]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add a CHANGES entry for the cosmetic differences in textual output
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
4333b89f 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
adcd8e37 33#include "testutil.h"
176db6dc 34#include "internal/nelem.h"
00bc1ad9 35#include "internal/sizes.h"
25f2138b 36#include "crypto/evp.h"
f0c62c53 37#include "../e_os.h" /* strcasecmp */
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
86dc26ba 40
71ea6b48
MC		 41/*
42 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
43 * should never use this key anywhere but in an example.
44 */
45static const unsigned char kExampleRSAKeyDER[] = {
46 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
47 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
48 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
49 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
50 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
51 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
52 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
53 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
54 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
55 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
56 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
57 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
58 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
59 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
60 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
61 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
62 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
63 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
64 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
65 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
66 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
67 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
68 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
69 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
70 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
71 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
72 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
73 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
74 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
75 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
76 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
77 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
78 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
79 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
80 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
81 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
82 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
83 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
84 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
85 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
86 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
87 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
88 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
89 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
90 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
91 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
92 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
93 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
94 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
95 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
96 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
97};
98
59d0e6c8
MC		 99/*
100* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
101 * should never use this key anywhere but in an example.
102 */
f650ab47 103#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 104static const unsigned char kExampleDSAKeyDER[] = {
105 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
106 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
107 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
108 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
109 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
110 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
111 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
112 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
113 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
114 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
115 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
116 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
117 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
118 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
119 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
120 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
121 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
122 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
123 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
124 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
125 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
126 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
127 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
128 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
129 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
130 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
131 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
132 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
133 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
134 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
135 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
136 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
137 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
138 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
139 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
140 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
141 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
142 0x40, 0x48
143};
f650ab47 144#endif
59d0e6c8 145
2aee35d3
PY		 146/*
147 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
148 * components are not correct.
149 */
150static const unsigned char kExampleBadRSAKeyDER[] = {
151 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
152 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
153 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
154 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
155 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
156 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
157 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
158 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
159 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
160 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
161 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
162 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
163 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
164 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
165 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
166 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
167 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
168 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
169 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
170 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
171 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
172 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
173 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
174 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
175 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
176 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
177 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
178 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
179 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
180 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
181 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
182 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
183 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
184 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
185 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
186 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
187 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
188 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
189 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
190 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
191 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
192 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
193 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
194 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
195 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
196 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
197 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
198 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
199 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
200 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
201 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
202 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
203 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
204 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
205 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
206 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
207 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
208 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
209 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
210 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
211 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
212 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
213 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
214 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
215 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
216 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
217 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
218 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
219 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
220 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
221 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
222 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
223 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
224 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
225 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
226 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
227 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
228 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
229 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
230 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
231 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
232 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
233 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
234 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
235 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
236 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
237 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
238 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
239 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
240};
241
71ea6b48
MC		 242static const unsigned char kMsg[] = { 1, 2, 3, 4 };
243
244static const unsigned char kSignature[] = {
245 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
246 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
247 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
248 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
249 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
250 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
251 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
252 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
253 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
254 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
255 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
256};
257
258/*
259 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
260 * PrivateKeyInfo.
261 */
262static const unsigned char kExampleRSAKeyPKCS8[] = {
263 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
264 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
265 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
266 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
267 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
268 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
269 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
270 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
271 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
272 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
273 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
274 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
275 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
276 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
277 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
278 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
279 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
280 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
281 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
282 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
283 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
284 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
285 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
286 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
287 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
288 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
289 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
290 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
291 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
292 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
293 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
294 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
295 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
296 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
297 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
298 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
299 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
300 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
301 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
302 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
303 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
304 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
305 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
306 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
307 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
308 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
309 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
310 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
311 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
312 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
313 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
314 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
315 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
316};
317
a9880362 318#ifndef OPENSSL_NO_EC
71ea6b48
MC		 319/*
320 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
321 * structure.
322 */
323static const unsigned char kExampleECKeyDER[] = {
324 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
325 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
326 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
327 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
328 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
329 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
330 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
331 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
332 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
333 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
334 0xc1,
335};
336
337/*
338 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
339 * structure. The private key is equal to the order and will fail to import
340 */
341static const unsigned char kExampleBadECKeyDER[] = {
342 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
343 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
344 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
345 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
346 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
347 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
348 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
349 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
350 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
351};
b0004708
PY		 352
353/* prime256v1 */
354static const unsigned char kExampleECPubKeyDER[] = {
355 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
356 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
357 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
358 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
359 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
360 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
361 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
362 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
363};
364
5dc40a83 365/*
87762939 366 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 367 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
368 */
369static const unsigned char kExampleBadECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378};
379
b0004708
PY		 380static const unsigned char pExampleECParamDER[] = {
381 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
382};
a9880362 383#endif
71ea6b48 384
adcd8e37
RS		 385typedef struct APK_DATA_st {
386 const unsigned char *kder;
387 size_t size;
5b5eea4b 388 const char *keytype;
adcd8e37 389 int evptype;
2aee35d3 390 int check;
b0004708
PY		 391 int pub_check;
392 int param_check;
393 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 394} APK_DATA;
395
396static APK_DATA keydata[] = {
5b5eea4b
SL		 397 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
398 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 399#ifndef OPENSSL_NO_EC
5b5eea4b 400 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 401#endif
adcd8e37
RS		 402};
403
2aee35d3 404static APK_DATA keycheckdata[] = {
5b5eea4b
SL		 405 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0},
406 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 407 0, 1, 1, 0},
2aee35d3 408#ifndef OPENSSL_NO_EC
5b5eea4b 409 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 410 /* group is also associated in our pub key */
5b5eea4b
SL		 411 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1},
412 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}
2aee35d3
PY		 413#endif
414};
415
d7e498ac
RL		 416static EVP_PKEY *load_example_key(const char *keytype,
417 const unsigned char *data, size_t data_len)
71ea6b48 418{
d7e498ac 419 const unsigned char **pdata = &data;
71ea6b48 420 EVP_PKEY *pkey = NULL;
d7e498ac 421 OSSL_DECODER_CTX *dctx =
fe75766c
TM		 422 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
423 testctx, NULL);
71ea6b48 424
d7e498ac
RL		 425 /* |pkey| will be NULL on error */
426 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
427 OSSL_DECODER_CTX_free(dctx);
428 return pkey;
429}
71ea6b48 430
d7e498ac
RL		 431static EVP_PKEY *load_example_rsa_key(void)
432{
433 return load_example_key("RSA", kExampleRSAKeyDER,
434 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 435}
436
f650ab47 437#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 438static EVP_PKEY *load_example_dsa_key(void)
439{
6ed4022c
RL		 440 return load_example_key("DSA", kExampleDSAKeyDER,
441 sizeof(kExampleDSAKeyDER));
59d0e6c8 442}
f650ab47 443#endif
59d0e6c8 444
6d242fa5
MC		 445static EVP_PKEY *load_example_hmac_key(void)
446{
447 EVP_PKEY *pkey = NULL;
448 unsigned char key[] = {
449 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
450 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
451 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
452 };
453
454 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
455 if (!TEST_ptr(pkey))
456 return NULL;
457
458 return pkey;
459}
460
f9e504e8
P		 461static int test_EVP_set_default_properties(void)
462{
b4250010 463 OSSL_LIB_CTX *ctx;
f9e504e8
P		 464 EVP_MD *md = NULL;
465 int res = 0;
466
b4250010 467 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 468 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
469 goto err;
470 EVP_MD_free(md);
471 md = NULL;
472
473 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
474 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
475 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
476 goto err;
477 EVP_MD_free(md);
478 md = NULL;
479
480 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
481 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
482 goto err;
483 res = 1;
484err:
485 EVP_MD_free(md);
b4250010 486 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 487 return res;
488}
489
b8a1272d
MC		 490#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
491static int test_fromdata(char *keytype, OSSL_PARAM *params)
492{
493 EVP_PKEY_CTX *pctx = NULL;
494 EVP_PKEY *pkey = NULL;
495 int testresult = 0;
496
497 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL)))
498 goto err;
2db985b7
SL		 499 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
500 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
501 params), 0))
b8a1272d
MC		 502 goto err;
503
504 if (!TEST_ptr(pkey))
505 goto err;
506
507 testresult = 1;
508 err:
509 EVP_PKEY_free(pkey);
510 EVP_PKEY_CTX_free(pctx);
511
512 return testresult;
513}
514#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
515
2c04b341 516/*
8a9394c1 517 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 518 * params to ensure they are all accepted
519 */
b8a1272d 520#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 521static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
522{
523 OSSL_PARAM_BLD *bld = NULL;
524 OSSL_PARAM *params = NULL;
525 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 526 int ret = 0;
527
528 /*
529 * Setup the parameters for our pkey object. For our purposes they don't
530 * have to actually be *valid* parameters. We just need to set something.
