]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_extra_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update the SSL_CTX_set1_groups documentation
[thirdparty/openssl.git] / test / evp_extra_test.c
CommitLineData
440e5d80 1/*
fecb3aae 2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
71ea6b48 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
71ea6b48
MC		 8 */
9
41bbba53
P		 10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
71ea6b48
MC		 13#include <stdio.h>
14#include <stdlib.h>
bb5f281a 15#include <string.h>
71ea6b48 16#include <openssl/bio.h>
7bb82f92 17#include <openssl/conf.h>
71ea6b48
MC		 18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
71ea6b48 21#include <openssl/x509.h>
4803717f 22#include <openssl/pem.h>
10d5b415 23#include <openssl/kdf.h>
847d0f81 24#include <openssl/provider.h>
9c45222d 25#include <openssl/core_names.h>
f54a4101 26#include <openssl/params.h>
d7e498ac 27#include <openssl/param_build.h>
9c45222d 28#include <openssl/dsa.h>
e295de1d 29#include <openssl/dh.h>
e5bc0ce2 30#include <openssl/aes.h>
d7e498ac 31#include <openssl/decoder.h>
e947a064 32#include <openssl/rsa.h>
0299094c 33#include <openssl/engine.h>
adcd8e37 34#include "testutil.h"
176db6dc 35#include "internal/nelem.h"
00bc1ad9 36#include "internal/sizes.h"
25f2138b 37#include "crypto/evp.h"
71ea6b48 38
b4250010 39static OSSL_LIB_CTX *testctx = NULL;
062490db
JS		 40static char *testpropq = NULL;
41
42static OSSL_PROVIDER *nullprov = NULL;
43static OSSL_PROVIDER *deflprov = NULL;
44static OSSL_PROVIDER *lgcyprov = NULL;
86dc26ba 45
71ea6b48
MC		 46/*
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
49 */
50static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
102};
103
59d0e6c8
MC		 104/*
105* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
107 */
f650ab47 108#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 109static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 0x40, 0x48
148};
f650ab47 149#endif
59d0e6c8 150
2aee35d3
PY		 151/*
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
154 */
155static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
245};
246
995eccb6
MC		 247/*
248 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
249 * values are 0.
250 */
251static const unsigned char kExampleBad2RSAKeyDER[] = {
252 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
253 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00
255};
256
71ea6b48
MC		 257static const unsigned char kMsg[] = { 1, 2, 3, 4 };
258
259static const unsigned char kSignature[] = {
260 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
261 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
262 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
263 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
264 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
265 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
266 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
267 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
268 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
269 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
270 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
271};
272
273/*
274 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
275 * PrivateKeyInfo.
276 */
277static const unsigned char kExampleRSAKeyPKCS8[] = {
278 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
279 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
280 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
281 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
282 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
283 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
284 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
285 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
286 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
287 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
288 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
289 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
290 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
291 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
292 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
293 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
294 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
295 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
296 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
297 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
298 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
299 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
300 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
301 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
302 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
303 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
304 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
305 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
306 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
307 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
308 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
309 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
310 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
311 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
312 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
313 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
314 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
315 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
316 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
317 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
318 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
319 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
320 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
321 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
322 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
323 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
324 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
325 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
326 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
327 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
328 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
329 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
330 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
331};
332
a9880362 333#ifndef OPENSSL_NO_EC
71ea6b48
MC		 334/*
335 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
336 * structure.
337 */
338static const unsigned char kExampleECKeyDER[] = {
339 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
340 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
341 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
342 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
344 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
345 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
346 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
347 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
348 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
349 0xc1,
350};
351
352/*
353 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
354 * structure. The private key is equal to the order and will fail to import
355 */
356static const unsigned char kExampleBadECKeyDER[] = {
357 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
358 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
359 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
360 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
361 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
362 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
363 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
364 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
365 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
366};
b0004708
PY		 367
368/* prime256v1 */
369static const unsigned char kExampleECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378};
379
5dc40a83 380/*
87762939 381 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
5dc40a83
BE		 382 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
383 */
384static const unsigned char kExampleBadECPubKeyDER[] = {
385 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
386 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
387 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
388 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
389 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
390 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
391 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
392 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
393};
394
b0004708
PY		 395static const unsigned char pExampleECParamDER[] = {
396 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
397};
2cf8bb46
MC		 398
399static const unsigned char kExampleED25519KeyDER[] = {
400 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
401 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
402 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
403 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
404};
405
406static const unsigned char kExampleED25519PubKeyDER[] = {
407 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
408 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
409 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
410 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
411};
412
a983764e
MC		 413# ifndef OPENSSL_NO_DEPRECATED_3_0
414static const unsigned char kExampleX25519KeyDER[] = {
415 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
416 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
417 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
418 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
419};
420# endif
421#endif
422
423/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
424#ifndef OPENSSL_NO_DEPRECATED_3_0
425# ifndef OPENSSL_NO_DH
426static const unsigned char kExampleDHKeyDER[] = {
427 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
428 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
429 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
430 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
431 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
432 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
433 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
434 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
435 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
436 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
437 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
438 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
439 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
440 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
441 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
442 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
443 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
444 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
445 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
446 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
447 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
448 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
449 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
450 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
451 0x2e, 0x87, 0x2a, 0x0b, 0x7a
452};
453# endif
a9880362 454#endif
71ea6b48 455
063e0197
JC		 456static const unsigned char kCFBDefaultKey[] = {
457 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
458 0x09, 0xCF, 0x4F, 0x3C
459};
460
461static const unsigned char kGCMDefaultKey[32] = { 0 };
462
463static const unsigned char kGCMResetKey[] = {
464 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
465 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
466 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
467};
468
469static const unsigned char iCFBIV[] = {
470 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
471 0x0C, 0x0D, 0x0E, 0x0F
472};
473
474static const unsigned char iGCMDefaultIV[12] = { 0 };
475
476static const unsigned char iGCMResetIV1[] = {
477 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
478};
479
480static const unsigned char iGCMResetIV2[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
482};
483
484static const unsigned char cfbPlaintext[] = {
485 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
486 0x73, 0x93, 0x17, 0x2A
487};
488
489static const unsigned char gcmDefaultPlaintext[16] = { 0 };
490
491static const unsigned char gcmResetPlaintext[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
493 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
494 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
495 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
497};
498
499static const unsigned char cfbCiphertext[] = {
500 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
501 0xE8, 0x3C, 0xFB, 0x4A
502};
503
504static const unsigned char gcmDefaultCiphertext[] = {
505 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
506 0xba, 0xf3, 0x9d, 0x18
507};
508
509static const unsigned char gcmResetCiphertext1[] = {
510 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
511 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
512 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
513 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
514 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
515};
516
517static const unsigned char gcmResetCiphertext2[] = {
518 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
519 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
520 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
521 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
522 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
523};
524
525static const unsigned char gcmAAD[] = {
526 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
527 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
528};
529
530static const unsigned char gcmDefaultTag[] = {
531 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
532 0xd4, 0x8a, 0xb9, 0x19
533};
534
535static const unsigned char gcmResetTag1[] = {
536 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
537 0xfe, 0x2e, 0xa8, 0xf2
538};
539
540static const unsigned char gcmResetTag2[] = {
541 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
542 0xbb, 0x2d, 0x55, 0x1b
543};
544
adcd8e37
RS		 545typedef struct APK_DATA_st {
546 const unsigned char *kder;
547 size_t size;
5b5eea4b 548 const char *keytype;
adcd8e37 549 int evptype;
2aee35d3 550 int check;
b0004708
PY		 551 int pub_check;
552 int param_check;
553 int type; /* 0 for private, 1 for public, 2 for params */
adcd8e37
RS		 554} APK_DATA;
555
556static APK_DATA keydata[] = {
5b5eea4b
SL		 557 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
558 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
aa24cd1b 559#ifndef OPENSSL_NO_EC
5b5eea4b 560 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
aa24cd1b 561#endif
adcd8e37
RS		 562};
563
2aee35d3 564static APK_DATA keycheckdata[] = {
2cf8bb46
MC		 565 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
566 0},
5b5eea4b 567 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
e6774a72 568 0, 1, 1, 0},
995eccb6
MC		 569 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
570 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
2aee35d3 571#ifndef OPENSSL_NO_EC
5b5eea4b 572 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
b0004708 573 /* group is also associated in our pub key */
2cf8bb46
MC		 574 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
575 1, 1},
576 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
577 2},
578 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
579 EVP_PKEY_ED25519, 1, 1, 1, 0},
580 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
581 EVP_PKEY_ED25519, 0, 1, 1, 1},
2aee35d3
PY		 582#endif
583};
584
d7e498ac
RL		 585static EVP_PKEY *load_example_key(const char *keytype,
586 const unsigned char *data, size_t data_len)
71ea6b48 587{
d7e498ac 588 const unsigned char **pdata = &data;
71ea6b48 589 EVP_PKEY *pkey = NULL;
d7e498ac 590 OSSL_DECODER_CTX *dctx =
fe75766c 591 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
062490db 592 testctx, testpropq);
71ea6b48 593
d7e498ac
RL		 594 /* |pkey| will be NULL on error */
595 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
596 OSSL_DECODER_CTX_free(dctx);
597 return pkey;
598}
71ea6b48 599
d7e498ac
RL		 600static EVP_PKEY *load_example_rsa_key(void)
601{
602 return load_example_key("RSA", kExampleRSAKeyDER,
603 sizeof(kExampleRSAKeyDER));
71ea6b48
MC		 604}
605
f650ab47 606#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 607static EVP_PKEY *load_example_dsa_key(void)
608{
6ed4022c
RL		 609 return load_example_key("DSA", kExampleDSAKeyDER,
610 sizeof(kExampleDSAKeyDER));
59d0e6c8 611}
f650ab47 612#endif
59d0e6c8 613
15ff7d7c
MC		 614#ifndef OPENSSL_NO_EC
615static EVP_PKEY *load_example_ec_key(void)
616{
617 return load_example_key("EC", kExampleECKeyDER,
618 sizeof(kExampleECKeyDER));
619}
620#endif
621
a983764e
MC		 622#ifndef OPENSSL_NO_DEPRECATED_3_0
623# ifndef OPENSSL_NO_DH
624static EVP_PKEY *load_example_dh_key(void)
625{
626 return load_example_key("DH", kExampleDHKeyDER,
627 sizeof(kExampleDHKeyDER));
628}
629# endif
630
631# ifndef OPENSSL_NO_EC
a983764e
MC		 632static EVP_PKEY *load_example_ed25519_key(void)
633{
634 return load_example_key("ED25519", kExampleED25519KeyDER,
635 sizeof(kExampleED25519KeyDER));
636}
637
638static EVP_PKEY *load_example_x25519_key(void)
639{
640 return load_example_key("X25519", kExampleX25519KeyDER,
641 sizeof(kExampleX25519KeyDER));
642}
643# endif
644#endif /* OPENSSL_NO_DEPRECATED_3_0 */
645
6d242fa5
MC		 646static EVP_PKEY *load_example_hmac_key(void)
647{
648 EVP_PKEY *pkey = NULL;
649 unsigned char key[] = {
650 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
651 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
652 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
653 };
654
5af6e154
TM		 655 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
656 NULL, key, sizeof(key));
6d242fa5
MC		 657 if (!TEST_ptr(pkey))
658 return NULL;
659
660 return pkey;
661}
662
f9e504e8
P		 663static int test_EVP_set_default_properties(void)
664{
b4250010 665 OSSL_LIB_CTX *ctx;
f9e504e8
P		 666 EVP_MD *md = NULL;
667 int res = 0;
668
b4250010 669 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
f9e504e8
P		 670 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
671 goto err;
672 EVP_MD_free(md);
673 md = NULL;
674
675 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
676 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
677 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
678 goto err;
679 EVP_MD_free(md);
680 md = NULL;
681
682 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
683 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
684 goto err;
685 res = 1;
686err:
687 EVP_MD_free(md);
b4250010 688 OSSL_LIB_CTX_free(ctx);
f9e504e8
P		 689 return res;
690}
691
b8a1272d 692#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
5fbe15fd 693static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
b8a1272d
MC		 694{
695 EVP_PKEY_CTX *pctx = NULL;
5fbe15fd 696 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
b8a1272d 697
062490db 698 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
b8a1272d 699 goto err;
2db985b7 700 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
5fbe15fd 701 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
2db985b7 702 params), 0))
b8a1272d
MC		 703 goto err;
704
5fbe15fd 705 if (!TEST_ptr(tmp_pkey))
b8a1272d
MC		 706 goto err;
707
5fbe15fd
RL		 708 pkey = tmp_pkey;
709 tmp_pkey = NULL;
710 err:
711 EVP_PKEY_free(tmp_pkey);
712 EVP_PKEY_CTX_free(pctx);
713 return pkey;
714}
715
716static int test_selection(EVP_PKEY *pkey, int selection)
717{
718 int testresult = 0;
719 int ret;
720 BIO *bio = BIO_new(BIO_s_mem());
721
fd19fc4c
MC		 722 ret = PEM_write_bio_PUBKEY(bio, pkey);
723 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
724 if (!TEST_true(ret))
725 goto err;
726 } else {
727 if (!TEST_false(ret))
728 goto err;
729 }
730 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
731 testctx, NULL);
732 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
733 if (!TEST_true(ret))
734 goto err;
735 } else {
736 if (!TEST_false(ret))
737 goto err;
738 }
739
b8a1272d
MC		 740 testresult = 1;
741 err:
fd19fc4c 742 BIO_free(bio);
b8a1272d
MC		 743
744 return testresult;
745}
746#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
747
2c04b341 748/*
8a9394c1 749 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 750 * params to ensure they are all accepted
751 */
b8a1272d 752#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
2c04b341
JS		 753static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
754{
755 OSSL_PARAM_BLD *bld = NULL;
756 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 757 EVP_PKEY *just_params = NULL;
758 EVP_PKEY *params_and_priv = NULL;
759 EVP_PKEY *params_and_pub = NULL;
760 EVP_PKEY *params_and_keypair = NULL;
2c04b341 761 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2c04b341
JS		 762 int ret = 0;
763
764 /*
765 * Setup the parameters for our pkey object. For our purposes they don't
766 * have to actually be *valid* parameters. We just need to set something.
767 */
b8a1272d 768 if (!TEST_ptr(p = BN_new())
2c04b341
JS		 769 || !TEST_ptr(q = BN_new())
770 || !TEST_ptr(g = BN_new())
771 || !TEST_ptr(pub = BN_new())
772 || !TEST_ptr(priv = BN_new()))
773 goto err;
774
775 /* Test !priv and !pub */
776 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
780 goto err;
5fbe15fd
RL		 781 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
782 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
2c04b341
JS		 783 goto err;
784
3f883c7c 785 OSSL_PARAM_free(params);
2c04b341 786 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 787 params = NULL;
788 bld = NULL;
789
790 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
791 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
792 goto err;
2c04b341
JS		 793
794 /* Test priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
800 priv)))
801 goto err;
5fbe15fd
RL		 802 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
803 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
2c04b341
JS		 804 goto err;
805
3f883c7c 806 OSSL_PARAM_free(params);
2c04b341 807 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 808 params = NULL;
809 bld = NULL;
810
811 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
812 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
813 goto err;
2c04b341
JS		 814
815 /* Test !priv and pub */
816 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
821 pub)))
822 goto err;
5fbe15fd
RL		 823 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
824 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
2c04b341
JS		 825 goto err;
826
3f883c7c 827 OSSL_PARAM_free(params);
2c04b341 828 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 829 params = NULL;
830 bld = NULL;
831
832 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
833 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
834 goto err;
2c04b341
JS		 835
836 /* Test priv and pub */
837 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
842 pub))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
844 priv)))
845 goto err;
5fbe15fd
RL		 846 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
847 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
2c04b341
JS		 848 goto err;
849
5fbe15fd 850 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
2c04b341
JS		 851 goto err;
852
853 ret = 1;
854 err:
3f883c7c 855 OSSL_PARAM_free(params);
2c04b341 856 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 857 EVP_PKEY_free(just_params);
858 EVP_PKEY_free(params_and_priv);
859 EVP_PKEY_free(params_and_pub);
860 EVP_PKEY_free(params_and_keypair);
2c04b341
JS		 861 BN_free(p);
862 BN_free(q);
863 BN_free(g);
864 BN_free(pub);
865 BN_free(priv);
866
867 return ret;
868}
8a9394c1 869#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
2c04b341 870
b8a1272d
MC		 871/*
872 * Test combinations of private, public, missing and private + public key
873 * params to ensure they are all accepted for EC keys
874 */
875#ifndef OPENSSL_NO_EC
876static unsigned char ec_priv[] = {
877 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
878 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
879 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
880};
881static unsigned char ec_pub[] = {
882 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
883 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
884 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
885 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
886 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
887 0x08, 0x09, 0xb8, 0xdb, 0x03
888};
889
890static int test_EC_priv_pub(void)
891{
892 OSSL_PARAM_BLD *bld = NULL;
893 OSSL_PARAM *params = NULL;
5fbe15fd
RL		 894 EVP_PKEY *just_params = NULL;
895 EVP_PKEY *params_and_priv = NULL;
896 EVP_PKEY *params_and_pub = NULL;
897 EVP_PKEY *params_and_keypair = NULL;
b8a1272d
MC		 898 BIGNUM *priv = NULL;
899 int ret = 0;
3a1596f4 900 unsigned char *encoded = NULL;
b8a1272d
MC		 901
902 /*
903 * Setup the parameters for our pkey object. For our purposes they don't
904 * have to actually be *valid* parameters. We just need to set something.
