aboutsummaryrefslogtreecommitdiff
path: root/test/endecode_test.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/endecode_test.c')
-rw-r--r--test/endecode_test.c207
1 files changed, 201 insertions, 6 deletions
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 0611d94216f0..028deb4ed134 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,6 +26,10 @@
#include "helpers/predefined_dhparams.h"
#include "testutil.h"
+#ifdef STATIC_LEGACY
+OSSL_provider_init_fn ossl_legacy_provider_init;
+#endif
+
/* Extended test macros to allow passing file & line number */
#define TEST_FL_ptr(a) test_ptr(file, line, #a, a)
#define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n)
@@ -44,6 +48,7 @@
static int default_libctx = 1;
static int is_fips = 0;
static int is_fips_3_0_0 = 0;
+static int is_fips_lt_3_5 = 0;
static OSSL_LIB_CTX *testctx = NULL;
static OSSL_LIB_CTX *keyctx = NULL;
@@ -101,7 +106,12 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
}
#endif
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
+#if !defined(OPENSSL_NO_DH) || \
+ !defined(OPENSSL_NO_DSA) || \
+ !defined(OPENSSL_NO_EC) || \
+ !defined(OPENSSL_NO_ML_DSA) || \
+ !defined(OPENSSL_NO_ML_KEM) || \
+ !defined(OPENSSL_NO_SLH_DSA)
static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
OSSL_PARAM *genparams)
{
@@ -692,9 +702,9 @@ static int check_PVK(const char *file, const int line,
{
const unsigned char *in = data;
unsigned int saltlen = 0, keylen = 0;
- int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
+ int isdss = -1;
- return ok;
+ return ossl_do_PVK_header(&in, data_len, 0, &isdss, &saltlen, &keylen);
}
static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
@@ -1032,6 +1042,12 @@ IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
KEYS(SM2);
IMPLEMENT_TEST_SUITE(SM2, "SM2", 0)
# endif
+#endif
+#ifndef OPENSSL_NO_ECX
+/*
+ * ED25519, ED448, X25519 and X448 have no support for
+ * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
+ */
KEYS(ED25519);
IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
KEYS(ED448);
@@ -1040,11 +1056,45 @@ KEYS(X25519);
IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
KEYS(X448);
IMPLEMENT_TEST_SUITE(X448, "X448", 1)
+#endif
+#ifndef OPENSSL_NO_ML_KEM
/*
- * ED25519, ED448, X25519 and X448 have no support for
- * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
+ * ML-KEM has no support for PEM_write_bio_PrivateKey_traditional(), so no
+ * legacy tests.
*/
+KEYS(ML_KEM_512);
+IMPLEMENT_TEST_SUITE(ML_KEM_512, "ML-KEM-512", 1)
+KEYS(ML_KEM_768);
+IMPLEMENT_TEST_SUITE(ML_KEM_768, "ML-KEM-768", 1)
+KEYS(ML_KEM_1024);
+IMPLEMENT_TEST_SUITE(ML_KEM_1024, "ML-KEM-1024", 1)
#endif
+#ifndef OPENSSL_NO_SLH_DSA
+KEYS(SLH_DSA_SHA2_128s);
+KEYS(SLH_DSA_SHA2_128f);
+KEYS(SLH_DSA_SHA2_192s);
+KEYS(SLH_DSA_SHA2_192f);
+KEYS(SLH_DSA_SHA2_256s);
+KEYS(SLH_DSA_SHA2_256f);
+KEYS(SLH_DSA_SHAKE_128s);
+KEYS(SLH_DSA_SHAKE_128f);
+KEYS(SLH_DSA_SHAKE_192s);
+KEYS(SLH_DSA_SHAKE_192f);