531 */
b8a1272d 532 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 533 || !TEST_ptr(q = BN_new())
534 || !TEST_ptr(g = BN_new())
535 || !TEST_ptr(pub = BN_new())
536 || !TEST_ptr(priv = BN_new()))
537 goto err;
538
539 /* Test !priv and !pub */
540 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
541 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
542 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
543 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
544 goto err;
545 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
546 goto err;
547
b8a1272d 548 if (!test_fromdata(keytype, params))
2c04b341 549 goto err;
2c04b341
JS		 550 OSSL_PARAM_BLD_free_params(params);
551 OSSL_PARAM_BLD_free(bld);
552
553 /* Test priv and !pub */
554 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
555 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
556 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
557 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
558 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
559 priv)))
560 goto err;
561 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
562 goto err;
563
b8a1272d 564 if (!test_fromdata(keytype, params))
2c04b341 565 goto err;
2c04b341
JS		 566 OSSL_PARAM_BLD_free_params(params);
567 OSSL_PARAM_BLD_free(bld);
568
569 /* Test !priv and pub */
570 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
572 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
573 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
574 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
575 pub)))
576 goto err;
577 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
578 goto err;
579
b8a1272d 580 if (!test_fromdata(keytype, params))
2c04b341 581 goto err;
2c04b341
JS		 582 OSSL_PARAM_BLD_free_params(params);
583 OSSL_PARAM_BLD_free(bld);
584
585 /* Test priv and pub */
586 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
588 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
589 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
590 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
591 pub))
592 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
593 priv)))
594 goto err;
595 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
596 goto err;
597
b8a1272d 598 if (!test_fromdata(keytype, params))
2c04b341
JS		 599 goto err;
600
601 ret = 1;
602 err:
2c04b341
JS		 603 OSSL_PARAM_BLD_free_params(params);
604 OSSL_PARAM_BLD_free(bld);
605 BN_free(p);
606 BN_free(q);
607 BN_free(g);
608 BN_free(pub);
609 BN_free(priv);
610
611 return ret;
612}
8a9394c1 613#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 614
b8a1272d
MC		 615/*
616 * Test combinations of private, public, missing and private + public key
617 * params to ensure they are all accepted for EC keys
618 */
619#ifndef OPENSSL_NO_EC
620static unsigned char ec_priv[] = {
621 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
622 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
623 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
624};
625static unsigned char ec_pub[] = {
626 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
627 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
628 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
629 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
630 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
631 0x08, 0x09, 0xb8, 0xdb, 0x03
632};
633
634static int test_EC_priv_pub(void)
635{
636 OSSL_PARAM_BLD *bld = NULL;
637 OSSL_PARAM *params = NULL;
638 BIGNUM *priv = NULL;
639 int ret = 0;
640
641 /*
642 * Setup the parameters for our pkey object. For our purposes they don't
643 * have to actually be *valid* parameters. We just need to set something.
644 */
645 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
646 goto err;
647
648 /* Test !priv and !pub */
649 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
650 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
651 OSSL_PKEY_PARAM_GROUP_NAME,
652 "P-256", 0)))
653 goto err;
654 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
655 goto err;
656
657 if (!test_fromdata("EC", params))
658 goto err;
659 OSSL_PARAM_BLD_free_params(params);
660 OSSL_PARAM_BLD_free(bld);
661
662 /* Test priv and !pub */
663 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
664 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
665 OSSL_PKEY_PARAM_GROUP_NAME,
666 "P-256", 0))
667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
668 priv)))
669 goto err;
670 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
671 goto err;
672
673 if (!test_fromdata("EC", params))
674 goto err;
675 OSSL_PARAM_BLD_free_params(params);
676 OSSL_PARAM_BLD_free(bld);
677
678 /* Test !priv and pub */
679 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
680 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
681 OSSL_PKEY_PARAM_GROUP_NAME,
682 "P-256", 0))
683 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
684 OSSL_PKEY_PARAM_PUB_KEY,
685 ec_pub, sizeof(ec_pub))))
686 goto err;
687 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
688 goto err;
689
690 if (!test_fromdata("EC", params))
691 goto err;
692 OSSL_PARAM_BLD_free_params(params);
693 OSSL_PARAM_BLD_free(bld);
694
695 /* Test priv and pub */
696 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
697 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
698 OSSL_PKEY_PARAM_GROUP_NAME,
699 "P-256", 0))
700 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
701 OSSL_PKEY_PARAM_PUB_KEY,
702 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 703 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
704 priv)))
b8a1272d
MC		 705 goto err;
706 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
707 goto err;
708
709 if (!test_fromdata("EC", params))
710 goto err;
711
712 ret = 1;
713 err:
714 OSSL_PARAM_BLD_free_params(params);
715 OSSL_PARAM_BLD_free(bld);
716 BN_free(priv);
717
718 return ret;
719}
720
721/* Test that using a legacy EC key with only a private key in it works */
722# ifndef OPENSSL_NO_DEPRECATED_3_0
723static int test_EC_priv_only_legacy(void)
724{
725 BIGNUM *priv = NULL;
726 int ret = 0;
727 EC_KEY *eckey = NULL;
728 EVP_PKEY *pkey = NULL;
729 EVP_MD_CTX *ctx = NULL;
730
731 /* Create the low level EC_KEY */
732 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
733 goto err;
734
735 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
736 if (!TEST_ptr(eckey))
737 goto err;
738
739 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
740 goto err;
741
742 pkey = EVP_PKEY_new();
743 if (!TEST_ptr(pkey))
744 goto err;
745
746 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
747 goto err;
748 eckey = NULL;
749
750 ctx = EVP_MD_CTX_new();
751 if (!TEST_ptr(ctx))
752 goto err;
753
754 /*
755 * The EVP_DigestSignInit function should create the key on the provider
756 * side which is sufficient for this test.