905 */
906 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
907 goto err;
908
909 /* Test !priv and !pub */
910 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
911 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
912 OSSL_PKEY_PARAM_GROUP_NAME,
913 "P-256", 0)))
914 goto err;
5fbe15fd
RL		 915 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
916 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
b8a1272d
MC		 917 goto err;
918
3f883c7c 919 OSSL_PARAM_free(params);
b8a1272d 920 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 921 params = NULL;
922 bld = NULL;
923
924 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
925 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
926 goto err;
b8a1272d
MC		 927
928 /* Test priv and !pub */
929 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
930 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
931 OSSL_PKEY_PARAM_GROUP_NAME,
932 "P-256", 0))
933 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
934 priv)))
935 goto err;
5fbe15fd
RL		 936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
937 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
b8a1272d
MC		 938 goto err;
939
5fbe15fd
RL		 940 OSSL_PARAM_free(params);
941 OSSL_PARAM_BLD_free(bld);
942 params = NULL;
943 bld = NULL;
944
fd19fc4c 945 /*
5fbe15fd
RL		 946 * We indicate only parameters here, in spite of having built a key that
947 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
948 * expected to fail because it does not support exporting a private EC
949 * key without a corresponding public key
fd19fc4c 950 */
5fbe15fd
RL		 951 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
952 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
b8a1272d 953 goto err;
b8a1272d
MC		 954
955 /* Test !priv and pub */
956 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
957 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
958 OSSL_PKEY_PARAM_GROUP_NAME,
959 "P-256", 0))
960 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
961 OSSL_PKEY_PARAM_PUB_KEY,
962 ec_pub, sizeof(ec_pub))))
963 goto err;
5fbe15fd
RL		 964 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
965 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
b8a1272d
MC		 966 goto err;
967
3f883c7c 968 OSSL_PARAM_free(params);
b8a1272d 969 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 970 params = NULL;
971 bld = NULL;
972
973 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
974 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
975 goto err;
b8a1272d
MC		 976
977 /* Test priv and pub */
978 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
979 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
980 OSSL_PKEY_PARAM_GROUP_NAME,
981 "P-256", 0))
982 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
983 OSSL_PKEY_PARAM_PUB_KEY,
984 ec_pub, sizeof(ec_pub)))
d36a5dd0
MC		 985 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
986 priv)))
b8a1272d 987 goto err;
5fbe15fd
RL		 988 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
989 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
b8a1272d
MC		 990 goto err;
991
5fbe15fd 992 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
b8a1272d
MC		 993 goto err;
994
edc8566f
RL		 995 /* Try key equality */
996 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
997 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
998 0)
999 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1000 0)
1001 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1002 0)
1003 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1007 goto err;
1008
3a1596f4
TM		 1009 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1010 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1011 goto err;
1012 OPENSSL_free(encoded);
1013 encoded = NULL;
1014 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1015 OPENSSL_free(encoded);
1016 encoded = NULL;
1017 goto err;
1018 }
1019
b8a1272d
MC		 1020 ret = 1;
1021 err:
3f883c7c 1022 OSSL_PARAM_free(params);
b8a1272d 1023 OSSL_PARAM_BLD_free(bld);
5fbe15fd
RL		 1024 EVP_PKEY_free(just_params);
1025 EVP_PKEY_free(params_and_priv);
1026 EVP_PKEY_free(params_and_pub);
1027 EVP_PKEY_free(params_and_keypair);
b8a1272d
MC		 1028 BN_free(priv);
1029
1030 return ret;
1031}
1032
1033/* Test that using a legacy EC key with only a private key in it works */
1034# ifndef OPENSSL_NO_DEPRECATED_3_0
1035static int test_EC_priv_only_legacy(void)
1036{
1037 BIGNUM *priv = NULL;
1038 int ret = 0;
1039 EC_KEY *eckey = NULL;
2145ba5e 1040 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
b8a1272d
MC		 1041 EVP_MD_CTX *ctx = NULL;
1042
1043 /* Create the low level EC_KEY */
1044 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1045 goto err;
1046
1047 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1048 if (!TEST_ptr(eckey))
1049 goto err;
1050
1051 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1052 goto err;
1053
1054 pkey = EVP_PKEY_new();
1055 if (!TEST_ptr(pkey))
1056 goto err;
1057
1058 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1059 goto err;
1060 eckey = NULL;
1061
2145ba5e
TM		 1062 while (dup_pk == NULL) {
1063 ret = 0;
1064 ctx = EVP_MD_CTX_new();
1065 if (!TEST_ptr(ctx))
1066 goto err;
1067
1068 /*
1069 * The EVP_DigestSignInit function should create the key on the
1070 * provider side which is sufficient for this test.
1071 */
1072 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1073 testpropq, pkey, NULL)))
1074 goto err;
1075 EVP_MD_CTX_free(ctx);
1076 ctx = NULL;
1077
1078 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1079 goto err;
1080 /* EVP_PKEY_eq() returns -2 with missing public keys */
1081 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1082 EVP_PKEY_free(pkey);
1083 pkey = dup_pk;
1084 if (!ret)
1085 goto err;
1086 }
b8a1272d
MC		 1087
1088 err:
1089 EVP_MD_CTX_free(ctx);
1090 EVP_PKEY_free(pkey);
1091 EC_KEY_free(eckey);
1092 BN_free(priv);
1093
1094 return ret;
1095}
1096# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1097#endif /* OPENSSL_NO_EC */
1098
15ff7d7c
MC		 1099static int test_EVP_PKEY_sign(int tst)
1100{
1101 int ret = 0;
1102 EVP_PKEY *pkey = NULL;
1103 unsigned char *sig = NULL;
1104 size_t sig_len = 0, shortsig_len = 1;
1105 EVP_PKEY_CTX *ctx = NULL;
1106 unsigned char tbs[] = {
1107 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1108 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1109 };
1110
1287dabd 1111 if (tst == 0) {
15ff7d7c
MC		 1112 if (!TEST_ptr(pkey = load_example_rsa_key()))
1113 goto out;
1114 } else if (tst == 1) {
1115#ifndef OPENSSL_NO_DSA
1116 if (!TEST_ptr(pkey = load_example_dsa_key()))
1117 goto out;
1118#else
1119 ret = 1;
1120 goto out;
1121#endif
1122 } else {
1123#ifndef OPENSSL_NO_EC
1124 if (!TEST_ptr(pkey = load_example_ec_key()))
1125 goto out;
1126#else
1127 ret = 1;
1128 goto out;
1129#endif
1130 }
1131
1132 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1133 if (!TEST_ptr(ctx)
1134 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1135 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1136 sizeof(tbs)), 0))
1137 goto out;
1138 sig = OPENSSL_malloc(sig_len);
1139 if (!TEST_ptr(sig)
1140 /* Test sending a signature buffer that is too short is rejected */
1141 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1142 sizeof(tbs)), 0)
1143 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1144 0)
1145 /* Test the signature round-trips */
1146 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1147 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1148 0))
1149 goto out;
1150
1151 ret = 1;
1152 out:
1153 EVP_PKEY_CTX_free(ctx);
1154 OPENSSL_free(sig);
1155 EVP_PKEY_free(pkey);
1156 return ret;
1157}
1158
4547a719
P		 1159/*
1160 * n = 0 => test using legacy cipher
1161 * n = 1 => test using fetched cipher
1162 */
1163static int test_EVP_Enveloped(int n)
2eb2b4f3
SL		 1164{
1165 int ret = 0;
1166 EVP_CIPHER_CTX *ctx = NULL;
1167 EVP_PKEY *keypair = NULL;
1168 unsigned char *kek = NULL;
1169 unsigned char iv[EVP_MAX_IV_LENGTH];
1170 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1171 int len, kek_len, ciphertext_len, plaintext_len;
1172 unsigned char ciphertext[32], plaintext[16];
4547a719 1173 EVP_CIPHER *type = NULL;
062490db
JS		 1174
1175 if (nullprov != NULL)
1176 return TEST_skip("Test does not support a non-default library context");
1177
4547a719
P		 1178 if (n == 0)
1179 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1180 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1181 testpropq)))
1182 goto err;
2eb2b4f3
SL		 1183
1184 if (!TEST_ptr(keypair = load_example_rsa_key())
ed576acd 1185 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
2eb2b4f3
SL		 1186 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1187 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1188 &keypair, 1))
1189 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1190 msg, sizeof(msg)))
1191 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1192 &len)))
1193 goto err;
1194
1195 ciphertext_len += len;
1196
1197 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1198 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1199 ciphertext, ciphertext_len))
1200 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1201 goto err;
1202
1203 plaintext_len += len;
1204 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1205 goto err;
1206
1207 ret = 1;
1208err:
4547a719
P		 1209 if (n != 0)
1210 EVP_CIPHER_free(type);
2eb2b4f3
SL		 1211 OPENSSL_free(kek);
1212 EVP_PKEY_free(keypair);
1213 EVP_CIPHER_CTX_free(ctx);
1214 return ret;
1215}
1216
59d0e6c8 1217/*
6d242fa5
MC		 1218 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1219 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1220 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1221 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1222 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1223 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1224 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1225 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1226 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
15ff7d7c
MC		 1227 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1228 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1229 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1230 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1231 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1232 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
816f72d0 1233 * Test 15-29: Same as above with reinitialization
59d0e6c8
MC		 1234 */
1235static int test_EVP_DigestSignInit(int tst)
71ea6b48
MC		 1236{
1237 int ret = 0;
1238 EVP_PKEY *pkey = NULL;
78539b25 1239 unsigned char *sig = NULL, *sig2 = NULL;
15ff7d7c 1240 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
59d0e6c8
MC		 1241 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1242 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1243 BIO *mdbio = NULL, *membio = NULL;
1244 size_t written;
6d242fa5
MC		 1245 const EVP_MD *md;
1246 EVP_MD *mdexp = NULL;
816f72d0 1247 int reinit = 0;
59d0e6c8 1248
062490db
JS		 1249 if (nullprov != NULL)
1250 return TEST_skip("Test does not support a non-default library context");
1251
816f72d0
TM		 1252 if (tst >= 15) {
1253 reinit = 1;
1254 tst -= 15;
1255 }
1256
15ff7d7c 1257 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1258 membio = BIO_new(BIO_s_mem());
1259 mdbio = BIO_new(BIO_f_md());
1260 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1261 goto out;
1262 BIO_push(mdbio, membio);
1263 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1264 goto out;
1265 } else {
1266 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1267 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1268 goto out;
1269 }
71ea6b48 1270
15ff7d7c 1271 if (tst % 3 == 0) {
59d0e6c8
MC		 1272 if (!TEST_ptr(pkey = load_example_rsa_key()))
1273 goto out;
15ff7d7c 1274 } else if (tst % 3 == 1) {
f650ab47 1275#ifndef OPENSSL_NO_DSA
59d0e6c8
MC		 1276 if (!TEST_ptr(pkey = load_example_dsa_key()))
1277 goto out;
f650ab47
MC		 1278#else
1279 ret = 1;
1280 goto out;
1281#endif
6d242fa5
MC		 1282 } else {
1283 if (!TEST_ptr(pkey = load_example_hmac_key()))
1284 goto out;
59d0e6c8 1285 }
71ea6b48 1286
6d242fa5
MC		 1287 if (tst >= 3 && tst <= 5)
1288 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1289 else
1290 md = EVP_sha256();
1291
1292 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
71ea6b48 1293 goto out;
adcd8e37 1294
816f72d0
TM		 1295 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1296 goto out;
1297
15ff7d7c 1298 if (tst >= 6 && tst <= 8) {
59d0e6c8
MC		 1299 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1300 goto out;
15ff7d7c 1301 } else if (tst < 6) {
59d0e6c8
MC		 1302 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1303 goto out;
1304 }
1305
15ff7d7c
MC		 1306 if (tst >= 9) {
1307 /* Determine the size of the signature. */
1308 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1309 sizeof(kMsg)))
1310 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1311 goto out;
1312 if (tst <= 11) {
1313 /* Test that supply a short sig buffer fails */
1314 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1315 sizeof(kMsg))))
1316 goto out;
1317 /*
1318 * We end here because once EVP_DigestSign() has failed you should
1319 * not call it again without re-initing the ctx
1320 */
1321 ret = 1;
1322 goto out;
1323 }
1324 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1325 sizeof(kMsg))))
1326 goto out;
1327 } else {
1328 /* Determine the size of the signature. */
1329 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1330 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1331 /*
1332 * Trying to create a signature with a deliberately short
1333 * buffer should fail.
1334 */
1335 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1336 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1337 goto out;
1338 }
71ea6b48 1339
6d242fa5
MC		 1340 /*
1341 * Ensure that the signature round-trips (Verification isn't supported for
1342 * HMAC via EVP_DigestVerify*)
1343 */
15ff7d7c
MC		 1344 if (tst % 3 != 2) {
1345 if (tst >= 6 && tst <= 8) {
78539b25
TM		 1346 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1347 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1348 goto out;
1349 }
1350
6d242fa5
MC		 1351 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1352 NULL, pkey)))
59d0e6c8 1353 goto out;
6d242fa5 1354
15ff7d7c 1355 if (tst >= 6 && tst <= 8) {
6d242fa5
MC		 1356 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1357 goto out;
1358 } else {
1359 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1360 sizeof(kMsg))))
1361 goto out;
1362 }
e2e5e72d 1363 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
59d0e6c8 1364 goto out;
78539b25
TM		 1365
1366 /* Multiple calls to EVP_DigestVerifyFinal should work */
e2e5e72d 1367 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
78539b25
TM		 1368 goto out;
1369 } else {
1370 /*
1371 * For HMAC a doubled call to DigestSignFinal should produce the same
1372 * value as finalization should not happen.