+KEYS(SLH_DSA_SHAKE_256s);
+KEYS(SLH_DSA_SHAKE_256f);
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_128s, "SLH-DSA-SHA2-128s", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_128f, "SLH-DSA-SHA2-128f", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_192s, "SLH-DSA-SHA2-192s", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_192f, "SLH-DSA-SHA2-192f", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_256s, "SLH-DSA-SHA2-256s", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_256f, "SLH-DSA-SHA2-256f", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_128s, "SLH-DSA-SHAKE-128s", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_128f, "SLH-DSA-SHAKE-128f", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_192s, "SLH-DSA-SHAKE-192s", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_192f, "SLH-DSA-SHAKE-192f", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_256s, "SLH-DSA-SHAKE-256s", 1)
+IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_256f, "SLH-DSA-SHAKE-256f", 1)
+#endif /* OPENSSL_NO_SLH_DSA */
KEYS(RSA);
IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
@@ -1060,6 +1110,15 @@ IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
#endif
+#ifndef OPENSSL_NO_ML_DSA
+KEYS(ML_DSA_44);
+KEYS(ML_DSA_65);
+KEYS(ML_DSA_87);
+IMPLEMENT_TEST_SUITE(ML_DSA_44, "ML-DSA-44", 1)
+IMPLEMENT_TEST_SUITE(ML_DSA_65, "ML-DSA-65", 1)
+IMPLEMENT_TEST_SUITE(ML_DSA_87, "ML-DSA-87", 1)
+#endif /* OPENSSL_NO_ML_DSA */
+
#ifndef OPENSSL_NO_EC
/* Explicit parameters that match a named curve */
static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
@@ -1241,6 +1300,28 @@ static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
}
# endif /* OPENSSL_NO_EC2M */
+
+/*
+ * Test that multiple calls to OSSL_ENCODER_to_data() do not cause side effects
+ */
+static int ec_encode_to_data_multi(void)
+{
+ int ret;
+ OSSL_ENCODER_CTX *ectx = NULL;
+ EVP_PKEY *key = NULL;
+ uint8_t *enc = NULL;
+ size_t enc_len = 0;
+
+ ret = TEST_ptr(key = EVP_PKEY_Q_keygen(testctx, "", "EC", "P-256"))
+ && TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(key, EVP_PKEY_KEYPAIR,
+ "DER", NULL, NULL))
+ && TEST_int_eq(OSSL_ENCODER_to_data(ectx, NULL, &enc_len), 1)
+ && TEST_int_eq(OSSL_ENCODER_to_data(ectx, &enc, &enc_len), 1);
+ OPENSSL_free(enc);
+ EVP_PKEY_free(key);
+ OSSL_ENCODER_CTX_free(ectx);
+ return ret;
+}
#endif /* OPENSSL_NO_EC */
typedef enum OPTION_choice {
@@ -1338,6 +1419,18 @@ int setup_tests(void)
/* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */
is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0);
+ /* FIPS(3.5.0) is the first to support ML-DSA, ML-KEM and SLH-DSA */
+ is_fips_lt_3_5 = is_fips && fips_provider_version_lt(testctx, 3, 5, 0);
+
+#ifdef STATIC_LEGACY
+ /*
+ * This test is always statically linked against libcrypto. We must not
+ * attempt to load legacy.so that might be dynamically linked against
+ * libcrypto. Instead we use a built-in version of the legacy provider.