757 */
758 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey)))
759 goto err;
760
761 ret = 1;
762
763 err:
764 EVP_MD_CTX_free(ctx);
765 EVP_PKEY_free(pkey);
766 EC_KEY_free(eckey);
767 BN_free(priv);
768
769 return ret;
770}
771# endif /* OPENSSL_NO_DEPRECATED_3_0 */
772#endif /* OPENSSL_NO_EC */
773
2eb2b4f3
SL		 774static int test_EVP_Enveloped(void)
775{
776 int ret = 0;
777 EVP_CIPHER_CTX *ctx = NULL;
778 EVP_PKEY *keypair = NULL;
779 unsigned char *kek = NULL;
780 unsigned char iv[EVP_MAX_IV_LENGTH];
781 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
782 int len, kek_len, ciphertext_len, plaintext_len;
783 unsigned char ciphertext[32], plaintext[16];
784 const EVP_CIPHER *type = EVP_aes_256_cbc();
785
786 if (!TEST_ptr(keypair = load_example_rsa_key())
787 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
788 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
789 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
790 &keypair, 1))
791 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
792 msg, sizeof(msg)))
793 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
794 &len)))
795 goto err;
796
797 ciphertext_len += len;
798
799 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
800 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
801 ciphertext, ciphertext_len))
802 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
803 goto err;
804
805 plaintext_len += len;
806 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
807 goto err;
808
809 ret = 1;
810err:
811 OPENSSL_free(kek);
812 EVP_PKEY_free(keypair);
813 EVP_CIPHER_CTX_free(ctx);
814 return ret;
815}
816
59d0e6c8 817/*
6d242fa5
MC		 818 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
819 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
820 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
821 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
822 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
823 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
824 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
825 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
826 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
59d0e6c8
MC		 827 */
828static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 829{
830 int ret = 0;
831 EVP_PKEY *pkey = NULL;
832 unsigned char *sig = NULL;
833 size_t sig_len = 0;
59d0e6c8
MC		 834 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
835 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
836 BIO *mdbio = NULL, *membio = NULL;
837 size_t written;
6d242fa5
MC		 838 const EVP_MD *md;
839 EVP_MD *mdexp = NULL;
59d0e6c8 840
6d242fa5 841 if (tst >= 6) {
59d0e6c8
MC		 842 membio = BIO_new(BIO_s_mem());
843 mdbio = BIO_new(BIO_f_md());
844 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
845 goto out;
846 BIO_push(mdbio, membio);
847 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
848 goto out;
849 } else {
850 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
851 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
852 goto out;
853 }
71ea6b48 854
6d242fa5 855 if (tst == 0 || tst == 3 || tst == 6) {
59d0e6c8
MC		 856 if (!TEST_ptr(pkey = load_example_rsa_key()))
857 goto out;
6d242fa5 858 } else if (tst == 1 || tst == 4 || tst == 7) {
f650ab47 859#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 860 if (!TEST_ptr(pkey = load_example_dsa_key()))
861 goto out;
f650ab47
MC		 862#else
863 ret = 1;
864 goto out;
865#endif
6d242fa5
MC		 866 } else {
867 if (!TEST_ptr(pkey = load_example_hmac_key()))
868 goto out;
59d0e6c8 869 }
71ea6b48 870
6d242fa5
MC		 871 if (tst >= 3 && tst <= 5)
872 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
873 else
874 md = EVP_sha256();
875
876 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 877 goto out;
adcd8e37 878
6d242fa5 879 if (tst >= 6) {
59d0e6c8
MC		 880 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
881 goto out;
882 } else {
883 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
884 goto out;
885 }
886
71ea6b48 887 /* Determine the size of the signature. */
adcd8e37 888 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
0a054d2a 889 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
adcd8e37 890 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
71ea6b48 891 goto out;
71ea6b48 892
6d242fa5 893 if (tst >= 6) {
59d0e6c8
MC		 894 if (!TEST_int_gt(BIO_reset(mdbio), 0)
895 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
896 goto out;
897 }
898
6d242fa5
MC		 899 /*
900 * Ensure that the signature round-trips (Verification isn't supported for
901 * HMAC via EVP_DigestVerify*)
902 */
903 if (tst != 2 && tst != 5 && tst != 8) {
904 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
905 NULL, pkey)))
59d0e6c8 906 goto out;
6d242fa5
MC		 907
908 if (tst >= 6) {
909 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
910 goto out;
911 } else {
912 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
913 sizeof(kMsg))))
914 goto out;
915 }
916 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
59d0e6c8
MC		 917 goto out;
918 }
71ea6b48
MC		 919
920 ret = 1;
921
922 out:
59d0e6c8
MC		 923 BIO_free(membio);
924 BIO_free(mdbio);
925 EVP_MD_CTX_free(a_md_ctx);
926 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 927 EVP_PKEY_free(pkey);
b548a1f1 928 OPENSSL_free(sig);
6d242fa5 929 EVP_MD_free(mdexp);
71ea6b48
MC		 930
931 return ret;
932}
933
934static int test_EVP_DigestVerifyInit(void)
935{
936 int ret = 0;
937 EVP_PKEY *pkey = NULL;
adcd8e37 938 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 939
adcd8e37
RS		 940 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
941 || !TEST_ptr(pkey = load_example_rsa_key()))
942 goto out;
71ea6b48 943
adcd8e37
RS		 944 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
945 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
946 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
947 sizeof(kSignature))))
71ea6b48 948 goto out;
71ea6b48
MC		 949 ret = 1;
950
951 out:
bfb0641f 952 EVP_MD_CTX_free(md_ctx);
c5ba2d99 953 EVP_PKEY_free(pkey);
71ea6b48
MC		 954 return ret;
955}
956
8d8dd09b
TM		 957/*
958 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
959 */
960static int test_EVP_Digest(void)
961{
962 int ret = 0;
963 EVP_MD_CTX *md_ctx = NULL;
964 unsigned char md[EVP_MAX_MD_SIZE];
965
966 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
967 goto out;
968
969 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
970 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
971 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
972 /* EVP_DigestFinal resets the EVP_MD_CTX. */
973 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
974 goto out;
975
976 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
977 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
978 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
979 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
980 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
981 /*
982 * EVP_DigestInit_ex with NULL type should work on
983 * pre-initialized context.
984 */
985 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
986 goto out;
987
988 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
989 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
990 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
991 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
992 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
993 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
994 goto out;
995 ret = 1;
996
997 out:
998 EVP_MD_CTX_free(md_ctx);
999 return ret;
1000}
1001
adcd8e37 1002static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1003{
1004 int ret = 0;
1005 const unsigned char *p;
1006 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1007 const APK_DATA *ak = &keydata[i];
1008 const unsigned char *input = ak->kder;
1009 size_t input_len = ak->size;
1010 int expected_id = ak->evptype;
71ea6b48
MC		 1011
1012 p = input;
adcd8e37
RS		 1013 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1014 || !TEST_ptr_eq(p, input + input_len)
1015 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
71ea6b48 1016 goto done;
71ea6b48
MC		 1017
1018 ret = 1;
1019
1020 done:
c5ba2d99 1021 EVP_PKEY_free(pkey);
71ea6b48
MC		 1022 return ret;
1023}
1024
a9880362 1025#ifndef OPENSSL_NO_EC
cad8347b
SL		 1026
1027static const unsigned char ec_public_sect163k1_validxy[] = {
1028 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1029 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1030 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1031 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1032 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1033 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1034};
1035
1036static const unsigned char ec_public_sect163k1_badx[] = {
1037 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1038 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1039 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1040 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1041 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1042 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1043};
1044
1045static const unsigned char ec_public_sect163k1_bady[] = {
1046 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1047 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1048 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1049 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1050 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1051 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1052};
1053
1054static struct ec_der_pub_keys_st {
1055 const unsigned char *der;
1056 size_t len;
1057 int valid;
1058} ec_der_pub_keys[] = {
1059 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1060 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1061 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1062};
1063
1064/*
1065 * Tests the range of the decoded EC char2 public point.
1066 * See ec_GF2m_simple_oct2point().
1067 */
1068static int test_invalide_ec_char2_pub_range_decode(int id)
1069{
1070 int ret = 0;
5b5eea4b 1071 EVP_PKEY *pkey;
cad8347b 1072
5b5eea4b
SL		 1073 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1074 ec_der_pub_keys[id].len);
1075
1076 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1077 || TEST_ptr_null(pkey);
1078 EVP_PKEY_free(pkey);
cad8347b
SL		 1079 return ret;
1080}
1081
71ea6b48
MC		 1082/* Tests loading a bad key in PKCS8 format */
1083static int test_EVP_PKCS82PKEY(void)
1084{
1085 int ret = 0;
1086 const unsigned char *derp = kExampleBadECKeyDER;
1087 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1088 EVP_PKEY *pkey = NULL;
1089
adcd8e37
RS		 1090 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1091 sizeof(kExampleBadECKeyDER))))
1092 goto done;
71ea6b48 1093
adcd8e37
RS		 1094 if (!TEST_ptr_eq(derp,
1095 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1096 goto done;
71ea6b48 1097
adcd8e37 1098 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1099 goto done;
71ea6b48
MC		 1100
1101 ret = 1;
1102
1103 done:
e0e920b1 1104 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1105 EVP_PKEY_free(pkey);
71ea6b48
MC		 1106
1107 return ret;
1108}
a9880362 1109#endif
71ea6b48 1110
29c49b25
RL		 1111/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1112static int test_privatekey_to_pkcs8(void)
1113{
1114 EVP_PKEY *pkey = NULL;
1115 BIO *membio = NULL;
1116 char *membuf = NULL;
e2cc68c8 1117 long membuf_len = 0;
29c49b25
RL		 1118 int ok = 0;
1119
1120 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1121 || !TEST_ptr(pkey = load_example_rsa_key())
1122 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1123 NULL, 0, NULL, NULL),
1124 0)
e2cc68c8
SL		 1125 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1126 || !TEST_ptr(membuf)
1127 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1128 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1129 /*
1130 * We try to write PEM as well, just to see that it doesn't err, but
1131 * assume that the result is correct.