1373 */
1374 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1375 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1376 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1377 goto out;
1378
1379 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1380 goto out;
59d0e6c8 1381 }
71ea6b48
MC		 1382
1383 ret = 1;
1384
1385 out:
59d0e6c8
MC		 1386 BIO_free(membio);
1387 BIO_free(mdbio);
1388 EVP_MD_CTX_free(a_md_ctx);
1389 EVP_MD_CTX_free(a_md_ctx_verify);
c5ba2d99 1390 EVP_PKEY_free(pkey);
b548a1f1 1391 OPENSSL_free(sig);
78539b25 1392 OPENSSL_free(sig2);
6d242fa5 1393 EVP_MD_free(mdexp);
71ea6b48
MC		 1394
1395 return ret;
1396}
1397
1398static int test_EVP_DigestVerifyInit(void)
1399{
1400 int ret = 0;
1401 EVP_PKEY *pkey = NULL;
adcd8e37 1402 EVP_MD_CTX *md_ctx = NULL;
71ea6b48 1403
062490db
JS		 1404 if (nullprov != NULL)
1405 return TEST_skip("Test does not support a non-default library context");
1406
adcd8e37
RS		 1407 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1408 || !TEST_ptr(pkey = load_example_rsa_key()))
1409 goto out;
71ea6b48 1410
adcd8e37
RS		 1411 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1412 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1413 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1414 sizeof(kSignature)), 0))
71ea6b48 1415 goto out;
ae6b68b7
TM		 1416
1417 /* test with reinitialization */
1418 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1419 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
e2e5e72d
PH		 1420 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1421 sizeof(kSignature)), 0))
ae6b68b7 1422 goto out;
71ea6b48
MC		 1423 ret = 1;
1424
1425 out:
bfb0641f 1426 EVP_MD_CTX_free(md_ctx);
c5ba2d99 1427 EVP_PKEY_free(pkey);
71ea6b48
MC		 1428 return ret;
1429}
1430
8cbfc4f6
TM		 1431#ifndef OPENSSL_NO_SIPHASH
1432/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1433static int test_siphash_digestsign(void)
1434{
1435 unsigned char key[16];
1436 unsigned char buf[8], digest[8];
1437 unsigned char expected[8] = {
1438 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1439 };
1440 EVP_PKEY *pkey = NULL;
1441 EVP_MD_CTX *mdctx = NULL;
1442 EVP_PKEY_CTX *ctx = NULL;
1443 int ret = 0;
1444 size_t len = 8;
1445
1446 if (nullprov != NULL)
1447 return TEST_skip("Test does not support a non-default library context");
1448
1449 memset(buf, 0, 8);
1450 memset(key, 1, 16);
1451 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1452 key, 16)))
1453 goto out;
1454
1455 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1456 goto out;
1457
1458 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1459 goto out;
1460 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1461 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1462 8, NULL), 1))
1463 goto out;
1464 /* reinitialize */
1465 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1466 goto out;
1467 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1468 goto out;
1469 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1470 goto out;
1471 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1472 goto out;
1473
1474 ret = 1;
1475 out:
1476 EVP_PKEY_free(pkey);
1477 EVP_MD_CTX_free(mdctx);
1478 return ret;
1479}
1480#endif
1481
8d8dd09b
TM		 1482/*
1483 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1484 */
1485static int test_EVP_Digest(void)
1486{
1487 int ret = 0;
1488 EVP_MD_CTX *md_ctx = NULL;
1489 unsigned char md[EVP_MAX_MD_SIZE];
062490db
JS		 1490 EVP_MD *sha256 = NULL;
1491 EVP_MD *shake256 = NULL;
8d8dd09b
TM		 1492
1493 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1494 goto out;
1495
062490db
JS		 1496 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1497 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1498 goto out;
1499
1500 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1501 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1502 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1503 /* EVP_DigestFinal resets the EVP_MD_CTX. */
f6c95e46 1504 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
8d8dd09b
TM		 1505 goto out;
1506
062490db 1507 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
8d8dd09b
TM		 1508 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1509 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1510 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
f6c95e46 1511 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1512 /*
1513 * EVP_DigestInit_ex with NULL type should work on
1514 * pre-initialized context.
1515 */
1516 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1517 goto out;
1518
062490db 1519 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
8d8dd09b
TM		 1520 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1521 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1522 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
f6c95e46 1523 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
8d8dd09b
TM		 1524 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1525 goto out;
1526 ret = 1;
1527
1528 out:
1529 EVP_MD_CTX_free(md_ctx);
062490db
JS		 1530 EVP_MD_free(sha256);
1531 EVP_MD_free(shake256);
8d8dd09b
TM		 1532 return ret;
1533}
1534
bef9b48e
TM		 1535static int test_EVP_md_null(void)
1536{
1537 int ret = 0;
1538 EVP_MD_CTX *md_ctx = NULL;
1539 const EVP_MD *md_null = EVP_md_null();
1540 unsigned char md_value[EVP_MAX_MD_SIZE];
1541 unsigned int md_len = sizeof(md_value);
1542
1543 if (nullprov != NULL)
1544 return TEST_skip("Test does not support a non-default library context");
1545
1546 if (!TEST_ptr(md_null)
1547 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1548 goto out;
1549
1550 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1551 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1552 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1553 goto out;
1554
1555 if (!TEST_uint_eq(md_len, 0))
1556 goto out;
1557
1558 ret = 1;
1559 out:
1560 EVP_MD_CTX_free(md_ctx);
1561 return ret;
1562}
1563
adcd8e37 1564static int test_d2i_AutoPrivateKey(int i)
71ea6b48
MC		 1565{
1566 int ret = 0;
1567 const unsigned char *p;
1568 EVP_PKEY *pkey = NULL;
adcd8e37
RS		 1569 const APK_DATA *ak = &keydata[i];
1570 const unsigned char *input = ak->kder;
1571 size_t input_len = ak->size;
1572 int expected_id = ak->evptype;
71ea6b48
MC		 1573
1574 p = input;
adcd8e37
RS		 1575 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1576 || !TEST_ptr_eq(p, input + input_len)
ed576acd 1577 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
71ea6b48 1578 goto done;
71ea6b48
MC		 1579
1580 ret = 1;
1581
1582 done:
c5ba2d99 1583 EVP_PKEY_free(pkey);
71ea6b48
MC		 1584 return ret;
1585}
1586
a9880362 1587#ifndef OPENSSL_NO_EC
cad8347b
SL		 1588
1589static const unsigned char ec_public_sect163k1_validxy[] = {
1590 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1591 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1592 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1593 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1594 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1595 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1596};
1597
1598static const unsigned char ec_public_sect163k1_badx[] = {
1599 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1600 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1601 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1602 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1603 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1604 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1605};
1606
1607static const unsigned char ec_public_sect163k1_bady[] = {
1608 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1609 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1610 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1611 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1612 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1613 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1614};
1615
1616static struct ec_der_pub_keys_st {
1617 const unsigned char *der;
1618 size_t len;
1619 int valid;
1620} ec_der_pub_keys[] = {
1621 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1622 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1623 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1624};
1625
1626/*
1627 * Tests the range of the decoded EC char2 public point.
1628 * See ec_GF2m_simple_oct2point().
1629 */
1630static int test_invalide_ec_char2_pub_range_decode(int id)
1631{
1632 int ret = 0;
5b5eea4b 1633 EVP_PKEY *pkey;
cad8347b 1634
5b5eea4b
SL		 1635 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1636 ec_der_pub_keys[id].len);
1637
1638 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1639 || TEST_ptr_null(pkey);
1640 EVP_PKEY_free(pkey);
cad8347b
SL		 1641 return ret;
1642}
1643
71ea6b48
MC		 1644/* Tests loading a bad key in PKCS8 format */
1645static int test_EVP_PKCS82PKEY(void)
1646{
1647 int ret = 0;
1648 const unsigned char *derp = kExampleBadECKeyDER;
1649 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1650 EVP_PKEY *pkey = NULL;
1651
adcd8e37
RS		 1652 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1653 sizeof(kExampleBadECKeyDER))))
1654 goto done;
71ea6b48 1655
adcd8e37
RS		 1656 if (!TEST_ptr_eq(derp,
1657 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
71ea6b48 1658 goto done;
71ea6b48 1659
adcd8e37 1660 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
71ea6b48 1661 goto done;
71ea6b48
MC		 1662
1663 ret = 1;
1664
1665 done:
e0e920b1 1666 PKCS8_PRIV_KEY_INFO_free(p8inf);
c5ba2d99 1667 EVP_PKEY_free(pkey);
71ea6b48
MC		 1668
1669 return ret;
1670}
8be513ae 1671
a9880362 1672#endif
8be513ae
DB		 1673static int test_EVP_PKCS82PKEY_wrong_tag(void)
1674{
1675 EVP_PKEY *pkey = NULL;
1676 EVP_PKEY *pkey2 = NULL;
1677 BIO *membio = NULL;
1678 char *membuf = NULL;
1679 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1680 int ok = 0;
1681
1682 if (testctx != NULL)
1683 /* test not supported with non-default context */
1684 return 1;
1685
1686 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1687 || !TEST_ptr(pkey = load_example_rsa_key())
1688 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1689 NULL, 0, NULL, NULL),
1690 0)
1691 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1692 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1693 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
5d8ad7d3 1694 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
8be513ae
DB		 1695 goto done;
1696 }
1697
1698 ok = 1;
1699 done:
1700 EVP_PKEY_free(pkey);
1701 EVP_PKEY_free(pkey2);
1702 PKCS8_PRIV_KEY_INFO_free(p8inf);
1703 BIO_free_all(membio);
1704 return ok;
1705}
71ea6b48 1706
29c49b25
RL		 1707/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1708static int test_privatekey_to_pkcs8(void)
1709{
1710 EVP_PKEY *pkey = NULL;
1711 BIO *membio = NULL;
1712 char *membuf = NULL;
e2cc68c8 1713 long membuf_len = 0;
29c49b25
RL		 1714 int ok = 0;
1715
1716 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1717 || !TEST_ptr(pkey = load_example_rsa_key())
1718 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1719 NULL, 0, NULL, NULL),
1720 0)
e2cc68c8
SL		 1721 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1722 || !TEST_ptr(membuf)
1723 || !TEST_mem_eq(membuf, (size_t)membuf_len,
29c49b25
RL		 1724 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1725 /*
1726 * We try to write PEM as well, just to see that it doesn't err, but
1727 * assume that the result is correct.
1728 */
1729 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1730 NULL, 0, NULL, NULL),
1731 0))
1732 goto done;
1733
1734 ok = 1;
1735 done:
1736 EVP_PKEY_free(pkey);
1737 BIO_free_all(membio);
1738 return ok;
1739}
1740
f0c62c53
RL		 1741#ifndef OPENSSL_NO_EC
1742static const struct {
1743 int encoding;
1744 const char *encoding_name;
1745} ec_encodings[] = {
1746 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1747 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1748};
1749
1750static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1751{
1752 const OSSL_PARAM *p;
1753 const char *enc_name = NULL;
1754 int *enc = arg;
1755 size_t i;
1756
1757 *enc = -1;
1758
1759 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1760 OSSL_PKEY_PARAM_EC_ENCODING))
1761 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1762 return 0;
1763
1764 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
fba140c7 1765 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
f0c62c53
RL		 1766 *enc = ec_encodings[i].encoding;
1767 break;
1768 }
1769 }
1770
1771 return (*enc != -1);
1772}
1773
1774static int test_EC_keygen_with_enc(int idx)
1775{
1776 EVP_PKEY *params = NULL, *key = NULL;
1777 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1778 int enc;
1779 int ret = 0;
1780
1781 enc = ec_encodings[idx].encoding;
1782
1783 /* Create key parameters */
1784 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
6e0b05f3 1785 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
56876ae9 1786 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
2cba2e16 1787 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
f0c62c53
RL		 1788 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1789 || !TEST_ptr(params))
1790 goto done;
1791
1792 /* Create key */
1793 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
bf4ceede 1794 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
f0c62c53
RL		 1795 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1796 || !TEST_ptr(key))
1797 goto done;
1798
1799 /* Check that the encoding got all the way into the key */
1800 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1801 ec_export_get_encoding_cb, &enc))
1802 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1803 goto done;
1804
1805 ret = 1;
1806 done:
1807 EVP_PKEY_free(key);
1808 EVP_PKEY_free(params);
1809 EVP_PKEY_CTX_free(kctx);
1810 EVP_PKEY_CTX_free(pctx);
1811 return ret;
1812}
1813#endif
1814
919adfcf 1815#if !defined(OPENSSL_NO_SM2)
ddb634fe 1816
a6c4cb84
JL		 1817static int test_EVP_SM2_verify(void)
1818{
a6c4cb84 1819 const char *pubkey =
d0b79f86
PY		 1820 "-----BEGIN PUBLIC KEY-----\n"
1821 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1822 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1823 "-----END PUBLIC KEY-----\n";
a6c4cb84
JL		 1824
1825 const char *msg = "message digest";
1826 const char *id = "ALICE123@YAHOO.COM";
1827
1828 const uint8_t signature[] = {
d0b79f86
PY		 1829 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1830 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1831 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1832 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1833 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1834 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1835 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
a6c4cb84
JL		 1836 };
1837
1838 int rc = 0;
1839 BIO *bio = NULL;
1840 EVP_PKEY *pkey = NULL;
1841 EVP_MD_CTX *mctx = NULL;
1842 EVP_PKEY_CTX *pctx = NULL;
062490db 1843 EVP_MD *sm3 = NULL;
a6c4cb84
JL		 1844
1845 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1846 if (!TEST_true(bio != NULL))
1847 goto done;
1848
062490db 1849 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
a6c4cb84
JL		 1850 if (!TEST_true(pkey != NULL))
1851 goto done;
1852
8a288609 1853 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
a6c4cb84
JL		 1854 goto done;
1855
1856 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1857 goto done;
1858
062490db 1859 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
a6c4cb84
JL		 1860 goto done;
1861
a6c4cb84
JL		 1862 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1863
062490db
JS		 1864 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1865 goto done;
1866
1867 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
a6c4cb84
JL		 1868 goto done;
1869
d0b79f86
PY		 1870 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1871 goto done;
1872
a6c4cb84
JL		 1873 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1874 goto done;
1875
e2e5e72d 1876 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
a6c4cb84
JL		 1877 goto done;
1878 rc = 1;
1879
1880 done:
1881 BIO_free(bio);
1882 EVP_PKEY_free(pkey);
1883 EVP_PKEY_CTX_free(pctx);
1884 EVP_MD_CTX_free(mctx);
062490db 1885 EVP_MD_free(sm3);
a6c4cb84
JL		 1886 return rc;
1887}
1888
ddb634fe
JL		 1889static int test_EVP_SM2(void)
1890{
1891 int ret = 0;
1892 EVP_PKEY *pkey = NULL;
bfb56a97 1893 EVP_PKEY *pkeyparams = NULL;
ddb634fe
JL		 1894 EVP_PKEY_CTX *pctx = NULL;
1895 EVP_PKEY_CTX *kctx = NULL;
4803717f 1896 EVP_PKEY_CTX *sctx = NULL;
ddb634fe
JL		 1897 size_t sig_len = 0;
1898 unsigned char *sig = NULL;
1899 EVP_MD_CTX *md_ctx = NULL;
1900 EVP_MD_CTX *md_ctx_verify = NULL;
1901 EVP_PKEY_CTX *cctx = NULL;
42423ac9 1902 EVP_MD *check_md = NULL;
ddb634fe
JL		 1903
1904 uint8_t ciphertext[128];
1905 size_t ctext_len = sizeof(ciphertext);
1906
1907 uint8_t plaintext[8];
1908 size_t ptext_len = sizeof(plaintext);
1909
4803717f
PY		 1910 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1911
bfb56a97
MC		 1912 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1913 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1914 int i;
a0fff549 1915 char mdname[OSSL_MAX_NAME_SIZE];
bfb56a97 1916
42423ac9
RL		 1917 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
1918 "SM2", testpropq)))
ddb634fe
JL		 1919 goto done;
1920
1921 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1922 goto done;
1923
2cba2e16 1924 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
ddb634fe
JL		 1925 goto done;
1926
bfb56a97 1927 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
ddb634fe
JL		 1928 goto done;
1929
42423ac9
RL		 1930 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
1931 pkeyparams, testpropq)))
ddb634fe
JL		 1932 goto done;
1933
bf4ceede 1934 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
ddb634fe
JL		 1935 goto done;
1936
1937 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1938 goto done;
1939
ddb634fe
JL		 1940 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1941 goto done;
1942
1943 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1944 goto done;
1945
062490db 1946 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
4803717f
PY		 1947 goto done;
1948
1949 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1951
42423ac9 1952 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
062490db
JS		 1953 goto done;
1954
42423ac9 1955 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
4803717f
PY		 1956 goto done;
1957
d0b79f86 1958 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
ddb634fe
JL		 1959 goto done;
1960
42423ac9 1961 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
ddb634fe
JL		 1962 goto done;
1963
1964 /* Determine the size of the signature. */
1965 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1966 goto done;
1967
ddb634fe
JL		 1968 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1969 goto done;
1970
1971 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1972 goto done;
1973
1974 /* Ensure that the signature round-trips. */
1975
42423ac9
RL		 1976 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1977 pkey)))
ddb634fe
JL		 1978 goto done;
1979
d0b79f86
PY		 1980 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1981 goto done;
1982
ddb634fe
JL		 1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1984 goto done;
1985
e2e5e72d 1986 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
ddb634fe
JL		 1987 goto done;
1988
707d4e06
TM		 1989 /*
1990 * Try verify again with non-matching 0 length id but ensure that it can
1991 * be set on the context and overrides the previous value.