+ */
+ if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
+ return 0;
+#endif
/* Separate provider/ctx for generating the test data */
if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new()))
@@ -1388,11 +1481,44 @@ int setup_tests(void)
# ifndef OPENSSL_NO_SM2
MAKE_KEYS(SM2, "SM2", NULL);
# endif
+#endif
+#ifndef OPENSSL_NO_ECX
MAKE_KEYS(ED25519, "ED25519", NULL);
MAKE_KEYS(ED448, "ED448", NULL);
MAKE_KEYS(X25519, "X25519", NULL);
MAKE_KEYS(X448, "X448", NULL);
#endif
+#ifndef OPENSSL_NO_ML_DSA
+ if (!is_fips_lt_3_5) {
+ MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL);
+ MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL);
+ MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL);
+ }
+#endif /* OPENSSL_NO_ML_DSA */
+#ifndef OPENSSL_NO_ML_KEM
+ if (!is_fips_lt_3_5) {
+ MAKE_KEYS(ML_KEM_512, "ML-KEM-512", NULL);
+ MAKE_KEYS(ML_KEM_768, "ML-KEM-768", NULL);
+ MAKE_KEYS(ML_KEM_1024, "ML-KEM-1024", NULL);
+ }
+#endif
+#ifndef OPENSSL_NO_SLH_DSA
+ if (!is_fips_lt_3_5) {
+ MAKE_KEYS(SLH_DSA_SHA2_128s, "SLH-DSA-SHA2-128s", NULL);
+ MAKE_KEYS(SLH_DSA_SHA2_128f, "SLH-DSA-SHA2-128f", NULL);
+ MAKE_KEYS(SLH_DSA_SHA2_192s, "SLH-DSA-SHA2-192s", NULL);
+ MAKE_KEYS(SLH_DSA_SHA2_192f, "SLH-DSA-SHA2-192f", NULL);
+ MAKE_KEYS(SLH_DSA_SHA2_256s, "SLH-DSA-SHA2-256s", NULL);
+ MAKE_KEYS(SLH_DSA_SHA2_256f, "SLH-DSA-SHA2-256f", NULL);
+ MAKE_KEYS(SLH_DSA_SHAKE_128s, "SLH-DSA-SHAKE-128s", NULL);
+ MAKE_KEYS(SLH_DSA_SHAKE_128f, "SLH-DSA-SHAKE-128f", NULL);
+ MAKE_KEYS(SLH_DSA_SHAKE_192s, "SLH-DSA-SHAKE-192s", NULL);
+ MAKE_KEYS(SLH_DSA_SHAKE_192f, "SLH-DSA-SHAKE-192f", NULL);
+ MAKE_KEYS(SLH_DSA_SHAKE_256s, "SLH-DSA-SHAKE-256s", NULL);
+ MAKE_KEYS(SLH_DSA_SHAKE_256f, "SLH-DSA-SHAKE-256f", NULL);
+ }
+#endif /* OPENSSL_NO_SLH_DSA */
+
TEST_info("Loading RSA key...");
ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
TEST_info("Loading RSA_PSS key...");
@@ -1421,6 +1547,7 @@ int setup_tests(void)
# endif
#endif
#ifndef OPENSSL_NO_EC
+ ADD_TEST(ec_encode_to_data_multi);
ADD_TEST_SUITE(EC);
ADD_TEST_SUITE_PARAMS(EC);
ADD_TEST_SUITE_LEGACY(EC);
@@ -1440,6 +1567,8 @@ int setup_tests(void)
ADD_TEST_SUITE(SM2);
}
# endif
+#endif
+#ifndef OPENSSL_NO_ECX
ADD_TEST_SUITE(ED25519);
ADD_TEST_SUITE(ED448);
ADD_TEST_SUITE(X25519);
@@ -1449,6 +1578,13 @@ int setup_tests(void)