1132 */
1133 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1134 NULL, 0, NULL, NULL),
1135 0))
1136 goto done;
1137
1138 ok = 1;
1139 done:
1140 EVP_PKEY_free(pkey);
1141 BIO_free_all(membio);
1142 return ok;
1143}
1144
f0c62c53
RL		 1145#ifndef OPENSSL_NO_EC
1146static const struct {
1147 int encoding;
1148 const char *encoding_name;
1149} ec_encodings[] = {
1150 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1151 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1152};
1153
1154static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1155{
1156 const OSSL_PARAM *p;
1157 const char *enc_name = NULL;
1158 int *enc = arg;
1159 size_t i;
1160
1161 *enc = -1;
1162
1163 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1164 OSSL_PKEY_PARAM_EC_ENCODING))
1165 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1166 return 0;
1167
1168 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1169 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1170 *enc = ec_encodings[i].encoding;
1171 break;
1172 }
1173 }
1174
1175 return (*enc != -1);
1176}
1177
1178static int test_EC_keygen_with_enc(int idx)
1179{
1180 EVP_PKEY *params = NULL, *key = NULL;
1181 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1182 int enc;
1183 int ret = 0;
1184
1185 enc = ec_encodings[idx].encoding;
1186
1187 /* Create key parameters */
1188 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1189 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1190 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1191 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1192 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1193 || !TEST_ptr(params))
1194 goto done;
1195
1196 /* Create key */
1197 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1198 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1199 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1200 || !TEST_ptr(key))
1201 goto done;
1202
1203 /* Check that the encoding got all the way into the key */
1204 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1205 ec_export_get_encoding_cb, &enc))
1206 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1207 goto done;
1208
1209 ret = 1;
1210 done:
1211 EVP_PKEY_free(key);
1212 EVP_PKEY_free(params);
1213 EVP_PKEY_CTX_free(kctx);
1214 EVP_PKEY_CTX_free(pctx);
1215 return ret;
1216}
1217#endif
1218
f844f9eb 1219#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 1220
a6c4cb84
JL		 1221static int test_EVP_SM2_verify(void)
1222{
a6c4cb84 1223 const char *pubkey =
d0b79f86
PY		 1224 "-----BEGIN PUBLIC KEY-----\n"
1225 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1226 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1227 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1228
1229 const char *msg = "message digest";
1230 const char *id = "ALICE123@YAHOO.COM";
1231
1232 const uint8_t signature[] = {
d0b79f86
PY		 1233 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1234 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1235 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1236 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1237 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1238 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1239 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1240 };
1241
1242 int rc = 0;
1243 BIO *bio = NULL;
1244 EVP_PKEY *pkey = NULL;
1245 EVP_MD_CTX *mctx = NULL;
1246 EVP_PKEY_CTX *pctx = NULL;
1247
1248 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1249 if (!TEST_true(bio != NULL))
1250 goto done;
1251
1252 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1253 if (!TEST_true(pkey != NULL))
1254 goto done;
1255
8a288609 1256 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1257 goto done;
1258
1259 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1260 goto done;
1261
1262 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1263 goto done;
1264
a6c4cb84
JL		 1265 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1266
1267 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1268 goto done;
1269
d0b79f86
PY		 1270 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1271 goto done;
1272
a6c4cb84
JL		 1273 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1274 goto done;
1275
1276 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1277 goto done;
1278 rc = 1;
1279
1280 done:
1281 BIO_free(bio);
1282 EVP_PKEY_free(pkey);
1283 EVP_PKEY_CTX_free(pctx);
1284 EVP_MD_CTX_free(mctx);
1285 return rc;
1286}
1287
ddb634fe
JL		 1288static int test_EVP_SM2(void)
1289{
1290 int ret = 0;
1291 EVP_PKEY *pkey = NULL;
bfb56a97 1292 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1293 EVP_PKEY_CTX *pctx = NULL;
1294 EVP_PKEY_CTX *kctx = NULL;
4803717f 1295 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1296 size_t sig_len = 0;
1297 unsigned char *sig = NULL;
1298 EVP_MD_CTX *md_ctx = NULL;
1299 EVP_MD_CTX *md_ctx_verify = NULL;
1300 EVP_PKEY_CTX *cctx = NULL;
1301
1302 uint8_t ciphertext[128];
1303 size_t ctext_len = sizeof(ciphertext);
1304
1305 uint8_t plaintext[8];
1306 size_t ptext_len = sizeof(plaintext);
1307
4803717f
PY		 1308 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1309
bfb56a97
MC		 1310 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1311 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1312 int i;
1313 char mdname[20];
1314
d0b79f86 1315 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
ddb634fe
JL		 1316 if (!TEST_ptr(pctx))
1317 goto done;
1318
1319 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1320 goto done;
1321
1322 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1323 goto done;
1324
bfb56a97 1325 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1326 goto done;
1327
bfb56a97 1328 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
ddb634fe
JL		 1329 if (!TEST_ptr(kctx))
1330 goto done;
1331
1332 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1333 goto done;
1334
1335 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1336 goto done;
1337
ddb634fe
JL		 1338 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1339 goto done;
1340
1341 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1342 goto done;
1343
4803717f
PY		 1344 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1345 goto done;
1346
1347 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1348 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1349
d0b79f86 1350 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
4803717f
PY		 1351 goto done;
1352
d0b79f86 1353 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1354 goto done;
1355
1356 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1357 goto done;
1358
1359 /* Determine the size of the signature. */
1360 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1361 goto done;
1362
ddb634fe
JL		 1363 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1364 goto done;
1365
1366 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1367 goto done;
1368
1369 /* Ensure that the signature round-trips. */
1370
1371 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1372 goto done;
1373
d0b79f86
PY		 1374 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1375 goto done;
1376
ddb634fe
JL		 1377 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1378 goto done;
1379
1380 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1381 goto done;
1382
1383 /* now check encryption/decryption */
1384
bfb56a97
MC		 1385 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1386 mdname, sizeof(mdname));
1387 for (i = 0; i < 2; i++) {
1388 EVP_PKEY_CTX_free(cctx);
ddb634fe 1389
bfb56a97
MC		 1390 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1391 i == 0 ? "SM3" : "SHA2-256",
1392 0);
ddb634fe 1393
bfb56a97
MC		 1394 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1395 goto done;
ddb634fe 1396
bfb56a97
MC		 1397 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1398 goto done;
ddb634fe 1399
bfb56a97
MC		 1400 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1401 goto done;
ddb634fe 1402
bfb56a97
MC		 1403 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1404 sizeof(kMsg))))
1405 goto done;
ddb634fe 1406
bfb56a97
MC		 1407 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1408 goto done;
1409
1410 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1411 goto done;
1412
1413 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1414 ctext_len)))
1415 goto done;
1416
1417 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1418 goto done;
1419
1420 /* Test we're still using the digest we think we are */
1421 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1422 goto done;
1423 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1424 goto done;
1425
1426 if (!TEST_true(ptext_len == sizeof(kMsg)))
1427 goto done;
1428
1429 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1430 goto done;
1431 }
ddb634fe
JL		 1432
1433 ret = 1;
1434done:
1435 EVP_PKEY_CTX_free(pctx);
1436 EVP_PKEY_CTX_free(kctx);
4803717f 1437 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 1438 EVP_PKEY_CTX_free(cctx);
1439 EVP_PKEY_free(pkey);
bfb56a97 1440 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 1441 EVP_MD_CTX_free(md_ctx);
1442 EVP_MD_CTX_free(md_ctx_verify);
1443 OPENSSL_free(sig);
1444 return ret;
1445}
1446
1447#endif
1448
bb5f281a
MC		 1449static struct keys_st {
1450 int type;
1451 char *priv;
1452 char *pub;
1453} keys[] = {
1454 {
1455 EVP_PKEY_HMAC, "0123456789", NULL
1456 }, {
1457 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1458 }, {
1459 EVP_PKEY_SIPHASH, "0123456789012345", NULL
896dcb80
MC		 1460 },
1461#ifndef OPENSSL_NO_EC
1462 {
bb5f281a
MC		 1463 EVP_PKEY_X25519, "01234567890123456789012345678901",
1464 "abcdefghijklmnopqrstuvwxyzabcdef"
1465 }, {
1466 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1467 "abcdefghijklmnopqrstuvwxyzabcdef"
1468 }, {
1469 EVP_PKEY_X448,
1470 "01234567890123456789012345678901234567890123456789012345",
1471 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1472 }, {
1473 EVP_PKEY_ED448,
1474 "012345678901234567890123456789012345678901234567890123456",
1475 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1476 }
896dcb80 1477#endif
bb5f281a
MC		 1478};
1479
86dc26ba 1480static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 1481{
1482 int ret = 0;
1483 unsigned char buf[80];
1484 unsigned char *in;
1485 size_t inlen, len = 0;
1486 EVP_PKEY *pkey;
1487
1488 /* Check if this algorithm supports public keys */
1489 if (keys[tst].pub == NULL)
1490 return 1;
1491
1492 memset(buf, 0, sizeof(buf));
