diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/evp_extra_test.c | 11 | ||||
-rw-r--r-- | test/evp_libctx_test.c | 49 | ||||
-rw-r--r-- | test/evp_test.c | 2 | ||||
-rw-r--r-- | test/tls13encryptiontest.c | 4 |
4 files changed, 59 insertions, 7 deletions
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 32624a4b59..03252136e6 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -3568,6 +3568,10 @@ static int test_evp_iv_aes(int idx) || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + + if (!TEST_int_gt(ivlen, 0)) + goto err; + if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; @@ -3679,6 +3683,10 @@ static int test_evp_iv_des(int idx) || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + + if (!TEST_int_gt(ivlen, 0)) + goto err; + if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; @@ -4293,7 +4301,8 @@ static int test_evp_updated_iv(int idx) errmsg = "CIPHER_CTX_GET_UPDATED_IV"; goto err; } - if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) { + iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); + if (!TEST_int_ge(iv_len,0)) { errmsg = "CIPHER_CTX_GET_IV_LEN"; goto err; } diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index 2448c35a14..224e16b398 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -71,6 +71,37 @@ static const char *getname(int id) } #endif +static int test_evp_cipher_api_safety(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx = NULL; + + ctx = EVP_CIPHER_CTX_new(); + + if (!TEST_ptr(ctx)) + goto err; + + /* + * Ensure that EVP_CIPHER_get_block_size returns 0 + * if we haven't initalized the cipher in this context + */ + if (!TEST_int_eq(EVP_CIPHER_CTX_get_block_size(ctx), 0)) + goto err_free; + + /* + * Ensure that EVP_CIPHER_get_iv_length returns 0 + * if we haven't initalized the cipher in this context + */ + if (!TEST_int_eq(EVP_CIPHER_CTX_get_iv_length(ctx), 0)) + goto err_free; + + ret = 1; +err_free: + EVP_CIPHER_CTX_free(ctx); +err: + return ret; +} + /* * We're using some DH specific values in this test, so we skip compilation if * we're in a no-dh build. @@ -438,7 +469,11 @@ static int test_cipher_reinit_partialupdate(int test_id) if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) goto err; - in_len = EVP_CIPHER_get_block_size(cipher) / 2; + in_len = EVP_CIPHER_get_block_size(cipher); + if (!TEST_int_gt(in_len, 0)) + goto err; + if (in_len > 1) + in_len /= 2; /* skip any ciphers that don't allow partial updates */ if (((EVP_CIPHER_get_flags(cipher) @@ -456,16 +491,18 @@ static int test_cipher_reinit_partialupdate(int test_id) || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len))) goto err; - if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) - goto err; + if (EVP_CIPHER_get_iv_length(cipher) != 0) + if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) + goto err; if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) { if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len))) goto err; - if (!TEST_mem_eq(out1, out1_len, out3, out3_len)) - goto err; + if (EVP_CIPHER_get_iv_length(cipher) != 0) + if (!TEST_mem_eq(out1, out1_len, out3, out3_len)) + goto err; } ret = 1; err: @@ -725,6 +762,8 @@ int setup_tests(void) if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) return 0; + ADD_TEST(test_evp_cipher_api_safety); + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); #endif diff --git a/test/evp_test.c b/test/evp_test.c index ecc7f7fe20..aa6f7ee5a1 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1131,7 +1131,7 @@ static int cipher_test_run(EVP_TEST *t) t->err = "NO_KEY"; return 0; } - if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) { + if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) { /* IV is optional and usually omitted in wrap mode */ if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { t->err = "NO_IV"; diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index f1e6490f9f..c696e62d2e 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -326,6 +326,10 @@ static int test_tls13_encryption(void) for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) { /* Load the record */ ivlen = EVP_CIPHER_get_iv_length(ciph); + if (TEST_int_eq((int)ivlen, -1)) { + TEST_error("IV length undefined"); + goto err; + } if (!load_record(&rec, &refdata[ctr], &key, iv, ivlen, seqbuf)) { TEST_error("Failed loading key into EVP_CIPHER_CTX"); goto err; |