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
*/
#endif
+#ifndef OPENSSL_NO_ML_KEM
+ if (!is_fips_lt_3_5) {
+ ADD_TEST_SUITE(ML_KEM_512);
+ ADD_TEST_SUITE(ML_KEM_768);
+ ADD_TEST_SUITE(ML_KEM_1024);
+ }
+#endif
ADD_TEST_SUITE(RSA);
ADD_TEST_SUITE_LEGACY(RSA);
ADD_TEST_SUITE(RSA_PSS);
@@ -1461,6 +1597,31 @@ int setup_tests(void)
# ifndef OPENSSL_NO_RC4
ADD_TEST_SUITE_PROTECTED_PVK(RSA);
# endif
+
+#ifndef OPENSSL_NO_ML_DSA
+ if (!is_fips_lt_3_5) {
+ ADD_TEST_SUITE(ML_DSA_44);
+ ADD_TEST_SUITE(ML_DSA_65);
+ ADD_TEST_SUITE(ML_DSA_87);
+ }
+#endif /* OPENSSL_NO_ML_DSA */
+
+#ifndef OPENSSL_NO_SLH_DSA
+ if (!is_fips_lt_3_5) {
+ ADD_TEST_SUITE(SLH_DSA_SHA2_128s);
+ ADD_TEST_SUITE(SLH_DSA_SHA2_128f);
+ ADD_TEST_SUITE(SLH_DSA_SHA2_192s);
+ ADD_TEST_SUITE(SLH_DSA_SHA2_192f);
+ ADD_TEST_SUITE(SLH_DSA_SHA2_256s);
+ ADD_TEST_SUITE(SLH_DSA_SHA2_256f);
+ ADD_TEST_SUITE(SLH_DSA_SHAKE_128s);
+ ADD_TEST_SUITE(SLH_DSA_SHAKE_128f);
+ ADD_TEST_SUITE(SLH_DSA_SHAKE_192s);
+ ADD_TEST_SUITE(SLH_DSA_SHAKE_192f);
+ ADD_TEST_SUITE(SLH_DSA_SHAKE_256s);
+ ADD_TEST_SUITE(SLH_DSA_SHAKE_256f);
+ }
+#endif /* OPENSSL_NO_SLH_DSA */
}
return 1;
@@ -1500,14 +1661,48 @@ void cleanup_tests(void)
# ifndef OPENSSL_NO_SM2
FREE_KEYS(SM2);
# endif
+#endif
+#ifndef OPENSSL_NO_ECX
FREE_KEYS(ED25519);
FREE_KEYS(ED448);
FREE_KEYS(X25519);
FREE_KEYS(X448);
#endif
+#ifndef OPENSSL_NO_ML_KEM
+ if (!is_fips_lt_3_5) {
+ FREE_KEYS(ML_KEM_512);
+ FREE_KEYS(ML_KEM_768);
+ FREE_KEYS(ML_KEM_1024);
+ }
+#endif
FREE_KEYS(RSA);
FREE_KEYS(RSA_PSS);
+#ifndef OPENSSL_NO_ML_DSA
+ if (!is_fips_lt_3_5) {
+ FREE_KEYS(ML_DSA_44);
+ FREE_KEYS(ML_DSA_65);
+ FREE_KEYS(ML_DSA_87);
+ }
+#endif /* OPENSSL_NO_ML_DSA */
+
+#ifndef OPENSSL_NO_SLH_DSA
+ if (!is_fips_lt_3_5) {
+ FREE_KEYS(SLH_DSA_SHA2_128s);
+ FREE_KEYS(SLH_DSA_SHA2_128f);
+ FREE_KEYS(SLH_DSA_SHA2_192s);
+ FREE_KEYS(SLH_DSA_SHA2_192f);
+ FREE_KEYS(SLH_DSA_SHA2_256s);
+ FREE_KEYS(SLH_DSA_SHA2_256f);
+ FREE_KEYS(SLH_DSA_SHAKE_128s);
+ FREE_KEYS(SLH_DSA_SHAKE_128f);
+ FREE_KEYS(SLH_DSA_SHAKE_192s);
+ FREE_KEYS(SLH_DSA_SHAKE_192f);
+ FREE_KEYS(SLH_DSA_SHAKE_256s);
+ FREE_KEYS(SLH_DSA_SHAKE_256f);
+ }
+#endif /* OPENSSL_NO_SLH_DSA */
+
OSSL_PROVIDER_unload(nullprov);
OSSL_PROVIDER_unload(deflprov);
OSSL_PROVIDER_unload(keyprov);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-09 13:34:54 +0000