1493
1494 if (pub) {
1495 inlen = strlen(keys[tst].pub);
1496 in = (unsigned char *)keys[tst].pub;
86dc26ba 1497 if (uselibctx) {
d8652be0 1498 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 1499 testctx,
1500 OBJ_nid2sn(keys[tst].type),
1501 NULL,
1502 in,
1503 inlen);
1504 } else {
1505 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1506 NULL,
1507 in,
1508 inlen);
1509 }
bb5f281a
MC		 1510 } else {
1511 inlen = strlen(keys[tst].priv);
1512 in = (unsigned char *)keys[tst].priv;
86dc26ba 1513 if (uselibctx) {
d8652be0 1514 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 1515 testctx, OBJ_nid2sn(keys[tst].type),
1516 NULL,
1517 in,
1518 inlen);
1519 } else {
1520 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1521 NULL,
1522 in,
1523 inlen);
1524 }
bb5f281a
MC		 1525 }
1526
1527 if (!TEST_ptr(pkey)
1528 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1529 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1530 || !TEST_true(len == inlen)
1531 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1532 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1533 || !TEST_mem_eq(in, inlen, buf, len))
1534 goto done;
1535
1536 ret = 1;
1537 done:
1538 EVP_PKEY_free(pkey);
1539 return ret;
1540}
1541
1542static int test_set_get_raw_keys(int tst)
1543{
86dc26ba
MC		 1544 return test_set_get_raw_keys_int(tst, 0, 0)
1545 && test_set_get_raw_keys_int(tst, 0, 1)
1546 && test_set_get_raw_keys_int(tst, 1, 0)
1547 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 1548}
1549
41bbba53 1550#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1551static int pkey_custom_check(EVP_PKEY *pkey)
1552{
1553 return 0xbeef;
1554}
1555
b0004708
PY		 1556static int pkey_custom_pub_check(EVP_PKEY *pkey)
1557{
1558 return 0xbeef;
1559}
1560
1561static int pkey_custom_param_check(EVP_PKEY *pkey)
1562{
1563 return 0xbeef;
1564}
1565
2aee35d3 1566static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 1567#endif
2aee35d3
PY		 1568
1569static int test_EVP_PKEY_check(int i)
1570{
1571 int ret = 0;
2aee35d3
PY		 1572 EVP_PKEY *pkey = NULL;
1573 EVP_PKEY_CTX *ctx = NULL;
41bbba53 1574#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1575 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 1576#endif
2aee35d3
PY		 1577 const APK_DATA *ak = &keycheckdata[i];
1578 const unsigned char *input = ak->kder;
1579 size_t input_len = ak->size;
1580 int expected_id = ak->evptype;
1581 int expected_check = ak->check;
b0004708
PY		 1582 int expected_pub_check = ak->pub_check;
1583 int expected_param_check = ak->param_check;
1584 int type = ak->type;
b0004708 1585
5b5eea4b
SL		 1586 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1587 goto done;
1588 if (type == 0
1589 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1590 goto done;
2aee35d3
PY		 1591
1592 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1593 goto done;
1594
b0004708
PY		 1595 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1596 goto done;
1597
1598 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1599 goto done;
1600
1601 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1602 goto done;
2aee35d3 1603
41bbba53 1604#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 1605 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1606 /* assign the pkey directly, as an internal test */
1607 EVP_PKEY_up_ref(pkey);
1608 ctx2->pkey = pkey;
1609
1610 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1611 goto done;
1612
b0004708
PY		 1613 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1614 goto done;
1615
1616 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1617 goto done;
41bbba53 1618#endif
b0004708 1619
2aee35d3
PY		 1620 ret = 1;
1621
1622 done:
1623 EVP_PKEY_CTX_free(ctx);
41bbba53 1624#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 1625 EVP_PKEY_CTX_free(ctx2);
41bbba53 1626#endif
2aee35d3
PY		 1627 EVP_PKEY_free(pkey);
1628 return ret;
1629}
1630
fab8fde3 1631#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 1632static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1633{
1634 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1635 const char msg[] = "Hello World";
1636 size_t maclen;
1637 int ret = 1;
1638
1639 if (!TEST_ptr(mdctx)
1640 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1641 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1642 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1643 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1644 ret = 0;
1645
1646 EVP_MD_CTX_free(mdctx);
1647
1648 return ret;
1649}
a87820e1
RL		 1650static int test_CMAC_keygen(void)
1651{
e5bc0ce2
MC		 1652 static unsigned char key[] = {
1653 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1654 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1655 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1656 };
a87820e1
RL		 1657 /*
1658 * This is a legacy method for CMACs, but should still work.
1659 * This verifies that it works without an ENGINE.
1660 */
1661 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1662 int ret = 0;
e5bc0ce2 1663 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 1664 unsigned char mac[AES_BLOCK_SIZE];
1665# if !defined(OPENSSL_NO_DEPRECATED_3_0)
1666 unsigned char mac2[AES_BLOCK_SIZE];
1667# endif
e5bc0ce2
MC		 1668
1669 /* Test a CMAC key created using the "generated" method */
1670 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1671 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1672 EVP_PKEY_CTRL_CIPHER,
1673 0, (void *)EVP_aes_256_ecb()), 0)
1674 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1675 EVP_PKEY_CTRL_SET_MAC_KEY,
1676 sizeof(key), (void *)key), 0)
1677 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1678 || !TEST_ptr(pkey)
1679 || !TEST_true(get_cmac_val(pkey, mac)))
1680 goto done;
a87820e1 1681
a3d267f1 1682# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 1683 EVP_PKEY_free(pkey);
1684
1685 /*
1686 * Test a CMAC key using the direct method, and compare with the mac
1687 * created above.
1688 */
1689 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1690 if (!TEST_ptr(pkey)
1691 || !TEST_true(get_cmac_val(pkey, mac2))
1692 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 1693 goto done;
a3d267f1 1694# endif
e5bc0ce2 1695
a87820e1
RL		 1696 ret = 1;
1697
1698 done:
e5bc0ce2 1699 EVP_PKEY_free(pkey);
a87820e1
RL		 1700 EVP_PKEY_CTX_free(kctx);
1701 return ret;
1702}
fab8fde3 1703#endif
a87820e1 1704
10d5b415
MC		 1705static int test_HKDF(void)
1706{
1707 EVP_PKEY_CTX *pctx;
1708 unsigned char out[20];
1709 size_t outlen;
1710 int i, ret = 0;
1711 unsigned char salt[] = "0123456789";
1712 unsigned char key[] = "012345678901234567890123456789";
1713 unsigned char info[] = "infostring";
1714 const unsigned char expected[] = {
1715 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1716 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1717 };
1718 size_t expectedlen = sizeof(expected);
1719
1720 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1721 goto done;
1722
1723 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1724 for (i = 0; i < 2; i++) {
1725 outlen = sizeof(out);
1726 memset(out, 0, outlen);
1727
1728 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1729 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1730 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1731 sizeof(salt) - 1), 0)
1732 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1733 sizeof(key) - 1), 0)
1734 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1735 sizeof(info) - 1), 0)
1736 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1737 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1738 goto done;
1739 }
1740
1741 ret = 1;
1742
1743 done:
1744 EVP_PKEY_CTX_free(pctx);
1745
1746 return ret;
1747}
1748
2cd3ebc7
BK		 1749static int test_emptyikm_HKDF(void)
1750{
1751 EVP_PKEY_CTX *pctx;
1752 unsigned char out[20];
1753 size_t outlen;
1754 int ret = 0;
1755 unsigned char salt[] = "9876543210";
1756 unsigned char key[] = "";
1757 unsigned char info[] = "stringinfo";
1758 const unsigned char expected[] = {
1759 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1760 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1761 };
1762 size_t expectedlen = sizeof(expected);
1763
1764 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1765 goto done;
1766
1767 outlen = sizeof(out);
1768 memset(out, 0, outlen);
1769
1770 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1771 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1772 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1773 sizeof(salt) - 1), 0)
1774 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1775 sizeof(key) - 1), 0)
1776 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1777 sizeof(info) - 1), 0)
1778 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1779 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1780 goto done;
1781
1782 ret = 1;
1783
1784 done:
1785 EVP_PKEY_CTX_free(pctx);
1786
1787 return ret;
1788}
1789
5dc40a83
BE		 1790#ifndef OPENSSL_NO_EC
1791static int test_X509_PUBKEY_inplace(void)
1792{
1793 int ret = 0;
1794 X509_PUBKEY *xp = NULL;
1795 const unsigned char *p = kExampleECPubKeyDER;
1796 size_t input_len = sizeof(kExampleECPubKeyDER);
1797
1798 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1799 goto done;
1800
1801 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1802 goto done;
1803
1804 p = kExampleBadECPubKeyDER;
1805 input_len = sizeof(kExampleBadECPubKeyDER);
1806
1807 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1808 goto done;
1809
1810 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1811 goto done;
1812
1813 ret = 1;
1814
1815done:
1816 X509_PUBKEY_free(xp);
1817 return ret;
1818}
7bb82f92 1819#endif /* OPENSSL_NO_EC */
784883fc 1820
9c45222d 1821/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 1822static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 1823{
9a071fef 1824 EVP_MD_CTX *mdctx = NULL;
9c45222d 1825 EVP_PKEY_CTX *ctx = NULL;
9c45222d 1826 const OSSL_PARAM *params;
00bc1ad9 1827 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 1828 int ret = 0;
1829 const EVP_MD *md;
00bc1ad9 1830 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 1831 char ssl3ms[48];
9c45222d 1832
9c45222d
MC		 1833 /* Initialise a sign operation */
1834 ctx = EVP_PKEY_CTX_new(pkey, NULL);
9c45222d 1835 if (!TEST_ptr(ctx)
c9c4a356 1836 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 1837 goto err;
1838
1839 /*
f54a4101 1840 * We should be able to query the parameters now.