1992 */
1993
1994 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
1995 pkey)))
1996 goto done;
1997
1998 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
1999 goto done;
2000
2001 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2002 goto done;
2003
2004 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2005 goto done;
2006
ddb634fe
JL		 2007 /* now check encryption/decryption */
2008
bfb56a97
MC		 2009 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2010 mdname, sizeof(mdname));
2011 for (i = 0; i < 2; i++) {
42423ac9
RL		 2012 const char *mdnames[] = {
2013#ifndef OPENSSL_NO_SM3
2014 "SM3",
2015#else
2016 NULL,
2017#endif
2018 "SHA2-256" };
bfb56a97 2019 EVP_PKEY_CTX_free(cctx);
ddb634fe 2020
42423ac9
RL		 2021 if (mdnames[i] == NULL)
2022 continue;
2023
2024 sparams[0] =
2025 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2026 (char *)mdnames[i], 0);
ddb634fe 2027
42423ac9
RL		 2028 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2029 pkey, testpropq)))
bfb56a97 2030 goto done;
ddb634fe 2031
bfb56a97
MC		 2032 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2033 goto done;
ddb634fe 2034
bfb56a97
MC		 2035 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2036 goto done;
ddb634fe 2037
bfb56a97
MC		 2038 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2039 sizeof(kMsg))))
2040 goto done;
ddb634fe 2041
bfb56a97
MC		 2042 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
2043 goto done;
2044
2045 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2046 goto done;
2047
0650ac43
PH		 2048 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2049 ctext_len), 0))
bfb56a97
MC		 2050 goto done;
2051
2052 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2053 goto done;
2054
42423ac9
RL		 2055 /*
2056 * Test we're still using the digest we think we are.
2057 * Because of aliases, the easiest is to fetch the digest and
2058 * check the name with EVP_MD_is_a().
2059 */
2060 EVP_MD_free(check_md);
2061 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
bfb56a97 2062 goto done;
42423ac9
RL		 2063 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2064 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
bfb56a97 2065 goto done;
42423ac9 2066 }
bfb56a97
MC		 2067
2068 if (!TEST_true(ptext_len == sizeof(kMsg)))
2069 goto done;
2070
2071 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2072 goto done;
2073 }
ddb634fe
JL		 2074
2075 ret = 1;
2076done:
2077 EVP_PKEY_CTX_free(pctx);
2078 EVP_PKEY_CTX_free(kctx);
4803717f 2079 EVP_PKEY_CTX_free(sctx);
ddb634fe
JL		 2080 EVP_PKEY_CTX_free(cctx);
2081 EVP_PKEY_free(pkey);
bfb56a97 2082 EVP_PKEY_free(pkeyparams);
ddb634fe
JL		 2083 EVP_MD_CTX_free(md_ctx);
2084 EVP_MD_CTX_free(md_ctx_verify);
42423ac9 2085 EVP_MD_free(check_md);
ddb634fe
JL		 2086 OPENSSL_free(sig);
2087 return ret;
2088}
2089
2090#endif
2091
bb5f281a
MC		 2092static struct keys_st {
2093 int type;
2094 char *priv;
2095 char *pub;
2096} keys[] = {
2097 {
2098 EVP_PKEY_HMAC, "0123456789", NULL
92b83537
TM		 2099 },
2100 {
2101 EVP_PKEY_HMAC, "", NULL
5af6e154 2102#ifndef OPENSSL_NO_POLY1305
bb5f281a
MC		 2103 }, {
2104 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
5af6e154
TM		 2105#endif
2106#ifndef OPENSSL_NO_SIPHASH
bb5f281a
MC		 2107 }, {
2108 EVP_PKEY_SIPHASH, "0123456789012345", NULL
5af6e154 2109#endif
896dcb80
MC		 2110 },
2111#ifndef OPENSSL_NO_EC
2112 {
bb5f281a
MC		 2113 EVP_PKEY_X25519, "01234567890123456789012345678901",
2114 "abcdefghijklmnopqrstuvwxyzabcdef"
2115 }, {
2116 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2117 "abcdefghijklmnopqrstuvwxyzabcdef"
2118 }, {
2119 EVP_PKEY_X448,
2120 "01234567890123456789012345678901234567890123456789012345",
2121 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2122 }, {
2123 EVP_PKEY_ED448,
2124 "012345678901234567890123456789012345678901234567890123456",
2125 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2126 }
896dcb80 2127#endif
bb5f281a
MC		 2128};
2129
86dc26ba 2130static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
bb5f281a
MC		 2131{
2132 int ret = 0;
2133 unsigned char buf[80];
2134 unsigned char *in;
15ff7d7c 2135 size_t inlen, len = 0, shortlen = 1;
bb5f281a
MC		 2136 EVP_PKEY *pkey;
2137
2138 /* Check if this algorithm supports public keys */
5af6e154 2139 if (pub && keys[tst].pub == NULL)
bb5f281a
MC		 2140 return 1;
2141
2142 memset(buf, 0, sizeof(buf));
2143
2144 if (pub) {
5af6e154 2145#ifndef OPENSSL_NO_EC
bb5f281a
MC		 2146 inlen = strlen(keys[tst].pub);
2147 in = (unsigned char *)keys[tst].pub;
86dc26ba 2148 if (uselibctx) {
d8652be0 2149 pkey = EVP_PKEY_new_raw_public_key_ex(
86dc26ba
MC		 2150 testctx,
2151 OBJ_nid2sn(keys[tst].type),
2152 NULL,
2153 in,
2154 inlen);
2155 } else {
2156 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2157 NULL,
2158 in,
2159 inlen);
2160 }
5af6e154
TM		 2161#else
2162 return 1;
2163#endif
bb5f281a
MC		 2164 } else {
2165 inlen = strlen(keys[tst].priv);
2166 in = (unsigned char *)keys[tst].priv;
86dc26ba 2167 if (uselibctx) {
d8652be0 2168 pkey = EVP_PKEY_new_raw_private_key_ex(
86dc26ba
MC		 2169 testctx, OBJ_nid2sn(keys[tst].type),
2170 NULL,
2171 in,
2172 inlen);
2173 } else {
2174 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2175 NULL,
2176 in,
2177 inlen);
2178 }
bb5f281a
MC		 2179 }
2180
2181 if (!TEST_ptr(pkey)
5af6e154 2182 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
bb5f281a
MC		 2183 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2184 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
15ff7d7c
MC		 2185 || !TEST_true(len == inlen))
2186 goto done;
2187 if (tst != 1) {
2188 /*
2189 * Test that supplying a buffer that is too small fails. Doesn't apply
2190 * to HMAC with a zero length key
2191 */
2192 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2193 &shortlen)))
2194 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2195 &shortlen))))
2196 goto done;
2197 }
2198 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
bb5f281a
MC		 2199 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2200 || !TEST_mem_eq(in, inlen, buf, len))
2201 goto done;
2202
2203 ret = 1;
2204 done:
2205 EVP_PKEY_free(pkey);
2206 return ret;
2207}
2208
2209static int test_set_get_raw_keys(int tst)
2210{
5af6e154 2211 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
86dc26ba 2212 && test_set_get_raw_keys_int(tst, 0, 1)
5af6e154 2213 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
86dc26ba 2214 && test_set_get_raw_keys_int(tst, 1, 1);
bb5f281a
MC		 2215}
2216
41bbba53 2217#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2218static int pkey_custom_check(EVP_PKEY *pkey)
2219{
2220 return 0xbeef;
2221}
2222
b0004708
PY		 2223static int pkey_custom_pub_check(EVP_PKEY *pkey)
2224{
2225 return 0xbeef;
2226}
2227
2228static int pkey_custom_param_check(EVP_PKEY *pkey)
2229{
2230 return 0xbeef;
2231}
2232
2aee35d3 2233static EVP_PKEY_METHOD *custom_pmeth;
41bbba53 2234#endif
2aee35d3
PY		 2235
2236static int test_EVP_PKEY_check(int i)
2237{
2238 int ret = 0;
2aee35d3
PY		 2239 EVP_PKEY *pkey = NULL;
2240 EVP_PKEY_CTX *ctx = NULL;
41bbba53 2241#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2242 EVP_PKEY_CTX *ctx2 = NULL;
41bbba53 2243#endif
2aee35d3
PY		 2244 const APK_DATA *ak = &keycheckdata[i];
2245 const unsigned char *input = ak->kder;
2246 size_t input_len = ak->size;
2247 int expected_id = ak->evptype;
2248 int expected_check = ak->check;
b0004708
PY		 2249 int expected_pub_check = ak->pub_check;
2250 int expected_param_check = ak->param_check;
2251 int type = ak->type;
b0004708 2252
5b5eea4b
SL		 2253 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2254 goto done;
2255 if (type == 0
ed576acd 2256 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
5b5eea4b 2257 goto done;
2aee35d3 2258
062490db 2259 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2aee35d3
PY		 2260 goto done;
2261
b0004708
PY		 2262 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2263 goto done;
2264
2265 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2266 goto done;
2267
2268 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2269 goto done;
2aee35d3 2270
41bbba53 2271#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 2272 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2273 /* assign the pkey directly, as an internal test */
2274 EVP_PKEY_up_ref(pkey);
2275 ctx2->pkey = pkey;
2276
2277 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2278 goto done;
2279
b0004708
PY		 2280 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2281 goto done;
2282
2283 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2284 goto done;
41bbba53 2285#endif
b0004708 2286
2aee35d3
PY		 2287 ret = 1;
2288
2289 done:
2290 EVP_PKEY_CTX_free(ctx);
41bbba53 2291#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3 2292 EVP_PKEY_CTX_free(ctx2);
41bbba53 2293#endif
2aee35d3
PY		 2294 EVP_PKEY_free(pkey);
2295 return ret;
2296}
2297
fab8fde3 2298#ifndef OPENSSL_NO_CMAC
e5bc0ce2
MC		 2299static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2300{
2301 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2302 const char msg[] = "Hello World";
cff7d58e 2303 size_t maclen = AES_BLOCK_SIZE;
e5bc0ce2
MC		 2304 int ret = 1;
2305
2306 if (!TEST_ptr(mdctx)
062490db
JS		 2307 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2308 testpropq, pkey, NULL))
e5bc0ce2
MC		 2309 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2310 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2311 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2312 ret = 0;
2313
2314 EVP_MD_CTX_free(mdctx);
2315
2316 return ret;
2317}
a87820e1
RL		 2318static int test_CMAC_keygen(void)
2319{
e5bc0ce2
MC		 2320 static unsigned char key[] = {
2321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2322 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2324 };
062490db 2325 EVP_PKEY_CTX *kctx = NULL;
a87820e1 2326 int ret = 0;
e5bc0ce2 2327 EVP_PKEY *pkey = NULL;
a3d267f1
RS		 2328 unsigned char mac[AES_BLOCK_SIZE];
2329# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2330 unsigned char mac2[AES_BLOCK_SIZE];
2331# endif
e5bc0ce2 2332
062490db
JS		 2333 if (nullprov != NULL)
2334 return TEST_skip("Test does not support a non-default library context");
2335
2336 /*
2337 * This is a legacy method for CMACs, but should still work.
2338 * This verifies that it works without an ENGINE.
2339 */
2340 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2341
e5bc0ce2
MC		 2342 /* Test a CMAC key created using the "generated" method */
2343 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2345 EVP_PKEY_CTRL_CIPHER,
2346 0, (void *)EVP_aes_256_ecb()), 0)
2347 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2348 EVP_PKEY_CTRL_SET_MAC_KEY,
2349 sizeof(key), (void *)key), 0)
2350 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2351 || !TEST_ptr(pkey)
2352 || !TEST_true(get_cmac_val(pkey, mac)))
2353 goto done;
a87820e1 2354
a3d267f1 2355# if !defined(OPENSSL_NO_DEPRECATED_3_0)
e5bc0ce2
MC		 2356 EVP_PKEY_free(pkey);
2357
2358 /*
2359 * Test a CMAC key using the direct method, and compare with the mac
2360 * created above.
2361 */
2362 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
2363 if (!TEST_ptr(pkey)
2364 || !TEST_true(get_cmac_val(pkey, mac2))
2365 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
a87820e1 2366 goto done;
a3d267f1 2367# endif
e5bc0ce2 2368
a87820e1
RL		 2369 ret = 1;
2370
2371 done:
e5bc0ce2 2372 EVP_PKEY_free(pkey);
a87820e1
RL		 2373 EVP_PKEY_CTX_free(kctx);
2374 return ret;
2375}
fab8fde3 2376#endif
a87820e1 2377
10d5b415
MC		 2378static int test_HKDF(void)
2379{
2380 EVP_PKEY_CTX *pctx;
2381 unsigned char out[20];
2382 size_t outlen;
2383 int i, ret = 0;
2384 unsigned char salt[] = "0123456789";
2385 unsigned char key[] = "012345678901234567890123456789";
2386 unsigned char info[] = "infostring";
2387 const unsigned char expected[] = {
2388 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2389 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2390 };
2391 size_t expectedlen = sizeof(expected);
2392
062490db 2393 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
10d5b415
MC		 2394 goto done;
2395
2396 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2397 for (i = 0; i < 2; i++) {
2398 outlen = sizeof(out);
2399 memset(out, 0, outlen);
2400
2401 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2402 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2404 sizeof(salt) - 1), 0)
2405 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2406 sizeof(key) - 1), 0)
2407 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2408 sizeof(info) - 1), 0)
2409 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2410 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2411 goto done;
2412 }
2413
2414 ret = 1;
2415
2416 done:
2417 EVP_PKEY_CTX_free(pctx);
2418
2419 return ret;
2420}
2421
2cd3ebc7
BK		 2422static int test_emptyikm_HKDF(void)
2423{
2424 EVP_PKEY_CTX *pctx;
2425 unsigned char out[20];
2426 size_t outlen;
2427 int ret = 0;
2428 unsigned char salt[] = "9876543210";
2429 unsigned char key[] = "";
2430 unsigned char info[] = "stringinfo";
2431 const unsigned char expected[] = {
2432 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2433 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2434 };
2435 size_t expectedlen = sizeof(expected);
2436
062490db 2437 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2cd3ebc7
BK		 2438 goto done;
2439
2440 outlen = sizeof(out);
2441 memset(out, 0, outlen);
2442
2443 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2444 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2446 sizeof(salt) - 1), 0)
2447 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2448 sizeof(key) - 1), 0)
2449 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2450 sizeof(info) - 1), 0)
2451 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2452 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2453 goto done;
2454
2455 ret = 1;
2456
2457 done:
2458 EVP_PKEY_CTX_free(pctx);
2459
2460 return ret;
2461}
2462
5dc40a83
BE		 2463#ifndef OPENSSL_NO_EC
2464static int test_X509_PUBKEY_inplace(void)
2465{
808c63c5 2466 int ret = 0;
62653483 2467 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
808c63c5
P		 2468 const unsigned char *p = kExampleECPubKeyDER;
2469 size_t input_len = sizeof(kExampleECPubKeyDER);
5dc40a83 2470
62653483
MC		 2471 if (!TEST_ptr(xp))
2472 goto done;
2473 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
808c63c5 2474 goto done;
5dc40a83 2475
808c63c5
P		 2476 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2477 goto done;
5dc40a83 2478
808c63c5
P		 2479 p = kExampleBadECPubKeyDER;
2480 input_len = sizeof(kExampleBadECPubKeyDER);
5dc40a83 2481
808c63c5
P		 2482 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2483 goto done;
5dc40a83 2484
808c63c5
P		 2485 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2486 goto done;
5dc40a83 2487
808c63c5 2488 ret = 1;
5dc40a83 2489
808c63c5
P		 2490 done:
2491 X509_PUBKEY_free(xp);
2492 return ret;
2493}
2494
2495static int test_X509_PUBKEY_dup(void)
2496{
2497 int ret = 0;
2498 X509_PUBKEY *xp = NULL, *xq = NULL;
2499 const unsigned char *p = kExampleECPubKeyDER;
2500 size_t input_len = sizeof(kExampleECPubKeyDER);
2501
62653483
MC		 2502 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2503 if (!TEST_ptr(xp)
2504 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
808c63c5
P		 2505 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2506 || !TEST_ptr_ne(xp, xq))
2507 goto done;
2508
2509 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2510 || !TEST_ptr(X509_PUBKEY_get0(xp))
7e35458b 2511 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
808c63c5
P		 2512 goto done;
2513
2514 X509_PUBKEY_free(xq);
2515 xq = NULL;
2516 p = kExampleBadECPubKeyDER;
2517 input_len = sizeof(kExampleBadECPubKeyDER);
2518
2519 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2520 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2521 goto done;
2522
2523 X509_PUBKEY_free(xp);
2524 xp = NULL;
2525 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2526 goto done;
2527
2528 ret = 1;
2529
2530 done:
2531 X509_PUBKEY_free(xp);
2532 X509_PUBKEY_free(xq);
2533 return ret;
5dc40a83 2534}
7bb82f92 2535#endif /* OPENSSL_NO_EC */
784883fc 2536
9c45222d 2537/* Test getting and setting parameters on an EVP_PKEY_CTX */
f54a4101 2538static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
9c45222d 2539{
9a071fef 2540 EVP_MD_CTX *mdctx = NULL;
9c45222d 2541 EVP_PKEY_CTX *ctx = NULL;
9c45222d 2542 const OSSL_PARAM *params;
00bc1ad9 2543 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
9c45222d
MC		 2544 int ret = 0;
2545 const EVP_MD *md;
00bc1ad9 2546 char mdname[OSSL_MAX_NAME_SIZE];
9a071fef 2547 char ssl3ms[48];
9c45222d 2548
9c45222d 2549 /* Initialise a sign operation */
062490db 2550 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
9c45222d 2551 if (!TEST_ptr(ctx)
c9c4a356 2552 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
9c45222d
MC		 2553 goto err;
2554
2555 /*
f54a4101 2556 * We should be able to query the parameters now.
