diff options
| author | Tomas Mraz <tomas@openssl.org> | 2023-11-01 18:14:09 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-11-03 13:36:13 +0100 |
| commit | 82750a0826cd4728f40df9ef31b3294d83aaafe0 (patch) | |
| tree | a6ad990f13a40177148bfa2aa0e9de2b108226ac | |
| parent | update/final: Return error if key is not set (diff) | |
| download | openssl-82750a0826cd4728f40df9ef31b3294d83aaafe0.tar.xz openssl-82750a0826cd4728f40df9ef31b3294d83aaafe0.zip | |
Add negative test for iv length change
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22590)
| -rw-r--r-- | test/evp_extra_test.c | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 0ece891159..c558cfb27c 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -4061,7 +4061,7 @@ static int test_evp_reset(int idx) TEST_info("test_evp_reset %d: %s", idx, errmsg); EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_free(type); - return testresult; + return testresult; } typedef struct { @@ -4298,6 +4298,64 @@ static int test_gcm_reinit(int idx) return testresult; } +static const char *ivlen_change_ciphers[] = { + "AES-256-GCM", +#ifndef OPENSSL_NO_OCB + "AES-256-OCB", +#endif + "AES-256-CCM" +}; + +/* Negative test for ivlen change after iv being set */ +static int test_ivlen_change(int idx) +{ + int outlen; + int res = 0; + unsigned char outbuf[1024]; + + static const unsigned char iv[] = { + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, + 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 + }; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *ciph = NULL; + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t ivlen = 13; /* non-default IV length */ + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto err; + + if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], + testpropq))) + goto err; + + if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) + goto err; + + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, + sizeof(gcmDefaultPlaintext)))) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, + &ivlen); + if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) + goto err; + + ERR_set_mark(); + if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, + sizeof(gcmDefaultPlaintext)))) { + ERR_clear_last_mark(); + goto err; + } + ERR_pop_to_mark(); + + res = 1; + err: + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(ciph); + return res; +} + #ifndef OPENSSL_NO_DEPRECATED_3_0 static EVP_PKEY_METHOD *custom_pmeth = NULL; static const EVP_PKEY_METHOD *orig_pmeth = NULL; @@ -5419,6 +5477,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); + ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_ALL_TESTS(test_custom_pmeth, 12); |