9c45222d
MC		 1841 */
1842 params = EVP_PKEY_CTX_settable_params(ctx);
1843 if (!TEST_ptr(params)
0cb3f4f9
RL		 1844 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1845 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1846 goto err;
1847
9c45222d
MC		 1848 params = EVP_PKEY_CTX_gettable_params(ctx);
1849 if (!TEST_ptr(params)
0cb3f4f9
RL		 1850 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1851 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 1852 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1853 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 1854 goto err;
1855
1856 /*
1857 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1858 * EVP_PKEY_CTX_get_params()
1859 */
00bc1ad9
RL		 1860 strcpy(mdname, "SHA512");
1861 param_md = param;
1862 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1863 mdname, 0);
9c45222d
MC		 1864 *param++ = OSSL_PARAM_construct_end();
1865
1866 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1867 goto err;
1868
00bc1ad9
RL		 1869 mdname[0] = '\0';
1870 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1871 mdname, sizeof(mdname));
9c45222d 1872 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 1873 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 1874 goto err;
1875
1876 /*
1877 * Test the TEST_PKEY_CTX_set_signature_md() and
1878 * TEST_PKEY_CTX_get_signature_md() functions
1879 */
1880 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1881 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1882 || !TEST_ptr_eq(md, EVP_sha256()))
1883 goto err;
1884
9a071fef
MC		 1885 /*
1886 * Test getting MD parameters via an associated EVP_PKEY_CTX
1887 */
1888 mdctx = EVP_MD_CTX_new();
1889 if (!TEST_ptr(mdctx)
d8652be0 1890 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
af6171b3 1891 pkey, NULL)))
9a071fef
MC		 1892 goto err;
1893
1894 /*
1895 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1896 * able to obtain the digest's settable parameters from the provider.
1897 */
1898 params = EVP_MD_CTX_settable_params(mdctx);
1899 if (!TEST_ptr(params)
1900 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1901 /* The final key should be NULL */
1902 || !TEST_ptr_null(params[1].key))
1903 goto err;
1904
1905 param = ourparams;
1906 memset(ssl3ms, 0, sizeof(ssl3ms));
1907 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1908 ssl3ms, sizeof(ssl3ms));
1909 *param++ = OSSL_PARAM_construct_end();
1910
1911 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1912 goto err;
1913
9c45222d
MC		 1914 ret = 1;
1915
1916 err:
9a071fef 1917 EVP_MD_CTX_free(mdctx);
9c45222d 1918 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 1919
1920 return ret;
1921}
1922
1923#ifndef OPENSSL_NO_DSA
1924static int test_DSA_get_set_params(void)
1925{
6ed4022c
RL		 1926 OSSL_PARAM_BLD *bld = NULL;
1927 OSSL_PARAM *params = NULL;
f54a4101 1928 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 1929 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 1930 EVP_PKEY *pkey = NULL;
1931 int ret = 0;
1932
1933 /*
1934 * Setup the parameters for our DSA object. For our purposes they don't
1935 * have to actually be *valid* parameters. We just need to set something.
1936 */
6ed4022c
RL		 1937 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
1938 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1939 || !TEST_ptr(p = BN_new())
1940 || !TEST_ptr(q = BN_new())
1941 || !TEST_ptr(g = BN_new())
1942 || !TEST_ptr(pub = BN_new())
1943 || !TEST_ptr(priv = BN_new()))
1944 goto err;
1945 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1946 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1947 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1948 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1949 pub))
1950 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1951 priv)))
1952 goto err;
1953 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 1954 goto err;
f54a4101 1955
2db985b7
SL		 1956 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1957 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
1958 params), 0))
f54a4101
RL		 1959 goto err;
1960
6ed4022c
RL		 1961 if (!TEST_ptr(pkey))
1962 goto err;
f54a4101
RL		 1963
1964 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1965
1966 err:
9c45222d 1967 EVP_PKEY_free(pkey);
6ed4022c
RL		 1968 EVP_PKEY_CTX_free(pctx);
1969 OSSL_PARAM_BLD_free_params(params);
1970 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 1971 BN_free(p);
1972 BN_free(q);
1973 BN_free(g);
cd32a0f5
RL		 1974 BN_free(pub);
1975 BN_free(priv);
9c45222d
MC		 1976
1977 return ret;
1978}
2c04b341
JS		 1979
1980/*
8a9394c1 1981 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 1982 * params to ensure they are all accepted
1983 */
1984static int test_DSA_priv_pub(void)
1985{
1986 return test_EVP_PKEY_ffc_priv_pub("DSA");
1987}
1988
1989#endif /* !OPENSSL_NO_DSA */
9c45222d 1990
f54a4101
RL		 1991static int test_RSA_get_set_params(void)
1992{
d7e498ac
RL		 1993 OSSL_PARAM_BLD *bld = NULL;
1994 OSSL_PARAM *params = NULL;
f54a4101 1995 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 1996 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 1997 EVP_PKEY *pkey = NULL;
1998 int ret = 0;
1999
2000 /*
2001 * Setup the parameters for our RSA object. For our purposes they don't
2002 * have to actually be *valid* parameters. We just need to set something.
2003 */
d7e498ac
RL		 2004 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2005 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2006 || !TEST_ptr(n = BN_new())
2007 || !TEST_ptr(e = BN_new())
2008 || !TEST_ptr(d = BN_new()))
2009 goto err;
2010 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2012 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2013 goto err;
2014 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2015 goto err;
f54a4101 2016
2db985b7
SL		 2017 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2018 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2019 params), 0))
f54a4101
RL		 2020 goto err;
2021
d7e498ac
RL		 2022 if (!TEST_ptr(pkey))
2023 goto err;
f54a4101
RL		 2024
2025 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2026
2027 err:
2028 EVP_PKEY_free(pkey);
d7e498ac
RL		 2029 EVP_PKEY_CTX_free(pctx);
2030 OSSL_PARAM_BLD_free_params(params);
2031 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2032 BN_free(n);
2033 BN_free(e);
2034 BN_free(d);
2035
2036 return ret;
2037}
2038
b4be6937
MC		 2039#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2040static int test_decrypt_null_chunks(void)
2041{
2042 EVP_CIPHER_CTX* ctx = NULL;
2043 const unsigned char key[32] = {
2044 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2045 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2046 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2047 };
2048 unsigned char iv[12] = {
2049 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2050 };
2051 unsigned char msg[] = "It was the best of times, it was the worst of times";
2052 unsigned char ciphertext[80];
2053 unsigned char plaintext[80];
2054 /* We initialise tmp to a non zero value on purpose */
2055 int ctlen, ptlen, tmp = 99;
2056 int ret = 0;
2057 const int enc_offset = 10, dec_offset = 20;
2058
2059 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2060 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
2061 key, iv))
2062 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2063 enc_offset))
2064 /* Deliberate add a zero length update */
2065 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2066 0))
2067 || !TEST_int_eq(tmp, 0)
2068 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2069 msg + enc_offset,
2070 sizeof(msg) - enc_offset))
2071 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2072 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2073 || !TEST_int_eq(tmp, 0))
2074 goto err;
2075
2076 /* Deliberately initialise tmp to a non zero value */
2077 tmp = 99;
2078 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
2079 iv))
2080 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2081 dec_offset))
2082 /*
2083 * Deliberately add a zero length update. We also deliberately do
2084 * this at a different offset than for encryption.