9c45222d
MC		 2557 */
2558 params = EVP_PKEY_CTX_settable_params(ctx);
2559 if (!TEST_ptr(params)
0cb3f4f9
RL		 2560 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2561 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2562 goto err;
2563
9c45222d
MC		 2564 params = EVP_PKEY_CTX_gettable_params(ctx);
2565 if (!TEST_ptr(params)
0cb3f4f9
RL		 2566 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2567 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
0cb3f4f9
RL		 2568 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2569 OSSL_SIGNATURE_PARAM_DIGEST)))
9c45222d
MC		 2570 goto err;
2571
2572 /*
2573 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2574 * EVP_PKEY_CTX_get_params()
2575 */
00bc1ad9
RL		 2576 strcpy(mdname, "SHA512");
2577 param_md = param;
2578 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2579 mdname, 0);
9c45222d
MC		 2580 *param++ = OSSL_PARAM_construct_end();
2581
2582 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2583 goto err;
2584
00bc1ad9
RL		 2585 mdname[0] = '\0';
2586 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2587 mdname, sizeof(mdname));
9c45222d 2588 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
00bc1ad9 2589 || !TEST_str_eq(mdname, "SHA512"))
9c45222d
MC		 2590 goto err;
2591
2592 /*
2593 * Test the TEST_PKEY_CTX_set_signature_md() and
2594 * TEST_PKEY_CTX_get_signature_md() functions
2595 */
2596 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2597 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2598 || !TEST_ptr_eq(md, EVP_sha256()))
2599 goto err;
2600
9a071fef
MC		 2601 /*
2602 * Test getting MD parameters via an associated EVP_PKEY_CTX
2603 */
2604 mdctx = EVP_MD_CTX_new();
2605 if (!TEST_ptr(mdctx)
062490db 2606 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
af6171b3 2607 pkey, NULL)))
9a071fef
MC		 2608 goto err;
2609
2610 /*
2611 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2612 * able to obtain the digest's settable parameters from the provider.
2613 */
2614 params = EVP_MD_CTX_settable_params(mdctx);
2615 if (!TEST_ptr(params)
2616 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2617 /* The final key should be NULL */
2618 || !TEST_ptr_null(params[1].key))
2619 goto err;
2620
2621 param = ourparams;
2622 memset(ssl3ms, 0, sizeof(ssl3ms));
2623 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2624 ssl3ms, sizeof(ssl3ms));
2625 *param++ = OSSL_PARAM_construct_end();
2626
2627 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2628 goto err;
2629
9c45222d
MC		 2630 ret = 1;
2631
2632 err:
9a071fef 2633 EVP_MD_CTX_free(mdctx);
9c45222d 2634 EVP_PKEY_CTX_free(ctx);
f54a4101
RL		 2635
2636 return ret;
2637}
2638
2639#ifndef OPENSSL_NO_DSA
2640static int test_DSA_get_set_params(void)
2641{
6ed4022c
RL		 2642 OSSL_PARAM_BLD *bld = NULL;
2643 OSSL_PARAM *params = NULL;
f54a4101 2644 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
6ed4022c 2645 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2646 EVP_PKEY *pkey = NULL;
2647 int ret = 0;
2648
2649 /*
2650 * Setup the parameters for our DSA object. For our purposes they don't
2651 * have to actually be *valid* parameters. We just need to set something.
2652 */
6ed4022c
RL		 2653 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2654 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2655 || !TEST_ptr(p = BN_new())
2656 || !TEST_ptr(q = BN_new())
2657 || !TEST_ptr(g = BN_new())
2658 || !TEST_ptr(pub = BN_new())
2659 || !TEST_ptr(priv = BN_new()))
2660 goto err;
2661 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2662 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2665 pub))
2666 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2667 priv)))
2668 goto err;
2669 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2670 goto err;
f54a4101 2671
2db985b7
SL		 2672 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2673 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2674 params), 0))
f54a4101
RL		 2675 goto err;
2676
6ed4022c
RL		 2677 if (!TEST_ptr(pkey))
2678 goto err;
f54a4101
RL		 2679
2680 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2681
2682 err:
9c45222d 2683 EVP_PKEY_free(pkey);
6ed4022c 2684 EVP_PKEY_CTX_free(pctx);
3f883c7c 2685 OSSL_PARAM_free(params);
6ed4022c 2686 OSSL_PARAM_BLD_free(bld);
9c45222d
MC		 2687 BN_free(p);
2688 BN_free(q);
2689 BN_free(g);
cd32a0f5
RL		 2690 BN_free(pub);
2691 BN_free(priv);
9c45222d
MC		 2692
2693 return ret;
2694}
2c04b341
JS		 2695
2696/*
8a9394c1 2697 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2698 * params to ensure they are all accepted
2699 */
2700static int test_DSA_priv_pub(void)
2701{
2702 return test_EVP_PKEY_ffc_priv_pub("DSA");
2703}
2704
2705#endif /* !OPENSSL_NO_DSA */
9c45222d 2706
f54a4101
RL		 2707static int test_RSA_get_set_params(void)
2708{
d7e498ac
RL		 2709 OSSL_PARAM_BLD *bld = NULL;
2710 OSSL_PARAM *params = NULL;
f54a4101 2711 BIGNUM *n = NULL, *e = NULL, *d = NULL;
d7e498ac 2712 EVP_PKEY_CTX *pctx = NULL;
f54a4101
RL		 2713 EVP_PKEY *pkey = NULL;
2714 int ret = 0;
2715
2716 /*
2717 * Setup the parameters for our RSA object. For our purposes they don't
2718 * have to actually be *valid* parameters. We just need to set something.
2719 */
d7e498ac
RL		 2720 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2721 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2722 || !TEST_ptr(n = BN_new())
2723 || !TEST_ptr(e = BN_new())
2724 || !TEST_ptr(d = BN_new()))
2725 goto err;
2726 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2727 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2729 goto err;
2730 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
f54a4101 2731 goto err;
f54a4101 2732
2db985b7
SL		 2733 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2734 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2735 params), 0))
f54a4101
RL		 2736 goto err;
2737
d7e498ac
RL		 2738 if (!TEST_ptr(pkey))
2739 goto err;
f54a4101
RL		 2740
2741 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2742
2743 err:
2744 EVP_PKEY_free(pkey);
d7e498ac 2745 EVP_PKEY_CTX_free(pctx);
3f883c7c 2746 OSSL_PARAM_free(params);
d7e498ac 2747 OSSL_PARAM_BLD_free(bld);
f54a4101
RL		 2748 BN_free(n);
2749 BN_free(e);
2750 BN_free(d);
2751
2752 return ret;
2753}
2754
b4be6937
MC		 2755#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2756static int test_decrypt_null_chunks(void)
2757{
2758 EVP_CIPHER_CTX* ctx = NULL;
062490db 2759 EVP_CIPHER *cipher = NULL;
b4be6937
MC		 2760 const unsigned char key[32] = {
2761 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2762 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2763 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2764 };
2765 unsigned char iv[12] = {
2766 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2767 };
2768 unsigned char msg[] = "It was the best of times, it was the worst of times";
2769 unsigned char ciphertext[80];
2770 unsigned char plaintext[80];
2771 /* We initialise tmp to a non zero value on purpose */
2772 int ctlen, ptlen, tmp = 99;
2773 int ret = 0;
2774 const int enc_offset = 10, dec_offset = 20;
2775
062490db
JS		 2776 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2777 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2778 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
b4be6937
MC		 2779 key, iv))
2780 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2781 enc_offset))
2782 /* Deliberate add a zero length update */
2783 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2784 0))
2785 || !TEST_int_eq(tmp, 0)
2786 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2787 msg + enc_offset,
2788 sizeof(msg) - enc_offset))
2789 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2790 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2791 || !TEST_int_eq(tmp, 0))
2792 goto err;
2793
2794 /* Deliberately initialise tmp to a non zero value */
2795 tmp = 99;
062490db 2796 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
b4be6937
MC		 2797 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2798 dec_offset))
2799 /*
2800 * Deliberately add a zero length update. We also deliberately do
2801 * this at a different offset than for encryption.
2802 */
2803 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2804 0))
2805 || !TEST_int_eq(tmp, 0)
2806 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2807 ciphertext + dec_offset,
2808 ctlen - dec_offset))
2809 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2810 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2811 || !TEST_int_eq(tmp, 0)
2812 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2813 goto err;
2814
2815 ret = 1;
2816 err:
2817 EVP_CIPHER_CTX_free(ctx);
062490db 2818 EVP_CIPHER_free(cipher);
b4be6937
MC		 2819 return ret;
2820}
2821#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2822
2c04b341
JS		 2823#ifndef OPENSSL_NO_DH
2824/*
8a9394c1 2825 * Test combinations of private, public, missing and private + public key
2c04b341
JS		 2826 * params to ensure they are all accepted
2827 */
2828static int test_DH_priv_pub(void)
2829{
2830 return test_EVP_PKEY_ffc_priv_pub("DH");
2831}
2832
2833# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d
MC		 2834static int test_EVP_PKEY_set1_DH(void)
2835{
ca2bf555
SL		 2836 DH *x942dh = NULL, *noqdh = NULL;
2837 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
e295de1d 2838 int ret = 0;
ca2bf555 2839 BIGNUM *p, *g = NULL;
0ec73843
TM		 2840 BIGNUM *pubkey = NULL;
2841 unsigned char pub[2048 / 8];
2842 size_t len = 0;
ca2bf555
SL		 2843
2844 if (!TEST_ptr(p = BN_new())
2845 || !TEST_ptr(g = BN_new())
0ec73843
TM		 2846 || !TEST_ptr(pubkey = BN_new())
2847 || !TEST_true(BN_set_word(p, 9999))
2848 || !TEST_true(BN_set_word(g, 2))
2849 || !TEST_true(BN_set_word(pubkey, 4321))
ca2bf555 2850 || !TEST_ptr(noqdh = DH_new())
0ec73843
TM		 2851 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2852 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2853 || !TEST_ptr(pubkey = BN_new())
2854 || !TEST_true(BN_set_word(pubkey, 4321)))
ca2bf555
SL		 2855 goto err;
2856 p = g = NULL;
e295de1d
MC		 2857
2858 x942dh = DH_get_2048_256();
e295de1d
MC		 2859 pkey1 = EVP_PKEY_new();
2860 pkey2 = EVP_PKEY_new();
2861 if (!TEST_ptr(x942dh)
ca2bf555 2862 || !TEST_ptr(noqdh)
e295de1d 2863 || !TEST_ptr(pkey1)
0ec73843
TM		 2864 || !TEST_ptr(pkey2)
2865 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
e295de1d 2866 goto err;
0ec73843 2867 pubkey = NULL;
e295de1d 2868
0ec73843 2869 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
ed576acd 2870 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
e295de1d
MC		 2871 goto err;
2872
0ec73843
TM		 2873 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2874 &pubkey))
2875 || !TEST_ptr(pubkey))
2876 goto err;
2877
2878 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
ed576acd 2879 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
e295de1d
MC		 2880 goto err;
2881
0ec73843
TM		 2882 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2883 OSSL_PKEY_PARAM_PUB_KEY,
2884 pub, sizeof(pub), &len))
2885 || !TEST_size_t_ne(len, 0))
2886 goto err;
2887
e295de1d
MC		 2888 ret = 1;
2889 err:
ca2bf555
SL		 2890 BN_free(p);
2891 BN_free(g);
0ec73843 2892 BN_free(pubkey);
e295de1d
MC		 2893 EVP_PKEY_free(pkey1);
2894 EVP_PKEY_free(pkey2);
2895 DH_free(x942dh);
ca2bf555 2896 DH_free(noqdh);
e295de1d
MC		 2897
2898 return ret;
2899}
2c04b341
JS		 2900# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2901#endif /* !OPENSSL_NO_DH */
e295de1d 2902
8a5cb596
RL		 2903/*
2904 * We test what happens with an empty template. For the sake of this test,
2905 * the template must be ignored, and we know that's the case for RSA keys
2906 * (this might arguably be a misfeature, but that's what we currently do,
2907 * even in provider code, since that's how the legacy RSA implementation
2908 * does things)
2909 */
2910static int test_keygen_with_empty_template(int n)
2911{
2912 EVP_PKEY_CTX *ctx = NULL;
2913 EVP_PKEY *pkey = NULL;
2914 EVP_PKEY *tkey = NULL;
2915 int ret = 0;
2916
062490db
JS		 2917 if (nullprov != NULL)
2918 return TEST_skip("Test does not support a non-default library context");
2919
8a5cb596
RL		 2920 switch (n) {
2921 case 0:
2922 /* We do test with no template at all as well */
2923 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2924 goto err;
2925 break;
2926 case 1:
2927 /* Here we create an empty RSA key that serves as our template */
2928 if (!TEST_ptr(tkey = EVP_PKEY_new())
2929 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2930 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2931 goto err;
2932 break;
2933 }
2934
2935 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2936 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2937 goto err;
2938
2939 ret = 1;
2940 err:
2941 EVP_PKEY_CTX_free(ctx);
2942 EVP_PKEY_free(pkey);
2943 EVP_PKEY_free(tkey);
2944 return ret;
2945}
2946
5ddec6a7
MC		 2947/*
2948 * Test that we fail if we attempt to use an algorithm that is not available
08497fc6
RL		 2949 * in the current library context (unless we are using an algorithm that
2950 * should be made available via legacy codepaths).
2951 *
2952 * 0: RSA
2953 * 1: SM2
5ddec6a7
MC		 2954 */
2955static int test_pkey_ctx_fail_without_provider(int tst)
2956{
b4250010 2957 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
062490db 2958 OSSL_PROVIDER *tmpnullprov = NULL;
5ddec6a7 2959 EVP_PKEY_CTX *pctx = NULL;
08497fc6
RL		 2960 const char *keytype = NULL;
2961 int expect_null = 0;
5ddec6a7
MC		 2962 int ret = 0;
2963
2964 if (!TEST_ptr(tmpctx))
2965 goto err;
2966
062490db
JS		 2967 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
2968 if (!TEST_ptr(tmpnullprov))
5ddec6a7
MC		 2969 goto err;
2970
5ddec6a7 2971 /*
08497fc6 2972 * We check for certain algos in the null provider.
e304aa87 2973 * If an algo is expected to have a provider keymgmt, constructing an
08497fc6 2974 * EVP_PKEY_CTX is expected to fail (return NULL).
e304aa87 2975 * Otherwise, if it's expected to have legacy support, constructing an
08497fc6 2976 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
5ddec6a7 2977 */
08497fc6
RL		 2978 switch (tst) {
2979 case 0:
2980 keytype = "RSA";
2981 expect_null = 1;
2982 break;
2983 case 1:
2984 keytype = "SM2";
d0b79f86 2985 expect_null = 1;
08497fc6
RL		 2986#ifdef OPENSSL_NO_EC
2987 TEST_info("EC disable, skipping SM2 check...");
2988 goto end;
2989#endif
2990#ifdef OPENSSL_NO_SM2
2991 TEST_info("SM2 disable, skipping SM2 check...");
2992 goto end;
2993#endif
2994 break;
2995 default:
2996 TEST_error("No test for case %d", tst);
2997 goto err;
2998 }
2999
3000 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3001 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
5ddec6a7
MC		 3002 goto err;
3003
08497fc6
RL		 3004#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3005 end:
3006#endif
5ddec6a7
MC		 3007 ret = 1;
3008
3009 err:
3010 EVP_PKEY_CTX_free(pctx);
062490db 3011 OSSL_PROVIDER_unload(tmpnullprov);
b4250010 3012 OSSL_LIB_CTX_free(tmpctx);
5ddec6a7
MC		 3013 return ret;
3014}
3015
1c19ff3c
P		 3016static int test_rand_agglomeration(void)
3017{
3018 EVP_RAND *rand;
3019 EVP_RAND_CTX *ctx;
3020 OSSL_PARAM params[3], *p = params;
3021 int res;
3022 unsigned int step = 7;
3023 static unsigned char seed[] = "It does not matter how slowly you go "
3024 "as long as you do not stop.";
3025 unsigned char out[sizeof(seed)];
3026
3027 if (!TEST_int_ne(sizeof(seed) % step, 0)
062490db 3028 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
1c19ff3c
P		 3029 return 0;
3030 ctx = EVP_RAND_CTX_new(rand, NULL);
3031 EVP_RAND_free(rand);
3032 if (!TEST_ptr(ctx))
3033 return 0;
3034
3035 memset(out, 0, sizeof(out));
3036 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3037 seed, sizeof(seed));
0d4460d2 3038 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
1c19ff3c 3039 *p = OSSL_PARAM_construct_end();
e494fac7 3040 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
1c19ff3c
P		 3041 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3042 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3043 EVP_RAND_CTX_free(ctx);
3044 return res;
3045}
3046
440b852a
BK		 3047/*
3048 * Test that we correctly return the original or "running" IV after
3049 * an encryption operation.
