, NULL, ct, ctlen), 0)
600 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
601 ct, ctlen), 1)
602 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
603 ct, ctlen), 1)
604 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
605
606 /* Test that providing a too short unwrapped/ctlen fails */
607 if (fips_provider_version_match(libctx, ">=3.4.0")) {
608 ctlen = 1;
609 if (!TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
610 &secretlen), 0))
611 ret = 0;
612 unwraplen = 1;
613 if (!TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, ct,
614 ctlen), 0))
615 ret = 0;
616 }
617
618 EVP_PKEY_free(pub);
619 EVP_PKEY_free(priv);
620 EVP_PKEY_CTX_free(rctx);
621 EVP_PKEY_CTX_free(dctx);
622 EVP_PKEY_CTX_free(sctx);
623 return ret;
624 }
625
626 #ifndef OPENSSL_NO_DES
627 /*
628 * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
629 * For fips mode this code would produce an error if the flag is not set.
630 */
test_cipher_tdes_randkey(void)631 static int test_cipher_tdes_randkey(void)
632 {
633 int ret;
634 EVP_CIPHER_CTX *ctx = NULL;
635 EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL;
636 unsigned char key[24] = { 0 };
637 OSSL_PARAM params[2];
638 int check = 0;
639
640 params[0] = OSSL_PARAM_construct_int("encrypt-check", &check);
641 params[1] = OSSL_PARAM_construct_end();
642 ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
643 && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
644 && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
645 && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
646 && TEST_ptr(ctx = EVP_CIPHER_CTX_new())
647 && TEST_true(EVP_CipherInit_ex2(ctx, tdes_cipher, NULL, NULL, 1,
648 params))
649 && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0);
650
651 EVP_CIPHER_CTX_free(ctx);
652 EVP_CIPHER_free(tdes_cipher);
653 EVP_CIPHER_free(aes_cipher);
654 return ret;
655 }
656 #endif /* OPENSSL_NO_DES */
657
kem_rsa_params(void)658 static int kem_rsa_params(void)
659 {
660 int ret = 0;
661 EVP_PKEY *pub = NULL;
662 EVP_PKEY *priv = NULL;
663 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
664 unsigned char secret[256] = { 0, };
665 unsigned char ct[256] = { 0, };
666 size_t ctlen = 0, secretlen = 0;
667
668 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
669 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
670 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
671 /* Test setting kem op before the init fails */
672 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
673 /* Test NULL ctx passed */
674 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
675 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
676 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
677 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
678 /* Test Invalid operation */
679 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
680 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
681 /* Wrong key component - no secret should be returned on failure */
682 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
683 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
684 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
685 sizeof(ct)), 0)
686 && TEST_uchar_eq(secret[0], 0)
687 /* Test encapsulate fails if the mode is not set */
688 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
689 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
690 /* Test setting a bad kem ops fail */
691 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
692 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
693 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
694 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
695 /* Test secretlen is optional */
696 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
697 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
698 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
699 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
700 /* Test outlen is optional */
701 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
702 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
703 /* test that either len must be set if out is NULL */
704 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
705 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
706 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
707 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
708 /* Secret buffer should be set if there is an output buffer */
709 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
710 /* Test that lengths are optional if ct is not NULL */
711 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
712 /* Pass if secret or secret length are not NULL */
713 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
714 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
715 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
716 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
717 && TEST_int_eq(secretlen, 256)
718 /* Fail if passed NULL arguments */
719 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
720 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
721 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
722 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
723
724 EVP_PKEY_free(pub);
725 EVP_PKEY_free(priv);
726 EVP_PKEY_CTX_free(pubctx);
727 EVP_PKEY_CTX_free(privctx);
728 return ret;
729 }
730
731 #ifndef OPENSSL_NO_DH
gen_dh_key(void)732 static EVP_PKEY *gen_dh_key(void)
733 {
734 EVP_PKEY_CTX *gctx = NULL;
735 EVP_PKEY *pkey = NULL;
736 OSSL_PARAM params[2];
737
738 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
739 params[1] = OSSL_PARAM_construct_end();
740
741 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
742 || !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0)
743 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
744 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
745 goto err;
746 err:
747 EVP_PKEY_CTX_free(gctx);
748 return pkey;
749 }
750
751 /* Fail if we try to use a dh key */
kem_invalid_keytype(void)752 static int kem_invalid_keytype(void)
753 {
754 int ret = 0;
755 EVP_PKEY *key = NULL;
756 EVP_PKEY_CTX *sctx = NULL;
757
758 if (!TEST_ptr(key = gen_dh_key()))
759 goto done;
760
761 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
762 goto done;
763 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
764 goto done;
765
766 ret = 1;
767 done:
768 EVP_PKEY_free(key);
769 EVP_PKEY_CTX_free(sctx);
770 return ret;
771 }
772 #endif /* OPENSSL_NO_DH */
773
setup_tests(void)774 int setup_tests(void)
775 {
776 const char *prov_name = "default";
777 char *config_file = NULL;
778 OPTION_CHOICE o;
779
780 while ((o = opt_next()) != OPT_EOF) {
781 switch (o) {
782 case OPT_PROVIDER_NAME:
783 prov_name = opt_arg();
784 break;
785 case OPT_CONFIG_FILE:
786 config_file = opt_arg();
787 break;
788 case OPT_TEST_CASES:
789 break;
790 default:
791 case OPT_ERR:
792 return 0;
793 }
794 }
795
796 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
797 return 0;
798
799 ADD_TEST(test_evp_cipher_api_safety);
800
801 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
802 if (strcmp(prov_name, "fips") != 0
803 || fips_provider_version_lt(libctx, 3, 4, 0))
804 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
805 #endif
806 #ifndef OPENSSL_NO_DH
807 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
808 ADD_TEST(dhx_cert_load);
809 #endif
810
811 if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
812 return 0;
813 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
814
815 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
816 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
817 sk_OPENSSL_STRING_num(cipher_names));
818 ADD_TEST(kem_rsa_gen_recover);
819 ADD_TEST(kem_rsa_params);
820 #ifndef OPENSSL_NO_DH
821 ADD_TEST(kem_invalid_keytype);
822 #endif
823 #ifndef OPENSSL_NO_DES
824 ADD_TEST(test_cipher_tdes_randkey);
825 #endif
826 return 1;
827 }
828
829 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
string_free(char * m)830 static void string_free(char *m)
831 {
832 OPENSSL_free(m);
833 }
834
cleanup_tests(void)835 void cleanup_tests(void)
836 {
837 sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
838 OSSL_PROVIDER_unload(libprov);
839 OSSL_LIB_CTX_free(libctx);
840 OSSL_PROVIDER_unload(nullprov);
841 }
842