2085 */
2086 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2087 0))
2088 || !TEST_int_eq(tmp, 0)
2089 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2090 ciphertext + dec_offset,
2091 ctlen - dec_offset))
2092 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2093 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2094 || !TEST_int_eq(tmp, 0)
2095 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2096 goto err;
2097
2098 ret = 1;
2099 err:
2100 EVP_CIPHER_CTX_free(ctx);
2101 return ret;
2102}
2103#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2104
2c04b341
JS		 2105#ifndef OPENSSL_NO_DH
2106/*
8a9394c1 2107 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2108 * params to ensure they are all accepted
2109 */
2110static int test_DH_priv_pub(void)
2111{
2112 return test_EVP_PKEY_ffc_priv_pub("DH");
2113}
2114
2115# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2116static int test_EVP_PKEY_set1_DH(void)
2117{
ca2bf555
SL		 2118 DH *x942dh = NULL, *noqdh = NULL;
2119 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2120 int ret = 0;
ca2bf555
SL		 2121 BIGNUM *p, *g = NULL;
2122
2123 if (!TEST_ptr(p = BN_new())
2124 || !TEST_ptr(g = BN_new())
2125 || !BN_set_word(p, 9999)
2126 || !BN_set_word(g, 2)
2127 || !TEST_ptr(noqdh = DH_new())
2128 || !DH_set0_pqg(noqdh, p, NULL, g))
2129 goto err;
2130 p = g = NULL;
e295de1d
MC		 2131
2132 x942dh = DH_get_2048_256();
e295de1d
MC		 2133 pkey1 = EVP_PKEY_new();
2134 pkey2 = EVP_PKEY_new();
2135 if (!TEST_ptr(x942dh)
ca2bf555 2136 || !TEST_ptr(noqdh)
e295de1d
MC		 2137 || !TEST_ptr(pkey1)
2138 || !TEST_ptr(pkey2))
2139 goto err;
2140
2141 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2142 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2143 goto err;
2144
ca2bf555 2145 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
e295de1d
MC		 2146 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2147 goto err;
2148
2149 ret = 1;
2150 err:
ca2bf555
SL		 2151 BN_free(p);
2152 BN_free(g);
e295de1d
MC		 2153 EVP_PKEY_free(pkey1);
2154 EVP_PKEY_free(pkey2);
2155 DH_free(x942dh);
ca2bf555 2156 DH_free(noqdh);
e295de1d
MC		 2157
2158 return ret;
2159}
2c04b341
JS		 2160# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2161#endif /* !OPENSSL_NO_DH */
e295de1d 2162
8a5cb596
RL		 2163/*
2164 * We test what happens with an empty template. For the sake of this test,
2165 * the template must be ignored, and we know that's the case for RSA keys
2166 * (this might arguably be a misfeature, but that's what we currently do,
2167 * even in provider code, since that's how the legacy RSA implementation
2168 * does things)
2169 */
2170static int test_keygen_with_empty_template(int n)
2171{
2172 EVP_PKEY_CTX *ctx = NULL;
2173 EVP_PKEY *pkey = NULL;
2174 EVP_PKEY *tkey = NULL;
2175 int ret = 0;
2176
2177 switch (n) {
2178 case 0:
2179 /* We do test with no template at all as well */
2180 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2181 goto err;
2182 break;
2183 case 1:
2184 /* Here we create an empty RSA key that serves as our template */
2185 if (!TEST_ptr(tkey = EVP_PKEY_new())
2186 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2187 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2188 goto err;
2189 break;
2190 }
2191
2192 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2193 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2194 goto err;
2195
2196 ret = 1;
2197 err:
2198 EVP_PKEY_CTX_free(ctx);
2199 EVP_PKEY_free(pkey);
2200 EVP_PKEY_free(tkey);
2201 return ret;
2202}
2203
5ddec6a7
MC		 2204/*
2205 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2206 * in the current library context (unless we are using an algorithm that
2207 * should be made available via legacy codepaths).
2208 *
2209 * 0: RSA
2210 * 1: SM2
5ddec6a7
MC		 2211 */
2212static int test_pkey_ctx_fail_without_provider(int tst)
2213{
b4250010 2214 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
5ddec6a7
MC		 2215 OSSL_PROVIDER *nullprov = NULL;
2216 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2217 const char *keytype = NULL;
2218 int expect_null = 0;
5ddec6a7
MC		 2219 int ret = 0;
2220
2221 if (!TEST_ptr(tmpctx))
2222 goto err;
2223
2224 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
2225 if (!TEST_ptr(nullprov))
2226 goto err;
2227
5ddec6a7 2228 /*
08497fc6
RL		 2229 * We check for certain algos in the null provider.
2230 * If an algo is expected to have a provider keymgmt, contructing an
2231 * EVP_PKEY_CTX is expected to fail (return NULL).
2232 * Otherwise, if it's expected to have legacy support, contructing an
2233 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2234 */
08497fc6
RL		 2235 switch (tst) {
2236 case 0:
2237 keytype = "RSA";
2238 expect_null = 1;
2239 break;
2240 case 1:
2241 keytype = "SM2";
d0b79f86 2242 expect_null = 1;
08497fc6
RL		 2243#ifdef OPENSSL_NO_EC
2244 TEST_info("EC disable, skipping SM2 check...");
2245 goto end;
2246#endif
2247#ifdef OPENSSL_NO_SM2
2248 TEST_info("SM2 disable, skipping SM2 check...");
2249 goto end;
2250#endif
2251 break;
2252 default:
2253 TEST_error("No test for case %d", tst);
2254 goto err;
2255 }
2256
2257 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2258 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 2259 goto err;
2260
08497fc6
RL		 2261#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2262 end:
2263#endif
5ddec6a7
MC		 2264 ret = 1;
2265
2266 err:
2267 EVP_PKEY_CTX_free(pctx);
2268 OSSL_PROVIDER_unload(nullprov);
b4250010 2269 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 2270 return ret;
2271}
2272
1c19ff3c
P		 2273static int test_rand_agglomeration(void)
2274{
2275 EVP_RAND *rand;
2276 EVP_RAND_CTX *ctx;
2277 OSSL_PARAM params[3], *p = params;
2278 int res;
2279 unsigned int step = 7;
2280 static unsigned char seed[] = "It does not matter how slowly you go "
2281 "as long as you do not stop.";
2282 unsigned char out[sizeof(seed)];
2283
2284 if (!TEST_int_ne(sizeof(seed) % step, 0)
2285 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2286 return 0;
2287 ctx = EVP_RAND_CTX_new(rand, NULL);
2288 EVP_RAND_free(rand);
2289 if (!TEST_ptr(ctx))
2290 return 0;
2291
2292 memset(out, 0, sizeof(out));
2293 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2294 seed, sizeof(seed));
0d4460d2 2295 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c
P		 2296 *p = OSSL_PARAM_construct_end();
2297 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2298 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2299 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2300 EVP_RAND_CTX_free(ctx);
2301 return res;
2302}
2303
440b852a
BK		 2304/*
2305 * Test that we correctly return the original or "running" IV after
2306 * an encryption operation.
2307 * Run multiple times for some different relevant algorithms/modes.