3050 * Run multiple times for some different relevant algorithms/modes.
3051 */
a4afa6c1 3052static int test_evp_iv_aes(int idx)
440b852a
BK		 3053{
3054 int ret = 0;
3055 EVP_CIPHER_CTX *ctx = NULL;
3056 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3057 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3058 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3059 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3060 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3061 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3062 9, 10, 11, 12, 13, 14, 15, 16 };
3063 unsigned char ciphertext[32], oiv[16], iv[16];
3064 unsigned char *ref_iv;
3065 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3066 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3067
3068 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3069 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
4ec4b063
TM		 3070 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3071 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
440b852a
BK		 3072 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3073 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3074 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3075#ifndef OPENSSL_NO_OCB
3076 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3077 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3078#endif
3079 int len = sizeof(ciphertext);
3080 size_t ivlen, ref_len;
3081 const EVP_CIPHER *type = NULL;
4ec4b063 3082 int iv_reset = 0;
440b852a 3083
4ec4b063 3084 if (nullprov != NULL && idx < 6)
062490db
JS		 3085 return TEST_skip("Test does not support a non-default library context");
3086
1287dabd 3087 switch (idx) {
440b852a
BK		 3088 case 0:
3089 type = EVP_aes_128_cbc();
3090 /* FALLTHROUGH */
4ec4b063 3091 case 6:
440b852a 3092 type = (type != NULL) ? type :
062490db 3093 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
440b852a
BK		 3094 ref_iv = cbc_state;
3095 ref_len = sizeof(cbc_state);
4ec4b063 3096 iv_reset = 1;
440b852a
BK		 3097 break;
3098 case 1:
3099 type = EVP_aes_128_ofb();
3100 /* FALLTHROUGH */
4ec4b063 3101 case 7:
440b852a 3102 type = (type != NULL) ? type :
062490db 3103 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
440b852a
BK		 3104 ref_iv = ofb_state;
3105 ref_len = sizeof(ofb_state);
4ec4b063 3106 iv_reset = 1;
440b852a
BK		 3107 break;
3108 case 2:
4ec4b063
TM		 3109 type = EVP_aes_128_cfb();
3110 /* FALLTHROUGH */
3111 case 8:
3112 type = (type != NULL) ? type :
3113 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3114 ref_iv = cfb_state;
3115 ref_len = sizeof(cfb_state);
3116 iv_reset = 1;
3117 break;
3118 case 3:
440b852a
BK		 3119 type = EVP_aes_128_gcm();
3120 /* FALLTHROUGH */
4ec4b063 3121 case 9:
440b852a 3122 type = (type != NULL) ? type :
062490db 3123 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
440b852a
BK		 3124 ref_iv = gcm_state;
3125 ref_len = sizeof(gcm_state);
3126 break;
4ec4b063 3127 case 4:
440b852a
BK		 3128 type = EVP_aes_128_ccm();
3129 /* FALLTHROUGH */
4ec4b063 3130 case 10:
440b852a 3131 type = (type != NULL) ? type :
062490db 3132 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
440b852a
BK		 3133 ref_iv = ccm_state;
3134 ref_len = sizeof(ccm_state);
3135 break;
3136#ifdef OPENSSL_NO_OCB
4ec4b063
TM		 3137 case 5:
3138 case 11:
440b852a
BK		 3139 return 1;
3140#else
4ec4b063 3141 case 5:
440b852a
BK		 3142 type = EVP_aes_128_ocb();
3143 /* FALLTHROUGH */
4ec4b063 3144 case 11:
440b852a 3145 type = (type != NULL) ? type :
062490db 3146 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
440b852a
BK		 3147 ref_iv = ocb_state;
3148 ref_len = sizeof(ocb_state);
3149 break;
3150#endif
3151 default:
3152 return 0;
3153 }
3154
3155 if (!TEST_ptr(type)
3156 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3157 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3158 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3159 (int)sizeof(msg)))
0d83b7b9
TM		 3160 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3161 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
440b852a
BK		 3162 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3163 goto err;
ed576acd 3164 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
440b852a
BK		 3165 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3166 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3167 goto err;
3168
4ec4b063
TM		 3169 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3170 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3171 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3172 goto err;
3173 if (iv_reset) {
3174 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3175 goto err;
3176 } else {
3177 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3178 goto err;
3179 }
3180
440b852a
BK		 3181 ret = 1;
3182err:
3183 EVP_CIPHER_CTX_free(ctx);
4ec4b063 3184 if (idx >= 6)
440b852a
BK		 3185 EVP_CIPHER_free((EVP_CIPHER *)type);
3186 return ret;
3187}
3188
a4afa6c1
TM		 3189#ifndef OPENSSL_NO_DES
3190static int test_evp_iv_des(int idx)
3191{
3192 int ret = 0;
3193 EVP_CIPHER_CTX *ctx = NULL;
3194 static const unsigned char key[24] = {
3195 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3196 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3197 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3198 };
3199 static const unsigned char init_iv[8] = {
3200 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3201 };
3202 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3203 9, 10, 11, 12, 13, 14, 15, 16 };
3204 unsigned char ciphertext[32], oiv[8], iv[8];
3205 unsigned const char *ref_iv;
3206 static const unsigned char cbc_state_des[8] = {
3207 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3208 };
3209 static const unsigned char cbc_state_3des[8] = {
3210 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3211 };
3212 static const unsigned char ofb_state_des[8] = {
3213 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3214 };
3215 static const unsigned char ofb_state_3des[8] = {
3216 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3217 };
3218 static const unsigned char cfb_state_des[8] = {
3219 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3220 };
3221 static const unsigned char cfb_state_3des[8] = {
3222 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3223 };
3224 int len = sizeof(ciphertext);
3225 size_t ivlen, ref_len;
3226 EVP_CIPHER *type = NULL;
3227
3228 if (lgcyprov == NULL && idx < 3)
3229 return TEST_skip("Test requires legacy provider to be loaded");
3230
1287dabd 3231 switch (idx) {
a4afa6c1
TM		 3232 case 0:
3233 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3234 ref_iv = cbc_state_des;
3235 ref_len = sizeof(cbc_state_des);
3236 break;
3237 case 1:
3238 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3239 ref_iv = ofb_state_des;
3240 ref_len = sizeof(ofb_state_des);
3241 break;
3242 case 2:
3243 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3244 ref_iv = cfb_state_des;
3245 ref_len = sizeof(cfb_state_des);
3246 break;
3247 case 3:
3248 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3249 ref_iv = cbc_state_3des;
3250 ref_len = sizeof(cbc_state_3des);
3251 break;
3252 case 4:
3253 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3254 ref_iv = ofb_state_3des;
3255 ref_len = sizeof(ofb_state_3des);
3256 break;
3257 case 5:
3258 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3259 ref_iv = cfb_state_3des;
3260 ref_len = sizeof(cfb_state_3des);
3261 break;
3262 default:
3263 return 0;
3264 }
3265
3266 if (!TEST_ptr(type)
3267 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3268 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3269 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3270 (int)sizeof(msg)))
3271 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3272 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3273 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3274 goto err;
ed576acd 3275 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
a4afa6c1
TM		 3276 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3277 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3278 goto err;
3279
3280 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3281 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3282 goto err;
3283 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3284 goto err;
3285
3286 ret = 1;
3287err:
3288 EVP_CIPHER_CTX_free(ctx);
3289 EVP_CIPHER_free(type);
3290 return ret;
3291}
3292#endif
3293
091e60c4
TM		 3294#ifndef OPENSSL_NO_BF
3295static int test_evp_bf_default_keylen(int idx)
3296{
3297 int ret = 0;
3298 static const char *algos[4] = {
3299 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3300 };
3301 int ivlen[4] = { 0, 8, 8, 8 };
3302 EVP_CIPHER *cipher = NULL;
3303
3304 if (lgcyprov == NULL)
3305 return TEST_skip("Test requires legacy provider to be loaded");
3306
3307 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3308 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3309 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3310 goto err;
3311
3312 ret = 1;
3313err:
3314 EVP_CIPHER_free(cipher);
3315 return ret;
3316}
3317#endif
3318
c0ff1932 3319#ifndef OPENSSL_NO_EC
da671c41
P		 3320static int ecpub_nids[] = {
3321 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3322 NID_secp384r1, NID_secp521r1,
3323# ifndef OPENSSL_NO_EC2M
3324 NID_sect233k1, NID_sect233r1, NID_sect283r1,
c0ff1932 3325 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
da671c41
P		 3326# endif
3327 NID_brainpoolP384r1, NID_brainpoolP512r1
3328};
c0ff1932
BK		 3329
3330static int test_ecpub(int idx)
3331{
ad7cb0bf 3332 int ret = 0, len, savelen;
c0ff1932
BK		 3333 int nid;
3334 unsigned char buf[1024];
3335 unsigned char *p;
3336 EVP_PKEY *pkey = NULL;
3337 EVP_PKEY_CTX *ctx = NULL;
3d364726
BK		 3338# ifndef OPENSSL_NO_DEPRECATED_3_0
3339 const unsigned char *q;
3340 EVP_PKEY *pkey2 = NULL;
3341 EC_KEY *ec = NULL;
3342# endif
c0ff1932 3343
062490db
JS		 3344 if (nullprov != NULL)
3345 return TEST_skip("Test does not support a non-default library context");
3346
c0ff1932
BK		 3347 nid = ecpub_nids[idx];
3348
3349 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3350 if (!TEST_ptr(ctx)
bf4ceede 3351 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2cba2e16 3352 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
c0ff1932
BK		 3353 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3354 goto done;
3355 len = i2d_PublicKey(pkey, NULL);
ad7cb0bf 3356 savelen = len;
c0ff1932
BK		 3357 if (!TEST_int_ge(len, 1)
3358 || !TEST_int_lt(len, 1024))
3359 goto done;
3360 p = buf;
3361 len = i2d_PublicKey(pkey, &p);
ad7cb0bf
BK		 3362 if (!TEST_int_ge(len, 1)
3363 || !TEST_int_eq(len, savelen))
c0ff1932
BK		 3364 goto done;
3365
3d364726
BK		 3366# ifndef OPENSSL_NO_DEPRECATED_3_0
3367 /* Now try to decode the just-created DER. */
3368 q = buf;
3369 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3370 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3371 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3372 goto done;
3373 /* EC_KEY ownership transferred */
3374 ec = NULL;
3375 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3376 goto done;
3377 /* The keys should match. */
c85c5e1a 3378 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3d364726
BK		 3379 goto done;
3380# endif
3381
c0ff1932
BK		 3382 ret = 1;
3383
3384 done:
3385 EVP_PKEY_CTX_free(ctx);
3386 EVP_PKEY_free(pkey);
3d364726
BK		 3387# ifndef OPENSSL_NO_DEPRECATED_3_0
3388 EVP_PKEY_free(pkey2);
3389 EC_KEY_free(ec);
3390# endif
c0ff1932
BK		 3391 return ret;
3392}
3393#endif
3394
e947a064
DB		 3395static int test_EVP_rsa_pss_with_keygen_bits(void)
3396{
062490db
JS		 3397 int ret = 0;
3398 EVP_PKEY_CTX *ctx = NULL;
3399 EVP_PKEY *pkey = NULL;
3400 EVP_MD *md;
e947a064 3401
062490db
JS		 3402 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3403 ret = TEST_ptr(md)
2cba2e16 3404 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
bf4ceede 3405 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
e947a064 3406 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2cba2e16 3407 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
e947a064
DB		 3408 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3409
062490db 3410 EVP_MD_free(md);
e947a064
DB		 3411 EVP_PKEY_free(pkey);
3412 EVP_PKEY_CTX_free(ctx);
e947a064
DB		 3413 return ret;
3414}
3415
6f87463b
TC		 3416static int test_EVP_rsa_pss_set_saltlen(void)
3417{
3418 int ret = 0;
3419 EVP_PKEY *pkey = NULL;
3420 EVP_PKEY_CTX *pkey_ctx = NULL;
3421 EVP_MD *sha256 = NULL;
3422 EVP_MD_CTX *sha256_ctx = NULL;
3423 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3424 const int test_value = 32;
3425
3426 ret = TEST_ptr(pkey = load_example_rsa_key())
3427 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3428 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3429 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3430 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
7263a7fc
PH		 3431 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3432 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
6f87463b
TC		 3433 && TEST_int_eq(saltlen, test_value);
3434
3435 EVP_MD_CTX_free(sha256_ctx);
3436 EVP_PKEY_free(pkey);
3437 EVP_MD_free(sha256);
3438
3439 return ret;
3440}
3441
5eb73cfb
MC		 3442static int success = 1;
3443static void md_names(const char *name, void *vctx)
3444{
3445 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3446 /* Force a namemap update */
3447 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3448
3449 if (!TEST_ptr(aes128))
3450 success = 0;
3451
3452 EVP_CIPHER_free(aes128);
3453}
3454
3455/*
3456 * Test that changing the namemap in a user callback works in a names_do_all
3457 * function.
3458 */
3459static int test_names_do_all(void)
3460{
3461 /* We use a custom libctx so that we know the state of the namemap */
3462 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3463 EVP_MD *sha256 = NULL;
3464 int testresult = 0;
3465
3466 if (!TEST_ptr(ctx))
3467 goto err;
3468
3469 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3470 if (!TEST_ptr(sha256))
3471 goto err;
3472
3473 /*
3474 * We loop through all the names for a given digest. This should still work
3475 * even if the namemap changes part way through.
3476 */
3477 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3478 goto err;
3479
3480 if (!TEST_true(success))
3481 goto err;
3482
3483 testresult = 1;
3484 err:
3485 EVP_MD_free(sha256);
3486 OSSL_LIB_CTX_free(ctx);
3487 return testresult;
3488}
e947a064 3489
063e0197
JC		 3490typedef struct {
3491 const char *cipher;
3492 const unsigned char *key;
3493 const unsigned char *iv;
3494 const unsigned char *input;
3495 const unsigned char *expected;
3496 const unsigned char *tag;
3497 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3498 size_t inlen;
3499 size_t expectedlen;
3500 size_t taglen;
3501 int keyfirst;
3502 int initenc;
3503 int finalenc;
3504} EVP_INIT_TEST_st;
3505
3506static const EVP_INIT_TEST_st evp_init_tests[] = {
3507 {
3508 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3509 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3510 0, 1, 0, 1
3511 },
3512 {
3513 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3514 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3515 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3516 sizeof(gcmDefaultTag), 1, 0, 1
3517 },
3518 {
3519 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3520 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3521 0, 0, 0, 1
3522 },
3523 {
3524 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3525 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3526 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3527 sizeof(gcmDefaultTag), 0, 0, 1
3528 },
3529 {
3530 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3531 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3532 0, 1, 1, 0
3533 },
3534 {
3535 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3536 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3537 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3538 sizeof(gcmDefaultTag), 1, 1, 0
3539 },
3540 {
3541 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3542 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3543 0, 0, 1, 0
3544 },
3545 {
3546 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3547 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3548 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3549 sizeof(gcmDefaultTag), 0, 1, 0
3550 }
3551};
3552
3553static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3554{
3555 int res = 0;
1287dabd 3556
063e0197 3557 if (t->ivlen != 0) {
d649c51a 3558 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
063e0197
JC		 3559 goto err;
3560 }
3561 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3562 goto err;
3563 res = 1;
3564 err:
3565 return res;
3566}
3567
3568/*
3569 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3570 * arguments are given one at a time and a final adjustment to the enc
3571 * parameter sets the correct operation.
3572 */
3573static int test_evp_init_seq(int idx)
3574{
3575 int outlen1, outlen2;
3576 int testresult = 0;
3577 unsigned char outbuf[1024];
3578 unsigned char tag[16];
3579 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3580 EVP_CIPHER_CTX *ctx = NULL;
3581 EVP_CIPHER *type = NULL;
3582 size_t taglen = sizeof(tag);
3583 char *errmsg = NULL;
3584
3585 ctx = EVP_CIPHER_CTX_new();
3586 if (ctx == NULL) {
3587 errmsg = "CTX_ALLOC";
3588 goto err;
3589 }
3590 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3591 errmsg = "CIPHER_FETCH";
3592 goto err;
3593 }
3594 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3595 errmsg = "EMPTY_ENC_INIT";
3596 goto err;
3597 }
3598 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3599 errmsg = "PADDING";
3600 goto err;
3601 }
3602 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3603 errmsg = "KEY_INIT (before iv)";
3604 goto err;
3605 }
3606 if (!evp_init_seq_set_iv(ctx, t)) {
3607 errmsg = "IV_INIT";
3608 goto err;
3609 }
3610 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3611 errmsg = "KEY_INIT (after iv)";
3612 goto err;
3613 }
3614 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3615 errmsg = "FINAL_ENC_INIT";
3616 goto err;
3617 }
3618 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3619 errmsg = "CIPHER_UPDATE";
3620 goto err;
3621 }
3622 if (t->finalenc == 0 && t->tag != NULL) {
3623 /* Set expected tag */
d649c51a
PH		 3624 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3625 t->taglen, (void *)t->tag), 0)) {
063e0197
JC		 3626 errmsg = "SET_TAG";
3627 goto err;
3628 }
3629 }
3630 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3631 errmsg = "CIPHER_FINAL";
3632 goto err;
3633 }
3634 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3635 errmsg = "WRONG_RESULT";
3636 goto err;
3637 }
3638 if (t->finalenc != 0 && t->tag != NULL) {
d649c51a 3639 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3640 errmsg = "GET_TAG";
3641 goto err;
3642 }
3643 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3644 errmsg = "TAG_ERROR";
3645 goto err;
3646 }
3647 }
3648 testresult = 1;
3649 err:
3650 if (errmsg != NULL)
3651 TEST_info("evp_init_test %d: %s", idx, errmsg);
3652 EVP_CIPHER_CTX_free(ctx);
3653 EVP_CIPHER_free(type);
3654 return testresult;
3655}
3656
3657typedef struct {
3658 const unsigned char *input;
3659 const unsigned char *expected;
3660 size_t inlen;
3661 size_t expectedlen;
3662 int enc;
3663} EVP_RESET_TEST_st;
3664
3665static const EVP_RESET_TEST_st evp_reset_tests[] = {
3666 {
3667 cfbPlaintext, cfbCiphertext,
3668 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3669 },
3670 {
3671 cfbCiphertext, cfbPlaintext,
3672 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3673 }
3674};
3675
3676/*
3677 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3678 * been used.
3679 */
3680static int test_evp_reset(int idx)
3681{
3682 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3683 int outlen1, outlen2;
3684 int testresult = 0;
3685 unsigned char outbuf[1024];
3686 EVP_CIPHER_CTX *ctx = NULL;
3687 EVP_CIPHER *type = NULL;
3688 char *errmsg = NULL;
3689
3690 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3691 errmsg = "CTX_ALLOC";
3692 goto err;
3693 }
3694 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3695 errmsg = "CIPHER_FETCH";
3696 goto err;
3697 }
3698 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3699 errmsg = "CIPHER_INIT";
3700 goto err;
3701 }
3702 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3703 errmsg = "PADDING";
3704 goto err;
3705 }
3706 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3707 errmsg = "CIPHER_UPDATE";
3708 goto err;
3709 }
3710 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3711 errmsg = "CIPHER_FINAL";
3712 goto err;
3713 }
3714 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3715 errmsg = "WRONG_RESULT";
3716 goto err;
3717 }
3718 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3719 errmsg = "CIPHER_REINIT";
3720 goto err;
3721 }
3722 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3723 errmsg = "CIPHER_UPDATE (reinit)";
3724 goto err;
3725 }
3726 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3727 errmsg = "CIPHER_FINAL (reinit)";
3728 goto err;
3729 }
3730 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3731 errmsg = "WRONG_RESULT (reinit)";
3732 goto err;
3733 }
3734 testresult = 1;
3735 err:
3736 if (errmsg != NULL)
3737 TEST_info("test_evp_reset %d: %s", idx, errmsg);
3738 EVP_CIPHER_CTX_free(ctx);
3739 EVP_CIPHER_free(type);
3740 return testresult;
3741}
3742
f17e5277
IF		 3743typedef struct {
3744 const char *cipher;
3745 int enc;
3746} EVP_UPDATED_IV_TEST_st;
3747
3748static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3749 {
3750 "aes-128-cfb", 1
3751 },
3752 {
3753 "aes-128-cfb", 0
3754 },
3755 {
3756 "aes-128-cfb1", 1
3757 },
3758 {
3759 "aes-128-cfb1", 0
3760 },
3761 {
3762 "aes-128-cfb8", 1
3763 },
3764 {
3765 "aes-128-cfb8", 0
3766 },
3767 {
3768 "aes-128-ofb", 1
3769 },
3770 {
3771 "aes-128-ofb", 0
3772 },
3773 {
3774 "aes-128-ctr", 1
3775 },
3776 {
3777 "aes-128-ctr", 0
3778 },
3779 {
3780 "aes-128-cbc", 1
3781 },
3782 {
3783 "aes-128-cbc", 0
3784 }
3785};
3786
3787/*
3788 * Test that the IV in the context is updated during a crypto operation for CFB
3789 * and OFB.
3790 */
3791static int test_evp_updated_iv(int idx)
3792{
3793 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3794 int outlen1, outlen2;
3795 int testresult = 0;
3796 unsigned char outbuf[1024];
3797 EVP_CIPHER_CTX *ctx = NULL;
3798 EVP_CIPHER *type = NULL;
3799 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3800 int iv_len;
3801 char *errmsg = NULL;
3802
3803 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3804 errmsg = "CTX_ALLOC";
3805 goto err;
3806 }
3807 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3808 TEST_info("cipher %s not supported, skipping", t->cipher);
3809 goto ok;
3810 }
3811
3812 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3813 errmsg = "CIPHER_INIT";
3814 goto err;
3815 }
3816 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3817 errmsg = "PADDING";
3818 goto err;
3819 }
3820 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3821 errmsg = "CIPHER_UPDATE";
3822 goto err;
3823 }
3824 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3825 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3826 goto err;
3827 }
3828 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3829 errmsg = "CIPHER_CTX_GET_IV_LEN";
3830 goto err;
3831 }
3832 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3833 errmsg = "IV_NOT_UPDATED";
3834 goto err;
3835 }
3836 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3837 errmsg = "CIPHER_FINAL";
3838 goto err;
3839 }
3840 ok:
3841 testresult = 1;
3842 err:
3843 if (errmsg != NULL)
3844 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3845 EVP_CIPHER_CTX_free(ctx);
3846 EVP_CIPHER_free(type);
3847 return testresult;
3848}
3849
063e0197
JC		 3850typedef struct {
3851 const unsigned char *iv1;
3852 const unsigned char *iv2;
3853 const unsigned char *expected1;
3854 const unsigned char *expected2;
3855 const unsigned char *tag1;
3856 const unsigned char *tag2;
3857 size_t ivlen1;
3858 size_t ivlen2;
3859 size_t expectedlen1;
3860 size_t expectedlen2;
3861} TEST_GCM_IV_REINIT_st;
3862
3863static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
3864 {
3865 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
3866 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
3867 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
3868 },
3869 {
3870 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
3871 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
3872 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
3873 }
3874};
3875
3876static int test_gcm_reinit(int idx)
3877{
3878 int outlen1, outlen2, outlen3;
3879 int testresult = 0;
3880 unsigned char outbuf[1024];
3881 unsigned char tag[16];
3882 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
3883 EVP_CIPHER_CTX *ctx = NULL;
3884 EVP_CIPHER *type = NULL;
3885 size_t taglen = sizeof(tag);
3886 char *errmsg = NULL;
3887
3888 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3889 errmsg = "CTX_ALLOC";
3890 goto err;
3891 }
3892 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
3893 errmsg = "CIPHER_FETCH";
3894 goto err;
3895 }
3896 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
3897 errmsg = "ENC_INIT";
3898 goto err;
3899 }
d649c51a 3900 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
063e0197
JC		 3901 errmsg = "SET_IVLEN1";
3902 goto err;
3903 }
3904 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
3905 errmsg = "SET_IV1";
3906 goto err;
3907 }
3908 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3909 errmsg = "AAD1";
3910 goto err;
3911 }
3912 EVP_CIPHER_CTX_set_padding(ctx, 0);
3913 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3914 sizeof(gcmResetPlaintext)))) {
3915 errmsg = "CIPHER_UPDATE1";
3916 goto err;
3917 }
3918 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3919 errmsg = "CIPHER_FINAL1";
3920 goto err;
3921 }
3922 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
3923 errmsg = "WRONG_RESULT1";
3924 goto err;
3925 }
d649c51a 3926 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3927 errmsg = "GET_TAG1";
3928 goto err;
3929 }
3930 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
3931 errmsg = "TAG_ERROR1";
3932 goto err;
3933 }
3934 /* Now reinit */
d649c51a 3935 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
063e0197
JC		 3936 errmsg = "SET_IVLEN2";
3937 goto err;
3938 }
3939 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
3940 errmsg = "SET_IV2";
3941 goto err;
3942 }
3943 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
3944 errmsg = "AAD2";
3945 goto err;
3946 }
3947 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
3948 sizeof(gcmResetPlaintext)))) {
3949 errmsg = "CIPHER_UPDATE2";
3950 goto err;
3951 }
3952 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3953 errmsg = "CIPHER_FINAL2";
3954 goto err;
3955 }
3956 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
3957 errmsg = "WRONG_RESULT2";
3958 goto err;
3959 }
d649c51a 3960 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
063e0197
JC		 3961 errmsg = "GET_TAG2";
3962 goto err;
3963 }
3964 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
3965 errmsg = "TAG_ERROR2";
3966 goto err;
3967 }
3968 testresult = 1;
3969 err:
3970 if (errmsg != NULL)
3971 TEST_info("evp_init_test %d: %s", idx, errmsg);
3972 EVP_CIPHER_CTX_free(ctx);
3973 EVP_CIPHER_free(type);
3974 return testresult;
3975}
3976
a983764e
MC		 3977#ifndef OPENSSL_NO_DEPRECATED_3_0
3978static EVP_PKEY_METHOD *custom_pmeth = NULL;
3979static const EVP_PKEY_METHOD *orig_pmeth = NULL;
3980
3981# define EVP_PKEY_CTRL_MY_COMMAND 9999
3982
3983static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
3984{
3985 int (*pinit)(EVP_PKEY_CTX *ctx);
3986
3987 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
3988 return pinit(ctx);
3989}
3990
3991static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
3992{
3993 void (*pcleanup)(EVP_PKEY_CTX *ctx);
3994
3995 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
3996 pcleanup(ctx);
3997}
3998
3999static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4000 size_t *outlen, const unsigned char *in,
4001 size_t inlen)
4002{
4003 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4004 const unsigned char *tbs, size_t tbslen);
4005
4006 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4007 return psign(ctx, out, outlen, in, inlen);
4008}
4009
4010static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4011 size_t *siglen, const unsigned char *tbs,
4012 size_t tbslen)
4013{
4014 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4015 const unsigned char *tbs, size_t tbslen);
4016
c6fcd88f 4017 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
a983764e
MC		 4018 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4019}
4020
4021static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4022 size_t *keylen)
4023{
4024 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4025
4026 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4027 return pderive(ctx, key, keylen);
4028}
4029
4030static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4031{
4032 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4033
4034 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4035 return pcopy(dst, src);
4036}
4037
4038static int ctrl_called;
4039
4040static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4041{
4042 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4043
4044 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4045
4046 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4047 ctrl_called = 1;
4048 return 1;
4049 }
4050
4051 return pctrl(ctx, type, p1, p2);
4052}
4053
4054static int test_custom_pmeth(int idx)
4055{
4056 EVP_PKEY_CTX *pctx = NULL;
4057 EVP_MD_CTX *ctx = NULL;
4058 EVP_PKEY *pkey = NULL;
4059 int id, orig_id, orig_flags;
4060 int testresult = 0;
4061 size_t reslen;
4062 unsigned char *res = NULL;
4063 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4064 const EVP_MD *md = EVP_sha256();
4065 int doderive = 0;
4066
4067 ctrl_called = 0;
4068
4069 /* We call deprecated APIs so this test doesn't support a custom libctx */
4070 if (testctx != NULL)
4071 return 1;
4072
1287dabd 4073 switch (idx) {
a983764e
MC		 4074 case 0:
4075 case 6:
4076 id = EVP_PKEY_RSA;
4077 pkey = load_example_rsa_key();
4078 break;
4079 case 1:
4080 case 7:
4081# ifndef OPENSSL_NO_DSA
4082 id = EVP_PKEY_DSA;
4083 pkey = load_example_dsa_key();
4084 break;
4085# else
4086 return 1;
4087# endif
4088 case 2:
4089 case 8:
4090# ifndef OPENSSL_NO_EC
4091 id = EVP_PKEY_EC;
4092 pkey = load_example_ec_key();
4093 break;
4094# else
4095 return 1;
4096# endif
4097 case 3:
4098 case 9:
4099# ifndef OPENSSL_NO_EC
4100 id = EVP_PKEY_ED25519;
4101 md = NULL;
4102 pkey = load_example_ed25519_key();
4103 break;
4104# else
4105 return 1;
4106# endif
4107 case 4:
4108 case 10:
4109# ifndef OPENSSL_NO_DH
4110 id = EVP_PKEY_DH;
4111 doderive = 1;
4112 pkey = load_example_dh_key();
4113 break;
4114# else
4115 return 1;
4116# endif
4117 case 5:
4118 case 11:
4119# ifndef OPENSSL_NO_EC
4120 id = EVP_PKEY_X25519;
4121 doderive = 1;
4122 pkey = load_example_x25519_key();
4123 break;
4124# else
4125 return 1;
4126# endif
4127 default:
4128 TEST_error("Should not happen");
4129 goto err;
4130 }
4131
4132 if (!TEST_ptr(pkey))
4133 goto err;
4134
4135 if (idx < 6) {
4136 if (!TEST_true(evp_pkey_is_provided(pkey)))
4137 goto err;
4138 } else {
4139 EVP_PKEY *tmp = pkey;
4140
4141 /* Convert to a legacy key */
4142 pkey = EVP_PKEY_new();
4143 if (!TEST_ptr(pkey)) {
4144 pkey = tmp;
4145 goto err;
4146 }
4147 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4148 EVP_PKEY_free(tmp);
4149 goto err;
4150 }
4151 EVP_PKEY_free(tmp);
4152 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4153 goto err;
4154 }
4155
4156 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4157 || !TEST_ptr(pkey))
4158 goto err;
4159
4160 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4161 if (!TEST_int_eq(orig_id, id)
4162 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4163 goto err;
4164
4165 if (id == EVP_PKEY_ED25519) {
4166 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4167 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4168 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4169 } else {
4170 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4171 }
4172 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4173 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4174 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4175 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4176 }
4177 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4178 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4179 goto err;
4180
4181 if (doderive) {
4182 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4183 if (!TEST_ptr(pctx)
4184 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4185 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4186 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4187 1)
4188 || !TEST_int_eq(ctrl_called, 1)
4189 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4190 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4191 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4192 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4193 goto err;
4194 } else {
4195 ctx = EVP_MD_CTX_new();
4196 reslen = EVP_PKEY_size(pkey);
4197 res = OPENSSL_malloc(reslen);
4198 if (!TEST_ptr(ctx)
4199 || !TEST_ptr(res)
4200 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4201 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4202 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4203 1)
4204 || !TEST_int_eq(ctrl_called, 1))
4205 goto err;
4206
4207 if (id == EVP_PKEY_ED25519) {
4208 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4209 goto err;
4210 } else {
4211 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4212 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4213 goto err;
4214 }
4215 }
4216
4217 testresult = 1;
4218 err:
4219 OPENSSL_free(res);
4220 EVP_MD_CTX_free(ctx);
4221 if (doderive)
4222 EVP_PKEY_CTX_free(pctx);
4223 EVP_PKEY_free(pkey);
4224 EVP_PKEY_meth_remove(custom_pmeth);
4225 EVP_PKEY_meth_free(custom_pmeth);
4226 custom_pmeth = NULL;
4227 return testresult;
4228}
03c2f21b
MC		 4229
4230static int test_evp_md_cipher_meth(void)
4231{
4232 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4233 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4234 int testresult = 0;
4235
4236 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4237 goto err;
4238
4239 testresult = 1;
4240
4241 err:
4242 EVP_MD_meth_free(md);
4243 EVP_CIPHER_meth_free(ciph);
4244
4245 return testresult;
4246}
0299094c 4247
fbbe7202
MC		 4248typedef struct {
4249 int data;
4250} custom_dgst_ctx;
4251
4252static int custom_md_init_called = 0;
4253static int custom_md_cleanup_called = 0;
4254
4255static int custom_md_init(EVP_MD_CTX *ctx)
4256{
4257 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4258
4259 if (p == NULL)
4260 return 0;
4261
4262 custom_md_init_called++;
4263 return 1;
4264}
4265
4266static int custom_md_cleanup(EVP_MD_CTX *ctx)
4267{
4268 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4269
4270 if (p == NULL)
4271 /* Nothing to do */
4272 return 1;
4273
4274 custom_md_cleanup_called++;
4275 return 1;
4276}
4277
4278static int test_custom_md_meth(void)
4279{
4280 EVP_MD_CTX *mdctx = NULL;
4281 EVP_MD *tmp = NULL;
4282 char mess[] = "Test Message\n";
4283 unsigned char md_value[EVP_MAX_MD_SIZE];
4284 unsigned int md_len;
4285 int testresult = 0;
4286 int nid;
4287
4288 /*
4289 * We are testing deprecated functions. We don't support a non-default
4290 * library context in this test.