2308 */
2309static int test_evp_iv(int idx)
2310{
2311 int ret = 0;
2312 EVP_CIPHER_CTX *ctx = NULL;
2313 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2314 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2315 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2316 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2317 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2318 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2319 9, 10, 11, 12, 13, 14, 15, 16 };
2320 unsigned char ciphertext[32], oiv[16], iv[16];
2321 unsigned char *ref_iv;
2322 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2323 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2324
2325 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2326 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2327 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2328 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2329 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2330#ifndef OPENSSL_NO_OCB
2331 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2332 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2333#endif
2334 int len = sizeof(ciphertext);
2335 size_t ivlen, ref_len;
2336 const EVP_CIPHER *type = NULL;
2337
2338 switch(idx) {
2339 case 0:
2340 type = EVP_aes_128_cbc();
2341 /* FALLTHROUGH */
2342 case 5:
2343 type = (type != NULL) ? type :
2344 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2345 ref_iv = cbc_state;
2346 ref_len = sizeof(cbc_state);
2347 break;
2348 case 1:
2349 type = EVP_aes_128_ofb();
2350 /* FALLTHROUGH */
2351 case 6:
2352 type = (type != NULL) ? type :
2353 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2354 ref_iv = ofb_state;
2355 ref_len = sizeof(ofb_state);
2356 break;
2357 case 2:
2358 type = EVP_aes_128_gcm();
2359 /* FALLTHROUGH */
2360 case 7:
2361 type = (type != NULL) ? type :
2362 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2363 ref_iv = gcm_state;
2364 ref_len = sizeof(gcm_state);
2365 break;
2366 case 3:
2367 type = EVP_aes_128_ccm();
2368 /* FALLTHROUGH */
2369 case 8:
2370 type = (type != NULL) ? type :
2371 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2372 ref_iv = ccm_state;
2373 ref_len = sizeof(ccm_state);
2374 break;
2375#ifdef OPENSSL_NO_OCB
2376 case 4:
2377 case 9:
2378 return 1;
2379#else
2380 case 4:
2381 type = EVP_aes_128_ocb();
2382 /* FALLTHROUGH */
2383 case 9:
2384 type = (type != NULL) ? type :
2385 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2386 ref_iv = ocb_state;
2387 ref_len = sizeof(ocb_state);
2388 break;
2389#endif
2390 default:
2391 return 0;
2392 }
2393
2394 if (!TEST_ptr(type)
2395 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2396 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2397 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2398 (int)sizeof(msg)))
0d83b7b9
TM		 2399 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2400 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 2401 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2402 goto err;
2403 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2404 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2405 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2406 goto err;
2407
2408 ret = 1;
2409err:
2410 EVP_CIPHER_CTX_free(ctx);
2411 if (idx >= 5)
2412 EVP_CIPHER_free((EVP_CIPHER *)type);
2413 return ret;
2414}
2415
c0ff1932
BK		 2416#ifndef OPENSSL_NO_EC
2417static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2418 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2419 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2420 NID_brainpoolP384r1, NID_brainpoolP512r1};
2421
2422static int test_ecpub(int idx)
2423{
ad7cb0bf 2424 int ret = 0, len, savelen;
c0ff1932
BK		 2425 int nid;
2426 unsigned char buf[1024];
2427 unsigned char *p;
2428 EVP_PKEY *pkey = NULL;
2429 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 2430# ifndef OPENSSL_NO_DEPRECATED_3_0
2431 const unsigned char *q;
2432 EVP_PKEY *pkey2 = NULL;
2433 EC_KEY *ec = NULL;
2434# endif
c0ff1932
BK		 2435
2436 nid = ecpub_nids[idx];
2437
2438 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2439 if (!TEST_ptr(ctx)
2440 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2441 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2442 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2443 goto done;
2444 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 2445 savelen = len;
c0ff1932
BK		 2446 if (!TEST_int_ge(len, 1)
2447 || !TEST_int_lt(len, 1024))
2448 goto done;
2449 p = buf;
2450 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 2451 if (!TEST_int_ge(len, 1)
2452 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 2453 goto done;
2454
3d364726
BK		 2455# ifndef OPENSSL_NO_DEPRECATED_3_0
2456 /* Now try to decode the just-created DER. */
2457 q = buf;
2458 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2459 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2460 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2461 goto done;
2462 /* EC_KEY ownership transferred */
2463 ec = NULL;
2464 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2465 goto done;
2466 /* The keys should match. */
2467 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2468 goto done;
2469# endif
2470
c0ff1932
BK		 2471 ret = 1;
2472
2473 done:
2474 EVP_PKEY_CTX_free(ctx);
2475 EVP_PKEY_free(pkey);
3d364726
BK		 2476# ifndef OPENSSL_NO_DEPRECATED_3_0
2477 EVP_PKEY_free(pkey2);
2478 EC_KEY_free(ec);
2479# endif
c0ff1932
BK		 2480 return ret;
2481}
2482#endif
2483
e947a064
DB		 2484static int test_EVP_rsa_pss_with_keygen_bits(void)
2485{
2486 int ret;
e947a064
DB		 2487 EVP_PKEY_CTX *ctx;
2488 EVP_PKEY *pkey;
2489 const EVP_MD *md;
2490 pkey = NULL;
2491 ret = 0;
e947a064 2492
1cba8623 2493 md = EVP_get_digestbyname("sha256");
e947a064
DB		 2494 ret = TEST_ptr((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL)))
2495 && TEST_true(EVP_PKEY_keygen_init(ctx))
2496 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2497 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2498 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2499
2500 EVP_PKEY_free(pkey);
2501 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 2502 return ret;
2503}
2504
5eb73cfb
MC		 2505static int success = 1;
2506static void md_names(const char *name, void *vctx)
2507{
2508 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2509 /* Force a namemap update */
2510 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2511
2512 if (!TEST_ptr(aes128))
2513 success = 0;
2514
2515 EVP_CIPHER_free(aes128);
2516}
2517
2518/*
2519 * Test that changing the namemap in a user callback works in a names_do_all
2520 * function.
2521 */
2522static int test_names_do_all(void)
2523{
2524 /* We use a custom libctx so that we know the state of the namemap */
2525 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2526 EVP_MD *sha256 = NULL;
2527 int testresult = 0;
2528
2529 if (!TEST_ptr(ctx))
2530 goto err;
2531
2532 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2533 if (!TEST_ptr(sha256))
2534 goto err;
2535
2536 /*
2537 * We loop through all the names for a given digest. This should still work
2538 * even if the namemap changes part way through.
2539 */
2540 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2541 goto err;
2542
2543 if (!TEST_true(success))
2544 goto err;
2545
2546 testresult = 1;
2547 err:
2548 EVP_MD_free(sha256);
2549 OSSL_LIB_CTX_free(ctx);
2550 return testresult;
2551}
e947a064 2552
ad887416 2553int setup_tests(void)
71ea6b48 2554{
b4250010 2555 testctx = OSSL_LIB_CTX_new();
86dc26ba
MC		 2556
2557 if (!TEST_ptr(testctx))
2558 return 0;
2559
f9e504e8 2560 ADD_TEST(test_EVP_set_default_properties);
6d242fa5 2561 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
adcd8e37 2562 ADD_TEST(test_EVP_DigestVerifyInit);
8d8dd09b 2563 ADD_TEST(test_EVP_Digest);
2eb2b4f3 2564 ADD_TEST(test_EVP_Enveloped);
ad887416 2565 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 2566 ADD_TEST(test_privatekey_to_pkcs8);
a9880362 2567#ifndef OPENSSL_NO_EC
adcd8e37 2568 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 2569#endif
f0c62c53
RL		 2570#ifndef OPENSSL_NO_EC
2571 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2572#endif
f844f9eb 2573#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ddb634fe 2574 ADD_TEST(test_EVP_SM2);
a6c4cb84 2575 ADD_TEST(test_EVP_SM2_verify);
a9880362 2576#endif
bb5f281a 2577 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 2578#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2579 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2580 if (!TEST_ptr(custom_pmeth))
2581 return 0;
2582 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 2583 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2584 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 2585 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2586 return 0;
41bbba53 2587#endif
2aee35d3 2588 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 2589#ifndef OPENSSL_NO_CMAC
a87820e1 2590 ADD_TEST(test_CMAC_keygen);
fab8fde3 2591#endif
10d5b415 2592 ADD_TEST(test_HKDF);
2cd3ebc7 2593 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 2594#ifndef OPENSSL_NO_EC
2595 ADD_TEST(test_X509_PUBKEY_inplace);
cad8347b
SL		 2596 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2597 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 2598#endif
8d0f8c81 2599#ifndef OPENSSL_NO_DSA
f54a4101 2600 ADD_TEST(test_DSA_get_set_params);
2c04b341 2601 ADD_TEST(test_DSA_priv_pub);
b4be6937 2602#endif
f54a4101 2603 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 2604#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2605 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 2606#endif
2c04b341
JS		 2607#ifndef OPENSSL_NO_DH
2608 ADD_TEST(test_DH_priv_pub);
2609# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 2610 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 2611# endif
b8a1272d
MC		 2612#endif
2613#ifndef OPENSSL_NO_EC
2614 ADD_TEST(test_EC_priv_pub);
2615# ifndef OPENSSL_NO_DEPRECATED_3_0
2616 ADD_TEST(test_EC_priv_only_legacy);
2617# endif
501fcfb8 2618#endif
8a5cb596 2619 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 2620 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 2621
1c19ff3c 2622 ADD_TEST(test_rand_agglomeration);
440b852a 2623 ADD_ALL_TESTS(test_evp_iv, 10);
e947a064 2624 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
c0ff1932
BK		 2625#ifndef OPENSSL_NO_EC
2626 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2627#endif
1c19ff3c 2628
5eb73cfb
MC		 2629 ADD_TEST(test_names_do_all);
2630
ad887416 2631 return 1;
71ea6b48 2632}
86dc26ba
MC		 2633
2634void cleanup_tests(void)
2635{
b4250010 2636 OSSL_LIB_CTX_free(testctx);
86dc26ba 2637}
A mirror of the official openssl repository