4291 */
4292 if (testctx != NULL)
8c7d847e 4293 return TEST_skip("Non-default libctx");
fbbe7202
MC		 4294
4295 custom_md_init_called = custom_md_cleanup_called = 0;
4296
4297 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4298 if (!TEST_int_ne(nid, NID_undef))
4299 goto err;
4300 tmp = EVP_MD_meth_new(nid, NID_undef);
4301 if (!TEST_ptr(tmp))
4302 goto err;
4303
4304 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4305 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4306 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4307 sizeof(custom_dgst_ctx))))
4308 goto err;
4309
4310 mdctx = EVP_MD_CTX_new();
4311 if (!TEST_ptr(mdctx)
4312 /*
4313 * Initing our custom md and then initing another md should
4314 * result in the init and cleanup functions of the custom md
8c7d847e 4315 * being called.
fbbe7202
MC		 4316 */
4317 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4318 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4319 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4320 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4321 || !TEST_int_eq(custom_md_init_called, 1)
4322 || !TEST_int_eq(custom_md_cleanup_called, 1))
4323 goto err;
4324
4325 testresult = 1;
4326 err:
4327 EVP_MD_CTX_free(mdctx);
4328 EVP_MD_meth_free(tmp);
4329 return testresult;
4330}
4331
8c7d847e
MC		 4332typedef struct {
4333 int data;
4334} custom_ciph_ctx;
4335
4336static int custom_ciph_init_called = 0;
4337static int custom_ciph_cleanup_called = 0;
4338
4339static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4340 const unsigned char *iv, int enc)
4341{
4342 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4343
4344 if (p == NULL)
4345 return 0;
4346
4347 custom_ciph_init_called++;
4348 return 1;
4349}
4350
4351static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4352{
4353 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4354
4355 if (p == NULL)
4356 /* Nothing to do */
4357 return 1;
4358
4359 custom_ciph_cleanup_called++;
4360 return 1;
4361}
4362
4363static int test_custom_ciph_meth(void)
4364{
4365 EVP_CIPHER_CTX *ciphctx = NULL;
4366 EVP_CIPHER *tmp = NULL;
4367 int testresult = 0;
4368 int nid;
4369
4370 /*
4371 * We are testing deprecated functions. We don't support a non-default
4372 * library context in this test.
4373 */
4374 if (testctx != NULL)
4375 return TEST_skip("Non-default libctx");
4376
4377 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4378
4379 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4380 if (!TEST_int_ne(nid, NID_undef))
4381 goto err;
4382 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4383 if (!TEST_ptr(tmp))
4384 goto err;
4385
4386 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4387 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4388 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4389 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4390 sizeof(custom_ciph_ctx))))
4391 goto err;
4392
4393 ciphctx = EVP_CIPHER_CTX_new();
4394 if (!TEST_ptr(ciphctx)
4395 /*
4396 * Initing our custom cipher and then initing another cipher
4397 * should result in the init and cleanup functions of the custom
4398 * cipher being called.
4399 */
4400 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4401 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4402 NULL, NULL, 1))
4403 || !TEST_int_eq(custom_ciph_init_called, 1)
4404 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4405 goto err;
4406
4407 testresult = 1;
4408 err:
4409 EVP_CIPHER_CTX_free(ciphctx);
4410 EVP_CIPHER_meth_free(tmp);
4411 return testresult;
4412}
4413
0299094c
MC		 4414# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4415/* Test we can create a signature keys with an associated ENGINE */
4416static int test_signatures_with_engine(int tst)
4417{
4418 ENGINE *e;
4419 const char *engine_id = "dasync";
4420 EVP_PKEY *pkey = NULL;
4421 const unsigned char badcmackey[] = { 0x00, 0x01 };
4422 const unsigned char cmackey[] = {
4423 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4424 0x0c, 0x0d, 0x0e, 0x0f
4425 };
4426 const unsigned char ed25519key[] = {
4427 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4428 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4429 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4430 };
4431 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4432 int testresult = 0;
4433 EVP_MD_CTX *ctx = NULL;
4434 unsigned char *mac = NULL;
4435 size_t maclen = 0;
4436 int ret;
4437
ef2fb64f
MC		 4438# ifdef OPENSSL_NO_CMAC
4439 /* Skip CMAC tests in a no-cmac build */
4440 if (tst <= 1)
4441 return 1;
4442# endif
4443
0299094c
MC		 4444 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4445 return 0;
4446
4447 if (!TEST_true(ENGINE_init(e))) {
4448 ENGINE_free(e);
4449 return 0;
4450 }
4451
4452 switch (tst) {
4453 case 0:
4454 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4455 EVP_aes_128_cbc());
4456 break;
4457 case 1:
4458 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4459 EVP_aes_128_cbc());
4460 break;
4461 case 2:
4462 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4463 sizeof(ed25519key));
4464 break;
4465 default:
4466 TEST_error("Invalid test case");
4467 goto err;
4468 }
4469 if (!TEST_ptr(pkey))
4470 goto err;
4471
4472 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4473 goto err;
4474
4475 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4476 pkey);
4477 if (tst == 0) {
4478 if (!TEST_true(ret))
4479 goto err;
4480
4481 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4482 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4483 goto err;
4484
4485 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4486 goto err;
4487
4488 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4489 goto err;
4490 } else {
4491 /* We used a bad key. We expect a failure here */
4492 if (!TEST_false(ret))
4493 goto err;
4494 }
4495
4496 testresult = 1;
4497 err:
4498 EVP_MD_CTX_free(ctx);
4499 OPENSSL_free(mac);
4500 EVP_PKEY_free(pkey);
4501 ENGINE_finish(e);
4502 ENGINE_free(e);
4503
4504 return testresult;
4505}
4506
4507static int test_cipher_with_engine(void)
4508{
4509 ENGINE *e;
4510 const char *engine_id = "dasync";
4511 const unsigned char keyiv[] = {
4512 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4513 0x0c, 0x0d, 0x0e, 0x0f
4514 };
4515 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4516 int testresult = 0;
4517 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4518 unsigned char buf[AES_BLOCK_SIZE];
4519 int len = 0;
4520
4521 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4522 return 0;
4523
4524 if (!TEST_true(ENGINE_init(e))) {
4525 ENGINE_free(e);
4526 return 0;
4527 }
4528
4529 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4530 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4531 goto err;
4532
4533 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4534 goto err;
4535
4536 /* Copy the ctx, and complete the operation with the new ctx */
4537 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4538 goto err;
4539
4540 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4541 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4542 goto err;
4543
4544 testresult = 1;
4545 err:
4546 EVP_CIPHER_CTX_free(ctx);
4547 EVP_CIPHER_CTX_free(ctx2);
4548 ENGINE_finish(e);
4549 ENGINE_free(e);
4550
4551 return testresult;
4552}
4553# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
03c2f21b 4554#endif /* OPENSSL_NO_DEPRECATED_3_0 */
063e0197 4555
8c08c8b3
MC		 4556static int ecxnids[] = {
4557 NID_X25519,
4558 NID_X448,
4559 NID_ED25519,
4560 NID_ED448
4561};
4562
4563/* Test that creating ECX keys with a short private key fails as expected */
4564static int test_ecx_short_keys(int tst)
4565{
4566 unsigned char ecxkeydata = 1;
4567 EVP_PKEY *pkey;
4568
4569
4570 pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1);
4571 if (!TEST_ptr_null(pkey)) {
4572 EVP_PKEY_free(pkey);
4573 return 0;
4574 }
4575 return 1;
4576}
4577
062490db
JS		 4578typedef enum OPTION_choice {
4579 OPT_ERR = -1,
4580 OPT_EOF = 0,
4581 OPT_CONTEXT,
4582 OPT_TEST_ENUM
4583} OPTION_CHOICE;
4584
4585const OPTIONS *test_get_options(void)
71ea6b48 4586{
062490db
JS		 4587 static const OPTIONS options[] = {
4588 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4589 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4590 { NULL }
4591 };
4592 return options;
4593}
86dc26ba 4594
062490db
JS		 4595int setup_tests(void)
4596{
4597 OPTION_CHOICE o;
4598
4599 while ((o = opt_next()) != OPT_EOF) {
4600 switch (o) {
4601 case OPT_CONTEXT:
4602 /* Set up an alternate library context */
4603 testctx = OSSL_LIB_CTX_new();
4604 if (!TEST_ptr(testctx))
4605 return 0;
4606 /* Swap the libctx to test non-default context only */
4607 nullprov = OSSL_PROVIDER_load(NULL, "null");
4608 deflprov = OSSL_PROVIDER_load(testctx, "default");
4609 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
4610 break;
4611 case OPT_TEST_CASES:
4612 break;
4613 default:
4614 return 0;
4615 }
4616 }
86dc26ba 4617
f9e504e8 4618 ADD_TEST(test_EVP_set_default_properties);
816f72d0 4619 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
adcd8e37 4620 ADD_TEST(test_EVP_DigestVerifyInit);
8cbfc4f6
TM		 4621#ifndef OPENSSL_NO_SIPHASH
4622 ADD_TEST(test_siphash_digestsign);
4623#endif
8d8dd09b 4624 ADD_TEST(test_EVP_Digest);
bef9b48e 4625 ADD_TEST(test_EVP_md_null);
15ff7d7c 4626 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
4547a719 4627 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
ad887416 4628 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
29c49b25 4629 ADD_TEST(test_privatekey_to_pkcs8);
8be513ae 4630 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
a9880362 4631#ifndef OPENSSL_NO_EC
adcd8e37 4632 ADD_TEST(test_EVP_PKCS82PKEY);
ddb634fe 4633#endif
f0c62c53
RL		 4634#ifndef OPENSSL_NO_EC
4635 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
4636#endif
919adfcf 4637#if !defined(OPENSSL_NO_SM2)
ddb634fe 4638 ADD_TEST(test_EVP_SM2);
a6c4cb84 4639 ADD_TEST(test_EVP_SM2_verify);
a9880362 4640#endif
bb5f281a 4641 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
41bbba53 4642#ifndef OPENSSL_NO_DEPRECATED_3_0
2aee35d3
PY		 4643 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
4644 if (!TEST_ptr(custom_pmeth))
4645 return 0;
4646 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
b0004708
PY		 4647 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
4648 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2aee35d3
PY		 4649 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
4650 return 0;
41bbba53 4651#endif
2aee35d3 4652 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
fab8fde3 4653#ifndef OPENSSL_NO_CMAC
a87820e1 4654 ADD_TEST(test_CMAC_keygen);
fab8fde3 4655#endif
10d5b415 4656 ADD_TEST(test_HKDF);
2cd3ebc7 4657 ADD_TEST(test_emptyikm_HKDF);
5dc40a83
BE		 4658#ifndef OPENSSL_NO_EC
4659 ADD_TEST(test_X509_PUBKEY_inplace);
808c63c5 4660 ADD_TEST(test_X509_PUBKEY_dup);
cad8347b
SL		 4661 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
4662 OSSL_NELEM(ec_der_pub_keys));
5dc40a83 4663#endif
8d0f8c81 4664#ifndef OPENSSL_NO_DSA
f54a4101 4665 ADD_TEST(test_DSA_get_set_params);
2c04b341 4666 ADD_TEST(test_DSA_priv_pub);
b4be6937 4667#endif
f54a4101 4668 ADD_TEST(test_RSA_get_set_params);
b4be6937
MC		 4669#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4670 ADD_TEST(test_decrypt_null_chunks);
8d0f8c81 4671#endif
2c04b341
JS		 4672#ifndef OPENSSL_NO_DH
4673 ADD_TEST(test_DH_priv_pub);
4674# ifndef OPENSSL_NO_DEPRECATED_3_0
e295de1d 4675 ADD_TEST(test_EVP_PKEY_set1_DH);
2c04b341 4676# endif
b8a1272d
MC		 4677#endif
4678#ifndef OPENSSL_NO_EC
4679 ADD_TEST(test_EC_priv_pub);
4680# ifndef OPENSSL_NO_DEPRECATED_3_0
4681 ADD_TEST(test_EC_priv_only_legacy);
4682# endif
501fcfb8 4683#endif
8a5cb596 4684 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5ddec6a7 4685 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
e295de1d 4686
1c19ff3c 4687 ADD_TEST(test_rand_agglomeration);
a4afa6c1
TM		 4688 ADD_ALL_TESTS(test_evp_iv_aes, 12);
4689#ifndef OPENSSL_NO_DES
4690 ADD_ALL_TESTS(test_evp_iv_des, 6);
091e60c4
TM		 4691#endif
4692#ifndef OPENSSL_NO_BF
4693 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
a4afa6c1 4694#endif
e947a064 4695 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
6f87463b 4696 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
c0ff1932
BK		 4697#ifndef OPENSSL_NO_EC
4698 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
4699#endif
1c19ff3c 4700
5eb73cfb
MC		 4701 ADD_TEST(test_names_do_all);
4702
063e0197
JC		 4703 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
4704 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
4705 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
f17e5277 4706 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
063e0197 4707
a983764e
MC		 4708#ifndef OPENSSL_NO_DEPRECATED_3_0
4709 ADD_ALL_TESTS(test_custom_pmeth, 12);
03c2f21b 4710 ADD_TEST(test_evp_md_cipher_meth);
fbbe7202 4711 ADD_TEST(test_custom_md_meth);
8c7d847e 4712 ADD_TEST(test_custom_ciph_meth);
0299094c
MC		 4713
4714# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4715 /* Tests only support the default libctx */
4716 if (testctx == NULL) {
4717# ifndef OPENSSL_NO_EC
4718 ADD_ALL_TESTS(test_signatures_with_engine, 3);
4719# else
4720 ADD_ALL_TESTS(test_signatures_with_engine, 2);
4721# endif
4722 ADD_TEST(test_cipher_with_engine);
4723 }
4724# endif
a983764e
MC		 4725#endif
4726
8c08c8b3
MC		 4727 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
4728
ad887416 4729 return 1;
71ea6b48 4730}
86dc26ba
MC		 4731
4732void cleanup_tests(void)
4733{
062490db
JS		 4734 OSSL_PROVIDER_unload(nullprov);
4735 OSSL_PROVIDER_unload(deflprov);
4736 OSSL_PROVIDER_unload(lgcyprov);
b4250010 4737 OSSL_LIB_CTX_free(testctx);
86dc26ba 4738}
A mirror of the official openssl repository